* [gentoo-commits] repo/gentoo:master commit in: dev-libs/volume_key/files/
@ 2017-11-07 16:12 Lars Wendler
0 siblings, 0 replies; only message in thread
From: Lars Wendler @ 2017-11-07 16:12 UTC (permalink / raw
To: gentoo-commits
commit: 75210cdaa457157c6ce6de8113f23e8c747d05e1
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 7 16:12:26 2017 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Nov 7 16:12:34 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=75210cda
dev-libs/volume_key: Replaced cryptsetup2 patch with official one.
Package-Manager: Portage-2.3.13, Repoman-2.3.4
.../files/volume_key-0.3.9-cryptsetup2.patch | 319 +++++++++++++++++++--
1 file changed, 291 insertions(+), 28 deletions(-)
diff --git a/dev-libs/volume_key/files/volume_key-0.3.9-cryptsetup2.patch b/dev-libs/volume_key/files/volume_key-0.3.9-cryptsetup2.patch
index c0386fabf72..2798e882345 100644
--- a/dev-libs/volume_key/files/volume_key-0.3.9-cryptsetup2.patch
+++ b/dev-libs/volume_key/files/volume_key-0.3.9-cryptsetup2.patch
@@ -1,25 +1,31 @@
-From a41c53d35b594a7fd8d5b92501b4fe52d7252909 Mon Sep 17 00:00:00 2001
-From: Milan Broz <gmazyland@gmail.com>
-Date: Tue, 17 Oct 2017 13:44:24 +0200
-Subject: [PATCH] volume_key: Switch to libcryptsetup error callback.
+From ecef526a51c5a276681472fd6df239570c9ce518 Mon Sep 17 00:00:00 2001
+From: Miloslav Trmač <mitr@redhat.com>
+Date: Nov 07 2017 15:55:55 +0000
+Subject: Stop using crypt_get_error
-This change should be compatible with new libcryptsetup as well.
-Note that now is error set even for retry, so the code must
-clear it after successfull (but retried) password query.
+Instead of crypt_get_error, which has been removed in cryptsetup 2.0,
+set up a log callback, which is available in both older and newer
+versions.
+
+Fixes #13.
-Signed-off-by: Milan Broz <gmazyland@gmail.com>
---
- lib/volume_luks.c | 21 ++++++++++++++-------
- 1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/lib/volume_luks.c b/lib/volume_luks.c
-index 14794d7..4034cc3 100644
+index 14794d7..f4bf2c8 100644
--- a/lib/volume_luks.c
+++ b/lib/volume_luks.c
-@@ -65,13 +65,8 @@ my_strerror (int err_no)
+@@ -61,17 +61,13 @@ my_strerror (int err_no)
+ }
+
+ /* Set ERROR based on libcryptsetup error state after returning RES.
+- Use CODE. */
++ Use CODE and LAST_LOG_ENTRY. */
static void
- error_from_cryptsetup (GError **error, LIBVKError code, int res)
+-error_from_cryptsetup (GError **error, LIBVKError code, int res)
++error_from_cryptsetup (GError **error, LIBVKError code, int res,
++ char *last_log_entry)
{
- /* It's not possible to get the error message length from libcryptsetup, just
- guess. */
@@ -28,41 +34,298 @@ index 14794d7..4034cc3 100644
- crypt_get_error (crypt_msg, sizeof (crypt_msg));
- if (crypt_msg[0] != '\0')
- g_set_error (error, LIBVK_ERROR, code, "%s", crypt_msg);
-+ if (error && *error && (*error)->message)
-+ (*error)->code = code;
++ if (last_log_entry != NULL && last_log_entry[0] != '\0')
++ g_set_error (error, LIBVK_ERROR, code, "%s", last_log_entry);
else
{
char *s;
-@@ -82,6 +77,16 @@ error_from_cryptsetup (GError **error, LIBVKError code, int res)
+@@ -82,17 +78,33 @@ error_from_cryptsetup (GError **error, LIBVKError code, int res)
}
}
-+void cryptsetup_log (int level, const char *msg, void *usrptr)
++static void
++record_cryptsetup_log_entry (int level, const char *msg, void *usrptr)
+{
-+ GError **error = usrptr;
++ char **last_log_entry = usrptr;
+
-+ if (level != CRYPT_LOG_ERROR)
-+ return;
-+ g_clear_error(error);
-+ g_set_error (error, LIBVK_ERROR, -1, "%s", msg);
++ if (level == CRYPT_LOG_ERROR)
++ {
++ g_free (*last_log_entry);
++ *last_log_entry = g_strdup (msg);
++ }
+}
+
/* Open volume PATH and load its header.
++ Set up *LAST_LOG_ENTRY to be updated to the last logged message for the
++ device. The caller must g_free(*LAST_LOG_ENTRY) after closing the device.
