diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 17:44:13 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 17:44:13 +0000 |
commit | 1103cc2d299a0f29631f9f5322d93efcca8098c7 (patch) | |
tree | 656763a55c9de10b1de70761e3d0b8d44056af1d /debian/scripts | |
parent | Adding upstream version 2:2.3.7. (diff) | |
download | cryptsetup-debian.tar.xz cryptsetup-debian.zip |
Adding debian version 2:2.3.7-1+deb11u1.debian/2%2.3.7-1+deb11u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | debian/scripts/cryptdisks_start | 63 | ||||
-rw-r--r-- | debian/scripts/cryptdisks_stop | 38 | ||||
-rw-r--r-- | debian/scripts/decrypt_derived | 32 | ||||
-rw-r--r-- | debian/scripts/decrypt_gnupg | 26 | ||||
-rw-r--r-- | debian/scripts/decrypt_gnupg-sc | 44 | ||||
-rw-r--r-- | debian/scripts/decrypt_keyctl | 55 | ||||
-rw-r--r-- | debian/scripts/decrypt_opensc | 46 | ||||
-rw-r--r-- | debian/scripts/decrypt_ssl | 17 | ||||
-rw-r--r-- | debian/scripts/gen-ssl-key | 22 | ||||
-rw-r--r-- | debian/scripts/luksformat | 133 | ||||
-rw-r--r-- | debian/scripts/passdev.c | 286 | ||||
-rw-r--r-- | debian/scripts/po/Makefile | 39 | ||||
-rw-r--r-- | debian/scripts/po/de.po | 76 | ||||
-rw-r--r-- | debian/scripts/po/luksformat.pot | 69 |
14 files changed, 946 insertions, 0 deletions
diff --git a/debian/scripts/cryptdisks_start b/debian/scripts/cryptdisks_start new file mode 100644 index 0000000..623423f --- /dev/null +++ b/debian/scripts/cryptdisks_start @@ -0,0 +1,63 @@ +#!/bin/sh + +# cryptdisks_start - wrapper around cryptsetup which parses +# /etc/crypttab, just like mount parses /etc/fstab. + +# Initial code and (c) 2007 Jon Dowland <jon@alcopop.org> +# License: GNU General Public License, v2 or any later +# (https://www.gnu.org/copyleft/gpl.html) + +set -e + +. /lib/cryptsetup/cryptdisks-functions + +INITSTATE="manual" +DEFAULT_LOUD="yes" +FORCE_START="yes" + +usage() { + local rv="${1:-1}" + echo "Usage: $0 [-r|--readonly] <name> [.. <name>]" >&2 + echo >&2 + echo "reads $TABFILE and starts the mapping corresponding to <name>" >&2 + exit $rv +} + +CRYPTTAB_EXTRA_OPTIONS= +while [ $# -gt 0 ]; do + case "$1" in + -r|--readonly) CRYPTTAB_EXTRA_OPTIONS="${CRYPTTAB_EXTRA_OPTIONS:+$CRYPTTAB_EXTRA_OPTIONS,}readonly";; + -h|--help|-\?) usage 0;; + --) shift; break;; + -*) echo "Error: unknown option '$1'" >&2; usage 1;; + *) break;; + esac + shift +done +[ $# -gt 0 ] || usage 1 + +if [ $(id -u) -ne 0 ]; then + log_warning_msg "$0 needs root privileges" + exit 1 +fi + +log_action_begin_msg "Starting crypto disk" +mount_fs + +rv=0 +for name in "$@"; do + if ! crypttab_find_entry --quiet "$name"; then + device_msg "$name" "failed, not found in crypttab" + rv=1 + else + if [ -n "$CRYPTTAB_EXTRA_OPTIONS" ]; then + CRYPTTAB_OPTIONS="$CRYPTTAB_OPTIONS,$CRYPTTAB_EXTRA_OPTIONS" + _CRYPTTAB_OPTIONS="$_CRYPTTAB_OPTIONS,$CRYPTTAB_EXTRA_OPTIONS" + fi + setup_mapping || rv=$? + fi +done +umount_fs + +log_action_end_msg $rv +exit $rv diff --git a/debian/scripts/cryptdisks_stop b/debian/scripts/cryptdisks_stop new file mode 100644 index 0000000..ea0faaf --- /dev/null +++ b/debian/scripts/cryptdisks_stop @@ -0,0 +1,38 @@ +#!