cryptsetup

mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 10:50:01 +01:00

Author	SHA1	Message	Date
Milan Broz	0369ffdcc1	Rename ssh plugin test to ssh-test-plugin. So we can filter it out in local tests (-test means generic tests, -test-plugin specific plugin tests).	2022-07-18 09:11:23 +02:00
Milan Broz	648a85ed3a	Unify use of tabulators in tests.	2022-07-16 19:14:31 +00:00
Milan Broz	8f3884e0d7	Change default target for Makefile.localtest.	2022-07-16 19:14:31 +00:00
Guilhem Moulin	289d5e5891	Add unit-utils-crypt-test to Makefile.localtest's list of tests. This requires (re-)building the executable with -DNO_CRYPTSETUP_PATH. Only in that case do we allow the test to run under non-empty $CRYPTSETUP_PATH.	2022-07-16 19:14:31 +00:00
Guilhem Moulin	b37d04975d	Add compat-test-args to Makefile.localtest's list of tests.	2022-07-16 19:14:31 +00:00
Guilhem Moulin	6578dac2f9	Add blockwise-compat to Makefile.localtest's list of tests. This requires (re-)building `unit-utils-io` with -DNO_CRYPTSETUP_PATH. Only in that case do we allow the test to run under non-empty $CRYPTSETUP_PATH.	2022-07-16 19:14:31 +00:00
Guilhem Moulin	dc5f284e42	blockwise-compat: Wait a bit so scsi_debug has a chance to fully initialize. Similar to `a76c96d361`. See also !386.	2022-07-16 19:14:31 +00:00
Guilhem Moulin	32149e4ee7	blockwise-compat: Make skip() exit with status 77. This is mostly useful under TESTSUITE_NOSKIP=y.	2022-07-16 19:14:31 +00:00
Guilhem Moulin	0e4857ee81	unit-wipe-test: Make skip() exit with status 77. This is mostly useful under TESTSUITE_NOSKIP=y.	2022-07-16 19:14:31 +00:00
Milan Broz	06dd06ea27	tests: allow unit-wipe-test to run with local tests.	2022-07-16 19:14:31 +00:00
Milan Broz	03eb8f860a	tests: check for differ existence in compat-test.	2022-07-16 19:14:31 +00:00
Guilhem Moulin	fbcef71c41	Pass $(LDFLAGS) when building fake_token_path.so. The Debian tooling sets ‘LDFLAGS = -Wl,-z,relro -Wl,-z,now’ and complains when anything is built without hardened compiler/linker flags. Granted this is a non-issue here since fake_token_path.so isn't included in any binary package, but muting the false positive is arguably no better fix than honoring $(LDFLAGS) during the build.	2022-07-16 13:51:11 +02:00
Milan Broz	8315ada3b0	Fix wipe unit test if direct-io not available. If test is run in tmpfs, direct-io is not supported. Thanks Guilhem Moulin for reporting the issue.	2022-07-15 21:50:21 +02:00
Yuri Chornoivan	782dae9292	po: update uk.po (from translationproject.org)	2022-07-15 20:15:48 +02:00
Jakub Bogusz	96c0544527	po: update pl.po (from translationproject.org)	2022-07-15 20:15:48 +02:00
Hiroshi Takekawa	cb7e2c6433	po: update ja.po (from translationproject.org)	2022-07-15 20:15:48 +02:00
Petr Pisar	f0da65cc63	po: update cs.po (from translationproject.org)	2022-07-15 20:15:48 +02:00
Guilhem Moulin	a76c96d361	unit-wipe-test: Wait a bit so scsi_debug has a chance to fully initialize. On my test system `tests/unit-wipe-test` fails (as root) due to a race condition in add_device(): root@host:~# ./unit-wipe-test [1] Wipe full file [0/DIO][0][1048576/DIO][1048576][4194304/DIO][4194304][OK] [2] Wipe blocks in file [0/DIO][0][1048576/DIO][1048576][4194304/DIO][4194304][OK] [ 105.828258] scsi_debug:sdebug_driver_probe: scsi_debug: trim poll_queues to 0. poll_q/nr_hw = (0/1) [ 105.830450] scsi host2: scsi_debug: version 0191 [20210520] [ 105.830450] dev_size_mb=8, opts=0x0, submit_queues=1, statistics=0 [ 105.832924] scsi 2:0:0:0: Direct-Access Linux scsi_debug 0191 PQ: 0 ANSI: 7 [ 105.835417] scsi 