Skip to content

Commit

Permalink
storage: Remove "Reuse existing encryption" option
Browse files Browse the repository at this point in the history
  • Loading branch information
@mvollmer
mvollmer committed Apr 5, 2024
1 parent 56c949a commit bcf8bb1
Showing 1 changed file with 27 additions and 118 deletions.
145 changes: 27 additions & 118 deletions pkg/storaged/block/format-dialog.jsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ import cockpit from "cockpit";
import client from "../client.js";

import {
edit_crypto_config, parse_options, unparse_options, extract_option,
parse_options, unparse_options, extract_option,
get_parent_blocks, is_netdev,
decode_filename, encode_filename, block_name,
get_active_usage, reload_systemd, teardown_active_usage,
Expand All @@ -36,7 +36,6 @@ import {
} from "../dialog.jsx";

import { get_fstab_config, is_valid_mount_point } from "../filesystem/utils.jsx";
import { init_existing_passphrase, unlock_with_type } from "../crypto/keyslots.jsx";
import { job_progress_wrapper } from "../jobs-panel.jsx";
import { at_boot_input, update_at_boot_input, mount_options } from "../filesystem/mounting-dialog.jsx";
import { remember_passphrase } from "../anaconda.jsx";
Expand Down Expand Up @@ -83,33 +82,15 @@ export function initial_mount_options(client, block) {
}

export function format_dialog(client, path, start, size, enable_dos_extended) {
const block = client.blocks[path];
if (block.IdUsage == "crypto") {
cockpit.spawn(["cryptsetup", "luksDump", decode_filename(block.Device)], { superuser: true })
.then(output => {
if (output.indexOf("Keyslots:") >= 0) // This is what luksmeta-monitor-hack looks for
return 2;
else
return 1;
})
.catch(() => {
return false;
})
.then(version => {
return format_dialog_internal(client, path,
{ start, size, enable_dos_extended, old_luks_version: version });
});
} else {
return format_dialog_internal(client, path, { start, size, enable_dos_extended });
}
return format_dialog_internal(client, client.blocks[path], { start, size, enable_dos_extended });
}

export function add_encryption_dialog(client, block) {
return format_dialog_internal(client, block.path, { add_encryption: true });
return format_dialog_internal(client, block, { add_encryption: true });
}

export function encrypted_format_dialog(client, block) {
return format_dialog_internal(client, block.path, { is_encrypted: true });
return format_dialog_internal(client, block, { is_encrypted: true });
}

function find_root_fsys_block() {
Expand All @@ -123,16 +104,12 @@ function find_root_fsys_block() {
return null;
}

function format_dialog_internal(client, path, options) {
const { start, size, enable_dos_extended, old_luks_version, add_encryption } = options;
function format_dialog_internal(client, block, options) {
const { start, size, enable_dos_extended, add_encryption } = options;
const is_already_encrypted = options.is_encrypted;
const block = client.blocks[path];
const block_part = client.blocks_part[path];
const block_ptable = client.blocks_ptable[path] || client.blocks_ptable[block_part?.Table];
const content_block = block.IdUsage == "crypto" ? client.blocks_cleartext[path] : block;

const offer_keep_keys = block.IdUsage == "crypto";
const unlock_before_format = offer_keep_keys && (!content_block || content_block.ReadOnly);
const block_part = client.blocks_part[block.path];
const block_ptable = client.blocks_ptable[block.path] || client.blocks_ptable[block_part?.Table];
const content_block = block.IdUsage == "crypto" ? client.blocks_cleartext[block.path] : block;

const create_partition = (start !== undefined);

Expand Down Expand Up @@ -214,20 +191,10 @@ function format_dialog_internal(client, path, options) {
crypto_types.push({ value: "none", title: _("No encryption") });
default_crypto_type = "none";
}
if (offer_keep_keys) {
if (old_luks_version)
crypto_types.push({
value: " keep",
title: cockpit.format(_("Reuse existing encryption ($0)"), "LUKS" + old_luks_version)
});
else
crypto_types.push({ value: " keep", title: _("Reuse existing encryption") });
default_crypto_type = " keep";
}
add_crypto_type("luks1", "LUKS1", false);
add_crypto_type("luks2", "LUKS2", true);

const usage = get_active_usage(client, create_partition ? null : path, _("format"), _("delete"));
const usage = get_active_usage(client, create_partition ? null : block.path, _("format"), _("delete"));

if (usage.Blocking) {
dialog_open({
Expand Down Expand Up @@ -276,8 +243,6 @@ function format_dialog_internal(client, path, options) {
const opt_netdev = extract_option(split_options, "_netdev");
const extra_options = unparse_options(split_options);

let existing_passphrase_type = null;

let at_boot;
if (opt_never_auto)
at_boot = "never";
Expand Down Expand Up @@ -314,7 +279,7 @@ function format_dialog_internal(client, path, options) {
];
}

const dlg = dialog_open({
dialog_open({
Title: title,
Teardown: TeardownMessage(usage),
Fields: [
Expand Down Expand Up @@ -365,40 +330,31 @@ function format_dialog_internal(client, path, options) {
PassInput("passphrase", _("Passphrase"),
{
validate: function (phrase, vals) {
if (vals.crypto != " keep" && phrase === "")
if (phrase === "")
return _("Passphrase cannot be empty");
},
visible: vals => is_encrypted(vals) && vals.crypto != " keep",
visible: is_encrypted,
new_password: true
}),
PassInput("passphrase2", _("Confirm"),
{
validate: function (phrase2, vals) {
if (vals.crypto != " keep" && phrase2 != vals.passphrase)
if (phrase2 != vals.passphrase)
return _("Passphrases do not match");
},
visible: vals => is_encrypted(vals) && vals.crypto != " keep",
visible: is_encrypted,
new_password: true
}),
CheckBoxes("store_passphrase", "",
{
visible: vals => is_encrypted(vals) && vals.crypto != " keep",
visible: is_encrypted,
value: {
on: false,
},
fields: [
{ title: _("Store passphrase"), tag: "on" }
]
}),
PassInput("old_passphrase", _("Passphrase"),
{
validate: function (phrase) {
if (phrase === "")
return _("Passphrase cannot be empty");
},
visible: vals => vals.crypto == " keep" && vals.needs_explicit_passphrase,
explanation: _("The disk needs to be unlocked before formatting. Please provide a existing passphrase.")
}),
TextInput("crypto_options", _("Encryption options"),
{
visible: is_encrypted,
Expand Down Expand Up @@ -462,8 +418,6 @@ function format_dialog_internal(client, path, options) {
options['no-discard'] = { t: 'b', v: true };
}

const keep_keys = is_encrypted(vals) && offer_keep_keys && vals.crypto == " keep";

const config_items = [];
let new_crypto_options;
if (is_encrypted(vals)) {
Expand All @@ -486,16 +440,14 @@ function format_dialog_internal(client, path, options) {
"track-parents": { t: 'b', v: true }
};

if (!keep_keys) {
if (vals.store_passphrase.on) {
item["passphrase-contents"] = { t: 'ay', v: encode_filename(vals.passphrase) };
} else {
item["passphrase-contents"] = { t: 'ay', v: encode_filename("") };
}
config_items.push(["crypttab", item]);
options["encrypt.passphrase"] = { t: 's', v: vals.passphrase };
options["encrypt.type"] = { t: 's', v: vals.crypto };
if (vals.store_passphrase.on) {
item["passphrase-contents"] = { t: 'ay', v: encode_filename(vals.passphrase) };
} else {
item["passphrase-contents"] = { t: 'ay', v: encode_filename("") };
}
config_items.push(["crypttab", item]);
options["encrypt.passphrase"] = { t: 's', v: vals.passphrase };
options["encrypt.type"] = { t: 's', v: vals.crypto };
}

