[gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/, sys-fs/cryptsetup/files/ - gentoo-commits

From:	William Hubbs <williamh@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/, sys-fs/cryptsetup/files/
Date:	Fri, 02 Nov 2018 18:21:40
Message-Id:	`1541182862.17664fa2cfb06baec8074fc39c0f71a039db7cd3.williamh@gentoo`

1

commit:     17664fa2cfb06baec8074fc39c0f71a039db7cd3

2

Author:     William Hubbs <williamh <AT> gentoo <DOT> org>

3

AuthorDate: Fri Nov  2 18:17:40 2018 +0000

4

Commit:     William Hubbs <williamh <AT> gentoo <DOT> org>

5

CommitDate: Fri Nov  2 18:21:02 2018 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=17664fa2

7

8

sys-fs/cryptsetup: 2.0.5-r1 bump

9

10

Closes: https://bugs.gentoo.org/601448

11

Closes: https://bugs.gentoo.org/651998

12

Package-Manager: Portage-2.3.49, Repoman-2.3.11

13

Signed-off-by: William Hubbs <williamh <AT> gentoo.org>

14

15

 sys-fs/cryptsetup/cryptsetup-2.0.5-r1.ebuild | 130 ++++++++++

16

 sys-fs/cryptsetup/files/2.0.5-dmcrypt.confd  | 115 +++++++++

17

 sys-fs/cryptsetup/files/2.0.5-dmcrypt.rc     | 340 +++++++++++++++++++++++++++

18

 3 files changed, 585 insertions(+)

19

20

diff --git a/sys-fs/cryptsetup/cryptsetup-2.0.5-r1.ebuild b/sys-fs/cryptsetup/cryptsetup-2.0.5-r1.ebuild

21

new file mode 100644

22

index 00000000000..5f5526582fe

23

--- /dev/null

24

+++ b/sys-fs/cryptsetup/cryptsetup-2.0.5-r1.ebuild

25

@@ -0,0 +1,130 @@

26

+# Copyright 1999-2018 Gentoo Authors

27

+# Distributed under the terms of the GNU General Public License v2

28

+

29

+EAPI=6

30

+

31

+PYTHON_COMPAT=( python{2_7,3_{4,5,6,7}} )

32

+

33

+inherit autotools python-single-r1 linux-info libtool eapi7-ver

34

+

35

+DESCRIPTION="Tool to setup encrypted devices with dm-crypt"

36

+HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"

37

+SRC_URI="mirror://kernel/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz"

38

+

39

+LICENSE="GPL-2+"

40

+SLOT="0/12" # libcryptsetup.so version

41

+[[ ${PV} != *_rc* ]] && \

42

+KEYWORDS="~amd64 ~arm64 ~mips ~s390 ~sh ~sparc ~x86"

43

+CRYPTO_BACKENDS="+gcrypt kernel nettle openssl"

44

+# we don't support nss since it doesn't allow cryptsetup to be built statically

45

+# and it's missing ripemd160 support so it can't provide full backward compatibility

46

+IUSE="${CRYPTO_BACKENDS} +argon2 libressl nls pwquality python reencrypt static static-libs +udev urandom"

47

+REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )

48

+	python? ( ${PYTHON_REQUIRED_USE} )

49

+	static? ( !gcrypt )" #496612

50

+

51

+LIB_DEPEND="

52

+	dev-libs/json-c:=[static-libs(+)]

53

+	dev-libs/libgpg-error[static-libs(+)]

54

+	dev-libs/popt[static-libs(+)]

55

+	>=sys-apps/util-linux-2.31-r1[static-libs(+)]

56

+	argon2? ( app-crypt/argon2:=[static-libs(+)] )

57

+	gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] )

58

+	nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )

59

+	openssl? (

60

+		!libressl? ( dev-libs/openssl:0=[static-libs(+)] )

61

+		libressl? ( dev-libs/libressl:=[static-libs(+)] )

62

+	)

63

+	pwquality? ( dev-libs/libpwquality[static-libs(+)] )

64

+	sys-fs/lvm2[static-libs(+)]

65

+	udev? ( virtual/libudev[static-libs(+)] )"

66

+# We have to always depend on ${LIB_DEPEND} rather than put behind

67

+# !static? () because we provide a shared library which links against

68

+# these other packages. #414665

69

+RDEPEND="static-libs? ( ${LIB_DEPEND} )

70

+	${LIB_DEPEND//\[static-libs\(+\)\]}

71

+	python? ( ${PYTHON_DEPS} )"

72

+DEPEND="${RDEPEND}

73

+	virtual/pkgconfig

74

+	static? ( ${LIB_DEPEND} )"

75

+

76

+S="${WORKDIR}/${P/_/-}"

77

+

78

+PATCHES=( "${FILESDIR}"/${PN}-2.0.4-fix-static-pwquality-build.patch )

79

+

80

+pkg_setup() {

81

+	local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"

82

+	local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"

83

+	local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n"

84

+	local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n"

85

+	local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n"

86

+	check_extra_config

87

+}

88

+

89

+src_prepare() {

90

+	sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die

91

+	default

92

+	eautoreconf

93

+}

94

+

95

+src_configure() {

96

+	if use kernel ; then

97

+		ewarn "Note that kernel backend is very slow for this type of operation"

98

+		ewarn "and is provided mainly for embedded systems wanting to avoid"

99

+		ewarn "userspace crypto libraries."

100

+	fi

101

+

102

+	use python && python_setup

103

+

104

+	# We disable autotool python integration so we can use eclasses

105

+	# for proper integration with multiple python versions.

