Release 1.1.2

git-svn-id: https://cryptsetup.googlecode.com/svn/tags/v1_1_2@245 36d66b0a-2a48-0410-832c-cd162a569da5

ChangeLog

@@ -1,3 +1,14 @@
+2010-05-30  Milan Broz  <mbroz@redhat.com>
+	* Version 1.1.2.
+
+2010-05-27  Milan Broz  <mbroz@redhat.com>
+	* Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile.
+	* Support --key-file/-d option for luksFormat.
+	* Fix description of --key-file and add --verbose and --debug options to man page.
+	* Add verbose log level and move unlocking message there.
+	* Remove device even if underlying device disappeared.
+	* Fix (deprecated) reload device command to accept new device argument.
+
 2010-05-23  Milan Broz  <mbroz@redhat.com>
 	* Fix luksClose operation for stacked DM devices.
 	* Version 1.1.1.

configure.in

@@ -1,5 +1,5 @@
 AC_PREREQ(2.57)
-AC_INIT(cryptsetup,1.1.1)
+AC_INIT(cryptsetup,1.1.2)
 
 dnl library version from <major>.<minor>.<release>[-<suffix>]
 LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)

lib/internal.h

@@ -110,6 +110,7 @@ int parse_into_name_and_mode(const char *nameAndMode, char *name, char *mode);
 void logger(struct crypt_device *cd, int class, const char *file, int line, const char *format, ...);
 #define log_dbg(x...) logger(NULL, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x)
 #define log_std(c, x...) logger(c, CRYPT_LOG_NORMAL, __FILE__, __LINE__, x)
+#define log_verbose(c, x...) logger(c, CRYPT_LOG_VERBOSE, __FILE__, __LINE__, x)
 #define log_err(c, x...) do { \
 	logger(c, CRYPT_LOG_ERROR, __FILE__, __LINE__, x); \
 	set_error(x); } while(0)

lib/libcryptsetup.h

@@ -42,6 +42,7 @@ int crypt_init_by_name(struct crypt_device **cd, const char *name);
  */
 #define CRYPT_LOG_NORMAL 0
 #define CRYPT_LOG_ERROR  1
+#define CRYPT_LOG_VERBOSE  2
 #define CRYPT_LOG_DEBUG -1 /* always on stdout */
 void crypt_set_log_callback(struct crypt_device *cd,
 	void (*log)(int level, const char *msg, void *usrptr),

lib/libdevmapper.c

@@ -197,7 +197,7 @@ static char *lookup_dev(const char *dev_id)
 {
 	uint32_t major, minor;
 	dev_t dev;
-	char *result, buf[PATH_MAX + 1];
+	char *result = NULL, buf[PATH_MAX + 1];
 
 	if (sscanf(dev_id, "%" PRIu32 ":%" PRIu32, &major, &minor) != 2)
 		return NULL;
@@ -220,8 +220,8 @@ static char *lookup_dev(const char *dev_id)
 	strncpy(buf, DEVICE_DIR, PATH_MAX);
 	result = __lookup_dev(buf, dev, 0, 4);
 
-	/* If not found, return major:minor */
-	return result ?: strdup(dev_id);
+	/* If not found, return NULL */
+	return result;
 }
 
 static int _dev_read_ahead(const char *dev, uint32_t *read_ahead)

lib/setup.c

@@ -220,7 +220,7 @@ static int verify_other_keyslot(struct crypt_device *cd,
 	if (openedIndex < 0)
 		return -EPERM;
 
-	log_std(cd, _("Key slot %d verified.\n"), openedIndex);
+	log_verbose(cd, _("Key slot %d verified.\n"), openedIndex);
 	return 0;
 }
 
@@ -254,8 +254,9 @@ static int device_check_and_adjust(struct crypt_device *cd,
 {
 	struct device_infos infos;
 
-	if (get_device_infos(device, &infos, cd) < 0) {
-		log_err(cd, _("Cannot get info about device %s.\n"), device);
+	if (!device || get_device_infos(device, &infos, cd) < 0) {
+		log_err(cd, _("Cannot get info about device %s.\n"),
+			device ?: "[none]");
 		return -ENOTBLK;
 	}
 
@@ -587,7 +588,7 @@ void crypt_set_password_callback(struct crypt_device *cd,
 /* OPTIONS: name, cipher, device, hash, key_file, key_size, key_slot,
  *          offset, size, skip, timeout, tries, passphrase_fd (ignored),
  *          flags, icb */
-int crypt_create_device(struct crypt_options *options)
+static int crypt_create_and_update_device(struct crypt_options *options, int update)
 {
 	struct crypt_device *cd = NULL;
 	char *key = NULL;
@@ -607,39 +608,21 @@ int crypt_create_device(struct crypt_options *options)
 			options->cipher, NULL, options->key_file, key, keyLen,
 			options->key_size, options->size, options->skip,
 			options->offset, NULL, options->flags & CRYPT_FLAG_READONLY,
-			options->flags, 0);
+			options->flags, update);
 
 	safe_free(key);
 	crypt_free(cd);
 	return r;
 }
 
-/* OPTIONS: same as create above */
+int crypt_create_device(struct crypt_options *options)
+{
+	return crypt_create_and_update_device(options, 0);
+}
+
 int crypt_update_device(struct crypt_options *options)
 {
-	struct crypt_device *cd = NULL;
-	char *key = NULL;
-	unsigned int keyLen;
-	int r;
-
-	r = _crypt_init(&cd, CRYPT_PLAIN, options, 1, 1);
-	if (r)
-		return r;
-
-	get_key(_("Enter passphrase: "), &key, &keyLen, options->key_size,
-		options->key_file, cd->timeout, options->flags, cd);
-	if (!key)
-		r = -ENOENT;
-	else
-		r = create_device_helper(cd, options->name, options->hash,
-			options->cipher, NULL, options->key_file, key, keyLen,
-			options->key_size, options->size, options->skip,
-			options->offset, NULL, options->flags & CRYPT_FLAG_READONLY,
-			options->flags, 1);
-
-	safe_free(key);
-	crypt_free(cd);
-	return r;
+	return crypt_create_and_update_device(options, 1);
 }
 
 /* OPTIONS: name, size, icb */
@@ -741,10 +724,8 @@ int crypt_remove_device(struct crypt_options *options)
 	int r;
 
 	r = crypt_init_by_name(&cd, options->name);
-	if (r)
-		return r;
-
-	r = crypt_deactivate(cd, options->name);
+	if (r == 0)
+		r = crypt_deactivate(cd, options->name);
 
 	crypt_free(cd);
 	return r;
@@ -759,7 +740,7 @@ int crypt_luksFormat(struct crypt_options *options)
 	char cipherMode[LUKS_CIPHERMODE_L];
 	char *password=NULL;
 	unsigned int passwordLen;
-	struct crypt_device *cd;
+	struct crypt_device *cd = NULL;
 	struct crypt_params_luks1 cp = {
 		.hash = options->hash,
 		.data_alignment = options->align_payload
@@ -824,7 +805,7 @@ int crypt_luksOpen(struct crypt_options *options)
 	if (options->flags & CRYPT_FLAG_NON_EXCLUSIVE_ACCESS)
 		flags |= CRYPT_ACTIVATE_NO_UUID;
 
