Import from AlmaLinux stable repository

This commit is contained in:
eabdullin 2024-05-15 09:04:36 +00:00
parent ef4150f89c
commit e28d29cd20
8 changed files with 860 additions and 1 deletions

View File

@ -0,0 +1,33 @@
From def82f87dcc0b21e4890e12d82e6007f98551dcb Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Tue, 30 May 2023 18:23:08 +0200
Subject: [PATCH] tests: Forcefully set scsi_debug cd drive as read-only
There's something fishy in newer kernels and read-only detection
doesn't seem to work properly. As suggested in
https://github.com/util-linux/util-linux/issues/18#issuecomment-8453739
setting device ro by `blockdev --setro` seems to fix the issue.
---
src/tests/integration-test | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/tests/integration-test b/src/tests/integration-test
index 5f68217e0..10cdff85e 100755
--- a/src/tests/integration-test
+++ b/src/tests/integration-test
@@ -1096,6 +1096,7 @@ class FS(UDisksTestCase):
time.sleep(5)
self.sync()
cd_fs = self.udisks_filesystem(cd=True)
+ subprocess.call(['blockdev', '--setro', self.cd_device])
# forcing mount CD drive as 'rw' should fail
try:
@@ -1748,6 +1749,7 @@ class Polkit(UDisksTestCase, test_polkitd.PolkitTestCase):
try:
fs = self.udisks_filesystem(cd=True)
self.assertNotEqual(fs, None)
+ subprocess.call(['blockdev', '--setro', self.cd_device])
mount_path = fs.call_mount_sync(no_options, None)
self.assertIn('/media/', mount_path)

View File

@ -0,0 +1,161 @@
From 26fcef727d68af97b1187d2ac3cad19acc3d97c8 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Tue, 16 May 2023 18:33:59 +0200
Subject: [PATCH 1/2] iscsi: Set node parameters before the Login/Logout action
This allows to properly pass required arguments like the CHAP
auth algorithms, etc.
---
modules/iscsi/udisksiscsiutil.c | 54 ++++++++++++++++++---------------
1 file changed, 29 insertions(+), 25 deletions(-)
diff --git a/modules/iscsi/udisksiscsiutil.c b/modules/iscsi/udisksiscsiutil.c
index 78890106f0..b279442876 100644
--- a/modules/iscsi/udisksiscsiutil.c
+++ b/modules/iscsi/udisksiscsiutil.c
@@ -186,9 +186,10 @@ iscsi_perform_login_action (UDisksLinuxModuleISCSI *module,
}
static gint
-iscsi_node_set_parameters (struct libiscsi_context *ctx,
- struct libiscsi_node *node,
- GVariant *params)
+iscsi_node_set_parameters (struct libiscsi_context *ctx,
+ struct libiscsi_node *node,
+ GVariant *params,
+ gchar **errorstr)
{
GVariantIter iter;
GVariant *value;
@@ -207,9 +208,11 @@ iscsi_node_set_parameters (struct libiscsi_context *ctx,
/* Update the node parameter value. */
err = libiscsi_node_set_parameter (ctx, node, key, param_value);
+ if (errorstr && err != 0)
+ *errorstr = g_strdup (libiscsi_get_error_string (ctx));
g_variant_unref (value);
- g_free ((gpointer) key);
+ g_free (key);
}
return 0;
@@ -279,7 +282,7 @@ iscsi_login (UDisksLinuxModuleISCSI *module,
const gchar *password = NULL;
const gchar *reverse_username = NULL;
const gchar *reverse_password = NULL;
- gint err;
+ gint err = 0;
g_return_val_if_fail (UDISKS_IS_LINUX_MODULE_ISCSI (module), 1);
@@ -304,17 +307,18 @@ iscsi_login (UDisksLinuxModuleISCSI *module,
/* Get iscsi context. */
ctx = udisks_linux_module_iscsi_get_libiscsi_context (module);
- /* Login */
- err = iscsi_perform_login_action (module,
- ACTION_LOGIN,
- &node,
- &auth_info,
- errorstr);
+ /* Update node parameters. */
+ if (params)
+ err = iscsi_node_set_parameters (ctx, &node, params_without_chap, errorstr);
- if (err == 0 && params)
+ /* Login */
+ if (err == 0)
{
- /* Update node parameters. */
- err = iscsi_node_set_parameters (ctx, &node, params_without_chap);
+ err = iscsi_perform_login_action (module,
+ ACTION_LOGIN,
+ &node,
+ &auth_info,
+ errorstr);
}
g_variant_unref (params_without_chap);
@@ -334,7 +338,7 @@ iscsi_logout (UDisksLinuxModuleISCSI *module,
{
struct libiscsi_context *ctx;
struct libiscsi_node node = {0,};
- gint err;
+ gint err = 0;
g_return_val_if_fail (UDISKS_IS_LINUX_MODULE_ISCSI (module), 1);
@@ -344,18 +348,18 @@ iscsi_logout (UDisksLinuxModuleISCSI *module,
/* Get iscsi context. */
ctx = udisks_linux_module_iscsi_get_libiscsi_context (module);
- /* Logout */
- err = iscsi_perform_login_action (module,
- ACTION_LOGOUT,
- &node,
- NULL,
- errorstr);
+ /* Update node parameters. */
+ if (params)
+ err = iscsi_node_set_parameters (ctx, &node, params, errorstr);
- if (err == 0 && params)
+ /* Logout */
+ if (err == 0)
{
- /* Update node parameters. */
- err = iscsi_node_set_parameters (ctx, &node, params);
-
+ err = iscsi_perform_login_action (module,
+ ACTION_LOGOUT,
+ &node,
+ NULL,
+ errorstr);
}
return err;
From 749812784abcc4c0492bda0703bff5d3dae052f9 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Tue, 16 May 2023 18:35:42 +0200
Subject: [PATCH 2/2] tests: Disallow MD5 for iscsi CHAP login
MD5 is unavailable in FIPS mode:
iscsid[82167]: iscsid: Ignoring CHAP algorthm request for MD5 due to crypto lib configuration
iscsid[82167]: iscsid: Couldn't set CHAP algorithm list
kernel: rx_data returned 0, expecting 48.
kernel: iSCSI Login negotiation failed.
---
src/tests/dbus-tests/test_30_iscsi.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/tests/dbus-tests/test_30_iscsi.py b/src/tests/dbus-tests/test_30_iscsi.py
index 09e975f30c..02ba6c92b0 100644
--- a/src/tests/dbus-tests/test_30_iscsi.py
+++ b/src/tests/dbus-tests/test_30_iscsi.py
@@ -161,6 +161,7 @@ def test_login_chap_auth(self):
self.assertEqual(port, self.port)
options = dbus.Dictionary(signature='sv')
+ options['node.session.auth.chap_algs'] = 'SHA3-256,SHA256,SHA1' # disallow MD5
options['username'] = self.initiator
msg = 'Login failed: initiator reported error \(24 - iSCSI login failed due to authorization failure\)'
@@ -227,6 +228,7 @@ def test_login_mutual_auth(self):
self.assertEqual(port, self.port)
options = dbus.Dictionary(signature='sv')
+ options['node.session.auth.chap_algs'] = 'SHA3-256,SHA256,SHA1' # disallow MD5
options['username'] = self.initiator
options['password'] = self.password
options['reverse-username'] = self.mutual_iqn
@@ -335,6 +337,7 @@ def test_login_noauth_badauth(self):
# first attempt - wrong password
options = dbus.Dictionary(signature='sv')
+ options['node.session.auth.chap_algs'] = 'SHA3-256,SHA256,SHA1' # disallow MD5
options['username'] = self.initiator
msg = r'Login failed: initiator reported error \((19 - encountered non-retryable iSCSI login failure|24 - iSCSI login failed due to authorization failure)\)'
with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):

View File

@ -0,0 +1,73 @@
From 0441d0f93788b617a38b75e4a44744406976c822 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Mon, 31 Jul 2023 16:48:28 +0200
Subject: [PATCH] iscsi: Fix login on firmware-discovered nodes
There's currently no way to distinguish between force-no-auth and
use-fw-discovered-auth-info scenarios from the D-Bus API so let's
assume that the caller wants to retain the firmware-discovered auth
info unless overriden with specific CHAP credentials.
---
.../data/org.freedesktop.UDisks2.iscsi.xml | 3 +++
modules/iscsi/udisksiscsiutil.c | 27 ++++++++++++++++++-
2 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml b/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
index cf262deb68..e8a717ff1d 100644
--- a/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
+++ b/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
@@ -162,6 +162,9 @@
<parameter>reverse-password</parameter> will be used for CHAP
authentication.
+ Firmware-discovered nodes retain their authentication info unless
+ overriden with specified credentials (see above).
+
All the additional options are transformed into the interface
parameters. For example, if an automatic node startup is desired, the
<parameter>node.startup</parameter> needs to be set to
diff --git a/modules/iscsi/udisksiscsiutil.c b/modules/iscsi/udisksiscsiutil.c
index b279442876..fb4f5ea167 100644
--- a/modules/iscsi/udisksiscsiutil.c
+++ b/modules/iscsi/udisksiscsiutil.c
@@ -264,6 +264,31 @@ iscsi_params_pop_chap_data (GVariant *params,
return g_variant_dict_end (&dict);
}
+static gboolean
+is_auth_required (struct libiscsi_context *ctx,
+ struct libiscsi_node *node,
+ struct libiscsi_auth_info *auth_info)
+{
+ char val[LIBISCSI_VALUE_MAXLEN + 1] = {'\0',};
+ int ret;
+
+ /* TODO: No way to distinguish between the "no auth requested" and
+ * "retain discovered auth info" scenarios from the D-Bus API.
+ */
+
+ /* In case CHAP auth is requested, let's use it unconditionally */
+ if (auth_info->method != libiscsi_auth_none)
+ return TRUE;
+
+ /* Avoid auth override on firmware-discovered nodes */
+ ret = libiscsi_node_get_parameter (ctx, node, "node.discovery_type", val);
+ if (ret == 0 && g_strcmp0 (val, "fw") == 0)
+ return FALSE;
+
+ /* Not a firmware-discovered node, maintain legacy rules */
+ return TRUE;
+}
+
gint
iscsi_login (UDisksLinuxModuleISCSI *module,
const gchar *name,
@@ -317,7 +342,7 @@ iscsi_login (UDisksLinuxModuleISCSI *module,
err = iscsi_perform_login_action (module,
ACTION_LOGIN,
&node,
- &auth_info,
+ is_auth_required (ctx, &node, &auth_info) ? &auth_info : NULL,
errorstr);
}

View File

@ -0,0 +1,113 @@
From 28c39786927ad683f56c031d80a5c06f5b5b9aea Mon Sep 17 00:00:00 2001
From: Marius Vollmer <mvollmer@redhat.com>
Date: Tue, 5 Apr 2022 11:23:23 +0300
Subject: [PATCH] lvm2: Only install results of most recently started udpates
Fixes #966
---
modules/lvm2/udiskslinuxmodulelvm2.c | 13 ++++++++++++-
modules/lvm2/udiskslinuxvolumegroupobject.c | 12 ++++++++++++
2 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/modules/lvm2/udiskslinuxmodulelvm2.c b/modules/lvm2/udiskslinuxmodulelvm2.c
index 8e1ea13aec..77ecf94a6d 100644
--- a/modules/lvm2/udiskslinuxmodulelvm2.c
+++ b/modules/lvm2/udiskslinuxmodulelvm2.c
@@ -59,6 +59,8 @@ struct _UDisksLinuxModuleLVM2 {
gint delayed_update_id;
gboolean coldplug_done;
+
+ guint32 update_epoch;
};
typedef struct _UDisksLinuxModuleLVM2Class UDisksLinuxModuleLVM2Class;
@@ -86,6 +88,7 @@ udisks_linux_module_lvm2_constructed (GObject *object)
module->name_to_volume_group = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, (GDestroyNotify) g_object_unref);
module->coldplug_done = FALSE;
+ module->update_epoch = 0;
if (G_OBJECT_CLASS (udisks_linux_module_lvm2_parent_class)->constructed)
G_OBJECT_CLASS (udisks_linux_module_lvm2_parent_class)->constructed (object);
@@ -221,6 +224,12 @@ lvm_update_vgs (GObject *source_obj,
gpointer key, value;
const gchar *vg_name;
+ if (GPOINTER_TO_UINT (user_data) != module->update_epoch)
+ {
+ vgs_pvs_data_free (data);
+ return;
+ }
+
if (! data)
{
if (error)
@@ -303,11 +312,13 @@ lvm_update (UDisksLinuxModuleLVM2 *module)
{
GTask *task;
+ module->update_epoch++;
+
/* the callback (lvm_update_vgs) is called in the default main loop (context) */
task = g_task_new (module,
NULL /* cancellable */,
lvm_update_vgs,
- NULL /* callback_data */);
+ GUINT_TO_POINTER (module->update_epoch));
/* holds a reference to 'task' until it is finished */
g_task_run_in_thread (task, (GTaskThreadFunc) vgs_task_func);
diff --git a/modules/lvm2/udiskslinuxvolumegroupobject.c b/modules/lvm2/udiskslinuxvolumegroupobject.c
index ce941cb250..ead08de7b1 100644
--- a/modules/lvm2/udiskslinuxvolumegroupobject.c
+++ b/modules/lvm2/udiskslinuxvolumegroupobject.c
@@ -66,6 +66,7 @@ struct _UDisksLinuxVolumeGroupObject
gchar *name;
GHashTable *logical_volumes;
+ guint32 update_epoch;
guint32 poll_epoch;
guint poll_timeout_id;
gboolean poll_requested;
@@ -99,6 +100,7 @@ static void crypttab_changed (UDisksCrypttabMonitor *monitor,
typedef struct {
BDLVMVGdata *vg_info;
GSList *vg_pvs;
+ guint32 epoch;
} VGUpdateData;
static void
@@ -183,6 +185,7 @@ udisks_linux_volume_group_object_set_property (GObject *__object,
static void
udisks_linux_volume_group_object_init (UDisksLinuxVolumeGroupObject *object)
{
+ object->update_epoch = 0;
object->poll_epoch = 0;
object->poll_timeout_id = 0;
object->poll_requested = FALSE;
@@ -575,6 +578,12 @@ update_vg (GObject *source_obj,
BDLVMVGdata *vg_info = data->vg_info;
GSList *vg_pvs = data->vg_pvs;
+ if (data->epoch != object->update_epoch)
+ {
+ lv_list_free (lvs);
+ return;
+ }
+
/* free the data container (but not 'vg_info' and 'vg_pvs') */
g_free (data);
@@ -711,8 +720,11 @@ udisks_linux_volume_group_object_update (UDisksLinuxVolumeGroupObject *object, B
gchar *vg_name = g_strdup (vg_info->name);
GTask *task = NULL;
+ object->update_epoch++;
+
data->vg_info = vg_info;
data->vg_pvs = pvs;
+ data->epoch = object->update_epoch;
/* the callback (update_vg) is called in the default main loop (context) */
task = g_task_new (g_object_ref (object), NULL /* cancellable */, update_vg, data /* callback_data */);

