* Fri Jun 02 2023 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-14
- iscsi: CHAP auth algorithm selection fixes (#2188991) - tests: Use stronger passphrases for LUKS tests - lvm2: Improve uevent processing (#2039772) Resolves: #2188991,#2039772
This commit is contained in:
parent
f9041eb9de
commit
2dd5a3fbfd
161
udisks-2.10.0-iscsi-CHAP-auth-algs.patch
Normal file
161
udisks-2.10.0-iscsi-CHAP-auth-algs.patch
Normal file
@ -0,0 +1,161 @@
|
|||||||
|
From 26fcef727d68af97b1187d2ac3cad19acc3d97c8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Bzatek <tbzatek@redhat.com>
|
||||||
|
Date: Tue, 16 May 2023 18:33:59 +0200
|
||||||
|
Subject: [PATCH 1/2] iscsi: Set node parameters before the Login/Logout action
|
||||||
|
|
||||||
|
This allows to properly pass required arguments like the CHAP
|
||||||
|
auth algorithms, etc.
|
||||||
|
---
|
||||||
|
modules/iscsi/udisksiscsiutil.c | 54 ++++++++++++++++++---------------
|
||||||
|
1 file changed, 29 insertions(+), 25 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/modules/iscsi/udisksiscsiutil.c b/modules/iscsi/udisksiscsiutil.c
|
||||||
|
index 78890106f0..b279442876 100644
|
||||||
|
--- a/modules/iscsi/udisksiscsiutil.c
|
||||||
|
+++ b/modules/iscsi/udisksiscsiutil.c
|
||||||
|
@@ -186,9 +186,10 @@ iscsi_perform_login_action (UDisksLinuxModuleISCSI *module,
|
||||||
|
}
|
||||||
|
|
||||||
|
static gint
|
||||||
|
-iscsi_node_set_parameters (struct libiscsi_context *ctx,
|
||||||
|
- struct libiscsi_node *node,
|
||||||
|
- GVariant *params)
|
||||||
|
+iscsi_node_set_parameters (struct libiscsi_context *ctx,
|
||||||
|
+ struct libiscsi_node *node,
|
||||||
|
+ GVariant *params,
|
||||||
|
+ gchar **errorstr)
|
||||||
|
{
|
||||||
|
GVariantIter iter;
|
||||||
|
GVariant *value;
|
||||||
|
@@ -207,9 +208,11 @@ iscsi_node_set_parameters (struct libiscsi_context *ctx,
|
||||||
|
|
||||||
|
/* Update the node parameter value. */
|
||||||
|
err = libiscsi_node_set_parameter (ctx, node, key, param_value);
|
||||||
|
+ if (errorstr && err != 0)
|
||||||
|
+ *errorstr = g_strdup (libiscsi_get_error_string (ctx));
|
||||||
|
|
||||||
|
g_variant_unref (value);
|
||||||
|
- g_free ((gpointer) key);
|
||||||
|
+ g_free (key);
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
@@ -279,7 +282,7 @@ iscsi_login (UDisksLinuxModuleISCSI *module,
|
||||||
|
const gchar *password = NULL;
|
||||||
|
const gchar *reverse_username = NULL;
|
||||||
|
const gchar *reverse_password = NULL;
|
||||||
|
- gint err;
|
||||||
|
+ gint err = 0;
|
||||||
|
|
||||||
|
g_return_val_if_fail (UDISKS_IS_LINUX_MODULE_ISCSI (module), 1);
|
||||||
|
|
||||||
|
@@ -304,17 +307,18 @@ iscsi_login (UDisksLinuxModuleISCSI *module,
|
||||||
|
/* Get iscsi context. */
|
||||||
|
ctx = udisks_linux_module_iscsi_get_libiscsi_context (module);
|
||||||
|
|
||||||
|
- /* Login */
|
||||||
|
- err = iscsi_perform_login_action (module,
|
||||||
|
- ACTION_LOGIN,
|
||||||
|
- &node,
|
||||||
|
- &auth_info,
|
||||||
|
- errorstr);
|
||||||
|
+ /* Update node parameters. */
|
||||||
|
+ if (params)
|
||||||
|
+ err = iscsi_node_set_parameters (ctx, &node, params_without_chap, errorstr);
|
||||||
|
|
||||||
|
- if (err == 0 && params)
|
||||||
|
+ /* Login */
|
||||||
|
+ if (err == 0)
|
||||||
|
{
|
||||||
|
- /* Update node parameters. */
|
||||||
|
- err = iscsi_node_set_parameters (ctx, &node, params_without_chap);
|
||||||
|
+ err = iscsi_perform_login_action (module,
|
||||||
|
+ ACTION_LOGIN,
|
||||||
|
+ &node,
|
||||||
|
+ &auth_info,
|
||||||
|
+ errorstr);
|
||||||
|
}
|
||||||
|
|
||||||
|
g_variant_unref (params_without_chap);
|
||||||
|
@@ -334,7 +338,7 @@ iscsi_logout (UDisksLinuxModuleISCSI *module,
|
||||||
|
{
|
||||||
|
struct libiscsi_context *ctx;
|
||||||
|
struct libiscsi_node node = {0,};
|
||||||
|
- gint err;
|
||||||
|
+ gint err = 0;
|
||||||
|
|
||||||
|
g_return_val_if_fail (UDISKS_IS_LINUX_MODULE_ISCSI (module), 1);
|
||||||
|
|
||||||
|
@@ -344,18 +348,18 @@ iscsi_logout (UDisksLinuxModuleISCSI *module,
|
||||||
|
/* Get iscsi context. */
|
||||||
|
ctx = udisks_linux_module_iscsi_get_libiscsi_context (module);
|
||||||
|
|
||||||
|
- /* Logout */
|
||||||
|
- err = iscsi_perform_login_action (module,
|
||||||
|
- ACTION_LOGOUT,
|
||||||
|
- &node,
|
||||||
|
- NULL,
|
||||||
|
- errorstr);
|
||||||
|
+ /* Update node parameters. */
|
||||||
|
+ if (params)
|
||||||
|
+ err = iscsi_node_set_parameters (ctx, &node, params, errorstr);
|
||||||
|
|
||||||
|
- if (err == 0 && params)
|
||||||
|
+ /* Logout */
|
||||||
|
+ if (err == 0)
|
||||||
|
{
|
||||||
|
- /* Update node parameters. */
|
||||||
|
- err = iscsi_node_set_parameters (ctx, &node, params);
|
||||||
|
-
|
||||||
|
+ err = iscsi_perform_login_action (module,
|
||||||
|
+ ACTION_LOGOUT,
|
||||||
|
+ &node,
|
||||||
|
+ NULL,
|
||||||
|
+ errorstr);
|
||||||
|
}
|
||||||
|
|
||||||
|
return err;
|
||||||
|
|
||||||
|
From 749812784abcc4c0492bda0703bff5d3dae052f9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Bzatek <tbzatek@redhat.com>
|
||||||
|
Date: Tue, 16 May 2023 18:35:42 +0200
|
||||||
|
Subject: [PATCH 2/2] tests: Disallow MD5 for iscsi CHAP login
|
||||||
|
|
||||||
|
MD5 is unavailable in FIPS mode:
|
||||||
|
|
||||||
|
iscsid[82167]: iscsid: Ignoring CHAP algorthm request for MD5 due to crypto lib configuration
|
||||||
|
iscsid[82167]: iscsid: Couldn't set CHAP algorithm list
|
||||||
|
kernel: rx_data returned 0, expecting 48.
|
||||||
|
kernel: iSCSI Login negotiation failed.
|
||||||
|
---
|
||||||
|
src/tests/dbus-tests/test_30_iscsi.py | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/tests/dbus-tests/test_30_iscsi.py b/src/tests/dbus-tests/test_30_iscsi.py
|
||||||
|
index 09e975f30c..02ba6c92b0 100644
|
||||||
|
--- a/src/tests/dbus-tests/test_30_iscsi.py
|
||||||
|
+++ b/src/tests/dbus-tests/test_30_iscsi.py
|
||||||
|
@@ -161,6 +161,7 @@ def test_login_chap_auth(self):
|
||||||
|
self.assertEqual(port, self.port)
|
||||||
|
|
||||||
|
options = dbus.Dictionary(signature='sv')
|
||||||
|
+ options['node.session.auth.chap_algs'] = 'SHA3-256,SHA256,SHA1' # disallow MD5
|
||||||
|
options['username'] = self.initiator
|
||||||
|
|
||||||
|
msg = 'Login failed: initiator reported error \(24 - iSCSI login failed due to authorization failure\)'
|
||||||
|
@@ -227,6 +228,7 @@ def test_login_mutual_auth(self):
|
||||||
|
self.assertEqual(port, self.port)
|
||||||
|
|
||||||
|
options = dbus.Dictionary(signature='sv')
|
||||||
|
+ options['node.session.auth.chap_algs'] = 'SHA3-256,SHA256,SHA1' # disallow MD5
|
||||||
|
options['username'] = self.initiator
|
||||||
|
options['password'] = self.password
|
||||||
|
options['reverse-username'] = self.mutual_iqn
|
||||||
|
@@ -335,6 +337,7 @@ def test_login_noauth_badauth(self):
|
||||||
|
|
||||||
|
# first attempt - wrong password
|
||||||
|
options = dbus.Dictionary(signature='sv')
|
||||||
|
+ options['node.session.auth.chap_algs'] = 'SHA3-256,SHA256,SHA1' # disallow MD5
|
||||||
|
options['username'] = self.initiator
|
||||||
|
msg = r'Login failed: initiator reported error \((19 - encountered non-retryable iSCSI login failure|24 - iSCSI login failed due to authorization failure)\)'
|
||||||
|
with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
|
75
udisks-2.10.0-iscsi_test_01_badauth.patch
Normal file
75
udisks-2.10.0-iscsi_test_01_badauth.patch
Normal file
@ -0,0 +1,75 @@
|
|||||||
|
commit fab797fcf5e4c8e09e4cde45647951acd764415e
|
||||||
|
Author: Tomas Bzatek <tbzatek@redhat.com>
|
||||||
|
Date: Mon Oct 10 13:58:15 2022 +0200
|
||||||
|
|
||||||
|
tests: Add bad auth test for iscsi
|
||||||
|
|
||||||
|
This tests that the auth info is properly set for each login call,
|
||||||
|
overriding previously set auth info with no trace.
|
||||||
|
|
||||||
|
diff --git a/src/tests/dbus-tests/test_30_iscsi.py b/src/tests/dbus-tests/test_30_iscsi.py
|
||||||
|
index 34bdfc4b..6ac8386b 100644
|
||||||
|
--- a/src/tests/dbus-tests/test_30_iscsi.py
|
||||||
|
+++ b/src/tests/dbus-tests/test_30_iscsi.py
|
||||||
|
@@ -284,3 +284,61 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
|
||||||
|
# make sure the session object is no longer on dbus
|
||||||
|
objects = udisks.GetManagedObjects(dbus_interface='org.freedesktop.DBus.ObjectManager')
|
||||||
|
self.assertNotIn(session_path, objects.keys())
|
||||||
|
+
|
||||||
|
+ def test_login_noauth_badauth(self):
|
||||||
|
+ """
|
||||||
|
+ Test auth info override
|
||||||
|
+ """
|
||||||
|
+ manager = self.get_object('/Manager')
|
||||||
|
+ nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options,
|
||||||
|
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
|
||||||
|
+ timeout=self.iscsi_timeout)
|
||||||
|
+
|
||||||
|
+ node = next((node for node in nodes if node[0] == self.noauth_iqn), None)
|
||||||
|
+ self.assertIsNotNone(node)
|
||||||
|
+
|
||||||
|
+ (iqn, tpg, host, port, iface) = node
|
||||||
|
+ self.assertEqual(iqn, self.noauth_iqn)
|
||||||
|
+ self.assertEqual(host, self.address)
|
||||||
|
+ self.assertEqual(port, self.port)
|
||||||
|
+
|
||||||
|
+ self.addCleanup(self._force_lougout, self.noauth_iqn)
|
||||||
|
+
|
||||||
|
+ # first attempt - wrong password
|
||||||
|
+ options = dbus.Dictionary(signature='sv')
|
||||||
|
+ options['username'] = self.initiator
|
||||||
|
+ msg = 'Login failed: initiator reported error'
|
||||||
|
+ with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
|
||||||
|
+ options['password'] = '12345'
|
||||||
|
+ manager.Login(iqn, tpg, host, port, iface, options,
|
||||||
|
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
|
||||||
|
+ timeout=self.iscsi_timeout)
|
||||||
|
+
|
||||||
|
+ # second atttempt - no password
|
||||||
|
+ manager.Login(iqn, tpg, host, port, iface, self.no_options,
|
||||||
|
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
|
||||||
|
+ timeout=self.iscsi_timeout)
|
||||||
|
+
|
||||||
|
+ devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
|
||||||
|
+ self.assertEqual(len(devs), 1)
|
||||||
|
+
|
||||||
|
+ # check if the block device have 'Symlinks' property updated
|
||||||
|
+ disk_name = os.path.realpath(devs[0]).split('/')[-1]
|
||||||
|
+ disk_obj = self.get_object('/block_devices/' + disk_name)
|
||||||
|
+ dbus_path = str(disk_obj.object_path)
|
||||||
|
+ self.assertIsNotNone(disk_obj)
|
||||||
|
+
|
||||||
|
+ symlinks = self.get_property_raw(disk_obj, '.Block', 'Symlinks')
|
||||||
|
+ self.assertIn(self.str_to_ay(devs[0]), symlinks)
|
||||||
|
+
|
||||||
|
+ manager.Logout(iqn, tpg, host, port, iface, self.no_options,
|
||||||
|
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
|
||||||
|
+ timeout=self.iscsi_timeout)
|
||||||
|
+
|
||||||
|
+ devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
|
||||||
|
+ self.assertEqual(len(devs), 0)
|
||||||
|
+
|
||||||
|
+ # make sure the disk is no longer on dbus
|
||||||
|
+ udisks = self.get_object('')
|
||||||
|
+ objects = udisks.GetManagedObjects(dbus_interface='org.freedesktop.DBus.ObjectManager')
|
||||||
|
+ self.assertNotIn(dbus_path, objects.keys())
|
51
udisks-2.10.0-iscsi_test_02_lio_target_conf.patch
Normal file
51
udisks-2.10.0-iscsi_test_02_lio_target_conf.patch
Normal file
@ -0,0 +1,51 @@
|
|||||||
|
commit 13a6a27eecdd1fb527b9151309366970b182a58d
|
||||||
|
Author: Tomas Bzatek <tbzatek@redhat.com>
|
||||||
|
Date: Thu Oct 20 17:17:10 2022 +0200
|
||||||
|
|
||||||
|
tests: Fix LIO target config auth
|
||||||
|
|
||||||
|
Linux kernel 6.0 brought number of the LIO target changes related to authentication
|
||||||
|
that made our tests fail. Turned out our target config was incorrect, e.g.
|
||||||
|
not requiring auth for CHAP tests, etc. The kernel 6.0 looks to be more strict
|
||||||
|
in this regard.
