[Pkg-cryptsetup-devel] Bug#460994: cryptsetup: manpage typos; cryptsetup, crypttab
Justin Pryzby
jpryzby+d at quoininc.com
Wed Jan 16 01:40:28 UTC 2008
Package: cryptsetup
Version: 2:1.0.6~pre1-1
Severity: minor
There's some typos in the documentation; some of these are generated
docs, so the patches can't all be applied simply.
crypttab.5:
26c26
< The file \fBcrypttab\fR (usually located at \fB/etc/crypttab\fR) contains descriptive information about encrypted file systems\. \fBcrypttab\fR is only read by programs, and not written; it is the duty of the system administrator to properly create and maintain this file\. Each file system is described on a separate line; fields on each line are separated by tabs or spaces\. Lines starting with "\fI#\fR" are comments, empty lines are ignored\. The order of records in \fBcrypttab\fR is important because the \fB/etc/init\.d/cryptdisks\fR script sequentially iterates through \fBcrypttab\fR doing its thing\. Note that all four fields are mandatory and that a missing field will lead to unspecified behaviour\.
---
> The file \fBcrypttab\fR (usually located at \fB/etc/crypttab\fR) contains descriptive information about encrypted filesystems\. \fBcrypttab\fR is only read by programs, and not written; it is the duty of the system administrator to properly create and maintain this file\. Each filesystem is described on a separate line; fields on each line are separated by tabs or spaces\. Lines starting with "\fI#\fR" are comments, empty lines are ignored\. The order of records in \fBcrypttab\fR is important because the \fB/etc/init\.d/cryptdisks\fR script sequentially iterates through \fBcrypttab\fR doing its thing\. Note that all four fields are mandatory and that a missing field will lead to unspecified behaviour\.
30c30
< The second field \fIsource device\fR describes either the block special device or file (which will be automatically mounted as loop device) that should hold the encrypted data\.
---
> The second field \fIsource device\fR describes either the block special device or file (which will be automatically mounted as a loop device) that should hold the encrypted data\.
106c106
< Check the source device by suitable program; if the check fails the device is not created; <precheck> is a script to check the source device\. The source device is given as argument to the script\.
---
> Check the source device by suitable program; if the check fails, the device is not created; <precheck> is a script to check the source device\. The source device is given as an argument to the script\.
111c111
< Check the content of the device by a suitable program; if the check fails the device is removed\. If a program is provided as argument, it is run, giving the decrypted volume (target device) as first, and the value of the checkargs option as second argument\. Cryptdisks searches for the given program in /lib/cryptsetup/checks/\. Default is vol_id\.
---
> Check the content of the device by a suitable program; if the check fails, the device is removed\. If a program is provided as an argument, it is run, giving the decrypted volume (target device) as the first argument, and the value of the checkargs option as second argument\. Cryptdisks searches for the given program in /lib/cryptsetup/checks/\. Default is vol_id\.
116c116
< Give <arguments> as second argument to the check script\. See description for CHECKSCRIPTS for more information\.
---
> Give <arguments> as the second argument to the check script\. See description for CHECKSCRIPTS for more information\.
121c121
< The input of the passphrase is tried <num> times in case that it fails\. If you want to disable retries, give tries=1 as argument\. Default is 3\.
---
> The input of the passphrase is tried <num> times in case that it fails\. If you want to disable retries, pass tries=1\. Default is 3\.
141c141
< The executable at the inidicated path is executed with the
---
> The executable at the indicated path is executed with the
188c188
< \fBEncrypted disk with interactive password and twofish as cipher\fR
---
> \fBEncrypted disk with interactive password and twofish as the cipher\fR
210c210
< Specifies the checkscript to be run against the target device, after cryptdisks has been invoked\. The target device is given as only argument to the checkscript\. Takes effect, if the
---
> Specifies the checkscript to be run against the target device, after cryptdisks has been invoked\. The target device is passed as the first andonly argument to the checkscript\. Takes effect, if the
217c217
< Specifies the checkscript to be run against the source device, before cryptdisks has been invoked\. The source device is given as only argument to the checkscript\. Takes effect, if the
---
> Specifies the checkscript to be run against the source device, before cryptdisks has been invoked\. The source device is given as the first and only argument to the checkscript\. Takes effect, if the
229c229,230
< cryptsetup(8), /etc/crypttab
---
> .BR cryptsetup (8),
> .I /etc/crypttab
crypsetup.8:
11c11
< cryptsetup is used to conveniently set up dm-crypt managed device-mapper mappings. For basic dm-crypt mappings, there are five operations.
---
> cryptsetup is used to conveniently setup up dm-crypt managed device-mapper mappings. For basic dm-crypt mappings, there are five operations.
45c45
< initializes a LUKS partition and sets the initial key, either via prompting or via <key file>.
---
> initializes a LUKS partition and set the initial key, either via prompting or via <key file>.
59c59
< add a new key file/passphrase. An existing passphrase or key file (via \-\-key-file) must be supplied. The key file with the new material is supplied as a positional argument. <options> can be [\-\-key-file].
---
> add a new key file/passphrase. An existing passphrase or key file (via \-\-key-file) must be supplied. The key file with the new material is supplied as after \fIluksAddKey\fR as positional argument. <options> can be [\-\-key-file].
88c88
< query for passwords twice. Useful when creating a (regular) mapping for the first time, or when running \fIluksFormat\fR.
---
> query for passwords twice. Useful, when creating a (regular) mapping for the first time, or when running \fIluksFormat\fR.
99c99
< force the size of the underlying device in sectors.
---
> force the size of the underlaying device in sectors.
