Commit 7b42e0b9 authored by Milan Broz's avatar Milan Broz

No longer support luksDelKey, reload and --non-exclusive.

git-svn-id: 36d66b0a-2a48-0410-832c-cd162a569da5
parent 988b1f95
2010-11-01 Milan Broz <>
* No longer support luksDelKey, reload and --non-exclusive.
* Remove some obsolete info from man page.
2010-10-27 Milan Broz <>
* Rewrite cryptsetup luksFormat, luksOpen, luksAddKey to use new API
to allow adding new features.
......@@ -89,10 +89,6 @@ key file (via \-\-key-file) must be supplied.
\fB<options>\fR can be [\-\-key-file, \-\-keyfile-size].
\fIluksDelKey\fR <device> <key slot number>
identical to luksKillSlot, but deprecated action name.
\fIluksUUID\fR <device>
print UUID, if <device> has a LUKS header.
......@@ -292,41 +288,14 @@ See \fPurandom(4)\fR for more information.
cryptsetup is written by Christophe Saout <>
LUKS extensions, and man page by Clemens Fruhwirth <>
To read images created with SuSE Linux 9.2's loop_fish2 use \-\-cipher
twofish-cbc-null \-s 256 \-h sha512, for images created with even
older SuSE Linux use \-\-cipher twofish-cbc-null \-s 192 \-h
\fIreload\fR <name> <device>
modifies an active mapping <name>. Same options as for
Do not use this for LUKS devices, as the semantics
are identical to the create action, which are totally incompatible
with the LUKS key setup.
This action is deprected because it proved to be rarely useful. It is
uncommon to change the underlying device, key, or offset on the
fly. In case, you really want to do this, you certainly know what you
are doing and then you are probably better off with the swiss knive
tool for device mapper, namely dmsetup. It provides you with the same
functionality, see dmsetup reload.
The \fIreload\fR action is no longer supported.
Please use \fIdmsetup(8)\fR if you need to
directly manipulate with the device mapping table.
\fIluksDelKey\fR <device> <key slot number>
identical to luksKillSlot, but deprecated action name. This option was
renamed, as we introduced luksRemoveKey, a softer method for disabling
password slots. To make a clear distinction that luksDelKey was more brutal than luksRemoveKey
The \fIluksDelKey\fR was replaced with \fIluksKillSlot\fR.
This option is ignored. Non-exclusive access to the same block device
can cause data corruption thus this mode is no longer supported by cryptsetup.
Report bugs to <> or Issues section on LUKS website.
Please attach output of failed command with added \-\-debug option.
......@@ -341,8 +310,4 @@ This is free software; see the source for copying conditions. There is NO
dm-crypt website, \fB\fR
LUKS website, \fB\fR
dm-crypt TWiki, \fB\fR
......@@ -39,7 +39,6 @@ static int opt_version_mode = 0;
static int opt_timeout = 0;
static int opt_tries = 3;
static int opt_align_payload = 0;
static int opt_non_exclusive = 0;
static int opt_random = 0;
static int opt_urandom = 0;
......@@ -90,8 +89,6 @@ static struct action_type {
{ "luksResume", action_luksResume, 0, 1, 1, N_("<device>"), N_("Resume suspended LUKS device.") },
{ "luksHeaderBackup",action_luksBackup, 0, 1, 1, N_("<device>"), N_("Backup LUKS device header and keyslots") },
{ "luksHeaderRestore",action_luksRestore,0,1, 1, N_("<device>"), N_("Restore LUKS device header and keyslots") },
{ "luksDelKey", action_luksDelKey, 0, 2, 1, N_("<device> <key slot>"), N_("identical to luksKillSlot - DEPRECATED - see man page") },
{ "reload", action_create, 1, 2, 1, N_("<name> <device>"), N_("modify active device - DEPRECATED - see man page") },
{ NULL, NULL, 0, 0, 0, NULL, NULL }
......@@ -217,7 +214,7 @@ static void show_status(int errcode)
static int action_create(int reload)
static int action_create(int arg)
struct crypt_options options = {
.name = action_argv[0],
......@@ -235,10 +232,6 @@ static int action_create(int reload)
.tries = opt_tries,
.icb = &cmd_icb,
int r;
log_err(_("The reload action is deprecated. Please use \"dmsetup reload\" in case you really need this functionality.\nWARNING: do not use reload to touch LUKS devices. If that is the case, hit Ctrl-C now.\n"));
if (options.hash && strcmp(options.hash, "plain") == 0)
options.hash = NULL;
......@@ -247,12 +240,7 @@ static int action_create(int reload)
if (opt_readonly)
options.flags |= CRYPT_FLAG_READONLY;
if (reload)
r = crypt_update_device(&options);
r = crypt_create_device(&options);
return r;
return crypt_create_device(&options);
static int action_remove(int arg)
......@@ -440,9 +428,6 @@ static int action_luksOpen(int arg)
if (opt_readonly)
if (opt_non_exclusive)
log_err(_("Obsolete option --non-exclusive is ignored.\n"));
if (opt_key_file) {
crypt_set_password_retry(cd, 1);
r = crypt_activate_by_keyfile(cd, action_argv[1],
......@@ -457,12 +442,6 @@ out:
/* FIXME: keyslot operation needs better get_key() implementation. Use old API for now */
static int action_luksDelKey(int arg)
log_err("luksDelKey is a deprecated action name.\nPlease use luksKillSlot.\n");
return action_luksKillSlot(arg);
static int action_luksKillSlot(int arg)
struct crypt_options options = {
......@@ -729,9 +708,6 @@ static int run_action(struct action_type *action)
int r;
/* set default log */
crypt_set_log_callback(NULL, _log, NULL);
if (action->required_memlock)
crypt_memory_lock(NULL, 1);
......@@ -777,7 +753,6 @@ int main(int argc, char **argv)
{ "timeout", 't', POPT_ARG_INT, &opt_timeout, 0, N_("Timeout for interactive passphrase prompt (in seconds)"), N_("secs") },
{ "tries", 'T', POPT_ARG_INT, &opt_tries, 0, N_("How often the input of the passphrase can be retried"), NULL },
{ "align-payload", '\0', POPT_ARG_INT, &opt_align_payload, 0, N_("Align payload at <n> sector boundaries - for luksFormat"), N_("SECTORS") },
{ "non-exclusive", '\0', POPT_ARG_NONE, &opt_non_exclusive, 0, N_("(Obsoleted, see man page.)"), NULL },
{ "header-backup-file",'\0', POPT_ARG_STRING, &opt_header_backup_file, 0, N_("File with LUKS header and keyslots backup."), NULL },
{ "use-random", '\0', POPT_ARG_NONE, &opt_random, 0, N_("Use /dev/random for generating volume key."), NULL },
{ "use-urandom", '\0', POPT_ARG_NONE, &opt_urandom, 0, N_("Use /dev/urandom for generating volume key."), NULL },
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment