Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge branch 'SLE-15-GA' into merge-sle-15
* SLE-15-GA:
  Use exists_in_probed? instead of the raw version
  Bump version and update changes file
  Use default_btrfs_subvolume to find out the prefix on new filesystems
  Several improvements
  Update version and changelog
  Update dependency
  Add method to use crypttab names
  Add class to manage crypttab files
  • Loading branch information
imobachgs committed Jun 11, 2018
2 parents 428c07f + ac4991f commit 34df663
Show file tree
Hide file tree
Showing 14 changed files with 514 additions and 20 deletions.
14 changes: 14 additions & 0 deletions package/yast2-storage-ng.changes
@@ -1,3 +1,17 @@
-------------------------------------------------------------------
Mon Jun 11 13:26:54 UTC 2018 - igonzalezsosa@suse.com

- AutoYaST: fix handling of empty Btrfs subvolume prefixes
(bsc#1096240).
- 4.1.188

-------------------------------------------------------------------
Thu Jun 7 16:13:18 UTC 2018 - jlopez@suse.com

- Added method to update encryption names according to a crypttab
file (needed for bsc#1094963).
- 4.0.187

-------------------------------------------------------------------
Tue Jun 5 13:39:26 UTC 2018 - jlopez@suse.com

Expand Down
10 changes: 5 additions & 5 deletions package/yast2-storage-ng.spec
Expand Up @@ -16,7 +16,7 @@
#

Name: yast2-storage-ng
Version: 4.0.186
Version: 4.0.188
Release: 0

BuildRoot: %{_tmppath}/%{name}-%{version}-build
Expand All @@ -26,16 +26,16 @@ Source: %{name}-%{version}.tar.bz2
Requires: yast2 >= 4.0.73
# for AbortException and handle direct abort
Requires: yast2-ruby-bindings >= 4.0.6
# function light_probe
Requires: libstorage-ng-ruby >= 3.3.254
# Update device name by setting BlkDevice#dm_table_name
Requires: libstorage-ng-ruby >= 3.3.305
# communicate with udisks
Requires: rubygem(ruby-dbus)
# Y2Packager::Repository
Requires: yast2-packager >= 3.3.7

BuildRequires: update-desktop-files
# function light_probe
BuildRequires: libstorage-ng-ruby >= 3.3.254
# Update device name by setting BlkDevice#dm_table_name
BuildRequires: libstorage-ng-ruby >= 3.3.305
BuildRequires: yast2-ruby-bindings
BuildRequires: yast2-devtools
# yast2-xml dependency is added by yast2 but ignored in the
Expand Down
2 changes: 2 additions & 0 deletions src/lib/y2storage.rb
Expand Up @@ -78,3 +78,5 @@
require "y2storage/devicegraph_sanitizer"
require "y2storage/fstab"
require "y2storage/simple_etc_fstab_entry"
require "y2storage/crypttab"
require "y2storage/simple_etc_crypttab_entry"
61 changes: 61 additions & 0 deletions src/lib/y2storage/crypttab.rb
@@ -0,0 +1,61 @@
# encoding: utf-8

# Copyright (c) [2018] SUSE LLC
#
# All Rights Reserved.
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of version 2 of the GNU General Public License as published
# by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
# more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, contact SUSE LLC.
#
# To contact SUSE LLC about this file by physical or electronic mail, you may
# find current contact information at www.suse.com.

require "yast"
require "storage"
require "y2storage/simple_etc_crypttab_entry"

module Y2Storage
# Class to represent a crypttab file
class Crypttab
include Yast::Logger

CRYPTTAB_PATH = "/etc/crypttab"
private_constant :CRYPTTAB_PATH

# @return [Array<SimpleEtcCrypttabEntry>]
attr_reader :entries

# Constructor
#
# @param path [String] path to crypttab file
def initialize(path = CRYPTTAB_PATH)
@path = path
@entries = read_entries
end

private

# @return [String] crypttab file path
attr_reader :path

# Reads a crypttab file and returns its entries
#
# @return [Array<SimpleEtcCrypttabEntry>]
def read_entries
entries = Storage.read_simple_etc_crypttab(path)
entries.map { |e| SimpleEtcCrypttabEntry.new(e) }
rescue Storage::Exception
log.error("Not possible to read the crypttab file: #{path}")
[]
end
end
end
68 changes: 53 additions & 15 deletions src/lib/y2storage/encryption.rb
Expand Up @@ -21,6 +21,7 @@

require "y2storage/storage_class_wrapper"
require "y2storage/blk_device"
require "y2storage/crypttab"

module Y2Storage
# An encryption layer on a block device
Expand Down Expand Up @@ -53,26 +54,63 @@ class Encryption < BlkDevice
storage_forward :storage_in_etc_crypttab=, to: :in_etc_crypttab=
private :storage_in_etc_crypttab=

class << self
# DeviceMapper name to use for the encrypted version of the given device.
#
# FIXME: with the current implementation (using the device kernel name
# instead of UUID or something similar), the DeviceMapper for an encrypted
# /dev/sda5 would be "cr_sda5", which implies a quite high risk of
# collision with existing DeviceMapper names.
#
# Revisit this after improving libstorage-ng capabilities about
# alternative names and DeviceMapper.
#
# @return [String]
def dm_name_for(device)
"cr_#{device.basename}"
end

# Updates encryption names according to the values indicated in a crypttab file
#
# For each entry in the crypttab file, it finds the corresponding device and updates
# its encryption name with the value indicated in its crypttab entry. The device is
# not modified at all if it is not encrypted.
#
# @param devicegraph [Devicegraph]
# @param crypttab_path [String] path to a crypttab file
def use_crypttab_names(devicegraph, crypttab_path)
crypttab = Crypttab.new(crypttab_path)

assign_crypttab_names(devicegraph, crypttab)
end

private

# Sets the crypttab names according to the values indicated in a crypttab file
#
# @param devicegraph [Devicegraph]
# @param crypttab [Crypttab]
def assign_crypttab_names(devicegraph, crypttab)
crypttab.entries.each { |e| assign_crypttab_name(devicegraph, e) }
end

# Sets the crypttab name according to the value indicated in a crypttab entry
#
# @param devicegraph [Devicegraph]
# @param entry [SimpleEtcCrypttabEntry]
def assign_crypttab_name(devicegraph, entry)
device = entry.find_device(devicegraph)
return unless device && device.encrypted?

device.encryption.dm_table_name = entry.name
end
end

# @see BlkDevice#plain_device
def plain_device
blk_device
end

# DeviceMapper name to use for the encrypted version of the given device.
#
# FIXME: with the current implementation (using the device kernel name
# instead of UUID or something similar), the DeviceMapper for an encrypted
# /dev/sda5 would be "cr_sda5", which implies a quite high risk of
# collision with existing DeviceMapper names.
#
# Revisit this after improving libstorage-ng capabilities about
# alternative names and DeviceMapper.
#
# @return [String]
def self.dm_name_for(device)
"cr_#{device.basename}"
end

# @see Device#in_etc?
# @see #in_etc_crypttab?
def in_etc?
Expand Down
4 changes: 4 additions & 0 deletions src/lib/y2storage/filesystems/btrfs.rb
Expand Up @@ -360,8 +360,12 @@ def restore_unshadowed_subvolumes(devicegraph)
# it lives under the #top_level_btrfs_subvolume. Otherwise, an empty
# string will be taken as the default subvolume name.
#
# If the filesystem does not exists yet, consider the default Btrfs subvolume
# (#default_btrfs_subvolume) path as the prefix.
#
# @return [String] Default subvolume name
def subvolumes_prefix
return default_btrfs_subvolume.path unless exists_in_probed?
children = top_level_btrfs_subvolume.children.reject { |s| snapper_path?(s.path) }
children.size == 1 ? children.first.path : ""
end
Expand Down
64 changes: 64 additions & 0 deletions src/lib/y2storage/simple_etc_crypttab_entry.rb
@@ -0,0 +1,64 @@
# encoding: utf-8

# Copyright (c) [2018] SUSE LLC
#
# All Rights Reserved.
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of version 2 of the GNU General Public License as published
# by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
# more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, contact SUSE LLC.
#
# To contact SUSE LLC about this file by physical or electronic mail, you may
# find current contact information at www.suse.com.

require "y2storage/storage_class_wrapper"

module Y2Storage
# Information about one entry in crypttab
#
# This is a wrapper for Storage::SimpleEtcCrypttabEntry
class SimpleEtcCrypttabEntry
include StorageClassWrapper
wrap_class Storage::SimpleEtcCrypttabEntry

# @!method name
# @return [String] name of the resulting encrypted block device
storage_forward :name

# @!method device
# @return [String] path to the underlying block device or a
# specification of a block device via "UUID="
storage_forward :device

# @!method password
# @return [String]
storage_forward :password

# @!method crypt_options
# @return [Array<String>]
storage_forward :crypt_options

# Plain device for the crypttab entry
#
# @note It always returns the underlying block device, even when the encryption
# device is indicated by its UUID.
#
# TODO: Right now the device only is found when it is indicated by any udev
# name, see {Devicegraph#find_by_any_name), but it is not possible to find
# it when the crypttab entry contains an UUID (or label).
#
# @param devicegraph [Devicegraph]
# @return [BlkDevice, nil] nil if the device is not found
def find_device(devicegraph)
devicegraph.find_by_any_name(device)
end
end
end
3 changes: 3 additions & 0 deletions test/data/crypttab
@@ -0,0 +1,3 @@
luks1 /dev/sda1 passw1 option1,option2=2
luks2 /dev/sda2 passw2
luks3 /dev/sda3 passw3
47 changes: 47 additions & 0 deletions test/data/devicegraphs/gpt_encryption.yml
@@ -0,0 +1,47 @@
---
- disk:
size: 800.00 GiB
name: "/dev/sda"
partition_table: gpt
partitions:

- partition:
size: 755707 MiB
name: /dev/sda1
id: windows_basic_data
file_system: ntfs
label: windows

- partition:
size: 5 MiB
name: "/dev/sda3"
id: bios_boot

- partition:
size: 40 GiB
name: "/dev/sda4"
id: linux
file_system: btrfs
mount_point: "/"
encryption:
type: luks
name: "/dev/mapper/cr_sda4"
password: '12345678'

- partition:
size: 2 GiB
name: "/dev/sda5"
id: swap
file_system: swap
mount_point: swap
encryption:
type: luks
name: "/dev/mapper/cr_sda5"
password: '12345678'

- partition:
size: unlimited
name: "/dev/sda2"
id: windows_basic_data
file_system: vfat
label: recovery
10 changes: 10 additions & 0 deletions test/support/storage_helpers.rb
Expand Up @@ -171,6 +171,16 @@ def fstab_entry(*values)

Y2Storage::SimpleEtcFstabEntry.new(storage_entry)
end

def crypttab_entry(*values)
storage_entry = instance_double(Storage::SimpleEtcCrypttabEntry,
name: values[0],
device: values[1],
password: values[2],
crypt_options: values[3])

Y2Storage::SimpleEtcCrypttabEntry.new(storage_entry)
end
end
# rubocop:enable all
end
Expand Down

0 comments on commit 34df663

Please sign in to comment.