Compare commits

...

No commits in common. "imports/c8-beta/udisks2-2.9.0-9.el8" and "c8" have entirely different histories.

14 changed files with 1284 additions and 2 deletions

View File

@ -1 +0,0 @@
1565118b5a2d05b1b9b9c71ad3f0043ae0ee6897 SOURCES/udisks-2.9.0.tar.bz2

View File

@ -0,0 +1,60 @@
From eb917d346bc8592924c5f6566b01841176c53c8c Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Mon, 22 Aug 2022 16:27:11 +0200
Subject: [PATCH] udiskslinuxblock: Only permit ATA Secure Erase during
Format() on a whole block device
ATA Secure Erase requested as an option to the Format() method call used
to perform the actual erase on a whole drive object it looked up. When
Format() was called on a partition, this led to data loss on a whole drive.
This commit adds a safeguard to check that the Format() is requested
on a whole block device.
Severity of this issue was slightly lowered by a failure to submit
the ATA Secure erase command in case some filesystem was mounted
at that point.
---
src/udiskslinuxblock.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/src/udiskslinuxblock.c b/src/udiskslinuxblock.c
index d1da94edf..db0ed2bf6 100644
--- a/src/udiskslinuxblock.c
+++ b/src/udiskslinuxblock.c
@@ -2354,6 +2354,7 @@ erase_ata_device (UDisksBlock *block,
{
gboolean ret = FALSE;
UDisksObject *drive_object = NULL;
+ UDisksLinuxBlockObject *block_object = NULL;
UDisksDriveAta *ata = NULL;
drive_object = udisks_daemon_find_object (daemon, udisks_block_get_drive (block));
@@ -2369,6 +2370,20 @@ erase_ata_device (UDisksBlock *block,
goto out;
}
+ /* Reverse check to ensure we're erasing whole block device and not a partition */
+ block_object = udisks_linux_drive_object_get_block (UDISKS_LINUX_DRIVE_OBJECT (drive_object), FALSE /* get_hw */);
+ if (block_object == NULL)
+ {
+ g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED, "Couldn't find a block device for the drive to erase");
+ goto out;
+ }
+ if (g_strcmp0 (g_dbus_object_get_object_path (G_DBUS_OBJECT (object)),
+ g_dbus_object_get_object_path (G_DBUS_OBJECT (block_object))) != 0)
+ {
+ g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED, "ATA secure erase needs to be performed on a whole block device");
+ goto out;
+ }
+
/* sleep a tiny bit here to avoid the secure erase code racing with
* programs spawned by udev
*/
@@ -2382,6 +2397,7 @@ erase_ata_device (UDisksBlock *block,
out:
g_clear_object (&ata);
g_clear_object (&drive_object);
+ g_clear_object (&block_object);
return ret;
}

View File

@ -0,0 +1,161 @@
From 26fcef727d68af97b1187d2ac3cad19acc3d97c8 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Tue, 16 May 2023 18:33:59 +0200
Subject: [PATCH 1/2] iscsi: Set node parameters before the Login/Logout action
This allows to properly pass required arguments like the CHAP
auth algorithms, etc.
---
modules/iscsi/udisksiscsiutil.c | 54 ++++++++++++++++++---------------
1 file changed, 29 insertions(+), 25 deletions(-)
diff --git a/modules/iscsi/udisksiscsiutil.c b/modules/iscsi/udisksiscsiutil.c
index 78890106f0..b279442876 100644
--- a/modules/iscsi/udisksiscsiutil.c
+++ b/modules/iscsi/udisksiscsiutil.c
@@ -186,9 +186,10 @@ iscsi_perform_login_action (UDisksLinuxModuleISCSI *module,
}
static gint
-iscsi_node_set_parameters (struct libiscsi_context *ctx,
- struct libiscsi_node *node,
- GVariant *params)
+iscsi_node_set_parameters (struct libiscsi_context *ctx,
+ struct libiscsi_node *node,
+ GVariant *params,
+ gchar **errorstr)
{
GVariantIter iter;
GVariant *value;
@@ -207,9 +208,11 @@ iscsi_node_set_parameters (struct libiscsi_context *ctx,
/* Update the node parameter value. */
err = libiscsi_node_set_parameter (ctx, node, key, param_value);
+ if (errorstr && err != 0)
+ *errorstr = g_strdup (libiscsi_get_error_string (ctx));
g_variant_unref (value);
- g_free ((gpointer) key);
+ g_free (key);
}
return 0;
@@ -279,7 +282,7 @@ iscsi_login (UDisksLinuxModuleISCSI *module,
const gchar *password = NULL;
const gchar *reverse_username = NULL;
const gchar *reverse_password = NULL;
- gint err;
+ gint err = 0;
g_return_val_if_fail (UDISKS_IS_LINUX_MODULE_ISCSI (module), 1);
@@ -304,17 +307,18 @@ iscsi_login (UDisksLinuxModuleISCSI *module,
/* Get iscsi context. */
ctx = udisks_linux_module_iscsi_get_libiscsi_context (module);
- /* Login */
- err = iscsi_perform_login_action (module,
- ACTION_LOGIN,
- &node,
- &auth_info,
- errorstr);
+ /* Update node parameters. */
+ if (params)
+ err = iscsi_node_set_parameters (ctx, &node, params_without_chap, errorstr);
- if (err == 0 && params)
+ /* Login */
+ if (err == 0)
{
- /* Update node parameters. */
- err = iscsi_node_set_parameters (ctx, &node, params_without_chap);
+ err = iscsi_perform_login_action (module,
+ ACTION_LOGIN,
+ &node,
+ &auth_info,
+ errorstr);
}
g_variant_unref (params_without_chap);
@@ -334,7 +338,7 @@ iscsi_logout (UDisksLinuxModuleISCSI *module,
{
struct libiscsi_context *ctx;
struct libiscsi_node node = {0,};
- gint err;
+ gint err = 0;
g_return_val_if_fail (UDISKS_IS_LINUX_MODULE_ISCSI (module), 1);
@@ -344,18 +348,18 @@ iscsi_logout (UDisksLinuxModuleISCSI *module,
/* Get iscsi context. */
ctx = udisks_linux_module_iscsi_get_libiscsi_context (module);
- /* Logout */
- err = iscsi_perform_login_action (module,
- ACTION_LOGOUT,
- &node,
- NULL,
- errorstr);
+ /* Update node parameters. */
+ if (params)
+ err = iscsi_node_set_parameters (ctx, &node, params, errorstr);
- if (err == 0 && params)
+ /* Logout */
+ if (err == 0)
{
- /* Update node parameters. */
- err = iscsi_node_set_parameters (ctx, &node, params);
-
+ err = iscsi_perform_login_action (module,
+ ACTION_LOGOUT,
+ &node,
+ NULL,
+ errorstr);
}
return err;
From 749812784abcc4c0492bda0703bff5d3dae052f9 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Tue, 16 May 2023 18:35:42 +0200
Subject: [PATCH 2/2] tests: Disallow MD5 for iscsi CHAP login
MD5 is unavailable in FIPS mode:
iscsid[82167]: iscsid: Ignoring CHAP algorthm request for MD5 due to crypto lib configuration
iscsid[82167]: iscsid: Couldn't set CHAP algorithm list
kernel: rx_data returned 0, expecting 48.
kernel: iSCSI Login negotiation failed.
---
src/tests/dbus-tests/test_30_iscsi.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/tests/dbus-tests/test_30_iscsi.py b/src/tests/dbus-tests/test_30_iscsi.py
index 09e975f30c..02ba6c92b0 100644
--- a/src/tests/dbus-tests/test_30_iscsi.py
+++ b/src/tests/dbus-tests/test_30_iscsi.py
@@ -161,6 +161,7 @@ def test_login_chap_auth(self):
self.assertEqual(port, self.port)
options = dbus.Dictionary(signature='sv')
+ options['node.session.auth.chap_algs'] = 'SHA3-256,SHA256,SHA1' # disallow MD5
options['username'] = self.initiator
msg = 'Login failed: initiator reported error \(24 - iSCSI login failed due to authorization failure\)'
@@ -227,6 +228,7 @@ def test_login_mutual_auth(self):
self.assertEqual(port, self.port)
options = dbus.Dictionary(signature='sv')
+ options['node.session.auth.chap_algs'] = 'SHA3-256,SHA256,SHA1' # disallow MD5
options['username'] = self.initiator
options['password'] = self.password
options['reverse-username'] = self.mutual_iqn
@@ -335,6 +337,7 @@ def test_login_noauth_badauth(self):
# first attempt - wrong password
options = dbus.Dictionary(signature='sv')
+ options['node.session.auth.chap_algs'] = 'SHA3-256,SHA256,SHA1' # disallow MD5
options['username'] = self.initiator
msg = r'Login failed: initiator reported error \((19 - encountered non-retryable iSCSI login failure|24 - iSCSI login failed due to authorization failure)\)'
with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):

