.gitignore

@@ -0,0 +1,35 @@
+*~
+*.a
+*.o
+*.la
+*.lo
+*.log
+*.m4
+*.so
+*.swp
+*.swo
+*.trs
+.*
+aclocal.m4
+ar-lib
+autom4te.cache
+build
+compile
+config.guess
+config.log
+config.status
+config.sub
+configure
+configure-stamp
+depcomp
+install-sh
+libtool
+ltmain.sh
+luksmeta
+luksmeta.pc
+Makefile.in
+Makefile
+missing
+tags
+test-*
+vgcore.*

README.md

@@ -0,0 +1,84 @@
+[![License](http://img.shields.io/:license-lgpl2-blue.svg?style=flat-square)](http://www.gnu.org/licenses/lgpl-2.1.html)
+[![Build Status](https://travis-ci.org/latchset/luksmeta.svg?branch=master)](https://travis-ci.org/latchset/luksmeta)
+[![Code Coverage](http://codecov.io/github/latchset/luksmeta/coverage.svg?branch=master)](http://codecov.io/github/latchset/luksmeta?branch=master)
+[![Coverity Scan Build Status](https://scan.coverity.com/projects/8706/badge.svg)](https://scan.coverity.com/projects/latchset-luksmeta)
+
+# LUKSMeta
+
+Welcome to LUKSMeta! LUKSMeta is a simple library for storing metadata in the LUKSv1 header. This library is licensed under the GNU LGPLv2+.
+
+## Why LUKSMeta?
+
+Some projects need to store additional metadata about a LUKS volume that is accessable before unlocking it. Two such examples are [USBGuard][usbguard] and [Tang][tang]. Fortunately, there is a gap in the LUKS header between the end of the slot area and the payload offset:
+
+    +---------------+------------------+-----------------------------------------+----------------+
+    | LUKSv1 header | LUKSv1 slots (8) |                                         | Encrypted Data |
+    +---------------+------------------+-----------------------------------------+----------------+
+
+LUKSMeta uses this hole to store additional metadata.
+
+## How does LUKSMeta work?
+
+LUKSMeta's on-disk format consists of a header block, followed by 0-8 data blocks. Each block is aligned to 4096 bytes. The LUKSMeta header contains a checksum (CRC32c) of itself and of each data block to detect data corruption. Each data block is also given a 16 byte UUID type to uniquely identify the contents of the block.
+
+The end result looks like this on disk:
+
+    +---------------+------------------+-----------------+-----------------------+----------------+
+    | LUKSv1 header | LUKSv1 slots (8) | LUKSMeta header | LUKSMeta blocks (0-8) | Encrypted Data |
+    +---------------+------------------+-----------------+-----------------------+----------------+
+
+## LUKSMeta Command Line Interface
+
+    luksmeta test -d DEVICE
+    luksmeta nuke -d DEVICE [-f]
+    luksmeta init -d DEVICE [-f] [-n]
+    luksmeta show -d DEVICE [-s SLOT]
+    luksmeta save -d DEVICE [-s SLOT]  -u UUID  < DATA
+    luksmeta load -d DEVICE  -s SLOT  [-u UUID] > DATA
+    luksmeta wipe -d DEVICE  -s SLOT  [-u UUID] [-f]
+
+### Examples
+
+Destroy all data (including LUKSMeta data) in the LUKSv1 header gap and
+initalize the gap for LUKSMeta storage:
+
+    $ luksmeta init -n -d /dev/sdz
+    You are about to initialize a LUKS device for metadata storage.
+    Attempting to initialize it may result in data loss if data was
+    already written into the LUKS header gap in a different format.
+    A backup is advised before initialization is performed.
+
+    Do you wish to initialize /dev/sdz? [yn] y
+
+If already initialized, do nothing. Otherwise, destroy all non-LUKSMeta data
+in the LUKSv1 header gap and initialize the gap for LUKSMeta storage. Skip
+user confirmation (dangerous!):
+
+    $ luksmeta init -f -d /dev/sdz
+
+Write some data to a slot:
+
+    $ UUID=`uuidgen`
+    $ echo $UUID
+    31c25e3b-b8e2-4eaa-a427-23aa882feef2
+    $ echo "Hello, World" | luksmeta save -d /dev/sdz -s 0 -u $UUID
+
+Read the data back:
+
+    $ luksmeta load -d /dev/sdz -s 0 -u $UUID
+    Hello, World
+
+Wipe the data from the slot:
+
+    $ luksmeta wipe -d /dev/sdz -s 0 -u $UUID
+
+Erase all trace of LUKSMeta:
+
+    $ luksmeta nuke -d /dev/sdz
+    You are about to erase all data in the LUKSMeta storage area.
+    A backup is advised before erasure is performed.
+
+    Do you wish to nuke /dev/sdz? [yn] y
+
+[usbguard]: https://github.com/dkopecek/usbguard
+[tang]: https://github.com/latchset/tang

compile

@@ -1,348 +0,0 @@
-#!/bin/sh
-# Wrapper for compilers which do not understand '-c -o'.
-
-scriptversion=2016-01-11.22; # UTC
-
-# Copyright (C) 1999-2017 Free Software Foundation, Inc.
-# Written by Tom Tromey <tromey@cygnus.com>.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# This file is maintained in Automake, please report
-# bugs to <bug-automake@gnu.org> or send patches to
-# <automake-patches@gnu.org>.
-
-nl='
-'
-
-# We need space, tab and new line, in precisely that order.  Quoting is
-# there to prevent tools from complaining about whitespace usage.
-IFS=" ""	$nl"
-
-file_conv=
-
-# func_file_conv build_file lazy
-# Convert a $build file to $host form and store it in $file
-# Currently only supports Windows hosts. If the determined conversion
-# type is listed in (the comma separated) LAZY, no conversion will
-# take place.
-func_file_conv ()
-{
-  file=$1
-  case $file in
-    / | /[!/]*) # absolute file, and not a UNC file
-      if test -z "$file_conv"; then
-	# lazily determine how to convert abs files
-	case `uname -s` in
-	  MINGW*)
-	    file_conv=mingw
-	    ;;
-	  CYGWIN*)
-	    file_conv=cygwin
-	    ;;
-	  *)
-	    file_conv=wine
-	    ;;
-	esac
-      fi
-      case $file_conv/,$2, in
-	*,$file_conv,*)
-	  ;;
-	mingw/*)
-	  file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
-	  ;;
-	cygwin/*)
-	  file=`cygpath -m "$file" || echo "$file"`
-	  ;;
-	wine/*)
-	  file=`winepath -w "$file" || echo "$file"`
-	  ;;
-      esac
-      ;;
-  esac
-}
-
-# func_cl_dashL linkdir
-# Make cl look for libraries in LINKDIR
-func_cl_dashL ()
-{
-  func_file_conv "$1"
-  if test -z "$lib_path"; then
-    lib_path=$file
-  else
-    lib_path="$lib_path;$file"
-  fi
-  linker_opts="$linker_opts -LIBPATH:$file"
-}
-
-# func_cl_dashl library
-# Do a library search-path lookup for cl
-func_cl_dashl ()
-{
-  lib=$1
-  found=no
-  save_IFS=$IFS
-  IFS=';'
-  for dir in $lib_path $LIB
-  do
-    IFS=$save_IFS
-    if $shared && test -f "$dir/$lib.dll.lib"; then
-      found=yes
-      lib=$dir/$lib.dll.lib
-      break
-    fi
-    if test -f "$dir/$lib.lib"; then
-      found=yes
-      lib=$dir/$lib.lib
-      break
-    fi
-    if test -f "$dir/lib$lib.a"; then
-      found=yes
-      lib=$dir/lib$lib.a
-      break
-    fi
-  done
-  IFS=$save_IFS
-
-  if test "$found" != yes; then
-    lib=$lib.lib
-  fi
-}
-
-# func_cl_wrapper cl arg...
-# Adjust compile command to suit cl
-func_cl_wrapper ()
-{
-  # Assume a capable shell
-  lib_path=
-  shared=:
-  linker_opts=
-  for arg
-  do
-    if test -n "$eat"; then
-      eat=
-    else
-      case $1 in
-	-o)
-	  # configure might choose to run compile as 'compile cc -o foo foo.c'.
-	  eat=1
-	  case $2 in
-	    *.o | *.[oO][bB][jJ])
-	      func_file_conv "$2"
-	      set x "$@" -Fo"$file"
-	      shift
-	      ;;
-	    *)
-	      func_file_conv "$2"
-	      set x "$@" -Fe"$file"
-	      shift
-	      ;;
-	  esac
-	  ;;
-	-I)
-	  eat=1
-	  func_file_conv "$2" mingw
-	  set x "$@" -I"$file"
-	  shift
-	  ;;
-	-I*)
-	  func_file_conv "${1#-I}" mingw
-	  set x "$@" -I"$file"
-	  shift
-	  ;;
-	-l)
-	  eat=1
-	  func_cl_dashl "$2"
-	  set x "$@" "$lib"
-	  shift
-	  ;;
-	-l*)
-	  func_cl_dashl "${1#-l}"
-	  set x "$@" "$lib"
-	  shift
-	  ;;
-	-L)
-	  eat=1
-	  func_cl_dashL "$2"
-	  ;;
-	-L*)
-	  func_cl_dashL "${1#-L}"
-	  ;;
-	-static)
-	  shared=false
-	  ;;
-	-Wl,*)
-	  arg=${1#-Wl,}
-	  save_ifs="$IFS"; IFS=','
-	  for flag in $arg; do
-	    IFS="$save_ifs"
-	    linker_opts="$linker_opts $flag"
-	  done
-	  IFS="$save_ifs"
-	  ;;
-	-Xlinker)
-	  eat=1
-	  linker_opts="$linker_opts $2"
-	  ;;
-	-*)
-	  set x "$@" "$1"
-	  shift
-	  ;;
-	*.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
-	  func_file_conv "$1"
-	  set x "$@" -Tp"$file"
-	  shift
-	  ;;
-	*.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
-	  func_file_conv "$1" mingw
-	  set x "$@" "$file"
-	  shift
-	  ;;
-	*)
-	  set x "$@" "$1"
-	  shift
-	  ;;
-      esac
-    fi
-    shift
-  done
-  if test -n "$linker_opts"; then
-    linker_opts="-link$linker_opts"
-  fi
-  exec "$@" $linker_opts
-  exit 1
-}
-
-eat=
-
-case $1 in
-  '')
-     echo "$0: No command.  Try '$0 --help' for more information." 1>&2
-     exit 1;
-     ;;
-  -h | --h*)
-    cat <<\EOF
-Usage: compile [--help] [--version] PROGRAM [ARGS]
-
-Wrapper for compilers which do not understand '-c -o'.
-Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
-arguments, and rename the output as expected.
-
-If you are trying to build a whole package this is not the
-right script to run: please start by reading the file 'INSTALL'.
-
-Report bugs to <bug-automake@gnu.org>.
-EOF
-    exit $?
-    ;;
-  -v | --v*)
-    echo "compile $scriptversion"
-    exit $?
-    ;;
-  cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \
-  icl | *[/\\]icl | icl.exe | *[/\\]icl.exe )
-    func_cl_wrapper "$@"      # Doesn't return...
-    ;;
-esac
-
-ofile=
-cfile=
-
-for arg
-do
-  if test -n "$eat"; then
-    eat=
-  else
-    case $1 in
-      -o)
-	# configure might choose to run compile as 'compile cc -o foo foo.c'.
-	# So we strip '-o arg' only if arg is an object.
-	eat=1
-	case $2 in
-	  *.o | *.obj)
-	    ofile=$2
-	    ;;
-	  *)
-	    set x "$@" -o "$2"
-	    shift
-	    ;;
-	esac
-	;;
-      *.c)
-	cfile=$1
-	set x "$@" "$1"
-	shift
-	;;
-      *)
-	set x "$@" "$1"
-	shift
-	;;
-    esac
-  fi
-  shift
-done
-
-if test -z "$ofile" || test -z "$cfile"; then
-  # If no '-o' option was seen then we might have been invoked from a
-  # pattern rule where we don't need one.  That is ok -- this is a
-  # normal compilation that the losing compiler can handle.  If no
-  # '.c' file was seen then we are probably linking.  That is also
-  # ok.
-  exec "$@"
-fi
-
-# Name of file we expect compiler to create.
-cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
-
-# Create the lock directory.
-# Note: use '[/\\:.-]' here to ensure that we don't use the same name
-# that we are using for the .o file.  Also, base the name on the expected
-# object file name, since that is what matters with a parallel build.
-lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
-while true; do
-  if mkdir "$lockdir" >/dev/null 2>&1; then
-    break
-  fi
-  sleep 1
-done
-# FIXME: race condition here if user kills between mkdir and trap.
-trap "rmdir '$lockdir'; exit 1" 1 2 15
-
-# Run the compile.
-"$@"
-ret=$?
-
-if test -f "$cofile"; then
-  test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
-elif test -f "${cofile}bj"; then
-  test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
-fi
-
-rmdir "$lockdir"
-exit $ret
-
-# Local Variables:
-# mode: shell-script
-# sh-indentation: 2
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC0"
-# time-stamp-end: "; # UTC"
-# End:

