Compare commits
52 Commits
Author | SHA1 | Date |
---|---|---|
|
c31e753f4b | |
|
48e35c62a2 | |
|
a826a4b1af | |
|
6d34f800c2 | |
|
91b20b097b | |
|
5dae3701ee | |
|
b28d111460 | |
|
97c67a9548 | |
|
6fbd69e362 | |
|
2894bfabcd | |
|
f2216ba485 | |
|
c5b69b3798 | |
|
2aaaf551a4 | |
|
19de152f74 | |
|
8f83183cd9 | |
|
d2f83644d5 | |
|
7b2adf2f44 | |
|
78e5420049 | |
|
c6eb606826 | |
|
6a7979d571 | |
|
1ff6710715 | |
|
8fab58af59 | |
|
3d0316b6da | |
|
545816c001 | |
|
48a54bccf9 | |
|
6b0d58e6c2 | |
|
85c6d0916a | |
|
56b0682c19 | |
|
538deeaf89 | |
|
d367a1f5c6 | |
|
60cc6e0e99 | |
|
db21301720 | |
|
91a56fa56e | |
|
6de3b0c117 | |
|
020f1c3fa6 | |
|
312c50a77b | |
|
6c38de1557 | |
|
82c3707961 | |
|
4886de908b | |
|
f93fc197bb | |
|
2e6d0e53e8 | |
|
62a674eb0b | |
|
3895626cc2 | |
|
14d952f359 | |
|
b4b07aac45 | |
|
25078df2b2 | |
|
a710b21d0f | |
|
4128c34ecc | |
|
a677246089 | |
|
2c2f8b1b47 | |
|
bee7fb4fb1 | |
|
08740c7ca4 |
|
@ -1,2 +0,0 @@
|
||||||
volume_key-0.2.tar.bz2
|
|
||||||
cryptsetup-1.0.7-rc1.tar.bz2
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
/.project
|
||||||
|
/volume_key-0.3.3.tar.xz
|
||||||
|
/volume_key-0.3.4.tar.xz
|
||||||
|
/volume_key-0.3.5.tar.xz
|
||||||
|
/volume_key-0.3.6.tar.xz
|
||||||
|
/volume_key-0.3.7.tar.xz
|
||||||
|
/volume_key-0.3.8.tar.xz
|
||||||
|
/volume_key-0.3.9.tar.xz
|
||||||
|
/volume_key-0.3.10.tar.xz
|
21
Makefile
21
Makefile
|
@ -1,21 +0,0 @@
|
||||||
# Makefile for source rpm: volume_key
|
|
||||||
# $Id$
|
|
||||||
NAME := volume_key
|
|
||||||
SPECFILE = $(firstword $(wildcard *.spec))
|
|
||||||
|
|
||||||
define find-makefile-common
|
|
||||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
|
||||||
endef
|
|
||||||
|
|
||||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
|
||||||
|
|
||||||
ifeq ($(MAKEFILE_COMMON),)
|
|
||||||
# attept a checkout
|
|
||||||
define checkout-makefile-common
|
|
||||||
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
|
|
||||||
endef
|
|
||||||
|
|
||||||
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
|
|
||||||
endif
|
|
||||||
|
|
||||||
include $(MAKEFILE_COMMON)
|
|
|
@ -1,674 +0,0 @@
|
||||||
Index: lib/libcryptsetup.h
|
|
||||||
===================================================================
|
|
||||||
--- lib/libcryptsetup.h (revision 62)
|
|
||||||
+++ lib/libcryptsetup.h (working copy)
|
|
||||||
@@ -65,6 +65,78 @@
|
|
||||||
int crypt_luksFormat(struct crypt_options *options);
|
|
||||||
int crypt_luksDump(struct crypt_options *options);
|
|
||||||
|
|
||||||
+struct crypt_luks_volume_info;
|
|
||||||
+
|
|
||||||
+/* Get information about DEVICE,
|
|
||||||
+ Return 0 on sucess, setting INFO to the volume information.
|
|
||||||
+ return a negative errno value otherwise, the caller can try to use
|
|
||||||
+ crypt_get_error() to get an error message.
|
|
||||||
+ INFO can be NULL, in which case the function only verifies DEVICE is a valid
|
|
||||||
+ LUKS device.
|
|
||||||
+ If INFO is not not NULL, it should be freed using crypt_luks_vi_free().
|
|
||||||
+*/
|
|
||||||
+int crypt_luks_get_volume_info(struct crypt_luks_volume_info **info,
|
|
||||||
+ const char *device);
|
|
||||||
+
|
|
||||||
+/* Get cipher name from INFO.
|
|
||||||
+ Return a string for free(), or NULL if out of memory. */
|
|
||||||
+char *crypt_luks_vi_get_cipher_name(struct crypt_luks_volume_info *info);
|
|
||||||
+
|
|
||||||
+/* Get cipher mode from INFO.
|
|
||||||
+ Return a string for free(), or NULL if out of memory. */
|
|
||||||
+char *crypt_luks_vi_get_cipher_mode(struct crypt_luks_volume_info *info);
|
|
||||||
+
|
|
||||||
+/* Get number of master key bytes from INFO. */
|
|
||||||
+unsigned crypt_luks_vi_get_key_bytes(struct crypt_luks_volume_info *info);
|
|
||||||
+
|
|
||||||
+/* Get UUID from INFO.
|
|
||||||
+ Return a string for free(), or NULL if out of memory. */
|
|
||||||
+char *crypt_luks_vi_get_uuid(struct crypt_luks_volume_info *info);
|
|
||||||
+
|
|
||||||
+/* Free INFO. */
|
|
||||||
+void crypt_luks_vi_free(struct crypt_luks_volume_info *info);
|
|
||||||
+
|
|
||||||
+/* Get the master key of DEVICE, using PASSPHRASE with PASSPHRASE_LENGTH.
|
|
||||||
+ Return the used slot on success, setting KEY and KEY_LENGTH to the master
|
|
||||||
+ key;
|
|
||||||
+ return a negative errno value otherwise, the caller can try to use
|
|
||||||
+ crypt_get_error() to get an error message.
|
|
||||||
+ The caller is responsible for calling free(KEY) if this function returns
|
|
||||||
+ 0. */
|
|
||||||
+int crypt_luks_get_master_key(unsigned char **key, size_t *key_length,
|
|
||||||
+ const char *device,
|
|
||||||
+ const unsigned char *passphrase,
|
|
||||||
+ size_t passphrase_length,
|
|
||||||
+ void (*log)(int class, char *msg));
|
|
||||||
+
|
|
||||||
+/* Verify that KEY with KEY_LENGTH is valid for DEVICE.
|
|
||||||
+ Return 0 on success.
