Add escrow support

Add support for storing an X.509 certificate used to encrypt the escrow
data, and a "create backup passphrase" flag, to storage.formats.LUKS,
and support for storing the same options of "autopart" globally to
storage.Storage.

While parsing kickstart directives, download the X.509 certificates
specified in thekickstart file (if any), enabling network access if
necessary, then store the data in the above-described storage objects.

While autopartitioning, copy the "autopart" escrow options into each
created LUKS volume.

Finally, as a part of doPostInstall, find all LUKS volumes with escrow
configured, create the escrow files and store them in /mnt/sysimage/root.

Changes since the previous version:
- Drop unused .encryptedDevice assignments
- Move writeEscrowPackets inside doPostInstall
- Fix bugs introduced while moving code to storage.formats.LUKS

Further changes:
- Don't pass escrow args to lvmpv format constructor.
- Move backup passphrase generation into storage.devicelibs.crypto.
- Use newer, clearer except syntax in storage.writeEscrowPackets.

1 files changed, 2 insertions, 0 deletions

diff --git a/livecd.py b/livecd.py
index 73c075cb4..685e172ed 100644
--- a/livecd.py
+++ b/livecd.py
@@ -353,6 +353,8 @@ class LiveCDCopyBackend(backend.AnacondaBackend):
         # setup /etc/rpm/ for the post-install environment
         iutil.writeRpmPlatform(anaconda.rootPath)
 
+        storage.writeEscrowPackets(anaconda)
+
         # maybe heavy handed, but it'll do
         if os.path.exists(anaconda.rootPath + "/usr/bin/rhgb") or os.path.exists(anaconda.rootPath + "/usr/bin/plymouth"):
             anaconda.id.bootloader.args.append("rhgb quiet")