Kernel doesn't allow mapping through whle device if some
other partition an the device is used.
So first try to find partition device which match
system encryption (== TCRYPT partition system encryption)
and use that.
- config.h must always be the first file to be included
- Use AM_CFLAGS and AM_LDFLAGS consistently and properly.
(Modified to disable build without largefile support etc
by Milan Broz <gmazyland@gmail.com>)
System encryption hav metadata in space located ouside of
partition itself.
Ideally the check should be automatic but for virtualized systems
(where a partition could be "whole device" for another sustem this
can be dangerous.
If TCRYPT system encryption uses only partition (not the whole device)
some other partitions could be in use and we have to use
more relaxed check to allow device activation.
LUKS detached header has some limitations, one of them
is that you cannot run some explicit check for data offsets
without providing also data device.
Because luksDump and all key handle commands takes only
metadata device (LUKS heaer device), it not easy to properly
support data payload offset validation.
So if detached header is present for luksFormat, code now
allows data payload 0 (IOW whole data device is used)
and explicit offset larger than header+keyslots
(the same as the header is on data device - so some space is wasted).
N.B. with detached header the option --align-payload is used
directly without any round up caculations.
Fixes Issue#155.
If underlying device disappears (failed drive, removed flash drive etc)
cryptsetup cannot report LUKS parameters (header no longer available).
Fix return code of init_by name in this situation (crypt
context is NULL).
Report visible error if deactivation fails and device is still busy.
Fixes issue#149.
API (unfortunately) supports NULL argument for crypt_deactivate,
with new chained TCRYPT devices it must deactivate all
chained devices as well.
Fixes issue#147.
2 header inclusions were missing, one for PATH_MAX (limits.h) and one
for FD_ZERO, FD_SET, ... (sys/select.h)
on glibc, those headers are erroneusly (namespace pollution) pulled in
through other headers, so the author didnt notice.
Signed-Off-By: John Spencer <maillist-cryptsetup@barfooze.de>
This includes crypto, loopaes, tcrypt handling code I have written myself
and verity code written originally by Mikulas Patocka and modified by me,
copyright by Red Hat.
Other part of library have to stay GPLv2+ only for now
(no agreement from all authors).
