diff --git a/SOURCES/0004-Fix-default-key-size-for-non-XTS-ciphers.patch b/SOURCES/0004-Fix-default-key-size-for-non-XTS-ciphers.patch new file mode 100644 index 0000000..6292ac7 --- /dev/null +++ b/SOURCES/0004-Fix-default-key-size-for-non-XTS-ciphers.patch @@ -0,0 +1,97 @@ +From 5d29bc014a33d9bdc1c5fb4b8add2f38850f46a8 Mon Sep 17 00:00:00 2001 +From: Vojtech Trefny +Date: Wed, 24 Feb 2021 14:44:03 +0100 +Subject: [PATCH] crypto: Fix default key size for non XTS ciphers + +512 bits should be default only for AES-XTS which needs two keys, +default for other modes must be 256 bits. + +resolves: rhbz#1931847 +--- + src/plugins/crypto.c | 11 +++++++++-- + src/plugins/crypto.h | 2 +- + tests/crypto_test.py | 36 ++++++++++++++++++++++++++++++++++++ + 3 files changed, 46 insertions(+), 3 deletions(-) + +diff --git a/src/plugins/crypto.c b/src/plugins/crypto.c +index f4a2e8f0..1e7043fa 100644 +--- a/src/plugins/crypto.c ++++ b/src/plugins/crypto.c +@@ -774,8 +774,15 @@ static gboolean luks_format (const gchar *device, const gchar *cipher, guint64 k + return FALSE; + } + +- /* resolve requested/default key_size (should be in bytes) */ +- key_size = (key_size != 0) ? (key_size / 8) : (DEFAULT_LUKS_KEYSIZE_BITS / 8); ++ if (key_size == 0) { ++ if (g_str_has_prefix (cipher_specs[1], "xts-")) ++ key_size = DEFAULT_LUKS_KEYSIZE_BITS * 2; ++ else ++ key_size = DEFAULT_LUKS_KEYSIZE_BITS; ++ } ++ ++ /* key_size should be in bytes */ ++ key_size = key_size / 8; + + /* wait for enough random data entropy (if requested) */ + if (min_entropy > 0) { +diff --git a/src/plugins/crypto.h b/src/plugins/crypto.h +index 71a1438d..a38724d9 100644 +--- a/src/plugins/crypto.h ++++ b/src/plugins/crypto.h +@@ -36,7 +36,7 @@ typedef enum { + /* 20 chars * 6 bits per char (64-item charset) = 120 "bits of security" */ + #define BD_CRYPTO_BACKUP_PASSPHRASE_LENGTH 20 + +-#define DEFAULT_LUKS_KEYSIZE_BITS 512 ++#define DEFAULT_LUKS_KEYSIZE_BITS 256 + #define DEFAULT_LUKS_CIPHER "aes-xts-plain64" + #define DEFAULT_LUKS2_SECTOR_SIZE 512 + +diff --git a/tests/crypto_test.py b/tests/crypto_test.py +index 0609a070..0aecc032 100644 +--- a/tests/crypto_test.py ++++ b/tests/crypto_test.py +@@ -236,6 +236,42 @@ def test_luks2_format(self): + self.fail("Failed to get pbkdf information from:\n%s %s" % (out, err)) + self.assertEqual(int(m.group(1)), 5) + ++ def _get_luks1_key_size(self, device): ++ _ret, out, err = run_command("cryptsetup luksDump %s" % device) ++ m = re.search(r"MK bits:\s*(\S+)\s*", out) ++ if not m or len(m.groups()) != 1: ++ self.fail("Failed to get key size information from:\n%s %s" % (out, err)) ++ key_size = m.group(1) ++ if not key_size.isnumeric(): ++ self.fail("Failed to get key size information from: %s" % key_size) ++ return int(key_size) ++ ++ @tag_test(TestTags.SLOW, TestTags.CORE) ++ def test_luks_format_key_size(self): ++ """Verify that formating device as LUKS works""" ++ ++ # aes-xts: key size should default to 512 ++ succ = BlockDev.crypto_luks_format(self.loop_dev, "aes-xts-plain64", 0, PASSWD, None, 0) ++ self.assertTrue(succ) ++ ++ key_size = self._get_luks1_key_size(self.loop_dev) ++ self.assertEqual(key_size, 512) ++ ++ # aes-cbc: key size should default to 256 ++ succ = BlockDev.crypto_luks_format(self.loop_dev, "aes-cbc-essiv:sha256", 0, PASSWD, None, 0) ++ self.assertTrue(succ) ++ ++ key_size = self._get_luks1_key_size(self.loop_dev) ++ self.assertEqual(key_size, 