From a7d17dab6957b3036972575af04b55590c53b9ad Mon Sep 17 00:00:00 2001 From: John Baublitz Date: Tue, 16 Mar 2021 09:36:46 -0400 Subject: [PATCH] Fix for -t option in clevis luks bind (#297) --- src/luks/clevis-luks-bind | 2 +- src/luks/clevis-luks-common-functions.in | 2 +- src/luks/tests/bind-luks2 | 4 ++++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/luks/clevis-luks-bind b/src/luks/clevis-luks-bind index 9bea9b1..a0f3430 100755 --- a/src/luks/clevis-luks-bind +++ b/src/luks/clevis-luks-bind @@ -119,7 +119,7 @@ if [ "${luks_type}" = "luks1" ] && ! luksmeta test -d "${DEV}"; then luksmeta init -d "${DEV}" ${FRC} fi -if ! clevis_luks_do_bind "${DEV}" "${SLT}" "" \ +if ! clevis_luks_do_bind "${DEV}" "${SLT}" "${TOKEN_ID}" \ "${PIN}" "${CFG}" \ "${YES}" "" \ "${existing_key}" "${keyfile}"; then diff --git a/src/luks/clevis-luks-common-functions.in b/src/luks/clevis-luks-common-functions.in index 1bd7616..30fef56 100644 --- a/src/luks/clevis-luks-common-functions.in +++ b/src/luks/clevis-luks-common-functions.in @@ -978,7 +978,7 @@ clevis_luks_do_bind() { return 1 fi - if ! clevis_luks_save_slot "${DEV}" "${SLT}" "${tkn_id}" \ + if ! clevis_luks_save_slot "${DEV}" "${SLT}" "${TKN_ID}" \ "${jwe}" "${OVERWRITE}"; then echo "Unable to update metadata; operation cancelled" >&2 clevis_luks_restore_dev "${CLEVIS_TMP_DIR}" || : diff --git a/src/luks/tests/bind-luks2 b/src/luks/tests/bind-luks2 index 492db50..04c6b8e 100755 --- a/src/luks/tests/bind-luks2 +++ b/src/luks/tests/bind-luks2 @@ -47,3 +47,7 @@ new_device "luks2" "${DEV}" if ! clevis luks bind -d "${DEV}" -t "$TOKEN_ID" tang "${CFG}" <<< "${DEFAULT_PASS}"; then error "${TEST}: Binding is expected to succeed when given a correct (${DEFAULT_PASS}) password." >&2 fi + +if ! cryptsetup token export --token-id=5 "${DEV}"; then + error "${TEST}: Clevis did not add the LUKS2 token to the correct slot." >&2 +fi -- 2.30.2