rpms
/
volume_key
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to volume_key-0.3.10 

- resolves #1479349, #1517016
This commit is contained in:
Jiri Kucera 2018-05-21 11:54:29 +02:00
parent 91b20b097b
commit 6d34f800c2
6 changed files with 16 additions and 406 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -6,3 +6,4 @@
/volume_key-0.3.7.tar.xz
/volume_key-0.3.8.tar.xz
/volume_key-0.3.9.tar.xz
/volume_key-0.3.10.tar.xz

2
sources
View File

@ -1 +1 @@
a2d14931177c660e1f3ebbcf5f47d8e2 volume_key-0.3.9.tar.xz
SHA512 (volume_key-0.3.10.tar.xz) = b050d333e021bc3721f5e72c1d2498adea3265afe7f702e1b1e859546755745ac70dcffc194739a4833d4b0b77168506f7fe90fde382d8aab4df2af7b635932b

25
volume_key-0.3.9-config.h.patch
View File

@ -1,25 +0,0 @@
The library's header file distributed in the devel package cannot include
the config.h file that is only available during build otherwise it's not
possible to use the library outside of the volume_key build process.
Signed-off-by: Vratislav Podzimek <vpodzime@redhat.com>
---
lib/libvolume_key.h | 2 --
1 file changed, 2 deletions(-)
diff --git a/lib/libvolume_key.h b/lib/libvolume_key.h
index 657b626..513f923 100644
--- a/lib/libvolume_key.h
+++ b/lib/libvolume_key.h
@@ -18,8 +18,6 @@ Author: Miloslav Trmač <mitr@redhat.com> */
#ifndef LIBVOLUME_KEY_H__
#define LIBVOLUME_KEY_H__
-#include <config.h>
-
#include <cert.h>
#include <glib.h>
--
2.1.0

333
volume_key-0.3.9-crypt_get_error.patch
View File

@ -1,333 +0,0 @@
From ecef526a51c5a276681472fd6df239570c9ce518 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= <mitr@redhat.com>
Date: Tue, 7 Nov 2017 16:54:26 +0100
Subject: [PATCH] Stop using crypt_get_error
Instead of crypt_get_error, which has been removed in cryptsetup 2.0,
set up a log callback, which is available in both older and newer
versions.
Fixes #13.
---
lib/volume_luks.c | 90 ++++++++++++++++++++++++++++++++++++++-----------------
1 file changed, 63 insertions(+), 27 deletions(-)
diff --git a/lib/volume_luks.c b/lib/volume_luks.c
index 14794d7..f4bf2c8 100644
--- a/lib/volume_luks.c
+++ b/lib/volume_luks.c
@@ -61,17 +61,13 @@ my_strerror (int err_no)
}
/* Set ERROR based on libcryptsetup error state after returning RES.
- Use CODE. */
+ Use CODE and LAST_LOG_ENTRY. */
static void
-error_from_cryptsetup (GError **error, LIBVKError code, int res)
+error_from_cryptsetup (GError **error, LIBVKError code, int res,
+ char *last_log_entry)
{
- /* It's not possible to get the error message length from libcryptsetup, just
- guess. */
- char crypt_msg[4096];
-
- crypt_get_error (crypt_msg, sizeof (crypt_msg));
- if (crypt_msg[0] != '\0')
- g_set_error (error, LIBVK_ERROR, code, "%s", crypt_msg);
+ if (last_log_entry != NULL && last_log_entry[0] != '\0')
+ g_set_error (error, LIBVK_ERROR, code, "%s", last_log_entry);
else
{
char *s;
@@ -82,17 +78,33 @@ error_from_cryptsetup (GError **error, LIBVKError code, int res)
}
}
+static void
+record_cryptsetup_log_entry (int level, const char *msg, void *usrptr)
+{
+ char **last_log_entry = usrptr;
+
+ if (level == CRYPT_LOG_ERROR)
+ {
+ g_free (*last_log_entry);
+ *last_log_entry = g_strdup (msg);
+ }
+}
+
/* Open volume PATH and load its header.
+ Set up *LAST_LOG_ENTRY to be updated to the last logged message for the
+ device. The caller must g_free(*LAST_LOG_ENTRY) after closing the device.
Return the volume, or NULL on error. */
static struct crypt_device *
-open_crypt_device (const char *path, GError **error)
+open_crypt_device (const char *path, char **last_log_entry, GError **error)
{
struct crypt_device *cd;
int r;
+ *last_log_entry = NULL;
r = crypt_init (&cd, path);
if (r < 0)
goto err;
+ crypt_set_log_callback(cd, record_cryptsetup_log_entry, last_log_entry);
r = crypt_load (cd, CRYPT_LUKS1, NULL);
if (r < 0)
goto err_cd;
@@ -101,9 +113,12 @@ open_crypt_device (const char *path, GError **error)
err_cd:
crypt_free (cd);
err:
- error_from_cryptsetup (error, LIBVK_ERROR_VOLUME_UNKNOWN_FORMAT, r);
+ error_from_cryptsetup (error, LIBVK_ERROR_VOLUME_UNKNOWN_FORMAT, r,
+ *last_log_entry);
g_prefix_error (error, _("Error getting information about volume `%s': "),
path);
+ g_free (*last_log_entry);
+ *last_log_entry = NULL;
return NULL;
}
@@ -173,10 +188,11 @@ luks_volume_open (struct libvk_volume *vol, const char *path, GError **error)
{
struct luks_volume *luks;
struct crypt_device *cd;
+ char *last_log_entry;
const char *uuid;
(void)vol;
- cd = open_crypt_device (path, error);
+ cd = open_crypt_device (path, &last_log_entry, error);
if (cd == NULL)
return NULL;
/* A bit of paranoia */
@@ -187,6 +203,7 @@ luks_volume_open (struct libvk_volume *vol, const char *path, GError **error)
_("UUID mismatch between libblkid and libcryptsetup: `%s' "
"vs. `%s'"), vol->uuid, uuid);
crypt_free (cd);
+ g_free (last_log_entry);
return NULL;
}
@@ -195,6 +212,7 @@ luks_volume_open (struct libvk_volume *vol, const char *path, GError **error)
luks->cipher_mode = g_strdup (crypt_get_cipher_mode (cd));
luks->key_bytes = crypt_get_volume_key_size (cd);
crypt_free (cd);
+ g_free (last_log_entry);
luks->key = NULL;
luks->passphrase = NULL;
@@ -256,7 +274,7 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
const struct libvk_ui *ui, GError **error)
{
struct crypt_device *cd;
- char *passphrase;
+ char *last_log_entry, *passphrase;
void *key;
size_t key_length;
int slot;
@@ -276,7 +294,7 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
_("Encryption information type unsupported in LUKS"));
goto err;
}
- cd = open_crypt_device (vol->path, error);
+ cd = open_crypt_device (vol->path, &last_log_entry, error);
if (cd == NULL)
goto err;
key_length = crypt_get_volume_key_size (cd);
@@ -303,7 +321,7 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
g_free_passphrase (passphrase);
if (r != -EPERM)
{
- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r);
+ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r, last_log_entry);
g_prefix_error (error, _("Error getting LUKS data encryption key: "));
goto err_prompt;
}
@@ -322,12 +340,14 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
vol->v.luks->passphrase_slot = slot;
g_free (prompt);
crypt_free (cd);
+ g_free (last_log_entry);
return 0;
err_prompt:
g_free (prompt);
g_free_key (key, key_length);
crypt_free (cd);
+ g_free (last_log_entry);
err:
return -1;
}
@@ -383,11 +403,12 @@ luks_load_packet (struct libvk_volume *vol, const struct libvk_volume *packet,
if (packet->v.luks->key != NULL)
{
struct crypt_device *cd;
+ char *last_log_entry;
int r;