|
||||||
|
|
||||||
|
diff --git a/src/tests/dbus-tests/targetcli_config.json b/src/tests/dbus-tests/targetcli_config.json
|
||||||
|
index 25d506b6..3be9eac2 100644
|
||||||
|
--- a/src/tests/dbus-tests/targetcli_config.json
|
||||||
|
+++ b/src/tests/dbus-tests/targetcli_config.json
|
||||||
|
@@ -385,7 +385,7 @@
|
||||||
|
"tpgs": [
|
||||||
|
{
|
||||||
|
"attributes": {
|
||||||
|
- "authentication": 0,
|
||||||
|
+ "authentication": 1,
|
||||||
|
"cache_dynamic_acls": 0,
|
||||||
|
"default_cmdsn_depth": 64,
|
||||||
|
"default_erl": 0,
|
||||||
|
@@ -432,7 +432,7 @@
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"parameters": {
|
||||||
|
- "AuthMethod": "CHAP,None",
|
||||||
|
+ "AuthMethod": "CHAP",
|
||||||
|
"DataDigest": "CRC32C,None",
|
||||||
|
"DataPDUInOrder": "Yes",
|
||||||
|
"DataSequenceInOrder": "Yes",
|
||||||
|
@@ -471,7 +471,7 @@
|
||||||
|
"tpgs": [
|
||||||
|
{
|
||||||
|
"attributes": {
|
||||||
|
- "authentication": 0,
|
||||||
|
+ "authentication": 1,
|
||||||
|
"cache_dynamic_acls": 0,
|
||||||
|
"default_cmdsn_depth": 64,
|
||||||
|
"default_erl": 0,
|
||||||
|
@@ -520,7 +520,7 @@
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"parameters": {
|
||||||
|
- "AuthMethod": "CHAP,None",
|
||||||
|
+ "AuthMethod": "CHAP",
|
||||||
|
"DataDigest": "CRC32C,None",
|
||||||
|
"DataPDUInOrder": "Yes",
|
||||||
|
"DataSequenceInOrder": "Yes",
|
37
udisks-2.10.0-iscsi_test_04_fix_test_login_chap_auth.patch
Normal file
37
udisks-2.10.0-iscsi_test_04_fix_test_login_chap_auth.patch
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
commit 1bf172603e4cc77da70d8fd13b6ba6c8b8c91600
|
||||||
|
Author: Tomas Bzatek <tbzatek@redhat.com>
|
||||||
|
Date: Thu Oct 20 17:53:20 2022 +0200
|
||||||
|
|
||||||
|
tests: Test iscsi noauth in test_login_chap_auth
|
||||||
|
|
||||||
|
The other way is already tested in test_login_noauth_badauth.
|
||||||
|
|
||||||
|
diff --git a/src/tests/dbus-tests/test_30_iscsi.py b/src/tests/dbus-tests/test_30_iscsi.py
|
||||||
|
index 2b75462a..f2594d99 100644
|
||||||
|
--- a/src/tests/dbus-tests/test_30_iscsi.py
|
||||||
|
+++ b/src/tests/dbus-tests/test_30_iscsi.py
|
||||||
|
@@ -151,8 +151,14 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
|
||||||
|
options = dbus.Dictionary(signature='sv')
|
||||||
|
options['username'] = self.initiator
|
||||||
|
|
||||||
|
+ msg = 'Login failed: initiator reported error \(24 - iSCSI login failed due to authorization failure\)'
|
||||||
|
+ # missing auth info
|
||||||
|
+ with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
|
||||||
|
+ manager.Login(iqn, tpg, host, port, iface, self.no_options,
|
||||||
|
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
|
||||||
|
+ timeout=self.iscsi_timeout)
|
||||||
|
+
|
||||||
|
# wrong password
|
||||||
|
- msg = 'Login failed: initiator reported error'
|
||||||
|
with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
|
||||||
|
options['password'] = '12345'
|
||||||
|
manager.Login(iqn, tpg, host, port, iface, options,
|
||||||
|
@@ -318,7 +324,7 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
|
||||||
|
# first attempt - wrong password
|
||||||
|
options = dbus.Dictionary(signature='sv')
|
||||||
|
options['username'] = self.initiator
|
||||||
|
- msg = 'Login failed: initiator reported error'
|
||||||
|
+ msg = r'Login failed: initiator reported error \((19 - encountered non-retryable iSCSI login failure|24 - iSCSI login failed due to authorization failure)\)'
|
||||||
|
with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
|
||||||
|
options['password'] = '12345'
|
||||||
|
manager.Login(iqn, tpg, host, port, iface, options,
|
113
udisks-2.10.0-lvm2_update_epoch.patch
Normal file
113
udisks-2.10.0-lvm2_update_epoch.patch
Normal file
@ -0,0 +1,113 @@
|
|||||||
|
From 28c39786927ad683f56c031d80a5c06f5b5b9aea Mon Sep 17 00:00:00 2001
|
||||||
|
From: Marius Vollmer <mvollmer@redhat.com>
|
||||||
|
Date: Tue, 5 Apr 2022 11:23:23 +0300
|
||||||
|
Subject: [PATCH] lvm2: Only install results of most recently started udpates
|
||||||
|
|
||||||
|
Fixes #966
|
||||||
|
---
|
||||||
|
modules/lvm2/udiskslinuxmodulelvm2.c | 13 ++++++++++++-
|
||||||
|
modules/lvm2/udiskslinuxvolumegroupobject.c | 12 ++++++++++++
|
||||||
|
2 files changed, 24 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/modules/lvm2/udiskslinuxmodulelvm2.c b/modules/lvm2/udiskslinuxmodulelvm2.c
|
||||||
|
index 8e1ea13aec..77ecf94a6d 100644
|
||||||
|
--- a/modules/lvm2/udiskslinuxmodulelvm2.c
|
||||||
|
+++ b/modules/lvm2/udiskslinuxmodulelvm2.c
|
||||||
|
@@ -59,6 +59,8 @@ struct _UDisksLinuxModuleLVM2 {
|
||||||
|
|
||||||
|
gint delayed_update_id;
|
||||||
|
gboolean coldplug_done;
|
||||||
|
+
|
||||||
|
+ guint32 update_epoch;
|
||||||
|
};
|
||||||
|
|
||||||
|
typedef struct _UDisksLinuxModuleLVM2Class UDisksLinuxModuleLVM2Class;
|
||||||
|
@@ -86,6 +88,7 @@ udisks_linux_module_lvm2_constructed (GObject *object)
|
||||||
|
|
||||||
|
module->name_to_volume_group = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, (GDestroyNotify) g_object_unref);
|
||||||
|
module->coldplug_done = FALSE;
|
||||||
|
+ module->update_epoch = 0;
|
||||||
|
|
||||||
|
if (G_OBJECT_CLASS (udisks_linux_module_lvm2_parent_class)->constructed)
|
||||||
|
G_OBJECT_CLASS (udisks_linux_module_lvm2_parent_class)->constructed (object);
|
||||||
|
@@ -221,6 +224,12 @@ lvm_update_vgs (GObject *source_obj,
|
||||||
|
gpointer key, value;
|
||||||
|
const gchar *vg_name;
|
||||||
|
|
||||||
|
+ if (GPOINTER_TO_UINT (user_data) != module->update_epoch)
|
||||||
|
+ {
|
||||||
|
+ vgs_pvs_data_free (data);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (! data)
|
||||||
|
{
|
||||||
|
if (error)
|
||||||
|
@@ -303,11 +312,13 @@ lvm_update (UDisksLinuxModuleLVM2 *module)
|
||||||
|
{
|
||||||
|
GTask *task;
|
||||||
|
|
||||||
|
+ module->update_epoch++;
|
||||||
|
+
|
||||||
|
/* the callback (lvm_update_vgs) is called in the default main loop (context) */
|
||||||
|
task = g_task_new (module,
|
||||||
|
NULL /* cancellable */,
|
||||||
|
lvm_update_vgs,
|
||||||
|
- NULL /* callback_data */);
|
||||||
|
+ GUINT_TO_POINTER (module->update_epoch));
|
||||||
|
|
||||||
|
/* holds a reference to 'task' until it is finished */
|
||||||
|
g_task_run_in_thread (task, (GTaskThreadFunc) vgs_task_func);
|
||||||
|
diff --git a/modules/lvm2/udiskslinuxvolumegroupobject.c b/modules/lvm2/udiskslinuxvolumegroupobject.c
|
||||||
|
index ce941cb250..ead08de7b1 100644
|
||||||
|
--- a/modules/lvm2/udiskslinuxvolumegroupobject.c
|
||||||
|
+++ b/modules/lvm2/udiskslinuxvolumegroupobject.c
|
||||||
|
@@ -66,6 +66,7 @@ struct _UDisksLinuxVolumeGroupObject
|
||||||
|
gchar *name;
|
||||||
|
|
||||||
|
GHashTable *logical_volumes;
|
||||||
|
+ guint32 update_epoch;
|
||||||
|
guint32 poll_epoch;
|
||||||
|
guint poll_timeout_id;
|
||||||
|
gboolean poll_requested;
|
||||||
|
@@ -99,6 +100,7 @@ static void crypttab_changed (UDisksCrypttabMonitor *monitor,
|
||||||
|
typedef struct {
|
||||||
|
BDLVMVGdata *vg_info;
|
||||||
|
GSList *vg_pvs;
|
||||||
|
+ guint32 epoch;
|
||||||
|
} VGUpdateData;
|
||||||
|
|
||||||
|
static void
|
||||||
|
@@ -183,6 +185,7 @@ udisks_linux_volume_group_object_set_property (GObject *__object,
|
||||||
|
static void
|
||||||
|
udisks_linux_volume_group_object_init (UDisksLinuxVolumeGroupObject *object)
|
||||||
|
{
|
||||||
|
+ object->update_epoch = 0;
|
||||||
|
object->poll_epoch = 0;
|
||||||
|
object->poll_timeout_id = 0;
|
||||||
|
object->poll_requested = FALSE;
|
||||||
|
@@ -575,6 +578,12 @@ update_vg (GObject *source_obj,
|
||||||
|
BDLVMVGdata *vg_info = data->vg_info;
|
||||||
|
GSList *vg_pvs = data->vg_pvs;
|
||||||
|
|
||||||
|
+ if (data->epoch != object->update_epoch)
|
||||||
|
+ {
|
||||||
|
+ lv_list_free (lvs);
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* free the data container (but not 'vg_info' and 'vg_pvs') */
|
||||||
|
g_free (data);
|
||||||
|
|
||||||
|
@@ -711,8 +720,11 @@ udisks_linux_volume_group_object_update (UDisksLinuxVolumeGroupObject *object, B
|
||||||
|
gchar *vg_name = g_strdup (vg_info->name);
|
||||||
|
GTask *task = NULL;
|
||||||
|
|
||||||
|
+ object->update_epoch++;
|
||||||
|
+
|
||||||
|
data->vg_info = vg_info;
|
||||||
|
data->vg_pvs = pvs;
|
||||||
|
+ data->epoch = object->update_epoch;
|
||||||
|
|
||||||
|
/* the callback (update_vg) is called in the default main loop (context) */
|
||||||
|
task = g_task_new (g_object_ref (object), NULL /* cancellable */, update_vg, data /* callback_data */);
|
26
udisks-2.10.0-lvm2_vgcreate_uevent_sync.patch
Normal file
26
udisks-2.10.0-lvm2_vgcreate_uevent_sync.patch
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
From f24601b1d1302350fff15f326bfe3cfabde05f4c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Bzatek <tbzatek@redhat.com>
|
||||||
|
Date: Fri, 19 May 2023 17:17:56 +0200
|
||||||
|
Subject: [PATCH] lvm2: Trigger uevent sync on block devices when creating new
|
||||||
|
VG
|
||||||
|
|
||||||
|
This will likely slow down processing with the hope that
|
||||||
|
more objects have their properties updated properly.
|
||||||
|
---
|
||||||
|
modules/lvm2/udiskslinuxmanagerlvm2.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/modules/lvm2/udiskslinuxmanagerlvm2.c b/modules/lvm2/udiskslinuxmanagerlvm2.c
|
||||||
|
index b0c62fdcd6..5c06b921df 100644
|
||||||
|
--- a/modules/lvm2/udiskslinuxmanagerlvm2.c
|
||||||
|
+++ b/modules/lvm2/udiskslinuxmanagerlvm2.c
|
||||||
|
@@ -384,7 +384,8 @@ handle_volume_group_create (UDisksManagerLVM2 *_object,
|
||||||
|
UDisksObject *object_for_block;
|
||||||
|
object_for_block = udisks_daemon_util_dup_object (block, &error);
|
||||||
|
if (object_for_block != NULL)
|
||||||
|
- udisks_linux_block_object_trigger_uevent (UDISKS_LINUX_BLOCK_OBJECT (object_for_block));
|
||||||
|
+ udisks_linux_block_object_trigger_uevent_sync (UDISKS_LINUX_BLOCK_OBJECT (object_for_block),
|
||||||
|
+ UDISKS_DEFAULT_WAIT_TIMEOUT);
|
||||||
|
g_object_unref (object_for_block);
|
||||||
|
}
|
||||||
|
|
405
udisks-2.9.4-FIPS_LUKS_fixes-2.patch
Normal file
405
udisks-2.9.4-FIPS_LUKS_fixes-2.patch
Normal file
@ -0,0 +1,405 @@
|
|||||||
|
diff -up udisks-2.9.0/src/tests/dbus-tests/test_50_block.py.bak udisks-2.9.0/src/tests/dbus-tests/test_50_block.py
|
||||||
|
--- udisks-2.9.0/src/tests/dbus-tests/test_50_block.py.bak 2020-05-26 14:59:20.000000000 +0200
|
||||||
|
+++ udisks-2.9.0/src/tests/dbus-tests/test_50_block.py 2023-06-02 17:08:45.203845819 +0200
|
||||||
|
@@ -11,6 +11,8 @@ import udiskstestcase
|
||||||
|
class UdisksBlockTest(udiskstestcase.UdisksTestCase):
|
||||||
|
'''This is a basic block device test suite'''
|
||||||
|
|
||||||
|
+ LUKS_PASSPHRASE = 'shouldnotseeme'
|
||||||
|
+
|
||||||
|
def _close_luks(self, disk):
|
||||||
|
disk.Lock(self.no_options, dbus_interface=self.iface_prefix + '.Encrypted')
|
||||||
|
|
||||||
|
@@ -201,7 +203,7 @@ class UdisksBlockTest(udiskstestcase.Udi
|
||||||
|
|
||||||
|
# format the disk
|
||||||
|
disk = self.get_object('/block_devices/' + os.path.basename(self.vdevs[0]))
|
||||||
|
