fix: disk encryption is not working

- fix wrong dbus address; - refact checkAuth function, use polkit directly - fix encryption error on higher cryptsetup - bump version. Log: as above. Bug: https://pms.uniontech.com/bug-view-289139.html
linuxdeepin · Nov 28, 2024 · e3ad294 · e3ad294
1 parent adcab84
commit e3ad294
Show file tree

Hide file tree

Showing 6 changed files with 55 additions and 8 deletions.
diff --git a/debian/changelog b/debian/changelog
@@ -1,3 +1,10 @@
+dde-file-manager-extensions (1.5.1) unstable; urgency=medium
+
+  * fix encrypt issues on V23/25
+  * 
+
+ -- XuShitong <[email protected]>  Thu, 28 Nov 2024 16:46:46 +0800
+
 dde-file-manager-extensions (1.5.0) unstable; urgency=medium
 
   * update version to 1.5.0

diff --git a/src/dde-file-manager/dfmplugin-disk-encrypt-entry/dfmplugin_disk_encrypt_global.h b/src/dde-file-manager/dfmplugin-disk-encrypt-entry/dfmplugin_disk_encrypt_global.h
@@ -24,7 +24,7 @@ enum TPMModuleEncType {
     kUseTpmAndPrcAndPin
 };
 
-inline constexpr char kDaemonBusName[] { "org.deepin.Filemanager" };
+inline constexpr char kDaemonBusName[] { "org.deepin.Filemanager.DiskEncrypt" };
 inline constexpr char kDaemonBusPath[] { "/org/deepin/Filemanager/DiskEncrypt" };
 inline constexpr char kDaemonBusIface[] { "org.deepin.Filemanager.DiskEncrypt" };
 

diff --git a/src/service/diskencrypt/CMakeLists.txt b/src/service/diskencrypt/CMakeLists.txt
@@ -17,6 +17,7 @@ find_package(dfm-mount REQUIRED)
 find_package(dfm-base REQUIRED)
 find_package(PkgConfig REQUIRED)
 pkg_check_modules(CryptSetup REQUIRED libcryptsetup)
+pkg_check_modules(Polkit REQUIRED polkit-agent-1 polkit-qt5-1)
 
 add_definitions(-DSERVICE_CONFIG_DIR="${CMAKE_INSTALL_PREFIX}/share/deepin-service-manager/")
 
@@ -51,6 +52,7 @@ target_link_libraries(${BIN_NAME} PRIVATE
     ${dfm-mount_LIBRARIES}
     ${dfm-base_LIBRARIES}
     ${deepin-qdbus-service_LIBRARIES}
+    ${Polkit_LIBRARIES}
 )
 
 target_include_directories(${BIN_NAME}

diff --git a/src/service/diskencrypt/diskencryptdbus.cpp b/src/service/diskencrypt/diskencryptdbus.cpp
@@ -18,6 +18,7 @@
 #include <QDBusConnection>
 
 #include <libcryptsetup.h>
+#include <polkit-qt5-1/PolkitQt1/Authority>
 
 FILE_ENCRYPT_USE_NS
 using namespace disk_encrypt;
@@ -248,9 +249,17 @@ void DiskEncryptDBus::onFstabDiskEncFinished(const QString &dev, int result, con
 
 bool DiskEncryptDBus::checkAuth(const QString &actID)
 {
-    return dpfSlotChannel->push("daemonplugin_core", "slot_Polkit_CheckAuth",
-                                actID, message().service())
-            .toBool();
+    using namespace PolkitQt1;
+
+    QString appBusName = message().service();
+    if (appBusName.isEmpty())
+        return false;
+
+    // PolkitUnixProcess表示 UNIX 进程的对象。注意：这个设计的对象现在已知已损坏；确定了一种利用 Linux 内核中启动时间延迟的机制。避免调用 `polkit_subject_equal()` 来比较两个进程。
+    Authority::Result result = Authority::instance()->checkAuthorizationSync(actID,
+                                                                             SystemBusNameSubject(appBusName),
+                                                                             Authority::AllowUserInteraction);
+    return result == Authority::Yes;
 }
 
 bool DiskEncryptDBus::triggerReencrypt(const QString &device)

diff --git a/src/service/diskencrypt/encrypt/diskencrypt.cpp b/src/service/diskencrypt/encrypt/diskencrypt.cpp
@@ -14,6 +14,9 @@
 #include <QJsonDocument>
 #include <QJsonObject>
 #include <QDBusInterface>
+#include <QString>
+#include <QRandomGenerator>
+
 
 #include <dfm-base/utils/finallyutil.h>
 #include <dfm-mount/dmount.h>
@@ -84,12 +87,13 @@ struct crypt_params_reencrypt *resumeParams()
     static struct crypt_params_reencrypt params
     {
         .mode = CRYPT_REENCRYPT_REENCRYPT,
-        .direction = CRYPT_REENCRYPT_FORWARD,
-        .resilience = "checksum",
+        .direction = CRYPT_REENCRYPT_BACKWARD,
+        .resilience = "datashift",
         .hash = "sha256",
+        .data_shift = 32 * 1024,
         .max_hotzone_size = 0,
         .device_size = 0,
-        .flags = CRYPT_REENCRYPT_RESUME_ONLY
+        .flags = CRYPT_REENCRYPT_RESUME_ONLY | CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT
     };
     return &params;
 }
@@ -148,14 +152,38 @@ bool disk_encrypt_utils::bcValidateParams(const EncryptParams &params)
     return true;
 }
 
+
+QString disk_encrypt_utils::generateRandomString(int length)
+{
+    // 定义字符集
+    const QString charset = QString("0123456789"
+                "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+                "abcdefghijklmnopqrstuvwxyz");
+
+    QString result;
+    result.reserve(length);
+
+    // 获取全局随机生成器实例
+    QRandomGenerator *generator = QRandomGenerator::global();
+
+    // 生成随机字符串
+    for (int i = 0; i < length; ++i) {
+        int index = generator->bounded(charset.length());
+        result.append(charset.at(index));
+    }
+
+    return result;
+}
+
 QString disk_encrypt_utils::bcGenRecKey()
 {
     QString recKey;
     QLibrary lib("usec-recoverykey");
     dfmbase::FinallyUtil finalClear([&] { if (lib.isLoaded()) lib.unload(); });
 
     if (!lib.load()) {
-        qWarning() << "libusec-recoverykey load failed. use uuid as recovery key";
+        qWarning() << "libusec-recoverykey load failed. use default generator";
+        recKey = generateRandomString();
         return recKey;
     }
 

diff --git a/src/service/diskencrypt/encrypt/diskencrypt.h b/src/service/diskencrypt/encrypt/diskencrypt.h
@@ -61,6 +61,7 @@ EncryptParams bcConvertParams(const QVariantMap &params);
 bool bcValidateParams(const EncryptParams &params);
 bool bcReadEncryptConfig(disk_encrypt::EncryptConfig *config, const QString &device = QString());
 
+QString generateRandomString(int length = 24);
 QString bcGenRecKey();
 bool bcSaveRecoveryKey(const QString &dev, const QString &key, const QString &path);
 bool bcHasEncryptConfig(const QString &dev);