rpms/cryptsetup-luks/devel cryptsetup-wipe-headers.patch, NONE, 1.1 cryptsetup-luks.spec, 1.63, 1.64
Milan Broz
mbroz at fedoraproject.org
Thu Oct 30 10:26:14 UTC 2008
- Previous message (by thread): rpms/kernel/F-9 config-generic,1.120,1.121 config-i686,1.3,1.4
- Next message (by thread): rpms/amtterm/devel .cvsignore, 1.4, 1.5 amtterm.spec, 1.4, 1.5 sources, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mbroz
Update of /cvs/pkgs/rpms/cryptsetup-luks/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv26590
Modified Files:
cryptsetup-luks.spec
Added Files:
cryptsetup-wipe-headers.patch
Log Message:
Wipe old fs headers to not confuse blkid (#468062)
cryptsetup-wipe-headers.patch:
--- NEW FILE cryptsetup-wipe-headers.patch ---
Cryptsetup keeps some sectors (between the physical LUKS header
and keyslot data) on disk untouched, unfortunatelly ext2/3/4 signature can
be there and blkid detects filesystem here instead of LUKS.
This patch wipes the first eight sectors on disk with zero during luksFormat.
This should be probably solved by physical header padding in next version.
---
lib/setup.c | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
Index: cryptsetup-1.0.6/lib/setup.c
===================================================================
--- cryptsetup-1.0.6.orig/lib/setup.c 2008-10-30 10:25:18.000000000 +0100
+++ cryptsetup-1.0.6/lib/setup.c 2008-10-30 10:55:45.000000000 +0100
@@ -198,6 +198,34 @@ out:
return ret;
}
+static int wipe_device_header(const char *device, int sectors)
+{
+ char *buffer;
+ int size = sectors * SECTOR_SIZE;
+ int r = -1;
+ int devfd;
+
+ devfd = open(device, O_RDWR | O_DIRECT | O_SYNC);
+ if(devfd == -1) {
+ set_error("Can't wipe header on device %s", device);
+ return -EINVAL;
+ }
+
+ buffer = malloc(size);
+ if (!buffer) {
+ close(devfd);
+ return -ENOMEM;
+ }
+ memset(buffer, 0, size);
+
+ r = write_blockwise(devfd, buffer, size) < size ? -EIO : 0;
+
+ free(buffer);
+ close(devfd);
+
+ return r;
+}
+
static int parse_into_name_and_mode(const char *nameAndMode, char *name,
char *mode)
{
@@ -429,6 +457,10 @@ static int __crypt_luks_format(int arg,
r = -EINVAL; goto out;
}
+ /* Wipe first 8 sectors - fs magic numbers etc. */
+ r = wipe_device_header(options->device, 8);
+ if(r < 0) goto out;
+
/* Set key, also writes phdr */
r = LUKS_set_key(options->device, options->key_slot==-1?0:(unsigned int)options->key_slot, password, passwordLen, &header, mk, backend);
if(r < 0) goto out;
Index: cryptsetup-luks.spec
===================================================================
RCS file: /cvs/pkgs/rpms/cryptsetup-luks/devel/cryptsetup-luks.spec,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -r1.63 -r1.64
--- cryptsetup-luks.spec 23 Sep 2008 15:23:18 -0000 1.63
+++ cryptsetup-luks.spec 30 Oct 2008 10:25:44 -0000 1.64
@@ -3,7 +3,7 @@
Summary: A utility for setting up encrypted filesystems
Name: cryptsetup-luks
Version: 1.0.6
-Release: 5%{?devrelease:.%{devrelease}}%{?dist}
+Release: 6%{?devrelease:.%{devrelease}}%{?dist}
License: GPLv2
Group: Applications/System
URL: http://cryptsetup.googlecode.com/
@@ -17,6 +17,7 @@
Patch3: cryptsetup-remove-udev.patch
Patch4: cryptsetup-detect-dm.patch
Patch5: cryptsetup-descriptive-errors.patch
+Patch6: cryptsetup-wipe-headers.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: libgcrypt-devel, popt-devel, device-mapper-devel
BuildRequires: libgpg-error-devel, e2fsprogs-devel, libsepol-devel
@@ -50,6 +51,7 @@
%patch3 -p1 -b .udev
%patch4 -p1 -b .dm
%patch5 -p1 -b .errors
+%patch6 -p1 -b .wipe
iconv -f latin1 -t utf8 ChangeLog > ChangeLog.new
mv -f ChangeLog.new ChangeLog
@@ -95,6 +97,9 @@
%changelog
+* Thu Oct 30 2008 Milan Broz <mbroz at redhat.com> - 1.0.6-6
+- Wipe old fs headers to not confuse blkid (#468062)
+
* Tue Sep 23 2008 Milan Broz <mbroz at redhat.com> - 1.0.6-5
- Change new project home page.
- Print more descriptive messages for initialization errors.
- Previous message (by thread): rpms/kernel/F-9 config-generic,1.120,1.121 config-i686,1.3,1.4
- Next message (by thread): rpms/amtterm/devel .cvsignore, 1.4, 1.5 amtterm.spec, 1.4, 1.5 sources, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list