Feature request: Changing the UUID of a LUKS device [patch]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

First, thanks to those who pointed to the sources some time ago (and hjertelig hilsen to Heinz...)

On occasion I have had to restore the contents of an encrypted root partition from an archive onto a newly luksFormatted partition. I have then had to manually update the initramfs to use the new UUID assigned by the format, e.g. by chrooting in, editing the crypttab, and updating the initramfs ignoring the errors... Or by unpacking and repacking the initramfs to change the cryptroot entry.

It would be much cleaner if it were possible to change the UUID of the newly formatted device back to the old value. Filesystem tools generally lets you change the UUID of devices, e.g. tune2fs, or mdadm, which lets you change the UUIDs of array members. It would be great if cryptsetup had this functionality too, since it is the comparable tool for devices of type crypto_LUKS.

Since there is already the luksUUID command, all that is needed is to check for a second (optional) positional argument:

luksUUID <device> [<new UUID>] - print or change UUID of LUKS device

...and if present, do a validity check and then write back the LUKS header.

I prepared the attached patch, which I hope you will accept or use as inspiration for similar functionality. As is, it does not ask for confirmation, and it will happily change the UUID of a mounted device - but tune2fs behaves the same in this respect.

In use it looks like this:

# losetup -f test.img
# cryptsetup luksUUID /dev/loop0
cc4f1071-e71a-40e8-98b9-1bc6827a0104
# cryptsetup luksUUID /dev/loop0 bff6f2e5-779f-4d05-a8a3-e8d0f93441e2
bff6f2e5-779f-4d05-a8a3-e8d0f93441e2
# cryptsetup luksUUID /dev/loop0
bff6f2e5-779f-4d05-a8a3-e8d0f93441e2
# cryptsetup luksUUID /dev/loop0 ebd59304:eb83045c:a1f89c74:c6d2cb8b
Invalid format, UUID not changed
Command failed.
# cryptsetup luksUUID /dev/loop0
bff6f2e5-779f-4d05-a8a3-e8d0f93441e2
# losetup -d /dev/loop0
# losetup -r -f test.img
# cryptsetup luksUUID /dev/loop0 cc4f1071-e71a-40e8-98b9-1bc6827a0104
Command failed.

The last test (attempting to change the UUID of a read-only device) revealed a potential bug, to be posted separately...

Best regards,
Jacob Nielsen
Index: src/cryptsetup.c
===================================================================
--- src/cryptsetup.c	(revision 58)
+++ src/cryptsetup.c	(working copy)
@@ -66,7 +66,7 @@
 	{ "luksAddKey",	action_luksAddKey, 0, 1, N_("<device> [<new key file>]"), N_("add key to LUKS device") },
 	{ "luksRemoveKey", action_luksRemoveKey, 0, 1, N_("<device> [<key file>]"), N_("removes supplied key or key file from LUKS device") },
 	{ "luksKillSlot",  action_luksKillSlot, 0, 2, N_("<device> <key slot>"), N_("wipes key with number <key slot> from LUKS device") },
-	{ "luksUUID",	action_luksUUID, 0, 1, N_("<device>"), N_("print UUID of LUKS device") },
+	{ "luksUUID",	action_luksUUID, 0, 1, N_("<device> [<new UUID>]"), N_("print or change UUID of LUKS device") },
 	{ "isLuks",	action_isLuks, 0, 1, N_("<device>"), N_("tests <device> for LUKS partition header") },
 	{ "luksClose",	action_remove, 0, 1, N_("<name>"), N_("remove LUKS mapping") },
 	{ "luksDump",	action_luksDump, 0, 1, N_("<device>"), N_("dump LUKS partition information") },
@@ -370,6 +370,7 @@
 	struct crypt_options options = {
 		.device = action_argv[0],
 		.icb = &cmd_icb,
+		.new_uuid = action_argc>1?action_argv[1]:NULL,
 	};
 	int r;
 
Index: lib/libcryptsetup.h
===================================================================
--- lib/libcryptsetup.h	(revision 58)
+++ lib/libcryptsetup.h	(working copy)
@@ -22,6 +22,8 @@
 	const char	*name;
 	const char	*device;
 
+	const char      *new_uuid;
+
 	const char	*cipher;
 	const char	*hash;
 
Index: lib/setup.c
===================================================================
--- lib/setup.c	(revision 58)
+++ lib/setup.c	(working copy)
@@ -10,6 +10,7 @@
 #include <errno.h>
 #include <signal.h>
 #include <assert.h>
+#include <uuid/uuid.h>
 
 #include "libcryptsetup.h"
 #include "internal.h"
@@ -767,10 +768,23 @@
 {
 	struct luks_phdr hdr;
 	int r;
+	uuid_t test_uuid;
 
 	r = LUKS_read_phdr(options->device,&hdr);
 	if(r < 0) return r;
 
+	if (options->new_uuid) {
+
+     		if (!uuid_parse(options->new_uuid,test_uuid)) {
+			uuid_unparse(test_uuid, hdr.uuid);
+			r = LUKS_write_phdr(options->device,&hdr);
+			if(r < 0) return r;
+		}
+		else {
+			options->icb->log(CRYPT_LOG_ERROR,"Invalid format, UUID not changed\n");
+			return -EINVAL;
+		}
+	}
 	options->icb->log(CRYPT_LOG_NORMAL,hdr.uuid);
 	options->icb->log(CRYPT_LOG_NORMAL,"\n");
 	return 0;

---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx

[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux