search for: inspect_do_decrypt

...fault is. > diff --git a/options/decrypt.c b/options/decrypt.c > index 683cf5e..0f24a7a 100644 > --- a/options/decrypt.c > +++ b/options/decrypt.c > @@ -71,7 +71,7 @@ make_mapname (const char *device, char *mapname, size_t len) > * encryption schemes. > */ > void > -inspect_do_decrypt (guestfs_h *g, struct key_store *ks) > +inspect_do_decrypt (guestfs_h *g, struct key_store *ks, int allowdiscards) > { > CLEANUP_FREE_STRING_LIST char **partitions = guestfs_list_partitions (g); > if (partitions == NULL) > @@ -101,7 +101,8 @@ inspect_do_decrypt (guestfs_h *g,...

...eysv); + CAMLparam4 (gv, gpv, keysv, allowdiscards); CAMLlocal2 (elemv, v); guestfs_h *g = (guestfs_h *) (intptr_t) Int64_val (gpv); struct key_store *ks = NULL; @@ -86,7 +86,7 @@ guestfs_int_mllib_inspect_decrypt (value gv, value gpv, value keysv) keysv = Field (keysv, 1); } - inspect_do_decrypt (g, ks); + inspect_do_decrypt (g, ks, Int_val (allowdiscards)); CAMLreturn (Val_unit); } diff --git a/mltools/tools_utils.ml b/mltools/tools_utils.ml index 1271802..cb94125 100644 --- a/mltools/tools_utils.ml +++ b/mltools/tools_utils.ml @@ -29,7 +29,7 @@ and key_store_key = | KeyString o...

...c b/options/decrypt.c > > index 683cf5e..0f24a7a 100644 > > --- a/options/decrypt.c > > +++ b/options/decrypt.c > > @@ -71,7 +71,7 @@ make_mapname (const char *device, char *mapname, > size_t len) > > * encryption schemes. > > */ > > void > > -inspect_do_decrypt (guestfs_h *g, struct key_store *ks) > > +inspect_do_decrypt (guestfs_h *g, struct key_store *ks, int > allowdiscards) > > { > > CLEANUP_FREE_STRING_LIST char **partitions = guestfs_list_partitions > (g); > > if (partitions == NULL) > > @@ -101,7 +101,8 @@...

...eysv); + CAMLparam4 (gv, gpv, keysv, allowdiscards); CAMLlocal2 (elemv, v); guestfs_h *g = (guestfs_h *) (intptr_t) Int64_val (gpv); struct key_store *ks = NULL; @@ -86,7 +86,7 @@ guestfs_int_mllib_inspect_decrypt (value gv, value gpv, value keysv) keysv = Field (keysv, 1); } - inspect_do_decrypt (g, ks); + inspect_do_decrypt (g, ks, Int_val (allowdiscards)); CAMLreturn (Val_unit); } diff --git a/mltools/tools_utils.ml b/mltools/tools_utils.ml index 1271802..cb94125 100644 --- a/mltools/tools_utils.ml +++ b/mltools/tools_utils.ml @@ -29,7 +29,7 @@ and key_store_key = | KeyString o...

The following patch attempts to implement sparsification of LUKS-encrypted partitions. It uses lsblk to pair the underlying LUKS block device with its mapped name. Also, --allow-discards was added by default to luks_open(). There are several potential issues that I can think of: 1) If and entire device is encrypted (not just one of more partitions), the lsblk trick might not work. 2) The

Support transparent decryption/inspection of Windows guests encrypted with BitLocker encryption. This won't make much sense without the associated libguestfs patches which I will post momentarily. (Submodules, ho hum) Rich.

For links to the original patch series, see: https://bugzilla.redhat.com/show_bug.cgi?id=1808977#c8 The original feedback was that ignoring errors from guestfs_luks_uuid would ignore legitimate errors from non-BitLocker disks, so I have modified this series so that errors are only ignored in the BitLocker case. As noted in the 4th patch there is no actual error in the BitLocker case, cryptsetup

...100644 >--- a/options/decrypt.c >+++ b/options/decrypt.c >@@ -25,6 +25,7 @@ > > #include <stdio.h> > #include <stdlib.h> >+#include <stdbool.h> > #include <string.h> > #include <libintl.h> > #include <error.h> >@@ -82,11 +83,23 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks) > CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]); > if (type && > (STREQ (type, "crypto_LUKS") || STREQ (type, "BitLocker"))) { >+ bool is_bitlocker = STREQ (type, "BitLocker")...

...@@ -25,6 +25,7 @@ >> > >> >#include <stdio.h> >> >#include <stdlib.h> >> >+#include <stdbool.h> >> >#include <string.h> >> >#include <libintl.h> >> >#include <error.h> >> >@@ -82,11 +83,23 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks) >> > CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]); >> > if (type && >> > (STREQ (type, "crypto_LUKS") || STREQ (type, "BitLocker"))) { >> >+ bool is_bitlocker = ST...

...} + } + + *mapname = '\0'; +} + +/** + * Simple implementation of decryption: look for any C<crypto_LUKS> + * partitions and decrypt them, then rescan for VGs. This only works + * for Fedora whole-disk encryption. WIP to make this work for other + * encryption schemes. + */ +void +inspect_do_decrypt (guestfs_h *g) +{ + CLEANUP_FREE_STRING_LIST char **partitions = guestfs_list_partitions (g); + if (partitions == NULL) + exit (EXIT_FAILURE); + + int need_rescan = 0; + size_t i; + for (i = 0; partitions[i] != NULL; ++i) { + CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);...

