You can enable experimental LUKS2 encryption support in "\ - "the YaST partitioner. It is not supported and is designed as a " \ - "technology preview only.
") - end - end - - # define the plugin - class LUKS2CheckBoxPlugin < MenuPlugin - def widget - LUKS2CheckBox.new - end - - # at the end - def order - 2000 - end - end - end - end -end diff --git a/src/lib/y2partitioner/actions/controllers/encryption.rb b/src/lib/y2partitioner/actions/controllers/encryption.rb index 400d9899c..c5b3e7598 100644 --- a/src/lib/y2partitioner/actions/controllers/encryption.rb +++ b/src/lib/y2partitioner/actions/controllers/encryption.rb @@ -71,7 +71,7 @@ def initialize(fs_controller) @fs_controller = fs_controller @action = actions.first @password = encryption&.password || "" - @pbkdf = encryption&.pbkdf + @pbkdf = encryption&.pbkdf || Y2Storage::PbkdFunction::PBKDF2 @method = initial_method @apqns = initial_apqns @label = initial_label @@ -215,7 +215,7 @@ def initial_method if methods.include?(encryption&.method) encryption.method else - Y2Storage::EncryptionMethod::LUKS1 + Y2Storage::EncryptionMethod::LUKS2 end end diff --git a/src/lib/y2storage/blk_device.rb b/src/lib/y2storage/blk_device.rb index 521c79eb7..a0c09ded6 100644 --- a/src/lib/y2storage/blk_device.rb +++ b/src/lib/y2storage/blk_device.rb @@ -255,7 +255,7 @@ def udev_full_ids # in the real system. It will fail during commit. # # @param dm_name [String] see #dm_table_name - # @param type [EncryptionType] optional encryption type of the new device, LUKS1 by default + # @param type [EncryptionType] optional encryption type of the new device, LUKS2 by default # @return [Encryption] storage_forward :create_encryption, as: "Encryption", raise_errors: true @@ -326,7 +326,7 @@ def encrypted? # the documentation of the create_device method of the corresponding class # # @return [Encryption] - def encrypt(method: EncryptionMethod::LUKS1, dm_name: nil, password: nil, **method_args) + def encrypt(method: EncryptionMethod::LUKS2, dm_name: nil, password: nil, **method_args) enc = encrypt_with_method(method, dm_name, **method_args) enc.auto_dm_name = enc.dm_table_name.empty? diff --git a/src/lib/y2storage/dialogs/guided_setup/select_scheme.rb b/src/lib/y2storage/dialogs/guided_setup/select_scheme.rb index 0ec59d67b..ea755ca88 100644 --- a/src/lib/y2storage/dialogs/guided_setup/select_scheme.rb +++ b/src/lib/y2storage/dialogs/guided_setup/select_scheme.rb @@ -44,11 +44,23 @@ def initialize(*params) super end + # Handler for :encryption_method ComboBox. + # @param focus [Boolean] whether password field should be focused + def encryption_method_handler(focus: true) + widget_update(:encryption_pbkdf, (using_encryption? && using_luks2_encryption?), + attr: :Enabled) + return unless focus && using_encryption? && using_luks2_encryption? + + Yast::UI.SetFocus(Id(:encryption_pbkdf)) + end + # Handler for :encryption check box. # @param focus [Boolean] whether password field should be focused def encryption_handler(focus: true) widget_update(:password, using_encryption?, attr: :Enabled) widget_update(:repeat_password, using_encryption?, attr: :Enabled) + widget_update(:encryption_method, using_encryption?, attr: :Enabled) + encryption_method_handler(focus: focus) return unless focus && using_encryption? Yast::UI.SetFocus(Id(:password)) @@ -119,41 +131,87 @@ def separate_vgs ) end + def password_widget + Left( + HBox( + HSpacing(2), + Password(Id(:password), Opt(:hstretch), _("Password")), + Password(Id(:repeat_password), Opt(:hstretch), _("Verify Password")) + ) + ) + end + + def encryption_method_widget + Left( + HBox( + HSpacing(2), + ComboBox( + Id(:encryption_method), + Opt(:notify, :hstretch), + _("Encryption method"), + Y2Storage::EncryptionMethod.available.reject(&:only_for_swap?).map do |m| + Item(Id(m.id), m.to_human_string, (m.id == :luks2)) + end + ) + ) + ) + end + + def encryption_pbkdf_widget + Left( + HBox( + HSpacing(2), + ComboBox( + Id(:encryption_pbkdf), + Opt(:hstretch), + _("Password-Based Key Derivation &Function (PBKDF)"), + Y2Storage::PbkdFunction.all.map do |m| + Item(Id(m.value), m.name, (m.value == "pbkdf2")) + end + ) + ) + ) + end + def enable_disk_encryption VBox( Left(CheckBox(Id(:encryption), Opt(:notify), _(WIDGET_LABELS[:enable_disk_encryption]))), VSpacing(0.2), - Left( - HBox( - HSpacing(2), - Password(Id(:password), Opt(:hstretch), _("Password")) - ) - ), - Left( - HBox( - HSpacing(2), - Password(Id(:repeat_password), Opt(:hstretch), _("Verify Password")) - ) - ) + password_widget, + encryption_method_widget, + encryption_pbkdf_widget ) end + def initialize_encryption_widgets + widget_update(:password, settings.encryption_password) + widget_update(:repeat_password, settings.encryption_password) + end + def initialize_widgets widget_update(:lvm, settings.use_lvm) - widget_update(:separate_vgs, settings.separate_vgs) + widget_update(:separate_vgs, settings.separate_vgs) if settings.separate_vgs_relevant? widget_update(:encryption, settings.use_encryption) encryption_handler(focus: false) - return unless settings.use_encryption - - widget_update(:password, settings.encryption_password) - widget_update(:repeat_password, settings.encryption_password) + widget_update(:encryption_method, settings.encryption_method.id) if settings.encryption_method + if settings.encryption_pbkdf + widget_update(:encryption_pbkdf, + Id(settings.encryption_pbkdf.value)) + end + encryption_method_handler(focus: false) + initialize_encryption_widgets if settings.use_encryption end def update_settings! settings.use_lvm = widget_value(:lvm) - settings.separate_vgs = widget_value(:separate_vgs) - password = using_encryption? ? widget_value(:password) : nil - settings.encryption_password = password + settings.separate_vgs = widget_value(:separate_vgs) if settings.separate_vgs_relevant? + settings.encryption_password = using_encryption? ? widget_value(:password) : nil + settings.encryption_method = if using_encryption? + Y2Storage::EncryptionMethod.find(widget_value(:encryption_method)) + end + settings.encryption_pbkdf = if using_encryption? && using_luks2_encryption? + Y2Storage::PbkdFunction.find(widget_value(:encryption_pbkdf)) + end end def help_text @@ -225,6 +283,10 @@ def using_encryption? widget_value(:encryption) end + def using_luks2_encryption? + widget_value(:encryption_method) == :luks2 + end + def valid_password? msg = passwd_checker.error_msg( widget_value(:password), widget_value(:repeat_password) diff --git a/src/lib/y2storage/dialogs/proposal.rb b/src/lib/y2storage/dialogs/proposal.rb index 9ef3681fd..af1857d8c 100644 --- a/src/lib/y2storage/dialogs/proposal.rb +++ b/src/lib/y2storage/dialogs/proposal.rb @@ -139,12 +139,29 @@ def summary def actions_html actions_source_html + boss_html + + encryption_error + setup_errors_html + # Reuse the exact string "Changes to partitioning" from the partitioner _("Changes to partitioning:
