Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Archiving:Backup
stenc
stenc-1.0.8-default-tape-name.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File stenc-1.0.8-default-tape-name.patch of Package stenc
From: Alexey Svistunov <svalx@svalx.net> Date: 2020-12-01 23:07:31 +0400 Subject: Add default tape defenition for compile-time and read path to device from TAPE env variable References: https://github.com/scsitape/stenc/pull/26 Upstream: submitted Index: stenc-1.0.8/configure.ac =================================================================== --- stenc-1.0.8.orig/configure.ac +++ stenc-1.0.8/configure.ac @@ -36,12 +36,19 @@ AC_ARG_WITH([default-ceem], [AS_HELP_STRING([--with-default-ceem=<number>],[the default CEEM flag when setting options. Defaults to 0])], [AC_DEFINE_UNQUOTED([DEFAULT_CEEM],$withval,"") AC_MSG_RESULT($withval)], [AC_DEFINE([DEFAULT_CEEM],0,"") AC_MSG_RESULT(0)]) + AC_MSG_CHECKING(default key size to use) AC_ARG_WITH([default-key-size], [AS_HELP_STRING([--with-default-key-size=<bytes>],[the default key size for your drive. Only used when turning off encryption. Defaults to 32 (256 bit)])], [AC_DEFINE_UNQUOTED([DEFAULT_KEYSIZE],$withval,"") AC_MSG_RESULT($withval)], [AC_DEFINE([DEFAULT_KEYSIZE],32,"") AC_MSG_RESULT(32)]) +AC_MSG_CHECKING(default tape drive) +AC_ARG_WITH([default-tape-drive], + [AS_HELP_STRING([--with-default-tape-drive=<path-to-tape>],[the default path to your drive. Defaults to /dev/nst0])], + [AC_DEFINE_UNQUOTED([DEFAULT_TAPE],"$withval","") AC_MSG_RESULT($withval)], + [AC_DEFINE([DEFAULT_TAPE],"/dev/nst0","") AC_MSG_RESULT(/dev/nst0)]) + AC_MSG_CHECKING(your OS) system=`uname` case $system in Index: stenc-1.0.8/src/main.cpp =================================================================== --- stenc-1.0.8.orig/src/main.cpp +++ stenc-1.0.8/src/main.cpp @@ -67,6 +67,7 @@ string randomKey(int length); string timestamp(); void echo(bool); ofstream logFile; +string defaultTape(); //program entry point int main(int argc, char **argv){ @@ -94,7 +95,7 @@ int main(int argc, char **argv){ break; } - string tapeDrive=""; + string tapeDrive=defaultTape(); int action=0; // 0 = status, 1 =setting param, 2 = generating key string keyFile,keyDesc; int keyLength=0; @@ -343,7 +344,7 @@ void errorOut(string message){ //shows the command usage void showUsage(){ - cout<<"Usage: stenc --version | -g <length> -k <file> [-kd <description>] | -f <device> [--detail] [-e <on/mixed/rawread/off> [-k <file>] [-kd <description>] [-a <index>] [--protect | --unprotect] [--ckod] ]"<<endl; + cout<<"Usage: stenc --version | -g <length> -k <file> [-kd <description>] | [-f <device>] [--detail] [-e <on/mixed/rawread/off> [-k <file>] [-kd <description>] [-a <index>] [--protect | --unprotect] [--ckod] ]"<<endl; cout<<"Type 'man stenc' for more information."<<endl; } void inquiryDrive(string tapeDevice){ @@ -568,3 +569,12 @@ string randomKey(int length) retval << endl; return retval.str(); } + +string defaultTape() +{ + string retval = DEFAULT_TAPE; + char* tapeEnv = getenv("TAPE"); + if (tapeEnv != nullptr) + retval = tapeEnv; + return retval; +} Index: stenc-1.0.8/man/stenc.1 =================================================================== --- stenc-1.0.8.orig/man/stenc.1 +++ stenc-1.0.8/man/stenc.1 @@ -7,11 +7,11 @@ stenc - SCSI Tape Hardware Encryption Ma .SH SYNOPSIS \fBstenc\fR \fB\-g\fR \fIlength\fR \fB\-k\fR \fIfile\fR [\fB\-kd\fR \fIdescription\fR] .br -\fBstenc\fR \fB\-f\fR \fIdevice\fR [\fB\-\-detail\fR] +\fBstenc\fR [\fB\-f\fR \fIdevice\fR] [\fB\-\-detail\fR] .br -\fBstenc\fR \fB\-f\fR \fIdevice\fR \fB\-e\fR \fBon\fR|\fBmixed\fR|\fBrawread\fR [\fB\-a\fR \fIindex\fR] [\fB\-k\fR \fIfile\fR] [\fB\-\-ckod\fR] [\fB\-\-protect\fR | \fB\-\-unprotect\fR] +\fBstenc\fR [\fB\-f\fR \fIdevice\fR] \fB\-e\fR \fBon\fR|\fBmixed\fR|\fBrawread\fR [\fB\-a\fR \fIindex\fR] [\fB\-k\fR \fIfile\fR] [\fB\-\-ckod\fR] [\fB\-\-protect\fR | \fB\-\-unprotect\fR] .br -\fBstenc\fR \fB\-f\fR \fIdevice\fR \fB\-e\fR \fBoff\fR [\fB\-a\fR \fIindex\fR] [\fB\-\-ckod\fR] [\fB\-\-protect\fR | \fB\-\-unprotect\fR] +\fBstenc\fR [\fB\-f\fR \fIdevice\fR] \fB\-e\fR \fBoff\fR [\fB\-a\fR \fIindex\fR] [\fB\-\-ckod\fR] [\fB\-\-protect\fR | \fB\-\-unprotect\fR] .br \fBstenc\fR \fB\-\-version\fR @@ -27,14 +27,16 @@ Allows you to manage hardware encryption .SH OPTIONS .TP \fB\-g \fIlength\fR \fB\-k\fR \fB<file to save as>\fR [\fB\-kd\fR \fI<key descriptor(uKAD)>\fR] -Generates a key file of \fIlength\fR (in bits) containing a random hexadecimal key. After entering this option, you will be required to press random keys followed by the enter key. This will seed the random number generator so that your key is more secure. Specify the file to save the key into with the -k option (you will need write permissions to that file location). Lastly you can enter an optional key description using the -kd flag (see \fIKEY DESCRIPTORS\fR). This key file can then be used with the \fB\-k\fR option. You should not generate a key file over an unsecured remote session. Typically, key files should be set to 256 bits (32 hexadecimal bytes), however your device may only support 128 bits. +Generates a key file of \fIlength\fR (in bits) containing a random hexadecimal key. After entering this option, you will be required to press random keys followed by the enter key. This will seed the random number generator so that your key is more secure. Specify the file to save the key into with the \fB-k\fR option (you will need write permissions to that file location). Lastly you can enter an optional key description using the \fB-kd\fR flag (see \fIKEY DESCRIPTORS\fR). This key file can then be used with the \fB\-k\fR option. You should not generate a key file over an unsecured remote session. Typically, key files should be set to 256 bits (32 hexadecimal bytes), however your device may only support 128 bits. .TP \fB\-f\fR \fIdevice\fR Specifies the device to use (i.e. \fI/dev/nst0, /dev/rmt0.1, /dev/sg0\fR). Use the \fBlsscsi\fR command to determine the appropriate device to use. You should always use a device name that does not rewind (i.e. use /dev/nst0 instead of /dev/st0, /dev/rmt0.1 instead of /dev/rmt0). Use commands like 'cat /proc/scsi/scsi', 'lsscsi', and 'lsdev' to determine the proper device to use. On some distros, a /dev/sg device must be used instead of a /dev/st device. -If this is the only option specified, the status of the device will be displayed. To retrieve more detailed status information, add \fB\-\-detail\fR. If you are root and the status command fails, either the \fIdevice\fR is incorrect (try another link to the device: \fI/dev/rmt0.1\fR, \fI/dev/nst0\fR, \fI/dev/tape\fR, etc.), a tape may not be in the drive, you may be using the wrong algorithm for the tape drive (see the \fB\-a\fR option), or the device does not support SCSI Security Protocol. \fBstenc\fR may read up to 100 blocks of the tape, starting at the current position, in order to determine if the volume has been encrypted. For this reason, you should not run the status command while another process is accessing the drive. If the device returns \fIUnable to determine\fR for the volume encryption status, you may need to move to a section of the tape that contains data (i.e. \fBmt -f <device> fsr <count>\fR) or rewind the tape in order for \fBstenc\fR to output the volume status. +If \fB\-f\fR option omitted, stenc will try to read `\fITAPE\fR' environment variable and use it for device name definition. If `\fITAPE\fR' variable is not defined, the default device name will be used. The default device name is \fI/dev/nst0\fR and can be changed at compile-time by using the --with-default-tape-drive configure option. + +If this is the only option specified, or no options, the status of the device will be displayed. To retrieve more detailed status information, add \fB\-\-detail\fR. If you are root and the status command fails, either the \fIdevice\fR is incorrect (try another link to the device: \fI/dev/rmt0.1\fR, \fI/dev/nst0\fR, \fI/dev/tape\fR, etc.), a tape may not be in the drive, you may be using the wrong algorithm for the tape drive (see the \fB\-a\fR option), or the device does not support SCSI Security Protocol. \fBstenc\fR may read up to 100 blocks of the tape, starting at the current position, in order to determine if the volume has been encrypted. For this reason, you should not run the status command while another process is accessing the drive. If the device returns \fIUnable to determine\fR for the volume encryption status, you may need to move to a section of the tape that contains data (i.e. \fBmt -f <device> fsr <count>\fR) or rewind the tape in order for \fBstenc\fR to output the volume status. .TP \fB\-e\fR \fBon\fR | \fBmixed\fR | \fBrawread\fR | \fBoff\fR @@ -91,14 +93,14 @@ Generate a random 256 bit key file with \fBstenc -f /dev/st0 -e on -k /etc/stenc.key\fR Turns on encryption on /dev/st0 using the key contained in /etc/stenc.key .TP -\fBstenc -f /dev/st0 -e on\fR -Asks user to input a key in hexadecimal format and then turns on encryption for /dev/st0 using that key +\fBstenc -f /dev/nst0 -e on\fR +Asks user to input a key in hexadecimal format and then turns on encryption for /dev/nst0 using that key .TP \fBstenc -f /dev/st0 -e off\fR Turns off encryption for /dev/st0 .TP -\fBstenc -f /dev/st0 --detail\fR -Outputs the detailed encryption status of /dev/st0 +\fBstenc --detail\fR +Outputs the detailed encryption status of default device or environment TAPE device if defined. .TP \fBtail /var/log/stenc\fR Lists the last few key change audit entries Index: stenc-1.0.8/INSTALL =================================================================== --- stenc-1.0.8.orig/INSTALL +++ stenc-1.0.8/INSTALL @@ -229,3 +229,20 @@ operates. `configure' also accepts some other, not widely useful, options. Run `configure --help' for more details. +The following specific configure options available for stenc: + + --with-scsi-debug Define if you want to debug SCSI Communication. + --with-max-tape-read-blocks=<number> How many blocks the tape drive will seek to determine the + encryption status on the volume. Defaults to 100. + --with-default-algorithm=<number> The default algorithm index to set for encryption. Defaults to 0. + --with-default-ceem=<number> The default CEEM flag when setting options. Defaults to 0. + --with-default-key-size=<bytes> The default key size for your drive. Only used when turning off + encryption. Defaults to 32 (256 bit). + --with-default-tape-drive=<path-to-tape> The default path to your drive. Defaults to /dev/nst0. + --enable-device-name-conversion=<yes|no> Whether to convert rewinding device names to non-rewinding + device names. Enabled by default. + +For example, the next code configure stenc for use /dev/nst1 and encription algorithm number 1 by default: +`./configure --with-default-tape-drive=/dev/nst1 --with-default-algorithm=1' + +
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor