Workaround for align test for scsi_debug kernel in-use issue.

Bump libcryptsetup version (new defines, all backward compatible).

ChangeLog

@@ -3,4 +3,4 @@ Since version 1.6 this file is no longer maintained.
 See docs/*ReleaseNotes for release changes documentation.
 
 See version control history for full commit messages.
-  http://code.google.com/p/cryptsetup/source/list
+  https://gitlab.com/cryptsetup/cryptsetup/commits/master

FAQ

@@ -808,7 +808,7 @@ A. Contributors
 
   For device set-up, do the following:
 
-    cryptsetup open --type plain -d /dev/urandom /dev/<block-device>  target
+    cryptsetup open --type plain -d /dev/urandom /dev/<block-device> to_be_wiped
 
   This maps the container as plain under /dev/mapper/to_be_wiped with a
   random password.  For the actual wipe you have several options. 
@@ -828,6 +828,29 @@ A. Contributors
 
   Remove the mapping at the end and you are done.
 
+  * 2.20 How to I wipe only the LUKS header?
+
+  This is not the emergency wipe procedure. That is in Item 5.4. This procedure
+  is intended to be used when the data should stay intact, e.g. when you change
+  your LUKS container to use a detached header and want to remove the old one.
+
+  Most safe way is this (backup is still a good idea):
+ 
+  01) Determine header size in 512 Byte sectors with "luksDump":
+
+     cryptsetup luksDump <device with LUKS container>
+
+->   ...
+     Payload offset: <number>
+     ...
+
+  02) Take the result number and write number * 512 zeros to the start of the
+      device, e.g. like this:
+
+     dd bs=512 count=<number> if=/dev/zero of=<device>
+
+  That is it.   
+
 
 3. Common Problems
 

README.md

@@ -36,13 +36,16 @@ Download
 --------
 All release tarballs and release notes are hosted on [kernel.org](https://www.kernel.org/pub/linux/utils/cryptsetup/).
 
-**The latest cryptsetup version is 1.7.0**
-  * [cryptsetup-1.7.0.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.0.tar.xz)
-  * Signature [cryptsetup-1.7.0.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.0.tar.sign)
+**The latest cryptsetup version is 1.7.1**
+  * [cryptsetup-1.7.1.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.1.tar.xz)
+  * Signature [cryptsetup-1.7.1.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.1.tar.sign)
     _(You need to decompress file first to check signature.)_
-  * [Cryptsetup 1.7.0 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/v1.7.0-ReleaseNotes).
+  * [Cryptsetup 1.7.1 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/v1.7.1-ReleaseNotes).
 
 Previous versions
+ * [Version 1.7.0](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.0.tar.xz) -
+   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.0.tar.sign) -
+   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/v1.7.0-ReleaseNotes).
  * [Version 1.6.8](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.8.tar.xz) -
    [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.8.tar.sign) -
    [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/v1.6.8-ReleaseNotes).
@@ -66,6 +69,8 @@ mirror on [kernel.org](https://git.kernel.org/cgit/utils/cryptsetup/cryptsetup.g
 
 For libcryptsetup documentation see [libcryptsetup API](https://gitlab.com/cryptsetup/cryptsetup/wikis/API/index.html) page.
 
+The libcryptsetup API/ABI changes are tracked in [compatibility report](https://gitlab.com/cryptsetup/cryptsetup/wikis/ABI-tracker/timeline/libcryptsetup/index.html).
+
 NLS PO files are maintained by [TranslationProject](http://translationproject.org/domain/cryptsetup.html).
 
 Help!

configure.ac

@@ -1,5 +1,5 @@
 AC_PREREQ([2.67])
-AC_INIT([cryptsetup],[1.7.1-git])
+AC_INIT([cryptsetup],[1.7.2])
 
 dnl library version from <major>.<minor>.<release>[-<suffix>]
 LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)
@@ -37,7 +37,7 @@ PKG_PROG_PKG_CONFIG
 AC_HEADER_DIRENT
 AC_HEADER_STDC
 AC_CHECK_HEADERS(fcntl.h malloc.h inttypes.h sys/ioctl.h sys/mman.h \
-	ctype.h unistd.h locale.h byteswap.h endian.h)
+	sys/sysmacros.h ctype.h unistd.h locale.h byteswap.h endian.h)
 
 AC_CHECK_HEADERS(uuid/uuid.h,,[AC_MSG_ERROR([You need the uuid library.])])
 AC_CHECK_HEADER(libdevmapper.h,,[AC_MSG_ERROR([You need the device-mapper library.])])

docs/v1.7.1-ReleaseNotes

@@ -0,0 +1,36 @@
+Cryptsetup 1.7.1 Release Notes
+==============================
+
+Changes since version 1.7.0
+
+* Code now uses kernel crypto API backend according to new
+  changes introduced in mainline kernel
+
+  While mainline kernel should contain backward compatible
+  changes, some stable series kernels do not contain fully
+  backported compatibility patches.
+  Without these patches  most of cryptsetup operations
+  (like unlocking device) fail.
+
+  This change in cryptsetup ensures that all operations using
+  kernel crypto API works even on these kernels.
+
+* The cryptsetup-reencrypt utility now properly detects removal
+  of underlying link to block device and does not remove
+  ongoing re-encryption log.
+  This allows proper recovery (resume) of reencrypt operation later.
+
+  NOTE: Never use /dev/disk/by-uuid/ path for reencryption utility,
+  this link disappears once the device metadata is temporarily
+  removed from device.
+
+* Cryptsetup now allows special "-" (standard input) keyfile handling
+  even for TCRYPT (TrueCrypt and VeraCrypt compatible) devices.
+
+* Cryptsetup now fails if there are more keyfiles specified
+  for non-TCRYPT device.
+
+* The luksKillSlot command now does not suppress provided password
+  in batch mode (if password is wrong slot is not destroyed).
+  Note that not providing password in batch mode means that keyslot
+  is destroyed unconditionally.

docs/v1.7.2-ReleaseNotes

@@ -0,0 +1,37 @@
+Cryptsetup 1.7.2 Release Notes
+==============================
+
+Changes since version 1.7.1
+
+* Update LUKS documentation format.
+  Clarify fixed sector size and keyslots alignment.
+
+* Support activation options for error handling modes in Linux kernel
+  dm-verity module:
+
+  --ignore-corruption - dm-verity just logs detected corruption
+
+  --restart-on-corruption - dm-verity restarts the kernel if corruption is detected
+
+  If the options above are not specified, default behavior for dm-verity remains.
+  Default is that I/O operation fails with I/O error if corrupted block is detected.
+
+  --ignore-zero-blocks - Instructs dm-verity to not verify blocks that are expected
+  to contain zeroes and always return zeroes directly instead.
+
+  NOTE that these options could have security or functional impacts,
+  do not use them without assessing the risks!
+
+* Fix help text for cipher benchmark specification (mention --cipher option).
+
+* Fix off-by-one error in maximum keyfile size.
+  Allow keyfiles up to compiled-in default and not that value minus one.
+
+* Support resume of interrupted decryption in cryptsetup-reencrypt utility.
+  To resume decryption, LUKS device UUID (--uuid option) option must be used.
+
+* Do not use direct-io for LUKS header with unaligned keyslots.
+  Such headers were used only by the first cryptsetup-luks-1.0.0 release (2005).
+
+* Fix device block size detection to properly work on particular file-based
+  containers over underlying devices with 4k sectors.

lib/crypto_backend/crypto_cipher_kernel.c

@@ -2,7 +2,7 @@
  * Linux kernel userspace API crypto backend implementation (skcipher)
  *
  * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2014, Milan Broz
+ * Copyright (C) 2012-2016, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -88,33 +88,8 @@ int crypt_cipher_blocksize(const char *name)
 	return ca ? ca->blocksize : -EINVAL;
 }
 
-/* Shared with hash kernel backend */
-int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd);
-
-int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd)
-{
-	*tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
-	if (*tfmfd == -1)
-		return -ENOTSUP;
-
-	if (bind(*tfmfd, (struct sockaddr *)sa, sizeof(*sa)) == -1) {
-		close(*tfmfd);
-		*tfmfd = -1;
-		return -ENOENT;
-	}
-
-	*opfd = accept(*tfmfd, NULL, 0);
-	if (*opfd == -1) {
-		close(*tfmfd);
-		*tfmfd = -1;
-		return -EINVAL;
-	}
-
-	return 0;
-}
-
 /*
- *ciphers
+ * ciphers
  *
  * ENOENT - algorithm not available
  * ENOTSUP - AF_ALG family not available
@@ -128,7 +103,6 @@ int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
 		.salg_family = AF_ALG,
 		.salg_type = "skcipher",
 	};
-	int r;
 
 	h = malloc(sizeof(*h));
 	if (!h)
@@ -137,14 +111,28 @@ int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
 	snprintf((char *)sa.salg_name, sizeof(sa.salg_name),
 		 "%s(%s)", mode, name);
 
-	r = crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd);
-	if (r < 0) {
-		free(h);
-		return r;
+	h->opfd = -1;
+	h->tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
+	if (h->tfmfd < 0) {
+		crypt_cipher_destroy(h);
+		return -ENOTSUP;
 	}
 
-	if (length && strcmp(name, "cipher_null") &&
-	    setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) == -1) {
+	if (bind(h->tfmfd, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
+		crypt_cipher_destroy(h);
+		return -ENOENT;
+	}
+
+	if (!strcmp(name, "cipher_null"))
+		length = 0;
+
+	if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) < 0) {
+		crypt_cipher_destroy(h);
+		return -EINVAL;
+	}
+
+	h->opfd = accept(h->tfmfd, NULL, 0);
+	if (h->opfd < 0) {
 		crypt_cipher_destroy(h);
 		return -EINVAL;
 	}
@@ -239,9 +227,9 @@ int crypt_cipher_decrypt(struct crypt_cipher *ctx,
 
 int crypt_cipher_destroy(struct crypt_cipher *ctx)
 {
-	if (ctx->tfmfd != -1)
+	if (ctx->tfmfd >= 0)
 		close(ctx->tfmfd);
-	if (ctx->opfd != -1)
+	if (ctx->opfd >= 0)
 		close(ctx->opfd);
 	memset(ctx, 0, sizeof(*ctx));
 	free(ctx);

lib/crypto_backend/crypto_kernel.c

@@ -2,7 +2,7 @@
  * Linux kernel userspace API crypto backend implementation
  *
  * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2014, Milan Broz
+ * Copyright (C) 2010-2016, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -68,8 +68,34 @@ struct crypt_hmac {
 	int hash_len;
 };
 
-/* Defined in crypt_kernel_ciphers.c */
-extern int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd);
+static int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd,
+				    const void *key, size_t key_length)
+{
+	*tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
+	if (*tfmfd < 0)
+		return -ENOTSUP;
+
+	if (bind(*tfmfd, (struct sockaddr *)sa, sizeof(*sa)) < 0) {
+		close(*tfmfd);
+		*tfmfd = -1;
+		return -ENOENT;
+	}
+
+	if (key && setsockopt(*tfmfd, SOL_ALG, ALG_SET_KEY, key, key_length) < 0) {
+		close(*tfmfd);
+		*tfmfd = -1;
+		return -EINVAL;
+	}
+
+	*opfd = accept(*tfmfd, NULL, 0);
+	if (*opfd < 0) {
+		close(*tfmfd);
+		*tfmfd = -1;
+		return -EINVAL;
+	}
+
+	return 0;
+}
 
 int crypt_backend_init(struct crypt_device *ctx)
 {
@@ -87,7 +113,7 @@ int crypt_backend_init(struct crypt_device *ctx)
 	if (uname(&uts) == -1 || strcmp(uts.sysname, "Linux"))
 		return -EINVAL;
 
-	if (crypt_kernel_socket_init(&sa, &tfmfd, &opfd) < 0)
+	if (crypt_kernel_socket_init(&sa, &tfmfd, &opfd, NULL, 0) < 0)
 		return -EINVAL;
 
 	close(tfmfd);
@@ -152,7 +178,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)
 
 	strncpy((char *)sa.salg_name, ha->kernel_name, sizeof(sa.salg_name));
 
-	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) {
+	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd, NULL, 0) < 0) {
 		free(h);
 		return -EINVAL;
 	}
@@ -188,9 +214,9 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
 
 int crypt_hash_destroy(struct crypt_hash *ctx)
 {
-	if (ctx->tfmfd != -1)
+	if (ctx->tfmfd >= 0)
 		close(ctx->tfmfd);
-	if (ctx->opfd != -1)
+	if (ctx->opfd >= 0)
 		close(ctx->opfd);
 	memset(ctx, 0, sizeof(*ctx));
 	free(ctx);
@@ -227,16 +253,11 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
 	snprintf((char *)sa.salg_name, sizeof(sa.salg_name),
 		 "hmac(%s)", ha->kernel_name);
 
-	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) {
+	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd, buffer, length) < 0) {
 		free(h);
 		return -EINVAL;
 	}
 
-	if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) == -1) {
-		crypt_hmac_destroy(h);
-		return -EINVAL;
-	}
-
 	*ctx = h;
 	return 0;
 }
@@ -268,9 +289,9 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
 
 int crypt_hmac_destroy(struct crypt_hmac *ctx)
 {
-	if (ctx->tfmfd != -1)
+	if (ctx->tfmfd >= 0)
 		close(ctx->tfmfd);
-	if (ctx->opfd != -1)
+	if (ctx->opfd >= 0)
 		close(ctx->opfd);
 	memset(ctx, 0, sizeof(*ctx));
 	free(ctx);

lib/internal.h

@@ -75,6 +75,8 @@ int device_block_size(struct device *device);
 int device_read_ahead(struct device *device, uint32_t *read_ahead);
 int device_size(struct device *device, uint64_t *size);
 int device_open(struct device *device, int flags);
+void device_disable_direct_io(struct device *device);
+
 
 enum devcheck { DEV_OK = 0, DEV_EXCL = 1, DEV_SHARED = 2 };
 int device_block_adjust(struct crypt_device *cd,

lib/libcryptsetup.h

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2015, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2015, Milan Broz
+ * Copyright (C) 2009-2016, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2016, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -752,6 +752,12 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot);
 #define CRYPT_ACTIVATE_SAME_CPU_CRYPT (1 << 6)
 /** use submit_from_crypt_cpus for dm-crypt */
 #define CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS (1 << 7)
+/** dm-verity: ignore_corruption flag - ignore corruption, log it only */
+#define CRYPT_ACTIVATE_IGNORE_CORRUPTION (1 << 8)
+/** dm-verity: restart_on_corruption flag - restart kernel on corruption */
+#define CRYPT_ACTIVATE_RESTART_ON_CORRUPTION (1 << 9)
+/** dm-verity: ignore_zero_blocks - do not verify zero blocks */
+#define CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS (1 << 10)
 
 
 /**

lib/libdevmapper.c

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2015, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2015, Milan Broz
+ * Copyright (C) 2009-2016, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2016, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -159,6 +159,15 @@ static void _dm_set_verity_compat(const char *dm_version, unsigned verity_maj,
 {
 	if (verity_maj > 0)
 		_dm_crypt_flags |= DM_VERITY_SUPPORTED;
+	else
+		return;
+	/*
+	 * ignore_corruption, restart_on corruption is available since 1.2 (kernel 4.1)
+	 * ignore_zero_blocks since 1.3 (kernel 4.5)
+	 * (but some dm-verity targets 1.2 don't support it)
+	 */
+	if (_dm_satisfies_version(1, 3, verity_maj, verity_min))
+		_dm_crypt_flags |= DM_VERITY_ON_CORRUPTION_SUPPORTED;
 
 	log_dbg("Detected dm-verity version %i.%i.%i.",
 		verity_maj, verity_min, verity_patch);
@@ -357,14 +366,35 @@ out:
 
 /* https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity */
 static char *get_dm_verity_params(struct crypt_params_verity *vp,
-				   struct crypt_dm_active_device *dmd)
+				   struct crypt_dm_active_device *dmd, uint32_t flags)
 {
-	int max_size, r;
+	int max_size, r, num_options = 0;
 	char *params = NULL, *hexroot = NULL, *hexsalt = NULL;
+	char features[256];
 
 	if (!vp || !dmd)
 		return NULL;
 
+	/* These flags are not compatible */
+	if ((flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) &&
+	    (flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION))
+		flags &= ~CRYPT_ACTIVATE_IGNORE_CORRUPTION;
+
+	if (flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION)
+		num_options++;
+	if (flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION)
+		num_options++;
+	if (flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS)
+		num_options++;
+
+	if (num_options)
+		snprintf(features, sizeof(features)-1, " %d%s%s%s", num_options,
+		(flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) ? " ignore_corruption" : "",
+		(flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION) ? " restart_on_corruption" : "",
+		(flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS) ? " ignore_zero_blocks" : "");
+	else
+		*features = '\0';
+
 	hexroot = crypt_safe_alloc(dmd->u.verity.root_hash_size * 2 + 1);
 	if (!hexroot)
 		goto out;
@@ -388,12 +418,12 @@ static char *get_dm_verity_params(struct crypt_params_verity *vp,
 		goto out;
 
 	r = snprintf(params, max_size,
-		     "%u %s %s %u %u %" PRIu64 " %" PRIu64 " %s %s %s",
+		     "%u %s %s %u %u %" PRIu64 " %" PRIu64 " %s %s %s %s",
 		     vp->hash_type, device_block_path(dmd->data_device),
 		     device_block_path(dmd->u.verity.hash_device),
 		     vp->data_block_size, vp->hash_block_size,
 		     vp->data_size, dmd->u.verity.hash_offset,
-		     vp->hash_name, hexroot, hexsalt);
+		     vp->hash_name, hexroot, hexsalt, features);
 	if (r < 0 || r >= max_size) {
 		crypt_safe_free(params);
 		params = NULL;
@@ -434,7 +464,7 @@ static int _dm_simple(int task, const char *name, int udev_wait)
 	if (udev_wait)
 		(void)_dm_udev_wait(cookie);
 
-      out:
+out:
 	dm_task_destroy(dmt);
 	return r;
 }
@@ -591,9 +621,6 @@ static int _dm_create_device(const char *name, const char *type,
 
 		if (!dm_task_set_uuid(dmt, dev_uuid))
 			goto out_no_removal;
-
-		if (_dm_use_udev() && !_dm_task_set_cookie(dmt, &cookie, udev_flags))
-			goto out_no_removal;
 	}
 
 	if ((dm_flags() & DM_SECURE_SUPPORTED) && !dm_task_secure_data(dmt))
@@ -610,6 +637,9 @@ static int _dm_create_device(const char *name, const char *type,
 	    !dm_task_set_read_ahead(dmt, read_ahead, DM_READ_AHEAD_MINIMUM_FLAG))
 		goto out_no_removal;
 #endif
+	/* do not set cookie for DM_DEVICE_RELOAD task */
+	if (!reload && _dm_use_udev() && !_dm_task_set_cookie(dmt, &cookie, udev_flags))
+		goto out_no_removal;
 
 	if (!dm_task_run(dmt))
 		goto out_no_removal;
@@ -676,7 +706,7 @@ int dm_create_device(struct crypt_device *cd, const char *name,
 	if (dmd->target == DM_CRYPT)
 		table_params = get_dm_crypt_params(dmd, dmd_flags);
 	else if (dmd->target == DM_VERITY)
-		table_params = get_dm_verity_params(dmd->u.verity.vp, dmd);
+		table_params = get_dm_verity_params(dmd->u.verity.vp, dmd, dmd_flags);
 
 	r = _dm_create_device(name, type, dmd->data_device, dmd_flags,
 			      dmd->uuid, dmd->size, table_params, reload);
@@ -696,7 +726,13 @@ int dm_create_device(struct crypt_device *cd, const char *name,
 	if (r == -EINVAL &&
 	    dmd_flags & (CRYPT_ACTIVATE_SAME_CPU_CRYPT|CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS) &&
 	    !(dm_flags() & (DM_SAME_CPU_CRYPT_SUPPORTED|DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED)))
-		log_err(cd, _("Requested dmcrypt performance options are not supported.\n"));
+		log_err(cd, _("Requested dm-crypt performance options are not supported.\n"));
+
+	if (r == -EINVAL && dmd_flags & (CRYPT_ACTIVATE_IGNORE_CORRUPTION|
+					  CRYPT_ACTIVATE_RESTART_ON_CORRUPTION|
+					  CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS) &&
+	    !(dm_flags() & DM_VERITY_ON_CORRUPTION_SUPPORTED))
+		log_err(cd, _("Requested dm-verity data corruption handling options are not supported.\n"));
 
 	crypt_safe_free(table_params);
 	dm_exit_context();
@@ -893,7 +929,7 @@ static int _dm_query_crypt(uint32_t get_flags,
 				return -EINVAL;
 		}
 
-		/* All parameters shold be processed */
+		/* All parameters should be processed */
 		if (params)
 			return -EINVAL;
 	}
@@ -936,7 +972,8 @@ static int _dm_query_verity(uint32_t get_flags,
 	uint32_t val32;
 	uint64_t val64;
 	ssize_t len;
-	char *str, *str2;
+	char *str, *str2, *arg;
+	unsigned int i;
 	int r;
 
 	if (get_flags & DM_ACTIVE_VERITY_PARAMS)
@@ -1032,8 +1069,6 @@ static int _dm_query_verity(uint32_t get_flags,
 
 	/* salt */
 	str = strsep(&params, " ");
-	if (params)
-		return -EINVAL;
 	if (vp) {
 		if (!strcmp(str, "-")) {
 			vp->salt_size = 0;
@@ -1047,6 +1082,33 @@ static int _dm_query_verity(uint32_t get_flags,
 		}
 	}
 
+	/* Features section, available since verity target version 1.3 */
+	if (params) {
+		/* Number of arguments */
+		val64 = strtoull(params, &params, 10);
+		if (*params != ' ')
+			return -EINVAL;
+		params++;
+
+		for (i = 0; i < val64; i++) {
+			if (!params)
+				return -EINVAL;
+			arg = strsep(&params, " ");
+			if (!strcasecmp(arg, "ignore_corruption"))
+				dmd->flags |= CRYPT_ACTIVATE_IGNORE_CORRUPTION;
+			else if (!strcasecmp(arg, "restart_on_corruption"))
+				dmd->flags |= CRYPT_ACTIVATE_RESTART_ON_CORRUPTION;
+			else if (!strcasecmp(arg, "ignore_zero_blocks"))
+				dmd->flags |= CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS;
+			else /* unknown option */
+				return -EINVAL;
+		}
+
+		/* All parameters should be processed */
+		if (params)
+			return -EINVAL;
+	}
+
 	return 0;
 }
 

lib/luks1/keymanage.c

@@ -62,7 +62,7 @@ int LUKS_keyslot_area(struct luks_phdr *hdr,
 	if(keyslot >= LUKS_NUMKEYS || keyslot < 0)
 		return -EINVAL;
 
-	*offset = hdr->keyblock[keyslot].keyMaterialOffset * SECTOR_SIZE;
+	*offset = (uint64_t)hdr->keyblock[keyslot].keyMaterialOffset * SECTOR_SIZE;
 	*length = AF_split_sectors(hdr->keyBytes, LUKS_STRIPES) * SECTOR_SIZE;
 
 	return 0;
@@ -206,7 +206,6 @@ int LUKS_hdr_backup(const char *backup_file, struct crypt_device *ctx)
 		r = -EIO;
 		goto out;
 	}
-	close(devfd);
 
 	r = 0;
 out:
@@ -260,6 +259,7 @@ int LUKS_hdr_restore(
 		goto out;
 	}
 	close(devfd);
+	devfd = -1;
 
 	r = LUKS_read_phdr(hdr, 0, 0, ctx);
 	if (r == 0) {
@@ -306,6 +306,7 @@ int LUKS_hdr_restore(
 		goto out;
 	}
 	close(devfd);
+	devfd = -1;
 
 	/* Be sure to reload new data */
 	r = LUKS_read_phdr(hdr, 1, 0, ctx);
@@ -545,6 +546,16 @@ int LUKS_read_phdr(struct luks_phdr *hdr,
 	if (!r)
 		r = LUKS_check_device_size(ctx, hdr->keyBytes);
 
+	/*
+	 * Cryptsetup 1.0.0 did not align keyslots to 4k (very rare version).
+	 * Disable direct-io to avoid possible IO errors if underlying device
+	 * has bigger sector size.
+	 */
+	if (!r && hdr->keyblock[0].keyMaterialOffset * SECTOR_SIZE < LUKS_ALIGN_KEYSLOTS) {
+		log_dbg("Old unaligned LUKS keyslot detected, disabling direct-io.");
+		device_disable_direct_io(device);
+	}
+
 	close(devfd);
 	return r;
 }
@@ -674,9 +685,9 @@ int LUKS_generate_phdr(struct luks_phdr *header,
 	/* Set Magic */
 	memcpy(header->magic,luksMagic,LUKS_MAGIC_L);
 	header->version=1;
-	strncpy(header->cipherName,cipherName,LUKS_CIPHERNAME_L);
-	strncpy(header->cipherMode,cipherMode,LUKS_CIPHERMODE_L);
-	strncpy(header->hashSpec,hashSpec,LUKS_HASHSPEC_L);
+	strncpy(header->cipherName,cipherName,LUKS_CIPHERNAME_L-1);
+	strncpy(header->cipherMode,cipherMode,LUKS_CIPHERMODE_L-1);
+	strncpy(header->hashSpec,hashSpec,LUKS_HASHSPEC_L-1);
 
 	header->keyBytes=vk->keylength;
 

lib/random.c

@@ -234,9 +234,11 @@ void crypt_random_exit(void)
 
 int crypt_random_default_key_rng(void)
 {
+	/* coverity[pointless_string_compare] */
 	if (!strcmp(DEFAULT_RNG, RANDOM_DEVICE))
 		return CRYPT_RNG_RANDOM;
 
+	/* coverity[pointless_string_compare] */
 	if (!strcmp(DEFAULT_RNG, URANDOM_DEVICE))
 		return CRYPT_RNG_URANDOM;
 

lib/setup.c

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2014, Milan Broz
+ * Copyright (C) 2009-2016, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2016, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -969,7 +969,7 @@ out:
 	if (r < 0) {
 		crypt_free(*cd);
 		*cd = NULL;
-	} else if (!(*cd)->type && name) {
+	} else if (!(*cd)->type) {
 		/* For anonymous device (no header found) remember initialized name */
 		(*cd)->u.none.active_name = strdup(name);
 	}
@@ -2215,7 +2215,7 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
 		}
 
 		r = VERITY_activate(cd, name, volume_key, volume_key_size,
-				    &cd->u.verity.hdr, CRYPT_ACTIVATE_READONLY);
+				    &cd->u.verity.hdr, flags|CRYPT_ACTIVATE_READONLY);
 
 		if (r == -EPERM) {
 			free(cd->u.verity.root_hash);

lib/tcrypt/tcrypt.c

@@ -314,12 +314,13 @@ static int TCRYPT_decrypt_hdr_one(struct tcrypt_alg *alg, const char *mode,
 {
 	char backend_key[TCRYPT_HDR_KEY_LEN];
 	char iv[TCRYPT_HDR_IV_LEN] = {};
-	char mode_name[MAX_CIPHER_LEN];
+	char mode_name[MAX_CIPHER_LEN + 1];
 	struct crypt_cipher *cipher;
 	char *c, *buf = (char*)&hdr->e;
 	int r;
 
 	/* Remove IV if present */
+	mode_name[MAX_CIPHER_LEN] = '\0';
 	strncpy(mode_name, mode, MAX_CIPHER_LEN);
 	c = strchr(mode_name, '-');
 	if (c)
@@ -612,10 +613,10 @@ int TCRYPT_read_phdr(struct crypt_device *cd,
 			return -EINVAL;
 
 		r = device_alloc(&base_device, base_device_path);
+		free(base_device_path);
 		if (r < 0)
 			return r;
 		devfd = device_open(base_device, O_RDONLY);
-		free(base_device_path);
 		device_free(base_device);
 	} else
 		devfd = device_open(device, O_RDONLY);
@@ -723,6 +724,9 @@ int TCRYPT_activate(struct crypt_device *cd,
 	if (!algs)
 		return -EINVAL;
 
+	if (hdr->d.sector_size == 0)
+		return -EINVAL;
+
 	if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER)
 		dmd.size = 0;
 	else if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER)
@@ -772,7 +776,8 @@ int TCRYPT_activate(struct crypt_device *cd,
 
 	for (i = algs->chain_count; i > 0; i--) {
 		if (i == 1) {
-			strncpy(dm_name, name, sizeof(dm_name));
+			dm_name[sizeof(dm_name)-1] = '\0';
+			strncpy(dm_name, name, sizeof(dm_name)-1);
 			dmd.flags = flags;
 		} else {
 			snprintf(dm_name, sizeof(dm_name), "%s_%d", name, i-1);
@@ -914,7 +919,7 @@ int TCRYPT_init_by_name(struct crypt_device *cd, const char *name,
 			struct tcrypt_phdr *tcrypt_hdr)
 {
 	struct tcrypt_algs *algs;
-	char cipher[MAX_CIPHER_LEN * 4], mode[MAX_CIPHER_LEN], *tmp;
+	char cipher[MAX_CIPHER_LEN * 4], mode[MAX_CIPHER_LEN+1], *tmp;
 	size_t key_size;
 	int r;
 
@@ -928,6 +933,7 @@ int TCRYPT_init_by_name(struct crypt_device *cd, const char *name,
 	if (!tmp)
 		return -EINVAL;
 	*tmp = '\0';
+	mode[MAX_CIPHER_LEN] = '\0';
 	strncpy(mode, ++tmp, MAX_CIPHER_LEN);
 
 	key_size = dmd->u.crypt.vk->keylength;

lib/utils_crypt.c

@@ -360,7 +360,7 @@ int crypt_get_key(const char *prompt,
 
 	/* If not requsted otherwise, we limit input to prevent memory exhaustion */
 	if (keyfile_size_max == 0) {
-		keyfile_size_max = DEFAULT_KEYFILE_SIZE_MAXKB * 1024;
+		keyfile_size_max = DEFAULT_KEYFILE_SIZE_MAXKB * 1024 + 1;
 		unlimited_read = 1;
 	}
 

lib/utils_device.c

@@ -50,8 +50,10 @@ static int device_block_size_fd(int fd, size_t *min_size)
 	if (fstat(fd, &st) < 0)
 		return -EINVAL;
 
-	if (S_ISREG(st.st_mode))
+	if (S_ISREG(st.st_mode)) {
 		r = (int)crypt_getpagesize();
+		bsize = r;
+	}
 	else if (ioctl(fd, BLKSSZGET, &bsize) >= 0)
 		r = bsize;
 	else
@@ -528,3 +530,8 @@ size_t size_round_up(size_t size, unsigned int block)
 	size_t s = (size + (block - 1)) / block;
 	return s * block;
 }
+
+void device_disable_direct_io(struct device *device)
+{
+	device->o_direct = 0;
+}

lib/utils_devpath.c

@@ -31,6 +31,9 @@
 #include <limits.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+# include <sys/sysmacros.h>     /* for major, minor */
+#endif
 #include "internal.h"
 
 static char *__lookup_dev(char *path, dev_t dev, int dir_level, const int max_level)
@@ -276,24 +279,30 @@ char *crypt_get_partition_device(const char *dev_path, uint64_t offset, uint64_t
 		major(st.st_rdev), minor(st.st_rdev)) < 0)
 		return NULL;
 
-	len = readlink(path, link, sizeof(link) - 1);
-	if (len < 0)
+	dir = opendir(path);
+	if (!dir)
 		return NULL;
 
+	len = readlink(path, link, sizeof(link) - 1);
+	if (len < 0) {
+		closedir(dir);
+		return NULL;
+	}
+
 	/* Get top level disk name for sysfs search */
 	link[len] = '\0';
 	devname = strrchr(link, '/');
-	if (!devname)
+	if (!devname) {
+		closedir(dir);
 		return NULL;
+	}
 	devname++;
 
 	/* DM devices do not use kernel partitions. */
-	if (dm_is_dm_kernel_name(devname))
-		return NULL;
-
-	dir = opendir(path);
-	if (!dir)
+	if (dm_is_dm_kernel_name(devname)) {
+		closedir(dir);
 		return NULL;
+	}
 
 	devname_len = strlen(devname);
 	while((entry = readdir(dir))) {

lib/utils_dm.h

@@ -3,8 +3,8 @@
  *
  * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2015, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2015, Milan Broz
+ * Copyright (C) 2009-2016, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2016, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -42,6 +42,7 @@ struct device;
 #define DM_TCW_SUPPORTED      (1 << 6)	/* tcw (TCRYPT CBC with whitening) */
 #define DM_SAME_CPU_CRYPT_SUPPORTED (1 << 7) /* same_cpu_crypt */
 #define DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED (1 << 8) /* submit_from_crypt_cpus */
+#define DM_VERITY_ON_CORRUPTION_SUPPORTED (1 << 9) /* ignore/restart_on_corruption, ignore_zero_block */
 
 uint32_t dm_flags(void);
 

lib/utils_loop.c

@@ -28,6 +28,9 @@
 #include <sys/ioctl.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+# include <sys/sysmacros.h>     /* for major, minor */
+#endif
 #include <linux/loop.h>
 
 #include "utils_loop.h"
@@ -100,6 +103,7 @@ int crypt_loop_attach(const char *loop, const char *file, int offset,
 		      int autoclear, int *readonly)
 {
 	struct loop_info64 lo64 = {0};
+	char *lo_file_name;
 	int loop_fd = -1, file_fd = -1, r = 1;
 
 	file_fd = open(file, (*readonly ? O_RDONLY : O_RDWR) | O_EXCL);
@@ -114,7 +118,9 @@ int crypt_loop_attach(const char *loop, const char *file, int offset,
 	if (loop_fd < 0)
 		goto out;
 
-	strncpy((char*)lo64.lo_file_name, file, LO_NAME_SIZE);
+	lo_file_name = (char*)lo64.lo_file_name;
+	lo_file_name[LO_NAME_SIZE-1] = '\0';
+	strncpy(lo_file_name, file, LO_NAME_SIZE-1);
 	lo64.lo_offset = offset;
 	if (autoclear)
 		lo64.lo_flags |= LO_FLAGS_AUTOCLEAR;

lib/utils_wipe.c

@@ -29,6 +29,9 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/ioctl.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+# include <sys/sysmacros.h>     /* for major, minor */
+#endif
 #include <fcntl.h>
 
 #include "libcryptsetup.h"

lib/verity/verity.c

@@ -156,6 +156,7 @@ int VERITY_write_sb(struct crypt_device *cd,
 	int bsize = device_block_size(device);
 	struct verity_sb sb = {};
 	ssize_t hdr_size = sizeof(struct verity_sb);
+	char *algorithm;
 	uuid_t uuid;
 	int r, devfd = 0;
 
@@ -187,7 +188,9 @@ int VERITY_write_sb(struct crypt_device *cd,
 	sb.hash_block_size = cpu_to_le32(params->hash_block_size);
 	sb.salt_size       = cpu_to_le16(params->salt_size);
 	sb.data_blocks     = cpu_to_le64(params->data_size);
-	strncpy((char *)sb.algorithm, params->hash_name, sizeof(sb.algorithm));
+	algorithm = (char *)sb.algorithm;
+	algorithm[sizeof(sb.algorithm)-1] = '\0';
+	strncpy(algorithm, params->hash_name, sizeof(sb.algorithm)-1);
 	memcpy(sb.salt, params->salt, params->salt_size);
 	memcpy(sb.uuid, uuid, sizeof(sb.uuid));
 

man/cryptsetup-reencrypt.8

@@ -37,7 +37,8 @@ To start (or continue) re-encryption for <device> use:
 \fB<options>\fR can be [\-\-batch-mode, \-\-block-size, \-\-cipher, \-\-debug,
 \-\-device-size, \-\-hash, \-\-iter-time, \-\-use-random | \-\-use-urandom,
 \-\-keep-key, \-\-key-size, \-\-key-file, \-\-key-slot, \-\-keyfile-offset,
-\-\-keyfile-size, \-\-tries, \-\-use-directio, \-\-use-fsync, \-\-verbose, \-\-write-log]
+\-\-keyfile-size, \-\-tries, \-\-use-directio, \-\-use-fsync, \-\-verbose, \-\-write-log,
+\-\-uuid]
 
 To encrypt data on (not yet encrypted) device, use \fI\-\-new\fR with combination
 with \fI\-\-reduce-device-size\fR.
@@ -153,7 +154,7 @@ Use with extreme care - shrinked filesystems are usually unrecoverable.
 
 You cannot shrink device more than by 64 MiB (131072 sectors).
 .TP
-.B "\-\-new, N"
+.B "\-\-new, \-N"
 Create new header (encrypt not yet encrypted device).
 
 This option must be used together with \-\-reduce-device-size.
@@ -180,6 +181,11 @@ log files as well.
 Update log file after every block write. This can slow down reencryption
 but will minimize data loss in the case of system crash.
 .TP
+.B "\-\-uuid" \fI<uuid>\fR
+Use only while resuming an interrupted decryption process (see \-\-decrypt).
+To find out what \fI<uuid>\fR to pass look for temporary files LUKS-<uuid>.[|log|org|new] of the
+interrupted decryption process.
+.TP
 .B "\-\-batch-mode, \-q"
 Suppresses all warnings and reencryption progress output.
 .TP

man/cryptsetup.8

@@ -286,8 +286,9 @@ inaccessible.
 .PP
 \fIluksKillSlot\fR <device> <key slot number>
 .IP
-Wipe the key-slot number <key slot> from the LUKS device. A remaining
-passphrase must be supplied, either interactively or via \-\-key-file.
+Wipe the key-slot number <key slot> from the LUKS device. Except running
+in batch-mode (\-q) a remaining passphrase must be supplied,
+either interactively or via \-\-key-file.
 This command can remove the last remaining key-slot, but requires
 an interactive confirmation when doing so. Removing the last
 passphrase makes a LUKS container permanently inaccessible.
@@ -297,11 +298,16 @@ passphrase makes a LUKS container permanently inaccessible.
 
 \fBWARNING:\fR If you read the passphrase from stdin
 (without further argument or with '-' as argument
-to \-\-key-file), batch-mode (\-q) will be implicitely
+to \-\-key-file), batch-mode (\-q) will be implicitly
 switched on and no warning will be given when you remove the
 last remaining passphrase from a LUKS container. Removing
 the last passphrase makes the LUKS container permanently
 inaccessible.
+
+\fBNOTE:\fR If there is no passphrase provided (on stdin or through
+\-\-key-file argument) and batch-mode (\-q) is active, the
+key-slot is removed without any other warning.
+
 .PP
 \fIerase\fR <device>
 .br
@@ -593,7 +599,7 @@ The current default in the distributed sources is
 "aes-cbc-essiv:sha256" for plain dm-crypt and
 "aes-xts-plain64" for LUKS.
 
-If a hash is part of the cipher spefification, then it is
+If a hash is part of the cipher specification, then it is
 used as part of the IV generation. For example, ESSIV
 needs a hash function, while "plain64" does not and
 hence none is specified.

man/veritysetup.8

@@ -37,7 +37,8 @@ Creates a mapping with <name> backed by device <data_device> and using
 
 The <root_hash> is a hexadecimal string.
 
-\fB<options>\fR can be [\-\-hash-offset, \-\-no-superblock]
+\fB<options>\fR can be [\-\-hash-offset, \-\-no-superblock,
+\-\-ignore-corruption or \-\-restart-on-corruption, \-\-ignore-zero-blocks]
 
 If option \-\-no-superblock is used, you have to use as the same options
 as in initial format operation.
@@ -110,6 +111,24 @@ Use the provided UUID for format command instead of generating new one.
 The UUID must be provided in standard UUID format,
 e.g. 12345678-1234-1234-1234-123456789abc.
 .TP
+.B "\-\-ignore-corruption", "\-\-restart-on-corruption"
+Defines what to do if data integrity problem is detected (data corruption).
+
+Without these options kernel fails the IO operation with I/O error.
+With \-\-ignore-corruption option the corruption is only logged.
+With \-\-restart-on-corruption the kernel is restarted immediatelly.
+(You have to provide way how to avoid restart loops.)
+
+\fBWARNING:\fR Use these options only for very specific cases.
+These options are available since Linux kernel version 4.1.
+.TP
+.B "\-\-ignore-zero-blocks"
+Instruct kernel to not verify blocks that are expected to contain zeroes
+and always directly return zeroes instead.
+
+\fBWARNING:\fR Use this option only in very specific cases.
+This option is available since Linux kernel version 4.5.
+.TP
 .B "\-\-version"
 Show the program version.
 .SH RETURN CODES
@@ -130,9 +149,9 @@ The first implementation of veritysetup was written by Chrome OS authors.
 This version is based on verification code written by Mikulas Patocka <mpatocka@redhat.com>
 and rewritten for libcryptsetup by Milan Broz <gmazyland@gmail.com>.
 .SH COPYRIGHT
-Copyright \(co 2012-2013 Red Hat, Inc.
+Copyright \(co 2012-2016 Red Hat, Inc.
 .br
-Copyright \(co 2012-2014 Milan Broz
+Copyright \(co 2012-2016 Milan Broz
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

misc/dracut_90reencrypt/README

@@ -11,9 +11,11 @@ e.g. rd.luks.reencrypt=sda2:52G means only 52G of device
 will be reencrypted (default is whole device).
 (Name is kernel name of device.)
 
-Also, you may specify keyslot which you want to use for reencryption,
-rd.luks.reencrypt_keyslot=<keyslot_number>. Bear in mind that if you
-use this option, all other keyslots will be deactivated.
+If there's more than single active keyslot in the target luks device
+you're required to select one keyslot explicitly for reencryption via
+rd.luks.reencrypt_keyslot=<keyslot_number> option. Bear in mind that
+if you use this option, all other keyslots will get deactivated in the
+process.
 
 Another argument, rd.luks.reencrypt_key=/dev/sda:/path/to/keyfile
 can be used to read password for specific keyslot from device containing

misc/dracut_90reencrypt/module-setup.sh

@@ -24,6 +24,8 @@ install() {
 
     dracut_install cryptsetup-reencrypt
 
+    # moddir variable is assigned in dracut general shell lib
+    # shellcheck disable=SC2154
     inst_hook cmdline 30 "$moddir/parse-reencrypt.sh"
     inst_simple "$moddir"/reencrypt.sh /sbin/reencrypt
 }

misc/dracut_90reencrypt/reencrypt.sh

@@ -39,7 +39,8 @@ reenc_readkey() {
 }
 
 reenc_run() {
-    local cwd=$(pwd)
+    local cwd
+    cwd=$(pwd)
     local _prompt="LUKS password for REENCRYPTING $device"
     cd /tmp
     if [ "$1" = "none" ] ; then

po/LINGUAS

@@ -8,6 +8,7 @@ id
 it
 nl
 pl
+pt_BR
 sr
 sv
 uk

po/da.po

@@ -1,17 +1,17 @@
 # Danish translation cryptsetup-1.7.0.da.po.
-# Copyright (C) 2015 Free Software Foundation, Inc.
+# Copyright (C) 2016 Free Software Foundation, Inc.
 # This file is distributed under the same license as the cryptsetup package.
-# Joe Hansen <joedalton2@yahoo.dk>, 2015.
+# Joe Hansen <joedalton2@yahoo.dk>, 2015, 2016.
 #
 # Konventioner
 # wipe -> rydde
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: cryptsetup-1.7.0\n"
+"Project-Id-Version: cryptsetup-1.7.1\n"
 "Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2015-10-29 13:27+0100\n"
-"PO-Revision-Date: 2015-10-31 22:00+0200\n"
+"POT-Creation-Date: 2016-02-21 21:24+0100\n"
+"PO-Revision-Date: 2016-03-27 22:00+0200\n"
 "Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n"
 "Language-Team: Danish <dansk@dansk-gruppen.dk>\n"
 "Language: da\n"
@@ -230,8 +230,8 @@ msgstr "Genoptag er ikke understøttet for enheden %s.\n"
 msgid "Error during resuming device %s.\n"
 msgstr "Fejl under genoptagelse af enheden %s.\n"
 
-#: lib/setup.c:1654 lib/setup.c:2089 lib/setup.c:2103 src/cryptsetup.c:183
-#: src/cryptsetup.c:244 src/cryptsetup.c:732 src/cryptsetup.c:1162
+#: lib/setup.c:1654 lib/setup.c:2089 lib/setup.c:2103 src/cryptsetup.c:184
+#: src/cryptsetup.c:248 src/cryptsetup.c:736 src/cryptsetup.c:1171
 msgid "Enter passphrase: "
 msgstr "Indtast adgangsfrase: "
 
@@ -244,7 +244,7 @@ msgid "Enter any passphrase: "
 msgstr "Indtast en adgangsfrase: "
 
 #: lib/setup.c:1742 lib/setup.c:1875 lib/setup.c:1879 lib/setup.c:1941
-#: src/cryptsetup.c:992 src/cryptsetup.c:1023
+#: src/cryptsetup.c:1001 src/cryptsetup.c:1032
 msgid "Enter new passphrase for key slot: "
 msgstr "Indtast ny adgangsfrase for nøgleplads: "
 
@@ -582,7 +582,7 @@ msgstr "Den anmodte LUKS-hash %s er ikke understøttet.\n"
 msgid "LUKS keyslot %u is invalid.\n"
 msgstr "LUKS-nøgleplads %u er ugyldig.\n"
 
-#: lib/luks1/keymanage.c:456 src/cryptsetup.c:664
+#: lib/luks1/keymanage.c:456 src/cryptsetup.c:668
 msgid "No known problems detected for LUKS header.\n"
 msgstr "Ingen kendte problemer detekteret for LUKS-teksthoved.\n"
 
@@ -634,7 +634,7 @@ msgstr "Nøgleplads %d-materiale inkluderer for mange få striber (»stribes«).
 msgid "Key slot %d unlocked.\n"
 msgstr "Nøgleplads %d låst op.\n"
 
-#: lib/luks1/keymanage.c:990 src/cryptsetup.c:858
+#: lib/luks1/keymanage.c:990 src/cryptsetup.c:867
 #: src/cryptsetup_reencrypt.c:1020 src/cryptsetup_reencrypt.c:1057
 msgid "No key available with this passphrase.\n"
 msgstr "Ingen nøgle tilgængelig med denne adgangsfrase.\n"
@@ -680,11 +680,11 @@ msgstr "Den maksimale længde for TCRYPT-adgangsfrasen (%d) er overskredet.\n"
 msgid "PBKDF2 hash algorithm %s not available, skipping.\n"
 msgstr "PBKDF2-hashalgoritmen %s er ikke tilgængelig, udelader.\n"
 
-#: lib/tcrypt/tcrypt.c:561 src/cryptsetup.c:617
+#: lib/tcrypt/tcrypt.c:561 src/cryptsetup.c:621
 msgid "Required kernel crypto interface not available.\n"
 msgstr "Krævet kernegrænseflade for crypto er ikke tilgængelig.\n"
 
-#: lib/tcrypt/tcrypt.c:563 src/cryptsetup.c:619
+#: lib/tcrypt/tcrypt.c:563 src/cryptsetup.c:623
 msgid "Ensure you have algif_skcipher kernel module loaded.\n"
 msgstr "Sikr dig at du har kernemodulet algif_skcipher indlæst.\n"
 
@@ -791,32 +791,32 @@ msgstr "Oprettelse af hash-område mislykkedes.\n"
 msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u).\n"
 msgstr "ADVARSEL: Kerne kan ikke aktivere enhed hvis dataenes blokstørrelse er større end sidestørrelsen (%u).\n"
 
-#: src/cryptsetup.c:91
+#: src/cryptsetup.c:92
 msgid "Can't do passphrase verification on non-tty inputs.\n"
 msgstr "Kan ikke udføre verificering af adgangsfrase på ikke-tty-inddata.\n"
 
-#: src/cryptsetup.c:132 src/cryptsetup.c:560 src/cryptsetup.c:707
+#: src/cryptsetup.c:133 src/cryptsetup.c:564 src/cryptsetup.c:711
 #: src/cryptsetup_reencrypt.c:523 src/cryptsetup_reencrypt.c:577
 msgid "No known cipher specification pattern detected.\n"
 msgstr "Ikke kendt specifikationsmønster for krypteringsalgoritme detekteret.\n"
 
-#: src/cryptsetup.c:140
+#: src/cryptsetup.c:141
 msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
 msgstr "ADVARSEL: Parameteren --hash bliver ignoreret i ren (plain) tilstand med nøglefil specificeret.\n"
 
-#: src/cryptsetup.c:148
+#: src/cryptsetup.c:149
 msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
 msgstr "ADVARSEL: Tilvalget --keyfile-size bliver ignoreret, læsestørrelsen er den samme som størrelsen for krypteringsnøglen.\n"
 
-#: src/cryptsetup.c:214
+#: src/cryptsetup.c:215
 msgid "Option --key-file is required.\n"
 msgstr "Tilvalget --key-file er krævet.\n"
 
-#: src/cryptsetup.c:263
+#: src/cryptsetup.c:267
 msgid "No device header detected with this passphrase.\n"
 msgstr "Intet enhedsteksthoved detekteret med denne adgangsfrase.\n"
 
-#: src/cryptsetup.c:323 src/cryptsetup.c:1151
+#: src/cryptsetup.c:327 src/cryptsetup.c:1160
 msgid ""
 "Header dump with volume key is sensitive information\n"
 "which allows access to encrypted partition without passphrase.\n"
@@ -826,112 +826,112 @@ msgstr ""
 "som giver adgang til krypteret partition uden adgangsfrase.\n"
 "Dette dump bør altid lagres krypteret et sikkert sted."
 
-#: src/cryptsetup.c:513
+#: src/cryptsetup.c:517
 msgid "Result of benchmark is not reliable.\n"
 msgstr "Sammenligningens resultat er ikke troværdigt.\n"
 
-#: src/cryptsetup.c:554
+#: src/cryptsetup.c:558
 msgid "# Tests are approximate using memory only (no storage IO).\n"
 msgstr "# Test bruger kun hukommelse omtrentlig (ingen lager-IO).\n"
 
-#: src/cryptsetup.c:579 src/cryptsetup.c:601
+#: src/cryptsetup.c:583 src/cryptsetup.c:605
 msgid "#  Algorithm | Key |  Encryption |  Decryption\n"
 msgstr "# Algoritme | Nøgle | Kryptering | Dekryptering\n"
 
-#: src/cryptsetup.c:583
+#: src/cryptsetup.c:587
 #, c-format
 msgid "Cipher %s is not available.\n"
 msgstr "Krypteringsalgoritmen %s er ikke tilgængelig.\n"
 
-#: src/cryptsetup.c:610
+#: src/cryptsetup.c:614
 msgid "N/A"
 msgstr "-"
 
-#: src/cryptsetup.c:635
+#: src/cryptsetup.c:639
 #, c-format
 msgid "Cannot read keyfile %s.\n"
 msgstr "Kan ikke læse nøglefilen %s.\n"
 
-#: src/cryptsetup.c:639
+#: src/cryptsetup.c:643
 #, c-format
 msgid "Cannot read %d bytes from keyfile %s.\n"
 msgstr "Kan ikke læse %d byte fra nøglefilen %s.\n"
 
-#: src/cryptsetup.c:668
+#: src/cryptsetup.c:672
 msgid "Really try to repair LUKS device header?"
 msgstr "Skal LUKS-enhedsteksthovedet forsøges repareres?"
 
-#: src/cryptsetup.c:693
+#: src/cryptsetup.c:697
 #, c-format
 msgid "This will overwrite data on %s irrevocably."
 msgstr "Dette vil uigenkaldeligt overskrive data på %s."
 
-#: src/cryptsetup.c:695
+#: src/cryptsetup.c:699
 msgid "memory allocation error in action_luksFormat"
 msgstr "hukommelsesallokeringsfejl i action_luksFormat"
 
-#: src/cryptsetup.c:717
+#: src/cryptsetup.c:721
 #, c-format
 msgid "Cannot use %s as on-disk header.\n"
 msgstr "Kan ikke bruge %s på on-disk-teksthoved.\n"
 
-#: src/cryptsetup.c:784
+#: src/cryptsetup.c:788
 msgid "Reduced data offset is allowed only for detached LUKS header.\n"
 msgstr "Reduceret dataforskydning er kun tilladt for frakoblet LUKS-teksthoved.\n"
 
-#: src/cryptsetup.c:881 src/cryptsetup.c:937
+#: src/cryptsetup.c:890 src/cryptsetup.c:946
 #, c-format
 msgid "Key slot %d selected for deletion.\n"
 msgstr "Nøgleplads %d valgt for sletning.\n"
 
-#: src/cryptsetup.c:884
+#: src/cryptsetup.c:893
 #, c-format
 msgid "Key %d not active. Can't wipe.\n"
 msgstr "Nøglen %d er ikke aktiv. Kan ikke rydde.\n"
 
-#: src/cryptsetup.c:892 src/cryptsetup.c:940
+#: src/cryptsetup.c:901 src/cryptsetup.c:949
 msgid "This is the last keyslot. Device will become unusable after purging this key."
 msgstr "Dette er den sidste nøgleplads. Enheden vil blive ubrugelig efter fjernelse af denne nøgle."
 
-#: src/cryptsetup.c:893
+#: src/cryptsetup.c:902
 msgid "Enter any remaining passphrase: "
 msgstr "Indtast en eventuel tilbageværende adgangsfrase: "
 
-#: src/cryptsetup.c:921
+#: src/cryptsetup.c:930
 msgid "Enter passphrase to be deleted: "
 msgstr "Indtast adgangsfrase som skal slettes: "
 
-#: src/cryptsetup.c:1008 src/cryptsetup_reencrypt.c:1095
+#: src/cryptsetup.c:1017 src/cryptsetup_reencrypt.c:1095
 #, c-format
 msgid "Enter any existing passphrase: "
 msgstr "Indtast en eventuel eksisterende adgangsfrase: "
 
-#: src/cryptsetup.c:1063
+#: src/cryptsetup.c:1072
 msgid "Enter passphrase to be changed: "
 msgstr "Indtast adgangsfrase som skal ændres: "
 
-#: src/cryptsetup.c:1077 src/cryptsetup_reencrypt.c:1080
+#: src/cryptsetup.c:1086 src/cryptsetup_reencrypt.c:1080
 msgid "Enter new passphrase: "
 msgstr "Indtast ny adgangsfrase: "
 
-#: src/cryptsetup.c:1101
+#: src/cryptsetup.c:1110
 msgid "Only one device argument for isLuks operation is supported.\n"
 msgstr "Kun et enhedsargument for isLuks-operation er understøttet.\n"
 
-#: src/cryptsetup.c:1257 src/cryptsetup.c:1278
+#: src/cryptsetup.c:1266 src/cryptsetup.c:1287
 msgid "Option --header-backup-file is required.\n"
 msgstr "Tilvalget --header-backup-file er krævet.\n"
 
-#: src/cryptsetup.c:1315
+#: src/cryptsetup.c:1324
 #, c-format
 msgid "Unrecognized metadata device type %s.\n"
 msgstr "Metadataenhedstypen %s blev ikke genkendt.\n"
 
-#: src/cryptsetup.c:1318
+#: src/cryptsetup.c:1327
 msgid "Command requires device and mapped name as arguments.\n"
 msgstr "Kommandoen kræver enhedsnavn og oversat navn som argumenter.\n"
 
-#: src/cryptsetup.c:1337
+#: src/cryptsetup.c:1346
 #, c-format
 msgid ""
 "This operation will erase all keyslots on device %s.\n"
@@ -940,115 +940,115 @@ msgstr ""
 "Denne operation vil slette alle nøglepladser på enheden %s.\n"
 "Enheden vil blive ubrugelig efter denne operation."
 
-#: src/cryptsetup.c:1371
+#: src/cryptsetup.c:1380
 msgid "<device> [--type <type>] [<name>]"
 msgstr "<enhed> [--type <type>] [<navn>]"
 
-#: src/cryptsetup.c:1371
+#: src/cryptsetup.c:1380
 msgid "open device as mapping <name>"
 msgstr "åbn enhed som oversættelse <navn>"
 
-#: src/cryptsetup.c:1372 src/cryptsetup.c:1373 src/cryptsetup.c:1374
-#: src/cryptsetup.c:1375 src/veritysetup.c:311 src/veritysetup.c:312
+#: src/cryptsetup.c:1381 src/cryptsetup.c:1382 src/cryptsetup.c:1383
+#: src/cryptsetup.c:1384 src/veritysetup.c:311 src/veritysetup.c:312
 msgid "<name>"
 msgstr "<navn>"
 
-#: src/cryptsetup.c:1372
+#: src/cryptsetup.c:1381
 msgid "close device (remove mapping)"
 msgstr "luk enhed (fjern oversættelse)"
 
-#: src/cryptsetup.c:1373
+#: src/cryptsetup.c:1382
 msgid "resize active device"
 msgstr "ændr størrelse på aktiv enhed"
 
-#: src/cryptsetup.c:1374
+#: src/cryptsetup.c:1383
 msgid "show device status"
 msgstr "vis enhedsstatus"
 
-#: src/cryptsetup.c:1375
+#: src/cryptsetup.c:1384
 msgid "benchmark cipher"
 msgstr "krypteringsalgoritme for sammenligning"
 
-#: src/cryptsetup.c:1376 src/cryptsetup.c:1377 src/cryptsetup.c:1383
-#: src/cryptsetup.c:1384 src/cryptsetup.c:1385 src/cryptsetup.c:1386
-#: src/cryptsetup.c:1387 src/cryptsetup.c:1388 src/cryptsetup.c:1389
-#: src/cryptsetup.c:1390
+#: src/cryptsetup.c:1385 src/cryptsetup.c:1386 src/cryptsetup.c:1392
+#: src/cryptsetup.c:1393 src/cryptsetup.c:1394 src/cryptsetup.c:1395
+#: src/cryptsetup.c:1396 src/cryptsetup.c:1397 src/cryptsetup.c:1398
+#: src/cryptsetup.c:1399
 msgid "<device>"
 msgstr "<enhed>"
 
-#: src/cryptsetup.c:1376
+#: src/cryptsetup.c:1385
 msgid "try to repair on-disk metadata"
 msgstr "prøv at reparere on-disk-metadata"
 
-#: src/cryptsetup.c:1377
+#: src/cryptsetup.c:1386
 msgid "erase all keyslots (remove encryption key)"
 msgstr "slet alle nøglepladser (fjern krypteringsnøgle)"
 
-#: src/cryptsetup.c:1378 src/cryptsetup.c:1379
+#: src/cryptsetup.c:1387 src/cryptsetup.c:1388
 msgid "<device> [<new key file>]"
 msgstr "<enhed> [<ny nøglefil>]"
 
-#: src/cryptsetup.c:1378
+#: src/cryptsetup.c:1387
 msgid "formats a LUKS device"
 msgstr "formaterer en LUKS-enhed"
 
-#: src/cryptsetup.c:1379
+#: src/cryptsetup.c:1388
 msgid "add key to LUKS device"
 msgstr "tilføj nøgle til LUKS-enhed"
 
-#: src/cryptsetup.c:1380 src/cryptsetup.c:1381
+#: src/cryptsetup.c:1389 src/cryptsetup.c:1390
 msgid "<device> [<key file>]"
 msgstr "<enhed> [<nøglefil>]"
 
-#: src/cryptsetup.c:1380
+#: src/cryptsetup.c:1389
 msgid "removes supplied key or key file from LUKS device"
 msgstr "fjerner leveret nøgle eller nøglefil fra LUKS-enhed"
 
-#: src/cryptsetup.c:1381
+#: src/cryptsetup.c:1390
 msgid "changes supplied key or key file of LUKS device"
 msgstr "ændrer leveret nøgle eller nøglefil for LUKS-enhed"
 
-#: src/cryptsetup.c:1382
+#: src/cryptsetup.c:1391
 msgid "<device> <key slot>"
 msgstr "<enhed> <nøgleplads>"
 
-#: src/cryptsetup.c:1382
+#: src/cryptsetup.c:1391
 msgid "wipes key with number <key slot> from LUKS device"
 msgstr "rydder nøgle med nummer <nøgleplads> fra LUKS-enhed"
 
-#: src/cryptsetup.c:1383
+#: src/cryptsetup.c:1392
 msgid "print UUID of LUKS device"
 msgstr "vis UUID for lUKS-enhed"
 
-#: src/cryptsetup.c:1384
+#: src/cryptsetup.c:1393
 msgid "tests <device> for LUKS partition header"
 msgstr "tester <enhed> for LUKS-partitionsteksthoved"
 
-#: src/cryptsetup.c:1385
+#: src/cryptsetup.c:1394
 msgid "dump LUKS partition information"
 msgstr "dump LUKS-partitionsinformation"
 
-#: src/cryptsetup.c:1386
+#: src/cryptsetup.c:1395
 msgid "dump TCRYPT device information"
 msgstr "dump TCRYPT-enhedsinformation"
 
-#: src/cryptsetup.c:1387
+#: src/cryptsetup.c:1396
 msgid "Suspend LUKS device and wipe key (all IOs are frozen)."
 msgstr "Suspender LUKS-enhed og ryd nøgle (alle IO'er fryses fast)."
 
-#: src/cryptsetup.c:1388
+#: src/cryptsetup.c:1397
 msgid "Resume suspended LUKS device."
 msgstr "Genoptag suspenderet LUKS-enhed."
 
-#: src/cryptsetup.c:1389
+#: src/cryptsetup.c:1398
 msgid "Backup LUKS device header and keyslots"
 msgstr "Lav sikkerhedskopi af LUKS-enhedsteksthoved og nøglepladser"
 
-#: src/cryptsetup.c:1390
+#: src/cryptsetup.c:1399
 msgid "Restore LUKS device header and keyslots"
 msgstr "Gendan LUKS-teksthoved og nøglepladser"
 
-#: src/cryptsetup.c:1407 src/veritysetup.c:328
+#: src/cryptsetup.c:1416 src/veritysetup.c:328
 msgid ""
 "\n"
 "<action> is one of:\n"
@@ -1056,7 +1056,7 @@ msgstr ""
 "\n"
 "<handling> er en af:\n"
 
-#: src/cryptsetup.c:1413
+#: src/cryptsetup.c:1422
 msgid ""
 "\n"
 "You can also use old <action> syntax aliases:\n"
@@ -1068,7 +1068,7 @@ msgstr ""
 "\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n"
 "\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n"
 
-#: src/cryptsetup.c:1417
+#: src/cryptsetup.c:1426
 #, c-format
 msgid ""
 "\n"
@@ -1083,7 +1083,7 @@ msgstr ""
 "<nøgleplads> er LUKS-nøglens pladsnummer, der skal ændres\n"
 "<nøglefil> valgfri nøglefil for den nye nøgle for luksAddKey-handling\n"
 
-#: src/cryptsetup.c:1424
+#: src/cryptsetup.c:1433
 #, c-format
 msgid ""
 "\n"
@@ -1096,7 +1096,7 @@ msgstr ""
 "\tMaksimal nøglefilsstørrelse: %dkB, Maksimal interaktiv adgangsfraselængde %d (tegn)\n"
 "Standard PBKDF2-iterationstid for LUKS: %d (ms)\n"
 
-#: src/cryptsetup.c:1431
+#: src/cryptsetup.c:1440
 #, c-format
 msgid ""
 "\n"
@@ -1111,229 +1111,229 @@ msgstr ""
 "\tplain: %s, Nøgle: %d bit, Adgangskodehashing: %s\n"
 "\tLUKS1: %s, Nøgle: %d bit, LUKS-teksthovedhashing: %s, RNG: %s\n"
 
-#: src/cryptsetup.c:1448 src/veritysetup.c:460
+#: src/cryptsetup.c:1457 src/veritysetup.c:460
 #, c-format
 msgid "%s: requires %s as arguments"
 msgstr "%s: kræver %s som argumenter"
 
-#: src/cryptsetup.c:1481 src/veritysetup.c:368 src/cryptsetup_reencrypt.c:1274
+#: src/cryptsetup.c:1490 src/veritysetup.c:368 src/cryptsetup_reencrypt.c:1274
 msgid "Show this help message"
 msgstr "Vis denne hjælpetekst"
 
-#: src/cryptsetup.c:1482 src/veritysetup.c:369 src/cryptsetup_reencrypt.c:1275
+#: src/cryptsetup.c:1491 src/veritysetup.c:369 src/cryptsetup_reencrypt.c:1275
 msgid "Display brief usage"
 msgstr "Vis en kort brugsmanual"
 
-#: src/cryptsetup.c:1486 src/veritysetup.c:373 src/cryptsetup_reencrypt.c:1279
+#: src/cryptsetup.c:1495 src/veritysetup.c:373 src/cryptsetup_reencrypt.c:1279
 msgid "Help options:"
 msgstr "Hjælpetilvalg:"
 
-#: src/cryptsetup.c:1487 src/veritysetup.c:374 src/cryptsetup_reencrypt.c:1280
+#: src/cryptsetup.c:1496 src/veritysetup.c:374 src/cryptsetup_reencrypt.c:1280
 msgid "Print package version"
 msgstr "Vis pakkeversion"
 
-#: src/cryptsetup.c:1488 src/veritysetup.c:375 src/cryptsetup_reencrypt.c:1281
+#: src/cryptsetup.c:1497 src/veritysetup.c:375 src/cryptsetup_reencrypt.c:1281
 msgid "Shows more detailed error messages"
 msgstr "Viser mere detaljerede fejlbeskeder"
 
-#: src/cryptsetup.c:1489 src/veritysetup.c:376 src/cryptsetup_reencrypt.c:1282
+#: src/cryptsetup.c:1498 src/veritysetup.c:376 src/cryptsetup_reencrypt.c:1282
 msgid "Show debug messages"
 msgstr "Vis fejlsøgningsbeskeder"
 
-#: src/cryptsetup.c:1490 src/cryptsetup_reencrypt.c:1284
+#: src/cryptsetup.c:1499 src/cryptsetup_reencrypt.c:1284
 msgid "The cipher used to encrypt the disk (see /proc/crypto)"
 msgstr "Krypteringsalgoritmen brugt til at kryptere disken (se /proc/crypto)"
 
-#: src/cryptsetup.c:1491 src/cryptsetup_reencrypt.c:1286
+#: src/cryptsetup.c:1500 src/cryptsetup_reencrypt.c:1286
 msgid "The hash used to create the encryption key from the passphrase"
 msgstr "Hashen brugt til at oprette krypteringsnøglen fra adgangsfrasen"
 
-#: src/cryptsetup.c:1492
+#: src/cryptsetup.c:1501
 msgid "Verifies the passphrase by asking for it twice"
 msgstr "Verificerer adgangsfrasen ved at anmode om den to gange"
 
-#: src/cryptsetup.c:1493 src/cryptsetup_reencrypt.c:1288
+#: src/cryptsetup.c:1502 src/cryptsetup_reencrypt.c:1288
 msgid "Read the key from a file."
 msgstr "Læs nøglen fra en fil."
 
-#: src/cryptsetup.c:1494
+#: src/cryptsetup.c:1503
 msgid "Read the volume (master) key from file."
 msgstr "Læs diskenhedens (master) nøgle fra fil."
 
-#: src/cryptsetup.c:1495
+#: src/cryptsetup.c:1504
 msgid "Dump volume (master) key instead of keyslots info."
 msgstr "Dump diskenheds (master) nøgle i stedet for information om nøgleplads."
 
-#: src/cryptsetup.c:1496 src/cryptsetup_reencrypt.c:1285
+#: src/cryptsetup.c:1505 src/cryptsetup_reencrypt.c:1285
 msgid "The size of the encryption key"
 msgstr "Størrelsen for den krypterede nøgle"
 
-#: src/cryptsetup.c:1496 src/cryptsetup_reencrypt.c:1285
+#: src/cryptsetup.c:1505 src/cryptsetup_reencrypt.c:1285
 msgid "BITS"
 msgstr "BIT"
 
-#: src/cryptsetup.c:1497 src/cryptsetup_reencrypt.c:1299
+#: src/cryptsetup.c:1506 src/cryptsetup_reencrypt.c:1299
 msgid "Limits the read from keyfile"
 msgstr "Begræns læsningen fra nøglefil"
 
-#: src/cryptsetup.c:1497 src/cryptsetup.c:1498 src/cryptsetup.c:1499
-#: src/cryptsetup.c:1500 src/veritysetup.c:379 src/veritysetup.c:380
+#: src/cryptsetup.c:1506 src/cryptsetup.c:1507 src/cryptsetup.c:1508
+#: src/cryptsetup.c:1509 src/veritysetup.c:379 src/veritysetup.c:380
 #: src/veritysetup.c:382 src/cryptsetup_reencrypt.c:1298
 #: src/cryptsetup_reencrypt.c:1299 src/cryptsetup_reencrypt.c:1300
 #: src/cryptsetup_reencrypt.c:1301
 msgid "bytes"
 msgstr "byte"
 
-#: src/cryptsetup.c:1498 src/cryptsetup_reencrypt.c:1298
+#: src/cryptsetup.c:1507 src/cryptsetup_reencrypt.c:1298
 msgid "Number of bytes to skip in keyfile"
 msgstr "Antallet af byte at udelade i nøglefil"
 
-#: src/cryptsetup.c:1499
+#: src/cryptsetup.c:1508
 msgid "Limits the read from newly added keyfile"
 msgstr "Begræns læsningnen fra nyligt tilføjet nøglefil"
 
-#: src/cryptsetup.c:1500
+#: src/cryptsetup.c:1509
 msgid "Number of bytes to skip in newly added keyfile"
 msgstr "Antallet af byte at udelade i senest tilføjet nøglefil"
 
-#: src/cryptsetup.c:1501
+#: src/cryptsetup.c:1510
 msgid "Slot number for new key (default is first free)"
 msgstr "Pladsnummer for ny nøgle (standard er den første ledige)"
 
-#: src/cryptsetup.c:1502
+#: src/cryptsetup.c:1511
 msgid "The size of the device"
 msgstr "Størrelse på enheden"
 
-#: src/cryptsetup.c:1502 src/cryptsetup.c:1503 src/cryptsetup.c:1504
-#: src/cryptsetup.c:1510
+#: src/cryptsetup.c:1511 src/cryptsetup.c:1512 src/cryptsetup.c:1513
+#: src/cryptsetup.c:1519
 msgid "SECTORS"
 msgstr "SEKTORER"
 
-#: src/cryptsetup.c:1503
+#: src/cryptsetup.c:1512
 msgid "The start offset in the backend device"
 msgstr "Startforskydningen i motorenheden"
 
-#: src/cryptsetup.c:1504
+#: src/cryptsetup.c:1513
 msgid "How many sectors of the encrypted data to skip at the beginning"
 msgstr "Antal sektorer med krypterede data som skal udelades i begyndelsen"
 
-#: src/cryptsetup.c:1505
+#: src/cryptsetup.c:1514
 msgid "Create a readonly mapping"
 msgstr "Opret en skrivebeskyttet oversættelse"
 
-#: src/cryptsetup.c:1506 src/cryptsetup_reencrypt.c:1289
+#: src/cryptsetup.c:1515 src/cryptsetup_reencrypt.c:1289
 msgid "PBKDF2 iteration time for LUKS (in ms)"
 msgstr "PBKDF2-iteratoinstid for LUKS (i ms)"
 
-#: src/cryptsetup.c:1506 src/cryptsetup_reencrypt.c:1289
+#: src/cryptsetup.c:1515 src/cryptsetup_reencrypt.c:1289
 msgid "msecs"
 msgstr "ms"
 
-#: src/cryptsetup.c:1507 src/cryptsetup_reencrypt.c:1290
+#: src/cryptsetup.c:1516 src/cryptsetup_reencrypt.c:1290
 msgid "Do not ask for confirmation"
 msgstr "Anmod ikke om bekræftelse"
 
-#: src/cryptsetup.c:1508
+#: src/cryptsetup.c:1517
 msgid "Timeout for interactive passphrase prompt (in seconds)"
 msgstr "Tidsudløb for interaktiv adgangsfraseprompt (i sekunder)"
 
-#: src/cryptsetup.c:1508
+#: src/cryptsetup.c:1517
 msgid "secs"
 msgstr "sek"
 
-#: src/cryptsetup.c:1509 src/cryptsetup_reencrypt.c:1291
+#: src/cryptsetup.c:1518 src/cryptsetup_reencrypt.c:1291
 msgid "How often the input of the passphrase can be retried"
 msgstr "Hvor ofte inddata for adgangsfrasen kan indhentes"
 
-#: src/cryptsetup.c:1510
+#: src/cryptsetup.c:1519
 msgid "Align payload at <n> sector boundaries - for luksFormat"
 msgstr "Juster belastning ved <n> sektorgrænser - for luksFormat"
 
-#: src/cryptsetup.c:1511
+#: src/cryptsetup.c:1520
 msgid "File with LUKS header and keyslots backup."
 msgstr "Fil med LUKS-teksthoved og sikkerhedskopi af nøglepladser."
 
-#: src/cryptsetup.c:1512 src/cryptsetup_reencrypt.c:1292
+#: src/cryptsetup.c:1521 src/cryptsetup_reencrypt.c:1292
 msgid "Use /dev/random for generating volume key."
 msgstr "Brug /dev/random til oprettelse af diskenhedsnøgle."
 
-#: src/cryptsetup.c:1513 src/cryptsetup_reencrypt.c:1293
+#: src/cryptsetup.c:1522 src/cryptsetup_reencrypt.c:1293
 msgid "Use /dev/urandom for generating volume key."
 msgstr "Brug /dev/urandom til oprettelse af diskenhedsnøgle."
 
-#: src/cryptsetup.c:1514
+#: src/cryptsetup.c:1523
 msgid "Share device with another non-overlapping crypt segment."
 msgstr "Del enhed med et andet ikkeoverlappende kryptsegment."
 
-#: src/cryptsetup.c:1515 src/veritysetup.c:385
+#: src/cryptsetup.c:1524 src/veritysetup.c:385
 msgid "UUID for device to use."
 msgstr "UUID som enheden skal bruge."
 
-#: src/cryptsetup.c:1516
+#: src/cryptsetup.c:1525
 msgid "Allow discards (aka TRIM) requests for device."
 msgstr "Tillader fjernelsesforespørgsler (a.k.a. TRIM) for enhed."
 
-#: src/cryptsetup.c:1517
+#: src/cryptsetup.c:1526
 msgid "Device or file with separated LUKS header."
 msgstr "Enhed eller fil med adskilt LUKS-teksthoved."
 
-#: src/cryptsetup.c:1518
+#: src/cryptsetup.c:1527
 msgid "Do not activate device, just check passphrase."
 msgstr "Aktiver ikke enhed, kontroller bare adgangsfrase."
 
-#: src/cryptsetup.c:1519
+#: src/cryptsetup.c:1528
 msgid "Use hidden header (hidden TCRYPT device)."
 msgstr "Brug skjult teksthoved (skjult TCRYPT-enhed)."
 
-#: src/cryptsetup.c:1520
+#: src/cryptsetup.c:1529
 msgid "Device is system TCRYPT drive (with bootloader)."
 msgstr "Enhed er system-TCRYPT-drev (med opstartsindlæser)."
 
-#: src/cryptsetup.c:1521
+#: src/cryptsetup.c:1530
 msgid "Use backup (secondary) TCRYPT header."
 msgstr "Brug sikkerhedskopi (sekundær) TCRYPT-teksthoved."
 
-#: src/cryptsetup.c:1522
+#: src/cryptsetup.c:1531
 msgid "Scan also for VeraCrypt compatible device."
 msgstr "Skan også for VeraCrypt-kompatibel enhed."
 
-#: src/cryptsetup.c:1523
+#: src/cryptsetup.c:1532
 msgid "Type of device metadata: luks, plain, loopaes, tcrypt."
 msgstr "Type for enheds metadata: luks, plain, loopaes, tcrypt."
 
-#: src/cryptsetup.c:1524
+#: src/cryptsetup.c:1533
 msgid "Disable password quality check (if enabled)."
 msgstr "Deaktiver kontrol af adgangskodens kvalitet (hvis aktiveret)."
 
-#: src/cryptsetup.c:1525
+#: src/cryptsetup.c:1534
 msgid "Use dm-crypt same_cpu_crypt performance compatibility option."
 msgstr "Brug tilvalgene dm-crypt og same_cpu_crypt for ydelseskompatibilitet."
 
-#: src/cryptsetup.c:1526
+#: src/cryptsetup.c:1535
 msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option."
 msgstr "Brug tilvalgene dm-crypt og submit_from_crypt_cpus for ydelseskompatibilitet."
 
-#: src/cryptsetup.c:1542 src/veritysetup.c:402
+#: src/cryptsetup.c:1551 src/veritysetup.c:402
 msgid "[OPTION...] <action> <action-specific>"
 msgstr "[TILVALG...] <handling> <handling-specifik>"
 
-#: src/cryptsetup.c:1589 src/veritysetup.c:439
+#: src/cryptsetup.c:1602 src/veritysetup.c:439
 msgid "Argument <action> missing."
 msgstr "Argument <handling> mangler."
 
-#: src/cryptsetup.c:1642 src/veritysetup.c:445
+#: src/cryptsetup.c:1655 src/veritysetup.c:445
 msgid "Unknown action."
 msgstr "Ukendt handling."
 
-#: src/cryptsetup.c:1652
+#: src/cryptsetup.c:1665
 msgid "Option --shared is allowed only for open of plain device.\n"
 msgstr "Tilvalget --shared er kun tilladt for åbning af en ren enhed.\n"
 
-#: src/cryptsetup.c:1657
+#: src/cryptsetup.c:1670
 msgid "Option --allow-discards is allowed only for open operation.\n"
 msgstr "Tilvalget --allow-discards er kun tilladt for åbne operationer.\n"
 
-#: src/cryptsetup.c:1665
+#: src/cryptsetup.c:1678
 msgid ""
 "Option --key-size is allowed only for luksFormat, open and benchmark.\n"
 "To limit read from keyfile use --keyfile-size=(bytes)."
@@ -1341,60 +1341,64 @@ msgstr ""
 "Tilvalget --key-size er kun tilladt for luksFormat, open og benchmark.\n"
 "For at begrænse læsning fra nøglefilen bruges --keyfile-size=(bytes)."
 
-#: src/cryptsetup.c:1672
+#: src/cryptsetup.c:1685
 msgid "Option --test-passphrase is allowed only for open of LUKS and TCRYPT devices.\n"
 msgstr "Tilvalget --test-passphrase er kun tilladt for åbning af LUKS- og TCRYPT-enheder.\n"
 
-#: src/cryptsetup.c:1677 src/cryptsetup_reencrypt.c:1360
+#: src/cryptsetup.c:1690 src/cryptsetup_reencrypt.c:1360
 msgid "Key size must be a multiple of 8 bits"
 msgstr "Nøglestørrelse skal gå op i 8 bit"
 
-#: src/cryptsetup.c:1684 src/cryptsetup_reencrypt.c:1365
+#: src/cryptsetup.c:1697 src/cryptsetup_reencrypt.c:1365
 msgid "Key slot is invalid."
 msgstr "Nøgleplads er ugyldig."
 
-#: src/cryptsetup.c:1691
+#: src/cryptsetup.c:1704
 msgid "Option --key-file takes precedence over specified key file argument.\n"
 msgstr "Tilvalget --key-file har forrang over specificeret nøglefilsargument.\n"
 
-#: src/cryptsetup.c:1699 src/veritysetup.c:467 src/cryptsetup_reencrypt.c:1349
+#: src/cryptsetup.c:1712 src/veritysetup.c:467 src/cryptsetup_reencrypt.c:1349
 msgid "Negative number for option not permitted."
 msgstr "Negativ nummer for tilvalg er ikke tilladt."
 
-#: src/cryptsetup.c:1703 src/cryptsetup_reencrypt.c:1343
+#: src/cryptsetup.c:1716
+msgid "Only one --key-file argument is allowed."
+msgstr "Kun en parameter for --key-file er tilladt."
+
+#: src/cryptsetup.c:1720 src/cryptsetup_reencrypt.c:1343
 #: src/cryptsetup_reencrypt.c:1369
 msgid "Only one of --use-[u]random options is allowed."
 msgstr "Kun et af tilvalgene --use-[u]random er tilladt."
 
-#: src/cryptsetup.c:1707
+#: src/cryptsetup.c:1724
 msgid "Option --use-[u]random is allowed only for luksFormat."
 msgstr "Tilvalget --use-[u]random er kun tilladt for luksFormat."
 
-#: src/cryptsetup.c:1711
+#: src/cryptsetup.c:1728
 msgid "Option --uuid is allowed only for luksFormat and luksUUID."
 msgstr "Tilvalget --uid er kun tilladt for luksFormat og luksUUID."
 
-#: src/cryptsetup.c:1715
+#: src/cryptsetup.c:1732
 msgid "Option --align-payload is allowed only for luksFormat."
 msgstr "Tilvalget --align-payload er kun tilladt for luksFormat."
 
-#: src/cryptsetup.c:1721
+#: src/cryptsetup.c:1738
 msgid "Option --skip is supported only for open of plain and loopaes devices.\n"
 msgstr "Tilvalget --skip er kun understøttet for åbning af plain- og loopaes-enheder.\n"
 
-#: src/cryptsetup.c:1727
+#: src/cryptsetup.c:1744
 msgid "Option --offset is supported only for open of plain and loopaes devices.\n"
 msgstr "Tilvalget --offset er kun understøttet for åbning af plain- og loopaes-enheder.\n"
 
-#: src/cryptsetup.c:1733
+#: src/cryptsetup.c:1750
 msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device.\n"
 msgstr "Tilvalgene --tcrypt-hidden, --tcrypt-system eller --tcrypt-backup er kun understøttet for TCRYPT-enhed.\n"
 
-#: src/cryptsetup.c:1738
+#: src/cryptsetup.c:1755
 msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n"
 msgstr "Tilvaget --tcrypt-hidden kan ikke kombineres med --allow-discards.\n"
 
-#: src/cryptsetup.c:1743
+#: src/cryptsetup.c:1760
 msgid "Option --veracrypt is supported only for TCRYPT device type.\n"
 msgstr "Tilvalget --veracrypt er kun understøttet for TCRYPT-enhedstype.\n"
 

po/es.po

@@ -1,8 +1,8 @@
 # Spanish translations for cryptsetup package
 # Traducciones al español para el paquete cryptsetup.
-# Copyright (C) 2014, 2015 Free Software Foundation, Inc.
+# Copyright (C) 2014, 2015, 2016 Free Software Foundation, Inc.
 # This file is put in the public domain.
-# Antonio Ceballos <aceballos@gmail.com>, 2013, 2014, 2015
+# Antonio Ceballos <aceballos@gmail.com>, 2013, 2014, 2015, 2016
 #
 # ######################################################################
 # Traducciones dudosas:
@@ -70,10 +70,10 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: cryptsetup 1.7.0\n"
+"Project-Id-Version: cryptsetup 1.7.1\n"
 "Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2015-10-29 13:27+0100\n"
-"PO-Revision-Date: 2015-10-30 00:00+0100\n"
+"POT-Creation-Date: 2016-02-21 21:24+0100\n"
+"PO-Revision-Date: 2016-02-28 17:09+0100\n"
 "Last-Translator: Antonio Ceballos <aceballos@gmail.com>\n"
 "Language-Team: Spanish <es@tp.org.es>\n"
 "Language: es\n"
@@ -293,8 +293,8 @@ msgstr "La reanudación no está disponible para el dispositivo %s.\n"
 msgid "Error during resuming device %s.\n"
 msgstr "Error durante la reanudación del dispositivo %s.\n"
 
-#: lib/setup.c:1654 lib/setup.c:2089 lib/setup.c:2103 src/cryptsetup.c:183
-#: src/cryptsetup.c:244 src/cryptsetup.c:732 src/cryptsetup.c:1162
+#: lib/setup.c:1654 lib/setup.c:2089 lib/setup.c:2103 src/cryptsetup.c:184
+#: src/cryptsetup.c:248 src/cryptsetup.c:736 src/cryptsetup.c:1171
 msgid "Enter passphrase: "
 msgstr "Introduzca la frase contraseña: "
 
@@ -307,7 +307,7 @@ msgid "Enter any passphrase: "
 msgstr "Introduzca una frase contraseña cualquiera: "
 
 #: lib/setup.c:1742 lib/setup.c:1875 lib/setup.c:1879 lib/setup.c:1941
-#: src/cryptsetup.c:992 src/cryptsetup.c:1023
+#: src/cryptsetup.c:1001 src/cryptsetup.c:1032
 msgid "Enter new passphrase for key slot: "
 msgstr "Introduzca una nueva frase contraseña para la ranura de claves: "
 
@@ -645,7 +645,7 @@ msgstr "La «hash» LUKS solicitada %s no está disponible.\n"
 msgid "LUKS keyslot %u is invalid.\n"
 msgstr "La ranura de claves LUKS %u no es válida.\n"
 
-#: lib/luks1/keymanage.c:456 src/cryptsetup.c:664
+#: lib/luks1/keymanage.c:456 src/cryptsetup.c:668
 msgid "No known problems detected for LUKS header.\n"
 msgstr "No se ha detectado ningún problema en la cabecera LUKS.\n"
 
@@ -697,7 +697,7 @@ msgstr "El material de la ranura de claves %d no tiene suficientes bandas. Quiz
 msgid "Key slot %d unlocked.\n"
 msgstr "Ranura de claves %d desbloqueada.\n"
 
-#: lib/luks1/keymanage.c:990 src/cryptsetup.c:858
+#: lib/luks1/keymanage.c:990 src/cryptsetup.c:867
 #: src/cryptsetup_reencrypt.c:1020 src/cryptsetup_reencrypt.c:1057
 msgid "No key available with this passphrase.\n"
 msgstr "No hay ninguna clave disponible con esa frase contraseña.\n"
@@ -743,11 +743,11 @@ msgstr "Se ha excedido la longitud máxima (%d) de la frase contraseña TCRYPT.\
 msgid "PBKDF2 hash algorithm %s not available, skipping.\n"
 msgstr "El algoritmo «hash» %s no está disponible, por lo que se ha ignorado.\n"
 
-#: lib/tcrypt/tcrypt.c:561 src/cryptsetup.c:617
+#: lib/tcrypt/tcrypt.c:561 src/cryptsetup.c:621
 msgid "Required kernel crypto interface not available.\n"
 msgstr "La interfaz de cifrado del núcleo requerida no está disponible.\n"
 
-#: lib/tcrypt/tcrypt.c:563 src/cryptsetup.c:619
+#: lib/tcrypt/tcrypt.c:563 src/cryptsetup.c:623
 msgid "Ensure you have algif_skcipher kernel module loaded.\n"
 msgstr "Asegúrese de que el módulo del núcleo algof_skcipher está cargado.\n"
 
@@ -854,32 +854,32 @@ msgstr "La creación del área «hash» ha fallado.\n"
 msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u).\n"
 msgstr "ATENCIÓN: el núcleo no puede activar un dispositivo si el tamaño del bloque de datos excede el tamaño de página (%u).\n"
 
-#: src/cryptsetup.c:91
+#: src/cryptsetup.c:92
 msgid "Can't do passphrase verification on non-tty inputs.\n"
 msgstr "No se puede hacer verificación de frase contraseña en entradas no tty.\n"
 
-#: src/cryptsetup.c:132 src/cryptsetup.c:560 src/cryptsetup.c:707
+#: src/cryptsetup.c:133 src/cryptsetup.c:564 src/cryptsetup.c:711
 #: src/cryptsetup_reencrypt.c:523 src/cryptsetup_reencrypt.c:577
 msgid "No known cipher specification pattern detected.\n"
 msgstr "No se ha detectado ningún patrón conocido de especificación de cifrado.\n"
 
-#: src/cryptsetup.c:140
+#: src/cryptsetup.c:141
 msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
 msgstr "ATENCIÓN: No se va a hacer caso del parámetro --hash en modo no cifrado con el fichero de claves especificado.\n"
 
-#: src/cryptsetup.c:148
+#: src/cryptsetup.c:149
 msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
 msgstr "ATENCIÓN: No se va a hacer caso de la opción --keyfile-size; el tamaño de lectura es igual al tamaño de la clave de cifrado.\n"
 
-#: src/cryptsetup.c:214
+#: src/cryptsetup.c:215
 msgid "Option --key-file is required.\n"
 msgstr "Es necesaria la opción --key-file.\n"
 
-#: src/cryptsetup.c:263
+#: src/cryptsetup.c:267
 msgid "No device header detected with this passphrase.\n"
 msgstr "No se ha detectado ninguna cabecera de dispositivo con esa frase contraseña.\n"
 
-#: src/cryptsetup.c:323 src/cryptsetup.c:1151
+#: src/cryptsetup.c:327 src/cryptsetup.c:1160
 msgid ""
 "Header dump with volume key is sensitive information\n"
 "which allows access to encrypted partition without passphrase.\n"
@@ -889,112 +889,112 @@ msgstr ""
 "sensible que permite el acceso a una partición cifrada sin frase contraseña.\n"
 "Este volcado debería almacenarse siempre cifrado en un lugar seguro."
 
-#: src/cryptsetup.c:513
+#: src/cryptsetup.c:517
 msgid "Result of benchmark is not reliable.\n"
 msgstr "El resultado de la comparativa no es fiable.\n"
 
-#: src/cryptsetup.c:554
+#: src/cryptsetup.c:558
 msgid "# Tests are approximate using memory only (no storage IO).\n"
 msgstr "# Las pruebas son solo aproximadas usando memoria (no hay entrada/salida de almacenadmiento).\n"
 
-#: src/cryptsetup.c:579 src/cryptsetup.c:601
+#: src/cryptsetup.c:583 src/cryptsetup.c:605
 msgid "#  Algorithm | Key |  Encryption |  Decryption\n"
 msgstr "# Algoritmo | Clave | Cifrado | Descifrado\n"
 
-#: src/cryptsetup.c:583
+#: src/cryptsetup.c:587
 #, c-format
 msgid "Cipher %s is not available.\n"
 msgstr "El algoritmo de cifrado %s no está disponible.\n"
 
-#: src/cryptsetup.c:610
+#: src/cryptsetup.c:614
 msgid "N/A"
 msgstr "/N/A"
 
-#: src/cryptsetup.c:635
+#: src/cryptsetup.c:639
 #, c-format
 msgid "Cannot read keyfile %s.\n"
 msgstr "No se puede leer el fichero de claves %s.\n"
 
-#: src/cryptsetup.c:639
+#: src/cryptsetup.c:643
 #, c-format
 msgid "Cannot read %d bytes from keyfile %s.\n"
 msgstr "No se pueden leer %d «bytes» en el fichero de claves %s.\n"
 
-#: src/cryptsetup.c:668
+#: src/cryptsetup.c:672
 msgid "Really try to repair LUKS device header?"
 msgstr "¿Está seguro de que quiere intentar reparar la cabecera del dispositivo LUKS?"
 
-#: src/cryptsetup.c:693
+#: src/cryptsetup.c:697
 #, c-format
 msgid "This will overwrite data on %s irrevocably."
 msgstr "Esto sobreescribirá los datos en %s de forma irrevocable."
 
-#: src/cryptsetup.c:695
+#: src/cryptsetup.c:699
 msgid "memory allocation error in action_luksFormat"
 msgstr "error de reserva de memoria en action_luksFormat"
 
-#: src/cryptsetup.c:717
+#: src/cryptsetup.c:721
 #, c-format
 msgid "Cannot use %s as on-disk header.\n"
 msgstr "No se puede utilizar %s como cabecera en disco.\n"
 
-#: src/cryptsetup.c:784
+#: src/cryptsetup.c:788
 msgid "Reduced data offset is allowed only for detached LUKS header.\n"
 msgstr "La posición de datos reducida está permitida solamente para cabecera LUKS separada.\n"
 
-#: src/cryptsetup.c:881 src/cryptsetup.c:937
+#: src/cryptsetup.c:890 src/cryptsetup.c:946
 #, c-format
 msgid "Key slot %d selected for deletion.\n"
 msgstr "La ranura de claves %d se va a borrar.\n"
 
-#: src/cryptsetup.c:884
+#: src/cryptsetup.c:893
 #, c-format
 msgid "Key %d not active. Can't wipe.\n"
 msgstr "La clave %d no está activa. No se puede limpiar.\n"
 
-#: src/cryptsetup.c:892 src/cryptsetup.c:940
+#: src/cryptsetup.c:901 src/cryptsetup.c:949
 msgid "This is the last keyslot. Device will become unusable after purging this key."
 msgstr "Esta es la última ranura de claves. El dispositivo quedará inutilizado después de purgar esta clave."
 
-#: src/cryptsetup.c:893
+#: src/cryptsetup.c:902
 msgid "Enter any remaining passphrase: "
 msgstr "Introduzca cualquier frase contraseña que quede: "
 
-#: src/cryptsetup.c:921
+#: src/cryptsetup.c:930
 msgid "Enter passphrase to be deleted: "
 msgstr "Introduzca la frase contraseña que hay que borrar: "
 
-#: src/cryptsetup.c:1008 src/cryptsetup_reencrypt.c:1095
+#: src/cryptsetup.c:1017 src/cryptsetup_reencrypt.c:1095
 #, c-format
 msgid "Enter any existing passphrase: "
 msgstr "Introduzca cualquier frase contraseña que exista: "
 
-#: src/cryptsetup.c:1063
+#: src/cryptsetup.c:1072
 msgid "Enter passphrase to be changed: "
 msgstr "Introduzca la frase contraseña que hay que cambiar: "
 
-#: src/cryptsetup.c:1077 src/cryptsetup_reencrypt.c:1080
+#: src/cryptsetup.c:1086 src/cryptsetup_reencrypt.c:1080
 msgid "Enter new passphrase: "
 msgstr "Introduzca una nueva frase contraseña: "
 
-#: src/cryptsetup.c:1101
+#: src/cryptsetup.c:1110
 msgid "Only one device argument for isLuks operation is supported.\n"
 msgstr "La operación isLuks solo admite un argumento de dispositivo.\n"
 
-#: src/cryptsetup.c:1257 src/cryptsetup.c:1278
+#: src/cryptsetup.c:1266 src/cryptsetup.c:1287
 msgid "Option --header-backup-file is required.\n"
 msgstr "Es necesaria la opción --header-backup-file.\n"
 
-#: src/cryptsetup.c:1315
+#: src/cryptsetup.c:1324
 #, c-format
 msgid "Unrecognized metadata device type %s.\n"
 msgstr "Tipo de dispositivo de metadatos %s no reconocido.\n"
 
-#: src/cryptsetup.c:1318
+#: src/cryptsetup.c:1327
 msgid "Command requires device and mapped name as arguments.\n"
 msgstr "Esta orden necesita como argumentos el dispositivo y el nombre asociado.\n"
 
-#: src/cryptsetup.c:1337
+#: src/cryptsetup.c:1346
 #, c-format
 msgid ""
 "This operation will erase all keyslots on device %s.\n"
@@ -1003,115 +1003,115 @@ msgstr ""
 "Esta operación borrará todas las ranuras de claves en el dispositivo %s.\n"
 "El dispositivo quedará inutilizable después de esta operación."
 
-#: src/cryptsetup.c:1371
+#: src/cryptsetup.c:1380
 msgid "<device> [--type <type>] [<name>]"
 msgstr "<dispositivo> [--type <tipo> [<nombre>]"
 
-#: src/cryptsetup.c:1371
+#: src/cryptsetup.c:1380
 msgid "open device as mapping <name>"
 msgstr "abrir el dispositivo como asociado a <nombre>"
 
-#: src/cryptsetup.c:1372 src/cryptsetup.c:1373 src/cryptsetup.c:1374
-#: src/cryptsetup.c:1375 src/veritysetup.c:311 src/veritysetup.c:312
+#: src/cryptsetup.c:1381 src/cryptsetup.c:1382 src/cryptsetup.c:1383
+#: src/cryptsetup.c:1384 src/veritysetup.c:311 src/veritysetup.c:312
 msgid "<name>"
 msgstr "<nombre>"
 
-#: src/cryptsetup.c:1372
+#: src/cryptsetup.c:1381
 msgid "close device (remove mapping)"
 msgstr "cerrar dispositivo (eliminar asociación)"
 
-#: src/cryptsetup.c:1373
+#: src/cryptsetup.c:1382
 msgid "resize active device"
 msgstr "cambiar el tamaño del dispositivo activo"
 
-#: src/cryptsetup.c:1374
+#: src/cryptsetup.c:1383
 msgid "show device status"
 msgstr "mostrar el estado del dispositivo"
 
-#: src/cryptsetup.c:1375
+#: src/cryptsetup.c:1384
 msgid "benchmark cipher"
 msgstr "algoritmo de cifrado para pruebas"
 
-#: src/cryptsetup.c:1376 src/cryptsetup.c:1377 src/cryptsetup.c:1383
-#: src/cryptsetup.c:1384 src/cryptsetup.c:1385 src/cryptsetup.c:1386
-#: src/cryptsetup.c:1387 src/cryptsetup.c:1388 src/cryptsetup.c:1389
-#: src/cryptsetup.c:1390
+#: src/cryptsetup.c:1385 src/cryptsetup.c:1386 src/cryptsetup.c:1392
+#: src/cryptsetup.c:1393 src/cryptsetup.c:1394 src/cryptsetup.c:1395
+#: src/cryptsetup.c:1396 src/cryptsetup.c:1397 src/cryptsetup.c:1398
+#: src/cryptsetup.c:1399
 msgid "<device>"
 msgstr "<dispositivo>"
 
-#: src/cryptsetup.c:1376
+#: src/cryptsetup.c:1385
 msgid "try to repair on-disk metadata"
 msgstr "intentar reparar metadatos en disco"
 
-#: src/cryptsetup.c:1377
+#: src/cryptsetup.c:1386
 msgid "erase all keyslots (remove encryption key)"
 msgstr "borrar todas las ranuras de claves (eliminar clave de cifrado)"
 
-#: src/cryptsetup.c:1378 src/cryptsetup.c:1379
+#: src/cryptsetup.c:1387 src/cryptsetup.c:1388
 msgid "<device> [<new key file>]"
 msgstr "<dispositivo> [<nuevo fichero de claves>]"
 
-#: src/cryptsetup.c:1378
+#: src/cryptsetup.c:1387
 msgid "formats a LUKS device"
 msgstr "da formato a un dispositivo LUKS"
 
-#: src/cryptsetup.c:1379
+#: src/cryptsetup.c:1388
 msgid "add key to LUKS device"
 msgstr "añadir clave a un dispositivo LUKS"
 
-#: src/cryptsetup.c:1380 src/cryptsetup.c:1381
+#: src/cryptsetup.c:1389 src/cryptsetup.c:1390
 msgid "<device> [<key file>]"
 msgstr "<dispositivo> [<fichero de claves>]"
 
-#: src/cryptsetup.c:1380
+#: src/cryptsetup.c:1389
 msgid "removes supplied key or key file from LUKS device"
 msgstr "elimina la clave suministrada o el fichero de claves del dispositivo LUKS"
 
-#: src/cryptsetup.c:1381
+#: src/cryptsetup.c:1390
 msgid "changes supplied key or key file of LUKS device"
 msgstr "cambia la clave suministrada o el fichero de claves del dispositivo LUKS"
 
-#: src/cryptsetup.c:1382
+#: src/cryptsetup.c:1391
 msgid "<device> <key slot>"
 msgstr "<dispositivo> <ranura de claves>"
 
-#: src/cryptsetup.c:1382
+#: src/cryptsetup.c:1391
 msgid "wipes key with number <key slot> from LUKS device"
 msgstr "borra la clave con el número <ranura de clave> del dispositivo LUKS"
 
-#: src/cryptsetup.c:1383
+#: src/cryptsetup.c:1392
 msgid "print UUID of LUKS device"
 msgstr "imprimir el UUID del dispositivo LUKS"
 
-#: src/cryptsetup.c:1384
+#: src/cryptsetup.c:1393
 msgid "tests <device> for LUKS partition header"
 msgstr "comprueba si <dispositivo> tiene cabecera de partición LUKS"
 
-#: src/cryptsetup.c:1385
+#: src/cryptsetup.c:1394
 msgid "dump LUKS partition information"
 msgstr "volcar información sobre la partición LUKS"
 
-#: src/cryptsetup.c:1386
+#: src/cryptsetup.c:1395
 msgid "dump TCRYPT device information"
 msgstr "volcar información sobre el dispositivo TCRYPT"
 
-#: src/cryptsetup.c:1387
+#: src/cryptsetup.c:1396
 msgid "Suspend LUKS device and wipe key (all IOs are frozen)."
 msgstr "Suspender el dispositivo LUKS y limpiar la clave (todas las entradas/salidas congeladas)."
 
-#: src/cryptsetup.c:1388
+#: src/cryptsetup.c:1397
 msgid "Resume suspended LUKS device."
 msgstr "Reanudar el dispositivo LUKS suspendido."
 
-#: src/cryptsetup.c:1389
+#: src/cryptsetup.c:1398
 msgid "Backup LUKS device header and keyslots"
 msgstr "Hacer copia de seguridad de la cabecera y de las ranuras de claves del dispositivo LUKS"
 
-#: src/cryptsetup.c:1390
+#: src/cryptsetup.c:1399
 msgid "Restore LUKS device header and keyslots"
 msgstr "Restaurar la cabecera y las ranuras de claves del dispositivo LUKS"
 
-#: src/cryptsetup.c:1407 src/veritysetup.c:328
+#: src/cryptsetup.c:1416 src/veritysetup.c:328
 msgid ""
 "\n"
 "<action> is one of:\n"
@@ -1119,7 +1119,7 @@ msgstr ""
 "\n"
 "<acción> es una de:\n"
 
-#: src/cryptsetup.c:1413
+#: src/cryptsetup.c:1422
 msgid ""
 "\n"
 "You can also use old <action> syntax aliases:\n"
@@ -1131,7 +1131,7 @@ msgstr ""
 "\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n"
 "\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n"
 
-#: src/cryptsetup.c:1417
+#: src/cryptsetup.c:1426
 #, c-format
 msgid ""
 "\n"
@@ -1146,7 +1146,7 @@ msgstr ""
 "<ranura de claves> es el número de la ranura de claves que se va a modificar\n"
 "<fichero de claves> fichero de claves opcional para la nueva clave para la acción 'luksAddKey'\n"
 
-#: src/cryptsetup.c:1424
+#: src/cryptsetup.c:1433
 #, c-format
 msgid ""
 "\n"
@@ -1159,7 +1159,7 @@ msgstr ""
 "\tTamaño máximo del fichero de claves: %dk8, Longitud máxima de frase contraseña interactiva: %d (caracteres)\n"
 "Tiempo PBKDF2 de iteración de LUKS predefinido: %d (ms)\n"
 
-#: src/cryptsetup.c:1431
+#: src/cryptsetup.c:1440
 #, c-format
 msgid ""
 "\n"
@@ -1174,229 +1174,229 @@ msgstr ""
 "\tsin cifrado: %s, Clave: %d bits, Contraseña «hashing»: %s\n"
 "\tLUKS1: %s, Clave: %d bits, «hashing» de la cabecera LUKS: %s, Generador de números aleatorios: %s\n"
 
-#: src/cryptsetup.c:1448 src/veritysetup.c:460
+#: src/cryptsetup.c:1457 src/veritysetup.c:460
 #, c-format
 msgid "%s: requires %s as arguments"
 msgstr "%s: necesita %s como argumentos"
 
-#: src/cryptsetup.c:1481 src/veritysetup.c:368 src/cryptsetup_reencrypt.c:1274
+#: src/cryptsetup.c:1490 src/veritysetup.c:368 src/cryptsetup_reencrypt.c:1274
 msgid "Show this help message"
 msgstr "Mostrar este mensaje de ayuda"
 
-#: src/cryptsetup.c:1482 src/veritysetup.c:369 src/cryptsetup_reencrypt.c:1275
+#: src/cryptsetup.c:1491 src/veritysetup.c:369 src/cryptsetup_reencrypt.c:1275
 msgid "Display brief usage"
 msgstr "Mostrar brevemente cómo se usa"
 
-#: src/cryptsetup.c:1486 src/veritysetup.c:373 src/cryptsetup_reencrypt.c:1279
+#: src/cryptsetup.c:1495 src/veritysetup.c:373 src/cryptsetup_reencrypt.c:1279
 msgid "Help options:"
 msgstr "Opciones de ayuda:"
 
-#: src/cryptsetup.c:1487 src/veritysetup.c:374 src/cryptsetup_reencrypt.c:1280
+#: src/cryptsetup.c:1496 src/veritysetup.c:374 src/cryptsetup_reencrypt.c:1280
 msgid "Print package version"
 msgstr "Imprimir versión del paquete"
 
-#: src/cryptsetup.c:1488 src/veritysetup.c:375 src/cryptsetup_reencrypt.c:1281
+#: src/cryptsetup.c:1497 src/veritysetup.c:375 src/cryptsetup_reencrypt.c:1281
 msgid "Shows more detailed error messages"
 msgstr "Muestra mensajes de error más detallados"
 
-#: src/cryptsetup.c:1489 src/veritysetup.c:376 src/cryptsetup_reencrypt.c:1282
+#: src/cryptsetup.c:1498 src/veritysetup.c:376 src/cryptsetup_reencrypt.c:1282
 msgid "Show debug messages"
 msgstr "Mostrar mensajes de depuración"
 
-#: src/cryptsetup.c:1490 src/cryptsetup_reencrypt.c:1284
+#: src/cryptsetup.c:1499 src/cryptsetup_reencrypt.c:1284
 msgid "The cipher used to encrypt the disk (see /proc/crypto)"
 msgstr "Algoritmo de cifrado utilizado para cifrar el disco (ver /proc/crypto)"
 
-#: src/cryptsetup.c:1491 src/cryptsetup_reencrypt.c:1286
+#: src/cryptsetup.c:1500 src/cryptsetup_reencrypt.c:1286
 msgid "The hash used to create the encryption key from the passphrase"
 msgstr "Algoritmo «hash» utilizado para crear la clave de cifrado a partir de la frase contraseña"
 
-#: src/cryptsetup.c:1492
+#: src/cryptsetup.c:1501
 msgid "Verifies the passphrase by asking for it twice"
 msgstr "Verifica la frase contraseña preguntándola dos veces"
 
-#: src/cryptsetup.c:1493 src/cryptsetup_reencrypt.c:1288
+#: src/cryptsetup.c:1502 src/cryptsetup_reencrypt.c:1288
 msgid "Read the key from a file."
 msgstr "Leer la clave de un fichero."
 
-#: src/cryptsetup.c:1494
+#: src/cryptsetup.c:1503
 msgid "Read the volume (master) key from file."
 msgstr "Leer la clave (maestra) del volumen desde fichero."
 
-#: src/cryptsetup.c:1495
+#: src/cryptsetup.c:1504
 msgid "Dump volume (master) key instead of keyslots info."
 msgstr "Volcar la clave (maestra) del volumen en lugar de la información de las ranuras de claves."
 
-#: src/cryptsetup.c:1496 src/cryptsetup_reencrypt.c:1285
+#: src/cryptsetup.c:1505 src/cryptsetup_reencrypt.c:1285
 msgid "The size of the encryption key"
 msgstr "Tamaño de la clave de cifrado"
 
-#: src/cryptsetup.c:1496 src/cryptsetup_reencrypt.c:1285
+#: src/cryptsetup.c:1505 src/cryptsetup_reencrypt.c:1285
 msgid "BITS"
 msgstr "BITS"
 
-#: src/cryptsetup.c:1497 src/cryptsetup_reencrypt.c:1299
+#: src/cryptsetup.c:1506 src/cryptsetup_reencrypt.c:1299
 msgid "Limits the read from keyfile"
 msgstr "Limita la lectura desde fichero de claves"
 
-#: src/cryptsetup.c:1497 src/cryptsetup.c:1498 src/cryptsetup.c:1499
-#: src/cryptsetup.c:1500 src/veritysetup.c:379 src/veritysetup.c:380
+#: src/cryptsetup.c:1506 src/cryptsetup.c:1507 src/cryptsetup.c:1508
+#: src/cryptsetup.c:1509 src/veritysetup.c:379 src/veritysetup.c:380
 #: src/veritysetup.c:382 src/cryptsetup_reencrypt.c:1298
 #: src/cryptsetup_reencrypt.c:1299 src/cryptsetup_reencrypt.c:1300
 #: src/cryptsetup_reencrypt.c:1301
 msgid "bytes"
 msgstr "bytes"
 
-#: src/cryptsetup.c:1498 src/cryptsetup_reencrypt.c:1298
+#: src/cryptsetup.c:1507 src/cryptsetup_reencrypt.c:1298
 msgid "Number of bytes to skip in keyfile"
 msgstr "Número de bytes que hay que saltar en el fichero de claves"
 
-#: src/cryptsetup.c:1499
+#: src/cryptsetup.c:1508
 msgid "Limits the read from newly added keyfile"
 msgstr "Limita la lectura desde un fichero de claves recién añadido"
 
-#: src/cryptsetup.c:1500
+#: src/cryptsetup.c:1509
 msgid "Number of bytes to skip in newly added keyfile"
 msgstr "Número de bytes que hay que saltar en el fichero de claves recién añadido"
 
-#: src/cryptsetup.c:1501
+#: src/cryptsetup.c:1510
 msgid "Slot number for new key (default is first free)"
 msgstr "Número de ranura para la nueva clave (el primero libre es lo predefinido)"
 
-#: src/cryptsetup.c:1502
+#: src/cryptsetup.c:1511
 msgid "The size of the device"
 msgstr "Tamaño del dispositivo"
 
-#: src/cryptsetup.c:1502 src/cryptsetup.c:1503 src/cryptsetup.c:1504
-#: src/cryptsetup.c:1510
+#: src/cryptsetup.c:1511 src/cryptsetup.c:1512 src/cryptsetup.c:1513
+#: src/cryptsetup.c:1519
 msgid "SECTORS"
 msgstr "SECTORES"
 
-#: src/cryptsetup.c:1503
+#: src/cryptsetup.c:1512
 msgid "The start offset in the backend device"
 msgstr "iPosición de comienzo en el dispositivo «backend»"
 
-#: src/cryptsetup.c:1504
+#: src/cryptsetup.c:1513
 msgid "How many sectors of the encrypted data to skip at the beginning"
 msgstr "Cuántos sectores de los datos cifrados hay que saltar al principio"
 
-#: src/cryptsetup.c:1505
+#: src/cryptsetup.c:1514
 msgid "Create a readonly mapping"
 msgstr "Crear una asignación alatoria"
 
-#: src/cryptsetup.c:1506 src/cryptsetup_reencrypt.c:1289
+#: src/cryptsetup.c:1515 src/cryptsetup_reencrypt.c:1289
 msgid "PBKDF2 iteration time for LUKS (in ms)"
 msgstr "Tiempo de iteración PBKDF2 para LUKS (en ms)"
 
-#: src/cryptsetup.c:1506 src/cryptsetup_reencrypt.c:1289
+#: src/cryptsetup.c:1515 src/cryptsetup_reencrypt.c:1289
 msgid "msecs"
 msgstr "ms"
 
-#: src/cryptsetup.c:1507 src/cryptsetup_reencrypt.c:1290
+#: src/cryptsetup.c:1516 src/cryptsetup_reencrypt.c:1290
 msgid "Do not ask for confirmation"
 msgstr "No pedir confirmación"
 
-#: src/cryptsetup.c:1508
+#: src/cryptsetup.c:1517
 msgid "Timeout for interactive passphrase prompt (in seconds)"
 msgstr "Tiempo de espera máximo para petición interactiva de frase contraseña (en segundos)"
 
-#: src/cryptsetup.c:1508
+#: src/cryptsetup.c:1517
 msgid "secs"
 msgstr "s"
 
-#: src/cryptsetup.c:1509 src/cryptsetup_reencrypt.c:1291
+#: src/cryptsetup.c:1518 src/cryptsetup_reencrypt.c:1291
 msgid "How often the input of the passphrase can be retried"
 msgstr "Con qué frecuencia se puede volver a intentar introducir la frase contraseña"
 
-#: src/cryptsetup.c:1510
+#: src/cryptsetup.c:1519
 msgid "Align payload at <n> sector boundaries - for luksFormat"
 msgstr "Alinear los datos a <n> bordes de sector - para luksFormat"
 
-#: src/cryptsetup.c:1511
+#: src/cryptsetup.c:1520
 msgid "File with LUKS header and keyslots backup."
 msgstr "Fichero con copia de seguridad de cabecera LUKS y de ranuras de clave."
 
-#: src/cryptsetup.c:1512 src/cryptsetup_reencrypt.c:1292
+#: src/cryptsetup.c:1521 src/cryptsetup_reencrypt.c:1292
 msgid "Use /dev/random for generating volume key."
 msgstr "Usar /dev/random para generar la clave del volumen."
 
-#: src/cryptsetup.c:1513 src/cryptsetup_reencrypt.c:1293
+#: src/cryptsetup.c:1522 src/cryptsetup_reencrypt.c:1293
 msgid "Use /dev/urandom for generating volume key."
 msgstr "Usar /dev/urandom para generar la clave del volumen."
 
-#: src/cryptsetup.c:1514
+#: src/cryptsetup.c:1523
 msgid "Share device with another non-overlapping crypt segment."
 msgstr "Compartir dispositivo con otro segmento cifrado no solapado."
 
-#: src/cryptsetup.c:1515 src/veritysetup.c:385
+#: src/cryptsetup.c:1524 src/veritysetup.c:385
 msgid "UUID for device to use."
 msgstr "UUID del dispositivo que se va a usar."
 
-#: src/cryptsetup.c:1516
+#: src/cryptsetup.c:1525
 msgid "Allow discards (aka TRIM) requests for device."
 msgstr "Permitir solicitudes de descarte (también llamadas TRIM) para el dispositivo."
 
-#: src/cryptsetup.c:1517
+#: src/cryptsetup.c:1526
 msgid "Device or file with separated LUKS header."
 msgstr "Dispositivo o fichero con cabecera LUKS separada."
 
-#: src/cryptsetup.c:1518
+#: src/cryptsetup.c:1527
 msgid "Do not activate device, just check passphrase."
 msgstr "No activar dispositivo; comprobar frase contraseña solamente."
 
-#: src/cryptsetup.c:1519
+#: src/cryptsetup.c:1528
 msgid "Use hidden header (hidden TCRYPT device)."
 msgstr "Utilizar cabecera oculta (dispositivo TCRYPT oculto)."
 
-#: src/cryptsetup.c:1520
+#: src/cryptsetup.c:1529
 msgid "Device is system TCRYPT drive (with bootloader)."
 msgstr "El dispositivo es una unidad con sistema TCRYPT (con cargador de arranque)."
 
-#: src/cryptsetup.c:1521
+#: src/cryptsetup.c:1530
 msgid "Use backup (secondary) TCRYPT header."
 msgstr "Utilizar la cabecera TCRYPT de respaldo (secundaria)."
 
-#: src/cryptsetup.c:1522
+#: src/cryptsetup.c:1531
 msgid "Scan also for VeraCrypt compatible device."
 msgstr "Explorar también si es un dispositivo compatible con VeraCrypt."
 
-#: src/cryptsetup.c:1523
+#: src/cryptsetup.c:1532
 msgid "Type of device metadata: luks, plain, loopaes, tcrypt."
 msgstr "Tipo de metadatos del dispositivo: «luks», no cifrado, «loopaes», «tcrypt»."
 
-#: src/cryptsetup.c:1524
+#: src/cryptsetup.c:1533
 msgid "Disable password quality check (if enabled)."
 msgstr "Desactivar la comprobación de la calidad de la contraseña (si estaba activada)."
 
-#: src/cryptsetup.c:1525
+#: src/cryptsetup.c:1534
 msgid "Use dm-crypt same_cpu_crypt performance compatibility option."
 msgstr "Utilizar la opción de compatibilidad de rendimiento same_cpu_crypt de dm-crypt."
 
-#: src/cryptsetup.c:1526
+#: src/cryptsetup.c:1535
 msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option."
 msgstr "Utilizar la opción de compatibilidad de rendimiento submit_from_crypt_cpus de dm-crypt."
 
-#: src/cryptsetup.c:1542 src/veritysetup.c:402
+#: src/cryptsetup.c:1551 src/veritysetup.c:402
 msgid "[OPTION...] <action> <action-specific>"
 msgstr "[OPCIÓN...] <acción> <acción-específica>"
 
-#: src/cryptsetup.c:1589 src/veritysetup.c:439
+#: src/cryptsetup.c:1602 src/veritysetup.c:439
 msgid "Argument <action> missing."
 msgstr "El argumento <acción> no se ha proporcionado."
 
-#: src/cryptsetup.c:1642 src/veritysetup.c:445
+#: src/cryptsetup.c:1655 src/veritysetup.c:445
 msgid "Unknown action."
 msgstr "Acción desconocida."
 
-#: src/cryptsetup.c:1652
+#: src/cryptsetup.c:1665
 msgid "Option --shared is allowed only for open of plain device.\n"
 msgstr "La opción --shared solo se permite para abrir dispositivos no cifrados.\n"
 
-#: src/cryptsetup.c:1657
+#: src/cryptsetup.c:1670
 msgid "Option --allow-discards is allowed only for open operation.\n"
 msgstr "La opción --allow-discards solo se permite para la operación de abrir.\n"
 
-#: src/cryptsetup.c:1665
+#: src/cryptsetup.c:1678
 msgid ""
 "Option --key-size is allowed only for luksFormat, open and benchmark.\n"
 "To limit read from keyfile use --keyfile-size=(bytes)."
@@ -1404,60 +1404,64 @@ msgstr ""
 "La opción --key-size solo se permite con luksFormat, open y benchmark.\n"
 "Para limitar la lectura del fichero de claves, utilizar --keyfile-size=(bytes)."
 
-#: src/cryptsetup.c:1672
+#: src/cryptsetup.c:1685
 msgid "Option --test-passphrase is allowed only for open of LUKS and TCRYPT devices.\n"
 msgstr "La opción --test-passphrase solo se permite para abrir dispositivos LUKS y TCRYPT.\n"
 
-#: src/cryptsetup.c:1677 src/cryptsetup_reencrypt.c:1360
+#: src/cryptsetup.c:1690 src/cryptsetup_reencrypt.c:1360
 msgid "Key size must be a multiple of 8 bits"
 msgstr "El tamaño de clave debe ser un múltiplo de 8 bits"
 
-#: src/cryptsetup.c:1684 src/cryptsetup_reencrypt.c:1365
+#: src/cryptsetup.c:1697 src/cryptsetup_reencrypt.c:1365
 msgid "Key slot is invalid."
 msgstr "La ranura de claves no es válida."
 
-#: src/cryptsetup.c:1691
+#: src/cryptsetup.c:1704
 msgid "Option --key-file takes precedence over specified key file argument.\n"
 msgstr "La opción --key-file tiene precedencia sobre el argumento de fichero de claves especificado.\n"
 
-#: src/cryptsetup.c:1699 src/veritysetup.c:467 src/cryptsetup_reencrypt.c:1349
+#: src/cryptsetup.c:1712 src/veritysetup.c:467 src/cryptsetup_reencrypt.c:1349
 msgid "Negative number for option not permitted."
 msgstr "No se permiten números negativos para esta opción."
 
-#: src/cryptsetup.c:1703 src/cryptsetup_reencrypt.c:1343
+#: src/cryptsetup.c:1716
+msgid "Only one --key-file argument is allowed."
+msgstr "Solo se permite un argumento --key-file."
+
+#: src/cryptsetup.c:1720 src/cryptsetup_reencrypt.c:1343
 #: src/cryptsetup_reencrypt.c:1369
 msgid "Only one of --use-[u]random options is allowed."
 msgstr "Solo se permite una de las opciones --use-[u]random."
 
-#: src/cryptsetup.c:1707
+#: src/cryptsetup.c:1724
 msgid "Option --use-[u]random is allowed only for luksFormat."
 msgstr "La opción --use-[u]random solo se permite con luksFormat."
 
-#: src/cryptsetup.c:1711
+#: src/cryptsetup.c:1728
 msgid "Option --uuid is allowed only for luksFormat and luksUUID."
 msgstr "La opción --uuid solo se permite con luksFormat luksUUID."
 
-#: src/cryptsetup.c:1715
+#: src/cryptsetup.c:1732
 msgid "Option --align-payload is allowed only for luksFormat."
 msgstr "La opción --align-payload solo se permite con luksFormat."
 
-#: src/cryptsetup.c:1721
+#: src/cryptsetup.c:1738
 msgid "Option --skip is supported only for open of plain and loopaes devices.\n"
 msgstr "La opción --skip solo está disponible para abrir dispositivos no cifrados y «loopaes».\n"
 
-#: src/cryptsetup.c:1727
+#: src/cryptsetup.c:1744
 msgid "Option --offset is supported only for open of plain and loopaes devices.\n"
 msgstr "La opción --offset solo está disponible para abrir dispositivos no cifrados y «loopaes».\n"
 
-#: src/cryptsetup.c:1733
+#: src/cryptsetup.c:1750
 msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device.\n"
 msgstr "La opción --tcrypt-hidden o --tcrypt-system o --tcrypt-backup solo está disponible para dispositivos TCRYPT.\n"
 
-#: src/cryptsetup.c:1738
+#: src/cryptsetup.c:1755
 msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n"
 msgstr "La opción --tcrypt-hidden no puede combinarse con --allow-discards.\n"
 
-#: src/cryptsetup.c:1743
+#: src/cryptsetup.c:1760
 msgid "Option --veracrypt is supported only for TCRYPT device type.\n"
 msgstr "La opción --veracrypt solo está disponible para dispositivos TCRYPT.\n"
 

po/nl.po

@@ -1,14 +1,14 @@
 # Dutch translation of cryptsetup.
 # This file is distributed under the same license as the cryptsetup package.
 # Copyright (C) 2015 Free Software Foundation, Inc.
-# Koen Torfs <koen@drunkfelines.com>, 2015.
+# Koen Torfs <koen@drunkfelines.com>, 2016.
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: cryptsetup-1.7.0\n"
+"Project-Id-Version: cryptsetup-1.7.1\n"
 "Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2015-10-29 13:27+0100\n"
-"PO-Revision-Date: 2015-10-29 23:32+0100\n"
+"POT-Creation-Date: 2016-02-21 21:24+0100\n"
+"PO-Revision-Date: 2016-02-29 19:15+0100\n"
 "Last-Translator: Koen Torfs <koen@drunkfelines.com>\n"
 "Language-Team: Dutch <vertaling@vrijschrift.org>\n"
 "Language: nl\n"
@@ -229,8 +229,8 @@ msgstr "Hervatting wordt niet ondersteund voor apparaat %s.\n"
 msgid "Error during resuming device %s.\n"
 msgstr "Fout bij het hervatten van apparaat %s.\n"
 
-#: lib/setup.c:1654 lib/setup.c:2089 lib/setup.c:2103 src/cryptsetup.c:183
-#: src/cryptsetup.c:244 src/cryptsetup.c:732 src/cryptsetup.c:1162
+#: lib/setup.c:1654 lib/setup.c:2089 lib/setup.c:2103 src/cryptsetup.c:184
+#: src/cryptsetup.c:248 src/cryptsetup.c:736 src/cryptsetup.c:1171
 msgid "Enter passphrase: "
 msgstr "Voer wachtwoord in: "
 
@@ -243,7 +243,7 @@ msgid "Enter any passphrase: "
 msgstr "Voer enig wachtwoord in: "
 
 #: lib/setup.c:1742 lib/setup.c:1875 lib/setup.c:1879 lib/setup.c:1941
-#: src/cryptsetup.c:992 src/cryptsetup.c:1023
+#: src/cryptsetup.c:1001 src/cryptsetup.c:1032
 msgid "Enter new passphrase for key slot: "
 msgstr "Voer een nieuw wachtwoord in voor de sleutelplaats: "
 
@@ -581,7 +581,7 @@ msgstr "Aangevraagde LUKS-hash %s wordt niet ondersteund.\n"
 msgid "LUKS keyslot %u is invalid.\n"
 msgstr "LUKS-sleutelplaats %u is ongeldig.\n"
 
-#: lib/luks1/keymanage.c:456 src/cryptsetup.c:664
+#: lib/luks1/keymanage.c:456 src/cryptsetup.c:668
 msgid "No known problems detected for LUKS header.\n"
 msgstr "Geen gekende problemen gevonden bij LUKS-koptekst.\n"
 
@@ -633,7 +633,7 @@ msgstr "Inhoud van sleutelplaats %d bevat te weinig fragmenten. Koptekstmanipula
 msgid "Key slot %d unlocked.\n"
 msgstr "Sleutelplaats %d is ontgrendeld.\n"
 
-#: lib/luks1/keymanage.c:990 src/cryptsetup.c:858
+#: lib/luks1/keymanage.c:990 src/cryptsetup.c:867
 #: src/cryptsetup_reencrypt.c:1020 src/cryptsetup_reencrypt.c:1057
 msgid "No key available with this passphrase.\n"
 msgstr "Geen sleutel beschikbaar met dit wachtwoord.\n"
@@ -679,11 +679,11 @@ msgstr "Maximum TCRYPT-wachtwoorlengte (%d) overschreden.\n"
 msgid "PBKDF2 hash algorithm %s not available, skipping.\n"
 msgstr "PBKDF2 hash-algoritme %s is niet beschikbaar, wordt overgeslaan.\n"
 
-#: lib/tcrypt/tcrypt.c:561 src/cryptsetup.c:617
+#: lib/tcrypt/tcrypt.c:561 src/cryptsetup.c:621
 msgid "Required kernel crypto interface not available.\n"
 msgstr "Benodigde kernel cryptografie-interface is niet beschikbaar.\n"
 
-#: lib/tcrypt/tcrypt.c:563 src/cryptsetup.c:619
+#: lib/tcrypt/tcrypt.c:563 src/cryptsetup.c:623
 msgid "Ensure you have algif_skcipher kernel module loaded.\n"
 msgstr "Kijk na of kernelmodule algif_skcipher geladen is.\n"
 
@@ -790,32 +790,32 @@ msgstr "Creatie hash-gebied gefaald.\n"
 msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u).\n"
 msgstr "WAARSCHUWING: Kernel kan apparaat niet activeren als de gegevensblokgrootte groter is dan de paginagrootte (%u).\n"
 
-#: src/cryptsetup.c:91
+#: src/cryptsetup.c:92
 msgid "Can't do passphrase verification on non-tty inputs.\n"
 msgstr "Kan geen wachtwoordverificatie uitvoeren op invoer van buiten de terminal.\n"
 
-#: src/cryptsetup.c:132 src/cryptsetup.c:560 src/cryptsetup.c:707
+#: src/cryptsetup.c:133 src/cryptsetup.c:564 src/cryptsetup.c:711
 #: src/cryptsetup_reencrypt.c:523 src/cryptsetup_reencrypt.c:577
 msgid "No known cipher specification pattern detected.\n"
 msgstr "Geen bekend specificatiepatroon voor het sleutelalgoritme gevonden.\n"
 
-#: src/cryptsetup.c:140
+#: src/cryptsetup.c:141
 msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
 msgstr "WAARSCHUWING: In normale modus met opgegeven sleutelbestand wordt de --hash-parameter genegeerd.\n"
 
-#: src/cryptsetup.c:148
+#: src/cryptsetup.c:149
 msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
 msgstr "WAARSCHUWING: De optie --keyfile-size wordt genegeerd, de leesgrootte is gelijk aan de encryptiesleutelgrootte.\n"
 
-#: src/cryptsetup.c:214
+#: src/cryptsetup.c:215
 msgid "Option --key-file is required.\n"
 msgstr "Optie --key-file is vereist.\n"
 
-#: src/cryptsetup.c:263
+#: src/cryptsetup.c:267
 msgid "No device header detected with this passphrase.\n"
 msgstr "Geen apparaatkoptekst beschikbaar met dit wachtwoord.\n"
 
-#: src/cryptsetup.c:323 src/cryptsetup.c:1151
+#: src/cryptsetup.c:327 src/cryptsetup.c:1160
 msgid ""
 "Header dump with volume key is sensitive information\n"
 "which allows access to encrypted partition without passphrase.\n"
@@ -825,112 +825,112 @@ msgstr ""
 "die zonder wachtwoord toegang verschaft tot versleutelde partities.\n"
 "De dump zou steeds versleuteld en op een veilige plaats bewaard moeten worden."
 
-#: src/cryptsetup.c:513
+#: src/cryptsetup.c:517
 msgid "Result of benchmark is not reliable.\n"
 msgstr "Benchmarkresultaat is niet betrouwbaar.\n"
 
-#: src/cryptsetup.c:554
+#: src/cryptsetup.c:558
 msgid "# Tests are approximate using memory only (no storage IO).\n"
 msgstr "# Tests zijn bij benadering met enkel geheugen in gebruik (geen opslag-IO).\n"
 
-#: src/cryptsetup.c:579 src/cryptsetup.c:601
+#: src/cryptsetup.c:583 src/cryptsetup.c:605
 msgid "#  Algorithm | Key |  Encryption |  Decryption\n"
 msgstr "#  Algoritme | Sleutel |  Versleuteling |  Ontsleuteling\n"
 
-#: src/cryptsetup.c:583
+#: src/cryptsetup.c:587
 #, c-format
 msgid "Cipher %s is not available.\n"
 msgstr "Versleutelalgoritme %s is niet beschikbaar.\n"
 
-#: src/cryptsetup.c:610
+#: src/cryptsetup.c:614
 msgid "N/A"
 msgstr "N/A"
 
-#: src/cryptsetup.c:635
+#: src/cryptsetup.c:639
 #, c-format
 msgid "Cannot read keyfile %s.\n"
 msgstr "Kan sleutelbestand %s niet lezen.\n"
 
-#: src/cryptsetup.c:639
+#: src/cryptsetup.c:643
 #, c-format
 msgid "Cannot read %d bytes from keyfile %s.\n"
 msgstr "Kan %d bytes uit sleutelbestand %s niet lezen.\n"
 
-#: src/cryptsetup.c:668
+#: src/cryptsetup.c:672
 msgid "Really try to repair LUKS device header?"
 msgstr "Bent u zeker de LUKS-apparaatkoptekst te willen herstellen?"
 
-#: src/cryptsetup.c:693
+#: src/cryptsetup.c:697
 #, c-format
 msgid "This will overwrite data on %s irrevocably."
 msgstr "Dit zal data op %s onherroepelijk overschrijven."
 
-#: src/cryptsetup.c:695
+#: src/cryptsetup.c:699
 msgid "memory allocation error in action_luksFormat"
 msgstr "geheugentoewijzingsfout in action_luksFormat"
 
-#: src/cryptsetup.c:717
+#: src/cryptsetup.c:721
 #, c-format
 msgid "Cannot use %s as on-disk header.\n"
 msgstr "Kan %s niet als on-diskkoptekst gebruiken.\n"
 
-#: src/cryptsetup.c:784
+#: src/cryptsetup.c:788
 msgid "Reduced data offset is allowed only for detached LUKS header.\n"
 msgstr "Een verlaagde datagegevenspositie wordt enkel toegestaan voor een vrijstaande LUKS-koptekst.\n"
 
-#: src/cryptsetup.c:881 src/cryptsetup.c:937
+#: src/cryptsetup.c:890 src/cryptsetup.c:946
 #, c-format
 msgid "Key slot %d selected for deletion.\n"
 msgstr "Sleutelplaats %d geselecteerd voor verwijdering.\n"
 
-#: src/cryptsetup.c:884
+#: src/cryptsetup.c:893
 #, c-format
 msgid "Key %d not active. Can't wipe.\n"
 msgstr "Sleutel %d is niet actief. Kan niet wissen.\n"
 
-#: src/cryptsetup.c:892 src/cryptsetup.c:940
+#: src/cryptsetup.c:901 src/cryptsetup.c:949
 msgid "This is the last keyslot. Device will become unusable after purging this key."
 msgstr "Dit is de laatste sleutelplaats. Apparaat zal onbruikbaar worden na het verwijderen van deze sleutel."
 
-#: src/cryptsetup.c:893
+#: src/cryptsetup.c:902
 msgid "Enter any remaining passphrase: "
 msgstr "Voer enig overblijvend wachtwoord in: "
 
-#: src/cryptsetup.c:921
+#: src/cryptsetup.c:930
 msgid "Enter passphrase to be deleted: "
 msgstr "Voer het te verwijderen wachtwoord in: "
 
-#: src/cryptsetup.c:1008 src/cryptsetup_reencrypt.c:1095
+#: src/cryptsetup.c:1017 src/cryptsetup_reencrypt.c:1095
 #, c-format
 msgid "Enter any existing passphrase: "
 msgstr "Voer een bestaand wachtwoord in: "
 
-#: src/cryptsetup.c:1063
+#: src/cryptsetup.c:1072
 msgid "Enter passphrase to be changed: "
 msgstr "Voer het te wijzigen wachtwoord in: "
 
-#: src/cryptsetup.c:1077 src/cryptsetup_reencrypt.c:1080
+#: src/cryptsetup.c:1086 src/cryptsetup_reencrypt.c:1080
 msgid "Enter new passphrase: "
 msgstr "Voer nieuw wachtwoord in: "
 
-#: src/cryptsetup.c:1101
+#: src/cryptsetup.c:1110
 msgid "Only one device argument for isLuks operation is supported.\n"
 msgstr "Voor de isLuks-operatie wordt slechts één apparaatsargument ondersteund.\n"
 
-#: src/cryptsetup.c:1257 src/cryptsetup.c:1278
+#: src/cryptsetup.c:1266 src/cryptsetup.c:1287
 msgid "Option --header-backup-file is required.\n"
 msgstr "Optie --header-backup-file is vereist.\n"
 
-#: src/cryptsetup.c:1315
+#: src/cryptsetup.c:1324
 #, c-format
 msgid "Unrecognized metadata device type %s.\n"
 msgstr "Niet-herkende metadata bij apparaatstype %s.\n"
 
-#: src/cryptsetup.c:1318
+#: src/cryptsetup.c:1327
 msgid "Command requires device and mapped name as arguments.\n"
 msgstr "Opdracht vereist apparaat en toewijzingsnaam als argumenten.\n"
 
-#: src/cryptsetup.c:1337
+#: src/cryptsetup.c:1346
 #, c-format
 msgid ""
 "This operation will erase all keyslots on device %s.\n"
@@ -939,115 +939,115 @@ msgstr ""
 "Deze operatie zal alle sleutelplaatsen op apparaat %s wissen.\n"
 "Na deze operatie wordt het apparaat onbruikbaar."
 
-#: src/cryptsetup.c:1371
+#: src/cryptsetup.c:1380
 msgid "<device> [--type <type>] [<name>]"
 msgstr "<apparaat> [--type <type>] [<naam>]"
 
-#: src/cryptsetup.c:1371
+#: src/cryptsetup.c:1380
 msgid "open device as mapping <name>"
 msgstr "apparaat als toewijzing <naam> openen"
 
-#: src/cryptsetup.c:1372 src/cryptsetup.c:1373 src/cryptsetup.c:1374
-#: src/cryptsetup.c:1375 src/veritysetup.c:311 src/veritysetup.c:312
+#: src/cryptsetup.c:1381 src/cryptsetup.c:1382 src/cryptsetup.c:1383
+#: src/cryptsetup.c:1384 src/veritysetup.c:311 src/veritysetup.c:312
 msgid "<name>"
 msgstr "<naam>"
 
-#: src/cryptsetup.c:1372
+#: src/cryptsetup.c:1381
 msgid "close device (remove mapping)"
 msgstr "apparaat sluiten (toewijzingen verwijderen)"
 
-#: src/cryptsetup.c:1373
+#: src/cryptsetup.c:1382
 msgid "resize active device"
 msgstr "actief apparaat vergroten of verkleinen"
 
-#: src/cryptsetup.c:1374
+#: src/cryptsetup.c:1383
 msgid "show device status"
 msgstr "apparaatstatus tonen"
 
-#: src/cryptsetup.c:1375
+#: src/cryptsetup.c:1384
 msgid "benchmark cipher"
 msgstr "versleutelalgoritme benchmarken"
 
-#: src/cryptsetup.c:1376 src/cryptsetup.c:1377 src/cryptsetup.c:1383
-#: src/cryptsetup.c:1384 src/cryptsetup.c:1385 src/cryptsetup.c:1386
-#: src/cryptsetup.c:1387 src/cryptsetup.c:1388 src/cryptsetup.c:1389
-#: src/cryptsetup.c:1390
+#: src/cryptsetup.c:1385 src/cryptsetup.c:1386 src/cryptsetup.c:1392
+#: src/cryptsetup.c:1393 src/cryptsetup.c:1394 src/cryptsetup.c:1395
+#: src/cryptsetup.c:1396 src/cryptsetup.c:1397 src/cryptsetup.c:1398
+#: src/cryptsetup.c:1399
 msgid "<device>"
 msgstr "<apparaat>"
 
-#: src/cryptsetup.c:1376
+#: src/cryptsetup.c:1385
 msgid "try to repair on-disk metadata"
 msgstr "on-disk metadata proberen te herstellen"
 
-#: src/cryptsetup.c:1377
+#: src/cryptsetup.c:1386
 msgid "erase all keyslots (remove encryption key)"
 msgstr "alle sleutelplaatsen wissen (encryptiesleutel verwijderen)"
 
-#: src/cryptsetup.c:1378 src/cryptsetup.c:1379
+#: src/cryptsetup.c:1387 src/cryptsetup.c:1388
 msgid "<device> [<new key file>]"
 msgstr "<apparaat> [<nieuw sleutelbestand>]"
 
-#: src/cryptsetup.c:1378
+#: src/cryptsetup.c:1387
 msgid "formats a LUKS device"
 msgstr "een LUKS-apparaat formatteren"
 
-#: src/cryptsetup.c:1379
+#: src/cryptsetup.c:1388
 msgid "add key to LUKS device"
 msgstr "sleutel aan LUKS-apparaat toevoegen"
 
-#: src/cryptsetup.c:1380 src/cryptsetup.c:1381
+#: src/cryptsetup.c:1389 src/cryptsetup.c:1390
 msgid "<device> [<key file>]"
 msgstr "<apparaat> [<sleutelbestand>]"
 
-#: src/cryptsetup.c:1380
+#: src/cryptsetup.c:1389
 msgid "removes supplied key or key file from LUKS device"
 msgstr "verschafte sleutel of sleutelbestand van LUKS-apparaat verwijderen"
 
-#: src/cryptsetup.c:1381
+#: src/cryptsetup.c:1390
 msgid "changes supplied key or key file of LUKS device"
 msgstr "wijzigt verschafte sleutel of sleutelbestand van LUKS-apparaat"
 
-#: src/cryptsetup.c:1382
+#: src/cryptsetup.c:1391
 msgid "<device> <key slot>"
 msgstr "<apparaat> <sleutelplaats>"
 
-#: src/cryptsetup.c:1382
+#: src/cryptsetup.c:1391
 msgid "wipes key with number <key slot> from LUKS device"
 msgstr "sleutel met nummer <sleutelplaats> van LUKS-apparaat verwijderen"
 
-#: src/cryptsetup.c:1383
+#: src/cryptsetup.c:1392
 msgid "print UUID of LUKS device"
 msgstr "UUID van LUKS-apparaat tonen"
 
-#: src/cryptsetup.c:1384
+#: src/cryptsetup.c:1393
 msgid "tests <device> for LUKS partition header"
 msgstr "<apparaat> op een LUKS-partitiekoptekst testen"
 
-#: src/cryptsetup.c:1385
+#: src/cryptsetup.c:1394
 msgid "dump LUKS partition information"
 msgstr "LUKS-partitie-informatie dumpen"
 
-#: src/cryptsetup.c:1386
+#: src/cryptsetup.c:1395
 msgid "dump TCRYPT device information"
 msgstr "TCRYPT-apparaatsinformatie dumpen"
 
-#: src/cryptsetup.c:1387
+#: src/cryptsetup.c:1396
 msgid "Suspend LUKS device and wipe key (all IOs are frozen)."
 msgstr "LUKS-apparaat schorsen en sleutel wissen (alle in-/uitvoer wordt bevroren)."
 
-#: src/cryptsetup.c:1388
+#: src/cryptsetup.c:1397
 msgid "Resume suspended LUKS device."
 msgstr "Geschorst LUKS-apparaat hervatten."
 
-#: src/cryptsetup.c:1389
+#: src/cryptsetup.c:1398
 msgid "Backup LUKS device header and keyslots"
 msgstr "Reservekopie van LUKS-apparaatkoptekst en -sleutelplaatsen maken"
 
-#: src/cryptsetup.c:1390
+#: src/cryptsetup.c:1399
 msgid "Restore LUKS device header and keyslots"
 msgstr "LUKS-apparaatkoptekst en -sleutelplaatsen herstellen"
 
-#: src/cryptsetup.c:1407 src/veritysetup.c:328
+#: src/cryptsetup.c:1416 src/veritysetup.c:328
 msgid ""
 "\n"
 "<action> is one of:\n"
@@ -1055,7 +1055,7 @@ msgstr ""
 "\n"
 "<actie> is één van:\n"
 
-#: src/cryptsetup.c:1413
+#: src/cryptsetup.c:1422
 msgid ""
 "\n"
 "You can also use old <action> syntax aliases:\n"
@@ -1067,7 +1067,7 @@ msgstr ""
 "\topen: (plainOpen), luksOpen, loopaesOpen, tcryptOpen aanmaken\n"
 "\tclose: (plainClose), luksClose, loopaesClose, tryptClose verwijderen\n"
 
-#: src/cryptsetup.c:1417
+#: src/cryptsetup.c:1426
 #, c-format
 msgid ""
 "\n"
@@ -1082,7 +1082,7 @@ msgstr ""
 "<sleutelplaats> is het nummer van de te wijzigen LUKS-sleutelplaats\n"
 "<sleutelbestand> optioneel sleutelbestand voor de nieuwe sleutel voor de luksAddKey-actie\n"
 
-#: src/cryptsetup.c:1424
+#: src/cryptsetup.c:1433
 #, c-format
 msgid ""
 "\n"
@@ -1095,7 +1095,7 @@ msgstr ""
 "\tMaximum sleutelplaatsgrootte: %dkB, maximum lengte interactief wachtwoord %d (karakters)\n"
 "Standaard PBKDF2-herhalingstijd voor LUKS: %d (ms)\n"
 
-#: src/cryptsetup.c:1431
+#: src/cryptsetup.c:1440
 #, c-format
 msgid ""
 "\n"
@@ -1110,229 +1110,229 @@ msgstr ""
 "\tplain: %s, Sleutel: %d bits, Wachtwoordhashing: %s\n"
 "\tLUKS1: %s, Sleutel: %d bits, LUKS-kopteksthashing: %s, RNG: %s\n"
 
-#: src/cryptsetup.c:1448 src/veritysetup.c:460
+#: src/cryptsetup.c:1457 src/veritysetup.c:460
 #, c-format
 msgid "%s: requires %s as arguments"
 msgstr "%s: vereist %s als argumenten"
 
-#: src/cryptsetup.c:1481 src/veritysetup.c:368 src/cryptsetup_reencrypt.c:1274
+#: src/cryptsetup.c:1490 src/veritysetup.c:368 src/cryptsetup_reencrypt.c:1274
 msgid "Show this help message"
 msgstr "Deze hulptekst tonen"
 
-#: src/cryptsetup.c:1482 src/veritysetup.c:369 src/cryptsetup_reencrypt.c:1275
+#: src/cryptsetup.c:1491 src/veritysetup.c:369 src/cryptsetup_reencrypt.c:1275
 msgid "Display brief usage"
 msgstr "Korte gebruikssamenvatting tonen"
 
-#: src/cryptsetup.c:1486 src/veritysetup.c:373 src/cryptsetup_reencrypt.c:1279
+#: src/cryptsetup.c:1495 src/veritysetup.c:373 src/cryptsetup_reencrypt.c:1279
 msgid "Help options:"
 msgstr "Hulpopties:"
 
-#: src/cryptsetup.c:1487 src/veritysetup.c:374 src/cryptsetup_reencrypt.c:1280
+#: src/cryptsetup.c:1496 src/veritysetup.c:374 src/cryptsetup_reencrypt.c:1280
 msgid "Print package version"
 msgstr "Pakketversie tonen"
 
-#: src/cryptsetup.c:1488 src/veritysetup.c:375 src/cryptsetup_reencrypt.c:1281
+#: src/cryptsetup.c:1497 src/veritysetup.c:375 src/cryptsetup_reencrypt.c:1281
 msgid "Shows more detailed error messages"
 msgstr "Gedetailleerdere foutboodschappen tonen"
 
-#: src/cryptsetup.c:1489 src/veritysetup.c:376 src/cryptsetup_reencrypt.c:1282
+#: src/cryptsetup.c:1498 src/veritysetup.c:376 src/cryptsetup_reencrypt.c:1282
 msgid "Show debug messages"
 msgstr "Debug-boodschappen tonen"
 
-#: src/cryptsetup.c:1490 src/cryptsetup_reencrypt.c:1284
+#: src/cryptsetup.c:1499 src/cryptsetup_reencrypt.c:1284
 msgid "The cipher used to encrypt the disk (see /proc/crypto)"
 msgstr "Het gebruikte versleutelalgoritme om de schijf te versleutelen (zie /proc/crypto)"
 
-#: src/cryptsetup.c:1491 src/cryptsetup_reencrypt.c:1286
+#: src/cryptsetup.c:1500 src/cryptsetup_reencrypt.c:1286
 msgid "The hash used to create the encryption key from the passphrase"
 msgstr "De gebruikte hash om de encryptiesleutel uit het wachtwoord aan te maken"
 
-#: src/cryptsetup.c:1492
+#: src/cryptsetup.c:1501
 msgid "Verifies the passphrase by asking for it twice"
 msgstr "Het wachtwoord controleren door het twee keer te vragen"
 
-#: src/cryptsetup.c:1493 src/cryptsetup_reencrypt.c:1288
+#: src/cryptsetup.c:1502 src/cryptsetup_reencrypt.c:1288
 msgid "Read the key from a file."
 msgstr "De sleutel uit een bestand lezen."
 
-#: src/cryptsetup.c:1494
+#: src/cryptsetup.c:1503
 msgid "Read the volume (master) key from file."
 msgstr "De (hoofd)sleutel tot het opslagmedium uit een bestand lezen."
 
-#: src/cryptsetup.c:1495
+#: src/cryptsetup.c:1504
 msgid "Dump volume (master) key instead of keyslots info."
 msgstr "Dump (hoofd)sleutel tot het opslagmedium in plaats van de sleutelplaatsinformatie."
 
-#: src/cryptsetup.c:1496 src/cryptsetup_reencrypt.c:1285
+#: src/cryptsetup.c:1505 src/cryptsetup_reencrypt.c:1285
 msgid "The size of the encryption key"
 msgstr "De grootte van de encryptiesleutel"
 
-#: src/cryptsetup.c:1496 src/cryptsetup_reencrypt.c:1285
+#: src/cryptsetup.c:1505 src/cryptsetup_reencrypt.c:1285
 msgid "BITS"
 msgstr "BITS"
 
-#: src/cryptsetup.c:1497 src/cryptsetup_reencrypt.c:1299
+#: src/cryptsetup.c:1506 src/cryptsetup_reencrypt.c:1299
 msgid "Limits the read from keyfile"
 msgstr "Beperkt de lezing uit sleutelbestand"
 
-#: src/cryptsetup.c:1497 src/cryptsetup.c:1498 src/cryptsetup.c:1499
-#: src/cryptsetup.c:1500 src/veritysetup.c:379 src/veritysetup.c:380
+#: src/cryptsetup.c:1506 src/cryptsetup.c:1507 src/cryptsetup.c:1508
+#: src/cryptsetup.c:1509 src/veritysetup.c:379 src/veritysetup.c:380
 #: src/veritysetup.c:382 src/cryptsetup_reencrypt.c:1298
 #: src/cryptsetup_reencrypt.c:1299 src/cryptsetup_reencrypt.c:1300
 #: src/cryptsetup_reencrypt.c:1301
 msgid "bytes"
 msgstr "bytes"
 
-#: src/cryptsetup.c:1498 src/cryptsetup_reencrypt.c:1298
+#: src/cryptsetup.c:1507 src/cryptsetup_reencrypt.c:1298
 msgid "Number of bytes to skip in keyfile"
 msgstr "Aantal bytes over te slaan in sleutelbestand"
 
-#: src/cryptsetup.c:1499
+#: src/cryptsetup.c:1508
 msgid "Limits the read from newly added keyfile"
 msgstr "Beperkt de lezing uit een nieuw toegevoegd sleutelbestand"
 
-#: src/cryptsetup.c:1500
+#: src/cryptsetup.c:1509
 msgid "Number of bytes to skip in newly added keyfile"
 msgstr "Aantal bytes over te slaan in nieuwste toegevoegde sleutelbestand"
 
-#: src/cryptsetup.c:1501
+#: src/cryptsetup.c:1510
 msgid "Slot number for new key (default is first free)"
 msgstr "Plaatsnummer voor nieuwe sleutel (standaard is de eerste open plaats)"
 
-#: src/cryptsetup.c:1502
+#: src/cryptsetup.c:1511
 msgid "The size of the device"
 msgstr "De grootte van het apparaat"
 
-#: src/cryptsetup.c:1502 src/cryptsetup.c:1503 src/cryptsetup.c:1504
-#: src/cryptsetup.c:1510
+#: src/cryptsetup.c:1511 src/cryptsetup.c:1512 src/cryptsetup.c:1513
+#: src/cryptsetup.c:1519
 msgid "SECTORS"
 msgstr "SECTOREN"
 
-#: src/cryptsetup.c:1503
+#: src/cryptsetup.c:1512
 msgid "The start offset in the backend device"
 msgstr "De startplaats in het backend-apparaat"
 
-#: src/cryptsetup.c:1504
+#: src/cryptsetup.c:1513
 msgid "How many sectors of the encrypted data to skip at the beginning"
 msgstr "Hoeveel sectoren van de versleutelde gegevens aan het begin over te slaan"
 
-#: src/cryptsetup.c:1505
+#: src/cryptsetup.c:1514
 msgid "Create a readonly mapping"
 msgstr "Een alleen-lezen toewijzing aanmaken"
 
-#: src/cryptsetup.c:1506 src/cryptsetup_reencrypt.c:1289
+#: src/cryptsetup.c:1515 src/cryptsetup_reencrypt.c:1289
 msgid "PBKDF2 iteration time for LUKS (in ms)"
 msgstr "PBKDF2 herhalingstijd voor LUKS (in ms)"
 
-#: src/cryptsetup.c:1506 src/cryptsetup_reencrypt.c:1289
+#: src/cryptsetup.c:1515 src/cryptsetup_reencrypt.c:1289
 msgid "msecs"
 msgstr "milliseconden"
 
-#: src/cryptsetup.c:1507 src/cryptsetup_reencrypt.c:1290
+#: src/cryptsetup.c:1516 src/cryptsetup_reencrypt.c:1290
 msgid "Do not ask for confirmation"
 msgstr "Niet om bevestiging vragen"
 
-#: src/cryptsetup.c:1508
+#: src/cryptsetup.c:1517
 msgid "Timeout for interactive passphrase prompt (in seconds)"
 msgstr "Timeout voor interactieve wachtwoordprompt (in seconden)"
 
-#: src/cryptsetup.c:1508
+#: src/cryptsetup.c:1517
 msgid "secs"
 msgstr "seconden"
 
-#: src/cryptsetup.c:1509 src/cryptsetup_reencrypt.c:1291
+#: src/cryptsetup.c:1518 src/cryptsetup_reencrypt.c:1291
 msgid "How often the input of the passphrase can be retried"
 msgstr "Hoe vaak de invoering van het wachtwoord opnieuw geprobeerd kan worden"
 
-#: src/cryptsetup.c:1510
+#: src/cryptsetup.c:1519
 msgid "Align payload at <n> sector boundaries - for luksFormat"
 msgstr "Payload uitlijnen op meervouden van <n> sectoren – voor luksFormat"
 
-#: src/cryptsetup.c:1511
+#: src/cryptsetup.c:1520
 msgid "File with LUKS header and keyslots backup."
 msgstr "Bestand met reservekopie van LUKS-koptekst en -sleutelplaatsen."
 
-#: src/cryptsetup.c:1512 src/cryptsetup_reencrypt.c:1292
+#: src/cryptsetup.c:1521 src/cryptsetup_reencrypt.c:1292
 msgid "Use /dev/random for generating volume key."
 msgstr "Gebruik /dev/random om de sleutel tot het opslagmedium te genereren."
 
-#: src/cryptsetup.c:1513 src/cryptsetup_reencrypt.c:1293
+#: src/cryptsetup.c:1522 src/cryptsetup_reencrypt.c:1293
 msgid "Use /dev/urandom for generating volume key."
 msgstr "Gebruik /dev/urandom om de sleutel tot het opslagmedium te genereren."
 
-#: src/cryptsetup.c:1514
+#: src/cryptsetup.c:1523
 msgid "Share device with another non-overlapping crypt segment."
 msgstr "Apparaat met een ander, niet-overlappend cryptsegment delen."
 
-#: src/cryptsetup.c:1515 src/veritysetup.c:385
+#: src/cryptsetup.c:1524 src/veritysetup.c:385
 msgid "UUID for device to use."
 msgstr "UUID van het te gebruiken apparaat."
 
-#: src/cryptsetup.c:1516
+#: src/cryptsetup.c:1525
 msgid "Allow discards (aka TRIM) requests for device."
 msgstr "Discardaanvragen (alias TRIM) op dit apparaat toelaten."
 
-#: src/cryptsetup.c:1517
+#: src/cryptsetup.c:1526
 msgid "Device or file with separated LUKS header."
 msgstr "Apparaat of bestand met verschillende LUKS-koptekst."
 
-#: src/cryptsetup.c:1518
+#: src/cryptsetup.c:1527
 msgid "Do not activate device, just check passphrase."
 msgstr "Apparaat niet activeren, enkel wachtwoord controleren."
 
-#: src/cryptsetup.c:1519
+#: src/cryptsetup.c:1528
 msgid "Use hidden header (hidden TCRYPT device)."
 msgstr "Verborgen koptekst gebruiken (verborgen TCRYPT-apparaat)."
 
-#: src/cryptsetup.c:1520
+#: src/cryptsetup.c:1529
 msgid "Device is system TCRYPT drive (with bootloader)."
 msgstr "Apparaat is TCRYPT-systeemschijf (met bootloader)."
 
-#: src/cryptsetup.c:1521
+#: src/cryptsetup.c:1530
 msgid "Use backup (secondary) TCRYPT header."
 msgstr "Reserve (secundaire) TCRYPT-koptekst gebruiken."
 
-#: src/cryptsetup.c:1522
+#: src/cryptsetup.c:1531
 msgid "Scan also for VeraCrypt compatible device."
 msgstr "Eveneens naar VeraCrypt-compatibel apparaat scannen."
 
-#: src/cryptsetup.c:1523
+#: src/cryptsetup.c:1532
 msgid "Type of device metadata: luks, plain, loopaes, tcrypt."
 msgstr "Soorten apparaat-metadata: luks, plain, loopaes, tcrypt."
 
-#: src/cryptsetup.c:1524
+#: src/cryptsetup.c:1533
 msgid "Disable password quality check (if enabled)."
 msgstr "Wachtwoordkwaliteitscontrole uitschakelen (indien ingeschakeld)."
 
-#: src/cryptsetup.c:1525
+#: src/cryptsetup.c:1534
 msgid "Use dm-crypt same_cpu_crypt performance compatibility option."
 msgstr "dm-crypt same_cpu_crypt prestatie-compatibiliteitsoptie gebruiken."
 
-#: src/cryptsetup.c:1526
+#: src/cryptsetup.c:1535
 msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option."
 msgstr "dm-crypt submit_from_crypt_cpus prestatie-compatibiliteitsoptie gebruiken."
 
-#: src/cryptsetup.c:1542 src/veritysetup.c:402
+#: src/cryptsetup.c:1551 src/veritysetup.c:402
 msgid "[OPTION...] <action> <action-specific>"
 msgstr "[OPTIE…] <actie> <actie-specifiek>"
 
-#: src/cryptsetup.c:1589 src/veritysetup.c:439
+#: src/cryptsetup.c:1602 src/veritysetup.c:439
 msgid "Argument <action> missing."
 msgstr "Argument <actie> ontbreekt."
 
-#: src/cryptsetup.c:1642 src/veritysetup.c:445
+#: src/cryptsetup.c:1655 src/veritysetup.c:445
 msgid "Unknown action."
 msgstr "Onbekende actie."
 
-#: src/cryptsetup.c:1652
+#: src/cryptsetup.c:1665
 msgid "Option --shared is allowed only for open of plain device.\n"
 msgstr "Optie --shared wordt enkel toegestaan voor open-opdracht op plain-apparaat.\n"
 
-#: src/cryptsetup.c:1657
+#: src/cryptsetup.c:1670
 msgid "Option --allow-discards is allowed only for open operation.\n"
 msgstr "Optie --allow-discards wordt enkel toegestaan voor de open-operatie.\n"
 
-#: src/cryptsetup.c:1665
+#: src/cryptsetup.c:1678
 msgid ""
 "Option --key-size is allowed only for luksFormat, open and benchmark.\n"
 "To limit read from keyfile use --keyfile-size=(bytes)."
@@ -1340,60 +1340,64 @@ msgstr ""
 "Optie --key-size is enkel toegestaan bij luksFormat, open en benchmark.\n"
 "Om de lezing uit een sleutelbestand te beperken, gebruik --keyfile-size=(bytes)."
 
-#: src/cryptsetup.c:1672
+#: src/cryptsetup.c:1685
 msgid "Option --test-passphrase is allowed only for open of LUKS and TCRYPT devices.\n"
 msgstr "Optie --test-passphrase is enkel toegestaan bij open van LUKS- en TCRYPT-apparaten.\n"
 
-#: src/cryptsetup.c:1677 src/cryptsetup_reencrypt.c:1360
+#: src/cryptsetup.c:1690 src/cryptsetup_reencrypt.c:1360
 msgid "Key size must be a multiple of 8 bits"
 msgstr "Sleutelgrootte moet een meervoud zijn van 8 bits"
 
-#: src/cryptsetup.c:1684 src/cryptsetup_reencrypt.c:1365
+#: src/cryptsetup.c:1697 src/cryptsetup_reencrypt.c:1365
 msgid "Key slot is invalid."
 msgstr "Sleutelplaats is ongeldig."
 
-#: src/cryptsetup.c:1691
+#: src/cryptsetup.c:1704
 msgid "Option --key-file takes precedence over specified key file argument.\n"
 msgstr "Optie --key-file krijgt voorrang over het gespecificeerde sleutelbestandsargument.\n"
 
-#: src/cryptsetup.c:1699 src/veritysetup.c:467 src/cryptsetup_reencrypt.c:1349
+#: src/cryptsetup.c:1712 src/veritysetup.c:467 src/cryptsetup_reencrypt.c:1349
 msgid "Negative number for option not permitted."
 msgstr "Een negatief getal wordt niet toegestaan voor deze optie."
 
-#: src/cryptsetup.c:1703 src/cryptsetup_reencrypt.c:1343
+#: src/cryptsetup.c:1716
+msgid "Only one --key-file argument is allowed."
+msgstr "Slechts een enkel gebruik van het --key-file argument is toegestaan."
+
+#: src/cryptsetup.c:1720 src/cryptsetup_reencrypt.c:1343
 #: src/cryptsetup_reencrypt.c:1369
 msgid "Only one of --use-[u]random options is allowed."
 msgstr "Slechts een enkel gebruik van de opties --use-[u]random is toegestaan."
 
-#: src/cryptsetup.c:1707
+#: src/cryptsetup.c:1724
 msgid "Option --use-[u]random is allowed only for luksFormat."
 msgstr "OPtie --use-[u]random is enkel toegestaan bij luksFormat."
 
-#: src/cryptsetup.c:1711
+#: src/cryptsetup.c:1728
 msgid "Option --uuid is allowed only for luksFormat and luksUUID."
 msgstr "Optie --uuid is enkel toegestaan bij luksFormat en luksUUID."
 
-#: src/cryptsetup.c:1715
+#: src/cryptsetup.c:1732
 msgid "Option --align-payload is allowed only for luksFormat."
 msgstr "Optie --align-payload is enkel toegestaan voor luksFormat."
 
-#: src/cryptsetup.c:1721
+#: src/cryptsetup.c:1738
 msgid "Option --skip is supported only for open of plain and loopaes devices.\n"
 msgstr "Optie --skip wordt enkel ondersteund voor open-opdracht op plain- en loopaes-apparaten.\n"
 
-#: src/cryptsetup.c:1727
+#: src/cryptsetup.c:1744
 msgid "Option --offset is supported only for open of plain and loopaes devices.\n"
 msgstr "Optie --offset wordt enkel ondersteund voor open-opdracht op plain- en loopaes-apparaten.\n"
 
-#: src/cryptsetup.c:1733
+#: src/cryptsetup.c:1750
 msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device.\n"
 msgstr "Optie --tcrypt-hidden, --tcrypt-system of --tcrypt-backup wordt enkel ondersteund voor TCRYPT-apparaten.\n"
 
-#: src/cryptsetup.c:1738
+#: src/cryptsetup.c:1755
 msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n"
 msgstr "Optie --tcrypt-hidden kan niet met --allow-discards gecombineerd worden.\n"
 
-#: src/cryptsetup.c:1743
+#: src/cryptsetup.c:1760
 msgid "Option --veracrypt is supported only for TCRYPT device type.\n"
 msgstr "Optie --veracrypt wordt enkel ondersteund voor TCRYPT-apparaatstype.\n"
 

src/Makefile.am

@@ -77,7 +77,8 @@ cryptsetup_reencrypt_SOURCES = \
 	cryptsetup_reencrypt.c			\
 	cryptsetup.h
 
-cryptsetup_reencrypt_LDADD = $(cryptsetup_LDADD)
+cryptsetup_reencrypt_LDADD = $(cryptsetup_LDADD) \
+	@UUID_LIBS@
 cryptsetup_reencrypt_CFLAGS = $(cryptsetup_CFLAGS)
 
 sbin_PROGRAMS += cryptsetup-reencrypt

src/cryptsetup.c

@@ -28,6 +28,7 @@ static const char *opt_hash = NULL;
 static int opt_verify_passphrase = 0;
 
 static const char *opt_key_file = NULL;
+static const char *opt_keyfile_stdin = NULL;
 static int opt_keyfiles_count = 0;
 static const char *opt_keyfiles[MAX_KEYFILES];
 
@@ -239,11 +240,14 @@ static int tcrypt_load(struct crypt_device *cd, struct crypt_params_tcrypt *para
 {
 	int r, tries = opt_tries, eperm = 0;
 
+	if (opt_keyfile_stdin)
+		tries = 1;
+
 	do {
 		/* TCRYPT header is encrypted, get passphrase now */
 		r = tools_get_key(_("Enter passphrase: "),
 				  CONST_CAST(char**)&params->passphrase,
-				  &params->passphrase_size, 0, 0, NULL, opt_timeout,
+				  &params->passphrase_size, 0, 0, opt_keyfile_stdin, opt_timeout,
 				 _verify_passphrase(0), 0, cd);
 		if (r < 0)
 			continue;
@@ -827,7 +831,8 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot,
 	int i, r;
 
 	ki = crypt_keyslot_status(cd, key_slot);
-	if (ki == CRYPT_SLOT_ACTIVE_LAST && msg_last && !yesDialog(msg_last, NULL))
+	if (ki == CRYPT_SLOT_ACTIVE_LAST && !opt_batch_mode && !key_file &&
+	    msg_last && !yesDialog(msg_last, NULL))
 		return -EPERM;
 
 	r = tools_get_key(msg_pass, &password, &passwordLen,
@@ -854,6 +859,10 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot,
 		}
 	}
 
+	/* Handle inactive keyslots the same as bad password here */
+	if (r == -ENOENT)
+		r = -EPERM;
+
 	if (r == -EPERM)
 		log_err(_("No key available with this passphrase.\n"));
 out:
@@ -887,7 +896,7 @@ static int action_luksKillSlot(void)
 		goto out;
 	}
 
-	if (!opt_batch_mode) {
+	if (!opt_batch_mode || opt_key_file || !isatty(STDIN_FILENO)) {
 		r = verify_keyslot(cd, opt_key_slot,
 			_("This is the last keyslot. Device will become unusable after purging this key."),
 			_("Enter any remaining passphrase: "),
@@ -1372,7 +1381,7 @@ static struct action_type {
 	{ "close",        action_close,        1, 1, N_("<name>"), N_("close device (remove mapping)") },
 	{ "resize",       action_resize,       1, 1, N_("<name>"), N_("resize active device") },
 	{ "status",       action_status,       1, 0, N_("<name>"), N_("show device status") },
-	{ "benchmark",    action_benchmark,    0, 0, N_("<name>"), N_("benchmark cipher") },
+	{ "benchmark",    action_benchmark,    0, 0, N_("[--cipher <cipher>]"), N_("benchmark cipher") },
 	{ "repair",       action_luksRepair,   1, 1, N_("<device>"), N_("try to repair on-disk metadata") },
 	{ "erase",        action_luksErase ,   1, 1, N_("<device>"), N_("erase all keyslots (remove encryption key)") },
 	{ "luksFormat",   action_luksFormat,   1, 1, N_("<device> [<new key file>]"), N_("formats a LUKS device") },
@@ -1529,7 +1538,7 @@ int main(int argc, const char **argv)
 	poptContext popt_context;
 	struct action_type *action;
 	const char *aname;
-	int r;
+	int r, total_keyfiles = 0;
 
 	crypt_set_log_callback(NULL, tool_log, NULL);
 
@@ -1543,11 +1552,15 @@ int main(int argc, const char **argv)
 
 	while((r = poptGetNextOpt(popt_context)) > 0) {
 		unsigned long long ull_value;
-		char *endp;
+		char *endp, *kf;
 
 		if (r == 5) {
-			if (opt_keyfiles_count < MAX_KEYFILES)
-				opt_keyfiles[opt_keyfiles_count++] = poptGetOptArg(popt_context);
+			kf = poptGetOptArg(popt_context);
+			if (tools_is_stdin(kf))
+				opt_keyfile_stdin = kf;
+			else if (opt_keyfiles_count < MAX_KEYFILES)
+				opt_keyfiles[opt_keyfiles_count++] = kf;
+			total_keyfiles++;
 			continue;
 		}
 
@@ -1699,6 +1712,10 @@ int main(int argc, const char **argv)
 		      _("Negative number for option not permitted."),
 		      poptGetInvocationName(popt_context));
 
+	if (total_keyfiles > 1 && strcmp(opt_type, "tcrypt"))
+		usage(popt_context, EXIT_FAILURE, _("Only one --key-file argument is allowed."),
+		      poptGetInvocationName(popt_context));
+
 	if (opt_random && opt_urandom)
 		usage(popt_context, EXIT_FAILURE, _("Only one of --use-[u]random options is allowed."),
 		      poptGetInvocationName(popt_context));

src/cryptsetup_reencrypt.c

@@ -1,7 +1,7 @@
 /*
  * cryptsetup-reencrypt - crypt utility for offline re-encryption
  *
- * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2016, Red Hat, Inc. All rights reserved.
  * Copyright (C) 2012-2015, Milan Broz All rights reserved.
  *
  * This program is free software; you can redistribute it and/or
@@ -24,6 +24,7 @@
 #include <sys/time.h>
 #include <linux/fs.h>
 #include <arpa/inet.h>
+#include <uuid/uuid.h>
 
 #define PACKAGE_REENC "crypt_reencrypt"
 
@@ -33,6 +34,7 @@
 static const char *opt_cipher = NULL;
 static const char *opt_hash = NULL;
 static const char *opt_key_file = NULL;
+static const char *opt_uuid = NULL;
 static long opt_keyfile_size = 0;
 static long opt_keyfile_offset = 0;
 static int opt_iteration_time = 1000;
@@ -68,6 +70,7 @@ struct reenc_ctx {
 	uint64_t device_offset;
 	uint64_t device_shift;
 
+	int stained:1;
 	int in_progress:1;
 	enum { FORWARD = 0, BACKWARD = 1 } reencrypt_direction;
 	enum { REENCRYPT = 0, ENCRYPT = 1, DECRYPT = 2 } reencrypt_mode;
@@ -148,7 +151,7 @@ static int device_check(struct reenc_ctx *rc, header_magic set_magic)
 				rc->device);
 			return -EBUSY;
 		}
-		log_err(_("Cannot open device %s\n"), rc->device);
+		log_err(_("Cannot open device %s.\n"), rc->device);
 		return -EINVAL;
 	}
 
@@ -179,11 +182,6 @@ static int device_check(struct reenc_ctx *rc, header_magic set_magic)
 		log_verbose(_("Marking LUKS device %s unusable.\n"), rc->device);
 		memcpy(buf, NOMAGIC, MAGIC_L);
 		r = 0;
-	} else if (set_magic == MAKE_USABLE && !memcmp(buf, NOMAGIC, MAGIC_L) &&
-		   version == 1) {
-		log_verbose(_("Marking LUKS device %s usable.\n"), rc->device);
-		memcpy(buf, MAGIC, MAGIC_L);
-		r = 0;
 	} else if (set_magic == CHECK_UNUSABLE && version == 1) {
 		r = memcmp(buf, NOMAGIC, MAGIC_L) ? -EINVAL : 0;
 		if (!r)
@@ -200,6 +198,8 @@ static int device_check(struct reenc_ctx *rc, header_magic set_magic)
 			log_err(_("Cannot write device %s.\n"), rc->device);
 			r = -EIO;
 		}
+		if (s > 0 && set_magic == MAKE_UNUSABLE)
+			rc->stained = 1;
 	} else
 		log_dbg("LUKS signature check failed for %s.", rc->device);
 out:
@@ -370,6 +370,7 @@ static int open_log(struct reenc_ctx *rc)
 	rc->log_fd = open(rc->log_file, O_RDWR|O_EXCL|O_CREAT|flags, S_IRUSR|S_IWUSR);
 	if (rc->log_fd != -1) {
 		log_dbg("Created LUKS reencryption log file %s.", rc->log_file);
+		rc->stained = 0;
 	} else if (errno == EEXIST) {
 		log_std(_("Log file %s exists, resuming reencryption.\n"), rc->log_file);
 		rc->log_fd = open(rc->log_file, O_RDWR|flags);
@@ -653,8 +654,10 @@ static int restore_luks_header(struct reenc_ctx *rc)
 	crypt_free(cd);
 	if (r)
 		log_err(_("Cannot restore LUKS header on device %s.\n"), rc->device);
-	else
+	else {
 		log_verbose(_("LUKS header on device %s restored.\n"), rc->device);
+		rc->stained = 0;
+	}
 	return r;
 }
 
@@ -791,6 +794,9 @@ static int copy_data_backward(struct reenc_ctx *rc, int fd_old, int fd_new,
 	if (write_log(rc) < 0)
 		return -EIO;
 
+	/* dirty the device during ENCRYPT mode */
+	rc->stained = 1;
+
 	while (!quit && rc->device_offset) {
 		if (rc->device_offset < block_size) {
 			working_offset = 0;
@@ -955,6 +961,7 @@ static int initialize_uuid(struct reenc_ctx *rc)
 {
 	struct crypt_device *cd = NULL;
 	int r;
+	uuid_t device_uuid;
 
 	log_dbg("Initialising UUID.");
 
@@ -963,6 +970,16 @@ static int initialize_uuid(struct reenc_ctx *rc)
 		return 0;
 	}
 
+	if (opt_decrypt && opt_uuid) {
+		r = uuid_parse(opt_uuid, device_uuid);
+		if (!r)
+			rc->device_uuid = strdup(opt_uuid);
+		else
+			log_err(_("Passed UUID is invalid.\n"));
+
+		return r;
+	}
+
 	/* Try to load LUKS from device */
 	if ((r = crypt_init(&cd, rc->device)))
 		return r;
@@ -993,8 +1010,12 @@ static int init_passphrase1(struct reenc_ctx *rc, struct crypt_device *cd,
 			0, 0, cd);
 		if (r < 0)
 			return r;
-		if (quit)
+		if (quit) {
+			crypt_safe_free(password);
+			password = NULL;
+			passwordLen = 0;
 			return -EAGAIN;
+		}
 
 		/* library uses sigint internally, until it is fixed...*/
 		set_int_block(1);
@@ -1119,7 +1140,7 @@ static int initialize_context(struct reenc_ctx *rc, const char *device)
 {
 	log_dbg("Initialising reencryption context.");
 
-	rc->log_fd =-1;
+	rc->log_fd = -1;
 
 	if (!(rc->device = strndup(device, PATH_MAX)))
 		return -ENOMEM;
@@ -1159,6 +1180,11 @@ static int initialize_context(struct reenc_ctx *rc, const char *device)
 	}
 
 	if (!rc->in_progress) {
+		if (opt_uuid) {
+			log_err(_("Cannot use passed UUID unless decryption in progress.\n"));
+			return -EINVAL;
+		}
+
 		if (!opt_reduce_size)
 			rc->reencrypt_direction = FORWARD;
 		else {
@@ -1186,10 +1212,7 @@ static void destroy_context(struct reenc_ctx *rc)
 	close_log(rc);
 	remove_headers(rc);
 
-	if ((rc->reencrypt_direction == FORWARD &&
-	     rc->device_offset == rc->device_size) ||
-	    (rc->reencrypt_direction == BACKWARD &&
-	     (rc->device_offset == 0 || rc->device_offset == (uint64_t)~0))) {
+	if (!rc->stained) {
 		unlink(rc->log_file);
 		unlink(rc->header_file_org);
 		unlink(rc->header_file_new);
@@ -1205,7 +1228,9 @@ static void destroy_context(struct reenc_ctx *rc)
 static int run_reencrypt(const char *device)
 {
 	int r = -EINVAL;
-	static struct reenc_ctx rc = {};
+	static struct reenc_ctx rc = {
+		.stained = 1
+	};
 
 	if (initialize_context(&rc, device))
 		goto out;
@@ -1231,7 +1256,7 @@ static int run_reencrypt(const char *device)
 				goto out;
 		}
 	} else {
-		if ((r = initialize_passphrase(&rc, rc.header_file_new)))
+		if ((r = initialize_passphrase(&rc, opt_decrypt ? rc.header_file_org : rc.header_file_new)))
 			goto out;
 	}
 
@@ -1248,6 +1273,8 @@ static int run_reencrypt(const char *device)
 	// FIXME: fix error path above to not skip this
 	if (rc.reencrypt_mode != DECRYPT)
 		r = restore_luks_header(&rc);
+	else
+		rc.stained = 0;
 out:
 	destroy_context(&rc);
 	return r;
@@ -1301,6 +1328,7 @@ int main(int argc, const char **argv)
 		{ "device-size",       '\0', POPT_ARG_STRING, &opt_device_size_str,     0, N_("Use only specified device size (ignore rest of device). DANGEROUS!"), N_("bytes") },
 		{ "new",               'N',  POPT_ARG_NONE, &opt_new,                   0, N_("Create new header on not encrypted device."), NULL },
 		{ "decrypt",           '\0', POPT_ARG_NONE, &opt_decrypt,               0, N_("Permanently decrypt device (remove encryption)."), NULL },
+		{ "uuid",              '\0', POPT_ARG_STRING, &opt_uuid,                0, N_("The uuid used to resume decryption."), NULL },
 		POPT_TABLEEND
 	};
 	poptContext popt_context;
@@ -1401,6 +1429,10 @@ int main(int argc, const char **argv)
 		usage(popt_context, EXIT_FAILURE, _("Option --decrypt is incompatible with specified parameters."),
 		      poptGetInvocationName(popt_context));
 
+	if (opt_uuid && !opt_decrypt)
+		usage(popt_context, EXIT_FAILURE, _("Option --uuid is allowed only together with --decrypt."),
+		      poptGetInvocationName(popt_context));
+
 	if (opt_debug) {
 		opt_verbose = 1;
 		crypt_set_debug_level(-1);

src/utils_tools.c

@@ -319,7 +319,7 @@ int tools_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size)
 	}
 
 	tmp = *size * mult;
-	if ((tmp / *size) != mult) {
+	if (*size && (tmp / *size) != mult) {
 		log_dbg("Device size overflow.");
 		return -EINVAL;
 	}

src/veritysetup.c

@@ -1,8 +1,8 @@
 /*
  * veritysetup - setup cryptographic volumes for dm-verity
  *
- * Copyright (C) 2012-2013, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2013, Milan Broz
+ * Copyright (C) 2012-2016, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2016, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -33,6 +33,9 @@ static uint64_t data_blocks = 0;
 static const char *salt_string = NULL;
 static uint64_t hash_offset = 0;
 static const char *opt_uuid = NULL;
+static int opt_restart_on_corruption = 0;
+static int opt_ignore_corruption = 0;
+static int opt_ignore_zero_blocks = 0;
 
 static int opt_version_mode = 0;
 
@@ -127,6 +130,13 @@ static int _activate(const char *dm_device,
 	if ((r = crypt_init(&cd, hash_device)))
 		goto out;
 
+	if (opt_ignore_corruption)
+		activate_flags |= CRYPT_ACTIVATE_IGNORE_CORRUPTION;
+	if (opt_restart_on_corruption)
+		activate_flags |= CRYPT_ACTIVATE_RESTART_ON_CORRUPTION;
+	if (opt_ignore_zero_blocks)
+		activate_flags |= CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS;
+
 	if (use_superblock) {
 		params.flags = flags;
 		params.hash_area_offset = hash_offset;
@@ -273,6 +283,14 @@ static int action_status(int arg)
 		}
 		log_std("  hash offset: %" PRIu64 " sectors\n",
 			vp.hash_area_offset * vp.hash_block_size / 512);
+
+		if (cad.flags & (CRYPT_ACTIVATE_IGNORE_CORRUPTION|
+				 CRYPT_ACTIVATE_RESTART_ON_CORRUPTION|
+				 CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS))
+			log_std("  flags:       %s%s%s\n",
+				(cad.flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) ? "ignore_corruption " : "",
+				(cad.flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION) ? "restart_on_corruption " : "",
+				(cad.flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS) ? "ignore_zero_blocks" : "");
 	}
 out:
 	crypt_free(cd);
@@ -383,6 +401,9 @@ int main(int argc, const char **argv)
 		{ "hash",            'h',  POPT_ARG_STRING, &hash_algorithm, 0, N_("Hash algorithm"), N_("string") },
 		{ "salt",            's',  POPT_ARG_STRING, &salt_string,    0, N_("Salt"), N_("hex string") },
 		{ "uuid",            '\0', POPT_ARG_STRING, &opt_uuid,       0, N_("UUID for device to use."), NULL },
+		{ "restart-on-corruption", 0,POPT_ARG_NONE,&opt_restart_on_corruption, 0, N_("Restart kernel if corruption is detected"), NULL },
+		{ "ignore-corruption", 0,  POPT_ARG_NONE, &opt_ignore_corruption,  0, N_("Ignore corruption, log it only"), NULL },
+		{ "ignore-zero-blocks", 0, POPT_ARG_NONE, &opt_ignore_zero_blocks, 0, N_("Do not verify zeroed blocks"), NULL },
 		POPT_TABLEEND
 	};
 
@@ -468,6 +489,16 @@ int main(int argc, const char **argv)
 		      poptGetInvocationName(popt_context));
 	}
 
+	if ((opt_ignore_corruption || opt_restart_on_corruption || opt_ignore_zero_blocks) && strcmp(aname, "create"))
+		usage(popt_context, EXIT_FAILURE,
+		_("Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for create operation.\n"),
+		poptGetInvocationName(popt_context));
+
+	if (opt_ignore_corruption && opt_restart_on_corruption)
+		usage(popt_context, EXIT_FAILURE,
+		_("Option --ignore-corruption and --restart-on-corruption cannot be used together.\n"),
+		poptGetInvocationName(popt_context));
+
 	if (opt_debug) {
 		opt_verbose = 1;
 		crypt_set_debug_level(-1);

tests/align-test

@@ -14,8 +14,10 @@ cleanup() {
 	    rmdir $MNT_DIR 2>/dev/null
 	fi
 	[ -b /dev/mapper/$DEV_STACKED ] && dmsetup remove $DEV_STACKED >/dev/null 2>&1
+	# FIXME scsi_debug sometimes in-use here
+	sleep 1
 	rmmod scsi_debug 2>/dev/null
-	sleep 2
+	sleep 1
 }
 
 fail()
@@ -141,7 +143,7 @@ cleanup
 
 echo "# Create enterprise-class 4K drive"
 echo "# (logical_block_size=4096, physical_block_size=4096, alignment_offset=0)"
-add_device dev_size_mb=16 sector_size=4096 num_tgts=1
+add_device dev_size_mb=16 sector_size=4096 num_tgts=1 opt_blks=64
 format 256 4096
 format 256 2560 8
 format 128 2048
@@ -187,7 +189,7 @@ format_null 512 4096 2048
 cleanup
 
 echo "# Offset check: 4096B sector drive"
-add_device dev_size_mb=16 sector_size=4096 num_tgts=1
+add_device dev_size_mb=16 sector_size=4096 num_tgts=1 opt_blks=64
 format_null  64 2048    0 8:72:136:200:264:328:392:456
 format_null  64  520    1
 format_null  64  520    8
@@ -213,7 +215,7 @@ cleanup
 echo "# Create enterprise-class 4K drive with fs and LUKS images."
 # loop device here presents 512 block but images have 4k block
 # cryptsetup should properly use 4k block on direct-io
-add_device dev_size_mb=16 sector_size=4096 physblk_exp=0 num_tgts=1
+add_device dev_size_mb=16 sector_size=4096 physblk_exp=0 num_tgts=1 opt_blks=64
 for file in $(ls img_fs_*.img.bz2) ; do
     echo "Format using fs image $file."
     bzip2 -d -c $file | dd of=$DEV bs=1M 2>/dev/null || fail "bad image"

tests/compat-test

@@ -327,6 +327,8 @@ echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase 2>/dev/null && fail
 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d - --test-passphrase || fail
 echo $PWD1 | $CRYPTSETUP luksAddKey -i1 $LOOPDEV -d - $KEY2 || fail
 $CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase || fail
+echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d - -d $KEY1 --test-passphrase 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d $KEY1 -d $KEY1 --test-passphrase 2>/dev/null && fail
 
 # [0]PWD1 [1]PWD2 [2]$KEY1/1 [3]$KEY1 [4]$KEY2
 $CRYPTSETUP -q luksFormat -i1 $LOOPDEV $KEY1 --key-slot 3 || fail
@@ -355,6 +357,12 @@ $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 2>/dev/null && fail
 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 --keyfile-size 1 2>/dev/null && fail
 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: DISABLED" || fail
+# if password or keyfile is provided, batch mode must not suppress it
+echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 2>/dev/null && fail
+echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 -q 2>/dev/null && fail
+echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- 2>/dev/null && fail
+echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- -q 2>/dev/null && fail
+$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: ENABLED" || fail
 # kill slot using passphrase from 1
 echo $PWD2 | $CRYPTSETUP luksKillSlot $LOOPDEV 2 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: DISABLED" || fail

tests/luks1-compat-test

@@ -61,7 +61,7 @@ if [ $(id -u) != 0 ]; then
 fi
 
 test_required
-[ ! -d $TST_DIR ] && tar xjf luks1-images.tar.bz2
+[ ! -d $TST_DIR ] && tar xjf luks1-images.tar.bz2 --no-same-owner
 
 echo "ACTIVATION FS UUID CHECK"
 for file in $(ls $TST_DIR/luks1_*) ; do

tests/tcrypt-compat-test

@@ -67,7 +67,7 @@ function test_required()
 test_required
 export LANG=C
 
-[ ! -d $TST_DIR ] && tar xjf tcrypt-images.tar.bz2
+[ ! -d $TST_DIR ] && tar xjf tcrypt-images.tar.bz2 --no-same-owner
 
 echo "HEADER CHECK"
 for file in $(ls $TST_DIR/[tv]c_*) ; do

tests/verity-compat-test

@@ -55,6 +55,18 @@ function check_exists()
 	[ -b /dev/mapper/$DEV_NAME ] || fail
 }
 
+function check_version()
+{
+        VER_STR=$(dmsetup targets | grep verity | cut -f 3 -dv)
+        VER_MAJ=$(echo $VER_STR | cut -f 1 -d.)
+        VER_MIN=$(echo $VER_STR | cut -f 2 -d.)
+
+        # option supported in 1.3
+        test $VER_MAJ -gt 1 && return 0
+        test $VER_MIN -ge 3 && return 0
+        return 1
+}
+
 function compare_out() # $1 what, $2 expected
 {
 	OPT=$(grep -v "^#" $DEV_OUT | grep -i "$1" | sed -e s/.*\:\ // )
@@ -78,7 +90,7 @@ function check_root_hash() # $1 size, $2 hash, $3 salt, $4 version, $5 hash, [$6
 	if [ $sb == yes ] ; then
 		VERIFY_PARAMS=""
 	else
-		FORMAT_PAFAMS="$FORMAT_PARAMS --no-superlock"
+		FORMAT_PARAMS="$FORMAT_PARAMS --no-superblock"
 		VERIFY_PARAMS=$FORMAT_PARAMS
 	fi
 
@@ -132,6 +144,21 @@ function check_root_hash() # $1 size, $2 hash, $3 salt, $4 version, $5 hash, [$6
 	done
 }
 
+function check_option() # $1 size, $2 hash, $3 salt, $4 version, $5 hash, $6 CLI option, $7 status option
+{
+	DEV_PARAMS="$LOOPDEV1 $LOOPDEV2"
+	FORMAT_PARAMS="--format=$4 --data-block-size=$1 --hash-block-size=$1 --hash=$5 --salt=$3"
+
+	echo -n "Option $6 "
+	$VERITYSETUP format $DEV_PARAMS $FORMAT_PARAMS >/dev/null 2>&1 || fail
+	$VERITYSETUP create $DEV_NAME $DEV_PARAMS $2 $6 >/dev/null 2>&1 || fail
+	check_exists
+	$VERITYSETUP status $DEV_NAME 2>/dev/null | grep flags | grep -q $7 || fail
+	dmsetup table $DEV_NAME 2>/dev/null | grep -q $7 || fail
+	$VERITYSETUP remove $DEV_NAME >/dev/null 2>&1 || fail
+	echo "[OK]"
+}
+
 function valgrind_setup()
 {
 	which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind."
@@ -181,5 +208,16 @@ check_root_hash 4096 ef29c902d87350f1da4bfa536e16cebc162a909bf89abe448b81ec500d4
 check_root_hash 1024 d0e9163ca8844aaa2e88fe5265a8c5d9ee494a99 $SALT 1 sha1 8388608
 check_root_hash 1024 73509e8e868be6b8ac939817a98a3d35121413b2 dadada 1 sha1 8388608
 
+if check_version ; then
+	echo "Verity data corruption options test."
+	SALT=e48da609055204e89ae53b655ca2216dd983cf3cb829f34f63a297d106d53e2d
+	HASH=9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174
+	prepare 8192 1024
+	check_option 512 $HASH $SALT 1 sha256 "--ignore-corruption" "ignore_corruption"
+	check_option 512 $HASH $SALT 1 sha256 "--restart-on-corruption" "restart_on_corruption"
+	check_option 512 $HASH $SALT 1 sha256 "--ignore-zero-blocks" "ignore_zero_blocks"
+	check_option 512 $HASH $SALT 1 sha256 "--ignore-corruption --ignore-zero-blocks" "ignore_corruption"
+fi
+
 remove_mapping
 exit 0