rpms
/
udisks2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:imports/c8/udisks2-2.9.0-6.el8
Branches Tags
rpms:c8
rpms:c9
rpms:c9s
rpms:c8-beta
rpms:c9-beta
rpms:c8s
rpms:imports/c8/udisks2-2.9.0-16.el8
rpms:imports/c9/udisks2-2.9.4-9.el9
rpms:imports/c8-beta/udisks2-2.9.0-16.el8
rpms:imports/c9-beta/udisks2-2.9.4-9.el9
rpms:imports/c8/udisks2-2.9.0-13.el8
rpms:imports/c9/udisks2-2.9.4-7.el9
rpms:imports/c9-beta/udisks2-2.9.4-7.el9
rpms:imports/c8-beta/udisks2-2.9.0-13.el8
rpms:imports/c8s/udisks2-2.9.0-13.el8
rpms:imports/c8s/udisks2-2.9.0-12.el8
rpms:imports/c8s/udisks2-2.9.0-11.el8
rpms:imports/c9/udisks2-2.9.4-3.el9
rpms:imports/c8/udisks2-2.9.0-9.el8
rpms:imports/c8-beta/udisks2-2.9.0-9.el8
rpms:imports/c9-beta/udisks2-2.9.4-3.el9
rpms:imports/c8s/udisks2-2.9.0-9.el8
rpms:imports/c9-beta/udisks2-2.9.4-2.el9
rpms:imports/c9-beta/udisks2-2.9.2-6.el9
rpms:imports/c8/udisks2-2.9.0-7.el8
rpms:imports/c8s/udisks2-2.9.0-8.el8
rpms:imports/c8-beta/udisks2-2.9.0-7.el8
rpms:imports/c8-beta/udisks2-2.9.0-6.el8
rpms:imports/c8-beta/udisks2-2.9.0-3.el8
rpms:imports/c8-beta/udisks2-2.8.3-2.el8
rpms:imports/c8s/udisks2-2.9.0-7.el8
rpms:imports/c8s/udisks2-2.9.0-6.el8
rpms:imports/c8s/udisks2-2.9.0-5.el8
rpms:imports/c8s/udisks2-2.9.0-3.el8
rpms:imports/c8s/udisks2-2.9.0-1.el8
rpms:imports/c8/udisks2-2.9.0-6.el8
rpms:imports/c8/udisks2-2.9.0-3.el8
rpms:imports/c8/udisks2-2.8.3-2.el8
rpms:imports/c8/udisks2-2.8.0-2.el8
...
compare: rpms:c8
Branches Tags
rpms:c8
rpms:c9
rpms:c9s
rpms:c8-beta
rpms:c9-beta
rpms:c8s
rpms:imports/c8/udisks2-2.9.0-16.el8
rpms:imports/c9/udisks2-2.9.4-9.el9
rpms:imports/c8-beta/udisks2-2.9.0-16.el8
rpms:imports/c9-beta/udisks2-2.9.4-9.el9
rpms:imports/c8/udisks2-2.9.0-13.el8
rpms:imports/c9/udisks2-2.9.4-7.el9
rpms:imports/c9-beta/udisks2-2.9.4-7.el9
rpms:imports/c8-beta/udisks2-2.9.0-13.el8
rpms:imports/c8s/udisks2-2.9.0-13.el8
rpms:imports/c8s/udisks2-2.9.0-12.el8
rpms:imports/c8s/udisks2-2.9.0-11.el8
rpms:imports/c9/udisks2-2.9.4-3.el9
rpms:imports/c8/udisks2-2.9.0-9.el8
rpms:imports/c8-beta/udisks2-2.9.0-9.el8
rpms:imports/c9-beta/udisks2-2.9.4-3.el9
rpms:imports/c8s/udisks2-2.9.0-9.el8
rpms:imports/c9-beta/udisks2-2.9.4-2.el9
rpms:imports/c9-beta/udisks2-2.9.2-6.el9
rpms:imports/c8/udisks2-2.9.0-7.el8
rpms:imports/c8s/udisks2-2.9.0-8.el8
rpms:imports/c8-beta/udisks2-2.9.0-7.el8
rpms:imports/c8-beta/udisks2-2.9.0-6.el8
rpms:imports/c8-beta/udisks2-2.9.0-3.el8
rpms:imports/c8-beta/udisks2-2.8.3-2.el8
rpms:imports/c8s/udisks2-2.9.0-7.el8
rpms:imports/c8s/udisks2-2.9.0-6.el8
rpms:imports/c8s/udisks2-2.9.0-5.el8
rpms:imports/c8s/udisks2-2.9.0-3.el8
rpms:imports/c8s/udisks2-2.9.0-1.el8
rpms:imports/c8/udisks2-2.9.0-6.el8
rpms:imports/c8/udisks2-2.9.0-3.el8
rpms:imports/c8/udisks2-2.8.3-2.el8
rpms:imports/c8/udisks2-2.8.0-2.el8

4 Commits
imports/c8 ... c8

Author SHA1 Message Date
eabdullin 3ebd5c0d9e Import from AlmaLinux stable repository 2024-05-31 18:12:46 +00:00
CentOS Sources c0c6b446a6 import udisks2-2.9.0-13.el8 2023-05-16 07:11:42 +00:00
CentOS Sources 301aaeb7db import udisks2-2.9.0-9.el8 2022-05-10 07:17:48 +00:00
CentOS Sources cf0f2bece9 import udisks2-2.9.0-7.el8 2021-11-09 09:48:01 +00:00
23 changed files with 1739 additions and 5 deletions
Show Stats Expand all files Collapse all files

1
.udisks2.metadata
View File

@ -1 +0,0 @@
1565118b5a2d05b1b9b9c71ad3f0043ae0ee6897 SOURCES/udisks-2.9.0.tar.bz2

11
SOURCES/tests-disable-zram.patch Normal file
View File

@ -0,0 +1,11 @@
diff -up udisks-2.9.0/src/tests/dbus-tests/test_10_basic.py.bak udisks-2.9.0/src/tests/dbus-tests/test_10_basic.py
--- udisks-2.9.0/src/tests/dbus-tests/test_10_basic.py.bak 2020-05-26 14:59:20.000000000 +0200
+++ udisks-2.9.0/src/tests/dbus-tests/test_10_basic.py 2021-04-23 15:49:07.405824214 +0200
@@ -26,6 +26,7 @@ class UdisksBaseTest(udiskstestcase.Udis
elif distro in ('enterprise_linux', 'centos') and int(version) > 7:
modules.pop('bcache')
modules.pop('btrfs')
+ modules.pop('zram')
# assuming the kvdo module is typically pulled in as a vdo tool dependency
if not find_executable("vdo"):
modules.pop('vdo')

60
SOURCES/udisks-2.10.0-block_format_ata_secure_erase.patch Normal file
View File

@ -0,0 +1,60 @@
From eb917d346bc8592924c5f6566b01841176c53c8c Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Mon, 22 Aug 2022 16:27:11 +0200
Subject: [PATCH] udiskslinuxblock: Only permit ATA Secure Erase during
Format() on a whole block device
ATA Secure Erase requested as an option to the Format() method call used
to perform the actual erase on a whole drive object it looked up. When
Format() was called on a partition, this led to data loss on a whole drive.
This commit adds a safeguard to check that the Format() is requested
on a whole block device.
Severity of this issue was slightly lowered by a failure to submit
the ATA Secure erase command in case some filesystem was mounted
at that point.
---
src/udiskslinuxblock.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/src/udiskslinuxblock.c b/src/udiskslinuxblock.c
index d1da94edf..db0ed2bf6 100644
--- a/src/udiskslinuxblock.c
+++ b/src/udiskslinuxblock.c
@@ -2354,6 +2354,7 @@ erase_ata_device (UDisksBlock *block,
{
gboolean ret = FALSE;
UDisksObject *drive_object = NULL;
+ UDisksLinuxBlockObject *block_object = NULL;
UDisksDriveAta *ata = NULL;
drive_object = udisks_daemon_find_object (daemon, udisks_block_get_drive (block));
@@ -2369,6 +2370,20 @@ erase_ata_device (UDisksBlock *block,
goto out;
}
+ /* Reverse check to ensure we're erasing whole block device and not a partition */
+ block_object = udisks_linux_drive_object_get_block (UDISKS_LINUX_DRIVE_OBJECT (drive_object), FALSE /* get_hw */);
+ if (block_object == NULL)
+ {
+ g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED, "Couldn't find a block device for the drive to erase");
+ goto out;
+ }
+ if (g_strcmp0 (g_dbus_object_get_object_path (G_DBUS_OBJECT (object)),
+ g_dbus_object_get_object_path (G_DBUS_OBJECT (block_object))) != 0)
+ {
+ g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED, "ATA secure erase needs to be performed on a whole block device");
+ goto out;
+ }
+
/* sleep a tiny bit here to avoid the secure erase code racing with
* programs spawned by udev
*/
@@ -2382,6 +2397,7 @@ erase_ata_device (UDisksBlock *block,
out:
g_clear_object (&ata);
g_clear_object (&drive_object);
+ g_clear_object (&block_object);
return ret;
}

