diff options
| author | Werner Koch <wk@gnupg.org> | 2016-02-13 17:30:14 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2016-02-13 17:30:14 +0100 |
| commit | 86f3bb144ad75461eb9b7ac1e59046ac75efccac (patch) | |
| tree | b0b5a86c8319b687574ed0fce8ad9bf7edd349f8 /g13 | |
| parent | g13: Second chunk of code to support dm-crypt. (diff) | |
| download | gnupg2-86f3bb144ad75461eb9b7ac1e59046ac75efccac.tar.xz gnupg2-86f3bb144ad75461eb9b7ac1e59046ac75efccac.zip | |
g13: Require a confirmation before g13 is used for DM-Crypt.
* g13/g13-syshelp.c (g13_syshelp_i_know_what_i_am_doing):
* g13/sh-dmcrypt.c (sh_dmcrypt_create_container): Call it.
(sh_dmcrypt_mount_container): Call it.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'g13')
| -rw-r--r-- | g13/g13-syshelp.c | 21 | ||||
| -rw-r--r-- | g13/g13-syshelp.h | 1 | ||||
| -rw-r--r-- | g13/sh-dmcrypt.c | 6 |
3 files changed, 27 insertions, 1 deletions
diff --git a/g13/g13-syshelp.c b/g13/g13-syshelp.c index cbb5f8dbf..b31964e6e 100644 --- a/g13/g13-syshelp.c +++ b/g13/g13-syshelp.c @@ -577,6 +577,27 @@ release_tab_items (tab_item_t tab) } +void +g13_syshelp_i_know_what_i_am_doing (void) +{ + const char * const yesfile = "Yes-g13-I-know-what-I-am-doing"; + char *fname; + + fname = make_filename (gnupg_sysconfdir (), yesfile, NULL); + if (access (fname, F_OK)) + { + log_info ("*******************************************************\n"); + log_info ("* The G13 support for DM-Crypt is new and not matured.\n"); + log_info ("* Bugs or improper use may delete all your disks!\n"); + log_info ("* To confirm that you are ware of this risk, create\n"); + log_info ("* the file '%s'.\n", fname); + log_info ("*******************************************************\n"); + exit (1); + } + xfree (fname); +} + + /* Parse the /etc/gnupg/g13tab for user USERNAME. Return a table for the user on success. Return NULL on error and print diagnostics. */ diff --git a/g13/g13-syshelp.h b/g13/g13-syshelp.h index 0503079cd..087fff609 100644 --- a/g13/g13-syshelp.h +++ b/g13/g13-syshelp.h @@ -69,6 +69,7 @@ struct server_control_s /*-- g13-syshelp.c --*/ void g13_syshelp_init_default_ctrl (struct server_control_s *ctrl); +void g13_syshelp_i_know_what_i_am_doing (void); /*-- sh-cmd.c --*/ gpg_error_t syshelp_server (ctrl_t ctrl); diff --git a/g13/sh-dmcrypt.c b/g13/sh-dmcrypt.c index f0693b1e9..e4d67aeb5 100644 --- a/g13/sh-dmcrypt.c +++ b/g13/sh-dmcrypt.c @@ -1,5 +1,5 @@ /* sh-dmcrypt.c - The DM-Crypt part for g13-syshelp - * Copyright (C) 2015 Werner Koch + * Copyright (C) 2015, 2016 Werner Koch * * This file is part of GnuPG. * @@ -235,6 +235,8 @@ sh_dmcrypt_create_container (ctrl_t ctrl, const char *devname, estream_t devfp) if (!ctrl->devti) return gpg_error (GPG_ERR_INV_ARG); + g13_syshelp_i_know_what_i_am_doing (); + header_space_size = SETUP_AREA_SECTORS * SECTOR_SIZE; header_space = xtrymalloc (header_space_size); if (!header_space) @@ -543,6 +545,8 @@ sh_dmcrypt_mount_container (ctrl_t ctrl, const char *devname, if (!ctrl->devti) return gpg_error (GPG_ERR_INV_ARG); + g13_syshelp_i_know_what_i_am_doing (); + /* Check that the device is not yet used by device mapper. */ err = check_blockdev (devname); if (err) |