124 lines
5.4 KiB
Diff
124 lines
5.4 KiB
Diff
|
From 70f5fb2f7ab585458008b1d3144e4ebaf98db42e Mon Sep 17 00:00:00 2001
|
||
|
|
From: Daan De Meyer <daan.j.demeyer@gmail.com>
|
||
|
|
Date: Sun, 2 Jun 2024 16:24:52 +0200
|
||
|
|
Subject: [PATCH] repart: Use crypt_reencrypt_run() if available
|
||
|
|
|
||
|
|
crypt_reencrypt() is deprecated, so let's look for and prefer
|
||
|
|
crypt_reencrypt_run() if it is available.
|
||
|
|
|
||
|
|
(cherry picked from commit b99b2941276a74878a23470b36c75b0c21dbdd4a)
|
||
|
|
---
|
||
|
|
meson.build | 1 +
|
||
|
|
src/partition/repart.c | 6 +++++-
|
||
|
|
src/shared/cryptsetup-util.c | 19 ++++++++-----------
|
||
|
|
src/shared/cryptsetup-util.h | 6 +++---
|
||
|
|
4 files changed, 17 insertions(+), 15 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/meson.build b/meson.build
|
||
|
|
index ea4e12aa1c..e42151998b 100644
|
||
|
|
--- a/meson.build
|
||
|
|
+++ b/meson.build
|
||
|
|
@@ -1262,6 +1262,7 @@ foreach ident : ['crypt_set_metadata_size',
|
||
|
|
'crypt_token_max',
|
||
|
|
'crypt_reencrypt_init_by_passphrase',
|
||
|
|
'crypt_reencrypt',
|
||
|
|
+ 'crypt_reencrypt_run',
|
||
|
|
'crypt_set_data_offset',
|
||
|
|
'crypt_set_keyring_to_link',
|
||
|
|
'crypt_resume_by_volume_key']
|
||
|
|
diff --git a/src/partition/repart.c b/src/partition/repart.c
|
||
|
|
index 6f67d46025..2ecae4ca03 100644
|
||
|
|
--- a/src/partition/repart.c
|
||
|
|
+++ b/src/partition/repart.c
|
||
|
|
@@ -3913,7 +3913,7 @@ static int partition_target_sync(Context *context, Partition *p, PartitionTarget
|
||
|
|
}
|
||
|
|
|
||
|
|
static int partition_encrypt(Context *context, Partition *p, PartitionTarget *target, bool offline) {
|
||
|
|
-#if HAVE_LIBCRYPTSETUP && HAVE_CRYPT_SET_DATA_OFFSET && HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE && HAVE_CRYPT_REENCRYPT
|
||
|
|
+#if HAVE_LIBCRYPTSETUP && HAVE_CRYPT_SET_DATA_OFFSET && HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE && (HAVE_CRYPT_REENCRYPT_RUN || HAVE_CRYPT_REENCRYPT)
|
||
|
|
const char *node = partition_target_path(target);
|
||
|
|
struct crypt_params_luks2 luks_params = {
|
||
|
|
.label = strempty(ASSERT_PTR(p)->new_label),
|
||
|
|
@@ -4220,7 +4220,11 @@ static int partition_encrypt(Context *context, Partition *p, PartitionTarget *ta
|
||
|
|
if (r < 0)
|
||
|
|
return log_error_errno(r, "Failed to load reencryption context: %m");
|
||
|
|
|
||
|
|
+#if HAVE_CRYPT_REENCRYPT_RUN
|
||
|
|
+ r = sym_crypt_reencrypt_run(cd, NULL, NULL);
|
||
|
|
+#else
|
||
|
|
r = sym_crypt_reencrypt(cd, NULL);
|
||
|
|
+#endif
|
||
|
|
if (r < 0)
|
||
|
|
return log_error_errno(r, "Failed to encrypt %s: %m", node);
|
||
|
|
} else {
|
||
|
|
diff --git a/src/shared/cryptsetup-util.c b/src/shared/cryptsetup-util.c
|
||
|
|
index 288e6e8942..d0dd434df8 100644
|
||
|
|
--- a/src/shared/cryptsetup-util.c
|
||
|
|
+++ b/src/shared/cryptsetup-util.c
|
||
|
|
@@ -54,10 +54,10 @@ DLSYM_FUNCTION(crypt_volume_key_get);
|
||
|
|
#if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE
|
||
|
|
DLSYM_FUNCTION(crypt_reencrypt_init_by_passphrase);
|
||
|
|
#endif
|
||
|
|
-#if HAVE_CRYPT_REENCRYPT
|
||
|
|
-DISABLE_WARNING_DEPRECATED_DECLARATIONS;
|
||
|
|
+#if HAVE_CRYPT_REENCRYPT_RUN
|
||
|
|
+DLSYM_FUNCTION(crypt_reencrypt_run);
|
||
|
|
+#elif HAVE_CRYPT_REENCRYPT
|
||
|
|
DLSYM_FUNCTION(crypt_reencrypt);
|
||
|
|
-REENABLE_WARNING;
|
||
|
|
#endif
|
||
|
|
DLSYM_FUNCTION(crypt_metadata_locking);
|
||
|
|
#if HAVE_CRYPT_SET_DATA_OFFSET
|
||
|
|
@@ -246,11 +246,8 @@ int dlopen_cryptsetup(void) {
|
||
|
|
|
||
|
|
/* libcryptsetup added crypt_reencrypt() in 2.2.0, and marked it obsolete in 2.4.0, replacing it with
|
||
|
|
* crypt_reencrypt_run(), which takes one extra argument but is otherwise identical. The old call is
|
||
|
|
- * still available though, and given we want to support 2.2.0 for a while longer, we'll stick to the
|
||
|
|
- * old symbol. However, the old symbols now has a GCC deprecation decorator, hence let's turn off
|
||
|
|
- * warnings about this for now. */
|
||
|
|
-
|
||
|
|
- DISABLE_WARNING_DEPRECATED_DECLARATIONS;
|
||
|
|
+ * still available though, and given we want to support 2.2.0 for a while longer, we'll use the old
|
||
|
|
+ * symbol if the new one is not available. */
|
||
|
|
|
||
|
|
ELF_NOTE_DLOPEN("cryptsetup",
|
||
|
|
"Support for disk encryption, integrity, and authentication",
|
||
|
|
@@ -304,7 +301,9 @@ int dlopen_cryptsetup(void) {
|
||
|
|
#if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE
|
||
|
|
DLSYM_ARG(crypt_reencrypt_init_by_passphrase),
|
||
|
|
#endif
|
||
|
|
-#if HAVE_CRYPT_REENCRYPT
|
||
|
|
+#if HAVE_CRYPT_REENCRYPT_RUN
|
||
|
|
+ DLSYM_ARG(crypt_reencrypt_run),
|
||
|
|
+#elif HAVE_CRYPT_REENCRYPT
|
||
|
|
DLSYM_ARG(crypt_reencrypt),
|
||
|
|
#endif
|
||
|
|
DLSYM_ARG(crypt_metadata_locking),
|
||
|
|
@@ -316,8 +315,6 @@ int dlopen_cryptsetup(void) {
|
||
|
|
if (r <= 0)
|
||
|
|
return r;
|
||
|
|
|
||
|
|
- REENABLE_WARNING;
|
||
|
|
-
|
||
|
|
/* Redirect the default logging calls of libcryptsetup to our own logging infra. (Note that
|
||
|
|
* libcryptsetup also maintains per-"struct crypt_device" log functions, which we'll also set
|
||
|
|
* whenever allocating a "struct crypt_device" context. Why set both? To be defensive: maybe some
|
||
|
|
diff --git a/src/shared/cryptsetup-util.h b/src/shared/cryptsetup-util.h
|
||
|
|
index f00ac367b6..d255e59004 100644
|
||
|
|
--- a/src/shared/cryptsetup-util.h
|
||
|
|
+++ b/src/shared/cryptsetup-util.h
|
||
|
|
@@ -70,10 +70,10 @@ DLSYM_PROTOTYPE(crypt_volume_key_get);
|
||
|
|
#if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE
|
||
|
|
DLSYM_PROTOTYPE(crypt_reencrypt_init_by_passphrase);
|
||
|
|
#endif
|
||
|
|
-#if HAVE_CRYPT_REENCRYPT
|
||
|
|
-DISABLE_WARNING_DEPRECATED_DECLARATIONS;
|
||
|
|
+#if HAVE_CRYPT_REENCRYPT_RUN
|
||
|
|
+DLSYM_PROTOTYPE(crypt_reencrypt_run);
|
||
|
|
+#elif HAVE_CRYPT_REENCRYPT
|
||
|
|
DLSYM_PROTOTYPE(crypt_reencrypt);
|
||
|
|
-REENABLE_WARNING;
|
||
|
|
#endif
|
||
|
|
DLSYM_PROTOTYPE(crypt_metadata_locking);
|
||
|
|
#if HAVE_CRYPT_SET_DATA_OFFSET
|