In commit 2d8c0f8d40b5 ("options: decrypt LUKS-on-LV devices",
2022-02-28), in order to keep that change as contained as possible, we
didn't modify the naming scheme of those decrypted LUKS devices that
originated directly from partitions -- we passed "name_decrypted_by_uuid =
false" for partitions fetched with guestfs_list_partitions().Turns out that this is exactly what prevents us from decrypting the following block device structure (seen in RHEL6 guests; for example one installed from "RHEL-6.10-20180525.0-Server-x86_64-dvd1.iso"): > NAME MAJ:MIN RM SIZE RO TYPE > MOUNTPOINT > vda 252:0 0 9G 0 disk > ├─vda1 252:1 0 1G 0 part > /boot > ├─vda2 252:2 0 7G 0 part > │ └─luks-37f5c9df-acda-4955-8cfd-872f0da5e35b (dm-0) 253:0 0 7G 0 > crypt / > └─vda3 252:3 0 1023M 0 part > [SWAP] > sr0 11:0 1 1024M 0 rom The problem is that we prefer (a) make_mapname() due to the LUKS header residing directly on a partition, so we call the plaintext device "/dev/mapper/cryptsda2"; however (b) "/etc/fstab" in the guest refers to the same plaintext device by the standard, UUID-based "/dev/mapper/luks-37f5c9df-acda-4955-8cfd-872f0da5e35b" pathname. Therefore "inspect_get_mountpoints" in "libguestfs/daemon/inspect.ml" returns the latter pathname -- which we can't mount. Hardwire "name_decrypted_by_uuid = true" in "options/decrypt.c" -- by which effort we can as well remove the "name_decrypted_by_uuid" parameter. Testing: the libguestfs, guestfs-tools, and virt-v2v test suites (make check) pass with this update. Furthermore, "guestfish -i", virt-inspector, and virt-v2v now recognize the above blockdev / fs structure (and the converted guest boots). Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1658128 Signed-off-by: Laszlo Ersek <[email protected]> --- options/decrypt.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/options/decrypt.c b/options/decrypt.c index b899a0028620..1cd7b627e264 100644 --- a/options/decrypt.c +++ b/options/decrypt.c @@ -111,15 +111,15 @@ make_mapname (const char *device) } return mapname; } static bool decrypt_mountables (guestfs_h *g, const char * const *mountables, - struct key_store *ks, bool name_decrypted_by_uuid) + struct key_store *ks) { bool decrypted_some = false; const char * const *mnt_scan = mountables; const char *mountable; while ((mountable = *mnt_scan++) != NULL) { CLEANUP_FREE char *type = NULL; @@ -144,16 +144,15 @@ decrypt_mountables (guestfs_h *g, const char * const *mountables, /* Grab the keys that we should try with this device, based on device name, * or UUID (if any). */ keys = get_keys (ks, mountable, uuid); assert (keys[0] != NULL); /* Generate a node name for the plaintext (decrypted) device node. */ - if (!name_decrypted_by_uuid || uuid == NULL || - asprintf (&mapname, "luks-%s", uuid) == -1) + if (uuid == NULL || asprintf (&mapname, "luks-%s", uuid) == -1) mapname = make_mapname (mountable); /* Try each key in turn. */ key_scan = (const char * const *)keys; while ((key = *key_scan++) != NULL) { int r; @@ -188,20 +187,19 @@ inspect_do_decrypt (guestfs_h *g, struct key_store *ks) CLEANUP_FREE_STRING_LIST char **partitions = guestfs_list_partitions (g); CLEANUP_FREE_STRING_LIST char **lvs = NULL; bool need_rescan; if (partitions == NULL) exit (EXIT_FAILURE); - need_rescan = decrypt_mountables (g, (const char * const *)partitions, ks, - false); + need_rescan = decrypt_mountables (g, (const char * const *)partitions, ks); if (need_rescan) { if (guestfs_lvm_scan (g, 1) == -1) exit (EXIT_FAILURE); } lvs = guestfs_lvs (g); if (lvs == NULL) exit (EXIT_FAILURE); - decrypt_mountables (g, (const char * const *)lvs, ks, true); + decrypt_mountables (g, (const char * const *)lvs, ks); } base-commit: ab708d11d832457d2a0c74e7a6d8c219a4fdd90f -- 2.19.1.3.g30247aa5d201 _______________________________________________ Libguestfs mailing list [email protected] https://listman.redhat.com/mailman/listinfo/libguestfs