View File

@ -0,0 +1,26 @@
From f24601b1d1302350fff15f326bfe3cfabde05f4c Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Fri, 19 May 2023 17:17:56 +0200
Subject: [PATCH] lvm2: Trigger uevent sync on block devices when creating new
VG
This will likely slow down processing with the hope that
more objects have their properties updated properly.
---
modules/lvm2/udiskslinuxmanagerlvm2.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/modules/lvm2/udiskslinuxmanagerlvm2.c b/modules/lvm2/udiskslinuxmanagerlvm2.c
index b0c62fdcd6..5c06b921df 100644
--- a/modules/lvm2/udiskslinuxmanagerlvm2.c
+++ b/modules/lvm2/udiskslinuxmanagerlvm2.c
@@ -384,7 +384,8 @@ handle_volume_group_create (UDisksManagerLVM2 *_object,
UDisksObject *object_for_block;
object_for_block = udisks_daemon_util_dup_object (block, &error);
if (object_for_block != NULL)
- udisks_linux_block_object_trigger_uevent (UDISKS_LINUX_BLOCK_OBJECT (object_for_block));
+ udisks_linux_block_object_trigger_uevent_sync (UDISKS_LINUX_BLOCK_OBJECT (object_for_block),
+ UDISKS_DEFAULT_WAIT_TIMEOUT);
g_object_unref (object_for_block);
}

