This reverts commit 71dd149ca2.
Enforcing data alignment to be encryption sector size aligned
is completelly wrong. The underlying data device alignment
has nothing to do with dm-crypt internal encryption sector size.
The restriction is however valid for dm-crypt segment size.
device_topology_alignment routine already returns alignment offset
in bytes. There's no need to divide it by sector size, since LUKS2
format have all offsets and sizes stored in bytes.
For some reason the volume key file have to exists.
Let's change the logic to the same as for luksBackupHeader
(a file is created and operation fails if it already exists).
crypt_wipe_device was called incorrectly on metadata device even
though integrity header is always on data device from cryptsetup
pov. During LUKS2 crypt_format with detached header scenario we
would wiped first 8 sectors of metadata device instead of data
device.
Currently, AC_ARG_[ENABLE|WITH] are used in multiple different ways.
This change makes all their uses the same by following the style of
the GNU manual:
- AC_ARG_ENABLE(foo) should only define $enable_foo
- Use the 2 argument form with a --enable_foo flag
- Use the 4 argument form with a --disable_foo flag
- Format all uses the same way
- Always compare using: test "x$enable_foo" = "xyes"
This makes the easier to debug, more readable, and shorter.
This formatting fix also revealed a bug (fix submitted seperately).
Bzip2 is sometimesmissing and we use xz already.
Seems xz produces slightly larger archives (despite the best mode)
but it is not worth to keep bz2 here.
When LUKS2 crypt_format() is called with detached header and custom data
alignment is requested, keyslots area is miscalculated. This mistake
is correctly detected by LUKS2 validation code but it's feature
regression with regard to LUKSv1 format.
Also rename all 'length' variable to 'size' since json
field is named size.
Make segment validation two step process. First
validate general segment object is valid and later
validate specific segment type has all necessary fields.
Without this patch older libraries won't be able to print out
(luksDump) basic information about devices created with newer
libraries.
If any segment has missing 'offset' field keyslots validation
routine could trigger segfault due to misuse of function that
expects valid 'segments' object.
Fix it by reordering validation routines.
Stdout is not printed in initrd unless user invokes debug mode.
It's inconvenient to have users waiting for reencryption to
finish with no input at all.
