Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package yast2-storage-ng for
openSUSE:Factory checked in at 2023-09-28 00:24:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-storage-ng (Old)
and /work/SRC/openSUSE:Factory/.yast2-storage-ng.new.23327 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-storage-ng"
Thu Sep 28 00:24:53 2023 rev:147 rq:1113646 version:5.0.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-storage-ng/yast2-storage-ng.changes
2023-07-12 17:26:17.474123597 +0200
+++
/work/SRC/openSUSE:Factory/.yast2-storage-ng.new.23327/yast2-storage-ng.changes
2023-09-28 00:28:14.290613069 +0200
@@ -1,0 +2,11 @@
+Fri Sep 22 08:27:34 UTC 2023 - Ancor Gonzalez Sosa <[email protected]>
+
+- AutoYaST: official support for LUKS2 (jsc#PED-3878, jsc#PED-5518)
+- 5.0.1
+
+-------------------------------------------------------------------
+Wed Aug 30 20:16:10 UTC 2023 - Josef Reidinger <[email protected]>
+
+- 5.0.0 (#bsc1185510)
+
+-------------------------------------------------------------------
Old:
----
yast2-storage-ng-4.6.12.tar.bz2
New:
----
yast2-storage-ng-5.0.1.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-storage-ng.spec ++++++
--- /var/tmp/diff_new_pack.cfmavC/_old 2023-09-28 00:28:15.298649454 +0200
+++ /var/tmp/diff_new_pack.cfmavC/_new 2023-09-28 00:28:15.298649454 +0200
@@ -17,7 +17,7 @@
Name: yast2-storage-ng
-Version: 4.6.12
+Version: 5.0.1
Release: 0
Summary: YaST2 - Storage Configuration
License: GPL-2.0-only OR GPL-3.0-only
++++++ yast2-storage-ng-4.6.12.tar.bz2 -> yast2-storage-ng-5.0.1.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-4.6.12/package/yast2-storage-ng.changes
new/yast2-storage-ng-5.0.1/package/yast2-storage-ng.changes
--- old/yast2-storage-ng-4.6.12/package/yast2-storage-ng.changes
2023-07-11 11:08:25.000000000 +0200
+++ new/yast2-storage-ng-5.0.1/package/yast2-storage-ng.changes 2023-09-25
13:22:58.000000000 +0200
@@ -1,4 +1,15 @@
-------------------------------------------------------------------
+Fri Sep 22 08:27:34 UTC 2023 - Ancor Gonzalez Sosa <[email protected]>
+
+- AutoYaST: official support for LUKS2 (jsc#PED-3878, jsc#PED-5518)
+- 5.0.1
+
+-------------------------------------------------------------------
+Wed Aug 30 20:16:10 UTC 2023 - Josef Reidinger <[email protected]>
+
+- 5.0.0 (#bsc1185510)
+
+-------------------------------------------------------------------
Wed Jul 5 13:42:12 UTC 2023 - Stefan Hundhammer <[email protected]>
- Ensure adding storage support software packages for MicroOS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-4.6.12/package/yast2-storage-ng.spec
new/yast2-storage-ng-5.0.1/package/yast2-storage-ng.spec
--- old/yast2-storage-ng-4.6.12/package/yast2-storage-ng.spec 2023-07-11
11:08:25.000000000 +0200
+++ new/yast2-storage-ng-5.0.1/package/yast2-storage-ng.spec 2023-09-25
13:22:58.000000000 +0200
@@ -16,7 +16,7 @@
#
Name: yast2-storage-ng
-Version: 4.6.12
+Version: 5.0.1
Release: 0
Summary: YaST2 - Storage Configuration
License: GPL-2.0-only OR GPL-3.0-only
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-4.6.12/src/lib/y2storage/autoinst_profile/partition_section.rb
new/yast2-storage-ng-5.0.1/src/lib/y2storage/autoinst_profile/partition_section.rb
---
old/yast2-storage-ng-4.6.12/src/lib/y2storage/autoinst_profile/partition_section.rb
2023-07-11 11:08:25.000000000 +0200
+++
new/yast2-storage-ng-5.0.1/src/lib/y2storage/autoinst_profile/partition_section.rb
2023-09-25 13:22:58.000000000 +0200
@@ -31,21 +31,6 @@
#
https://www.suse.com/documentation/sles-12/singlehtml/book_autoyast/book_autoyast.html#ay.partition_configuration
# Check that document for details about the semantic of every attribute.
class PartitionSection <
::Installation::AutoinstProfile::SectionWithAttributes
- # Literal historically used at AutoinstPartPlan
- CRYPT_KEY_VALUE = "ENTER KEY HERE"
- private_constant :CRYPT_KEY_VALUE
-
- # Partitions with these IDs are historically marked with format=false
- # NOTE: "Dell Utility" was included here, but there is no such ID in the
- # new libstorage.
- NO_FORMAT_IDS = [PartitionId::PREP, PartitionId::DOS16]
- private_constant :NO_FORMAT_IDS
-
- # Partitions with these IDs are historically marked with create=false
- # NOTE: "Dell Utility" was the only entry here. See above.
- NO_CREATE_IDS = []
- private_constant :NO_CREATE_IDS
-
ATTRIBUTES = [
{ name: :create },
{ name: :filesystem },
@@ -65,6 +50,10 @@
{ name: :loop_fs },
{ name: :crypt_method },
{ name: :crypt_key },
+ { name: :crypt_pbkdf },
+ { name: :crypt_label },
+ { name: :crypt_cipher },
+ { name: :crypt_key_size },
{ name: :raid_name },
{ name: :raid_options },
{ name: :mkfs_options },
@@ -104,6 +93,22 @@
# @!attribute crypt_key
# @return [String] encryption key
+ # @!attribute crypt_pbkdf
+ # @return [Symbol,nil] password-based derivation function for LUKS2
(:pbkdf2, :argon2i,
+ # :argon2id). See {Y2Storage::PbkdFunction}.
+
+ # @!attribute crypt_label
+ # @return [String,nil] LUKS label if LUKS2 is going to be used
+
+ # @!attribute crypt_cipher
+ # @return [String,nil] specific cipher if LUKS is going to be used
+ #
+ # @!attribute crypt_key_size
+ # Specific key size (in bits) if LUKS is going to be used
+ #
+ # @return [Integer,nil] If nil, the default key size will be used. If
an integer
+ # value is used, it has to be a multiple of 8.
+
# @!attribute filesystem
# @return [Symbol] file system type to use in the partition, it also
# influences other fields
@@ -200,9 +205,8 @@
# Btrfs multi-device.
# @return [PartitionSection]
def self.new_from_storage(device, parent = nil)
- result = new(parent)
- result.init_from_device(device)
- result
+ exporter = PartitionExporter.new(device)
+ exporter.section(parent)
end
# Filesystem type to be used for the real partition object, based on the
@@ -269,35 +273,6 @@
"btrfs_#{filesystem.sid}"
end
- # Method used by {.new_from_storage} to populate the attributes when
- # cloning a partition device.
- #
- # As usual, it keeps the behavior of the old clone functionality, check
- # the implementation of this class for details.
- #
- # @param device [Device] a device that can be cloned into a <partition>
section,
- # like a partition, an LVM logical volume, an MD RAID or a NFS
filesystem.
- def init_from_device(device)
- @create = true
- @resize = false
-
- init_fields_by_type(device)
-
- # Exporting these values only makes sense when the device is a block
device. Note that some
- # exported devices (e.g., multi-device Btrfs and NFS filesystems) are
not block devices.
- return unless device.is?(:blk_device)
-
- init_encryption_fields(device)
- init_filesystem_fields(device) unless device.filesystem&.multidevice?
-
- # NOTE: The old AutoYaST exporter does not report the real size here.
- # It intentionally reports one cylinder less. Cylinders is an obsolete
- # unit (that equals to 8225280 bytes in my experiments).
- # According to the comments there, that was done due to bnc#415005 and
- # bnc#262535.
- @size = device.size.to_i.to_s if create && !fixed_size?(device)
- end
-
def to_hashes
hash = super
hash["fstopt"] = fstab_options.join(",") if fstab_options &&
!fstab_options.empty?
@@ -318,158 +293,6 @@
protected
- # Uses legacy ids for backwards compatibility. For example, BIOS Boot
- # partitions in the old libstorage were represented by the internal
- # code 259 and, thus, systems cloned with the old exporter
- # (AutoinstPartPlan) use 259 instead of the current 257.
- def partition_id_from(partition)
- id = enforce_bios_boot?(partition) ? PartitionId::BIOS_BOOT :
partition.id
- id.to_i_legacy
- end
-
- def init_fields_by_type(device)
- if device.is?(:lvm_lv)
- init_lv_fields(device)
- elsif device.is?(:disk_device, :software_raid, :stray_blk_device,
:bcache)
- init_disk_device_fields(device)
- elsif device.is?(:nfs)
- init_nfs_fields(device)
- elsif device.is?(:tmpfs)
- init_tmpfs_fields(device)
- elsif device.is?(:blk_filesystem)
- init_blk_filesystem_fields(device)
- else
- init_partition_fields(device)
- end
- end
-
- def init_partition_fields(partition)
- @create = !NO_CREATE_IDS.include?(partition.id)
- @partition_nr = partition.number
- @partition_type = "primary" if primary_partition?(partition)
- @partition_id = partition_id_from(partition)
- @lvm_group = lvm_group_name(partition)
- @raid_name = partition.md.name if partition.md
- @btrfs_name = name_for_btrfs(partition.filesystem)
- init_bcache_fields(partition)
- end
-
- def init_disk_device_fields(disk)
- @create = false
- @lvm_group = lvm_group_name(disk)
- @raid_name = disk.md.name if disk.respond_to?(:md) && disk.md
- @btrfs_name = name_for_btrfs(disk.filesystem)
- init_bcache_fields(disk)
- end
-
- def init_lv_fields(lv)
- @lv_name = lv.basename
- @stripes = lv.stripes
- @stripe_size = lv.stripe_size.to_i / DiskSize.KiB(1).to_i
- @pool = lv.lv_type == LvType::THIN_POOL
- parent = lv.parents.first
- @used_pool = parent.lv_name if lv.lv_type == LvType::THIN &&
parent.is?(:lvm_lv)
- @btrfs_name = name_for_btrfs(lv.filesystem)
- end
-
- DEFAULT_ENCRYPTION_METHOD = Y2Storage::EncryptionMethod.find(:luks1)
- private_constant :DEFAULT_ENCRYPTION_METHOD
-
- def init_encryption_fields(partition)
- return unless partition.encrypted?
-
- method = partition.encryption.method || DEFAULT_ENCRYPTION_METHOD
- @loop_fs = true
- @crypt_method = method.id
- @crypt_key = CRYPT_KEY_VALUE if method.password_required?
- end
-
- def init_filesystem_fields(partition)
- @format = false
- fs = partition.filesystem
- return unless fs
-
- @format = true if partition.respond_to?(:id) &&
!NO_FORMAT_IDS.include?(partition.id)
-
- init_blk_filesystem_fields(fs)
- end
-
- # @param filesystem [Filesystems::BlkFilesystem]
- def init_blk_filesystem_fields(filesystem)
- @filesystem = filesystem.type.to_sym
- @label = filesystem.label unless filesystem.label.empty?
- @mkfs_options = filesystem.mkfs_options unless
filesystem.mkfs_options.empty?
- @quotas = filesystem.quota? if filesystem.respond_to?(:quota?)
- init_subvolumes(filesystem)
- init_mount_options(filesystem)
- end
-
- # @param filesystem [Filesystems::BlkFilesystem]
- def init_mount_options(filesystem)
- return if filesystem.mount_point.nil?
-
- @mount = filesystem.mount_point.path
- @mountby = filesystem.mount_point.mount_by.to_sym
- mount_options = filesystem.mount_point.mount_options
- @fstab_options = mount_options unless mount_options.empty?
- end
-
- # @param filesystem [Filesystems::BlkFilesystem] Filesystem to add
subvolumes if required
- def init_subvolumes(filesystem)
- return unless filesystem.supports_btrfs_subvolumes?
