From e47ca0587982e4a0db106bb8eecfc499326e1900 Mon Sep 17 00:00:00 2001 From: mulhern Date: Mon, 30 Oct 2023 16:43:12 -0400 Subject: [PATCH 1/4] Run "cargo update --package=rustix --precise=0.37.25" Signed-off-by: mulhern --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 1d258d7841..698ce016d4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1149,9 +1149,9 @@ checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" [[package]] name = "rustix" -version = "0.37.20" +version = "0.37.25" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b96e891d04aa506a6d1f318d2771bcb1c7dfda84e126660ace067c9b474bb2c0" +checksum = "d4eb579851244c2c03e7c24f501c3432bed80b8f720af1d6e5b0e0f01555a035" dependencies = [ "bitflags 1.3.2", "errno 0.3.1", From de2153788f72df034da012488631f92e895e5cb9 Mon Sep 17 00:00:00 2001 From: John Baublitz Date: Mon, 30 Oct 2023 11:05:34 -0400 Subject: [PATCH 2/4] Fix bug where Clevis and keyring implementations are enabled together --- src/engine/strat_engine/backstore/crypt/shared.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/engine/strat_engine/backstore/crypt/shared.rs b/src/engine/strat_engine/backstore/crypt/shared.rs index e523b89e83..0ff10103f2 100644 --- a/src/engine/strat_engine/backstore/crypt/shared.rs +++ b/src/engine/strat_engine/backstore/crypt/shared.rs @@ -756,7 +756,7 @@ pub fn activate( unlock_method: UnlockMethod, name: &DmName, ) -> StratisResult<()> { - if let Some(kd) = key_desc { + if let (Some(kd), UnlockMethod::Keyring) = (key_desc, unlock_method) { let key_description_missing = keys::search_key_persistent(kd) .map_err(|_| { StratisError::Msg(format!( From 9c4f8a9d3df4f11417f762710654e3239037a74f Mon Sep 17 00:00:00 2001 From: John Baublitz Date: Mon, 30 Oct 2023 11:13:07 -0400 Subject: [PATCH 3/4] Regression test for CryptHandle unlocking with both keyring and Clevis enabled --- .../strat_engine/backstore/crypt/mod.rs | 10 +++++++- src/engine/strat_engine/tests/crypt.rs | 23 +++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/src/engine/strat_engine/backstore/crypt/mod.rs b/src/engine/strat_engine/backstore/crypt/mod.rs index 9f2d009b6c..69443f91f6 100644 --- a/src/engine/strat_engine/backstore/crypt/mod.rs +++ b/src/engine/strat_engine/backstore/crypt/mod.rs @@ -380,9 +380,17 @@ mod tests { .token_handle() .json_get(CLEVIS_LUKS_TOKEN_ID) .unwrap(); + handle.deactivate().unwrap(); + } + + fn unlock_clevis(paths: &[&Path]) { + let path = paths.get(0).copied().expect("Expected exactly one path"); + CryptHandle::setup(path, Some(UnlockMethod::Clevis)) + .unwrap() + .unwrap(); } - crypt::insert_and_cleanup_key(paths, both_initialize); + crypt::insert_and_remove_key(paths, both_initialize, unlock_clevis); } #[test] diff --git a/src/engine/strat_engine/tests/crypt.rs b/src/engine/strat_engine/tests/crypt.rs index dc8866abe7..2ab40179e1 100644 --- a/src/engine/strat_engine/tests/crypt.rs +++ b/src/engine/strat_engine/tests/crypt.rs @@ -59,6 +59,29 @@ where } } +/// Takes physical device paths from loopback or real tests and passes +/// them through to a compatible test definition. This harness runs two test +/// methods, one with a key description set and one after the key description +/// used in the previous test has been unset. This can be helpful for testing cases +/// where a key description is missing but Clevis is enabled. +pub fn insert_and_remove_key(physical_paths: &[&Path], test_pre: F1, test_post: F2) +where + F1: FnOnce(&[&Path], &KeyDescription) + UnwindSafe, + F2: FnOnce(&[&Path]), +{ + let key_description = set_up_key("test-description-for-stratisd"); + + let result = catch_unwind(|| test_pre(physical_paths, &key_description)); + + StratKeyActions.unset(&key_description).unwrap(); + + if let Err(e) = result { + resume_unwind(e) + } + + test_post(physical_paths) +} + /// Takes physical device paths from loopback or real tests and passes /// them through to a compatible test definition. This method /// will also enrich the context passed to the test with two different key From db3a7914b0e59a90ca09d8c88483b680dcf02449 Mon Sep 17 00:00:00 2001 From: mulhern Date: Tue, 31 Oct 2023 15:49:23 -0400 Subject: [PATCH 4/4] version 3.6.1 Signed-off-by: mulhern --- CHANGES.txt | 14 ++++++++++++++ Cargo.lock | 2 +- Cargo.toml | 2 +- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/CHANGES.txt b/CHANGES.txt index 5fdd327d6b..12efd33ecc 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,17 @@ +stratisd 3.6.1 +============== +Recommended Rust toolchain version: 1.73.0 +Recommended development platform for Python development: Fedora 38 + +- Cherry-picked commits: + * Regression test for CryptHandle unlocking with both keyring and Clevis + * Fix bug where Clevis and keyring implementations are enabled together + * Run "cargo update --package=rustix --precise=0.37.25" + +- Set up patch branch: + https://github.com/stratis-storage/stratisd/pull/3487 + + stratisd 3.6.0 ============== Recommended Rust toolchain version: 1.73.0 diff --git a/Cargo.lock b/Cargo.lock index 698ce016d4..7fbf8fc968 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1269,7 +1269,7 @@ checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" [[package]] name = "stratisd" -version = "3.6.0" +version = "3.6.1" dependencies = [ "assert_cmd", "assert_matches", diff --git a/Cargo.toml b/Cargo.toml index 25326b83c1..3a5e2606bf 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "stratisd" -version = "3.6.0" +version = "3.6.1" authors = ["Stratis Developers "] edition = "2021" rust-version = "1.71.1" # LOWEST SUPPORTED RUST TOOLCHAIN