eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-16 13:20:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

No longer support luksDelKey, reload and --non-exclusive.

Browse Source 
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@359 36d66b0a-2a48-0410-832c-cd162a569da5
This commit is contained in:
Milan Broz
2010-11-05 11:27:36 +00:00
parent 988b1f95fd
commit 7b42e0b99c
3 changed files with 10 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@@ -1,3 +1,7 @@
2010-11-01 Milan Broz <mbroz@redhat.com>
* No longer support luksDelKey, reload and --non-exclusive.
* Remove some obsolete info from man page.
2010-10-27 Milan Broz <mbroz@redhat.com> 2010-10-27 Milan Broz <mbroz@redhat.com>
* Rewrite cryptsetup luksFormat, luksOpen, luksAddKey to use new API * Rewrite cryptsetup luksFormat, luksOpen, luksAddKey to use new API
to allow adding new features. to allow adding new features.

43
man/cryptsetup.8
View File

@@ -89,10 +89,6 @@ key file (via \-\-key-file) must be supplied.
\fB<options>\fR can be [\-\-key-file, \-\-keyfile-size]. \fB<options>\fR can be [\-\-key-file, \-\-keyfile-size].
.PP .PP
\fIluksDelKey\fR <device> <key slot number>
.IP
identical to luksKillSlot, but deprecated action name.
.PP
\fIluksUUID\fR <device> \fIluksUUID\fR <device>
.IP .IP
print UUID, if <device> has a LUKS header. print UUID, if <device> has a LUKS header.
@@ -292,41 +288,14 @@ See \fPurandom(4)\fR for more information.
cryptsetup is written by Christophe Saout <christophe@saout.de> cryptsetup is written by Christophe Saout <christophe@saout.de>
.br .br
LUKS extensions, and man page by Clemens Fruhwirth <clemens@endorphin.org> LUKS extensions, and man page by Clemens Fruhwirth <clemens@endorphin.org>
.SH "COMPATABILITY WITH OLD SUSE TWOFISH PARTITIONS"
To read images created with SuSE Linux 9.2's loop_fish2 use \-\-cipher
twofish-cbc-null \-s 256 \-h sha512, for images created with even
older SuSE Linux use \-\-cipher twofish-cbc-null \-s 192 \-h
ripemd160:20
.SH DEPRECATED ACTIONS .SH DEPRECATED ACTIONS
.PP .PP
\fIreload\fR <name> <device> The \fIreload\fR action is no longer supported.
.IP Please use \fIdmsetup(8)\fR if you need to
modifies an active mapping <name>. Same options as for directly manipulate with the device mapping table.
create.
.B WARNING:
Do not use this for LUKS devices, as the semantics
are identical to the create action, which are totally incompatible
with the LUKS key setup.
This action is deprected because it proved to be rarely useful. It is
uncommon to change the underlying device, key, or offset on the
fly. In case, you really want to do this, you certainly know what you
are doing and then you are probably better off with the swiss knive
tool for device mapper, namely dmsetup. It provides you with the same
functionality, see dmsetup reload.
.PP .PP
\fIluksDelKey\fR <device> <key slot number> The \fIluksDelKey\fR was replaced with \fIluksKillSlot\fR.
.IP
identical to luksKillSlot, but deprecated action name. This option was
renamed, as we introduced luksRemoveKey, a softer method for disabling
password slots. To make a clear distinction that luksDelKey was more brutal than luksRemoveKey
.PP .PP
\fI\-\-non-exclusive\fR
.IP
This option is ignored. Non-exclusive access to the same block device
can cause data corruption thus this mode is no longer supported by cryptsetup.
.SH "REPORTING BUGS" .SH "REPORTING BUGS"
Report bugs to <dm-crypt@saout.de> or Issues section on LUKS website. Report bugs to <dm-crypt@saout.de> or Issues section on LUKS website.
Please attach output of failed command with added \-\-debug option. Please attach output of failed command with added \-\-debug option.
@@ -341,8 +310,4 @@ This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
.SH "SEE ALSO" .SH "SEE ALSO"
dm-crypt website, \fBhttp://www.saout.de/misc/dm-crypt/\fR
LUKS website, \fBhttp://code.google.com/p/cryptsetup/\fR LUKS website, \fBhttp://code.google.com/p/cryptsetup/\fR
dm-crypt TWiki, \fBhttp://www.saout.de/tikiwiki/tiki-index.php\fR