-	if (options->key_file && strcmp(options->key_file, "-"))
+	if (options->key_file)
 		r = crypt_activate_by_keyfile(cd, options->name,
 			CRYPT_ANY_SLOT, options->key_file, options->key_size,
 			flags);
@@ -1049,6 +1030,12 @@ int crypt_init_by_name(struct crypt_device **cd, const char *name)
 
 	r = dm_query_device(name, &device, NULL, NULL, NULL,
 			    NULL, NULL, NULL, NULL, NULL, NULL);
+
+	/* Underlying device disappeared but mapping still active */
+	if (r >= 0 && !device)
+		log_verbose(NULL, _("Underlying device for crypt device %s disappeared.\n"),
+			    name);
+
 	if (r >= 0)
 		r = crypt_init(cd, device);
 

lib/utils.c

@@ -380,7 +380,7 @@ out_err:
 
 /*
  * Password reading behaviour matrix of get_key
- * 
+ * FIXME: rewrite this from scratch.
  *                    p   v   n   h
  * -----------------+---+---+---+---
  * interactive      | Y | Y | Y | Inf
@@ -400,31 +400,23 @@ void get_key(char *prompt, char **key, unsigned int *passLen, int key_size,
 	const int verify = how2verify & CRYPT_FLAG_VERIFY;
 	const int verify_if_possible = how2verify & CRYPT_FLAG_VERIFY_IF_POSSIBLE;
 	char *pass = NULL;
-	int newline_stop;
 	int read_horizon;
 	int regular_file = 0;
+	int read_stdin;
 	int r;
+	struct stat st;
 
-	if(key_file && !strcmp(key_file, "-")) {
-		/* Allow binary reading from stdin */
-		fd = STDIN_FILENO;
-		newline_stop = 0;
-		read_horizon = 0;
-	} else if (key_file) {
-		fd = open(key_file, O_RDONLY);
-		if (fd < 0) {
-			log_err(cd, _("Failed to open key file %s.\n"), key_file);
-			goto out_err;
-		}
-		newline_stop = 0;
+	/* Passphrase read from stdin? */
+	read_stdin = (!key_file || !strcmp(key_file, "-")) ? 1 : 0;
 
-		/* This can either be 0 (LUKS) or the actually number
-		 * of key bytes (default or passed by -s) */
-		read_horizon = key_size;
-	} else {
-		fd = STDIN_FILENO;
-		newline_stop = 1;
-		read_horizon = 0;   /* Infinite, if read from terminal or fd */
+	/* read_horizon applies only for real keyfile, not stdin or terminal */
+	read_horizon = (key_file && !read_stdin) ? key_size : 0 /* until EOF */;
+
+	/* Setup file descriptior */
+	fd = read_stdin ? STDIN_FILENO : open(key_file, O_RDONLY);
+	if (fd < 0) {
+		log_err(cd, _("Failed to open key file %s.\n"), key_file ?: "-");
+		goto out_err;
 	}
 
 	/* Interactive case */
@@ -464,9 +456,8 @@ void get_key(char *prompt, char **key, unsigned int *passLen, int key_size,
 		 * should warn the user, if it's a non-regular file,
 		 * such as /dev/random, because in this case, the loop
 		 * will read forever.
-		 */ 
-		if(key_file && strcmp(key_file, "-") && read_horizon == 0) {
-			struct stat st;
+		 */
+		if(!read_stdin && read_horizon == 0) {
 			if(stat(key_file, &st) < 0) {
 				log_err(cd, _("Failed to stat key file %s.\n"), key_file);
 				goto out_err;
@@ -495,7 +486,8 @@ void get_key(char *prompt, char **key, unsigned int *passLen, int key_size,
 				goto out_err;
 			}
 
-			if(r == 0 || (newline_stop && pass[i] == '\n'))
+			/* Stop on newline only if not requested read from keyfile */
+			if(r == 0 || (!key_file && pass[i] == '\n'))
 				break;
 		}
 		/* Fail if piped input dies reading nothing */

luks/keymanage.c

@@ -620,7 +620,7 @@ int LUKS_verify_master_key(const struct luks_phdr *hdr,
 }
 
 /* Try to open a particular key slot */
-int LUKS_open_key(const char *device,
+static int LUKS_open_key(const char *device,
 		  unsigned int keyIndex,
 		  const char *password,
 		  size_t passwordLen,
@@ -670,7 +670,7 @@ int LUKS_open_key(const char *device,
 
 	r = LUKS_verify_master_key(hdr, mk);
 	if (r >= 0)
-		log_std(ctx, _("Key slot %d unlocked.\n"), keyIndex);
+		log_verbose(ctx, _("Key slot %d unlocked.\n"), keyIndex);
 out:
 	free(AfKey);
 	return r;

luks/luks.h

@@ -137,15 +137,6 @@ int LUKS_set_key(
 	uint64_t *PBKDF2_per_sec,
 	struct crypt_device *ctx);
 
-int LUKS_open_key(
-	const char *device,
-	unsigned int keyIndex,
-	const char *password,
-	size_t passwordLen,
-	struct luks_phdr *hdr,
-	struct luks_masterkey *mk,
-	struct crypt_device *ctx);
-
 int LUKS_open_key_with_hdr(
 	const char *device,
 	int keyIndex,

man/cryptsetup.8

@@ -1,29 +1,29 @@
-.TH CRYPTSETUP "8" "March 2005" "cryptsetup" "Maintenance Commands"
+.TH CRYPTSETUP "8" "" "cryptsetup" "Maintenance Commands"
 .SH NAME
 cryptsetup - setup cryptographic volumes for dm-crypt (including LUKS extension)
 .SH SYNOPSIS
 
 .B cryptsetup <options> <action> <action args>
-
 .SH DESCRIPTION
-.\" Add any additional description here
 .PP
-cryptsetup is used to conveniently setup dm-crypt managed device-mapper mappings. For basic dm-crypt mappings, there are five operations.
+cryptsetup is used to conveniently setup dm-crypt managed device-mapper mappings.
+For basic (plain) dm-crypt mappings, there are four operations.
 .SH ACTIONS
 These strings are valid for \fB<action>\fR, followed by their \fB<action args>\fR:
 