configure.ac

@@ -1,5 +1,5 @@
 AC_PREREQ(2.59)
-AC_INIT(luksmeta, 9)
+AC_INIT(luksmeta, 10)
 AC_CANONICAL_SYSTEM
 AC_PROG_CC_C99
 

debian/changelog

@@ -1,3 +1,9 @@
+luksmeta (10-1) unstable; urgency=high
+
+  * New upstream version 10. Closes: #1118280 [CVE-2025-11568]
+
+ -- Christoph Biedl <debian.axhn@manchmal.in-ulm.de>  Sat, 01 Nov 2025 15:16:59 +0100
+
 luksmeta (9-4) unstable; urgency=medium
 
   * Replace patches with version from upstream

debian/control

@@ -1,16 +1,15 @@
 Source: luksmeta
 Maintainer: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
 Homepage: https://github.com/latchset/luksmeta
-Standards-Version: 4.6.2
+Standards-Version: 4.7.2
 Vcs-Browser: https://git.in-ulm.de/cbiedl/luksmeta
 Vcs-Git: https://git.in-ulm.de/cbiedl/luksmeta.git
 Build-Depends: debhelper-compat (= 13),
     asciidoctor,
     cryptsetup-bin,
     libcryptsetup-dev (>= 2:1.5.1),
-    pkg-config,
+    pkgconf,
 Priority: optional
-Rules-Requires-Root: no
 Section: net
 
 Package: libluksmeta0
@@ -20,6 +19,8 @@ Section: libs
 Multi-Arch: same
 Description: library to access metadata in the LUKSv1 header
  LUKSMeta is a simple library for storing metadata in the LUKSv1 header.
+ .
+ This package provides the run-time library.
 
 Package: libluksmeta-dev
 Architecture: linux-any
@@ -30,7 +31,7 @@ Section: libdevel
 Description: library to access metadata in the LUKSv1 header - development files
  LUKSMeta is a simple library for storing metadata in the LUKSv1 header.
  .
- This package provides the development files
+ This package provides the development files.
 
 Package: luksmeta
 Architecture: linux-any
@@ -38,3 +39,8 @@ Depends: ${misc:Depends}, ${shlibs:Depends},
 Description: Utility to access metadata in a LUKSv1 header
  This package provides luksmeta program to access metadata in a LUKSv1
  header using libluksmeta.
+ .
+ Reminder: Whenever possible, upgrade your encryption to a later
+ format. The LUKSv1 format old, it was superseded by version 2 around
+ the year 2014. Also it lacks features like different key derivation
+ function. Encrypted data should be considered less secure.

debian/copyright

@@ -8,7 +8,7 @@ License: LGPL-2.1+
 
 Files:
  debian/*
-Copyright: 2017-2022 Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
+Copyright: 2017-2025 Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
 License: LGPL-2.1+
 
 License: LGPL-2.1+
@@ -23,5 +23,5 @@ License: LGPL-2.1+
  Lesser General Public License for more details.
  .
  You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ License along with this library.  If not, see
+ <https://www.gnu.org/licenses/>.

debian/libluksmeta0.symbols

@@ -1,4 +1,5 @@
 libluksmeta.so.0 libluksmeta0 #MINVER#
+* Build-Depends-Package: libluksmeta-dev
  luksmeta_init@Base 8
  luksmeta_load@Base 8
  luksmeta_nuke@Base 8

debian/patches/1544448333.v9-1-g9c550e0.relax-content-tests-in-test-suite.patch

@@ -1,131 +0,0 @@
-Subject: Relax content tests in test suite
-Origin: v9-1-g9c550e0 <https://github.com/latchset/luksmeta/commit/v9-1-g9c550e0>
-Upstream-Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
-Date: Mon Dec 10 14:25:33 2018 +0100
-
-    Starting with version 2.0.5, cryptsetup wipes the full LUKS header
-    and fills unused sections with random data, this was introduced
-    in commit
-
-        commit c2bce3e93ecee41f661b589ee28f112eb538259e
-        Author: Milan Broz <gmazyland@gmail.com>
-        Date:   Sun Oct 14 13:11:50 2018 +0200
-
-            Wipe full header areas (including unused) during LUKS format.
-
-    While this is the right thing to do, it breaks luksmeta tests. So
-    relax them.
-
-    Bug-Debian: https://bugs.debian.org/915256
-    Resolves: https://github.com/latchset/luksmeta/issues/6
-
---- a/test-lm-assumptions.c
-+++ b/test-lm-assumptions.c
-@@ -28,7 +28,8 @@
-     /* Test the layout state. */
-     assert(test_layout((range_t[]) {
-         { 0, 1024 },                    /* LUKS header */
--        END(1024),                    /* Rest of the file */
-+        { 1024, 3072, true },           /* Keyslot Area */
-+        { 0, 0 },
-     }));
- 
-     unlink(filename);
---- a/test-lm-big.c
-+++ b/test-lm-big.c
-@@ -111,7 +111,7 @@
- 
-     assert(test_layout((range_t[]) {
-         { 0, 1024 },                   /* LUKS header */
--        { 1024, offset - 1024, true }, /* Keyslot Area */
-+        { 1024, 3072, true },          /* Keyslot Area */
-         { offset, 4096 },              /* luksmeta header */
-         { offset + 4096, 4096 },       /* luksmeta slot 0 */
-         { offset + 8192, 4096 },       /* luksmeta slot 0 (cont) */
-@@ -127,7 +127,7 @@
- 
-     assert(test_layout((range_t[]) {
-         { 0, 1024 },                   /* LUKS header */
--        { 1024, offset - 1024, true }, /* Keyslot Area */
-+        { 1024, 3072, true },          /* Keyslot Area */
-         { offset, 4096 },              /* luksmeta header */
-         END(offset + 4096),            /* Rest of the file */
-     }));
---- a/test-lm-init.c
-+++ b/test-lm-init.c
-@@ -57,7 +57,7 @@
-     /* Test the layout state. */
-     assert(test_layout((range_t[]) {
-         { 0, 1024 },                   /* LUKS header */
--        { 1024, offset - 1024, true }, /* Keyslot Area */
-+        { 1024, 3072, true },          /* Keyslot Area */
-         { offset, 4096 },              /* luksmeta header */
-         END(offset + 4096),            /* Rest of the file */
-     }));
-@@ -106,7 +106,7 @@
-     assert(luksmeta_test(cd) == -ENOENT);
-     assert(test_layout((range_t[]) {
-         { 0, 1024 },                   /* LUKS header */
--        { 1024, offset - 1024, true }, /* Keyslot Area */
-+        { 1024, 3072, true },          /* Keyslot Area */
-         END(offset),                   /* Rest of the file */
-     }));
- 
---- a/test-lm-one.c
-+++ b/test-lm-one.c
-@@ -49,7 +49,7 @@
-     /* Test the layout state. */
-     assert(test_layout((range_t[]) {
-         { 0, 1024 },                   /* LUKS header */
--        { 1024, offset - 1024, true }, /* Keyslot Area */
-+        { 1024, 3072, true },          /* Keyslot Area */
-         { offset, 4096 },              /* luksmeta header */
-         { offset + 4096, 4096 },       /* luksmeta slot 0 */
-         END(offset + 8192),            /* Rest of the file */
-@@ -68,7 +68,7 @@
-     /* Test the layout state. */
-     assert(test_layout((range_t[]) {
-         { 0, 1024 },                   /* LUKS header */
--        { 1024, offset - 1024, true }, /* Keyslot Area */
-+        { 1024, 3072, true },          /* Keyslot Area */
-         { offset, 4096 },              /* luksmeta header */
-         END(offset + 4096),            /* Rest of the file */
-     }));
---- a/test-lm-two.c
-+++ b/test-lm-two.c
-@@ -53,7 +53,7 @@
- 
-     assert(test_layout((range_t[]) {
-         { 0, 1024 },                   /* LUKS header */
--        { 1024, offset - 1024, true }, /* Keyslot Area */
-+        { 1024, 3072, true },          /* Keyslot Area */
-         { offset, 4096 },              /* luksmeta header */
-         { offset + 4096, 4096 },       /* luksmeta slot 0 */
-         END(offset + 8192),            /* Rest of the file */
-@@ -70,7 +70,7 @@
- 
-     assert(test_layout((range_t[]) {
-         { 0, 1024 },                   /* LUKS header */
--        { 1024, offset - 1024, true }, /* Keyslot Area */
-+        { 1024, 3072, true },          /* Keyslot Area */
-         { offset, 4096 },              /* luksmeta header */
-         { offset + 4096, 4096 },       /* luksmeta slot 0 */
-         { offset + 8192, 4096 },       /* luksmeta slot 1 */
-@@ -88,7 +88,7 @@
-     assert(luksmeta_wipe(cd, 0, UUID0) == 0);
-     assert(test_layout((range_t[]) {
-         { 0, 1024 },                   /* LUKS header */
--        { 1024, offset - 1024, true }, /* Keyslot Area */
-+        { 1024, 3072, true },          /* Keyslot Area */
-         { offset, 4096 },              /* luksmeta header */
-         { offset + 4096, 4096, true }, /* luksmeta slot 0 */
-         { offset + 8192, 4096 },       /* luksmeta slot 1 */
-@@ -99,7 +99,7 @@
-     assert(luksmeta_wipe(cd, 1, UUID1) == 0);
-     assert(test_layout((range_t[]) {
-         { 0, 1024 },                   /* LUKS header */
--        { 1024, offset - 1024, true }, /* Keyslot Area */
-+        { 1024, 3072, true },          /* Keyslot Area */
-         { offset, 4096 },              /* luksmeta header */
-         END(offset + 4096),            /* Rest of the file */
-     }));

debian/patches/1569669851.v9-3-gaf81262.force-creation-of-luks1-containers-in-test-suite.patch

@@ -1,19 +0,0 @@
-Subject: Force creation of LUKS1 containers in test suite
-Origin: v9-3-gaf81262 <https://github.com/latchset/luksmeta/commit/v9-3-gaf81262>
-Upstream-Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
-Date: Sat Sep 28 13:24:11 2019 +0200
-
-    Cryptsetup defaults to LUKS2 since version 2.1, make sure to create
-    LUKS1 containers instead by using the "--type luks1" argument.
-
---- a/test-luksmeta
-+++ b/test-luksmeta
-@@ -11,7 +11,7 @@
- trap 'onexit' EXIT
- 
- truncate -s 4M $tmp
--echo -n foo | cryptsetup luksFormat $tmp -
-+echo -n foo | cryptsetup luksFormat --type luks1 $tmp -
- 
- ! ./luksmeta test -d $tmp
- 

debian/patches/local.dont-fail-tests-for-disabled-module-load.patch

@@ -11,7 +11,7 @@ Forwarded: not-needed
 
     Reproducer using command line (run as non-root):
     $ fallocate --length 8m test.img
-    $ echo foo | /sbin/cryptsetup luksFormat test.img -
+    $ echo foo | /usr/sbin/cryptsetup luksFormat test.img -
 
     The actual reason is DSA disabled automatic module loading by
     setting /proc/sys/kernel/modules_disabled to 1, for obvious reaons.
@@ -34,13 +34,13 @@ Forwarded: not-needed
  
 --- a/test-luksmeta
 +++ b/test-luksmeta
-@@ -11,7 +11,13 @@
+@@ -14,7 +14,13 @@
  trap 'onexit' EXIT
  
  truncate -s 4M $tmp
--echo -n foo | /sbin/cryptsetup luksFormat --type luks1 $tmp -
+-echo -n foo | /usr/sbin/cryptsetup luksFormat --type luks1 $tmp -
 +PRE="$(md5sum $tmp)"
-+echo -n foo | /sbin/cryptsetup luksFormat --type luks1 $tmp - || true
++echo -n foo | /usr/sbin/cryptsetup luksFormat --type luks1 $tmp - || true
 +PST="$(md5sum $tmp)"
 +if [ "$PRE" = "$PST" ] ; then
 +    echo 'cryptsetup failed, assuming AF_ALG,SOCK_SEQPACKET failure'

debian/patches/local.test-luksmeta.patch

@@ -1,16 +1,19 @@
-Description: As cryptsetup is not in non-root's path, qualify it
+Description: Qualify cryptsetup in the test suite
 Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
 Date: 2017-08-31
 Forwarded: not-needed
 
+    As cryptsetup is not available in PATH for non-root, qualify the
+    invocation accordingly.
+
 --- a/test-luksmeta
 +++ b/test-luksmeta
-@@ -11,7 +11,7 @@
+@@ -14,7 +14,7 @@
  trap 'onexit' EXIT
  
  truncate -s 4M $tmp
 -echo -n foo | cryptsetup luksFormat --type luks1 $tmp -
-+echo -n foo | /sbin/cryptsetup luksFormat --type luks1 $tmp -
++echo -n foo | /usr/sbin/cryptsetup luksFormat --type luks1 $tmp -
  
  ! ./luksmeta test -d $tmp
  

debian/patches/series

@@ -1,6 +1,4 @@
 # cherry-picked from upstream
-1544448333.v9-1-g9c550e0.relax-content-tests-in-test-suite.patch
-1569669851.v9-3-gaf81262.force-creation-of-luks1-containers-in-test-suite.patch
 
 # local patches
 local.test-luksmeta.patch

debian/watch

@@ -1,5 +1,4 @@
-
-version=4
-opts="searchmode=plain,filenamemangle=s/$/.tar.gz/" \
-https://api.github.com/repos/latchset/@PACKAGE@/releases \
-    /latchset/@PACKAGE@/releases/download/[^/]+/@PACKAGE@-([0-9][.0-9]*)@ARCHIVE_EXT@
+Version: 5
+Template: Github
+Owner: latchset
+Project: @PACKAGE@

depcomp

@@ -1,791 +0,0 @@
-#!/bin/sh
-# depcomp - compile a program generating dependencies as side-effects
-
-scriptversion=2016-01-11.22; # UTC
-
-# Copyright (C) 1999-2017 Free Software Foundation, Inc.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
-
-case $1 in
-  '')
-    echo "$0: No command.  Try '$0 --help' for more information." 1>&2
-    exit 1;
-    ;;
-  -h | --h*)
-    cat <<\EOF
-Usage: depcomp [--help] [--version] PROGRAM [ARGS]
-
-Run PROGRAMS ARGS to compile a file, generating dependencies
-as side-effects.
-
-Environment variables:
-  depmode     Dependency tracking mode.
-  source      Source file read by 'PROGRAMS ARGS'.
-  object      Object file output by 'PROGRAMS ARGS'.
-  DEPDIR      directory where to store dependencies.
-  depfile     Dependency file to output.
-  tmpdepfile  Temporary file to use when outputting dependencies.
-  libtool     Whether libtool is used (yes/no).
-
-Report bugs to <bug-automake@gnu.org>.
-EOF
-    exit $?
-    ;;
-  -v | --v*)
-    echo "depcomp $scriptversion"
-    exit $?
-    ;;
-esac
-
-# Get the directory component of the given path, and save it in the
-# global variables '$dir'.  Note that this directory component will
-# be either empty or ending with a '/' character.  This is deliberate.
-set_dir_from ()
-{
-  case $1 in
-    */*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;;
-      *) dir=;;
-  esac
-}
-
-# Get the suffix-stripped basename of the given path, and save it the
-# global variable '$base'.
-set_base_from ()
-{
-  base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'`
-}
-
-# If no dependency file was actually created by the compiler invocation,
-# we still have to create a dummy depfile, to avoid errors with the
-# Makefile "include basename.Plo" scheme.
-make_dummy_depfile ()
-{
-  echo "#dummy" > "$depfile"
-}
-
-# Factor out some common post-processing of the generated depfile.
-# Requires the auxiliary global variable '$tmpdepfile' to be set.
-aix_post_process_depfile ()
-{
-  # If the compiler actually managed to produce a dependency file,
-  # post-process it.
-  if test -f "$tmpdepfile"; then
-    # Each line is of the form 'foo.o: dependency.h'.
-    # Do two passes, one to just change these to
-    #   $object: dependency.h
-    # and one to simply output
-    #   dependency.h:
-    # which is needed to avoid the deleted-header problem.
-    { sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile"
-      sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile"
-    } > "$depfile"
-    rm -f "$tmpdepfile"
-  else
-    make_dummy_depfile
-  fi
-}
-
-# A tabulation character.
-tab='	'
-# A newline character.
-nl='
-'
-# Character ranges might be problematic outside the C locale.
-# These definitions help.
-upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ
-lower=abcdefghijklmnopqrstuvwxyz
-digits=0123456789
-alpha=${upper}${lower}
-
-if test -z "$depmode" || test -z "$source" || test -z "$object"; then
-  echo "depcomp: Variables source, object and depmode must be set" 1>&2
-  exit 1
-fi
-
-# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
-depfile=${depfile-`echo "$object" |
-  sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
-tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
-
-rm -f "$tmpdepfile"
-
-# Avoid interferences from the environment.
-gccflag= dashmflag=
-
-# Some modes work just like other modes, but use different flags.  We
-# parameterize here, but still list the modes in the big case below,
-# to make depend.m4 easier to write.  Note that we *cannot* use a case
-# here, because this file can only contain one case statement.
-if test "$depmode" = hp; then
-  # HP compiler uses -M and no extra arg.
-  gccflag=-M
-  depmode=gcc
-fi
-
-if test "$depmode" = dashXmstdout; then
-  # This is just like dashmstdout with a different argument.
-  dashmflag=-xM
-  depmode=dashmstdout
-fi
-
-cygpath_u="cygpath -u -f -"
-if test "$depmode" = msvcmsys; then
-  # This is just like msvisualcpp but w/o cygpath translation.
-  # Just convert the backslash-escaped backslashes to single forward
-  # slashes to satisfy depend.m4
-  cygpath_u='sed s,\\\\,/,g'
-  depmode=msvisualcpp
-fi
-
-if test "$depmode" = msvc7msys; then
-  # This is just like msvc7 but w/o cygpath translation.
-  # Just convert the backslash-escaped backslashes to single forward
-  # slashes to satisfy depend.m4
-  cygpath_u='sed s,\\\\,/,g'
-  depmode=msvc7
-fi
-
-if test "$depmode" = xlc; then
-  # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information.
-  gccflag=-qmakedep=gcc,-MF
-  depmode=gcc
-fi
-
-case "$depmode" in
-gcc3)
-## gcc 3 implements dependency tracking that does exactly what
-## we want.  Yay!  Note: for some reason libtool 1.4 doesn't like
-## it if -MD -MP comes after the -MF stuff.  Hmm.
-## Unfortunately, FreeBSD c89 acceptance of flags depends upon
-## the command line argument order; so add the flags where they
-## appear in depend2.am.  Note that the slowdown incurred here
-## affects only configure: in makefiles, %FASTDEP% shortcuts this.
-  for arg
-  do
-    case $arg in
-    -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
-    *)  set fnord "$@" "$arg" ;;
-    esac
-    shift # fnord
-    shift # $arg
-  done
-  "$@"
-  stat=$?
-  if test $stat -ne 0; then
-    rm -f "$tmpdepfile"
-    exit $stat
-  fi
-  mv "$tmpdepfile" "$depfile"
-  ;;
-
-gcc)
-## Note that this doesn't just cater to obsosete pre-3.x GCC compilers.
-## but also to in-use compilers like IMB xlc/xlC and the HP C compiler.
-## (see the conditional assignment to $gccflag above).
-## There are various ways to get dependency output from gcc.  Here's
-## why we pick this rather obscure method:
-## - Don't want to use -MD because we'd like the dependencies to end
-##   up in a subdir.  Having to rename by hand is ugly.
-##   (We might end up doing this anyway to support other compilers.)
-## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
-##   -MM, not -M (despite what the docs say).  Also, it might not be
-##   supported by the other compilers which use the 'gcc' depmode.
-## - Using -M directly means running the compiler twice (even worse
-##   than renaming).
-  if test -z "$gccflag"; then
-    gccflag=-MD,
-  fi
-  "$@" -Wp,"$gccflag$tmpdepfile"
-  stat=$?
-  if test $stat -ne 0; then
-    rm -f "$tmpdepfile"
-    exit $stat
-  fi
-  rm -f "$depfile"
-  echo "$object : \\" > "$depfile"
-  # The second -e expression handles DOS-style file names with drive
-  # letters.
-  sed -e 's/^[^:]*: / /' \
-      -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
-## This next piece of magic avoids the "deleted header file" problem.
-## The problem is that when a header file which appears in a .P file
-## is deleted, the dependency causes make to die (because there is
-## typically no way to rebuild the header).  We avoid this by adding
-## dummy dependencies for each header file.  Too bad gcc doesn't do
-## this for us directly.
-## Some versions of gcc put a space before the ':'.  On the theory
-## that the space means something, we add a space to the output as
-## well.  hp depmode also adds that space, but also prefixes the VPATH
-## to the object.  Take care to not repeat it in the output.
-## Some versions of the HPUX 10.20 sed can't process this invocation
-## correctly.  Breaking it into two sed invocations is a workaround.
-  tr ' ' "$nl" < "$tmpdepfile" \
-    | sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \
-    | sed -e 's/$/ :/' >> "$depfile"
-  rm -f "$tmpdepfile"
-  ;;
-
-hp)
-  # This case exists only to let depend.m4 do its work.  It works by
-  # looking at the text of this script.  This case will never be run,
-  # since it is checked for above.
-  exit 1
-  ;;
-
-sgi)
-  if test "$libtool" = yes; then
-    "$@" "-Wp,-MDupdate,$tmpdepfile"
-  else
-    "$@" -MDupdate "$tmpdepfile"
-  fi
-  stat=$?
-  if test $stat -ne 0; then
-    rm -f "$tmpdepfile"
-    exit $stat
-  fi
-  rm -f "$depfile"
-
-  if test -f "$tmpdepfile"; then  # yes, the sourcefile depend on other files
-    echo "$object : \\" > "$depfile"
-    # Clip off the initial element (the dependent).  Don't try to be
-    # clever and replace this with sed code, as IRIX sed won't handle
-    # lines with more than a fixed number of characters (4096 in
-    # IRIX 6.2 sed, 8192 in IRIX 6.5).  We also remove comment lines;
-    # the IRIX cc adds comments like '#:fec' to the end of the
-    # dependency line.
-    tr ' ' "$nl" < "$tmpdepfile" \
-      | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \
-      | tr "$nl" ' ' >> "$depfile"
-    echo >> "$depfile"
-    # The second pass generates a dummy entry for each header file.
-    tr ' ' "$nl" < "$tmpdepfile" \
-      | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
-      >> "$depfile"
-  else
-    make_dummy_depfile
-  fi
-  rm -f "$tmpdepfile"
-  ;;
-
-xlc)
-  # This case exists only to let depend.m4 do its work.  It works by
-  # looking at the text of this script.  This case will never be run,
-  # since it is checked for above.
-  exit 1
-  ;;
-
-aix)
-  # The C for AIX Compiler uses -M and outputs the dependencies
-  # in a .u file.  In older versions, this file always lives in the
-  # current directory.  Also, the AIX compiler puts '$object:' at the
-  # start of each line; $object doesn't have directory information.
-  # Version 6 uses the directory in both cases.
-  set_dir_from "$object"
-  set_base_from "$object"
-  if test "$libtool" = yes; then
-    tmpdepfile1=$dir$base.u
-    tmpdepfile2=$base.u
-    tmpdepfile3=$dir.libs/$base.u
-    "$@" -Wc,-M
-  else
-    tmpdepfile1=$dir$base.u
-    tmpdepfile2=$dir$base.u
-    tmpdepfile3=$dir$base.u
-    "$@" -M
-  fi
-  stat=$?
-  if test $stat -ne 0; then
-    rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
-    exit $stat
-  fi
-
-  for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
-  do
-    test -f "$tmpdepfile" && break
-  done
-  aix_post_process_depfile
-  ;;
-
-tcc)
-  # tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26
-  # FIXME: That version still under development at the moment of writing.
-  #        Make that this statement remains true also for stable, released
-  #        versions.
-  # It will wrap lines (doesn't matter whether long or short) with a
-  # trailing '\', as in:
-  #
-  #   foo.o : \
-  #    foo.c \
-  #    foo.h \
-  #
-  # It will put a trailing '\' even on the last line, and will use leading
-  # spaces rather than leading tabs (at least since its commit 0394caf7
-  # "Emit spaces for -MD").
-  "$@" -MD -MF "$tmpdepfile"
-  stat=$?
-  if test $stat -ne 0; then
-    rm -f "$tmpdepfile"
-    exit $stat
-  fi
-  rm -f "$depfile"
-  # Each non-empty line is of the form 'foo.o : \' or ' dep.h \'.
-  # We have to change lines of the first kind to '$object: \'.
-  sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile"
-  # And for each line of the second kind, we have to emit a 'dep.h:'
-  # dummy dependency, to avoid the deleted-header problem.
-  sed -n -e 's|^  *\(.*\) *\\$|\1:|p' < "$tmpdepfile" >> "$depfile"
-  rm -f "$tmpdepfile"
-  ;;
-
-## The order of this option in the case statement is important, since the
-## shell code in configure will try each of these formats in the order
-## listed in this file.  A plain '-MD' option would be understood by many
-## compilers, so we must ensure this comes after the gcc and icc options.
-pgcc)
-  # Portland's C compiler understands '-MD'.
-  # Will always output deps to 'file.d' where file is the root name of the
-  # source file under compilation, even if file resides in a subdirectory.
-  # The object file name does not affect the name of the '.d' file.
-  # pgcc 10.2 will output
-  #    foo.o: sub/foo.c sub/foo.h
-  # and will wrap long lines using '\' :
-  #    foo.o: sub/foo.c ... \
-  #     sub/foo.h ... \
-  #     ...
-  set_dir_from "$object"
-  # Use the source, not the object, to determine the base name, since
-  # that's sadly what pgcc will do too.
-  set_base_from "$source"
-  tmpdepfile=$base.d
-
-  # For projects that build the same source file twice into different object
-  # files, the pgcc approach of using the *source* file root name can cause
-  # problems in parallel builds.  Use a locking strategy to avoid stomping on
-  # the same $tmpdepfile.
-  lockdir=$base.d-lock
-  trap "
-    echo '$0: caught signal, cleaning up...' >&2
-    rmdir '$lockdir'
-    exit 1
-  " 1 2 13 15
-  numtries=100
-  i=$numtries
-  while test $i -gt 0; do
-    # mkdir is a portable test-and-set.
-    if mkdir "$lockdir" 2>/dev/null; then
-      # This process acquired the lock.
-      "$@" -MD
-      stat=$?
-      # Release the lock.
-      rmdir "$lockdir"
-      break
-    else
-      # If the lock is being held by a different process, wait
-      # until the winning process is done or we timeout.
-      while test -d "$lockdir" && test $i -gt 0; do
-        sleep 1
-        i=`expr $i - 1`
-      done
-    fi
-    i=`expr $i - 1`
-  done
-  trap - 1 2 13 15
-  if test $i -le 0; then
-    echo "$0: failed to acquire lock after $numtries attempts" >&2
-    echo "$0: check lockdir '$lockdir'" >&2
-    exit 1
-  fi
-
-  if test $stat -ne 0; then
-    rm -f "$tmpdepfile"
-    exit $stat
-  fi
-  rm -f "$depfile"
-  # Each line is of the form `foo.o: dependent.h',
-  # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
-  # Do two passes, one to just change these to
-  # `$object: dependent.h' and one to simply `dependent.h:'.
-  sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
-  # Some versions of the HPUX 10.20 sed can't process this invocation
-  # correctly.  Breaking it into two sed invocations is a workaround.
-  sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \
-    | sed -e 's/$/ :/' >> "$depfile"
-  rm -f "$tmpdepfile"
-  ;;
-
-hp2)
-  # The "hp" stanza above does not work with aCC (C++) and HP's ia64
-  # compilers, which have integrated preprocessors.  The correct option
-  # to use with these is +Maked; it writes dependencies to a file named
-  # 'foo.d', which lands next to the object file, wherever that
-  # happens to be.
-  # Much of this is similar to the tru64 case; see comments there.
-  set_dir_from  "$object"
-  set_base_from "$object"
-  if test "$libtool" = yes; then
-    tmpdepfile1=$dir$base.d
-    tmpdepfile2=$dir.libs/$base.d
-    "$@" -Wc,+Maked
-  else
-    tmpdepfile1=$dir$base.d
-    tmpdepfile2=$dir$base.d
-    "$@" +Maked
-  fi
-  stat=$?
-  if test $stat -ne 0; then
-     rm -f "$tmpdepfile1" "$tmpdepfile2"
-     exit $stat
-  fi
-
-  for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
-  do
-    test -f "$tmpdepfile" && break
-  done
-  if test -f "$tmpdepfile"; then
-    sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile"
-    # Add 'dependent.h:' lines.
-    sed -ne '2,${
-               s/^ *//
-               s/ \\*$//
-               s/$/:/
-               p
-             }' "$tmpdepfile" >> "$depfile"
-  else
-    make_dummy_depfile
-  fi
-  rm -f "$tmpdepfile" "$tmpdepfile2"
-  ;;
-
-tru64)
-  # The Tru64 compiler uses -MD to generate dependencies as a side
-  # effect.  'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'.
-  # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
-  # dependencies in 'foo.d' instead, so we check for that too.
-  # Subdirectories are respected.
-  set_dir_from  "$object"
-  set_base_from "$object"
-
-  if test "$libtool" = yes; then
-    # Libtool generates 2 separate objects for the 2 libraries.  These
-    # two compilations output dependencies in $dir.libs/$base.o.d and
-    # in $dir$base.o.d.  We have to check for both files, because
-    # one of the two compilations can be disabled.  We should prefer
-    # $dir$base.o.d over $dir.libs/$base.o.d because the latter is
-    # automatically cleaned when .libs/ is deleted, while ignoring
-    # the former would cause a distcleancheck panic.
-    tmpdepfile1=$dir$base.o.d          # libtool 1.5
-    tmpdepfile2=$dir.libs/$base.o.d    # Likewise.
-    tmpdepfile3=$dir.libs/$base.d      # Compaq CCC V6.2-504
-    "$@" -Wc,-MD
-  else
-    tmpdepfile1=$dir$base.d
-    tmpdepfile2=$dir$base.d
-    tmpdepfile3=$dir$base.d
-    "$@" -MD
-  fi
-
-  stat=$?
-  if test $stat -ne 0; then
-    rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
-    exit $stat
-  fi
-
-  for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
-  do
-    test -f "$tmpdepfile" && break
-  done
-  # Same post-processing that is required for AIX mode.
-  aix_post_process_depfile
-  ;;
-
-msvc7)
-  if test "$libtool" = yes; then
-    showIncludes=-Wc,-showIncludes
-  else
-    showIncludes=-showIncludes
-  fi
-  "$@" $showIncludes > "$tmpdepfile"
-  stat=$?
-  grep -v '^Note: including file: ' "$tmpdepfile"
-  if test $stat -ne 0; then
-    rm -f "$tmpdepfile"
-    exit $stat
-  fi
-  rm -f "$depfile"
-  echo "$object : \\" > "$depfile"
-  # The first sed program below extracts the file names and escapes
-  # backslashes for cygpath.  The second sed program outputs the file
-  # name when reading, but also accumulates all include files in the
-  # hold buffer in order to output them again at the end.  This only
-  # works with sed implementations that can handle large buffers.
-  sed < "$tmpdepfile" -n '
-/^Note: including file:  *\(.*\)/ {
-  s//\1/
-  s/\\/\\\\/g
-  p
-}' | $cygpath_u | sort -u | sed -n '
-s/ /\\ /g
-s/\(.*\)/'"$tab"'\1 \\/p
-s/.\(.*\) \\/\1:/
-H
-$ {
-  s/.*/'"$tab"'/
-  G
-  p
-}' >> "$depfile"
-  echo >> "$depfile" # make sure the fragment doesn't end with a backslash
-  rm -f "$tmpdepfile"
-  ;;
-
-msvc7msys)
-  # This case exists only to let depend.m4 do its work.  It works by
-  # looking at the text of this script.  This case will never be run,
-  # since it is checked for above.
-  exit 1
-  ;;
-
-#nosideeffect)
-  # This comment above is used by automake to tell side-effect
-  # dependency tracking mechanisms from slower ones.
-
-dashmstdout)
-  # Important note: in order to support this mode, a compiler *must*
-  # always write the preprocessed file to stdout, regardless of -o.
-  "$@" || exit $?
-
-  # Remove the call to Libtool.
-  if test "$libtool" = yes; then
-    while test "X$1" != 'X--mode=compile'; do
-      shift
-    done
-    shift
-  fi
-
-  # Remove '-o $object'.
-  IFS=" "
-  for arg
-  do
-    case $arg in
-    -o)
-      shift
-      ;;
-    $object)
-      shift
-      ;;
-    *)
-      set fnord "$@" "$arg"
-      shift # fnord
-      shift # $arg
-      ;;
-    esac
-  done
-
-  test -z "$dashmflag" && dashmflag=-M
-  # Require at least two characters before searching for ':'
-  # in the target name.  This is to cope with DOS-style filenames:
-  # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise.
-  "$@" $dashmflag |
-    sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile"
-  rm -f "$depfile"
-  cat < "$tmpdepfile" > "$depfile"
-  # Some versions of the HPUX 10.20 sed can't process this sed invocation
-  # correctly.  Breaking it into two sed invocations is a workaround.
-  tr ' ' "$nl" < "$tmpdepfile" \
-    | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
-    | sed -e 's/$/ :/' >> "$depfile"
-  rm -f "$tmpdepfile"
-  ;;
-
-dashXmstdout)
-  # This case only exists to satisfy depend.m4.  It is never actually
-  # run, as this mode is specially recognized in the preamble.
-  exit 1
-  ;;
-
-makedepend)
-  "$@" || exit $?
-  # Remove any Libtool call
-  if test "$libtool" = yes; then
-    while test "X$1" != 'X--mode=compile'; do
-      shift
-    done
-    shift
-  fi
-  # X makedepend
-  shift
-  cleared=no eat=no
-  for arg
-  do
-    case $cleared in
-    no)
-      set ""; shift
-      cleared=yes ;;
-    esac
-    if test $eat = yes; then
-      eat=no
-      continue
-    fi
-    case "$arg" in
-    -D*|-I*)
-      set fnord "$@" "$arg"; shift ;;
-    # Strip any option that makedepend may not understand.  Remove
-    # the object too, otherwise makedepend will parse it as a source file.
-    -arch)
-      eat=yes ;;
-    -*|$object)
-      ;;
-    *)
-      set fnord "$@" "$arg"; shift ;;
-    esac
-  done
-  obj_suffix=`echo "$object" | sed 's/^.*\././'`
-  touch "$tmpdepfile"
-  ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
-  rm -f "$depfile"
-  # makedepend may prepend the VPATH from the source file name to the object.
-  # No need to regex-escape $object, excess matching of '.' is harmless.
-  sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile"
-  # Some versions of the HPUX 10.20 sed can't process the last invocation
-  # correctly.  Breaking it into two sed invocations is a workaround.
-  sed '1,2d' "$tmpdepfile" \
-    | tr ' ' "$nl" \
-    | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
-    | sed -e 's/$/ :/' >> "$depfile"
-  rm -f "$tmpdepfile" "$tmpdepfile".bak
-  ;;
-
-cpp)
-  # Important note: in order to support this mode, a compiler *must*
-  # always write the preprocessed file to stdout.
-  "$@" || exit $?
-
-  # Remove the call to Libtool.
-  if test "$libtool" = yes; then
-    while test "X$1" != 'X--mode=compile'; do
-      shift
-    done
-    shift
-  fi
-
-  # Remove '-o $object'.
-  IFS=" "
-  for arg
-  do
-    case $arg in
-    -o)
-      shift
-      ;;
-    $object)
-      shift
-      ;;
-    *)
-      set fnord "$@" "$arg"
-      shift # fnord
-      shift # $arg
-      ;;
-    esac
-  done
-
-  "$@" -E \
-    | sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
-             -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
-    | sed '$ s: \\$::' > "$tmpdepfile"
-  rm -f "$depfile"
-  echo "$object : \\" > "$depfile"
-  cat < "$tmpdepfile" >> "$depfile"
-  sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
-  rm -f "$tmpdepfile"
-  ;;
-
-msvisualcpp)
-  # Important note: in order to support this mode, a compiler *must*
-  # always write the preprocessed file to stdout.
-  "$@" || exit $?
-
-  # Remove the call to Libtool.
-  if test "$libtool" = yes; then
-    while test "X$1" != 'X--mode=compile'; do
-      shift
-    done
-    shift
-  fi
-
-  IFS=" "
-  for arg
-  do
-    case "$arg" in
-    -o)
-      shift
-      ;;
-    $object)
-      shift
-      ;;
-    "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
-        set fnord "$@"
-        shift
-        shift
-        ;;
-    *)
-        set fnord "$@" "$arg"
-        shift
-        shift
-        ;;
-    esac
-  done
-  "$@" -E 2>/dev/null |
-  sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
-  rm -f "$depfile"
-  echo "$object : \\" > "$depfile"
-  sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile"
-  echo "$tab" >> "$depfile"
-  sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
-  rm -f "$tmpdepfile"
-  ;;
-
-msvcmsys)
-  # This case exists only to let depend.m4 do its work.  It works by
-  # looking at the text of this script.  This case will never be run,
-  # since it is checked for above.
-  exit 1
-  ;;
-
-none)
-  exec "$@"
-  ;;
-
-*)
-  echo "Unknown depmode $depmode" 1>&2
-  exit 1
-  ;;
-esac
-
-exit 0
-
-# Local Variables:
-# mode: shell-script
-# sh-indentation: 2
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC0"
-# time-stamp-end: "; # UTC"
-# End:

install-sh

@@ -1,501 +0,0 @@
-#!/bin/sh
-# install - install a program, script, or datafile
-
-scriptversion=2016-01-11.22; # UTC
-
-# This originates from X11R5 (mit/util/scripts/install.sh), which was
-# later released in X11R6 (xc/config/util/install.sh) with the
-# following copyright and license.
-#
-# Copyright (C) 1994 X Consortium
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to
-# deal in the Software without restriction, including without limitation the
-# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
-# sell copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in
-# all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
-# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
-# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
-# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-# Except as contained in this notice, the name of the X Consortium shall not
-# be used in advertising or otherwise to promote the sale, use or other deal-
-# ings in this Software without prior written authorization from the X Consor-
-# tium.
-#
-#
-# FSF changes to this file are in the public domain.
-#
-# Calling this script install-sh is preferred over install.sh, to prevent
-# 'make' implicit rules from creating a file called install from it
-# when there is no Makefile.
-#
-# This script is compatible with the BSD install script, but was written
-# from scratch.
-
-tab='	'
-nl='
-'
-IFS=" $tab$nl"
-
-# Set DOITPROG to "echo" to test this script.
-
-doit=${DOITPROG-}
-doit_exec=${doit:-exec}
-
-# Put in absolute file names if you don't have them in your path;
-# or use environment vars.
-
-chgrpprog=${CHGRPPROG-chgrp}
-chmodprog=${CHMODPROG-chmod}
-chownprog=${CHOWNPROG-chown}
-cmpprog=${CMPPROG-cmp}
-cpprog=${CPPROG-cp}
-mkdirprog=${MKDIRPROG-mkdir}
-mvprog=${MVPROG-mv}
-rmprog=${RMPROG-rm}
-stripprog=${STRIPPROG-strip}
-
-posix_mkdir=
-
-# Desired mode of installed file.
-mode=0755
-
-chgrpcmd=
-chmodcmd=$chmodprog
-chowncmd=
-mvcmd=$mvprog
-rmcmd="$rmprog -f"
-stripcmd=
-
-src=
-dst=
-dir_arg=
-dst_arg=
-
-copy_on_change=false
-is_target_a_directory=possibly
-
-usage="\
-Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
-   or: $0 [OPTION]... SRCFILES... DIRECTORY
-   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
-   or: $0 [OPTION]... -d DIRECTORIES...
-
-In the 1st form, copy SRCFILE to DSTFILE.
-In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
-In the 4th, create DIRECTORIES.
-
-Options:
-     --help     display this help and exit.
-     --version  display version info and exit.
-
-  -c            (ignored)
-  -C            install only if different (preserve the last data modification time)
-  -d            create directories instead of installing files.
-  -g GROUP      $chgrpprog installed files to GROUP.
-  -m MODE       $chmodprog installed files to MODE.
-  -o USER       $chownprog installed files to USER.
-  -s            $stripprog installed files.
-  -t DIRECTORY  install into DIRECTORY.
-  -T            report an error if DSTFILE is a directory.
-
-Environment variables override the default commands:
-  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
-  RMPROG STRIPPROG
-"
-
-while test $# -ne 0; do
-  case $1 in
-    -c) ;;
-
-    -C) copy_on_change=true;;
-
-    -d) dir_arg=true;;
-
-    -g) chgrpcmd="$chgrpprog $2"
-        shift;;
-
-    --help) echo "$usage"; exit $?;;
-
-    -m) mode=$2
-        case $mode in
-          *' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*)
-            echo "$0: invalid mode: $mode" >&2
-            exit 1;;
-        esac
-        shift;;
-
-    -o) chowncmd="$chownprog $2"
-        shift;;
-
-    -s) stripcmd=$stripprog;;
-
-    -t)
-        is_target_a_directory=always
-        dst_arg=$2
-        # Protect names problematic for 'test' and other utilities.
-        case $dst_arg in
-          -* | [=\(\)!]) dst_arg=./$dst_arg;;
-        esac
-        shift;;
-
-    -T) is_target_a_directory=never;;
-
-    --version) echo "$0 $scriptversion"; exit $?;;
-
-    --) shift
-        break;;
-
-    -*) echo "$0: invalid option: $1" >&2
-        exit 1;;
-
-    *)  break;;
-  esac
-  shift
-done
-
-# We allow the use of options -d and -T together, by making -d
-# take the precedence; this is for compatibility with GNU install.
-
-if test -n "$dir_arg"; then
-  if test -n "$dst_arg"; then
-    echo "$0: target directory not allowed when installing a directory." >&2
-    exit 1
-  fi
-fi
-
-if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
-  # When -d is used, all remaining arguments are directories to create.
-  # When -t is used, the destination is already specified.
-  # Otherwise, the last argument is the destination.  Remove it from $@.
-  for arg
-  do
-    if test -n "$dst_arg"; then
-      # $@ is not empty: it contains at least $arg.
-      set fnord "$@" "$dst_arg"
-      shift # fnord
-    fi
-    shift # arg
-    dst_arg=$arg
-    # Protect names problematic for 'test' and other utilities.
-    case $dst_arg in
-      -* | [=\(\)!]) dst_arg=./$dst_arg;;
-    esac
-  done
-fi
-
-if test $# -eq 0; then
-  if test -z "$dir_arg"; then
-    echo "$0: no input file specified." >&2
-    exit 1
-  fi
-  # It's OK to call 'install-sh -d' without argument.
-  # This can happen when creating conditional directories.
-  exit 0
-fi
-
-if test -z "$dir_arg"; then
-  if test $# -gt 1 || test "$is_target_a_directory" = always; then
-    if test ! -d "$dst_arg"; then
-      echo "$0: $dst_arg: Is not a directory." >&2
-      exit 1
-    fi
-  fi
-fi
-
-if test -z "$dir_arg"; then
-  do_exit='(exit $ret); exit $ret'
-  trap "ret=129; $do_exit" 1
-  trap "ret=130; $do_exit" 2
-  trap "ret=141; $do_exit" 13
-  trap "ret=143; $do_exit" 15
-
-  # Set umask so as not to create temps with too-generous modes.
-  # However, 'strip' requires both read and write access to temps.
-  case $mode in
-    # Optimize common cases.
-    *644) cp_umask=133;;
-    *755) cp_umask=22;;
-
-    *[0-7])
-      if test -z "$stripcmd"; then
-        u_plus_rw=
-      else
-        u_plus_rw='% 200'
-      fi
-      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
-    *)
-      if test -z "$stripcmd"; then
-        u_plus_rw=
-      else
-        u_plus_rw=,u+rw
-      fi
-      cp_umask=$mode$u_plus_rw;;
-  esac
-fi
-
-for src
-do
-  # Protect names problematic for 'test' and other utilities.
-  case $src in
-    -* | [=\(\)!]) src=./$src;;
-  esac
-
-  if test -n "$dir_arg"; then
-    dst=$src
-    dstdir=$dst
-    test -d "$dstdir"
-    dstdir_status=$?
-  else
-
-    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
-    # might cause directories to be created, which would be especially bad
-    # if $src (and thus $dsttmp) contains '*'.
-    if test ! -f "$src" && test ! -d "$src"; then
-      echo "$0: $src does not exist." >&2
-      exit 1
-    fi
-
-    if test -z "$dst_arg"; then
-      echo "$0: no destination specified." >&2
-      exit 1
-    fi
-    dst=$dst_arg
-
-    # If destination is a directory, append the input filename; won't work
-    # if double slashes aren't ignored.
-    if test -d "$dst"; then
-      if test "$is_target_a_directory" = never; then
-        echo "$0: $dst_arg: Is a directory" >&2
-        exit 1
-      fi
-      dstdir=$dst
-      dst=$dstdir/`basename "$src"`
-      dstdir_status=0
-    else
-      dstdir=`dirname "$dst"`
-      test -d "$dstdir"
-      dstdir_status=$?
-    fi
-  fi
-
-  obsolete_mkdir_used=false
-
-  if test $dstdir_status != 0; then
-    case $posix_mkdir in
-      '')
-        # Create intermediate dirs using mode 755 as modified by the umask.
-        # This is like FreeBSD 'install' as of 1997-10-28.
-        umask=`umask`
-        case $stripcmd.$umask in
-          # Optimize common cases.
-          *[2367][2367]) mkdir_umask=$umask;;
-          .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
-
-          *[0-7])
-            mkdir_umask=`expr $umask + 22 \
-              - $umask % 100 % 40 + $umask % 20 \
-              - $umask % 10 % 4 + $umask % 2
-            `;;
-          *) mkdir_umask=$umask,go-w;;
-        esac
-
-        # With -d, create the new directory with the user-specified mode.
-        # Otherwise, rely on $mkdir_umask.
-        if test -n "$dir_arg"; then
-          mkdir_mode=-m$mode
-        else
-          mkdir_mode=
-        fi
-
-        posix_mkdir=false
-        case $umask in
-          *[123567][0-7][0-7])
-            # POSIX mkdir -p sets u+wx bits regardless of umask, which
-            # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
-            ;;
-          *)
-            tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
-            trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
-
-            if (umask $mkdir_umask &&
-                exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
-            then
-              if test -z "$dir_arg" || {
-                   # Check for POSIX incompatibilities with -m.
-                   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
-                   # other-writable bit of parent directory when it shouldn't.
-                   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
-                   ls_ld_tmpdir=`ls -ld "$tmpdir"`
-                   case $ls_ld_tmpdir in
-                     d????-?r-*) different_mode=700;;
-                     d????-?--*) different_mode=755;;
-                     *) false;;
-                   esac &&
-                   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
-                     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
-                     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
-                   }
-                 }
-              then posix_mkdir=:
-              fi
-              rmdir "$tmpdir/d" "$tmpdir"
-            else
-              # Remove any dirs left behind by ancient mkdir implementations.
-              rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
-            fi
-            trap '' 0;;
-        esac;;
-    esac
-
-    if
-      $posix_mkdir && (
-        umask $mkdir_umask &&
-        $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
-      )
-    then :
-    else
-
-      # The umask is ridiculous, or mkdir does not conform to POSIX,
-      # or it failed possibly due to a race condition.  Create the
-      # directory the slow way, step by step, checking for races as we go.
-
-      case $dstdir in
-        /*) prefix='/';;
-        [-=\(\)!]*) prefix='./';;
-        *)  prefix='';;
-      esac
-
-      oIFS=$IFS
-      IFS=/
-      set -f
-      set fnord $dstdir
-      shift
-      set +f
-      IFS=$oIFS
-
-      prefixes=
-
-      for d
-      do
-        test X"$d" = X && continue
-
-        prefix=$prefix$d
-        if test -d "$prefix"; then
-          prefixes=
-        else
-          if $posix_mkdir; then
-            (umask=$mkdir_umask &&
-             $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
-            # Don't fail if two instances are running concurrently.
-            test -d "$prefix" || exit 1
-          else
-            case $prefix in
-              *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
-              *) qprefix=$prefix;;
-            esac
-            prefixes="$prefixes '$qprefix'"
-          fi
-        fi
-        prefix=$prefix/
-      done
-
-      if test -n "$prefixes"; then
-        # Don't fail if two instances are running concurrently.
-        (umask $mkdir_umask &&
-         eval "\$doit_exec \$mkdirprog $prefixes") ||
-          test -d "$dstdir" || exit 1
-        obsolete_mkdir_used=true
-      fi
-    fi
-  fi
-
-  if test -n "$dir_arg"; then
-    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
-    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
-    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
-      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
-  else
-
-    # Make a couple of temp file names in the proper directory.
-    dsttmp=$dstdir/_inst.$$_
-    rmtmp=$dstdir/_rm.$$_
-
-    # Trap to clean up those temp files at exit.
-    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
-
-    # Copy the file name to the temp name.
-    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
-
-    # and set any options; do chmod last to preserve setuid bits.
-    #
-    # If any of these fail, we abort the whole thing.  If we want to
-    # ignore errors from any of these, just make sure not to ignore
-    # errors from the above "$doit $cpprog $src $dsttmp" command.
-    #
-    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
-    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
-    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
-    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
-
-    # If -C, don't bother to copy if it wouldn't change the file.
-    if $copy_on_change &&
-       old=`LC_ALL=C ls -dlL "$dst"     2>/dev/null` &&
-       new=`LC_ALL=C ls -dlL "$dsttmp"  2>/dev/null` &&
-       set -f &&
-       set X $old && old=:$2:$4:$5:$6 &&
-       set X $new && new=:$2:$4:$5:$6 &&
-       set +f &&
-       test "$old" = "$new" &&
-       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
-    then
-      rm -f "$dsttmp"
-    else
-      # Rename the file to the real destination.
-      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
-
-      # The rename failed, perhaps because mv can't rename something else
-      # to itself, or perhaps because mv is so ancient that it does not
-      # support -f.
-      {
-        # Now remove or move aside any old file at destination location.
-        # We try this two ways since rm can't unlink itself on some
-        # systems and the destination file might be busy for other
-        # reasons.  In this case, the final cleanup might fail but the new
-        # file should still install successfully.
-        {
-          test ! -f "$dst" ||
-          $doit $rmcmd -f "$dst" 2>/dev/null ||
-          { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
-            { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
-          } ||
-          { echo "$0: cannot unlink or rename $dst" >&2
-            (exit 1); exit 1
-          }
-        } &&
-
-        # Now rename the file to the real destination.
-        $doit $mvcmd "$dsttmp" "$dst"
-      }
-    fi || exit 1
-
-    trap '' 0
-  fi
-done
-
-# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC0"
-# time-stamp-end: "; # UTC"
-# End:

libluksmeta.c

@@ -69,8 +69,12 @@ checksum(lm_t lm)
 }
 
 static inline bool
-overlap(const lm_t *lm, uint32_t start, size_t end)
+overlap(const lm_t *lm, uint32_t start, size_t end, uint32_t hard_limit)
 {
+    /* Make sure the data fits the available area in the gap. */
+    if (end > hard_limit)
+        return true;
+
     for (int i = 0; i < LUKS_NSLOTS; i++) {
         const lm_slot_t *s = &lm->slots[i];
         uint32_t e = s->offset + s->length;
@@ -90,8 +94,13 @@ find_gap(const lm_t *lm, uint32_t length, size_t size)
 {
     size = ALIGN(size, true);
 
+    /* Make sure the data is not larger than the total available
+     * area in the gap. */
+    if (length < size)
+        return 0;
+
     for (uint32_t off = ALIGN(1, true); off < length; off += ALIGN(1, true)) {
-        if (!overlap(lm, off, off + size))
+        if (!overlap(lm, off, off + size, lm->slots[0].offset + length))
             return off;
     }
 

luksmeta.8.adoc

@@ -168,18 +168,19 @@ dangerous and should be undertaken with great care.
 
 == RETURN VALUES
 
-This command uses the return values as defined by *sysexit.h*. The following
-are general errors whose meaning is shared by all *luksmeta* commands:
-
-* *EX_OK*        : The operation was successful.
-* *EX_OSERR*     : An undefined operating system error occurred.
-* *EX_USAGE*     : The program was called with invalid parameters.
-* *EX_IOERR*     : An IO error occurred when writing to the device.
-* *EX_OSFILE*    : The device is not initialized or is corrupted.
-* *EX_NOPERM*    : The user did not grant permission during confirmation.
-* *EX_NOINPUT*   : An error occurred while reading from standard input.
-* *EX_DATAERR*   : The specified UUID does not match the slot UUID.
-* *EX_CANTCREAT* : There is insufficient space in LUKSv1 header.
+This command uses the return values as defined by *sysexits.h*. The following
+are general errors (and corresponding numeric exit codes) whose meaning is
+shared by all *luksmeta* commands:
+
+* *EX_OK*         (0): The operation was successful.
+* *EX_USAGE*     (64): The program was called with invalid parameters.
+* *EX_DATAERR*   (65): The specified UUID does not match the slot UUID.
+* *EX_NOINPUT*   (66): An error occurred while reading from standard input.
+* *EX_OSERR*     (71): An undefined operating system error occurred.
+* *EX_OSFILE*    (72): The device is not initialized or is corrupted.
+* *EX_CANTCREAT* (73): There is insufficient space in LUKSv1 header.
+* *EX_IOERR*     (74): An IO error occurred when writing to the device.
+* *EX_NOPERM*    (77): The user did not grant permission during confirmation.
 
 Additionally, *luksmeta save* will return *EX_UNAVAILABLE* when you attempt
 to save data into a slot that is already used. Likewise, *luksmeta load* will

luksmeta.c

@@ -45,6 +45,17 @@ struct options {
     int slot;
 };
 
+#define LUKSMETA_LIBCRYPTSETUP_LOG_LEVEL CRYPT_LOG_ERROR
+
+static void
+luksmeta_libcryptsetup_log(int level, const char *msg, void *usrptr)
+{
+    if (level != LUKSMETA_LIBCRYPTSETUP_LOG_LEVEL) {
+       return;
+    }
+    fprintf(stderr, "%s", msg);
+}
+
 static int
 cmd_test(const struct options *opts, struct crypt_device *cd)
 {
@@ -485,6 +496,8 @@ main(int argc, char *argv[])
             return EX_IOERR;
         }
 
+        crypt_set_log_callback(cd, luksmeta_libcryptsetup_log, NULL);
+
         r = crypt_load(cd, NULL, NULL);
         if (r != 0) {
             fprintf(stderr, "Unable to read LUKSv1 header (%s): %s\n",

missing

@@ -1,215 +0,0 @@
-#!/bin/sh
-# Common wrapper for a few potentially missing GNU programs.
-
-scriptversion=2016-01-11.22; # UTC
-
-# Copyright (C) 1996-2017 Free Software Foundation, Inc.
-# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-if test $# -eq 0; then
-  echo 1>&2 "Try '$0 --help' for more information"
-  exit 1
-fi
-
-case $1 in
-
-  --is-lightweight)
-    # Used by our autoconf macros to check whether the available missing
-    # script is modern enough.
-    exit 0
-    ;;
-
-  --run)
-    # Back-compat with the calling convention used by older automake.
-    shift
-    ;;
-
-  -h|--h|--he|--hel|--help)
-    echo "\
-$0 [OPTION]... PROGRAM [ARGUMENT]...
-
-Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due
-to PROGRAM being missing or too old.
-
-Options:
-  -h, --help      display this help and exit
-  -v, --version   output version information and exit
-
-Supported PROGRAM values:
-  aclocal   autoconf  autoheader   autom4te  automake  makeinfo
-  bison     yacc      flex         lex       help2man
-
-Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and
-'g' are ignored when checking the name.
-
-Send bug reports to <bug-automake@gnu.org>."
-    exit $?
-    ;;
-
-  -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
-    echo "missing $scriptversion (GNU Automake)"
-    exit $?
-    ;;
-
-  -*)
-    echo 1>&2 "$0: unknown '$1' option"
-    echo 1>&2 "Try '$0 --help' for more information"
-    exit 1
-    ;;
-
-esac
-
-# Run the given program, remember its exit status.
-"$@"; st=$?
-
-# If it succeeded, we are done.
-test $st -eq 0 && exit 0
-
-# Also exit now if we it failed (or wasn't found), and '--version' was
-# passed; such an option is passed most likely to detect whether the
-# program is present and works.
-case $2 in --version|--help) exit $st;; esac
-
-# Exit code 63 means version mismatch.  This often happens when the user
-# tries to use an ancient version of a tool on a file that requires a
-# minimum version.
-if test $st -eq 63; then
-  msg="probably too old"
-elif test $st -eq 127; then
-  # Program was missing.
-  msg="missing on your system"
-else
-  # Program was found and executed, but failed.  Give up.
-  exit $st
-fi
-
-perl_URL=http://www.perl.org/
-flex_URL=http://flex.sourceforge.net/
-gnu_software_URL=http://www.gnu.org/software
-
-program_details ()
-{
-  case $1 in
-    aclocal|automake)
-      echo "The '$1' program is part of the GNU Automake package:"
-      echo "<$gnu_software_URL/automake>"
-      echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:"
-      echo "<$gnu_software_URL/autoconf>"
-      echo "<$gnu_software_URL/m4/>"
-      echo "<$perl_URL>"
-      ;;
-    autoconf|autom4te|autoheader)
-      echo "The '$1' program is part of the GNU Autoconf package:"
-      echo "<$gnu_software_URL/autoconf/>"
-      echo "It also requires GNU m4 and Perl in order to run:"
-      echo "<$gnu_software_URL/m4/>"
-      echo "<$perl_URL>"
-      ;;
-  esac
-}
-
-give_advice ()
-{
-  # Normalize program name to check for.
-  normalized_program=`echo "$1" | sed '
-    s/^gnu-//; t
-    s/^gnu//; t
-    s/^g//; t'`
-
-  printf '%s\n' "'$1' is $msg."
-
-  configure_deps="'configure.ac' or m4 files included by 'configure.ac'"
-  case $normalized_program in
-    autoconf*)
-      echo "You should only need it if you modified 'configure.ac',"
-      echo "or m4 files included by it."
-      program_details 'autoconf'
-      ;;
-    autoheader*)
-      echo "You should only need it if you modified 'acconfig.h' or"
-      echo "$configure_deps."
-      program_details 'autoheader'
-      ;;
-    automake*)
-      echo "You should only need it if you modified 'Makefile.am' or"
-      echo "$configure_deps."
-      program_details 'automake'
-      ;;
-    aclocal*)
-      echo "You should only need it if you modified 'acinclude.m4' or"
-      echo "$configure_deps."
-      program_details 'aclocal'
-      ;;
-   autom4te*)
-      echo "You might have modified some maintainer files that require"
-      echo "the 'autom4te' program to be rebuilt."
-      program_details 'autom4te'
-      ;;
-    bison*|yacc*)
-      echo "You should only need it if you modified a '.y' file."
-      echo "You may want to install the GNU Bison package:"
-      echo "<$gnu_software_URL/bison/>"
-      ;;
-    lex*|flex*)
-      echo "You should only need it if you modified a '.l' file."
-      echo "You may want to install the Fast Lexical Analyzer package:"
-      echo "<$flex_URL>"
-      ;;
-    help2man*)
-      echo "You should only need it if you modified a dependency" \
-           "of a man page."
-      echo "You may want to install the GNU Help2man package:"
-      echo "<$gnu_software_URL/help2man/>"
-    ;;
-    makeinfo*)
-      echo "You should only need it if you modified a '.texi' file, or"
-      echo "any other file indirectly affecting the aspect of the manual."
-      echo "You might want to install the Texinfo package:"
-      echo "<$gnu_software_URL/texinfo/>"
-      echo "The spurious makeinfo call might also be the consequence of"
-      echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might"
-      echo "want to install GNU make:"
-      echo "<$gnu_software_URL/make/>"
-      ;;
-    *)
-      echo "You might have modified some files without having the proper"
-      echo "tools for further handling them.  Check the 'README' file, it"
-      echo "often tells you about the needed prerequisites for installing"
-      echo "this package.  You may also peek at any GNU archive site, in"
-      echo "case some other package contains this missing '$1' program."
-      ;;
-  esac
-}
-
-give_advice "$1" | sed -e '1s/^/WARNING: /' \
-                       -e '2,$s/^/         /' >&2
-
-# Propagate the correct exit status (expected to be 127 for a program
-# not found, 63 for a program that failed due to version mismatch).
-exit $st
-
-# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC0"
-# time-stamp-end: "; # UTC"
-# End:

test-driver

@@ -1,148 +0,0 @@
-#!/bin/sh
-# test-driver - basic testsuite driver script.
-
-scriptversion=2016-01-11.22; # UTC
-
-# Copyright (C) 2011-2017 Free Software Foundation, Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# This file is maintained in Automake, please report
-# bugs to <bug-automake@gnu.org> or send patches to
-# <automake-patches@gnu.org>.
-
-# Make unconditional expansion of undefined variables an error.  This
-# helps a lot in preventing typo-related bugs.
-set -u
-
-usage_error ()
-{
-  echo "$0: $*" >&2
-  print_usage >&2
-  exit 2
-}
-
-print_usage ()
-{
-  cat <<END
-Usage:
-  test-driver --test-name=NAME --log-file=PATH --trs-file=PATH
-              [--expect-failure={yes|no}] [--color-tests={yes|no}]
-              [--enable-hard-errors={yes|no}] [--]
-              TEST-SCRIPT [TEST-SCRIPT-ARGUMENTS]
-The '--test-name', '--log-file' and '--trs-file' options are mandatory.
-END
-}
-
-test_name= # Used for reporting.
-log_file=  # Where to save the output of the test script.
-trs_file=  # Where to save the metadata of the test run.
-expect_failure=no
-color_tests=no
-enable_hard_errors=yes
-while test $# -gt 0; do
-  case $1 in
-  --help) print_usage; exit $?;;
-  --version) echo "test-driver $scriptversion"; exit $?;;
-  --test-name) test_name=$2; shift;;
-  --log-file) log_file=$2; shift;;
-  --trs-file) trs_file=$2; shift;;
-  --color-tests) color_tests=$2; shift;;
-  --expect-failure) expect_failure=$2; shift;;
-  --enable-hard-errors) enable_hard_errors=$2; shift;;
-  --) shift; break;;
-  -*) usage_error "invalid option: '$1'";;
-   *) break;;
-  esac
-  shift
-done
-
-missing_opts=
-test x"$test_name" = x && missing_opts="$missing_opts --test-name"
-test x"$log_file"  = x && missing_opts="$missing_opts --log-file"
-test x"$trs_file"  = x && missing_opts="$missing_opts --trs-file"
-if test x"$missing_opts" != x; then
-  usage_error "the following mandatory options are missing:$missing_opts"
-fi
-
-if test $# -eq 0; then
-  usage_error "missing argument"
-fi
-
-if test $color_tests = yes; then
-  # Keep this in sync with 'lib/am/check.am:$(am__tty_colors)'.
-  red='' # Red.
-  grn='' # Green.
-  lgn='' # Light green.
-  blu='' # Blue.
-  mgn='' # Magenta.
-  std=''     # No color.
-else
-  red= grn= lgn= blu= mgn= std=
-fi
-
-do_exit='rm -f $log_file $trs_file; (exit $st); exit $st'
-trap "st=129; $do_exit" 1
-trap "st=130; $do_exit" 2
-trap "st=141; $do_exit" 13
-trap "st=143; $do_exit" 15
-
-# Test script is run here.
-"$@" >$log_file 2>&1
-estatus=$?
-
-if test $enable_hard_errors = no && test $estatus -eq 99; then
-  tweaked_estatus=1
-else
-  tweaked_estatus=$estatus
-fi
-
-case $tweaked_estatus:$expect_failure in
-  0:yes) col=$red res=XPASS recheck=yes gcopy=yes;;
-  0:*)   col=$grn res=PASS  recheck=no  gcopy=no;;
-  77:*)  col=$blu res=SKIP  recheck=no  gcopy=yes;;
-  99:*)  col=$mgn res=ERROR recheck=yes gcopy=yes;;
-  *:yes) col=$lgn res=XFAIL recheck=no  gcopy=yes;;
-  *:*)   col=$red res=FAIL  recheck=yes gcopy=yes;;
-esac
-
-# Report the test outcome and exit status in the logs, so that one can
-# know whether the test passed or failed simply by looking at the '.log'
-# file, without the need of also peaking into the corresponding '.trs'
-# file (automake bug#11814).
-echo "$res $test_name (exit status: $estatus)" >>$log_file
-
-# Report outcome to console.
-echo "${col}${res}${std}: $test_name"
-
-# Register the test result, and other relevant metadata.
-echo ":test-result: $res" > $trs_file
-echo ":global-test-result: $res" >> $trs_file
-echo ":recheck: $recheck" >> $trs_file
-echo ":copy-in-global-log: $gcopy" >> $trs_file
-
-# Local Variables:
-# mode: shell-script
-# sh-indentation: 2
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC0"
-# time-stamp-end: "; # UTC"
-# End:

test-lm-assumptions.c

@@ -28,7 +28,8 @@ main(int argc, char *argv[])
     /* Test the layout state. */
     assert(test_layout((range_t[]) {
         { 0, 1024 },                    /* LUKS header */
-        END(1024),                    /* Rest of the file */
+        { 1024, 3072, true },           /* Keyslot Area */
+        { 0, 0 },
     }));
 
     unlink(filename);

test-lm-big.c

@@ -111,7 +111,7 @@ main(int argc, char *argv[])
 
     assert(test_layout((range_t[]) {
         { 0, 1024 },                   /* LUKS header */
-        { 1024, offset - 1024, true }, /* Keyslot Area */
+        { 1024, 3072, true },          /* Keyslot Area */
         { offset, 4096 },              /* luksmeta header */
         { offset + 4096, 4096 },       /* luksmeta slot 0 */
         { offset + 8192, 4096 },       /* luksmeta slot 0 (cont) */
@@ -127,7 +127,7 @@ main(int argc, char *argv[])
 
     assert(test_layout((range_t[]) {
         { 0, 1024 },                   /* LUKS header */
-        { 1024, offset - 1024, true }, /* Keyslot Area */
+        { 1024, 3072, true },          /* Keyslot Area */
         { offset, 4096 },              /* luksmeta header */
         END(offset + 4096),            /* Rest of the file */
     }));

test-lm-init.c

@@ -57,7 +57,7 @@ main(int argc, char *argv[])
     /* Test the layout state. */
     assert(test_layout((range_t[]) {
         { 0, 1024 },                   /* LUKS header */
-        { 1024, offset - 1024, true }, /* Keyslot Area */
+        { 1024, 3072, true },          /* Keyslot Area */
         { offset, 4096 },              /* luksmeta header */
         END(offset + 4096),            /* Rest of the file */
     }));
@@ -106,7 +106,7 @@ main(int argc, char *argv[])
     assert(luksmeta_test(cd) == -ENOENT);
     assert(test_layout((range_t[]) {
         { 0, 1024 },                   /* LUKS header */
-        { 1024, offset - 1024, true }, /* Keyslot Area */
+        { 1024, 3072, true },          /* Keyslot Area */
         END(offset),                   /* Rest of the file */
     }));
 

test-lm-one.c

@@ -49,7 +49,7 @@ main(int argc, char *argv[])
     /* Test the layout state. */
     assert(test_layout((range_t[]) {
         { 0, 1024 },                   /* LUKS header */
-        { 1024, offset - 1024, true }, /* Keyslot Area */
+        { 1024, 3072, true },          /* Keyslot Area */
         { offset, 4096 },              /* luksmeta header */
         { offset + 4096, 4096 },       /* luksmeta slot 0 */
         END(offset + 8192),            /* Rest of the file */
@@ -68,7 +68,7 @@ main(int argc, char *argv[])
     /* Test the layout state. */
     assert(test_layout((range_t[]) {
         { 0, 1024 },                   /* LUKS header */
-        { 1024, offset - 1024, true }, /* Keyslot Area */
+        { 1024, 3072, true },          /* Keyslot Area */
         { offset, 4096 },              /* luksmeta header */
         END(offset + 4096),            /* Rest of the file */
     }));

test-lm-two.c

@@ -53,7 +53,7 @@ main(int argc, char *argv[])
 
     assert(test_layout((range_t[]) {
         { 0, 1024 },                   /* LUKS header */
-        { 1024, offset - 1024, true }, /* Keyslot Area */
+        { 1024, 3072, true },          /* Keyslot Area */
         { offset, 4096 },              /* luksmeta header */
         { offset + 4096, 4096 },       /* luksmeta slot 0 */
         END(offset + 8192),            /* Rest of the file */
@@ -70,7 +70,7 @@ main(int argc, char *argv[])
 
     assert(test_layout((range_t[]) {
         { 0, 1024 },                   /* LUKS header */
-        { 1024, offset - 1024, true }, /* Keyslot Area */
+        { 1024, 3072, true },          /* Keyslot Area */
         { offset, 4096 },              /* luksmeta header */
         { offset + 4096, 4096 },       /* luksmeta slot 0 */
         { offset + 8192, 4096 },       /* luksmeta slot 1 */
@@ -88,7 +88,7 @@ main(int argc, char *argv[])
     assert(luksmeta_wipe(cd, 0, UUID0) == 0);
     assert(test_layout((range_t[]) {
         { 0, 1024 },                   /* LUKS header */
-        { 1024, offset - 1024, true }, /* Keyslot Area */
+        { 1024, 3072, true },          /* Keyslot Area */
         { offset, 4096 },              /* luksmeta header */
         { offset + 4096, 4096, true }, /* luksmeta slot 0 */
         { offset + 8192, 4096 },       /* luksmeta slot 1 */
@@ -99,7 +99,7 @@ main(int argc, char *argv[])
     assert(luksmeta_wipe(cd, 1, UUID1) == 0);
     assert(test_layout((range_t[]) {
         { 0, 1024 },                   /* LUKS header */
-        { 1024, offset - 1024, true }, /* Keyslot Area */
+        { 1024, 3072, true },          /* Keyslot Area */
         { offset, 4096 },              /* luksmeta header */
         END(offset + 4096),            /* Rest of the file */
     }));

test-luksmeta

@@ -3,15 +3,18 @@
 trap 'exit' ERR
 
 export tmp=`mktemp /tmp/luksmeta.XXXXXXXXXX`
+export tmpdata=`mktemp /tmp/luksmeta.XXXXXXXXXX`
+
 
 function onexit() {
     rm -f $tmp
+    rm -f "${tmpdata}"
 }
 
 trap 'onexit' EXIT
 
 truncate -s 4M $tmp
-echo -n foo | cryptsetup luksFormat $tmp -
+echo -n foo | cryptsetup luksFormat --type luks1 $tmp -
 
 ! ./luksmeta test -d $tmp
 
@@ -50,3 +53,16 @@ echo hi | ./luksmeta save -s 0 -u 23149359-1b61-4803-b818-774ab730fbec -d $tmp
 test "`./luksmeta load -s 0 -d $tmp`" == "hi"
 ./luksmeta init -n -f -d $tmp
 ! ./luksmeta load -s 0 -d $tmp
+
+# CVE-2025-11568 - test attempt to store extremely large amount of data in a slot.
+./luksmeta init -f -d "${tmp}"
+dd bs=1024k count=1 </dev/zero >"${tmpdata}"
+! ./luksmeta save -s 1 -u 23149359-1b61-4803-b818-774ab730fbec -d "${tmp}" < "${tmpdata}"
+
+# Additional test for CVE-2025-11568 boundary conditions.
+# Verify overflow protection with multiple existing slots at various offsets.
+./luksmeta init -f -d "${tmp}"
+echo "a" | ./luksmeta save -s 0 -u 11111111-1111-1111-1111-111111111111 -d "${tmp}"
+echo "b" | ./luksmeta save -s 1 -u 22222222-2222-2222-2222-222222222222 -d "${tmp}"
+dd bs=1024 count=900 </dev/zero >"${tmpdata}"
+! ./luksmeta save -s 2 -u 33333333-3333-3333-3333-333333333333 -d "${tmp}" < "${tmpdata}"