|
 |
ad2d76 |
From 3f0f7acbc0dd72f1d98feb7af214cf12eb9bc47e Mon Sep 17 00:00:00 2001
|
|
|
ad2d76 |
From: Ondrej Kozina <okozina@redhat.com>
|
|
|
ad2d76 |
Date: Tue, 10 Jul 2018 14:36:45 +0200
|
|
|
ad2d76 |
Subject: [PATCH] Update cryptsetup man page for --type option usage.
|
|
|
ad2d76 |
|
|
|
ad2d76 |
Fixes #394.
|
|
|
ad2d76 |
---
|
|
|
ad2d76 |
man/cryptsetup.8 | 23 +++++++++++++----------
|
|
|
ad2d76 |
1 file changed, 13 insertions(+), 10 deletions(-)
|
|
|
ad2d76 |
|
|
|
ad2d76 |
diff --git a/man/cryptsetup.8 b/man/cryptsetup.8
|
|
|
ad2d76 |
index b2ef8cd..96d4fef 100644
|
|
|
ad2d76 |
--- a/man/cryptsetup.8
|
|
|
ad2d76 |
+++ b/man/cryptsetup.8
|
|
|
ad2d76 |
@@ -70,8 +70,8 @@ The following are valid actions for all supported device types.
|
|
|
ad2d76 |
.IP
|
|
|
ad2d76 |
Opens (creates a mapping with) <name> backed by device <device>.
|
|
|
ad2d76 |
|
|
|
ad2d76 |
-Device type can be \fIplain\fR, \fIluks\fR (default), \fIloopaes\fR
|
|
|
ad2d76 |
-or \fItcrypt\fR.
|
|
|
ad2d76 |
+Device type can be \fIplain\fR, \fIluks\fR (default), \fIluks1\fR, \fIluks2\fR,
|
|
|
ad2d76 |
+\fIloopaes\fR or \fItcrypt\fR.
|
|
|
ad2d76 |
|
|
|
ad2d76 |
For backward compatibility there are \fBopen\fR command aliases:
|
|
|
ad2d76 |
|
|
|
ad2d76 |
@@ -243,7 +243,7 @@ the command prompts for it interactively.
|
|
|
ad2d76 |
\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
|
|
|
ad2d76 |
\-\-keyfile\-size, \-\-readonly, \-\-test\-passphrase,
|
|
|
ad2d76 |
\-\-allow\-discards, \-\-header, \-\-key-slot, \-\-master\-key\-file, \-\-token\-id,
|
|
|
ad2d76 |
-\-\-token\-only, \-\-disable\-keyring, \-\-disable\-locks].
|
|
|
ad2d76 |
+\-\-token\-only, \-\-disable\-keyring, \-\-disable\-locks, \-\-type].
|
|
|
ad2d76 |
.PP
|
|
|
ad2d76 |
\fIluksSuspend\fR <name>
|
|
|
ad2d76 |
.IP
|
|
|
ad2d76 |
@@ -266,7 +266,7 @@ Resumes a suspended device and reinstates the encryption key.
|
|
|
ad2d76 |
Prompts interactively for a passphrase if \-\-key-file is not given.
|
|
|
ad2d76 |
|
|
|
ad2d76 |
\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-size, \-\-header,
|
|
|
ad2d76 |
-\-\-disable\-keyring,\-\-disable\-locks]
|
|
|
ad2d76 |
+\-\-disable\-keyring, \-\-disable\-locks, \-\-type]
|
|
|
ad2d76 |
.PP
|
|
|
ad2d76 |
\fIluksAddKey\fR <device> [<key file with new key>]
|
|
|
ad2d76 |
.IP
|
|
|
ad2d76 |
@@ -285,7 +285,7 @@ is not required.
|
|
|
ad2d76 |
\-\-keyfile\-size, \-\-new\-keyfile\-offset,
|
|
|
ad2d76 |
\-\-new\-keyfile\-size, \-\-key\-slot, \-\-master\-key\-file,
|
|
|
ad2d76 |
\-\-iter\-time, \-\-force\-password, \-\-header, \-\-disable\-locks,
|
|
|
ad2d76 |
-\-\-unbound].
|
|
|
ad2d76 |
+\-\-unbound, \-\-type].
|
|
|
ad2d76 |
.PP
|
|
|
ad2d76 |
\fIluksRemoveKey\fR <device> [<key file with passphrase to be removed>]
|
|
|
ad2d76 |
.IP
|
|
|
ad2d76 |
@@ -294,7 +294,7 @@ passphrase to be removed can be specified interactively,
|
|
|
ad2d76 |
as the positional argument or via \-\-key-file.
|
|
|
ad2d76 |
|
|
|
ad2d76 |
\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
|
|
|
ad2d76 |
-\-\-keyfile\-size, \-\-header, \-\-disable\-locks]
|
|
|
ad2d76 |
+\-\-keyfile\-size, \-\-header, \-\-disable\-locks, \-\-type]
|
|
|
ad2d76 |
|
|
|
ad2d76 |
\fBWARNING:\fR If you read the passphrase from stdin
|
|
|
ad2d76 |
(without further argument or with '-' as an argument
|
|
|
ad2d76 |
@@ -328,7 +328,7 @@ inaccessible.
|
|
|
ad2d76 |
\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
|
|
|
ad2d76 |
\-\-keyfile\-size, \-\-new\-keyfile\-offset,
|
|
|
ad2d76 |
\-\-new\-keyfile\-size, \-\-key\-slot, \-\-force\-password, \-\-header,
|
|
|
ad2d76 |
-\-\-disable\-locks].
|
|
|
ad2d76 |
+\-\-disable\-locks, \-\-type].
|
|
|
ad2d76 |
.PP
|
|
|
ad2d76 |
.PP
|
|
|
ad2d76 |
\fIluksConvertKey\fR <device>
|
|
|
ad2d76 |
@@ -364,7 +364,7 @@ an interactive confirmation when doing so. Removing the last
|
|
|
ad2d76 |
passphrase makes a LUKS container permanently inaccessible.
|
|
|
ad2d76 |
|
|
|
ad2d76 |
\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
|
|
|
ad2d76 |
-\-\-keyfile\-size, \-\-header, \-\-disable\-locks].
|
|
|
ad2d76 |
+\-\-keyfile\-size, \-\-header, \-\-disable\-locks, \-\-type].
|
|
|
ad2d76 |
|
|
|
ad2d76 |
\fBWARNING:\fR If you read the passphrase from stdin
|
|
|
ad2d76 |
(without further argument or with '-' as an argument
|
|
|
ad2d76 |
@@ -399,6 +399,8 @@ Set new UUID if \fI\-\-uuid\fR option is specified.
|
|
|
ad2d76 |
Returns true, if <device> is a LUKS device, false otherwise.
|
|
|
ad2d76 |
Use option \-v to get human-readable feedback. 'Command successful.'
|
|
|
ad2d76 |
means the device is a LUKS device.
|
|
|
ad2d76 |
+
|
|
|
ad2d76 |
+By specifying \-\-type you may query for specific LUKS version.
|
|
|
ad2d76 |
.PP
|
|
|
ad2d76 |
\fIluksDump\fR <device>
|
|
|
ad2d76 |
.IP
|
|
|
ad2d76 |
@@ -417,7 +419,7 @@ either interactively or via \-\-key\-file.
|
|
|
ad2d76 |
|
|
|
ad2d76 |
\fB<options>\fR can be [\-\-dump\-master\-key, \-\-key\-file,
|
|
|
ad2d76 |
\-\-keyfile\-offset, \-\-keyfile\-size, \-\-header, \-\-disable\-locks,
|
|
|
ad2d76 |
-\-\-master\-key\-file].
|
|
|
ad2d76 |
+\-\-master\-key\-file, \-\-type].
|
|
|
ad2d76 |
|
|
|
ad2d76 |
\fBWARNING:\fR If \-\-dump\-master\-key is used with \-\-key\-file
|
|
|
ad2d76 |
and the argument to \-\-key\-file is '-', no validation question
|
|
|
ad2d76 |
@@ -663,7 +665,8 @@ for LUKS device type.
|
|
|
ad2d76 |
This command is useful to fix some known benign LUKS metadata
|
|
|
ad2d76 |
header corruptions. Only basic corruptions of unused keyslot
|
|
|
ad2d76 |
are fixable. This command will only change the LUKS header, not
|
|
|
ad2d76 |
-any key-slot data.
|
|
|
ad2d76 |
+any key-slot data. You may enforce LUKS version by adding \-\-type
|
|
|
ad2d76 |
+option.
|
|
|
ad2d76 |
|
|
|
ad2d76 |
\fBWARNING:\fR Always create a binary backup of the original
|
|
|
ad2d76 |
header before calling this command.
|
|
|
ad2d76 |
--
|
|
|
ad2d76 |
1.8.3.1
|
|
|
ad2d76 |
|