Return the volume, or NULL on error. */
static struct crypt_device *
-@@ -93,6 +98,7 @@ open_crypt_device (const char *path, GError **error)
+-open_crypt_device (const char *path, GError **error)
++open_crypt_device (const char *path, char **last_log_entry, GError **error)
+ {
+ struct crypt_device *cd;
+ int r;
+
++ *last_log_entry = NULL;
r = crypt_init (&cd, path);
if (r < 0)
goto err;
-+ crypt_set_log_callback(cd, cryptsetup_log, error);
++ crypt_set_log_callback(cd, record_cryptsetup_log_entry, last_log_entry);
r = crypt_load (cd, CRYPT_LUKS1, NULL);
if (r < 0)
goto err_cd;
-@@ -307,6 +313,7 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
+@@ -101,9 +113,12 @@ open_crypt_device (const char *path, GError **error)
+ err_cd:
+ crypt_free (cd);
+ err:
+- error_from_cryptsetup (error, LIBVK_ERROR_VOLUME_UNKNOWN_FORMAT, r);
++ error_from_cryptsetup (error, LIBVK_ERROR_VOLUME_UNKNOWN_FORMAT, r,
++ *last_log_entry);
+ g_prefix_error (error, _("Error getting information about volume `%s': "),
+ path);
++ g_free (*last_log_entry);
++ *last_log_entry = NULL;
+ return NULL;
+ }
+
+@@ -173,10 +188,11 @@ luks_volume_open (struct libvk_volume *vol, const char *path, GError **error)
+ {
+ struct luks_volume *luks;
+ struct crypt_device *cd;
++ char *last_log_entry;
+ const char *uuid;
+
+ (void)vol;
+- cd = open_crypt_device (path, error);
++ cd = open_crypt_device (path, &last_log_entry, error);
+ if (cd == NULL)
+ return NULL;
+ /* A bit of paranoia */
+@@ -187,6 +203,7 @@ luks_volume_open (struct libvk_volume *vol, const char *path, GError **error)
+ _("UUID mismatch between libblkid and libcryptsetup: `%s' "
+ "vs. `%s'"), vol->uuid, uuid);
+ crypt_free (cd);
++ g_free (last_log_entry);
+ return NULL;
+ }
+
+@@ -195,6 +212,7 @@ luks_volume_open (struct libvk_volume *vol, const char *path, GError **error)
+ luks->cipher_mode = g_strdup (crypt_get_cipher_mode (cd));
+ luks->key_bytes = crypt_get_volume_key_size (cd);
+ crypt_free (cd);
++ g_free (last_log_entry);
+
+ luks->key = NULL;
+ luks->passphrase = NULL;
+@@ -256,7 +274,7 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
+ const struct libvk_ui *ui, GError **error)
+ {
+ struct crypt_device *cd;
+- char *passphrase;
++ char *last_log_entry, *passphrase;
+ void *key;
+ size_t key_length;
+ int slot;
+@@ -276,7 +294,7 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
+ _("Encryption information type unsupported in LUKS"));
+ goto err;
+ }
+- cd = open_crypt_device (vol->path, error);
++ cd = open_crypt_device (vol->path, &last_log_entry, error);
+ if (cd == NULL)
+ goto err;
+ key_length = crypt_get_volume_key_size (cd);
+@@ -303,7 +321,7 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
+ g_free_passphrase (passphrase);
+ if (r != -EPERM)
+ {
+- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r);
++ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r, last_log_entry);
g_prefix_error (error, _("Error getting LUKS data encryption key: "));
goto err_prompt;
}
-+ g_clear_error(error);
+@@ -322,12 +340,14 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
+ vol->v.luks->passphrase_slot = slot;
+ g_free (prompt);
+ crypt_free (cd);
++ g_free (last_log_entry);
+ return 0;
+
+ err_prompt:
+ g_free (prompt);
+ g_free_key (key, key_length);
+ crypt_free (cd);
++ g_free (last_log_entry);
+ err:
+ return -1;
+ }
+@@ -383,11 +403,12 @@ luks_load_packet (struct libvk_volume *vol, const struct libvk_volume *packet,
+ if (packet->v.luks->key != NULL)
+ {
+ struct crypt_device *cd;
++ char *last_log_entry;
+ int r;
+
+ g_return_val_if_fail (vol->v.luks->key_bytes == packet->v.luks->key_bytes,
+ -1);
+- cd = open_crypt_device (vol->path, error);
++ cd = open_crypt_device (vol->path, &last_log_entry, error);
+ if (cd == NULL)
+ return -1;
+ r = crypt_volume_key_verify (cd, packet->v.luks->key,
+@@ -395,21 +416,25 @@ luks_load_packet (struct libvk_volume *vol, const struct libvk_volume *packet,
+ crypt_free (cd);
+ if (r < 0)
+ {
+- error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r);
++ error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r,
++ last_log_entry);
+ g_prefix_error (error, _("LUKS data encryption key in packet is "
+ "invalid: "));
++ g_free (last_log_entry);
+ return -1;
+ }
++ g_free (last_log_entry);
+ luks_replace_key (vol, packet->v.luks->key);
+ }
+ if (packet->v.luks->passphrase != NULL)
+ {
+ struct crypt_device *cd;
++ char *last_log_entry;
+ void *key;
+ size_t key_size;
+ int r;
+
+- cd = open_crypt_device (vol->path, error);
++ cd = open_crypt_device (vol->path, &last_log_entry, error);
+ if (cd == NULL)
+ return -1;
+ key_size = crypt_get_volume_key_size (cd);
+@@ -420,10 +445,13 @@ luks_load_packet (struct libvk_volume *vol, const struct libvk_volume *packet,
+ crypt_free (cd);
+ if (r < 0)
+ {
+- error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r);
++ error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r,
++ last_log_entry);
+ g_prefix_error (error, _("LUKS passphrase in packet is invalid: "));
++ g_free (last_log_entry);
+ return -1;
+ }
++ g_free (last_log_entry);
+ luks_replace_passphrase (vol, packet->v.luks->passphrase);
+ vol->v.luks->passphrase_slot = r;
+ if (packet->v.luks->key == NULL)
+@@ -446,7 +474,7 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet,
+ GError **error)
+ {
+ struct crypt_device *cd;
+- char *prompt, *prompt2, *error_prompt, *passphrase;
++ char *last_log_entry, *prompt, *prompt2, *error_prompt, *passphrase;
+ unsigned failed;
+ int res;
+
+@@ -498,7 +526,7 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet,
+ goto err_prompts;
+
+ got_passphrase:
+- cd = open_crypt_device (vol->path, error);
++ cd = open_crypt_device (vol->path, &last_log_entry, error);
+ if (cd == NULL)
+ goto err_passphrase;
+ res = crypt_keyslot_add_by_volume_key (cd, CRYPT_ANY_SLOT,
+@@ -508,10 +536,12 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet,
+ crypt_free (cd);
+ if (res < 0)
+ {
+- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res);
++ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res, last_log_entry);
+ g_prefix_error (error, _("Error adding a LUKS passphrase"));
++ g_free (last_log_entry);
+ goto err_passphrase;
+ }
++ g_free (last_log_entry);
+
+ g_return_val_if_fail (vol->v.luks->key_bytes == packet->v.luks->key_bytes,
+ -1);
+@@ -542,6 +572,7 @@ luks_add_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
+ const void *secret, size_t size, GError **error)
+ {
+ struct crypt_device *cd;
++ char *last_log_entry;
+ int res;
+
+ if (secret_type != LIBVK_SECRET_PASSPHRASE)
+@@ -562,7 +593,7 @@ luks_add_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
+ _("The passphrase must be a string"));
+ return -1;
}
- g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_FAILED,
- _("Too many attempts to get a valid passphrase"));
+- cd = open_crypt_device (vol->path, error);
++ cd = open_crypt_device (vol->path, &last_log_entry, error);
+ if (cd == NULL)
+ return -1;
+ res = crypt_keyslot_add_by_volume_key (cd, CRYPT_ANY_SLOT, vol->v.luks->key,
+@@ -570,10 +601,12 @@ luks_add_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
+ crypt_free (cd);
+ if (res < 0)
+ {
+- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res);
++ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res, last_log_entry);
+ g_prefix_error (error, _("Error adding a LUKS passphrase"));
++ g_free (last_log_entry);
+ return -1;
+ }
++ g_free (last_log_entry);
+
+ luks_replace_passphrase (vol, secret);
+ vol->v.luks->passphrase_slot = res;
+@@ -823,12 +856,13 @@ luks_open_with_packet (struct libvk_volume *vol,
+ GError **error)
+ {
+ struct crypt_device *cd;
++ char *last_log_entry;
+ void *to_free;
+ const void *key;
+ int r;
+ size_t key_size;
+
+- cd = open_crypt_device (vol->path, error);
++ cd = open_crypt_device (vol->path, &last_log_entry, error);
+ if (cd == NULL)
+ goto err;
+ if (packet->v.luks->key != NULL)
+@@ -846,7 +880,7 @@ luks_open_with_packet (struct libvk_volume *vol,
+ strlen (packet->v.luks->passphrase));
+ if (r < 0)
+ {
+- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r);
++ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r, last_log_entry);
+ g_prefix_error (error, _("Error getting LUKS data encryption key: "));
+ goto err_to_free;
+ }
+@@ -862,7 +896,7 @@ luks_open_with_packet (struct libvk_volume *vol,
+ r = crypt_activate_by_volume_key (cd, name, key, key_size, 0);
+ if (r < 0)
+ {
+- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r);
++ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r, last_log_entry);
+ g_prefix_error (error, _("Error opening LUKS volume: "));
+ goto err_to_free;
+ }
+@@ -870,6 +904,7 @@ luks_open_with_packet (struct libvk_volume *vol,
+ if (to_free != NULL)
+ g_free_key (to_free, key_size);
+ crypt_free (cd);
++ g_free (last_log_entry);
+ return 0;
+
+ err_to_free:
+@@ -877,6 +912,7 @@ luks_open_with_packet (struct libvk_volume *vol,
+ g_free_key (to_free, key_size);
+ err_cd:
+ crypt_free (cd);
++ g_free (last_log_entry);
+ err:
+ return -1;
+ }
+
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2017-11-07 16:12 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-11-07 16:12 [gentoo-commits] repo/gentoo:master commit in: dev-libs/volume_key/files/ Lars Wendler
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox