/* Simple implementation of decryption: look for any crypto_LUKS * partitions and decrypt them, then rescan for VGs. This only works * for Fedora whole-disk encryption. WIP to make this work for other * encryption schemes. */ void inspect_do_decrypt (void) { CLEANUP_FREE_STRING_LIST char **partitions = guestfs_list_partitions (g); if (partitions == NULL) exit (EXIT_FAILURE); int need_rescan = 0; size_t i; for (i = 0; partitions[i] != NULL; ++i) { CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]); if (type && STREQ (type, "crypto_LUKS")) { char mapname[32]; make_mapname (partitions[i], mapname, sizeof mapname); CLEANUP_FREE char *key = read_key (partitions[i]); /* XXX Should we call guestfs_luks_open_ro if readonly flag * is set? This might break 'mount_ro'. */ if (guestfs_luks_open (g, partitions[i], key, mapname) == -1) exit (EXIT_FAILURE); need_rescan = 1; } } if (need_rescan) { if (guestfs_vgscan (g) == -1) exit (EXIT_FAILURE); if (guestfs_vg_activate_all (g, 1) == -1) exit (EXIT_FAILURE); } }
/* Rescan everything so the kernel knows that there are no partition * tables, VGs etc. Returns 0 on success, 1 if we need to retry. */ static int do_rescan (char **devices) { size_t i; size_t errors = 0; guestfs_push_error_handler (g, NULL, NULL); for (i = 0; devices[i] != NULL; ++i) { if (guestfs_blockdev_rereadpt (g, devices[i]) == -1) errors++; } if (guestfs_vgscan (g) == -1) errors++; guestfs_pop_error_handler (g); return errors ? 1 : 0; }