On June 4, [EMAIL PROTECTED] said:
> I've committed a fix to cryptsetup SVN. It will be included in the next
> upload.
Great, thanks!
i'm also attaching a patch for
/usr/share/initramfs/scripts/local-top/cryptroot which should properly
handle missing (i.e. default) arguments for a standard cryptsetup root
blockdevice during the boot phase. Note that the default
{hash,cipher,size} args that are currently present in this script in
SVN don't actually match the default args as specified in man
cryptsetup! This seems like potential trouble to me. i hope you find
the attached patch reasonable and useful. The patch should apply
against the current pkg-cryptsetup SVN.
Sadly, the hard disk i was testing these changes on developed physical
sector errors just yesterday, and i've had to start over fresh. so
again, this patch isn't properly tested :( In my new
installation/recovery to a new disk, i've gone with LUKS, since that
seems to be the upcoming standard.
When i get a chance, i'd be happy to try out this installation on a
new rig, but i've got nothing to play with at the moment to really
verify that it all works properly.
Thanks for all your work on this,
--dkg
Index: initramfs-cryptroot-script
===================================================================
--- initramfs-cryptroot-script (revision 193)
+++ initramfs-cryptroot-script (working copy)
@@ -56,9 +56,7 @@
# Start by parsing some options, all options are relevant to regular cryptsetup
# but only crypttarget and cryptsource is relevant to luks which picks up the
# rest of the parameters by reading the partition header
- cryptcipher=aes-cbc-essiv:sha256
- cryptsize=256
- crypthash=sha256
+ cryptsetupopts=""
crypttarget=cryptroot
cryptsource=$ROOT
cryptlvm=""
@@ -68,13 +66,13 @@
for x in $cryptopts; do
case $x in
hash=*)
- crypthash=${x#hash=}
+ cryptsetupopts="$cryptsetupopts -h ${x#hash=}"
;;
size=*)
- cryptsize=${x#size=}
+ cryptsetupopts="$cryptsetupopts -s ${x#size=}"
;;
cipher=*)
- cryptcipher=${x#cipher=}
+ cryptsetupopts="$cryptsetupopts -c ${x#cipher=}"
;;
target=*)
crypttarget=${x#target=}
@@ -121,7 +119,7 @@
cryptcreate="/sbin/cryptsetup luksOpen $cryptsource $crypttarget"
cryptremove=""
else
- cryptcreate="/sbin/cryptsetup -c $cryptcipher -s $cryptsize -h $crypthash create $crypttarget $cryptsource"
+ cryptcreate="/sbin/cryptsetup $cryptsetupopts create $crypttarget $cryptsource"
cryptremove="/sbin/cryptsetup remove $crypttarget"
fi
NEWROOT="/dev/mapper/$crypttarget"