gentoo resync : 03.11.2018

author: V3n3RiX <venerix@redcorelinux.org> 2018-11-03 08:36:22 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2018-11-03 08:36:22 +0000
commit: f65628136faa35d0c4d3b5e7332275c7b35fcd96 (patch)
tree: 021998302365c5652e37824b6c26d4d969a62055 /sys-fs/cryptsetup
parent: 70b82ae359a5538711e103b0e8dfb92654296644 (diff)
5 files changed, 473 insertions, 12 deletions
diff --git a/sys-fs/cryptsetup/Manifest b/sys-fs/cryptsetup/Manifest
index b699e5c98cbc..996f80daab70 100644
--- a/sys-fs/cryptsetup/Manifest
+++ b/sys-fs/cryptsetup/Manifest
@@ -1,12 +1,14 @@
 AUX 1.6.7-dmcrypt.confd 3919 BLAKE2B 99e81cfe932dda45062966ada065da418500e58499af0f5ed18b7367cb6bc1b3fae1d4a0d4094ebf36c00292a4d4e2606026a65df66d5a96d01a0b9d5f6aa5e5 SHA512 74422d5e1614b43af894ea01da1ea80d805ec7f77981cbb80a6b1a4becad737a8825d7269812499095a7f50d39fa7da5bf4e4edae63529b1fe87b9176943a733
 AUX 1.6.7-dmcrypt.rc 8815 BLAKE2B 9e88475af36f7ab3c7b48672ecf64e885e7be4b1af27c2f41f74fe8640163ac272d44bfbbfeb0befb1af337f88d2711f27003575758d16c5f8104db0fabc2cb9 SHA512 fdbf44f7508ca10ab89e858c206fd9dc397a11d8a553045584ab95046c309a84dd6c7ab0c0ea63c66f7d52b31ed3a1ce46d5ce2ce2588f0d6593a1c4cc1c4194
+AUX 2.0.5-dmcrypt.confd 4061 BLAKE2B b2868ccb99dd172cf0bed8caefb96cabec324122c29fb79fa8112727a53f6f0ae518ddcf88d1b4b2d9cfe7e8f39799e68cd381ecac39a010bed76b5f4f0efb49 SHA512 fcb697e2b95c124d2c5524d0c66435e09dc3a93641e09eda8bedb437fb26f727137e5c9a62bbce465f951e774ac12a18a1f1f3ff5803e9b45c7ccf07227ea3b5
+AUX 2.0.5-dmcrypt.rc 8827 BLAKE2B d4604b8f78d6ab6b4b64b6be64f8706b01aec320ef0c61d8d7d789dc49c42f5b1d2ed606ecbcff7bc654c73460987b4610e92f790b356ad02da2b05eb55851a9 SHA512 946c76a16e327bbe48b83866123e1f797add485583241b9190e63fd537e478f4163b8c1c383dc16241e9c35ad561baf771024c517343522b212bd2132f8d056a
 AUX cryptsetup-2.0.4-fix-static-pwquality-build.patch 427 BLAKE2B dfdc56c6627084732973254cd52c48f0869aa7b4c58e466840a87f77c1d4fb09ae37295fb54e980abccfdfe51dc63161e188a0be9bb4bf3c69d7731120f84bac SHA512 23b5f9b21ec86c92787bfc8744682ce0777dfa87e1de97afbb8db33c4587f1e2c8e5f8c9d0fa56ca801d7795739f9a66f14633d8a3904ea68ddd58ddc3863adf
 AUX setup-1.7.0.py 788 BLAKE2B dc7a2dbc2187f233f4fae9d85bbec9e2152259a45094f10ab043b36e31d80d40772795cb5f9911b0e9a3aa41d8f1773c0e60aa6da1a530165a26384c65532117 SHA512 823fe8a90a76de9f259a5b69425601b78a0b6c1204cda613e224cc21e4eebc2b22b4be9f53efe843156c45a20a099385bc4dad6d653a26749336023d3ae5de89
 DIST cryptsetup-1.7.5.tar.xz 1232696 BLAKE2B 1bd62b186564e0b902480d66f623074f8d2f06ea09f11788566e33d58f7d0dc8c79d5827e5966e1a20a5597c2cbdec76da49c8f54c0538a1ac3f869d8ef55456 SHA512 d473f7b06d705a3868a70f3767fafc664436b5897ba59025ea1268f815cb80a9076841ff9ff96cc130fb83ba18b03c1eee38cfaf1b471fdd883a3e126b771439
-DIST cryptsetup-2.0.3.tar.xz 10125548 BLAKE2B 871df4c248151394f5abc907209b6df636049e5a1ff72161af091d36963ef68adee14e5e1867d779c9419e489aa9bea7562608b239a8fe361b769f0cc14daaf0 SHA512 f5ac54aa9614b234f2d1e84758a98914d283b669f4ab5cbe0ed7cdf25ce77f2d1abdf1e5b5010d803971f0e29120954110ee4fcc538137b04fbdc13b7804385e