- disk.Format('xfs', {'encrypt.passphrase': 'test'}, dbus_interface=self.iface_prefix + '.Block')
|
||||||
|
+ disk.Format('xfs', {'encrypt.passphrase': self.LUKS_PASSPHRASE}, dbus_interface=self.iface_prefix + '.Block')
|
||||||
|
|
||||||
|
# cleanup -- close the luks and remove format
|
||||||
|
self.addCleanup(self.wipe_fs, self.vdevs[0])
|
||||||
|
@@ -209,7 +211,7 @@ class UdisksBlockTest(udiskstestcase.Udi
|
||||||
|
|
||||||
|
# configuration items as arrays of dbus.Byte
|
||||||
|
opts = self.str_to_ay('verify')
|
||||||
|
- passwd = self.str_to_ay('test')
|
||||||
|
+ passwd = self.str_to_ay(self.LUKS_PASSPHRASE)
|
||||||
|
|
||||||
|
# set the new configuration
|
||||||
|
conf = dbus.Dictionary({'passphrase-contents': passwd,
|
||||||
|
@@ -254,7 +256,7 @@ class UdisksBlockTest(udiskstestcase.Udi
|
||||||
|
|
||||||
|
# format the disk
|
||||||
|
disk = self.get_object('/block_devices/' + os.path.basename(self.vdevs[0]))
|
||||||
|
- disk.Format('xfs', {'encrypt.passphrase': 'test'}, dbus_interface=self.iface_prefix + '.Block')
|
||||||
|
+ disk.Format('xfs', {'encrypt.passphrase': self.LUKS_PASSPHRASE}, dbus_interface=self.iface_prefix + '.Block')
|
||||||
|
|
||||||
|
# cleanup -- close the luks and remove format
|
||||||
|
self.addCleanup(self.wipe_fs, self.vdevs[0])
|
||||||
|
diff -up udisks-2.9.0/src/tests/dbus-tests/test_70_encrypted.py.bak udisks-2.9.0/src/tests/dbus-tests/test_70_encrypted.py
|
||||||
|
--- udisks-2.9.0/src/tests/dbus-tests/test_70_encrypted.py.bak 2020-05-26 14:59:20.000000000 +0200
|
||||||
|
+++ udisks-2.9.0/src/tests/dbus-tests/test_70_encrypted.py 2023-06-02 17:07:33.828531988 +0200
|
||||||
|
@@ -40,6 +40,9 @@ def _get_blkid_version():
|
||||||
|
class UdisksEncryptedTest(udiskstestcase.UdisksTestCase):
|
||||||
|
'''This is an encrypted device test suite'''
|
||||||
|
|
||||||
|
+ PASSPHRASE = 'shouldnotseeme'
|
||||||
|
+ LUKS_NAME = 'myshinylittleluks'
|
||||||
|
+
|
||||||
|
def _create_luks(self, device, passphrase, binary=False):
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
||||||
|
@@ -60,7 +63,7 @@ class UdisksEncryptedTest(udiskstestcase
|
||||||
|
disk_name = os.path.basename(self.vdevs[0])
|
||||||
|
disk = self.get_object('/block_devices/' + disk_name)
|
||||||
|
|
||||||
|
- self._create_luks(disk, 'test')
|
||||||
|
+ self._create_luks(disk, self.PASSPHRASE)
|
||||||
|
self.addCleanup(self._remove_luks, disk)
|
||||||
|
self.udev_settle()
|
||||||
|
|
||||||
|
@@ -124,7 +127,7 @@ class UdisksEncryptedTest(udiskstestcase
|
||||||
|
disk_name = os.path.basename(self.vdevs[0])
|
||||||
|
disk = self.get_object('/block_devices/' + disk_name)
|
||||||
|
|
||||||
|
- self._create_luks(disk, 'test')
|
||||||
|
+ self._create_luks(disk, self.PASSPHRASE)
|
||||||
|
self.addCleanup(self._remove_luks, disk)
|
||||||
|
self.udev_settle()
|
||||||
|
|
||||||
|
@@ -160,11 +163,11 @@ class UdisksEncryptedTest(udiskstestcase
|
||||||
|
# wrong password
|
||||||
|
msg = 'org.freedesktop.UDisks2.Error.Failed: Error unlocking %s *' % self.vdevs[0]
|
||||||
|
with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
|
||||||
|
- disk.Unlock('shbdkjaf', self.no_options,
|
||||||
|
+ disk.Unlock('abcdefghijklmn', self.no_options,
|
||||||
|
dbus_interface=self.iface_prefix + '.Encrypted')
|
||||||
|
|
||||||
|
# right password
|
||||||
|
- luks = disk.Unlock('test', self.no_options,
|
||||||
|
+ luks = disk.Unlock(self.PASSPHRASE, self.no_options,
|
||||||
|
dbus_interface=self.iface_prefix + '.Encrypted')
|
||||||
|
self.assertIsNotNone(luks)
|
||||||
|
self.assertTrue(os.path.exists('/dev/disk/by-uuid/%s' % luks_uuid))
|
||||||
|
@@ -180,7 +183,7 @@ class UdisksEncryptedTest(udiskstestcase
|
||||||
|
|
||||||
|
# read-only
|
||||||
|
ro_opts = dbus.Dictionary({'read-only': dbus.Boolean(True)}, signature=dbus.Signature('sv'))
|
||||||
|
- luks = disk.Unlock('test', ro_opts,
|
||||||
|
+ luks = disk.Unlock(self.PASSPHRASE, ro_opts,
|
||||||
|
dbus_interface=self.iface_prefix + '.Encrypted')
|
||||||
|
self.assertIsNotNone(luks)
|
||||||
|
self.assertTrue(os.path.exists('/dev/disk/by-uuid/%s' % luks_uuid))
|
||||||
|
@@ -196,13 +199,10 @@ class UdisksEncryptedTest(udiskstestcase
|
||||||
|
crypttab = self.read_file('/etc/crypttab')
|
||||||
|
self.addCleanup(self.write_file, '/etc/crypttab', crypttab)
|
||||||
|
|
||||||
|
- passwd = 'test'
|
||||||
|
- luks_name = 'myshinylittleluks'
|
||||||
|
-
|
||||||
|
disk_name = os.path.basename(self.vdevs[0])
|
||||||
|
disk = self.get_object('/block_devices/' + disk_name)
|
||||||
|
|
||||||
|
- self._create_luks(disk, passwd)
|
||||||
|
+ self._create_luks(disk, self.PASSPHRASE)
|
||||||
|
self.addCleanup(self._remove_luks, disk)
|
||||||
|
self.udev_settle()
|
||||||
|
|
||||||
|
@@ -212,22 +212,22 @@ class UdisksEncryptedTest(udiskstestcase
|
||||||
|
disk.Lock(self.no_options, dbus_interface=self.iface_prefix + '.Encrypted')
|
||||||
|
|
||||||
|
# add new entry to the crypttab
|
||||||
|
- new_crypttab = crypttab + '%s UUID=%s none\n' % (luks_name, disk_uuid)
|
||||||
|
+ new_crypttab = crypttab + '%s UUID=%s none\n' % (self.LUKS_NAME, disk_uuid)
|
||||||
|
self.write_file('/etc/crypttab', new_crypttab)
|
||||||
|
|
||||||
|
# give udisks time to react to change of the file
|
||||||
|
time.sleep(5)
|
||||||
|
dbus_conf = disk.GetSecretConfiguration(self.no_options, dbus_interface=self.iface_prefix + '.Block')
|
||||||
|
self.assertIsNotNone(dbus_conf)
|
||||||
|
- self.assertEqual(self.ay_to_str(dbus_conf[0][1]['name']), luks_name)
|
||||||
|
