lvm: Add a function to activate LVs in shared mode

Resolves: rhbz#2188749
Resolves: rhbz#2188603

.libblockdev.metadata

@@ -0,0 +1 @@
+d32fce132c75d94ad9c033a636906d63027ffba5 libblockdev-2.28.tar.gz

0009-Fix-issues-in-tests-when-running-in-FIPS-mode.patch

@@ -0,0 +1,70 @@
+From bc8c4fa2b3ba76647de9742c28bae751757dc2dd Mon Sep 17 00:00:00 2001
+From: Vojtech Trefny <vtrefny@redhat.com>
+Date: Thu, 18 May 2023 14:45:42 +0200
+Subject: [PATCH 1/2] tests: Use longer passphrase for LUKS in dm_test
+
+The short passphrase doesn't work when running in FIPS mode.
+---
+ tests/dm_test.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/dm_test.py b/tests/dm_test.py
+index 936e3055..3b491d89 100644
+--- a/tests/dm_test.py
++++ b/tests/dm_test.py
+@@ -59,8 +59,8 @@ class DevMapperGetSubsystemFromName(DevMapperTestCase):
+     def test_get_subsystem_from_name_crypt(self):
+         """Verify that it is possible to get luks device subsystem from its name"""
+         self.addCleanup(self._destroy_crypt)
+-        run("echo \"key\" | cryptsetup luksFormat %s -" %self.loop_dev)
+-        run("echo \"key\" | cryptsetup open %s libbd_dm_tests-subsystem_crypt --key-file=-" %self.loop_dev)
++        run("echo \"supersecretkey\" | cryptsetup luksFormat %s -" %self.loop_dev)
++        run("echo \"supersecretkey\" | cryptsetup open %s libbd_dm_tests-subsystem_crypt --key-file=-" %self.loop_dev)
+         subsystem = BlockDev.dm_get_subsystem_from_name("libbd_dm_tests-subsystem_crypt")
+         self.assertEqual(subsystem, "CRYPT")
+ 
+-- 
+2.40.1
+
+
+From b1f6d1484a980885b9870d27d2b113c98400851b Mon Sep 17 00:00:00 2001
+From: Vojtech Trefny <vtrefny@redhat.com>
+Date: Thu, 18 May 2023 14:56:32 +0200
+Subject: [PATCH 2/2] tests: Skip crypto tests with argon2 in FIPS mode
+
+argon is not available when running in FIPS mode.
+---
+ tests/crypto_test.py | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/tests/crypto_test.py b/tests/crypto_test.py
+index 94b89131..91ea1f35 100644
+--- a/tests/crypto_test.py
++++ b/tests/crypto_test.py
+@@ -175,6 +175,23 @@ class CryptoTestFormat(CryptoTestCase):
+             self.fail("Failed to get pbkdf information from:\n%s %s" % (out, err))
+         self.assertEqual(m.group(1), "pbkdf2")
+ 
++    def _is_fips_enabled(self):
++        if not os.path.exists("/proc/sys/crypto/fips_enabled"):
++            # if the file doesn't exist, we are definitely not in FIPS mode
++            return False
++
++        with open("/proc/sys/crypto/fips_enabled", "r") as f:
++            enabled = f.read()
++        return enabled.strip() == "1"
++
++    @tag_test(TestTags.SLOW, TestTags.CORE)
++    @unittest.skipUnless(HAVE_LUKS2, "LUKS 2 not supported")
++    def test_luks2_format_pbkdf_options(self):
++        """Verify that formatting device as LUKS 2 works"""
++
++        if self._is_fips_enabled():
++            self.skipTest("FIPS mode is enabled, cannot use argon2, skipping")
++
+         # different options for argon2 -- all parameters set
+         pbkdf = BlockDev.CryptoLUKSPBKDF(type="argon2id", max_memory_kb=100*1024, iterations=10, parallel_threads=1)
+         extra = BlockDev.CryptoLUKSExtra(pbkdf=pbkdf)
+-- 
+2.40.1
+

