Some ciphers and key sizes created on-disk metadata that cannot be used.
Use the same test for length-preserving cipher as LUKS1.
Also check if key for integrity algorithm is not too small.
Fixes#373.
In commits 9bcc97bc5e and
5536b3a58d new features were
added, which used bash-specific features in a POSIX sh script. This
caused configure to completely fail with syntax errors on systems where
/bin/sh was not symlinked to GNU bash.
`==` is a bash-specific alias for `=` and should never, ever, ever be
used since it offers no additional utility for bash but merely serves
to confuse people writing POSIX.
substring parameter expansion, e.g. `${with_tmpfilesdir:0:1}` is not
POSIX but can be trivially replaced by case wildcards.
The kernel 4.17 will include a new dm-verity flag that
instructs kernel to verify data blocks only once.
This patch adds support for it to libcryptsetup and veritysetup.
This flag can be dangerous; if you can control underlying device
(you can change its content after it was verified) it will no longer
prevent reading tampered data and also it does not prevent to silent
data corrruptions that appears after the block was once read.
It there is an input on stdin (pipe), we cannot retry for password,
a retry applies only for the real terminal.
Also the retry lost EPERM (wrong passphrase) return code in this case,
replacing it with tty read error.
Fixes#321.
This patch allows encryption/decryption of the whole device,
IOW add encryption later with detached header.
This operation can be dangerous, there is no fixed bindings between
the specific LUKS header and data device (encrypted data device
contains no magic signatures).
Allow symbolic links in the initial part of locking path.
If /run/x/y/crypsetup is locking path, starting with
'run' anything may be symbolic link up to (including) 'y'.
cpu --perf-* options do not trigger error when
not supported by current kernel.
Also be more carefull about --sector-size when not supported by
dm-crypt. Test is made more pedantic now.
With --persistent option, write only flags actually
used during activation. In other words we will not
store anymore flags not supported by running kernel.
