Displaying 20 results from an estimated 32 matches for "inspect_do_decrypt".
2020 Jan 22
2
Re: [PATCH] mltools, options: support --allow-discards when decrypting LUKS devices
...fault is.
> diff --git a/options/decrypt.c b/options/decrypt.c
> index 683cf5e..0f24a7a 100644
> --- a/options/decrypt.c
> +++ b/options/decrypt.c
> @@ -71,7 +71,7 @@ make_mapname (const char *device, char *mapname, size_t len)
> * encryption schemes.
> */
> void
> -inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
> +inspect_do_decrypt (guestfs_h *g, struct key_store *ks, int allowdiscards)
> {
> CLEANUP_FREE_STRING_LIST char **partitions = guestfs_list_partitions (g);
> if (partitions == NULL)
> @@ -101,7 +101,8 @@ inspect_do_decrypt (guestfs_h *g,...
2020 Jan 22
0
[PATCH] mltools, options: support --allow-discards when decrypting LUKS devices
...eysv);
+ CAMLparam4 (gv, gpv, keysv, allowdiscards);
CAMLlocal2 (elemv, v);
guestfs_h *g = (guestfs_h *) (intptr_t) Int64_val (gpv);
struct key_store *ks = NULL;
@@ -86,7 +86,7 @@ guestfs_int_mllib_inspect_decrypt (value gv, value gpv, value keysv)
keysv = Field (keysv, 1);
}
- inspect_do_decrypt (g, ks);
+ inspect_do_decrypt (g, ks, Int_val (allowdiscards));
CAMLreturn (Val_unit);
}
diff --git a/mltools/tools_utils.ml b/mltools/tools_utils.ml
index 1271802..cb94125 100644
--- a/mltools/tools_utils.ml
+++ b/mltools/tools_utils.ml
@@ -29,7 +29,7 @@ and key_store_key =
| KeyString o...
2020 Jan 22
0
Re: [PATCH] mltools, options: support --allow-discards when decrypting LUKS devices
...c b/options/decrypt.c
> > index 683cf5e..0f24a7a 100644
> > --- a/options/decrypt.c
> > +++ b/options/decrypt.c
> > @@ -71,7 +71,7 @@ make_mapname (const char *device, char *mapname,
> size_t len)
> > * encryption schemes.
> > */
> > void
> > -inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
> > +inspect_do_decrypt (guestfs_h *g, struct key_store *ks, int
> allowdiscards)
> > {
> > CLEANUP_FREE_STRING_LIST char **partitions = guestfs_list_partitions
> (g);
> > if (partitions == NULL)
> > @@ -101,7 +101,8 @@...
2020 Jan 27
3
[PATCH v2 1/2] mltools, options: support --allow-discards when decrypting LUKS devices
...eysv);
+ CAMLparam4 (gv, gpv, keysv, allowdiscards);
CAMLlocal2 (elemv, v);
guestfs_h *g = (guestfs_h *) (intptr_t) Int64_val (gpv);
struct key_store *ks = NULL;
@@ -86,7 +86,7 @@ guestfs_int_mllib_inspect_decrypt (value gv, value gpv, value keysv)
keysv = Field (keysv, 1);
}
- inspect_do_decrypt (g, ks);
+ inspect_do_decrypt (g, ks, Int_val (allowdiscards));
CAMLreturn (Val_unit);
}
diff --git a/mltools/tools_utils.ml b/mltools/tools_utils.ml
index 1271802..cb94125 100644
--- a/mltools/tools_utils.ml
+++ b/mltools/tools_utils.ml
@@ -29,7 +29,7 @@ and key_store_key =
| KeyString o...
2020 Jan 21
12
[PATCH 0/1] WIP: Support LUKS-encrypted partitions
The following patch attempts to implement sparsification of
LUKS-encrypted partitions. It uses lsblk to pair the underlying LUKS
block device with its mapped name. Also, --allow-discards was added
by default to luks_open().
There are several potential issues that I can think of:
1) If and entire device is encrypted (not just one of more partitions),
the lsblk trick might not work.
2) The
2020 Mar 30
6
[PATCH common 0/4] options: Support Windows BitLocker (RHBZ#1808977).
Support transparent decryption/inspection of Windows guests encrypted
with BitLocker encryption.
This won't make much sense without the associated libguestfs
patches which I will post momentarily. (Submodules, ho hum)
Rich.
2020 Sep 07
5
[PATCH common v2 0/4] Windows BitLocker support.
For links to the original patch series, see:
https://bugzilla.redhat.com/show_bug.cgi?id=1808977#c8
The original feedback was that ignoring errors from guestfs_luks_uuid
would ignore legitimate errors from non-BitLocker disks, so I have
modified this series so that errors are only ignored in the BitLocker
case. As noted in the 4th patch there is no actual error in the
BitLocker case, cryptsetup
2020 Oct 06
2
Re: [PATCH common v2 4/4] options: Ignore errors from guestfs_luks_uuid.
...100644
>--- a/options/decrypt.c
>+++ b/options/decrypt.c
>@@ -25,6 +25,7 @@
>
> #include <stdio.h>
> #include <stdlib.h>
>+#include <stdbool.h>
> #include <string.h>
> #include <libintl.h>
> #include <error.h>
>@@ -82,11 +83,23 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
> CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
> if (type &&
> (STREQ (type, "crypto_LUKS") || STREQ (type, "BitLocker"))) {
>+ bool is_bitlocker = STREQ (type, "BitLocker")...
2020 Oct 07
2
Re: [PATCH common v2 4/4] options: Ignore errors from guestfs_luks_uuid.
...@@ -25,6 +25,7 @@
>> >
>> >#include <stdio.h>
>> >#include <stdlib.h>
>> >+#include <stdbool.h>
>> >#include <string.h>
>> >#include <libintl.h>
>> >#include <error.h>
>> >@@ -82,11 +83,23 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
>> > CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
>> > if (type &&
>> > (STREQ (type, "crypto_LUKS") || STREQ (type, "BitLocker"))) {
>> >+ bool is_bitlocker = ST...
2016 Sep 19
0
[PATCH 1/3] fish: move disk decryption helpers in own file
...}
+ }
+
+ *mapname = '\0';
+}
+
+/**
+ * Simple implementation of decryption: look for any C<crypto_LUKS>
+ * partitions and decrypt them, then rescan for VGs. This only works
+ * for Fedora whole-disk encryption. WIP to make this work for other
+ * encryption schemes.
+ */
+void
+inspect_do_decrypt (guestfs_h *g)
+{
+ CLEANUP_FREE_STRING_LIST char **partitions = guestfs_list_partitions (g);
+ if (partitions == NULL)
+ exit (EXIT_FAILURE);
+
+ int need_rescan = 0;
+ size_t i;
+ for (i = 0; partitions[i] != NULL; ++i) {
+ CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);...
2020 Oct 06
0
Re: [PATCH common v2 4/4] options: Ignore errors from guestfs_luks_uuid.
...++ b/options/decrypt.c
> >@@ -25,6 +25,7 @@
> >
> >#include <stdio.h>
> >#include <stdlib.h>
> >+#include <stdbool.h>
> >#include <string.h>
> >#include <libintl.h>
> >#include <error.h>
> >@@ -82,11 +83,23 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
> > CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
> > if (type &&
> > (STREQ (type, "crypto_LUKS") || STREQ (type, "BitLocker"))) {
> >+ bool is_bitlocker = STREQ (type, "...
2018 Sep 19
0
[PATCH 2/2] Introduce a --key option in tools that accept keys
...nt_mllib_inspect_decrypt (value gv, value gpv)
+guestfs_int_mllib_inspect_decrypt (value gv, value gpv, value keysv)
{
- CAMLparam2 (gv, gpv);
+ CAMLparam3 (gv, gpv, keysv);
+ CAMLlocal2 (elemv, v);
guestfs_h *g = (guestfs_h *) (intptr_t) Int64_val (gpv);
+ struct key_store *ks = NULL;
- inspect_do_decrypt (g);
+ while (keysv != Val_emptylist) {
+ struct key_store_key key;
+
+ elemv = Field (keysv, 0);
+ key.device = strdup (String_val (Field (elemv, 0)));
+ if (!key.device)
+ caml_raise_out_of_memory ();
+
+ v = Field (elemv, 1);
+ switch (Tag_val (v)) {
+ case 0: /* KeyS...
2020 Oct 09
0
Re: [PATCH common v2 4/4] options: Ignore errors from guestfs_luks_uuid.
...gt;
>>> >#include <stdio.h>
>>> >#include <stdlib.h>
>>> >+#include <stdbool.h>
>>> >#include <string.h>
>>> >#include <libintl.h>
>>> >#include <error.h>
>>> >@@ -82,11 +83,23 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
>>> > CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
>>> > if (type &&
>>> > (STREQ (type, "crypto_LUKS") || STREQ (type, "BitLocker"))) {
>>> >+ bool i...
2020 Jan 27
0
[PATCH v2 2/2] sparsify: support LUKS-encrypted partitions
...--git a/inspector/inspector.c b/inspector/inspector.c
index fa8e721ff..6ec3a51e7 100644
--- a/inspector/inspector.c
+++ b/inspector/inspector.c
@@ -298,7 +298,7 @@ main (int argc, char *argv[])
* the -i option) because it can only handle a single root. So we
* use low-level APIs.
*/
- inspect_do_decrypt (g, ks);
+ inspect_do_decrypt (g, ks, false);
free_key_store (ks);
diff --git a/sparsify/in_place.ml b/sparsify/in_place.ml
index 7da83dafd..ade3c6843 100644
--- a/sparsify/in_place.ml
+++ b/sparsify/in_place.ml
@@ -62,7 +62,7 @@ let run disk format ignores zeroes ks =
error ~exit_code...
2016 Sep 19
6
[PATCH 0/3] add crypto/LUKS support in some OCaml-based tools
Hi,
this series refactors some guestfish code (not much), and exposes it
via Common_utils, so it is possible to decrypt LUKS partitions when
using virt-customize, virt-get-kernel, virt-sparsify, and virt-sysprep.
This brings them closer in features with C tools.
Most probably a couple more of other OCaml-based tools (virt-v2v to
convert encrypted guests, and virt-builder to use encrypted
2018 Sep 19
5
[PATCH 0/2] RFC: --key option for tools
Hi,
the following series adds a --key option in the majority of tools: this
makes it possible to pass LUKS credentials programmatically, avoid the
need to manually input them, or unsafely pass them via stdin.
Thanks,
Pino Toscano (2):
mltools: create a cmdline_options struct
Introduce a --key option in tools that accept keys
builder/cmdline.ml | 2 +-
2020 Jan 22
3
[PATCH 1/1] sparsify: support LUKS-encrypted partitions
...--git a/inspector/inspector.c b/inspector/inspector.c
index fa8e721ff..db322a19a 100644
--- a/inspector/inspector.c
+++ b/inspector/inspector.c
@@ -298,7 +298,7 @@ main (int argc, char *argv[])
* the -i option) because it can only handle a single root. So we
* use low-level APIs.
*/
- inspect_do_decrypt (g, ks);
+ inspect_do_decrypt (g, ks, 0);
free_key_store (ks);
diff --git a/sparsify/in_place.ml b/sparsify/in_place.ml
index 7da83dafd..ade3c6843 100644
--- a/sparsify/in_place.ml
+++ b/sparsify/in_place.ml
@@ -62,7 +62,7 @@ let run disk format ignores zeroes ks =
error ~exit_code:3 (...
2020 Mar 30
0
[PATCH common 2/4] options: Generate cryptsetup mapnames beginning with "crypt..." not "luks..."
...&device[i]) == -1)
+ error (EXIT_FAILURE, errno, "asprintf");
+
+ for (i = 5; i < strlen (ret); ++i) {
+ if (!c_isalnum (ret[i]))
+ memmove (&ret[i], &ret[i+1], strlen (&ret[i]));
}
- *mapname = '\0';
+ return ret;
}
/**
@@ -83,8 +80,7 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
for (i = 0; partitions[i] != NULL; ++i) {
CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
if (type && STREQ (type, "crypto_LUKS")) {
- char mapname[32];
- make_mapname (partitions[i], mapname, sizeof mapnam...
2020 Mar 30
0
[PATCH common 3/4] options: Ignore errors from guestfs_luks_uuid.
...the error.
Updates commit bb4a2dc17a78b53437896d4215ae82df8e11b788.
---
options/decrypt.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/options/decrypt.c b/options/decrypt.c
index 58f8df9..069a83f 100644
--- a/options/decrypt.c
+++ b/options/decrypt.c
@@ -83,7 +83,11 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
CLEANUP_FREE char *mapname = make_mapname (partitions[i]);
#ifdef GUESTFS_HAVE_LUKS_UUID
- CLEANUP_FREE char *uuid = guestfs_luks_uuid (g, partitions[i]);
+ /* This may fail for Windows BitLocker disks, so hide errors. */
+ CLEANUP_FREE...
2020 Sep 07
0
[PATCH common v2 4/4] options: Ignore errors from guestfs_luks_uuid.
...b/options/decrypt.c
index 8eb24bc..6b1c0a8 100644
--- a/options/decrypt.c
+++ b/options/decrypt.c
@@ -25,6 +25,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <stdbool.h>
#include <string.h>
#include <libintl.h>
#include <error.h>
@@ -82,11 +83,23 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
if (type &&
(STREQ (type, "crypto_LUKS") || STREQ (type, "BitLocker"))) {
+ bool is_bitlocker = STREQ (type, "BitLocker");
char ma...