 DIST cryptsetup-2.0.4.tar.xz 10444544 BLAKE2B 95c18eefe99c27d05e347440d77e4ff53dcc110822dc706e2284e3203da9069acbd8afedb8d596a0f832bdadea0597b75af58a22af712818a3e0aae2824e51b7 SHA512 74d442c7c7837da719a14aefa8bf0b5dffbb050acd6fbd140c50d43470c828f79fdcf7cd6acf1c149a4e1129a100059df6216b7d8ca04eb0b070cb8d4ca33e61
+DIST cryptsetup-2.0.5.tar.xz 10476304 BLAKE2B cf1e335fce48a7bf835b2008dfc0a96ef35d344e2c9f6a0a5a2ff45644f9015311e99b8f9e05b0b23cad69d74f91dd1b7cdd766560fb6504e7453d6e46bea186 SHA512 bac3f5fde1be02d325c097f85e77aef44ce764c1bca7f0554cedd69b9444e5a5529f11b9ae74d36dc1977e88e11422a58dfa17e48559eac7f5e6c4ce332409ae
 EBUILD cryptsetup-1.7.5-r1.ebuild 4041 BLAKE2B 3f8868734f9ed2d1a635762348632b00520b243738c9f907866225e981bd7534d38f746c2eda2292cfaa395f77e431cd4b479ba97294d187c9d7de3b3f6047c5 SHA512 d41b3eb764e68fe72d1e4d2ee725a66030f03cfe7ea7d9046cc0dfaf673062229e9ade2a356b81112e8955cc8536916caae949716aebf3b0d4bfb8ce8f2190c7
-EBUILD cryptsetup-2.0.3-r1.ebuild 4094 BLAKE2B e145fd62d995b06b5326e7d2989d84e0fd265fa7357e561a61edc283c0b02cce3bfcf77b162e36b9477349d4920c788899840261628173b7fc6536c8094de24c SHA512 278cd2e0d788d3aacec7bd64592509c912ccc915bc8e432cbbfd50528143e6dae7736adc6049fc0f0de997fee68c1b96fd63ac9986cfe538d9a82943e04a6784
 EBUILD cryptsetup-2.0.4-r1.ebuild 4136 BLAKE2B 1eaddb9cda051ec1047e8746aaabfa0446fa6a426eaabae091e2bb99d9748f869b4092611fb436655ce20fa85ae5150be672387db684a273cf9697d91453ed0c SHA512 977769e4fa394fd70c5f67cfdb270f76c8aa483f841f87948ee1c72097f105a5ed0f177cb2c73ba5b33a24026e3183b2dacf84c08edcd8a2f4d7981898f2d8fb
-EBUILD cryptsetup-2.0.4.ebuild 4075 BLAKE2B ae6d7638bb9b6feb6efa42f434276caf592e97c3c2b299a44b9b05e7239324c1b6814cf4f76759bd5f1b770c7b0cbff72ef98d9005aa59f97443437b0c39e008 SHA512 20de52d01b97851b9a8f10c058573d5bcd85ac4b0f766e5fae64c0fc766a131f75caef564999f8c73ebd9060b461fbc42bf3a3a2a0425fa730e9d0c5cb98d507
+EBUILD cryptsetup-2.0.5-r1.ebuild 4140 BLAKE2B 411e5b149c8946261c57a25005fa15a572ae187461fdb8dad847abb9e24605036aed42f499aec94bc31008f346cad9633d9af6ef85231c57bab1b4ebb0793dc7 SHA512 20184bdfbc797d3a86dc655b2e096f85f52c461fb3b6bee061a2b96013f13731137b4d6aeea8cd027fd838b22c84329b0b3ad198c448d5bab1ccca4037bb0d3d
+EBUILD cryptsetup-2.0.5.ebuild 4140 BLAKE2B 7cb64bd81f835aea5ae764a3f4008cd29c51d9075da702af038c5d1df96c46a4808930bf30a3832627e3892d595ee04429c3e11d35acfe1d830c128333cfcc9f SHA512 64e4ce816fc022eb32e0cf56b392d46076fee297a0061084c7c358899500b3eaac88754ebed852e7b1db3d14a7db6cf18c31ea986a14262386bd0521fa13c20a
 MISC metadata.xml 974 BLAKE2B 7dc6d2696e918f5a5c195194f70ec053bac4bfc84510234ae63a4bebb8363b72e9b1fcc331312c938839a633c95dae1e88dc24bf8ca0602cefc8bb8ab1c822c0 SHA512 a5c9ab70c75af24d3ffdd076f1eb61c6eec3b388a417f611f8988bf3f2da5daaffaab461b50c995e572d2d800c726ca960e78c3c17dd2a40788fcf48e4158f41
diff --git a/sys-fs/cryptsetup/cryptsetup-2.0.3-r1.ebuild b/sys-fs/cryptsetup/cryptsetup-2.0.5-r1.ebuild
index 90930f1120c1..5f5526582fe8 100644
--- a/sys-fs/cryptsetup/cryptsetup-2.0.3-r1.ebuild
+++ b/sys-fs/cryptsetup/cryptsetup-2.0.5-r1.ebuild
@@ -1,15 +1,15 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
 
-PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6,3_7} )
+PYTHON_COMPAT=( python{2_7,3_{4,5,6,7}} )
 
-inherit autotools python-single-r1 linux-info libtool ltprune versionator
+inherit autotools python-single-r1 linux-info libtool eapi7-ver
 
 DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
 HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
-SRC_URI="mirror://kernel/linux/utils/${PN}/v$(get_version_component_range 1-2)/${P/_/-}.tar.xz"
+SRC_URI="mirror://kernel/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz"
 
 LICENSE="GPL-2+"
 SLOT="0/12" # libcryptsetup.so version
@@ -50,6 +50,8 @@ DEPEND="${RDEPEND}
 
 S="${WORKDIR}/${P/_/-}"
 
+PATCHES=( "${FILESDIR}"/${PN}-2.0.4-fix-static-pwquality-build.patch )
+
 pkg_setup() {
 	local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
 	local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
@@ -119,10 +121,10 @@ src_install() {
 		mv "${ED%}"/sbin/veritysetup{.static,} || die
 		use reencrypt && { mv "${ED%}"/sbin/cryptsetup-reencrypt{.static,} || die ; }
 	fi
-	prune_libtool_files --modules
+	find "${ED}" -name "*.la" -delete || die
 
 	dodoc docs/v*ReleaseNotes
 
-	newconfd "${FILESDIR}"/1.6.7-dmcrypt.confd dmcrypt
-	newinitd "${FILESDIR}"/1.6.7-dmcrypt.rc dmcrypt
+	newconfd "${FILESDIR}"/2.0.5-dmcrypt.confd dmcrypt
+	newinitd "${FILESDIR}"/2.0.5-dmcrypt.rc dmcrypt
 }
diff --git a/sys-fs/cryptsetup/cryptsetup-2.0.4.ebuild b/sys-fs/cryptsetup/cryptsetup-2.0.5.ebuild
index a0458bbe4f6d..1441e14c0072 100644
--- a/sys-fs/cryptsetup/cryptsetup-2.0.4.ebuild
+++ b/sys-fs/cryptsetup/cryptsetup-2.0.5.ebuild
@@ -1,9 +1,9 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
 
-PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6,3_7} )
+PYTHON_COMPAT=( python{2_7,3_{4,5,6,7}} )
 
 inherit autotools python-single-r1 linux-info libtool eapi7-ver
 
@@ -50,6 +50,8 @@ DEPEND="${RDEPEND}
 
 S="${WORKDIR}/${P/_/-}"
 
+PATCHES=( "${FILESDIR}"/${PN}-2.0.4-fix-static-pwquality-build.patch )
+
 pkg_setup() {
 	local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
 	local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
diff --git a/sys-fs/cryptsetup/files/2.0.5-dmcrypt.confd b/sys-fs/cryptsetup/files/2.0.5-dmcrypt.confd
new file mode 100644
index 000000000000..977d4b3172d7
--- /dev/null
+++ b/sys-fs/cryptsetup/files/2.0.5-dmcrypt.confd
@@ -0,0 +1,115 @@
+# /etc/conf.d/dmcrypt
+
+# For people who run dmcrypt on top of some other layer (like raid),
+# use rc_need to specify that requirement.  See the runscript(8) man
+# page for more information.
+
+# Along the same lines, if  dmcrypt needs to be running before
+# localmount or netmount, please use rc_before to specify this
+# requirement.
+
+#--------------------
+# Instructions
+#--------------------
+
+# Note regarding the syntax of this file.  This file is *almost* bash,
+# but each line is evaluated separately.  Separate swaps/targets can be
+# specified.  The init-script which reads this file assumes that a
+# swap= or target= line starts a new section, similar to lilo or grub
+# configuration.
+
+# Note when using gpg keys and /usr on a separate partition, you will
+# have to copy /usr/bin/gpg to /bin/gpg so that it will work properly
+# and ensure that gpg has been compiled statically.
+# See http://bugs.gentoo.org/90482 for more information.
+
+# Note that the init-script which reads this file detects whether your
+# partition is LUKS or not. No mkfs is run unless you specify a makefs
+# option.
+
+# Global options:
+#----------------
+
+# How long to wait for each timeout (in seconds).
+dmcrypt_key_timeout=1
+
+# Max number of checks to perform (see dmcrypt_key_timeout).
+#dmcrypt_max_timeout=300
+
+# Number of password retries.
+dmcrypt_retries=5
+
+# Arguments:
+#-----------
+# target=<name>                      == Mapping name for partition.
+# swap=<name>                        == Mapping name for swap partition.
+# source='<dev>'                     == Real device for partition.
+#                                    Note: You can (and should) specify a tag like UUID
+#                                    for blkid (see -t option).  This is safer than using
+#                                    the full path to the device.
+# key='</path/to/keyfile>[:<mode>]'  == Fullpath from / or from inside removable media.
+# remdev='<dev>'                     == Device that will be assigned to removable media.
+# gpg_options='<opts>'               == Default are --quiet --decrypt
+# options='<opts>'                   == cryptsetup, for LUKS you can only use --readonly
+# loop_file='<file>'                 == Loopback file.
+#                                    Note: If you omit $source, then a free loopback will
+#                                    be looked up automatically.
+# pre_mount='cmds'                   == commands to execute before mounting partition.
+# post_mount='cmds'                  == commands to execute after mounting partition.
+#-----------
+# Supported Modes
+# gpg					== decrypt and pipe key into cryptsetup.
+#						Note: new-line character must not be part of key.
+#						Command to erase \n char: 'cat key | tr -d '\n' > cleanKey'
+
+#--------------------
+# dm-crypt examples
+#--------------------
+
+## swap