View File

@ -0,0 +1,418 @@
From 9fdf616dd3a1dc8d9c17a7cd48995dd11068eedd Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Thu, 25 May 2023 14:20:05 +0200
Subject: [PATCH] LUKS FIPS fixes
---
src/tests/dbus-tests/test_50_block.py | 8 ++-
src/tests/dbus-tests/test_70_encrypted.py | 67 ++++++++++-------------
src/tests/integration-test | 30 +++++-----
3 files changed, 50 insertions(+), 55 deletions(-)
diff --git a/src/tests/dbus-tests/test_50_block.py b/src/tests/dbus-tests/test_50_block.py
index 2154eea8..09f8fb95 100644
--- a/src/tests/dbus-tests/test_50_block.py
+++ b/src/tests/dbus-tests/test_50_block.py
@@ -12,6 +12,8 @@ import udiskstestcase
class UdisksBlockTest(udiskstestcase.UdisksTestCase):
'''This is a basic block device test suite'''
+ LUKS_PASSPHRASE = 'shouldnotseeme'
+
def _close_luks(self, disk):
disk.Lock(self.no_options, dbus_interface=self.iface_prefix + '.Encrypted')
@@ -241,7 +243,7 @@ class UdisksBlockTest(udiskstestcase.UdisksTestCase):
# format the disk
disk = self.get_object('/block_devices/' + os.path.basename(self.vdevs[0]))
- disk.Format('xfs', {'encrypt.passphrase': 'test'}, dbus_interface=self.iface_prefix + '.Block')
+ disk.Format('xfs', {'encrypt.passphrase': self.LUKS_PASSPHRASE}, dbus_interface=self.iface_prefix + '.Block')
# cleanup -- close the luks and remove format
self.addCleanup(self.wipe_fs, self.vdevs[0])
@@ -249,7 +251,7 @@ class UdisksBlockTest(udiskstestcase.UdisksTestCase):
# configuration items as arrays of dbus.Byte
opts = self.str_to_ay('verify')
- passwd = self.str_to_ay('test')
+ passwd = self.str_to_ay(self.LUKS_PASSPHRASE)
# set the new configuration
conf = dbus.Dictionary({'passphrase-contents': passwd,
@@ -294,7 +296,7 @@ class UdisksBlockTest(udiskstestcase.UdisksTestCase):
# format the disk
disk = self.get_object('/block_devices/' + os.path.basename(self.vdevs[0]))
- disk.Format('xfs', {'encrypt.passphrase': 'test'}, dbus_interface=self.iface_prefix + '.Block')
+ disk.Format('xfs', {'encrypt.passphrase': self.LUKS_PASSPHRASE}, dbus_interface=self.iface_prefix + '.Block')
# cleanup -- close the luks and remove format
self.addCleanup(self.wipe_fs, self.vdevs[0])
diff --git a/src/tests/dbus-tests/test_70_encrypted.py b/src/tests/dbus-tests/test_70_encrypted.py
index effcceac..2f5a8854 100644
--- a/src/tests/dbus-tests/test_70_encrypted.py
+++ b/src/tests/dbus-tests/test_70_encrypted.py
@@ -40,6 +40,9 @@ def _get_blkid_version():
class UdisksEncryptedTest(udiskstestcase.UdisksTestCase):
'''This is an encrypted device test suite'''
+ PASSPHRASE = 'shouldnotseeme'
+ LUKS_NAME = 'myshinylittleluks'
+
def _create_luks(self, device, passphrase, binary=False):
raise NotImplementedError()
@@ -60,7 +63,7 @@ class UdisksEncryptedTest(udiskstestcase.UdisksTestCase):
disk_name = os.path.basename(self.vdevs[0])
disk = self.get_object('/block_devices/' + disk_name)
- self._create_luks(disk, 'test')
+ self._create_luks(disk, self.PASSPHRASE)
self.addCleanup(self._remove_luks, disk)
self.udev_settle()
@@ -124,7 +127,7 @@ class UdisksEncryptedTest(udiskstestcase.UdisksTestCase):
disk_name = os.path.basename(self.vdevs[0])
disk = self.get_object('/block_devices/' + disk_name)
- self._create_luks(disk, 'test')
+ self._create_luks(disk, self.PASSPHRASE)
self.addCleanup(self._remove_luks, disk)
self.udev_settle()
@@ -160,11 +163,11 @@ class UdisksEncryptedTest(udiskstestcase.UdisksTestCase):
# wrong password
msg = 'org.freedesktop.UDisks2.Error.Failed: Error unlocking %s *' % self.vdevs[0]
with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
- disk.Unlock('shbdkjaf', self.no_options,
+ disk.Unlock('abcdefghijklmn', self.no_options,
dbus_interface=self.iface_prefix + '.Encrypted')
# right password
- luks = disk.Unlock('test', self.no_options,
+ luks = disk.Unlock(self.PASSPHRASE, self.no_options,
dbus_interface=self.iface_prefix + '.Encrypted')
self.assertIsNotNone(luks)
self.assertTrue(os.path.exists('/dev/disk/by-uuid/%s' % luks_uuid))
@@ -180,7 +183,7 @@ class UdisksEncryptedTest(udiskstestcase.UdisksTestCase):
# read-only
ro_opts = dbus.Dictionary({'read-only': dbus.Boolean(True)}, signature=dbus.Signature('sv'))
- luks = disk.Unlock('test', ro_opts,
+ luks = disk.Unlock(self.PASSPHRASE, ro_opts,
dbus_interface=self.iface_prefix + '.Encrypted')
self.assertIsNotNone(luks)
self.assertTrue(os.path.exists('/dev/disk/by-uuid/%s' % luks_uuid))
@@ -196,13 +199,10 @@ class UdisksEncryptedTest(udiskstestcase.UdisksTestCase):
crypttab = self.read_file('/etc/crypttab')
self.addCleanup(self.write_file, '/etc/crypttab', crypttab)
- passwd = 'test'
- luks_name = 'myshinylittleluks'
-
disk_name = os.path.basename(self.vdevs[0])
disk = self.get_object('/block_devices/' + disk_name)
- self._create_luks(disk, passwd)
+ self._create_luks(disk, self.PASSPHRASE)
self.addCleanup(self._remove_luks, disk)
self.udev_settle()
@@ -212,20 +212,20 @@ class UdisksEncryptedTest(udiskstestcase.UdisksTestCase):
disk.Lock(self.no_options, dbus_interface=self.iface_prefix + '.Encrypted')
# add new entry to the crypttab
- new_crypttab = crypttab + '%s UUID=%s none\n' % (luks_name, disk_uuid)
+ new_crypttab = crypttab + '%s UUID=%s none\n' % (self.LUKS_NAME, disk_uuid)
self.write_file('/etc/crypttab', new_crypttab)
dbus_conf = disk.GetSecretConfiguration(self.no_options, dbus_interface=self.iface_prefix + '.Block')
self.assertIsNotNone(dbus_conf)
- self.assertEqual(self.ay_to_str(dbus_conf[0][1]['name']), luks_name)
+ self.assertEqual(self.ay_to_str(dbus_conf[0][1]['name']), self.LUKS_NAME)
# unlock the device
- luks = disk.Unlock(passwd, self.no_options,
+ luks = disk.Unlock(self.PASSPHRASE, self.no_options,
dbus_interface=self.iface_prefix + '.Encrypted')
self.assertIsNotNone(luks)
# unlock should use name from crypttab for the /dev/mapper device
- dm_path = '/dev/mapper/%s' % luks_name
+ dm_path = '/dev/mapper/%s' % self.LUKS_NAME
self.assertTrue(os.path.exists(dm_path))
# preferred 'device' should be /dev/mapper/name too
@@ -240,8 +240,7 @@ class UdisksEncryptedTest(udiskstestcase.UdisksTestCase):
crypttab = self.read_file('/etc/crypttab')
self.addCleanup(self.write_file, '/etc/crypttab', crypttab)
- passwd = b'test\0test'
- luks_name = 'myshinylittleluks'
+ passwd = b'testtesttest\0testtesttest'
# create key file
_fd, key_file = tempfile.mkstemp()
@@ -262,12 +261,12 @@ class UdisksEncryptedTest(udiskstestcase.UdisksTestCase):
disk.Lock(self.no_options, dbus_interface=self.iface_prefix + '.Encrypted')
# add new entry to the crypttab
- new_crypttab = crypttab + '%s UUID=%s %s\n' % (luks_name, disk_uuid, key_file)
+ new_crypttab = crypttab + '%s UUID=%s %s\n' % (self.LUKS_NAME, disk_uuid, key_file)
self.write_file('/etc/crypttab', new_crypttab)
dbus_conf = disk.GetSecretConfiguration(self.no_options, dbus_interface=self.iface_prefix + '.Block')
self.assertIsNotNone(dbus_conf)
- self.assertEqual(self.ay_to_str(dbus_conf[0][1]['name']), luks_name)
+ self.assertEqual(self.ay_to_str(dbus_conf[0][1]['name']), self.LUKS_NAME)
self.assertEqual(self.ay_to_str(dbus_conf[0][1]['passphrase-path']), key_file)
# unlock the device using empty passphrase (should use the key file)
@@ -276,7 +275,7 @@ class UdisksEncryptedTest(udiskstestcase.UdisksTestCase):
self.assertIsNotNone(luks)
# unlock should use name from crypttab for the /dev/mapper device
- dm_path = '/dev/mapper/%s' % luks_name
+ dm_path = '/dev/mapper/%s' % self.LUKS_NAME
self.assertTrue(os.path.exists(dm_path))
# preferred 'device' should be /dev/mapper/name too
@@ -289,7 +288,7 @@ class UdisksEncryptedTest(udiskstestcase.UdisksTestCase):
disk_name = os.path.basename(self.vdevs[0])
disk = self.get_object('/block_devices/' + disk_name)
- self._create_luks(disk, 'test')
+ self._create_luks(disk, self.PASSPHRASE)
self.addCleanup(self._remove_luks, disk)
self.udev_settle()
@@ -316,11 +315,11 @@ class UdisksEncryptedTest(udiskstestcase.UdisksTestCase):
disk_name = os.path.basename(self.vdevs[0])
disk = self.get_object('/block_devices/' + disk_name)
- self._create_luks(disk, 'test')
+ self._create_luks(disk, self.PASSPHRASE)
self.addCleanup(self._remove_luks, disk)
self.udev_settle()
- disk.ChangePassphrase('test', 'password', self.no_options,
+ disk.ChangePassphrase(self.PASSPHRASE, self.PASSPHRASE + '222', self.no_options,
dbus_interface=self.iface_prefix + '.Encrypted')
disk.Lock(self.no_options, dbus_interface=self.iface_prefix + '.Encrypted')
@@ -328,11 +327,11 @@ class UdisksEncryptedTest(udiskstestcase.UdisksTestCase):
# old password, should fail
msg = 'org.freedesktop.UDisks2.Error.Failed: Error unlocking %s *' % self.vdevs[0]
with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
- disk.Unlock('test', self.no_options,
+ disk.Unlock(self.PASSPHRASE, self.no_options,
dbus_interface=self.iface_prefix + '.Encrypted')
# new password
- luks = disk.Unlock('password', self.no_options,
+ luks = disk.Unlock(self.PASSPHRASE + '222', self.no_options,
dbus_interface=self.iface_prefix + '.Encrypted')
self.assertIsNotNone(luks)
@@ -343,7 +342,7 @@ class UdisksEncryptedTest(udiskstestcase.UdisksTestCase):
def test_resize(self):
device = self.get_device(self.vdevs[0])
- self._create_luks(device, 'test')
+ self._create_luks(device, self.PASSPHRASE)
self.addCleanup(self._remove_luks, device)
self.udev_settle()
@@ -372,8 +371,6 @@ class UdisksEncryptedTest(udiskstestcase.UdisksTestCase):
fstab = self.read_file('/etc/fstab')
self.addCleanup(self.write_file, '/etc/fstab', fstab)
- passphrase = 'test'
-
disk_name = os.path.basename(self.vdevs[0])
disk = self.get_object('/block_devices/' + disk_name)
@@ -384,7 +381,7 @@ class UdisksEncryptedTest(udiskstestcase.UdisksTestCase):
self.assertIsNotNone(part)
# create LUKS on the partition and add it to crypttab
- self._create_luks(part, passphrase)
+ self._create_luks(part, self.PASSPHRASE)
self.udev_settle()
conf = dbus.Dictionary({'name': self.str_to_ay('udisks_luks_test'),
@@ -521,10 +518,8 @@ class UdisksEncryptedTestLUKS2(UdisksEncryptedTest):
super(UdisksEncryptedTestLUKS2, self).setUp()
def test_resize(self):
- passwd = 'test'
-
device = self.get_device(self.vdevs[0])
- self._create_luks(device, passwd)
+ self._create_luks(device, self.PASSPHRASE)
self.addCleanup(self._remove_luks, device)
self.udev_settle()
@@ -550,7 +545,7 @@ class UdisksEncryptedTestLUKS2(UdisksEncryptedTest):
# right passphrase
d = dbus.Dictionary(signature='sv')
- d['passphrase'] = passwd
+ d['passphrase'] = self.PASSPHRASE
device.Resize(dbus.UInt64(100*1024*1024), d,
dbus_interface=self.iface_prefix + '.Encrypted')
@@ -559,7 +554,7 @@ class UdisksEncryptedTestLUKS2(UdisksEncryptedTest):
# resize back to the original size (using binary passphrase)
d = dbus.Dictionary(signature='sv')
- d['keyfile_contents'] = self.str_to_ay(passwd, False)
+ d['keyfile_contents'] = self.str_to_ay(self.PASSPHRASE, False)
device.Resize(dbus.UInt64(clear_size), d,
dbus_interface=self.iface_prefix + '.Encrypted')
@@ -577,7 +572,7 @@ class UdisksEncryptedTestLUKS2(UdisksEncryptedTest):
# create LUKS without specifying version
options = dbus.Dictionary(signature='sv')
- options['encrypt.passphrase'] = 'test'
+ options['encrypt.passphrase'] = self.PASSPHRASE
