From be66ad52d669fc4df5cc4d3922993689225f8080 Mon Sep 17 00:00:00 2001
From: Oliver Schmidt <os@flyingcircus.io>
Date: Wed, 18 Sep 2024 17:05:37 +0200
Subject: [PATCH] fc-luks: fix external header autodetection for multiple
 commands

I plainly forgot to pass the headerfile as an argument, despite it being
properly detected before.
This fixes the execution of `fc-luks keystore test-open` and `fc-luks
check` with external headers.
---
 pkgs/fc/ceph/src/fc/ceph/luks/manage.py | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/pkgs/fc/ceph/src/fc/ceph/luks/manage.py b/pkgs/fc/ceph/src/fc/ceph/luks/manage.py
index 177cdf258..b4f38cb0a 100644
--- a/pkgs/fc/ceph/src/fc/ceph/luks/manage.py
+++ b/pkgs/fc/ceph/src/fc/ceph/luks/manage.py
@@ -172,7 +172,7 @@ def _do_rekey(self, slot: str, device: str, header: Optional[str]):
             add_input = self._KEYSTORE.admin_key_for_input()
         slot_id = self._KEYSTORE.slots[slot]
 
-        header_arg = [f"--header={header}"] if header else []
+        header_arg = ["--header", header] if header else []
 
         dump = run.cryptsetup("luksDump", *header_arg, device, encoding="ascii")
         if f"  {slot_id}: luks2" in dump:
@@ -211,11 +211,13 @@ def check_luks(name_glob: str, header: Optional[str]) -> int:
         errors = 0
         for dev in devices:
             console.print(f"Checking {dev.name}:")
-            dump_lines = (
-                Cryptsetup.cryptsetup("luksDump", dev.base_blockdev)
-                .decode("utf-8")
-                .splitlines()
-            )
+            if dev.header:
+                luks_dump = Cryptsetup.cryptsetup(
+                    "luksDump", "--header", dev.header, dev.base_blockdev
+                )
+            else:
+                luks_dump = Cryptsetup.cryptsetup("luksDump", dev.base_blockdev)
+            dump_lines = luks_dump.decode("utf-8").splitlines()
             for check in all_checks:
                 check_ok = True
                 for error in check(dump_lines):
@@ -263,13 +265,14 @@ def test_open(self, name_glob: str, header: Optional[str]) -> int:
         return 0
 
     def _do_test_open(self, device: str, header: Optional[str]) -> bool:
-        header_arg = [f"--header={header}"] if header else []
+        header_arg = ["--header", header] if header else []
         success = True
 
         # test unlocking both with local key file as well as with admin key
         try:
             test_admin = Cryptsetup.cryptsetup(
                 "open",
+                *header_arg,
                 "--test-passphrase",
                 device,
                 input=self._KEYSTORE.admin_key_for_input(),
@@ -282,6 +285,7 @@ def _do_test_open(self, device: str, header: Optional[str]) -> bool:
         try:
             test_local = Cryptsetup.cryptsetup(
                 "open",
+                *header_arg,
                 "--test-passphrase",
                 f"--key-file={self._KEYSTORE.local_key_path()}",
                 device,