Allow passing None as FEC and hash device when formatting as VERITY

[jonas2515]

Make the fec_device and the hash_device fields in the CryptParamsVerity struct an Option<>, so that it's possible to pass NULL in the C crypt_params_verity struct.

For fec_device, passing NULL to libcryptsetup indicates that no FEC device should be created. Because currently this is impossible, an FEC device must be created when using libcryptsetup-rs.

The hash_device option is not used by libcryptsetup when formatting a verity partition, so allow passing NULL there as well.

Summary by CodeRabbit

• Refactor
  • Verity device configuration fields are now optional, providing flexibility for setup scenarios where certain device parameters may not be required.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Made hash_device and fec_device fields optional in the CryptParamsVerity and CryptParamsVerityRef structs. Updated FFI conversion logic in TryFrom and TryInto implementations to construct Option<PathBuf> and Option<CString> types, and handle null pointer population when values are absent.

Changes

Cohort / File(s)

Summary

Verity device field optionality src/format.rs

Modified CryptParamsVerityRef<'a> fields hash_device_cstring and fec_device_cstring from CString to Option<CString>. Modified CryptParamsVerity fields hash_device and fec_device from PathBuf to Option<PathBuf>. Updated TryFrom<&libcryptsetup_rs_sys::crypt_params_verity> to construct Some(PathBuf) or None based on pointer presence. Updated TryInto<CryptParamsVerityRef<'a>> to build Option<CString> fields and populate FFI struct pointers with null when None.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• FFI pointer handling: Verify null pointer logic is correctly applied across all conversion paths (Some(...).as_ptr() vs. null())
• Bidirectional conversion consistency: Ensure TryFrom and TryInto implementations correctly handle Option serialization/deserialization without data loss
• Edge cases: Confirm behavior when both hash_device and fec_device are None, and that this is a valid state for verity parameters

Suggested reviewers

• mulkieran

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: making FEC and hash device fields optional in VERITY formatting, allowing NULL to be passed.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1fb67e1 and bba08ad.

📒 Files selected for processing (1)

• src/format.rs (4 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

src/format.rs (1)

src/consts/vals.rs (13)

• from (364-369)
• libcryptsetup_rs_sys (42-42)
• libcryptsetup_rs_sys (43-43)
• libcryptsetup_rs_sys (44-44)
• libcryptsetup_rs_sys (45-47)
• libcryptsetup_rs_sys (49-49)
• libcryptsetup_rs_sys (52-52)
• libcryptsetup_rs_sys (54-56)
• libcryptsetup_rs_sys (182-184)
• libcryptsetup_rs_sys (185-187)
• libcryptsetup_rs_sys (188-190)
• libcryptsetup_rs_sys (230-230)
• libcryptsetup_rs_sys (231-231)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (38)

• GitHub Check: osh-diff-scan:fedora-rawhide-x86_64:copr_pull
• GitHub Check: osh-diff-scan:fedora-rawhide-x86_64:copr_pull
• GitHub Check: osh-diff-scan:fedora-rawhide-x86_64:copr_pull
• GitHub Check: osh-diff-scan:fedora-rawhide-x86_64:copr_pull
• GitHub Check: osh-diff-scan:fedora-rawhide-x86_64:copr_pull
• GitHub Check: osh-diff-scan:fedora-rawhide-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-41-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-43-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-41-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-rawhide-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-43-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-42-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-rawhide-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-42-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-43-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-42-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-41-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-rawhide-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-42-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-rawhide-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-43-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-41-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-42-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-41-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-rawhide-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-rawhide-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-43-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-43-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-41-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-42-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-41-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-rawhide-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-rawhide-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-42-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-42-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-43-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-41-x86_64:copr_pull
• GitHub Check: rpm-build:fedora-43-x86_64:copr_pull

🔇 Additional comments (4)

src/format.rs (4)

273-275: LGTM!

The change to Option<CString> for both fields is consistent with the existing pattern used for data_device_cstring in CryptParamsLuks1Ref (line 47).

---

285-287: Breaking API change: fields now require Option wrapping.

This is a breaking change for downstream users who will need to update their code to wrap values in Some(). The change is intentional per PR objectives to enable passing NULL to libcryptsetup.

Ensure the version is bumped appropriately (semver major or minor depending on your versioning policy) and consider adding a migration note in the changelog.

---

315-322: LGTM!

The null-pointer handling follows the established pattern used for data_device in CryptParamsLuks1 (lines 67-70). The ptr_to_option! macro correctly gates the string conversion.

---

344-363: LGTM!

The FFI conversion correctly handles optional paths:

• Option<CString> construction follows the pattern from CryptParamsLuks1 (lines 80-83)
• Pointer extraction with .as_ref().map(|x| x.as_ptr()).unwrap_or(ptr::null()) matches the established idiom (lines 88-91)
• Ownership is properly maintained in the Ref struct fields to keep pointers valid for the FFI call

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[packit-as-a-service]

Congratulations! One of the builds has completed. 🍾

You can install the built RPMs by following these steps:

• sudo dnf install -y 'dnf*-command(copr)'
• dnf copr enable packit/stratis-storage-libcryptsetup-rs-461
• And now you can install the packages.

Please note that the RPMs should be used only in a testing environment.

[jbaublitz]

This looks good to me! Please rebase and I'll merge.

[jbaublitz]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.