In commit 2d8c0f8d40b5 ("options: decrypt LUKS-on-LV devices",
2022-02-28), in order to keep that change as contained as possible, we
didn't modify the naming scheme of those decrypted LUKS devices that
originated directly from partitions -- we passed "name_decrypted_by_uuid =
false" for partitions fetched with guestfs_list_partitions().
Turns out that this is exactly what prevents us from decrypting the
following block device structure (seen in RHEL6 guests; for example one
installed from "RHEL-6.10-20180525.0-Server-x86_64-dvd1.iso"):
NAME MAJ:MIN RM SIZE
RO TYPE MOUNTPOINT
vda 252:0 0 9G 0 disk
├─vda1 252:1 0 1G 0 part /boot
├─vda2 252:2 0 7G 0 part
│ └─luks-37f5c9df-acda-4955-8cfd-872f0da5e35b (dm-0) 253:0 0 7G 0 crypt /
└─vda3 252:3 0 1023M 0 part [SWAP]
sr0 11:0 1 1024M 0 rom
The problem is that we prefer (a) make_mapname() due to the LUKS header
residing directly on a partition, so we call the plaintext device
"/dev/mapper/cryptsda2"; however (b) "/etc/fstab" in the guest refers
to
the same plaintext device by the standard, UUID-based
"/dev/mapper/luks-37f5c9df-acda-4955-8cfd-872f0da5e35b" pathname.
Therefore "inspect_get_mountpoints" in "libguestfs/daemon/inspect.ml"
returns the latter pathname -- which we can't mount.
Hardwire "name_decrypted_by_uuid = true" in "options/decrypt.c" -- by
which effort we can as well remove the "name_decrypted_by_uuid" parameter.
Testing: the libguestfs, guestfs-tools, and virt-v2v test suites (make
check) pass with this update. Furthermore, "guestfish -i", virt-inspector,
and virt-v2v now recognize the above blockdev / fs structure (and the
converted guest boots).
Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1658128
Signed-off-by: Laszlo Ersek <lersek(a)redhat.com>
---
options/decrypt.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/options/decrypt.c b/options/decrypt.c
index b899a0028620..1cd7b627e264 100644
--- a/options/decrypt.c
+++ b/options/decrypt.c
@@ -111,15 +111,15 @@ make_mapname (const char *device)
}
return mapname;
}
static bool
decrypt_mountables (guestfs_h *g, const char * const *mountables,
- struct key_store *ks, bool name_decrypted_by_uuid)
+ struct key_store *ks)
{
bool decrypted_some = false;
const char * const *mnt_scan = mountables;
const char *mountable;
while ((mountable = *mnt_scan++) != NULL) {
CLEANUP_FREE char *type = NULL;
@@ -144,16 +144,15 @@ decrypt_mountables (guestfs_h *g, const char * const *mountables,
/* Grab the keys that we should try with this device, based on device name,
* or UUID (if any).
*/
keys = get_keys (ks, mountable, uuid);
assert (keys[0] != NULL);
/* Generate a node name for the plaintext (decrypted) device node. */
- if (!name_decrypted_by_uuid || uuid == NULL ||
- asprintf (&mapname, "luks-%s", uuid) == -1)
+ if (uuid == NULL || asprintf (&mapname, "luks-%s", uuid) == -1)
mapname = make_mapname (mountable);
/* Try each key in turn. */
key_scan = (const char * const *)keys;
while ((key = *key_scan++) != NULL) {
int r;
@@ -188,20 +187,19 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks)
CLEANUP_FREE_STRING_LIST char **partitions = guestfs_list_partitions (g);
CLEANUP_FREE_STRING_LIST char **lvs = NULL;
bool need_rescan;
if (partitions == NULL)
exit (EXIT_FAILURE);
- need_rescan = decrypt_mountables (g, (const char * const *)partitions, ks,
- false);
+ need_rescan = decrypt_mountables (g, (const char * const *)partitions, ks);
if (need_rescan) {
if (guestfs_lvm_scan (g, 1) == -1)
exit (EXIT_FAILURE);
}
lvs = guestfs_lvs (g);
if (lvs == NULL)
exit (EXIT_FAILURE);
- decrypt_mountables (g, (const char * const *)lvs, ks, true);
+ decrypt_mountables (g, (const char * const *)lvs, ks);
}
base-commit: ab708d11d832457d2a0c74e7a6d8c219a4fdd90f
--
2.19.1.3.g30247aa5d201