161
SOURCES/udisks-2.10.0-iscsi-CHAP-auth-algs.patch Normal file
View File

@ -0,0 +1,161 @@
From 26fcef727d68af97b1187d2ac3cad19acc3d97c8 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Tue, 16 May 2023 18:33:59 +0200
Subject: [PATCH 1/2] iscsi: Set node parameters before the Login/Logout action
This allows to properly pass required arguments like the CHAP
auth algorithms, etc.
---
modules/iscsi/udisksiscsiutil.c | 54 ++++++++++++++++++---------------
1 file changed, 29 insertions(+), 25 deletions(-)
diff --git a/modules/iscsi/udisksiscsiutil.c b/modules/iscsi/udisksiscsiutil.c
index 78890106f0..b279442876 100644
--- a/modules/iscsi/udisksiscsiutil.c
+++ b/modules/iscsi/udisksiscsiutil.c
@@ -186,9 +186,10 @@ iscsi_perform_login_action (UDisksLinuxModuleISCSI *module,
}
static gint
-iscsi_node_set_parameters (struct libiscsi_context *ctx,
- struct libiscsi_node *node,
- GVariant *params)
+iscsi_node_set_parameters (struct libiscsi_context *ctx,
+ struct libiscsi_node *node,
+ GVariant *params,
+ gchar **errorstr)
{
GVariantIter iter;
GVariant *value;
@@ -207,9 +208,11 @@ iscsi_node_set_parameters (struct libiscsi_context *ctx,
/* Update the node parameter value. */
err = libiscsi_node_set_parameter (ctx, node, key, param_value);
+ if (errorstr && err != 0)
+ *errorstr = g_strdup (libiscsi_get_error_string (ctx));
g_variant_unref (value);
- g_free ((gpointer) key);
+ g_free (key);
}
return 0;
@@ -279,7 +282,7 @@ iscsi_login (UDisksLinuxModuleISCSI *module,
const gchar *password = NULL;
const gchar *reverse_username = NULL;
const gchar *reverse_password = NULL;
- gint err;
+ gint err = 0;
g_return_val_if_fail (UDISKS_IS_LINUX_MODULE_ISCSI (module), 1);
@@ -304,17 +307,18 @@ iscsi_login (UDisksLinuxModuleISCSI *module,
/* Get iscsi context. */
ctx = udisks_linux_module_iscsi_get_libiscsi_context (module);
- /* Login */
- err = iscsi_perform_login_action (module,
- ACTION_LOGIN,
- &node,
- &auth_info,
- errorstr);
+ /* Update node parameters. */
+ if (params)
+ err = iscsi_node_set_parameters (ctx, &node, params_without_chap, errorstr);
- if (err == 0 && params)
+ /* Login */
+ if (err == 0)
{
- /* Update node parameters. */
- err = iscsi_node_set_parameters (ctx, &node, params_without_chap);
+ err = iscsi_perform_login_action (module,
+ ACTION_LOGIN,
+ &node,
+ &auth_info,
+ errorstr);
}
g_variant_unref (params_without_chap);
@@ -334,7 +338,7 @@ iscsi_logout (UDisksLinuxModuleISCSI *module,
{
struct libiscsi_context *ctx;
struct libiscsi_node node = {0,};
- gint err;
+ gint err = 0;
g_return_val_if_fail (UDISKS_IS_LINUX_MODULE_ISCSI (module), 1);
@@ -344,18 +348,18 @@ iscsi_logout (UDisksLinuxModuleISCSI *module,
/* Get iscsi context. */
ctx = udisks_linux_module_iscsi_get_libiscsi_context (module);
- /* Logout */
- err = iscsi_perform_login_action (module,
- ACTION_LOGOUT,
- &node,
- NULL,
- errorstr);
+ /* Update node parameters. */
+ if (params)
+ err = iscsi_node_set_parameters (ctx, &node, params, errorstr);
- if (err == 0 && params)
+ /* Logout */
+ if (err == 0)
{
- /* Update node parameters. */
- err = iscsi_node_set_parameters (ctx, &node, params);
-
+ err = iscsi_perform_login_action (module,
+ ACTION_LOGOUT,
+ &node,
+ NULL,
+ errorstr);
}
return err;
From 749812784abcc4c0492bda0703bff5d3dae052f9 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Tue, 16 May 2023 18:35:42 +0200
Subject: [PATCH 2/2] tests: Disallow MD5 for iscsi CHAP login
MD5 is unavailable in FIPS mode:
iscsid[82167]: iscsid: Ignoring CHAP algorthm request for MD5 due to crypto lib configuration
iscsid[82167]: iscsid: Couldn't set CHAP algorithm list
kernel: rx_data returned 0, expecting 48.
kernel: iSCSI Login negotiation failed.
---
src/tests/dbus-tests/test_30_iscsi.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/tests/dbus-tests/test_30_iscsi.py b/src/tests/dbus-tests/test_30_iscsi.py
index 09e975f30c..02ba6c92b0 100644
--- a/src/tests/dbus-tests/test_30_iscsi.py
+++ b/src/tests/dbus-tests/test_30_iscsi.py
@@ -161,6 +161,7 @@ def test_login_chap_auth(self):
self.assertEqual(port, self.port)
options = dbus.Dictionary(signature='sv')
+ options['node.session.auth.chap_algs'] = 'SHA3-256,SHA256,SHA1' # disallow MD5
options['username'] = self.initiator
msg = 'Login failed: initiator reported error \(24 - iSCSI login failed due to authorization failure\)'
@@ -227,6 +228,7 @@ def test_login_mutual_auth(self):
self.assertEqual(port, self.port)
options = dbus.Dictionary(signature='sv')
+ options['node.session.auth.chap_algs'] = 'SHA3-256,SHA256,SHA1' # disallow MD5
options['username'] = self.initiator
options['password'] = self.password
options['reverse-username'] = self.mutual_iqn
@@ -335,6 +337,7 @@ def test_login_noauth_badauth(self):
# first attempt - wrong password
options = dbus.Dictionary(signature='sv')
+ options['node.session.auth.chap_algs'] = 'SHA3-256,SHA256,SHA1' # disallow MD5
options['username'] = self.initiator
msg = r'Login failed: initiator reported error \((19 - encountered non-retryable iSCSI login failure|24 - iSCSI login failed due to authorization failure)\)'
with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):

29
SOURCES/udisks-2.10.0-iscsi-auth-info.patch Normal file
View File

@ -0,0 +1,29 @@
From 9a6e6b700b19539465ab6b241f04b94d4b3769c4 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Mon, 10 Oct 2022 13:55:29 +0200
Subject: [PATCH] iscsi: Always set auth info
In case of reusing a context auth info needs to be
always set to override previous data.
---
modules/iscsi/udisksiscsiutil.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/modules/iscsi/udisksiscsiutil.c b/modules/iscsi/udisksiscsiutil.c
index 8fdae889c7..78890106f0 100644
--- a/modules/iscsi/udisksiscsiutil.c
+++ b/modules/iscsi/udisksiscsiutil.c
@@ -171,11 +171,8 @@ iscsi_perform_login_action (UDisksLinuxModuleISCSI *module,
/* Get a libiscsi context. */
ctx = udisks_linux_module_iscsi_get_libiscsi_context (module);
- if (action == ACTION_LOGIN &&
- auth_info && auth_info->method == libiscsi_auth_chap)
- {
- libiscsi_node_set_auth (ctx, node, auth_info);
- }
+ if (action == ACTION_LOGIN && auth_info)
+ libiscsi_node_set_auth (ctx, node, auth_info);
/* Login or Logout */
err = action == ACTION_LOGIN ?

73
SOURCES/udisks-2.10.0-iscsi-ibft-chap-auth.patch Normal file
View File

@ -0,0 +1,73 @@
From 0441d0f93788b617a38b75e4a44744406976c822 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Mon, 31 Jul 2023 16:48:28 +0200
Subject: [PATCH] iscsi: Fix login on firmware-discovered nodes
There's currently no way to distinguish between force-no-auth and
use-fw-discovered-auth-info scenarios from the D-Bus API so let's
assume that the caller wants to retain the firmware-discovered auth
info unless overriden with specific CHAP credentials.
---
.../data/org.freedesktop.UDisks2.iscsi.xml | 3 +++
modules/iscsi/udisksiscsiutil.c | 27 ++++++++++++++++++-
2 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml b/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
index cf262deb68..e8a717ff1d 100644
--- a/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
+++ b/modules/iscsi/data/org.freedesktop.UDisks2.iscsi.xml
@@ -162,6 +162,9 @@
<parameter>reverse-password</parameter> will be used for CHAP
authentication.
+ Firmware-discovered nodes retain their authentication info unless
+ overriden with specified credentials (see above).
+
All the additional options are transformed into the interface
parameters. For example, if an automatic node startup is desired, the
<parameter>node.startup</parameter> needs to be set to
diff --git a/modules/iscsi/udisksiscsiutil.c b/modules/iscsi/udisksiscsiutil.c
index b279442876..fb4f5ea167 100644
--- a/modules/iscsi/udisksiscsiutil.c
+++ b/modules/iscsi/udisksiscsiutil.c
@@ -264,6 +264,31 @@ iscsi_params_pop_chap_data (GVariant *params,
return g_variant_dict_end (&dict);
}
+static gboolean
+is_auth_required (struct libiscsi_context *ctx,
+ struct libiscsi_node *node,
+ struct libiscsi_auth_info *auth_info)
+{
+ char val[LIBISCSI_VALUE_MAXLEN + 1] = {'\0',};
+ int ret;
+
+ /* TODO: No way to distinguish between the "no auth requested" and
+ * "retain discovered auth info" scenarios from the D-Bus API.
+ */
+
+ /* In case CHAP auth is requested, let's use it unconditionally */
+ if (auth_info->method != libiscsi_auth_none)
+ return TRUE;
+
+ /* Avoid auth override on firmware-discovered nodes */
+ ret = libiscsi_node_get_parameter (ctx, node, "node.discovery_type", val);
+ if (ret == 0 && g_strcmp0 (val, "fw") == 0)
+ return FALSE;
+
+ /* Not a firmware-discovered node, maintain legacy rules */
+ return TRUE;
+}
+
gint
iscsi_login (UDisksLinuxModuleISCSI *module,
const gchar *name,
@@ -317,7 +342,7 @@ iscsi_login (UDisksLinuxModuleISCSI *module,
err = iscsi_perform_login_action (module,
ACTION_LOGIN,
&node,
- &auth_info,
+ is_auth_required (ctx, &node, &auth_info) ? &auth_info : NULL,
errorstr);
}