 \fIcreate\fR <name> <device>
 .IP
 creates a mapping with <name> backed by device <device>.
-<options> can be [\-\-hash, \-\-cipher, \-\-verify-passphrase, \-\-key-file, \-\-key-size, \-\-offset, \-\-skip, \-\-readonly]
+
+\fB<options>\fR can be [\-\-hash, \-\-cipher, \-\-verify-passphrase, \-\-key-file, \-\-key-size, \-\-offset, \-\-skip, \-\-readonly]
 .PP
 \fIremove\fR <name>
 .IP
-removes an existing mapping <name>. No options.
+removes an existing mapping <name>.
 .PP
 \fIstatus\fR <name>
 .IP
-reports the status for the mapping <name>. No options.
+reports the status for the mapping <name>.
 .PP
 \fIresize\fR <name>
 .IP
@@ -41,12 +41,16 @@ These are valid LUKS actions:
 \fIluksFormat\fR <device> [<key file>]
 .IP
 initializes a LUKS partition and sets the initial key, either via prompting or via <key file>.
-<options> can be [\-\-cipher, \-\-verify-passphrase, \-\-key-size, \-\-key-slot].
+
+\fB<options>\fR can be [\-\-cipher, \-\-verify-passphrase, \-\-key-size, \-\-key-slot,
+\-\-key-file (takes precedence over optional second argument)].
+
 .PP
 \fIluksOpen\fR <device> <name>
 .IP
 opens the LUKS partition <device> and sets up a mapping <name> after successful verification of the supplied key material (either via key file by \-\-key-file, or via prompting).
-<options> can be [\-\-key-file, \-\-readonly].
+
+\fB<options>\fR can be [\-\-key-file, \-\-readonly].
 .PP
 \fIluksClose\fR <name>
 .IP
@@ -62,11 +66,17 @@ After that operation you have to use \fIluksResume\fR to reinstate encryption ke
 .PP
 \fIluksResume\fR <name>
 .IP
-Resumes suspended device and reinstates encryption key. You will need provide passphrase identical to \fIluksOpen\fR command (using prompting or key file).
+Resumes suspended device and reinstates encryption key. You will need provide passphrase
+identical to \fIluksOpen\fR command (using prompting or key file).
+
+\fB<options>\fR can be [\-\-key-file]
 .PP
 \fIluksAddKey\fR <device> [<new key file>]
 .IP
-add a new key file/passphrase. An existing passphrase or key file (via \-\-key-file) must be supplied. The key file with the new material is supplied as a positional argument. <options> can be [\-\-key-file, \-\-key-slot].
+add a new key file/passphrase. An existing passphrase or key file (via \-\-key-file) must be supplied.
+The key file with the new material is supplied as a positional argument.
+
+\fB<options>\fR can be [\-\-key-file, \-\-key-slot].
 .PP
 \fIluksRemoveKey\fR <device> [<key file>] 
 .IP
@@ -74,7 +84,10 @@ remove supplied key or key file from LUKS device
 .PP
 \fIluksKillSlot\fR <device> <key slot number>
 .IP
-wipe key with number <key slot> from LUKS device. A remaining passphrase or key file (via \-\-key-file) must be supplied. <options> can be [\-\-key-file].
+wipe key with number <key slot> from LUKS device. A remaining passphrase or
+key file (via \-\-key-file) must be supplied.
+
+\fB<options>\fR can be [\-\-key-file].
 .PP
 \fIluksDelKey\fR <device> <key slot number>
 .IP
@@ -82,15 +95,15 @@ identical to luksKillSlot, but deprecated action name.
 .PP
 \fIluksUUID\fR <device>
 .IP
-print UUID, if <device> has a LUKS header. No options.
+print UUID, if <device> has a LUKS header.
 .PP
 \fIisLuks\fR <device>
 .IP
-returns true, if <device> is a LUKS partition. Otherwise, false. No options.
+returns true, if <device> is a LUKS partition. Otherwise, false.
 .PP
 \fIluksDump\fR <device>
 .IP
-dumps the header information of a LUKS partition. No options.
+dumps the header information of a LUKS partition.
 .PP
 \fIluksHeaderBackup\fR <device> \-\-header-backup-file <file>
 .IP
@@ -114,6 +127,12 @@ For more information about LUKS, see \fBhttp://code.google.com/p/cryptsetup/wiki
 
 .SH OPTIONS
 .TP
+.B "\-\-verbose, \-v"
+Print more verbose messages.
+.TP
+.B "\-\-debug"
+Run in debug mode with full diagnostic logs.
+.TP
 .B "\-\-hash, \-h"
 For \fIcreate\fR action specifies hash to use for password hashing.
 
@@ -145,9 +164,14 @@ Use "aes-xts-plain" cipher specification and set key size to 256 (or 512) bits (
 query for passwords twice. Useful when creating a (regular) mapping for the first time, or when running \fIluksFormat\fR.
 .TP
 .B "\-\-key-file, \-d"
-use file as key material. With LUKS, key material supplied in key files via \-d are always used for existing passphrases. If you want to set a new key via a key file, you have to use a positional arg to \fIluksFormat\fR or \fIluksAddKey\fR.
+use file as key material.
 
-If the key file is "-", stdin will be used. This is different from how cryptsetup usually reads from stdin. See section \fBNOTES ON PASSWORD PROCESSING\fR for more information.
+With LUKS, key material supplied in key files via \-d are always used for existing passphrases,
+except in \fIluksFormat\fR action where \-d is equivalent to positional key file argument.
+If you want to set a new key via a key file, you have to use a positional arg to \fIluksAddKey\fR.
+
+If the key file is "-", stdin will be used. With the "-" key file reading will
+not stop when new line character is detected. See section \fBNOTES ON PASSWORD PROCESSING\fR for more information.
 .TP
 .B "\-\-master-key-file"
 Use pre-generated master key stored in file. For \fIluksFormat\fR it allows LUKS header reformatting with the same master key (if all other parameters are the same existing encrypted data remains intact).
@@ -204,7 +228,7 @@ in the mkfs.xfs manual page. By default, the payload is aligned at an 8 sector (
 Show the version.
 
 .SH NOTES ON PASSWORD PROCESSING
-\fIFrom a file descriptor or a terminal\fR: Password processing is new-line sensitive, meaning the reading will stop after encountering \\n. It will process the read material (without newline) with the default hash or the hash given by \-\-hash. After hashing, it will be cropped to the key size given by \-s.
+\fIFrom a terminal\fR: Password processing is new-line sensitive, meaning the reading will stop after encountering \\n. It will process the read material (without newline) with the default hash or the hash given by \-\-hash. After hashing, it will be cropped to the key size given by \-s.
 
 \fIFrom stdin\fR: Reading will continue until EOF (so using e.g. /dev/random as stdin will not work), with the trailing newline stripped. After that the read data will be hashed with the default hash or the hash given by \-\-hash and the result will be cropped to the keysize given by \-s. If "plain" is used as an argument to the hash option, the input data will not be hashed.
 Instead, it will be zero padded (if shorter than the keysize) or truncated (if longer than the keysize) and used directly as the key. No warning will be given if the amount of data read from stdin is less than the keysize.
@@ -213,12 +237,10 @@ Instead, it will be zero padded (if shorter than the keysize) or truncated (if l
 
 If \-\-key-file=- is used for reading the key from stdin, no trailing newline is stripped from the input. Without that option, cryptsetup strips trailing newlines from stdin input.
 .SH NOTES ON PASSWORD PROCESSING FOR LUKS
-LUKS uses PBKDF2 to protect against dictionary attacks (see RFC 2898). 
+LUKS uses PBKDF2 to protect against dictionary attacks (see RFC 2898).
 
