From ab5aaa53663f04f8b04bd24d1c20bfe113321322 Mon Sep 17 00:00:00 2001 From: Adrian Stobbe Date: Sun, 11 Jun 2023 15:23:19 +0200 Subject: [PATCH] rough sketch of enforcing invalid states in Go --- .../diskencryption/diskencryption_cgo.go | 37 +++++++------- .../diskencryption/diskencryption_cross.go | 50 ------------------- 2 files changed, 19 insertions(+), 68 deletions(-) delete mode 100644 bootstrapper/internal/diskencryption/diskencryption_cross.go diff --git a/bootstrapper/internal/diskencryption/diskencryption_cgo.go b/bootstrapper/internal/diskencryption/diskencryption_cgo.go index 250252bc5..14bf25822 100644 --- a/bootstrapper/internal/diskencryption/diskencryption_cgo.go +++ b/bootstrapper/internal/diskencryption/diskencryption_cgo.go @@ -34,11 +34,16 @@ var ( // Cryptsetup manages the encrypted state mapper device. type Cryptsetup struct { - fs afero.Fs - device cryptdevice + fs afero.Fs + // device cryptdevice initByName initByName } +type OpenCryptsetup struct { + *Cryptsetup + device cryptdevice +} + // New creates a new Cryptsetup. func New() *Cryptsetup { return &Cryptsetup{ @@ -50,35 +55,31 @@ func New() *Cryptsetup { } // Open opens the cryptdevice. -func (c *Cryptsetup) Open() error { +func (c *Cryptsetup) Open() (*OpenCryptsetup, error) { packageLock.Lock() defer packageLock.Unlock() - if c.device != nil { - return errDeviceAlreadyOpen - } var err error - c.device, err = c.initByName(stateMapperDevice) + device, err := c.initByName(stateMapperDevice) if err != nil { - return fmt.Errorf("initializing crypt device for mapped device %q: %w", stateMapperDevice, err) + return nil, fmt.Errorf("initializing crypt device for mapped device %q: %w", stateMapperDevice, err) } - return nil + return &OpenCryptsetup{c, device}, nil } // Close closes the cryptdevice. -func (c *Cryptsetup) Close() error { +func (c *OpenCryptsetup) Close() error { packageLock.Lock() defer packageLock.Unlock() - if c.device == nil { - return errDeviceNotOpen - } + //if c.device == nil { + // return errDeviceNotOpen + //} c.device.Free() - c.device = nil + c.device = nil // How to prevent close from being called twice? Return closeFn in constructor which suggests defer closeFn() pattern? + return nil } -// UUID gets the device's UUID. -// Only works after calling Open(). -func (c *Cryptsetup) UUID() (string, error) { +func (c *OpenCryptsetup) UUID() (string, error) { packageLock.Lock() defer packageLock.Unlock() if c.device == nil { @@ -93,7 +94,7 @@ func (c *Cryptsetup) UUID() (string, error) { // UpdatePassphrase switches the initial random passphrase of the mapped crypt device to a permanent passphrase. // Only works after calling Open(). -func (c *Cryptsetup) UpdatePassphrase(passphrase string) error { +func (c *OpenCryptsetup) UpdatePassphrase(passphrase string) error { packageLock.Lock() defer packageLock.Unlock() if c.device == nil { diff --git a/bootstrapper/internal/diskencryption/diskencryption_cross.go b/bootstrapper/internal/diskencryption/diskencryption_cross.go deleted file mode 100644 index 58f732109..000000000 --- a/bootstrapper/internal/diskencryption/diskencryption_cross.go +++ /dev/null @@ -1,50 +0,0 @@ -//go:build !linux || !cgo - -/* -Copyright (c) Edgeless Systems GmbH - -SPDX-License-Identifier: AGPL-3.0-only -*/ - -/* -Package diskencryption handles interaction with a node's state disk. - -This package is not thread safe, since libcryptsetup is not thread safe. -There should only be one instance using this package per process. -*/ -package diskencryption - -import "errors" - -// Cryptsetup manages the encrypted state mapper device. -type Cryptsetup struct{} - -// New creates a new Cryptsetup. -// This function panics if CGO is disabled. -func New() *Cryptsetup { - return &Cryptsetup{} -} - -// Open opens the cryptdevice. -// This function does nothing if CGO is disabled. -func (c *Cryptsetup) Open() error { - return errors.New("using cryptsetup requires building with CGO") -} - -// Close closes the cryptdevice. -// This function errors if CGO is disabled. -func (c *Cryptsetup) Close() error { - return errors.New("using cryptsetup requires building with CGO") -} - -// UUID gets the device's UUID. -// This function errors if CGO is disabled. -func (c *Cryptsetup) UUID() (string, error) { - return "", errors.New("using cryptsetup requires building with CGO") -} - -// UpdatePassphrase switches the initial random passphrase of the mapped crypt device to a permanent passphrase. -// This function errors if CGO is disabled. -func (c *Cryptsetup) UpdatePassphrase(_ string) error { - return errors.New("using cryptsetup requires building with CGO") -}