View File

@ -0,0 +1,29 @@
From 9a6e6b700b19539465ab6b241f04b94d4b3769c4 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Mon, 10 Oct 2022 13:55:29 +0200
Subject: [PATCH] iscsi: Always set auth info
In case of reusing a context auth info needs to be
always set to override previous data.
---
modules/iscsi/udisksiscsiutil.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/modules/iscsi/udisksiscsiutil.c b/modules/iscsi/udisksiscsiutil.c
index 8fdae889c7..78890106f0 100644
--- a/modules/iscsi/udisksiscsiutil.c
+++ b/modules/iscsi/udisksiscsiutil.c
@@ -171,11 +171,8 @@ iscsi_perform_login_action (UDisksLinuxModuleISCSI *module,
/* Get a libiscsi context. */
ctx = udisks_linux_module_iscsi_get_libiscsi_context (module);
- if (action == ACTION_LOGIN &&
- auth_info && auth_info->method == libiscsi_auth_chap)
- {
- libiscsi_node_set_auth (ctx, node, auth_info);
- }
+ if (action == ACTION_LOGIN && auth_info)
+ libiscsi_node_set_auth (ctx, node, auth_info);
/* Login or Logout */
err = action == ACTION_LOGIN ?

View File

@ -0,0 +1,73 @@
From 0441d0f93788b617a38b75e4a44744406976c822 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Mon, 31 Jul 2023 16:48:28 +0200
Subject: [PATCH] iscsi: Fix login on firmware-discovered nodes
There's currently no way to distinguish between force-no-auth and
use-fw-discovered-auth-info scenarios from the D-Bus API so let's
assume that the caller wants to retain the firmware-discovered auth
info unless overriden with specific CHAP credentials.
---
.../data/org.freedesktop.UDisks2.iscsi.xml | 3 +++
modules/iscsi/udisksiscsiutil.c | 27 ++++++++++++++++++-
2 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml b/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
index cf262deb68..e8a717ff1d 100644
--- a/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
+++ b/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
@@ -162,6 +162,9 @@
<parameter>reverse-password</parameter> will be used for CHAP
authentication.
+ Firmware-discovered nodes retain their authentication info unless
+ overriden with specified credentials (see above).
+
All the additional options are transformed into the interface
parameters. For example, if an automatic node startup is desired, the
<parameter>node.startup</parameter> needs to be set to
diff --git a/modules/iscsi/udisksiscsiutil.c b/modules/iscsi/udisksiscsiutil.c
index b279442876..fb4f5ea167 100644
--- a/modules/iscsi/udisksiscsiutil.c
+++ b/modules/iscsi/udisksiscsiutil.c
@@ -264,6 +264,31 @@ iscsi_params_pop_chap_data (GVariant *params,
return g_variant_dict_end (&dict);
}
+static gboolean
+is_auth_required (struct libiscsi_context *ctx,
+ struct libiscsi_node *node,
+ struct libiscsi_auth_info *auth_info)
+{
+ char val[LIBISCSI_VALUE_MAXLEN + 1] = {'\0',};
+ int ret;
+
+ /* TODO: No way to distinguish between the "no auth requested" and
+ * "retain discovered auth info" scenarios from the D-Bus API.
+ */
+
+ /* In case CHAP auth is requested, let's use it unconditionally */
+ if (auth_info->method != libiscsi_auth_none)
+ return TRUE;
+
+ /* Avoid auth override on firmware-discovered nodes */
+ ret = libiscsi_node_get_parameter (ctx, node, "node.discovery_type", val);
+ if (ret == 0 && g_strcmp0 (val, "fw") == 0)
+ return FALSE;
+
+ /* Not a firmware-discovered node, maintain legacy rules */
+ return TRUE;
+}
+
gint
iscsi_login (UDisksLinuxModuleISCSI *module,
const gchar *name,
@@ -317,7 +342,7 @@ iscsi_login (UDisksLinuxModuleISCSI *module,
err = iscsi_perform_login_action (module,
ACTION_LOGIN,
&node,
- &auth_info,
+ is_auth_required (ctx, &node, &auth_info) ? &auth_info : NULL,
errorstr);
}

View File

@ -0,0 +1,75 @@
commit fab797fcf5e4c8e09e4cde45647951acd764415e
Author: Tomas Bzatek <tbzatek@redhat.com>
Date: Mon Oct 10 13:58:15 2022 +0200
tests: Add bad auth test for iscsi
This tests that the auth info is properly set for each login call,
overriding previously set auth info with no trace.
diff --git a/src/tests/dbus-tests/test_30_iscsi.py b/src/tests/dbus-tests/test_30_iscsi.py
index 34bdfc4b..6ac8386b 100644
--- a/src/tests/dbus-tests/test_30_iscsi.py
+++ b/src/tests/dbus-tests/test_30_iscsi.py
@@ -284,3 +284,61 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
# make sure the session object is no longer on dbus
objects = udisks.GetManagedObjects(dbus_interface='org.freedesktop.DBus.ObjectManager')
self.assertNotIn(session_path, objects.keys())
+
+ def test_login_noauth_badauth(self):
+ """
+ Test auth info override
+ """
+ manager = self.get_object('/Manager')
+ nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options,
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
+
+ node = next((node for node in nodes if node[0] == self.noauth_iqn), None)
+ self.assertIsNotNone(node)
+
+ (iqn, tpg, host, port, iface) = node
+ self.assertEqual(iqn, self.noauth_iqn)
+ self.assertEqual(host, self.address)
+ self.assertEqual(port, self.port)
+
+ self.addCleanup(self._force_lougout, self.noauth_iqn)
+
+ # first attempt - wrong password
+ options = dbus.Dictionary(signature='sv')
+ options['username'] = self.initiator
+ msg = 'Login failed: initiator reported error'
+ with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
+ options['password'] = '12345'
+ manager.Login(iqn, tpg, host, port, iface, options,
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
+
+ # second atttempt - no password
+ manager.Login(iqn, tpg, host, port, iface, self.no_options,
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
+
+ devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
+ self.assertEqual(len(devs), 1)
+
+ # check if the block device have 'Symlinks' property updated
+ disk_name = os.path.realpath(devs[0]).split('/')[-1]
+ disk_obj = self.get_object('/block_devices/' + disk_name)
+ dbus_path = str(disk_obj.object_path)
+ self.assertIsNotNone(disk_obj)
+
+ symlinks = self.get_property_raw(disk_obj, '.Block', 'Symlinks')
+ self.assertIn(self.str_to_ay(devs[0]), symlinks)
+
+ manager.Logout(iqn, tpg, host, port, iface, self.no_options,
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
+
+ devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
+ self.assertEqual(len(devs), 0)
+
+ # make sure the disk is no longer on dbus
+ udisks = self.get_object('')
+ objects = udisks.GetManagedObjects(dbus_interface='org.freedesktop.DBus.ObjectManager')
+ self.assertNotIn(dbus_path, objects.keys())

View File

@ -0,0 +1,51 @@
commit 13a6a27eecdd1fb527b9151309366970b182a58d
Author: Tomas Bzatek <tbzatek@redhat.com>
Date: Thu Oct 20 17:17:10 2022 +0200
tests: Fix LIO target config auth
Linux kernel 6.0 brought number of the LIO target changes related to authentication
that made our tests fail. Turned out our target config was incorrect, e.g.
not requiring auth for CHAP tests, etc. The kernel 6.0 looks to be more strict
in this regard.
diff --git a/src/tests/dbus-tests/targetcli_config.json b/src/tests/dbus-tests/targetcli_config.json
index 25d506b6..3be9eac2 100644
--- a/src/tests/dbus-tests/targetcli_config.json
+++ b/src/tests/dbus-tests/targetcli_config.json
@@ -385,7 +385,7 @@
"tpgs": [
{
"attributes": {
- "authentication": 0,
+ "authentication": 1,
"cache_dynamic_acls": 0,
"default_cmdsn_depth": 64,
"default_erl": 0,
@@ -432,7 +432,7 @@
}
],
"parameters": {
- "AuthMethod": "CHAP,None",
+ "AuthMethod": "CHAP",
"DataDigest": "CRC32C,None",
"DataPDUInOrder": "Yes",
"DataSequenceInOrder": "Yes",
@@ -471,7 +471,7 @@
"tpgs": [
{
"attributes": {
- "authentication": 0,
+ "authentication": 1,
"cache_dynamic_acls": 0,
"default_cmdsn_depth": 64,
"default_erl": 0,
@@ -520,7 +520,7 @@
}
],
"parameters": {
- "AuthMethod": "CHAP,None",
+ "AuthMethod": "CHAP",
"DataDigest": "CRC32C,None",
"DataPDUInOrder": "Yes",
"DataSequenceInOrder": "Yes",

View File

@ -0,0 +1,37 @@
commit 1bf172603e4cc77da70d8fd13b6ba6c8b8c91600
Author: Tomas Bzatek <tbzatek@redhat.com>
Date: Thu Oct 20 17:53:20 2022 +0200
tests: Test iscsi noauth in test_login_chap_auth
The other way is already tested in test_login_noauth_badauth.
diff --git a/src/tests/dbus-tests/test_30_iscsi.py b/src/tests/dbus-tests/test_30_iscsi.py
index 2b75462a..f2594d99 100644
--- a/src/tests/dbus-tests/test_30_iscsi.py
+++ b/src/tests/dbus-tests/test_30_iscsi.py
@@ -151,8 +151,14 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
options = dbus.Dictionary(signature='sv')
options['username'] = self.initiator
+ msg = 'Login failed: initiator reported error \(24 - iSCSI login failed due to authorization failure\)'
+ # missing auth info
+ with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
+ manager.Login(iqn, tpg, host, port, iface, self.no_options,
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
+
# wrong password
- msg = 'Login failed: initiator reported error'
with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
options['password'] = '12345'
manager.Login(iqn, tpg, host, port, iface, options,
@@ -318,7 +324,7 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
# first attempt - wrong password
options = dbus.Dictionary(signature='sv')
options['username'] = self.initiator
- msg = 'Login failed: initiator reported error'
+ msg = r'Login failed: initiator reported error \((19 - encountered non-retryable iSCSI login failure|24 - iSCSI login failed due to authorization failure)\)'
with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
options['password'] = '12345'
manager.Login(iqn, tpg, host, port, iface, options,

View File

@ -0,0 +1,42 @@
From fbe970add68e6d9d998fb7f78377368c403e200d Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Mon, 31 Oct 2022 15:15:31 +0100
Subject: [PATCH] tests: Restart iscsid on every InitiatorName change
The test LIO target config expects a specific initiator name as set
by the ACLs. However the iscsid daemon only seems to be reading
the InitiatorName string on startup and in case the service is running
with a different name, the auth tests will fail.
As a workaround, restart the iscsid service after each change.
A proper way through libiscsi or libopeniscsiusr would be nice -> TODO.
---
src/tests/dbus-tests/test_30_iscsi.py | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/tests/dbus-tests/test_30_iscsi.py b/src/tests/dbus-tests/test_30_iscsi.py
index f2594d992..09e975f30 100644
--- a/src/tests/dbus-tests/test_30_iscsi.py
+++ b/src/tests/dbus-tests/test_30_iscsi.py
@@ -48,9 +48,21 @@ def _force_lougout(self, target):
def _set_initiator_name(self):
manager = self.get_object('/Manager')
+ # make backup of INITIATOR_FILE and restore it at the end
+ try:
+ initiatorname_backup = self.read_file(INITIATOR_FILE)
+ self.addCleanup(self.write_file, INITIATOR_FILE, initiatorname_backup)
+ except FileNotFoundError as e:
+ # no existing file, simply remove it once finished
+ self.addCleanup(self.remove_file, INITIATOR_FILE, True)
+
manager.SetInitiatorName(self.initiator, self.no_options,
dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ # running iscsid needs to be restarted to reflect the change
+ self.run_command('systemctl try-reload-or-restart iscsid.service')
+ # ignore the return code in case of non-systemd distros
+
init = manager.GetInitiatorName(self.no_options,
dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
self.assertEqual(init, self.initiator)

View File

@ -0,0 +1,156 @@
commit 4090b87a1468fcc479aafd264328abfed471daeb
Author: Tomas Bzatek <tbzatek@redhat.com>
Date: Thu Jun 3 16:09:10 2021 +0200
tests: Extend iscsi method call timeouts
The default tests 100 sec. D-Bus method call timeout is not enough as
the iscsi initiator timeouts are typically around 120 sec, e.g. for
the Login operation.
diff --git a/src/tests/dbus-tests/test_30_iscsi.py b/src/tests/dbus-tests/test_30_iscsi.py
index 8ec6858c..34bdfc4b 100644
--- a/src/tests/dbus-tests/test_30_iscsi.py
+++ b/src/tests/dbus-tests/test_30_iscsi.py
@@ -26,6 +26,12 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
chap_iqn = 'iqn.2003-01.udisks.test:iscsi-test-chap'
mutual_iqn = 'iqn.2003-01.udisks.test:iscsi-test-mutual'
+ # Define common D-Bus method call timeout that needs to be slightly longer
+ # than the corresponding timeout defined in libiscsi:
+ # #define ISCSID_REQ_TIMEOUT 1000
+ # In reality the timeout is typically around 120 sec for the 'login' operation.
+ iscsi_timeout = 1000 + 5
+
@classmethod
def setUpClass(cls):
udiskstestcase.UdisksTestCase.setUpClass()
@@ -78,7 +84,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
def test_login_noauth(self):
manager = self.get_object('/Manager')
nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
node = next((node for node in nodes if node[0] == self.noauth_iqn), None)
self.assertIsNotNone(node)
@@ -90,7 +97,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
self.addCleanup(self._force_lougout, self.noauth_iqn)
manager.Login(iqn, tpg, host, port, iface, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
self.assertEqual(len(devs), 1)
@@ -105,7 +113,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
self.assertIn(self.str_to_ay(devs[0]), symlinks)
manager.Logout(iqn, tpg, host, port, iface, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
self.assertEqual(len(devs), 0)
@@ -120,7 +129,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
manager = self.get_object('/Manager')
nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
node = next((node for node in nodes if node[0] == self.chap_iqn), None)
self.assertIsNotNone(node)
@@ -138,14 +148,16 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
options['password'] = '12345'
manager.Login(iqn, tpg, host, port, iface, options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
# right password
options['password'] = self.password
self.addCleanup(self._force_lougout, self.chap_iqn)
manager.Login(iqn, tpg, host, port, iface, options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
self.assertEqual(len(devs), 1)
@@ -160,7 +172,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
self.assertIn(self.str_to_ay(devs[0]), symlinks)
manager.Logout(iqn, tpg, host, port, iface, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
self.assertEqual(len(devs), 0)
@@ -175,7 +188,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
manager = self.get_object('/Manager')
nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
node = next((node for node in nodes if node[0] == self.mutual_iqn), None)
self.assertIsNotNone(node)
@@ -193,7 +207,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
self.addCleanup(self._force_lougout, self.mutual_iqn)
manager.Login(iqn, tpg, host, port, iface, options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
self.assertEqual(len(devs), 1)
@@ -208,7 +223,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
self.assertIn(self.str_to_ay(devs[0]), symlinks)
manager.Logout(iqn, tpg, host, port, iface, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
self.assertEqual(len(devs), 0)
@@ -228,7 +244,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
self.skipTest("ISCSI.Session objects not supported.")
nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
node = next((node for node in nodes if node[0] == self.noauth_iqn), None)
self.assertIsNotNone(node)
@@ -237,7 +254,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
self.addCleanup(self._force_lougout, self.noauth_iqn)
manager.Login(iqn, tpg, host, port, iface, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
# /org/freedesktop/UDisks2/iscsi/sessionX should be created
udisks = self.get_object('')
@@ -260,7 +278,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
# logout using session
session.Logout(self.no_options,
- dbus_interface=self.iface_prefix + '.ISCSI.Session')
+ dbus_interface=self.iface_prefix + '.ISCSI.Session',
+ timeout=self.iscsi_timeout)
# make sure the session object is no longer on dbus
objects = udisks.GetManagedObjects(dbus_interface='org.freedesktop.DBus.ObjectManager')

View File

@ -0,0 +1,113 @@
From 28c39786927ad683f56c031d80a5c06f5b5b9aea Mon Sep 17 00:00:00 2001
From: Marius Vollmer <mvollmer@redhat.com>
Date: Tue, 5 Apr 2022 11:23:23 +0300
Subject: [PATCH] lvm2: Only install results of most recently started udpates
Fixes #966
---
modules/lvm2/udiskslinuxmodulelvm2.c | 13 ++++++++++++-
modules/lvm2/udiskslinuxvolumegroupobject.c | 12 ++++++++++++
2 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/modules/lvm2/udiskslinuxmodulelvm2.c b/modules/lvm2/udiskslinuxmodulelvm2.c
index 8e1ea13aec..77ecf94a6d 100644
--- a/modules/lvm2/udiskslinuxmodulelvm2.c
+++ b/modules/lvm2/udiskslinuxmodulelvm2.c
@@ -59,6 +59,8 @@ struct _UDisksLinuxModuleLVM2 {
gint delayed_update_id;
gboolean coldplug_done;
+
+ guint32 update_epoch;
};
typedef struct _UDisksLinuxModuleLVM2Class UDisksLinuxModuleLVM2Class;
@@ -86,6 +88,7 @@ udisks_linux_module_lvm2_constructed (GObject *object)
module->name_to_volume_group = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, (GDestroyNotify) g_object_unref);
module->coldplug_done = FALSE;
+ module->update_epoch = 0;
if (G_OBJECT_CLASS (udisks_linux_module_lvm2_parent_class)->constructed)
G_OBJECT_CLASS (udisks_linux_module_lvm2_parent_class)->constructed (object);
@@ -221,6 +224,12 @@ lvm_update_vgs (GObject *source_obj,
gpointer key, value;
const gchar *vg_name;
+ if (GPOINTER_TO_UINT (user_data) != module->update_epoch)
+ {
+ vgs_pvs_data_free (data);
+ return;
+ }
+
if (! data)
{
if (error)
@@ -303,11 +312,13 @@ lvm_update (UDisksLinuxModuleLVM2 *module)
{
GTask *task;
+ module->update_epoch++;
+
/* the callback (lvm_update_vgs) is called in the default main loop (context) */
task = g_task_new (module,
NULL /* cancellable */,
lvm_update_vgs,
- NULL /* callback_data */);
+ GUINT_TO_POINTER (module->update_epoch));
/* holds a reference to 'task' until it is finished */
g_task_run_in_thread (task, (GTaskThreadFunc) vgs_task_func);
diff --git a/modules/lvm2/udiskslinuxvolumegroupobject.c b/modules/lvm2/udiskslinuxvolumegroupobject.c
index ce941cb250..ead08de7b1 100644
--- a/modules/lvm2/udiskslinuxvolumegroupobject.c
+++ b/modules/lvm2/udiskslinuxvolumegroupobject.c
@@ -66,6 +66,7 @@ struct _UDisksLinuxVolumeGroupObject
gchar *name;
GHashTable *logical_volumes;
+ guint32 update_epoch;
guint32 poll_epoch;
guint poll_timeout_id;
gboolean poll_requested;
@@ -99,6 +100,7 @@ static void crypttab_changed (UDisksCrypttabMonitor *monitor,
typedef struct {
BDLVMVGdata *vg_info;
GSList *vg_pvs;
+ guint32 epoch;
} VGUpdateData;
static void
@@ -183,6 +185,7 @@ udisks_linux_volume_group_object_set_property (GObject *__object,
static void
udisks_linux_volume_group_object_init (UDisksLinuxVolumeGroupObject *object)
{
+ object->update_epoch = 0;
object->poll_epoch = 0;
object->poll_timeout_id = 0;
object->poll_requested = FALSE;
@@ -575,6 +578,12 @@ update_vg (GObject *source_obj,
BDLVMVGdata *vg_info = data->vg_info;
GSList *vg_pvs = data->vg_pvs;
+ if (data->epoch != object->update_epoch)
+ {
+ lv_list_free (lvs);
+ return;
+ }
+
/* free the data container (but not 'vg_info' and 'vg_pvs') */
g_free (data);
@@ -711,8 +720,11 @@ udisks_linux_volume_group_object_update (UDisksLinuxVolumeGroupObject *object, B
gchar *vg_name = g_strdup (vg_info->name);
GTask *task = NULL;
+ object->update_epoch++;
+
data->vg_info = vg_info;
data->vg_pvs = pvs;
+ data->epoch = object->update_epoch;
/* the callback (update_vg) is called in the default main loop (context) */
task = g_task_new (g_object_ref (object), NULL /* cancellable */, update_vg, data /* callback_data */);