|
|
||||||
+ Return a negative errno value otherwise, the caller can try to use
|
|
||||||
+ crypt_get_error() to get an error message. */
|
|
||||||
+int crypt_luks_verify_master_key(const char *device, const unsigned char *key,
|
|
||||||
+ size_t key_length);
|
|
||||||
+
|
|
||||||
+/* Open DEVICE using KEY with KEY_LENGTH as NAME.
|
|
||||||
+ Return 0 on success.
|
|
||||||
+ Return a negative errno value otherwise, the caller can try to use
|
|
||||||
+ crypt_get_error() to get an error message. */
|
|
||||||
+int crypt_luks_open_by_master_key(const char *name, const char *device,
|
|
||||||
+ const unsigned char *key, size_t key_length,
|
|
||||||
+ int flags, void (*log)(int class, char *msg));
|
|
||||||
+
|
|
||||||
+/* Add a PASSPHRASE with PASSPHRASE_LENGTH to SLOT of DEVICE, using KEY with
|
|
||||||
+ KEY_LENGTH.
|
|
||||||
+ Return the used slot on success;
|
|
||||||
+ Return a negative errno value otherwise, the caller can try to use
|
|
||||||
+ crypt_get_error() to get an error message.
|
|
||||||
+ SLOT may be -1 to use the first empty slot. */
|
|
||||||
+int crypt_luks_add_passphrase_by_master_key(const char *device,
|
|
||||||
+ const unsigned char *key,
|
|
||||||
+ size_t key_length, int slot,
|
|
||||||
+ const unsigned char *passphrase,
|
|
||||||
+ size_t passphrase_length,
|
|
||||||
+ void (*log)(int class, char *msg));
|
|
||||||
+
|
|
||||||
void crypt_get_error(char *buf, size_t size);
|
|
||||||
void crypt_put_options(struct crypt_options *options);
|
|
||||||
const char *crypt_get_dir(void);
|
|
||||||
Index: lib/setup.c
|
|
||||||
===================================================================
|
|
||||||
--- lib/setup.c (revision 62)
|
|
||||||
+++ lib/setup.c (working copy)
|
|
||||||
@@ -282,7 +282,7 @@
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int __crypt_create_device(int reload, struct setup_backend *backend,
|
|
||||||
+static int __crypt_create_device(intptr_t reload, struct setup_backend *backend,
|
|
||||||
struct crypt_options *options)
|
|
||||||
{
|
|
||||||
struct crypt_options tmp = {
|
|
||||||
@@ -359,7 +359,7 @@
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int __crypt_query_device(int details, struct setup_backend *backend,
|
|
||||||
+static int __crypt_query_device(intptr_t details, struct setup_backend *backend,
|
|
||||||
struct crypt_options *options)
|
|
||||||
{
|
|
||||||
int r = backend->status(details, options, NULL);
|
|
||||||
@@ -371,7 +371,7 @@
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int __crypt_resize_device(int details, struct setup_backend *backend,
|
|
||||||
+static int __crypt_resize_device(intptr_t details, struct setup_backend *backend,
|
|
||||||
struct crypt_options *options)
|
|
||||||
{
|
|
||||||
struct crypt_options tmp = {
|
|
||||||
@@ -412,7 +412,7 @@
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int __crypt_remove_device(int arg, struct setup_backend *backend,
|
|
||||||
+static int __crypt_remove_device(intptr_t arg, struct setup_backend *backend,
|
|
||||||
struct crypt_options *options)
|
|
||||||
{
|
|
||||||
int r;
|
|
||||||
@@ -428,7 +428,7 @@
|
|
||||||
return backend->remove(0, options);
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int __crypt_luks_format(int arg, struct setup_backend *backend, struct crypt_options *options)
|
|
||||||
+static int __crypt_luks_format(intptr_t arg, struct setup_backend *backend, struct crypt_options *options)
|
|
||||||
{
|
|
||||||
int r;
|
|
||||||
|
|
||||||
@@ -504,8 +504,94 @@
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int __crypt_luks_open(int arg, struct setup_backend *backend, struct crypt_options *options)
|
|
||||||
+static int open_from_hdr_and_mk(struct luks_phdr *hdr,
|
|
||||||
+ struct luks_masterkey *mk,
|
|
||||||
+ const struct device_infos *infos,
|
|
||||||
+ struct setup_backend *backend,
|
|
||||||
+ struct crypt_options *options)
|
|
||||||
{
|
|
||||||
+ char *dmCipherSpec;
|
|
||||||
+ int excl = (options->flags & CRYPT_FLAG_NON_EXCLUSIVE_ACCESS)
|
|
||||||
+ ? 0 : O_EXCL;
|
|
||||||
+ int r;
|
|
||||||
+
|
|
||||||
+ if (infos->readonly)
|
|
||||||
+ options->flags |= CRYPT_FLAG_READONLY;
|
|
||||||
+ options->offset = hdr->payloadOffset;
|
|
||||||
+ if (asprintf(&dmCipherSpec, "%s-%s", hdr->cipherName, hdr->cipherMode)
|
|
||||||
+ < 0) {
|
|
||||||
+ r = -ENOMEM;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+ options->cipher = dmCipherSpec;
|
|
||||||
+ options->key_size = mk->keyLength;
|
|
||||||
+ options->skip = 0;
|
|
||||||
+
|
|
||||||
+ options->size = infos->size;
|
|
||||||
+ if (!options->size) {
|
|
||||||
+ set_error("Not a block device.\n");
|
|
||||||
+ r = -ENOTBLK;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+ if (options->size <= options->offset) {
|
|
||||||
+ set_error("Invalid offset");
|
|
||||||
+ r = -EINVAL;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+ options->size -= options->offset;
|
|
||||||
+ /* FIXME: code allows multiple crypt mapping, cannot use uuid then.