0010-lvm-Add-a-function-to-activate-LVs-in-shared-mode.patch

@@ -0,0 +1,300 @@
+From 6bdbafc79e5bcdf2087148c6caa88a6c50c1e94a Mon Sep 17 00:00:00 2001
+From: Vojtech Trefny <vtrefny@redhat.com>
+Date: Mon, 24 Apr 2023 11:57:18 +0200
+Subject: [PATCH] lvm: Add a function to activate LVs in shared mode
+
+Needed by the new blivet feature to support shared LVM setups.
+---
+ src/lib/plugin_apis/lvm.api         | 16 +++++++++
+ src/plugins/lvm-dbus.c              | 51 ++++++++++++++++++++-------
+ src/plugins/lvm.c                   | 53 ++++++++++++++++++++++-------
+ src/plugins/lvm.h                   |  1 +
+ src/python/gi/overrides/BlockDev.py |  5 ++-
+ tests/lvm_dbus_tests.py             | 18 +++++++---
+ tests/lvm_test.py                   | 18 +++++++---
+ 7 files changed, 124 insertions(+), 38 deletions(-)
+
+diff --git a/src/lib/plugin_apis/lvm.api b/src/lib/plugin_apis/lvm.api
+index b8cde70b..640eee49 100644
+--- a/src/lib/plugin_apis/lvm.api
++++ b/src/lib/plugin_apis/lvm.api
+@@ -1057,6 +1057,22 @@ gboolean bd_lvm_lvresize (const gchar *vg_name, const gchar *lv_name, guint64 si
+  */
+ gboolean bd_lvm_lvactivate (const gchar *vg_name, const gchar *lv_name, gboolean ignore_skip, const BDExtraArg **extra, GError **error);
+ 
++/**
++ * bd_lvm_lvactivate_shared:
++ * @vg_name: name of the VG containing the to-be-activated LV
++ * @lv_name: name of the to-be-activated LV
++ * @ignore_skip: whether to ignore the skip flag or not
++ * @shared: whether to activate the LV in shared mode
++ * @extra: (allow-none) (array zero-terminated=1): extra options for the LV activation
++ *                                                 (just passed to LVM as is)
++ * @error: (out): place to store error (if any)
++ *
++ * Returns: whether the @vg_name/@lv_name LV was successfully activated or not
++ *
++ * Tech category: %BD_LVM_TECH_BASIC-%BD_LVM_TECH_MODE_MODIFY
++ */
++gboolean bd_lvm_lvactivate_shared (const gchar *vg_name, const gchar *lv_name, gboolean ignore_skip, gboolean shared, const BDExtraArg **extra, GError **error);
++
+ /**
+  * bd_lvm_lvdeactivate:
+  * @vg_name: name of the VG containing the to-be-deactivated LV
+diff --git a/src/plugins/lvm-dbus.c b/src/plugins/lvm-dbus.c
+index 28f3bb25..46e09833 100644
+--- a/src/plugins/lvm-dbus.c
++++ b/src/plugins/lvm-dbus.c
+@@ -2163,6 +2163,27 @@ gboolean bd_lvm_lvresize (const gchar *vg_name, const gchar *lv_name, guint64 si
+     return (*error == NULL);
+ }
+ 
++static gboolean _lvm_lvactivate (const gchar *vg_name, const gchar *lv_name, gboolean ignore_skip, gboolean shared, const BDExtraArg **extra, GError **error) {
++    GVariant *params = NULL;
++    GVariantBuilder builder;
++    GVariant *extra_params = NULL;
++
++    if (shared)
++        params = g_variant_new ("(t)", (guint64) 1 << 6);
++    else
++        params = g_variant_new ("(t)", (guint64) 0);
++
++    if (ignore_skip) {
++        g_variant_builder_init (&builder, G_VARIANT_TYPE_DICTIONARY);
++        g_variant_builder_add (&builder, "{sv}", "-K", g_variant_new ("s", ""));
++        extra_params = g_variant_builder_end (&builder);
++        g_variant_builder_clear (&builder);
++    }
++    call_lv_method_sync (vg_name, lv_name, "Activate", params, extra_params, extra, TRUE, error);
++
++    return (*error == NULL);
++}
++
+ /**
+  * bd_lvm_lvactivate:
+  * @vg_name: name of the VG containing the to-be-activated LV
+@@ -2177,19 +2198,25 @@ gboolean bd_lvm_lvresize (const gchar *vg_name, const gchar *lv_name, guint64 si
