1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-06 08:26:52 +03:00
Commit Graph

27 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
1ca208fb4f Introduce udev object cleanup functions 2013-10-13 17:56:55 -04:00
Zbigniew Jędrzejewski-Szmek
5862d652ba Introduce _cleanup_endmntent_ 2013-10-03 22:13:55 -04:00
Lennart Poettering
4b93637fd7 cryptsetup: fix OOM handling when parsing mount options 2013-10-02 19:45:12 +02:00
Thomas Bächler
404dac4d96 cryptsetup: Retry indefinitely if tries=0 option has been set.
When running from initrd, entering a wrong passphrase usually means that
you cannot boot. Therefore, we allow trying indefinitely.
2013-09-11 17:44:33 +02:00
Ondrej Balaz
1acbb95c2b systemd-cryptsetup: makes “discard” a synonym for “allow-discards”
systemd-cryptsetup recognizes option 'allow-discards' in /etc/crypttab
to enable TRIM passthrough to underlying encrypted device. In Debian
this option was changed to 'discard' to avoid hyphen in option name.
(see: #648868 and `man crypttab`).

[zj: update crypttab(5) too, making "discard" the default.]
2013-08-14 22:54:07 -04:00
Jan Janssen
8cf3ca8068 cryptsetup: Add tcrypt support
Tcrypt uses a different approach to passphrases/key files. The
passphrase and all key files are incorporated into the "password"
to open the volume. So, the idea of slots that provide a way to
open the volume with different passphrases/key files that are
independent from each other like with LUKS does not apply.

Therefore, we use the key file from /etc/crypttab as the source
for the passphrase. The actual key files that are combined with
the passphrase into a password are provided as a new option in
/etc/crypttab and can be given multiple times if more than one
key file is used by a volume.
2013-07-16 01:24:31 +02:00
Jan Janssen
10fb4e35fd cryptsetup: Move attaching of the device out of main 2013-07-16 01:24:28 +02:00
Jan Janssen
e7d90b7127 cryptsetup: Move password query out of main
Also use _cleanup_free_ where possible.
2013-07-16 01:24:24 +02:00
Lennart Poettering
5f1dac6bf6 cryptsetup: warn if keyfiles are world-readable 2013-04-30 08:36:01 -03:00
Harald Hoyer
8d768d9962 cryptsetup: ask for password, if key file cannot be accessed
If the key file cannot be accessed, we can at least ask for the
password.
2013-04-18 22:17:13 +02:00
Harald Hoyer
49714341c3 cryptsetup: set the timeout to 0 by default
cryptsetup itself has no timeout as default from the beginning. So the
default timeout has been "0" from the beginning.

https://bugzilla.redhat.com/show_bug.cgi?id=949702
2013-04-18 02:19:46 +02:00
Zbigniew Jędrzejewski-Szmek
b92bea5d2a Use initalization instead of explicit zeroing
Before, we would initialize many fields twice: first
by filling the structure with zeros, and then a second
time with the real values. We can let the compiler do
the job for us, avoiding one copy.

A downside of this patch is that text gets slightly
bigger. This is because all zero() calls are effectively
inlined:

$ size build/.libs/systemd
         text    data     bss     dec     hex filename
before 897737  107300    2560 1007597   f5fed build/.libs/systemd
after  897873  107300    2560 1007733   f6075 build/.libs/systemd

… actually less than 1‰.

A few asserts that the parameter is not null had to be removed. I
don't think this changes much, because first, it is quite unlikely
for the assert to fail, and second, an immediate SEGV is almost as
good as an assert.
2013-04-05 19:50:57 -04:00
Lennart Poettering
7f602784de util: rename parse_usec() to parse_sec() sinds the default unit is seconds
Internally we store all time values in usec_t, however parse_usec()
actually was used mostly to parse values in seconds (unless explicit
units were specified to define a different unit). Hence, be clear about
this and name the function about what we pass into it, not what we get
out of it.
2013-04-03 20:12:57 +02:00
Lennart Poettering
74b1c37174 cryptsetup: when prompting for password use GPT partition label
If there's a GPT partition label set for a LUKS partition, then it's
nicer to show that than the model number, when asking for a passphrase.
2013-03-26 15:24:44 +01:00
Michal Schmidt
18cf1a1be5 cryptsetup: accept both "read-only" and "readonly" spellings
Mukund Sivaraman pointed out that cryptsetup(5) mentions the "read-only"
option, while the code understands "readonly".

