From afb7beb7ce98824d5fb789ad8e7577cebae4e41c Mon Sep 17 00:00:00 2001
From: Eric Harney <eharney@redhat.com>
Date: Tue, 28 Jan 2020 09:12:55 -0500
Subject: [PATCH] Skip cryptsetup password quality checking

LUKS password quality checking is not useful
since we only use long hex strings for passwords.

Not skipping this means that we have to install
cracklib-dicts for cryptsetup to work, which is
unnecessary weight.

Closes-Bug: #1861120

Change-Id: Idc281be7cf88eeeeefe260877a1fc275d94f2bed
---
 os_brick/encryptors/luks.py            | 1 +
 os_brick/tests/encryptors/test_luks.py | 1 +
 2 files changed, 2 insertions(+)

diff --git a/os_brick/encryptors/luks.py b/os_brick/encryptors/luks.py
index 765e857dc..0baed96e3 100644
--- a/os_brick/encryptors/luks.py
+++ b/os_brick/encryptors/luks.py
@@ -133,6 +133,7 @@ class LuksEncryptor(cryptsetup.CryptsetupEncryptor):
         # Enter new passphrase for key slot:
         # Verify passphrase:
         self._execute('cryptsetup', 'luksAddKey', self.dev_path,
+                      '--force-password',
                       process_input=''.join([mangled_passphrase, '\n',
                                              passphrase, '\n', passphrase]),
                       run_as_root=True, check_exit_code=True,
diff --git a/os_brick/tests/encryptors/test_luks.py b/os_brick/tests/encryptors/test_luks.py
index 408aec88c..adb8e3fc1 100644
--- a/os_brick/tests/encryptors/test_luks.py
+++ b/os_brick/tests/encryptors/test_luks.py
@@ -227,6 +227,7 @@ class LuksEncryptorTestCase(test_cryptsetup.CryptsetupEncryptorTestCase):
                       root_helper=self.root_helper, run_as_root=True,
                       check_exit_code=[0, 4], attempts=3),
             mock.call('cryptsetup', 'luksAddKey', self.dev_path,
+                      '--force-password',
                       process_input=''.join([fake_key_mangled,
                                              '\n', fake_key,
                                              '\n', fake_key]),