/* Simple implementation of decryption: look for any crypto_LUKS
* partitions and decrypt them, then rescan for VGs. This only works
* for Fedora whole-disk encryption. WIP to make this work for other
* encryption schemes.
*/
void
inspect_do_decrypt (void)
{
CLEANUP_FREE_STRING_LIST char **partitions = guestfs_list_partitions (g);
if (partitions == NULL)
exit (EXIT_FAILURE);
int need_rescan = 0;
size_t i;
for (i = 0; partitions[i] != NULL; ++i) {
CLEANUP_FREE char *type = guestfs_vfs_type (g, partitions[i]);
if (type && STREQ (type, "crypto_LUKS")) {
char mapname[32];
make_mapname (partitions[i], mapname, sizeof mapname);
CLEANUP_FREE char *key = read_key (partitions[i]);
/* XXX Should we call guestfs_luks_open_ro if readonly flag
* is set? This might break 'mount_ro'.
*/
if (guestfs_luks_open (g, partitions[i], key, mapname) == -1)
exit (EXIT_FAILURE);
need_rescan = 1;
}
}
if (need_rescan) {
if (guestfs_vgscan (g) == -1)
exit (EXIT_FAILURE);
if (guestfs_vg_activate_all (g, 1) == -1)
exit (EXIT_FAILURE);
}
}
/* Rescan everything so the kernel knows that there are no partition
* tables, VGs etc. Returns 0 on success, 1 if we need to retry.
*/
static int
do_rescan (char **devices)
{
size_t i;
size_t errors = 0;
guestfs_push_error_handler (g, NULL, NULL);
for (i = 0; devices[i] != NULL; ++i) {
if (guestfs_blockdev_rereadpt (g, devices[i]) == -1)
errors++;
}
if (guestfs_vgscan (g) == -1)
errors++;
guestfs_pop_error_handler (g);
return errors ? 1 : 0;
}