git.ipfire.org Git - thirdparty/systemd.git/commit

dissect: add support for encrypted images

This adds support to the image dissector to deal with encrypted images (only
LUKS). Given that we now have a neatly isolated image dissector codebase, let's
add a new feature to it: support for automatically dealing with encrypted
images. This is then exposed in systemd-dissect and nspawn.

It's pretty basic: only support for passphrase-based encryption.

In order to ensure that "systemd-dissect --mount" results in mount points whose
backing LUKS DM devices are cleaned up automatically we use the DM_DEV_REMOVE
ioctl() directly on the device (in DM_DEFERRED_REMOVE mode). libgcryptsetup at
the moment doesn't provide a proper API for this. Thankfully, the ioctl() API
is pretty easy to use.

author	Lennart Poettering <lennart@poettering.net>
	Mon, 5 Dec 2016 15:26:48 +0000 (16:26 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Wed, 7 Dec 2016 17:38:41 +0000 (18:38 +0100)
commit	18b5886e562a3702ed8923e568a7555d2ab1880a
tree	f5dd924a0fd9f5e8436b3bf85c72167ac89eae32	tree \| snapshot
parent	cf139e6025d499eb93ff51acb1218662a208ff96	commit \| diff

Makefile.am		diff \| blob \| blame \| history
src/dissect/dissect.c		diff \| blob \| blame \| history
src/machine/image-dbus.c		diff \| blob \| blame \| history
src/nspawn/nspawn.c		diff \| blob \| blame \| history
src/shared/dissect-image.c		diff \| blob \| blame \| history
src/shared/dissect-image.h		diff \| blob \| blame \| history