shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-18 10:04:04 +03:00
Code

repart: Use crypt_reencrypt_run() if available

Browse Source 
crypt_reencrypt() is deprecated, so let's look for and prefer
crypt_reencrypt_run() if it is available.
This commit is contained in:
Daan De Meyer 2024-06-02 16:24:52 +02:00 committed by Yu Watanabe
parent 364c948707
commit b99b294127
4 changed files with 17 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
meson.build
View File

@ -1262,6 +1262,7 @@ foreach ident : ['crypt_set_metadata_size',
'crypt_token_max', 'crypt_token_max',
'crypt_reencrypt_init_by_passphrase', 'crypt_reencrypt_init_by_passphrase',
'crypt_reencrypt', 'crypt_reencrypt',
'crypt_reencrypt_run',
'crypt_set_data_offset', 'crypt_set_data_offset',
'crypt_set_keyring_to_link', 'crypt_set_keyring_to_link',
'crypt_resume_by_volume_key'] 'crypt_resume_by_volume_key']

6
src/partition/repart.c
View File

@ -3913,7 +3913,7 @@ static int partition_target_sync(Context *context, Partition *p, PartitionTarget
} }
static int partition_encrypt(Context *context, Partition *p, PartitionTarget *target, bool offline) { static int partition_encrypt(Context *context, Partition *p, PartitionTarget *target, bool offline) {
#if HAVE_LIBCRYPTSETUP && HAVE_CRYPT_SET_DATA_OFFSET && HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE && HAVE_CRYPT_REENCRYPT #if HAVE_LIBCRYPTSETUP && HAVE_CRYPT_SET_DATA_OFFSET && HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE && (HAVE_CRYPT_REENCRYPT_RUN || HAVE_CRYPT_REENCRYPT)
const char *node = partition_target_path(target); const char *node = partition_target_path(target);
struct crypt_params_luks2 luks_params = { struct crypt_params_luks2 luks_params = {
.label = strempty(ASSERT_PTR(p)->new_label), .label = strempty(ASSERT_PTR(p)->new_label),
@ -4220,7 +4220,11 @@ static int partition_encrypt(Context *context, Partition *p, PartitionTarget *ta
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to load reencryption context: %m"); return log_error_errno(r, "Failed to load reencryption context: %m");
#if HAVE_CRYPT_REENCRYPT_RUN
r = sym_crypt_reencrypt_run(cd, NULL, NULL);
#else
r = sym_crypt_reencrypt(cd, NULL); r = sym_crypt_reencrypt(cd, NULL);
#endif
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to encrypt %s: %m", node); return log_error_errno(r, "Failed to encrypt %s: %m", node);
} else { } else {

19
src/shared/cryptsetup-util.c
View File

@ -54,10 +54,10 @@ DLSYM_FUNCTION(crypt_volume_key_get);
#if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE #if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE
DLSYM_FUNCTION(crypt_reencrypt_init_by_passphrase); DLSYM_FUNCTION(crypt_reencrypt_init_by_passphrase);
#endif #endif
#if HAVE_CRYPT_REENCRYPT #if HAVE_CRYPT_REENCRYPT_RUN
DISABLE_WARNING_DEPRECATED_DECLARATIONS; DLSYM_FUNCTION(crypt_reencrypt_run);
#elif HAVE_CRYPT_REENCRYPT
DLSYM_FUNCTION(crypt_reencrypt); DLSYM_FUNCTION(crypt_reencrypt);
REENABLE_WARNING;
#endif #endif
DLSYM_FUNCTION(crypt_metadata_locking); DLSYM_FUNCTION(crypt_metadata_locking);
#if HAVE_CRYPT_SET_DATA_OFFSET #if HAVE_CRYPT_SET_DATA_OFFSET
@ -246,11 +246,8 @@ int dlopen_cryptsetup(void) {
/* libcryptsetup added crypt_reencrypt() in 2.2.0, and marked it obsolete in 2.4.0, replacing it with /* libcryptsetup added crypt_reencrypt() in 2.2.0, and marked it obsolete in 2.4.0, replacing it with
* crypt_reencrypt_run(), which takes one extra argument but is otherwise identical. The old call is * crypt_reencrypt_run(), which takes one extra argument but is otherwise identical. The old call is
* still available though, and given we want to support 2.2.0 for a while longer, we'll stick to the * still available though, and given we want to support 2.2.0 for a while longer, we'll use the old
* old symbol. However, the old symbols now has a GCC deprecation decorator, hence let's turn off * symbol if the new one is not available. */
* warnings about this for now. */
DISABLE_WARNING_DEPRECATED_DECLARATIONS;
ELF_NOTE_DLOPEN("cryptsetup", ELF_NOTE_DLOPEN("cryptsetup",
"Support for disk encryption, integrity, and authentication", "Support for disk encryption, integrity, and authentication",
@ -304,7 +301,9 @@ int dlopen_cryptsetup(void) {
#if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE #if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE
DLSYM_ARG(crypt_reencrypt_init_by_passphrase), DLSYM_ARG(crypt_reencrypt_init_by_passphrase),
#endif #endif
#if HAVE_CRYPT_REENCRYPT #if HAVE_CRYPT_REENCRYPT_RUN
DLSYM_ARG(crypt_reencrypt_run),
#elif HAVE_CRYPT_REENCRYPT
DLSYM_ARG(crypt_reencrypt), DLSYM_ARG(crypt_reencrypt),
#endif #endif
DLSYM_ARG(crypt_metadata_locking), DLSYM_ARG(crypt_metadata_locking),
@ -316,8 +315,6 @@ int dlopen_cryptsetup(void) {
if (r <= 0) if (r <= 0)
return r; return r;
REENABLE_WARNING;
/* Redirect the default logging calls of libcryptsetup to our own logging infra. (Note that /* Redirect the default logging calls of libcryptsetup to our own logging infra. (Note that
* libcryptsetup also maintains per-"struct crypt_device" log functions, which we'll also set * libcryptsetup also maintains per-"struct crypt_device" log functions, which we'll also set
* whenever allocating a "struct crypt_device" context. Why set both? To be defensive: maybe some * whenever allocating a "struct crypt_device" context. Why set both? To be defensive: maybe some

6
src/shared/cryptsetup-util.h
View File

@ -70,10 +70,10 @@ DLSYM_PROTOTYPE(crypt_volume_key_get);
#if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE #if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE
DLSYM_PROTOTYPE(crypt_reencrypt_init_by_passphrase); DLSYM_PROTOTYPE(crypt_reencrypt_init_by_passphrase);
#endif #endif
#if HAVE_CRYPT_REENCRYPT #if HAVE_CRYPT_REENCRYPT_RUN
DISABLE_WARNING_DEPRECATED_DECLARATIONS; DLSYM_PROTOTYPE(crypt_reencrypt_run);
#elif HAVE_CRYPT_REENCRYPT
DLSYM_PROTOTYPE(crypt_reencrypt); DLSYM_PROTOTYPE(crypt_reencrypt);
REENABLE_WARNING;
#endif #endif
DLSYM_PROTOTYPE(crypt_metadata_locking); DLSYM_PROTOTYPE(crypt_metadata_locking);
#if HAVE_CRYPT_SET_DATA_OFFSET #if HAVE_CRYPT_SET_DATA_OFFSET