From 997253d45bc4fc8dd6a4dc84247eb02cea58f8e3 Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Tue, 2 Apr 2024 09:32:28 +0200 Subject: [PATCH 01/22] removed env YAST_ACTIVATE_LUKS --- .../console/plugins/luks2_checkbox.rb | 75 ------------ src/lib/y2storage/encryption_method/luks2.rb | 6 - src/lib/y2storage/storage_env.rb | 14 +-- .../console/plugins/luks2_checkbox_test.rb | 114 ------------------ test/y2storage/encryption_method_test.rb | 68 ++--------- 5 files changed, 13 insertions(+), 264 deletions(-) delete mode 100644 src/lib/installation/console/plugins/luks2_checkbox.rb delete mode 100644 test/installation/console/plugins/luks2_checkbox_test.rb diff --git a/src/lib/installation/console/plugins/luks2_checkbox.rb b/src/lib/installation/console/plugins/luks2_checkbox.rb deleted file mode 100644 index deeeace1a..000000000 --- a/src/lib/installation/console/plugins/luks2_checkbox.rb +++ /dev/null @@ -1,75 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) 2021 SUSE LLC, All Rights Reserved. -# -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -# -# ------------------------------------------------------------------------------ - -require "yast" - -require "cwm" -require "installation/console/menu_plugin" -require "y2storage/storage_env" - -module Installation - module Console - module Plugins - # define a checkbox for enabling the experimental LUKS2 support in the installer - class LUKS2CheckBox < CWM::CheckBox - include Yast::Logger - - def initialize - super - textdomain "storage" - end - - # set the initial status - def init - check if Y2Storage::StorageEnv.instance.luks2_available? - end - - def label - # TRANSLATORS: check box label - _("Enable Experimental LUKS2 Encryption Support") - end - - def store - # the evaluated env variables are cached, we need to drop the cache - # when doing any change - Y2Storage::StorageEnv.instance.reset_cache - - if checked? - ENV["YAST_LUKS2_AVAILABLE"] = "1" - else - ENV.delete("YAST_LUKS2_AVAILABLE") - end - end - - def help - # TRANSLATORS: help text for the checkbox enabling LUKS2 support - _("

You can enable experimental LUKS2 encryption support in "\ - "the YaST partitioner. It is not supported and is designed as a " \ - "technology preview only.

") - end - end - - # define the plugin - class LUKS2CheckBoxPlugin < MenuPlugin - def widget - LUKS2CheckBox.new - end - - # at the end - def order - 2000 - end - end - end - end -end diff --git a/src/lib/y2storage/encryption_method/luks2.rb b/src/lib/y2storage/encryption_method/luks2.rb index 32ad0d160..b29798a70 100644 --- a/src/lib/y2storage/encryption_method/luks2.rb +++ b/src/lib/y2storage/encryption_method/luks2.rb @@ -60,12 +60,6 @@ def create_device(blk_device, dm_name, pbkdf: nil, label: "") encryption_process.create_device(blk_device, dm_name, pbkdf: pbkdf, label: label) end - # @see Base#available? - def available? - # jsc#PED-3878 and jsc#GEHC-6 - Yast::Mode.auto || StorageEnv.instance.luks2_available? - end - private # @see Base#encryption_process diff --git a/src/lib/y2storage/storage_env.rb b/src/lib/y2storage/storage_env.rb index 0f8037745..3ff2aa5ec 100644 --- a/src/lib/y2storage/storage_env.rb +++ b/src/lib/y2storage/storage_env.rb @@ -32,13 +32,11 @@ class StorageEnv ENV_ACTIVATE_LUKS = "YAST_ACTIVATE_LUKS".freeze - ENV_LUKS2_AVAILABLE = "YAST_LUKS2_AVAILABLE".freeze - ENV_LIBSTORAGE_IGNORE_PROBE_ERRORS = "LIBSTORAGE_IGNORE_PROBE_ERRORS".freeze ENV_REUSE_LVM = "YAST_REUSE_LVM".freeze - private_constant :ENV_MULTIPATH, :ENV_BIOS_RAID, :ENV_ACTIVATE_LUKS, :ENV_LUKS2_AVAILABLE + private_constant :ENV_MULTIPATH, :ENV_BIOS_RAID, :ENV_ACTIVATE_LUKS private_constant :ENV_LIBSTORAGE_IGNORE_PROBE_ERRORS private_constant :ENV_REUSE_LVM @@ -82,16 +80,6 @@ def activate_luks? active?(ENV_ACTIVATE_LUKS, default: true) end - # Whether YaST should offer the encryption method for regular LUKS2 - # - # See jsc#SLE-21309 where is stated that YaST support to setup LUKS2 devices should be - # "available only via a special Linuxrc option and communicated as a tech preview". - # - # @return [Boolean] - def luks2_available? - active?(ENV_LUKS2_AVAILABLE, default: false) - end - # Whether YaST should reuse existing LVM # # see jsc#PED-6407 or jsc#IBM-1315 diff --git a/test/installation/console/plugins/luks2_checkbox_test.rb b/test/installation/console/plugins/luks2_checkbox_test.rb deleted file mode 100644 index 22c9ea786..000000000 --- a/test/installation/console/plugins/luks2_checkbox_test.rb +++ /dev/null @@ -1,114 +0,0 @@ -# Copyright (c) [2021] SUSE LLC -# -# All Rights Reserved. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of version 2 of the GNU General Public License as published -# by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for -# more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, contact SUSE LLC. -# -# To contact SUSE LLC about this file by physical or electronic mail, you may -# find current contact information at www.suse.com. - -require_relative "../../../spec_helper" - -begin - # in development or in GitHub Actions the file might be present, - # try loading the original file - old_require "installation/console/menu_plugin" -rescue LoadError - # the file is missing, mock the "installation/console/menu_plugin" content, - # needed during RPM build - module Installation - module Console - class MenuPlugin - end - end - end -end - -require "installation/console/plugins/luks2_checkbox" -require "cwm/rspec" - -describe Installation::Console::Plugins::LUKS2CheckBox do - subject(:widget) { described_class.new } - - include_examples "CWM::CheckBox" - - describe "#init" do - before do - expect(Y2Storage::StorageEnv.instance).to receive(:luks2_available?) - .and_return(luks2_available) - end - - context "LUKS2 available" do - let(:luks2_available) { true } - - it "sets the initial state to checked" do - expect(widget).to receive(:check) - widget.init - end - end - - context "LUKS2 not available" do - let(:luks2_available) { false } - - it "sets the initial state to unchecked" do - expect(widget).to_not receive(:check) - widget.init - end - end - end - - describe "#store" do - before do - allow(Y2Storage::StorageEnv.instance).to receive(:reset_cache) - allow(ENV).to receive(:delete) - allow(ENV).to receive(:[]=) - - allow(widget).to receive(:checked?).and_return(checked) - end - - context "the checkbox is checked" do - let(:checked) { true } - - it "sets the YAST_LUKS2_AVAILABLE env variable to 1" do - expect(Y2Storage::StorageEnv.instance).to receive(:reset_cache) - expect(ENV).to receive(:[]=).with("YAST_LUKS2_AVAILABLE", "1") - widget.store - end - end - - context "the checkbox is not checked" do - let(:checked) { false } - - it "deletes the YAST_LUKS2_AVAILABLE env variable" do - expect(Y2Storage::StorageEnv.instance).to receive(:reset_cache) - expect(ENV).to receive(:delete).with("YAST_LUKS2_AVAILABLE") - widget.store - end - end - end -end - -describe Installation::Console::Plugins::LUKS2CheckBoxPlugin do - describe "#order" do - it "returns a positive number" do - expect(subject.order).to