") + @actions_presenter.to_html end + def encryption_error + ret = "" + if !@proposal.nil? && + !@proposal.settings.nil? && + !@proposal.settings.encryption_method.nil? && + @proposal.settings.encryption_password.nil? + ret = Yast::HTML.Para( + _("Missing encryption password - Proposal has been done without encryption.") + + Yast::HTML.Newline + + _("Please use \"Guided Setup\" in order to set the password or to disable encryption.") + ) + ret = Yast::HTML.Colorize(ret, "red") + end + ret + end + def boss_html return "" if boss_devices.empty? diff --git a/src/lib/y2storage/encryption_method/luks2.rb b/src/lib/y2storage/encryption_method/luks2.rb index 32ad0d160..b29798a70 100644 --- a/src/lib/y2storage/encryption_method/luks2.rb +++ b/src/lib/y2storage/encryption_method/luks2.rb @@ -60,12 +60,6 @@ def create_device(blk_device, dm_name, pbkdf: nil, label: "") encryption_process.create_device(blk_device, dm_name, pbkdf: pbkdf, label: label) end - # @see Base#available? - def available? - # jsc#PED-3878 and jsc#GEHC-6 - Yast::Mode.auto || StorageEnv.instance.luks2_available? - end - private # @see Base#encryption_process diff --git a/src/lib/y2storage/proposal_settings.rb b/src/lib/y2storage/proposal_settings.rb index ab7a76617..ab08c6f77 100644 --- a/src/lib/y2storage/proposal_settings.rb +++ b/src/lib/y2storage/proposal_settings.rb @@ -263,7 +263,7 @@ def deep_copy # Whether encryption must be used # @return [Boolean] def use_encryption - !encryption_password.nil? + !encryption_method.nil? || !encryption_password.nil? end def_delegators :@space_settings, @@ -399,7 +399,7 @@ def root_volume lvm: false, lvm_vg_strategy: :use_available, lvm_vg_reuse: true, - encryption_method: EncryptionMethod::LUKS1, + encryption_method: nil, multidisk_first: false, other_delete_mode: :ondemand, resize_windows: true, @@ -446,13 +446,18 @@ def load_features load_encryption end - # Loads the default encryption settings + # Loads the encryption settings # - # The encryption settings are not part of control.xml, but can be injected by a previous step of - # the installation, eg. the dialog of the Common Criteria system role def load_encryption - enc = feature(:proposal, :encryption) + enc_method = feature(:proposal, :encryption_method) + self.encryption_method = EncryptionMethod.find(enc_method.to_sym) if !enc_method.nil? + + enc_pbkdf = feature(:proposal, :encryption_pbkdf) + self.encryption_pbkdf = Y2Storage::PbkdFunction.find(enc_pbkdf) if !enc_pbkdf.nil? + # The encryption password is not part of control.xml, but can be injected by a previous step of + # the installation, eg. the dialog of the Common Criteria system role. + enc = feature(:proposal, :encryption) return unless enc return unless enc.respond_to?(:password) @@ -460,6 +465,9 @@ def load_encryption return if passwd.nil? || passwd.empty? self.encryption_password = passwd + + # If an encryption password and no method have been set, we are using LUKS2 as default + self.encryption_method = EncryptionMethod::LUKS2 if encryption_method.nil? end def validated_delete_mode(mode) diff --git a/src/lib/y2storage/storage_env.rb b/src/lib/y2storage/storage_env.rb index 0f8037745..3ff2aa5ec 100644 --- a/src/lib/y2storage/storage_env.rb +++ b/src/lib/y2storage/storage_env.rb @@ -32,13 +32,11 @@ class StorageEnv ENV_ACTIVATE_LUKS = "YAST_ACTIVATE_LUKS".freeze - ENV_LUKS2_AVAILABLE = "YAST_LUKS2_AVAILABLE".freeze - ENV_LIBSTORAGE_IGNORE_PROBE_ERRORS = "LIBSTORAGE_IGNORE_PROBE_ERRORS".freeze ENV_REUSE_LVM = "YAST_REUSE_LVM".freeze - private_constant :ENV_MULTIPATH, :ENV_BIOS_RAID, :ENV_ACTIVATE_LUKS, :ENV_LUKS2_AVAILABLE + private_constant :ENV_MULTIPATH, :ENV_BIOS_RAID, :ENV_ACTIVATE_LUKS private_constant :ENV_LIBSTORAGE_IGNORE_PROBE_ERRORS private_constant :ENV_REUSE_LVM @@ -82,16 +80,6 @@ def activate_luks? active?(ENV_ACTIVATE_LUKS, default: true) end - # Whether YaST should offer the encryption method for regular LUKS2 - # - # See jsc#SLE-21309 where is stated that YaST support to setup LUKS2 devices should be - # "available only via a special Linuxrc option and communicated as a tech preview". - # - # @return [Boolean] - def luks2_available? - active?(ENV_LUKS2_AVAILABLE, default: false) - end - # Whether YaST should reuse existing LVM # # see jsc#PED-6407 or jsc#IBM-1315 diff --git a/test/installation/console/plugins/luks2_checkbox_test.rb b/test/installation/console/plugins/luks2_checkbox_test.rb deleted file mode 100644 index 22c9ea786..000000000 --- a/test/installation/console/plugins/luks2_checkbox_test.rb +++ /dev/null @@ -1,114 +0,0 @@ -# Copyright (c) [2021] SUSE LLC -# -# All Rights Reserved. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of version 2 of the GNU General Public License as published -# by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for -# more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, contact SUSE LLC. -# -# To contact SUSE LLC about this file by physical or electronic mail, you may -# find current contact information at www.suse.com. - -require_relative "../../../spec_helper" - -begin - # in development or in GitHub Actions the file might be present, - # try loading the original file - old_require "installation/console/menu_plugin" -rescue LoadError - # the file is missing, mock the "installation/console/menu_plugin" content, - # needed during RPM build - module Installation - module Console - class MenuPlugin - end - end - end -end - -require "installation/console/plugins/luks2_checkbox" -require "cwm/rspec" - -describe Installation::Console::Plugins::LUKS2CheckBox do - subject(:widget) { described_class.new } - - include_examples "CWM::CheckBox" - - describe "#init" do - before do - expect(Y2Storage::StorageEnv.instance).to receive(:luks2_available?) - .and_return(luks2_available) - end - - context "LUKS2 available" do - let(:luks2_available) { true } - - it "sets the initial state to checked" do - expect(widget).to receive(:check) - widget.init - end - end - - context "LUKS2 not available" do - let(:luks2_available) { false } - - it "sets the initial state to unchecked" do - expect(widget).to_not receive(:check) - widget.init - end - end - end - - describe "#store" do - before do - allow(Y2Storage::StorageEnv.instance).to receive(:reset_cache) - allow(ENV).to receive(:delete) - allow(ENV).to receive(:[]=) - - allow(widget).to receive(:checked?).and_return(checked) - end - - context "the checkbox is checked" do - let(:checked) { true } - - it "sets the YAST_LUKS2_AVAILABLE env variable to 1" do - expect(Y2Storage::StorageEnv.instance).to receive(:reset_cache) - expect(ENV).to receive(:[]=).with("YAST_LUKS2_AVAILABLE", "1") - widget.store - end - end - - context "the checkbox is not checked" do - let(:checked) { false } - - it "deletes the YAST_LUKS2_AVAILABLE env variable" do - expect(Y2Storage::StorageEnv.instance).to receive(:reset_cache) - expect(ENV).to receive(:delete).with("YAST_LUKS2_AVAILABLE") - widget.store - end - end - end -end - -describe Installation::Console::Plugins::LUKS2CheckBoxPlugin do - describe "#order" do - it "returns a positive number" do - expect(subject.order).to be_a(Numeric) - expect(subject.order).to be > 0 - end - end - - describe "#widget" do - it "returns a CWM widget" do - expect(subject.widget).to be_a(CWM::AbstractWidget) - end - end -end diff --git a/test/support/widgets_context.rb b/test/support/widgets_context.rb index 3d83019a7..ae22dcb24 100755 --- a/test/support/widgets_context.rb +++ b/test/support/widgets_context.rb @@ -48,7 +48,7 @@ def expect_not_select(id, value: true) end def expect_enable(id) - expect(Yast::UI).to receive(:ChangeWidget).once.with(Id(id), :Enabled, true) + expect(Yast::UI).to receive(:ChangeWidget).with(Id(id), :Enabled, true) end def expect_not_enable(id) @@ -56,7 +56,7 @@ def expect_not_enable(id) end