diff --git a/SOURCES/cryptsetup-1.7.6-crypt_deactivate-fail-earlier-when-holders-detected.patch b/SOURCES/cryptsetup-1.7.6-crypt_deactivate-fail-earlier-when-holders-detected.patch new file mode 100644 index 0000000..df91689 --- /dev/null +++ b/SOURCES/cryptsetup-1.7.6-crypt_deactivate-fail-earlier-when-holders-detected.patch @@ -0,0 +1,150 @@ +From 2e4aaa1adad2d0838593b13efbf5efe79f58255c Mon Sep 17 00:00:00 2001 +From: Ondrej Kozina +Date: Mon, 16 Oct 2017 16:41:43 +0200 +Subject: [PATCH] crypt_deactivate: fail earlier when holders detected + +crypt_deactivate fails earlier without noisy dm retries +when other device holders detected. The early detection +works if: + +a) other device-mapper device has a hold reference on the + device + +- or - + +b) mounted fs is detected on the device + +diff -rupN cryptsetup-1.7.4.old/config.h.in cryptsetup-1.7.4/config.h.in +--- cryptsetup-1.7.4.old/config.h.in 2017-03-15 10:43:26.000000000 +0100 ++++ cryptsetup-1.7.4/config.h.in 2017-10-19 09:37:17.000000000 +0200 +@@ -97,6 +97,14 @@ + */ + #undef HAVE_DCGETTEXT + ++/* Define to 1 if you have the declaration of `dm_device_has_holders', and to ++ 0 if you don't. */ ++#undef HAVE_DECL_DM_DEVICE_HAS_HOLDERS ++ ++/* Define to 1 if you have the declaration of `dm_device_has_mounted_fs', and ++ to 0 if you don't. */ ++#undef HAVE_DECL_DM_DEVICE_HAS_MOUNTED_FS ++ + /* Define to 1 if you have the declaration of `dm_task_retry_remove', and to 0 + if you don't. */ + #undef HAVE_DECL_DM_TASK_RETRY_REMOVE +diff -rupN cryptsetup-1.7.4.old/configure cryptsetup-1.7.4/configure +--- cryptsetup-1.7.4.old/configure 2017-03-15 10:43:13.000000000 +0100 ++++ cryptsetup-1.7.4/configure 2017-10-19 09:37:18.590530138 +0200 +@@ -16735,6 +16735,30 @@ cat >>confdefs.h <<_ACEOF + #define HAVE_DECL_DM_TASK_RETRY_REMOVE $ac_have_decl + _ACEOF + ++ac_fn_c_check_decl "$LINENO" "dm_device_has_mounted_fs" "ac_cv_have_decl_dm_device_has_mounted_fs" "#include ++" ++if test "x$ac_cv_have_decl_dm_device_has_mounted_fs" = xyes; then : ++ ac_have_decl=1 ++else ++ ac_have_decl=0 ++fi ++ ++cat >>confdefs.h <<_ACEOF ++#define HAVE_DECL_DM_DEVICE_HAS_MOUNTED_FS $ac_have_decl ++_ACEOF ++ ++ac_fn_c_check_decl "$LINENO" "dm_device_has_holders" "ac_cv_have_decl_dm_device_has_holders" "#include ++" ++if test "x$ac_cv_have_decl_dm_device_has_holders" = xyes; then : ++ ac_have_decl=1 ++else ++ ac_have_decl=0 ++fi ++ ++cat >>confdefs.h <<_ACEOF ++#define HAVE_DECL_DM_DEVICE_HAS_HOLDERS $ac_have_decl ++_ACEOF ++ + ac_fn_c_check_decl "$LINENO" "DM_UDEV_DISABLE_DISK_RULES_FLAG" "ac_cv_have_decl_DM_UDEV_DISABLE_DISK_RULES_FLAG" "#include + " + if test "x$ac_cv_have_decl_DM_UDEV_DISABLE_DISK_RULES_FLAG" = xyes; then : +diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c +index a0d6872..d6017b1 100644 +--- a/lib/libdevmapper.c ++++ b/lib/libdevmapper.c +@@ -1181,6 +1181,13 @@ int dm_query_device(struct crypt_device *cd, const char *name, + dmd->uuid = strdup(tmp_uuid + DM_UUID_PREFIX_LEN); + } + ++ dmd->holders = 0; ++#if (HAVE_DECL_DM_DEVICE_HAS_HOLDERS && HAVE_DECL_DM_DEVICE_HAS_MOUNTED_FS) ++ if (get_flags & DM_ACTIVE_HOLDERS) ++ dmd->holders = (dm_device_has_mounted_fs(dmi.major, dmi.minor) || ++ dm_device_has_holders(dmi.major, dmi.minor)); ++#endif ++ + r = (dmi.open_count > 0); + out: + if (dmt) +diff --git a/lib/setup.c b/lib/setup.c +index b2e4396..93e8079 100644 +--- a/lib/setup.c ++++ b/lib/setup.c +@@ -2249,6 +2249,7 @@ int crypt_activate_by_volume_key(struct crypt_device *cd, + int crypt_deactivate(struct crypt_device *cd, const char *name) + { + struct crypt_device *fake_cd = NULL; ++ struct crypt_dm_active_device dmd = {}; + int r; + + if (!name) +@@ -2266,6 +2267,13 @@ int crypt_deactivate(struct crypt_device *cd, const char *name) + switch (crypt_status(cd, name)) { + case CRYPT_ACTIVE: + case CRYPT_BUSY: ++ r = dm_query_device(cd, name, DM_ACTIVE_HOLDERS, &dmd); ++ if (r >= 0 && dmd.holders) { ++ log_err(cd, _("Device %s is still in use.\n"), name); ++ r = -EBUSY; ++ break; ++ } ++ + if (isTCRYPT(cd->type)) + r = TCRYPT_deactivate(cd, name); + else +diff --git a/lib/utils_dm.h b/lib/utils_dm.h +index c87e9aa..cf22e12 100644 +--- a/lib/utils_dm.h ++++ b/lib/utils_dm.h +@@ -48,14 +48,16 @@ uint32_t dm_flags(void); + + #define DM_ACTIVE_DEVICE (1 << 0) + #define DM_ACTIVE_UUID (1 << 1) ++#define DM_ACTIVE_HOLDERS (1 << 2) + +-#define DM_ACTIVE_CRYPT_CIPHER (1 << 2) +-#define DM_ACTIVE_CRYPT_KEYSIZE (1 << 3) +-#define DM_ACTIVE_CRYPT_KEY (1 << 4) ++#define DM_ACTIVE_CRYPT_CIPHER (1 << 3) ++#define DM_ACTIVE_CRYPT_KEYSIZE (1 << 4) ++#define DM_ACTIVE_CRYPT_KEY (1 << 5) ++ ++#define DM_ACTIVE_VERITY_ROOT_HASH (1 << 6) ++#define DM_ACTIVE_VERITY_HASH_DEVICE (1 << 7) ++#define DM_ACTIVE_VERITY_PARAMS (1 << 8) + +-#define DM_ACTIVE_VERITY_ROOT_HASH (1 << 5) +-#define DM_ACTIVE_VERITY_HASH_DEVICE (1 << 6) +-#define DM_ACTIVE_VERITY_PARAMS (1 << 7) + + struct crypt_dm_active_device { + enum { DM_CRYPT = 0, DM_VERITY } target; +@@ -63,6 +65,7 @@ struct crypt_dm_active_device { + uint32_t flags; /* activation flags */ + const char *uuid; + struct device *data_device; ++ unsigned holders:1; + union { + struct { + const char *cipher; +-- +1.8.3.1 + diff --git a/SOURCES/cryptsetup-1.7.6-cryptsetup-reencrypt-progress-frequency-parameter.patch b/SOURCES/cryptsetup-1.7.6-cryptsetup-reencrypt-progress-frequency-parameter.patch new file mode 100644 index 0000000..75ac6b3 --- /dev/null +++ b/SOURCES/cryptsetup-1.7.6-cryptsetup-reencrypt-progress-frequency-parameter.patch @@ -0,0 +1,78 @@ +diff -rupN cryptsetup-1.7.4.bcp/man/cryptsetup-reencrypt.8 cryptsetup-1.7.4/man/cryptsetup-reencrypt.8 +--- cryptsetup-1.7.4.bcp/man/cryptsetup-reencrypt.8 2017-10-18 11:39:01.697902733 +0200 ++++ cryptsetup-1.7.4/man/cryptsetup-reencrypt.8 2017-10-18 13:31:15.944930492 +0200 +@@ -38,7 +38,7 @@ To start (or continue) re-encryption for + \-\-device-size, \-\-hash, \-\-iter-time, \-\-use-random | \-\-use-urandom, + \-\-keep-key, \-\-key-size, \-\-key-file, \-\-key-slot, \-\-keyfile-offset, + \-\-keyfile-size, \-\-tries, \-\-use-directio, \-\-use-fsync, \-\-verbose, \-\-write-log, +-\-\-uuid] ++\-\-uuid, \-\-progress-frequency] + + To encrypt data on (not yet encrypted) device, use \fI\-\-new\fR with combination + with \fI\-\-reduce-device-size\fR. +@@ -190,6 +190,9 @@ of the interrupted decryption process. + .B "\-\-batch-mode, \-q" + Suppresses all warnings and reencryption progress output. + .TP ++.B "\-\-progress-frequency " ++Print separate line every with reencryption progress. ++.TP + .B "\-\-version" + Show the program version. + .SH RETURN CODES +diff -rupN cryptsetup-1.7.4.bcp/src/cryptsetup_reencrypt.c cryptsetup-1.7.4/src/cryptsetup_reencrypt.c +--- cryptsetup-1.7.4.bcp/src/cryptsetup_reencrypt.c 2017-10-18 11:39:01.697902733 +0200 ++++ cryptsetup-1.7.4/src/cryptsetup_reencrypt.c 2017-10-18 15:10:24.219013071 +0200 +@@ -51,6 +51,7 @@ static int opt_key_size = 0; + static int opt_new = 0; + static int opt_keep_key = 0; + static int opt_decrypt = 0; ++static int opt_progress_frequency = 0; + + static const char *opt_reduce_size_str = NULL; + static uint64_t opt_reduce_size = 0; +@@ -665,10 +666,18 @@ static void print_progress(struct reenc_ + { + unsigned long long mbytes, eta; + struct timeval now_time; +- double tdiff, mib; ++ double tdiff, mib, frequency; ++ char *eol = ""; + + gettimeofday(&now_time, NULL); +- if (!final && time_diff(rc->end_time, now_time) < 0.5) ++ if (opt_progress_frequency) ++ frequency = (double)opt_progress_frequency; ++ else ++ frequency = 0.5; ++ if (final || opt_progress_frequency) ++ eol = "\n"; ++ ++ if (!final && time_diff(rc->end_time, now_time) < frequency) + return; + + rc->end_time = now_time; +@@ -689,12 +698,12 @@ static void print_progress(struct reenc_ + eta = (unsigned long long)(rc->device_size / 1024 / 1024 / mib - tdiff); + + /* vt100 code clear line */ +- log_err("\33[2K\r"); ++ if (!opt_progress_frequency) ++ log_err("\33[2K\r"); + log_err(_("Progress: %5.1f%%, ETA %02llu:%02llu, " + "%4llu MiB written, speed %5.1f MiB/s%s"), + (double)bytes / rc->device_size * 100, +- eta / 60, eta % 60, mbytes, mib, +- final ? "\n" :""); ++ eta / 60, eta % 60, mbytes, mib, eol); + } + + static ssize_t read_buf(int fd, void *buf, size_t count) +@@ -1316,6 +1325,7 @@ int main(int argc, const char **argv) + { "key-file", 'd', POPT_ARG_STRING, &opt_key_file, 0, N_("Read the key from a file."), NULL }, + { "iter-time", 'i', POPT_ARG_INT, &opt_iteration_time, 0, N_("PBKDF2 iteration time for LUKS (in ms)"), N_("msecs") }, + { "batch-mode", 'q', POPT_ARG_NONE, &opt_batch_mode, 0, N_("Do not ask for confirmation"), NULL }, ++ { "progress-frequency",'\0', POPT_ARG_INT, &opt_progress_frequency, 0, N_("Progress line update (in seconds)"), N_("secs") }, + { "tries", 'T', POPT_ARG_INT, &opt_tries, 0, N_("How often the input of the passphrase can be retried"), NULL }, + { "use-random", '\0', POPT_ARG_NONE, &opt_random, 0, N_("Use /dev/random for generating volume key."), NULL }, + { "use-urandom", '\0', POPT_ARG_NONE, &opt_urandom, 