/bin/sh + +# cryptdisks_stop - wrapper around cryptsetup which parses +# /etc/crypttab, just like mount parses /etc/fstab. + +# Initial code stolen from cryptdisks_start by Jon Dowland <jon@alcopop.org> +# Copyright (C) 2008 by Jonas Meurer <jonas@freesources.org> +# License: GNU General Public License, v2 or any later +# (https://www.gnu.org/copyleft/gpl.html) + +set -e + +if [ $# -lt 1 ]; then + echo "usage: $0 <name>" >&2 + echo >&2 + echo "reads /etc/crypttab and stops the mapping corresponding to <name>" >&2 + exit 1 +fi + +. /lib/cryptsetup/cryptdisks-functions + +INITSTATE="manual" +DEFAULT_LOUD="yes" + +if [ $(id -u) -ne 0 ]; then + log_warning_msg "$0 needs root privileges" + exit 1 +fi + +log_action_begin_msg "Stopping crypto disk" + +rv=0 +for name in "$@"; do + remove_mapping "$name" || rv=$? +done + +log_action_end_msg $rv +exit $rv diff --git a/debian/scripts/decrypt_derived b/debian/scripts/decrypt_derived new file mode 100644 index 0000000..0e1e418 --- /dev/null +++ b/debian/scripts/decrypt_derived @@ -0,0 +1,32 @@ +#!/bin/sh + +# WARNING: If you use the decrypt_derived keyscript for devices with +# persistent data (i.e. not swap or temp devices), then you will lose +# access to that data permanently if something damages the LUKS header +# of the LUKS device you derive from. The same applies if you luksFormat +# the device, even if you use the same passphrase(s). A LUKS header +# backup, or better a backup of the data on the derived device may be +# a good idea. See the Cryptsetup FAQ on how to do this right. + +if [ -z "$1" ]; then + echo "$0: must be executed with a crypto device as argument" >&2 + exit 1 +fi + +unset -v keys count +keys="$(dmsetup table --target crypt --showkeys -- "$1" 2>/dev/null | cut -s -d' ' -f5)" +count="$(printf '%s' "$keys" | wc -l)" + +if [ -n "$keys" ] && [ $count -le 1 ]; then + if [ "${keys#:}" = "$keys" ]; then + printf '%s' "$keys" + exit 0 + else + echo "$0: device $1 uses the kernel keyring" >&2 + fi +elif [ $count -eq 0 ]; then + echo "$0: device $1 doesn't exist or isn't a crypto device" >&2 +else + echo "$0: more than one device match" >&2 +fi +exit 1 diff --git a/debian/scripts/decrypt_gnupg b/debian/scripts/decrypt_gnupg new file mode 100644 index 0000000..18ab575 --- /dev/null +++ b/debian/scripts/decrypt_gnupg @@ -0,0 +1,26 @@ +#!/bin/sh + +decrypt_gpg () { + echo "Performing GPG symmetric decryption ..." >&2 + if ! /lib/cryptsetup/askpass "Enter passphrase for key $1: " | \ + /usr/bin/gpg -q --batch --no-options \ + --no-random-seed-file --no-default-keyring \ + --keyring /dev/null --secret-keyring /dev/null \ + --trustdb-name /dev/null --passphrase-fd 0 --decrypt -- "$1"; then + return 1 + fi + return 0 +} + +if [ ! -x /usr/bin/gpg ]; then + echo "$0: /usr/bin/gpg is not available" >&2 + exit 1 +fi + +if [ -z "$1" ]; then + echo "$0: missing key as argument" >&2 + exit 1 +fi + +decrypt_gpg "$1" +exit $? diff --git a/debian/scripts/decrypt_gnupg-sc b/debian/scripts/decrypt_gnupg-sc new file mode 100644 index 0000000..84eb62c --- /dev/null +++ b/debian/scripts/decrypt_gnupg-sc @@ -0,0 +1,44 @@ +#!/bin/sh + +if [ -d "/cryptroot/gnupghome" ]; then + export GNUPGHOME="/cryptroot/gnupghome" +fi + +run_gpg() { + gpg --no-options --trust-model=always "$@" +} +decrypt_gpg () { + local console _ + if ! GPG_TTY="$(tty)"; then + read console _ </proc/consoles + GPG_TTY="/dev/$console" + fi + export GPG_TTY + + if ! run_gpg --decrypt -- "$1"; then + return 1 + fi + return 0 +} + +# `gpg-connect-agent LEARN /bye` is another (lighter) way, but it's +# harder to retrieve the return code +if ! run_gpg --batch --quiet --no-tty --card-status >/dev/null; then + echo "Please insert OpenPGP SmartCard..." >&2 + until run_gpg --batch --quiet --no-tty --card-status; do + sleep 1 + done >/dev/null 2>&1 +fi + +if [ ! -x /usr/bin/gpg ]; then + echo "$0: /usr/bin/gpg is not available" >&2 + exit 1 +fi + +if [ -z "$1" ] || [ ! -f "$1" ]; then + echo "$0: missing key as argument" >&2 + exit 1 +fi + +decrypt_gpg "$1" +exit $? diff --git a/debian/scripts/decrypt_keyctl b/debian/scripts/decrypt_keyctl new file mode 100644 index 0000000..6032db0 --- /dev/null +++ b/debian/scripts/decrypt_keyctl @@ -0,0 +1,55 @@ +#!/bin/sh +# decrypt_keyctl - to use in /etc/crypttab as keyscript +# Allows to cache passwords for cryptdevices for 60s +# The same password is used for for cryptdevices with the same identifier. +# The keyfile parameter, which is the third field from /etc/crypttab, is +# used as identifier in this keyscript. +# +# sample crypttab entries: +# test1 /dev/sda1 test_pw luks,keyscript=decrypt_keyctl +# test2 /dev/sda2 test_pw luks,keyscript=decrypt_keyctl +# test3 /dev/sda3 test_other_pw luks,keyscript=decrypt_keyctl +# +# test1 and test2 have the same identifier thus test2 does not need a password +# typed in manually + +die() +{ + echo "$@" >&2 + exit 1 +} + +if [ -z "${CRYPTTAB_KEY:-}" ] || [ "$CRYPTTAB_KEY" = "none" ]; then + # store the passphrase in the key name used by systemd-ask-password + ID_="cryptsetup" +else + # the keyfile given from crypttab is used as identifier in the keyring + # including the prefix "cryptsetup:" + ID_="cryptsetup:$CRYPTTAB_KEY" +fi +TIMEOUT_='60' +ASKPASS_='/lib/cryptsetup/askpass' +PROMPT_="Caching passphrase for ${CRYPTTAB_NAME}: " + + +if ! KID_="$(keyctl search @u user "$ID_" 2>/dev/null)" || \ + [ -z "$KID_" ] || [ "$CRYPTTAB_TRIED" -gt 0 ]; then + # key not found or wrong, ask the user + KEY_="$($ASKPASS_ "$PROMPT_")" || die "Error executing $ASKPASS_" + if [ -n "$KID_" ]; then + # I have cached wrong password and now i may use either `keyctl update` + # to update $KID_ or just unlink old key, and add new. With `update` i + # may hit "Key has expired", though. So i'll go "unlink and add" way. + keyctl unlink "$KID_" @u + KID_="" + fi + KID_="$(printf "%s" "$KEY_" | keyctl padd user "$ID_" @u)" + [ -n "$KID_" ] || die "Error adding passphrase to kernel keyring" + if ! keyctl timeout "$KID_" "$TIMEOUT_"; then + keyctl unlink "$KID_" @u + die "Error setting timeout on key ($KID_), removing" + fi +else + echo "Using cached passphrase for ${CRYPTTAB_NAME}." >&2 +fi +keyctl pipe "$KID_" diff --git a/debian/scripts/decrypt_opensc b/debian/scripts/decrypt_opensc new file mode 100644 index 0000000..b06fc98 --- /dev/null +++ b/debian/scripts/decrypt_opensc @@ -0,0 +1,46 @@ +#!/bin/sh + +# Why not use "openct-tool rwait" instead of polling opensc-tool exit status? +# Well openct daemon has to be running which interferes with pcscd since both +# implement reader drivers, my particular CCID reader (SCM SCR331-LC1) doesn't +# work with the CCID driver in openct, however it does work with pcscd. + +# Why not use "opensc-tool --wait" instead of polling opensc-tool exit status? +# Although opensc-tool --help reports that there is a --wait option, it doesn't +# seem to be implemented. + +check_card() { + cardfound=0 + + if /usr/bin/opensc-tool -n >/dev/null 2>&1; then + cardfound=1 + fi +} + +wait_card() { + check_card + if [ $cardfound = 0 ] ; then + echo "Waiting for Smart Card..." >&2 + tries=0 + while [ $cardfound = 0 ] && [ $tries -lt 60 ] ; do + sleep 1 + check_card + tries=$(($tries + 1)) + done + if [ $cardfound = 0 ] ; then + echo 'Failed to find Smart Card card!' >&2 + exit 1 + fi + fi +} + +wait_card +if [ -x /bin/plymouth ] && plymouth --ping; then + # Get pin number from plymouth + /usr/bin/pkcs15-crypt --decipher --input "$1" --pkcs1 --raw \ + --pin "$(plymouth ask-for-password --prompt "Enter pin for $CRYPTTAB_NAME: ")" +else + # Get pin number from console + /usr/bin/pkcs15-crypt --decipher --input "$1" --pkcs1 --raw </dev/console 2>/dev/console +fi +exit $? diff --git a/debian/scripts/decrypt_ssl b/debian/scripts/decrypt_ssl new file mode 100644 index 0000000..6664001 --- /dev/null +++ b/debian/scripts/decrypt_ssl @@ -0,0 +1,17 @@ +#!/bin/sh +# +# Script to decrypt the key which is encrypted with openssl. +# See /usr/share/doc/cryptsetup/examples/gen-ssl-key to create such a key. +# + +decrypt_ssl () { + echo "" >&2 + echo "Decrypting ssl key $1..." >&2 + if ! /usr/bin/openssl enc -aes-256-cbc -d -salt -in "$1" 2>/dev/null; then + return 1 + fi + return 0 +} + +decrypt_ssl "$1" +exit $? diff --git a/debian/scripts/gen-ssl-key b/debian/scripts/gen-ssl-key new file mode 100644 index 0000000..70a6fb3 --- /dev/null +++ b/debian/scripts/gen-ssl-key @@ -0,0 +1,22 @@ +#!/bin/sh +# +# script to generate a keyfile that is encrypted with openssl +# +# Written 2005 by Markus Nass <generalstone@gmx.net> +# Improved 2006 by Jonas Meurer <jonas@freesources.org> +# Further improved 2006 by Markus Nass <generalstone@gmx.net> + +usage() { + echo "Usage: $0 <key>" + exit 1 +} + +if [ -z "${1-}" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then + usage +fi + +if [ -x /usr/bin/openssl ]; then + dd if=/dev/random bs=1c count=256 | openssl enc -aes-256-cbc -e -salt >"$1" +else + echo "/usr/bin/openssl is not available" && exit 1 +fi diff --git a/debian/scripts/luksformat b/debian/scripts/luksformat new file mode 100644 index 0000000..ae17f79 --- /dev/null +++ b/debian/scripts/luksformat @@ -0,0 +1,133 @@ +#!/usr/bin/perl -w + +# luksformat - wrapper around LUKS-capable cryptsetup and mkfs for easy +# creation of an encrypted device. +# +# (C) 2005 Canonical Ltd. +# Author: Martin Pitt <martin.pitt@ubuntu.com> +# License: GNU General Public License, v2 or any later +# (https://www.gnu.org/copyleft/gpl.html) + +use Getopt::Long qw(:config pass_through); + +BEGIN { + eval 'use Locale::gettext'; + if ($@) { + *gettext = sub { shift }; + *textdomain = sub { "" }; + *LC_MESSAGES = sub { 5 }; + } + eval { + require POSIX; + import POSIX qw(setlocale); + }; + if ($@) { + *setlocale = sub { return 1 }; + } +} + +setlocale(LC_MESSAGES, ""); +textdomain("luksformat"); + +if ($> != 0) { + print STDERR gettext("This program needs to be started as root\n"); + exit 1; +} + +sub usage() { + print gettext("luksformat - Create and format an encrypted LUKS device +Usage: luksformat [-t <file system>] <device> [ mkfs options ]\n\n"); + exit 1; +} + +# default file system +$fs = 'vfat'; +exit 1 unless GetOptions ('t|type=s' => \$fs); + +GetOptions ('help', \$help); +if (($#ARGV < 0) || ($help)) { + usage(); +} + +$device = shift(@ARGV); + +open(MOUNTS, "/proc/mounts"); +while (<MOUNTS>) { + die sprintf(gettext("Error: device mounted: %s\n"), $device) if (/\Q$device\E/) +} + +if (-x "/usr/sbin/mkfs.$fs") { + $mkfs = "/usr/sbin/mkfs.