106

+	local myeconfargs=(

107

+		--disable-internal-argon2

108

+		--enable-shared

109

+		--sbindir=/sbin

110

+		# for later use

111

+		# --with-default-luks-format=LUKS2

112

+		--with-tmpfilesdir="${EPREFIX%/}/usr/lib/tmpfiles.d"

113

+		--with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done)

114

+		$(use_enable argon2 libargon2)

115

+		$(use_enable nls)

116

+		$(use_enable pwquality)

117

+		$(use_enable python)

118

+		$(use_enable reencrypt cryptsetup-reencrypt)

119

+		$(use_enable static static-cryptsetup)

120

+		$(use_enable static-libs static)

121

+		$(use_enable udev)

122

+		$(use_enable !urandom dev-random)

123

+	)

124

+	econf "${myeconfargs[@]}"

125

+}

126

+

127

+src_test() {

128

+	if [[ ! -e /dev/mapper/control ]] ; then

129

+		ewarn "No /dev/mapper/control found -- skipping tests"

130

+		return 0

131

+	fi

132

+

133

+	local p

134

+	for p in /dev/mapper /dev/loop* ; do

135

+		addwrite ${p}

136

+	done

137

+

138

+	default

139

+}

140

+

141

+src_install() {

142

+	default

143

+

144

+	if use static ; then

145

+		mv "${ED%}"/sbin/cryptsetup{.static,} || die

146

+		mv "${ED%}"/sbin/veritysetup{.static,} || die

147

+		use reencrypt && { mv "${ED%}"/sbin/cryptsetup-reencrypt{.static,} || die ; }

148

+	fi

149

+	find "${ED}" -name "*.la" -delete || die

150

+

151

+	dodoc docs/v*ReleaseNotes

152

+

153

+	newconfd "${FILESDIR}"/2.0.5-dmcrypt.confd dmcrypt

154

+	newinitd "${FILESDIR}"/2.0.5-dmcrypt.rc dmcrypt

155

+}

156

157

diff --git a/sys-fs/cryptsetup/files/2.0.5-dmcrypt.confd b/sys-fs/cryptsetup/files/2.0.5-dmcrypt.confd

158

new file mode 100644

159

index 00000000000..977d4b3172d

160

--- /dev/null

161

+++ b/sys-fs/cryptsetup/files/2.0.5-dmcrypt.confd

162

@@ -0,0 +1,115 @@

163

+# /etc/conf.d/dmcrypt

164

+

165

+# For people who run dmcrypt on top of some other layer (like raid),

166

+# use rc_need to specify that requirement.  See the runscript(8) man

167

+# page for more information.

168

+

169

+# Along the same lines, if  dmcrypt needs to be running before

170

+# localmount or netmount, please use rc_before to specify this

171

+# requirement.

172

+

173

+#--------------------

174

+# Instructions

175

+#--------------------

176

+

177

+# Note regarding the syntax of this file.  This file is *almost* bash,

178

+# but each line is evaluated separately.  Separate swaps/targets can be

179

+# specified.  The init-script which reads this file assumes that a

180

+# swap= or target= line starts a new section, similar to lilo or grub

181

+# configuration.

182

+

183

+# Note when using gpg keys and /usr on a separate partition, you will

184

+# have to copy /usr/bin/gpg to /bin/gpg so that it will work properly

185

+# and ensure that gpg has been compiled statically.

186

+# See http://bugs.gentoo.org/90482 for more information.

187

+

188

+# Note that the init-script which reads this file detects whether your

189

+# partition is LUKS or not. No mkfs is run unless you specify a makefs

190

+# option.

191

+

192

+# Global options:

193

+#----------------

194

+

195

+# How long to wait for each timeout (in seconds).

196

+dmcrypt_key_timeout=1

197

+

198

+# Max number of checks to perform (see dmcrypt_key_timeout).

199

+#dmcrypt_max_timeout=300

200

+

201

+# Number of password retries.

202

+dmcrypt_retries=5

203

+

204

+# Arguments:

205

+#-----------

206

+# target=<name>                      == Mapping name for partition.

207

+# swap=<name>                        == Mapping name for swap partition.

208

+# source='<dev>'                     == Real device for partition.

209

+#                                    Note: You can (and should) specify a tag like UUID

210

+#                                    for blkid (see -t option).  This is safer than using

211

+#                                    the full path to the device.

212

+# key='</path/to/keyfile>[:<mode>]'  == Fullpath from / or from inside removable media.

213

+# remdev='<dev>'                     == Device that will be assigned to removable media.

214

+# gpg_options='<opts>'               == Default are --quiet --decrypt

215

+# options='<opts>'                   == cryptsetup, for LUKS you can only use --readonly

216

+# loop_file='<file>'                 == Loopback file.

217

+#                                    Note: If you omit $source, then a free loopback will

218

+#                                    be looked up automatically.

219

+# pre_mount='cmds'                   == commands to execute before mounting partition.

220

+# post_mount='cmds'                  == commands to execute after mounting partition.

221

+#-----------

222

+# Supported Modes

223

+# gpg					== decrypt and pipe key into cryptsetup.

224

+#						Note: new-line character must not be part of key.

225

+#						Command to erase \n char: 'cat key | tr -d '\n' > cleanKey'

226

+

227

+#--------------------

228

+# dm-crypt examples

229

+#--------------------

230

+

231

+## swap

232

+# Swap partitions. These should come first so that no keys make their

233

+# way into unencrypted swap.

234

+# If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom

235

+# If no makefs is given then mkswap will be assumed

236

+#swap=crypt-swap

237

+#source='/dev/hda2'

238

+

239

+## /home with passphrase

240

+#target=crypt-home

241

+#source='/dev/hda5'

242

+

243

+## /home with regular keyfile

244

+#target=crypt-home

245

+#source='/dev/hda5'

246

+#key='/full/path/to/homekey'

247

+

248

+## /home with gpg protected key

249

+#target=crypt-home

250

+#source='/dev/hda5'

251

+#key='/full/path/to/homekey:gpg'

252

+

253

+## /home with regular keyfile on removable media(such as usb-stick)

254

+#target=crypt-home

255

+#source='/dev/hda5'

256

+#key='/full/path/to/homekey'

257

+#remdev='/dev/sda1'

258

+

259

+## /home with gpg protected key on removable media(such as usb-stick)

260

+#target=crypt-home

261

+#source='/dev/hda5'

262

+#key='/full/path/to/homekey:gpg'

263

+#remdev='/dev/sda1'

264

+

265

+## /tmp with regular keyfile

266

+#target=crypt-tmp

267

+#source='/dev/hda6'

268

+#key='/full/path/to/tmpkey'

269

+#pre_mount='/sbin/mkreiserfs -f -f ${dev}'

270

+#post_mount='chown root:root ${mount_point}; chmod 1777 ${mount_point}'

271

+

272

+## Loopback file example

273

+#target='crypt-loop-home'

274

+#source='/dev/loop0'

275

+#loop_file='/mnt/crypt/home'

276

+

277

+# The file must be terminated by a newline.  Or leave this comment last.

