search for: 683cf5e

...partitions and decrypt them, then rescan for VGs. This only works > for Fedora whole-disk encryption. *) Documentation here needs a short explanation of what the new allow_discards parameter does, and what the default is. > diff --git a/options/decrypt.c b/options/decrypt.c > index 683cf5e..0f24a7a 100644 > --- a/options/decrypt.c > +++ b/options/decrypt.c > @@ -71,7 +71,7 @@ make_mapname (const char *device, char *mapname, size_t len) > * encryption schemes. > */ > void > -inspect_do_decrypt (guestfs_h *g, struct key_store *ks) > +inspect_do_decrypt (gue...

...This only works > > for Fedora whole-disk encryption. *) > > Documentation here needs a short explanation of what the > new allow_discards parameter does, and what the default is. > Will fix. > > > diff --git a/options/decrypt.c b/options/decrypt.c > > index 683cf5e..0f24a7a 100644 > > --- a/options/decrypt.c > > +++ b/options/decrypt.c > > @@ -71,7 +71,7 @@ make_mapname (const char *device, char *mapname, > size_t len) > > * encryption schemes. > > */ > > void > > -inspect_do_decrypt (guestfs_h *g, struct key_...

...not require a libguestfs version bump. --- options/decrypt.c | 8 +++++++- options/key-option.pod | 4 ++-- options/keys.c | 4 ++-- options/options.h | 6 +++--- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/options/decrypt.c b/options/decrypt.c index 3511d9f..683cf5e 100644 --- a/options/decrypt.c +++ b/options/decrypt.c @@ -86,7 +86,13 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks) char mapname[32]; make_mapname (partitions[i], mapname, sizeof mapname); - CLEANUP_FREE_STRING_LIST char **keys = get_keys (ks, partitions[i]); +#if...

...estfs -> ?allow_discards:bool -> key_store -> unit (** Simple implementation of decryption: look for any [crypto_LUKS] partitions and decrypt them, then rescan for VGs. This only works for Fedora whole-disk encryption. *) diff --git a/options/decrypt.c b/options/decrypt.c index 683cf5e..0f24a7a 100644 --- a/options/decrypt.c +++ b/options/decrypt.c @@ -71,7 +71,7 @@ make_mapname (const char *device, char *mapname, size_t len) * encryption schemes. */ void -inspect_do_decrypt (guestfs_h *g, struct key_store *ks) +inspect_do_decrypt (guestfs_h *g, struct key_store *ks, int all...

For links to the original patch series, see: https://bugzilla.redhat.com/show_bug.cgi?id=1808977#c8 The original feedback was that ignoring errors from guestfs_luks_uuid would ignore legitimate errors from non-BitLocker disks, so I have modified this series so that errors are only ignored in the BitLocker case. As noted in the 4th patch there is no actual error in the BitLocker case, cryptsetup

Support transparent decryption/inspection of Windows guests encrypted with BitLocker encryption. This won't make much sense without the associated libguestfs patches which I will post momentarily. (Submodules, ho hum) Rich.

This combined patch series enables to decrypt LUKS devices on inspection by allowing the UUID of the LUKS device with the --key syntax. I opted for reusing the option instead of adding another one, as I think that device names and UUIDs are different enough that can be properly distinguished. A test for this (patch #4) can be applied only when the patches for common are applied, and the

The following patch attempts to implement sparsification of LUKS-encrypted partitions. It uses lsblk to pair the underlying LUKS block device with its mapped name. Also, --allow-discards was added by default to luks_open(). There are several potential issues that I can think of: 1) If and entire device is encrypted (not just one of more partitions), the lsblk trick might not work. 2) The

...the partitions to be trimmed (and sparsified). Default is [false]. *) val with_timeout : string -> int -> ?sleep:int -> (unit -> 'a option) -> 'a (** [with_timeout op timeout ?sleep fn] implements a timeout loop. diff --git a/options/decrypt.c b/options/decrypt.c index 683cf5e..7e24254 100644 --- a/options/decrypt.c +++ b/options/decrypt.c @@ -71,7 +71,7 @@ make_mapname (const char *device, char *mapname, size_t len) * encryption schemes. */ void -inspect_do_decrypt (guestfs_h *g, struct key_store *ks) +inspect_do_decrypt (guestfs_h *g, struct key_store *ks, bool al...