We could just fix the manpage, but for consistency in naming of
multi-word options it would be prettier to have "read-only". So let's
accept both spellings.

BZ: https://bugzilla.redhat.com/show_bug.cgi?id=903463
2013-01-31 19:57:56 +01:00
Tom Gundersen
adc40dc2f6 cryptsetup: fix nofail support
This was documented in the man page and supported in the generator,
but systemd-cryptestup itself would fail with this option.

systemd-cryptsetup should ignore 'nofail', as it does with 'noauto'.
2012-11-21 12:53:28 +01:00
Dave Reisner
8db9d8c2a4 cryptsetup: fix inverted comparison in pass_volume_key 2012-11-06 10:18:10 -05:00
Dave Reisner
65343c7494 cryptsetup: hash=plain means don't use a hash
"plain" is a semantic value that cryptsetup(8) uses to describe a plain
dm-crypt volume that does not use a hash. Catch this value earlier and
ensure that a NULL params.hash is passed to crypt_format to avoid
passing an invalid hash type to the libcryptsetup backend.

FDO bug #56593.
2012-11-06 09:53:00 -05:00
Tom Gundersen
4271d8235f cryptsetup: add keyfile-size= support
This is useful e.g. if the keyfile is a raw device, where only parts of it
should be read. It is typically used whenever the keyfile-offset= option is
specified.

Tested-by: Erik Westrup <erik.westrup@gmail.com>
2012-08-03 20:49:55 +02:00
Shawn Landden
0d0f0c50d3 log.h: new log_oom() -> int -ENOMEM, use it
also a number of minor fixups and bug fixes: spelling, oom errors
that didn't print errors, not properly forwarding error codes,
few more consistency issues, et cetera
2012-07-26 11:48:26 +02:00
Shawn Landden
669241a076 use "Out of memory." consistantly (or with "\n")
glibc/glib both use "out of memory" consistantly so maybe we should
consider that instead of this.

Eliminates one string out of a number of binaries. Also fixes extra newline
in udev/scsi_id
2012-07-25 11:23:57 +02:00
Tom Gundersen
880a599e26 cryptsetup: add keyfile-offset= support
This is useful if your keyfile is a block device, and you want to
use a specific part of it, such as an area between the MBR and the
first partition.

This feature is documented in the Arch wiki[0], and has been supported
by the Arch initscripts, so would be nice to get this into systemd.

This requires libcryptsetup >= 1.4.2 (released 12.4.2012).

Acked-by: Paul Menzel <paulepanter@users.sourceforge.net>

[0]:
<https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS#
Storing_the_key_between_MBR_and_1st_partition>
2012-07-09 22:07:52 +02:00
Matthew Monaco
2a2aab602e cryptsetup: support discards (TRIM) 2012-05-21 17:28:06 +02:00
Kay Sievers
9eb977db5b util: split-out path-util.[ch] 2012-05-08 02:33:10 +02:00
Lennart Poettering
e0295d2651 mount: don't fail if fstab doesn't exist 2012-04-22 15:33:43 +02:00
Lennart Poettering
5430f7f2bc relicense to LGPLv2.1 (with exceptions)
We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.

Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.

The bits that used to be MIT continue to be MIT.

The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
2012-04-12 00:24:39 +02:00
Lennart Poettering
b4d0195b05 cryptsetup: split off cryptsetup into its own subdir 2012-01-03 21:08:57 +01:00