256) ++ ++ # try specifying key size for aes-xts ++ succ = BlockDev.crypto_luks_format(self.loop_dev, "aes-xts-plain64", 256, PASSWD, None, 0) ++ self.assertTrue(succ) ++ ++ key_size = self._get_luks1_key_size(self.loop_dev) ++ self.assertEqual(key_size, 256) ++ ++ + class CryptoTestResize(CryptoTestCase): + + def _get_key_location(self, device): diff --git a/SOURCES/0005-Add-workarounds-for-some-LVM-test-issues.patch b/SOURCES/0005-Add-workarounds-for-some-LVM-test-issues.patch new file mode 100644 index 0000000..c41d687 --- /dev/null +++ b/SOURCES/0005-Add-workarounds-for-some-LVM-test-issues.patch @@ -0,0 +1,157 @@ +From 7c31cc534f96766dd2e3427b09d0affca66b0745 Mon Sep 17 00:00:00 2001 +From: Vojtech Trefny +Date: Tue, 23 Mar 2021 13:54:02 +0100 +Subject: [PATCH 1/3] tests: Do not try to remove VG before removing the VDO + pool + +--- + tests/lvm_dbus_tests.py | 6 +++--- + tests/lvm_test.py | 6 +++--- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/tests/lvm_dbus_tests.py b/tests/lvm_dbus_tests.py +index 8f2bb95d..b599fdd0 100644 +--- a/tests/lvm_dbus_tests.py ++++ b/tests/lvm_dbus_tests.py +@@ -1517,14 +1517,14 @@ def setUp(self): + self.assertTrue(succ) + + def _clean_up(self): +- BlockDev.lvm_vgremove("testVDOVG") +- BlockDev.lvm_pvremove(self.loop_dev) +- + try: + BlockDev.lvm_lvremove("testVDOVG", "vdoPool", True, None) + except: + pass + ++ BlockDev.lvm_vgremove("testVDOVG") ++ BlockDev.lvm_pvremove(self.loop_dev) ++ + try: + delete_lio_device(self.loop_dev) + except RuntimeError: +diff --git a/tests/lvm_test.py b/tests/lvm_test.py +index 6f80a3ba..6c04faf9 100644 +--- a/tests/lvm_test.py ++++ b/tests/lvm_test.py +@@ -1437,14 +1437,14 @@ def setUp(self): + self.assertTrue(succ) + + def _clean_up(self): +- BlockDev.lvm_vgremove("testVDOVG") +- BlockDev.lvm_pvremove(self.loop_dev) +- + try: + BlockDev.lvm_lvremove("testVDOVG", "vdoPool", True, None) + except: + pass + ++ BlockDev.lvm_vgremove("testVDOVG") ++ BlockDev.lvm_pvremove(self.loop_dev) ++ + try: + delete_lio_device(self.loop_dev) + except RuntimeError: + +From 41b9d745b8c1a33221e15683f390bae180d1e960 Mon Sep 17 00:00:00 2001 +From: Vojtech Trefny +Date: Tue, 23 Mar 2021 13:59:24 +0100 +Subject: [PATCH 2/3] tests: Force remove LVM VG /dev/ entry not removed by + vgremove + +The directory is sometimes not removed. This is a known bug that +causes subsequent test cases to fail. +--- + tests/lvm_dbus_tests.py | 6 ++++++ + tests/lvm_test.py | 6 ++++++ + 2 files changed, 12 insertions(+) + +diff --git a/tests/lvm_dbus_tests.py b/tests/lvm_dbus_tests.py +index b599fdd0..3278716e 100644 +--- a/tests/lvm_dbus_tests.py ++++ b/tests/lvm_dbus_tests.py +@@ -399,6 +399,9 @@ def _clean_up(self): + except: + pass + ++ # XXX remove lingering /dev entries ++ shutil.rmtree("/dev/testVG", ignore_errors=True) ++ + LvmPVonlyTestCase._clean_up(self) + + @unittest.skipUnless(lvm_dbus_running, "LVM DBus not running") +@@ -1525,6 +1528,9 @@ def _clean_up(self): + BlockDev.lvm_vgremove("testVDOVG") + BlockDev.lvm_pvremove(self.loop_dev) + ++ # XXX remove lingering /dev entries ++ shutil.rmtree("/dev/testVDOVG", ignore_errors=True) ++ + try: + delete_lio_device(self.loop_dev) + except RuntimeError: +diff --git a/tests/lvm_test.py b/tests/lvm_test.py +index 6c04faf9..d7e1f84c 100644 +--- a/tests/lvm_test.py ++++ b/tests/lvm_test.py +@@ -378,6 +378,9 @@ def _clean_up(self): + except: + pass + ++ # XXX remove lingering /dev entries ++ shutil.rmtree("/dev/testVG", ignore_errors=True) ++ + LvmPVonlyTestCase._clean_up(self) + + class LvmTestVGcreateRemove(LvmPVVGTestCase): +@@ -1445,6 +1448,9 @@ def _clean_up(self): + BlockDev.lvm_vgremove("testVDOVG") + BlockDev.lvm_pvremove(self.loop_dev) + ++ # XXX remove lingering /dev entries ++ shutil.rmtree("/dev/testVDOVG", ignore_errors=True) ++ + try: + delete_lio_device(self.loop_dev) + except RuntimeError: + +From 4ecf0075cedf3a1d275d34b94ce5bb512c4e970e Mon Sep 17 00:00:00 2001 +From: Vojtech Trefny +Date: Tue, 23 Mar 2021 14:03:44 +0100 +Subject: [PATCH 3/3] tests: Tag LvmPVVGLVcachePoolCreateRemoveTestCase as + unstable + +LVM randomly fails to activate the newly created metadata LV. +Issue is reported to LVM and not yet fixed. +--- + tests/lvm_dbus_tests.py | 2 +- + tests/lvm_test.py | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tests/lvm_dbus_tests.py b/tests/lvm_dbus_tests.py +index 3278716e..4882da88 100644 +--- a/tests/lvm_dbus_tests.py ++++ b/tests/lvm_dbus_tests.py +@@ -1213,7 +1213,7 @@ def _clean_up(self): + + @unittest.skipUnless(lvm_dbus_running, "LVM DBus not running") + class LvmPVVGLVcachePoolCreateRemoveTestCase(LvmPVVGLVcachePoolTestCase): +- @tag_test(TestTags.SLOW) ++ @tag_test(TestTags.SLOW, TestTags.UNSTABLE) + def test_cache_pool_create_remove(self): + """Verify that is it possible to create and remove a cache pool""" + +diff --git a/tests/lvm_test.py b/tests/lvm_test.py +index d7e1f84c..eb94c917 100644 +--- a/tests/lvm_test.py ++++ b/tests/lvm_test.py +@@ -1129,7 +1129,7 @@ def _clean_up(self): + LvmPVVGLVTestCase._clean_up(self) + + class LvmPVVGLVcachePoolCreateRemoveTestCase(LvmPVVGLVcachePoolTestCase): +- @tag_test(TestTags.SLOW) ++ @tag_test(TestTags.SLOW, TestTags.UNSTABLE) + def test_cache_pool_create_remove(self): + """Verify that is it possible to create and remove a cache pool""" + diff --git a/SPECS/libblockdev.spec b/SPECS/libblockdev.spec index 580e5e1..01c8ece 100644 --- a/SPECS/libblockdev.spec +++ b/SPECS/libblockdev.spec @@ -129,7 +129,7 @@ Name: libblockdev Version: 2.24 -Release: 6%{?dist} +Release: 8%{?dist} Summary: A library for low-level manipulation with block devices License: LGPLv2+ URL: https://github.com/storaged-project/libblockdev @@ -137,6 +137,8 @@ Source0: https://github.com/storaged-project/libblockdev/releases/download/% Patch0: 0001-exec-Fix-setting-locale-for-util-calls.patch Patch1: 0002-exec-polling-fixes.patch Patch2: 0003-LVM-thin-metadata-calculation-fix.patch +Patch3: 0004-Fix-default-key-size-for-non-XTS-ciphers.patch +Patch4: 0005-Add-workarounds-for-some-LVM-test-issues.patch BuildRequires: glib2-devel %if %{with_gi} @@ -695,6 +697,8 @@ A meta-package that pulls all the libblockdev plugins as dependencies. %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 +%patch4 -p1 %build autoreconf -ivf @@ -998,9 +1002,17 @@ find %{buildroot} -type f -name "*.la" | xargs %{__rm} %files plugins-all %changelog -* Mon May 17 2021 Neal Gompa - 2.24-6 +* Sat Jul 17 2021 Neal Gompa - 2.24-8 - Enable Btrfs for CentOS Hyperscale SIG +* Wed Jun 30 2021 Vojtech Trefny - 2.24-7 +- Add workarounds for some LVM test issues + Resolves: rhbz#1974352 + +* Fri May 14 2021 Vojtech Trefny - 2.24-6 +- Fix default key size for non XTS ciphers + Resolves: rhbz#1931847 + * Mon Jan 11 2021 Vojtech Trefny - 2.24-5 - Fix LVM thin metadata calculation fix Resolves: rhbz#1901714