92 lines
3.6 KiB
Diff
92 lines
3.6 KiB
Diff
From f76ad4da12e6a65550d564bb626a1429ae75433a Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Thomas=20M=C3=BChlbacher?= <tmuehlbacher@posteo.net>
|
|
Date: Thu, 9 May 2024 23:52:47 +0200
|
|
Subject: [PATCH 1/2] `check_for_key` before `ask_for_passphrase`
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
let's always first check if there is already a key in the keyring
|
|
available before we try to get the key from some more involved means.
|
|
|
|
Fixes: #261
|
|
Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
|
|
---
|
|
src/commands/mount.rs | 13 +++++++++++--
|
|
src/key.rs | 4 +++-
|
|
2 files changed, 14 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/commands/mount.rs b/src/commands/mount.rs
|
|
index 9414c77f..34a741cb 100644
|
|
--- a/src/commands/mount.rs
|
|
+++ b/src/commands/mount.rs
|
|
@@ -344,8 +344,17 @@ fn cmd_mount_inner(opt: Cli) -> anyhow::Result<()> {
|
|
if block_devices_to_mount.len() == 0 {
|
|
Err(anyhow::anyhow!("No device found from specified parameters"))?;
|
|
}
|
|
- // Check if the filesystem's master key is encrypted
|
|
- if unsafe { bcachefs::bch2_sb_is_encrypted_and_locked(block_devices_to_mount[0].sb) } {
|
|
+
|
|
+ let key_name = CString::new(format!(
|
|
+ "bcachefs:{}",
|
|
+ block_devices_to_mount[0].sb().uuid()
|
|
+ ))
|
|
+ .unwrap();
|
|
+
|
|
+ // Check if the filesystem's master key is encrypted and we don't have a key
|
|
+ if unsafe { bcachefs::bch2_sb_is_encrypted_and_locked(block_devices_to_mount[0].sb) }
|
|
+ && !key::check_for_key(&key_name)?
|
|
+ {
|
|
// First by password_file, if available
|
|
let fallback_to_unlock_policy = if let Some(passphrase_file) = &opt.passphrase_file {
|
|
match key::read_from_passphrase_file(&block_devices_to_mount[0], passphrase_file.as_path()) {
|
|
diff --git a/src/key.rs b/src/key.rs
|
|
index d0018805..568b3cdb 100644
|
|
--- a/src/key.rs
|
|
+++ b/src/key.rs
|
|
@@ -58,7 +58,7 @@ impl fmt::Display for UnlockPolicy {
|
|
}
|
|
}
|
|
|
|
-fn check_for_key(key_name: &std::ffi::CStr) -> anyhow::Result<bool> {
|
|
+pub fn check_for_key(key_name: &std::ffi::CStr) -> anyhow::Result<bool> {
|
|
use bch_bindgen::keyutils::{self, keyctl_search};
|
|
let key_name = key_name.to_bytes_with_nul().as_ptr() as *const _;
|
|
let key_type = c_str!("user");
|
|
@@ -86,10 +86,12 @@ fn wait_for_unlock(uuid: &uuid::Uuid) -> anyhow::Result<()> {
|
|
}
|
|
}
|
|
|
|
+// blocks indefinitely if no input is available on stdin
|
|
fn ask_for_passphrase(sb: &bch_sb_handle) -> anyhow::Result<()> {
|
|
let passphrase = if stdin().is_terminal() {
|
|
rpassword::prompt_password("Enter passphrase: ")?
|
|
} else {
|
|
+ info!("Trying to read passphrase from stdin...");
|
|
let mut line = String::new();
|
|
stdin().read_line(&mut line)?;
|
|
line
|
|
|
|
From 734ccc58f42c3cccb0960bdd84808839e2b62ca9 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Thomas=20M=C3=BChlbacher?= <tmuehlbacher@posteo.net>
|
|
Date: Sun, 12 May 2024 19:39:19 +0200
|
|
Subject: [PATCH 2/2] fix unfortunate typo
|
|
|
|
causes mounting encrypted devices to become stuck in a busy loop.
|
|
---
|
|
include/crypto/skcipher.h | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
|
|
index 70905a5a..833729dc 100644
|
|
--- a/include/crypto/skcipher.h
|
|
+++ b/include/crypto/skcipher.h
|
|
@@ -112,7 +112,7 @@ static inline void skcipher_request_set_sync_tfm(struct skcipher_request *req,
|
|
skcipher_request_set_tfm(req, &tfm->base);
|
|
}
|
|
|
|
-#define skcipher_request_set_callback(...) do {} while (9)
|
|
+#define skcipher_request_set_callback(...) do {} while (0)
|
|
|
|
static inline void skcipher_request_set_crypt(
|
|
struct skcipher_request *req,
|