eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-20 15:20:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,329 Commits 13 Branches 81 Tags
1595fcf4793c4e9300b20087afe94d2ee4b541a5
Commit Graph

3329 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Milan Broz
0085985419 Fix gcc warnings in tests. 2022-02-24 20:28:29 +01:00
Milan Broz
12c35da768 Check all snprintf calls for returning values for tests. 2022-02-24 20:28:25 +01:00
Milan Broz
677e06c48a Check all snprintf calls for returning values. 2022-02-24 20:28:18 +01:00
Milan Broz
c27d6a89bb Add hint for false positive coverity warning. 2022-02-24 14:04:24 +01:00
Milan Broz
e5ce189db8 Add info about broken Intel QAT crypt drivers to FAQ. 2022-02-24 11:05:25 +01:00
Milan Broz
3407cbbad1 Add info about bug report to FAQ and add SECURITY.md file. 2022-02-23 22:20:09 +01:00
Milan Broz
2c91590d52 Add info about CVE-2021-4122 to FAQ. 2022-02-23 21:35:20 +01:00
Milan Broz
c5e500ea0f Add note about fake RAID and data corruption. 
Fixes: #714
 2022-02-23 21:27:05 +01:00
Milan Broz
5efe03ddd7 Update mailing list info in FAQ. 2022-02-23 21:08:34 +01:00
Ondrej Kozina
8ab41e0776 Improve debug messages while verifying reencryption metadata. 2022-02-23 15:00:11 +01:00
Ondrej Kozina
f671febe64 Add more tests for --test-passphrase parameter. 2022-02-23 15:00:11 +01:00
Ondrej Kozina
0a9f14c658 Fix --test-passphrase when device in reencryption. 
Commit 0113ac2d broke test passphrase mode when
device was in LUKS2 reencryption.

Previously --test-passphrase parameter automatically raised
CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY flag. It did not make sense
when users mostly want to test whether device can be activated by
provided passphrase or not. Raise the aforementioned flag only
if user requested it either by --unbound parameter or when
specific keyslot was selected.

Reported in: https://bugzilla.redhat.com/show_bug.cgi?id=2056439

Fixes: #716.
 2022-02-23 15:00:08 +01:00
Ondrej Kozina
6b774e617b Remove unused funtion prototype and few useless comments. 2022-02-23 12:28:20 +01:00
Milan Broz
0d6b63a6a2 FAQ: Use relative links in chapter references. 2022-02-22 12:17:25 +01:00
Milan Broz
6018d2bcd8 Use markdown version of FAQ. 2022-02-22 12:03:37 +01:00
Ondrej Kozina
d5dbde5dd1 Clarify graceful reencryption interruption. 
Currently it can be interrupted by both SIGINT and SIGTERM
signals.

Fixes: #715.
 2022-02-21 11:38:57 +01:00
Milan Broz
ef7559bad9 Print output of verity test if concurrent check fails. 
This tests randomly fails in CI, at least print output if this happens.
 2022-02-21 10:13:38 +00:00
Milan Broz
e9e994fb0d Run some io to actually test dm-crypt flags. 2022-02-21 10:13:38 +00:00
Arno Wagner
c5d9f3f380 Typos, additional info on dd use. 2022-02-20 20:19:16 +00:00
Milan Broz
d23943f989 Fix old list archive link. 2022-02-17 19:58:55 +01:00
Milan Broz
b47b89adac Add new list info. 2022-02-17 19:56:00 +01:00
daniel.zatovic
452467661e Support --device-size option for plain devices. 2022-02-13 08:52:39 +00:00
Ondrej Kozina
bef46c950d Properly detect optimal encryption sector size. 
Move code setting data device during format so that
we can properly detect optimal encryption sector size
for data device instead of metadata device (header).

Fixes: #708.
 2022-02-09 15:43:25 +01:00
Milan Broz
5c323e9146 Remove ssh backgroud option causing spurious test failures. 
The keyfile creation must be synchronous, otherwise following command
can fail ("SFTP server: No such file").
 2022-02-08 22:12:35 +01:00
Milan Broz
33d8605924 Fix duplicate ssh plugin error message. 2022-02-08 22:12:31 +01:00
Vojtech Trefny
76086dbe95 ssh-plugin-test: Make the test fail if SSH setup fails 
We should avoid silently skipping the test if there is something
wrong with the test itself. If we have all dependencies, the test
should be able to run.
 2022-02-08 16:10:31 +01:00
Vojtech Trefny
7eb44f32a3 ssh-plugin-test: Copy SSH key manually instead of with ssh-copy-id 
ssh-copy-id requires password authentication that might be disabled
on some cloud images. We can simply copy the key manually, because
everything runs on localhost anyway.

