[systemd-commits] 2 commits - Makefile.am man/crypttab.xml src/cryptsetup

Lennart Poettering lennart at kemper.freedesktop.org
Wed Jun 27 04:24:29 PDT 2012


 Makefile.am                           |    3 
 man/crypttab.xml                      |  284 ++++++++++++++++++++++++++++++++++
 src/cryptsetup/cryptsetup-generator.c |    2 
 3 files changed, 287 insertions(+), 2 deletions(-)

New commits:
commit 1c7327004ab6f0b91bdceb06877a3094c5fe2a4b
Author: Lennart Poettering <lennart at poettering.net>
Date:   Wed Jun 27 13:24:13 2012 +0200

    man: add reference to crypttab(5) from cryptsetup units

diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index 4056d1d..f714c8c 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -120,7 +120,7 @@ static int create_disk(
                 "# Automatically generated by systemd-cryptsetup-generator\n\n"
                 "[Unit]\n"
                 "Description=Cryptography Setup for %%I\n"
-                "Documentation=man:systemd-cryptsetup at .service(8)\n"
+                "Documentation=man:systemd-cryptsetup at .service(8) man:crypttab(5)\n"
                 "SourcePath=/etc/crypttab\n"
                 "Conflicts=umount.target\n"
                 "DefaultDependencies=no\n"

commit 45ae1a05f98adfccaa3bdc36f8767322ac79c8e2
Author: Lennart Poettering <lennart at poettering.net>
Date:   Wed Jun 27 13:23:12 2012 +0200

    man: document /etc/crypttab

diff --git a/Makefile.am b/Makefile.am
index 3718fa8..55d7e39 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2610,7 +2610,8 @@ INSTALL_DATA_HOOKS += \
 	cryptsetup-install-data-hook
 
 MANPAGES += \
-	man/systemd-cryptsetup at .service.8
+	man/systemd-cryptsetup at .service.8 \
+	man/crypttab.5
 
 MANPAGES_ALIAS += \
 	man/systemd-cryptsetup.8
diff --git a/man/crypttab.xml b/man/crypttab.xml
new file mode 100644
index 0000000..d61ec95
--- /dev/null
+++ b/man/crypttab.xml
@@ -0,0 +1,284 @@
+<?xml version="1.0"?>
+<!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!--
+  This file is part of systemd.
+
+  Copyright 2012 Lennart Poettering
+
+  systemd is free software; you can redistribute it and/or modify it
+  under the terms of the GNU Lesser General Public License as published by
+  the Free Software Foundation; either version 2.1 of the License, or
+  (at your option) any later version.
+
+  systemd is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  Lesser General Public License for more details.
+
+  You should have received a copy of the GNU Lesser General Public License
+  along with systemd; If not, see <http://www.gnu.org/licenses/>.
+
+  This is based on crypttab(5) from Fedora's initscripts package, which in
+  turn is based on Debian's version.
+
+  The Red Hat version has been written by Miloslav Trmac <mitr at redhat.com>.
+
+-->
+<refentry id="crypttab">
+
+        <refentryinfo>
+                <title>crypttab</title>
+                <productname>systemd</productname>
+
+                <authorgroup>
+                        <author>
+                                <contrib>Documentation</contrib>
+                                <firstname>Miloslav</firstname>
+                                <surname>Trmac</surname>
+                                <email>mitr at redhat.com</email>
+                        </author>
+                        <author>
+                                <contrib>Documentation</contrib>
+                                <firstname>Lennart</firstname>
+                                <surname>Poettering</surname>
+                                <email>lennart at poettering.net</email>
+                        </author>
+                </authorgroup>
+        </refentryinfo>
+
+        <refmeta>
+                <refentrytitle>crypttab</refentrytitle>
+                <manvolnum>5</manvolnum>
+        </refmeta>
+
+        <refnamediv>
+                <refname>crypttab</refname>
+                <refpurpose>Configuration for encrypted block devices</refpurpose>
+        </refnamediv>
+
+        <refsynopsisdiv>
+                <para><filename>/etc/crypttab</filename></para>
+        </refsynopsisdiv>
+
+        <refsect1>
+                <title>Description</title>
+
+                <para>The <filename>/etc/crypttab</filename> file
+                describes encrypted block devices that are set up
+                during system boot.</para>
+
+                <para>Empty lines and lines starting with the #
+                character are ignored.  Each of the remaining lines
+                describes one encrypted block device, fields on the
+                line are delimited by white space.  The first two
+                fields are mandatory, the remaining two are
+                optional.</para>
+
+                <para>The first field contains the name of the
+                resulting encrypted block device; the device is set up
+                within <filename>/dev/mapper/</filename>.</para>
+
+                <para>The second field contains a path to the
+                underlying block device, or a specification of a block
+                device via <literal>UUID=</literal> followed by the
+                UUID.  If the block device contains a LUKS signature,
+                it is opened as a LUKS encrypted partition; otherwise
+                it is assumed to be a raw dm-crypt partition.</para>
+
+                <para>The third field specifies the encryption
+                password.  If the field is not present or the password
+                is set to none, the password has to be manually
+                entered during system boot.  Otherwise the field is
+                interpreted as a path to a file containing the
+                encryption password.  For swap encryption
+                <filename>/dev/urandom</filename> or the hardware
+                device <filename>/dev/hw_random</filename> can be used
+                as the password file; using
+                <filename>/dev/random</filename> may prevent boot
+                completion if the system does not have enough entropy
+                to generate a truly random encryption key.</para>
+
+                <para>The fourth field, if present, is a
+                comma-delimited list of options.  The following
+                options are recognized:</para>
+
+                <variablelist>
+                        <varlistentry>
+                                <term><varname>cipher=</varname></term>
+
+                                <listitem><para>Specifies the cipher
+                                to use; see
+                                <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+                                for possible values and the default
+                                value of this option.  A cipher with
+                                unpredictable IV values, such as
+                                <literal>aes-cbc-essiv:sha256</literal>,
+                                is recommended. </para></listitem>
+                        </varlistentry>
+
+
+                        <varlistentry>
+                                <term><varname>size=</varname></term>
+
+                                <listitem><para>Specifies the key size
+                                in bits; see
+                                <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+                                for possible values and the default
+                                value of this
+                                option. </para></listitem>
+                        </varlistentry>
+
+
+                        <varlistentry>
+                                <term><varname>hash=</varname></term>
+
+                                <listitem><para>Specifies the hash to
+                                use for password hashing; see
+                                <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry> for possible values and
+                                the default value of this
+                                option. </para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><varname>tries=</varname></term>
+
+                                <listitem><para>Specifies the maximum
+                                number of times the user is queried
+                                for a password.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><varname>verify</varname></term>
+
+                                <listitem><para> If the the encryption
+                                password is read from console, it has
+                                to be entered twice (to prevent
+                                typos). </para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><varname>read-only</varname></term>
+
+                                <listitem><para>Set up the encrypted
+                                block device in read-only
+                                mode.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><varname>allow-discards</varname></term>
+
+                                <listitem><para>Allow discard requests
+                                to be passed through the encrypted
+                                block device. This improves
+                                performance on SSD storage but has
+                                security
+                                implications.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><varname>luks</varname></term>
+
+                                <listitem><para>Force LUKS mode.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><varname>plain</varname></term>
+
+                                <listitem><para>Force plain encryption
+                                mode.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><varname>timeout=</varname></term>
+
+                                <listitem><para>Specify the timeout
+                                for querying for a password. If not
+                                unit is specified in
+                                seconds. Supported units are s, ms,
+                                us, min, h, d.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><varname>noauto</varname></term>
+
+                                <listitem><para> This device will not
+                                be automatically unlocked on
+                                boot. </para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><varname>nofail</varname></term>
+
+                                <listitem><para>The system will not
+                                wait for the device to show up and be
+                                unlocked at boot, and not fail the
+                                boot if it doesn't show
+                                up.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><varname>swap</varname></term>
+
+                                <listitem><para> The encrypted block
+                                device will be used as a swap
+                                partition, and will be formatted as a
+                                swap partition after setting up the
+                                encrypted block device, with
+                                <citerefentry><refentrytitle>mkswap</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
+
+                                <para>WARNING: Using the
+                                <varname>swap</varname> option will
+                                destroy the contents of the named
+                                partition during every boot, so make
+                                sure the underlying block device is
+                                specified
+                                correctly. </para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
+                                <term><varname>tmp</varname></term>
+
+                                <listitem><para>The encrypted block
+                                device will be prepared for using it
+                                as <filename>/tmp</filename>
+                                partition: it will be formatted using
+                                <citerefentry><refentrytitle>mke2fs</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
+
+                                <para>WARNING: Using the
+                                <varname>tmp</varname> option will
+                                destroy the contents of the named
+                                partition during every boot, so make
+                                sure the underlying block device is
+                                specified
+                                correctly. </para></listitem>
+                        </varlistentry>
+                </variablelist>
+
+        </refsect1>
+
+        <refsect1>
+                <title>Example</title>
+                <example>
+                        <title>/etc/crypttab example</title>
+                        <para>Set up two encrypted block devices with
+                        LUKS: one normal one for storage, and another
+                        one for usage as swap device.</para>
+
+                        <programlisting>luks-2505567a-9e27-4efe-a4d5-15ad146c258b UUID=2505567a-9e27-4efe-a4d5-15ad146c258b - timeout=0
+swap /dev/sda7 /dev/urandom swap</programlisting>
+                </example>
+        </refsect1>
+
+        <refsect1>
+                <title>See Also</title>
+                <para>
+                        <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+                        <citerefentry><refentrytitle>systemd-cryptsetup at .service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+                        <citerefentry><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+                        <citerefentry><refentrytitle>mkswap</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+                        <citerefentry><refentrytitle>mke2fs</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+                </para>
+        </refsect1>
+
+</refentry>



More information about the systemd-commits mailing list