eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 19:00:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
3,589 Commits 15 Branches 78 Tags
429afe8fc3532bb30cc8b47a8247a61a643be59c
Commit Graph

3589 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ondrej Kozina
3b85ab2dc1 Do not continue operation when interrupted in PIN prompt. 2022-03-14 14:04:36 +00:00
Ondrej Kozina
2a5483d8c3 Add progress function init before reencryption loop. 
Otherwise elapsed time tracking is off and also breaks
speed estimation.
 2022-03-07 12:35:38 +01:00
Ondrej Kozina
8340d0cb1a Remove useless condition in reencryption loop. 
(always true)
 2022-03-07 12:35:38 +01:00
Ondrej Kozina
3cd5d83ee9 Add --progress-json parameter to utilities. 
Progress data can now be printed out in json format
suitable for machine processing.
 2022-03-07 12:35:38 +01:00
Ondrej Kozina
6852c49d0c Merge progress functions into single routine. 2022-03-07 12:35:38 +01:00
Ondrej Kozina
63c79256e4 Refactor time diff calculation helper. 2022-03-07 12:35:38 +01:00
Ondrej Kozina
75622b332b Improve progress routine for cryptsetup utilities. 
The progress routine is now fully translated and
prints out progress in following manner (examples):

Progress: 25,5%, ETA 00m31s, 7 GiB written, speed 838,6 MiB/s
Progress: 25,5%, ETA 20h11m31s, 7 GiB written, speed 24 KiB/s
Progress: 25,5%, ETA 06 days, 12 MiB written, speed 4 KiB/s

Also got rid of -lm dependency due to floor().

Fixes: #671.
 2022-03-07 12:35:38 +01:00
Ondrej Kozina
c1e94abbab Move progress utilities in separate file. 2022-03-07 12:35:38 +01:00
Ondrej Kozina
1af7eefbc0 Minor time progress print out improvements. 
Mostly moves float arithmetics in slow path and
also cleans up code a bit.
 2022-03-07 12:35:37 +01:00
Milan Broz
bf4a039d50 Add a debug info if maximum interactive passphrase was read (possible trimmed). 
If passphrase is read from a real terminal, there is maximum
interactive input length applied. This means that passphrase
can be trimmed in this case.

This patch adds debug log warning, if read does not detect
end of input (EOL or EOF) and the maximal input read is achieved.

We cannot say for sure if the next character is EOL without
actually reading it, debug warning should be enough in this case.

Fixes: #699
 2022-02-25 14:14:03 +01:00
Milan Broz
0085985419 Fix gcc warnings in tests. 2022-02-24 20:28:29 +01:00
Milan Broz
12c35da768 Check all snprintf calls for returning values for tests. 2022-02-24 20:28:25 +01:00
Milan Broz
677e06c48a Check all snprintf calls for returning values. 2022-02-24 20:28:18 +01:00
Milan Broz
c27d6a89bb Add hint for false positive coverity warning. 2022-02-24 14:04:24 +01:00
Milan Broz
e5ce189db8 Add info about broken Intel QAT crypt drivers to FAQ. 2022-02-24 11:05:25 +01:00
Milan Broz
3407cbbad1 Add info about bug report to FAQ and add SECURITY.md file. 2022-02-23 22:20:09 +01:00
Milan Broz
2c91590d52 Add info about CVE-2021-4122 to FAQ. 2022-02-23 21:35:20 +01:00
Milan Broz
c5e500ea0f Add note about fake RAID and data corruption. 
Fixes: #714
 2022-02-23 21:27:05 +01:00
Milan Broz
5efe03ddd7 Update mailing list info in FAQ. 2022-02-23 21:08:34 +01:00
Ondrej Kozina
8ab41e0776 Improve debug messages while verifying reencryption metadata. 2022-02-23 15:00:11 +01:00
Ondrej Kozina
f671febe64 Add more tests for --test-passphrase parameter. 2022-02-23 15:00:11 +01:00
Ondrej Kozina
0a9f14c658 Fix --test-passphrase when device in reencryption. 
Commit 0113ac2d broke test passphrase mode when
device was in LUKS2 reencryption.

Previously --test-passphrase parameter automatically raised
CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY flag. It did not make sense
when users mostly want to test whether device can be activated by
provided passphrase or not. Raise the aforementioned flag only
if user requested it either by --unbound parameter or when
specific keyslot was selected.

