From f516734ec62ba67aad15234d6efae47aff0a55bb Mon Sep 17 00:00:00 2001 From: Miloslav Trmač Date: Mon, 10 Aug 2009 15:27:24 +0200 Subject: Add escrow support Add support for storing an X.509 certificate used to encrypt the escrow data, and a "create backup passphrase" flag, to storage.formats.LUKS, and support for storing the same options of "autopart" globally to storage.Storage. While parsing kickstart directives, download the X.509 certificates specified in thekickstart file (if any), enabling network access if necessary, then store the data in the above-described storage objects. While autopartitioning, copy the "autopart" escrow options into each created LUKS volume. Finally, as a part of doPostInstall, find all LUKS volumes with escrow configured, create the escrow files and store them in /mnt/sysimage/root. Changes since the previous version: - Drop unused .encryptedDevice assignments - Move writeEscrowPackets inside doPostInstall - Fix bugs introduced while moving code to storage.formats.LUKS Further changes: - Don't pass escrow args to lvmpv format constructor. - Move backup passphrase generation into storage.devicelibs.crypto. - Use newer, clearer except syntax in storage.writeEscrowPackets. --- livecd.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'livecd.py') diff --git a/livecd.py b/livecd.py index 73c075cb4..685e172ed 100644 --- a/livecd.py +++ b/livecd.py @@ -353,6 +353,8 @@ class LiveCDCopyBackend(backend.AnacondaBackend): # setup /etc/rpm/ for the post-install environment iutil.writeRpmPlatform(anaconda.rootPath) + storage.writeEscrowPackets(anaconda) + # maybe heavy handed, but it'll do if os.path.exists(anaconda.rootPath + "/usr/bin/rhgb") or os.path.exists(anaconda.rootPath + "/usr/bin/plymouth"): anaconda.id.bootloader.args.append("rhgb quiet") -- cgit