278

279

diff --git a/sys-fs/cryptsetup/files/2.0.5-dmcrypt.rc b/sys-fs/cryptsetup/files/2.0.5-dmcrypt.rc

280

new file mode 100644

281

index 00000000000..555d216b50d

282

--- /dev/null

283

+++ b/sys-fs/cryptsetup/files/2.0.5-dmcrypt.rc

284

@@ -0,0 +1,340 @@

285

+#!/sbin/openrc-run

286

+# Copyright 1999-2018 Gentoo Authors

287

+# Distributed under the terms of the GNU General Public License v2

288

+

289

+depend() {

290

+	after keymaps

291

+	before checkfs fsck

292

+

293

+	if grep -qs ^swap= "${conf_file}" ; then

294

+		before swap

295

+	fi

296

+}

297

+

298

+# We support multiple dmcrypt instances based on $SVCNAME

299

+conf_file="/etc/conf.d/${SVCNAME}"

300

+

301

+# Get splash helpers if available.

302

+if [ -e /sbin/splash-functions.sh ] ; then

303

+	. /sbin/splash-functions.sh

304

+fi

305

+

306

+# Setup mappings for an individual target/swap

307

+# Note: This relies on variables localized in the main body below.

308

+dm_crypt_execute() {

309

+	local dev ret mode foo

310

+

311

+	if [ -z "${target}" -a -z "${swap}" ] ; then

312

+		return

313

+	fi

314

+

315

+	# Set up default values.

316

+	: ${dmcrypt_key_timeout:=1}

317

+	: ${dmcrypt_max_timeout:=300}

318

+	: ${dmcrypt_retries:=5}

319

+

320

+	# Handle automatic look up of the source path.

321

+	if [ -z "${source}" -a -n "${loop_file}" ] ; then

322

+		source=$(losetup --show -f "${loop_file}")

323

+	fi

324

+	case ${source} in

325

+	*=*)

326

+		source=$(blkid -l -t "${source}" -o device)

327

+		;;

328

+	esac

329

+	if [ -z "${source}" ] || [ ! -e "${source}" ] ; then

330

+		ewarn "source \"${source}\" for ${target} missing, skipping..."

331

+		return

332

+	fi

333

+

334

+	if [ -n "${target}" ] ; then

335

+		# let user set options, otherwise leave empty

336

+		: ${options:=' '}

337

+	elif [ -n "${swap}" ] ; then

338

+		if cryptsetup isLuks ${source} 2>/dev/null ; then

339

+			ewarn "The swap you have defined is a LUKS partition. Aborting crypt-swap setup."

340

+			return

341

+		fi

342

+		target=${swap}

343

+		# swap contents do not need to be preserved between boots, luks not required.

344

+		# suspend2 users should have initramfs's init handling their swap partition either way.

345

+		: ${options:='-c aes -h sha1 -d /dev/urandom'}

346

+		: ${pre_mount:='mkswap ${dev}'}

347

+	fi

348

+

349

+	if [ -n "${loop_file}" ] ; then

350

+		dev="/dev/mapper/${target}"

351

+		ebegin "  Setting up loop device ${source}"

352

+		losetup ${source} ${loop_file}

353

+	fi

354

+

355

+	# cryptsetup:

356

+	# open   <device> <name>      # <device> is $source

357

+	# create <name>   <device>    # <name>   is $target

358

+	local arg1="create" arg2="${target}" arg3="${source}"

359

+	if cryptsetup isLuks ${source} 2>/dev/null ; then

360

+		arg1="open"

361

+		arg2="${source}"

362

+		arg3="${target}"

363

+	fi

364

+

365

+	# Older versions reported:

366

+	#	${target} is active:

367

+	# Newer versions report:

368

+	#	${target} is active[ and is in use.]

369

+	if cryptsetup status ${target} | egrep -q ' is active' ; then

370

+		einfo "dm-crypt mapping ${target} is already configured"

371

+		return

372

+	fi

373

+	splash svc_input_begin ${SVCNAME} >/dev/null 2>&1

374

+

375

+	# Handle keys

376

+	if [ -n "${key}" ] ; then

377

+		read_abort() {

378

+			# some colors

379

+			local ans savetty resettty

380

+			[ -z "${NORMAL}" ] && eval $(eval_ecolors)

381

+			einfon "  $1? (${WARN}yes${NORMAL}/${GOOD}No${NORMAL}) "

382

+			shift

383

+			# This is ugly as s**t.  But POSIX doesn't provide `read -t`, so

384

+			# we end up having to implement our own crap with stty/etc...

385

+			savetty=$(stty -g)

386

+			resettty='stty ${savetty}; trap - EXIT HUP INT TERM'

387

+			trap 'eval "${resettty}"' EXIT HUP INT TERM

388

+			stty -icanon

389

+			stty min 0 time "$(( $2 * 10 ))"

390

+			ans=$(dd count=1 bs=1 2>/dev/null) || ans=''

391

+			eval "${resettty}"

392

+			if [ -z "${ans}" ] ; then

393

+				printf '\r'

394

+			else

395

+				echo

396

+			fi

397

+			case ${ans} in

398

+				[yY]) return 0;;

399

+				*) return 1;;

400

+			esac

401

+		}

402

+

403

+		# Notes: sed not used to avoid case where /usr partition is encrypted.

404

+		mode=${key##*:} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg

405

+		key=${key%:*}

406

+		case "${mode}" in

407

+		gpg|reg)

408

+			# handle key on removable device

409

+			if [ -n "${remdev}" ] ; then

410

+				# temp directory to mount removable device

411

+				local mntrem="${RC_SVCDIR}/dm-crypt-remdev.$$"

412

+				if [ ! -d "${mntrem}" ] ; then

413

+					if ! mkdir -p "${mntrem}" ; then

414

+						ewarn "${source} will not be decrypted ..."

415

+						einfo "Reason: Unable to create temporary mount point '${mntrem}'"

416

+						return

417

+					fi

418

+				fi

419

+				i=0

420

+				einfo "Please insert removable device for ${target}"

421

+				while [ ${i} -lt ${dmcrypt_max_timeout} ] ; do

422

+					foo=""

423

+					if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then

424

+						# keyfile exists?

425

+						if [ ! -e "${mntrem}${key}" ] ; then

426

+							umount -n "${mntrem}"

427

+							rmdir "${mntrem}"

428

+							einfo "Cannot find ${key} on removable media."