-
- @subvolumes_prefix = filesystem.subvolumes_prefix
-
- valid_subvolumes = filesystem.btrfs_subvolumes.reject do |subvol|
- subvol.path.empty? || subvol.path == @subvolumes_prefix ||
- subvol.path.start_with?(filesystem.snapshots_root)
- end
-
- @subvolumes = valid_subvolumes.map do |subvol|
- SubvolSpecification.create_from_btrfs_subvolume(subvol)
- end
- end
-
- def init_bcache_fields(device)
- if device.bcache
- @bcache_backing_for = device.bcache.name
- elsif device.in_bcache_cset
- @bcache_caching_for = device.in_bcache_cset.bcaches.map(&:name)
- end
- end
-
- def init_nfs_fields(device)
- @create = false
- init_mount_options(device)
- end
-
- def init_tmpfs_fields(device)
- @create = nil
- @resize = nil
- init_mount_options(device)
- @mountby = nil
- end
-
- # Whether the given existing partition should be reported as GRUB (GPT
- # Bios Boot) in the cloned profile.
- #
- # @note To ensure backward compatibility, this method implements the
- # logic present in the old AutoYaST exporter that used to live in
- # AutoinstPartPlan#ReadHelper.
- #
https://github.com/yast/yast-autoinstallation/blob/47c24fb98e074f5b6432f3a4f8b9421362ee29cc/src/modules/AutoinstPartPlan.rb#L345
- # Thus, this returns true for any partition with a Windows-related ID
- # that is configured to be mounted in /boot*
- # See commit 54e236cd428636b3bf8f92d2ac2914e5b1d67a90 of
- # yast-autoinstallation.
- #
- # @param partition [Partition]
- # @return [Boolean]
- def enforce_bios_boot?(partition)
- return false if partition.filesystem_mountpoint.nil?
-
- partition.id.is?(:windows_system) &&
partition.filesystem_mountpoint.include?("/boot")
- end
-
# Returns an array of hashes representing subvolumes
#
# AutoYaST only uses a subset of subvolumes properties: 'path',
'copy_on_write'
@@ -502,38 +325,272 @@
subvolumes.reject { |s| s.path == "@" }
end
- # Returns the volume group associated to a given device
- #
- # @param device [Y2Storage::Partition,Y2Storage::Md] Partition or MD
RAID device.
- # @return [String,nil] Volume group; nil if it is not used as a physical
volume or does
- # not belong to any volume group.
- def lvm_group_name(device)
- return nil if device.lvm_pv.nil? || device.lvm_pv.lvm_vg.nil?
+ # Auxiliary class to encapsulate the conversion from storage objects to
their
+ # representation as {PartitionSection}
+ class PartitionExporter
+ # Literal historically used at AutoinstPartPlan
+ CRYPT_KEY_VALUE = "ENTER KEY HERE"
+ private_constant :CRYPT_KEY_VALUE
+
+ # Partitions with these IDs are historically marked with format=false
+ # NOTE: "Dell Utility" was included here, but there is no such ID in
the
+ # new libstorage.
+ NO_FORMAT_IDS = [PartitionId::PREP, PartitionId::DOS16]
+ private_constant :NO_FORMAT_IDS
+
+ # Partitions with these IDs are historically marked with create=false
+ # NOTE: "Dell Utility" was the only entry here. See above.
+ NO_CREATE_IDS = []
+ private_constant :NO_CREATE_IDS
+
+ # Encryption method to use when the method of an encryption device
cannot be determined
+ DEFAULT_ENCRYPTION_METHOD = Y2Storage::EncryptionMethod.find(:luks1)
+ private_constant :DEFAULT_ENCRYPTION_METHOD
+
+ # @return [Device] a device that can be cloned into a <partition>
section,
+ # like a partition, an LVM logical volume, an MD RAID or a NFS
filesystem.
+ attr_reader :device
+
+ # Constructor
+ #
+ # @param device [Device] see {#device}
+ def initialize(device)
+ @device = device
+ end
- device.lvm_pv.lvm_vg.basename
- end
+ # Method used by {PartitionSection.new_from_storage} to populate the
attributes when
+ # cloning a partition device.
+ #
+ # As usual, it keeps the behavior of the old clone functionality, check
+ # the implementation of this class for details.
+ #
+ # @return [PartitionSection]
+ def section(parent)
+ result = PartitionSection.new(parent)
+ result.create = true
+ result.resize = false
+
+ init_fields_by_type(result)
+
+ # Exporting these values only makes sense when the device is a block
device. Note that some
+ # exported devices (e.g., multi-device Btrfs and NFS filesystems)
are not block devices.
+ return result unless device.is?(:blk_device)
+
+ init_encryption_fields(result)
+ init_filesystem_fields(result) unless device.filesystem&.multidevice?
+
+ # NOTE: The old AutoYaST exporter does not report the real size here.
+ # It intentionally reports one cylinder less. Cylinders is an
obsolete
+ # unit (that equals to 8225280 bytes in my experiments).
+ # According to the comments there, that was done due to bnc#415005
and
+ # bnc#262535.
+ result.size = device.size.to_i.to_s if result.create && !fixed_size?
- # Determines whether the device has a fixed size (disk, RAID, etc.)
- #
- # It is used to find out whether the size specification should be
included
- # in the profile.
- #
- # @param device [Y2Storage::Device] Device
- # @return [Boolean]
- def fixed_size?(device)
- device.is?(:disk_device, :software_raid)
- end
+ result
+ end
- # Determines whether given partition is primary or not
- #
- # Always false when the partition table does not allow extended
partitions
- #
- # @param partition [Y2Storgae::Partition] the partition to check
- # @return [Boolean] true when is a primary partition; false otherwise
- def primary_partition?(partition)
- return false unless partition.partition_table.extended_possible?
+ protected
+
+ # @param section [PartitionSection] section object to modify based on
the device
+ def init_fields_by_type(section)
+ if device.is?(:lvm_lv)
+ init_lv_fields(section)
+ elsif device.is?(:disk_device, :software_raid, :stray_blk_device,
:bcache)
+ init_disk_device_fields(section)
+ elsif device.is?(:nfs)
+ init_nfs_fields(section)
+ elsif device.is?(:tmpfs)
+ init_tmpfs_fields(section)
+ elsif device.is?(:blk_filesystem)
+ init_blk_filesystem_fields(section, device)
+ else
+ init_partition_fields(section)
+ end
+ end
+
+ # @param section [PartitionSection] section object to modify based on
the device
+ def init_partition_fields(section)
+ section.create = !NO_CREATE_IDS.include?(device.id)
+ section.partition_nr = device.number
+ section.partition_type = "primary" if primary_partition?
+ section.partition_id = partition_id
+ section.lvm_group = lvm_group_name
+ section.raid_name = device.md.name if device.md
+ section.btrfs_name = section.name_for_btrfs(device.filesystem)
+ init_bcache_fields(section)
+ end
+
+ # @param section [PartitionSection] section object to modify based on
the device
+ def init_disk_device_fields(section)
+ section.create = false
+ section.lvm_group = lvm_group_name
+ section.raid_name = device.md.name if device.respond_to?(:md) &&
device.md
+ section.btrfs_name = section.name_for_btrfs(device.filesystem)
+ init_bcache_fields(section)
+ end
+
+ # @param section [PartitionSection] section object to modify based on
the device
+ def init_lv_fields(section)
+ section.lv_name = device.basename
+ section.stripes = device.stripes
+ section.stripe_size = device.stripe_size.to_i / DiskSize.KiB(1).to_i
+ section.pool = device.lv_type == LvType::THIN_POOL
+ parent = device.parents.first
+ section.used_pool = parent.lv_name if device.lv_type == LvType::THIN
&& parent.is?(:lvm_lv)
+ section.btrfs_name = section.name_for_btrfs(device.filesystem)
+ end
+
+ # @param section [PartitionSection] section object to modify based on
the device
+ def init_encryption_fields(section)
+ return unless device.encrypted?
+
+ method = device.encryption.method || DEFAULT_ENCRYPTION_METHOD
+ section.loop_fs = true
+ section.crypt_method = method.id
+ section.crypt_key = CRYPT_KEY_VALUE if method.password_required?
+ init_luks_fields(section)
+ end
+
+ # @param section [PartitionSection] section object to modify based on
the device
+ def init_luks_fields(section)
+ enc = device.encryption
+ section.crypt_pbkdf = enc.pbkdf&.to_sym if enc.supports_pbkdf?
+ section.crypt_label = enc.label if enc.supports_label? &&
!enc.label.empty?
+ section.crypt_cipher = enc.cipher if enc.supports_cipher? &&
!enc.cipher.empty?
+ section.crypt_key_size = enc.key_size * 8 if enc.supports_key_size?
&& !enc.key_size.zero?
+ end
+
+ # @param section [PartitionSection] section object to modify based on
the device
+ def init_filesystem_fields(section)
+ section.format = false
+ fs = device.filesystem
+ return unless fs
+
+ section.format = true if device.respond_to?(:id) &&
!NO_FORMAT_IDS.include?(device.id)
+
+ init_blk_filesystem_fields(section, fs)
+ end
+
+ # @param section [PartitionSection] section object to modify based on
the device
+ # @param filesystem [Filesystems::BlkFilesystem]
+ def init_blk_filesystem_fields(section, filesystem)
+ section.filesystem = filesystem.type.to_sym
+ section.label = filesystem.label unless filesystem.label.empty?
+ section.mkfs_options = filesystem.mkfs_options unless
filesystem.mkfs_options.empty?
+ section.quotas = filesystem.quota? if filesystem.respond_to?(:quota?)
+ init_subvolumes(section, filesystem)
+ init_mount_options(section, filesystem)
+ end
+
+ # @param section [PartitionSection] section object to modify based on
the device
+ # @param filesystem [Filesystems::BlkFilesystem]
+ def init_mount_options(section, filesystem)
+ return if filesystem.mount_point.nil?
+
+ section.mount = filesystem.mount_point.path
+ section.mountby = filesystem.mount_point.mount_by.to_sym
+ mount_options = filesystem.mount_point.mount_options
+ section.fstab_options = mount_options unless mount_options.empty?
+ end
+
+ # @param section [PartitionSection] section object to modify based on
the device
+ # @param filesystem [Filesystems::BlkFilesystem] Filesystem to add
subvolumes if required
+ def init_subvolumes(section, filesystem)
+ return unless filesystem.supports_btrfs_subvolumes?
+
+ section.subvolumes_prefix = filesystem.subvolumes_prefix
+
+ valid_subvolumes = filesystem.btrfs_subvolumes.reject do |subvol|
+ subvol.path.empty? || subvol.path == section.subvolumes_prefix ||
+ subvol.path.start_with?(filesystem.snapshots_root)
+ end
+
+ section.subvolumes = valid_subvolumes.map do |subvol|
+ SubvolSpecification.create_from_btrfs_subvolume(subvol)
+ end
+ end
+
+ # @param section [PartitionSection] section object to modify based on
the device
+ def init_bcache_fields(section)
+ if device.bcache
+ section.bcache_backing_for = device.bcache.name
+ elsif device.in_bcache_cset
+ section.bcache_caching_for =
device.in_bcache_cset.bcaches.map(&:name)
+ end
+ end
- partition.type.is?(:primary)
+ # @param section [PartitionSection] section object to modify based on
the device
+ def init_nfs_fields(section)
+ section.create = false
+ init_mount_options(section, device)
+ end
+
+ # @param section [PartitionSection] section object to modify based on
the device
+ def init_tmpfs_fields(section)
+ section.create = nil
+ section.resize = nil
+ init_mount_options(section, device)
+ section.mountby = nil
+ end
+
+ # Uses legacy ids for backwards compatibility. For example, BIOS Boot
+ # partitions in the old libstorage were represented by the internal
+ # code 259 and, thus, systems cloned with the old exporter
+ # (AutoinstPartPlan) use 259 instead of the current 257.
+ def partition_id
+ id = enforce_bios_boot? ? PartitionId::BIOS_BOOT : device.id
+ id.to_i_legacy
+ end
+
+ # Whether the given existing partition should be reported as GRUB (GPT
+ # Bios Boot) in the cloned profile.
+ #
+ # @note To ensure backward compatibility, this method implements the
+ # logic present in the old AutoYaST exporter that used to live in
+ # AutoinstPartPlan#ReadHelper.