+ self.assertEqual(self.ay_to_str(dbus_conf[0][1]['name']), self.LUKS_NAME)
|
||||||
|
|
||||||
|
# unlock the device
|
||||||
|
- luks = disk.Unlock(passwd, self.no_options,
|
||||||
|
+ luks = disk.Unlock(self.PASSPHRASE, self.no_options,
|
||||||
|
dbus_interface=self.iface_prefix + '.Encrypted')
|
||||||
|
self.assertIsNotNone(luks)
|
||||||
|
|
||||||
|
# unlock should use name from crypttab for the /dev/mapper device
|
||||||
|
- dm_path = '/dev/mapper/%s' % luks_name
|
||||||
|
+ dm_path = '/dev/mapper/%s' % self.LUKS_NAME
|
||||||
|
self.assertTrue(os.path.exists(dm_path))
|
||||||
|
|
||||||
|
# preferred 'device' should be /dev/mapper/name too
|
||||||
|
@@ -242,8 +242,7 @@ class UdisksEncryptedTest(udiskstestcase
|
||||||
|
crypttab = self.read_file('/etc/crypttab')
|
||||||
|
self.addCleanup(self.write_file, '/etc/crypttab', crypttab)
|
||||||
|
|
||||||
|
- passwd = b'test\0test'
|
||||||
|
- luks_name = 'myshinylittleluks'
|
||||||
|
+ passwd = b'testtesttest\0testtesttest'
|
||||||
|
|
||||||
|
# create key file
|
||||||
|
_fd, key_file = tempfile.mkstemp()
|
||||||
|
@@ -264,14 +263,14 @@ class UdisksEncryptedTest(udiskstestcase
|
||||||
|
disk.Lock(self.no_options, dbus_interface=self.iface_prefix + '.Encrypted')
|
||||||
|
|
||||||
|
# add new entry to the crypttab
|
||||||
|
- new_crypttab = crypttab + '%s UUID=%s %s\n' % (luks_name, disk_uuid, key_file)
|
||||||
|
+ new_crypttab = crypttab + '%s UUID=%s %s\n' % (self.LUKS_NAME, disk_uuid, key_file)
|
||||||
|
self.write_file('/etc/crypttab', new_crypttab)
|
||||||
|
|
||||||
|
# give udisks time to react to change of the file
|
||||||
|
time.sleep(5)
|
||||||
|
dbus_conf = disk.GetSecretConfiguration(self.no_options, dbus_interface=self.iface_prefix + '.Block')
|
||||||
|
self.assertIsNotNone(dbus_conf)
|
||||||
|
- self.assertEqual(self.ay_to_str(dbus_conf[0][1]['name']), luks_name)
|
||||||
|
+ self.assertEqual(self.ay_to_str(dbus_conf[0][1]['name']), self.LUKS_NAME)
|
||||||
|
self.assertEqual(self.ay_to_str(dbus_conf[0][1]['passphrase-path']), key_file)
|
||||||
|
|
||||||
|
# unlock the device using empty passphrase (should use the key file)
|
||||||
|
@@ -280,7 +279,7 @@ class UdisksEncryptedTest(udiskstestcase
|
||||||
|
self.assertIsNotNone(luks)
|
||||||
|
|
||||||
|
# unlock should use name from crypttab for the /dev/mapper device
|
||||||
|
- dm_path = '/dev/mapper/%s' % luks_name
|
||||||
|
+ dm_path = '/dev/mapper/%s' % self.LUKS_NAME
|
||||||
|
self.assertTrue(os.path.exists(dm_path))
|
||||||
|
|
||||||
|
# preferred 'device' should be /dev/mapper/name too
|
||||||
|
@@ -293,7 +292,7 @@ class UdisksEncryptedTest(udiskstestcase
|
||||||
|
disk_name = os.path.basename(self.vdevs[0])
|
||||||
|
disk = self.get_object('/block_devices/' + disk_name)
|
||||||
|
|
||||||
|
- self._create_luks(disk, 'test')
|
||||||
|
+ self._create_luks(disk, self.PASSPHRASE)
|
||||||
|
self.addCleanup(self._remove_luks, disk)
|
||||||
|
self.udev_settle()
|
||||||
|
|
||||||
|
@@ -320,11 +319,11 @@ class UdisksEncryptedTest(udiskstestcase
|
||||||
|
disk_name = os.path.basename(self.vdevs[0])
|
||||||
|
disk = self.get_object('/block_devices/' + disk_name)
|
||||||
|
|
||||||
|
- self._create_luks(disk, 'test')
|
||||||
|
+ self._create_luks(disk, self.PASSPHRASE)
|
||||||
|
self.addCleanup(self._remove_luks, disk)
|
||||||
|
self.udev_settle()
|
||||||
|
|
||||||
|
- disk.ChangePassphrase('test', 'password', self.no_options,
|
||||||
|
+ disk.ChangePassphrase(self.PASSPHRASE, self.PASSPHRASE + '222', self.no_options,
|
||||||
|
dbus_interface=self.iface_prefix + '.Encrypted')
|
||||||
|
|
||||||
|
disk.Lock(self.no_options, dbus_interface=self.iface_prefix + '.Encrypted')
|
||||||
|
@@ -332,11 +331,11 @@ class UdisksEncryptedTest(udiskstestcase
|
||||||
|
# old password, should fail
|
||||||
|
msg = 'org.freedesktop.UDisks2.Error.Failed: Error unlocking %s *' % self.vdevs[0]
|
||||||
|
with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
|
||||||
|
- disk.Unlock('test', self.no_options,
|
||||||
|
+ disk.Unlock(self.PASSPHRASE, self.no_options,
|
||||||
|
dbus_interface=self.iface_prefix + '.Encrypted')
|
||||||
|
|
||||||
|
# new password
|
||||||
|
- luks = disk.Unlock('password', self.no_options,
|
||||||
|
+ luks = disk.Unlock(self.PASSPHRASE + '222', self.no_options,
|
||||||
|
dbus_interface=self.iface_prefix + '.Encrypted')
|
||||||
|
self.assertIsNotNone(luks)
|
||||||
|
|
||||||
|
@@ -347,7 +346,7 @@ class UdisksEncryptedTest(udiskstestcase
|
||||||
|
|
||||||
|
def test_resize(self):
|
||||||
|
device = self.get_device(self.vdevs[0])
|
||||||
|
- self._create_luks(device, 'test')
|
||||||
|
+ self._create_luks(device, self.PASSPHRASE)
|
||||||
|
self.addCleanup(self._remove_luks, device)
|
||||||
|
self.udev_settle()
|
||||||
|
|
||||||
|
@@ -376,8 +375,6 @@ class UdisksEncryptedTest(udiskstestcase
|
||||||
|
fstab = self.read_file('/etc/fstab')
|
||||||
|
self.addCleanup(self.write_file, '/etc/fstab', fstab)
|
||||||
|
|
||||||
|
- passphrase = 'test'
|
||||||
|
-
|
||||||
|
disk_name = os.path.basename(self.vdevs[0])
|
||||||
|
disk = self.get_object('/block_devices/' + disk_name)
|
||||||
|
|
||||||
|
@@ -388,7 +385,7 @@ class UdisksEncryptedTest(udiskstestcase
|
||||||
|
self.assertIsNotNone(part)
|
||||||
|
|
||||||
|
# create LUKS on the partition and add it to crypttab
|
||||||
|
- self._create_luks(part, passphrase)
|
||||||
|
+ self._create_luks(part, self.PASSPHRASE)
|
||||||
|
self.udev_settle()
|
||||||
|
|
||||||
|
conf = dbus.Dictionary({'name': self.str_to_ay('udisks_luks_test'),
|
||||||
|