75
SOURCES/udisks-2.10.0-iscsi_test_01_badauth.patch Normal file
View File

@ -0,0 +1,75 @@
commit fab797fcf5e4c8e09e4cde45647951acd764415e
Author: Tomas Bzatek <tbzatek@redhat.com>
Date: Mon Oct 10 13:58:15 2022 +0200
tests: Add bad auth test for iscsi
This tests that the auth info is properly set for each login call,
overriding previously set auth info with no trace.
diff --git a/src/tests/dbus-tests/test_30_iscsi.py b/src/tests/dbus-tests/test_30_iscsi.py
index 34bdfc4b..6ac8386b 100644
--- a/src/tests/dbus-tests/test_30_iscsi.py
+++ b/src/tests/dbus-tests/test_30_iscsi.py
@@ -284,3 +284,61 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
# make sure the session object is no longer on dbus
objects = udisks.GetManagedObjects(dbus_interface='org.freedesktop.DBus.ObjectManager')
self.assertNotIn(session_path, objects.keys())
+
+ def test_login_noauth_badauth(self):
+ """
+ Test auth info override
+ """
+ manager = self.get_object('/Manager')
+ nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options,
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
+
+ node = next((node for node in nodes if node[0] == self.noauth_iqn), None)
+ self.assertIsNotNone(node)
+
+ (iqn, tpg, host, port, iface) = node
+ self.assertEqual(iqn, self.noauth_iqn)
+ self.assertEqual(host, self.address)
+ self.assertEqual(port, self.port)
+
+ self.addCleanup(self._force_lougout, self.noauth_iqn)
+
+ # first attempt - wrong password
+ options = dbus.Dictionary(signature='sv')
+ options['username'] = self.initiator
+ msg = 'Login failed: initiator reported error'
+ with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
+ options['password'] = '12345'
+ manager.Login(iqn, tpg, host, port, iface, options,
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
+
+ # second atttempt - no password
+ manager.Login(iqn, tpg, host, port, iface, self.no_options,
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
+
+ devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
+ self.assertEqual(len(devs), 1)
+
+ # check if the block device have 'Symlinks' property updated
+ disk_name = os.path.realpath(devs[0]).split('/')[-1]
+ disk_obj = self.get_object('/block_devices/' + disk_name)
+ dbus_path = str(disk_obj.object_path)
+ self.assertIsNotNone(disk_obj)
+
+ symlinks = self.get_property_raw(disk_obj, '.Block', 'Symlinks')
+ self.assertIn(self.str_to_ay(devs[0]), symlinks)
+
+ manager.Logout(iqn, tpg, host, port, iface, self.no_options,
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
+
+ devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
+ self.assertEqual(len(devs), 0)
+
+ # make sure the disk is no longer on dbus
+ udisks = self.get_object('')
+ objects = udisks.GetManagedObjects(dbus_interface='org.freedesktop.DBus.ObjectManager')
+ self.assertNotIn(dbus_path, objects.keys())

51
SOURCES/udisks-2.10.0-iscsi_test_02_lio_target_conf.patch Normal file
View File

@ -0,0 +1,51 @@
commit 13a6a27eecdd1fb527b9151309366970b182a58d
Author: Tomas Bzatek <tbzatek@redhat.com>
Date: Thu Oct 20 17:17:10 2022 +0200
tests: Fix LIO target config auth
Linux kernel 6.0 brought number of the LIO target changes related to authentication
that made our tests fail. Turned out our target config was incorrect, e.g.
not requiring auth for CHAP tests, etc. The kernel 6.0 looks to be more strict
in this regard.
diff --git a/src/tests/dbus-tests/targetcli_config.json b/src/tests/dbus-tests/targetcli_config.json
index 25d506b6..3be9eac2 100644
--- a/src/tests/dbus-tests/targetcli_config.json
+++ b/src/tests/dbus-tests/targetcli_config.json
@@ -385,7 +385,7 @@
"tpgs": [
{
"attributes": {
- "authentication": 0,
+ "authentication": 1,
"cache_dynamic_acls": 0,
"default_cmdsn_depth": 64,
"default_erl": 0,
@@ -432,7 +432,7 @@
}
],
"parameters": {
- "AuthMethod": "CHAP,None",
+ "AuthMethod": "CHAP",
"DataDigest": "CRC32C,None",
"DataPDUInOrder": "Yes",
"DataSequenceInOrder": "Yes",
@@ -471,7 +471,7 @@
"tpgs": [
{
"attributes": {
- "authentication": 0,
+ "authentication": 1,
"cache_dynamic_acls": 0,
"default_cmdsn_depth": 64,
"default_erl": 0,
@@ -520,7 +520,7 @@
}
],
"parameters": {
- "AuthMethod": "CHAP,None",
+ "AuthMethod": "CHAP",
"DataDigest": "CRC32C,None",
"DataPDUInOrder": "Yes",
"DataSequenceInOrder": "Yes",

37
SOURCES/udisks-2.10.0-iscsi_test_04_fix_test_login_chap_auth.patch Normal file
View File

@ -0,0 +1,37 @@
commit 1bf172603e4cc77da70d8fd13b6ba6c8b8c91600
Author: Tomas Bzatek <tbzatek@redhat.com>
Date: Thu Oct 20 17:53:20 2022 +0200
tests: Test iscsi noauth in test_login_chap_auth
The other way is already tested in test_login_noauth_badauth.
diff --git a/src/tests/dbus-tests/test_30_iscsi.py b/src/tests/dbus-tests/test_30_iscsi.py
index 2b75462a..f2594d99 100644
--- a/src/tests/dbus-tests/test_30_iscsi.py
+++ b/src/tests/dbus-tests/test_30_iscsi.py
@@ -151,8 +151,14 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
options = dbus.Dictionary(signature='sv')
options['username'] = self.initiator
+ msg = 'Login failed: initiator reported error \(24 - iSCSI login failed due to authorization failure\)'
+ # missing auth info
+ with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
+ manager.Login(iqn, tpg, host, port, iface, self.no_options,
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
+
# wrong password
- msg = 'Login failed: initiator reported error'
with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
options['password'] = '12345'
manager.Login(iqn, tpg, host, port, iface, options,
@@ -318,7 +324,7 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
# first attempt - wrong password
options = dbus.Dictionary(signature='sv')
options['username'] = self.initiator
- msg = 'Login failed: initiator reported error'
+ msg = r'Login failed: initiator reported error \((19 - encountered non-retryable iSCSI login failure|24 - iSCSI login failed due to authorization failure)\)'
with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
options['password'] = '12345'
manager.Login(iqn, tpg, host, port, iface, options,

42
SOURCES/udisks-2.10.0-iscsi_test_05_restart_iscsid.patch Normal file
View File

@ -0,0 +1,42 @@
From fbe970add68e6d9d998fb7f78377368c403e200d Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Mon, 31 Oct 2022 15:15:31 +0100
Subject: [PATCH] tests: Restart iscsid on every InitiatorName change
The test LIO target config expects a specific initiator name as set
by the ACLs. However the iscsid daemon only seems to be reading
the InitiatorName string on startup and in case the service is running
with a different name, the auth tests will fail.
As a workaround, restart the iscsid service after each change.
A proper way through libiscsi or libopeniscsiusr would be nice -> TODO.
---
src/tests/dbus-tests/test_30_iscsi.py | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/tests/dbus-tests/test_30_iscsi.py b/src/tests/dbus-tests/test_30_iscsi.py
index f2594d992..09e975f30 100644
--- a/src/tests/dbus-tests/test_30_iscsi.py
+++ b/src/tests/dbus-tests/test_30_iscsi.py
@@ -48,9 +48,21 @@ def _force_lougout(self, target):
def _set_initiator_name(self):
manager = self.get_object('/Manager')
+ # make backup of INITIATOR_FILE and restore it at the end
+ try:
+ initiatorname_backup = self.read_file(INITIATOR_FILE)
+ self.addCleanup(self.write_file, INITIATOR_FILE, initiatorname_backup)
+ except FileNotFoundError as e:
+ # no existing file, simply remove it once finished
+ self.addCleanup(self.remove_file, INITIATOR_FILE, True)
+
manager.SetInitiatorName(self.initiator, self.no_options,
dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ # running iscsid needs to be restarted to reflect the change
+ self.run_command('systemctl try-reload-or-restart iscsid.service')
+ # ignore the return code in case of non-systemd distros
+
init = manager.GetInitiatorName(self.no_options,
dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
self.assertEqual(init, self.initiator)

156
SOURCES/udisks-2.10.0-iscsi_timeout.patch Normal file
View File

@ -0,0 +1,156 @@
commit 4090b87a1468fcc479aafd264328abfed471daeb
Author: Tomas Bzatek <tbzatek@redhat.com>
Date: Thu Jun 3 16:09:10 2021 +0200
tests: Extend iscsi method call timeouts
The default tests 100 sec. D-Bus method call timeout is not enough as
the iscsi initiator timeouts are typically around 120 sec, e.g. for
the Login operation.
diff --git a/src/tests/dbus-tests/test_30_iscsi.py b/src/tests/dbus-tests/test_30_iscsi.py
index 8ec6858c..34bdfc4b 100644
--- a/src/tests/dbus-tests/test_30_iscsi.py
+++ b/src/tests/dbus-tests/test_30_iscsi.py
@@ -26,6 +26,12 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
chap_iqn = 'iqn.2003-01.udisks.test:iscsi-test-chap'
mutual_iqn = 'iqn.2003-01.udisks.test:iscsi-test-mutual'
+ # Define common D-Bus method call timeout that needs to be slightly longer
+ # than the corresponding timeout defined in libiscsi:
+ # #define ISCSID_REQ_TIMEOUT 1000
+ # In reality the timeout is typically around 120 sec for the 'login' operation.
+ iscsi_timeout = 1000 + 5
+
@classmethod
def setUpClass(cls):
udiskstestcase.UdisksTestCase.setUpClass()
@@ -78,7 +84,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
def test_login_noauth(self):
manager = self.get_object('/Manager')
nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
node = next((node for node in nodes if node[0] == self.noauth_iqn), None)
self.assertIsNotNone(node)
@@ -90,7 +97,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
self.addCleanup(self._force_lougout, self.noauth_iqn)
manager.Login(iqn, tpg, host, port, iface, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
self.assertEqual(len(devs), 1)
@@ -105,7 +113,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
self.assertIn(self.str_to_ay(devs[0]), symlinks)
manager.Logout(iqn, tpg, host, port, iface, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
self.assertEqual(len(devs), 0)
@@ -120,7 +129,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
manager = self.get_object('/Manager')
nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
node = next((node for node in nodes if node[0] == self.chap_iqn), None)
self.assertIsNotNone(node)
@@ -138,14 +148,16 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
options['password'] = '12345'
manager.Login(iqn, tpg, host, port, iface, options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
# right password
options['password'] = self.password
self.addCleanup(self._force_lougout, self.chap_iqn)
manager.Login(iqn, tpg, host, port, iface, options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
self.assertEqual(len(devs), 1)
@@ -160,7 +172,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
self.assertIn(self.str_to_ay(devs[0]), symlinks)
manager.Logout(iqn, tpg, host, port, iface, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
self.assertEqual(len(devs), 0)
@@ -175,7 +188,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
manager = self.get_object('/Manager')
nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
node = next((node for node in nodes if node[0] == self.mutual_iqn), None)
self.assertIsNotNone(node)
@@ -193,7 +207,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
self.addCleanup(self._force_lougout, self.mutual_iqn)
manager.Login(iqn, tpg, host, port, iface, options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
self.assertEqual(len(devs), 1)
@@ -208,7 +223,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
self.assertIn(self.str_to_ay(devs[0]), symlinks)
manager.Logout(iqn, tpg, host, port, iface, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
devs = glob.glob('/dev/disk/by-path/*%s*' % iqn)
self.assertEqual(len(devs), 0)
@@ -228,7 +244,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
self.skipTest("ISCSI.Session objects not supported.")
nodes, _ = manager.DiscoverSendTargets(self.address, self.port, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
node = next((node for node in nodes if node[0] == self.noauth_iqn), None)
self.assertIsNotNone(node)
@@ -237,7 +254,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
self.addCleanup(self._force_lougout, self.noauth_iqn)
manager.Login(iqn, tpg, host, port, iface, self.no_options,
- dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator')
+ dbus_interface=self.iface_prefix + '.Manager.ISCSI.Initiator',
+ timeout=self.iscsi_timeout)
# /org/freedesktop/UDisks2/iscsi/sessionX should be created
udisks = self.get_object('')
@@ -260,7 +278,8 @@ class UdisksISCSITest(udiskstestcase.UdisksTestCase):
# logout using session
session.Logout(self.no_options,
- dbus_interface=self.iface_prefix + '.ISCSI.Session')
+ dbus_interface=self.iface_prefix + '.ISCSI.Session',
+ timeout=self.iscsi_timeout)
# make sure the session object is no longer on dbus
objects = udisks.GetManagedObjects(dbus_interface='org.freedesktop.DBus.ObjectManager')

113
SOURCES/udisks-2.10.0-lvm2_update_epoch.patch Normal file
View File

@ -0,0 +1,113 @@
From 28c39786927ad683f56c031d80a5c06f5b5b9aea Mon Sep 17 00:00:00 2001
From: Marius Vollmer <mvollmer@redhat.com>
Date: Tue, 5 Apr 2022 11:23:23 +0300
Subject: [PATCH] lvm2: Only install results of most recently started udpates
Fixes #966
---
modules/lvm2/udiskslinuxmodulelvm2.c | 13 ++++++++++++-
modules/lvm2/udiskslinuxvolumegroupobject.c | 12 ++++++++++++
2 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/modules/lvm2/udiskslinuxmodulelvm2.c b/modules/lvm2/udiskslinuxmodulelvm2.c
index 8e1ea13aec..77ecf94a6d 100644
--- a/modules/lvm2/udiskslinuxmodulelvm2.c
+++ b/modules/lvm2/udiskslinuxmodulelvm2.c
@@ -59,6 +59,8 @@ struct _UDisksLinuxModuleLVM2 {
gint delayed_update_id;
gboolean coldplug_done;
+
+ guint32 update_epoch;
};
typedef struct _UDisksLinuxModuleLVM2Class UDisksLinuxModuleLVM2Class;
@@ -86,6 +88,7 @@ udisks_linux_module_lvm2_constructed (GObject *object)
module->name_to_volume_group = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, (GDestroyNotify) g_object_unref);
module->coldplug_done = FALSE;
+ module->update_epoch = 0;
if (G_OBJECT_CLASS (udisks_linux_module_lvm2_parent_class)->constructed)
G_OBJECT_CLASS (udisks_linux_module_lvm2_parent_class)->constructed (object);
@@ -221,6 +224,12 @@ lvm_update_vgs (GObject *source_obj,
gpointer key, value;
const gchar *vg_name;
+ if (GPOINTER_TO_UINT (user_data) != module->update_epoch)
+ {
+ vgs_pvs_data_free (data);
+ return;
+ }
+
if (! data)
{
if (error)
@@ -303,11 +312,13 @@ lvm_update (UDisksLinuxModuleLVM2 *module)
{
GTask *task;
+ module->update_epoch++;
+
/* the callback (lvm_update_vgs) is called in the default main loop (context) */
task = g_task_new (module,
NULL /* cancellable */,
lvm_update_vgs,
- NULL /* callback_data */);
+ GUINT_TO_POINTER (module->update_epoch));
/* holds a reference to 'task' until it is finished */
g_task_run_in_thread (task, (GTaskThreadFunc) vgs_task_func);
diff --git a/modules/lvm2/udiskslinuxvolumegroupobject.c b/modules/lvm2/udiskslinuxvolumegroupobject.c
index ce941cb250..ead08de7b1 100644
--- a/modules/lvm2/udiskslinuxvolumegroupobject.c
+++ b/modules/lvm2/udiskslinuxvolumegroupobject.c
@@ -66,6 +66,7 @@ struct _UDisksLinuxVolumeGroupObject
gchar *name;
GHashTable *logical_volumes;
+ guint32 update_epoch;
guint32 poll_epoch;
guint poll_timeout_id;
gboolean poll_requested;
@@ -99,6 +100,7 @@ static void crypttab_changed (UDisksCrypttabMonitor *monitor,
typedef struct {
BDLVMVGdata *vg_info;
GSList *vg_pvs;
+ guint32 epoch;
} VGUpdateData;
static void
@@ -183,6 +185,7 @@ udisks_linux_volume_group_object_set_property (GObject *__object,
static void
udisks_linux_volume_group_object_init (UDisksLinuxVolumeGroupObject *object)
{
+ object->update_epoch = 0;
object->poll_epoch = 0;
object->poll_timeout_id = 0;
object->poll_requested = FALSE;
@@ -575,6 +578,12 @@ update_vg (GObject *source_obj,
BDLVMVGdata *vg_info = data->vg_info;
GSList *vg_pvs = data->vg_pvs;
+ if (data->epoch != object->update_epoch)
+ {
+ lv_list_free (lvs);
+ return;
+ }
+
/* free the data container (but not 'vg_info' and 'vg_pvs') */
g_free (data);
@@ -711,8 +720,11 @@ udisks_linux_volume_group_object_update (UDisksLinuxVolumeGroupObject *object, B
gchar *vg_name = g_strdup (vg_info->name);
GTask *task = NULL;
+ object->update_epoch++;
+
data->vg_info = vg_info;
data->vg_pvs = pvs;
+ data->epoch = object->update_epoch;
/* the callback (update_vg) is called in the default main loop (context) */
task = g_task_new (g_object_ref (object), NULL /* cancellable */, update_vg, data /* callback_data */);

26
SOURCES/udisks-2.10.0-lvm2_vgcreate_uevent_sync.patch Normal file
View File

@ -0,0 +1,26 @@
From f24601b1d1302350fff15f326bfe3cfabde05f4c Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Fri, 19 May 2023 17:17:56 +0200
Subject: [PATCH] lvm2: Trigger uevent sync on block devices when creating new
VG
This will likely slow down processing with the hope that
more objects have their properties updated properly.
---
modules/lvm2/udiskslinuxmanagerlvm2.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/modules/lvm2/udiskslinuxmanagerlvm2.c b/modules/lvm2/udiskslinuxmanagerlvm2.c
index b0c62fdcd6..5c06b921df 100644
--- a/modules/lvm2/udiskslinuxmanagerlvm2.c
+++ b/modules/lvm2/udiskslinuxmanagerlvm2.c
@@ -384,7 +384,8 @@ handle_volume_group_create (UDisksManagerLVM2 *_object,
UDisksObject *object_for_block;
object_for_block = udisks_daemon_util_dup_object (block, &error);
if (object_for_block != NULL)
- udisks_linux_block_object_trigger_uevent (UDISKS_LINUX_BLOCK_OBJECT (object_for_block));
+ udisks_linux_block_object_trigger_uevent_sync (UDISKS_LINUX_BLOCK_OBJECT (object_for_block),
+ UDISKS_DEFAULT_WAIT_TIMEOUT);
g_object_unref (object_for_block);
}

64
SOURCES/udisks-2.10.0-tests-drive_ata-apm.patch Normal file
View File

@ -0,0 +1,64 @@
From c21ad308b1313a35cafa1664e5eb4772925bc005 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Thu, 22 Apr 2021 18:05:29 +0200
Subject: [PATCH 1/2] tests: Mark Drive.ATA tests as unstable
Some of the tests operate on physical ATA drives, comparing values between
smartctl output and udisks. Different libraries used, different approach
to retrieve some ATA features and values. Turned out this is not working
correctly on some SATA disks with each approach giving slightly different
results, presumably for the quirks in place.
---
src/tests/dbus-tests/test_drive_ata.py | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/tests/dbus-tests/test_drive_ata.py b/src/tests/dbus-tests/test_drive_ata.py
index 3187367e..e91bd02f 100644
--- a/src/tests/dbus-tests/test_drive_ata.py
+++ b/src/tests/dbus-tests/test_drive_ata.py
@@ -4,7 +4,7 @@ import re
import unittest
import time
-from udiskstestcase import UdisksTestCase
+import udiskstestcase
SMART_CMDLINE_FAIL = 1 << 0
SMART_OPEN_READ_FAIL = 1 << 1
@@ -32,7 +32,7 @@ def _get_sata_disks():
for disk in _get_sata_disks():
- ret, out = UdisksTestCase.run_command("smartctl -a /dev/%s" % disk)
+ ret, out = udiskstestcase.UdisksTestCase.run_command("smartctl -a /dev/%s" % disk)
# Only the following bits in the exit status mean the device failed to
# provide valid SMART data, others may be set for different reasons (see
@@ -46,7 +46,7 @@ for disk in _get_sata_disks():
else:
smart_unsupported.add(disk)
-class UdisksDriveAtaTest(UdisksTestCase):
+class UdisksDriveAtaTest(udiskstestcase.UdisksTestCase):
'''Noninvasive tests for the Drive.Ata interface'''
def get_smart_setting(self, disk, attr, out_prefix):
@@ -102,6 +102,7 @@ class UdisksDriveAtaTest(UdisksTestCase)
intro_data = drive_intro.Introspect()
self.assertNotIn('interface name="org.freedesktop.UDisks2.Drive.Ata"', intro_data)
+ @udiskstestcase.tag_test(udiskstestcase.TestTags.UNSTABLE)
@unittest.skipUnless(smart_supported, "No disks supporting S.M.A.R.T. available")
def test_properties(self):
for disk in smart_supported:
@@ -148,6 +149,7 @@ class UdisksDriveAtaTest(UdisksTestCase)
# nineth field is the raw value
self.assertEqual(int(pwon_s.value / 3600), int(pwon_attr[8]))
+ @udiskstestcase.tag_test(udiskstestcase.TestTags.UNSTABLE)
@unittest.skipUnless(smart_supported, "No disks supporting S.M.A.R.T. available")
def test_smart_get_attributes(self):
for disk in smart_supported:
--
2.30.2

43
SOURCES/udisks-2.10.0-tests-no-dev_disk-by-path.patch Normal file
View File

@ -0,0 +1,43 @@
From 1358d1e5208d71d5a70f17a242eda00f079a9d0b Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Thu, 22 Apr 2021 18:20:48 +0200
Subject: [PATCH 2/2] tests: Handle missing /dev/disk/by-path gracefully
Limited testing environments may not have this path always available.
---
src/tests/dbus-tests/test_drive_ata.py | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/src/tests/dbus-tests/test_drive_ata.py b/src/tests/dbus-tests/test_drive_ata.py
index e91bd02f..37740c60 100644
--- a/src/tests/dbus-tests/test_drive_ata.py
+++ b/src/tests/dbus-tests/test_drive_ata.py
@@ -20,14 +20,17 @@ DISK_PATH = "/dev/disk/by-path/"
def _get_sata_disks():
sata_disks = []
- by_path = os.listdir(DISK_PATH)
- for dev in by_path:
- if "ata" in dev and "part" not in dev:
- path = os.path.realpath(os.path.join(DISK_PATH, dev))
- name = os.path.basename(path)
- if name.startswith("sd"):
- # ignore devices like CD drives etc.
- sata_disks.append(name)
+ try:
+ by_path = os.listdir(DISK_PATH)
+ for dev in by_path:
+ if "ata" in dev and "part" not in dev:
+ path = os.path.realpath(os.path.join(DISK_PATH, dev))
+ name = os.path.basename(path)
+ if name.startswith("sd"):
+ # ignore devices like CD drives etc.
+ sata_disks.append(name)
+ except:
+ pass
return sata_disks
--
2.30.2

30
SOURCES/udisks-2.10.0-udiskslinuxencrypted_GError.patch Normal file
View File

@ -0,0 +1,30 @@
From 486778c778a4ddb24395408c6b267e702e19ae02 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Sat, 1 Jan 2022 22:01:49 +0100
Subject: [PATCH] udiskslinuxencrypted: Fix GError ownership
---
src/udiskslinuxencrypted.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/udiskslinuxencrypted.c b/src/udiskslinuxencrypted.c
index c3a0821ac..3bc54e695 100644
--- a/src/udiskslinuxencrypted.c
+++ b/src/udiskslinuxencrypted.c
@@ -1040,7 +1040,7 @@ handle_resize (UDisksEncrypted *encrypted,
object = udisks_daemon_util_dup_object (encrypted, &error);
if (object == NULL)
{
- g_dbus_method_invocation_take_error (invocation, error);
+ g_dbus_method_invocation_return_gerror (invocation, error);
goto out;
}
@@ -1066,7 +1066,6 @@ handle_resize (UDisksEncrypted *encrypted,
if (!udisks_daemon_util_get_caller_uid_sync (daemon, invocation, NULL /* GCancellable */, &caller_uid, &error))
{
g_dbus_method_invocation_return_gerror (invocation, error);
- g_clear_error (&error);
goto out;
}

49
SOURCES/udisks-2.10.0-udiskslinuxfilesystem_GError.patch Normal file
View File

@ -0,0 +1,49 @@
From 223256777f6e269b8501d95a64c4c6095a7a8a3e Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Sat, 1 Jan 2022 22:02:17 +0100
Subject: [PATCH] udiskslinuxfilesystem: Fix GError ownership
---
src/udiskslinuxfilesystem.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/udiskslinuxfilesystem.c b/src/udiskslinuxfilesystem.c
index f7c99757a..a8390a044 100644
--- a/src/udiskslinuxfilesystem.c
+++ b/src/udiskslinuxfilesystem.c
@@ -1739,7 +1739,7 @@ handle_resize (UDisksFilesystem *filesystem,
object = udisks_daemon_util_dup_object (filesystem, &error);
if (object == NULL)
{
- g_dbus_method_invocation_take_error (invocation, error);
+ g_dbus_method_invocation_return_gerror (invocation, error);
goto out;
}
@@ -1921,7 +1921,7 @@ handle_repair (UDisksFilesystem *filesystem,
object = udisks_daemon_util_dup_object (filesystem, &error);
if (object == NULL)
{
- g_dbus_method_invocation_take_error (invocation, error);
+ g_dbus_method_invocation_return_gerror (invocation, error);
goto out;
}
@@ -2089,7 +2089,7 @@ handle_check (UDisksFilesystem *filesystem,
object = udisks_daemon_util_dup_object (filesystem, &error);
if (object == NULL)
{
- g_dbus_method_invocation_take_error (invocation, error);
+ g_dbus_method_invocation_return_gerror (invocation, error);
goto out;
}
@@ -2257,7 +2257,7 @@ handle_take_ownership (UDisksFilesystem *filesystem,
object = udisks_daemon_util_dup_object (filesystem, &error);
if (object == NULL)
{
- g_dbus_method_invocation_take_error (invocation, error);
+ g_dbus_method_invocation_return_gerror (invocation, error);
goto out;
}

70
SOURCES/udisks-2.10.0-udiskslinuxpartition_GError.patch Normal file
View File

@ -0,0 +1,70 @@
From 7c9933c0f80faaabbed607983fdf77f8c4562df6 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Sat, 1 Jan 2022 20:11:57 +0100
Subject: [PATCH] udiskslinuxpartition: Fix GError ownership
---
src/udiskslinuxpartition.c | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/src/udiskslinuxpartition.c b/src/udiskslinuxpartition.c
index 5461b3903..3d970768d 100644
--- a/src/udiskslinuxpartition.c
+++ b/src/udiskslinuxpartition.c
@@ -135,8 +135,7 @@ check_authorization (UDisksPartition *partition,
caller_uid,
&error))
{
- g_dbus_method_invocation_return_gerror (invocation, error);
- g_clear_error (&error);
+ g_dbus_method_invocation_take_error (invocation, error);
goto out;
}
@@ -351,7 +350,7 @@ handle_set_flags (UDisksPartition *partition,
object = udisks_daemon_util_dup_object (partition, &error);
if (object == NULL)
{
- g_dbus_method_invocation_take_error (invocation, error);
+ g_dbus_method_invocation_return_gerror (invocation, error);
goto out;
}
@@ -499,7 +498,7 @@ handle_set_name (UDisksPartition *partition,
object = udisks_daemon_util_dup_object (partition, &error);
if (object == NULL)
{
- g_dbus_method_invocation_take_error (invocation, error);
+ g_dbus_method_invocation_return_gerror (invocation, error);
goto out;
}
@@ -873,7 +872,7 @@ handle_resize (UDisksPartition *partition,
object = udisks_daemon_util_dup_object (partition, &error);
if (object == NULL)
{
- g_dbus_method_invocation_take_error (invocation, error);
+ g_dbus_method_invocation_return_gerror (invocation, error);
goto out;
}
@@ -994,7 +993,7 @@ handle_delete (UDisksPartition *partition,
object = udisks_daemon_util_dup_object (partition, &error);
if (object == NULL)
{
- g_dbus_method_invocation_take_error (invocation, error);
+ g_dbus_method_invocation_return_gerror (invocation, error);
goto out;
}
@@ -1012,9 +1011,7 @@ handle_delete (UDisksPartition *partition,
if (!udisks_linux_block_teardown (block, invocation, options, &error))
{
if (invocation != NULL)
- g_dbus_method_invocation_take_error (invocation, error);
- else
- g_clear_error (&error);
+ g_dbus_method_invocation_return_gerror (invocation, error);
goto out;
}
}

73
SOURCES/udisks-2.10.0-udiskslinuxpartitiontable_GError.patch Normal file
View File

@ -0,0 +1,73 @@
From f486a9fa22c2f9785a4a8fc58eb3be7b0cf934ce Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Sat, 1 Jan 2022 19:59:27 +0100
Subject: [PATCH] udiskslinuxpartitiontable: Fix GError ownership
---
src/udiskslinuxpartitiontable.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/src/udiskslinuxpartitiontable.c b/src/udiskslinuxpartitiontable.c
index b4c301095..14a54c9c7 100644
--- a/src/udiskslinuxpartitiontable.c
+++ b/src/udiskslinuxpartitiontable.c
@@ -277,7 +277,7 @@ udisks_linux_partition_table_handle_create_partition (UDisksPartitionTable *ta
object = udisks_daemon_util_dup_object (table, &error);
if (object == NULL)
{
- g_dbus_method_invocation_take_error (invocation, error);
+ g_dbus_method_invocation_return_gerror (invocation, error);
goto out;
}
@@ -293,7 +293,6 @@ udisks_linux_partition_table_handle_create_partition (UDisksPartitionTable *ta
goto out;
}
- error = NULL;
if (!udisks_daemon_util_get_caller_uid_sync (daemon,
invocation,
NULL /* GCancellable */,
@@ -301,7 +300,6 @@ udisks_linux_partition_table_handle_create_partition (UDisksPartitionTable *ta
&error))
{
g_dbus_method_invocation_return_gerror (invocation, error);
- g_clear_error (&error);
goto out;
}
@@ -464,7 +462,7 @@ udisks_linux_partition_table_handle_create_partition (UDisksPartitionTable *ta
if (!bd_part_set_part_name (device_name, part_spec->path, name, &error))
{
g_prefix_error (&error, "Error setting name for newly created partition: ");
- g_dbus_method_invocation_take_error (invocation, error);
+ g_dbus_method_invocation_return_gerror (invocation, error);
udisks_simple_job_complete (UDISKS_SIMPLE_JOB (job), FALSE, error->message);
goto out;
}
@@ -483,7 +481,7 @@ udisks_linux_partition_table_handle_create_partition (UDisksPartitionTable *ta
if (!ret)
{
g_prefix_error (&error, "Error setting type for newly created partition: ");
- g_dbus_method_invocation_take_error (invocation, error);
+ g_dbus_method_invocation_return_gerror (invocation, error);
udisks_simple_job_complete (UDISKS_SIMPLE_JOB (job), FALSE, error->message);
goto out;
}
@@ -520,7 +518,6 @@ udisks_linux_partition_table_handle_create_partition (UDisksPartitionTable *ta
/* sit and wait for the partition to show up */
g_warn_if_fail (wait_data->pos_to_wait_for > 0);
wait_data->partition_table_object = object;
- error = NULL;
partition_object = udisks_daemon_wait_for_object_sync (daemon,
wait_for_partition,
wait_data,
@@ -530,7 +527,7 @@ udisks_linux_partition_table_handle_create_partition (UDisksPartitionTable *ta
if (partition_object == NULL)
{
g_prefix_error (&error, "Error waiting for partition to appear: ");
- g_dbus_method_invocation_take_error (invocation, error);
+ g_dbus_method_invocation_return_gerror (invocation, error);
udisks_simple_job_complete (UDISKS_SIMPLE_JOB (job), FALSE, error->message);
goto out;
}

25
SOURCES/udisks-2.10.0-vdo_test_writeAmplificationRatio.patch Normal file
View File

@ -0,0 +1,25 @@
From 0edd6f5579c964323d86897aff9476c20d7901ba Mon Sep 17 00:00:00 2001
From: Vojtech Trefny <vtrefny@redhat.com>
Date: Mon, 22 Nov 2021 14:23:08 +0100
Subject: [PATCH] tests: Do not check that writeAmplificationRatio is bigger
than 0
Apparently the bios_in_write value is now 0 for newly created VDO
pools and because we use it for the writeAmplificationRatio
calculation we get zero too.
---
src/tests/dbus-tests/test_20_LVM.py | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/tests/dbus-tests/test_20_LVM.py b/src/tests/dbus-tests/test_20_LVM.py
index 7fbff0434..fde7c3f3f 100644
--- a/src/tests/dbus-tests/test_20_LVM.py
+++ b/src/tests/dbus-tests/test_20_LVM.py
@@ -508,7 +508,6 @@ def test_create(self):
# get statistics and do some simple sanity check
stats = lv.GetStatistics(self.no_options, dbus_interface=self.iface_prefix + '.VDOVolume')
self.assertIn("writeAmplificationRatio", stats.keys())
- self.assertGreater(float(stats["writeAmplificationRatio"]), 0)
def test_enable_disable_compression_deduplication(self):
vgname = 'udisks_test_vdo_vg'

405
SOURCES/udisks-2.9.4-FIPS_LUKS_fixes-2.patch Normal file
View File

@ -0,0 +1,405 @@
diff -up udisks-2.9.0/src/tests/dbus-tests/test_50_block.py.bak udisks-2.9.0/src/tests/dbus-tests/test_50_block.py
--- udisks-2.9.0/src/tests/dbus-tests/test_50_block.py.bak 2020-05-26 14:59:20.000000000 +0200
+++ udisks-2.9.0/src/tests/dbus-tests/test_50_block.py 2023-06-02 17:08:45.203845819 +0200
@@ -11,6 +11,8 @@ import udiskstestcase
class UdisksBlockTest(udiskstestcase.UdisksTestCase):
'''This is a basic block device test suite'''
+ LUKS_PASSPHRASE = 'shouldnotseeme'
+
def _close_luks(self, disk):
disk.Lock(self.no_options, dbus_interface=self.iface_prefix + '.Encrypted')
@@ -201,7 +203,7 @@ class UdisksBlockTest(udiskstestcase.Udi
# format the disk
disk = self.get_object('/block_devices/' + os.path.basename(self.vdevs[0]))
- disk.Format('xfs', {'encrypt.passphrase': 'test'}, dbus_interface=self.iface_prefix + '.Block')
+ disk.Format('xfs', {'encrypt.passphrase': self.LUKS_PASSPHRASE}, dbus_interface=self.iface_prefix + '.Block')
# cleanup -- close the luks and remove format
self.addCleanup(self.wipe_fs, self.vdevs[0])
@@ -209,7 +211,7 @@ class UdisksBlockTest(udiskstestcase.Udi
# configuration items as arrays of dbus.Byte
opts = self.str_to_ay('verify')
- passwd = self.str_to_ay('test')
+ passwd = self.str_to_ay(self.LUKS_PASSPHRASE)
# set the new configuration
conf = dbus.Dictionary({'passphrase-contents': passwd,
@@ -254,7 +256,7 @@ class UdisksBlockTest(udiskstestcase.Udi
# format the disk
disk = self.get_object('/block_devices/' + os.path.basename(self.vdevs[0]))
- disk.Format('xfs', {'encrypt.passphrase': 'test'}, dbus_interface=self.iface_prefix + '.Block')
+ disk.Format('xfs', {'encrypt.passphrase': self.LUKS_PASSPHRASE}, dbus_interface=self.iface_prefix + '.Block')
# cleanup -- close the luks and remove format
self.addCleanup(self.wipe_fs, self.vdevs[0])
diff -up udisks-2.9.0/src/tests/dbus-tests/test_70_encrypted.py.bak udisks-2.9.0/src/tests/dbus-tests/test_70_encrypted.py
--- udisks-2.9.0/src/tests/dbus-tests/test_70_encrypted.py.bak 2020-05-26 14:59:20.000000000 +0200
+++ udisks-2.9.0/src/tests/dbus-tests/test_70_encrypted.py 2023-06-02 17:07:33.828531988 +0200
@@ -40,6 +40,9 @@ def _get_blkid_version():
class UdisksEncryptedTest(udiskstestcase.UdisksTestCase):
'''This is an encrypted device test suite'''
+ PASSPHRASE = 'shouldnotseeme'
+ LUKS_NAME = 'myshinylittleluks'
+
def _create_luks(self, device, passphrase, binary=False):
raise NotImplementedError()
@@ -60,7 +63,7 @@ class UdisksEncryptedTest(udiskstestcase
disk_name = os.path.basename(self.vdevs[0])
disk = self.get_object('/block_devices/' + disk_name)
- self._create_luks(disk, 'test')
+ self._create_luks(disk, self.PASSPHRASE)
self.addCleanup(self._remove_luks, disk)
self.udev_settle()
@@ -124,7 +127,7 @@ class UdisksEncryptedTest(udiskstestcase
disk_name = os.path.basename(self.vdevs[0])
disk = self.get_object('/block_devices/' + disk_name)
- self._create_luks(disk, 'test')
+ self._create_luks(disk, self.PASSPHRASE)
self.addCleanup(self._remove_luks, disk)
self.udev_settle()
@@ -160,11 +163,11 @@ class UdisksEncryptedTest(udiskstestcase
# wrong password
msg = 'org.freedesktop.UDisks2.Error.Failed: Error unlocking %s *' % self.vdevs[0]
with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
- disk.Unlock('shbdkjaf', self.no_options,
+ disk.Unlock('abcdefghijklmn', self.no_options,
dbus_interface=self.iface_prefix + '.Encrypted')
# right password
- luks = disk.Unlock('test', self.no_options,
+ luks = disk.Unlock(self.PASSPHRASE, self.no_options,
dbus_interface=self.iface_prefix + '.Encrypted')
self.assertIsNotNone(luks)
self.assertTrue(os.path.exists('/dev/disk/by-uuid/%s' % luks_uuid))
@@ -180,7 +183,7 @@ class UdisksEncryptedTest(udiskstestcase
# read-only
ro_opts = dbus.Dictionary({'read-only': dbus.Boolean(True)}, signature=dbus.Signature('sv'))
- luks = disk.Unlock('test', ro_opts,
+ luks = disk.Unlock(self.PASSPHRASE, ro_opts,
dbus_interface=self.iface_prefix + '.Encrypted')
self.assertIsNotNone(luks)
self.assertTrue(os.path.exists('/dev/disk/by-uuid/%s' % luks_uuid))
@@ -196,13 +199,10 @@ class UdisksEncryptedTest(udiskstestcase
crypttab = self.read_file('/etc/crypttab')
self.addCleanup(self.write_file, '/etc/crypttab', crypttab)
- passwd = 'test'
- luks_name = 'myshinylittleluks'
-
disk_name = os.path.basename(self.vdevs[0])
disk = self.get_object('/block_devices/' + disk_name)
- self._create_luks(disk, passwd)
+ self._create_luks(disk, self.PASSPHRASE)
self.addCleanup(self._remove_luks, disk)
self.udev_settle()
@@ -212,22 +212,22 @@ class UdisksEncryptedTest(udiskstestcase
disk.Lock(self.no_options, dbus_interface=self.iface_prefix + '.Encrypted')
# add new entry to the crypttab
- new_crypttab = crypttab + '%s UUID=%s none\n' % (luks_name, disk_uuid)
+ new_crypttab = crypttab + '%s UUID=%s none\n' % (self.LUKS_NAME, disk_uuid)
self.write_file('/etc/crypttab', new_crypttab)
# give udisks time to react to change of the file
time.sleep(5)
dbus_conf = disk.GetSecretConfiguration(self.no_options, dbus_interface=self.iface_prefix + '.Block')
self.assertIsNotNone(dbus_conf)
- self.assertEqual(self.ay_to_str(dbus_conf[0][1]['name']), luks_name)
+ self.assertEqual(self.ay_to_str(dbus_conf[0][1]['name']), self.LUKS_NAME)
# unlock the device
- luks = disk.Unlock(passwd, self.no_options,
+ luks = disk.Unlock(self.PASSPHRASE, self.no_options,
dbus_interface=self.iface_prefix + '.Encrypted')
self.assertIsNotNone(luks)
# unlock should use name from crypttab for the /dev/mapper device
- dm_path = '/dev/mapper/%s' % luks_name
+ dm_path = '/dev/mapper/%s' % self.LUKS_NAME
self.assertTrue(os.path.exists(dm_path))
# preferred 'device' should be /dev/mapper/name too
@@ -242,8 +242,7 @@ class UdisksEncryptedTest(udiskstestcase
crypttab = self.read_file('/etc/crypttab')
self.addCleanup(self.write_file, '/etc/crypttab', crypttab)
- passwd = b'test\0test'
- luks_name = 'myshinylittleluks'
+ passwd = b'testtesttest\0testtesttest'
# create key file
_fd, key_file = tempfile.mkstemp()
@@ -264,14 +263,14 @@ class UdisksEncryptedTest(udiskstestcase
disk.Lock(self.no_options, dbus_interface=self.iface_prefix + '.Encrypted')
# add new entry to the crypttab
- new_crypttab = crypttab + '%s UUID=%s %s\n' % (luks_name, disk_uuid, key_file)
+ new_crypttab = crypttab + '%s UUID=%s %s\n' % (self.LUKS_NAME, disk_uuid, key_file)
self.write_file('/etc/crypttab', new_crypttab)
# give udisks time to react to change of the file
time.sleep(5)
dbus_conf = disk.GetSecretConfiguration(self.no_options, dbus_interface=self.iface_prefix + '.Block')
self.assertIsNotNone(dbus_conf)
- self.assertEqual(self.ay_to_str(dbus_conf[0][1]['name']), luks_name)
+ self.assertEqual(self.ay_to_str(dbus_conf[0][1]['name']), self.LUKS_NAME)
self.assertEqual(self.ay_to_str(dbus_conf[0][1]['passphrase-path']), key_file)
# unlock the device using empty passphrase (should use the key file)
@@ -280,7 +279,7 @@ class UdisksEncryptedTest(udiskstestcase
self.assertIsNotNone(luks)
# unlock should use name from crypttab for the /dev/mapper device
- dm_path = '/dev/mapper/%s' % luks_name
+ dm_path = '/dev/mapper/%s' % self.LUKS_NAME
self.assertTrue(os.path.exists(dm_path))
# preferred 'device' should be /dev/mapper/name too
@@ -293,7 +292,7 @@ class UdisksEncryptedTest(udiskstestcase
disk_name = os.path.basename(self.vdevs[0])
disk = self.get_object('/block_devices/' + disk_name)
- self._create_luks(disk, 'test')
+ self._create_luks(disk, self.PASSPHRASE)
self.addCleanup(self._remove_luks, disk)
self.udev_settle()
@@ -320,11 +319,11 @@ class UdisksEncryptedTest(udiskstestcase
disk_name = os.path.basename(self.vdevs[0])
disk = self.get_object('/block_devices/' + disk_name)
- self._create_luks(disk, 'test')
+ self._create_luks(disk, self.PASSPHRASE)
self.addCleanup(self._remove_luks, disk)
self.udev_settle()
- disk.ChangePassphrase('test', 'password', self.no_options,
+ disk.ChangePassphrase(self.PASSPHRASE, self.PASSPHRASE + '222', self.no_options,
dbus_interface=self.iface_prefix + '.Encrypted')
disk.Lock(self.no_options, dbus_interface=self.iface_prefix + '.Encrypted')
@@ -332,11 +331,11 @@ class UdisksEncryptedTest(udiskstestcase
# old password, should fail
msg = 'org.freedesktop.UDisks2.Error.Failed: Error unlocking %s *' % self.vdevs[0]
with six.assertRaisesRegex(self, dbus.exceptions.DBusException, msg):
- disk.Unlock('test', self.no_options,
+ disk.Unlock(self.PASSPHRASE, self.no_options,
dbus_interface=self.iface_prefix + '.Encrypted')
# new password
- luks = disk.Unlock('password', self.no_options,
+ luks = disk.Unlock(self.PASSPHRASE + '222', self.no_options,
dbus_interface=self.iface_prefix + '.Encrypted')
self.assertIsNotNone(luks)
@@ -347,7 +346,7 @@ class UdisksEncryptedTest(udiskstestcase
def test_resize(self):
device = self.get_device(self.vdevs[0])
- self._create_luks(device, 'test')
+ self._create_luks(device, self.PASSPHRASE)
self.addCleanup(self._remove_luks, device)
self.udev_settle()
@@ -376,8 +375,6 @@ class UdisksEncryptedTest(udiskstestcase
fstab = self.read_file('/etc/fstab')
self.addCleanup(self.write_file, '/etc/fstab', fstab)
- passphrase = 'test'
-
disk_name = os.path.basename(self.vdevs[0])
disk = self.get_object('/block_devices/' + disk_name)
@@ -388,7 +385,7 @@ class UdisksEncryptedTest(udiskstestcase
self.assertIsNotNone(part)
# create LUKS on the partition and add it to crypttab
- self._create_luks(part, passphrase)
+ self._create_luks(part, self.PASSPHRASE)
self.udev_settle()
conf = dbus.Dictionary({'name': self.str_to_ay('udisks_luks_test'),
@@ -525,10 +522,8 @@ class UdisksEncryptedTestLUKS2(UdisksEnc
super(UdisksEncryptedTestLUKS2, self).setUp()
def test_resize(self):
- passwd = 'test'
-
device = self.get_device(self.vdevs[0])
- self._create_luks(device, passwd)
+ self._create_luks(device, self.PASSPHRASE)
self.addCleanup(self._remove_luks, device)
self.udev_settle()
@@ -554,7 +549,7 @@ class UdisksEncryptedTestLUKS2(UdisksEnc
# right passphrase
d = dbus.Dictionary(signature='sv')
- d['passphrase'] = passwd
+ d['passphrase'] = self.PASSPHRASE
device.Resize(dbus.UInt64(100*1024*1024), d,
dbus_interface=self.iface_prefix + '.Encrypted')
@@ -563,7 +558,7 @@ class UdisksEncryptedTestLUKS2(UdisksEnc
# resize back to the original size (using binary passphrase)
d = dbus.Dictionary(signature='sv')
- d['keyfile_contents'] = self.str_to_ay(passwd, False)
+ d['keyfile_contents'] = self.str_to_ay(self.PASSPHRASE, False)
device.Resize(dbus.UInt64(clear_size), d,
dbus_interface=self.iface_prefix + '.Encrypted')
@@ -581,7 +576,7 @@ class UdisksEncryptedTestLUKS2(UdisksEnc
# create LUKS without specifying version
options = dbus.Dictionary(signature='sv')
- options['encrypt.passphrase'] = 'test'
+ options['encrypt.passphrase'] = self.PASSPHRASE
disk.Format('xfs', options,
dbus_interface=self.iface_prefix + '.Block')
@@ -617,14 +612,12 @@ class UdisksEncryptedTestLUKS2(UdisksEnc
@udiskstestcase.tag_test(udiskstestcase.TestTags.UNSTABLE)
def test_integrity(self):
- passwd = 'test'
-
cryptsetup_version = _get_cryptsetup_version()
if cryptsetup_version < LooseVersion('2.2.0'):
self.skipTest('Integrity devices are not marked as internal in cryptsetup < 2.2.0')
device = self.get_device(self.vdevs[0])
- self._create_luks_integrity(self.vdevs[0], passwd)
+ self._create_luks_integrity(self.vdevs[0], self.PASSPHRASE)
self.addCleanup(self._remove_luks, device)
self.udev_settle()
@@ -634,7 +627,7 @@ class UdisksEncryptedTestLUKS2(UdisksEnc
# the device is not opened, we need to read the UUID from LUKS metadata
luks_uuid = BlockDev.crypto_luks_uuid(self.vdevs[0])
- luks_path = device.Unlock('test', self.no_options,
+ luks_path = device.Unlock(self.PASSPHRASE, self.no_options,
dbus_interface=self.iface_prefix + '.Encrypted')
self.assertIsNotNone(luks_path)
self.assertTrue(os.path.exists('/dev/disk/by-uuid/%s' % luks_uuid))
diff -up udisks-2.9.0/src/tests/integration-test.bak udisks-2.9.0/src/tests/integration-test
--- udisks-2.9.0/src/tests/integration-test.bak 2020-05-26 14:59:20.000000000 +0200
+++ udisks-2.9.0/src/tests/integration-test 2023-06-02 16:59:52.841963720 +0200
@@ -1321,7 +1321,7 @@ class Luks(UDisksTestCase):
def setup_crypto_device(self):
self.fs_create(None, 'ext4', GLib.Variant('a{sv}', {
- 'encrypt.passphrase': GLib.Variant('s', 's3kr1t'),
+ 'encrypt.passphrase': GLib.Variant('s', 's3kr1ts3kr1t'),
'label': GLib.Variant('s', 'treasure')}))
self.client.settle()
crypt_obj = self.client.get_object(self.udisks_block().get_object_path())
@@ -1332,7 +1332,7 @@ class Luks(UDisksTestCase):
@staticmethod
def unlock_crypto_device(encrypted):
return encrypted.call_unlock_sync(
- 's3kr1t', no_options, None)
+ 's3kr1ts3kr1t', no_options, None)
def tearDown(self):
"""clean up behind failed test cases"""
@@ -1400,7 +1400,7 @@ class Luks(UDisksTestCase):
udev_dump = subprocess.Popen(['udevadm', 'info', '--export-db'],
stdout=subprocess.PIPE)
out = udev_dump.communicate()[0]
- self.assertFalse(b's3kr1t' in out, 'password in udev properties')
+ self.assertFalse(b's3kr1ts3kr1t' in out, 'password in udev properties')
self.assertFalse(b'essiv:sha' in out, 'key information in udev properties')
finally:
@@ -1510,18 +1510,18 @@ class Luks(UDisksTestCase):
encrypted = self.setup_crypto_device()
# wrong password, has bytes after a trailing '\0'
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
- '', Luks.keyfile_options(b's3kr1t\0X'), None)
+ '', Luks.keyfile_options(b's3kr1ts3kr1t\0X'), None)
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
- '', Luks.keyfile_options(b's3kr1t\n'), None)
+ '', Luks.keyfile_options(b's3kr1ts3kr1t\n'), None)
# correct password, specified as keyfile
- encrypted.call_unlock_sync('', Luks.keyfile_options(b's3kr1t'), None)
+ encrypted.call_unlock_sync('', Luks.keyfile_options(b's3kr1ts3kr1t'), None)
encrypted.call_lock_sync(no_options, None)
def test_plaintext_keyfile(self):
"""Setup a device using a plaintext keyfile."""
# Using a plaintext keyfile should be equivalent to passphrase
self.fs_create(None, 'ext4', GLib.Variant('a{sv}', {
- 'encrypt.passphrase': GLib.Variant('ay', _bytes_to_ay(b's3kr1t')),
+ 'encrypt.passphrase': GLib.Variant('ay', _bytes_to_ay(b's3kr1ts3kr1t')),
'label': GLib.Variant('s', 'treasure')}))
crypt_obj = self.client.get_object(self.udisks_block().get_object_path())
@@ -1532,16 +1532,16 @@ class Luks(UDisksTestCase):
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
'h4ckpassword', no_options, None)
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
- '', Luks.keyfile_options(b's3kr1t\0X'), None)
+ '', Luks.keyfile_options(b's3kr1ts3kr1t\0X'), None)
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
- '', Luks.keyfile_options(b's3kr1t\n'), None)
+ '', Luks.keyfile_options(b's3kr1ts3kr1t\n'), None)
# correct password
- encrypted.call_unlock_sync('', Luks.keyfile_options(b's3kr1t'), None)
+ encrypted.call_unlock_sync('', Luks.keyfile_options(b's3kr1ts3kr1t'), None)
encrypted.call_lock_sync(no_options, None)
# correct password, specified as passphrase
- encrypted.call_unlock_sync('s3kr1t', no_options, None)
+ encrypted.call_unlock_sync('s3kr1ts3kr1t', no_options, None)
encrypted.call_lock_sync(no_options, None)
def test_binary_keyfile(self):
@@ -1607,11 +1607,11 @@ class Luks(UDisksTestCase):
encrypted = self.setup_crypto_device()
# change: passphrase -> passphrase
- encrypted.call_change_passphrase_sync('s3kr1t', 'passphrase', no_options, None)
+ encrypted.call_change_passphrase_sync('s3kr1ts3kr1t', 'passphrase', no_options, None)
# verify new password:
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
- 's3kr1t', no_options, None)
+ 's3kr1ts3kr1t', no_options, None)
encrypted.call_unlock_sync('passphrase', no_options, None)
encrypted.call_lock_sync(no_options, None)
@@ -1644,7 +1644,7 @@ class Luks(UDisksTestCase):
# change: keyfile -> passphrase
encrypted.call_change_passphrase_sync(
- '', 's3kr1t', GLib.Variant('a{sv}', {
+ '', 's3kr1ts3kr1t', GLib.Variant('a{sv}', {
'old_keyfile_contents': GLib.Variant('ay', _bytes_to_ay(key_file_1)),
}),
None)
@@ -1652,7 +1652,7 @@ class Luks(UDisksTestCase):
# verify new password:
self.assertRaises(GLib.GError, encrypted.call_unlock_sync,
'', Luks.keyfile_options(key_file_1), None)
- encrypted.call_unlock_sync('s3kr1t', no_options, None)
+ encrypted.call_unlock_sync('s3kr1ts3kr1t', no_options, None)
encrypted.call_lock_sync(no_options, None)

