rpms/clevis
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import clevis-11-9.el8_2.1

Browse Source
This commit is contained in:
CentOS Sources 2020-09-08 04:40:58 -04:00 committed by Andrew Lukoshko
parent 1aa8576cd2
commit f52f3d98ab
2 changed files with 67 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
SOURCES/luks-fix-handling-of-devices-in-clevis-luks-askpass-.patch Normal file
View File

@ -0,0 +1,61 @@
From 1f9e0d9533e970a79bb9a525b5e407bf80f6fc5b Mon Sep 17 00:00:00 2001
From: Sergio Correia <scorreia@redhat.com>
Date: Mon, 6 Jul 2020 08:53:58 -0300
Subject: [PATCH] luks: fix handling of devices in clevis-luks-askpass to
handle
---
src/luks/systemd/clevis-luks-askpass | 23 ++++++++++++++++++++---
1 file changed, 20 insertions(+), 3 deletions(-)
diff --git a/src/luks/systemd/clevis-luks-askpass b/src/luks/systemd/clevis-luks-askpass
index feebb1a..5719ab6 100755
--- a/src/luks/systemd/clevis-luks-askpass
+++ b/src/luks/systemd/clevis-luks-askpass
@@ -23,6 +23,12 @@ UUID=cb6e8904-81ff-40da-a84a-07ab9ab5715e
shopt -s nullglob
+clevis_is_luks_device_by_uuid_open() {
+ local LUKS_UUID="${1}"
+ [ -z "${LUKS_UUID}" ] && return 1
+ test -b /dev/disk/by-id/dm-uuid-*"${LUKS_UUID//-/}"*
+}
+
path=/run/systemd/ask-password
while getopts ":lpu:" o; do
case "$o" in
@@ -49,9 +55,13 @@ while true; do
esac
done < "$question"
- [ -z "$d" -o -z "$s" ] && continue
- [[ -n "${device_uuid}" ]] && [[ "${d}" != *"${device_uuid}"* ]] \
- && continue
+ [ -b "${d}" ] || continue
+ [ -S "${s}" ] || continue
+
+ if [ -n "${device_uuid}" ]; then
+ uuid="$(cryptsetup luksUUID "${d}")"
+ [ "${uuid}" != "${device_uuid}" ] && todo=1 && continue
+ fi
if cryptsetup isLuks --type luks1 "$d"; then
# If the device is not initialized, sliently skip it.
@@ -89,6 +99,13 @@ while true; do
todo=$((todo + 1))
done
+ if [ -n "${device_uuid}" ]; then
+ [ ! -b /dev/disk/by-uuid/"${device_uuid}" ] && break
+ if clevis_is_luks_device_by_uuid_open "${device_uuid}"; then
+ break
+ fi
+ fi
+
if [ $todo -eq 0 ] || [ "$loop" != "true" ]; then
break;
fi
--
2.18.4

7
SPECS/clevis.spec
View File

@ -2,7 +2,7 @@
Name: clevis Name: clevis
Version: 11 Version: 11
Release: 9%{?dist} Release: 9%{?dist}.1
Summary: Automated decryption framework Summary: Automated decryption framework
License: GPLv3+ License: GPLv3+
@ -22,6 +22,7 @@ Patch10: Add-rd.neednet-1-to-cmdline-only-if-there-are-device.patch
Patch11: Improve-tests-speed.patch Patch11: Improve-tests-speed.patch
Patch12: Use-one-clevis-luks-askpass-per-device.patch Patch12: Use-one-clevis-luks-askpass-per-device.patch
Patch13: Improve-clevis-luks-regen-no-unbind-in-every-case.patch Patch13: Improve-clevis-luks-regen-no-unbind-in-every-case.patch
Patch14: luks-fix-handling-of-devices-in-clevis-luks-askpass-.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: meson BuildRequires: meson
@ -196,6 +197,10 @@ exit 0
%attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2 %attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2
%changelog %changelog
* Mon Jul 06 2020 Sergio Correia <scorreia@redhat.com> - 11-9.1
- Fix handling of device names in clevis-luks-askpass
Resolves: rhbz#1849593
* Wed Feb 02 2020 Sergio Correia <scorreia@redhat.com> - 11-9 * Wed Feb 02 2020 Sergio Correia <scorreia@redhat.com> - 11-9
- Improve clevis luks regen not to unbind+bind in every case - Improve clevis luks regen not to unbind+bind in every case
Resolves: rhbz#1795675 Resolves: rhbz#1795675