similar to: [PATCH common 0/4] options: Support Windows BitLocker (RHBZ#1808977).

For links to the original patch series, see: https://bugzilla.redhat.com/show_bug.cgi?id=1808977#c8 The original feedback was that ignoring errors from guestfs_luks_uuid would ignore legitimate errors from non-BitLocker disks, so I have modified this series so that errors are only ignored in the BitLocker case. As noted in the 4th patch there is no actual error in the BitLocker case, cryptsetup

On Mon, Sep 07, 2020 at 10:41:20AM +0100, Richard W.M. Jones wrote: >For BitLocker disks cryptsetup does not (yet? ever?) support reading >UUIDs and this function will fail. This does not matter here so just >ignore the error. > >Note there is no error message, cryptsetup simply returns with a bad >exit code: > >><rescue> cryptsetup luksUUID /dev/sda2

On Tue, Oct 06, 2020 at 03:06:54PM +0100, Richard W.M. Jones wrote: >On Tue, Oct 06, 2020 at 03:25:20PM +0200, Martin Kletzander wrote: >> On Mon, Sep 07, 2020 at 10:41:20AM +0100, Richard W.M. Jones wrote: >> >For BitLocker disks cryptsetup does not (yet? ever?) support reading >> >UUIDs and this function will fail. This does not matter here so just >> >ignore

This combined patch series enables to decrypt LUKS devices on inspection by allowing the UUID of the LUKS device with the --key syntax. I opted for reusing the option instead of adding another one, as I think that device names and UUIDs are different enough that can be properly distinguished. A test for this (patch #4) can be applied only when the patches for common are applied, and the

On Wed, Jan 22, 2020 at 10:14:38AM +0100, Jan Synacek wrote: > -val inspect_decrypt : Guestfs.guestfs -> key_store -> unit > +val inspect_decrypt : Guestfs.guestfs -> ?allow_discards:bool -> key_store -> unit > > (** Simple implementation of decryption: look for any [crypto_LUKS] > partitions and decrypt them, then rescan for VGs. This only works > for

The following patch attempts to implement sparsification of LUKS-encrypted partitions. It uses lsblk to pair the underlying LUKS block device with its mapped name. Also, --allow-discards was added by default to luks_open(). There are several potential issues that I can think of: 1) If and entire device is encrypted (not just one of more partitions), the lsblk trick might not work. 2) The

On Tue, Oct 06, 2020 at 03:25:20PM +0200, Martin Kletzander wrote: > On Mon, Sep 07, 2020 at 10:41:20AM +0100, Richard W.M. Jones wrote: > >For BitLocker disks cryptsetup does not (yet? ever?) support reading > >UUIDs and this function will fail. This does not matter here so just > >ignore the error. > > > >Note there is no error message, cryptsetup simply returns

Hi, this series refactors some guestfish code (not much), and exposes it via Common_utils, so it is possible to decrypt LUKS partitions when using virt-customize, virt-get-kernel, virt-sparsify, and virt-sysprep. This brings them closer in features with C tools. Most probably a couple more of other OCaml-based tools (virt-v2v to convert encrypted guests, and virt-builder to use encrypted

On Wed, Oct 07, 2020 at 09:25:15AM +0200, Martin Kletzander wrote: >On Tue, Oct 06, 2020 at 03:06:54PM +0100, Richard W.M. Jones wrote: >>On Tue, Oct 06, 2020 at 03:25:20PM +0200, Martin Kletzander wrote: >>> On Mon, Sep 07, 2020 at 10:41:20AM +0100, Richard W.M. Jones wrote: >>> >For BitLocker disks cryptsetup does not (yet? ever?) support reading >>>

For BitLocker disks cryptsetup does not (yet? ever?) support reading UUIDs and this function will fail. This does not matter here so just ignore the error. Updates commit bb4a2dc17a78b53437896d4215ae82df8e11b788. --- options/decrypt.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/options/decrypt.c b/options/decrypt.c index 58f8df9..069a83f 100644 ---

Since we're no longer only inspecting LUKS devices, use a more generic name. This rewrite also makes the function clearer. --- options/decrypt.c | 34 +++++++++++++++------------------- 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/options/decrypt.c b/options/decrypt.c index d868f70..58f8df9 100644 --- a/options/decrypt.c +++ b/options/decrypt.c @@ -28,6 +28,7 @@ #include

The first patch fixes a rather serious bug, the second patch allows multiple --key parameters and default parameters. There is a third patch to libguestfs which adds a test, coming up. I did not yet review and fix the documentation. I think we need to centralize it in one place because at the moment the same documentation for --key is copy/pasted all over the tools. Rich.

v1: https://www.redhat.com/archives/libguestfs/2019-November/msg00036.html

For BitLocker disks cryptsetup does not (yet? ever?) support reading UUIDs and this function will fail. This does not matter here so just ignore the error. Note there is no error message, cryptsetup simply returns with a bad exit code: ><rescue> cryptsetup luksUUID /dev/sda2 ><rescue> echo $? 1 Updates commit bb4a2dc17a78b53437896d4215ae82df8e11b788. --- options/decrypt.c |

--- mltools/tools_utils-c.c | 8 ++++---- mltools/tools_utils.ml | 6 +++--- mltools/tools_utils.mli | 8 ++++++-- options/decrypt.c | 5 +++-- options/inspect.c | 2 +- options/options.h | 2 +- 6 files changed, 18 insertions(+), 13 deletions(-) diff --git a/mltools/tools_utils-c.c b/mltools/tools_utils-c.c index 6c43b8d..1dcebc4 100644 --- a/mltools/tools_utils-c.c +++

Hi, the following series adds a --key option in the majority of tools: this makes it possible to pass LUKS credentials programmatically, avoid the need to manually input them, or unsafely pass them via stdin. Thanks, Pino Toscano (2): mltools: create a cmdline_options struct Introduce a --key option in tools that accept keys builder/cmdline.ml | 2 +-

These commits, along with the associated changes to common: https://www.redhat.com/archives/libguestfs/2020-March/msg00286.html support the transparent decryption and inspection of Windows guests encrypted with BitLocker encryption. To do the BitLocker decryption requires cryptsetup 2.3.0 (although cryptsetup 2.3 is not required for existing LUKS use). It also requires a new-ish Linux kernel, I

This way it is possible to specify the UUID of the LUKS device instead of the libguestfs device name to decrypt a device during the inspection. Make the usage of the new luks_uuid API conditional, so other projects using the common submodule do not require a libguestfs version bump. --- options/decrypt.c | 8 +++++++- options/key-option.pod | 4 ++-- options/keys.c | 4 ++--

Original version linked from here: https://bugzilla.redhat.com/show_bug.cgi?id=1808977#c8 There is no change in the code in this series, but feedback from the original series was we shouldn't lose the error message in patch 7. When I tested this just now in fact we don't lose the error if debugging is enabled, but I have updated the commit message to note what the error message is in the

Libguestfs itself is obviously now >= 1.42. In virt-v2v we made a similar change upstream to require libguestfs >= 1.42. Therefore the ifdefs are no longer required. --- options/decrypt.c | 5 ----- options/options.c | 4 ---- 2 files changed, 9 deletions(-) diff --git a/options/decrypt.c b/options/decrypt.c index 683cf5ed4..32ef29fd6 100644 --- a/options/decrypt.c +++