2:0:0:0: Attached scsi generic sg1 type 0 FAIL Cannot find /dev/. FAILED backtrace: 48 ./unit-wipe-test 144 main ./unit-wipe-test [ 105.875131] sd 2:0:0:0: Power-on or device reset occurred [ 105.876069] sd 2:0:0:0: [sda] 16384 512-byte logical blocks: (8.39 MB/8.00 MiB) [ 105.877190] sd 2:0:0:0: [sda] Write Protect is off [ 105.878002] sd 2:0:0:0: [sda] Write cache: enabled, read cache: enabled, supports DPO and FUA [ 105.879619] sd 2:0:0:0: [sda] Optimal transfer size 524288 bytes [ 105.914222] sd 2:0:0:0: [sda] Attached SCSI disk [ 106.866296] sd 2:0:0:0: [sda] Synchronizing SCSI cache Observe how the “Power-on or device reset occurred” event occurs only after add_device() has returned. Interestingly, for subsequent runs the delay appears to be much shorter and doesn't trigger the race condition: root@host:~# ./unit-wipe-test [1] Wipe full file [0/DIO][0][1048576/DIO][1048576][4194304/DIO][4194304][OK] [2] Wipe blocks in file [0/DIO][0][1048576/DIO][1048576][4194304/DIO][4194304][OK] [ 130.639855] scsi_debug:sdebug_driver_probe: scsi_debug: trim poll_queues to 0. poll_q/nr_hw = (0/1) [ 130.641463] scsi host2: scsi_debug: version 0191 [20210520] [ 130.641463] dev_size_mb=8, opts=0x0, submit_queues=1, statistics=0 [ 130.643809] scsi 2:0:0:0: Direct-Access Linux scsi_debug 0191 PQ: 0 ANSI: 7 [ 130.645342] sd 2:0:0:0: Power-on or device reset occurred [ 130.646364] sd 2:0:0:0: [sda] 16384 512-byte logical blocks: (8.39 MB/8.00 MiB) [ 130.647585] sd 2:0:0:0: [sda] Write Protect is off [ 130.648428] sd 2:0:0:0: Attached scsi generic sg1 type 0 [ 130.649339] sd 2:0:0:0: [sda] Write cache: enabled, read cache: enabled, supports DPO and FUA [ 130.650763] sd 2:0:0:0: [sda] Optimal transfer size 524288 bytes [ 130.682223] sd 2:0:0:0: [sda] Attached SCSI disk [3] Wipe full block device [0/DIO][0][1048576/DIO][1048576][4194304/DIO][4194304][OK] [4] Wipe blocks in block device [0/DIO][0][1048576/DIO][1048576][4194304/DIO][4194304][OK] [ 137.858283] sd 2:0:0:0: [sda] Synchronizing SCSI cache This commit adds an optional 2s delay if scsi_debug hasn't shown up in sysfs after the modprobe call.	2022-07-15 18:13:37 +00:00
Guilhem Moulin	3106b4e2c1	More typo and spelling fixes. Reported by `git ls-tree -rz --name-only \| grep -Evz -e '\.(pdf\|xz)$' -e ^po/ \| xargs -r0 spellintian --`. All changes are documentation-related (comments, manuals, etc.) except for s/fial/fail/ in tests/unit-wipe-test. The remaining entry are AFAICT all false positives, mostly annotations such as `@param name name of xyz` or `struct foo foo`: $ git ls-tree -rz HEAD --name-only \| grep -Evz -e '\.(pdf\|xz)$' -e ^po/ \| xargs -r0 spellintian -- COPYING.LGPL: "GNU Library Public License" -> "GNU Library General Public License" autogen.sh: echo echo (duplicate word) -> echo configure.ac: fi fi (duplicate word) -> fi docs/v1.7.2-ReleaseNotes: option option (duplicate word) -> option lib/crypto_backend/cipher_check.c: block block (duplicate word) -> block lib/libcryptsetup.h: name name (duplicate word) -> name lib/libcryptsetup.h: type type (duplicate word) -> type lib/libcryptsetup.h: passphrase passphrase (duplicate word) -> passphrase lib/libcryptsetup.h: flags flags (duplicate word) -> flags lib/libcryptsetup.h: password password (duplicate word) -> password lib/libcryptsetup.h: salt salt (duplicate word) -> salt lib/libcryptsetup.h: keyslot keyslot (duplicate word) -> keyslot lib/libcryptsetup.h: priority priority (duplicate word) -> priority lib/libcryptsetup.h: offset offset (duplicate word) -> offset lib/libcryptsetup.h: length