Re: [PATCH] Bring luks_add_key and luks_remove_key back into devicelibs.crypto.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Since it is my own code being moved around, I can't see anything wrong, so.. Looks OK.

----- "David Lehman" <dlehman@xxxxxxxxxx> wrote:

> In order to include these in pycryptsetup we had to create yet
> another duplicate copy of execWithRedirect. This patch brings them
> back into anaconda so we can easily modify them if needed until
> the day when pycryptsetup has this functionality. It also allows us
> to redirect the output to someplace useful for debugging.
> ---
>  storage/devicelibs/crypto.py |   69
> +++++++++++++++++++++++++++++++++++++++--
>  1 files changed, 65 insertions(+), 4 deletions(-)
> 
> diff --git a/storage/devicelibs/crypto.py
> b/storage/devicelibs/crypto.py
> index 771798a..94c2081 100644
> --- a/storage/devicelibs/crypto.py
> +++ b/storage/devicelibs/crypto.py
> @@ -22,6 +22,7 @@
>  
>  import os
>  from pycryptsetup import CryptSetup
> +import iutil
>  
>  from ..errors import *
>  
> @@ -101,14 +102,74 @@ def luks_close(name):
>  def luks_add_key(device,
>                   new_passphrase=None, new_key_file=None,
>                   passphrase=None, key_file=None):
> -    cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
> -    return cs.addKey(device, new_passphrase, new_key_file,
> passphrase, key_file)
>  
> +    params = ["-q"]
> +
> +    p = os.pipe()
> +    if passphrase:
> +        os.write(p[1], "%s\n" % passphrase)
> +    elif key_file and os.path.isfile(key_file):
> +        params.extend(["--key-file", key_file])
> +    else:
> +        raise CryptoError("luks_add_key requires either a passphrase
> or a key file")
> +
> +    params.extend(["luksAddKey", device])
> +
> +    if new_passphrase:
> +        os.write(p[1], "%s\n" % new_passphrase)
> +    elif new_key_file and os.path.isfile(new_key_file):
> +        params.append("%s" % new_key_file)
> +    else:
> +        raise CryptoError("luks_add_key requires either a passphrase
> or a key file to add")
> +
> +    os.close(p[1])
> +
> +    rc = iutil.execWithRedirect("cryptsetup", params,
> +                                stdin = p[0],
> +                                stdout = "/dev/tty5",
> +                                stderr = "/dev/tty5",
> +                                searchPath = 1)
> +
> +    os.close(p[0])
> +    if rc:
> +        raise CryptoError("luks add key failed with errcode %d" %
> (rc,))
>  
>  def luks_remove_key(device,
>                      del_passphrase=None, del_key_file=None,
>                      passphrase=None, key_file=None):
> -    cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
> -    return cs.removeKey(device, del_passphrase, del_key_file,
> passphrase, key_file)
> +
> +    params = []
> +
> +    p = os.pipe()
> +    if del_passphrase: #the first question is about the key we want
> to remove
> +        os.write(p[1], "%s\n" % del_passphrase)
> +
> +    if passphrase:
> +        os.write(p[1], "%s\n" % passphrase)
> +    elif key_file and os.path.isfile(key_file):
> +        params.extend(["--key-file", key_file])
> +    else:
> +        raise CryptoError("luks_remove_key requires either a
> passphrase or a key file")
> +
> +    params.extend(["luksRemoveKey", device])
> +
> +    if del_passphrase:
> +        pass
> +    elif del_key_file and os.path.isfile(del_key_file):
> +        params.append("%s" % del_key_file)
> +    else:
> +        raise CryptoError("luks_remove_key requires either a
> passphrase or a key file to remove")
> +
> +    os.close(p[1])
> +
> +    rc = iutil.execWithRedirect("cryptsetup", params,
> +                                stdin = p[0],
> +                                stdout = "/dev/tty5",
> +                                stderr = "/dev/tty5",
> +                                searchPath = 1)
> +
> +    os.close(p[0])
> +    if rc:
> +        raise CryptoError("luks_remove_key failed with errcode %d" %
> (rc,))
>  
>  
> -- 
> 1.6.0.6
> 
> _______________________________________________
> Anaconda-devel-list mailing list
> Anaconda-devel-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/anaconda-devel-list

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
[Index of Archives]     [Kickstart]     [Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]
  Powered by Linux