$fs"; +} +elsif (-x "/usr/bin/mkfs.$fs") { + $mkfs = "/usr/bin/mkfs.$fs"; +} +elsif (-x "/sbin/mkfs.$fs") { + $mkfs = "/sbin/mkfs.$fs"; +} +elsif (-x "/bin/mkfs.$fs") { + $mkfs = "/bin/mkfs.$fs"; +} +else { + printf STDERR (gettext("Error: invalid file system: %s\n"), $fs); + exit 1; +} + +# generate temporary mapped device name which is not yet used +$name = ""; +for ($i = 1; $i < 100; $i++) { + if (! -e "/dev/mapper/luksformat$i") { + $name = "luksformat$i"; + last; + } +} + +$name or die sprintf(gettext("Error: could not generate temporary mapped device name")); + +# we do not need to be overly concerned with race conditions here, cryptsetup +# will just fail if the name already exists now. +printf (gettext("Creating encrypted device on %s...\n"), $device); +if ((system 'cryptsetup', 'luksFormat', $device)) { + die sprintf(gettext("Could not create LUKS device %s"), $device); +} + +print gettext("Please enter your passphrase again to verify it\n"); +if ((system 'cryptsetup', 'open', '--type', 'luks', $device, $name) != 0) { + print STDERR gettext("The passphrases you entered were not identical\n"); + exit 1; +} + +$result = system $mkfs, "/dev/mapper/$name", @ARGV; +print "\n"; +system 'udevadm', 'settle', '--timeout=30'; +system 'cryptsetup', 'luksClose', $name; + +die sprintf(gettext("Could not format device with file system %s"), $fs) if $result; + +__END__ + +=head1 NAME + +luksformat - Create and format an encrypted LUKS device + +=head1 SYNOPSIS + +B<luksformat> [B<-t> I<fstype>] I<device> [ mkfs options ] + +=head1 DESCRIPTION + +B<luksformat> is a wrapper around B<cryptsetup> and B<mkfs> which provides an +easy interface for creating an encrypted device that follows the LUKS standard +and for putting a file system onto the encrypted device. + +The default file system is B<vfat> since that is most commonly used on +removable devices. However, you can specify any available file system with the +B<-t> option. + +=head1 SEE ALSO + +L<cryptsetup(8)>, L<mkfs(8)> + +=head1 AUTHOR + +This program was written by Martin Pitt <martin.pitt@ubuntu.com>. diff --git a/debian/scripts/passdev.c b/debian/scripts/passdev.c new file mode 100644 index 0000000..845ccae --- /dev/null +++ b/debian/scripts/passdev.c @@ -0,0 +1,286 @@ +/* + * passdev.c - waits for a given device to appear, mounts it and reads a + * key from it which is piped to stdout. + * + * Copyright (C) 2008 David Härdeman <david@hardeman.nu> + * + * This package is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This package is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this package; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + + +#define _DEFAULT_SOURCE +#include <stdio.h> +#include <stdlib.h> +#include <stdarg.h> +#include <stdbool.h> +#include <unistd.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/wait.h> +#include <string.h> +#include <fcntl.h> +#include <sys/mount.h> + +static bool do_debug = false; + +static void +debug(const char *fmt, ...) +{ + va_list ap; + + if (!do_debug) + return; + va_start(ap, fmt); + vfprintf(stderr, fmt, ap); + va_end(ap); +} + +static bool +do_mount(const char *device, const char *dir) +{ + pid_t pid; + int status; + char *fstypes[] = { "ext4", "ext3", "ext2", "vfat", "btrfs", "reiserfs", "xfs", "jfs", "ntfs", "iso9660", "udf" }; + int fsindex; + + if (!device || !dir) + return false; + + for (fsindex = 0; + fsindex < (sizeof(fstypes) / sizeof(fstypes[0])); + fsindex++) + { + pid = fork(); + if (pid < 0) { + /* Error */ + return false; + } else if (pid > 0) { + /* We're in the parent process */ + do { + waitpid(pid, &status, 0); + } while (!WIFEXITED(status) && !WIFSIGNALED(status)); + if (WIFEXITED(status) && WEXITSTATUS(status) == EXIT_SUCCESS) + return true; + + /* Let's try another fstype */ + continue; + } else { + /* We're in the child process */ + debug("Mounting %s at %s\n", device, dir); + close(STDIN_FILENO); + close(STDOUT_FILENO); + close(STDERR_FILENO); + open("/dev/null", O_RDONLY, 0); + open("/dev/null", O_WRONLY, 0); + open("/dev/null", O_WRONLY, 0); + execl("/bin/mount", "/bin/mount", "-n", "-t", + fstypes[fsindex], + /*"ext4,ext3,ext2,vfat,btrfs,reiserfs,xfs,jfs,ntfs,iso9660,udf",*/ + "-o", "noatime,nodiratime,nodev,noexec,nosuid,ro", + device, dir, (char *)NULL); + + /* If execl works, we won't end up here */ + exit(EXIT_FAILURE); + } + } + + /* We've tried all fstypes with no luck */ + return false; +} + +int +main(int argc, char **argv, char **envp) +{ + char *debugval; + char *devpath; + char *filepath; + struct stat st; + char *tmppath; + char tpath[] = "/tmp/passdev.XXXXXX"; + char *keypath; + int fd; + size_t toread; + size_t bytesread; + char *keybuffer; + size_t towrite; + size_t byteswritten; + ssize_t bytes; + char *to; + int timeout = 0; + bool do_timeout = false; + + /* We only take one argument */ + if (argc != 2) { + fprintf(stderr, "Incorrect number of arguments\n"); + goto error; + } + + /* If DEBUG=1 is in the environment, enable debug messages */ + debugval = getenv("DEBUG"); + if (debugval && atoi(debugval) > 0) + do_debug = true; + + /* Split string into device and path (and timeout) */ + devpath = argv[1]; + filepath = strchr(devpath, ':'); + if (!filepath || !(*filepath) || !(*(filepath + 1))) { + fprintf(stderr, "Invalid key path\n"); + goto error; + } + *filepath = '\0'; + filepath++; + to = strchr(filepath, ':'); + if (to && (*to) && (*(to + 1))) { + *to = '\0'; + to++; + timeout = atoi(to); + if (timeout > 0) + do_timeout = true; + } + debug("Path is %p and filepath is %p\n", devpath, filepath); + if (do_timeout) + debug("Timeout is %i\n",timeout); + + /* Wait until device is available */ + if (access(devpath, F_OK)) { + debug("Waiting for %s\n", devpath); + while(access(devpath, F_OK)) { + sleep(1); + if (do_timeout) { + if (timeout <= 0) + break; + timeout--; + } + } + } + + /* Make sure device is a blockdev */ + if (stat(devpath, &st)) { + fprintf(stderr, "Unable to stat %s\n", devpath); + goto error; + } else if (!S_ISBLK(st.st_mode)) { + fprintf(stderr, "%s is no block device\n", devpath); + goto error; + } + + /* Create a tmp dir where we mount the device */ + tmppath = mkdtemp(tpath); + if (!tmppath) { + fprintf(stderr, "Failed to create temporary directory\n"); + goto error; + } + + /* Ok, mount it */ + if (!do_mount(devpath, tmppath)) { + fprintf(stderr, "Failed to mount %s\n", devpath); + goto error_rmdir; + } + + /* Generate the full path to the keyfile */ + keypath = malloc(strlen(tmppath) + 1 + strlen(filepath) + 1); + if (!keypath) { + fprintf(stderr, "Failed to allocate memory\n"); + goto error_umount; + } + sprintf(keypath, "%s/%s", tmppath, filepath); + + /* Check that the keyfile exists */ + if (access(keypath, F_OK)) { + fprintf(stderr, "Keyfile doesn't exist\n"); + goto error_free; + } + + /* Get