+# Swap partitions. These should come first so that no keys make their
+# way into unencrypted swap.
+# If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom
+# If no makefs is given then mkswap will be assumed
+#swap=crypt-swap
+#source='/dev/hda2'
+
+## /home with passphrase
+#target=crypt-home
+#source='/dev/hda5'
+
+## /home with regular keyfile
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey'
+
+## /home with gpg protected key
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey:gpg'
+
+## /home with regular keyfile on removable media(such as usb-stick)
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey'
+#remdev='/dev/sda1'
+
+## /home with gpg protected key on removable media(such as usb-stick)
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey:gpg'
+#remdev='/dev/sda1'
+
+## /tmp with regular keyfile
+#target=crypt-tmp
+#source='/dev/hda6'
+#key='/full/path/to/tmpkey'
+#pre_mount='/sbin/mkreiserfs -f -f ${dev}'
+#post_mount='chown root:root ${mount_point}; chmod 1777 ${mount_point}'
+
+## Loopback file example
+#target='crypt-loop-home'
+#source='/dev/loop0'
+#loop_file='/mnt/crypt/home'
+
+# The file must be terminated by a newline.  Or leave this comment last.
diff --git a/sys-fs/cryptsetup/files/2.0.5-dmcrypt.rc b/sys-fs/cryptsetup/files/2.0.5-dmcrypt.rc
new file mode 100644
index 000000000000..555d216b50d2
--- /dev/null
+++ b/sys-fs/cryptsetup/files/2.0.5-dmcrypt.rc
@@ -0,0 +1,340 @@
+#!/sbin/openrc-run
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+	after keymaps
+	before checkfs fsck
+
+	if grep -qs ^swap= "${conf_file}" ; then
+		before swap
+	fi
+}
+
+# We support multiple dmcrypt instances based on $SVCNAME
+conf_file="/etc/conf.d/${SVCNAME}"
+
+# Get splash helpers if available.
+if [ -e /sbin/splash-functions.sh ] ; then
+	. /sbin/splash-functions.sh
+fi
+
+# Setup mappings for an individual target/swap
+# Note: This relies on variables localized in the main body below.
+dm_crypt_execute() {
+	local dev ret mode foo
+
+	if [ -z "${target}" -a -z "${swap}" ] ; then
+		return
+	fi
+
+	# Set up default values.
+	: ${dmcrypt_key_timeout:=1}
+	: ${dmcrypt_max_timeout:=300}
+	: ${dmcrypt_retries:=5}
+
+	# Handle automatic look up of the source path.
+	if [ -z "${source}" -a -n "${loop_file}" ] ; then
+		source=$(losetup --show -f "${loop_file}")
+	fi
+	case ${source} in
+	*=*)
+		source=$(blkid -l -t "${source}" -o device)
+		;;
+	esac
+	if [ -z "${source}" ] || [ ! -e "${source}" ] ; then
+		ewarn "source \"${source}\" for ${target} missing, skipping..."
+		return
+	fi
+
+	if [ -n "${target}" ] ; then
+		# let user set options, otherwise leave empty
+		: ${options:=' '}
+	elif [ -n "${swap}" ] ; then
+		if cryptsetup isLuks ${source} 2>/dev/null ; then
+			ewarn "The swap you have defined is a LUKS partition. Aborting crypt-swap setup."
+			return
+		fi
+		target=${swap}
+		# swap contents do not need to be preserved between boots, luks not required.
+		# suspend2 users should have initramfs's init handling their swap partition either way.
+		: ${options:='-c aes -h sha1 -d /dev/urandom'}
+		: ${pre_mount:='mkswap ${dev}'}
+	fi
+
+	if [ -n "${loop_file}" ] ; then
+		dev="/dev/mapper/${target}"
+		ebegin "  Setting up loop device ${source}"
+		losetup ${source} ${loop_file}
+	fi
+
+	# cryptsetup:
+	# open   <device> <name>      # <device> is $source
+	# create <name>   <device>    # <name>   is $target
+	local arg1="create" arg2="${target}" arg3="${source}"
+	if cryptsetup isLuks ${source} 2>/dev/null ; then
+		arg1="open"
+		arg2="${source}"
+		arg3="${target}"
