luks: Default to LUKS v1 when formatting volumes

cryptsetup 2.0.6 has started to default to LUKS v2 or LUKS2 when
formatting volumes.  However QEMU currently has no support for v2 and
will fail to open the volume when being used to natively decrypt.

For now we should default the original LUKS encryptor to v1 when
formatting volumes, introducing a new LUKS2 encryptor and encryption
constant in a future change.

Closes-bug: 1831994
Change-Id: I152fe10ff5a3131950b789d3fd4efa15c554ff09
This commit is contained in:
Lee Yarwood 2019-06-07 12:26:01 +01:00
parent 8cb5fe3623
commit 94312bd90f
2 changed files with 5 additions and 3 deletions

View File

@ -69,7 +69,8 @@ class LuksEncryptor(cryptsetup.CryptsetupEncryptor):
# NOTE(joel-coffman): cryptsetup will strip trailing newlines from
# input specified on stdin unless --key-file=- is specified.
cmd = ["cryptsetup", "--batch-mode", "luksFormat", "--key-file=-"]
cmd = ["cryptsetup", "--batch-mode", "luksFormat", "--type", "luks",
"--key-file=-"]
cipher = kwargs.get("cipher", None)
if cipher is not None:

View File

@ -61,7 +61,7 @@ class LuksEncryptorTestCase(test_cryptsetup.CryptsetupEncryptorTestCase):
mock_execute.assert_has_calls([
mock.call('cryptsetup', '--batch-mode', 'luksFormat',
'--key-file=-', self.dev_path,
'--type', 'luks', '--key-file=-', self.dev_path,
process_input='passphrase',
root_helper=self.root_helper,
run_as_root=True, check_exit_code=True, attempts=3),
@ -124,7 +124,8 @@ class LuksEncryptorTestCase(test_cryptsetup.CryptsetupEncryptorTestCase):
root_helper=self.root_helper,
run_as_root=True, check_exit_code=True),
mock.call('cryptsetup', '--batch-mode', 'luksFormat',
'--key-file=-', self.dev_path, process_input=fake_key,
'--type', 'luks', '--key-file=-', self.dev_path,
process_input=fake_key,
root_helper=self.root_helper,
run_as_root=True, check_exit_code=True, attempts=3),
mock.call('cryptsetup', 'luksOpen', '--key-file=-', self.dev_path,