...++ b/options/decrypt.c > >@@ -25,6 +25,7 @@ > > > >#include <stdio.h> > >#include <stdlib.h> > >+#include <stdbool.h> > >#include <string.h> > >#include <libintl.h> > >#include <error.h> > >@@ -82,11 +83,23 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks) > > CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]); > > if (type && > > (STREQ (type, "crypto_LUKS") || STREQ (type, "BitLocker"))) { > >+ bool is_bitlocker = STREQ (type, &quot...

...nt_mllib_inspect_decrypt (value gv, value gpv) +guestfs_int_mllib_inspect_decrypt (value gv, value gpv, value keysv) { - CAMLparam2 (gv, gpv); + CAMLparam3 (gv, gpv, keysv); + CAMLlocal2 (elemv, v); guestfs_h *g = (guestfs_h *) (intptr_t) Int64_val (gpv); + struct key_store *ks = NULL; - inspect_do_decrypt (g); + while (keysv != Val_emptylist) { + struct key_store_key key; + + elemv = Field (keysv, 0); + key.device = strdup (String_val (Field (elemv, 0))); + if (!key.device) + caml_raise_out_of_memory (); + + v = Field (elemv, 1); + switch (Tag_val (v)) { + case 0: /* KeyS...

...gt; >>> >#include <stdio.h> >>> >#include <stdlib.h> >>> >+#include <stdbool.h> >>> >#include <string.h> >>> >#include <libintl.h> >>> >#include <error.h> >>> >@@ -82,11 +83,23 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks) >>> > CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]); >>> > if (type && >>> > (STREQ (type, "crypto_LUKS") || STREQ (type, "BitLocker"))) { >>> >+ bool i...

...--git a/inspector/inspector.c b/inspector/inspector.c index fa8e721ff..6ec3a51e7 100644 --- a/inspector/inspector.c +++ b/inspector/inspector.c @@ -298,7 +298,7 @@ main (int argc, char *argv[]) * the -i option) because it can only handle a single root. So we * use low-level APIs. */ - inspect_do_decrypt (g, ks); + inspect_do_decrypt (g, ks, false); free_key_store (ks); diff --git a/sparsify/in_place.ml b/sparsify/in_place.ml index 7da83dafd..ade3c6843 100644 --- a/sparsify/in_place.ml +++ b/sparsify/in_place.ml @@ -62,7 +62,7 @@ let run disk format ignores zeroes ks = error ~exit_code...

Hi, this series refactors some guestfish code (not much), and exposes it via Common_utils, so it is possible to decrypt LUKS partitions when using virt-customize, virt-get-kernel, virt-sparsify, and virt-sysprep. This brings them closer in features with C tools. Most probably a couple more of other OCaml-based tools (virt-v2v to convert encrypted guests, and virt-builder to use encrypted

Hi, the following series adds a --key option in the majority of tools: this makes it possible to pass LUKS credentials programmatically, avoid the need to manually input them, or unsafely pass them via stdin. Thanks, Pino Toscano (2): mltools: create a cmdline_options struct Introduce a --key option in tools that accept keys builder/cmdline.ml | 2 +-

...--git a/inspector/inspector.c b/inspector/inspector.c index fa8e721ff..db322a19a 100644 --- a/inspector/inspector.c +++ b/inspector/inspector.c @@ -298,7 +298,7 @@ main (int argc, char *argv[]) * the -i option) because it can only handle a single root. So we * use low-level APIs. */ - inspect_do_decrypt (g, ks); + inspect_do_decrypt (g, ks, 0); free_key_store (ks); diff --git a/sparsify/in_place.ml b/sparsify/in_place.ml index 7da83dafd..ade3c6843 100644 --- a/sparsify/in_place.ml +++ b/sparsify/in_place.ml @@ -62,7 +62,7 @@ let run disk format ignores zeroes ks = error ~exit_code:3 (...

...&device[i]) == -1) + error (EXIT_FAILURE, errno, "asprintf"); + + for (i = 5; i < strlen (ret); ++i) { + if (!c_isalnum (ret[i])) + memmove (&ret[i], &ret[i+1], strlen (&ret[i])); } - *mapname = '\0'; + return ret; } /** @@ -83,8 +80,7 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks) for (i = 0; partitions[i] != NULL; ++i) { CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]); if (type && STREQ (type, "crypto_LUKS")) { - char mapname[32]; - make_mapname (partitions[i], mapname, sizeof mapnam...

...the error. Updates commit bb4a2dc17a78b53437896d4215ae82df8e11b788. --- options/decrypt.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/options/decrypt.c b/options/decrypt.c index 58f8df9..069a83f 100644 --- a/options/decrypt.c +++ b/options/decrypt.c @@ -83,7 +83,11 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks) CLEANUP_FREE char *mapname = make_mapname (partitions[i]); #ifdef GUESTFS_HAVE_LUKS_UUID - CLEANUP_FREE char *uuid = guestfs_luks_uuid (g, partitions[i]); + /* This may fail for Windows BitLocker disks, so hide errors. */ + CLEANUP_FREE...

...b/options/decrypt.c index 8eb24bc..6b1c0a8 100644 --- a/options/decrypt.c +++ b/options/decrypt.c @@ -25,6 +25,7 @@ #include <stdio.h> #include <stdlib.h> +#include <stdbool.h> #include <string.h> #include <libintl.h> #include <error.h> @@ -82,11 +83,23 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks) CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]); if (type && (STREQ (type, "crypto_LUKS") || STREQ (type, "BitLocker"))) { + bool is_bitlocker = STREQ (type, "BitLocker"); char ma...