luks: Explicitly use the luks1 type to ensure LUKS v1 is used

I152fe10ff5a3131950b789d3fd4efa15c554ff09 attempted to ensure LUKS volumes were formatted using the LUKS v1 header format by using a type of `luks`. However from cryptsetup 2.1.0 (incorrectly referenced as 2.0.6 in the previous change) this type can actually refer to the newer LUKS v2 header format in environments where cryptsetup has not complied with the `--with-default-luks-format=LUKS1` build time configuration option [1]. This change now explicitly uses the luks1 type when formatting a device to ensure the correct LUKS v1 header format is used. [1] https://gitlab.com/cryptsetup/cryptsetup/blob/master/docs/v2.1.0-ReleaseNotes Closes-Bug: #1834851 Change-Id: I0010e9014c06a3a812d24d9d5ef598425ac5d5d4
2019-07-01 12:31:23 +01:00 · 2019-07-01 12:31:23 +01:00 · 97b085f448
parent 4ec35ed3b0
commit 97b085f448
2 changed files with 3 additions and 3 deletions
--- a/os_brick/encryptors/luks.py
+++ b/os_brick/encryptors/luks.py
@ -69,7 +69,7 @@ class LuksEncryptor(cryptsetup.CryptsetupEncryptor):

        # NOTE(joel-coffman): cryptsetup will strip trailing newlines from
        # input specified on stdin unless --key-file=- is specified.
-        cmd = ["cryptsetup", "--batch-mode", "luksFormat", "--type", "luks",
+        cmd = ["cryptsetup", "--batch-mode", "luksFormat", "--type", "luks1",
               "--key-file=-"]

        cipher = kwargs.get("cipher", None)
--- a/os_brick/tests/encryptors/test_luks.py
+++ b/os_brick/tests/encryptors/test_luks.py
@ -61,7 +61,7 @@ class LuksEncryptorTestCase(test_cryptsetup.CryptsetupEncryptorTestCase):

        mock_execute.assert_has_calls([
            mock.call('cryptsetup', '--batch-mode', 'luksFormat',
-                      '--type', 'luks', '--key-file=-', self.dev_path,
+                      '--type', 'luks1', '--key-file=-', self.dev_path,
                      process_input='passphrase',
                      root_helper=self.root_helper,
                      run_as_root=True, check_exit_code=True, attempts=3),
@ -124,7 +124,7 @@ class LuksEncryptorTestCase(test_cryptsetup.CryptsetupEncryptorTestCase):
                      root_helper=self.root_helper,
                      run_as_root=True, check_exit_code=True),
            mock.call('cryptsetup', '--batch-mode', 'luksFormat',
-                      '--type', 'luks', '--key-file=-', self.dev_path,
+                      '--type', 'luks1', '--key-file=-', self.dev_path,
                      process_input=fake_key,
                      root_helper=self.root_helper,
                      run_as_root=True, check_exit_code=True, attempts=3),