bcachefs-tools: 1.7.0 -> 1.7.0-unstable-2024-05-09

Moved temporarily to unstable to fix https://github.com/NixOS/nixpkgs/issues/313350 Also vendor the updated patch for https://github.com/NixOS/nixpkgs/issues/309388 from https://github.com/koverstreet/bcachefs-tools/pull/263 (cherry picked from commit 10378661e5)
2024-12-01 19:33:03 +00:00 · 2024-05-21 20:58:49 +05:30 · 2024-05-21 20:58:49 +05:30 · f79e28fb04
commit f79e28fb04
parent 84bcce509d
2 changed files with 99 additions and 9 deletions
--- a/pkgs/by-name/bc/bcachefs-tools/fix-encrypted-boot.patch
+++ b/pkgs/by-name/bc/bcachefs-tools/fix-encrypted-boot.patch
@ -0,0 +1,92 @@
+From f76ad4da12e6a65550d564bb626a1429ae75433a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20M=C3=BChlbacher?= <tmuehlbacher@posteo.net>
+Date: Thu, 9 May 2024 23:52:47 +0200
+Subject: [PATCH 1/2] `check_for_key` before `ask_for_passphrase`
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+let's always first check if there is already a key in the keyring
+available before we try to get the key from some more involved means.
+
+Fixes: #261
+Signed-off-by: Thomas Mühlbacher <tmuehlbacher@posteo.net>
+---
+ src/commands/mount.rs | 13 +++++++++++--
+ src/key.rs            |  4 +++-
+ 2 files changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/src/commands/mount.rs b/src/commands/mount.rs
+index 9414c77f..34a741cb 100644
+--- a/src/commands/mount.rs
+++ b/src/commands/mount.rs
+@@ -344,8 +344,17 @@ fn cmd_mount_inner(opt: Cli) -> anyhow::Result<()> {
+     if block_devices_to_mount.len() == 0 {
+         Err(anyhow::anyhow!("No device found from specified parameters"))?;
+     }
+-    // Check if the filesystem's master key is encrypted
+-    if unsafe { bcachefs::bch2_sb_is_encrypted_and_locked(block_devices_to_mount[0].sb) } {
+
+    let key_name = CString::new(format!(
+        "bcachefs:{}",
+        block_devices_to_mount[0].sb().uuid()
+    ))
+    .unwrap();
+
+    // Check if the filesystem's master key is encrypted and we don't have a key
+    if unsafe { bcachefs::bch2_sb_is_encrypted_and_locked(block_devices_to_mount[0].sb) }
+        && !key::check_for_key(&key_name)?
+    {
+         // First by password_file, if available
+         let fallback_to_unlock_policy = if let Some(passphrase_file) = &opt.passphrase_file {
+             match key::read_from_passphrase_file(&block_devices_to_mount[0], passphrase_file.as_path()) {
+diff --git a/src/key.rs b/src/key.rs
+index d0018805..568b3cdb 100644
+--- a/src/key.rs
+++ b/src/key.rs
+@@ -58,7 +58,7 @@ impl fmt::Display for UnlockPolicy {
+     }
+ }
+ 
+-fn check_for_key(key_name: &std::ffi::CStr) -> anyhow::Result<bool> {
+pub fn check_for_key(key_name: &std::ffi::CStr) -> anyhow::Result<bool> {
+     use bch_bindgen::keyutils::{self, keyctl_search};
+     let key_name = key_name.to_bytes_with_nul().as_ptr() as *const _;
+     let key_type = c_str!("user");
+@@ -86,10 +86,12 @@ fn wait_for_unlock(uuid: &uuid::Uuid) -> anyhow::Result<()> {
+     }
+ }
+ 
+// blocks indefinitely if no input is available on stdin
+ fn ask_for_passphrase(sb: &bch_sb_handle) -> anyhow::Result<()> {
+     let passphrase = if stdin().is_terminal() {
+         rpassword::prompt_password("Enter passphrase: ")?
+     } else {
+        info!("Trying to read passphrase from stdin...");
+         let mut line = String::new();
+         stdin().read_line(&mut line)?;
+         line
+
+From 734ccc58f42c3cccb0960bdd84808839e2b62ca9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20M=C3=BChlbacher?= <tmuehlbacher@posteo.net>
+Date: Sun, 12 May 2024 19:39:19 +0200
+Subject: [PATCH 2/2] fix unfortunate typo
+
+causes mounting encrypted devices to become stuck in a busy loop.
+---
+ include/crypto/skcipher.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h
+index 70905a5a..833729dc 100644
+--- a/include/crypto/skcipher.h
+++ b/include/crypto/skcipher.h
+@@ -112,7 +112,7 @@ static inline void skcipher_request_set_sync_tfm(struct skcipher_request *req,
+ 	skcipher_request_set_tfm(req, &tfm->base);
+ }
+ 
+-#define skcipher_request_set_callback(...) do {} while (9)
+#define skcipher_request_set_callback(...) do {} while (0)
+ 
+ static inline void skcipher_request_set_crypt(
+ 	struct skcipher_request *req,
--- a/pkgs/by-name/bc/bcachefs-tools/package.nix
+++ b/pkgs/by-name/bc/bcachefs-tools/package.nix
@ -2,7 +2,6 @@
  lib,
  stdenv,
  fetchFromGitHub,
-  fetchpatch,
  pkg-config,
  libuuid,
  libsodium,
@ -27,13 +26,15 @@

 stdenv.mkDerivation (finalAttrs: {
  pname = "bcachefs-tools";
-  version = "1.7.0";
+  version = "1.7.0-unstable-2024-05-09";

  src = fetchFromGitHub {
    owner = "koverstreet";
    repo = "bcachefs-tools";
-    rev = "v${finalAttrs.version}";
-    hash = "sha256-nHT18bADESDBHoo9P+J3gGc092hRYs2vaWupgqlkvaA=";
+    # FIXME: switch to a tagged release once available > 1.7.0
+    # Fix for https://github.com/NixOS/nixpkgs/issues/313350
+    rev = "3ac510f6a41feb1b695381fa30869d557c00b822";
+    hash = "sha256-ZmkeYPiCy7vkXnMFbtUF4761K+I+Ef7UbmSY7dJG09U=";
  };

  nativeBuildInputs = [
@ -76,11 +77,8 @@ stdenv.mkDerivation (finalAttrs: {
  patches = [
    # code refactoring of bcachefs-tools broke reading passphrases from stdin (vs. terminal)
    # upstream issue https://github.com/koverstreet/bcachefs-tools/issues/261
-    (fetchpatch {
-    url = "https://github.com/koverstreet/bcachefs-tools/commit/38b0cb721d2a35f5a4af429bc7bd367461f2fa26.patch";
-    hash = "sha256-/9reye+Qoa+EMkS+wfdX+KwDeLHHJ/S+Qm7sWl0MtqM=";
-  })
-];
+    ./fix-encrypted-boot.patch
+  ];

  preCheck = lib.optionalString (!fuseSupport) ''
    rm tests/test_fuse.py