Commit 0113ac2d broke test passphrase mode when
device was in LUKS2 reencryption.
Previously --test-passphrase parameter automatically raised
CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY flag. It did not make sense
when users mostly want to test whether device can be activated by
provided passphrase or not. Raise the aforementioned flag only
if user requested it either by --unbound parameter or when
specific keyslot was selected.
Reported in: https://bugzilla.redhat.com/show_bug.cgi?id=2056439Fixes: #716.
Currently, token import and token add actions will fail if you use the
--token-id option to specify a token ID that is already in use, but there
are scenarios where you might genuinely want to replace an existing token
in a single atomic operation.
A use case for this might be for a keyslot that is protected by a
TPM, where you store the TPM sealed key and associated metadata as a
token and you want to update the PCR policy associated with the sealed
object or make other changes to it. Currently this requires importing a
new token and then removing the old token.
Instead, add a --token-replace option to allow token import and token
add to replace an existing token if you try to add or import one with an
ID that is already in use.
The routine was originaly used in code for resetting default
argument values. It was used in cli plugins related code
where we needed to parse command line arguments twice.
This reverts mostly these commits:
42692418c2a985c12659
The library was ment to export common functions shared by
all cryptsetup tools and planned LUKS2 tokens plugins.
It is no longer needed.
Introducing new library supposed to be used in
cryptsetup tools and future cryptsetup loadable plugins
TODO:
- distribution
- cleanup header files
- incorporate also plugin API?