+  * Tech category: %BD_LVM_TECH_BASIC-%BD_LVM_TECH_MODE_MODIFY
+  */
+ gboolean bd_lvm_lvactivate (const gchar *vg_name, const gchar *lv_name, gboolean ignore_skip, const BDExtraArg **extra, GError **error) {
+-    GVariant *params = g_variant_new ("(t)", (guint64) 0);
+-    GVariantBuilder builder;
+-    GVariant *extra_params = NULL;
+-
+-    if (ignore_skip) {
+-        g_variant_builder_init (&builder, G_VARIANT_TYPE_DICTIONARY);
+-        g_variant_builder_add (&builder, "{sv}", "-K", g_variant_new ("s", ""));
+-        extra_params = g_variant_builder_end (&builder);
+-        g_variant_builder_clear (&builder);
+-    }
+-    call_lv_method_sync (vg_name, lv_name, "Activate", params, extra_params, extra, TRUE, error);
++    return _lvm_lvactivate (vg_name, lv_name, ignore_skip, FALSE, extra, error);
++}
+ 
+-    return (*error == NULL);
++/**
++ * bd_lvm_lvactivate_shared:
++ * @vg_name: name of the VG containing the to-be-activated LV
++ * @lv_name: name of the to-be-activated LV
++ * @ignore_skip: whether to ignore the skip flag or not
++ * @shared: whether to activate the LV in shared mode
++ * @extra: (allow-none) (array zero-terminated=1): extra options for the LV activation
++ *                                                 (just passed to LVM as is)
++ * @error: (out): place to store error (if any)
++ *
++ * Returns: whether the @vg_name/@lv_name LV was successfully activated or not
++ *
++ * Tech category: %BD_LVM_TECH_BASIC-%BD_LVM_TECH_MODE_MODIFY
++ */
++gboolean bd_lvm_lvactivate_shared (const gchar *vg_name, const gchar *lv_name, gboolean ignore_skip, gboolean shared, const BDExtraArg **extra, GError **error) {
++    return _lvm_lvactivate (vg_name, lv_name, ignore_skip, shared, extra, error);
+ }
+ 
+ /**
+diff --git a/src/plugins/lvm.c b/src/plugins/lvm.c
+index f1e2941b..0db3bf4a 100644
+--- a/src/plugins/lvm.c
++++ b/src/plugins/lvm.c
+@@ -1644,6 +1644,28 @@ gboolean bd_lvm_lvresize (const gchar *vg_name, const gchar *lv_name, guint64 si
+     return success;
+ }
+ 
++static gboolean _lvm_lvactivate (const gchar *vg_name, const gchar *lv_name, gboolean ignore_skip, gboolean shared, const BDExtraArg **extra, GError **error) {
++    const gchar *args[5] = {"lvchange", NULL, NULL, NULL, NULL};
++    guint8 next_arg = 2;
++    gboolean success = FALSE;
++
++    if (shared)
++        args[1] = "-asy";
++    else
++        args[1] = "-ay";
++
++    if (ignore_skip) {
++        args[next_arg] = "-K";
++        next_arg++;
++    }
++    args[next_arg] = g_strdup_printf ("%s/%s", vg_name, lv_name);
++
++    success = call_lvm_and_report_error (args, extra, TRUE, error);
++    g_free ((gchar *) args[next_arg]);
++
++    return success;
++}
++
+ /**
+  * bd_lvm_lvactivate:
+  * @vg_name: name of the VG containing the to-be-activated LV
+@@ -1658,20 +1680,25 @@ gboolean bd_lvm_lvresize (const gchar *vg_name, const gchar *lv_name, guint64 si
+  * Tech category: %BD_LVM_TECH_BASIC-%BD_LVM_TECH_MODE_MODIFY
+  */
+ gboolean bd_lvm_lvactivate (const gchar *vg_name, const gchar *lv_name, gboolean ignore_skip, const BDExtraArg **extra, GError **error) {
+-    const gchar *args[5] = {"lvchange", "-ay", NULL, NULL, NULL};
+-    guint8 next_arg = 2;
+-    gboolean success = FALSE;
+-
+-    if (ignore_skip) {
+-        args[next_arg] = "-K";
+-        next_arg++;
+-    }
+-    args[next_arg] = g_strdup_printf ("%s/%s", vg_name, lv_name);
+-
+-    success = call_lvm_and_report_error (args, extra, TRUE, error);
+-    g_free ((gchar *) args[next_arg]);
++    return _lvm_lvactivate (vg_name, lv_name, ignore_skip, FALSE, extra, error);
++}
+ 
+-    return success;
++/**
++ * bd_lvm_lvactivate_shared:
++ * @vg_name: name of the VG containing the to-be-activated LV
++ * @lv_name: name of the to-be-activated LV
++ * @ignore_skip: whether to ignore the skip flag or not
++ * @shared: whether to activate the LV in shared mode
++ * @extra: (allow-none) (array zero-terminated=1): extra options for the LV activation
++ *                                                 (just passed to LVM as is)
++ * @error: (out): place to store error (if any)
++ *
++ * Returns: whether the @vg_name/@lv_name LV was successfully activated or not
++ *
++ * Tech category: %BD_LVM_TECH_BASIC-%BD_LVM_TECH_MODE_MODIFY
++ */
++gboolean bd_lvm_lvactivate_shared (const gchar *vg_name, const gchar *lv_name, gboolean ignore_skip, gboolean shared, const BDExtraArg **extra, GError **error) {
++    return _lvm_lvactivate (vg_name, lv_name, ignore_skip, shared, extra, error);
+ }
+ 
+ /**
+diff --git a/src/plugins/lvm.h b/src/plugins/lvm.h
+index fabf091f..c85c043d 100644
+--- a/src/plugins/lvm.h
++++ b/src/plugins/lvm.h
+@@ -277,6 +277,7 @@ gboolean bd_lvm_lvremove (const gchar *vg_name, const gchar *lv_name, gboolean f
+ gboolean bd_lvm_lvrename (const gchar *vg_name, const gchar *lv_name, const gchar *new_name, const BDExtraArg **extra, GError **error);
+ gboolean bd_lvm_lvresize (const gchar *vg_name, const gchar *lv_name, guint64 size, const BDExtraArg **extra, GError **error);
+ gboolean bd_lvm_lvactivate (const gchar *vg_name, const gchar *lv_name, gboolean ignore_skip, const BDExtraArg **extra, GError **error);
++gboolean bd_lvm_lvactivate_shared (const gchar *vg_name, const gchar *lv_name, gboolean ignore_skip, gboolean shared, const BDExtraArg **extra, GError **error);
+ gboolean bd_lvm_lvdeactivate (const gchar *vg_name, const gchar *lv_name, const BDExtraArg **extra, GError **error);
+ gboolean bd_lvm_lvsnapshotcreate (const gchar *vg_name, const gchar *origin_name, const gchar *snapshot_name, guint64 size, const BDExtraArg **extra, GError **error);
+ gboolean bd_lvm_lvsnapshotmerge (const gchar *vg_name, const gchar *snapshot_name, const BDExtraArg **extra, GError **error);
+diff --git a/src/python/gi/overrides/BlockDev.py b/src/python/gi/overrides/BlockDev.py
+index 795e0de4..3e074260 100644
+--- a/src/python/gi/overrides/BlockDev.py
++++ b/src/python/gi/overrides/BlockDev.py
+@@ -605,11 +605,10 @@ def lvm_lvresize(vg_name, lv_name, size, extra=None, **kwargs):
+     return _lvm_lvresize(vg_name, lv_name, size, extra)
+ __all__.append("lvm_lvresize")
+ 
+-_lvm_lvactivate = BlockDev.lvm_lvactivate
+ @override(BlockDev.lvm_lvactivate)
+-def lvm_lvactivate(vg_name, lv_name, ignore_skip=False, extra=None, **kwargs):
++def lvm_lvactivate(vg_name, lv_name, ignore_skip=False, shared=False, extra=None, **kwargs):
+     extra = _get_extra(extra, kwargs)
+-    return _lvm_lvactivate(vg_name, lv_name, ignore_skip, extra)
++    return BlockDev.lvm_lvactivate_shared(vg_name, lv_name, ignore_skip, shared, extra)
+ __all__.append("lvm_lvactivate")
+ 
+ _lvm_lvdeactivate = BlockDev.lvm_lvdeactivate
+diff --git a/tests/lvm_dbus_tests.py b/tests/lvm_dbus_tests.py
+index fc12b55d..a821636e 100644
+--- a/tests/lvm_dbus_tests.py
++++ b/tests/lvm_dbus_tests.py
+@@ -873,15 +873,15 @@ class LvmTestLVactivateDeactivate(LvmPVVGLVTestCase):
