From 97b085f448e15269c28ed8adc60601894c470747 Mon Sep 17 00:00:00 2001
From: Lee Yarwood <lyarwood@redhat.com>
Date: Mon, 1 Jul 2019 12:31:23 +0100
Subject: [PATCH] luks: Explicitly use the luks1 type to ensure LUKS v1 is used

I152fe10ff5a3131950b789d3fd4efa15c554ff09 attempted to ensure LUKS
volumes were formatted using the LUKS v1 header format by using a type
of `luks`. However from cryptsetup 2.1.0 (incorrectly referenced as
2.0.6 in the previous change) this type can actually refer to the newer
LUKS v2 header format in environments where cryptsetup has not complied
with the `--with-default-luks-format=LUKS1` build time configuration
option [1].

This change now explicitly uses the luks1 type when formatting a device
to ensure the correct LUKS v1 header format is used.

[1] https://gitlab.com/cryptsetup/cryptsetup/blob/master/docs/v2.1.0-ReleaseNotes

Closes-Bug: #1834851
Change-Id: I0010e9014c06a3a812d24d9d5ef598425ac5d5d4
---
 os_brick/encryptors/luks.py            | 2 +-
 os_brick/tests/encryptors/test_luks.py | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/os_brick/encryptors/luks.py b/os_brick/encryptors/luks.py
index 6ccceef58..0faae28c7 100644
--- a/os_brick/encryptors/luks.py
+++ b/os_brick/encryptors/luks.py
@@ -69,7 +69,7 @@ class LuksEncryptor(cryptsetup.CryptsetupEncryptor):
 
         # NOTE(joel-coffman): cryptsetup will strip trailing newlines from
         # input specified on stdin unless --key-file=- is specified.
-        cmd = ["cryptsetup", "--batch-mode", "luksFormat", "--type", "luks",
+        cmd = ["cryptsetup", "--batch-mode", "luksFormat", "--type", "luks1",
                "--key-file=-"]
 
         cipher = kwargs.get("cipher", None)
diff --git a/os_brick/tests/encryptors/test_luks.py b/os_brick/tests/encryptors/test_luks.py
index c5af4c436..191acbc30 100644
--- a/os_brick/tests/encryptors/test_luks.py
+++ b/os_brick/tests/encryptors/test_luks.py
@@ -61,7 +61,7 @@ class LuksEncryptorTestCase(test_cryptsetup.CryptsetupEncryptorTestCase):
 
         mock_execute.assert_has_calls([
             mock.call('cryptsetup', '--batch-mode', 'luksFormat',
-                      '--type', 'luks', '--key-file=-', self.dev_path,
+                      '--type', 'luks1', '--key-file=-', self.dev_path,
                       process_input='passphrase',
                       root_helper=self.root_helper,
                       run_as_root=True, check_exit_code=True, attempts=3),
@@ -124,7 +124,7 @@ class LuksEncryptorTestCase(test_cryptsetup.CryptsetupEncryptorTestCase):
                       root_helper=self.root_helper,
                       run_as_root=True, check_exit_code=True),
             mock.call('cryptsetup', '--batch-mode', 'luksFormat',
-                      '--type', 'luks', '--key-file=-', self.dev_path,
+                      '--type', 'luks1', '--key-file=-', self.dev_path,
                       process_input=fake_key,
                       root_helper=self.root_helper,
                       run_as_root=True, check_exit_code=True, attempts=3),