--- anaconda.spec | 2 + storage/devicelibs/crypto.py | 158 +++++++++-------------------------------- 2 files changed, 37 insertions(+), 123 deletions(-) diff --git a/anaconda.spec b/anaconda.spec index 6de4f6b..8fc41a9 100644 --- a/anaconda.spec +++ b/anaconda.spec @@ -40,6 +40,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) %define createrepover 0.4.7 %define yumutilsver 1.1.11-3 %define iscsiver 6.2.0.870-3 +%define pythoncryptsetupver 0.0.4 BuildRequires: audit-libs-devel BuildRequires: booty @@ -109,6 +110,7 @@ Requires: authconfig Requires: gnome-python2-gtkhtml2 Requires: system-config-firewall Requires: cryptsetup-luks +Requires: python-cryptsetup >= %{pythoncryptsetupver} Requires: mdadm Requires: lvm2 Requires: util-linux-ng diff --git a/storage/devicelibs/crypto.py b/storage/devicelibs/crypto.py index d69e7d3..e16bbe4 100644 --- a/storage/devicelibs/crypto.py +++ b/storage/devicelibs/crypto.py @@ -17,9 +17,11 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # # Author(s): Dave Lehman <dlehman@xxxxxxxxxx> +# Martin Sivak <msivak@xxxxxxxxxx> # import os +from pycryptsetup import CryptSetup import iutil from ..errors import * @@ -27,169 +29,79 @@ from ..errors import * import gettext _ = lambda x: gettext.ldgettext("anaconda", x) +def askyes(question): + return True + +def dolog(priority, text): + pass + def is_luks(device): - rc = iutil.execWithRedirect("cryptsetup", - ["isLuks", device], - stdout = "/dev/tty5", - stderr = "/dev/tty5", - searchPath = 1) - if rc: - return False - else: - return True + cs = CryptSetup(yesDialog = askyes, logFunc = dolog) + return cs.isLuks(device) def luks_uuid(device): - uuid = iutil.execWithCapture("cryptsetup", - ["luksUUID", device], - stderr="/dev/tty5") - return uuid.strip() + cs = CryptSetup(yesDialog = askyes, logFunc = dolog) + return cs.luksUUID(device).strip() def luks_status(name): - """0 means active, 1 means inactive (or non-existent)""" - rc = iutil.execWithRedirect("cryptsetup", - ["status", name], - stdout = "/dev/tty5", - stderr = "/dev/tty5", - searchPath = 1) - return rc + """True means active, False means inactive (or non-existent)""" + cs = CryptSetup(yesDialog = askyes, logFunc = dolog) + return (cs.luksStatus(device)!=None) def luks_format(device, passphrase=None, key_file=None, cipher=None, key_size=None): - p = os.pipe() - argv = ["-q"] - os.close(p[1]) - - if cipher: - argv.extend(["--cipher", cipher]) + cs = CryptSetup(yesDialog = askyes, logFunc = dolog) + key_file_unlink = False - if key_size: - argv.append("--key-size=%d" % key_size) - - argv.extend(["luksFormat", device]) - if passphrase: - os.write(p[1], "%s\n" % passphrase) + key_file = cs.prepare_passphrase_file(passphrase) + key_file_unlink = True elif key_file and os.path.isfile(key_file): argv.append(key_file) else: raise ValueError("luks_format requires either a passphrase or a key file") - rc = iutil.execWithRedirect("cryptsetup", - argv, - stdin = p[0], - stdout = "/dev/tty5", - stderr = "/dev/tty5", - searchPath = 1) + rc = cs.luksFormat(device = device, cipher = cipher, keysize = key_size, keyfile = key_file) + if key_file_unlink: os.unlink(key_file) - os.close(p[0]) if rc: raise CryptoError("luks_format failed for '%s'" % device) def luks_open(device, name, passphrase=None, key_file=None): - p = os.pipe() + cs = CryptSetup(yesDialog = askyes, logFunc = dolog) + key_file_unlink = False + if passphrase: - os.write(p[1], "%s\n" % passphrase) - argv = ["luksOpen", device, name] + key_file = cs.prepare_passphrase_file(passphrase) + key_file_unlink = True elif key_file and os.path.isfile(key_file): - argv = ["luksOpen", "--key-file", key_file, device, name] + pass else: raise ValueError("luks_open requires either a passphrase or a key file") - os.close(p[1]) - rc = iutil.execWithRedirect("cryptsetup", - argv, - stdin = p[0], - stdout = "/dev/tty5", - stderr = "/dev/tty5", - searchPath = 1) - - os.close(p[0]) + rc = cs.luksOpen(device = device, name = name, keyfile = key_file) + if key_file_unlink: os.unlink(key_file) if rc: raise CryptoError("luks_open failed for %s (%s)" % (device, name)) def luks_close(name): - rc = iutil.execWithRedirect("cryptsetup", - ["luksClose", name], - stdout = "/dev/tty5", - stderr = "/dev/tty5", - searchPath = 1) - + cs = CryptSetup(yesDialog = askyes, logFunc = dolog) + rc = cs.luksClose(name) if rc: raise CryptoError("luks_close failed for %s" % name) def luks_add_key(device, new_passphrase=None, new_key_file=None, passphrase=None, key_file=None): - p = os.pipe() - if passphrase: - os.write(p[1], "%s\n" % passphrase) - key_spec = "" - elif key_file and os.path.isfile(key_file): - key_spec = "--key-file %s" % key_file - else: - raise ValueError("luks_add_key requires either a passphrase or a key file") + cs = CryptSetup(yesDialog = askyes, logFunc = dolog) + return cs.addKey(device, new_passphrase, new_key_file, passphrase, key_file) - if new_passphrase: - os.write(p[1], "%s\n" % new_passphrase) - new_key_spec = "" - elif new_key_file and os.path.isfile(new_key_file): - new_key_spec = "%s" % new_key_file - else: - raise ValueError("luks_add_key requires either a passphrase or a key file to add") - - os.close(p[1]) - - rc = iutil.execWithRedirect("cryptsetup", - ["-q", - key_spec, - "luksAddKey", - device, - new_key_spec], - stdin = p[0], - stdout = "/dev/tty5", - stderr = "/dev/tty5", - searchPath = 1) - - os.close(p[0]) - if rc: - raise CryptoError("luks add key failed") def luks_remove_key(device, del_passphrase=None, del_key_file=None, passphrase=None, key_file=None): - p = os.pipe() - if passphrase: - os.write(p[1], "%s\n" % passphrase) - key_spec = "" - elif key_file and os.path.isfile(key_file): - key_spec = "--key-file %s" % key_file - else: - raise ValueError("luks_remove_key requires either a passphrase or a key file") - - if del_passphrase: - os.write(p[1], "%s\n" % del_passphrase) - del_key_spec = "" - elif del_key_file and os.path.isfile(del_key_file): - del_key_spec = "%s" % del_key_file - else: - raise ValueError("luks_remove_key requires either a passphrase or a key file to remove") - - os.close(p[1]) - - rc = iutil.execWithRedirect("cryptsetup", - ["-q", - key_spec, - "luksRemoveKey", - device, - del_key_spec], - stdin = p[0], - stdout = "/dev/tty5", - stderr = "/dev/tty5", - searchPath = 1) - - os.close(p[0]) - if rc: - raise CryptoError("luks_remove_key failed") + cs = CryptSetup(yesDialog = askyes, logFunc = dolog) + return cs.removeKey(device, del_passphrase, del_key_file, passphrase, key_file) -- 1.5.4.3 _______________________________________________ Anaconda-devel-list mailing list Anaconda-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/anaconda-devel-list