0, N_("Use /dev/urandom for generating volume key."), NULL }, diff --git a/SOURCES/cryptsetup-1.7.6-dracut-reencrypt-add-progress-frequency.patch b/SOURCES/cryptsetup-1.7.6-dracut-reencrypt-add-progress-frequency.patch new file mode 100644 index 0000000..39cf514 --- /dev/null +++ b/SOURCES/cryptsetup-1.7.6-dracut-reencrypt-add-progress-frequency.patch @@ -0,0 +1,25 @@ +From 4e275e6da4b61e1d5c978c9726d695476629cb94 Mon Sep 17 00:00:00 2001 +From: Ondrej Kozina +Date: Wed, 18 Oct 2017 09:57:03 +0200 +Subject: [PATCH] dracut-reencrypt: add --progress-frequency parameter + +--- + misc/dracut_90reencrypt/reencrypt.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/misc/dracut_90reencrypt/reencrypt.sh b/misc/dracut_90reencrypt/reencrypt.sh +index e6f87e0..b4960d7 100755 +--- a/misc/dracut_90reencrypt/reencrypt.sh ++++ b/misc/dracut_90reencrypt/reencrypt.sh +@@ -18,7 +18,7 @@ else + device="$1" + fi + +-PARAMS="$device -T 1 --use-fsync -B 32" ++PARAMS="$device -T 1 --use-fsync --progress-frequency 5 -B 32" + if [ "$3" != "any" ]; then + PARAMS="$PARAMS -S $3" + fi +-- +1.8.3.1 + diff --git a/SPECS/cryptsetup.spec b/SPECS/cryptsetup.spec index 6525c83..6dce8eb 100644 --- a/SPECS/cryptsetup.spec +++ b/SPECS/cryptsetup.spec @@ -5,7 +5,7 @@ Summary: A utility for setting up encrypted disks Name: cryptsetup Version: 1.7.4 -Release: 3%{?dist}.1 +Release: 4%{?dist} License: GPLv2+ and LGPLv2+ Group: Applications/System URL: https://gitlab.com/cryptsetup/cryptsetup @@ -27,6 +27,9 @@ Patch0: %{name}-avoid-rh-kernel-bug.patch Patch1: %{name}-1.7.5-fix-unaligned-access-to-hidden-truecrypt.patch Patch2: %{name}-1.7.5-fix-luksformat-in-fips-mode.patch Patch3: %{name}-1.7.6-fix-blockwise-access-functions-for-64k-page-size.patch +Patch4: %{name}-1.7.6-crypt_deactivate-fail-earlier-when-holders-detected.patch +Patch5: %{name}-1.7.6-cryptsetup-reencrypt-progress-frequency-parameter.patch +Patch6: %{name}-1.7.6-dracut-reencrypt-add-progress-frequency.patch %if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 %define configure_cipher --enable-gcrypt-pbkdf2 @@ -116,6 +119,9 @@ for setting up disk encryption using dm-crypt kernel module. %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 chmod -x python/pycryptsetup-test.py %if %{python3_enable} @@ -211,10 +217,14 @@ install -m755 misc/dracut_90reencrypt/reencrypt.sh %{buildroot}/%{dracutmodulesd %clean %changelog -* Thu Nov 16 2017 Ondrej Kozina - 1.7.4-3.el7_4.1 -- patch: fix regression in blockwise functions (archs with 64 KiB - page_size) -- Resolves: #1510841 +* Thu Oct 19 2017 Ondrej Kozina - 1.7.4-4 +- patch: fix regression in blockwise functions +- patch: avoid repeating error messages when device holders + detected. +- patch: add option to cryptsetup-reencrypt to print progress + log sequentaly +- patch: use --progress-frequency in reencryption dracut module +- Resolves: #1480006 #1447632 #1479857 * Tue Apr 25 2017 Ondrej Kozina - 1.7.4-3 - patch: fix luksFormat failure while running in FIPS mode.