be_a(Numeric) - expect(subject.order).to be > 0 - end - end - - describe "#widget" do - it "returns a CWM widget" do - expect(subject.widget).to be_a(CWM::AbstractWidget) - end - end -end diff --git a/test/y2storage/encryption_method_test.rb b/test/y2storage/encryption_method_test.rb index bb971382f..1f3d41d0c 100755 --- a/test/y2storage/encryption_method_test.rb +++ b/test/y2storage/encryption_method_test.rb @@ -70,60 +70,27 @@ def lszcrypt_output(file) context "if there are online Crypto Express CCA coprocessors" do let(:lszcrypt) { lszcrypt_output("ok") } - context "and YAST_LUKS2_AVAILABLE is not set" do - it "returns methods for LUKS1, pervasive LUKS2 and random swap" do - expect(described_class.available.map(&:to_sym)) - .to contain_exactly(:luks1, :pervasive_luks2, :random_swap) - end - end - - context "and YAST_LUKS2_AVAILABLE is set" do - let(:env_vars) { { "YAST_LUKS2_AVAILABLE" => "1" } } - - it "returns methods for LUKS1, LUKS2, pervasive LUKS2 and random swap" do - expect(described_class.available.map(&:to_sym)) - .to contain_exactly(:luks1, :luks2, :pervasive_luks2, :random_swap) - end + it "returns methods for LUKS1, LUKS2, pervasive LUKS2 and random swap" do + expect(described_class.available.map(&:to_sym)) + .to contain_exactly(:luks1, :luks2, :pervasive_luks2, :random_swap) end end context "if no Crypto Express CCA coprocessor is available (online)" do let(:lszcrypt) { lszcrypt_output("no_devs") } - context "and YAST_LUKS2_AVAILABLE is not set" do - it "returns methods for LUKS1 and random swap" do - expect(described_class.available.map(&:to_sym)) - .to contain_exactly(:luks1, :random_swap) - end - end - - context "and YAST_LUKS2_AVAILABLE is set" do - let(:env_vars) { { "YAST_LUKS2_AVAILABLE" => "1" } } - - it "returns methods for LUKS1, LUKS2 and random swap" do - expect(described_class.available.map(&:to_sym)) - .to contain_exactly(:luks1, :luks2, :random_swap) - end + it "returns methods for LUKS1, LUKS2 and random swap" do + expect(described_class.available.map(&:to_sym)) + .to contain_exactly(:luks1, :luks2, :random_swap) end end context "if secure AES keys are not supported" do let(:lszcrypt) { "" } - context "and YAST_LUKS2_AVAILABLE is not set" do - it "returns methods for LUKS1 and random swap" do - expect(described_class.available.map(&:to_sym)) - .to contain_exactly(:luks1, :random_swap) - end - end - - context "and YAST_LUKS2_AVAILABLE is set" do - let(:env_vars) { { "YAST_LUKS2_AVAILABLE" => "1" } } - - it "returns methods for LUKS1, LUKS2 and random swap" do - expect(described_class.available.map(&:to_sym)) - .to contain_exactly(:luks1, :luks2, :random_swap) - end + it "returns methods for LUKS1, LUKS2 and random swap" do + expect(described_class.available.map(&:to_sym)) + .to contain_exactly(:luks1, :luks2, :random_swap) end end @@ -133,20 +100,9 @@ def lszcrypt_output(file) .and_raise Cheetah::ExecutionFailed.new("", "", "", "") end - context "and YAST_LUKS2_AVAILABLE is not set" do - it "returns methods for LUKS1 and random swap" do - expect(described_class.available.map(&:to_sym)) - .to contain_exactly(:luks1, :random_swap) - end - end - - context "and YAST_LUKS2_AVAILABLE is set" do - let(:env_vars) { { "YAST_LUKS2_AVAILABLE" => "1" } } - - it "returns methods for LUKS1, LUKS2 and random swap" do - expect(described_class.available.map(&:to_sym)) - .to contain_exactly(:luks1, :luks2, :random_swap) - end + it "returns methods for LUKS1, LUKS2 and random swap" do + expect(described_class.available.map(&:to_sym)) + .to contain_exactly(:luks1, :luks2, :random_swap) end end From 0a6421b6e1e97be84b690538e77173808393d0a7 Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Wed, 3 Apr 2024 16:39:52 +0200 Subject: [PATCH 02/22] added luks2 encryption to guided setup --- .../dialogs/guided_setup/select_scheme.rb | 49 ++++++++++++++++--- 1 file changed, 43 insertions(+), 6 deletions(-) diff --git a/src/lib/y2storage/dialogs/guided_setup/select_scheme.rb b/src/lib/y2storage/dialogs/guided_setup/select_scheme.rb index 0ec59d67b..1820d8e63 100644 --- a/src/lib/y2storage/dialogs/guided_setup/select_scheme.rb +++ b/src/lib/y2storage/dialogs/guided_setup/select_scheme.rb @@ -44,11 +44,23 @@ def initialize(*params) super end + + # Handler for :encryption_method ComboBox. + # @param focus [Boolean] whether password field should be focused + def encryption_method_handler(focus: true) + widget_update(:encryption_pbkdf, (using_encryption? && using_luks2_encryption?), attr: :Enabled) + return unless focus && using_encryption? && using_luks2_encryption? + + Yast::UI.SetFocus(Id(:encryption_pbkdf)) + end + # Handler for :encryption check box. # @param focus [Boolean] whether password field should be focused def encryption_handler(focus: true) widget_update(:password, using_encryption?, attr: :Enabled) widget_update(:repeat_password, using_encryption?, attr: :Enabled) + widget_update(:encryption_method, using_encryption?, attr: :Enabled) + encryption_method_handler(focus: focus) return unless focus && using_encryption? Yast::UI.SetFocus(Id(:password)) @@ -126,13 +138,30 @@ def enable_disk_encryption Left( HBox( HSpacing(2), - Password(Id(:password), Opt(:hstretch), _("Password")) + Password(Id(:password), Opt(:hstretch), _("Password")), + Password(Id(:repeat_password), Opt(:hstretch), _("Verify Password")) ) ), Left( HBox( HSpacing(2), - Password(Id(:repeat_password), Opt(:hstretch), _("Verify Password")) + ComboBox( + Id(:encryption_method), + Opt(:notify, :hstretch), + _("Encryption method"), + Y2Storage::EncryptionMethod.available.reject(&:only_for_swap?).map { |m| Item(Id(m.to_sym), m.to_human_string,false) } + ) + ) + ), + Left( + HBox( + HSpacing(2), + ComboBox( + Id(:encryption_pbkdf), + Opt(:hstretch), + _("Password-Based Key Derivation &Function (PBKDF)"), + Y2Storage::PbkdFunction.all.map { |m| Item(Id(m.value), m.name, (m.value == "pbkdf2" ? true : false)) } + ) ) ) ) @@ -140,9 +169,12 @@ def enable_disk_encryption def initialize_widgets widget_update(:lvm, settings.use_lvm) - widget_update(:separate_vgs, settings.separate_vgs) + widget_update(:separate_vgs, settings.separate_vgs) if settings.separate_vgs_relevant? widget_update(:encryption, settings.use_encryption) encryption_handler(focus: false) + widget_update(:encryption_method, settings.encryption_method.id) if settings.encryption_method + widget_update(:encryption_pbkdf, Id(settings.encryption_pbkdf.value)) if settings.encryption_pbkdf + encryption_method_handler(focus: false) return unless settings.use_encryption widget_update(:password, settings.encryption_password) @@ -151,9 +183,10 @@ def initialize_widgets def update_settings! settings.use_lvm = widget_value(:lvm) - settings.separate_vgs = widget_value(:separate_vgs) - password = using_encryption? ? widget_value(:password) : nil - settings.encryption_password = password + settings.separate_vgs = widget_value(:separate_vgs) if settings.separate_vgs_relevant? + settings.encryption_password = using_encryption? ? widget_value(:password) : nil + settings.encryption_method = using_encryption? ? Y2Storage::EncryptionMethod.find(widget_value(:encryption_method)) : nil + settings.encryption_pbkdf = (using_encryption? && using_luks2_encryption?) ? Y2Storage::PbkdFunction.find(widget_value(:encryption_pbkdf)) : nil end def help_text @@ -225,6 +258,10 @@ def using_encryption? widget_value(:encryption) end + def using_luks2_encryption? + widget_value(:encryption_method) == :luks2 + end + def valid_password? msg = passwd_checker.error_msg( widget_value(:password), widget_value(:repeat_password) From 0e8818b577dbd2461434b2f1e9acda5f0c5d460c Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Thu, 4 Apr 2024 18:28:15 +0200 Subject: [PATCH 03/22] regarding product encryption settings --- src/lib/y2storage/proposal_settings.rb | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/src/lib/y2storage/proposal_settings.rb b/src/lib/y2storage/proposal_settings.rb index ab7a76617..4c5cc28ee 100644 --- a/src/lib/y2storage/proposal_settings.rb +++ b/src/lib/y2storage/proposal_settings.rb @@ -263,7 +263,7 @@ def deep_copy # Whether encryption must be used # @return [Boolean] def use_encryption - !encryption_password.nil? + !encryption_method.nil? end def_delegators :@space_settings, @@ -399,7 +399,7 @@ def root_volume lvm: false, lvm_vg_strategy: :use_available, lvm_vg_reuse: true, - encryption_method: EncryptionMethod::LUKS1, + encryption_method: nil, multidisk_first: false, other_delete_mode: :ondemand, resize_windows: true, @@ -446,13 +446,18 @@ def load_features load_encryption end - # Loads the default encryption settings + # Loads the encryption settings # - # The encryption settings are not part of control.xml, but can be injected by a previous step of - # the installation, eg. the dialog of the Common Criteria system role def load_encryption - enc = feature(:proposal, :encryption) + enc_method = feature(:proposal, :encryption_method) + self.encryption_method = EncryptionMethod.find(enc_method.to_sym) if !enc_method.nil? + + enc_pbkdf = feature(:proposal, :encryption_pbkdf) + self.encryption_pbkdf = Y2Storage::PbkdFunction.find(enc_pbkdf) if !enc_pbkdf.nil? + # The encryption password is not part of control.xml, but can be injected by a previous step of + # the installation, eg. the dialog of the Common Criteria system role. + enc = feature(:proposal, :encryption) return unless enc return unless enc.respond_to?(:password) @@ -460,6 +465,10 @@ def load_encryption return if passwd.nil? || passwd.empty? self.encryption_password = passwd + + # If an encryption password and no method have been set, we are using LUKS1 as default + self.encryption_method = EncryptionMethod::LUKS1 if self.encryption_method.nil? + end def validated_delete_mode(mode) From 0d645aa0636e170a680318366046608078492876 Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Tue, 9 Apr 2024 10:22:21 +0200 Subject: [PATCH 04/22] check missing encryption password --- src/lib/y2storage/dialogs/proposal.rb | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/lib/y2storage/dialogs/proposal.rb b/src/lib/y2storage/dialogs/proposal.rb index 9ef3681fd..119d8a73f 100644 --- a/src/lib/y2storage/dialogs/proposal.rb +++ b/src/lib/y2storage/dialogs/proposal.rb @@ -1,3 +1,4 @@ +# coding: utf-8 # Copyright (c) [2016-2022] SUSE LLC # # All Rights Reserved. @@ -126,7 +127,6 @@ def summary # TODO: if there is a proposal, use the meaningful description with # hyperlinks instead of just delegating the summary to libstorage content = devicegraph ? actions_html : failure_html - RichText(Id(:summary), content) end @@ -139,12 +139,27 @@ def summary def actions_html actions_source_html + boss_html + + encryption_error + setup_errors_html + # Reuse the exact string "Changes to partitioning" from the partitioner _("

Changes to partitioning:

") + @actions_presenter.to_html end + def encryption_error + ret = "" + if (!@proposal.nil? && + !@proposal.settings.nil? && + !@proposal.settings.encryption_method.nil? && + @proposal.settings.encryption_password.nil?) + ret = Yast::HTML.Para (_("Missing encryption password - Proposal has been done without encryption.")) + + Yast::HTML.Newline + + _("Please use \"Guided Setup\" in order to set the password or in order to disable encryption.") + ret = Yast::HTML.Colorize(ret, "red") + end + ret + end + def boss_html return "" if boss_devices.empty? From 161df111dc61b31db333a8788c33affae900ea6b Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Wed, 10 Apr 2024 09:09:50 +0200 Subject: [PATCH 05/22] taking LUKS2 as default --- src/lib/y2partitioner/actions/controllers/encryption.rb | 2 +- src/lib/y2storage/blk_device.rb | 4 ++-- src/lib/y2storage/proposal_settings.rb | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/lib/y2partitioner/actions/controllers/encryption.rb b/src/lib/y2partitioner/actions/controllers/encryption.rb index 400d9899c..b0929e0f6 100644 --- a/src/lib/y2partitioner/actions/controllers/encryption.rb +++ b/src/lib/y2partitioner/actions/controllers/encryption.rb @@ -215,7 +215,7 @@ def initial_method if methods.include?(encryption&.method) encryption.method else - Y2Storage::EncryptionMethod::LUKS1 + Y2Storage::EncryptionMethod::LUKS2 end end diff --git a/src/lib/y2storage/blk_device.rb b/src/lib/y2storage/blk_device.rb index 521c79eb7..a0c09ded6 100644 --- a/src/lib/y2storage/blk_device.rb +++ b/src/lib/y2storage/blk_device.rb @@ -255,7 +255,7 @@ def udev_full_ids # in the real system. It will fail during commit. # # @param dm_name [String] see #dm_table_name - # @param type [EncryptionType] optional encryption type of the new device, LUKS1 by default + # @param type [EncryptionType] optional encryption type of the new device, LUKS2 by default # @return [Encryption] storage_forward :create_encryption, as: "Encryption", raise_errors: true @@ -326,7 +326,7 @@ def encrypted? # the documentation of the create_device method of the corresponding class # # @return [Encryption] - def encrypt(method: EncryptionMethod::LUKS1, dm_name: nil, password: nil, **method_args) + def encrypt(method: EncryptionMethod::LUKS2, dm_name: nil, password: nil, **method_args) enc = encrypt_with_method(method, dm_name, **method_args) enc.auto_dm_name = enc.dm_table_name.empty? diff --git a/src/lib/y2storage/proposal_settings.rb b/src/lib/y2storage/proposal_settings.rb index 4c5cc28ee..a6a0033a9 100644 --- a/src/lib/y2storage/proposal_settings.rb +++ b/src/lib/y2storage/proposal_settings.rb @@ -466,8 +466,8 @@ def load_encryption self.encryption_password = passwd - # If an encryption password and no method have been set, we are using LUKS1 as default - self.encryption_method = EncryptionMethod::LUKS1 if self.encryption_method.nil? + # If an encryption password and no method have been set, we are using LUKS2 as default + self.encryption_method = EncryptionMethod::LUKS2 if self.encryption_method.nil? end From 1010a0fc542aacdfe309d11b1076dbaac03cb15f Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Wed, 10 Apr 2024 13:04:28 +0200 Subject: [PATCH 06/22] rubocop --- .../dialogs/guided_setup/select_scheme.rb | 25 +++++++++++++------ src/lib/y2storage/dialogs/proposal.rb | 11 ++++---- .../encryption_processes/secure_key.rb | 2 +- src/lib/y2storage/proposal_settings.rb | 3 +-- src/lib/y2storage/storage_env.rb | 2 +- 5 files changed, 27 insertions(+), 16 deletions(-) diff --git a/src/lib/y2storage/dialogs/guided_setup/select_scheme.rb b/src/lib/y2storage/dialogs/guided_setup/select_scheme.rb index 1820d8e63..1fb410a67 100644 --- a/src/lib/y2storage/dialogs/guided_setup/select_scheme.rb +++ b/src/lib/y2storage/dialogs/guided_setup/select_scheme.rb @@ -44,11 +44,11 @@ def initialize(*params) super end - # Handler for :encryption_method ComboBox. # @param focus [Boolean] whether password field should be focused def encryption_method_handler(focus: true) - widget_update(:encryption_pbkdf, (using_encryption? && using_luks2_encryption?), attr: :Enabled) + widget_update(:encryption_pbkdf, (using_encryption? && using_luks2_encryption?), + attr: :Enabled) return unless focus && using_encryption? && using_luks2_encryption? Yast::UI.SetFocus(Id(:encryption_pbkdf)) @@ -149,7 +149,9 @@ def enable_disk_encryption Id(:encryption_method), Opt(:notify, :hstretch), _("Encryption method"), - Y2Storage::EncryptionMethod.available.reject(&:only_for_swap?).map { |m| Item(Id(m.to_sym), m.to_human_string,false) } + Y2Storage::EncryptionMethod.available.reject(&:only_for_swap?).map do |m| + Item(Id(m.to_sym), m.to_human_string, false) + end ) ) ), @@ -160,7 +162,9 @@ def enable_disk_encryption Id(:encryption_pbkdf), Opt(:hstretch), _("Password-Based Key Derivation &Function (PBKDF)"), - Y2Storage::PbkdFunction.all.map { |m| Item(Id(m.value), m.name, (m.value == "pbkdf2" ? true : false)) } + Y2Storage::PbkdFunction.all.map do |m| + Item(Id(m.value), m.name, (m.value == "pbkdf2")) + end ) ) ) @@ -173,7 +177,10 @@ def initialize_widgets widget_update(:encryption, settings.use_encryption) encryption_handler(focus: false) widget_update(:encryption_method, settings.encryption_method.id) if settings.encryption_method - widget_update(:encryption_pbkdf, Id(settings.encryption_pbkdf.value)) if settings.encryption_pbkdf + if settings.encryption_pbkdf + widget_update(:encryption_pbkdf, + Id(settings.encryption_pbkdf.value)) + end encryption_method_handler(focus: false) return unless settings.use_encryption @@ -185,8 +192,12 @@ def update_settings! settings.use_lvm = widget_value(:lvm) settings.separate_vgs = widget_value(:separate_vgs) if settings.separate_vgs_relevant? settings.encryption_password = using_encryption? ? widget_value(:password) : nil - settings.encryption_method = using_encryption? ? Y2Storage::EncryptionMethod.find(widget_value(:encryption_method)) : nil - settings.encryption_pbkdf = (using_encryption? && using_luks2_encryption?) ? Y2Storage::PbkdFunction.find(widget_value(:encryption_pbkdf)) : nil + settings.encryption_method = if using_encryption? + Y2Storage::EncryptionMethod.find(widget_value(:encryption_method)) + end + settings.encryption_pbkdf = if using_encryption? && using_luks2_encryption? + Y2Storage::PbkdFunction.find(widget_value(:encryption_pbkdf)) + end end def help_text diff --git a/src/lib/y2storage/dialogs/proposal.rb b/src/lib/y2storage/dialogs/proposal.rb index 119d8a73f..43715a2cb 100644 --- a/src/lib/y2storage/dialogs/proposal.rb +++ b/src/lib/y2storage/dialogs/proposal.rb @@ -1,4 +1,3 @@ -# coding: utf-8 # Copyright (c) [2016-2022] SUSE LLC # # All Rights Reserved. @@ -148,13 +147,15 @@ def actions_html def encryption_error ret = "" - if (!@proposal.nil? && + if !@proposal.nil? && !@proposal.settings.nil? && !@proposal.settings.encryption_method.nil? && - @proposal.settings.encryption_password.nil?) - ret = Yast::HTML.Para (_("Missing encryption password - Proposal has been done without encryption.")) + + @proposal.settings.encryption_password.nil? + ret = Yast::HTML.Para( + _("Missing encryption password - Proposal has been done without encryption.") + ) + Yast::HTML.Newline + - _("Please use \"Guided Setup\" in order to set the password or in order to disable encryption.") + _("Please use \"Guided Setup\" in order to set the password or to disable encryption.") ret = Yast::HTML.Colorize(ret, "red") end ret diff --git a/src/lib/y2storage/encryption_processes/secure_key.rb b/src/lib/y2storage/encryption_processes/secure_key.rb index 84c41fe89..43f7938cc 100644 --- a/src/lib/y2storage/encryption_processes/secure_key.rb +++ b/src/lib/y2storage/encryption_processes/secure_key.rb @@ -224,7 +224,7 @@ def repository_path(base_dir = "/") # # @return [String] def repo_dir - ENV["ZKEY_REPOSITORY"] || DEFAULT_REPO_DIR + ENV.fetch("ZKEY_REPOSITORY", nil) || DEFAULT_REPO_DIR end # Arguments to be used with the "zkey generate" command diff --git a/src/lib/y2storage/proposal_settings.rb b/src/lib/y2storage/proposal_settings.rb index a6a0033a9..6c391c729 100644 --- a/src/lib/y2storage/proposal_settings.rb +++ b/src/lib/y2storage/proposal_settings.rb @@ -467,8 +467,7 @@ def load_encryption self.encryption_password = passwd # If an encryption password and no method have been set, we are using LUKS2 as default - self.encryption_method = EncryptionMethod::LUKS2 if self.encryption_method.nil? - + self.encryption_method = EncryptionMethod::LUKS2 if encryption_method.nil? end def validated_delete_mode(mode) diff --git a/src/lib/y2storage/storage_env.rb b/src/lib/y2storage/storage_env.rb index 3ff2aa5ec..afba6f03e 100644 --- a/src/lib/y2storage/storage_env.rb +++ b/src/lib/y2storage/storage_env.rb @@ -145,7 +145,7 @@ def read(variable) key = ENV.keys.sort.find { |k| k.match(/\A#{variable}\z/i) } return nil unless key - value = ENV[key] + value = ENV.fetch(key, nil) log.debug "Found ENV variable key: #{key.inspect} value: #{value.inspect}" value end From f7027efb95bf322569419d639f07040592a798a8 Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Wed, 10 Apr 2024 13:28:08 +0200 Subject: [PATCH 07/22] rubocop --- .../dialogs/guided_setup/select_scheme.rb | 88 +++++++++++-------- 1 file changed, 51 insertions(+), 37 deletions(-) diff --git a/src/lib/y2storage/dialogs/guided_setup/select_scheme.rb b/src/lib/y2storage/dialogs/guided_setup/select_scheme.rb index 1fb410a67..20d079f90 100644 --- a/src/lib/y2storage/dialogs/guided_setup/select_scheme.rb +++ b/src/lib/y2storage/dialogs/guided_setup/select_scheme.rb @@ -131,46 +131,63 @@ def separate_vgs ) end + def password_widget + Left( + HBox( + HSpacing(2), + Password(Id(:password), Opt(:hstretch), _("Password")), + Password(Id(:repeat_password), Opt(:hstretch), _("Verify Password")) + ) + ) + end + + def encryption_method_widget + Left( + HBox( + HSpacing(2), + ComboBox( + Id(:encryption_method), + Opt(:notify, :hstretch), + _("Encryption method"), + Y2Storage::EncryptionMethod.available.reject(&:only_for_swap?).map do |m| + Item(Id(m.to_sym), m.to_human_string, false) + end + ) + ) + ) + end + + def encryption_pbkdf_widget + Left( + HBox( + HSpacing(2), + ComboBox( + Id(:encryption_pbkdf), + Opt(:hstretch), + _("Password-Based Key Derivation &Function (PBKDF)"), + Y2Storage::PbkdFunction.all.map do |m| + Item(Id(m.value), m.name, (m.value == "pbkdf2")) + end + ) + ) + ) + end + def enable_disk_encryption