From 7d3e4fdc0315ca756bc0e2f556f3cb995e61341a Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sat, 17 Aug 2024 13:06:11 -0400 Subject: [PATCH] Revert+adapt "WiP: fake cryptsetup reencrypt call for testing local one last time: seems like luks passphrase change only happens on one of the containers; not all" This reverts commit 20e9392b97c9ed42b85ae930a163131997640a44. To test this PR without reencryption, just 'git revert' this commit Signed-off-by: Thierry Laurion --- initrd/etc/luks-functions | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/initrd/etc/luks-functions b/initrd/etc/luks-functions index 0510071d..6f95a1c2 100644 --- a/initrd/etc/luks-functions +++ b/initrd/etc/luks-functions @@ -470,12 +470,11 @@ luks_reencrypt() { # --force-offline-reencrypt forces the reencryption to be done offline (no read/write operations on the device) # --disable-locks disables the lock feature of cryptsetup, which is enabled by default - #if ! DO_WITH_DEBUG cryptsetup reencrypt \ - #--perf-no_read_workqueue --perf-no_write_workqueue \ - #--resilience=none --force-offline-reencrypt --disable-locks \ - #"$luks_container" --key-slot "$DRK_KEYSLOT" \ - #--key-file /tmp/secret/luks_current_Disk_Recovery_Key_passphrase; then - if ! DO_WITH_DEBUG echo "fake cryptsetup reencrypt call"; then + if ! DO_WITH_DEBUG cryptsetup reencrypt \ + --perf-no_read_workqueue --perf-no_write_workqueue \ + --resilience=none --force-offline-reencrypt --disable-locks \ + "$luks_container" --key-slot "$DRK_KEYSLOT" \ + --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase; then whiptail --title "$luks_container: Wrong current LUKS Disk Recovery Key passphrase?" --msgbox \ "If you previously changed it and do not remember it, you will have to\n reinstall the OS from a an external drive.\n\nTo do so, place the ISO file and its signature file on root of an\n external drive, and select Options-> Boot from USB \n\nHit Enter to retry." 0 80