Reported in: https://bugzilla.redhat.com/show_bug.cgi?id=2056439

Fixes: #716.
 2022-02-23 15:00:08 +01:00
Ondrej Kozina
6b774e617b Remove unused funtion prototype and few useless comments. 2022-02-23 12:28:20 +01:00
Milan Broz
0d6b63a6a2 FAQ: Use relative links in chapter references. 2022-02-22 12:17:25 +01:00
Milan Broz
6018d2bcd8 Use markdown version of FAQ. 2022-02-22 12:03:37 +01:00
Ondrej Kozina
d5dbde5dd1 Clarify graceful reencryption interruption. 
Currently it can be interrupted by both SIGINT and SIGTERM
signals.

Fixes: #715.
 2022-02-21 11:38:57 +01:00
Milan Broz
ef7559bad9 Print output of verity test if concurrent check fails. 
This tests randomly fails in CI, at least print output if this happens.
 2022-02-21 10:13:38 +00:00
Milan Broz
e9e994fb0d Run some io to actually test dm-crypt flags. 2022-02-21 10:13:38 +00:00
Arno Wagner
c5d9f3f380 Typos, additional info on dd use. 2022-02-20 20:19:16 +00:00
Milan Broz
d23943f989 Fix old list archive link. 2022-02-17 19:58:55 +01:00
Milan Broz
b47b89adac Add new list info. 2022-02-17 19:56:00 +01:00
daniel.zatovic
452467661e Support --device-size option for plain devices. 2022-02-13 08:52:39 +00:00
Ondrej Kozina
bef46c950d Properly detect optimal encryption sector size. 
Move code setting data device during format so that
we can properly detect optimal encryption sector size
for data device instead of metadata device (header).

Fixes: #708.
 2022-02-09 15:43:25 +01:00
Milan Broz
5c323e9146 Remove ssh backgroud option causing spurious test failures. 
The keyfile creation must be synchronous, otherwise following command
can fail ("SFTP server: No such file").
 2022-02-08 22:12:35 +01:00
Milan Broz
33d8605924 Fix duplicate ssh plugin error message. 2022-02-08 22:12:31 +01:00
Vojtech Trefny
76086dbe95 ssh-plugin-test: Make the test fail if SSH setup fails 
We should avoid silently skipping the test if there is something
wrong with the test itself. If we have all dependencies, the test
should be able to run.
 2022-02-08 16:10:31 +01:00
Vojtech Trefny
7eb44f32a3 ssh-plugin-test: Copy SSH key manually instead of with ssh-copy-id 
ssh-copy-id requires password authentication that might be disabled
on some cloud images. We can simply copy the key manually, because
everything runs on localhost anyway.

Fixes: #701
 2022-02-08 16:10:08 +01:00
Milan Broz
cef0dc059a Add missing variable to run ssh plugin test. 2022-02-08 10:45:12 +01:00
Milan Broz
e4091fe8a5 Fix some benign warnings with gcc-12. 
The string buffer is large enough, but gcc do not understant it.
Easy to avoid these warnings with a larger buffer here.
 2022-02-06 18:03:49 +01:00
Milan Broz
685148af00 Enable new warnings (introduced in gcc-12). 2022-02-06 18:02:41 +01:00
Ondrej Kozina
8798aa0a75 Do not upload keys in keyring during offline reencryption. 
Fixes: #696.
 2022-02-05 10:29:55 +00:00
Ondrej Kozina
7ca1a233f1 Split reencrypt_verify_and_upload_keys function. 2022-02-05 10:29:55 +00:00
Ondrej Kozina
ab295b1159 Do not resume device when not suspended. 
Abort action luksResume early if device is not suspended.
We would needlesly ask for passphrase or load cryptsetup
plugins only to fail later in crypt_resume_by_* API.
 2022-02-04 13:41:24 +01:00
Ondrej Kozina
fea648cb1d Add support for crypt_resume_by_token_pin in cryptsetup. 2022-02-04 13:40:22 +01:00
Ondrej Kozina
ce6f6a48e8 Add crypt_resume_by_token_pin API. 2022-02-04 13:40:20 +01:00
Ondrej Kozina
416f1343fe Split LUKS2_activate_by_token. 2022-02-04 13:32:45 +01:00
Ondrej Kozina
388ba9f00d Add explicit tests for command failure in LUKS1 reencryption test. 2022-02-04 11:28:05 +01:00
Ondrej Kozina
e38a184907 Avoid partial read in luks1 reencryption loop. 
Starting with kernel 5.17-rc there are some changes
in block layer aiming to block partial I/O in
O_DIRECT mode.
 2022-02-04 11:28:05 +01:00
Milan Broz
f2dbab7043 Add more label/susbystem API tests. 2022-02-03 11:43:04 +01:00
Luca Boccassi
2938c1f077 Add crypt_get_label/subsystem 
There's an API to set the label and subsystem, and they are
dumped with luksDump, but there's no programmatic interface
to query them.
 2022-02-03 10:23:57 +00:00