54
SOURCES/udisks-2.9.4-ext-mount-options.patch Normal file
View File

@ -0,0 +1,54 @@
From 2d5d2b7570b0f44c14b34b5dc831f174205c10f2 Mon Sep 17 00:00:00 2001
From: Tomas Bzatek <tbzatek@redhat.com>
Date: Wed, 15 Sep 2021 14:34:49 +0200
Subject: [PATCH] mount options: Always use errors=remount-ro for ext
filesystems
Default mount options are focused primarily on data safety, mounting
damaged ext2/3/4 filesystem as readonly would indicate something's wrong.
---
data/builtin_mount_options.conf | 9 +++++++++
src/tests/dbus-tests/test_80_filesystem.py | 6 ++++++
2 files changed, 15 insertions(+)
diff --git a/data/builtin_mount_options.conf b/data/builtin_mount_options.conf
index 37715cfa4..e0bd0ee1f 100644
--- a/data/builtin_mount_options.conf
+++ b/data/builtin_mount_options.conf
@@ -27,3 +27,12 @@ f2fs_allow=discard,nodiscard,compress_algorithm,compress_log_size,compress_exten
btrfs_allow=compress,compress-force,datacow,nodatacow,datasum,nodatasum,degraded,device,discard,nodiscard,subvol,subvolid,space_cache
f2fs_allow=discard,nodiscard,compress_algorithm,compress_log_size,compress_extension,alloc_mode
+
+ext2_defaults=errors=remount-ro
+ext2_allow=errors=remount-ro
+
+ext3_defaults=errors=remount-ro
+ext3_allow=errors=remount-ro
+
+ext4_defaults=errors=remount-ro
+ext4_allow=errors=remount-ro
diff --git a/src/tests/dbus-tests/test_80_filesystem.py b/src/tests/dbus-tests/test_80_filesystem.py
index 019880f57..2d1933240 100644
--- a/src/tests/dbus-tests/test_80_filesystem.py
+++ b/src/tests/dbus-tests/test_80_filesystem.py
@@ -321,6 +321,8 @@ def test_mount_auto(self):
_ret, out = self.run_command('mount | grep %s' % block_fs_dev)
self.assertIn(mnt_path, out)
self.assertIn('ro', out)
+ if self._fs_name.startswith('ext'):
+ self.assertIn('errors=remount-ro', out)
# dbus mountpoint
dbus_mounts = self.get_property(block_fs, '.Filesystem', 'MountPoints')
@@ -478,6 +480,10 @@ def test_custom_option(self, should_fail, dbus_option, should_be_present, config
if self._fs_name == "udf":
test_custom_option(self, False, None, False, "[defaults]\ndefaults=\nallow=exec,noexec,nodev,nosuid,atime,noatime,nodiratime,ro,rw,sync,dirsync,noload,uid=ignore,uid=forget\n")
test_custom_option(self, True, "uid=notallowed", True, "[defaults]\nallow=exec,noexec,nodev,nosuid,atime,noatime,nodiratime,ro,rw,sync,dirsync,noload,uid=ignore\n")
+ if self._fs_name.startswith("ext"):
+ test_custom_option(self, False, "errors=remount-ro", True, "", match_mount_option="errors=remount-ro")
+ test_custom_option(self, True, "errors=panic", False, "")
+ test_custom_option(self, True, "errors=continue", False, "")
# udev rules overrides
test_readonly(self, False, "", udev_rules_content = { "UDISKS_MOUNT_OPTIONS_DEFAULTS": "rw" })

96
SPECS/udisks2.spec
View File

@ -20,9 +20,10 @@
%define is_fedora 0%{?rhel} == 0
# bcache is not available on RHEL
%if (0%{?rhel}) || %{with_bcache} == 0
# bcache and zram are not available on RHEL
%if (0%{?rhel})
%define with_bcache 0
%define with_zram 0
%endif
# btrfs is not available on RHEL > 7
@ -43,7 +44,6 @@
# feature parity with existing RHEL 7 packages
%if (0%{?rhel}) && (0%{?rhel} <= 7)
%define with_lsm 0
%define with_zram 0
%define with_lvmcache 0
%endif
@ -56,7 +56,7 @@
Name: udisks2
Summary: Disk Manager
Version: 2.9.0
Release: 6%{?dist}
Release: 16%{?dist}
License: GPLv2+
Group: System Environment/Libraries
URL: https://github.com/storaged-project/udisks
@ -65,6 +65,10 @@ Patch0: udisks-2.9.1-teardown-needle-match.patch
Patch1: udisks-2.9.1-lvm_vdo-test_resize_physical-size.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1855785
Patch2: udisks-2.9.1-drive_ata_tests.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2120697
Patch3: udisks-2.10.0-block_format_ata_secure_erase.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2135773
Patch4: udisks-2.10.0-iscsi-auth-info.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1845973
Patch10: udisks-2.9.1-daemon-Always-flush-interface-property-changes.patch
Patch11: udisks-2.9.1-lvm2-Always-flush-interface-property-changes.patch
@ -73,6 +77,34 @@ Patch13: udisks-2.9.1-iscsi-Always-flush-interface-property-changes.patch
Patch14: udisks-2.9.1-zram-Always-flush-interface-property-changes.patch
Patch15: udisks-2.9.2-udisksdaemonutil-Refactor-udisks_daemon_util_trigger.patch
Patch16: udisks-2.9.2-udiskslinuxmanager-Trigger-uevent-after-loop-device-setup.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2004422
Patch17: udisks-2.9.4-ext-mount-options.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2213715
Patch18: udisks-2.10.0-iscsi_timeout.patch
Patch20: udisks-2.10.0-tests-drive_ata-apm.patch
Patch21: udisks-2.10.0-tests-no-dev_disk-by-path.patch
Patch22: tests-disable-zram.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2023880
# https://bugzilla.redhat.com/show_bug.cgi?id=2025483
Patch23: udisks-2.10.0-vdo_test_writeAmplificationRatio.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1999149
Patch24: udisks-2.10.0-udiskslinuxencrypted_GError.patch
Patch25: udisks-2.10.0-udiskslinuxpartition_GError.patch
Patch26: udisks-2.10.0-udiskslinuxpartitiontable_GError.patch
Patch27: udisks-2.10.0-udiskslinuxfilesystem_GError.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1966460
Patch28: udisks-2.10.0-iscsi_test_01_badauth.patch
Patch29: udisks-2.10.0-iscsi_test_02_lio_target_conf.patch
Patch31: udisks-2.10.0-iscsi_test_04_fix_test_login_chap_auth.patch
Patch32: udisks-2.10.0-iscsi_test_05_restart_iscsid.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2188991
Patch33: udisks-2.10.0-iscsi-CHAP-auth-algs.patch
Patch34: udisks-2.9.4-FIPS_LUKS_fixes-2.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2039772
Patch35: udisks-2.10.0-lvm2_update_epoch.patch
Patch36: udisks-2.10.0-lvm2_vgcreate_uevent_sync.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2213193
Patch37: udisks-2.10.0-iscsi-ibft-chap-auth.patch
BuildRequires: glib2-devel >= %{glib2_version}
BuildRequires: gobject-introspection-devel >= %{gobject_introspection_version}
@ -280,6 +312,8 @@ This package contains module for VDO management.
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
@ -287,6 +321,25 @@ This package contains module for VDO management.
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%patch34 -p1
%patch35 -p1
%patch36 -p1
%patch37 -p1
sed -i udisks/udisks2.conf.in -e "s/encryption=luks1/encryption=%{default_luks_encryption}/"
%build
@ -479,6 +532,41 @@ fi
%endif
%changelog
* Thu Aug 03 2023 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-16
- iscsi: Fix login on firmware-discovered nodes (#2213193)
- tests: Extend iscsi method call timeouts (#2213715)
* Tue Jun 06 2023 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-15
- Reimport gating tests
* Fri Jun 02 2023 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-14
- iscsi: CHAP auth algorithm selection fixes (#2188991)
- tests: Use stronger passphrases for LUKS tests
- lvm2: Improve uevent processing (#2039772)
* Tue Nov 01 2022 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-13
- Fix iscsi test auth failures (#1966460)
* Wed Oct 19 2022 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-12
- Fix iscsi authentication info override (#2135773)
* Fri Sep 16 2022 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-11
- Fix the patch list
* Fri Sep 16 2022 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-10
- Restrict ATA Secure Erase Format() options (#2120697)
* Tue Feb 01 2022 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-9
- Fix LVM-VDO statistics tests (#2023880,#2025483)
- Fix GError ownership (#1999149)
* Mon Oct 25 2021 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-8
- CVE-2021-3802: Harden the default mount options for ext filesystems (#2004422)
* Fri Apr 23 2021 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-7
- Do not build udisks2-zram (#1923078)
- Fix Drive.ATA test failures (#1926827)
* Tue Jan 26 2021 Tomas Bzatek <tbzatek@redhat.com> - 2.9.0-6
- Rebuilt for new docbook-style-xsl (#1853153)