105c105
< how many sectors of the encrypted data to skip at the beginning. This is different from the \-\-offset options with respect to IV calculations. Using \-\-offset will shift the IV calculation by the same negative amount. Hence, if \-\-offset \fIn\fR, sector \fIn\fR will be the first sector on the mapping with IV \fI0\fR. Using \-\-skip would have resulted in sector \fIn\fR being the first sector also, but with IV \fIn\fR.
---
> how many sectors of the encrypted data to skip at the beginning. This is different from the \-\-offset options with respect to IV calculations. Using \-\-offset will shift the IV calculcation by the same negative amount. Hence, if \-\-offset \fIn\fR, sector \fIn\fR will be the first sector on the mapping with IV \fI0\fR. Using \-\-skip would have resulted in sector \fIn\fR being the first sector also, but with IV \fIn\fR.
108c108
< set up a read-only mapping.
---
> setup a read-only mapping.
111c111
< The number of milliseconds to spend with PBKDF2 password processing. This options is only relevant to the LUKS operations \fIluksFormat\fR and\fIluksAddKey\fR.
---
> The number of milliseconds to spend with PBKDF2 password processing. This options is only relevant to LUKS key setting operations as \fIluksFormat\fR or \fIluksAddKey\fR.
117,118c117
< The number of seconds to wait before timeout. This option is relevant
< every time a password is asked, with \fIcreate\fR, \fIluksOpen\fR, \fIluksFormat\fR or \fIluksAddKey\fR. It has no effect if used in conjunction with \-\-key-file.
---
> The number of seconds to wait before timeout. This option is relevant evertime a password is asked, like \fIcreate\fR, \fIluksOpen\fR, \fIluksFormat\fR or \fIluksAddKey\fR. It has no effect if used in conjunction with \-\-key-file.
121,122c120
< How often the input of the passphrase shall be retried. This option is
< relevant every time a password is asked, with \fIcreate\fR, \fIluksOpen\fR, \fIluksFormat\fR or \fIluksAddKey\fR. The default is 3 tries.
---
> How often the input of the passphrase shall be retried. This option is relevant evertime a password is asked, like \fIcreate\fR, \fIluksOpen\fR, \fIluksFormat\fR or \fIluksAddKey\fR. The default is 3 tries.
125c123
< Align payload at a boundary of \fIvalue\fR 512-byte sectors. This option is relevant for \fIluksFormat\fR. If your block device lives on a RAID, it is
---
> Align payload at a boundary of \fIvalue\fR 512-byte sectors. This option is relevant for \fIluksFormat\fR. If your block device lives on a RAID it is
127c125
< in the mkfs.xfs manual page. By default, the payload is aligned at an 8 sector (4096 byte) boundary.
---
> in the mkfs.xfs manual page. By default the payload is aligned at an 8 sector (4096 byte) boundary.
133c131
< \fIFrom a file descriptor or a terminal\fR: Password processing is new-line sensitive, meaning the reading will stop after encountering \\n. It will process the read material (without newline) with the default hash or the hash given by \-\-hash. After hashing, it will be cropped to the key size given by \-s (default 256 bits).
---
> \fIFrom a file descriptor or a terminal\fR: Password processing is new-line sensitive, meaning the reading will stop after encountering \\n. It will processed the read material (without newline) with the default hash or the hash given by \-\-hash. After hashing it will be cropped to the key size given by \-s (default 256 bits).
135,136c133
< \fIFrom stdin\fR: Reading will continue until EOF (so using e.g. /dev/random as stdin will not work), with the trailing newline stripped. After that the read data will be hashed with the default hash or the hash given by \-\-hash and the result will be cropped to the keysize given by \-s (default 256 bits). If "plain" is used as an argument to the hash option, the input data will not be hashed.
< Instead, it will be zero padded (if shorter than the keysize) or truncated (if longer than the keysize) and used directly as the key. No warning will be given if the amount of data read from stdin is less than the keysize.
---
> \fIFrom stdin\fR: Reading will continue until EOF (so using e.g. /dev/random as stdin will not work), with the trailing newline stripped. After that the read data will be hashed with the default hash or the hash given by \-\-hash and the result will be cropped to the keysize given by \-s (default 256 bits). If "plain" is used as an argument to the hash option, the input data will not be hashed. Instead it will be zero padded (if shorter than the keysize) or truncated (if longer than the keysize) and used directly as the key. No warning will be given if the amount of data read from stdin is less than the keysize.
140c137
< If \-\-key-file=- is used for reading the key from stdin, no trailing newline is stripped from the input. Without that option, cryptsetup strips trailing newlines from stdin input.
---
> If \-\-key-file=- is used for reading the key from stdin, no trailing newline ist stripped from the input. Without that option, cryptsetup strips trailing newlines from stdin input.
146c143
< LUKS will always do an exhaustive password reading. Hence, password can not be read from /dev/random, /dev/zero or any other stream that does not terminate.
---
> LUKS will always do an exhaustive password reading. Hence, password can not be read from /dev/random, /dev/zero or any other stream, that does not terminate.
150c147
< For any password creation action (luksAddKey, or luksFormat), the user may specify how much the time the password processing should consume.
---
> For any password creation action (luksAddKey, or luksFormat), the user specify, how much the time the password processing should consume.
153c150
< Mathematic can't be bribed. Make sure you keep your passwords safe. There are a few nice tricks for constructing a fallback, when suddenly out of (or after being) blue, your brain refuses to cooperate. These fallbacks are possible with LUKS, as it's only possible with LUKS to have multiple passwords.
---
> Mathematic can't be bribed. Make sure you keep your passwords safe. There are a few nice tricks for constructing a fallback, when suddely out of (or after being) blue, your brain refuses to cooperate. These fallbacks are possible with LUKS, as it's only possible with LUKS to have multiple passwords.
More information about the Pkg-cryptsetup-devel
mailing list