VBox( Left(CheckBox(Id(:encryption), Opt(:notify), _(WIDGET_LABELS[:enable_disk_encryption]))), VSpacing(0.2), - Left( - HBox( - HSpacing(2), - Password(Id(:password), Opt(:hstretch), _("Password")), - Password(Id(:repeat_password), Opt(:hstretch), _("Verify Password")) - ) - ), - Left( - HBox( - HSpacing(2), - ComboBox( - Id(:encryption_method), - Opt(:notify, :hstretch), - _("Encryption method"), - Y2Storage::EncryptionMethod.available.reject(&:only_for_swap?).map do |m| - Item(Id(m.to_sym), m.to_human_string, false) - end - ) - ) - ), - Left( - HBox( - HSpacing(2), - ComboBox( - Id(:encryption_pbkdf), - Opt(:hstretch), - _("Password-Based Key Derivation &Function (PBKDF)"), - Y2Storage::PbkdFunction.all.map do |m| - Item(Id(m.value), m.name, (m.value == "pbkdf2")) - end - ) - ) - ) + password_widget, + encryption_method_widget, + encryption_pbkdf_widget ) end + def initialize_encryption_widgets + widget_update(:password, settings.encryption_password) + widget_update(:repeat_password, settings.encryption_password) + end + def initialize_widgets widget_update(:lvm, settings.use_lvm) widget_update(:separate_vgs, settings.separate_vgs) if settings.separate_vgs_relevant? @@ -182,10 +199,7 @@ def initialize_widgets Id(settings.encryption_pbkdf.value)) end encryption_method_handler(focus: false) - return unless settings.use_encryption - - widget_update(:password, settings.encryption_password) - widget_update(:repeat_password, settings.encryption_password) + initialize_encryption_widgets if settings.use_encryption end def update_settings! From 7fc7135d1efe14ab797495b07f64dcfbfd124be1 Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Wed, 10 Apr 2024 15:34:23 +0200 Subject: [PATCH 08/22] fixed rob. bug --- src/lib/y2storage/storage_env.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/y2storage/storage_env.rb b/src/lib/y2storage/storage_env.rb index afba6f03e..3ff2aa5ec 100644 --- a/src/lib/y2storage/storage_env.rb +++ b/src/lib/y2storage/storage_env.rb @@ -145,7 +145,7 @@ def read(variable) key = ENV.keys.sort.find { |k| k.match(/\A#{variable}\z/i) } return nil unless key - value = ENV.fetch(key, nil) + value = ENV[key] log.debug "Found ENV variable key: #{key.inspect} value: #{value.inspect}" value end From 873b02dd304c1735980c89512bf9c3289f571116 Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Wed, 10 Apr 2024 17:09:15 +0200 Subject: [PATCH 09/22] fixed testcases --- test/y2partitioner/actions/controllers/encryption_test.rb | 4 ++-- test/y2storage/blk_device_test.rb | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/test/y2partitioner/actions/controllers/encryption_test.rb b/test/y2partitioner/actions/controllers/encryption_test.rb index 6bc264cc7..1c9f14e71 100755 --- a/test/y2partitioner/actions/controllers/encryption_test.rb +++ b/test/y2partitioner/actions/controllers/encryption_test.rb @@ -54,7 +54,7 @@ let(:dev_name) { "/dev/vda2" } it "assigns the default encryption method" do - expect(subject.method.is?(:luks1)).to eq(true) + expect(subject.method.is?(:luks2)).to eq(true) end end @@ -78,7 +78,7 @@ end it "assigns the default encryption method" do - expect(subject.method.is?(:luks1)).to eq(true) + expect(subject.method.is?(:luks2)).to eq(true) end end end diff --git a/test/y2storage/blk_device_test.rb b/test/y2storage/blk_device_test.rb index b01bdb774..0620f41bc 100755 --- a/test/y2storage/blk_device_test.rb +++ b/test/y2storage/blk_device_test.rb @@ -1384,9 +1384,9 @@ end RSpec.shared_examples "default method" do - it "creates an encryption device using LUKS1 as default encryption method" do + it "creates an encryption device using LUKS2 as default encryption method" do expect(enc).to be_a Y2Storage::Encryption - expect(enc.method).to eq(Y2Storage::EncryptionMethod::LUKS1) + expect(enc.method).to eq(Y2Storage::EncryptionMethod::LUKS2) end end From 9d115f6b8f1e76f579e73c6b93b1a050a39c9678 Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Wed, 10 Apr 2024 17:50:06 +0200 Subject: [PATCH 10/22] fixed testcases --- src/lib/y2storage/proposal_settings.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/y2storage/proposal_settings.rb b/src/lib/y2storage/proposal_settings.rb index 6c391c729..ab08c6f77 100644 --- a/src/lib/y2storage/proposal_settings.rb +++ b/src/lib/y2storage/proposal_settings.rb @@ -263,7 +263,7 @@ def deep_copy # Whether encryption must be used # @return [Boolean] def use_encryption - !encryption_method.nil? + !encryption_method.nil? || !encryption_password.nil? end def_delegators :@space_settings, From 2547797adb5f38e72da3d3151a4e29bb4a7e6c1f Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Tue, 16 Apr 2024 10:42:44 +0200 Subject: [PATCH 11/22] fixed testcase --- src/lib/y2storage/encryption_processes/secure_key.rb | 2 +- test/y2storage/dialogs/guided_setup/select_scheme_test.rb | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/lib/y2storage/encryption_processes/secure_key.rb b/src/lib/y2storage/encryption_processes/secure_key.rb index 43f7938cc..84c41fe89 100644 --- a/src/lib/y2storage/encryption_processes/secure_key.rb +++ b/src/lib/y2storage/encryption_processes/secure_key.rb @@ -224,7 +224,7 @@ def repository_path(base_dir = "/") # # @return [String] def repo_dir - ENV.fetch("ZKEY_REPOSITORY", nil) || DEFAULT_REPO_DIR + ENV["ZKEY_REPOSITORY"] || DEFAULT_REPO_DIR end # Arguments to be used with the "zkey generate" command diff --git a/test/y2storage/dialogs/guided_setup/select_scheme_test.rb b/test/y2storage/dialogs/guided_setup/select_scheme_test.rb index cbc44f5df..658a07d5c 100755 --- a/test/y2storage/dialogs/guided_setup/select_scheme_test.rb +++ b/test/y2storage/dialogs/guided_setup/select_scheme_test.rb @@ -1,4 +1,5 @@ #!/usr/bin/env rspec +# coding: utf-8 # Copyright (c) [2017] SUSE LLC # # All Rights Reserved. @@ -47,6 +48,7 @@ describe "#run" do let(:password) { "" } let(:repeat_password) { password } + let(:encryption_method) { :luks1 } context "when settings has not LVM" do before do @@ -179,6 +181,7 @@ select_widget(:encryption) select_widget(:password, value: password) select_widget(:repeat_password, value: repeat_password) + select_widget(:encryption_method, value: encryption_method) settings.encryption_password = nil end @@ -264,6 +267,7 @@ context "when encryption is clicked" do before do select_widget(:encryption) + select_widget(:encryption_method, value: encryption_method) allow(Yast::UI).to receive(:UserInput).and_return(:encryption, :abort) end @@ -279,6 +283,7 @@ select_widget(:encryption) select_widget(:password, value: password) select_widget(:repeat_password, value: password) + select_widget(:encryption_method, value: encryption_method) end let(:password) { "Val1d_pass" } From 79a64498997e0d22faee9de23b824fbec579a3e1 Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Tue, 16 Apr 2024 12:36:37 +0200 Subject: [PATCH 12/22] fixed testcases --- test/y2storage/dialogs/proposal_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/y2storage/dialogs/proposal_test.rb b/test/y2storage/dialogs/proposal_test.rb index cf09ed7f8..e497b9fd2 100755 --- a/test/y2storage/dialogs/proposal_test.rb +++ b/test/y2storage/dialogs/proposal_test.rb @@ -123,7 +123,7 @@ def menu_button_item_with_id(id, content) end let(:proposal) do - double("Y2Storage::GuidedProposal", proposed?: proposed, auto_settings_adjustment: adjustment) + double("Y2Storage::GuidedProposal", proposed?: proposed, settings: nil, auto_settings_adjustment: adjustment) end let(:adjustment) { nil } From d1bee949acc54489977b9c9c20689e32d55e6f03 Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Tue, 16 Apr 2024 13:01:37 +0200 Subject: [PATCH 13/22] rubocop --- test/y2storage/dialogs/guided_setup/select_scheme_test.rb | 1 - test/y2storage/dialogs/proposal_test.rb | 4 +++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/test/y2storage/dialogs/guided_setup/select_scheme_test.rb b/test/y2storage/dialogs/guided_setup/select_scheme_test.rb index 658a07d5c..f821c8fa3 100755 --- a/test/y2storage/dialogs/guided_setup/select_scheme_test.rb +++ b/test/y2storage/dialogs/guided_setup/select_scheme_test.rb @@ -1,5 +1,4 @@ #!/usr/bin/env rspec -# coding: utf-8 # Copyright (c) [2017] SUSE LLC # # All Rights Reserved. diff --git a/test/y2storage/dialogs/proposal_test.rb b/test/y2storage/dialogs/proposal_test.rb index e497b9fd2..26a800888 100755 --- a/test/y2storage/dialogs/proposal_test.rb +++ b/test/y2storage/dialogs/proposal_test.rb @@ -123,7 +123,9 @@ def menu_button_item_with_id(id, content) end let(:proposal) do - double("Y2Storage::GuidedProposal", proposed?: proposed, settings: nil, auto_settings_adjustment: adjustment) + double("Y2Storage::GuidedProposal", + proposed?: proposed, settings: nil, + auto_settings_adjustment: adjustment) end let(:adjustment) { nil } From a7fed255b4cc79207f465b8e1dc774ccdbcd9d4f Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Tue, 16 Apr 2024 14:18:45 +0200 Subject: [PATCH 14/22] rubocop --- test/y2storage/dialogs/proposal_test.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/y2storage/dialogs/proposal_test.rb b/test/y2storage/dialogs/proposal_test.rb index 26a800888..fbd537db0 100755 --- a/test/y2storage/dialogs/proposal_test.rb +++ b/test/y2storage/dialogs/proposal_test.rb @@ -124,7 +124,8 @@ def menu_button_item_with_id(id, content) let(:proposal) do double("Y2Storage::GuidedProposal", - proposed?: proposed, settings: nil, + proposed?: proposed, + settings: nil, auto_settings_adjustment: adjustment) end let(:adjustment) { nil } From 2e4fe5d881430c6e9da4f5c21e329de8030e709d Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Tue, 16 Apr 2024 14:26:37 +0200 Subject: [PATCH 15/22] rubocop --- test/y2storage/dialogs/proposal_test.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/y2storage/dialogs/proposal_test.rb b/test/y2storage/dialogs/proposal_test.rb index fbd537db0..6134d1fa6 100755 --- a/test/y2storage/dialogs/proposal_test.rb +++ b/test/y2storage/dialogs/proposal_test.rb @@ -124,9 +124,9 @@ def menu_button_item_with_id(id, content) let(:proposal) do double("Y2Storage::GuidedProposal", - proposed?: proposed, - settings: nil, - auto_settings_adjustment: adjustment) + proposed?: proposed, + settings: nil, + auto_settings_adjustment: adjustment) end let(:adjustment) { nil } From 76ab89b41414ff7d76d0b37ba71dbe039d95c6e9 Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Wed, 17 Apr 2024 09:14:47 +0200 Subject: [PATCH 16/22] testcase --- src/lib/y2storage/dialogs/proposal.rb | 7 +- test/support/widgets_context.rb | 4 +- .../guided_setup/select_scheme_test.rb | 267 ++++++++++-------- 3 files changed, 159 insertions(+), 119 deletions(-) diff --git a/src/lib/y2storage/dialogs/proposal.rb b/src/lib/y2storage/dialogs/proposal.rb index 43715a2cb..19e8483e1 100644 --- a/src/lib/y2storage/dialogs/proposal.rb +++ b/src/lib/y2storage/dialogs/proposal.rb @@ -152,10 +152,9 @@ def encryption_error !@proposal.settings.encryption_method.nil? && @proposal.settings.encryption_password.nil? ret = Yast::HTML.Para( - _("Missing encryption password - Proposal has been done without encryption.") - ) + - Yast::HTML.Newline + - _("Please use \"Guided Setup\" in order to set the password or to disable encryption.") + _("Missing encryption password - Proposal has been done without encryption.") + + Yast::HTML.Newline + + _("Please use \"Guided Setup\" in order to set the password or to disable encryption.")) ret = Yast::HTML.Colorize(ret, "red") end ret diff --git a/test/support/widgets_context.rb b/test/support/widgets_context.rb index 3d83019a7..ae22dcb24 100755 --- a/test/support/widgets_context.rb +++ b/test/support/widgets_context.rb @@ -48,7 +48,7 @@ def expect_not_select(id, value: true) end def expect_enable(id) - expect(Yast::UI).to receive(:ChangeWidget).once.with(Id(id), :Enabled, true) + expect(Yast::UI).to receive(:ChangeWidget).with(Id(id), :Enabled, true) end def expect_not_enable(id) @@ -56,7 +56,7 @@ def expect_not_enable(id) end def expect_disable(id) - expect(Yast::UI).to receive(:ChangeWidget).once.with(Id(id), :Enabled, false) + expect(Yast::UI).to receive(:ChangeWidget).with(Id(id), :Enabled, false) end def select_widget(id, value: true) diff --git a/test/y2storage/dialogs/guided_setup/select_scheme_test.rb b/test/y2storage/dialogs/guided_setup/select_scheme_test.rb index f821c8fa3..e403ed883 100755 --- a/test/y2storage/dialogs/guided_setup/select_scheme_test.rb +++ b/test/y2storage/dialogs/guided_setup/select_scheme_test.rb @@ -1,4 +1,5 @@ #!/usr/bin/env rspec +# coding: utf-8 # Copyright (c) [2017] SUSE LLC # # All Rights Reserved. @@ -47,7 +48,7 @@ describe "#run" do let(:password) { "" } let(:repeat_password) { password } - let(:encryption_method) { :luks1 } + let(:encryption_method) { :luks2 } context "when settings has not LVM" do before do @@ -135,115 +136,106 @@ end end - context "when settings has not encryption password" do - before do - settings.encryption_password = nil - end + describe "checkbox for #encryption" do + context "when settings has not encryption password" do + before do + settings.encryption_password = nil + end - it "does not select encryption by default" do - expect_not_select(:encryption) - subject.run - end - end + context "and encryption method is not set" do + before do + settings.encryption_method = nil + end - context "when settings has encryption password" do - before do - settings.encryption_password = "12345678" - end + it "does not select encryption by default" do + expect_not_select(:encryption) + subject.run + end + end - it "selects encryption by default" do - expect_select(:encryption) - subject.run - end - end + context "and encryption method is set" do + before do + settings.encryption_method = Y2Storage::EncryptionMethod::LUKS2 + end - context "when encryption is not selected" do - before do - settings.encryption_password = "12345678" - not_select_widget(:encryption) + it "selects encryption by default" do + expect_select(:encryption) + subject.run + end + end end - it "disables password fields" do - expect_disable(:password) - expect_disable(:repeat_password) - subject.run - end + context "when settings has encryption password" do + before do + settings.encryption_password = "12345678" + end - it "sets password to nil" do - subject.run - expect(settings.encryption_password).to be_nil - end - end + context "and encryption method is not set" do + before do + settings.encryption_method = nil + end - context "when encryption is selected" do - before do - select_widget(:encryption) - select_widget(:password, value: password) - select_widget(:repeat_password, value: repeat_password) - select_widget(:encryption_method, value: encryption_method) - settings.encryption_password = nil - end + it "selects encryption by default" do + expect_select(:encryption) + subject.run + end + end - it "enables password fields" do - expect_enable(:password) - expect_enable(:repeat_password) - subject.run + context "and encryption method is set" do + before do + settings.encryption_method = Y2Storage::EncryptionMethod::LUKS2 + end + + it "selects encryption by default" do + expect_select(:encryption) + subject.run + end + end end - context "and password is valid" do - let(:password) { "Val1d_pass" } + context "when encryption is not selected" do + before do + settings.encryption_password = "12345678" + not_select_widget(:encryption) + end - it "does not show an error message" do - expect(Yast::Report).not_to receive(:Warning) + it "disables password, encryption fields and " do + expect_disable(:password) + expect_disable(:repeat_password) + expect_disable(:encryption_method) + expect_disable(:encryption_pbkdf) subject.run end - it "saves password in settings" do + it "sets password to nil" do subject.run - expect(subject.settings.encryption_password).to eq(password) + expect(settings.encryption_password).to be_nil end end - context "but password is missing" do - let(:password) { "" } - include_examples("wrong password") - end - - context "but passwords do not match" do - let(:password) { "pass1" } - let(:repeat_password) { "pass2" } - include_examples("wrong password") - end - - context "but password is short" do - let(:password) { "pass" } - include_examples("wrong password") - end - - context "but password contains forbidden chars" do - let(:password) { "pássw0rd1" } - include_examples("wrong password") - end - - context "and password is weak" do + context "when encryption is selected" do before do - allow(Yast::InstExtensionImage).to receive(:LoadExtension) - .with(/cracklib/, anything).and_return(true) - allow(Yast::SCR).to receive(:Execute).with(Yast::Path.new(".crack"), password) - .and_return("an error message") - allow(Yast::Popup).to receive(:AnyQuestion).and_return(password_accepted) + select_widget(:encryption) + select_widget(:password, value: password) + select_widget(:repeat_password, value: repeat_password) + select_widget(:encryption_method, value: encryption_method) + settings.encryption_password = nil end - let(:password) { "12345678" } - let(:password_accepted) { false } - - it "shows an error message" do - expect(Yast::Popup).to receive(:AnyQuestion) + it "enables password, encryption method fields" do + expect_enable(:password) + expect_enable(:repeat_password) + expect_enable(:encryption_method) subject.run end - context "and password is accepted" do - let(:password_accepted) { true } + context "and password is valid" do + let(:password) { "Val1d_pass" } + + it "does not show an error message" do + expect(Yast::Report).not_to receive(:Warning) + subject.run + end it "saves password in settings" do subject.run @@ -251,46 +243,95 @@ end end - context "and password is not accepted" do + context "but password is missing" do + let(:password) { "" } + include_examples("wrong password") + end + + context "but passwords do not match" do + let(:password) { "pass1" } + let(:repeat_password) { "pass2" } + include_examples("wrong password") + end + + context "but password is short" do + let(:password) { "pass" } + include_examples("wrong password") + end + + context "but password contains forbidden chars" do + let(:password) { "pássw0rd1" } + include_examples("wrong password") + end + + context "and password is weak" do + before do + allow(Yast::InstExtensionImage).to receive(:LoadExtension) + .with(/cracklib/, anything).and_return(true) + allow(Yast::SCR).to receive(:Execute).with(Yast::Path.new(".crack"), password) + .and_return("an error message") + allow(Yast::Popup).to receive(:AnyQuestion).and_return(password_accepted) + end + + let(:password) { "12345678" } let(:password_accepted) { false } - it "does not save password in settings" do + it "shows an error message" do + expect(Yast::Popup).to receive(:AnyQuestion) subject.run - expect(subject.settings).not_to receive(:encryption_password=) - expect(subject.settings.encryption_password).to eq(nil) + end + + context "and password is accepted" do + let(:password_accepted) { true } + + it "saves password in settings" do + subject.run + expect(subject.settings.encryption_password).to eq(password) + end + end + + context "and password is not accepted" do + let(:password_accepted) { false } + + it "does not save password in settings" do + subject.run + expect(subject.settings).not_to receive(:encryption_password=) + expect(subject.settings.encryption_password).to eq(nil) + end end end end - end - context "when encryption is clicked" do - before do - select_widget(:encryption) - select_widget(:encryption_method, value: encryption_method) - allow(Yast::UI).to receive(:UserInput).and_return(:encryption, :abort) - end + context "when encryption is clicked" do + before do + select_widget(:encryption) + select_widget(:encryption_method, value: encryption_method) + allow(Yast::UI).to receive(:UserInput).and_return(:encryption, :abort) + end - it "focuses password field" do - expect(Yast::UI).to receive(:SetFocus) - subject.run + it "focuses password field" do + expect(Yast::UI).to receive(:SetFocus).at_least(1).times + subject.run + end end - end - context "when settings are valid" do - before do - select_widget(:lvm) - select_widget(:encryption) - select_widget(:password, value: password) - select_widget(:repeat_password, value: password) - select_widget(:encryption_method, value: encryption_method) - end + context "when settings are valid" do + before do + select_widget(:lvm) + select_widget(:encryption) + select_widget(:password, value: password) + select_widget(:repeat_password, value: password) + select_widget(:encryption_method, value: encryption_method) + end - let(:password) { "Val1d_pass" } + let(:password) { "Val1d_pass" } - it "saves settings correctly" do - subject.run - expect(subject.settings.use_lvm).to eq(true) - expect(subject.settings.encryption_password).to eq(password) + it "saves settings correctly" do + subject.run + expect(subject.settings.use_lvm).to eq(true) + expect(subject.settings.encryption_password).to eq(password) + expect(subject.settings.encryption_method.id).to eq(encryption_method) + end end end end From 5b22a2b709b76cc4c6e23b480f06e32282dac5aa Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Wed, 17 Apr 2024 09:32:33 +0200 Subject: [PATCH 17/22] testcase --- test/y2storage/dialogs/guided_setup/select_scheme_test.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/test/y2storage/dialogs/guided_setup/select_scheme_test.rb b/test/y2storage/dialogs/guided_setup/select_scheme_test.rb index e403ed883..bb7d3a89b 100755 --- a/test/y2storage/dialogs/guided_setup/select_scheme_test.rb +++ b/test/y2storage/dialogs/guided_setup/select_scheme_test.rb @@ -1,5 +1,4 @@ #!/usr/bin/env rspec -# coding: utf-8 # Copyright (c) [2017] SUSE LLC # # All Rights Reserved. From d668e5f5dabd988c8567ff31d8a6c1448c7e8d8c Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Wed, 17 Apr 2024 09:33:43 +0200 Subject: [PATCH 18/22] testcase --- src/lib/y2storage/dialogs/proposal.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lib/y2storage/dialogs/proposal.rb b/src/lib/y2storage/dialogs/proposal.rb index 19e8483e1..89525c547 100644 --- a/src/lib/y2storage/dialogs/proposal.rb +++ b/src/lib/y2storage/dialogs/proposal.rb @@ -154,7 +154,8 @@ def encryption_error ret = Yast::HTML.Para( _("Missing encryption password - Proposal has been done without encryption.") + Yast::HTML.Newline + - _("Please use \"Guided Setup\" in order to set the password or to disable encryption.")) + _("Please use \"Guided Setup\" in order to set the password or to disable encryption.") + ) ret = Yast::HTML.Colorize(ret, "red") end ret From 1de9c479204d531295b635e0d7e1012cdc7ed5c8 Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Wed, 17 Apr 2024 12:11:28 +0200 Subject: [PATCH 19/22] testcases --- .../dialogs/guided_setup/select_scheme.rb | 2 +- .../guided_setup/select_scheme_test.rb | 30 +++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/src/lib/y2storage/dialogs/guided_setup/select_scheme.rb b/src/lib/y2storage/dialogs/guided_setup/select_scheme.rb index 20d079f90..ea755ca88 100644 --- a/src/lib/y2storage/dialogs/guided_setup/select_scheme.rb +++ b/src/lib/y2storage/dialogs/guided_setup/select_scheme.rb @@ -150,7 +150,7 @@ def encryption_method_widget Opt(:notify, :hstretch), _("Encryption method"), Y2Storage::EncryptionMethod.available.reject(&:only_for_swap?).map do |m| - Item(Id(m.to_sym), m.to_human_string, false) + Item(Id(m.id), m.to_human_string, (m.id == :luks2)) end ) ) diff --git a/test/y2storage/dialogs/guided_setup/select_scheme_test.rb b/test/y2storage/dialogs/guided_setup/select_scheme_test.rb index bb7d3a89b..e00be95f9 100755 --- a/test/y2storage/dialogs/guided_setup/select_scheme_test.rb +++ b/test/y2storage/dialogs/guided_setup/select_scheme_test.rb @@ -1,4 +1,5 @@ #!/usr/bin/env rspec + # Copyright (c) [2017] SUSE LLC # # All Rights Reserved. @@ -48,6 +49,7 @@ let(:password) { "" } let(:repeat_password) { password } let(:encryption_method) { :luks2 } + let(:encryption_pbkdf) { "pbkdf2" } context "when settings has not LVM" do before do @@ -218,9 +220,33 @@ select_widget(:password, value: password) select_widget(:repeat_password, value: repeat_password) select_widget(:encryption_method, value: encryption_method) + select_widget(:encryption_method, value: encryption_method) + select_widget(:encryption_pbkdf, value: encryption_pbkdf) settings.encryption_password = nil end + context "and luks1 is selected" do + before do + select_widget(:encryption_method, value: :luks1) + end + + it "disables pbkdf field" do + expect_disable(:encryption_pbkdf) + subject.run + end + end + + context "and luks2 is selected" do + before do + select_widget(:encryption_method, value: :luks2) + end + + it "enables pbkdf field" do + expect_enable(:encryption_pbkdf) + subject.run + end + end + it "enables password, encryption method fields" do expect_enable(:password) expect_enable(:repeat_password) @@ -321,6 +347,7 @@ select_widget(:password, value: password) select_widget(:repeat_password, value: password) select_widget(:encryption_method, value: encryption_method) + select_widget(:encryption_pbkdf, value: encryption_pbkdf) if encryption_method == :luks2 end let(:password) { "Val1d_pass" } @@ -330,6 +357,9 @@ expect(subject.settings.use_lvm).to eq(true) expect(subject.settings.encryption_password).to eq(password) expect(subject.settings.encryption_method.id).to eq(encryption_method) + if encryption_method == :luks2 + expect(subject.settings.encryption_pbkdf.value).to eq(encryption_pbkdf) + end end end end From 26a6b23085ca8ad6dddeb772720baa25aced541f Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Wed, 17 Apr 2024 12:54:24 +0200 Subject: [PATCH 20/22] using PBKDF2 as default --- src/lib/y2partitioner/actions/controllers/encryption.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/y2partitioner/actions/controllers/encryption.rb b/src/lib/y2partitioner/actions/controllers/encryption.rb index b0929e0f6..e1b95aa2e 100644 --- a/src/lib/y2partitioner/actions/controllers/encryption.rb +++ b/src/lib/y2partitioner/actions/controllers/encryption.rb @@ -71,7 +71,7 @@ def initialize(fs_controller) @fs_controller = fs_controller @action = actions.first @password = encryption&.password || "" - @pbkdf = encryption&.pbkdf + @pbkdf = encryption&.pbkdf || PbkdFunction::PBKDF2 @method = initial_method @apqns = initial_apqns @label = initial_label From 7cddb4f47bf75edddba1dcb2108138363c4cdc85 Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Wed, 17 Apr 2024 13:41:38 +0200 Subject: [PATCH 21/22] using PBKDF2 as default --- src/lib/y2partitioner/actions/controllers/encryption.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/y2partitioner/actions/controllers/encryption.rb b/src/lib/y2partitioner/actions/controllers/encryption.rb index e1b95aa2e..c5b3e7598 100644 --- a/src/lib/y2partitioner/actions/controllers/encryption.rb +++ b/src/lib/y2partitioner/actions/controllers/encryption.rb @@ -71,7 +71,7 @@ def initialize(fs_controller) @fs_controller = fs_controller @action = actions.first @password = encryption&.password || "" - @pbkdf = encryption&.pbkdf || PbkdFunction::PBKDF2 + @pbkdf = encryption&.pbkdf || Y2Storage::PbkdFunction::PBKDF2 @method = initial_method @apqns = initial_apqns @label = initial_label From cede280529490e2b55bf3d30f015a50a9c85167a Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Wed, 17 Apr 2024 13:58:50 +0200 Subject: [PATCH 22/22] cleanup --- src/lib/y2storage/dialogs/proposal.rb | 1 + test/y2storage/dialogs/guided_setup/select_scheme_test.rb | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/y2storage/dialogs/proposal.rb b/src/lib/y2storage/dialogs/proposal.rb index 89525c547..af1857d8c 100644 --- a/src/lib/y2storage/dialogs/proposal.rb +++ b/src/lib/y2storage/dialogs/proposal.rb @@ -126,6 +126,7 @@ def summary # TODO: if there is a proposal, use the meaningful description with # hyperlinks instead of just delegating the summary to libstorage content = devicegraph ? actions_html : failure_html + RichText(Id(:summary), content) end diff --git a/test/y2storage/dialogs/guided_setup/select_scheme_test.rb b/test/y2storage/dialogs/guided_setup/select_scheme_test.rb index e00be95f9..7eadaebdc 100755 --- a/test/y2storage/dialogs/guided_setup/select_scheme_test.rb +++ b/test/y2storage/dialogs/guided_setup/select_scheme_test.rb @@ -1,5 +1,4 @@ #!/usr/bin/env rspec - # Copyright (c) [2017] SUSE LLC # # All Rights Reserved.