rpms/cryptsetup-luks/devel cryptsetup-wipe-headers.patch, NONE, 1.1 cryptsetup-luks.spec, 1.63, 1.64

Thu Oct 30 10:26:14 UTC 2008

Author: mbroz

Update of /cvs/pkgs/rpms/cryptsetup-luks/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv26590

Modified Files:
	cryptsetup-luks.spec 
Added Files:
	cryptsetup-wipe-headers.patch 
Log Message:
Wipe old fs headers to not confuse blkid (#468062)



cryptsetup-wipe-headers.patch:

--- NEW FILE cryptsetup-wipe-headers.patch ---
Cryptsetup keeps some sectors (between the physical LUKS header
and keyslot data) on disk untouched, unfortunatelly ext2/3/4 signature can
be there and blkid detects filesystem here instead of LUKS.

This patch wipes the first eight sectors on disk with zero during luksFormat.
This should be probably solved by physical header padding in next version.
---
 lib/setup.c |   32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

Index: cryptsetup-1.0.6/lib/setup.c
===================================================================
--- cryptsetup-1.0.6.orig/lib/setup.c	2008-10-30 10:25:18.000000000 +0100
+++ cryptsetup-1.0.6/lib/setup.c	2008-10-30 10:55:45.000000000 +0100
@@ -198,6 +198,34 @@ out:
 	return ret;
 }
 
+static int wipe_device_header(const char *device, int sectors)
+{
+	char *buffer;
+	int size = sectors * SECTOR_SIZE;
+	int r = -1;
+	int devfd;
+
+	devfd = open(device, O_RDWR | O_DIRECT | O_SYNC);
+	if(devfd == -1) {
+		set_error("Can't wipe header on device %s", device);
+		return -EINVAL;
+	}
+
+	buffer = malloc(size);
+	if (!buffer) {
+		close(devfd);
+		return -ENOMEM;
+	}
+	memset(buffer, 0, size);
+
+	r = write_blockwise(devfd, buffer, size) < size ? -EIO : 0;
+
+	free(buffer);
+	close(devfd);
+
+	return r;
+}
+
 static int parse_into_name_and_mode(const char *nameAndMode, char *name,
 				    char *mode)
 {
@@ -429,6 +457,10 @@ static int __crypt_luks_format(int arg, 
 		r = -EINVAL; goto out;
 	}
 
+	/* Wipe first 8 sectors - fs magic numbers etc. */
+	r = wipe_device_header(options->device, 8);
+	if(r < 0) goto out;
+
 	/* Set key, also writes phdr */
 	r = LUKS_set_key(options->device, options->key_slot==-1?0:(unsigned int)options->key_slot, password, passwordLen, &header, mk, backend);
 	if(r < 0) goto out; 


Index: cryptsetup-luks.spec
===================================================================
RCS file: /cvs/pkgs/rpms/cryptsetup-luks/devel/cryptsetup-luks.spec,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -r1.63 -r1.64
--- cryptsetup-luks.spec	23 Sep 2008 15:23:18 -0000	1.63
+++ cryptsetup-luks.spec	30 Oct 2008 10:25:44 -0000	1.64
@@ -3,7 +3,7 @@
 Summary: A utility for setting up encrypted filesystems
 Name: cryptsetup-luks
 Version: 1.0.6
-Release: 5%{?devrelease:.%{devrelease}}%{?dist}
+Release: 6%{?devrelease:.%{devrelease}}%{?dist}
 License: GPLv2
 Group: Applications/System
 URL: http://cryptsetup.googlecode.com/
@@ -17,6 +17,7 @@
 Patch3: cryptsetup-remove-udev.patch
 Patch4: cryptsetup-detect-dm.patch
 Patch5: cryptsetup-descriptive-errors.patch
+Patch6: cryptsetup-wipe-headers.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: libgcrypt-devel, popt-devel, device-mapper-devel
 BuildRequires: libgpg-error-devel, e2fsprogs-devel, libsepol-devel
@@ -50,6 +51,7 @@
 %patch3 -p1 -b .udev
 %patch4 -p1 -b .dm
 %patch5 -p1 -b .errors
+%patch6 -p1 -b .wipe
 
 iconv -f latin1 -t utf8 ChangeLog > ChangeLog.new
 mv -f ChangeLog.new ChangeLog 
@@ -95,6 +97,9 @@
 
 
 %changelog
+* Thu Oct 30 2008 Milan Broz <mbroz at redhat.com> - 1.0.6-6
+- Wipe old fs headers to not confuse blkid (#468062)
+
 * Tue Sep 23 2008 Milan Broz <mbroz at redhat.com> - 1.0.6-5
 - Change new project home page.
 - Print more descriptive messages for initialization errors.