def expect_disable(id) - expect(Yast::UI).to receive(:ChangeWidget).once.with(Id(id), :Enabled, false) + expect(Yast::UI).to receive(:ChangeWidget).with(Id(id), :Enabled, false) end def select_widget(id, value: true) diff --git a/test/y2partitioner/actions/controllers/encryption_test.rb b/test/y2partitioner/actions/controllers/encryption_test.rb index 6bc264cc7..1c9f14e71 100755 --- a/test/y2partitioner/actions/controllers/encryption_test.rb +++ b/test/y2partitioner/actions/controllers/encryption_test.rb @@ -54,7 +54,7 @@ let(:dev_name) { "/dev/vda2" } it "assigns the default encryption method" do - expect(subject.method.is?(:luks1)).to eq(true) + expect(subject.method.is?(:luks2)).to eq(true) end end @@ -78,7 +78,7 @@ end it "assigns the default encryption method" do - expect(subject.method.is?(:luks1)).to eq(true) + expect(subject.method.is?(:luks2)).to eq(true) end end end diff --git a/test/y2storage/blk_device_test.rb b/test/y2storage/blk_device_test.rb index b01bdb774..0620f41bc 100755 --- a/test/y2storage/blk_device_test.rb +++ b/test/y2storage/blk_device_test.rb @@ -1384,9 +1384,9 @@ end RSpec.shared_examples "default method" do - it "creates an encryption device using LUKS1 as default encryption method" do + it "creates an encryption device using LUKS2 as default encryption method" do expect(enc).to be_a Y2Storage::Encryption - expect(enc.method).to eq(Y2Storage::EncryptionMethod::LUKS1) + expect(enc.method).to eq(Y2Storage::EncryptionMethod::LUKS2) end end diff --git a/test/y2storage/dialogs/guided_setup/select_scheme_test.rb b/test/y2storage/dialogs/guided_setup/select_scheme_test.rb index cbc44f5df..7eadaebdc 100755 --- a/test/y2storage/dialogs/guided_setup/select_scheme_test.rb +++ b/test/y2storage/dialogs/guided_setup/select_scheme_test.rb @@ -47,6 +47,8 @@ describe "#run" do let(:password) { "" } let(:repeat_password) { password } + let(:encryption_method) { :luks2 } + let(:encryption_pbkdf) { "pbkdf2" } context "when settings has not LVM" do before do @@ -134,114 +136,130 @@ end end - context "when settings has not encryption password" do - before do - settings.encryption_password = nil - end + describe "checkbox for #encryption" do + context "when settings has not encryption password" do + before do + settings.encryption_password = nil + end - it "does not select encryption by default" do - expect_not_select(:encryption) - subject.run - end - end + context "and encryption method is not set" do + before do + settings.encryption_method = nil + end - context "when settings has encryption password" do - before do - settings.encryption_password = "12345678" - end + it "does not select encryption by default" do + expect_not_select(:encryption) + subject.run + end + end - it "selects encryption by default" do - expect_select(:encryption) - subject.run - end - end + context "and encryption method is set" do + before do + settings.encryption_method = Y2Storage::EncryptionMethod::LUKS2 + end - context "when encryption is not selected" do - before do - settings.encryption_password = "12345678" - not_select_widget(:encryption) + it "selects encryption by default" do + expect_select(:encryption) + subject.run + end + end end - it "disables password fields" do - expect_disable(:password) - expect_disable(:repeat_password) - subject.run - end + context "when settings has encryption password" do + before do + settings.encryption_password = "12345678" + end - it "sets password to nil" do - subject.run - expect(settings.encryption_password).to be_nil - end - end + context "and encryption method is not set" do + before do + settings.encryption_method = nil + end - context "when encryption is selected" do - before do - select_widget(:encryption) - select_widget(:password, value: password) - select_widget(:repeat_password, value: repeat_password) - settings.encryption_password = nil - end + it "selects encryption by default" do + expect_select(:encryption) + subject.run + end + end - it "enables password fields" do - expect_enable(:password) - expect_enable(:repeat_password) - subject.run + context "and encryption method is set" do + before do + settings.encryption_method = Y2Storage::EncryptionMethod::LUKS2 + end + + it "selects encryption by default" do + expect_select(:encryption) + subject.run + end + end end - context "and password is valid" do - let(:password) { "Val1d_pass" } + context "when encryption is not selected" do + before do + settings.encryption_password = "12345678" + not_select_widget(:encryption) + end - it "does not show an error message" do - expect(Yast::Report).not_to receive(:Warning) + it "disables password, encryption fields and " do + expect_disable(:password) + expect_disable(:repeat_password) + expect_disable(:encryption_method) + expect_disable(:encryption_pbkdf) subject.run end - it "saves password in settings" do + it "sets password to nil" do subject.run - expect(subject.settings.encryption_password).to eq(password) + expect(settings.encryption_password).to be_nil end end - context "but password is missing" do - let(:password) { "" } - include_examples("wrong password") - end + context "when encryption is selected" do + before do + select_widget(:encryption) + select_widget(:password, value: password) + select_widget(:repeat_password, value: repeat_password) + select_widget(:encryption_method, value: encryption_method) + select_widget(:encryption_method, value: encryption_method) + select_widget(:encryption_pbkdf, value: encryption_pbkdf) + settings.encryption_password = nil + end - context "but passwords do not match" do - let(:password) { "pass1" } - let(:repeat_password) { "pass2" } - include_examples("wrong password") - end + context "and luks1 is selected" do + before do + select_widget(:encryption_method, value: :luks1) + end - context "but password is short" do - let(:password) { "pass" } - include_examples("wrong password") - end + it "disables pbkdf field" do + expect_disable(:encryption_pbkdf) + subject.run + end + end - context "but password contains forbidden chars" do - let(:password) { "pássw0rd1" } - include_examples("wrong password") - end + context "and luks2 is selected" do + before do + select_widget(:encryption_method, value: :luks2) + end - context "and password is weak" do - before do - allow(Yast::InstExtensionImage).to receive(:LoadExtension) - .with(/cracklib/, anything).and_return(true) - allow(Yast::SCR).to receive(:Execute).with(Yast::Path.new(".crack"), password) - .and_return("an error message") - allow(Yast::Popup).to receive(:AnyQuestion).and_return(password_accepted) + it "enables pbkdf field" do + expect_enable(:encryption_pbkdf) + subject.run + end end - let(:password) { "12345678" } - let(:password_accepted) { false } - - it "shows an error message" do - expect(Yast::Popup).to receive(:AnyQuestion) + it "enables password, encryption method fields" do + expect_enable(:password) + expect_enable(:repeat_password) + expect_enable(:encryption_method) subject.run end - context "and password is accepted" do - let(:password_accepted) { true } + context "and password is valid" do + let(:password) { "Val1d_pass" } + + it "does not show an error message" do + expect(Yast::Report).not_to receive(:Warning) + subject.run + end it "saves password in settings" do subject.run @@ -249,44 +267,99 @@ end end - context "and password is not accepted" do + context "but password is missing" do + let(:password) { "" } + include_examples("wrong password") + end + + context "but passwords do not match" do + let(:password) { "pass1" } + let(:repeat_password) { "pass2" } + include_examples("wrong password") + end + + context "but password is short" do + let(:password) { "pass" } + include_examples("wrong password") + end + + context "but password contains forbidden chars" do + let(:password) { "pássw0rd1" } + include_examples("wrong password") + end + + context "and password is weak" do + before do + allow(Yast::InstExtensionImage).to receive(:LoadExtension) + .with(/cracklib/, anything).and_return(true) + allow(Yast::SCR).to receive(:Execute).with(Yast::Path.new(".crack"), password) + .and_return("an error message") + allow(Yast::Popup).to receive(:AnyQuestion).and_return(password_accepted) + end + + let(:password) { "12345678" } let(:password_accepted) { false } - it "does not save password in settings" do + it "shows an error message" do + expect(Yast::Popup).to receive(:AnyQuestion) subject.run - expect(subject.settings).not_to receive(:encryption_password=) - expect(subject.settings.encryption_password).to eq(nil) + end + + context "and password is accepted" do + let(:password_accepted) { true } + + it "saves password in settings" do + subject.run + expect(subject.settings.encryption_password).to eq(password) + end + end + + context "and password is not accepted" do + let(:password_accepted) { false } + + it "does not save password in settings" do + subject.run + expect(subject.settings).not_to receive(:encryption_password=) + expect(subject.settings.encryption_password).to eq(nil) + end end end end - end - context "when encryption is clicked" do - before do - select_widget(:encryption) - allow(Yast::UI).to receive(:UserInput).and_return(:encryption, :abort) - end + context "when encryption is clicked" do + before do + select_widget(:encryption) + select_widget(:encryption_method, value: encryption_method) + allow(Yast::UI).to receive(:UserInput).and_return(:encryption, :abort) + end - it "focuses password field" do - expect(Yast::UI).to receive(:SetFocus) - subject.run + it "focuses password field" do + expect(Yast::UI).to receive(:SetFocus).at_least(1).times + subject.run + end end - end - context "when settings are valid" do - before do - select_widget(:lvm) - select_widget(:encryption) - select_widget(:password, value: password) - select_widget(:repeat_password, value: password) - end + context "when settings are valid" do + before do + select_widget(:lvm) + select_widget(:encryption) + select_widget(:password, value: password) + select_widget(:repeat_password, value: password) + select_widget(:encryption_method, value: encryption_method) + select_widget(:encryption_pbkdf, value: encryption_pbkdf) if encryption_method == :luks2 + end - let(:password) { "Val1d_pass" } + let(:password) { "Val1d_pass" } - it "saves settings correctly" do - subject.run - expect(subject.settings.use_lvm).to eq(true) - expect(subject.settings.encryption_password).to eq(password) + it "saves settings correctly" do + subject.run + expect(subject.settings.use_lvm).to eq(true) + expect(subject.settings.encryption_password).to eq(password) + expect(subject.settings.encryption_method.id).to eq(encryption_method) + if encryption_method == :luks2 + expect(subject.settings.encryption_pbkdf.value).to eq(encryption_pbkdf) + end + end end end end diff --git a/test/y2storage/dialogs/proposal_test.rb b/test/y2storage/dialogs/proposal_test.rb index cf09ed7f8..6134d1fa6 100755 --- a/test/y2storage/dialogs/proposal_test.rb +++ b/test/y2storage/dialogs/proposal_test.rb @@ -123,7 +123,10 @@ def menu_button_item_with_id(id, content) end let(:proposal) do - double("Y2Storage::GuidedProposal", proposed?: proposed, auto_settings_adjustment: adjustment) + double("Y2Storage::GuidedProposal", + proposed?: proposed, + settings: nil, + auto_settings_adjustment: adjustment) end let(:adjustment) { nil } diff --git a/test/y2storage/encryption_method_test.rb b/test/y2storage/encryption_method_test.rb index bb971382f..1f3d41d0c 100755 --- a/test/y2storage/encryption_method_test.rb +++ b/test/y2storage/encryption_method_test.rb @@ -70,60 +70,27 @@ def lszcrypt_output(file) context "if there are online Crypto Express CCA coprocessors" do let(:lszcrypt) { lszcrypt_output("ok") } - context "and YAST_LUKS2_AVAILABLE is not set" do - it "returns methods for LUKS1, pervasive LUKS2 and random swap" do - expect(described_class.available.map(&:to_sym)) - .to contain_exactly(:luks1, :pervasive_luks2, :random_swap) - end - end - - context "and YAST_LUKS2_AVAILABLE is set" do - let(:env_vars) { { "YAST_LUKS2_AVAILABLE" => "1" } } - - it "returns methods for LUKS1, LUKS2, pervasive LUKS2 and random swap" do - expect(described_class.available.map(&:to_sym)) - .to contain_exactly(:luks1, :luks2, :pervasive_luks2, :random_swap) - end + it "returns methods for LUKS1, LUKS2, pervasive LUKS2 and random swap" do + expect(described_class.available.map(&:to_sym)) + .to contain_exactly(:luks1, :luks2, :pervasive_luks2, :random_swap) end end context "if no Crypto Express CCA coprocessor is available (online)" do let(:lszcrypt) { lszcrypt_output("no_devs") } - context "and YAST_LUKS2_AVAILABLE is not set" do - it "returns methods for LUKS1 and random swap" do - expect(described_class.available.map(&:to_sym)) - .to contain_exactly(:luks1, :random_swap) - end - end - - context "and YAST_LUKS2_AVAILABLE is set" do - let(:env_vars) { { "YAST_LUKS2_AVAILABLE" => "1" } } - - it "returns methods for LUKS1, LUKS2 and random swap" do - expect(described_class.available.map(&:to_sym)) - .to contain_exactly(:luks1, :luks2, :random_swap) - end + it "returns methods for LUKS1, LUKS2 and random swap" do + expect(described_class.available.map(&:to_sym)) + .to contain_exactly(:luks1, :luks2, :random_swap) end end context "if secure AES keys are not supported" do let(:lszcrypt) { "" } - context "and YAST_LUKS2_AVAILABLE is not set" do - it "returns methods for LUKS1 and random swap" do - expect(described_class.available.map(&:to_sym)) - .to contain_exactly(:luks1, :random_swap) - end - end - - context "and YAST_LUKS2_AVAILABLE is set" do - let(:env_vars) { { "YAST_LUKS2_AVAILABLE" => "1" } } - - it "returns methods for LUKS1, LUKS2 and random swap" do - expect(described_class.available.map(&:to_sym)) - .to contain_exactly(:luks1, :luks2, :random_swap) - end + it "returns methods for LUKS1, LUKS2 and random swap" do + expect(described_class.available.map(&:to_sym)) + .to contain_exactly(:luks1, :luks2, :random_swap) end end @@ -133,20 +100,9 @@ def lszcrypt_output(file) .and_raise Cheetah::ExecutionFailed.new("", "", "", "") end - context "and YAST_LUKS2_AVAILABLE is not set" do - it "returns methods for LUKS1 and random swap" do - expect(described_class.available.map(&:to_sym)) - .to contain_exactly(:luks1, :random_swap) - end - end - - context "and YAST_LUKS2_AVAILABLE is set" do - let(:env_vars) { { "YAST_LUKS2_AVAILABLE" => "1" } } - - it "returns methods for LUKS1, LUKS2 and random swap" do - expect(described_class.available.map(&:to_sym)) - .to contain_exactly(:luks1, :luks2, :random_swap) - end + it "returns methods for LUKS1, LUKS2 and random swap" do + expect(described_class.available.map(&:to_sym)) + .to contain_exactly(:luks1, :luks2, :random_swap) end end