repart: Use crypt_reencrypt_run() if available

crypt_reencrypt() is deprecated, so let's look for and prefer crypt_reencrypt_run() if it is available.
2024-07-03 08:29:25 +00:00 · 2024-06-02 16:24:52 +02:00 · 2024-06-02 16:24:52 +02:00 · b99b294127
commit b99b294127
parent 364c948707
4 changed files with 17 additions and 15 deletions
--- a/meson.build
+++ b/meson.build
@ -1262,6 +1262,7 @@ foreach ident : ['crypt_set_metadata_size',
                 'crypt_token_max',
                 'crypt_reencrypt_init_by_passphrase',
                 'crypt_reencrypt',
+                 'crypt_reencrypt_run',
                 'crypt_set_data_offset',
                 'crypt_set_keyring_to_link',
                 'crypt_resume_by_volume_key']
--- a/src/partition/repart.c
+++ b/src/partition/repart.c
@ -3913,7 +3913,7 @@ static int partition_target_sync(Context *context, Partition *p, PartitionTarget
 }

 static int partition_encrypt(Context *context, Partition *p, PartitionTarget *target, bool offline) {
-#if HAVE_LIBCRYPTSETUP && HAVE_CRYPT_SET_DATA_OFFSET && HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE && HAVE_CRYPT_REENCRYPT
+#if HAVE_LIBCRYPTSETUP && HAVE_CRYPT_SET_DATA_OFFSET && HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE && (HAVE_CRYPT_REENCRYPT_RUN || HAVE_CRYPT_REENCRYPT)
        const char *node = partition_target_path(target);
        struct crypt_params_luks2 luks_params = {
                .label = strempty(ASSERT_PTR(p)->new_label),
@ -4220,7 +4220,11 @@ static int partition_encrypt(Context *context, Partition *p, PartitionTarget *ta
                if (r < 0)
                        return log_error_errno(r, "Failed to load reencryption context: %m");

+#if HAVE_CRYPT_REENCRYPT_RUN
+                r = sym_crypt_reencrypt_run(cd, NULL, NULL);
+#else
                r = sym_crypt_reencrypt(cd, NULL);
+#endif
                if (r < 0)
                        return log_error_errno(r, "Failed to encrypt %s: %m", node);
        } else {
--- a/src/shared/cryptsetup-util.c
+++ b/src/shared/cryptsetup-util.c
@ -54,10 +54,10 @@ DLSYM_FUNCTION(crypt_volume_key_get);
 #if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE
 DLSYM_FUNCTION(crypt_reencrypt_init_by_passphrase);
 #endif
-#if HAVE_CRYPT_REENCRYPT
-DISABLE_WARNING_DEPRECATED_DECLARATIONS;
+#if HAVE_CRYPT_REENCRYPT_RUN
+DLSYM_FUNCTION(crypt_reencrypt_run);
+#elif HAVE_CRYPT_REENCRYPT
 DLSYM_FUNCTION(crypt_reencrypt);
-REENABLE_WARNING;
 #endif
 DLSYM_FUNCTION(crypt_metadata_locking);
 #if HAVE_CRYPT_SET_DATA_OFFSET
@ -246,11 +246,8 @@ int dlopen_cryptsetup(void) {

        /* libcryptsetup added crypt_reencrypt() in 2.2.0, and marked it obsolete in 2.4.0, replacing it with
         * crypt_reencrypt_run(), which takes one extra argument but is otherwise identical. The old call is
-         * still available though, and given we want to support 2.2.0 for a while longer, we'll stick to the
-         * old symbol. However, the old symbols now has a GCC deprecation decorator, hence let's turn off
-         * warnings about this for now. */
-
-        DISABLE_WARNING_DEPRECATED_DECLARATIONS;
+         * still available though, and given we want to support 2.2.0 for a while longer, we'll use the old
+         * symbol if the new one is not available. */

        ELF_NOTE_DLOPEN("cryptsetup",
                        "Support for disk encryption, integrity, and authentication",
@ -304,7 +301,9 @@ int dlopen_cryptsetup(void) {
 #if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE
                        DLSYM_ARG(crypt_reencrypt_init_by_passphrase),
 #endif
-#if HAVE_CRYPT_REENCRYPT
+#if HAVE_CRYPT_REENCRYPT_RUN
+                        DLSYM_ARG(crypt_reencrypt_run),
+#elif HAVE_CRYPT_REENCRYPT
                        DLSYM_ARG(crypt_reencrypt),
 #endif
                        DLSYM_ARG(crypt_metadata_locking),
@ -316,8 +315,6 @@ int dlopen_cryptsetup(void) {
        if (r <= 0)
                return r;

-        REENABLE_WARNING;
-
        /* Redirect the default logging calls of libcryptsetup to our own logging infra. (Note that
         * libcryptsetup also maintains per-"struct crypt_device" log functions, which we'll also set
         * whenever allocating a "struct crypt_device" context. Why set both? To be defensive: maybe some
--- a/src/shared/cryptsetup-util.h
+++ b/src/shared/cryptsetup-util.h
@ -70,10 +70,10 @@ DLSYM_PROTOTYPE(crypt_volume_key_get);
 #if HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE
 DLSYM_PROTOTYPE(crypt_reencrypt_init_by_passphrase);
 #endif
-#if HAVE_CRYPT_REENCRYPT
-DISABLE_WARNING_DEPRECATED_DECLARATIONS;
+#if HAVE_CRYPT_REENCRYPT_RUN
+DLSYM_PROTOTYPE(crypt_reencrypt_run);
+#elif HAVE_CRYPT_REENCRYPT
 DLSYM_PROTOTYPE(crypt_reencrypt);
-REENABLE_WARNING;
 #endif
 DLSYM_PROTOTYPE(crypt_metadata_locking);
 #if HAVE_CRYPT_SET_DATA_OFFSET