diff mbox series

[2/2] encrypt: add ceph support

Message ID 20221026070418.259351-3-xiubli@redhat.com
State New
Headers show
Series encrypt: add ceph support | expand

Commit Message

Xiubo Li Oct. 26, 2022, 7:04 a.m. UTC 
From: Xiubo Li <xiubli@redhat.com>

For ceph we couldn't use the mkfs to check whether the encryption
is support or not, we need to mount it first and then check the
'set_encpolicy', etc.

Signed-off-by: Xiubo Li <xiubli@redhat.com>
---
 common/encrypt | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
diff mbox series

Patch

diff --git a/common/encrypt b/common/encrypt
index fd620c41..e837c9de 100644
--- a/common/encrypt
+++ b/common/encrypt
@@ -153,6 +153,23 @@  _scratch_check_encrypted()
 		# erase the UBI volume; reformated automatically on next mount
 		$UBIUPDATEVOL_PROG ${SCRATCH_DEV} -t
 		;;
+	ceph)
+		# Try to mount the filesystem. We need to check whether the encryption
+		# is support or not via the ioctl cmd, such as 'set_encpolicy'.
+		if ! _try_scratch_mount &>>$seqres.full; then
+			_notrun "kernel is unaware of $FSTYP encryption feature," \
+				"or mkfs options are not compatible with encryption"
+		fi
+
+		mkdir $SCRATCH_MNT/tmpdir
+		if _set_encpolicy $SCRATCH_MNT/tmpdir 2>&1 >>$seqres.full | \
+			grep -Eq 'Inappropriate ioctl for device|Operation not supported'
+		then
+			_notrun "kernel does not support $FSTYP encryption"
+		fi
+		rmdir $SCRATCH_MNT/tmpdir
+		_scratch_unmount
+		;;
 	*)
 		_notrun "No encryption support for $FSTYP"
 		;;