pam_mount: add support for LUKS2
This commit is contained in:
parent
93b0accc76
commit
11fc055836
2 changed files with 76 additions and 18 deletions
|
@ -1,37 +1,48 @@
|
||||||
{ stdenv, fetchurl, autoconf, automake, pkgconfig, libtool, pam, libHX, libxml2, pcre, perl, openssl, cryptsetup, utillinux }:
|
{ stdenv, fetchurl, autoreconfHook, pkgconfig, libtool, pam, libHX, libxml2, pcre, perl, openssl, cryptsetup, utillinux }:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "pam_mount-2.16";
|
pname = "pam_mount";
|
||||||
|
version = "2.16";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "mirror://sourceforge/pam-mount/pam_mount/2.16/${name}.tar.xz";
|
url = "mirror://sourceforge/pam-mount/pam_mount/${version}/${pname}-${version}.tar.xz";
|
||||||
sha256 = "1rvi4irb7ylsbhvx1cr6islm2xxw1a4b19q6z4a9864ndkm0f0mf";
|
sha256 = "1rvi4irb7ylsbhvx1cr6islm2xxw1a4b19q6z4a9864ndkm0f0mf";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ pkgconfig ];
|
patches = [
|
||||||
buildInputs = [ autoconf automake libtool pam libHX utillinux libxml2 pcre perl openssl cryptsetup ];
|
./insert_utillinux_path_hooks.patch
|
||||||
|
./support_luks2.patch
|
||||||
|
];
|
||||||
|
|
||||||
patches = [ ./insert_utillinux_path_hooks.patch ];
|
postPatch = ''
|
||||||
|
substituteInPlace src/mtcrypt.c \
|
||||||
|
--replace @@NIX_UTILLINUX@@ ${utillinux}/bin
|
||||||
|
'';
|
||||||
|
|
||||||
preConfigure = ''
|
nativeBuildInputs = [ autoreconfHook libtool pkgconfig ];
|
||||||
substituteInPlace src/mtcrypt.c --replace @@NIX_UTILLINUX@@ ${utillinux}/bin
|
|
||||||
sh autogen.sh --prefix=$out
|
|
||||||
'';
|
|
||||||
|
|
||||||
makeFlags = [ "DESTDIR=$(out)" ];
|
buildInputs = [ pam libHX utillinux libxml2 pcre perl openssl cryptsetup ];
|
||||||
|
|
||||||
|
enableParallelBuilding = true;
|
||||||
|
|
||||||
|
configureFlags = [
|
||||||
|
"--prefix=${placeholder "out"}"
|
||||||
|
"--localstatedir=${placeholder "out"}/var"
|
||||||
|
"--sbindir=${placeholder "out"}/bin"
|
||||||
|
"--sysconfdir=${placeholder "out"}/etc"
|
||||||
|
"--with-slibdir=${placeholder "out"}/lib"
|
||||||
|
"--with-ssbindir=${placeholder "out"}/bin"
|
||||||
|
];
|
||||||
|
|
||||||
# Probably a hack, but using DESTDIR and PREFIX makes everything work!
|
|
||||||
postInstall = ''
|
postInstall = ''
|
||||||
mkdir -p $out
|
rm -r $out/var
|
||||||
cp -r $out/$out/* $out
|
'';
|
||||||
rm -r $out/nix
|
|
||||||
'';
|
|
||||||
|
|
||||||
meta = with stdenv.lib; {
|
meta = with stdenv.lib; {
|
||||||
homepage = "http://pam-mount.sourceforge.net/";
|
|
||||||
description = "PAM module to mount volumes for a user session";
|
description = "PAM module to mount volumes for a user session";
|
||||||
maintainers = [ maintainers.tstrobel ];
|
homepage = "https://pam-mount.sourceforge.net/";
|
||||||
license = with licenses; [ gpl2 gpl3 lgpl21 lgpl3 ];
|
license = with licenses; [ gpl2 gpl3 lgpl21 lgpl3 ];
|
||||||
|
maintainers = with maintainers; [ tstrobel ];
|
||||||
platforms = platforms.linux;
|
platforms = platforms.linux;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
47
pkgs/os-specific/linux/pam_mount/support_luks2.patch
Normal file
47
pkgs/os-specific/linux/pam_mount/support_luks2.patch
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
commit d4434c05e7c0cf05d87089404cfa2deedc60811a
|
||||||
|
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
Date: Mon Oct 29 16:47:40 2018 +0100
|
||||||
|
|
||||||
|
crypto: Add support for LUKS2
|
||||||
|
|
||||||
|
Cryptsetup version 2.0 added support for LUKS2.
|
||||||
|
This patch adds support for mounting LUKS2 volumes with
|
||||||
|
pam_mount.
|
||||||
|
|
||||||
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||||||
|
|
||||||
|
diff --git a/src/crypto-dmc.c b/src/crypto-dmc.c
|
||||||
|
index d0ab6ca..abd0358 100644
|
||||||
|
--- a/src/crypto-dmc.c
|
||||||
|
+++ b/src/crypto-dmc.c
|
||||||
|
@@ -21,6 +21,12 @@
|
||||||
|
#include "libcryptmount.h"
|
||||||
|
#include "pam_mount.h"
|
||||||
|
|
||||||
|
+#ifndef CRYPT_LUKS
|
||||||
|
+ #define CRYPT_LUKS NULL /* Passing NULL to crypt_load will
|
||||||
|
+ default to LUKS(1) on older
|
||||||
|
+ libcryptsetup versions. */
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* dmc_is_luks - check if @path points to a LUKS volume (cf. normal dm-crypt)
|
||||||
|
* @path: path to the crypto container
|
||||||
|
@@ -48,7 +54,7 @@ EXPORT_SYMBOL int ehd_is_luks(const char *path, bool blkdev)
|
||||||
|
|
||||||
|
ret = crypt_init(&cd, device);
|
||||||
|
if (ret == 0) {
|
||||||
|
- ret = crypt_load(cd, CRYPT_LUKS1, NULL);
|
||||||
|
+ ret = crypt_load(cd, CRYPT_LUKS, NULL);
|
||||||
|
if (ret == -EINVAL)
|
||||||
|
ret = false;
|
||||||
|
else if (ret == 0)
|
||||||
|
@@ -106,7 +112,7 @@ static bool dmc_run(const struct ehd_mount_request *req,
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
- ret = crypt_load(cd, CRYPT_LUKS1, NULL);
|
||||||
|
+ ret = crypt_load(cd, CRYPT_LUKS, NULL);
|
||||||
|
if (ret == 0) {
|
||||||
|
ret = crypt_activate_by_passphrase(cd, mt->crypto_name,
|
||||||
|
CRYPT_ANY_SLOT, req->key_data, req->key_size, flags);
|
Loading…
Reference in a new issue