[systemd-commits] 2 commits - Makefile.am man/crypttab.xml src/cryptsetup
Lennart Poettering
lennart at kemper.freedesktop.org
Wed Jun 27 04:24:29 PDT 2012
Makefile.am | 3
man/crypttab.xml | 284 ++++++++++++++++++++++++++++++++++
src/cryptsetup/cryptsetup-generator.c | 2
3 files changed, 287 insertions(+), 2 deletions(-)
New commits:
commit 1c7327004ab6f0b91bdceb06877a3094c5fe2a4b
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Jun 27 13:24:13 2012 +0200
man: add reference to crypttab(5) from cryptsetup units
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index 4056d1d..f714c8c 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -120,7 +120,7 @@ static int create_disk(
"# Automatically generated by systemd-cryptsetup-generator\n\n"
"[Unit]\n"
"Description=Cryptography Setup for %%I\n"
- "Documentation=man:systemd-cryptsetup at .service(8)\n"
+ "Documentation=man:systemd-cryptsetup at .service(8) man:crypttab(5)\n"
"SourcePath=/etc/crypttab\n"
"Conflicts=umount.target\n"
"DefaultDependencies=no\n"
commit 45ae1a05f98adfccaa3bdc36f8767322ac79c8e2
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Jun 27 13:23:12 2012 +0200
man: document /etc/crypttab
diff --git a/Makefile.am b/Makefile.am
index 3718fa8..55d7e39 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2610,7 +2610,8 @@ INSTALL_DATA_HOOKS += \
cryptsetup-install-data-hook
MANPAGES += \
- man/systemd-cryptsetup at .service.8
+ man/systemd-cryptsetup at .service.8 \
+ man/crypttab.5
MANPAGES_ALIAS += \
man/systemd-cryptsetup.8
diff --git a/man/crypttab.xml b/man/crypttab.xml
new file mode 100644
index 0000000..d61ec95
--- /dev/null
+++ b/man/crypttab.xml
@@ -0,0 +1,284 @@
+<?xml version="1.0"?>
+<!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!--
+ This file is part of systemd.
+
+ Copyright 2012 Lennart Poettering
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+ This is based on crypttab(5) from Fedora's initscripts package, which in
+ turn is based on Debian's version.
+
+ The Red Hat version has been written by Miloslav Trmac <mitr at redhat.com>.
+
+-->
+<refentry id="crypttab">
+
+ <refentryinfo>
+ <title>crypttab</title>
+ <productname>systemd</productname>
+
+ <authorgroup>
+ <author>
+ <contrib>Documentation</contrib>
+ <firstname>Miloslav</firstname>
+ <surname>Trmac</surname>
+ <email>mitr at redhat.com</email>
+ </author>
+ <author>
+ <contrib>Documentation</contrib>
+ <firstname>Lennart</firstname>
+ <surname>Poettering</surname>
+ <email>lennart at poettering.net</email>
+ </author>
+ </authorgroup>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>crypttab</refentrytitle>
+ <manvolnum>5</manvolnum>
+ </refmeta>
+
+ <refnamediv>
+ <refname>crypttab</refname>
+ <refpurpose>Configuration for encrypted block devices</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <para><filename>/etc/crypttab</filename></para>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>Description</title>
+
+ <para>The <filename>/etc/crypttab</filename> file
+ describes encrypted block devices that are set up
+ during system boot.</para>
+
+ <para>Empty lines and lines starting with the #
+ character are ignored. Each of the remaining lines
+ describes one encrypted block device, fields on the
+ line are delimited by white space. The first two
+ fields are mandatory, the remaining two are
+ optional.</para>
+
+ <para>The first field contains the name of the
+ resulting encrypted block device; the device is set up
+ within <filename>/dev/mapper/</filename>.</para>
+
+ <para>The second field contains a path to the
+ underlying block device, or a specification of a block
+ device via <literal>UUID=</literal> followed by the
+ UUID. If the block device contains a LUKS signature,
+ it is opened as a LUKS encrypted partition; otherwise
+ it is assumed to be a raw dm-crypt partition.</para>
+
+ <para>The third field specifies the encryption
+ password. If the field is not present or the password
+ is set to none, the password has to be manually
+ entered during system boot. Otherwise the field is
+ interpreted as a path to a file containing the
+ encryption password. For swap encryption
+ <filename>/dev/urandom</filename> or the hardware
+ device <filename>/dev/hw_random</filename> can be used
+ as the password file; using
+ <filename>/dev/random</filename> may prevent boot
+ completion if the system does not have enough entropy
+ to generate a truly random encryption key.</para>
+
+ <para>The fourth field, if present, is a
+ comma-delimited list of options. The following