+	fi
+
+	# Older versions reported:
+	#	${target} is active:
+	# Newer versions report:
+	#	${target} is active[ and is in use.]
+	if cryptsetup status ${target} | egrep -q ' is active' ; then
+		einfo "dm-crypt mapping ${target} is already configured"
+		return
+	fi
+	splash svc_input_begin ${SVCNAME} >/dev/null 2>&1
+
+	# Handle keys
+	if [ -n "${key}" ] ; then
+		read_abort() {
+			# some colors
+			local ans savetty resettty
+			[ -z "${NORMAL}" ] && eval $(eval_ecolors)
+			einfon "  $1? (${WARN}yes${NORMAL}/${GOOD}No${NORMAL}) "
+			shift
+			# This is ugly as s**t.  But POSIX doesn't provide `read -t`, so
+			# we end up having to implement our own crap with stty/etc...
+			savetty=$(stty -g)
+			resettty='stty ${savetty}; trap - EXIT HUP INT TERM'
+			trap 'eval "${resettty}"' EXIT HUP INT TERM
+			stty -icanon
+			stty min 0 time "$(( $2 * 10 ))"
+			ans=$(dd count=1 bs=1 2>/dev/null) || ans=''
+			eval "${resettty}"
+			if [ -z "${ans}" ] ; then
+				printf '\r'
+			else
+				echo
+			fi
+			case ${ans} in
+				[yY]) return 0;;
+				*) return 1;;
+			esac
+		}
+
+		# Notes: sed not used to avoid case where /usr partition is encrypted.
+		mode=${key##*:} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg
+		key=${key%:*}
+		case "${mode}" in
+		gpg|reg)
+			# handle key on removable device
+			if [ -n "${remdev}" ] ; then
+				# temp directory to mount removable device
+				local mntrem="${RC_SVCDIR}/dm-crypt-remdev.$$"
+				if [ ! -d "${mntrem}" ] ; then
+					if ! mkdir -p "${mntrem}" ; then
+						ewarn "${source} will not be decrypted ..."
+						einfo "Reason: Unable to create temporary mount point '${mntrem}'"
+						return
+					fi
+				fi
+				i=0
+				einfo "Please insert removable device for ${target}"
+				while [ ${i} -lt ${dmcrypt_max_timeout} ] ; do
+					foo=""
+					if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then
+						# keyfile exists?
+						if [ ! -e "${mntrem}${key}" ] ; then
+							umount -n "${mntrem}"
+							rmdir "${mntrem}"
+							einfo "Cannot find ${key} on removable media."
+							read_abort "Abort" ${dmcrypt_key_timeout} && return
+						else
+							key="${mntrem}${key}"
+							break
+						fi
+					else
+						[ -e "${remdev}" ] \
+							&& foo="mount failed" \
+							|| foo="mount source not found"
+					fi
+					: $((i += 1))
+					read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return
+				done
+			else    # keyfile ! on removable device
+				if [ ! -e "${key}" ] ; then
+					ewarn "${source} will not be decrypted ..."
+					einfo "Reason: keyfile ${key} does not exist."
+					return
+				fi
+			fi
+			;;
+		*)
+			ewarn "${source} will not be decrypted ..."
+			einfo "Reason: mode ${mode} is invalid."
+			return
+			;;
+		esac
+	else
+		mode=none
+	fi
+	ebegin "  ${target} using: ${options} ${arg1} ${arg2} ${arg3}"
+	if [ "${mode}" = "gpg" ] ; then
+		: ${gpg_options:='-q -d'}
+		# gpg available ?
+		if command -v gpg >/dev/null ; then
+			i=0
+			while [ ${i} -lt ${dmcrypt_retries} ] ; do
+				# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.
+				# save stdin stdout stderr "values"
+				timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null | \
+					cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3}
+				ret=$?
+				# The timeout command exits 124 when it times out.
+				[ ${ret} -eq 0 -o ${ret} -eq 124 ] && break
+				: $(( i += 1 ))
+			done
+			eend ${ret} "failure running cryptsetup"
+		else
+			ewarn "${source} will not be decrypted ..."
+			einfo "Reason: cannot find gpg application."
+			einfo "You have to install app-crypt/gnupg first."
+			einfo "If you have /usr on its own partition, try copying gpg to /bin ."
+		fi
+	else
+		if [ "${mode}" = "reg" ] ; then
+			cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3}
+			ret=$?
+			eend ${ret} "failure running cryptsetup"
+		else
+			cryptsetup ${options} ${arg1} ${arg2} ${arg3}
+			ret=$?
+			eend ${ret} "failure running cryptsetup"
+		fi
+	fi
+	if [ -d "${mntrem}" ] ; then
+		umount -n ${mntrem} 2>/dev/null >/dev/null
+		rmdir ${mntrem} 2>/dev/null >/dev/null
+	fi
+	splash svc_input_end ${SVCNAME} >/dev/null 2>&1
+
+	if [ ${ret} -ne 0 ] ; then
+		cryptfs_status=1
+	else
+		if [ -n "${pre_mount}" ] ; then
+			dev="/dev/mapper/${target}"
+			eval ebegin \""    pre_mount: ${pre_mount}"\"
+			eval "${pre_mount}" > /dev/null
+			ewend $? || cryptfs_status=1
+		fi
+	fi
+}
+
+# Lookup optional bootparams
+get_bootparam_val() {
+	# We're given something like:
+	#    foo=bar=cow
+	# Return the "bar=cow" part.
+	case $1 in
+	*=*)
+		echo "${1#*=}"
+		;;
+	esac
+}
+
+start() {
+	local header=true cryptfs_status=0
+	local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev
+
+	local x
+	for x in $(cat /proc/cmdline) ; do
+		case "${x}" in
+		key_timeout=*)
+			dmcrypt_key_timeout=$(get_bootparam_val "${x}")
+			;;
+		esac
+	done
+
+	while read targetline <&3 ; do
+		case ${targetline} in
+		# skip comments and blank lines
+		""|"#"*) continue ;;
+		# skip service-specific openrc configs #377927
+		rc_*) continue ;;
+		esac
+
+		${header} && ebegin "Setting up dm-crypt mappings"
+		header=false
+
+		# check for the start of a new target/swap
+		case ${targetline} in
+		target=*|swap=*)
+			# If we have a target queued up, then execute it
+			dm_crypt_execute
+
+			# Prepare for the next target/swap by resetting variables
+			unset gpg_options key loop_file target options pre_mount post_mount source swap remdev
+			;;
+
+		gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*)
+			if [ -z "${target}${swap}" ] ; then
+				ewarn "Ignoring setting outside target/swap section: ${targetline}"
+				continue
+			fi
+			;;
+
+		dmcrypt_*=*)
+			# ignore global options
+			continue
+			;;
+
+		*)
+			ewarn "Skipping invalid line in ${conf_file}: ${targetline}"
+			;;
+		esac
+
+		# Queue this setting for the next call to dm_crypt_execute
+		eval "${targetline}"
+	done 3< ${conf_file}
+
+	# If we have a target queued up, then execute it
+	dm_crypt_execute
+
+	ewend ${cryptfs_status} "Failed to setup dm-crypt devices"
+}
+
+stop() {
+	local line header
+
+	# Break down all mappings
+	header=true
+	egrep "^(target|swap)=" ${conf_file} | \
+	while read line ; do
+		${header} && einfo "Removing dm-crypt mappings"
+		header=false
+
+		target= swap=
+		eval ${line}
+
+		[ -n "${swap}" ] && target=${swap}
+		if [ -z "${target}" ] ; then
+			ewarn "invalid line in ${conf_file}: ${line}"
+			continue
+		fi
+
+		ebegin "  ${target}"
+		cryptsetup remove ${target}
+		eend $?
+	done
+
+	# Break down loop devices
+	header=true
+	grep '^source=./dev/loop' ${conf_file} | \
+	while read line ; do
+		${header} && einfo "Detaching dm-crypt loop devices"
+		header=false
+
+		source=
+		eval ${line}
+
+		ebegin "  ${source}"
+		losetup -d "${source}"
+		eend $?
+	done
+
+	return 0
+}
author	V3n3RiX <venerix@redcorelinux.org>	2018-11-03 08:36:22 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2018-11-03 08:36:22 +0000
commit	f65628136faa35d0c4d3b5e7332275c7b35fcd96 (patch)
tree	021998302365c5652e37824b6c26d4d969a62055 /sys-fs/cryptsetup
parent	70b82ae359a5538711e103b0e8dfb92654296644 (diff)