Merge pull request #1344 from ancorgs/cc_sp4

Honor proposal encryption from ProductFeatures
yast · Jun 29, 2023 · c5a3fe0 · c5a3fe0
2 parents efa638a + ad32141
commit c5a3fe0
Show file tree

Hide file tree

Showing 4 changed files with 47 additions and 1 deletion.
diff --git a/package/yast2-storage-ng.changes b/package/yast2-storage-ng.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Jun 29 11:42:21 UTC 2023 - Ancor Gonzalez Sosa <ancor@suse.com>
+
+- Honor encryption settings if they are set into ProductFeatures
+  by the Common Critera role (jsc#PED-4166, jsc#PED-4474).
+- 4.4.44
+
 -------------------------------------------------------------------
 Wed Jun  7 08:03:52 UTC 2023 - Stefan Hundhammer <shundhammer@suse.com>
 

diff --git a/package/yast2-storage-ng.spec b/package/yast2-storage-ng.spec
@@ -16,7 +16,7 @@
 #
 
 Name:           yast2-storage-ng
-Version:        4.4.43
+Version:        4.4.44
 Release:        0
 Summary:        YaST2 - Storage Configuration
 License:        GPL-2.0-only OR GPL-3.0-only

diff --git a/src/lib/y2storage/proposal_settings.rb b/src/lib/y2storage/proposal_settings.rb
@@ -418,6 +418,23 @@ def load_features
       load_feature(:proposal, :multidisk_first)
       load_size_feature(:proposal, :lvm_vg_size)
       load_volumes_feature(:volumes)
+      load_encryption
+    end
+
+    # Loads the default encryption settings
+    #
+    # The encryption settings are not part of control.xml, but can be injected by a previous step of
+    # the installation, eg. the dialog of the Common Criteria system role
+    def load_encryption
+      enc = feature(:proposal, :encryption)
+
+      return unless enc
+      return unless enc.respond_to?(:password)
+
+      passwd = enc.password.to_s
+      return if passwd.nil? || passwd.empty?
+
+      self.encryption_password = passwd
     end
 
     def validated_delete_mode(mode)

diff --git a/test/y2storage/proposal_settings_test.rb b/test/y2storage/proposal_settings_test.rb
@@ -35,6 +35,19 @@ def stub_partitioning_features(features = {})
     stub_features("partitioning" => initial_partitioning_features.merge(features))
   end
 
+  # Used to test the mechanism to inject an encryption password into the settings
+  class TestInjectedPassword
+    include Y2Storage::SecretAttributes
+
+    # Real password
+    secret_attr :password
+
+    # Constructor
+    def initialize(passwd)
+      self.password = passwd
+    end
+  end
+
   before do
     Y2Storage::StorageManager.create_test_instance
   end
@@ -336,6 +349,15 @@ def read_feature(feature, value)
       expect(settings.lvm).to eq false
     end
 
+    it "sets 'encryption_password' based on the 'encryption' feature in the 'proposal' section" do
+      read_feature("encryption", "SuperSecret")
+      expect(settings.use_encryption).to eq false
+      expect(settings.encryption_password).to eq nil
+      read_feature("encryption", TestInjectedPassword.new("SuperSecret"))
+      expect(settings.use_encryption).to eq true
+      expect(settings.encryption_password).to eq "SuperSecret"
+    end
+
     it "sets 'delete_resize_configurable' based on the feature in the 'proposal' section" do
       read_feature("delete_resize_configurable", true)
       expect(settings.delete_resize_configurable).to eq true