|
|
||||||
+ * anyway, it is dangerous and can corrupt data. Remove it in next version! */
|
|
||||||
+ r = backend->create(0, options, mk->key, excl ? hdr->uuid : NULL);
|
|
||||||
+ out:
|
|
||||||
+ free(dmCipherSpec);
|
|
||||||
+ return r;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static int __crypt_luks_open_by_master_key(intptr_t arg,
|
|
||||||
+ struct setup_backend *backend,
|
|
||||||
+ struct crypt_options *options)
|
|
||||||
+{
|
|
||||||
+ struct luks_masterkey *mk;
|
|
||||||
+ struct luks_phdr hdr;
|
|
||||||
+ struct device_infos infos;
|
|
||||||
+ struct crypt_options tmp = {
|
|
||||||
+ .name = options->name,
|
|
||||||
+ };
|
|
||||||
+ int r;
|
|
||||||
+ int excl = (options->flags & CRYPT_FLAG_NON_EXCLUSIVE_ACCESS) != 0
|
|
||||||
+ ? 0 : O_EXCL ;
|
|
||||||
+
|
|
||||||
+ mk = (struct luks_masterkey *)arg;
|
|
||||||
+
|
|
||||||
+ r = backend->status(0, &tmp, NULL);
|
|
||||||
+ if (r >= 0) {
|
|
||||||
+ set_error("Device %s already exists.", options->name);
|
|
||||||
+ return -EEXIST;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (!LUKS_device_ready(options->device, O_RDONLY | excl))
|
|
||||||
+ return -ENOTBLK;
|
|
||||||
+
|
|
||||||
+ if (get_device_infos(options->device, &infos) < 0) {
|
|
||||||
+ set_error("Can't get device information.\n");
|
|
||||||
+ return -ENOTBLK;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ r = LUKS_read_phdr(options->device, &hdr);
|
|
||||||
+ if (r < 0)
|
|
||||||
+ return r;
|
|
||||||
+
|
|
||||||
+ r = LUKS_verify_master_key(&hdr, mk);
|
|
||||||
+ if (r == -EPERM)
|
|
||||||
+ set_error("Master key does not match the volume.\n");
|
|
||||||
+ if (r < 0)
|
|
||||||
+ return r;
|
|
||||||
+
|
|
||||||
+ return open_from_hdr_and_mk(&hdr, mk, &infos, backend, options);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static int __crypt_luks_open(intptr_t arg, struct setup_backend *backend, struct crypt_options *options)
|
|
||||||
+{
|
|
||||||
struct luks_masterkey *mk=NULL;
|
|
||||||
struct luks_phdr hdr;
|
|
||||||
char *prompt = NULL;
|
|
||||||
@@ -515,7 +601,6 @@
|
|
||||||
struct crypt_options tmp = {
|
|
||||||
.name = options->name,
|
|
||||||
};
|
|
||||||
- char *dmCipherSpec = NULL;
|
|
||||||
int r, tries = options->tries;
|
|
||||||
int excl = (options->flags & CRYPT_FLAG_NON_EXCLUSIVE_ACCESS) ? 0 : O_EXCL ;
|
|
||||||
|
|
||||||
@@ -533,9 +618,6 @@
|
|
||||||
return -ENOTBLK;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (infos.readonly)
|
|
||||||
- options->flags |= CRYPT_FLAG_READONLY;
|
|
||||||
-
|
|
||||||
if(asprintf(&prompt, "Enter LUKS passphrase for %s: ", options->device) < 0)
|
|
||||||
return -ENOMEM;
|
|
||||||
|
|
||||||
@@ -559,33 +641,8 @@
|
|
||||||
|
|
||||||
logger(options, CRYPT_LOG_NORMAL,"key slot %d unlocked.\n", r);
|
|
||||||
|
|
||||||
+ r = open_from_hdr_and_mk(&hdr, mk, &infos, backend, options);
|
|
||||||
|
|
||||||
- options->offset = hdr.payloadOffset;
|
|
||||||
- if (asprintf(&dmCipherSpec, "%s-%s", hdr.cipherName, hdr.cipherMode) < 0) {
|
|
||||||
- r = -ENOMEM;
|
|
||||||
- goto out2;
|
|
||||||
- }
|
|
||||||
- options->cipher = dmCipherSpec;
|
|
||||||
- options->key_size = mk->keyLength;
|
|
||||||
- options->skip = 0;
|
|
||||||
-
|
|
||||||
- options->size = infos.size;
|
|
||||||
- if (!options->size) {
|
|
||||||
- set_error("Not a block device.\n");
|
|
||||||
- r = -ENOTBLK; goto out2;
|
|
||||||
- }
|
|
||||||
- if (options->size <= options->offset) {
|
|
||||||
- set_error("Invalid offset");
|
|
||||||
- r = -EINVAL; goto out2;
|
|
||||||
- }
|
|
||||||
- options->size -= options->offset;
|
|
||||||
- /* FIXME: code allows multiple crypt mapping, cannot use uuid then.
|
|
||||||
- * anyway, it is dangerous and can corrupt data. Remove it in next version! */
|
|
||||||
- r = backend->create(0, options, mk->key, excl ? hdr.uuid : NULL);
|
|
||||||
-
|
|
||||||
- out2:
|
|
||||||
- free(dmCipherSpec);
|
|
||||||
- dmCipherSpec = NULL;
|
|
||||||
out1:
|
|
||||||
safe_free(password);
|
|
||||||
out:
|
|
||||||
@@ -598,8 +655,76 @@
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int __crypt_luks_add_key(int arg, struct setup_backend *backend, struct crypt_options *options)
|
|
||||||
+/* arg is a struct luks_masterkey **. Caller must LUKS_dealloc_masterkey(*arg)
|
|
||||||
+ if this function returns 0.