g_return_val_if_fail (vol->v.luks->key_bytes == packet->v.luks->key_bytes,
-1);
- cd = open_crypt_device (vol->path, error);
+ cd = open_crypt_device (vol->path, &last_log_entry, error);
if (cd == NULL)
return -1;
r = crypt_volume_key_verify (cd, packet->v.luks->key,
@@ -395,21 +416,25 @@ luks_load_packet (struct libvk_volume *vol, const struct libvk_volume *packet,
crypt_free (cd);
if (r < 0)
{
- error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r);
+ error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r,
+ last_log_entry);
g_prefix_error (error, _("LUKS data encryption key in packet is "
"invalid: "));
+ g_free (last_log_entry);
return -1;
}
+ g_free (last_log_entry);
luks_replace_key (vol, packet->v.luks->key);
}
if (packet->v.luks->passphrase != NULL)
{
struct crypt_device *cd;
+ char *last_log_entry;
void *key;
size_t key_size;
int r;
- cd = open_crypt_device (vol->path, error);
+ cd = open_crypt_device (vol->path, &last_log_entry, error);
if (cd == NULL)
return -1;
key_size = crypt_get_volume_key_size (cd);
@@ -420,10 +445,13 @@ luks_load_packet (struct libvk_volume *vol, const struct libvk_volume *packet,
crypt_free (cd);
if (r < 0)
{
- error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r);
+ error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r,
+ last_log_entry);
g_prefix_error (error, _("LUKS passphrase in packet is invalid: "));
+ g_free (last_log_entry);
return -1;
}
+ g_free (last_log_entry);
luks_replace_passphrase (vol, packet->v.luks->passphrase);
vol->v.luks->passphrase_slot = r;
if (packet->v.luks->key == NULL)
@@ -446,7 +474,7 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet,
GError **error)
{
struct crypt_device *cd;
- char *prompt, *prompt2, *error_prompt, *passphrase;
+ char *last_log_entry, *prompt, *prompt2, *error_prompt, *passphrase;
unsigned failed;
int res;
@@ -498,7 +526,7 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet,
goto err_prompts;
got_passphrase:
- cd = open_crypt_device (vol->path, error);
+ cd = open_crypt_device (vol->path, &last_log_entry, error);
if (cd == NULL)
goto err_passphrase;
res = crypt_keyslot_add_by_volume_key (cd, CRYPT_ANY_SLOT,
@@ -508,10 +536,12 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet,
crypt_free (cd);
if (res < 0)
{
- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res);
+ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res, last_log_entry);
g_prefix_error (error, _("Error adding a LUKS passphrase"));
+ g_free (last_log_entry);
goto err_passphrase;
}
+ g_free (last_log_entry);
g_return_val_if_fail (vol->v.luks->key_bytes == packet->v.luks->key_bytes,
-1);
@@ -542,6 +572,7 @@ luks_add_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
const void *secret, size_t size, GError **error)
{
struct crypt_device *cd;
+ char *last_log_entry;
int res;
if (secret_type != LIBVK_SECRET_PASSPHRASE)
@@ -562,7 +593,7 @@ luks_add_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
_("The passphrase must be a string"));
return -1;
}
- cd = open_crypt_device (vol->path, error);
+ cd = open_crypt_device (vol->path, &last_log_entry, error);
if (cd == NULL)
return -1;
res = crypt_keyslot_add_by_volume_key (cd, CRYPT_ANY_SLOT, vol->v.luks->key,
@@ -570,10 +601,12 @@ luks_add_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
crypt_free (cd);
if (res < 0)
{
- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res);
+ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res, last_log_entry);
g_prefix_error (error, _("Error adding a LUKS passphrase"));
+ g_free (last_log_entry);
return -1;
}
+ g_free (last_log_entry);
luks_replace_passphrase (vol, secret);
vol->v.luks->passphrase_slot = res;
@@ -823,12 +856,13 @@ luks_open_with_packet (struct libvk_volume *vol,
GError **error)
{
struct crypt_device *cd;
+ char *last_log_entry;
void *to_free;
const void *key;
int r;
size_t key_size;
- cd = open_crypt_device (vol->path, error);
+ cd = open_crypt_device (vol->path, &last_log_entry, error);
if (cd == NULL)
goto err;
if (packet->v.luks->key != NULL)
@@ -846,7 +880,7 @@ luks_open_with_packet (struct libvk_volume *vol,
strlen (packet->v.luks->passphrase));
if (r < 0)
{
- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r);
+ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r, last_log_entry);
g_prefix_error (error, _("Error getting LUKS data encryption key: "));
goto err_to_free;
}
@@ -862,7 +896,7 @@ luks_open_with_packet (struct libvk_volume *vol,
r = crypt_activate_by_volume_key (cd, name, key, key_size, 0);
if (r < 0)
{
- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r);
+ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r, last_log_entry);
g_prefix_error (error, _("Error opening LUKS volume: "));
goto err_to_free;
}
@@ -870,6 +904,7 @@ luks_open_with_packet (struct libvk_volume *vol,
if (to_free != NULL)
g_free_key (to_free, key_size);
crypt_free (cd);
+ g_free (last_log_entry);
return 0;
err_to_free:
@@ -877,6 +912,7 @@ luks_open_with_packet (struct libvk_volume *vol,
g_free_key (to_free, key_size);
err_cd:
crypt_free (cd);
+ g_free (last_log_entry);
err:
return -1;
}
--
2.13.6

