diff --git a/SOURCES/luks-fix-handling-of-devices-in-clevis-luks-askpass-.patch b/SOURCES/luks-fix-handling-of-devices-in-clevis-luks-askpass-.patch new file mode 100644 index 0000000..4aa7f68 --- /dev/null +++ b/SOURCES/luks-fix-handling-of-devices-in-clevis-luks-askpass-.patch @@ -0,0 +1,61 @@ +From 1f9e0d9533e970a79bb9a525b5e407bf80f6fc5b Mon Sep 17 00:00:00 2001 +From: Sergio Correia +Date: Mon, 6 Jul 2020 08:53:58 -0300 +Subject: [PATCH] luks: fix handling of devices in clevis-luks-askpass to + handle + +--- + src/luks/systemd/clevis-luks-askpass | 23 ++++++++++++++++++++--- + 1 file changed, 20 insertions(+), 3 deletions(-) + +diff --git a/src/luks/systemd/clevis-luks-askpass b/src/luks/systemd/clevis-luks-askpass +index feebb1a..5719ab6 100755 +--- a/src/luks/systemd/clevis-luks-askpass ++++ b/src/luks/systemd/clevis-luks-askpass +@@ -23,6 +23,12 @@ UUID=cb6e8904-81ff-40da-a84a-07ab9ab5715e + + shopt -s nullglob + ++clevis_is_luks_device_by_uuid_open() { ++ local LUKS_UUID="${1}" ++ [ -z "${LUKS_UUID}" ] && return 1 ++ test -b /dev/disk/by-id/dm-uuid-*"${LUKS_UUID//-/}"* ++} ++ + path=/run/systemd/ask-password + while getopts ":lpu:" o; do + case "$o" in +@@ -49,9 +55,13 @@ while true; do + esac + done < "$question" + +- [ -z "$d" -o -z "$s" ] && continue +- [[ -n "${device_uuid}" ]] && [[ "${d}" != *"${device_uuid}"* ]] \ +- && continue ++ [ -b "${d}" ] || continue ++ [ -S "${s}" ] || continue ++ ++ if [ -n "${device_uuid}" ]; then ++ uuid="$(cryptsetup luksUUID "${d}")" ++ [ "${uuid}" != "${device_uuid}" ] && todo=1 && continue ++ fi + + if cryptsetup isLuks --type luks1 "$d"; then + # If the device is not initialized, sliently skip it. +@@ -89,6 +99,13 @@ while true; do + todo=$((todo + 1)) + done + ++ if [ -n "${device_uuid}" ]; then ++ [ ! -b /dev/disk/by-uuid/"${device_uuid}" ] && break ++ if clevis_is_luks_device_by_uuid_open "${device_uuid}"; then ++ break ++ fi ++ fi ++ + if [ $todo -eq 0 ] || [ "$loop" != "true" ]; then + break; + fi +-- +2.18.4 + diff --git a/SPECS/clevis.spec b/SPECS/clevis.spec index 02a259b..8e0cab4 100644 --- a/SPECS/clevis.spec +++ b/SPECS/clevis.spec @@ -2,7 +2,7 @@ Name: clevis Version: 11 -Release: 9%{?dist} +Release: 9%{?dist}.1 Summary: Automated decryption framework License: GPLv3+ @@ -22,6 +22,7 @@ Patch10: Add-rd.neednet-1-to-cmdline-only-if-there-are-device.patch Patch11: Improve-tests-speed.patch Patch12: Use-one-clevis-luks-askpass-per-device.patch Patch13: Improve-clevis-luks-regen-no-unbind-in-every-case.patch +Patch14: luks-fix-handling-of-devices-in-clevis-luks-askpass-.patch BuildRequires: gcc BuildRequires: meson @@ -196,6 +197,10 @@ exit 0 %attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2 %changelog +* Mon Jul 06 2020 Sergio Correia - 11-9.1 +- Fix handling of device names in clevis-luks-askpass + Resolves: rhbz#1849593 + * Wed Feb 02 2020 Sergio Correia - 11-9 - Improve clevis luks regen not to unbind+bind in every case Resolves: rhbz#1795675