length (duplicate word) -> length lib/libcryptsetup.h: keyfile keyfile (duplicate word) -> keyfile lib/libcryptsetup.h: token token (duplicate word) -> token lib/libcryptsetup.h: cipher cipher (duplicate word) -> cipher lib/libcryptsetup.h: size size (duplicate word) -> size lib/luks2/luks2_json_metadata.c: long long (duplicate word) -> long lib/luks2/luks2_keyslot_luks2.c: AFEKSize AFEKSize (duplicate word) -> AFEKSize lib/luks2/luks2_reencrypt.c: alignment alignment (duplicate word) -> alignment lib/luks2/luks2_reencrypt_digest.c: ptr ptr (duplicate word) -> ptr lib/luks2/luks2_reencrypt_digest.c: buffer buffer (duplicate word) -> buffer lib/luks2/luks2_segment.c: min min (duplicate word) -> min lib/verity/verity_fec.c: blocks blocks (duplicate word) -> blocks man/cryptsetup.8.adoc: LUKS LUKS (duplicate word) -> LUKS scripts/cryptsetup.conf.in: root root (duplicate word) -> root src/Makemodule.am: endif endif (duplicate word) -> endif src/cryptsetup.c: long long (duplicate word) -> long src/utils_args.c: long long (duplicate word) -> long tests/compat-test2: fi fi (duplicate word) -> fi tests/device-test: echo echo (duplicate word) -> echo tests/differ.c: long long (duplicate word) -> long tests/loopaes-test: done done (duplicate word) -> done tests/luks2-integrity-test: aead aead (duplicate word) -> aead tests/luks2-reencryption-test: fi fi (duplicate word) -> fi tests/mode-test: done done (duplicate word) -> done tests/password-hash-test: cat cat (duplicate word) -> cat tests/password-hash-test: fi fi (duplicate word) -> fi tests/unit-wipe.c: long long (duplicate word) -> long tests/verity-compat-test: done done (duplicate word) -> done tests/verity-compat-test: fi fi (duplicate word) -> fi tokens/ssh/cryptsetup-ssh.c: argp argp (duplicate word) -> argp tokens/ssh/cryptsetup-ssh.c: arguments arguments (duplicate word) -> arguments (Treated COPYING.LGPL as a false positive too since it's the exact text from https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html .)	2022-07-15 16:35:02 +02:00
Guilhem Moulin	5d711c000f	Fix minor spelling errors. (Found by Lintian.)	2022-07-15 12:16:39 +02:00
Milan Broz	bf2e48e404	Version 2.5.0-rc1. v2.5.0-rc1	2022-07-14 16:00:01 +02:00
Ondrej Kozina	d943b2efb9	Clarify cryptsetup-open options in man page.	2022-07-14 13:51:37 +00:00
Milan Broz	02d5c5ce38	Add 2.5.0-rc1 Release Notes.	2022-07-14 14:10:33 +02:00
Milan Broz	bdc97ef389	Update cryptsetup.pot.	2022-07-14 14:09:45 +02:00
Milan Broz	6540ffd1a6	Fix spacing with man footer by adding space. So it is always separate section.	2022-07-14 09:42:04 +02:00
Milan Broz	c7a8c9a620	Always regenerate man pages if source file changes.	2022-07-14 09:42:01 +02:00
Milan Broz	d96dcff883	Set 2.5.0-rc1 version.	2022-07-13 21:13:07 +02:00
Milan Broz	4034c548c2	Update LUKS2 on-disk description.	2022-07-13 21:13:07 +02:00
daniel.zatovic	8eff391a66	Regenerate manual pages using AsciiDoctor in spec file.	2022-07-13 21:08:17 +02:00
daniel.zatovic	dae6aa0384	Obsolete cryptsetup-reencrypt and add manual pages to spec file. The cryptsetup-reencrypt utility is now replaced by reencrypt action. New per-action manual pages have been added.	2022-07-13 21:08:15 +02:00
daniel.zatovic	a2afe0396f	Split manual pages into per-action page and use AsciiDoc format Use pre-generated man pages in make dist. [Added fixes and updates from Ondrej Kozina and Milan Broz]	2022-07-13 21:08:02 +02:00
daniel.zatovic	fec2517386	CI: enable Asciidoctor	2022-07-13 16:03:35 +02:00
