This adds the newly established passphrase to all preexisting LUKS
devices so that the system can be booted by entering a single passphrase.
---
storage/__init__.py | 22 ++++++++++++++++++++++
1 files changed, 22 insertions(+), 0 deletions(-)
diff --git a/storage/__init__.py b/storage/__init__.py
index 8678b6e..f12c6c3 100644
--- a/storage/__init__.py
+++ b/storage/__init__.py
@@ -232,6 +232,7 @@ class Storage(object):
def doIt(self):
self.devicetree.processActions()
+ self.doEncryptionPassphraseRetrofits()
# now set the boot partition's flag
try:
@@ -744,6 +745,27 @@ class Storage(object):
return lvtemplate
+ def doEncryptionPassphraseRetrofits(self):
+ """ Add the global passphrase to all preexisting LUKS devices.
+
+ This establishes a common passphrase for all encrypted devices
+ in the system so that users only have to enter one passphrase
+ during system boot.
+ """
+ if not self.retrofitPassphrase:
+ return
+
+ for device in self.devices:
+ if device.format.type == "luks" and \
+ device.format._LUKS__passphrase != self.encryptionPassphrase:
+ log.info("adding new passphrase to preexisting encrypted "
+ "device %s" % device.path)
+ try:
+ device.format.addPassphrase(self.encryptionPassphrase)
+ except CryptoError:
+ log.error("failed to add new passphrase to existing "
+ "device %s" % device.path)
+
def sanityCheck(self):
""" Run a series of tests to verify the storage configuration.
--
1.6.0.6
_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