 LUKS will always do an exhaustive password reading. Hence, password can not be read from /dev/random, /dev/zero or any other stream that does not terminate.
 
-LUKS saves the processing options when a password is set to the respective key slot.
-Therefore, no options can be given to luksOpen. 
 For any password creation action (luksAddKey, or luksFormat), the user may specify how much the time the password processing should consume.
 Increasing the time will lead to a more secure password, but also will take luksOpen longer to complete. The default setting of one second is sufficient for good security.
 .SH INCOHERENT BEHAVIOUR FOR INVALID PASSWORDS/KEYS
@@ -271,13 +293,14 @@ This option is ignored. Non-exclusive access to the same block device
 can cause data corruption thus this mode is no longer supported by cryptsetup.
 
 .SH "REPORTING BUGS"
-Report bugs to <dm-crypt@saout.de>.
+Report bugs to <dm-crypt@saout.de> or Issues section on LUKS website.
+Please attach output of failed command with added \-\-debug option.
 .SH COPYRIGHT
 Copyright \(co 2004 Christophe Saout
 .br
 Copyright \(co 2004-2006 Clemens Fruhwirth
 .br
-Copyright \(co 2009 Red Hat, Inc.
+Copyright \(co 2009-2010 Red Hat, Inc.
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

po/nl.po

@@ -1,14 +1,14 @@
 # Dutch translation of cryptsetup.
 # This file is distributed under the same license as the cryptsetup package.
 # Copyright (C) 2010 Free Software Foundation, Inc.
-# Koen Torfs <koen@indigetesdii.org>, 2010.
 #
+# Koen Torfs <koen@indigetesdii.org>, 2010.
 msgid ""
 msgstr ""
 "Project-Id-Version: cryptsetup-1.1.1-rc1\n"
 "Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
 "POT-Creation-Date: 2010-05-01 16:21+0200\n"
-"PO-Revision-Date: 2010-05-15 23:29+0100\n"
+"PO-Revision-Date: 2010-05-27 00:27+0100\n"
 "Last-Translator: Koen Torfs <koen@indigetesdii.org>\n"
 "Language-Team: Dutch <vertaling@vrijschrift.org>\n"
 "MIME-Version: 1.0\n"
@@ -17,7 +17,7 @@ msgstr ""
 
 #: lib/libdevmapper.c:105
 msgid "Cannot find compatible device-mapper kernel modules.\n"
-msgstr "Kan compatibele kernelmodules voor apparaatstoewijzer niet vinden.\n"
+msgstr "Kan geen compatibele kernelmodules voor apparaatstoewijzer vinden.\n"
 
 #: lib/libdevmapper.c:111
 msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n"
@@ -26,7 +26,7 @@ msgstr "Kan apparaatstoewijzer niet initialiseren. Is kernelmodule dm_mod gelade
 #: lib/libdevmapper.c:408
 #, c-format
 msgid "DM-UUID for device %s was truncated.\n"
-msgstr "DM-UUID voor apparaat %s was afgekapt.\n"
+msgstr "DM-UUID voor apparaat %s is afgekapt.\n"
 
 #: lib/setup.c:103
 #, c-format
@@ -40,7 +40,7 @@ msgstr "Sleutelbehandelingsfout (met hash-algoritme %s in gebruik).\n"
 
 #: lib/setup.c:170
 msgid "All key slots full.\n"
-msgstr "Alle sleutelplaatsen vol.\n"
+msgstr "Alle sleutelplaatsen zijn vol.\n"
 
 #: lib/setup.c:177 lib/setup.c:305 lib/setup.c:779
 #, c-format
@@ -59,7 +59,7 @@ msgstr "Voer enig LUKS-wachtwoord in: "
 #: lib/setup.c:223
 #, c-format
 msgid "Key slot %d verified.\n"
-msgstr "Sleutelplaats %d geverifieerd.\n"
+msgstr "Sleutelplaats %d is geverifieerd.\n"
 
 #: lib/setup.c:258
 #, c-format
@@ -83,12 +83,12 @@ msgstr "Voer het te verwijderen LUKS-wachtwoord in: "
 #: lib/setup.c:300
 #, c-format
 msgid "key slot %d selected for deletion.\n"
-msgstr "sleutelplaats %d geselecteerd voor verwijdering.\n"
+msgstr "sleutelplaats %d is geselecteerd voor verwijdering.\n"
 
 #: lib/setup.c:311
 #, c-format
 msgid "Key %d not active. Can't wipe.\n"
-msgstr "Sleutel %d niet actief. Kan niet uitvegen.\n"
+msgstr "Sleutel %d is niet actief. Kan niet wissen.\n"
 
 #: lib/setup.c:317
 msgid "This is the last keyslot. Device will become unusable after purging this key."
@@ -129,7 +129,7 @@ msgstr "Voer LUKS-wachtwoord in: "
 #: lib/setup.c:926 lib/setup.c:1153 lib/setup.c:1207 lib/setup.c:1232
 #: lib/setup.c:1251
 msgid "Cannot initialize crypto backend.\n"
-msgstr "Kan versleutelingsbackend niet initialiseren.\n"
+msgstr "Kan versleutelings-backend niet initialiseren.\n"
 
 #: lib/setup.c:1066
 msgid "Invalid plain crypt parameters.\n"
@@ -146,7 +146,7 @@ msgstr "Kan LUKS niet formatteren zonder apparaat.\n"
 #: lib/setup.c:1126
 #, c-format
 msgid "Can't wipe header on device %s.\n"
-msgstr "Kan koptekst op apparaat %s niet uitvegen.\n"
+msgstr "Kan koptekst op apparaat %s niet wissen.\n"
 
 #: lib/setup.c:1174
 #, c-format
@@ -226,7 +226,7 @@ msgstr "Deze operatie wordt niet ondersteund voor versleutelapparaat %s.\n"
 #: lib/utils.c:416
 #, c-format
 msgid "Failed to open key file %s.\n"
-msgstr "Openen van sleutelbestand %s gefaald.\n"
+msgstr "Openen van sleutelbestand %s is mislukt.\n"
 
 #: lib/utils.c:436
 msgid "Error reading passphrase from terminal.\n"
@@ -234,7 +234,7 @@ msgstr "Fout bij het lezen van het wachtwoord uit de terminal.\n"
 
 #: lib/utils.c:441
 msgid "Verify passphrase: "
-msgstr "Verifieer wachtwoord: "
+msgstr "Voer wachtwoord nogmaals in: "
 
 #: lib/utils.c:443
 msgid "Passphrases do not match.\n"
@@ -247,38 +247,38 @@ msgstr "Kan geen wachtwoordverificatie uitvoeren op invoer van buiten de termina
 #: lib/utils.c:471
 #, c-format
 msgid "Failed to stat key file %s.\n"
-msgstr "Stat op sleutelbestand %s gefaald.\n"
+msgstr "Kan status van sleutelbestand %s niet opvragen.\n"
 
