Add disable-luks2 reencryption configure option.

The option --disable-luks2-reencryption completely disable LUKS2 reencryption code. When used, the libcryptsetup library can read metadata with reencryption code, but all reencryption API calls and cryptsetup reencrypt commands are disabled. Devices with online reencryption in progress cannot be activated. This option can cause some incompatibilities. Please use with care.
2025-12-23 00:30:02 +01:00 · 2022-01-02 16:57:31 +01:00
parent 18cb1eeeb9
commit d45e6788e8
6 changed files with 78 additions and 29 deletions
--- a/tests/api-test-2.c
+++ b/tests/api-test-2.c
@@ -3692,6 +3692,7 @@ static void Luks2Flags(void)
 	CRYPT_FREE(cd);
 }

+#if KERNEL_KEYRING && USE_LUKS2_REENCRYPTION
 static int test_progress(uint64_t size, uint64_t offset, void *usrptr)
 {
 	while (--test_progress_steps)
@@ -3702,7 +3703,6 @@ static int test_progress(uint64_t size, uint64_t offset, void *usrptr)
 static void Luks2Reencryption(void)
 {
 /* reencryption currently depends on kernel keyring support */
-#if KERNEL_KEYRING
 	/* NOTES:
 	 *  - reencryption requires luks2 parameters. can we avoid it?
 	 */
@@ -4404,8 +4404,8 @@ static void Luks2Reencryption(void)
 	crypt_free(cd);

 	_cleanup_dmdevices();
-#endif
 }
+#endif

 static void Luks2Repair(void)
 {
@@ -4521,7 +4521,9 @@ int main(int argc, char *argv[])
 	RUN_(Luks2Integrity, "LUKS2 with data integrity");
 	RUN_(Luks2Refresh, "Active device table refresh");
 	RUN_(Luks2Flags, "LUKS2 persistent flags");
+#if KERNEL_KEYRING && USE_LUKS2_REENCRYPTION
 	RUN_(Luks2Reencryption, "LUKS2 reencryption");
+#endif
 	RUN_(Luks2Repair, "LUKS2 repair"); // test disables metadata locking. Run always last!

 	_cleanup();