2012-08-12 Milan Broz <gmazyland@gmail.com>
* Allocate loop device late (only when real block device needed).
* Rework underlying device/file access functions.
+ * Create hash image if doesn't exist in veritysetup format.
2012-07-10 Milan Broz <gmazyland@gmail.com>
* Version 1.5.0.
Note you need to provide root hash string for device verification
or activation. Root hash must be trusted.
-If data or hash device argument points to regular file, veritysetup
-allocates loopback device. In this case, hash file size must be enough
-to store the hash area.
+The data or hash device argument can be block device or file image.
+If hash device path doesn't exist, it will be created as file.
\fB<options>\fR can be [\-\-hash, \-\-no-superblock, \-\-format,
\-\-data-block-size, \-\-hash-block-size, \-\-data-blocks, \-\-hash-offset,
#include <inttypes.h>
#include <popt.h>
#include <limits.h>
+#include <sys/types.h>
#include <sys/stat.h>
+#include <fcntl.h>
#include "cryptsetup.h"
struct crypt_device *cd = NULL;
struct crypt_params_verity params = {};
uint32_t flags = CRYPT_VERITY_CREATE_HASH;
+ struct stat st;
int r;
+ /* Try to create hash image if doesn't exist */
+ if (stat(action_argv[1], &st) < 0) {
+ log_dbg("Creating hash image %s.", action_argv[1]);
+ r = open(action_argv[1], O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR);
+ if (r < 0) {
+ log_err(_("Cannot create hash image %s for writing.\n"), action_argv[1]);
+ return -EINVAL;
+ }
+ close(r);
+ }
+
if ((r = crypt_init(&cd, action_argv[1])))
goto out;
{
[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME
[ ! -z "$LOOPDEV1" ] && losetup -d $LOOPDEV1 >/dev/null 2>&1
- [ ! -z "$LOOPDEV2" ] && losetup -d $LOOPDEV2 >/dev/null 2>&1
rm -f $IMG $IMG_HASH $DEV_OUT >/dev/null 2>&1
LOOPDEV1=""
LOOPDEV2=""
losetup $LOOPDEV1 $IMG
[ -z "$2" ] && return
- dd if=/dev/zero of=$IMG_HASH bs=1k count=$2 >/dev/null 2>&1
- LOOPDEV2=$(losetup -f 2>/dev/null)
- [ -z "$LOOPDEV2" ] && fail "No free loop device"
- losetup $LOOPDEV2 $IMG_HASH
+ LOOPDEV2=$IMG_HASH
}
function wipe()
{
dd if=/dev/zero of=$LOOPDEV1 bs=256k >/dev/null 2>&1
- dd if=/dev/zero of=$LOOPDEV2 bs=256k >/dev/null 2>&1
- rm -f $DEV_OUT >/dev/null 2>&1
+ rm -f $IMG_HASH $DEV_OUT >/dev/null 2>&1
}
function check_exists()
case $fail in
data)
- dd if=/dev/urandom of=$LOOPDEV1 bs=1 seek=3456 count=8 2>/dev/null
+ dd if=/dev/urandom of=$LOOPDEV1 bs=1 seek=3456 count=8 conv=notrunc 2>/dev/null
TXT="data_dev"
;;
hash)
if [ -z "$LOOPDEV2" ] ; then
- dd if=/dev/urandom of=$LOOPDEV1 bs=1 seek=$((8193 + $4)) count=8 2>/dev/null
+ dd if=/dev/urandom of=$LOOPDEV1 bs=1 seek=$((8193 + $4)) count=8 conv=notrunc 2>/dev/null
else
- dd if=/dev/urandom of=$LOOPDEV2 bs=1 seek=8193 count=8 2>/dev/null
+ dd if=/dev/urandom of=$LOOPDEV2 bs=1 seek=8193 count=8 conv=notrunc 2>/dev/null
fi
TXT="hash_dev"
;;