luks: Default to LUKS v1 when formatting volumes

cryptsetup 2.0.6 has started to default to LUKS v2 or LUKS2 when formatting volumes. However QEMU currently has no support for v2 and will fail to open the volume when being used to natively decrypt. For now we should default the original LUKS encryptor to v1 when formatting volumes, introducing a new LUKS2 encryptor and encryption constant in a future change. Closes-bug: 1831994 Change-Id: I152fe10ff5a3131950b789d3fd4efa15c554ff09 (cherry picked from commit 94312bd90f)
2019-06-07 12:26:01 +01:00 · 2019-06-07 12:26:01 +01:00 · d7f9ff61fb
parent 735ace04ea
commit d7f9ff61fb
2 changed files with 5 additions and 3 deletions
--- a/os_brick/encryptors/luks.py
+++ b/os_brick/encryptors/luks.py
@ -69,7 +69,8 @@ class LuksEncryptor(cryptsetup.CryptsetupEncryptor):

        # NOTE(joel-coffman): cryptsetup will strip trailing newlines from
        # input specified on stdin unless --key-file=- is specified.
-        cmd = ["cryptsetup", "--batch-mode", "luksFormat", "--key-file=-"]
+        cmd = ["cryptsetup", "--batch-mode", "luksFormat", "--type", "luks",
+               "--key-file=-"]

        cipher = kwargs.get("cipher", None)
        if cipher is not None:
--- a/os_brick/tests/encryptors/test_luks.py
+++ b/os_brick/tests/encryptors/test_luks.py
@ -61,7 +61,7 @@ class LuksEncryptorTestCase(test_cryptsetup.CryptsetupEncryptorTestCase):

        mock_execute.assert_has_calls([
            mock.call('cryptsetup', '--batch-mode', 'luksFormat',
-                      '--key-file=-', self.dev_path,
+                      '--type', 'luks', '--key-file=-', self.dev_path,
                      process_input='passphrase',
                      root_helper=self.root_helper,
                      run_as_root=True, check_exit_code=True, attempts=3),
@ -124,7 +124,8 @@ class LuksEncryptorTestCase(test_cryptsetup.CryptsetupEncryptorTestCase):
                      root_helper=self.root_helper,
                      run_as_root=True, check_exit_code=True),
            mock.call('cryptsetup', '--batch-mode', 'luksFormat',
-                      '--key-file=-', self.dev_path, process_input=fake_key,
+                      '--type', 'luks', '--key-file=-', self.dev_path,
+                      process_input=fake_key,
                      root_helper=self.root_helper,
                      run_as_root=True, check_exit_code=True, attempts=3),
            mock.call('cryptsetup', 'luksOpen', '--key-file=-', self.dev_path,