[lvm-devel] [PATCH 13/15] Add --keyfile option.

Milan Broz mbroz at redhat.com
Wed Jan 21 11:19:54 UTC 2009 

Allow input of key from file (or standard input)
by specifying --keyfile on commandline.

If the file is "-" stdin is used, e.g.
echo $key | lvcreate ...

(It is not safe, but useful in scripts. Similar approach
is used in cryptsetup.)

Currently supported only for lvcreate, vgchange, lvchange.

Signed-off-by: Milan Broz <mbroz at redhat.com>
---
 tools/args.h     |    1 +
 tools/commands.h |   17 +++++++++--------
 tools/lvchange.c |    7 +++++++
 tools/lvcreate.c |    7 +++++++
 tools/vgchange.c |    7 +++++++
 5 files changed, 31 insertions(+), 8 deletions(-)

diff --git a/tools/args.h b/tools/args.h
index a1347ea..cacbb2b 100644
--- a/tools/args.h
+++ b/tools/args.h
@@ -60,6 +60,7 @@ arg(rows_ARG, '\0', "rows", NULL, 0)
 arg(crypt_ARG, '\0', "crypt", string_arg, 0)
 arg(cipher_ARG, '\0', "cipher", string_arg, 0)
 arg(keysize_ARG, '\0', "keysize", int_arg, 0)
+arg(keyfile_ARG, '\0', "keyfile", string_arg, 0)
 
 /* Allow some variations */
 arg(resizable_ARG, '\0', "resizable", yes_no_arg, 0)
diff --git a/tools/commands.h b/tools/commands.h
index deb300b..07c472e 100644
--- a/tools/commands.h
+++ b/tools/commands.h
@@ -85,9 +85,10 @@ xx(lvchange,
    "\tLogicalVolume[Path] [LogicalVolume[Path]...]\n",
 
    alloc_ARG, autobackup_ARG, available_ARG, contiguous_ARG, force_ARG,
-   ignorelockingfailure_ARG, ignoremonitoring_ARG, major_ARG, minor_ARG,
-   monitor_ARG, partial_ARG, permission_ARG, persistent_ARG, readahead_ARG,
-   resync_ARG, refresh_ARG, addtag_ARG, deltag_ARG, test_ARG, yes_ARG)
+   ignorelockingfailure_ARG, ignoremonitoring_ARG, keyfile_ARG, major_ARG,
+   minor_ARG, monitor_ARG, partial_ARG, permission_ARG, persistent_ARG,
+   readahead_ARG, resync_ARG, refresh_ARG, addtag_ARG, deltag_ARG, test_ARG,
+   yes_ARG)
 
 xx(lvconvert,
    "Change logical volume layout",
@@ -136,7 +137,7 @@ xx(lvcreate,
    "\t -L|--size LogicalVolumeSize[kKmMgGtTpPeE]}\n"
    "\t[-M|--persistent {y|n}] [--major major] [--minor minor]\n"
    "\t[-m|--mirrors Mirrors [--nosync] [{--mirrorlog {disk|core}|--corelog}]]\n"
-   "\t[--crypt KeyStoreType --cipher Cipher --keysize KeySize]\n"
+   "\t[--crypt KeyStoreType --cipher Cipher --keysize KeySize [--keyfile filename]]\n"
    "\t[--crypt TemplateLogicalVolume[Path]]\n"
    "\t[-n|--name LogicalVolumeName]\n"
    "\t[-p|--permission {r|rw}]\n"
@@ -171,7 +172,7 @@ xx(lvcreate,
 
    addtag_ARG, alloc_ARG, autobackup_ARG, chunksize_ARG, cipher_ARG,
    contiguous_ARG, corelog_ARG, crypt_ARG, extents_ARG, keysize_ARG,
-   major_ARG, minor_ARG, mirrorlog_ARG, mirrors_ARG, name_ARG,
+   keyfile_ARG, major_ARG, minor_ARG, mirrorlog_ARG, mirrors_ARG, name_ARG,
    nosync_ARG, permission_ARG, persistent_ARG, readahead_ARG,
    regionsize_ARG, size_ARG, snapshot_ARG, stripes_ARG, stripesize_ARG,
    test_ARG, type_ARG, zero_ARG)
@@ -689,9 +690,9 @@ xx(vgchange,
 
    addtag_ARG, alloc_ARG, allocation_ARG, autobackup_ARG, available_ARG,
    clustered_ARG, deltag_ARG, ignorelockingfailure_ARG, ignoremonitoring_ARG,
-   logicalvolume_ARG, maxphysicalvolumes_ARG, monitor_ARG, partial_ARG,
-   physicalextentsize_ARG, refresh_ARG, resizeable_ARG, resizable_ARG,
-   test_ARG, uuid_ARG)
+   keyfile_ARG, logicalvolume_ARG, maxphysicalvolumes_ARG, monitor_ARG,
+   partial_ARG, physicalextentsize_ARG, refresh_ARG, resizeable_ARG,
+   resizable_ARG, test_ARG, uuid_ARG)
 
 xx(vgck,
    "Check the consistency of volume group(s)",
diff --git a/tools/lvchange.c b/tools/lvchange.c
index cd0ff5a..0a4778f 100644
--- a/tools/lvchange.c
+++ b/tools/lvchange.c
@@ -728,6 +728,13 @@ int lvchange(struct cmd_context *cmd, int argc, char **argv)
 		return EINVALID_CMD_LINE;
 	}
 
+	if (arg_count(cmd, keyfile_ARG) &&
+	    !lvm_set_password_dev(arg_value(cmd, keyfile_ARG))) {
+		log_error("--keyfile argument %s is invalid",
+			  arg_value(cmd, keyfile_ARG));
+		return EINVALID_CMD_LINE;
+	}
+
 	return process_each_lv(cmd, argc, argv, LCK_VG_WRITE, NULL,
 			       &lvchange_single);
 }
diff --git a/tools/lvcreate.c b/tools/lvcreate.c
index e0f59be..6eea76d 100644
--- a/tools/lvcreate.c
+++ b/tools/lvcreate.c
@@ -342,6 +342,13 @@ static int _read_crypt_params(struct lvcreate_params *lp,
 	if (!arg_count(cmd, crypt_ARG))
 		return 1;
 
+	if (arg_count(cmd, keyfile_ARG) &&
+	    !lvm_set_password_dev(arg_value(cmd, keyfile_ARG))) {
+		log_error("--keyfile argument %s is invalid",
+			  arg_value(cmd, keyfile_ARG));
+		return 0;
+	}
+
 	if (arg_count(cmd, cipher_ARG)) {
 		/*
 		 * Explicit cipher specification
diff --git a/tools/vgchange.c b/tools/vgchange.c
index 8831a23..ed00744 100644
--- a/tools/vgchange.c
+++ b/tools/vgchange.c
@@ -631,6 +631,13 @@ int vgchange(struct cmd_context *cmd, int argc, char **argv)
 		return EINVALID_CMD_LINE;
 	}
 
+	if (arg_count(cmd, keyfile_ARG) &&
+	    !lvm_set_password_dev(arg_value(cmd, keyfile_ARG))) {
+		log_error("--keyfile argument %s is invalid",
+			  arg_value(cmd, keyfile_ARG));
+		return EINVALID_CMD_LINE;
+	}
+
 	return process_each_vg(cmd, argc, argv,
 			       (arg_count(cmd, available_ARG)) ?
 			       LCK_VG_READ : LCK_VG_WRITE, 0, NULL,
-- 
1.5.6.5

More information about the lvm-devel mailing list