Fixed TRIM option handling in /etc/crypttab

'discard' ('allow-discards' being the switch name to use in cryptsetup)

v0.4-1
master 0.4-1
Julien Coloos 2017-06-25 18:22:53 +02:00
parent cf6ccb2d23
commit e5ee05f382
4 changed files with 42 additions and 26 deletions

View File

@ -1,26 +1,32 @@
2017-06-25 Julien Coloos <julien.coloos [at] gmail [dot] com>
* v0.4-1
Fixed TRIM option handling in /etc/crypttab: 'discard' ('allow-discards' being the switch name to use in cryptsetup)
2015-11-22 Julien Coloos <julien.coloos [at] gmail [dot] com> 2015-11-22 Julien Coloos <julien.coloos [at] gmail [dot] com>
* v0.3-1 * v0.3-1
Added configurable timeout for ipconfig Added configurable timeout for ipconfig
Moved configuration file from /etc/dropbear/initrd.env to /etc/initcpio/sshcs_env Moved configuration file from /etc/dropbear/initrd.env to /etc/initcpio/sshcs_env
2014-05-20 Julien Coloos <julien.coloos [at] gmail [dot] com> 2014-05-20 Julien Coloos <julien.coloos [at] gmail [dot] com>
* v0.2-1 * v0.2-1
Removed unnecessary dependency: psmisc Removed unnecessary dependency: psmisc
Added configurable timeout to unlock devices before automatic poweroff Added configurable timeout to unlock devices before automatic poweroff
2014-05-19 Julien Coloos <julien.coloos [at] gmail [dot] com> 2014-05-19 Julien Coloos <julien.coloos [at] gmail [dot] com>
* v0.1-1 * v0.1-1
* Code adapted from dropbear_initrd_encrypt (https://aur.archlinux.org/packages/dropbear_initrd_encrypt/) * Code adapted from dropbear_initrd_encrypt (https://aur.archlinux.org/packages/dropbear_initrd_encrypt/)
Reworked code Reworked code
Dropped non-LUKS support Dropped non-LUKS support
Rely on /etc/crypttab Rely on /etc/crypttab
Handle multiple devices to unlock Handle multiple devices to unlock
Merged dropbear and encryptssh hooks Merged dropbear and encryptssh hooks
Better resources cleanup Better resources cleanup

View File

@ -1,6 +1,6 @@
# Maintainer: Julien Coloos <julien.coloos [at] gmail [dot] com> # Maintainer: Julien Coloos <julien.coloos [at] gmail [dot] com>
pkgname=initrd-ssh-cryptsetup pkgname=initrd-ssh-cryptsetup
pkgver=0.3 pkgver=0.4
pkgrel=1 pkgrel=1
pkgdesc="Allows for LUKS-encrypted devices to be unlocked remotely over SSH" pkgdesc="Allows for LUKS-encrypted devices to be unlocked remotely over SSH"
arch=('any') arch=('any')
@ -10,7 +10,7 @@ depends=('dropbear' 'cryptsetup' 'mkinitcpio-nfs-utils' 'iproute2')
install=$pkgname.install install=$pkgname.install
changelog='ChangeLog' changelog='ChangeLog'
source=("http://julien.coloos.free.fr/archlinux/$pkgname-$pkgver.tar.xz" "$pkgname.install") source=("http://julien.coloos.free.fr/archlinux/$pkgname-$pkgver.tar.xz" "$pkgname.install")
md5sums=('a25dbbac5cd82a8d87932e646e38d9c4' md5sums=('fab9d0ffc14a6cd7bcb79fa1b9411336'
'ac60109d80e7bb2af0d66e69aaf178a6') 'ac60109d80e7bb2af0d66e69aaf178a6')
package() { package() {

View File

@ -8,21 +8,21 @@ After cloning the repo, installation is done as for an AUR package.
## Configuration ## Configuration
As explained upon installation, the following things need to be done: As explained upon installation, the following things need to be done:
* add the SSH public key to `/etc/dropbear/initrd.authorized_keys` * add the SSH public key to `/etc/dropbear/initrd.authorized_keys`
* add the `ip=` kernel command parameter to the bootloader configuration (see https://wiki.archlinux.org/index.php/Mkinitcpio#Using_net) * add the `ip=` kernel command parameter to the bootloader configuration (see https://wiki.archlinux.org/index.php/Mkinitcpio#Using_net)
* in the `HOOKS` section of `/etc/mkinitcpio.conf`, add `ssh-cryptsetup` before `filesystems`; then rebuild the initramfs: `mkinitcpio -p linux` * in the `HOOKS` section of `/etc/mkinitcpio.conf`, add `ssh-cryptsetup` before `filesystems`; then rebuild the initramfs: `mkinitcpio -p linux`
The LUKS-encrypted devices to unlock are derived from `/etc/crypttab`. The LUKS-encrypted devices to unlock are derived from `/etc/crypttab`.
Some options can be set in `/etc/initcpio/sshcs_env` (file is sourced in initrd shell): Some options can be set in `/etc/initcpio/sshcs_env` (file is sourced in initrd shell):
* `sshcs_opt_timeout_ipconfig`: time (in seconds) to configure IP * `sshcs_opt_timeout_ipconfig`: time (in seconds) to configure IP
- default: 10 seconds - default: 10 seconds
* `sshcs_opt_listen`: SSH listening port * `sshcs_opt_listen`: SSH listening port
- default: 22 - default: 22
* `sshcs_opt_timeout_poweroff`: time (in seconds) to unlock devices before automatic powering off * `sshcs_opt_timeout_poweroff`: time (in seconds) to unlock devices before automatic powering off
- default (and minimum value): 2 minutes - default (and minimum value): 2 minutes
- negative value to deactivate - negative value to deactivate
For example: For example:
@ -30,3 +30,13 @@ For example:
sshcs_opt_listen=2222 sshcs_opt_listen=2222
sshcs_opt_timeout_poweroff=-1 sshcs_opt_timeout_poweroff=-1
## Building notes
1. Modify the sources (features in `src`, and/or package building files)
2. If `src` was modified
* archive the `src` folder in `$pkgname-$pkgver.tar.xz` file; e.g.: `tar -cJf initrd-ssh-cryptsetup-0.4.tar.xz src`
* upload the archive on the online repository (pointed by `PKGBUILD`)
3. Update `PKGBUILD`
* bump `pkgver` if `src` was modified, or `pkgrel` if building files were modified
* refresh `md5sums` if necessary (based on `md5sum initrd-ssh-cryptsetup-*.tar.xz initrd-ssh-cryptsetup.install` output)
4. Delete generated archive file if any

View File

@ -179,7 +179,7 @@ sshcs_cryptpart_process() {
cryptargs= cryptargs=
for cryptopt in ${cryptoptions//,/ }; do for cryptopt in ${cryptoptions//,/ }; do
case ${cryptopt} in case ${cryptopt} in
allow-discards) discard)
cryptargs="${cryptargs} --allow-discards" cryptargs="${cryptargs} --allow-discards"
;; ;;