429

+							read_abort "Abort" ${dmcrypt_key_timeout} && return

430

+						else

431

+							key="${mntrem}${key}"

432

+							break

433

+						fi

434

+					else

435

+						[ -e "${remdev}" ] \

436

+							&& foo="mount failed" \

437

+							|| foo="mount source not found"

438

+					fi

439

+					: $((i += 1))

440

+					read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return

441

+				done

442

+			else    # keyfile ! on removable device

443

+				if [ ! -e "${key}" ] ; then

444

+					ewarn "${source} will not be decrypted ..."

445

+					einfo "Reason: keyfile ${key} does not exist."

446

+					return

447

+				fi

448

+			fi

449

+			;;

450

+		*)

451

+			ewarn "${source} will not be decrypted ..."

452

+			einfo "Reason: mode ${mode} is invalid."

453

+			return

454

+			;;

455

+		esac

456

+	else

457

+		mode=none

458

+	fi

459

+	ebegin "  ${target} using: ${options} ${arg1} ${arg2} ${arg3}"

460

+	if [ "${mode}" = "gpg" ] ; then

461

+		: ${gpg_options:='-q -d'}

462

+		# gpg available ?

463

+		if command -v gpg >/dev/null ; then

464

+			i=0

465

+			while [ ${i} -lt ${dmcrypt_retries} ] ; do

466

+				# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.

467

+				# save stdin stdout stderr "values"

468

+				timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null | \

469

+					cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3}

470

+				ret=$?

471

+				# The timeout command exits 124 when it times out.

472

+				[ ${ret} -eq 0 -o ${ret} -eq 124 ] && break

473

+				: $(( i += 1 ))

474

+			done

475

+			eend ${ret} "failure running cryptsetup"

476

+		else

477

+			ewarn "${source} will not be decrypted ..."

478

+			einfo "Reason: cannot find gpg application."

479

+			einfo "You have to install app-crypt/gnupg first."

480

+			einfo "If you have /usr on its own partition, try copying gpg to /bin ."

481

+		fi

482

+	else

483

+		if [ "${mode}" = "reg" ] ; then

484

+			cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3}

485

+			ret=$?

486

+			eend ${ret} "failure running cryptsetup"

487

+		else

488

+			cryptsetup ${options} ${arg1} ${arg2} ${arg3}

489

+			ret=$?

490

+			eend ${ret} "failure running cryptsetup"

491

+		fi

492

+	fi

493

+	if [ -d "${mntrem}" ] ; then

494

+		umount -n ${mntrem} 2>/dev/null >/dev/null

495

+		rmdir ${mntrem} 2>/dev/null >/dev/null

496

+	fi

497

+	splash svc_input_end ${SVCNAME} >/dev/null 2>&1

498

+

499

+	if [ ${ret} -ne 0 ] ; then

500

+		cryptfs_status=1

501

+	else

502

+		if [ -n "${pre_mount}" ] ; then

503

+			dev="/dev/mapper/${target}"

504

+			eval ebegin \""    pre_mount: ${pre_mount}"\"

505

+			eval "${pre_mount}" > /dev/null

506

+			ewend $? || cryptfs_status=1

507

+		fi

508

+	fi

509

+}

510

+

511

+# Lookup optional bootparams

512

+get_bootparam_val() {

513

+	# We're given something like:

514

+	#    foo=bar=cow

515

+	# Return the "bar=cow" part.

516

+	case $1 in

517

+	*=*)

518

+		echo "${1#*=}"

519

+		;;

520

+	esac

521

+}

522

+

523

+start() {

524

+	local header=true cryptfs_status=0

525

+	local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev

526

+

527

+	local x

528

+	for x in $(cat /proc/cmdline) ; do

529

+		case "${x}" in

530

+		key_timeout=*)

531

+			dmcrypt_key_timeout=$(get_bootparam_val "${x}")

532

+			;;

533

+		esac

534

+	done

535

+

536

+	while read targetline <&3 ; do

537

+		case ${targetline} in

538

+		# skip comments and blank lines

539

+		""|"#"*) continue ;;

540

+		# skip service-specific openrc configs #377927

541

+		rc_*) continue ;;

542

+		esac

543

+

544

+		${header} && ebegin "Setting up dm-crypt mappings"

545

+		header=false

546

+

547

+		# check for the start of a new target/swap

548

+		case ${targetline} in

549

+		target=*|swap=*)

550

+			# If we have a target queued up, then execute it

551

+			dm_crypt_execute

552

+

553

+			# Prepare for the next target/swap by resetting variables

554

+			unset gpg_options key loop_file target options pre_mount post_mount source swap remdev

555

+			;;

556

+

557

+		gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*)

558

+			if [ -z "${target}${swap}" ] ; then

559

+				ewarn "Ignoring setting outside target/swap section: ${targetline}"

560

+				continue

561

+			fi

562

+			;;

563

+

564

+		dmcrypt_*=*)

565

+			# ignore global options

566

+			continue

567

+			;;

568

+

569

+		*)

570

+			ewarn "Skipping invalid line in ${conf_file}: ${targetline}"

571

+			;;

572

+		esac

573

+

574

+		# Queue this setting for the next call to dm_crypt_execute

575

+		eval "${targetline}"

576

+	done 3< ${conf_file}

577

+

578

+	# If we have a target queued up, then execute it

579

+	dm_crypt_execute

580

+

581

+	ewend ${cryptfs_status} "Failed to setup dm-crypt devices"

582

+}

583

+

584

+stop() {

585

+	local line header

586

+

587

+	# Break down all mappings

588

+	header=true

589

+	egrep "^(target|swap)=" ${conf_file} | \

590

+	while read line ; do

591

+		${header} && einfo "Removing dm-crypt mappings"

592

+		header=false

593

+

594

+		target= swap=

595

+		eval ${line}

596

+

597

+		[ -n "${swap}" ] && target=${swap}

598

+		if [ -z "${target}" ] ; then

599

+			ewarn "invalid line in ${conf_file}: ${line}"

600

+			continue

601

+		fi

602

+

603

+		ebegin "  ${target}"

604

+		cryptsetup remove ${target}

605

+		eend $?

606

+	done

607

+

608

+	# Break down loop devices

609

+	header=true

610

+	grep '^source=./dev/loop' ${conf_file} | \

611

+	while read line ; do

612

+		${header} && einfo "Detaching dm-crypt loop devices"

613

+		header=false

614

+

615

+		source=

616

+		eval ${line}

617

+

618

+		ebegin "  ${source}"

619

+		losetup -d "${source}"

620

+		eend $?