|
|
||||||
+ options->key_size is abused as passphrase length. */
|
|
||||||
+static int __crypt_luks_get_master_key(intptr_t arg,
|
|
||||||
+ struct setup_backend *backend,
|
|
||||||
+ struct crypt_options *options)
|
|
||||||
{
|
|
||||||
+ struct luks_masterkey *mk;
|
|
||||||
+ struct luks_phdr hdr;
|
|
||||||
+ int r;
|
|
||||||
+
|
|
||||||
+ if (!LUKS_device_ready(options->device, O_RDONLY))
|
|
||||||
+ return -ENOTBLK;
|
|
||||||
+
|
|
||||||
+ r = LUKS_open_any_key(options->device, options->passphrase,
|
|
||||||
+ options->key_size, &hdr, &mk, backend);
|
|
||||||
+ if (r == -EPERM)
|
|
||||||
+ set_error("No key available with this passphrase.");
|
|
||||||
+ if (r < 0) {
|
|
||||||
+ LUKS_dealloc_masterkey(mk);
|
|
||||||
+ return r;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ *(struct luks_masterkey **)arg = mk;
|
|
||||||
+ return r;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+/* options->key_size is abused as passphrase length. */
|
|
||||||
+static int __crypt_luks_add_passphrase_by_master_key
|
|
||||||
+ (intptr_t arg, struct setup_backend *backend,
|
|
||||||
+ struct crypt_options *options)
|
|
||||||
+{
|
|
||||||
+ struct luks_phdr hdr;
|
|
||||||
+ unsigned int keyIndex;
|
|
||||||
+ struct luks_masterkey *mk;
|
|
||||||
+ const char *device = options->device;
|
|
||||||
+ int r;
|
|
||||||
+
|
|
||||||
+ mk = (struct luks_masterkey *)arg;
|
|
||||||
+
|
|
||||||
+ if (!LUKS_device_ready(options->device, O_RDWR))
|
|
||||||
+ return -ENOTBLK;
|
|
||||||
+
|
|
||||||
+ r = LUKS_read_phdr(device, &hdr);
|
|
||||||
+ if (r < 0)
|
|
||||||
+ return r;
|
|
||||||
+
|
|
||||||
+ r = LUKS_verify_master_key(&hdr, mk);
|
|
||||||
+ if (r < 0) {
|
|
||||||
+ set_error("Master key does not match the volume");
|
|
||||||
+ return -EINVAL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ keyIndex = keyslot_from_option(options->key_slot, &hdr, options);
|
|
||||||
+ if (keyIndex == -EINVAL)
|
|
||||||
+ return -EINVAL;
|
|
||||||
+
|
|
||||||
+ hdr.keyblock[keyIndex].passwordIterations
|
|
||||||
+ = at_least_one(LUKS_benchmarkt_iterations()
|
|
||||||
+ * ((float)options->iteration_time / 1000));
|
|
||||||
+
|
|
||||||
+ r = LUKS_set_key(device, keyIndex, options->passphrase,
|
|
||||||
+ options->key_size, &hdr, mk, backend);
|
|
||||||
+ if (r < 0)
|
|
||||||
+ return r;
|
|
||||||
+ return keyIndex;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static int __crypt_luks_add_key(intptr_t arg, struct setup_backend *backend, struct crypt_options *options)
|
|
||||||
+{
|
|
||||||
struct luks_masterkey *mk=NULL;
|
|
||||||
struct luks_phdr hdr;
|
|
||||||
char *password=NULL; unsigned int passwordLen;
|
|
||||||
@@ -664,7 +789,7 @@
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int luks_remove_helper(int arg, struct setup_backend *backend, struct crypt_options *options, int supply_it)
|
|
||||||
+static int luks_remove_helper(intptr_t arg, struct setup_backend *backend, struct crypt_options *options, int supply_it)
|
|
||||||
{
|
|
||||||
struct luks_masterkey *mk;
|
|
||||||
struct luks_phdr hdr;
|
|
||||||
@@ -735,18 +860,18 @@
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int __crypt_luks_kill_slot(int arg, struct setup_backend *backend, struct crypt_options *options) {
|
|
||||||
+static int __crypt_luks_kill_slot(intptr_t arg, struct setup_backend *backend, struct crypt_options *options) {
|
|
||||||
return luks_remove_helper(arg, backend, options, 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int __crypt_luks_remove_key(int arg, struct setup_backend *backend, struct crypt_options *options) {
|
|
||||||
+static int __crypt_luks_remove_key(intptr_t arg, struct setup_backend *backend, struct crypt_options *options) {
|
|
||||||
return luks_remove_helper(arg, backend, options, 1);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
-static int crypt_job(int (*job)(int arg, struct setup_backend *backend,
|
|
||||||
+static int crypt_job(int (*job)(intptr_t arg, struct setup_backend *backend,
|
|
||||||
struct crypt_options *options),
|
|
||||||
- int arg, struct crypt_options *options)
|
|
||||||
+ intptr_t arg, struct crypt_options *options)
|
|
||||||
{
|
|
||||||
struct setup_backend *backend;
|
|
||||||
int r;
|
|
||||||
@@ -807,6 +932,96 @@
|
|
||||||
return crypt_job(__crypt_luks_format, 0, options);
|
|
||||||
}
|
|
||||||
|
|
||||||
+int crypt_luks_get_master_key(unsigned char **key, size_t *key_length,
|
|
||||||
+ const char *device,
|
|
||||||
+ const unsigned char *passphrase,
|
|
||||||
+ size_t passphrase_length,
|
|
||||||
+ void (*log)(int class, char *msg))
|
|
||||||
+{
|
|
||||||
+ struct crypt_options options;
|
|
||||||
+ struct interface_callbacks icb;
|
|
||||||
+ struct luks_masterkey *mk;
|
|
||||||
+ int r;
|
|
||||||
+
|
|
||||||
+ memset(&icb, 0, sizeof(icb));
|
|
||||||
+ icb.log = log;
|
|
||||||
+ memset(&options, 0, sizeof(options));
|
|
||||||
+ options.device = device;
|
|
||||||
+ options.icb = &icb;
|
|
||||||
+ options.passphrase = (const char *)passphrase;
|
|
||||||
+ options.key_size = passphrase_length; /* Abusing the field */
|
|
||||||
+ if (options.key_size != passphrase_length) {
|
|
||||||
+ set_error("passphrase_length too large");
|
|
||||||
+ return -EOVERFLOW;
|
|
||||||
+ }
|
|
||||||
+ r = crypt_job(__crypt_luks_get_master_key, (intptr_t)&mk, &options);
|
|
||||||
+ if (r < 0)
|
|
||||||
+ return r;
|
|
||||||
+ /* Note: this memory is not mlock()ed */
|
|
||||||
+ *key = malloc(mk->keyLength);
|
|
||||||
+ if (*key == NULL) {
|
|
||||||
+ LUKS_dealloc_masterkey(mk);
|
|
||||||
+ return -ENOMEM;
|
|
||||||
+ }
|
|
||||||
+ memcpy(*key, mk->key, mk->keyLength);
|
|
||||||
+ *key_length = mk->keyLength;
|
|
||||||
+ LUKS_dealloc_masterkey(mk);
|
|
||||||
