From a2a588b171f6705ae3da0478088845d252f44fa4 Mon Sep 17 00:00:00 2001
From: mwiegand <mwiegand@seibert-media.net>
Date: Wed, 13 Oct 2021 23:54:41 +0200
Subject: [PATCH] test dmcrypt

---
 bundles/dm-crypt/items.py | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/bundles/dm-crypt/items.py b/bundles/dm-crypt/items.py
index 5fb5eae..0561c4a 100644
--- a/bundles/dm-crypt/items.py
+++ b/bundles/dm-crypt/items.py
@@ -1,6 +1,5 @@
 for name, conf in node.metadata.get('dm-crypt').items():
     actions[f'dm-crypt_format_{name}'] = {
-        'cascade_skip': False,
         'command': f"cryptsetup --batch-mode luksFormat --cipher aes-xts-plain64 --key-size 512 '{conf['device']}'",
         'data_stdin': conf['password'],
         'unless': f"blkid -t TYPE=crypto_LUKS '{conf['device']}'",
@@ -9,16 +8,23 @@ for name, conf in node.metadata.get('dm-crypt').items():
             'pkg_apt:cryptsetup',
         },
     }
-
+    
+    actions[f'dm-crypt_test_{name}'] = {
+        'command': 'false',
+        'unless': f"! cryptsetup --batch-mode luksOpen --test-passphrase '{conf['device']}'",
+        'data_stdin': conf['password'],
+        'needs': {
+            f"action:dm-crypt_format_{name}",
+        },
+    }
+    
     actions[f'dm-crypt_open_{name}'] = {
-        'cascade_skip': False,
         'command': f"cryptsetup --batch-mode luksOpen '{conf['device']}' '{name}'",
         'data_stdin': conf['password'],
         'unless': f"test -e /dev/mapper/{name}",
         'comment': f"Unlocks the device '{conf['device']}' and makes it available in: '/dev/mapper/{name}'",
         'needs': {
-            f"action:dm-crypt_format_{name}",
-            'pkg_apt:cryptsetup',
+            f"action:dm-crypt_test_{name}",
         },
         'needed_by': set(),
     }