 #: lib/utils.c:475
 #, c-format
 msgid "Warning: exhausting read requested, but key file %s is not a regular file, function might never return.\n"
-msgstr "Let op: volledige lezing aangevraagd, maar sleutelbestand %s is geen regulier bestand, functie zal misschien nooit terugkeren.\n"
+msgstr "Waarschuwing: volledige lezing aangevraagd, maar sleutelbestand %s is geen regulier bestand, functie zal misschien nooit terugkeren.\n"
 
 #: lib/utils.c:487
 msgid "Out of memory while reading passphrase.\n"
-msgstr "Geen geheugen meer beschikbaar bij lezen wachtwoord.\n"
+msgstr "Geen geheugen meer beschikbaar bij lezen van wachtwoord.\n"
 
 #: lib/utils.c:494
 msgid "Error reading passphrase.\n"
-msgstr "Fout bij het lezen van het wachtwoord.\n"
+msgstr "Fout bij lezen van wachtwoord.\n"
 
 #: lib/utils.c:531
 #, c-format
 msgid "Device %s doesn't exist or access denied.\n"
-msgstr "Apparaat %s bestaat niet of toegang geweigerd.\n"
+msgstr "Apparaat %s bestaat niet of toegang is geweigerd.\n"
 
 #: lib/utils.c:538
 #, c-format
 msgid "Cannot open device %s for %s%s access.\n"
-msgstr "Kan apparaat %s niet openen voor %s%s toegang.\n"
+msgstr "Kan apparaat %s niet openen voor %s%s-toegang.\n"
 
 #: lib/utils.c:539
 msgid "exclusive "
-msgstr "exclusief "
+msgstr "exclusieve "
 
 #: lib/utils.c:540
 msgid "writable"
-msgstr "schrijfbaar"
+msgstr "schrijf"
 
 #: lib/utils.c:540
 msgid "read-only"
@@ -297,16 +297,16 @@ msgstr "Kan apparaat niet openen: %s\n"
 #: lib/utils.c:587
 #, c-format
 msgid "BLKROGET failed on device %s.\n"
-msgstr "BLKROGET gefaald op apparaat %s.\n"
+msgstr "BLKROGET() is mislukt op apparaat %s.\n"
 
 #: lib/utils.c:612
 #, c-format
 msgid "BLKGETSIZE failed on device %s.\n"
-msgstr "BLKGETSIZE gefaald op apparaat %s.\n"
+msgstr "BLKGETSIZE() is mislukt op apparaat %s.\n"
 
 #: lib/utils.c:660
 msgid "WARNING!!! Possibly insecure memory. Are you root?\n"
-msgstr "LET OP!!! Mogelijk onveilig geheugen. Ben je systeembeheerder?\n"
+msgstr "WAARSCHUWING!!!  Mogelijk onveilig geheugen.  Bent u root?\n"
 
 #: lib/utils.c:666
 msgid "Cannot get process priority.\n"
@@ -315,16 +315,16 @@ msgstr "Kan geen procesprioriteit verkrijgen.\n"
 #: lib/utils.c:669 lib/utils.c:682
 #, c-format
 msgid "setpriority %u failed: %s"
-msgstr "setpriority %u gefaald: %s"
+msgstr "setpriority(%u) is mislukt: %s"
 
 #: lib/utils.c:680
 msgid "Cannot unlock memory."
-msgstr "Kan de vergrendeling van het geheugen niet opheffen."
+msgstr "Kan geheugen niet ontgrendelen."
 
 #: luks/keyencryption.c:68
 #, c-format
 msgid "Unable to obtain sector size for %s"
-msgstr "Kan geen sectorgrootte verkrijgen voor %s"
+msgstr "Kan sectorgrootte van %s niet verkrijgen"
 
 #: luks/keyencryption.c:137
 msgid "Failed to obtain device mapper directory."
@@ -343,7 +343,7 @@ msgstr ""
 
 #: luks/keyencryption.c:163
 msgid "Failed to open temporary keystore device.\n"
-msgstr "Openen van het tijdelijke sleutelopslagapparaat gefaald.\n"
+msgstr "Openen van het tijdelijke sleutelopslagapparaat is mislukt.\n"
 
 #: luks/keyencryption.c:170
 msgid "Failed to access temporary keystore device.\n"
@@ -362,30 +362,30 @@ msgstr "Apparaat %s is geen geldig LUKS-apparaat.\n"
 #: luks/keymanage.c:134
 #, c-format
 msgid "Cannot write header backup file %s.\n"
-msgstr "Kan reservekopie %s van koptekst niet schrijven.\n"
+msgstr "Kan reservekopiebestand %s van koptekst niet schrijven.\n"
 
 #: luks/keymanage.c:161
 #, c-format
 msgid "Backup file %s doesn't exist.\n"
-msgstr "Reservekopie %s bestaat niet.\n"
+msgstr "Reservekopiebestand %s bestaat niet.\n"
 
 #: luks/keymanage.c:169
 msgid "Backup file do not contain valid LUKS header.\n"
-msgstr "Reservekopie heeft geen geldige LUKS-koptekst.\n"
+msgstr "Reservekopiebestand bevat geen geldige LUKS-koptekst.\n"
 
 #: luks/keymanage.c:182
 #, c-format
 msgid "Cannot open header backup file %s.\n"
-msgstr "Kan reservekopie %s van het kopbestand niet openen.\n"
+msgstr "Kan reservekopiebestand %s van koptekst niet openen.\n"
 
 #: luks/keymanage.c:188
 #, c-format
 msgid "Cannot read header backup file %s.\n"
-msgstr "Kan reservekopie %s van het kopbestand niet lezen.\n"
+msgstr "Kan reservekopiebestand %s van koptekst niet lezen.\n"
 
 #: luks/keymanage.c:199
 msgid "Data offset or key size differs on device and backup, restore failed.\n"
-msgstr "Verschillende dataplaats of sleutelgrootte in apparaat en reservekopie, herstelling gefaald.\n"
+msgstr "Verschillende datapositie of sleutelgrootte in apparaat en reservekopie; herstelling is mislukt.\n"
 
 #: luks/keymanage.c:207
 #, c-format
@@ -394,11 +394,11 @@ msgstr "Apparaat %s %s%s"
 
 #: luks/keymanage.c:208
 msgid "does not contain LUKS header. Replacing header can destroy data on that device."
-msgstr "bevat geen LUKS-kopbestand. Het kopbestand vervangen kan data op het apparaat vernietigen."
+msgstr "bevat geen LUKS-koptekst. Het vervangen van de koptekst kan data op het apparaat vernietigen."
 
 #: luks/keymanage.c:209
 msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
-msgstr "bevat reeds een LUKS-kopbestand. Het kopbestand vervangen zal bestaande sleutelplaatsen vernietigen."
+msgstr "bevat reeds een LUKS-koptekst. Het vervangen van de koptekst zal bestaande sleutelplaatsen vernietigen."
 
 #: luks/keymanage.c:210
 msgid ""
@@ -406,7 +406,7 @@ msgid ""
 "WARNING: real device header has different UUID than backup!"
 msgstr ""
 "\n"
-"LET OP: originele apparaatskoptekst heeft een ander UUID dan de reservekopie!"
+"WAARSCHUWING: originele apparaatkoptekst heeft een ander UUID dan de reservekopie!"
 
 #: luks/keymanage.c:225 luks/keymanage.c:338 luks/keymanage.c:373
 #, c-format
@@ -421,7 +421,7 @@ msgstr "Apparaat %s is geen geldig LUKS-apparaat."
 #: luks/keymanage.c:262
 #, c-format
 msgid "Unsupported LUKS version %d.\n"
-msgstr "Niet ondersteunde LUKS-versie %d.\n"
+msgstr "Niet-ondersteunde LUKS-versie %d.\n"
 
 #: luks/keymanage.c:265
 #, c-format
@@ -436,31 +436,31 @@ msgstr "Kan bestand %s niet openen.\n"
 #: luks/keymanage.c:350
 #, c-format
 msgid "LUKS header detected but device %s is too small.\n"
-msgstr "LUKS-kopbestand gevonden maar apparaat %s is te klein.\n"
+msgstr "LUKS-koptekst gevonden maar apparaat %s is te klein.\n"
 
 #: luks/keymanage.c:394
 #, c-format
 msgid "Error during update of LUKS header on device %s.\n"
-msgstr "Fout bij het bijwerken van LUKS-kopbestand op apparaat %s.\n"
+msgstr "Fout bij het bijwerken van LUKS-koptekst op apparaat %s.\n"
 
 #: luks/keymanage.c:401
 #, c-format
 msgid "Error re-reading LUKS header after update on device %s.\n"
-msgstr "Fout bij het herlezen van LUKS-kopbestand na bijwerken van apparaat %s.\n"
+msgstr "Fout bij het herlezen van LUKS-koptekst na bijwerken van apparaat %s.\n"
 
 #: luks/keymanage.c:413
 #, c-format
 msgid "Not compatible PBKDF2 options (using hash algorithm %s).\n"
-msgstr "Niet-compatibele PBKDF2 opties (met hash-algoritme %s in gebruik).\n"
+msgstr "Niet-compatibele PBKDF2-opties (met hash-algoritme %s in gebruik).\n"
 
 #: luks/keymanage.c:461
 msgid "Cannot create LUKS header: reading random salt failed.\n"
-msgstr "Kan LUKS-koptekst niet aanmaken: lezen van random salt gefaald.\n"
+msgstr "Kan LUKS-koptekst niet aanmaken: lezen van random salt is mislukt.\n"
 
 #: luks/keymanage.c:478
 #, c-format
 msgid "Cannot create LUKS header: header digest failed (using hash %s).\n"
-msgstr "Kan LUKS-koptekst niet aanmaken: verwerking van koptekst gefaald (met hash %s in gebruik).\n"
+msgstr "Kan LUKS-koptekst niet aanmaken: koptekst-extract is mislukt (met %s-hash).\n"
 
 #: luks/keymanage.c:496
 msgid "Wrong UUID format provided, generating new one.\n"
@@ -469,7 +469,7 @@ msgstr "Verkeerd UUID-formaat verschaft, een nieuwe wordt aangemaakt.\n"
 #: luks/keymanage.c:523
 #, c-format
 msgid "Key slot %d active, purge first.\n"
-msgstr "Sleutelplaats %d actief, ruim eerst op.\n"
+msgstr "Sleutelplaats %d is actief; ruim eerst op.\n"
 
 #: luks/keymanage.c:528
 #, c-format
@@ -478,16 +478,16 @@ msgstr "Inhoud van sleutelplaats %d bevat te weinig fragmenten. Koptekstmanipula
 
 #: luks/keymanage.c:587
 msgid "Failed to write to key storage.\n"
-msgstr "Schrijven naar sleutelopslag gefaald.\n"
+msgstr "Schrijven naar sleutelopslag is mislukt.\n"
 
 #: luks/keymanage.c:664
 msgid "Failed to read from key storage.\n"
-msgstr "Lezen uit sleutelopslag gefaald.\n"
+msgstr "Lezen uit sleutelopslag is mislukt.\n"
 
 #: luks/keymanage.c:673
 #, c-format
 msgid "Key slot %d unlocked.\n"
-msgstr "Sleutelplaats %d ontgrendeld.\n"
+msgstr "Sleutelplaats %d is ontgrendeld.\n"
 
 #: luks/keymanage.c:706
 msgid "No key available with this passphrase.\n"
@@ -501,7 +501,7 @@ msgstr "Sleutelplaats %d is ongeldig, selecteer een sleutelplaats tussen 0 en %d
 #: luks/keymanage.c:795
 #, c-format
 msgid "Cannot wipe device %s.\n"
-msgstr "Kan apparaat %s niet uitvegen.\n"
+msgstr "Kan apparaat %s niet wissen.\n"
 
 #: src/cryptsetup.c:71 src/cryptsetup.c:89
 msgid "<name> <device>"
@@ -534,7 +534,7 @@ msgstr "<apparaat> [<nieuw sleutelbestand>]"
 
 #: src/cryptsetup.c:75
 msgid "formats a LUKS device"
-msgstr "formatteert een LUKS-apparaat"
+msgstr "een LUKS-apparaat formatteren"
 
 #: src/cryptsetup.c:76
 msgid "<device> <name> "
@@ -554,7 +554,7 @@ msgstr "<apparaat> [<sleutelbestand>]"
 
 #: src/cryptsetup.c:78
 msgid "removes supplied key or key file from LUKS device"
-msgstr "verwijdert verschafte sleutel of sleutelbestand van LUKS-apparaat"
+msgstr "verschafte sleutel of sleutelbestand van LUKS-apparaat verwijderen"
 
 #: src/cryptsetup.c:79 src/cryptsetup.c:88
 msgid "<device> <key slot>"
@@ -562,7 +562,7 @@ msgstr "<apparaat> <sleutelplaats>"
 
 #: src/cryptsetup.c:79
 msgid "wipes key with number <key slot> from LUKS device"
-msgstr "verwijdert sleutel met nummer <sleutelplaats> van LUKS-apparaat"
+msgstr "sleutel met nummer <sleutelplaats> van LUKS-apparaat verwijderen"
 
 #: src/cryptsetup.c:80 src/cryptsetup.c:81 src/cryptsetup.c:83
 #: src/cryptsetup.c:84 src/cryptsetup.c:85 src/cryptsetup.c:86
@@ -576,7 +576,7 @@ msgstr "UUID van LUKS-apparaat tonen"
 
 #: src/cryptsetup.c:81
 msgid "tests <device> for LUKS partition header"
-msgstr "test <apparaat> voor LUKS-partitiekoptekst"
+msgstr "<apparaat> op een LUKS-partitiekoptekst testen"
 
 #: src/cryptsetup.c:82
 msgid "remove LUKS mapping"
@@ -584,11 +584,11 @@ msgstr "LUKS-toewijzing verwijderen"
 
 #: src/cryptsetup.c:83
 msgid "dump LUKS partition information"
-msgstr "LUKS partitie-informatie dumpen"
+msgstr "LUKS-partitie-informatie dumpen"
 
 #: src/cryptsetup.c:84
 msgid "Suspend LUKS device and wipe key (all IOs are frozen)."
-msgstr "LUKS-apparaat schorsen en sleutel wissen (alle IOs zijn geblokkeerd)."
+msgstr "LUKS-apparaat schorsen en sleutel wissen (alle in-/uitvoer wordt bevroren)."
 
