neil / rpms / python-blivet

Forked from rpms/python-blivet a year ago
Clone

Blame 0011-Default-to-encryption-sector-size-512-for-LUKS-devic.patch

Vojtech Trefny f7c69b
From 2aba050e74dc5df483da022dcf436b101c7a4301 Mon Sep 17 00:00:00 2001
Vojtech Trefny f7c69b
From: Vojtech Trefny <vtrefny@redhat.com>
Vojtech Trefny f7c69b
Date: Wed, 11 Jan 2023 14:59:24 +0100
Vojtech Trefny f7c69b
Subject: [PATCH] Default to encryption sector size 512 for LUKS devices
Vojtech Trefny f7c69b
Vojtech Trefny f7c69b
We are currently letting cryptsetup decide the optimal encryption
Vojtech Trefny f7c69b
sector size for LUKS. The problem is that for disks with physical
Vojtech Trefny f7c69b
sector size 4096 cryptsetup will default to 4096 encryption sector
Vojtech Trefny f7c69b
size even if the drive logical sector size is 512 which means
Vojtech Trefny f7c69b
these disks cannot be combined with other 512 logical sector size
Vojtech Trefny f7c69b
disks in LVM. This requires a more sophisticated solution in the
Vojtech Trefny f7c69b
future, but for now just default to 512 if not specified by the
Vojtech Trefny f7c69b
user otherwise.
Vojtech Trefny f7c69b
Vojtech Trefny f7c69b
Resolves: rhbz#2103800
Vojtech Trefny f7c69b
---
Vojtech Trefny f7c69b
 blivet/formats/luks.py                      | 10 +++++++---
Vojtech Trefny f7c69b
 tests/unit_tests/formats_tests/luks_test.py |  2 +-
Vojtech Trefny f7c69b
 2 files changed, 8 insertions(+), 4 deletions(-)
Vojtech Trefny f7c69b
Vojtech Trefny f7c69b
diff --git a/blivet/formats/luks.py b/blivet/formats/luks.py
Vojtech Trefny f7c69b
index 8de4911f..2637e0c5 100644
Vojtech Trefny f7c69b
--- a/blivet/formats/luks.py
Vojtech Trefny f7c69b
+++ b/blivet/formats/luks.py
Vojtech Trefny f7c69b
@@ -166,9 +166,13 @@ class LUKS(DeviceFormat):
Vojtech Trefny f7c69b
             if self.pbkdf_args.type == "pbkdf2" and self.pbkdf_args.max_memory_kb:
Vojtech Trefny f7c69b
                 log.warning("Memory limit is not used for pbkdf2 and it will be ignored.")
Vojtech Trefny f7c69b
 
Vojtech Trefny f7c69b
-        self.luks_sector_size = kwargs.get("luks_sector_size") or 0
Vojtech Trefny f7c69b
-        if self.luks_sector_size and self.luks_version != "luks2":
Vojtech Trefny f7c69b
-            raise ValueError("Sector size argument is valid only for LUKS version 2.")
Vojtech Trefny f7c69b
+        self.luks_sector_size = kwargs.get("luks_sector_size")
Vojtech Trefny f7c69b
+        if self.luks_version == "luks2":
Vojtech Trefny f7c69b
+            if self.luks_sector_size is None:
Vojtech Trefny f7c69b
+                self.luks_sector_size = 512  # XXX we don't want cryptsetup choose automatically here so fallback to 512
Vojtech Trefny f7c69b
+        else:
Vojtech Trefny f7c69b
+            if self.luks_sector_size:
Vojtech Trefny f7c69b
+                raise ValueError("Sector size argument is valid only for LUKS version 2.")
Vojtech Trefny f7c69b
 
Vojtech Trefny f7c69b
     def __repr__(self):
Vojtech Trefny f7c69b
         s = DeviceFormat.__repr__(self)
Vojtech Trefny f7c69b
diff --git a/tests/unit_tests/formats_tests/luks_test.py b/tests/unit_tests/formats_tests/luks_test.py
Vojtech Trefny f7c69b
index 5ae6acfe..ec7b7592 100644
Vojtech Trefny f7c69b
--- a/tests/unit_tests/formats_tests/luks_test.py
Vojtech Trefny f7c69b
+++ b/tests/unit_tests/formats_tests/luks_test.py
Vojtech Trefny f7c69b
@@ -53,7 +53,7 @@ class LUKSNodevTestCase(unittest.TestCase):
Vojtech Trefny f7c69b
 
Vojtech Trefny f7c69b
     def test_sector_size(self):
Vojtech Trefny f7c69b
         fmt = LUKS()
Vojtech Trefny f7c69b
-        self.assertEqual(fmt.luks_sector_size, 0)
Vojtech Trefny f7c69b
+        self.assertEqual(fmt.luks_sector_size, 512)
Vojtech Trefny f7c69b
 
Vojtech Trefny f7c69b
         with self.assertRaises(ValueError):
Vojtech Trefny f7c69b
             fmt = LUKS(luks_version="luks1", luks_sector_size=4096)
Vojtech Trefny f7c69b
-- 
Vojtech Trefny f7c69b
2.39.0
Vojtech Trefny f7c69b