+ #
https://github.com/yast/yast-autoinstallation/blob/47c24fb98e074f5b6432f3a4f8b9421362ee29cc/src/modules/AutoinstPartPlan.rb#L345
+ # Thus, this returns true for any partition with a Windows-related ID
+ # that is configured to be mounted in /boot*
+ # See commit 54e236cd428636b3bf8f92d2ac2914e5b1d67a90 of
+ # yast-autoinstallation.
+ #
+ # @return [Boolean]
+ def enforce_bios_boot?
+ return false if device.filesystem_mountpoint.nil?
+
+ device.id.is?(:windows_system) &&
device.filesystem_mountpoint.include?("/boot")
+ end
+
+ # Returns the volume group associated to a given device
+ #
+ # @return [String,nil] Volume group; nil if it is not used as a
physical volume or does
+ # not belong to any volume group.
+ def lvm_group_name
+ return nil if device.lvm_pv.nil? || device.lvm_pv.lvm_vg.nil?
+
+ device.lvm_pv.lvm_vg.basename
+ end
+
+ # Determines whether the device has a fixed size (disk, RAID, etc.)
+ #
+ # It is used to find out whether the size specification should be
included
+ # in the profile.
+ #
+ # @return [Boolean]
+ def fixed_size?
+ device.is?(:disk_device, :software_raid)
+ end
+
+ # Determines whether the partition is primary or not
+ #
+ # Always false when the partition table does not allow extended
partitions
+ #
+ # @return [Boolean] true when is a primary partition; false otherwise
+ def primary_partition?
+ return false unless device.partition_table.extended_possible?
+
+ device.type.is?(:primary)
+ end
end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-4.6.12/src/lib/y2storage/encryption.rb
new/yast2-storage-ng-5.0.1/src/lib/y2storage/encryption.rb
--- old/yast2-storage-ng-4.6.12/src/lib/y2storage/encryption.rb 2023-07-11
11:08:25.000000000 +0200
+++ new/yast2-storage-ng-5.0.1/src/lib/y2storage/encryption.rb 2023-09-25
13:22:58.000000000 +0200
@@ -63,10 +63,26 @@
storage_forward :key_file=
# @!attribute cipher
- # @return [String] the encryption cipher
+ # The encryption cipher
+ #
+ # Currently only supported for LUKS
+ #
+ # @return [String] if empty, the default of cryptsetup will be used
during creation
storage_forward :cipher
storage_forward :cipher=
+ # @!attribute key_size
+ # The key size in bytes
+ #
+ # Currently only supported for LUKS
+ #
+ # Note the value is expressed in bytes. That's dictated by
libstorage-ng, even when cryptsetup
+ # and all the LUKS-related documentation use bits for expressing the key
size.
+ #
+ # @return [Integer] if zero, the default of cryptsetup will be used
during creation
+ storage_forward :key_size
+ storage_forward :key_size=
+
# @!attribute pbkdf_value
# String representation of {#pbkdf}, an empty string is equivalent to a
nil value on {#pbkdf}
#
@@ -429,6 +445,27 @@
type.is?(:luks2)
end
+ # Whether the attribute #label makes sense for this object
+ #
+ # @return [Boolean]
+ def supports_label?
+ type.is?(:luks2)
+ end
+
+ # Whether the attribute #cipher makes sense for this object
+ #
+ # @return [Boolean]
+ def supports_cipher?
+ type.is?(:luks1, :luks2)
+ end
+
+ # Whether the attribute #key_size makes sense for this object
+ #
+ # @return [Boolean]
+ def supports_key_size?
+ type.is?(:luks1, :luks2)
+ end
+
protected
# @see Device#is?
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-4.6.12/src/lib/y2storage/encryption_method/luks2.rb
new/yast2-storage-ng-5.0.1/src/lib/y2storage/encryption_method/luks2.rb
--- old/yast2-storage-ng-4.6.12/src/lib/y2storage/encryption_method/luks2.rb
2023-07-11 11:08:25.000000000 +0200
+++ new/yast2-storage-ng-5.0.1/src/lib/y2storage/encryption_method/luks2.rb
2023-09-25 13:22:58.000000000 +0200
@@ -23,6 +23,8 @@
require "y2storage/encryption_processes/luks"
require "y2storage/pbkd_function"
+Yast.import "Mode"
+
module Y2Storage
module EncryptionMethod
# The encryption method that allows to create and identify an encrypted
device using regular
@@ -60,7 +62,8 @@
# @see Base#available?
def available?
- StorageEnv.instance.luks2_available?
+ # jsc#PED-3878 and jsc#GEHC-6
+ Yast::Mode.auto || StorageEnv.instance.luks2_available?
end
private
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-4.6.12/src/lib/y2storage/planned/can_be_encrypted.rb
new/yast2-storage-ng-5.0.1/src/lib/y2storage/planned/can_be_encrypted.rb
--- old/yast2-storage-ng-4.6.12/src/lib/y2storage/planned/can_be_encrypted.rb
2023-07-11 11:08:25.000000000 +0200
+++ new/yast2-storage-ng-5.0.1/src/lib/y2storage/planned/can_be_encrypted.rb
2023-09-25 13:22:58.000000000 +0200
@@ -47,6 +47,28 @@
# @return [PbkdFunction, nil] nil to use the default derivation function
attr_accessor :encryption_pbkdf
+ # LUKS label to use for the device if labels are supported (eg. LUKS2)
+ #
+ # @return [String, nil] nil or empty string to not set any label
+ attr_accessor :encryption_label
+
+ # Cipher to use when encrypting a LUKS device
+ #
+ # @return [String, nil] nil or empty string to use the default cipher
+ attr_accessor :encryption_cipher
+
+ # Key size (in bits) to use when encrypting a LUKS device
+ #
+ # Any positive value must be a multiple of 8.
+ #
+ # Note this uses bits since that's the standard unit for the key size in
LUKS and is
+ # also the unit used by cryptsetup for all its inputs and outputs.
+ #
+ # Under the hood, this is translated to bytes because that's what
libstorage-ng uses.
+ #
+ # @return [Integer, nil] nil or zero to use the default size
+ attr_accessor :encryption_key_size
+
# Initializations of the mixin, to be called from the class constructor.
def initialize_can_be_encrypted; end
@@ -81,7 +103,10 @@
if create_encryption?
method = encryption_method || EncryptionMethod.find(:luks1)
result = plain_device.encrypt(method: method, password:
encryption_password)
- result.pbkdf = encryption_pbkdf if encryption_pbkdf &&
result.supports_pbkdf?
+ assign_enc_attr(result, :pbkdf)
+ assign_enc_attr(result, :label)
+ assign_enc_attr(result, :cipher)
+ assign_enc_attr(result, :key_size) { |value| value / 8 }
log.info "Device encrypted. Returning the new device
#{result.inspect}"
else
log.info "No need to encrypt. Returning the existing device
#{result.inspect}"
@@ -103,6 +128,24 @@
false
end
+ # Assigns the corresponding attribute to the encryption object if it
makes sense
+ #
+ # @see #final_device!
+ #
+ # A block can be passed to transform the value of the attribute
+ #
+ # @param encryption [Encryption]
+ # @param attr [Symbol, String]
+ def assign_enc_attr(encryption, attr)
+ value = send(:"encryption_#{attr}")
+ return if value.nil?
+
+ return unless encryption.send(:"supports_#{attr}?")
+
+ value = yield(value) if block_given?
+ encryption.send(:"#{attr}=", value)
+ end
+
# Class methods for the mixin
module ClassMethods
# Space that will be used by the encryption data structures in a
device.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-4.6.12/src/lib/y2storage/proposal/autoinst_drive_planner.rb
new/yast2-storage-ng-5.0.1/src/lib/y2storage/proposal/autoinst_drive_planner.rb
---
old/yast2-storage-ng-4.6.12/src/lib/y2storage/proposal/autoinst_drive_planner.rb
2023-07-11 11:08:25.000000000 +0200
+++
new/yast2-storage-ng-5.0.1/src/lib/y2storage/proposal/autoinst_drive_planner.rb
2023-09-25 13:22:58.000000000 +0200
@@ -143,6 +143,10 @@
else
DEFAULT_ENCRYPTION_METHOD
end
+ device.encryption_pbkdf = find_encryption_pbkdf(partition_section)
+ device.encryption_label = partition_section.crypt_label
+ device.encryption_cipher = partition_section.crypt_cipher
+ device.encryption_key_size = encryption_key_size_for(partition_section)
return unless device.encryption_method&.password_required?
device.encryption_password =
find_encryption_password(partition_section)
@@ -185,6 +189,44 @@
partition_section.crypt_key
end
+ # Determines the encryption password-based key derivation function for a
partition section
+ #
+ # Additionally it registers an issue if a value is specified but it does
not correspond to
+ # any function recognized by YaST.
+ #
+ # @param part_section [AutoinstProfile::PartitionSection] AutoYaST
specification
+ # @return [PbkdFunction,nil] nil if the field is omitted or the value is
invalid
+ def find_encryption_pbkdf(part_section)
+ return unless part_section.crypt_pbkdf
+
+ result = Y2Storage::PbkdFunction.find(part_section.crypt_pbkdf)
+ if result.nil?
+ # There is an InvalidEncryption kind of issue, but it looks oriented
to report a wrong
+ # encryption_method, which is a more critical error than this
+ issues_list.add(Y2Storage::AutoinstIssues::InvalidValue,
part_section, :crypt_pbkdf)
+ end
+ result
+ end
+
+ # Encryption key size in the given partition section
+ #
+ # Additionally it registers an issue if a value is specified but is not
valid (is not
+ # a multiple of 8).
+ #
+ # @param part_section [AutoinstProfile::PartitionSection] AutoYaST
specification
+ # @return [Integer,nil] nil if the field is omitted or the value is
invalid
+ def encryption_key_size_for(part_section)
+ return unless part_section.crypt_key_size
+
+ value = part_section.crypt_key_size.to_i
+ if value % 8 != 0
+ issues_list.add(Y2Storage::AutoinstIssues::InvalidValue,
part_section, :crypt_key_size)
+ return
+ end
+
+ value
+ end
+
# Sets common filesystem attributes
#
# @param device [Planned::Device]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-4.6.12/test/y2storage/autoinst_profile/partition_section_test.rb
new/yast2-storage-ng-5.0.1/test/y2storage/autoinst_profile/partition_section_test.rb
---
old/yast2-storage-ng-4.6.12/test/y2storage/autoinst_profile/partition_section_test.rb
2023-07-11 11:08:25.000000000 +0200
+++
new/yast2-storage-ng-5.0.1/test/y2storage/autoinst_profile/partition_section_test.rb
2023-09-25 13:22:58.000000000 +0200
@@ -692,6 +692,122 @@
section = section_for("sdf7")
expect(section.crypt_method).to eq(:luks1)
end
+
+ context "and the encryption method supports LUKS label" do
+ before do
+ partition = device("sdf7")
+ partition.encrypt(method: Y2Storage::EncryptionMethod::LUKS2)
+ end
+
+ let(:encryption) { device("sdf7").encryption }
+
+ context "but the label is unknown" do
+ it "does not initialize #crypt_label" do
+ expect(section_for("sdf7").crypt_label).to be_nil
+ end
+ end
+
+ context "but there is no label" do
+ before { encryption.label = "" }
+
+ it "does not initialize #crypt_label" do
+ expect(section_for("sdf7").crypt_label).to be_nil
+ end
+ end
+
+ context "and the LUKS device has a label" do
+ before { encryption.label = "some_label" }
+
+ it "initializes #crypt_label with the label" do
+ expect(section_for("sdf7").crypt_label).to eq "some_label"
+ end
+ end
+ end
+
+ context "and the encryption method does not support LUKS labels" do
+ before do
+ partition = device("sdf7")
+ partition.encryption.label = "some_label"
+ end
+
+ it "does not initialize #crypt_label" do
+ expect(section_for("sdf7").crypt_label).to be_nil
+ end
+ end
+
+ context "and the encryption method supports setting the PBKDF" do
+ before do
+ partition = device("sdf7")
+ partition.encrypt(method: Y2Storage::EncryptionMethod::LUKS2)
+ end
+
+ let(:encryption) { device("sdf7").encryption }
+
+ context "but the PBKDF is unknown" do
+ it "does not initialize #crypt_pbkdf" do
+ expect(section_for("sdf7").crypt_pbkdf).to be_nil
+ end
+ end
+
+ context "and the PBKDF has a value" do
+ before { encryption.pbkdf = Y2Storage::PbkdFunction.find(:argon2id) }
+
+ it "initializes #crypt_pbkdf with the proper value" do
+ expect(section_for("sdf7").crypt_pbkdf).to eq :argon2id
+ end
+ end
+ end
+
+ context "and the encryption method does not support setting a PBKDF" do
+ before do
+ partition = device("sdf7")
+ partition.encryption.pbkdf = Y2Storage::PbkdFunction.find(:pbkdf2)
+ end
+
+ it "does not initialize #crypt_pbkdf" do
+ expect(section_for("sdf7").crypt_pbkdf).to be_nil
+ end
+ end
+
+ context "and the encryption method supports setting the cipher and key
size" do
+ let(:encryption) { device("sdf7").encryption }
+
+ context "but the cipher and key size are unknown" do
+ it "does not initialize #crypt_cipher or #crypt_key_size" do
+ expect(section_for("sdf7").crypt_cipher).to be_nil
+ expect(section_for("sdf7").crypt_key_size).to be_nil
+ end
+ end
+
+ context "and the cipher and key size are known" do
+ before do
+ encryption.key_size = 64
+ encryption.cipher = "aes-xts-plain"
+ end
+
+ it "initializes #crypt_key_size with the key size in bits" do
+ expect(section_for("sdf7").crypt_key_size).to eq 512
+ end
+
+ it "initializes #crypt_cipher with the name of the cipher" do
+ expect(section_for("sdf7").crypt_cipher).to eq "aes-xts-plain"
+ end
+ end
+ end
+
+ context "and the encryption method does not support cipher or key size"
do
+ before do
+ partition = device("sdf7")
+ encryption = partition.encrypt(method:
Y2Storage::EncryptionMethod::RANDOM_SWAP)
+ encryption.key_size = 64
+ encryption.cipher = "aes-xts-plain"
+ end
+
+ it "does not initialize #crypt_cipher or #crypt_key_size" do
+ expect(section_for("sdf7").crypt_cipher).to be_nil
+ expect(section_for("sdf7").crypt_key_size).to be_nil
+ end
+ end
end
context "if the partition is not encrypted" do
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-4.6.12/test/y2storage/autoinst_proposal_encryption_test.rb
new/yast2-storage-ng-5.0.1/test/y2storage/autoinst_proposal_encryption_test.rb
---
old/yast2-storage-ng-4.6.12/test/y2storage/autoinst_proposal_encryption_test.rb
1970-01-01 01:00:00.000000000 +0100
+++
new/yast2-storage-ng-5.0.1/test/y2storage/autoinst_proposal_encryption_test.rb
2023-09-25 13:22:58.000000000 +0200
@@ -0,0 +1,284 @@
+#!/usr/bin/env rspec
+
+# Copyright (c) [2023] SUSE LLC
+#
+# All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of version 2 of the GNU General Public License as published
+# by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+# more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, contact SUSE LLC.
+#
+# To contact SUSE LLC about this file by physical or electronic mail, you may
+# find current contact information at www.suse.com.
+
+require_relative "spec_helper"
+require "y2storage"
+
+describe Y2Storage::AutoinstProposal do
+ before do
+ fake_scenario(scenario)
+
+ allow(Yast::Mode).to receive(:auto).and_return(true)
+ end
+
+ subject(:proposal) do
+ described_class.new(
+ partitioning: partitioning, devicegraph: fake_devicegraph, issues_list:
issues_list
+ )
+ end
+
+ let(:scenario) { "empty_disks" }
+ let(:issues_list) { ::Installation::AutoinstIssues::List.new }
+
+ let(:partitioning) do
+ [
+ {
+ "device" => "/dev/sda",
+ "type" => :CT_DISK, "use" => "all", "initialize" => true, "disklabel"
=> "gpt",
+ "partitions" => partitions
+ }
+ ]
+ end
+
+ let(:partitions) { [partition] }
+
+ describe "#propose" do
+ context "when creating a LUKS2 device with default options" do
+ let(:partition) do
+ { "mount" => "/", "crypt_key" => "s3cr3t", "crypt_method" => :luks2 }
+ end
+
+ it "encrypts the device with LUKS2 as encryption method" do
+ proposal.propose
+ enc = proposal.devices.encryptions.first
+ expect(enc.method).to eq Y2Storage::EncryptionMethod::LUKS2
+ end
+
+ it "does not set any LUKS label" do
+ proposal.propose
+ enc = proposal.devices.encryptions.first
+ expect(enc.label).to eq ""
+ end
+
+ it "does not set any derivation function, cipher or key size" do
+ proposal.propose
+ enc = proposal.devices.encryptions.first
+ expect(enc.pbkdf).to be_nil
+ expect(enc.cipher).to eq ""
+ expect(enc.key_size).to be_zero
+ end
+
+ it "does not register any issue" do
+ proposal.propose
+ expect(issues_list).to be_empty
+ end
+ end
+
+ context "when creating a LUKS2 device with a given password derivation
function" do
+ let(:partition) do
+ { "mount" => "/", "crypt_key" => "s3cr3t", "crypt_method" => :luks2,
"crypt_pbkdf" => :argon2i }
+ end
+
+ it "uses the corresponding derivation function" do
+ proposal.propose
+ enc = proposal.devices.encryptions.first
+ expect(enc.pbkdf).to eq Y2Storage::PbkdFunction::ARGON2I
+ end
+
+ it "does not register any issue" do
+ proposal.propose
+ expect(issues_list).to be_empty
+ end
+ end
+
+ context "when creating a LUKS2 device with an unsupported password
derivation function" do
+ let(:partition) do
+ { "mount" => "/", "crypt_key" => "s3cr3t", "crypt_method" => :luks2,
"crypt_pbkdf" => :wrong }
+ end
+
+ it "does not enforce any derivation function" do
+ proposal.propose
+ enc = proposal.devices.encryptions.first
+ expect(enc.pbkdf).to be_nil
+ end
+
+ it "register an AutoinstIssues::InvalidValue warning" do
+ proposal.propose
+ expect(issues_list).to_not be_empty
+ issue = issues_list.first
+ expect(issue.class).to eq Y2Storage::AutoinstIssues::InvalidValue
+ expect(issue.attr).to eq :crypt_pbkdf
+ end
+ end
+
+ context "when creating a LUKS2 device with given cipher and key size" do
+ let(:partition) do
+ {
+ "mount" => "/", "crypt_key" => "s3cr3t", "crypt_method" => :luks2,
+ "crypt_cipher" => "aes-xts-plain64", "crypt_key_size" => 512
+ }
+ end
+
+ it "uses the corresponding cipher and key size" do
+ proposal.propose
+ enc = proposal.devices.encryptions.first
+ expect(enc.cipher).to eq "aes-xts-plain64"
+ # libstorage-ng uses bytes instead of bits to represent the key size,
contrary to all LUKS
+ # documentation and to cryptsetup
+ expect(enc.key_size).to eq 64
+ end
+
+ it "does not register any issue" do
+ proposal.propose
+ expect(issues_list).to be_empty
+ end
+ end
+
+ context "when creating a LUKS2 device with an invalid key size" do
+ let(:partition) do
+ { "mount" => "/", "crypt_key" => "s3cr3t", "crypt_method" => :luks2,
"crypt_key_size" => 12 }
+ end
+
+ it "does not enforce any key size" do
+ proposal.propose
+ enc = proposal.devices.encryptions.first
+ expect(enc.key_size).to be_zero
+ end
+
+ it "register an AutoinstIssues::InvalidValue warning" do
+ proposal.propose
+ expect(issues_list).to_not be_empty
+ issue = issues_list.first
+ expect(issue.class).to eq Y2Storage::AutoinstIssues::InvalidValue
+ expect(issue.attr).to eq :crypt_key_size
+ end
+ end
+
+ context "when creating a LUKS2 device with a given LUKS label" do
+ let(:partition) do
+ { "mount" => "/", "crypt_key" => "s3cr3t", "crypt_method" => :luks2,
"crypt_label" => "crpt" }
+ end
+
+ it "sets the label in the LUKS device" do
+ proposal.propose
+ enc = proposal.devices.encryptions.first
+ expect(enc.label).to eq "crpt"
+ end
+
+ it "does not register any issue" do
+ proposal.propose
+ expect(issues_list).to be_empty
+ end
+ end
+
+ context "when creating a LUKS1 device with a given password derivation
function" do
+ let(:partition) do
+ { "mount" => "/", "crypt_key" => "s3cr3t", "crypt_method" => :luks1,
"crypt_pbkdf" => :argon2i }
+ end
+
+ it "does not enforce any derivation function" do
+ proposal.propose
+ enc = proposal.devices.encryptions.first
+ expect(enc.method).to eq Y2Storage::EncryptionMethod::LUKS1
+ expect(enc.pbkdf).to be_nil
+ end
+
+ it "does not register any issue" do
+ proposal.propose
+ expect(issues_list).to be_empty
+ end
+ end
+
+ context "when creating a LUKS1 device with a LUKS label" do
+ let(:partition) do
+ { "mount" => "/", "crypt_key" => "s3cr3t", "crypt_method" => :luks1,
"crypt_label" => "crpt" }
+ end
+
+ it "does not set the label" do
+ proposal.propose
+ enc = proposal.devices.encryptions.first
+ expect(enc.method).to eq Y2Storage::EncryptionMethod::LUKS1
+ expect(enc.label).to be_empty
+ end
+
+ it "does not register any issue" do
+ proposal.propose
+ expect(issues_list).to be_empty
+ end
+ end
+
+ context "when creating a SECURE_SWAP device with given cipher and key
size" do
+ before do
+ allow_any_instance_of(Y2Storage::EncryptionMethod::SecureSwap).to
receive(:available?)
+ .and_return(true)
+ end
+
+ let(:partitions) do
+ [
+ { "mount" => "/" },
+ {
+ "mount" => "swap", "crypt_method" => :secure_swap,
+ "crypt_cipher" => "aes-xts-plain64", "crypt_key_size" => 512
+ }
+ ]
+ end
+
+ it "ignores the given cipher and key size" do
+ proposal.propose
+ enc = proposal.devices.encryptions.first
+ expect(enc.method).to eq Y2Storage::EncryptionMethod::SECURE_SWAP
+ expect(enc.cipher).to eq ""
+ expect(enc.key_size).to be_zero
+ end
+
+ it "does not register any issue" do
+ proposal.propose
+ expect(issues_list).to be_empty
+ end
+ end
+
+ context "when encrypting the root partition using LUKS2 with the default
derivation function" do
+ let(:partition) do
+ { "mount" => "/", "crypt_key" => "s3cr3t", "crypt_method" => :luks2 }
+ end
+
+ it "adds an extra /boot partition since we cannot ensure Grub2 can open
the root volume" do
+ proposal.propose
+ mount_points = proposal.devices.filesystems.map(&:mount_path)
+ expect(mount_points).to contain_exactly("/boot", "/")
+ end
+ end
+
+ context "when encrypting the root partition using LUKS2 with PBKDF2 as
derivation function" do
+ let(:partition) do
+ { "mount" => "/", "crypt_key" => "s3cr3t", "crypt_method" => :luks2,
"crypt_pbkdf" => :pbkdf2 }
+ end
+
+ it "does not add an extra /boot partition since Grub2 can open the root
volume" do
+ proposal.propose
+ mount_points = proposal.devices.filesystems.map(&:mount_path)
+ expect(mount_points).to contain_exactly("/")
+ end
+ end
+
+ context "when encrypting the root partition using LUKS2 with Argon2i as
derivation function" do
+ let(:partition) do
+ { "mount" => "/", "crypt_key" => "s3cr3t", "crypt_method" => :luks2,
"crypt_pbkdf" => :argon2i }
+ end
+
+ it "adds an extra /boot partition since Grub2 cannot open the root
volume" do
+ proposal.propose
+ mount_points = proposal.devices.filesystems.map(&:mount_path)
+ expect(mount_points).to contain_exactly("/boot", "/")
+ end
+ end
+ end
+end
