Browse Source

Skip cryptsetup password quality checking

LUKS password quality checking is not useful
since we only use long hex strings for passwords.

Not skipping this means that we have to install
cracklib-dicts for cryptsetup to work, which is
unnecessary weight.

Closes-Bug: #1861120

Change-Id: Idc281be7cf88eeeeefe260877a1fc275d94f2bed
(cherry picked from commit afb7beb7ce)
changes/44/707644/1
Eric Harney 2 years ago
parent
commit
6461c993bc
  1. 1
      os_brick/encryptors/luks.py
  2. 1
      os_brick/tests/encryptors/test_luks.py

1
os_brick/encryptors/luks.py

@ -133,6 +133,7 @@ class LuksEncryptor(cryptsetup.CryptsetupEncryptor):
# Enter new passphrase for key slot:
# Verify passphrase:
self._execute('cryptsetup', 'luksAddKey', self.dev_path,
'--force-password',
process_input=''.join([mangled_passphrase, '\n',
passphrase, '\n', passphrase]),
run_as_root=True, check_exit_code=True,

1
os_brick/tests/encryptors/test_luks.py

@ -227,6 +227,7 @@ class LuksEncryptorTestCase(test_cryptsetup.CryptsetupEncryptorTestCase):
root_helper=self.root_helper, run_as_root=True,
check_exit_code=[0, 4], attempts=3),
mock.call('cryptsetup', 'luksAddKey', self.dev_path,
'--force-password',
process_input=''.join([fake_key_mangled,
'\n', fake_key,
'\n', fake_key]),

Loading…
Cancel
Save