On Tue, 2011-03-29 at 11:53 +0200, Martin Sivak wrote: > --- > pyanaconda/storage/devicelibs/crypto.py | 136 +++++++++---------------------- > 1 files changed, 40 insertions(+), 96 deletions(-) Aside from removal of key file support, this looks okay to me. We aren't currently using key file support, but it is something I've been meaning to add to anaconda for kickstart users. Ack. Dave > > diff --git a/pyanaconda/storage/devicelibs/crypto.py b/pyanaconda/storage/devicelibs/crypto.py > index 84b055a..049bc2a 100644 > --- a/pyanaconda/storage/devicelibs/crypto.py > +++ b/pyanaconda/storage/devicelibs/crypto.py > @@ -55,139 +55,83 @@ def askyes(question): > def dolog(priority, text): > pass > > +def askpassphrase(text): > + return None > + > def is_luks(device): > - cs = CryptSetup(yesDialog = askyes, logFunc = dolog) > - return cs.isLuks(device) > + cs = CryptSetup(device=device, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase) > + return cs.isLuks() > > def luks_uuid(device): > - cs = CryptSetup(yesDialog = askyes, logFunc = dolog) > - return cs.luksUUID(device).strip() > + cs = CryptSetup(device=device, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase) > + return cs.luksUUID() > > def luks_status(name): > """True means active, False means inactive (or non-existent)""" > - cs = CryptSetup(yesDialog = askyes, logFunc = dolog) > - return cs.luksStatus(name)!=0 > + cs = CryptSetup(name=name, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase) > + return cs.status() > > def luks_format(device, > - passphrase=None, key_file=None, > + passphrase=None, > cipher=None, key_size=None): > - cs = CryptSetup(yesDialog = askyes, logFunc = dolog) > - key_file_unlink = False > - > - if passphrase: > - key_file = cs.prepare_passphrase_file(passphrase) > - key_file_unlink = True > - elif key_file and os.path.isfile(key_file): > - pass > - else: > - raise ValueError("luks_format requires either a passphrase or a key file") > + if not passphrase: > + raise ValueError("luks_format requires passphrase") > > + cs = CryptSetup(device=device, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase) > #None is not considered as default value and pycryptsetup doesn't accept it > #so we need to filter out all Nones > kwargs = {} > - kwargs["device"] = device > + kwargs["passphrase"] = passphrase > if cipher: kwargs["cipher"] = cipher > - if key_file: kwargs["keyfile"] = key_file > - if key_size: kwargs["keysize"] = key_size > + if cipher: kwargs["cipherMode"] = cipherMode > + if key_size: kwargs["keysize"] = key_size > > rc = cs.luksFormat(**kwargs) > - if key_file_unlink: os.unlink(key_file) > - > if rc: > raise CryptoError("luks_format failed for '%s'" % device) > > -def luks_open(device, name, passphrase=None, key_file=None): > - cs = CryptSetup(yesDialog = askyes, logFunc = dolog) > - key_file_unlink = False > +def luks_open(device, name, passphrase=None): > + if not passphrase: > + raise ValueError("luks_format requires passphrase") > > - if passphrase: > - key_file = cs.prepare_passphrase_file(passphrase) > - key_file_unlink = True > - elif key_file and os.path.isfile(key_file): > - pass > - else: > - raise ValueError("luks_open requires either a passphrase or a key file") > + cs = CryptSetup(device=device, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase) > > - rc = cs.luksOpen(device = device, name = name, keyfile = key_file) > - if key_file_unlink: os.unlink(key_file) > + rc = cs.activate(passphrase = passphrase, name = name) > if rc: > raise CryptoError("luks_open failed for %s (%s)" % (device, name)) > > def luks_close(name): > - cs = CryptSetup(yesDialog = askyes, logFunc = dolog) > - rc = cs.luksClose(name) > + cs = CryptSetup(name=name, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase) > + rc = cs.deactivate() > + > if rc: > raise CryptoError("luks_close failed for %s" % name) > > def luks_add_key(device, > - new_passphrase=None, new_key_file=None, > - passphrase=None, key_file=None): > - > - params = ["-q"] > - > - p = os.pipe() > - if passphrase: > - os.write(p[1], "%s\n" % passphrase) > - elif key_file and os.path.isfile(key_file): > - params.extend(["--key-file", key_file]) > - else: > - raise CryptoError("luks_add_key requires either a passphrase or a key file") > - > - params.extend(["luksAddKey", device]) > - > - if new_passphrase: > - os.write(p[1], "%s\n" % new_passphrase) > - elif new_key_file and os.path.isfile(new_key_file): > - params.append("%s" % new_key_file) > - else: > - raise CryptoError("luks_add_key requires either a passphrase or a key file to add") > + new_passphrase=None, > + passphrase=None): > > - os.close(p[1]) > + if not passphrase: > + raise ValueError("luks_add_key requires passphrase") > > - rc = iutil.execWithRedirect("cryptsetup", params, > - stdin = p[0], > - stdout = "/dev/tty5", > - stderr = "/dev/tty5") > - > - os.close(p[0]) > + cs = CryptSetup(device=device, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase) > + rc = cs.addPassphrase(passphrase = passphrase, newPassphrase = new_passphrase) > + > if rc: > raise CryptoError("luks add key failed with errcode %d" % (rc,)) > > def luks_remove_key(device, > - del_passphrase=None, del_key_file=None, > - passphrase=None, key_file=None): > - > - params = [] > - > - p = os.pipe() > - if del_passphrase: #the first question is about the key we want to remove > - os.write(p[1], "%s\n" % del_passphrase) > - > - if passphrase: > - os.write(p[1], "%s\n" % passphrase) > - elif key_file and os.path.isfile(key_file): > - params.extend(["--key-file", key_file]) > - else: > - raise CryptoError("luks_remove_key requires either a passphrase or a key file") > + del_passphrase=None, > + passphrase=None): > > - params.extend(["luksRemoveKey", device]) > + if not passphrase: > + raise ValueError("luks_remove_key requires passphrase") > > - if del_passphrase: > - pass > - elif del_key_file and os.path.isfile(del_key_file): > - params.append("%s" % del_key_file) > - else: > - raise CryptoError("luks_remove_key requires either a passphrase or a key file to remove") > - > - os.close(p[1]) > - > - rc = iutil.execWithRedirect("cryptsetup", params, > - stdin = p[0], > - stdout = "/dev/tty5", > - stderr = "/dev/tty5") > - > - os.close(p[0]) > + cs = CryptSetup(device=device, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase) > + rc = cs.removePassphrase(passphrase = new_passphrase) > + > if rc: > - raise CryptoError("luks_remove_key failed with errcode %d" % (rc,)) > + raise CryptoError("luks remove key failed with errcode %d" % (rc,)) > + > > _______________________________________________ Anaconda-devel-list mailing list Anaconda-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/anaconda-devel-list