@@ -525,10 +522,8 @@ class UdisksEncryptedTestLUKS2(UdisksEnc
|
||||||
|
super(UdisksEncryptedTestLUKS2, self).setUp()
|
||||||
|
|
||||||
|
def test_resize(self):
|
||||||
|
- passwd = 'test'
|
||||||
|
-
|
||||||
|
device = self.get_device(self.vdevs[0])
|
||||||
|
- self._create_luks(device, passwd)
|
||||||
|
+ self._create_luks(device, self.PASSPHRASE)
|
||||||
|
self.addCleanup(self._remove_luks, device)
|
||||||
|
self.udev_settle()
|
||||||
|
|
||||||
|
@@ -554,7 +549,7 @@ class UdisksEncryptedTestLUKS2(UdisksEnc
|
||||||
|
|
||||||
|
# right passphrase
|
||||||
|
d = dbus.Dictionary(signature='sv')
|
||||||
|
- d['passphrase'] = passwd
|
||||||
|
+ d['passphrase'] = self.PASSPHRASE
|
||||||
|
device.Resize(dbus.UInt64(100*1024*1024), d,
|
||||||
|
dbus_interface=self.iface_prefix + '.Encrypted')
|
||||||
|
|
||||||
|
@@ -563,7 +558,7 @@ class UdisksEncryptedTestLUKS2(UdisksEnc
|
||||||
|
|
||||||
|
# resize back to the original size (using binary passphrase)
|
||||||
|
d = dbus.Dictionary(signature='sv')
|
||||||
|
- d['keyfile_contents'] = self.str_to_ay(passwd, False)
|
||||||
|
+ d['keyfile_contents'] = self.str_to_ay(self.PASSPHRASE, False)
|
||||||
|
device.Resize(dbus.UInt64(clear_size), d,
|
||||||
|
dbus_interface=self.iface_prefix + '.Encrypted')
|
||||||
|
|
||||||
|
@@ -581,7 +576,7 @@ class UdisksEncryptedTestLUKS2(UdisksEnc
|
||||||
|
|
||||||
|
# create LUKS without specifying version
|
||||||
|
options = dbus.Dictionary(signature='sv')
|
||||||
|
- options['encrypt.passphrase'] = 'test'
|
||||||
|
+ options['encrypt.passphrase'] = self.PASSPHRASE
|
||||||
|
|
||||||
|
disk.Format('xfs', options,
|
||||||
|
dbus_interface=self.iface_prefix + '.Block')
|
||||||
|
@@ -617,14 +612,12 @@ class UdisksEncryptedTestLUKS2(UdisksEnc
|
||||||
|
|
||||||
|
@udiskstestcase.tag_test(udiskstestcase.TestTags.UNSTABLE)
|
||||||
|
def test_integrity(self):
|
||||||
|
- passwd = 'test'
|
||||||
|
-
|
||||||
|
cryptsetup_version = _get_cryptsetup_version()
|
||||||
|
if cryptsetup_version < LooseVersion('2.2.0'):
|
||||||
|
self.skipTest('Integrity devices are not marked as internal in cryptsetup < 2.2.0')
|
||||||
|
|
||||||
|
device = self.get_device(self.vdevs[0])
|
||||||
|
- self._create_luks_integrity(self.vdevs[0], passwd)
|
||||||
|
+ self._create_luks_integrity(self.vdevs[0], self.PASSPHRASE)
|
||||||
|
|
||||||
|
self.addCleanup(self._remove_luks, device)
|
||||||
|
self.udev_settle()
|
||||||
|
@@ -634,7 +627,7 @@ class UdisksEncryptedTestLUKS2(UdisksEnc
|
||||||
|
# the device is not opened, we need to read the UUID from LUKS metadata
|
||||||
|
luks_uuid = BlockDev.crypto_luks_uuid(self.vdevs[0])
|
||||||
|
|
||||||
|
- luks_path = device.Unlock('test', self.no_options,
|
||||||
|
+ luks_path = device.Unlock(self.PASSPHRASE, self.no_options,
|
||||||
|
dbus_interface=self.iface_prefix + '.Encrypted')
|
||||||
|
self.assertIsNotNone(luks_path)
|
||||||
|
self.assertTrue(os.path.exists('/dev/disk/by-uuid/%s' % luks_uuid))
|
||||||
|
diff -up udisks-2.9.0/src/tests/integration-test.bak udisks-2.9.0/src/tests/integration-test
|
||||||
|
--- udisks-2.9.0/src/tests/integration-test.bak 2020-05-26 14:59:20.000000000 +0200
|
||||||
|
+++ udisks-2.9.0/src/tests/integration-test 2023-06-02 16:59:52.841963720 +0200
|
||||||
|
@@ -1321,7 +1321,7 @@ class Luks(UDisksTestCase):
|
||||||
|
|
||||||
|
def setup_crypto_device(self):
|
||||||
|
self.fs_create(None, 'ext4', GLib.Variant('a{sv}', {
|
||||||
|
- 'encrypt.passphrase': GLib.Variant('s', 's3kr1t'),
|
||||||
|
+ 'encrypt.passphrase': GLib.Variant('s', 's3kr1ts3kr1t'),
|
||||||
|
'label': GLib.Variant('s', 'treasure')}))
|
||||||
|
self.client.settle()
|
||||||
|
crypt_obj = self.client.get_object(self.udisks_block().get_object_path())
|
||||||
|
@@ -1332,7 +1332,7 @@ class Luks(UDisksTestCase):
|
||||||
|
@staticmethod
|
||||||
|
def unlock_crypto_device(encrypted):
|
||||||
|
return encrypted.call_unlock_sync(
|
||||||
|
- 's3kr1t', no_options, None)
|
||||||
|
+ 's3kr1ts3kr1t', no_options, None)
|
||||||
|
|
||||||
|
def tearDown(self):
|
||||||
|
"""clean up behind failed test cases"""
|
||||||
|
@@ -1400,7 +1400,7 @@ class Luks(UDisksTestCase):
|
||||||
|
udev_dump = subprocess.Popen(['udevadm', 'info', '--export-db'],
|
||||||
|
stdout=subprocess.PIPE)
|
||||||
|
out = udev_dump.communicate()[0]
|
||||||
|
- self.assertFalse(b's3kr1t' in out, 'password in udev properties')
|
||||||
|
+ self.assertFalse(b's3kr1ts3kr1t' in out, 'password in udev properties')
|
||||||
|
self.assertFalse(b'essiv:sha' in out, 'key information in udev properties')
|
||||||
|
|
||||||
|
finally:
|
||||||
|
@@ -1510,18 +1510,18 @@ class Luks(UDisksTestCase):
|
||||||
|
encrypted = self.setup_crypto_device()
|
||||||
|
# wrong password, has bytes after a trailing '\0'
|
||||||
|
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
|
||||||
|
- '', Luks.keyfile_options(b's3kr1t\0X'), None)
|
||||||
|
+ '', Luks.keyfile_options(b's3kr1ts3kr1t\0X'), None)
|
||||||
|
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
|
||||||
|
- '', Luks.keyfile_options(b's3kr1t\n'), None)
|
||||||
|
+ '', Luks.keyfile_options(b's3kr1ts3kr1t\n'), None)
|
||||||
|
# correct password, specified as keyfile
|
||||||
|
- encrypted.call_unlock_sync('', Luks.keyfile_options(b's3kr1t'), None)
|
||||||
|
+ encrypted.call_unlock_sync('', Luks.keyfile_options(b's3kr1ts3kr1t'), None)
|
||||||
|
encrypted.call_lock_sync(no_options, None)
|
||||||
|
|
||||||
|
def test_plaintext_keyfile(self):
|
||||||
|
"""Setup a device using a plaintext keyfile."""