disk.Format('xfs', options,
dbus_interface=self.iface_prefix + '.Block')
@@ -613,14 +608,12 @@ class UdisksEncryptedTestLUKS2(UdisksEncryptedTest):
@udiskstestcase.tag_test(udiskstestcase.TestTags.UNSTABLE)
def test_integrity(self):
- passwd = 'test'
-
cryptsetup_version = _get_cryptsetup_version()
if cryptsetup_version < LooseVersion('2.2.0'):
self.skipTest('Integrity devices are not marked as internal in cryptsetup < 2.2.0')
device = self.get_device(self.vdevs[0])
- self._create_luks_integrity(self.vdevs[0], passwd)
+ self._create_luks_integrity(self.vdevs[0], self.PASSPHRASE)
self.addCleanup(self._remove_luks, device)
self.udev_settle()
@@ -630,7 +623,7 @@ class UdisksEncryptedTestLUKS2(UdisksEncryptedTest):
# the device is not opened, we need to read the UUID from LUKS metadata
luks_uuid = BlockDev.crypto_luks_uuid(self.vdevs[0])
- luks_path = device.Unlock('test', self.no_options,
+ luks_path = device.Unlock(self.PASSPHRASE, self.no_options,
dbus_interface=self.iface_prefix + '.Encrypted')
self.assertIsNotNone(luks_path)
self.assertTrue(os.path.exists('/dev/disk/by-uuid/%s' % luks_uuid))
diff --git a/src/tests/integration-test b/src/tests/integration-test
index 4499a6a9..71955559 100755
--- a/src/tests/integration-test
+++ b/src/tests/integration-test
@@ -1336,7 +1336,7 @@ class Luks(UDisksTestCase):
def setup_crypto_device(self):
self.fs_create(None, 'ext4', GLib.Variant('a{sv}', {
- 'encrypt.passphrase': GLib.Variant('s', 's3kr1t'),
+ 'encrypt.passphrase': GLib.Variant('s', 's3kr1ts3kr1t'),
'label': GLib.Variant('s', 'treasure')}))
self.client.settle()
crypt_obj = self.client.get_object(self.udisks_block().get_object_path())
@@ -1347,7 +1347,7 @@ class Luks(UDisksTestCase):
@staticmethod
def unlock_crypto_device(encrypted):
return encrypted.call_unlock_sync(
- 's3kr1t', no_options, None)
+ 's3kr1ts3kr1t', no_options, None)
def tearDown(self):
"""clean up behind failed test cases"""
@@ -1415,7 +1415,7 @@ class Luks(UDisksTestCase):
udev_dump = subprocess.Popen(['udevadm', 'info', '--export-db'],
stdout=subprocess.PIPE)
out = udev_dump.communicate()[0]
- self.assertFalse(b's3kr1t' in out, 'password in udev properties')
+ self.assertFalse(b's3kr1ts3kr1t' in out, 'password in udev properties')
self.assertFalse(b'essiv:sha' in out, 'key information in udev properties')
finally:
@@ -1525,18 +1525,18 @@ class Luks(UDisksTestCase):
encrypted = self.setup_crypto_device()
# wrong password, has bytes after a trailing '\0'
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
- '', Luks.keyfile_options(b's3kr1t\0X'), None)
+ '', Luks.keyfile_options(b's3kr1ts3kr1t\0X'), None)
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
- '', Luks.keyfile_options(b's3kr1t\n'), None)
+ '', Luks.keyfile_options(b's3kr1ts3kr1t\n'), None)
# correct password, specified as keyfile
- encrypted.call_unlock_sync('', Luks.keyfile_options(b's3kr1t'), None)
+ encrypted.call_unlock_sync('', Luks.keyfile_options(b's3kr1ts3kr1t'), None)
encrypted.call_lock_sync(no_options, None)
def test_plaintext_keyfile(self):
"""Setup a device using a plaintext keyfile."""
# Using a plaintext keyfile should be equivalent to passphrase
self.fs_create(None, 'ext4', GLib.Variant('a{sv}', {
- 'encrypt.passphrase': GLib.Variant('ay', _bytes_to_ay(b's3kr1t')),
+ 'encrypt.passphrase': GLib.Variant('ay', _bytes_to_ay(b's3kr1ts3kr1t')),
'label': GLib.Variant('s', 'treasure')}))
crypt_obj = self.client.get_object(self.udisks_block().get_object_path())
@@ -1547,16 +1547,16 @@ class Luks(UDisksTestCase):
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
'h4ckpassword', no_options, None)
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
- '', Luks.keyfile_options(b's3kr1t\0X'), None)
+ '', Luks.keyfile_options(b's3kr1ts3kr1t\0X'), None)
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
- '', Luks.keyfile_options(b's3kr1t\n'), None)
+ '', Luks.keyfile_options(b's3kr1ts3kr1t\n'), None)
# correct password
- encrypted.call_unlock_sync('', Luks.keyfile_options(b's3kr1t'), None)
+ encrypted.call_unlock_sync('', Luks.keyfile_options(b's3kr1ts3kr1t'), None)
encrypted.call_lock_sync(no_options, None)
# correct password, specified as passphrase
- encrypted.call_unlock_sync('s3kr1t', no_options, None)
+ encrypted.call_unlock_sync('s3kr1ts3kr1t', no_options, None)
encrypted.call_lock_sync(no_options, None)
def test_binary_keyfile(self):
@@ -1622,11 +1622,11 @@ class Luks(UDisksTestCase):
encrypted = self.setup_crypto_device()
# change: passphrase -> passphrase
- encrypted.call_change_passphrase_sync('s3kr1t', 'passphrase', no_options, None)
+ encrypted.call_change_passphrase_sync('s3kr1ts3kr1t', 'passphrase', no_options, None)
# verify new password:
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
- 's3kr1t', no_options, None)
+ 's3kr1ts3kr1t', no_options, None)
encrypted.call_unlock_sync('passphrase', no_options, None)
encrypted.call_lock_sync(no_options, None)
@@ -1659,7 +1659,7 @@ class Luks(UDisksTestCase):
# change: keyfile -> passphrase
encrypted.call_change_passphrase_sync(
- '', 's3kr1t', GLib.Variant('a{sv}', {
+ '', 's3kr1ts3kr1t', GLib.Variant('a{sv}', {
'old_keyfile_contents': GLib.Variant('ay', _bytes_to_ay(key_file_1)),
}),
None)
@@ -1667,7 +1667,7 @@ class Luks(UDisksTestCase):
# verify new password:
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
'', Luks.keyfile_options(key_file_1), None)
- encrypted.call_unlock_sync('s3kr1t', no_options, None)
+ encrypted.call_unlock_sync('s3kr1ts3kr1t', no_options, None)
encrypted.call_lock_sync(no_options, None)
--
2.39.1

View File

@ -0,0 +1,11 @@
diff -up udisks-2.9.4/src/tests/dbus-tests/test_job.py.bak udisks-2.9.4/src/tests/dbus-tests/test_job.py
--- udisks-2.9.4/src/tests/dbus-tests/test_job.py.bak 2021-09-29 18:00:31.000000000 +0200
+++ udisks-2.9.4/src/tests/dbus-tests/test_job.py 2023-06-02 15:14:50.691620552 +0200
@@ -51,6 +51,7 @@ class UdisksJobTest(udiskstestcase.Udisk
time.sleep(0.1)
+ @udiskstestcase.tag_test(udiskstestcase.TestTags.UNSTABLE)
def test_job(self):
'''Test basic Job functionality and properties'''

View File

@ -48,7 +48,7 @@
Name: udisks2
Summary: Disk Manager
Version: 2.9.4
Release: 7%{?dist}
Release: 9%{?dist}
License: GPLv2+
URL: https://github.com/storaged-project/udisks
Source0: https://github.com/storaged-project/udisks/releases/download/udisks-%{version}/udisks-%{version}.tar.bz2
@ -71,6 +71,20 @@ Patch12: udisks-2.10.0-iscsi_test_03_iscsid_cache_clean.patch
Patch13: udisks-2.10.0-iscsi_test_04_fix_test_login_chap_auth.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1958932
Patch14: udisks-2.10.0-iscsi_test_05_restart_iscsid.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2188916
Patch15: udisks-2.10.0-iscsi-CHAP-auth-algs.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2188750
# https://bugzilla.redhat.com/show_bug.cgi?id=2188752
Patch16: udisks-2.9.4-FIPS_LUKS_fixes.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2211191
Patch17: udisks-2.10.0-integration_test_force_readonly.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2031673
Patch18: udisks-2.10.0-lvm2_update_epoch.patch
Patch19: udisks-2.10.0-lvm2_vgcreate_uevent_sync.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2148844
Patch20: udisks-2.9.4-tests_job_unstable.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2213769
Patch21: udisks-2.10.0-iscsi-ibft-chap-auth.patch
BuildRequires: make
BuildRequires: glib2-devel >= %{glib2_version}
@ -446,6 +460,16 @@ fi
%endif
%changelog
* Wed Aug 02 2023 Tomas Bzatek <tbzatek@redhat.com> - 2.9.4-9
- iscsi: Fix login on firmware-discovered nodes (#2213769)
* Fri Jun 02 2023 Tomas Bzatek <tbzatek@redhat.com> - 2.9.4-8
- iscsi: CHAP auth algorithm selection fixes (#2188916)
- tests: Use stronger passphrases for LUKS tests (#2188750,#2188752)
- integration-test: Fix scsi_debug cd drive read-only detection (#2211191)
- lvm2: Improve uevent processing (#2031673)
- tests: Mark test_job.UdisksJobTest.test_job as unstable (#2148844)
* Tue Nov 01 2022 Tomas Bzatek <tbzatek@redhat.com> - 2.9.4-7
- Fix iscsi test auth failures (#1958932)