+         self.assertTrue(succ)
+ 
+         with self.assertRaises(GLib.GError):
+-            BlockDev.lvm_lvactivate("nonexistingVG", "testLV", True, None)
++            BlockDev.lvm_lvactivate("nonexistingVG", "testLV", True)
+ 
+         with self.assertRaises(GLib.GError):
+-            BlockDev.lvm_lvactivate("testVG", "nonexistingLV", True, None)
++            BlockDev.lvm_lvactivate("testVG", "nonexistingLV", True)
+ 
+         with self.assertRaises(GLib.GError):
+-            BlockDev.lvm_lvactivate("nonexistingVG", "nonexistingLV", True, None)
++            BlockDev.lvm_lvactivate("nonexistingVG", "nonexistingLV", True)
+ 
+-        succ = BlockDev.lvm_lvactivate("testVG", "testLV", True, None)
++        succ = BlockDev.lvm_lvactivate("testVG", "testLV", True)
+         self.assertTrue(succ)
+ 
+         with self.assertRaises(GLib.GError):
+@@ -896,7 +896,15 @@ class LvmTestLVactivateDeactivate(LvmPVVGLVTestCase):
+         succ = BlockDev.lvm_lvdeactivate("testVG", "testLV", None)
+         self.assertTrue(succ)
+ 
+-        succ = BlockDev.lvm_lvactivate("testVG", "testLV", True, None)
++        succ = BlockDev.lvm_lvactivate("testVG", "testLV", True)
++        self.assertTrue(succ)
++
++        succ = BlockDev.lvm_lvdeactivate("testVG", "testLV", None)
++        self.assertTrue(succ)
++
++        # try activating in shared mode, unfortunately no way to check whether it really
++        # works or not
++        succ = BlockDev.lvm_lvactivate("testVG", "testLV", True, True)
+         self.assertTrue(succ)
+ 
+         succ = BlockDev.lvm_lvdeactivate("testVG", "testLV", None)
+diff --git a/tests/lvm_test.py b/tests/lvm_test.py
+index 7ede4b59..63f43afb 100644
+--- a/tests/lvm_test.py
++++ b/tests/lvm_test.py
+@@ -807,15 +807,15 @@ class LvmTestLVactivateDeactivate(LvmPVVGLVTestCase):
+         self.assertTrue(succ)
+ 
+         with self.assertRaises(GLib.GError):
+-            BlockDev.lvm_lvactivate("nonexistingVG", "testLV", True, None)
++            BlockDev.lvm_lvactivate("nonexistingVG", "testLV", True)
+ 
+         with self.assertRaises(GLib.GError):
+-            BlockDev.lvm_lvactivate("testVG", "nonexistingLV", True, None)
++            BlockDev.lvm_lvactivate("testVG", "nonexistingLV", True)
+ 
+         with self.assertRaises(GLib.GError):
+-            BlockDev.lvm_lvactivate("nonexistingVG", "nonexistingLV", True, None)
++            BlockDev.lvm_lvactivate("nonexistingVG", "nonexistingLV", True)
+ 
+-        succ = BlockDev.lvm_lvactivate("testVG", "testLV", True, None)
++        succ = BlockDev.lvm_lvactivate("testVG", "testLV", True)
+         self.assertTrue(succ)
+ 
+         with self.assertRaises(GLib.GError):
+@@ -830,7 +830,15 @@ class LvmTestLVactivateDeactivate(LvmPVVGLVTestCase):
+         succ = BlockDev.lvm_lvdeactivate("testVG", "testLV", None)
+         self.assertTrue(succ)
+ 
+-        succ = BlockDev.lvm_lvactivate("testVG", "testLV", True, None)
++        succ = BlockDev.lvm_lvactivate("testVG", "testLV", True)
++        self.assertTrue(succ)
++
++        succ = BlockDev.lvm_lvdeactivate("testVG", "testLV", None)
++        self.assertTrue(succ)
++
++        # try activating in shared mode, unfortunately no way to check whether it really
++        # works or not
++        succ = BlockDev.lvm_lvactivate("testVG", "testLV", True, True)
+         self.assertTrue(succ)
+ 
+         succ = BlockDev.lvm_lvdeactivate("testVG", "testLV", None)
+-- 
+2.41.0
+

