Skip cryptsetup password quality checking

LUKS password quality checking is not useful since we only use long hex strings for passwords. Not skipping this means that we have to install cracklib-dicts for cryptsetup to work, which is unnecessary weight. Closes-Bug: #1861120 Change-Id: Idc281be7cf88eeeeefe260877a1fc275d94f2bed (cherry picked from commit afb7beb7ce)
2020-01-28 09:12:55 -05:00 · 2020-01-28 09:12:55 -05:00 · 6461c993bc
commit 6461c993bc
parent d8ed21e7d2
2 changed files with 2 additions and 0 deletions
--- a/os_brick/encryptors/luks.py
+++ b/os_brick/encryptors/luks.py
@ -133,6 +133,7 @@ class LuksEncryptor(cryptsetup.CryptsetupEncryptor):
        # Enter new passphrase for key slot:
        # Verify passphrase:
        self._execute('cryptsetup', 'luksAddKey', self.dev_path,
+                      '--force-password',
                      process_input=''.join([mangled_passphrase, '\n',
                                             passphrase, '\n', passphrase]),
                      run_as_root=True, check_exit_code=True,
--- a/os_brick/tests/encryptors/test_luks.py
+++ b/os_brick/tests/encryptors/test_luks.py
@ -227,6 +227,7 @@ class LuksEncryptorTestCase(test_cryptsetup.CryptsetupEncryptorTestCase):
                      root_helper=self.root_helper, run_as_root=True,
                      check_exit_code=[0, 4], attempts=3),
            mock.call('cryptsetup', 'luksAddKey', self.dev_path,
+                      '--force-password',
                      process_input=''.join([fake_key_mangled,
                                             '\n', fake_key,
                                             '\n', fake_key]),