let mount_point;
Expand Down Expand Up @@ -549,43 +501,13 @@ function format_dialog_internal(client, path, options) {
if (config_items.length > 0)
options["config-items"] = { t: 'a(sa{sv})', v: config_items };

async function maybe_unlock() {
const content_block = client.blocks_cleartext[path];
if (content_block) {
if (content_block.ReadOnly) {
const block_crypto = client.blocks_crypto[path];
await block_crypto.Lock({});
await unlock_with_type(client, block, vals.old_passphrase, existing_passphrase_type, false);
}
return content_block;
}

try {
await unlock_with_type(client, block, vals.old_passphrase, existing_passphrase_type, false);
return client.blocks_cleartext[path];
} catch (error) {
dlg.set_values({ needs_explicit_passphrase: true });
throw error;
}
}

function format() {
if (create_partition) {
if (type == "dos-extended")
return block_ptable.CreatePartition(start, vals.size, "0x05", "", { });
else
return block_ptable.CreatePartitionAndFormat(start, vals.size, partition_type, "", { },
type, options);
} else if (keep_keys) {
return (edit_crypto_config(block,
(config, commit) => {
config.options = new_crypto_options;
return commit();
})
.then(() => maybe_unlock())
.then(content_block => {
return content_block.Format(type, options);
}));
} else {
return block.Format(type, options)
.then(() => {
Expand All @@ -596,21 +518,15 @@ function format_dialog_internal(client, path, options) {
}

function block_fsys_for_block(path) {
if (keep_keys) {
const content_block = client.blocks_cleartext[path];
return client.blocks_fsys[content_block.path];
} else if (is_encrypted(vals))
if (is_encrypted(vals))
return (client.blocks_cleartext[path] &&
client.blocks_fsys[client.blocks_cleartext[path].path]);
else
return client.blocks_fsys[path];
}

function block_swap_for_block(path) {
if (keep_keys) {
const content_block = client.blocks_cleartext[path];
return client.blocks_swap[content_block.path];
} else if (is_encrypted(vals))
if (is_encrypted(vals))
return (client.blocks_cleartext[path] &&
client.blocks_swap[client.blocks_cleartext[path].path]);
else
Expand All @@ -631,10 +547,7 @@ function format_dialog_internal(client, path, options) {
if (is_encrypted(vals) && is_filesystem(vals) && vals.mount_options?.ro) {
const block_crypto = await client.wait_for(() => block_crypto_for_block(path));
await block_crypto.Lock({});
if (vals.passphrase)
await block_crypto.Unlock(vals.passphrase, { "read-only": { t: "b", v: true } });
else
await unlock_with_type(client, block, vals.old_passphrase, existing_passphrase_type, true);
await block_crypto.Unlock(vals.passphrase, { "read-only": { t: "b", v: true } });
}

if (is_filesystem(vals) && mount_now) {
Expand All @@ -645,8 +558,7 @@ function format_dialog_internal(client, path, options) {
const block_swap = await client.wait_for(() => block_swap_for_block(path));
await block_swap.Start({});
}
if (is_encrypted(vals) && vals.type != "empty" && !mount_now &&
unlock_before_format && !client.in_anaconda_mode()) {
if (is_encrypted(vals) && vals.type != "empty" && !mount_now && !client.in_anaconda_mode()) {
const block_crypto = await client.wait_for(() => block_crypto_for_block(path));
await block_crypto.Lock({ });
}
Expand All @@ -661,9 +573,6 @@ function format_dialog_internal(client, path, options) {
},
Inits: [
init_active_usage_processes(client, usage),
unlock_before_format
? init_existing_passphrase(block, true, type => { existing_passphrase_type = type })
: null
]
});
}

0 comments on commit bcf8bb1

Please sign in to comment.