View File

@ -0,0 +1,26 @@
From f24601b1d1302350fff15f326bfe3cfabde05f4c Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Fri, 19 May 2023 17:17:56 +0200
Subject: [PATCH] lvm2: Trigger uevent sync on block devices when creating new
VG
This will likely slow down processing with the hope that
more objects have their properties updated properly.
---
modules/lvm2/udiskslinuxmanagerlvm2.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/modules/lvm2/udiskslinuxmanagerlvm2.c b/modules/lvm2/udiskslinuxmanagerlvm2.c
index b0c62fdcd6..5c06b921df 100644
--- a/modules/lvm2/udiskslinuxmanagerlvm2.c
+++ b/modules/lvm2/udiskslinuxmanagerlvm2.c
@@ -384,7 +384,8 @@ handle_volume_group_create (UDisksManagerLVM2 *_object,
UDisksObject *object_for_block;
object_for_block = udisks_daemon_util_dup_object (block, &error);
if (object_for_block != NULL)
- udisks_linux_block_object_trigger_uevent (UDISKS_LINUX_BLOCK_OBJECT (object_for_block));
+ udisks_linux_block_object_trigger_uevent_sync (UDISKS_LINUX_BLOCK_OBJECT (object_for_block),
+ UDISKS_DEFAULT_WAIT_TIMEOUT);
g_object_unref (object_for_block);
}

View File

@ -0,0 +1,405 @@
diff -up udisks-2.9.0/src/tests/dbus-tests/test_50_block.py.bak udisks-2.9.0/src/tests/dbus-tests/test_50_block.py
--- udisks-2.9.0/src/tests/dbus-tests/test_50_block.py.bak 2020-05-26 14:59:20.000000000 +0200
+++ udisks-2.9.0/src/tests/dbus-tests/test_50_block.py 2023-06-02 17:08:45.203845819 +0200
@@ -11,6 +11,8 @@ import udiskstestcase
class UdisksBlockTest(udiskstestcase.UdisksTestCase):
'''This is a basic block device test suite'''
+ LUKS_PASSPHRASE = 'shouldnotseeme'
+
def _close_luks(self, disk):
disk.Lock(self.no_options, dbus_interface=self.iface_prefix + '.Encrypted')
@@ -201,7 +203,7 @@ class UdisksBlockTest(udiskstestcase.Udi
# format the disk
disk = self.get_object('/block_devices/' + os.path.basename(self.vdevs[0]))
- disk.Format('xfs', {'encrypt.passphrase': 'test'}, dbus_interface=self.iface_prefix + '.Block')
+ disk.Format('xfs', {'encrypt.passphrase': self.LUKS_PASSPHRASE}, dbus_interface=self.iface_prefix + '.Block')
# cleanup -- close the luks and remove format
self.addCleanup(self.wipe_fs, self.vdevs[0])
@@ -209,7 +211,7 @@ class UdisksBlockTest(udiskstestcase.Udi
# configuration items as arrays of dbus.Byte
opts = self.str_to_ay('verify')
- passwd = self.str_to_ay('test')
+ passwd = self.str_to_ay(self.LUKS_PASSPHRASE)
# set the new configuration
conf = dbus.Dictionary({'passphrase-contents': passwd,
@@ -254,7 +256,7 @@ class UdisksBlockTest(udiskstestcase.Udi
# format the disk
disk = self.get_object('/block_devices/' + os.path.basename(self.vdevs[0]))
- disk.Format('xfs', {'encrypt.passphrase': 'test'}, dbus_interface=self.iface_prefix + '.Block')
+ disk.Format('xfs', {'encrypt.passphrase': self.LUKS_PASSPHRASE}, dbus_interface=self.iface_prefix + '.Block')
# cleanup -- close the luks and remove format
self.addCleanup(self.wipe_fs, self.vdevs[0])
diff -up udisks-2.9.0/src/tests/dbus-tests/test_70_encrypted.py.bak udisks-2.9.0/src/tests/dbus-tests/test_70_encrypted.py
--- udisks-2.9.0/src/tests/dbus-tests/test_70_encrypted.py.bak 2020-05-26 14:59:20.000000000 +0200
+++ udisks-2.9.0/src/tests/dbus-tests/test_70_encrypted.py 2023-06-02 17:07:33.828531988 +0200
@@ -40,6 +40,9 @@ def _get_blkid_version():
class UdisksEncryptedTest(udiskstestcase.UdisksTestCase):
'''This is an encrypted device test suite'''
+ PASSPHRASE = 'shouldnotseeme'
+ LUKS_NAME = 'myshinylittleluks'
+
def _create_luks(self, device, passphrase, binary=False):
raise NotImplementedError()
@@ -60,7 +63,7 @@ class UdisksEncryptedTest(udiskstestcase
disk_name = os.path.basename(self.vdevs[0])
disk = self.get_object('/block_devices/' + disk_name)
- self._create_luks(disk, 'test')
+ self._create_luks(disk, self.PASSPHRASE)
self.addCleanup(self._remove_luks, disk)
self.udev_settle()
@@ -124,7 +127,7 @@ class UdisksEncryptedTest(udiskstestcase
disk_name = os.path.basename(self.vdevs[0])
disk = self.get_object('/block_devices/' + disk_name)
- self._create_luks(disk, 'test')
+ self._create_luks(disk, self.PASSPHRASE)
self.addCleanup(self._remove_luks, disk)
self.udev_settle()
@@ -160,11 +163,11 @@ class UdisksEncryptedTest(udiskstestcase
# wrong password
msg = 'org.freedesktop.UDisks2.Error.Failed: Error unlocking %s *' % self.vdevs[0]
with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
- disk.Unlock('shbdkjaf', self.no_options,
+ disk.Unlock('abcdefghijklmn', self.no_options,
dbus_interface=self.iface_prefix + '.Encrypted')
# right password
- luks = disk.Unlock('test', self.no_options,
+ luks = disk.Unlock(self.PASSPHRASE, self.no_options,
dbus_interface=self.iface_prefix + '.Encrypted')
self.assertIsNotNone(luks)
self.assertTrue(os.path.exists('/dev/disk/by-uuid/%s' % luks_uuid))
@@ -180,7 +183,7 @@ class UdisksEncryptedTest(udiskstestcase
# read-only
ro_opts = dbus.Dictionary({'read-only': dbus.Boolean(True)}, signature=dbus.Signature('sv'))
- luks = disk.Unlock('test', ro_opts,
+ luks = disk.Unlock(self.PASSPHRASE, ro_opts,
dbus_interface=self.iface_prefix + '.Encrypted')
self.assertIsNotNone(luks)
self.assertTrue(os.path.exists('/dev/disk/by-uuid/%s' % luks_uuid))
@@ -196,13 +199,10 @@ class UdisksEncryptedTest(udiskstestcase
crypttab = self.read_file('/etc/crypttab')
self.addCleanup(self.write_file, '/etc/crypttab', crypttab)
- passwd = 'test'
- luks_name = 'myshinylittleluks'
-
disk_name = os.path.basename(self.vdevs[0])
disk = self.get_object('/block_devices/' + disk_name)
- self._create_luks(disk, passwd)
+ self._create_luks(disk, self.PASSPHRASE)
self.addCleanup(self._remove_luks, disk)
self.udev_settle()
@@ -212,22 +212,22 @@ class UdisksEncryptedTest(udiskstestcase
disk.Lock(self.no_options, dbus_interface=self.iface_prefix + '.Encrypted')
# add new entry to the crypttab
- new_crypttab = crypttab + '%s UUID=%s none\n' % (luks_name, disk_uuid)
+ new_crypttab = crypttab + '%s UUID=%s none\n' % (self.LUKS_NAME, disk_uuid)
self.write_file('/etc/crypttab', new_crypttab)
# give udisks time to react to change of the file
time.sleep(5)
dbus_conf = disk.GetSecretConfiguration(self.no_options, dbus_interface=self.iface_prefix + '.Block')
self.assertIsNotNone(dbus_conf)
- self.assertEqual(self.ay_to_str(dbus_conf[0][1]['name']), luks_name)
+ self.assertEqual(self.ay_to_str(dbus_conf[0][1]['name']), self.LUKS_NAME)
# unlock the device
- luks = disk.Unlock(passwd, self.no_options,
+ luks = disk.Unlock(self.PASSPHRASE, self.no_options,
dbus_interface=self.iface_prefix + '.Encrypted')
self.assertIsNotNone(luks)
# unlock should use name from crypttab for the /dev/mapper device
- dm_path = '/dev/mapper/%s' % luks_name
+ dm_path = '/dev/mapper/%s' % self.LUKS_NAME
self.assertTrue(os.path.exists(dm_path))
# preferred 'device' should be /dev/mapper/name too
@@ -242,8 +242,7 @@ class UdisksEncryptedTest(udiskstestcase
crypttab = self.read_file('/etc/crypttab')
self.addCleanup(self.write_file, '/etc/crypttab', crypttab)
- passwd = b'test\0test'
- luks_name = 'myshinylittleluks'
+ passwd = b'testtesttest\0testtesttest'
# create key file
_fd, key_file = tempfile.mkstemp()
@@ -264,14 +263,14 @@ class UdisksEncryptedTest(udiskstestcase
disk.Lock(self.no_options, dbus_interface=self.iface_prefix + '.Encrypted')
# add new entry to the crypttab
- new_crypttab = crypttab + '%s UUID=%s %s\n' % (luks_name, disk_uuid, key_file)
+ new_crypttab = crypttab + '%s UUID=%s %s\n' % (self.LUKS_NAME, disk_uuid, key_file)
self.write_file('/etc/crypttab', new_crypttab)
# give udisks time to react to change of the file
time.sleep(5)
dbus_conf = disk.GetSecretConfiguration(self.no_options, dbus_interface=self.iface_prefix + '.Block')
self.assertIsNotNone(dbus_conf)
- self.assertEqual(self.ay_to_str(dbus_conf[0][1]['name']), luks_name)
+ self.assertEqual(self.ay_to_str(dbus_conf[0][1]['name']), self.LUKS_NAME)
self.assertEqual(self.ay_to_str(dbus_conf[0][1]['passphrase-path']), key_file)
# unlock the device using empty passphrase (should use the key file)
@@ -280,7 +279,7 @@ class UdisksEncryptedTest(udiskstestcase
self.assertIsNotNone(luks)
# unlock should use name from crypttab for the /dev/mapper device
- dm_path = '/dev/mapper/%s' % luks_name
+ dm_path = '/dev/mapper/%s' % self.LUKS_NAME
self.assertTrue(os.path.exists(dm_path))
# preferred 'device' should be /dev/mapper/name too
@@ -293,7 +292,7 @@ class UdisksEncryptedTest(udiskstestcase
disk_name = os.path.basename(self.vdevs[0])
disk = self.get_object('/block_devices/' + disk_name)
- self._create_luks(disk, 'test')
+ self._create_luks(disk, self.PASSPHRASE)
self.addCleanup(self._remove_luks, disk)
self.udev_settle()
@@ -320,11 +319,11 @@ class UdisksEncryptedTest(udiskstestcase
disk_name = os.path.basename(self.vdevs[0])
disk = self.get_object('/block_devices/' + disk_name)
- self._create_luks(disk, 'test')
+ self._create_luks(disk, self.PASSPHRASE)
self.addCleanup(self._remove_luks, disk)
self.udev_settle()
- disk.ChangePassphrase('test', 'password', self.no_options,
+ disk.ChangePassphrase(self.PASSPHRASE, self.PASSPHRASE + '222', self.no_options,
dbus_interface=self.iface_prefix + '.Encrypted')
disk.Lock(self.no_options, dbus_interface=self.iface_prefix + '.Encrypted')
@@ -332,11 +331,11 @@ class UdisksEncryptedTest(udiskstestcase
