mirror of
git://slackware.nl/current.git
synced 2024-12-29 10:25:00 +01:00
e20909a770
a/cryptsetup-2.5.0-x86_64-3.txz: Rebuilt. rc.luks: use --batch-mode when creating encrypted swap. Thanks to Markus Wiesner. a/sysvinit-3.05-x86_64-1.txz: Upgraded. ap/vim-9.0.0334-x86_64-1.txz: Upgraded. Fixed use after free. Thanks to marav for the heads-up. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3016 (* Security fix *) kde/digikam-7.8.0-x86_64-1.txz: Upgraded. kde/fcitx5-configtool-5.0.15-x86_64-1.txz: Upgraded. kde/umbrello-22.08.0-x86_64-2.txz: Rebuilt. Recompiled against kdevelop-22.08.0. Thanks to th_r. x/fcitx5-5.0.19-x86_64-1.txz: Upgraded. x/fcitx5-chinese-addons-5.0.15-x86_64-1.txz: Upgraded. x/libime-1.0.14-x86_64-1.txz: Upgraded. xap/NetworkManager-openvpn-1.10.0-x86_64-1.txz: Upgraded. xap/mozilla-firefox-104.0.1-x86_64-1.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/firefox/104.0.1/releasenotes/ xap/vim-gvim-9.0.0334-x86_64-1.txz: Upgraded. extra/sendmail/sendmail-8.17.1-x86_64-5.txz: Rebuilt. Patched sendmail.h to fix SASL auth. Thanks to af7567. Build without -DUSE_EAI (which is evidently considered experimental) since the option breaks the vacation binary. Thanks to bitfuzzy and HQuest. It is possible that this could work but requires additional options. I found this in the ChangeLog for the SUSE rpm: Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533) is available when using the compile time option USE_EAI (see also devtools/Site/site.config.m4.sample for other required settings) and the cf option SMTPUTF8. If a mail submission via the command line requires the use of SMTPUTF8, e.g., because a header uses UTF-8 encoding, but the addresses on the command line are all ASCII, then the new option -U must be used, and the cf option SMTPUTF8 must be set in submit.cf. Any assistance with getting -DUSE_EAI working properly would be appreciated. extra/sendmail/sendmail-cf-8.17.1-noarch-5.txz: Rebuilt.
90 lines
3.8 KiB
Bash
90 lines
3.8 KiB
Bash
#!/bin/bash
|
|
# Open any volumes created by cryptsetup.
|
|
#
|
|
# Some notes on /etc/crypttab in Slackware:
|
|
# Only LUKS formatted volumes are supported (except for swap)
|
|
# crypttab follows the following format:
|
|
# <luks_name> <device> <password> <options>
|
|
#
|
|
# <luks_name>: This is the name of your LUKS volume.
|
|
# For example: crypt-home
|
|
#
|
|
# <device>: This is the device containing your LUKS volume.
|
|
# For example: /dev/sda2
|
|
#
|
|
# <password>: This is either the volume password in plain text, or the name of
|
|
# a key file. Use 'none' to interactively enter password on boot.
|
|
#
|
|
# <options>: Comma-separated list of options. Note that there must be a
|
|
# password field for any options to be picked up (use a password of 'none' to
|
|
# get a password prompt at boot). The following options are supported:
|
|
#
|
|
# discard -- this will cause --allow-discards to be passed to the cryptsetup
|
|
# program while opening the LUKS volume.
|
|
#
|
|
# ro -- this will cause --readonly to be passed to the cryptsetup program while
|
|
# opening the LUKS volume.
|
|
#
|
|
# swap -- this option cannot be used with other options. The device given will
|
|
# be formatted as a new encrypted volume with a random key on boot, and used as
|
|
# swap.
|
|
#
|
|
# keyscript=<path/to/script> -- get the password from the named script's stdout.
|
|
# The only parameter sent to script is the <password> field, but the script can
|
|
# ignore it.
|
|
#
|
|
|
|
if [ -f /etc/crypttab -a -x /sbin/cryptsetup ]; then
|
|
# First, check for device-mapper support.
|
|
if ! grep -wq device-mapper /proc/devices ; then
|
|
# If device-mapper exists as a module, try to load it.
|
|
# Try to load a device-mapper kernel module:
|
|
/sbin/modprobe -q dm-mod
|
|
fi
|
|
# NOTE: we only support LUKS formatted volumes (except for swap)!
|
|
# The input for this loop comes from after the "done" below, so that we can
|
|
# use fd3 and keep stdin functional for password entry or in case a keyscript
|
|
# requires it:
|
|
while read line <&3; do
|
|
eval LUKSARRAY=( $line )
|
|
LUKS="${LUKSARRAY[0]}"
|
|
DEV="${LUKSARRAY[1]}"
|
|
PASS="${LUKSARRAY[2]}"
|
|
OPTS="${LUKSARRAY[3]}"
|
|
KEYSCRIPT="$(echo $OPTS | sed -n 's/.*keyscript=\([^,]*\).*/\1/p')"
|
|
LUKSOPTS=""
|
|
if echo $OPTS | grep -wq ro ; then LUKSOPTS="${LUKSOPTS} --readonly" ; fi
|
|
if echo $OPTS | grep -wq discard ; then LUKSOPTS="${LUKSOPTS} --allow-discards" ; fi
|
|
# Skip LUKS volumes that were already unlocked (in the initrd):
|
|
/sbin/cryptsetup status $LUKS 2>/dev/null | head -n 1 | grep -q "is active" && continue
|
|
if /sbin/cryptsetup isLuks $DEV 2>/dev/null ; then
|
|
if [ -z "${LUKSOPTS}" ]; then
|
|
echo "Unlocking LUKS encrypted volume '${LUKS}' on device '$DEV':"
|
|
else
|
|
echo "Unlocking LUKS encrypted volume '${LUKS}' on device '$DEV' with options '${LUKSOPTS}':"
|
|
fi
|
|
if [ -x "${KEYSCRIPT}" ]; then
|
|
# A password was outputted by a script
|
|
${KEYSCRIPT} "${PASS}" | /sbin/cryptsetup ${LUKSOPTS} luksOpen $DEV $LUKS
|
|
echo
|
|
elif [ -n "${PASS}" -a "${PASS}" != "none" ]; then
|
|
if [ -f "${PASS}" ]; then
|
|
# A password was given a key-file filename
|
|
/sbin/cryptsetup ${LUKSOPTS} --key-file=${PASS} luksOpen $DEV $LUKS
|
|
else
|
|
# A password was provided in plain text
|
|
echo "${PASS}" | /sbin/cryptsetup ${LUKSOPTS} luksOpen $DEV $LUKS
|
|
fi
|
|
else
|
|
# No password was given, or a password of 'none' was given
|
|
/sbin/cryptsetup ${LUKSOPTS} luksOpen $DEV $LUKS
|
|
fi
|
|
elif echo $OPTS | grep -wq swap ; then
|
|
# If any of the volumes is to be used as encrypted swap,
|
|
# then encrypt it using a random key and run mkswap:
|
|
echo "Creating encrypted swap volume '${LUKS}' on device '$DEV':"
|
|
/sbin/cryptsetup --batch-mode --cipher=aes --key-file=/dev/urandom --key-size=256 create $LUKS $DEV
|
|
mkswap /dev/mapper/$LUKS
|
|
fi
|
|
done 3< <(grep -vE '^(#|$)' /etc/crypttab)
|
|
fi
|