---
anaconda.spec | 2 +
storage/devicelibs/crypto.py | 158 +++++++++--------------------------------
2 files changed, 37 insertions(+), 123 deletions(-)
diff --git a/anaconda.spec b/anaconda.spec
index 6de4f6b..8fc41a9 100644
--- a/anaconda.spec
+++ b/anaconda.spec
@@ -40,6 +40,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%define createrepover 0.4.7
%define yumutilsver 1.1.11-3
%define iscsiver 6.2.0.870-3
+%define pythoncryptsetupver 0.0.4
BuildRequires: audit-libs-devel
BuildRequires: booty
@@ -109,6 +110,7 @@ Requires: authconfig
Requires: gnome-python2-gtkhtml2
Requires: system-config-firewall
Requires: cryptsetup-luks
+Requires: python-cryptsetup >= %{pythoncryptsetupver}
Requires: mdadm
Requires: lvm2
Requires: util-linux-ng
diff --git a/storage/devicelibs/crypto.py b/storage/devicelibs/crypto.py
index d69e7d3..e16bbe4 100644
--- a/storage/devicelibs/crypto.py
+++ b/storage/devicelibs/crypto.py
@@ -17,9 +17,11 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Author(s): Dave Lehman <dlehman@xxxxxxxxxx>
+# Martin Sivak <msivak@xxxxxxxxxx>
#
import os
+from pycryptsetup import CryptSetup
import iutil
from ..errors import *
@@ -27,169 +29,79 @@ from ..errors import *
import gettext
_ = lambda x: gettext.ldgettext("anaconda", x)
+def askyes(question):
+ return True
+
+def dolog(priority, text):
+ pass
+
def is_luks(device):
- rc = iutil.execWithRedirect("cryptsetup",
- ["isLuks", device],
- stdout = "/dev/tty5",
- stderr = "/dev/tty5",
- searchPath = 1)
- if rc:
- return False
- else:
- return True
+ cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
+ return cs.isLuks(device)
def luks_uuid(device):
- uuid = iutil.execWithCapture("cryptsetup",
- ["luksUUID", device],
- stderr="/dev/tty5")
- return uuid.strip()
+ cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
+ return cs.luksUUID(device).strip()
def luks_status(name):
- """0 means active, 1 means inactive (or non-existent)"""
- rc = iutil.execWithRedirect("cryptsetup",
- ["status", name],
- stdout = "/dev/tty5",
- stderr = "/dev/tty5",
- searchPath = 1)
- return rc
+ """True means active, False means inactive (or non-existent)"""
+ cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
+ return (cs.luksStatus(device)!=None)
def luks_format(device,
passphrase=None, key_file=None,
cipher=None, key_size=None):
- p = os.pipe()
- argv = ["-q"]
- os.close(p[1])
-
- if cipher:
- argv.extend(["--cipher", cipher])
+ cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
+ key_file_unlink = False
- if key_size:
- argv.append("--key-size=%d" % key_size)
-
- argv.extend(["luksFormat", device])
-
if passphrase:
- os.write(p[1], "%s\n" % passphrase)
+ key_file = cs.prepare_passphrase_file(passphrase)
+ key_file_unlink = True
elif key_file and os.path.isfile(key_file):
argv.append(key_file)
else:
raise ValueError("luks_format requires either a passphrase or a key file")
- rc = iutil.execWithRedirect("cryptsetup",
- argv,
- stdin = p[0],
- stdout = "/dev/tty5",
- stderr = "/dev/tty5",
- searchPath = 1)
+ rc = cs.luksFormat(device = device, cipher = cipher, keysize = key_size, keyfile = key_file)
+ if key_file_unlink: os.unlink(key_file)
- os.close(p[0])
if rc:
raise CryptoError("luks_format failed for '%s'" % device)
def luks_open(device, name, passphrase=None, key_file=None):
- p = os.pipe()
+ cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
+ key_file_unlink = False
+
if passphrase:
- os.write(p[1], "%s\n" % passphrase)
- argv = ["luksOpen", device, name]
+ key_file = cs.prepare_passphrase_file(passphrase)
+ key_file_unlink = True
elif key_file and os.path.isfile(key_file):
- argv = ["luksOpen", "--key-file", key_file, device, name]
+ pass
else:
raise ValueError("luks_open requires either a passphrase or a key file")
- os.close(p[1])
- rc = iutil.execWithRedirect("cryptsetup",
- argv,
- stdin = p[0],
- stdout = "/dev/tty5",
- stderr = "/dev/tty5",
- searchPath = 1)
-
- os.close(p[0])
+ rc = cs.luksOpen(device = device, name = name, keyfile = key_file)
+ if key_file_unlink: os.unlink(key_file)
if rc:
raise CryptoError("luks_open failed for %s (%s)" % (device, name))
def luks_close(name):
- rc = iutil.execWithRedirect("cryptsetup",
- ["luksClose", name],
- stdout = "/dev/tty5",
- stderr = "/dev/tty5",
- searchPath = 1)
-
+ cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
+ rc = cs.luksClose(name)
if rc:
raise CryptoError("luks_close failed for %s" % name)
def luks_add_key(device,
new_passphrase=None, new_key_file=None,
passphrase=None, key_file=None):
- p = os.pipe()
- if passphrase:
- os.write(p[1], "%s\n" % passphrase)
- key_spec = ""
- elif key_file and os.path.isfile(key_file):
- key_spec = "--key-file %s" % key_file
- else:
- raise ValueError("luks_add_key requires either a passphrase or a key file")
+ cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
+ return cs.addKey(device, new_passphrase, new_key_file, passphrase, key_file)
- if new_passphrase:
- os.write(p[1], "%s\n" % new_passphrase)
- new_key_spec = ""
- elif new_key_file and os.path.isfile(new_key_file):
- new_key_spec = "%s" % new_key_file
- else:
- raise ValueError("luks_add_key requires either a passphrase or a key file to add")
-
- os.close(p[1])
-
- rc = iutil.execWithRedirect("cryptsetup",
- ["-q",
- key_spec,
- "luksAddKey",
- device,
- new_key_spec],
- stdin = p[0],
- stdout = "/dev/tty5",
- stderr = "/dev/tty5",
- searchPath = 1)
-
- os.close(p[0])
- if rc:
- raise CryptoError("luks add key failed")
def luks_remove_key(device,
del_passphrase=None, del_key_file=None,
passphrase=None, key_file=None):
- p = os.pipe()
- if passphrase:
- os.write(p[1], "%s\n" % passphrase)
- key_spec = ""
- elif key_file and os.path.isfile(key_file):
- key_spec = "--key-file %s" % key_file
- else:
- raise ValueError("luks_remove_key requires either a passphrase or a key file")
-
- if del_passphrase:
- os.write(p[1], "%s\n" % del_passphrase)
- del_key_spec = ""
- elif del_key_file and os.path.isfile(del_key_file):
- del_key_spec = "%s" % del_key_file
- else:
- raise ValueError("luks_remove_key requires either a passphrase or a key file to remove")
-
- os.close(p[1])
-
- rc = iutil.execWithRedirect("cryptsetup",
- ["-q",
- key_spec,
- "luksRemoveKey",
- device,
- del_key_spec],
- stdin = p[0],
- stdout = "/dev/tty5",
- stderr = "/dev/tty5",
- searchPath = 1)
-
- os.close(p[0])
- if rc:
- raise CryptoError("luks_remove_key failed")
+ cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
+ return cs.removeKey(device, del_passphrase, del_key_file, passphrase, key_file)
--
1.5.4.3
_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