621

+	done

622

+

623

+	return 0

624

+}

1	commit: 17664fa2cfb06baec8074fc39c0f71a039db7cd3
2	Author: William Hubbs <williamh <AT> gentoo <DOT> org>
3	AuthorDate: Fri Nov 2 18:17:40 2018 +0000
4	Commit: William Hubbs <williamh <AT> gentoo <DOT> org>
5	CommitDate: Fri Nov 2 18:21:02 2018 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=17664fa2
7
8	sys-fs/cryptsetup: 2.0.5-r1 bump
9
10	Closes: https://bugs.gentoo.org/601448
11	Closes: https://bugs.gentoo.org/651998
12	Package-Manager: Portage-2.3.49, Repoman-2.3.11
13	Signed-off-by: William Hubbs <williamh <AT> gentoo.org>
14
15	sys-fs/cryptsetup/cryptsetup-2.0.5-r1.ebuild \| 130 ++++++++++
16	sys-fs/cryptsetup/files/2.0.5-dmcrypt.confd \| 115 +++++++++
17	sys-fs/cryptsetup/files/2.0.5-dmcrypt.rc \| 340 +++++++++++++++++++++++++++
18	3 files changed, 585 insertions(+)
19
20	diff --git a/sys-fs/cryptsetup/cryptsetup-2.0.5-r1.ebuild b/sys-fs/cryptsetup/cryptsetup-2.0.5-r1.ebuild
21	new file mode 100644
22	index 00000000000..5f5526582fe
23	--- /dev/null
24	+++ b/sys-fs/cryptsetup/cryptsetup-2.0.5-r1.ebuild
25	@@ -0,0 +1,130 @@
26	+# Copyright 1999-2018 Gentoo Authors
27	+# Distributed under the terms of the GNU General Public License v2
28	+
29	+EAPI=6
30	+
31	+PYTHON_COMPAT=( python{2_7,3_{4,5,6,7}} )
32	+
33	+inherit autotools python-single-r1 linux-info libtool eapi7-ver
34	+
35	+DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
36	+HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
37	+SRC_URI="mirror://kernel/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz"
38	+
39	+LICENSE="GPL-2+"
40	+SLOT="0/12" # libcryptsetup.so version
41	+[[ ${PV} != _rc ]] && \
42	+KEYWORDS="~amd64 ~arm64 ~mips ~s390 ~sh ~sparc ~x86"
43	+CRYPTO_BACKENDS="+gcrypt kernel nettle openssl"
44	+# we don't support nss since it doesn't allow cryptsetup to be built statically
45	+# and it's missing ripemd160 support so it can't provide full backward compatibility
46	+IUSE="${CRYPTO_BACKENDS} +argon2 libressl nls pwquality python reencrypt static static-libs +udev urandom"
47	+REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
48	+ python? ( ${PYTHON_REQUIRED_USE} )
49	+ static? ( !gcrypt )" #496612
50	+
51	+LIB_DEPEND="
52	+ dev-libs/json-c:=[static-libs(+)]
53	+ dev-libs/libgpg-error[static-libs(+)]
54	+ dev-libs/popt[static-libs(+)]
55	+ >=sys-apps/util-linux-2.31-r1[static-libs(+)]
56	+ argon2? ( app-crypt/argon2:=[static-libs(+)] )
57	+ gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] )
58	+ nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
59	+ openssl? (
60	+ !libressl? ( dev-libs/openssl:0=[static-libs(+)] )
61	+ libressl? ( dev-libs/libressl:=[static-libs(+)] )
62	+ )
63	+ pwquality? ( dev-libs/libpwquality[static-libs(+)] )
64	+ sys-fs/lvm2[static-libs(+)]
65	+ udev? ( virtual/libudev[static-libs(+)] )"
66	+# We have to always depend on ${LIB_DEPEND} rather than put behind
67	+# !static? () because we provide a shared library which links against
68	+# these other packages. #414665
69	+RDEPEND="static-libs? ( ${LIB_DEPEND} )
70	+ ${LIB_DEPEND//\[static-libs\(+\)\]}
71	+ python? ( ${PYTHON_DEPS} )"
72	+DEPEND="${RDEPEND}
73	+ virtual/pkgconfig
74	+ static? ( ${LIB_DEPEND} )"
75	+
76	+S="${WORKDIR}/${P/_/-}"
77	+
78	+PATCHES=( "${FILESDIR}"/${PN}-2.0.4-fix-static-pwquality-build.patch )
79	+
80	+pkg_setup() {
81	+ local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
82	+ local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
83	+ local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n"
84	+ local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n"
85	+ local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n"
86	+ check_extra_config
87	+}
88	+
89	+src_prepare() {
90	+ sed -i '/^LOOPDEV=/s:$: \|\| exit 0:' tests/{compat,mode}-test \|\| die
91	+ default
92	+ eautoreconf
93	+}
94	+
95	+src_configure() {
96	+ if use kernel ; then
97	+ ewarn "Note that kernel backend is very slow for this type of operation"
98	+ ewarn "and is provided mainly for embedded systems wanting to avoid"
99	+ ewarn "userspace crypto libraries."
100	+ fi
101	+
102	+ use python && python_setup
103	+
104	+ # We disable autotool python integration so we can use eclasses
105	+ # for proper integration with multiple python versions.
106	+ local myeconfargs=(
107	+ --disable-internal-argon2
108	+ --enable-shared
109	+ --sbindir=/sbin
110	+ # for later use
111	+ # --with-default-luks-format=LUKS2
112	+ --with-tmpfilesdir="${EPREFIX%/}/usr/lib/tmpfiles.d"
113	+ --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done)
114	+ $(use_enable argon2 libargon2)
115	+ $(use_enable nls)
116	+ $(use_enable pwquality)
117	+ $(use_enable python)
118	+ $(use_enable reencrypt cryptsetup-reencrypt)
119	+ $(use_enable static static-cryptsetup)
120	+ $(use_enable static-libs static)
121	+ $(use_enable udev)
122	+ $(use_enable !urandom dev-random)
123	+ )
124	+ econf "${myeconfargs[@]}"
125	+}
126	+
127	+src_test() {
128	+ if [[ ! -e /dev/mapper/control ]] ; then
129	+ ewarn "No /dev/mapper/control found -- skipping tests"
130	+ return 0
131	+ fi
132	+
133	+ local p
134	+ for p in /dev/mapper /dev/loop* ; do