libblockdev.spec

@@ -129,7 +129,7 @@
 
 Name:        libblockdev
 Version:     2.28
-Release:     6%{?dist}
+Release:     8%{?dist}
 Summary:     A library for low-level manipulation with block devices
 License:     LGPLv2+
 URL:         https://github.com/storaged-project/libblockdev
@@ -143,6 +143,8 @@ Patch5:      0005-nvme-Fix-namespace-identifiers.patch
 Patch6:      0006-Allow-resizing-of-inactive-LVs-with-latest-LVM.patch
 Patch7:      0007-tests-Fix-test_swapon_pagesize-on-systems-with-64k-p.patch
 Patch8:      0008-part-Fix-segfault-when-adding-a-partition-too-big-fo.patch
+Patch9:      0009-Fix-issues-in-tests-when-running-in-FIPS-mode.patch
+Patch10:     0010-lvm-Add-a-function-to-activate-LVs-in-shared-mode.patch
 
 BuildRequires: make
 BuildRequires: glib2-devel
@@ -732,6 +734,8 @@ A meta-package that pulls all the libblockdev plugins as dependencies.
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1
+%patch10 -p1
 
 %build
 autoreconf -ivf
@@ -1050,6 +1054,15 @@ find %{buildroot} -type f -name "*.la" | xargs %{__rm}
 %files plugins-all
 
 %changelog
+* Tue Oct 17 2023 Vojtech Trefny <vtrefny@redhat.com> - 2.28-8
+- lvm: Add a function to activate LVs in shared mode
+  Resolves: RHEL-14018
+
+* Wed May 24 2023 Vojtech Trefny <vtrefny@redhat.com> - 2.28-7
+- Fix issues in tests when running in FIPS mode
+  Resolves: rhbz#2188749
+  Resolves: rhbz#2188603
+
 * Tue May 16 2023 Vojtech Trefny <vtrefny@redhat.com> - 2.28-6
 - Fix segfault when adding a partition too big for MSDOS
   Resolves: rhbz#2185564