+ return r;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int crypt_luks_verify_master_key(const char *device, const unsigned char *key,
|
|
||||||
+ size_t key_length)
|
|
||||||
+{
|
|
||||||
+ struct luks_masterkey *mk;
|
|
||||||
+ struct luks_phdr hdr;
|
|
||||||
+ int r;
|
|
||||||
+
|
|
||||||
+ r = LUKS_read_phdr(device, &hdr);
|
|
||||||
+ if (r < 0)
|
|
||||||
+ return r;
|
|
||||||
+
|
|
||||||
+ mk = LUKS_alloc_masterkey(key_length);
|
|
||||||
+ if (mk == NULL)
|
|
||||||
+ return -ENOMEM;
|
|
||||||
+ memcpy(mk->key, key, key_length);
|
|
||||||
+
|
|
||||||
+ r = LUKS_verify_master_key(&hdr, mk);
|
|
||||||
+ if (r == -EPERM)
|
|
||||||
+ set_error("Master key does not match the volume.\n");
|
|
||||||
+
|
|
||||||
+ LUKS_dealloc_masterkey(mk);
|
|
||||||
+
|
|
||||||
+ return r;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int crypt_luks_open_by_master_key(const char *name, const char *device,
|
|
||||||
+ const unsigned char *key, size_t key_length,
|
|
||||||
+ int flags, void (*log)(int class, char *msg))
|
|
||||||
+{
|
|
||||||
+ struct crypt_options options;
|
|
||||||
+ struct interface_callbacks icb;
|
|
||||||
+ struct luks_masterkey *mk;
|
|
||||||
+ int r;
|
|
||||||
+
|
|
||||||
+ memset(&icb, 0, sizeof(icb));
|
|
||||||
+ icb.log = log;
|
|
||||||
+ memset(&options, 0, sizeof(options));
|
|
||||||
+ options.name = name;
|
|
||||||
+ options.device = device;
|
|
||||||
+ options.flags = flags;
|
|
||||||
+ options.offset = 0;
|
|
||||||
+ options.icb = &icb;
|
|
||||||
+
|
|
||||||
+ mk = LUKS_alloc_masterkey(key_length);
|
|
||||||
+ if (mk == NULL)
|
|
||||||
+ return -ENOMEM;
|
|
||||||
+ memcpy(mk->key, key, key_length);
|
|
||||||
+ r = crypt_job(__crypt_luks_open_by_master_key, (intptr_t)mk, &options);
|
|
||||||
+ LUKS_dealloc_masterkey(mk);
|
|
||||||
+
|
|
||||||
+ return r;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
int crypt_luksOpen(struct crypt_options *options)
|
|
||||||
{
|
|
||||||
return crypt_job(__crypt_luks_open, 0, options);
|
|
||||||
@@ -822,6 +1037,39 @@
|
|
||||||
return crypt_job(__crypt_luks_remove_key, 0, options);
|
|
||||||
}
|
|
||||||
|
|
||||||
+int crypt_luks_add_passphrase_by_master_key(const char *device,
|
|
||||||
+ const unsigned char *key,
|
|
||||||
+ size_t key_length, int slot,
|
|
||||||
+ const unsigned char *passphrase,
|
|
||||||
+ size_t passphrase_length,
|
|
||||||
+ void (*log)(int class, char *msg))
|
|
||||||
+{
|
|
||||||
+ struct crypt_options options;
|
|
||||||
+ struct interface_callbacks icb;
|
|
||||||
+ struct luks_masterkey *mk;
|
|
||||||
+ int r;
|
|
||||||
+
|
|
||||||
+ memset(&icb, 0, sizeof(icb));
|
|
||||||
+ icb.log = log;
|
|
||||||
+ memset(&options, 0, sizeof(options));
|
|
||||||
+ options.device = device;
|
|
||||||
+ options.passphrase = (const char *)passphrase;
|
|
||||||
+ options.key_size = passphrase_length; /* Abusing the field */
|
|
||||||
+ options.key_slot = slot;
|
|
||||||
+ options.iteration_time = 1000;
|
|
||||||
+ options.icb = &icb;
|
|
||||||
+
|
|
||||||
+ mk = LUKS_alloc_masterkey(key_length);
|
|
||||||
+ if (mk == NULL)
|
|
||||||
+ return -ENOMEM;
|
|
||||||
+ memcpy(mk->key, key, key_length);
|
|
||||||
+ r = crypt_job(__crypt_luks_add_passphrase_by_master_key, (intptr_t)mk,
|
|
||||||
+ &options);
|
|
||||||
+ LUKS_dealloc_masterkey(mk);
|
|
||||||
+
|
|
||||||
+ return r;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
int crypt_luksAddKey(struct crypt_options *options)
|
|
||||||
{
|
|
||||||
return crypt_job(__crypt_luks_add_key, 0, options);
|
|
||||||
@@ -840,6 +1088,84 @@
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
+struct crypt_luks_volume_info
|
|
||||||
+{
|
|
||||||
+ struct luks_phdr h;
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+int crypt_luks_get_volume_info(struct crypt_luks_volume_info **info,
|
|
||||||
+ const char *device)
|
|
||||||
+{
|
|
||||||
+ struct crypt_luks_volume_info *vi;
|
|
||||||
+ int r;
|
|
||||||
+
|
|
||||||
+ vi = malloc(sizeof(*vi));
|
|
||||||
+ if (vi == NULL)
|
|
||||||
+ return -ENOMEM;
|
|
||||||
+ r = LUKS_read_phdr(device, &vi->h);
|
|
||||||
+ if (r != 0) {
|
|
||||||
+ free(vi);
|
|
||||||
+ return r;
|
|
||||||
+ }
|
|
||||||
+ if (info != NULL)
|
|
||||||
+ *info = vi;
|
|
||||||
+ else
|
|
||||||
+ free(vi);
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+char *crypt_luks_vi_get_cipher_name(struct crypt_luks_volume_info *info)
|
|
||||||
+{
|
|
||||||
+ size_t field_size;
|
|
||||||
+ char *r;
|
|
||||||
+
|
|
||||||
+ field_size = sizeof(info->h.cipherName);
|
|
||||||
+ r = malloc(field_size + 1);
|
|
||||||
+ if (r != NULL) {
|
|
||||||
+ memcpy(r, info->h.cipherName, field_size);
|
|
||||||
+ r[field_size] = '\0';
|
|
||||||
+ }
|
|
||||||
+ return r;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+char *crypt_luks_vi_get_cipher_mode(struct crypt_luks_volume_info *info)
|
|
||||||
+{
|
|
||||||
+ size_t field_size;
|
|
||||||
+ char *r;
|
|
||||||
+
|
|
||||||
+ field_size = sizeof(info->h.cipherMode);
|
|
||||||
+ r = malloc(field_size + 1);
|
|
||||||
+ if (r != NULL) {
|
|
||||||
+ memcpy(r, info->h.cipherMode, field_size);
|
|
||||||
+ r[field_size] = '\0';
|
|
||||||
+ }
|
|
||||||
+ return r;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+unsigned crypt_luks_vi_get_key_bytes(struct crypt_luks_volume_info *info)
|
|
||||||
+{
|
|
||||||
+ return info->h.keyBytes;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+char *crypt_luks_vi_get_uuid(struct crypt_luks_volume_info *info)
|
|
||||||
+{
|
|
||||||
+ size_t field_size;
|
|
||||||
+ char *r;
|
|
||||||
+
|
|
||||||
+ field_size = sizeof(info->h.uuid);
|
|
||||||
+ r = malloc(field_size + 1);
|
|
||||||
+ if (r != NULL) {
|
|
||||||
+ memcpy(r, info->h.uuid, field_size);
|
|
||||||
+ r[field_size] = '\0';
|
|
||||||
+ }
|
|
||||||
+ return r;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+void crypt_luks_vi_free(struct crypt_luks_volume_info *info)
|
|
||||||
+{
|
|
||||||
+ free(info);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
int crypt_isLuks(struct crypt_options *options)
|
|
||||||
{
|
|
||||||
struct luks_phdr hdr;
|
|
||||||
Index: luks/keymanage.c
|
|
||||||
===================================================================
|
|
||||||
--- luks/keymanage.c (revision 62)
|
|
||||||
+++ luks/keymanage.c (working copy)
|
|
||||||
@@ -280,6 +280,20 @@
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
|
|
||||||
+/* Check whether a master key is invalid. */
|
|
||||||
+int LUKS_verify_master_key(const struct luks_phdr *hdr,
|
|
||||||
+ const struct luks_masterkey *mk)
|
|
||||||
+{
|
|
||||||
+ char checkHashBuf[LUKS_DIGESTSIZE];
|
|
||||||
+
|
|
||||||
+ PBKDF2_HMAC_SHA1(mk->key, mk->keyLength, hdr->mkDigestSalt,
|
|
||||||
+ LUKS_SALTSIZE, hdr->mkDigestIterations, checkHashBuf,
|
|
||||||
+ LUKS_DIGESTSIZE);
|
|
||||||
+
|
|
||||||
+ return memcmp(checkHashBuf, hdr->mkDigest, LUKS_DIGESTSIZE) == 0
|
|
||||||
+ ? 0 : -EPERM;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
/* Try to open a particular key slot,
|
|
||||||
|
|
||||||
*/
|
|
||||||
@@ -295,7 +309,6 @@
|
|
||||||
char derivedKey[hdr->keyBytes];
|
|
||||||
char *AfKey;
|
|
||||||
size_t AFEKSize;
|
|
||||||
- char checkHashBuf[LUKS_DIGESTSIZE];
|
|
||||||
int r;
|
|
||||||
|
|
||||||
if(hdr->keyblock[keyIndex].active != LUKS_KEY_ENABLED) {
|
|
||||||
@@ -329,13 +342,8 @@
|
|
||||||
|
|
||||||
r = AF_merge(AfKey,mk->key,mk->keyLength,hdr->keyblock[keyIndex].stripes);
|
|
||||||
if(r < 0) goto out;
|
|
||||||
-
|
|
||||||
- PBKDF2_HMAC_SHA1(mk->key,mk->keyLength,
|
|
||||||
- hdr->mkDigestSalt,LUKS_SALTSIZE,
|
|
||||||
- hdr->mkDigestIterations,
|
|
||||||
- checkHashBuf,LUKS_DIGESTSIZE);
|
|
||||||
|
|
||||||
- r = (memcmp(checkHashBuf,hdr->mkDigest, LUKS_DIGESTSIZE) == 0)?0:-EPERM;
|
|
||||||
+ r = LUKS_verify_master_key(hdr, mk);
|
|
||||||
out:
|
|
||||||
free(AfKey);
|
|
||||||
return r;
|
|
||||||
Index: luks/luks.h
|
|
||||||
===================================================================
|
|
||||||
--- luks/luks.h (revision 62)
|
|
||||||
+++ luks/luks.h (working copy)
|
|
||||||
@@ -124,6 +124,8 @@
|
|
||||||
struct luks_masterkey **mk,
|
|
||||||
struct setup_backend *backend);
|
|
||||||
|
|
||||||
+int LUKS_verify_master_key(const struct luks_phdr *hdr,
|
|
||||||
+ const struct luks_masterkey *mk);
|
|
||||||
|
|
||||||
int LUKS_del_key(const char *device, unsigned int keyIndex);
|
|
||||||
int LUKS_is_last_keyslot(const char *device, unsigned int keyIndex);
|
|
3
sources
3
sources
|
@ -1,2 +1 @@
|
||||||
882ec96bef41962a33a24d6ee5821a29 volume_key-0.2.tar.bz2
|
SHA512 (volume_key-0.3.10.tar.xz) = b050d333e021bc3721f5e72c1d2498adea3265afe7f702e1b1e859546755745ac70dcffc194739a4833d4b0b77168506f7fe90fde382d8aab4df2af7b635932b
|
||||||
0910632173fb960252412bf7342b42fc cryptsetup-1.0.7-rc1.tar.bz2
|
|
||||||
|
|
|
@ -1,17 +0,0 @@
|
||||||
diff --git a/lib/volume.c b/lib/volume.c
|
|
||||||
index 91c9dbc..62fc6ec 100644
|
|
||||||
--- a/lib/volume.c
|
|
||||||
+++ b/lib/volume.c
|
|
||||||
@@ -311,7 +311,11 @@ libvk_volume_open (const char *path, GError **error)
|
|
||||||
}
|
|
||||||
vol = g_new (struct libvk_volume, 1);
|
|
||||||
vol->source = VOLUME_SOURCE_LOCAL;
|
|
||||||
- vol->format = g_strdup (c);
|
|
||||||
+ /* The LUKS type identifier returned by blkid has changed. */
|
|
||||||
+ if (strcmp (c, "crypto_LUKS") == 0)
|
|
||||||
+ vol->format = g_strdup (LIBVK_VOLUME_FORMAT_LUKS);
|
|
||||||
+ else
|
|
||||||
+ vol->format = g_strdup (c);
|
|
||||||
free (c);
|
|
||||||
|
|
||||||
vol->hostname = g_strdup (g_get_host_name ());
|
|
231
volume_key.spec
231
volume_key.spec
|
@ -2,25 +2,19 @@
|
||||||
|
|
||||||
Summary: An utility for manipulating storage encryption keys and passphrases
|
Summary: An utility for manipulating storage encryption keys and passphrases
|
||||||
Name: volume_key
|
Name: volume_key
|
||||||
Version: 0.2
|
Version: 0.3.10
|
||||||
Release: 3
|
Release: 2%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
URL: https://fedorahosted.org/volume_key/
|
URL: https://pagure.io/volume_key/
|
||||||
Requires: volume_key-libs = %{version}-%{release}
|
Requires: volume_key-libs%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
Source0: https://fedorahosted.org/releases/v/o/volume_key/volume_key-%{version}.tar.bz2
|
Source0: https://releases.pagure.org/volume_key/volume_key-%{version}.tar.xz
|
||||||
Source1: http://cryptsetup.googlecode.com/files/cryptsetup-1.0.7-rc1.tar.bz2
|
BuildRequires: gcc
|
||||||
# http://code.google.com/p/cryptsetup/issues/detail?id=15
|
BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg2
|
||||||
Patch0: https://fedorahosted.org/releases/v/o/volume_key/cryptsetup-svn-r62.patch
|
BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python2-devel
|
||||||
Patch1: volume_key-0.2-libblkid-type.patch
|
# Needed by %%check:
|
||||||
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
BuildRequires: nss-tools
|
||||||
BuildRequires: gettext-devel, glib2-devel, gnupg, gpgme-devel, libblkid-devel
|
|
||||||
BuildRequires: nss-devel, python-devel
|
|
||||||
|
|
||||||
# For cryptsetup
|
|
||||||
BuildRequires: device-mapper-devel, e2fsprogs-devel, libgcrypt-devel
|
|
||||||
BuildRequires: libgpg-error-devel, libselinux-devel, libsepol-devel, popt-devel
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
This package provides a command-line tool for manipulating storage volume
|
This package provides a command-line tool for manipulating storage volume
|
||||||
|
@ -35,7 +29,7 @@ company data after an employee leaves abruptly.