29
src/cryptsetup.c
View File

@@ -39,7 +39,6 @@ static int opt_version_mode = 0;
static int opt_timeout = 0; static int opt_timeout = 0;
static int opt_tries = 3; static int opt_tries = 3;
static int opt_align_payload = 0; static int opt_align_payload = 0;
static int opt_non_exclusive = 0;
static int opt_random = 0; static int opt_random = 0;
static int opt_urandom = 0; static int opt_urandom = 0;
@@ -90,8 +89,6 @@ static struct action_type {
{ "luksResume", action_luksResume, 0, 1, 1, N_("<device>"), N_("Resume suspended LUKS device.") }, { "luksResume", action_luksResume, 0, 1, 1, N_("<device>"), N_("Resume suspended LUKS device.") },
{ "luksHeaderBackup",action_luksBackup, 0, 1, 1, N_("<device>"), N_("Backup LUKS device header and keyslots") }, { "luksHeaderBackup",action_luksBackup, 0, 1, 1, N_("<device>"), N_("Backup LUKS device header and keyslots") },
{ "luksHeaderRestore",action_luksRestore,0,1, 1, N_("<device>"), N_("Restore LUKS device header and keyslots") }, { "luksHeaderRestore",action_luksRestore,0,1, 1, N_("<device>"), N_("Restore LUKS device header and keyslots") },
{ "luksDelKey", action_luksDelKey, 0, 2, 1, N_("<device> <key slot>"), N_("identical to luksKillSlot - DEPRECATED - see man page") },
{ "reload", action_create, 1, 2, 1, N_("<name> <device>"), N_("modify active device - DEPRECATED - see man page") },
{ NULL, NULL, 0, 0, 0, NULL, NULL } { NULL, NULL, 0, 0, 0, NULL, NULL }
}; };
@@ -217,7 +214,7 @@ static void show_status(int errcode)
log_err(".\n"); log_err(".\n");
} }
static int action_create(int reload) static int action_create(int arg)
{ {
struct crypt_options options = { struct crypt_options options = {
.name = action_argv[0], .name = action_argv[0],
@@ -235,10 +232,6 @@ static int action_create(int reload)
.tries = opt_tries, .tries = opt_tries,
.icb = &cmd_icb, .icb = &cmd_icb,
}; };
int r;
if(reload)
log_err(_("The reload action is deprecated. Please use \"dmsetup reload\" in case you really need this functionality.\nWARNING: do not use reload to touch LUKS devices. If that is the case, hit Ctrl-C now.\n"));
if (options.hash && strcmp(options.hash, "plain") == 0) if (options.hash && strcmp(options.hash, "plain") == 0)
options.hash = NULL; options.hash = NULL;
@@ -247,12 +240,7 @@ static int action_create(int reload)
if (opt_readonly) if (opt_readonly)
options.flags |= CRYPT_FLAG_READONLY; options.flags |= CRYPT_FLAG_READONLY;
if (reload) return crypt_create_device(&options);
r = crypt_update_device(&options);
else
r = crypt_create_device(&options);
return r;
} }
static int action_remove(int arg) static int action_remove(int arg)
@@ -440,9 +428,6 @@ static int action_luksOpen(int arg)
if (opt_readonly) if (opt_readonly)
flags |= CRYPT_ACTIVATE_READONLY; flags |= CRYPT_ACTIVATE_READONLY;
if (opt_non_exclusive)
log_err(_("Obsolete option --non-exclusive is ignored.\n"));
if (opt_key_file) { if (opt_key_file) {
crypt_set_password_retry(cd, 1); crypt_set_password_retry(cd, 1);
r = crypt_activate_by_keyfile(cd, action_argv[1], r = crypt_activate_by_keyfile(cd, action_argv[1],
@@ -457,12 +442,6 @@ out:
} }
/* FIXME: keyslot operation needs better get_key() implementation. Use old API for now */ /* FIXME: keyslot operation needs better get_key() implementation. Use old API for now */
static int action_luksDelKey(int arg)
{
log_err("luksDelKey is a deprecated action name.\nPlease use luksKillSlot.\n");
return action_luksKillSlot(arg);
}
static int action_luksKillSlot(int arg) static int action_luksKillSlot(int arg)
{ {
struct crypt_options options = { struct crypt_options options = {
@@ -729,9 +708,6 @@ static int run_action(struct action_type *action)
{ {
int r; int r;
/* set default log */
crypt_set_log_callback(NULL, _log, NULL);
if (action->required_memlock) if (action->required_memlock)
crypt_memory_lock(NULL, 1); crypt_memory_lock(NULL, 1);
@@ -777,7 +753,6 @@ int main(int argc, char **argv)
{ "timeout", 't', POPT_ARG_INT, &opt_timeout, 0, N_("Timeout for interactive passphrase prompt (in seconds)"), N_("secs") }, { "timeout", 't', POPT_ARG_INT, &opt_timeout, 0, N_("Timeout for interactive passphrase prompt (in seconds)"), N_("secs") },
{ "tries", 'T', POPT_ARG_INT, &opt_tries, 0, N_("How often the input of the passphrase can be retried"), NULL }, { "tries", 'T', POPT_ARG_INT, &opt_tries, 0, N_("How often the input of the passphrase can be retried"), NULL },
{ "align-payload", '\0', POPT_ARG_INT, &opt_align_payload, 0, N_("Align payload at <n> sector boundaries - for luksFormat"), N_("SECTORS") }, { "align-payload", '\0', POPT_ARG_INT, &opt_align_payload, 0, N_("Align payload at <n> sector boundaries - for luksFormat"), N_("SECTORS") },
{ "non-exclusive", '\0', POPT_ARG_NONE, &opt_non_exclusive, 0, N_("(Obsoleted, see man page.)"), NULL },
{ "header-backup-file",'\0', POPT_ARG_STRING, &opt_header_backup_file, 0, N_("File with LUKS header and keyslots backup."), NULL }, { "header-backup-file",'\0', POPT_ARG_STRING, &opt_header_backup_file, 0, N_("File with LUKS header and keyslots backup."), NULL },
{ "use-random", '\0', POPT_ARG_NONE, &opt_random, 0, N_("Use /dev/random for generating volume key."), NULL }, { "use-random", '\0', POPT_ARG_NONE, &opt_random, 0, N_("Use /dev/random for generating volume key."), NULL },
{ "use-urandom", '\0', POPT_ARG_NONE, &opt_urandom, 0, N_("Use /dev/urandom for generating volume key."), NULL }, { "use-urandom", '\0', POPT_ARG_NONE, &opt_urandom, 0, N_("Use /dev/urandom for generating volume key."), NULL },