Upgraded to cryptsetup v1.4.1

Removed password confirmation on LUKS volume format, since it does
not work anymore (cryptsetup: #124). Now opening the volume after
formatting performs the role of password confirmation; if opening
the volume fails, the format is performed again. This approach will
also work with "plymouth ask-for-password" in the future, since only
one password is queried per command.

Cryptsetup now handles setup and destruction of loopback devices
internally, hence losetup handling has been removed from "liberte"
init.d service. Cryptsetup also supports /dev/loop-control now,
so once util-linux is upgraded to v2.21 (also supporting
/dev/loop-control), BLK_DEV_LOOP_MIN_COUNT can be reduced to 1
(as Busybox does not support loop-control yet).

Removed dmcrypt init.d service with bashism from the image, as a
workaround for (#408117).

conf/rootfs-cp.excludes

@@ -26,3 +26,6 @@
 # Executables requiring development libraries
 /usr/bin/cairo-trace
 /usr/lib/cairo/libcairo-trace.*
+
+# Workaround for (#408117)
+/etc/init.d/dmcrypt

src/etc/conf.d/liberte

@@ -14,3 +14,6 @@ OTFEHASH=sha256
 # LVM partition name
 # (also used by otfe-resize)
 OTFEVOLUME=otfe
+
+# Password entry attempts
+OTFEPWDTRIES=10

src/etc/init.d/liberte

@@ -106,49 +106,38 @@ start() {
             ebegin "Initializing ${otfesize} MiB encrypted storage (${OTFESIZE} of free space)"
             if [ -n "${otfesize}"  -a  -e ${otfefile}.tag ]  &&  truncate -s ${otfesize}M ${otfefile}; then
                 chmod -f 600 ${otfefile}
-                loop=`losetup -f ${otfefile} --show`
                 eend $?
 
-                eprompt Please specify new password for ${otfefile}
-                # input_begin
+                inittries=${OTFEPWDTRIES}
+                while [ ${inittries} -ne 0 ]; do
+                    eprompt Please specify new password for ${otfefile}
+                    if cryptsetup -q -c ${OTFECIPHER} -s ${OTFEKEYSIZE} -h ${OTFEHASH} luksFormat ${otfefile}; then
+                        eprompt Please re-enter the password for ${otfefile}
+                        if cryptsetup -T 1 luksOpen ${otfefile} ${OTFEVOLUME}; then
+                            rm ${otfefile}.tag
+                            break
+                        else
+                            ewarn Passwords do not match
+                        fi
+                    fi
 
-                inittries=10
-                while [ ${inittries} -ne 0 ] && ! cryptsetup -qy -c ${OTFECIPHER} -s ${OTFEKEYSIZE} -h ${OTFEHASH} luksFormat ${loop}; do
                     inittries=$((inittries-1))
                 done
 
-                if [ ${inittries} -ne 0 ]; then
-                    echo
-                    einfo 'OTFE initialized, run "sudo otfe-resize" to resize encrypted storage'
-
-                    eprompt Please re-enter the password for ${otfefile}
-                    if ! cryptsetup -T 100 luksOpen ${loop} ${OTFEVOLUME}; then
-                        eerror Failed to attach encrypted storage, removing ${otfefile}
-                        losetup -d ${loop}
-                        rm ${otfefile}
-                    else
-                        rm ${otfefile}.tag
-                    fi
-
-                    # input_end
-                    echo
+                if [ -e /dev/mapper/${OTFEVOLUME} ]; then
+                    echo;  einfo 'OTFE initialized, run "sudo otfe-resize" to resize encrypted storage'
 
-                    if [ ! -e ${otfefile}.tag ]; then
-                        ebegin Backing up crypto header: ${otfefile}-hdr.bak
-                        cryptsetup luksHeaderBackup --header-backup-file ${otfefile}-hdr.bak ${loop}
-                        eend $?
+                    ebegin Backing up crypto header: ${otfefile}-hdr.bak
+                    cryptsetup luksHeaderBackup --header-backup-file ${otfefile}-hdr.bak ${otfefile}
+                    eend $?
 
-                        # LC_ALL enables UTF-8 label support
-                        ebegin Formatting encrypted storage as NTFS: ${otfefile}
-                        LC_ALL=en_GB.UTF-8 mkntfs -qfCIU -L "${OTFELABEL}" -p 0 -H 0 -S 0 /dev/mapper/${OTFEVOLUME}
-                        eend $?
-                    fi
+                    # LC_ALL enables UTF-8 label support
+                    ebegin Formatting encrypted storage as NTFS: ${otfefile}
+                    LC_ALL=en_GB.UTF-8 mkntfs -qfCIU -L "${OTFELABEL}" -p 0 -H 0 -S 0 /dev/mapper/${OTFEVOLUME}
+                    eend $?
                 else
-                    losetup -d ${loop}
                     rm ${otfefile}
-
                     eerror Failed to initialize encrypted storage
-                    # input_end
                 fi
             else
                 rm -f ${otfefile}
@@ -156,14 +145,10 @@ start() {
             fi
         else
             eprompt Please provide a password for ${otfefile}
-            # input_begin
 
-            loop=`losetup -f ${otfefile} --show`
-            if ! cryptsetup -T 100 luksOpen ${loop} ${OTFEVOLUME}; then
+            if ! cryptsetup -T ${OTFEPWDTRIES} luksOpen ${otfefile} ${OTFEVOLUME}; then
                 eerror Failed to attach encrypted storage: ${otfefile}
             fi
-
-            # input_end
             echo
         fi
 
@@ -224,10 +209,9 @@ stop() {
 
 
     # Detach encrypted volume
-    if cryptsetup status ${OTFEVOLUME} 1>/dev/null 2>&1; then
+    if [ -e /dev/mapper/${OTFEVOLUME} ]; then
         ebegin Detaching encrypted storage
         cryptsetup luksClose ${OTFEVOLUME}
-        losetup -d `losetup -j ${otfefile} | cut -d: -f1`
         eend $?
 
     fi

src/etc/make.conf

@@ -29,12 +29,12 @@ MAKEOPTS="-j3"
 # USE flags (aggregative)
 
 USE="aac acpi action_modeswitch alsa archive aspell bluetooth bs2b cairo
-     caps cdda cjk consolekit cue dbus dhcp djvu dynamic eap-tls edd exif
-     expat flac gmp grammar gconf groupwise gtk hires-icons hwdb hybrid-auth
-     id3tag idn iproute2 irda jbig jpeg jpeg2k keymap lcms libkms libnotify
-     lzma m17n-lib mad madwifi mktemp mmx mp3 multicall networkmanager
-     ntfsprogs ogg opengl ots pcmcia pcsc-lite pkcs11 png policykit pth scsi
-     silc smartcard smime sna sndfile speex spell sse startup-notification
+     caps cdda cjk consolekit cue dbus dhcp djvu eap-tls edd exif expat flac
+     gmp grammar gconf groupwise gtk hires-icons hwdb hybrid-auth id3tag idn
+     iproute2 irda jbig jpeg jpeg2k keymap lcms libkms libnotify lzma
+     m17n-lib mad madwifi mktemp mmx mp3 multicall networkmanager ntfsprogs
+     ogg opengl ots pcmcia pcsc-lite pkcs11 png policykit pth scsi silc
+     smartcard smime sna sndfile speex spell sse startup-notification
      staticsocket svg symlink thesaurus threads tiff tordns truetype unicode
      usb v4l vorbis wavpack webgl wimax wmf X X509 x86emu xattr xft xinerama
      xmp xv"