|
||||||
%package devel
|
%package devel
|
||||||
Summary: A library for manipulating storage encryption keys and passphrases
|
Summary: A library for manipulating storage encryption keys and passphrases
|
||||||
Group: Development/Libraries
|
Group: Development/Libraries
|
||||||
Requires: volume_key-libs = %{version}-%{release}
|
Requires: volume_key-libs%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
%description devel
|
%description devel
|
||||||
This package provides libvolume_key, a library for manipulating storage volume
|
This package provides libvolume_key, a library for manipulating storage volume
|
||||||
|
@ -50,6 +44,7 @@ company data after an employee leaves abruptly.
|
||||||
%package libs
|
%package libs
|
||||||
Summary: A library for manipulating storage encryption keys and passphrases
|
Summary: A library for manipulating storage encryption keys and passphrases
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
|
Requires: /usr/bin/gpg2
|
||||||
|
|
||||||
%description libs
|
%description libs
|
||||||
This package provides libvolume_key, a library for manipulating storage volume
|
This package provides libvolume_key, a library for manipulating storage volume
|
||||||
|
@ -61,12 +56,13 @@ back up can also be useful for extracting data after a hardware or software
|
||||||
failure that corrupts the header of the encrypted volume, or to access the
|
failure that corrupts the header of the encrypted volume, or to access the
|
||||||
company data after an employee leaves abruptly.
|
company data after an employee leaves abruptly.
|
||||||
|
|
||||||
%package -n python-volume_key
|
%package -n python2-volume_key
|
||||||
|
%{?python_provide:%python_provide python2-volume_key}
|
||||||
Summary: Python bindings for libvolume_key
|
Summary: Python bindings for libvolume_key
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
Requires: volume_key-libs = %{version}-%{release}
|
Requires: volume_key-libs%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
%description -n python-volume_key
|
%description -n python2-volume_key
|
||||||
This package provides Python bindings for libvolume_key, a library for
|
This package provides Python bindings for libvolume_key, a library for
|
||||||
manipulating storage volume encryption keys and storing them separately from
|
manipulating storage volume encryption keys and storing them separately from
|
||||||
volumes.
|
volumes.
|
||||||
|
@ -81,62 +77,197 @@ volume_key currently supports only the LUKS volume encryption format. Support
|
||||||
for other formats is possible, some formats are planned for future releases.
|
for other formats is possible, some formats are planned for future releases.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -a 1
|
%setup -q
|
||||||
%patch1 -p1 -b .libblkid-type
|
|
||||||
pushd cryptsetup-1.0.7-rc1
|
|
||||||
%patch0 -p0 -b .cs-vk
|
|
||||||
popd
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
cryptsetup_root=$(pwd)/cryptsetup-root
|
%configure
|
||||||
|
|
||||||
pushd cryptsetup-1.0.7-rc1
|
|
||||||
%configure --enable-static --disable-shared --with-pic
|
|
||||||
make %{?_smp_mflags}
|
|
||||||
make install "DESTDIR=$cryptsetup_root"
|
|
||||||
popd
|
|
||||||
|
|
||||||
%configure "CPPFLAGS=-I$cryptsetup_root"%{_includedir} \
|
|
||||||
"LDFLAGS=-L$cryptsetup_root"%{_libdir} --disable-static
|
|
||||||
make %{?_smp_mflags}
|
make %{?_smp_mflags}
|
||||||
|
|
||||||
%install
|
%install
|
||||||
rm -rf $RPM_BUILD_ROOT
|
|
||||||
|
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
|
make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
|
||||||
|
|
||||||
|
%check
|
||||||
|
make check
|
||||||
|
|
||||||
%find_lang volume_key
|
%find_lang volume_key
|
||||||
|
|
||||||
%clean
|
%ldconfig_scriptlets libs
|
||||||
rm -rf $RPM_BUILD_ROOT
|
|
||||||
|
|
||||||
%post libs -p /sbin/ldconfig
|
|
||||||
%postun libs -p /sbin/ldconfig
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-,root,root,-)
|
%doc README contrib
|
||||||
%doc README
|
|
||||||
%{_bindir}/volume_key
|
%{_bindir}/volume_key
|
||||||
%{_mandir}/man8/volume_key.8*
|
%{_mandir}/man8/volume_key.8*
|
||||||
|
|
||||||
%files devel
|
%files devel
|
||||||
%defattr(-,root,root,-)
|
|
||||||
%{_includedir}/volume_key
|
%{_includedir}/volume_key
|
||||||
%exclude %{_libdir}/libvolume_key.la
|
%exclude %{_libdir}/libvolume_key.la
|
||||||
%{_libdir}/libvolume_key.so
|
%{_libdir}/libvolume_key.so
|
||||||
|
|
||||||
%files libs -f volume_key.lang
|
%files libs -f volume_key.lang
|
||||||
%defattr(-,root,root,-)
|
|
||||||
%doc AUTHORS COPYING ChangeLog NEWS
|
%doc AUTHORS COPYING ChangeLog NEWS
|
||||||
%{_libdir}/libvolume_key.so.*
|
%{_libdir}/libvolume_key.so.*
|
||||||
|
|
||||||
%files -n python-volume_key
|
%files -n python2-volume_key
|
||||||
%defattr(-,root,root,-)
|
|
||||||
%exclude %{python_sitearch}/_volume_key.la
|
%exclude %{python_sitearch}/_volume_key.la
|
||||||
%{python_sitearch}/_volume_key.so
|
%{python2_sitearch}/_volume_key.so
|
||||||
%{python_sitearch}/volume_key.py*
|
%{python2_sitearch}/volume_key.py*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.10-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed May 16 2018 Jiri Kucera <jkucera@redhat.com> - 0.3.10-1
|
||||||
|
- Update to volume_key-0.3.10
|
||||||
|
Resolves: #1479349, #1517016
|
||||||
|
|
||||||
|
* Wed Feb 14 2018 Iryna Shcherbina <ishcherb@redhat.com> - 0.3.9-20
|
||||||
|
- Update Python 2 dependency declarations to new packaging standards
|
||||||
|
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
|
||||||
|
|
||||||
|
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.9-19
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Feb 03 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.3.9-18
|
||||||
|
- Switch to %%ldconfig_scriptlets
|
||||||
|
|
||||||
|
* Tue Nov 7 2017 Miloslav Trmač <mitr@redhat.com> - 0.3.9-17
|
||||||
|
- Update for libcryptsetup ABI change
|
||||||
|
|
||||||
|
* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.3.9-16
|
||||||
|
- Python 2 binary package renamed to python2-volume_key
|
||||||
|
See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
|
||||||
|
|
||||||
|
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.9-15
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.9-14
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon May 29 2017 Miloslav Trmač <mitr@redhat.com> - 0.3.9-13
|
||||||
|
- Point URL: and Source: to the new home at pagure.io
|
||||||
|
Resolves: 1456378
|
||||||
|
|
||||||
|
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.9-12
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Dec 10 2016 Igor Gnatenko <i.gnatenko.brain@gmail.com> - 0.3.9-11
|
||||||
|
- Rebuild for gpgme 1.18
|
||||||
|
|
||||||
|
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.9-10
|
||||||
|
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
|
||||||
|
|
||||||
|
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.9-9
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.9-8
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jan 13 2015 Miloslav Trmač <mitr@redhat.com> - 0.3.9-7
|
||||||
|
- Don't #include <config.h> in libvolume_key.h
|
||||||
|
Patch by Vratislav Podzimek <vpodzime@redhat.com>.
|
||||||
|
|
||||||
|
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.9-6
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.9-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.9-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.9-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Nov 22 2012 Miloslav Trmač <mitr@redhat.com> - 0.3.9-2
|
||||||
|
- Fix a crash when trying to use passphrase encryption in FIPS mode
|
||||||
|
|
||||||
|
* Sat Sep 22 2012 Miloslav Trmač <mitr@redhat.com> - 0.3.9-1
|
||||||
|
- Update to volume_key-0.3.9
|
||||||
|
|
||||||
|
* Mon Aug 6 2012 Miloslav Trmač <mitr@redhat.com> - 0.3.8-4
|
||||||
|
- Use BuildRequires: /usr/bin/gpg instead of gnupg, for compatibility with RHEL
|
||||||
|
|
||||||
|
* Mon Jul 23 2012 Miloslav Trmač <mitr@redhat.com> - 0.3.8-3
|
||||||
|
- Add Requires: /usr/bin/gpg
|
||||||
|
Resolves: #842074
|
||||||
|
|
||||||
|
* Sun Jul 22 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.8-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Mar 3 2012 Miloslav Trmač <mitr@redhat.com> - 0.3.8-1
|
||||||
|
- Update to volume_key-0.3.8
|
||||||
|
|
||||||
|
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.7-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Oct 14 2011 Miloslav Trmač <mitr@redhat.com> - 0.3.7-2
|
||||||
|
- Rebuild with newer libcryptsetup
|
||||||
|
|
||||||
|
* Wed Aug 24 2011 Miloslav Trmač <mitr@redhat.com> - 0.3.7-1
|
||||||
|
- Update to volume_key-0.3.7
|
||||||
|
|
||||||
|
* Fri Jun 10 2011 Miloslav Trmač <mitr@redhat.com> - 0.3.6-2
|
||||||
|
- Fix a typo
|
||||||
|
Resolves: #712256
|
||||||
|
|
||||||
|
* Thu Mar 31 2011 Miloslav Trmač <mitr@redhat.com> - 0.3.6-1
|
||||||
|
- Update to volume_key-0.3.6
|
||||||
|
|
||||||
|
* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.5-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Feb 4 2011 Miloslav Trmač <mitr@redhat.com> - 0.3.5-2
|
||||||
|
- Use %%{?_isa} in Requires:
|
||||||
|
|
||||||
|
* Wed Nov 24 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.5-1
|
||||||
|
- Update to volume_key-0.3.5
|
||||||
|
|
||||||
|
* Mon Oct 18 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.4-4
|
||||||
|
- Tell the user if asking for the same passphrase again
|
||||||
|
Resolves: #641111
|
||||||
|
- Check certificate file before interacting with the user
|
||||||
|
Resolves: #643897
|
||||||
|
|
||||||
|
* Fri Oct 8 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.4-3
|
||||||
|
- Make it possible to interrupt password prompts
|
||||||
|
Resolves: #641111
|
||||||
|
|
||||||
|
* Wed Sep 29 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.4-2
|
||||||
|
- Clarify which block device should be passed as an argument
|
||||||
|
Resolves: #636541
|
||||||
|
- Recognize SSL error messages from NSS as well
|
||||||
|
Resolves: #638732
|
||||||
|
|
||||||
|
* Fri Aug 27 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.4-1
|
||||||
|
- Update to volume_key-0.3.4
|
||||||
|
|
||||||
|
* Mon Jul 26 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.3-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
|
||||||
|
|
||||||
|
* Thu Jul 22 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.3-3
|
||||||
|
- Fix build with new gpgme
|
||||||
|
|
||||||
|
* Thu Jul 22 2010 David Malcolm <dmalcolm@redhat.com> - 0.3.3-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
|
||||||
|
|
||||||
|
* Fri Mar 26 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.3-1
|
||||||
|
- Update to volume_key-0.3.3
|
||||||
|
|
||||||
|
* Thu Mar 4 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.2-1
|
||||||
|
- Update to volume_key-0.3.2
|
||||||
|
- Drop no longer necessary references to BuildRoot:
|
||||||
|
|
||||||
|
* Fri Feb 5 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.1-2
|
||||||
|
- Fix a crash when an empty passphrase is provided
|
||||||
|
Resolves: #558410
|
||||||
|
|
||||||
|
* Fri Dec 11 2009 Miloslav Trmač <mitr@redhat.com> - 0.3.1-1
|
||||||
|
- Update to volume_key-0.3.1.
|
||||||
|
|
||||||
|
* Wed Sep 30 2009 Miloslav Trmač <mitr@redhat.com> - 0.3-1
|
||||||
|
- Update to volume_key-0.3.
|
||||||
|
- Drop bundled libcryptsetup.
|
||||||
|
|
||||||
* Sat Aug 8 2009 Miloslav Trmač <mitr@redhat.com> - 0.2-3
|
* Sat Aug 8 2009 Miloslav Trmač <mitr@redhat.com> - 0.2-3
|
||||||
- Handle changed "TYPE=crypto_LUKS" from libblkid
|
- Handle changed "TYPE=crypto_LUKS" from libblkid
|
||||||
- Preserve file timestamps during installation
|
- Preserve file timestamps during installation
|
||||||
|
|
Loading…
Reference in New Issue