luks: Default to LUKS v1 when formatting volumes
cryptsetup 2.0.6 has started to default to LUKS v2 or LUKS2 when formatting volumes. However QEMU currently has no support for v2 and will fail to open the volume when being used to natively decrypt. For now we should default the original LUKS encryptor to v1 when formatting volumes, introducing a new LUKS2 encryptor and encryption constant in a future change. Closes-bug: 1831994 Change-Id: I152fe10ff5a3131950b789d3fd4efa15c554ff09
This commit is contained in:
parent
8cb5fe3623
commit
94312bd90f
|
@ -69,7 +69,8 @@ class LuksEncryptor(cryptsetup.CryptsetupEncryptor):
|
|||
|
||||
# NOTE(joel-coffman): cryptsetup will strip trailing newlines from
|
||||
# input specified on stdin unless --key-file=- is specified.
|
||||
cmd = ["cryptsetup", "--batch-mode", "luksFormat", "--key-file=-"]
|
||||
cmd = ["cryptsetup", "--batch-mode", "luksFormat", "--type", "luks",
|
||||
"--key-file=-"]
|
||||
|
||||
cipher = kwargs.get("cipher", None)
|
||||
if cipher is not None:
|
||||
|
|
|
@ -61,7 +61,7 @@ class LuksEncryptorTestCase(test_cryptsetup.CryptsetupEncryptorTestCase):
|
|||
|
||||
mock_execute.assert_has_calls([
|
||||
mock.call('cryptsetup', '--batch-mode', 'luksFormat',
|
||||
'--key-file=-', self.dev_path,
|
||||
'--type', 'luks', '--key-file=-', self.dev_path,
|
||||
process_input='passphrase',
|
||||
root_helper=self.root_helper,
|
||||
run_as_root=True, check_exit_code=True, attempts=3),
|
||||
|
@ -124,7 +124,8 @@ class LuksEncryptorTestCase(test_cryptsetup.CryptsetupEncryptorTestCase):
|
|||
root_helper=self.root_helper,
|
||||
run_as_root=True, check_exit_code=True),
|
||||
mock.call('cryptsetup', '--batch-mode', 'luksFormat',
|
||||
'--key-file=-', self.dev_path, process_input=fake_key,
|
||||
'--type', 'luks', '--key-file=-', self.dev_path,
|
||||
process_input=fake_key,
|
||||
root_helper=self.root_helper,
|
||||
run_as_root=True, check_exit_code=True, attempts=3),
|
||||
mock.call('cryptsetup', 'luksOpen', '--key-file=-', self.dev_path,
|
||||
|
|
Loading…
Reference in New Issue