+ options are recognized:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><varname>cipher=</varname></term>
+
+ <listitem><para>Specifies the cipher
+ to use; see
+ <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ for possible values and the default
+ value of this option. A cipher with
+ unpredictable IV values, such as
+ <literal>aes-cbc-essiv:sha256</literal>,
+ is recommended. </para></listitem>
+ </varlistentry>
+
+
+ <varlistentry>
+ <term><varname>size=</varname></term>
+
+ <listitem><para>Specifies the key size
+ in bits; see
+ <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ for possible values and the default
+ value of this
+ option. </para></listitem>
+ </varlistentry>
+
+
+ <varlistentry>
+ <term><varname>hash=</varname></term>
+
+ <listitem><para>Specifies the hash to
+ use for password hashing; see
+ <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry> for possible values and
+ the default value of this
+ option. </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>tries=</varname></term>
+
+ <listitem><para>Specifies the maximum
+ number of times the user is queried
+ for a password.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>verify</varname></term>
+
+ <listitem><para> If the the encryption
+ password is read from console, it has
+ to be entered twice (to prevent
+ typos). </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>read-only</varname></term>
+
+ <listitem><para>Set up the encrypted
+ block device in read-only
+ mode.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>allow-discards</varname></term>
+
+ <listitem><para>Allow discard requests
+ to be passed through the encrypted
+ block device. This improves
+ performance on SSD storage but has
+ security
+ implications.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>luks</varname></term>
+
+ <listitem><para>Force LUKS mode.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>plain</varname></term>
+
+ <listitem><para>Force plain encryption
+ mode.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>timeout=</varname></term>
+
+ <listitem><para>Specify the timeout
+ for querying for a password. If not
+ unit is specified in
+ seconds. Supported units are s, ms,
+ us, min, h, d.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>noauto</varname></term>
+
+ <listitem><para> This device will not
+ be automatically unlocked on
+ boot. </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>nofail</varname></term>
+
+ <listitem><para>The system will not
+ wait for the device to show up and be
+ unlocked at boot, and not fail the
+ boot if it doesn't show
+ up.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>swap</varname></term>
+
+ <listitem><para> The encrypted block
+ device will be used as a swap
+ partition, and will be formatted as a
+ swap partition after setting up the
+ encrypted block device, with
+ <citerefentry><refentrytitle>mkswap</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
+
+ <para>WARNING: Using the
+ <varname>swap</varname> option will
+ destroy the contents of the named
+ partition during every boot, so make
+ sure the underlying block device is
+ specified
+ correctly. </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>tmp</varname></term>
+
+ <listitem><para>The encrypted block
+ device will be prepared for using it
+ as <filename>/tmp</filename>
+ partition: it will be formatted using
+ <citerefentry><refentrytitle>mke2fs</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
+
+ <para>WARNING: Using the
+ <varname>tmp</varname> option will
+ destroy the contents of the named
+ partition during every boot, so make
+ sure the underlying block device is
+ specified
+ correctly. </para></listitem>
+ </varlistentry>
+ </variablelist>
+
+ </refsect1>
+
+ <refsect1>
+ <title>Example</title>
+ <example>
+ <title>/etc/crypttab example</title>
+ <para>Set up two encrypted block devices with
+ LUKS: one normal one for storage, and another
+ one for usage as swap device.</para>
+
+ <programlisting>luks-2505567a-9e27-4efe-a4d5-15ad146c258b UUID=2505567a-9e27-4efe-a4d5-15ad146c258b - timeout=0
+swap /dev/sda7 /dev/urandom swap</programlisting>
+ </example>
+ </refsect1>
+
+ <refsect1>
+ <title>See Also</title>
+ <para>
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-cryptsetup at .service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>mkswap</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>mke2fs</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ </para>
+ </refsect1>
+
+</refentry>
More information about the systemd-commits
mailing list