|
||||||
|
# Using a plaintext keyfile should be equivalent to passphrase
|
||||||
|
self.fs_create(None, 'ext4', GLib.Variant('a{sv}', {
|
||||||
|
- 'encrypt.passphrase': GLib.Variant('ay', _bytes_to_ay(b's3kr1t')),
|
||||||
|
+ 'encrypt.passphrase': GLib.Variant('ay', _bytes_to_ay(b's3kr1ts3kr1t')),
|
||||||
|
'label': GLib.Variant('s', 'treasure')}))
|
||||||
|
|
||||||
|
crypt_obj = self.client.get_object(self.udisks_block().get_object_path())
|
||||||
|
@@ -1532,16 +1532,16 @@ class Luks(UDisksTestCase):
|
||||||
|
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
|
||||||
|
'h4ckpassword', no_options, None)
|
||||||
|
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
|
||||||
|
- '', Luks.keyfile_options(b's3kr1t\0X'), None)
|
||||||
|
+ '', Luks.keyfile_options(b's3kr1ts3kr1t\0X'), None)
|
||||||
|
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
|
||||||
|
- '', Luks.keyfile_options(b's3kr1t\n'), None)
|
||||||
|
+ '', Luks.keyfile_options(b's3kr1ts3kr1t\n'), None)
|
||||||
|
|
||||||
|
# correct password
|
||||||
|
- encrypted.call_unlock_sync('', Luks.keyfile_options(b's3kr1t'), None)
|
||||||
|
+ encrypted.call_unlock_sync('', Luks.keyfile_options(b's3kr1ts3kr1t'), None)
|
||||||
|
encrypted.call_lock_sync(no_options, None)
|
||||||
|
|
||||||
|
# correct password, specified as passphrase
|
||||||
|
- encrypted.call_unlock_sync('s3kr1t', no_options, None)
|
||||||
|
+ encrypted.call_unlock_sync('s3kr1ts3kr1t', no_options, None)
|
||||||
|
encrypted.call_lock_sync(no_options, None)
|
||||||
|
|
||||||
|
def test_binary_keyfile(self):
|
||||||
|
@@ -1607,11 +1607,11 @@ class Luks(UDisksTestCase):
|
||||||
|
encrypted = self.setup_crypto_device()
|
||||||
|
|
||||||
|
# change: passphrase -> passphrase
|
||||||
|
- encrypted.call_change_passphrase_sync('s3kr1t', 'passphrase', no_options, None)
|
||||||
|
+ encrypted.call_change_passphrase_sync('s3kr1ts3kr1t', 'passphrase', no_options, None)
|
||||||
|
|
||||||
|
# verify new password:
|
||||||
|
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
|
||||||
|
- 's3kr1t', no_options, None)
|
||||||
|
+ 's3kr1ts3kr1t', no_options, None)
|
||||||
|
encrypted.call_unlock_sync('passphrase', no_options, None)
|
||||||
|
encrypted.call_lock_sync(no_options, None)
|
||||||
|
|
||||||
|
@@ -1644,7 +1644,7 @@ class Luks(UDisksTestCase):
|
||||||
|
|
||||||
|
# change: keyfile -> passphrase
|
||||||
|
encrypted.call_change_passphrase_sync(
|
||||||
|
- '', 's3kr1t', GLib.Variant('a{sv}', {
|
||||||
|
+ '', 's3kr1ts3kr1t', GLib.Variant('a{sv}', {
|
||||||
|
'old_keyfile_contents': GLib.Variant('ay', _bytes_to_ay(key_file_1)),
|
||||||
|
}),
|
||||||
|
None)
|
||||||
|
@@ -1652,7 +1652,7 @@ class Luks(UDisksTestCase):
|
||||||
|
# verify new password:
|
||||||
|
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
|
||||||
|
'', Luks.keyfile_options(key_file_1), None)
|
||||||
|
- encrypted.call_unlock_sync('s3kr1t', no_options, None)
|
||||||
|
+ encrypted.call_unlock_sync('s3kr1ts3kr1t', no_options, None)
|
||||||
|
encrypted.call_lock_sync(no_options, None)
|
||||||
|
|
||||||
|
|
25
udisks2.spec
25
udisks2.spec
@ -56,7 +56,7 @@
|
|||||||
Name: udisks2
|
Name: udisks2
|
||||||
Summary: Disk Manager
|
Summary: Disk Manager
|
||||||
Version: 2.9.0
|
Version: 2.9.0
|
||||||
Release: 13%{?dist}
|
Release: 14%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
URL: https://github.com/storaged-project/udisks
|
URL: https://github.com/storaged-project/udisks
|
||||||
@ -91,7 +91,16 @@ Patch25: udisks-2.10.0-udiskslinuxpartition_GError.patch
|
|||||||
Patch26: udisks-2.10.0-udiskslinuxpartitiontable_GError.patch
|
Patch26: udisks-2.10.0-udiskslinuxpartitiontable_GError.patch
|
||||||
Patch27: udisks-2.10.0-udiskslinuxfilesystem_GError.patch
|
Patch27: udisks-2.10.0-udiskslinuxfilesystem_GError.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1966460
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1966460
|
||||||
Patch28: udisks-2.10.0-iscsi_test_05_restart_iscsid.patch
|
Patch28: udisks-2.10.0-iscsi_test_01_badauth.patch
|
||||||
|
Patch29: udisks-2.10.0-iscsi_test_02_lio_target_conf.patch
|
||||||
|
Patch31: udisks-2.10.0-iscsi_test_04_fix_test_login_chap_auth.patch
|
||||||
|
Patch32: udisks-2.10.0-iscsi_test_05_restart_iscsid.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2188991
|
||||||
|
Patch33: udisks-2.10.0-iscsi-CHAP-auth-algs.patch
|
||||||
|
Patch34: udisks-2.9.4-FIPS_LUKS_fixes-2.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2039772
|
||||||
|
Patch35: udisks-2.10.0-lvm2_update_epoch.patch
|
||||||
|
Patch36: udisks-2.10.0-lvm2_vgcreate_uevent_sync.patch
|
||||||
|
|
||||||
BuildRequires: glib2-devel >= %{glib2_version}
|
BuildRequires: glib2-devel >= %{glib2_version}
|
||||||
BuildRequires: gobject-introspection-devel >= %{gobject_introspection_version}
|
BuildRequires: gobject-introspection-devel >= %{gobject_introspection_version}
|
||||||
@ -318,6 +327,13 @@ This package contains module for VDO management.
|
|||||||
%patch26 -p1
|
%patch26 -p1
|
||||||
%patch27 -p1
|
%patch27 -p1
|
||||||
%patch28 -p1
|
%patch28 -p1
|
||||||
|
%patch29 -p1
|
||||||
|
%patch31 -p1
|
||||||
|
%patch32 -p1
|
||||||
|
%patch33 -p1
|
||||||
|
%patch34 -p1
|
||||||
|
%patch35 -p1
|
||||||
|
%patch36 -p1
|
||||||
sed -i udisks/udisks2.conf.in -e "s/encryption=luks1/encryption=%{default_luks_encryption}/"
|
sed -i udisks/udisks2.conf.in -e "s/encryption=luks1/encryption=%{default_luks_encryption}/"
|
||||||
|
|
||||||
%build
|
%build
|
||||||
@ -510,6 +526,11 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jun 02 2023 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-14
|
||||||
|
- iscsi: CHAP auth algorithm selection fixes (#2188991)
|
||||||
|
- tests: Use stronger passphrases for LUKS tests
|
||||||
|
- lvm2: Improve uevent processing (#2039772)
|
||||||
|
|
||||||
* Tue Nov 01 2022 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-13
|
* Tue Nov 01 2022 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-13
|
||||||
- Fix iscsi test auth failures (#1966460)
|
- Fix iscsi test auth failures (#1966460)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user