Re: [PATCH] Update our storage/crypto interface to use new cryptsetup API

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 2011-03-29 at 11:53 +0200, Martin Sivak wrote:
> ---
>  pyanaconda/storage/devicelibs/crypto.py |  136 +++++++++----------------------
>  1 files changed, 40 insertions(+), 96 deletions(-)

Aside from removal of key file support, this looks okay to me. We aren't
currently using key file support, but it is something I've been meaning
to add to anaconda for kickstart users.

Ack.

Dave

> 
> diff --git a/pyanaconda/storage/devicelibs/crypto.py b/pyanaconda/storage/devicelibs/crypto.py
> index 84b055a..049bc2a 100644
> --- a/pyanaconda/storage/devicelibs/crypto.py
> +++ b/pyanaconda/storage/devicelibs/crypto.py
> @@ -55,139 +55,83 @@ def askyes(question):
>  def dolog(priority, text):
>      pass
>  
> +def askpassphrase(text):
> +    return None
> +
>  def is_luks(device):
> -    cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
> -    return cs.isLuks(device)
> +    cs = CryptSetup(device=device, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase)
> +    return cs.isLuks()
>  
>  def luks_uuid(device):
> -    cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
> -    return cs.luksUUID(device).strip()
> +    cs = CryptSetup(device=device, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase)
> +    return cs.luksUUID()
>  
>  def luks_status(name):
>      """True means active, False means inactive (or non-existent)"""
> -    cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
> -    return cs.luksStatus(name)!=0
> +    cs = CryptSetup(name=name, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase)
> +    return cs.status()
>  
>  def luks_format(device,
> -                passphrase=None, key_file=None,
> +                passphrase=None,
>                  cipher=None, key_size=None):
> -    cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
> -    key_file_unlink = False
> -
> -    if passphrase:
> -        key_file = cs.prepare_passphrase_file(passphrase)
> -        key_file_unlink = True
> -    elif key_file and os.path.isfile(key_file):
> -        pass
> -    else:
> -        raise ValueError("luks_format requires either a passphrase or a key file")
> +    if not passphrase:
> +        raise ValueError("luks_format requires passphrase")
>  
> +    cs = CryptSetup(device=device, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase)
>      #None is not considered as default value and pycryptsetup doesn't accept it
>      #so we need to filter out all Nones
>      kwargs = {}
> -    kwargs["device"] = device
> +    kwargs["passphrase"] = passphrase
>      if   cipher: kwargs["cipher"]  = cipher
> -    if key_file: kwargs["keyfile"] = key_file
> -    if key_size: kwargs["keysize"] = key_size
> +    if   cipher: kwargs["cipherMode"]  = cipherMode
> +    if key_size: kwargs["keysize"]  = key_size
>  
>      rc = cs.luksFormat(**kwargs)
> -    if key_file_unlink: os.unlink(key_file)
> -
>      if rc:
>          raise CryptoError("luks_format failed for '%s'" % device)
>  
> -def luks_open(device, name, passphrase=None, key_file=None):
> -    cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
> -    key_file_unlink = False
> +def luks_open(device, name, passphrase=None):
> +    if not passphrase:
> +        raise ValueError("luks_format requires passphrase")
>  
> -    if passphrase:
> -        key_file = cs.prepare_passphrase_file(passphrase)
> -        key_file_unlink = True
> -    elif key_file and os.path.isfile(key_file):
> -        pass
> -    else:
> -        raise ValueError("luks_open requires either a passphrase or a key file")
> +    cs = CryptSetup(device=device, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase)
>  
> -    rc = cs.luksOpen(device = device, name = name, keyfile = key_file)
> -    if key_file_unlink: os.unlink(key_file)
> +    rc = cs.activate(passphrase = passphrase, name = name)
>      if rc:
>          raise CryptoError("luks_open failed for %s (%s)" % (device, name))
>  
>  def luks_close(name):
> -    cs = CryptSetup(yesDialog = askyes, logFunc = dolog)
> -    rc = cs.luksClose(name)
> +    cs = CryptSetup(name=name, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase)
> +    rc = cs.deactivate()
> +
>      if rc:
>          raise CryptoError("luks_close failed for %s" % name)
>  
>  def luks_add_key(device,
> -                 new_passphrase=None, new_key_file=None,
> -                 passphrase=None, key_file=None):
> -
> -    params = ["-q"]
> -
> -    p = os.pipe()
> -    if passphrase:
> -        os.write(p[1], "%s\n" % passphrase)
> -    elif key_file and os.path.isfile(key_file):
> -        params.extend(["--key-file", key_file])
> -    else:
> -        raise CryptoError("luks_add_key requires either a passphrase or a key file")
> -
> -    params.extend(["luksAddKey", device])
> -
> -    if new_passphrase:
> -        os.write(p[1], "%s\n" % new_passphrase)
> -    elif new_key_file and os.path.isfile(new_key_file):
> -        params.append("%s" % new_key_file)
> -    else:
> -        raise CryptoError("luks_add_key requires either a passphrase or a key file to add")
> +                 new_passphrase=None,
> +                 passphrase=None):
>  
> -    os.close(p[1])
> +    if not passphrase:
> +        raise ValueError("luks_add_key requires passphrase")
>  
> -    rc = iutil.execWithRedirect("cryptsetup", params,
> -                                stdin = p[0],
> -                                stdout = "/dev/tty5",
> -                                stderr = "/dev/tty5")
> -
> -    os.close(p[0])
> +    cs = CryptSetup(device=device, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase)
> +    rc = cs.addPassphrase(passphrase = passphrase, newPassphrase = new_passphrase)
> +    
>      if rc:
>          raise CryptoError("luks add key failed with errcode %d" % (rc,))
>  
>  def luks_remove_key(device,
> -                    del_passphrase=None, del_key_file=None,
> -                    passphrase=None, key_file=None):
> -
> -    params = []
> -
> -    p = os.pipe()
> -    if del_passphrase: #the first question is about the key we want to remove
> -        os.write(p[1], "%s\n" % del_passphrase)
> -
> -    if passphrase:
> -        os.write(p[1], "%s\n" % passphrase)
> -    elif key_file and os.path.isfile(key_file):
> -        params.extend(["--key-file", key_file])
> -    else:
> -        raise CryptoError("luks_remove_key requires either a passphrase or a key file")
> +                    del_passphrase=None,
> +                    passphrase=None):
>  
> -    params.extend(["luksRemoveKey", device])
> +    if not passphrase:
> +        raise ValueError("luks_remove_key requires passphrase")
>  
> -    if del_passphrase:
> -        pass
> -    elif del_key_file and os.path.isfile(del_key_file):
> -        params.append("%s" % del_key_file)
> -    else:
> -        raise CryptoError("luks_remove_key requires either a passphrase or a key file to remove")
> -
> -    os.close(p[1])
> -
> -    rc = iutil.execWithRedirect("cryptsetup", params,
> -                                stdin = p[0],
> -                                stdout = "/dev/tty5",
> -                                stderr = "/dev/tty5")
> -
> -    os.close(p[0])
> +    cs = CryptSetup(device=device, yesDialog = askyes, logFunc = dolog, passwordDialog = askpassphrase)
> +    rc = cs.removePassphrase(passphrase = new_passphrase)
> +    
>      if rc:
> -        raise CryptoError("luks_remove_key failed with errcode %d" % (rc,))
> +        raise CryptoError("luks remove key failed with errcode %d" % (rc,))
> +
>  
> 


_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
[Index of Archives]     [Kickstart]     [Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]
  Powered by Linux