135	+ addwrite ${p}
136	+ done
137	+
138	+ default
139	+}
140	+
141	+src_install() {
142	+ default
143	+
144	+ if use static ; then
145	+ mv "${ED%}"/sbin/cryptsetup{.static,} \|\| die
146	+ mv "${ED%}"/sbin/veritysetup{.static,} \|\| die
147	+ use reencrypt && { mv "${ED%}"/sbin/cryptsetup-reencrypt{.static,} \|\| die ; }
148	+ fi
149	+ find "${ED}" -name "*.la" -delete \|\| die
150	+
151	+ dodoc docs/v*ReleaseNotes
152	+
153	+ newconfd "${FILESDIR}"/2.0.5-dmcrypt.confd dmcrypt
154	+ newinitd "${FILESDIR}"/2.0.5-dmcrypt.rc dmcrypt
155	+}
156
157	diff --git a/sys-fs/cryptsetup/files/2.0.5-dmcrypt.confd b/sys-fs/cryptsetup/files/2.0.5-dmcrypt.confd
158	new file mode 100644
159	index 00000000000..977d4b3172d
160	--- /dev/null
161	+++ b/sys-fs/cryptsetup/files/2.0.5-dmcrypt.confd
162	@@ -0,0 +1,115 @@
163	+# /etc/conf.d/dmcrypt
164	+
165	+# For people who run dmcrypt on top of some other layer (like raid),
166	+# use rc_need to specify that requirement. See the runscript(8) man
167	+# page for more information.
168	+
169	+# Along the same lines, if dmcrypt needs to be running before
170	+# localmount or netmount, please use rc_before to specify this
171	+# requirement.
172	+
173	+#--------------------
174	+# Instructions
175	+#--------------------
176	+
177	+# Note regarding the syntax of this file. This file is almost bash,
178	+# but each line is evaluated separately. Separate swaps/targets can be
179	+# specified. The init-script which reads this file assumes that a
180	+# swap= or target= line starts a new section, similar to lilo or grub
181	+# configuration.
182	+
183	+# Note when using gpg keys and /usr on a separate partition, you will
184	+# have to copy /usr/bin/gpg to /bin/gpg so that it will work properly
185	+# and ensure that gpg has been compiled statically.
186	+# See http://bugs.gentoo.org/90482 for more information.
187	+
188	+# Note that the init-script which reads this file detects whether your
189	+# partition is LUKS or not. No mkfs is run unless you specify a makefs
190	+# option.
191	+
192	+# Global options:
193	+#----------------
194	+
195	+# How long to wait for each timeout (in seconds).
196	+dmcrypt_key_timeout=1
197	+
198	+# Max number of checks to perform (see dmcrypt_key_timeout).
199	+#dmcrypt_max_timeout=300
200	+
201	+# Number of password retries.
202	+dmcrypt_retries=5
203	+
204	+# Arguments:
205	+#-----------
206	+# target=<name> == Mapping name for partition.
207	+# swap=<name> == Mapping name for swap partition.
208	+# source='<dev>' == Real device for partition.
209	+# Note: You can (and should) specify a tag like UUID
210	+# for blkid (see -t option). This is safer than using
211	+# the full path to the device.
212	+# key='</path/to/keyfile>[:<mode>]' == Fullpath from / or from inside removable media.
213	+# remdev='<dev>' == Device that will be assigned to removable media.
214	+# gpg_options='<opts>' == Default are --quiet --decrypt
215	+# options='<opts>' == cryptsetup, for LUKS you can only use --readonly
216	+# loop_file='<file>' == Loopback file.
217	+# Note: If you omit $source, then a free loopback will
218	+# be looked up automatically.
219	+# pre_mount='cmds' == commands to execute before mounting partition.
220	+# post_mount='cmds' == commands to execute after mounting partition.
221	+#-----------
222	+# Supported Modes
223	+# gpg == decrypt and pipe key into cryptsetup.
224	+# Note: new-line character must not be part of key.
225	+# Command to erase \n char: 'cat key \| tr -d '\n' > cleanKey'
226	+
227	+#--------------------
228	+# dm-crypt examples
229	+#--------------------
230	+
231	+## swap
232	+# Swap partitions. These should come first so that no keys make their
233	+# way into unencrypted swap.
234	+# If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom
235	+# If no makefs is given then mkswap will be assumed
236	+#swap=crypt-swap
237	+#source='/dev/hda2'
238	+
239	+## /home with passphrase
240	+#target=crypt-home
241	+#source='/dev/hda5'
242	+
243	+## /home with regular keyfile
244	+#target=crypt-home
245	+#source='/dev/hda5'
246	+#key='/full/path/to/homekey'
247	+
248	+## /home with gpg protected key
249	+#target=crypt-home
250	+#source='/dev/hda5'
251	+#key='/full/path/to/homekey:gpg'
252	+
253	+## /home with regular keyfile on removable media(such as usb-stick)
254	+#target=crypt-home
255	+#source='/dev/hda5'
256	+#key='/full/path/to/homekey'
257	+#remdev='/dev/sda1'
258	+
259	+## /home with gpg protected key on removable media(such as usb-stick)
260	+#target=crypt-home
261	+#source='/dev/hda5'
262	+#key='/full/path/to/homekey:gpg'
263	+#remdev='/dev/sda1'
264	+
265	+## /tmp with regular keyfile
266	+#target=crypt-tmp
267	+#source='/dev/hda6'
268	+#key='/full/path/to/tmpkey'
269	+#pre_mount='/sbin/mkreiserfs -f -f ${dev}'
270	+#post_mount='chown root:root ${mount_point}; chmod 1777 ${mount_point}'
271	+
272	+## Loopback file example
273	+#target='crypt-loop-home'
274	+#source='/dev/loop0'
275	+#loop_file='/mnt/crypt/home'
276	+
277	+# The file must be terminated by a newline. Or leave this comment last.
278