Ondrej Kozina	c413434715	Add error message for failed in-use auto-detect. When reencrypting image files cryptsetup is unable to detect reliably if image file is in use or not. User must decide it explictly. Add error message that references --force-offline-reencrypt to solve the issue in non interactive mode. (It will be replaced with early detection in before 2.5.0 final release).	2022-07-13 10:56:17 +00:00
Milan Broz	aa126ac10a	Remove dracut plugin that is obsolete and will not work with current reencrypt code.	2022-07-12 17:58:48 +00:00
Ondrej Kozina	56d4e9924e	Add LUKS2 reencryption mangle tests.	2022-07-12 14:05:03 +02:00
Ondrej Kozina	a60fd0a81b	Do not fail LUKS2 validation by newer online-reencrypt requirement. Do not invalidate LUKS2 format when future online-reencrypt requirement flag is encountered (by older releases). But it must stop device from being activated, reencrypted or modified.	2022-07-12 14:05:03 +02:00
Ondrej Kozina	af68e8a1da	Check for multiple online reencrypt requirement flags. Having multiple online-reencrypt requirements flags candidate in config section should invalidate LUKS2 metadata.	2022-07-12 14:05:03 +02:00
Ondrej Kozina	13f6dfa61f	Add proper version data to reencryption verification digest. LUKS2 decryption requires new online-reencrypt version flag (v3). The verification digest performs coding for version suffix in "online-reencrypt-v" flag string as follows: 'v1' : unused (no digest) 'v2' : 0x30 + 2 = 0x32 = '2' 'v3' : 0x30 + 3 = 0x33 = '3' (...) 'v10': 0x30 + 10 = 0x3A = ':' 'v11': 0x30 + 11 = 0x3B = ';' (...) 'v207': 0x30 + 207 = 0xFF	2022-07-12 14:03:25 +02:00
Ondrej Kozina	8493f6afd5	Change size of requirement version to 1 byte. Mostly due to reencryption verification routine currently expects only single byte of version data to create digest from.	2022-07-12 13:54:24 +02:00
Milan Broz	1a55b69a0f	Fix leak of dm target structure. The dmd_source need to be cleared with dm_targets_free().	2022-07-07 09:17:13 +00:00
Milan Broz	914f621251	Do not use uninitialized memory for cipher check. We do not care about the bufer content, but valgrind do, just wipe the buffer before test.	2022-07-07 09:17:13 +00:00
Milan Broz	5904516122	Skip reencryption test if required ciphers are not available in userspace. This happens for some very old systems like CentOS6 or own compiled crypto libraries.	2022-07-05 15:08:43 +02:00
Milan Broz	4507ced868	Report failure if userspace cannot use specified cipher. Reencryption require support both for kernel and userspace library. If only kernel supports the copher, the error was quiet.	2022-07-05 15:07:33 +02:00
Milan Broz	b4603f1e28	Fix valgrind test in compat-test.	2022-07-04 14:34:04 +02:00
Petr Pisar	1c21c24f7b	po: update cs.po (from translationproject.org)	2022-07-04 09:36:22 +02:00
Ondrej Kozina	0009d9532e	Extend LUKS2 decryption with datashift API tests.	2022-06-30 11:21:38 +02:00
Ondrej Kozina	47cb9b0ee2	Fix copy&paste mistake in exclusive open comment.	2022-06-27 16:01:50 +02:00
Ondrej Kozina	0ffd105cb8	Harden LUKS2 decryption with datashift parameters. Abort early if detached header is passed in API by any chance.	2022-06-27 16:01:50 +02:00
Ondrej Kozina	24d498e393	Add debug message in LUKS2 reencryption initialization.	2022-06-27 16:01:50 +02:00
Ondrej Kozina	3c8b3201d7	Improve crypt_reencrypt_status return values. Empty context or any non-LUKS types now returns CRYPT_REENCRYPT_INVALID value. For LUKS1 devices return CRYPT_REENCRYPT_NONE (since any LUKS1 device in legacy reencryption does not have valid LUKS1 header/metadata).	2022-06-27 16:01:50 +02:00

... 3 4 5 6 7 ...

3763 Commits