Package: cryptsetup Version: 20050111-3 Severity: wishlist Tags: patch Hi
I have prepared some patches to introduce two new option for /etc/crypttab
and /etc/init.d/cryptdisks; this is the explanation from the man page
check check the content of the device by suitable program; if the
check fails the device is removed; if the retry option is
given, the creation is repeated. If a program is provided as
argument, it is run, using the decrypted volume as first
argument. The default program is /sbin/e2label, which is
suitable to check that a EXT2 or EXT3 is a accessible
throught the device.
retry If the device creation fails, or if the check program fails,
remove the device, and try again to create it: if key is
"none" this will ask for the password again. The option
specifies how many times to repeat.
I find the check option very useful: I mount /home from an encrypted device;
when occasionally I typed the wrong password, /etc/rcS.d/S26cryptdisk
would mount an unusable device, and fsck in /etc/rcS.d/S30checkfs.sh
would stop the boot claiming that the device is damaged
(which is somewhat misleading).
For that reason I used to use the 'verify' option, but I dont find convenient
to type the pass twice: it is very long. Moreover, why should I
verify the password, when a program can verify it?
The retry,check option may be useful also for people who keep the password
in a file, but that access the device from some device which may be temporarily
unavailable (as an externally powered disk): in this case,
cryptdisks would retry until it can access the disk.
In testing my patches, I found and corrected a bug in the parsing of the
options in crypttab (in version 20050111-2):
if an option does not have a value, the variable VALUE should be empty,
but it is not.
a.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (650, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.9eta-k7
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages cryptsetup depends on:
ii dmsetup 2:1.00.19-2 The Linux Kernel Device Mapper use
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libdevmapper1.00 2:1.00.19-2 The Linux Kernel Device Mapper use
ii libgcrypt11 1.2.0-4 LGPL Crypto library - runtime libr
ii libgpg-error0 1.0-1 library for common error values an
ii libpopt0 1.7-5 lib for parsing cmdline parameters
-- no debconf information
--
Andrea Mennucc
"E' un mondo difficile. Che vita intensa!" (Tonino Carotone)
Format: 1.0 Source: cryptsetup Version: 20050111-3 Binary: cryptsetup Maintainer: Wesley W. Terpstra (Debian) <[EMAIL PROTECTED]> Architecture: any Standards-Version: 3.6.1.0 Build-Depends: debhelper (>= 4.0.0), libgcrypt11-dev, libdevmapper-dev, libpopt-dev, docbook-to-man, gettext, libtool, autoconf, automake1.8, cvs Files: 956bd7f7d0572341f83c0d8f68bbb095 16690 cryptsetup_20050111.orig.tar.gz bb7e23d9e43c6826646f82537258cf52 22606 cryptsetup_20050111-3.diff.gz
cryptsetup_20050111-3.diff.gz
Description: Binary data
diff -ur cryptsetup-20050111/debian/changelog
cryptsetup-20050111-3/debian/changelog
--- cryptsetup-20050111/debian/changelog 2005-01-15 13:06:12.000000000
+0100
+++ cryptsetup-20050111-3/debian/changelog 2005-01-15 12:26:13.000000000
+0100
@@ -1,3 +1,10 @@
+cryptsetup (20050111-3) unstable; urgency=low
+
+ * new options check, retry, in crypytab
+ * corrected error in cryptdisks when parsing options w/o values
+
+ -- A Mennucc <[EMAIL PROTECTED]> Sat, 15 Jan 2005 12:26:13 +0100
+
cryptsetup (20050111-2) unstable; urgency=low
* autogen.sh calls autopoint (gettext), which needs cvs
diff -ur cryptsetup-20050111/debian/cryptdisks
cryptsetup-20050111-3/debian/cryptdisks
--- cryptsetup-20050111/debian/cryptdisks 2005-01-15 13:06:12.000000000
+0100
+++ cryptsetup-20050111-3/debian/cryptdisks 2005-01-15 12:12:49.000000000
+0100
@@ -57,54 +57,86 @@
PARAMS=""
MAKESWAP=""
SKIP=""
+ RETRY=no
+ CHECK=""
# Parse the options field, convert to cryptsetup
parameters
# and contruct the command line
while test "x$opt" != "x" ; do
- ARG=`echo $opt | sed "s/,.*//"`
+ ARG=${opt/,*}
opt=${opt##$ARG}
opt=${opt##,}
- PARAM=`echo $ARG | sed "s/=.*//"`
- VALUE=${ARG##$PARAM=}
-
- case "$PARAM" in
+ case $ARG in
+ *=*)
+ OPTION=${ARG/=*}
+ VALUE=${ARG##$OPTION=}
+ ;;
+ *)
+ OPTION=$ARG
+ VALUE=""
+ esac
+ # test: echo OPTION $OPTION VALUE $VALUE
+ case "$OPTION" in
readonly)
- PARAM=-r
- VALUE=""
