[lvm-devel] [PATCH 13/15] Add --keyfile option.
Milan Broz
mbroz at redhat.com
Wed Jan 21 11:19:54 UTC 2009
Allow input of key from file (or standard input)
by specifying --keyfile on commandline.
If the file is "-" stdin is used, e.g.
echo $key | lvcreate ...
(It is not safe, but useful in scripts. Similar approach
is used in cryptsetup.)
Currently supported only for lvcreate, vgchange, lvchange.
Signed-off-by: Milan Broz <mbroz at redhat.com>
---
tools/args.h | 1 +
tools/commands.h | 17 +++++++++--------
tools/lvchange.c | 7 +++++++
tools/lvcreate.c | 7 +++++++
tools/vgchange.c | 7 +++++++
5 files changed, 31 insertions(+), 8 deletions(-)
diff --git a/tools/args.h b/tools/args.h
index a1347ea..cacbb2b 100644
--- a/tools/args.h
+++ b/tools/args.h
@@ -60,6 +60,7 @@ arg(rows_ARG, '\0', "rows", NULL, 0)
arg(crypt_ARG, '\0', "crypt", string_arg, 0)
arg(cipher_ARG, '\0', "cipher", string_arg, 0)
arg(keysize_ARG, '\0', "keysize", int_arg, 0)
+arg(keyfile_ARG, '\0', "keyfile", string_arg, 0)
/* Allow some variations */
arg(resizable_ARG, '\0', "resizable", yes_no_arg, 0)
diff --git a/tools/commands.h b/tools/commands.h
index deb300b..07c472e 100644
--- a/tools/commands.h
+++ b/tools/commands.h
@@ -85,9 +85,10 @@ xx(lvchange,
"\tLogicalVolume[Path] [LogicalVolume[Path]...]\n",
alloc_ARG, autobackup_ARG, available_ARG, contiguous_ARG, force_ARG,
- ignorelockingfailure_ARG, ignoremonitoring_ARG, major_ARG, minor_ARG,
- monitor_ARG, partial_ARG, permission_ARG, persistent_ARG, readahead_ARG,
- resync_ARG, refresh_ARG, addtag_ARG, deltag_ARG, test_ARG, yes_ARG)
+ ignorelockingfailure_ARG, ignoremonitoring_ARG, keyfile_ARG, major_ARG,
+ minor_ARG, monitor_ARG, partial_ARG, permission_ARG, persistent_ARG,
+ readahead_ARG, resync_ARG, refresh_ARG, addtag_ARG, deltag_ARG, test_ARG,
+ yes_ARG)
xx(lvconvert,
"Change logical volume layout",
@@ -136,7 +137,7 @@ xx(lvcreate,
"\t -L|--size LogicalVolumeSize[kKmMgGtTpPeE]}\n"
"\t[-M|--persistent {y|n}] [--major major] [--minor minor]\n"
"\t[-m|--mirrors Mirrors [--nosync] [{--mirrorlog {disk|core}|--corelog}]]\n"
- "\t[--crypt KeyStoreType --cipher Cipher --keysize KeySize]\n"
+ "\t[--crypt KeyStoreType --cipher Cipher --keysize KeySize [--keyfile filename]]\n"
"\t[--crypt TemplateLogicalVolume[Path]]\n"
"\t[-n|--name LogicalVolumeName]\n"
"\t[-p|--permission {r|rw}]\n"
@@ -171,7 +172,7 @@ xx(lvcreate,
addtag_ARG, alloc_ARG, autobackup_ARG, chunksize_ARG, cipher_ARG,
contiguous_ARG, corelog_ARG, crypt_ARG, extents_ARG, keysize_ARG,
- major_ARG, minor_ARG, mirrorlog_ARG, mirrors_ARG, name_ARG,
+ keyfile_ARG, major_ARG, minor_ARG, mirrorlog_ARG, mirrors_ARG, name_ARG,
nosync_ARG, permission_ARG, persistent_ARG, readahead_ARG,
regionsize_ARG, size_ARG, snapshot_ARG, stripes_ARG, stripesize_ARG,
test_ARG, type_ARG, zero_ARG)
@@ -689,9 +690,9 @@ xx(vgchange,
addtag_ARG, alloc_ARG, allocation_ARG, autobackup_ARG, available_ARG,
clustered_ARG, deltag_ARG, ignorelockingfailure_ARG, ignoremonitoring_ARG,
- logicalvolume_ARG, maxphysicalvolumes_ARG, monitor_ARG, partial_ARG,
- physicalextentsize_ARG, refresh_ARG, resizeable_ARG, resizable_ARG,
- test_ARG, uuid_ARG)
+ keyfile_ARG, logicalvolume_ARG, maxphysicalvolumes_ARG, monitor_ARG,
+ partial_ARG, physicalextentsize_ARG, refresh_ARG, resizeable_ARG,
+ resizable_ARG, test_ARG, uuid_ARG)
xx(vgck,
"Check the consistency of volume group(s)",
diff --git a/tools/lvchange.c b/tools/lvchange.c
index cd0ff5a..0a4778f 100644
--- a/tools/lvchange.c
+++ b/tools/lvchange.c
@@ -728,6 +728,13 @@ int lvchange(struct cmd_context *cmd, int argc, char **argv)
return EINVALID_CMD_LINE;
}
+ if (arg_count(cmd, keyfile_ARG) &&
+ !lvm_set_password_dev(arg_value(cmd, keyfile_ARG))) {
+ log_error("--keyfile argument %s is invalid",
+ arg_value(cmd, keyfile_ARG));
+ return EINVALID_CMD_LINE;
+ }
+
return process_each_lv(cmd, argc, argv, LCK_VG_WRITE, NULL,
&lvchange_single);
}
diff --git a/tools/lvcreate.c b/tools/lvcreate.c
index e0f59be..6eea76d 100644
--- a/tools/lvcreate.c
+++ b/tools/lvcreate.c
@@ -342,6 +342,13 @@ static int _read_crypt_params(struct lvcreate_params *lp,
if (!arg_count(cmd, crypt_ARG))
return 1;
+ if (arg_count(cmd, keyfile_ARG) &&
+ !lvm_set_password_dev(arg_value(cmd, keyfile_ARG))) {
+ log_error("--keyfile argument %s is invalid",
+ arg_value(cmd, keyfile_ARG));
+ return 0;
+ }
+
if (arg_count(cmd, cipher_ARG)) {
/*
* Explicit cipher specification
diff --git a/tools/vgchange.c b/tools/vgchange.c
index 8831a23..ed00744 100644
--- a/tools/vgchange.c
+++ b/tools/vgchange.c
@@ -631,6 +631,13 @@ int vgchange(struct cmd_context *cmd, int argc, char **argv)
return EINVALID_CMD_LINE;
}
+ if (arg_count(cmd, keyfile_ARG) &&
+ !lvm_set_password_dev(arg_value(cmd, keyfile_ARG))) {
+ log_error("--keyfile argument %s is invalid",
+ arg_value(cmd, keyfile_ARG));
+ return EINVALID_CMD_LINE;
+ }
+
return process_each_vg(cmd, argc, argv,
(arg_count(cmd, available_ARG)) ?
LCK_VG_READ : LCK_VG_WRITE, 0, NULL,
--
1.5.6.5
More information about the lvm-devel
mailing list