the size of the keyfile */ + if (stat(keypath, &st)) { + fprintf(stderr, "Unable to stat keyfile\n"); + goto error_free; + } + + /* Check the size of the keyfile */ + if (st.st_size < 0) { + fprintf(stderr, "Invalid keyfile size\n"); + goto error_free; + } + toread = (size_t)st.st_size; + + /* Open the keyfile */ + if ((fd = open(keypath, O_RDONLY)) < 0) { + fprintf(stderr, "Failed to open keyfile\n"); + goto error_free; + } + + /* Allocate a buffer for the keyfile contents */ + keybuffer = malloc(toread); + if (!keybuffer) { + fprintf(stderr, "Failed to allocate memory\n"); + goto error_close; + exit(EXIT_FAILURE); + } + + /* Read the keyfile */ + bytesread = 0; + while (bytesread < toread) { + bytes = read(fd, keybuffer + bytesread, toread - bytesread); + if (bytes <= 0) { + fprintf(stderr, "Failed to read entire key\n"); + goto error_keybuffer; + } + bytesread += bytes; + } + + /* Clean up */ + close(fd); + free(keypath); + umount(tmppath); + rmdir(tmppath); + + /* Write result */ + byteswritten = 0; + towrite = toread; + while (byteswritten < towrite) { + bytes = write(STDOUT_FILENO, keybuffer + byteswritten, + towrite - byteswritten); + if (bytes <= 0) { + fprintf(stderr, "Failed to write entire key\n"); + memset(keybuffer, 0, toread); + free(keybuffer); + goto error; + } + byteswritten += bytes; + } + + /* Clean up */ + memset(keybuffer, 0, toread); + free(keybuffer); + + /* Done */ + exit(EXIT_SUCCESS); + + /* Error handling */ +error_keybuffer: + memset(keybuffer, 0, toread); + free(keybuffer); +error_close: + close(fd); +error_free: + free(keypath); +error_umount: + umount(tmppath); +error_rmdir: + rmdir(tmppath); +error: + exit(EXIT_FAILURE); +} + diff --git a/debian/scripts/po/Makefile b/debian/scripts/po/Makefile new file mode 100644 index 0000000..9eb8acf --- /dev/null +++ b/debian/scripts/po/Makefile @@ -0,0 +1,39 @@ +XGETTEXT = xgettext +MSGFMT = msgfmt +MSGMERGE = msgmerge + +LOCALEDIR = /usr/share/locale + +.SUFFIXES: .po .mo .pot + +%.mo: %.po + $(MSGFMT) -o $@ $< + +PO = $(wildcard *.po) +LANG = $(basename $(PO)) +MO = $(addsuffix .mo,$(LANG)) +SOURCES = ../luksformat + +all: update $(MO) +update: luksformat.pot + -@for po in $(PO); do \ + echo -n "Updating $$po"; \ + $(MSGMERGE) -U $$po luksformat.pot; \ + done; + +luksformat.pot: $(SOURCES) + $(XGETTEXT) -c -L Perl -kgtx \ + --msgid-bugs-address=pkg-cryptsetup-devel@alioth-lists.debian.net \ + -o $@ $(SOURCES) + +install: all + for i in $(MO) ; do \ + t=$(DESTDIR)/$(LOCALEDIR)/`basename $$i .mo`/LC_MESSAGES ;\ + install -d $$t ;\ + install -m 644 $$i $$t/luksformat.mo ;\ + done + +clean: + $(RM) $(MO) *~ + +.PHONY: update diff --git a/debian/scripts/po/de.po b/debian/scripts/po/de.po new file mode 100644 index 0000000..76c7f2f --- /dev/null +++ b/debian/scripts/po/de.po @@ -0,0 +1,76 @@ +# German translations for cryptsetup package +# German messages for luksformat in cryptsetup. +# Copyright (C) 2011 THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the cryptsetup package. +# Jonas Meurer <jonas@freesources.org>, 2011. +# +msgid "" +msgstr "" +"Project-Id-Version: cryptsetup 2:1.3.0-1\n" +"Report-Msgid-Bugs-To: pkg-cryptsetup-devel@alioth-lists.debian.net\n" +"POT-Creation-Date: 2015-12-09 13:09+0100\n" +"PO-Revision-Date: 2011-03-08 19:40+0100\n" +"Last-Translator: Jonas Meurer <jonas@freesources.org>\n" +"Language-Team: German\n" +"Language: de\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../luksformat:33 +msgid "This program needs to be started as root\n" +msgstr "Dieses Programm muss als Benutzer root gestartet werden\n" + +#: ../luksformat:38 +msgid "" +"luksformat - Create and format an encrypted LUKS device\n" +"Usage: luksformat [-t <file system>] <device> [ mkfs options ]\n" +"\n" +msgstr "" +"luksformat - LUKS-verschlüsselte Partition erstellen und formatieren\n" +"Verwendung: luksformat [-t <Dateisystem>] <Partition> [ mkfs Optionen ]\n" +"\n" + +#: ../luksformat:56 +#, perl-format +msgid "Error: device mounted: %s\n" +msgstr "Fehler: Partition ist eingebunden: %s\n" + +#: ../luksformat:72 +#, perl-format +msgid "Error: invalid file system: %s\n" +msgstr "Fehler: Ungültiges Dateisystem: %s\n" + +#: ../luksformat:85 +#, perl-format +msgid "Error: could not generate temporary mapped device name" +msgstr "Fehler: Erstellen einer temporären Partition schlug fehl" + +#. we do not need to be overly concerned with race conditions here, cryptsetup +#. will just fail if the name already exists now. +#: ../luksformat:89 +#, perl-format +msgid "Creating encrypted device on %s...\n" +msgstr "Erstelle verschlüsselte Partition auf %s...\n" + +#: ../luksformat:91 +#, perl-format +msgid "Could not create LUKS device %s" +msgstr "Erstellen der LUKS-Partition %s schlug fehl" + +#: ../luksformat:94 +msgid "Please enter your passphrase again to verify it\n" +msgstr "Bitte zum verifizieren das Passwort erneut eingeben\n" + +#: ../luksformat:96 +msgid "The passphrases you entered were not identical\n" +msgstr "Die eingegebenen Passwörter waren nicht identisch\n" + +#: ../luksformat:105 +#, perl-format +msgid "Could not format device with file system %s" +msgstr "Formatieren der Partition mit dem Dateisystem %s schlug fehl" + +#~ msgid "%s: %s" +#~ msgstr "%s: %s" diff --git a/debian/scripts/po/luksformat.pot b/debian/scripts/po/luksformat.pot new file mode 100644 index 0000000..f6c1e56 --- /dev/null +++ b/debian/scripts/po/luksformat.pot @@ -0,0 +1,69 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: pkg-cryptsetup-devel@alioth-lists.debian.net\n" +"POT-Creation-Date: 2015-12-09 13:09+0100\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#: ../luksformat:33 +msgid "This program needs to be started as root\n" +msgstr "" + +#: ../luksformat:38 +msgid "" +"luksformat - Create and format an encrypted LUKS device\n" +"Usage: luksformat [-t <file system>] <device> [ mkfs options ]\n" +"\n" +msgstr "" + +#: ../luksformat:56 +#, perl-format +msgid "Error: device mounted: %s\n" +msgstr "" + +#: ../luksformat:72 +#, perl-format +msgid "Error: invalid file system: %s\n" +msgstr "" + +#: ../luksformat:85 +#, perl-format +msgid "Error: could not generate temporary mapped device name" +msgstr "" + +#. we do not need to be overly concerned with race conditions here, cryptsetup +#. will just fail if the name already exists now. +#: ../luksformat:89 +#, perl-format +msgid "Creating encrypted device on %s...\n" +msgstr "" + +#: ../luksformat:91 +#, perl-format +msgid "Could not create LUKS device %s" +msgstr "" + +#: ../luksformat:94 +msgid "Please enter your passphrase again to verify it\n" +msgstr "" + +#: ../luksformat:96 +msgid "The passphrases you entered were not identical\n" +msgstr "" + +#: ../luksformat:105 +#, perl-format +msgid "Could not format device with file system %s" +msgstr "" |