+ PARAMS="$PARAMS -r"
;;
cipher)
- PARAM=-c
+ PARAMS="$PARAMS -c $VALUE"
if test "x$VALUE" = "x" ; then
echo " - no value for
cipher option, skipping" >&2
SKIP="yes"
fi
;;
size)
- PARAM=-s
+ PARAMS="$PARAMS -s $VALUE"
if test "x$VALUE" = "x" ; then
echo " - no value for
size option, skipping" >&2
SKIP="yes"
fi
;;
hash)
- PARAM=-h
+ PARAMS="$PARAMS -h $VALUE"
if test "x$VALUE" = "x" ; then
echo " - no value for
hash option, skipping" >&2
SKIP=yes
fi
;;
verify)
- PARAM=-y
- VALUE=""
+ PARAMS="$PARAMS -y"
+ ;;
+ check)
+ if test "x$VALUE" = "x" ; then
+ CHECK="$CRYPTDISKS_CHECK"
+ else
+ CHECK="$VALUE"
+ fi
+ ;;
+ retry)
+ if test "x$VALUE" = "x" ; then
+ RETRY="$CRYPTDISKS_RETRY"
+ else
+ RETRY="$VALUE"
+ fi
;;
swap)
MAKESWAP=yes
- PARAM=""
- VALUE=""
+ ;;
+ *)
+ echo " - option '$OPTION' unknown,
skipping $dst -" >&2
+ SKIP=yes
esac
- PARAMS="$PARAMS $PARAM $VALUE"
done
+ if [ "$RETRY" != "no" ] ; then
+ case "$RETRY" in
+ [0-9]*) ;;
+ *)
+ echo " - option RETRY is wrongly set to
$RETRY - forced to 'no' " >&2
+ RETRY=no
+ ;;
+ esac
+ fi
+
# Set up loopback devices
if test -f "$src" ; then
test -d /sys/block/loop0 || modprobe loop ||
SKIP=yes
@@ -127,12 +159,29 @@
continue
fi
- if test "x$INTERACTIVE" = "xyes" ; then
+ while [ "x$RETRY" = xno ] || [ "$RETRY" -gt 0 ] ; do
+ if test "x$INTERACTIVE" = "xyes" ; then
$CRYPTCMD $PARAMS create $dst $src <&1
- else
+ RESULT=$?
+ else
$CRYPTCMD $PARAMS -d $key create $dst $src
- fi
-
+ RESULT=$?
+ fi
+ # test : echo RESULT $RESULT
+ if [ $RESULT = 0 ] ; then
+ [ "$CHECK" = "" ] && break
+ if $CHECK $MAPPER/$dst ; then
+ break
+ else
+ $CRYPTCMD remove $dst
+ echo " - '$CHECK $MAPPER/$dst' failed - the
device $dst is removed. " >&2
+ sleep 1
+ fi
+ fi
+ test "x$RETRY" = xno && break
+ RETRY=`expr $RETRY - 1`
+ [ $RETRY -gt 0 ] && echo " - retrying for $dst - "
+ done
if test "x$MAKESWAP" = "xyes" && test -b $MAPPER/$dst;
then
mkswap $MAPPER/$dst 2>/dev/null >/dev/null
fi
diff -ur cryptsetup-20050111/debian/cryptdisks.default
cryptsetup-20050111-3/debian/cryptdisks.default
--- cryptsetup-20050111/debian/cryptdisks.default 2005-01-15
13:06:12.000000000 +0100
+++ cryptsetup-20050111-3/debian/cryptdisks.default 2005-01-14
14:18:43.000000000 +0100
@@ -1,2 +1,6 @@
# Run cryptdisks at startup ?
CRYPTDISKS_ENABLE=Yes
+# Default check program
+CRYPTDISKS_CHECK=/sbin/e2label
+# How many times to ask for the password if the check fails
+CRYPTDISKS_RETRY=3
diff -ur cryptsetup-20050111/debian/crypttab.sgml
cryptsetup-20050111-3/debian/crypttab.sgml
--- cryptsetup-20050111/debian/crypttab.sgml 2005-01-15 13:06:12.000000000
+0100
+++ cryptsetup-20050111-3/debian/crypttab.sgml 2005-01-15 12:43:54.000000000
+0100
@@ -84,7 +84,8 @@
If the <replaceable>key file</replaceable> is empty or the string
<literal>none</literal>, the key data (ie. a password) will be read
-interactively from the console.
+interactively from the console. In this case, the options
+<literal>check</literal> and <literal>retry</literal> may be quite useful.
</para>
<para>The fourth field <replaceable>options</replaceable>
@@ -119,6 +120,31 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term><literal>check</literal></term>
+ <listitem>
+ <para>check the content of the device by suitable program;
+ if the check fails the device is removed; if the
+ <literal>retry</literal> option is given, the
+ creation is repeated.
+ If a program is provided as argument, it is run,
+ using the decrypted volume as first argument.
+ The default program is /sbin/e2label,
+ which is suitable to check that a EXT2 or EXT3 is a accessible
+ throught the device.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><literal>retry</literal></term>
+ <listitem><para>
+ If the device creation fails, or if the check program fails,
+ remove the device, and try again to
+ create it: if <literal>key</literal> is "none"
+ this will ask for the password again. The
+ option specifies how many times to repeat.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term><literal>readonly</literal></term>
<listitem>
<para>The backing device is read-only (eg: a dvd).</para>
Only in cryptsetup-20050111-3/lib: .deps
Only in cryptsetup-20050111-3: manifest
Only in cryptsetup-20050111-3/po: cryptsetup.pot
Only in cryptsetup-20050111-3/po: stamp-po
Only in cryptsetup-20050111-3/src: .deps
signature.asc
Description: Digital signature