Fixes: #701
 2022-02-08 16:10:08 +01:00
Milan Broz
cef0dc059a Add missing variable to run ssh plugin test. 2022-02-08 10:45:12 +01:00
Milan Broz
e4091fe8a5 Fix some benign warnings with gcc-12. 
The string buffer is large enough, but gcc do not understant it.
Easy to avoid these warnings with a larger buffer here.
 2022-02-06 18:03:49 +01:00
Milan Broz
685148af00 Enable new warnings (introduced in gcc-12). 2022-02-06 18:02:41 +01:00
Ondrej Kozina
8798aa0a75 Do not upload keys in keyring during offline reencryption. 
Fixes: #696.
 2022-02-05 10:29:55 +00:00
Ondrej Kozina
7ca1a233f1 Split reencrypt_verify_and_upload_keys function. 2022-02-05 10:29:55 +00:00
Ondrej Kozina
ab295b1159 Do not resume device when not suspended. 
Abort action luksResume early if device is not suspended.
We would needlesly ask for passphrase or load cryptsetup
plugins only to fail later in crypt_resume_by_* API.
 2022-02-04 13:41:24 +01:00
Ondrej Kozina
fea648cb1d Add support for crypt_resume_by_token_pin in cryptsetup. 2022-02-04 13:40:22 +01:00
Ondrej Kozina
ce6f6a48e8 Add crypt_resume_by_token_pin API. 2022-02-04 13:40:20 +01:00
Ondrej Kozina
416f1343fe Split LUKS2_activate_by_token. 2022-02-04 13:32:45 +01:00
Ondrej Kozina
388ba9f00d Add explicit tests for command failure in LUKS1 reencryption test. 2022-02-04 11:28:05 +01:00
Ondrej Kozina
e38a184907 Avoid partial read in luks1 reencryption loop. 
Starting with kernel 5.17-rc there are some changes
in block layer aiming to block partial I/O in
O_DIRECT mode.
 2022-02-04 11:28:05 +01:00
Milan Broz
f2dbab7043 Add more label/susbystem API tests. 2022-02-03 11:43:04 +01:00
Luca Boccassi
2938c1f077 Add crypt_get_label/subsystem 
There's an API to set the label and subsystem, and they are
dumped with luksDump, but there's no programmatic interface
to query them.
 2022-02-03 10:23:57 +00:00
Milan Broz
95d35ecf4b Allow CI rawhide runner to fail. 
As there is often something broken (currently kernel), let's just
set it to allow_failure in CI.
 2022-02-03 11:21:48 +01:00
Milan Broz
a1baa01ddd Set higher timeout for interactive tests. 
Under heavy load 10 seconds is not enough, just use the same
values as when running under valgrind.
 2022-02-03 08:05:11 +01:00
Ondrej Kozina
7ab7365020 Add check program for symver attribute. 
Fixes: #709.
 2022-02-02 21:30:48 +00:00
daniel.zatovic
43a636d809 CI: Detect core dumps generated during testing 2022-02-02 20:32:53 +00:00
Milan Broz
8531a8a753 Skip more tests if --disable-cryptsetup is used. 
If there is no cryptsetup, some tests returns ok while noting was
tested in reality. Just mark them skipped.
 2022-02-02 21:29:54 +01:00
Alyssa Ross
c0cef43a4e Skip cryptsetup tests when cryptsetup is disabled 
If configured with --disable-cryptsetup (e.g. if only veritysetup is
required), these tests won't be able to run cryptsetup, so they need
to be skipped.
 2022-02-02 16:51:49 +00:00
Ondrej Kozina
06b6542b28 Remove -Wno-attributes from -Wall tests. 
It breaks compile time check for __attribute__((__symver__))
and it does not make sense either. Quoting gcc man page:

-Wno-attributes

Do not warn if an unexpected "__attribute__" is used, such as
unrecognized attributes, function attributes applied to variables,
etc. This does not stop errors for incorrect use of supported attributes.

Well, we do want to check for unsupported __attributes__ un our code,
right?
 2022-02-02 15:05:09 +01:00
Milan Broz
03adc091ce Use tabs in SSH plugin test. 2022-01-29 12:07:38 +01:00
Milan Broz
f85921497c Remove loop device use from SSH plugin test. 2022-01-29 12:07:35 +01:00
Milan Broz
ab975bc1c4 Update copyright year. 
And unify format in several places.
 2022-01-29 10:43:02 +01:00