279	diff --git a/sys-fs/cryptsetup/files/2.0.5-dmcrypt.rc b/sys-fs/cryptsetup/files/2.0.5-dmcrypt.rc
280	new file mode 100644
281	index 00000000000..555d216b50d
282	--- /dev/null
283	+++ b/sys-fs/cryptsetup/files/2.0.5-dmcrypt.rc
284	@@ -0,0 +1,340 @@
285	+#!/sbin/openrc-run
286	+# Copyright 1999-2018 Gentoo Authors
287	+# Distributed under the terms of the GNU General Public License v2
288	+
289	+depend() {
290	+ after keymaps
291	+ before checkfs fsck
292	+
293	+ if grep -qs ^swap= "${conf_file}" ; then
294	+ before swap
295	+ fi
296	+}
297	+
298	+# We support multiple dmcrypt instances based on $SVCNAME
299	+conf_file="/etc/conf.d/${SVCNAME}"
300	+
301	+# Get splash helpers if available.
302	+if [ -e /sbin/splash-functions.sh ] ; then
303	+ . /sbin/splash-functions.sh
304	+fi
305	+
306	+# Setup mappings for an individual target/swap
307	+# Note: This relies on variables localized in the main body below.
308	+dm_crypt_execute() {
309	+ local dev ret mode foo
310	+
311	+ if [ -z "${target}" -a -z "${swap}" ] ; then
312	+ return
313	+ fi
314	+
315	+ # Set up default values.
316	+ : ${dmcrypt_key_timeout:=1}
317	+ : ${dmcrypt_max_timeout:=300}
318	+ : ${dmcrypt_retries:=5}
319	+
320	+ # Handle automatic look up of the source path.
321	+ if [ -z "${source}" -a -n "${loop_file}" ] ; then
322	+ source=$(losetup --show -f "${loop_file}")
323	+ fi
324	+ case ${source} in
325	+ =)
326	+ source=$(blkid -l -t "${source}" -o device)
327	+ ;;
328	+ esac
329	+ if [ -z "${source}" ] \|\| [ ! -e "${source}" ] ; then
330	+ ewarn "source \"${source}\" for ${target} missing, skipping..."
331	+ return
332	+ fi
333	+
334	+ if [ -n "${target}" ] ; then
335	+ # let user set options, otherwise leave empty
336	+ : ${options:=' '}
337	+ elif [ -n "${swap}" ] ; then
338	+ if cryptsetup isLuks ${source} 2>/dev/null ; then
339	+ ewarn "The swap you have defined is a LUKS partition. Aborting crypt-swap setup."
340	+ return
341	+ fi
342	+ target=${swap}
343	+ # swap contents do not need to be preserved between boots, luks not required.
344	+ # suspend2 users should have initramfs's init handling their swap partition either way.
345	+ : ${options:='-c aes -h sha1 -d /dev/urandom'}
346	+ : ${pre_mount:='mkswap ${dev}'}
347	+ fi
348	+
349	+ if [ -n "${loop_file}" ] ; then
350	+ dev="/dev/mapper/${target}"
351	+ ebegin " Setting up loop device ${source}"
352	+ losetup ${source} ${loop_file}
353	+ fi
354	+
355	+ # cryptsetup:
356	+ # open <device> <name> # <device> is $source
357	+ # create <name> <device> # <name> is $target
358	+ local arg1="create" arg2="${target}" arg3="${source}"
359	+ if cryptsetup isLuks ${source} 2>/dev/null ; then
360	+ arg1="open"
361	+ arg2="${source}"
362	+ arg3="${target}"
363	+ fi
364	+
365	+ # Older versions reported:
366	+ # ${target} is active:
367	+ # Newer versions report:
368	+ # ${target} is active[ and is in use.]
369	+ if cryptsetup status ${target} \| egrep -q ' is active' ; then
370	+ einfo "dm-crypt mapping ${target} is already configured"
371	+ return
372	+ fi
373	+ splash svc_input_begin ${SVCNAME} >/dev/null 2>&1
374	+
375	+ # Handle keys
376	+ if [ -n "${key}" ] ; then
377	+ read_abort() {
378	+ # some colors
379	+ local ans savetty resettty
380	+ [ -z "${NORMAL}" ] && eval $(eval_ecolors)
381	+ einfon " $1? (${WARN}yes${NORMAL}/${GOOD}No${NORMAL}) "
382	+ shift
383	+ # This is ugly as s**t. But POSIX doesn't provide `read -t`, so
384	+ # we end up having to implement our own crap with stty/etc...
385	+ savetty=$(stty -g)
386	+ resettty='stty ${savetty}; trap - EXIT HUP INT TERM'
387	+ trap 'eval "${resettty}"' EXIT HUP INT TERM
388	+ stty -icanon
389	+ stty min 0 time "$(( $2 * 10 ))"
390	+ ans=$(dd count=1 bs=1 2>/dev/null) \|\| ans=''
391	+ eval "${resettty}"
392	+ if [ -z "${ans}" ] ; then
393	+ printf '\r'
394	+ else
395	+ echo
396	+ fi
397	+ case ${ans} in
398	+ [yY]) return 0;;
399	+ *) return 1;;
400	+ esac
401	+ }
402	+
403	+ # Notes: sed not used to avoid case where /usr partition is encrypted.
404	+ mode=${key##*:} && ( [ "${mode}" = "${key}" ] \|\| [ -z "${mode}" ] ) && mode=reg
405	+ key=${key%:*}
406	+ case "${mode}" in
407	+ gpg\|reg)
408	+ # handle key on removable device
409	+ if [ -n "${remdev}" ] ; then
410	+ # temp directory to mount removable device
411	+ local mntrem="${RC_SVCDIR}/dm-crypt-remdev.$$"
412	+ if [ ! -d "${mntrem}" ] ; then
413	+ if ! mkdir -p "${mntrem}" ; then
414	+ ewarn "${source} will not be decrypted ..."
415	+ einfo "Reason: Unable to create temporary mount point '${mntrem}'"
416	+ return
417	+ fi
418	+ fi
419	+ i=0
420	+ einfo "Please insert removable device for ${target}"
421	+ while [ ${i} -lt ${dmcrypt_max_timeout} ] ; do
422	+ foo=""
423	+ if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then
424	+ # keyfile exists?
425	+ if [ ! -e "${mntrem}${key}" ] ; then
426	+ umount -n "${mntrem}"
427	+ rmdir "${mntrem}"
428	+ einfo "Cannot find ${key} on removable media."
429	+ read_abort "Abort" ${dmcrypt_key_timeout} && return
430	+ else
431	+ key="${mntrem}${key}"
432	+ break
433	+ fi
434	+ else
435	+ [ -e "${remdev}" ] \
436	+ && foo="mount failed" \
437	+ \|\| foo="mount source not found"
438	+ fi
439	+ : $((i += 1))
440	+ read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return
441	+ done
442	+ else # keyfile ! on removable device
443	+ if [ ! -e "${key}" ] ; then
444	+ ewarn "${source} will not be decrypted ..."
445	+ einfo "Reason: keyfile ${key} does not exist."
446	+ return
447	+ fi
448	+ fi
449	+ ;;
450	+ *)
451	+ ewarn "${source} will not be decrypted ..."
452	+ einfo "Reason: mode ${mode} is invalid."
453	+ return
454	+ ;;
455	+ esac
456	+ else
457	+ mode=none
458	+ fi
459	+ ebegin " ${target} using: ${options} ${arg1} ${arg2} ${arg3}"
460	+ if [ "${mode}" = "gpg" ] ; then
461	+ : ${gpg_options:='-q -d'}
462	+ # gpg available ?
463	+ if command -v gpg >/dev/null ; then
464	+ i=0
465	+ while [ ${i} -lt ${dmcrypt_retries} ] ; do
466	+ # paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.
467	+ # save stdin stdout stderr "values"
468	+ timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null \| \
469	+ cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3}
470	+ ret=$?
471	+ # The timeout command exits 124 when it times out.
472	+ [ ${ret} -eq 0 -o ${ret} -eq 124 ] && break
473	+ : $(( i += 1 ))
474	+ done
475	+ eend ${ret} "failure running cryptsetup"
476	+ else
477	+ ewarn "${source} will not be decrypted ..."
478	+ einfo "Reason: cannot find gpg application."
479	+ einfo "You have to install app-crypt/gnupg first."
480	+ einfo "If you have /usr on its own partition, try copying gpg to /bin ."
481	+ fi
482	+ else
483	+ if [ "${mode}" = "reg" ] ; then
484	+ cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3}
485	+ ret=$?
486	+ eend ${ret} "failure running cryptsetup"
487	+ else
488	+ cryptsetup ${options} ${arg1} ${arg2} ${arg3}
489	+ ret=$?
490	+ eend ${ret} "failure running cryptsetup"
491	+ fi
492	+ fi
493	+ if [ -d "${mntrem}" ] ; then
494	+ umount -n ${mntrem} 2>/dev/null >/dev/null
495	+ rmdir ${mntrem} 2>/dev/null >/dev/null
496	+ fi
497	+ splash svc_input_end ${SVCNAME} >/dev/null 2>&1
498	+
499	+ if [ ${ret} -ne 0 ] ; then
500	+ cryptfs_status=1
501	+ else
502	+ if [ -n "${pre_mount}" ] ; then
503	+ dev="/dev/mapper/${target}"
504	+ eval ebegin \"" pre_mount: ${pre_mount}"\"
505	+ eval "${pre_mount}" > /dev/null
506	+ ewend $? \|\| cryptfs_status=1
507	+ fi
508	+ fi
509	+}
510	+
511	+# Lookup optional bootparams
512	+get_bootparam_val() {
513	+ # We're given something like:
514	+ # foo=bar=cow
515	+ # Return the "bar=cow" part.
516	+ case $1 in
517	+ =)
518	+ echo "${1#*=}"
519	+ ;;
520	+ esac
521	+}
522	+
523	+start() {
524	+ local header=true cryptfs_status=0
525	+ local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev
526	+
527	+ local x
528	+ for x in $(cat /proc/cmdline) ; do
529	+ case "${x}" in
530	+ key_timeout=*)
531	+ dmcrypt_key_timeout=$(get_bootparam_val "${x}")
532	+ ;;
533	+ esac
534	+ done
535	+
536	+ while read targetline <&3 ; do
537	+ case ${targetline} in
538	+ # skip comments and blank lines
539	+ ""\|"#"*) continue ;;
540	+ # skip service-specific openrc configs #377927
541	+ rc_*) continue ;;
542	+ esac
543	+
544	+ ${header} && ebegin "Setting up dm-crypt mappings"
545	+ header=false
546	+
547	+ # check for the start of a new target/swap
548	+ case ${targetline} in
549	+ target=\|swap=)
550	+ # If we have a target queued up, then execute it
551	+ dm_crypt_execute
552	+
553	+ # Prepare for the next target/swap by resetting variables
554	+ unset gpg_options key loop_file target options pre_mount post_mount source swap remdev
555	+ ;;
556	+
557	+ gpg_options=\|remdev=\|key=\|loop_file=\|options=\|pre_mount=\|post_mount=\|source=)
558	+ if [ -z "${target}${swap}" ] ; then
559	+ ewarn "Ignoring setting outside target/swap section: ${targetline}"
560	+ continue
561	+ fi
562	+ ;;
563	+
564	+ dmcrypt_=)
565	+ # ignore global options
566	+ continue
567	+ ;;
568	+
569	+ *)
570	+ ewarn "Skipping invalid line in ${conf_file}: ${targetline}"
571	+ ;;
572	+ esac
573	+
574	+ # Queue this setting for the next call to dm_crypt_execute
575	+ eval "${targetline}"
576	+ done 3< ${conf_file}
577	+
578	+ # If we have a target queued up, then execute it
579	+ dm_crypt_execute
580	+
581	+ ewend ${cryptfs_status} "Failed to setup dm-crypt devices"
582	+}
583	+
584	+stop() {
585	+ local line header
586	+
587	+ # Break down all mappings
588	+ header=true
589	+ egrep "^(target\|swap)=" ${conf_file} \| \
590	+ while read line ; do
591	+ ${header} && einfo "Removing dm-crypt mappings"
592	+ header=false
593	+
594	+ target= swap=
595	+ eval ${line}
596	+
597	+ [ -n "${swap}" ] && target=${swap}
598	+ if [ -z "${target}" ] ; then
599	+ ewarn "invalid line in ${conf_file}: ${line}"
600	+ continue
601	+ fi
602	+
603	+ ebegin " ${target}"
604	+ cryptsetup remove ${target}
605	+ eend $?
606	+ done
607	+
608	+ # Break down loop devices
609	+ header=true
610	+ grep '^source=./dev/loop' ${conf_file} \| \
611	+ while read line ; do
612	+ ${header} && einfo "Detaching dm-crypt loop devices"
613	+ header=false
614	+
615	+ source=
616	+ eval ${line}
617	+
618	+ ebegin " ${source}"
619	+ losetup -d "${source}"
620	+ eend $?
621	+ done
622	+
623	+ return 0
624	+}

Gentoo Archives: gentoo-commits