 #: src/cryptsetup.c:85
 msgid "Resume suspended LUKS device."
@@ -596,11 +596,11 @@ msgstr "Geschorst LUKS-apparaat hervatten."
 
 #: src/cryptsetup.c:86
 msgid "Backup LUKS device header and keyslots"
-msgstr "Maak een reservekopie van LUKS-apparaatskopbestand en sleutelplaatsen"
+msgstr "Reservekopie van LUKS-apparaatkoptekst en -sleutelplaatsen maken"
 
 #: src/cryptsetup.c:87
 msgid "Restore LUKS device header and keyslots"
-msgstr "Herstel LUKS-apparaatskopbestand en sleutelplaatsen"
+msgstr "LUKS-apparaatkoptekst en -sleutelplaatsen herstellen"
 
 #: src/cryptsetup.c:88
 msgid "identical to luksKillSlot - DEPRECATED - see man page"
@@ -617,15 +617,15 @@ msgstr "Opdracht succesvol.\n"
 #: src/cryptsetup.c:194
 #, c-format
 msgid "Command failed with code %i"
-msgstr "Opdracht gefaald met code %i"
+msgstr "Opdracht is mislukt met code %i"
 
 #: src/cryptsetup.c:222
 msgid ""
 "The reload action is deprecated. Please use \"dmsetup reload\" in case you really need this functionality.\n"
 "WARNING: do not use reload to touch LUKS devices. If that is the case, hit Ctrl-C now.\n"
 msgstr ""
-"De herlaadactie is verouderd. Gebruik “dmsetup reload” indien je deze functionaliteit echt nodig hebt.\n"
-"LET OP: gebruik de herlaadactie niet om LUKS-apparaten te “touchen”. Indien je dat wil doen, typ nu Ctrl-C.\n"
+"De herlaadactie is verouderd. Gebruik “dmsetup reload” indien u deze functionaliteit echt nodig hebt.\n"
+"WAARSCHUWING: gebruik de herlaadactie niet om LUKS-apparaten te “touchen”. Indien u dat wilt doen, typ nu Ctrl-C.\n"
 
 #: src/cryptsetup.c:390
 #, c-format
@@ -650,7 +650,7 @@ msgid ""
 "<action> is one of:\n"
 msgstr ""
 "\n"
-"<actie> is een van:\n"
+"<actie> is één van:\n"
 
 #: src/cryptsetup.c:643
 #, c-format
@@ -662,7 +662,7 @@ msgid ""
 "<key file> optional key file for the new key for luksAddKey action\n"
 msgstr ""
 "\n"
-"<naam> is het apparaat aan te maken onder %s\n"
+"<naam> is het onder %s aan te maken apparaat\n"
 "<apparaat> is het versleutelde apparaat\n"
 "<sleutelplaats> is het nummer van de te wijzigen LUKS-sleutelplaats\n"
 "<sleutelbestand> optioneel sleutelbestand voor de nieuwe sleutel voor de luksAddKey-actie\n"
@@ -682,23 +682,23 @@ msgstr ""
 
 #: src/cryptsetup.c:697
 msgid "Show this help message"
-msgstr "Deze helpboodschap tonen"
+msgstr "Deze hulptekst tonen"
 
 #: src/cryptsetup.c:698
 msgid "Display brief usage"
-msgstr "Kort gebruik tonen"
+msgstr "Korte gebruikssamenvatting tonen"
 
 #: src/cryptsetup.c:702
 msgid "Help options:"
-msgstr "Helpopties:"
+msgstr "Hulpopties:"
 
 #: src/cryptsetup.c:703
 msgid "Shows more detailed error messages"
-msgstr "Toont meer gedetailleerde foutboodschappen"
+msgstr "Gedetailleerdere foutboodschappen tonen"
 
 #: src/cryptsetup.c:704
 msgid "Show debug messages"
-msgstr "Debugboodschappen tonen"
+msgstr "Debug-boodschappen tonen"
 
 #: src/cryptsetup.c:705
 msgid "The cipher used to encrypt the disk (see /proc/crypto)"
@@ -710,7 +710,7 @@ msgstr "De gebruikte hash om de encryptiesleutel uit het wachtwoord aan te maken
 
 #: src/cryptsetup.c:707
 msgid "Verifies the passphrase by asking for it twice"
-msgstr "Verifieert het wachtwoord door het twee keer te vragen"
+msgstr "Het wachtwoord controleren door het twee keer te vragen"
 
 #: src/cryptsetup.c:708
 msgid "Read the key from a file (can be /dev/random)"
@@ -718,7 +718,7 @@ msgstr "De sleutel uit een bestand lezen (mag /dev/random zijn)"
 
 #: src/cryptsetup.c:709
 msgid "Read the volume (master) key from file."
-msgstr "Lees de (hoofd)sleutel tot het opslagmedium uit een bestand."
+msgstr "De (hoofd)sleutel tot het opslagmedium uit een bestand lezen."
 
 #: src/cryptsetup.c:710
 msgid "The size of the encryption key"
@@ -751,7 +751,7 @@ msgstr "Hoeveel sectoren van de versleutelde data aan het begin over te slaan"
 
 #: src/cryptsetup.c:715
 msgid "Create a readonly mapping"
-msgstr "Maak een alleen-lezen toewijzing aan"
+msgstr "Een alleen-lezen toewijzing aanmaken"
 
 #: src/cryptsetup.c:716
 msgid "PBKDF2 iteration time for LUKS (in ms)"
@@ -783,7 +783,7 @@ msgstr "Hoe vaak de invoering van het wachtwoord opnieuw geprobeerd kan worden"
 
 #: src/cryptsetup.c:721
 msgid "Align payload at <n> sector boundaries - for luksFormat"
-msgstr "Lijn payload uit op <n> sectorgrenzen - voor luksFormat"
+msgstr "Payload uitlijnen op meervouden van <n> sectoren - voor luksFormat"
 
 #: src/cryptsetup.c:722
 msgid "(Obsoleted, see man page.)"
@@ -791,7 +791,7 @@ msgstr "(Verouderd, zie man-pagina.)"
 