33
volume_key-0.3.9-fips-crash.patch
View File

@ -1,33 +0,0 @@
This case can be triggered by encrypting in FIPS mode, where the default
algorithm is unsupported and gpg crashes in response.
diff --git a/lib/crypto.c b/lib/crypto.c
index 06eb482..905d583 100644
--- a/lib/crypto.c
+++ b/lib/crypto.c
@@ -709,6 +709,12 @@ encrypt_with_passphrase (size_t *res_size, const void *data, size_t size,
}
gpgme_data_release (src_data);
gpgme_res = gpgme_data_release_and_get_mem (dest_data, res_size);
+ if (gpgme_res == NULL)
+ {
+ g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_CRYPTO,
+ _("Unknown error getting encryption result"));
+ goto err_ctx;
+ }
res = g_memdup (gpgme_res, *res_size);
gpgme_free (gpgme_res);
@@ -759,6 +765,12 @@ decrypt_with_passphrase (size_t *res_size, const void *data, size_t size,
}
gpgme_data_release (src_data);
gpgme_res = gpgme_data_release_and_get_mem (dest_data, res_size);
+ if (gpgme_res == NULL)
+ {
+ g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_CRYPTO,
+ _("Unknown error getting decryption result"));
+ goto err_ctx;
+ }
res = g_memdup (gpgme_res, *res_size);
gpgme_free (gpgme_res);

28
volume_key.spec
View File

@ -2,22 +2,19 @@
Summary: An utility for manipulating storage encryption keys and passphrases
Name: volume_key
Version: 0.3.9
Release: 20%{?dist}
Version: 0.3.10
Release: 1%{?dist}
License: GPLv2
Group: Applications/System
URL: https://pagure.io/volume_key/
Requires: volume_key-libs%{?_isa} = %{version}-%{release}
Source0: https://releases.pagure.org/volume_key/volume_key-%{version}.tar.xz
# Upstream commit 04991fe8c4f77c4e5c7874c2db8ca32fb4655f6e
Patch1: volume_key-0.3.9-fips-crash.patch
# Upstream commit 8f8698aba19b501f01285e9eec5c18231fc6bcea
Patch2: volume_key-0.3.9-config.h.patch
# Upstream commit ecef526a51c5a276681472fd6df239570c9ce518
Patch3: volume_key-0.3.9-crypt_get_error.patch
BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg
BuildRequires: gcc
BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg2
BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python2-devel
# Needed by %%check:
BuildRequires: nss-tools
%description
This package provides a command-line tool for manipulating storage volume
@ -47,7 +44,7 @@ company data after an employee leaves abruptly.
%package libs
Summary: A library for manipulating storage encryption keys and passphrases
Group: System Environment/Libraries
Requires: /usr/bin/gpg
Requires: /usr/bin/gpg2
%description libs
This package provides libvolume_key, a library for manipulating storage volume
@ -82,10 +79,6 @@ for other formats is possible, some formats are planned for future releases.
%prep
%setup -q
%patch1 -p1 -b .fips-crash
%patch2 -p1 -b .config.h
%patch3 -p1 -b .crypt_get_error
%build
%configure
make %{?_smp_mflags}
@ -93,6 +86,9 @@ make %{?_smp_mflags}
%install
make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
%check
make check
%find_lang volume_key
%ldconfig_scriptlets libs
@ -121,6 +117,10 @@ make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
%{python_sitearch}/volume_key.py*
%changelog
* Wed May 16 2018 Jiri Kucera <jkucera@redhat.com> - 0.3.10-1
- Update to volume_key-0.3.10
Resolves: #1479349, #1517016
* Wed Feb 14 2018 Iryna Shcherbina <ishcherb@redhat.com> - 0.3.9-20
- Update Python 2 dependency declarations to new packaging standards
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)