# old password, should fail
msg = 'org.freedesktop.UDisks2.Error.Failed: Error unlocking %s *' % self.vdevs[0]
with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
- disk.Unlock('test', self.no_options,
+ disk.Unlock(self.PASSPHRASE, self.no_options,
dbus_interface=self.iface_prefix + '.Encrypted')
# new password
- luks = disk.Unlock('password', self.no_options,
+ luks = disk.Unlock(self.PASSPHRASE + '222', self.no_options,
dbus_interface=self.iface_prefix + '.Encrypted')
self.assertIsNotNone(luks)
@@ -347,7 +346,7 @@ class UdisksEncryptedTest(udiskstestcase
def test_resize(self):
device = self.get_device(self.vdevs[0])
- self._create_luks(device, 'test')
+ self._create_luks(device, self.PASSPHRASE)
self.addCleanup(self._remove_luks, device)
self.udev_settle()
@@ -376,8 +375,6 @@ class UdisksEncryptedTest(udiskstestcase
fstab = self.read_file('/etc/fstab')
self.addCleanup(self.write_file, '/etc/fstab', fstab)
- passphrase = 'test'
-
disk_name = os.path.basename(self.vdevs[0])
disk = self.get_object('/block_devices/' + disk_name)
@@ -388,7 +385,7 @@ class UdisksEncryptedTest(udiskstestcase
self.assertIsNotNone(part)
# create LUKS on the partition and add it to crypttab
- self._create_luks(part, passphrase)
+ self._create_luks(part, self.PASSPHRASE)
self.udev_settle()
conf = dbus.Dictionary({'name': self.str_to_ay('udisks_luks_test'),
@@ -525,10 +522,8 @@ class UdisksEncryptedTestLUKS2(UdisksEnc
super(UdisksEncryptedTestLUKS2, self).setUp()
def test_resize(self):
- passwd = 'test'
-
device = self.get_device(self.vdevs[0])
- self._create_luks(device, passwd)
+ self._create_luks(device, self.PASSPHRASE)
self.addCleanup(self._remove_luks, device)
self.udev_settle()
@@ -554,7 +549,7 @@ class UdisksEncryptedTestLUKS2(UdisksEnc
# right passphrase
d = dbus.Dictionary(signature='sv')
- d['passphrase'] = passwd
+ d['passphrase'] = self.PASSPHRASE
device.Resize(dbus.UInt64(100*1024*1024), d,
dbus_interface=self.iface_prefix + '.Encrypted')
@@ -563,7 +558,7 @@ class UdisksEncryptedTestLUKS2(UdisksEnc
# resize back to the original size (using binary passphrase)
d = dbus.Dictionary(signature='sv')
- d['keyfile_contents'] = self.str_to_ay(passwd, False)
+ d['keyfile_contents'] = self.str_to_ay(self.PASSPHRASE, False)
device.Resize(dbus.UInt64(clear_size), d,
dbus_interface=self.iface_prefix + '.Encrypted')
@@ -581,7 +576,7 @@ class UdisksEncryptedTestLUKS2(UdisksEnc
# create LUKS without specifying version
options = dbus.Dictionary(signature='sv')
- options['encrypt.passphrase'] = 'test'
+ options['encrypt.passphrase'] = self.PASSPHRASE
disk.Format('xfs', options,
dbus_interface=self.iface_prefix + '.Block')
@@ -617,14 +612,12 @@ class UdisksEncryptedTestLUKS2(UdisksEnc
@udiskstestcase.tag_test(udiskstestcase.TestTags.UNSTABLE)
def test_integrity(self):
- passwd = 'test'
-
cryptsetup_version = _get_cryptsetup_version()
if cryptsetup_version < LooseVersion('2.2.0'):
self.skipTest('Integrity devices are not marked as internal in cryptsetup < 2.2.0')
device = self.get_device(self.vdevs[0])
- self._create_luks_integrity(self.vdevs[0], passwd)
+ self._create_luks_integrity(self.vdevs[0], self.PASSPHRASE)
self.addCleanup(self._remove_luks, device)
self.udev_settle()
@@ -634,7 +627,7 @@ class UdisksEncryptedTestLUKS2(UdisksEnc
# the device is not opened, we need to read the UUID from LUKS metadata
luks_uuid = BlockDev.crypto_luks_uuid(self.vdevs[0])
- luks_path = device.Unlock('test', self.no_options,
+ luks_path = device.Unlock(self.PASSPHRASE, self.no_options,
dbus_interface=self.iface_prefix + '.Encrypted')
self.assertIsNotNone(luks_path)
self.assertTrue(os.path.exists('/dev/disk/by-uuid/%s' % luks_uuid))
diff -up udisks-2.9.0/src/tests/integration-test.bak udisks-2.9.0/src/tests/integration-test
--- udisks-2.9.0/src/tests/integration-test.bak 2020-05-26 14:59:20.000000000 +0200
+++ udisks-2.9.0/src/tests/integration-test 2023-06-02 16:59:52.841963720 +0200
@@ -1321,7 +1321,7 @@ class Luks(UDisksTestCase):
def setup_crypto_device(self):
self.fs_create(None, 'ext4', GLib.Variant('a{sv}', {
- 'encrypt.passphrase': GLib.Variant('s', 's3kr1t'),
+ 'encrypt.passphrase': GLib.Variant('s', 's3kr1ts3kr1t'),
'label': GLib.Variant('s', 'treasure')}))
self.client.settle()
crypt_obj = self.client.get_object(self.udisks_block().get_object_path())
@@ -1332,7 +1332,7 @@ class Luks(UDisksTestCase):
@staticmethod
def unlock_crypto_device(encrypted):
return encrypted.call_unlock_sync(
- 's3kr1t', no_options, None)
+ 's3kr1ts3kr1t', no_options, None)
def tearDown(self):
"""clean up behind failed test cases"""
@@ -1400,7 +1400,7 @@ class Luks(UDisksTestCase):
udev_dump = subprocess.Popen(['udevadm', 'info', '--export-db'],
stdout=subprocess.PIPE)
out = udev_dump.communicate()[0]
- self.assertFalse(b's3kr1t' in out, 'password in udev properties')
+ self.assertFalse(b's3kr1ts3kr1t' in out, 'password in udev properties')
self.assertFalse(b'essiv:sha' in out, 'key information in udev properties')
finally:
@@ -1510,18 +1510,18 @@ class Luks(UDisksTestCase):
encrypted = self.setup_crypto_device()
# wrong password, has bytes after a trailing '\0'
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
- '', Luks.keyfile_options(b's3kr1t\0X'), None)
+ '', Luks.keyfile_options(b's3kr1ts3kr1t\0X'), None)
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
- '', Luks.keyfile_options(b's3kr1t\n'), None)
+ '', Luks.keyfile_options(b's3kr1ts3kr1t\n'), None)
# correct password, specified as keyfile
- encrypted.call_unlock_sync('', Luks.keyfile_options(b's3kr1t'), None)
+ encrypted.call_unlock_sync('', Luks.keyfile_options(b's3kr1ts3kr1t'), None)
encrypted.call_lock_sync(no_options, None)
def test_plaintext_keyfile(self):
"""Setup a device using a plaintext keyfile."""
# Using a plaintext keyfile should be equivalent to passphrase
self.fs_create(None, 'ext4', GLib.Variant('a{sv}', {
- 'encrypt.passphrase': GLib.Variant('ay', _bytes_to_ay(b's3kr1t')),
+ 'encrypt.passphrase': GLib.Variant('ay', _bytes_to_ay(b's3kr1ts3kr1t')),
'label': GLib.Variant('s', 'treasure')}))
crypt_obj = self.client.get_object(self.udisks_block().get_object_path())
@@ -1532,16 +1532,16 @@ class Luks(UDisksTestCase):
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
'h4ckpassword', no_options, None)
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
- '', Luks.keyfile_options(b's3kr1t\0X'), None)
+ '', Luks.keyfile_options(b's3kr1ts3kr1t\0X'), None)
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
- '', Luks.keyfile_options(b's3kr1t\n'), None)
+ '', Luks.keyfile_options(b's3kr1ts3kr1t\n'), None)
# correct password
- encrypted.call_unlock_sync('', Luks.keyfile_options(b's3kr1t'), None)
+ encrypted.call_unlock_sync('', Luks.keyfile_options(b's3kr1ts3kr1t'), None)
encrypted.call_lock_sync(no_options, None)
# correct password, specified as passphrase
- encrypted.call_unlock_sync('s3kr1t', no_options, None)
+ encrypted.call_unlock_sync('s3kr1ts3kr1t', no_options, None)
encrypted.call_lock_sync(no_options, None)
def test_binary_keyfile(self):
@@ -1607,11 +1607,11 @@ class Luks(UDisksTestCase):
encrypted = self.setup_crypto_device()
# change: passphrase -> passphrase
- encrypted.call_change_passphrase_sync('s3kr1t', 'passphrase', no_options, None)
+ encrypted.call_change_passphrase_sync('s3kr1ts3kr1t', 'passphrase', no_options, None)
# verify new password:
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
- 's3kr1t', no_options, None)
+ 's3kr1ts3kr1t', no_options, None)
encrypted.call_unlock_sync('passphrase', no_options, None)
encrypted.call_lock_sync(no_options, None)
@@ -1644,7 +1644,7 @@ class Luks(UDisksTestCase):
# change: keyfile -> passphrase
encrypted.call_change_passphrase_sync(
- '', 's3kr1t', GLib.Variant('a{sv}', {
+ '', 's3kr1ts3kr1t', GLib.Variant('a{sv}', {
'old_keyfile_contents': GLib.Variant('ay', _bytes_to_ay(key_file_1)),
}),
None)
@@ -1652,7 +1652,7 @@ class Luks(UDisksTestCase):
# verify new password:
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
'', Luks.keyfile_options(key_file_1), None)
- encrypted.call_unlock_sync('s3kr1t', no_options, None)
+ encrypted.call_unlock_sync('s3kr1ts3kr1t', no_options, None)
encrypted.call_lock_sync(no_options, None)