 #: src/cryptsetup.c:723
 msgid "File with LUKS header and keyslots backup."
-msgstr "Bestand met reservekopie van LUKS-kopbestand en sleutelplaatsen."
+msgstr "Bestand met reservekopie van LUKS-koptekst en -sleutelplaatsen."
 
 #: src/cryptsetup.c:741
 msgid "[OPTION...] <action> <action-specific>]"

src/cryptsetup.c

@@ -138,23 +138,27 @@ static int yesDialog(char *msg)
 }
 
 static void cmdLineLog(int level, char *msg) {
-    switch(level) {
+	switch(level) {
 
-    case CRYPT_LOG_NORMAL:
-            fputs(msg, stdout);
-            break;
-    case CRYPT_LOG_ERROR:
-            fputs(msg, stderr);
-            break;
-    default:
-            fprintf(stderr, "Internal error on logging class for msg: %s", msg);
-            break;
-    }
+	case CRYPT_LOG_NORMAL:
+		fputs(msg, stdout);
+		break;
+	case CRYPT_LOG_VERBOSE:
+		if (opt_verbose)
+			fputs(msg, stdout);
+		break;
+	case CRYPT_LOG_ERROR:
+		fputs(msg, stderr);
+		break;
+	default:
+		fprintf(stderr, "Internal error on logging class for msg: %s", msg);
+		break;
+	}
 }
 
 static struct interface_callbacks cmd_icb = {
-        .yesDialog = yesDialog,
-        .log = cmdLineLog,
+	.yesDialog = yesDialog,
+	.log = cmdLineLog,
 };
 
 static void _log(int level, const char *msg, void *usrptr)
@@ -278,7 +282,7 @@ static int action_status(int arg)
 		log_std("%s/%s is active:\n", crypt_get_dir(), options.name);
 		log_std("  cipher:  %s\n", options.cipher);
 		log_std("  keysize: %d bits\n", options.key_size * 8);
-		log_std("  device:  %s\n", options.device);
+		log_std("  device:  %s\n", options.device ?: "");
 		log_std("  offset:  %" PRIu64 " sectors\n", options.offset);
 		log_std("  size:    %" PRIu64 " sectors\n", options.size);
 		if (options.skip)
@@ -299,7 +303,7 @@ static int _action_luksFormat_generateMK()
 		.device = action_argv[0],
 		.cipher = opt_cipher ?: DEFAULT_CIPHER(LUKS1),
 		.hash = opt_hash ?: DEFAULT_LUKS1_HASH,
-		.new_key_file = action_argc > 1 ? action_argv[1] : NULL,
+		.new_key_file = opt_key_file ?: (action_argc > 1 ? action_argv[1] : NULL),
 		.flags = opt_verify_passphrase ? CRYPT_FLAG_VERIFY : (!opt_batch_mode?CRYPT_FLAG_VERIFY_IF_POSSIBLE :  0),
 		.iteration_time = opt_iteration_time,
 		.timeout = opt_timeout,
@@ -387,6 +391,9 @@ static int action_luksFormat(int arg)
 		return -EINVAL;
 	}
 
+	if (action_argc > 1 && opt_key_file)
+		log_err(_("Option --key-file takes precedence over specified key file argument.\n"));
+
 	if(asprintf(&msg, _("This will overwrite data on %s irrevocably."), action_argv[0]) == -1) {
 		log_err(_("memory allocation error in action_luksFormat"));
 		return -ENOMEM;

src/cryptsetup.h

@@ -13,6 +13,7 @@
 
 #define log_dbg(x...) clogger(NULL, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x)
 #define log_std(x...) clogger(NULL, CRYPT_LOG_NORMAL, __FILE__, __LINE__, x)
+#define log_verbose(x...) clogger(NULL, CRYPT_LOG_VERBOSE, __FILE__, __LINE__, x)
 #define log_err(x...) clogger(NULL, CRYPT_LOG_ERROR, __FILE__, __LINE__, x)
 
 #endif /* CRYPTSETUP_H */

tests/api-test.c

@@ -476,7 +476,6 @@ void DeviceResizeGame(void)
 	co.size = 0;
 	OK_(crypt_resize_device(&co));
 	EQ_(_get_device_size(DMDIR CDEVICE_2), (orig_size - 333));
-
 	co.size = 0;
 	co.offset = 444;
 	co.skip = 555;
@@ -492,10 +491,36 @@ void DeviceResizeGame(void)
 	EQ_(co.key_size, 128 / 8);
 	EQ_(co.offset, 444);
 	EQ_(co.skip, 555);
-	OK_(crypt_remove_device(&co));
-
 	crypt_put_options(&co);
 
+	// dangerous switch device still works
+	memset(&co, 0, sizeof(co));
+	co.name = CDEVICE_2,
+	co.device = DEVICE_1;
+	co.key_file = KEYFILE2;
+	co.key_size = 128 / 8;
+	co.cipher = "aes-cbc-plain";
+	co.hash = "sha1";
+	co.icb = &cmd_icb;
+	OK_(crypt_update_device(&co));
+
+	memset(&co, 0, sizeof(co));
+	co.icb = &cmd_icb,
+	co.name = CDEVICE_2;
+	EQ_(crypt_query_device(&co), 1);
+	EQ_(strcmp(co.cipher, "aes-cbc-plain"), 0);
+	EQ_(co.key_size, 128 / 8);
+	EQ_(co.offset, 0);
+	EQ_(co.skip, 0);
+	// This expect lookup returns prefered /dev/loopX
+	EQ_(strcmp(co.device, DEVICE_1), 0);
+	crypt_put_options(&co);
+
+	memset(&co, 0, sizeof(co));
+	co.icb = &cmd_icb,
+	co.name = CDEVICE_2;
+	OK_(crypt_remove_device(&co));
+
 	_remove_keyfiles();
 }
 

tests/compat-test

@@ -145,5 +145,20 @@ echo "key0" | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail
 $CRYPTSETUP -q luksClose  $DEV_NAME2 || fail
 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
 
+prepare	"[14] format/open - passphrase on stdin & new line"
+# stdin defined by "-" must take even newline
+echo -n $'foo\nbar' | $CRYPTSETUP -q luksFormat $LOOPDEV - || fail
+echo -n $'foo\nbar' | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail
+$CRYPTSETUP -q luksClose  $DEV_NAME || fail
+echo -n $'foo\nbar' | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME && fail
+# now also try --key-file
+echo -n $'foo\nbar' | $CRYPTSETUP -q luksFormat $LOOPDEV --key-file=- || fail
+echo -n $'foo\nbar' | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail
+$CRYPTSETUP -q luksClose  $DEV_NAME || fail
+# process newline if from stdin
+echo -n $'foo\nbar' | $CRYPTSETUP -q luksFormat $LOOPDEV || fail
+echo 'foo' | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
+$CRYPTSETUP -q luksClose  $DEV_NAME || fail
+
 remove_mapping
 exit 0