View File

@ -56,7 +56,7 @@
Name: udisks2
Summary: Disk Manager
Version: 2.9.0
Release: 9%{?dist}
Release: 16%{?dist}
License: GPLv2+
Group: System Environment/Libraries
URL: https://github.com/storaged-project/udisks
@ -65,6 +65,10 @@ Patch0: udisks-2.9.1-teardown-needle-match.patch
Patch1: udisks-2.9.1-lvm_vdo-test_resize_physical-size.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1855785
Patch2: udisks-2.9.1-drive_ata_tests.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2120697
Patch3: udisks-2.10.0-block_format_ata_secure_erase.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2135773
Patch4: udisks-2.10.0-iscsi-auth-info.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1845973
Patch10: udisks-2.9.1-daemon-Always-flush-interface-property-changes.patch
Patch11: udisks-2.9.1-lvm2-Always-flush-interface-property-changes.patch
@ -75,6 +79,8 @@ Patch15: udisks-2.9.2-udisksdaemonutil-Refactor-udisks_daemon_util_trigger.patch
Patch16: udisks-2.9.2-udiskslinuxmanager-Trigger-uevent-after-loop-device-setup.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2004422
Patch17: udisks-2.9.4-ext-mount-options.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2213715
Patch18: udisks-2.10.0-iscsi_timeout.patch
Patch20: udisks-2.10.0-tests-drive_ata-apm.patch
Patch21: udisks-2.10.0-tests-no-dev_disk-by-path.patch
Patch22: tests-disable-zram.patch
@ -86,6 +92,19 @@ Patch24: udisks-2.10.0-udiskslinuxencrypted_GError.patch
Patch25: udisks-2.10.0-udiskslinuxpartition_GError.patch
Patch26: udisks-2.10.0-udiskslinuxpartitiontable_GError.patch
Patch27: udisks-2.10.0-udiskslinuxfilesystem_GError.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1966460
Patch28: udisks-2.10.0-iscsi_test_01_badauth.patch
Patch29: udisks-2.10.0-iscsi_test_02_lio_target_conf.patch
Patch31: udisks-2.10.0-iscsi_test_04_fix_test_login_chap_auth.patch
Patch32: udisks-2.10.0-iscsi_test_05_restart_iscsid.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2188991
Patch33: udisks-2.10.0-iscsi-CHAP-auth-algs.patch
Patch34: udisks-2.9.4-FIPS_LUKS_fixes-2.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2039772
Patch35: udisks-2.10.0-lvm2_update_epoch.patch
Patch36: udisks-2.10.0-lvm2_vgcreate_uevent_sync.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2213193
Patch37: udisks-2.10.0-iscsi-ibft-chap-auth.patch
BuildRequires: glib2-devel >= %{glib2_version}
BuildRequires: gobject-introspection-devel >= %{gobject_introspection_version}
@ -293,6 +312,8 @@ This package contains module for VDO management.
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
@ -301,6 +322,7 @@ This package contains module for VDO management.
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
@ -309,6 +331,15 @@ This package contains module for VDO management.
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%patch34 -p1
%patch35 -p1
%patch36 -p1
%patch37 -p1
sed -i udisks/udisks2.conf.in -e "s/encryption=luks1/encryption=%{default_luks_encryption}/"
%build
@ -501,6 +532,30 @@ fi
%endif
%changelog
* Thu Aug 03 2023 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-16
- iscsi: Fix login on firmware-discovered nodes (#2213193)
- tests: Extend iscsi method call timeouts (#2213715)
* Tue Jun 06 2023 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-15
- Reimport gating tests
* Fri Jun 02 2023 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-14
- iscsi: CHAP auth algorithm selection fixes (#2188991)
- tests: Use stronger passphrases for LUKS tests
- lvm2: Improve uevent processing (#2039772)
* Tue Nov 01 2022 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-13
- Fix iscsi test auth failures (#1966460)
* Wed Oct 19 2022 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-12
- Fix iscsi authentication info override (#2135773)
* Fri Sep 16 2022 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-11
- Fix the patch list
* Fri Sep 16 2022 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-10
- Restrict ATA Secure Erase Format() options (#2120697)
* Tue Feb 01 2022 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-9
- Fix LVM-VDO statistics tests (#2023880,#2025483)
- Fix GError ownership (#1999149)