summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVille-Pekka Vainio <vpivaini@cs.helsinki.fi>2008-03-28 17:40:12 +0000
committerVille-Pekka Vainio <vpivaini@cs.helsinki.fi>2008-03-28 17:40:12 +0000
commit7bd335b29c8157ec5e63ebead612818023285b79 (patch)
tree4ff9095e03d08773344cc6e1eac19a36687248e4
parent1f89b9074c66db7477380b80d426e4b90c5e6dd7 (diff)
parent60034d0f1904aaa6b9618cb8b092a33db225019b (diff)
downloadanaconda-7bd335b29c8157ec5e63ebead612818023285b79.tar.gz
anaconda-7bd335b29c8157ec5e63ebead612818023285b79.tar.xz
anaconda-7bd335b29c8157ec5e63ebead612818023285b79.zip
Merge branch 'master' of ssh://git.fedorahosted.org/git/anaconda
Diffstat
-rw-r--r--cryptodev.py28
-rw-r--r--firewall.py3
-rw-r--r--instdata.py2
-rwxr-xr-xisys/isys.py2
-rw-r--r--iutil.py4
-rw-r--r--iw/lvm_dialog_gui.py8
-rw-r--r--iw/partition_dialog_gui.py32
-rw-r--r--iw/partition_ui_helpers_gui.py7
-rw-r--r--iw/raid_dialog_gui.py23
-rw-r--r--loader2/hdinstall.c2
-rw-r--r--packages.py2
-rw-r--r--partedUtils.py8
-rw-r--r--partitions.py93
-rw-r--r--security.py4
-rw-r--r--ui/lukspassphrase.glade4
15 files changed, 168 insertions, 54 deletions
diff --git a/cryptodev.py b/cryptodev.py
index 080d198b6..47ae3509f 100644
--- a/cryptodev.py
+++ b/cryptodev.py
@@ -38,6 +38,17 @@ def isLuks(device):
else:
return True
+def luksUUID(device):
+ if not device.startswith("/"):
+ device = "/dev/" + device
+
+ if not isLuks(device):
+ return None
+
+ uuid = iutil.execWithCapture("cryptsetup", ["luksUUID", device])
+ uuid = uuid.strip()
+ return uuid
+
class LUKSDevice:
"""LUKSDevice represents an encrypted block device using LUKS/dm-crypt.
It requires an underlying block device and a passphrase to become
@@ -46,6 +57,7 @@ class LUKSDevice:
self._device = None
self.passphrase = ""
self.name = ""
+ self.uuid = None
self.nameLocked = False
self.format = format
self.preexist = not format
@@ -67,11 +79,8 @@ class LUKSDevice:
self._device = device
if device is not None:
- if device.startswith("/dev/"):
- device = device[5:]
-
name = "%s-%s" % (self.scheme.lower(),
- device.replace("/", "-"))
+ os.path.basename(device))
self.setName(name)
def getDevice(self, encrypted=0):
@@ -82,6 +91,17 @@ class LUKSDevice:
return dev
+ def getUUID(self):
+ if self.format:
+ # self.format means we're going to reformat but haven't yet
+ # so we shouldn't act like there's anything worth seeing there
+ return
+
+ if not self.uuid:
+ self.uuid = luksUUID(self.getDevice(encrypted=1))
+
+ return self.uuid
+
def setName(self, name, lock=False):
"""Set the name of the mapped device, eg: 'dmcrypt-sda3'"""
if self.name == name:
diff --git a/firewall.py b/firewall.py
index 87c036c63..8f870c91c 100644
--- a/firewall.py
+++ b/firewall.py
@@ -68,7 +68,8 @@ class Firewall:
try:
if not flags.test:
iutil.execWithRedirect("/usr/sbin/lokkit", args,
- root=instPath, stdout=None, stderr=None)
+ root=instPath, stdout="/dev/null",
+ stderr="/dev/null")
else:
log.error("would have run %s", args)
except RuntimeError, msg:
diff --git a/instdata.py b/instdata.py
index d66757f59..1ae678855 100644
--- a/instdata.py
+++ b/instdata.py
@@ -173,7 +173,7 @@ class InstallData:
try:
if not flags.test:
iutil.execWithRedirect("/usr/sbin/authconfig", args,
- stdout = None, stderr = None,
+ stdout = "/dev/tty5", stderr = "/dev/tty5",
root = self.anaconda.rootPath)
else:
log.error("Would have run: %s", args)
diff --git a/isys/isys.py b/isys/isys.py
index 8c20d1e76..5cb63030f 100755
--- a/isys/isys.py
+++ b/isys/isys.py
@@ -790,6 +790,8 @@ def readFSType(device):
return "physical volume (LVM)"
if fstype == "ext4":
return "ext4dev"
+ elif fstype == "lvm2pv":
+ return "physical volume (LVM)"
return fstype
def ext2Clobber(device):
diff --git a/iutil.py b/iutil.py
index 56f61e15e..0ef898cf0 100644
--- a/iutil.py
+++ b/iutil.py
@@ -59,7 +59,9 @@ def execWithRedirect(command, argv, stdin = 0, stdout = 1, stderr = 2,
if type(stderr) == type("string"):
stderr = open(stderr, "w")
- stdout.write("Running... %s\n" %([command] + argv,))
+ if stdout is not None:
+ stdout.write("Running... %s\n" %([command] + argv,))
+
try:
proc = subprocess.Popen([command] + argv, stdin=stdin, stdout=stdout,
stderr=stderr, preexec_fn=chroot, cwd=root)
diff --git a/iw/lvm_dialog_gui.py b/iw/lvm_dialog_gui.py
index 8bbb4a506..84e83a92d 100644
--- a/iw/lvm_dialog_gui.py
+++ b/iw/lvm_dialog_gui.py
@@ -615,6 +615,7 @@ class VolumeGroupEditor:
# create potential request
request = copy.copy(logrequest)
+ request.encryption = copy.deepcopy(logrequest.encryption)
pesize = int(self.peCombo.get_active_value())
size = lvm.clampLVSizeRequest(size, pesize, roundup=1)
@@ -659,11 +660,14 @@ class VolumeGroupEditor:
else:
passphrase = ""
- passphrase = self.intf.getLuksPassphrase(passphrase)
+ if not request.encryption or request.encryption.format:
+ passphrase = self.intf.getLuksPassphrase(passphrase)
- if passphrase:
+ if passphrase and not request.encryption:
request.encryption = LUKSDevice(passphrase=passphrase,
format=1)
+ elif passphrase and request.encryption.format:
+ request.encryption.setPassphrase(passphrase)
else:
request.encryption = None
diff --git a/iw/partition_dialog_gui.py b/iw/partition_dialog_gui.py
index a38448ed2..7e1c8e118 100644
--- a/iw/partition_dialog_gui.py
+++ b/iw/partition_dialog_gui.py
@@ -141,13 +141,15 @@ class PartitionEditor:
passphrase = request.encryption.passphrase
else:
passphrase = ""
- passphrase = self.intf.getLuksPassphrase(passphrase)
+
+ if not request.encryption or request.encryption.format:
+ passphrase = self.intf.getLuksPassphrase(passphrase)
+
if passphrase and not request.encryption:
request.encryption = LUKSDevice(passphrase=passphrase,
format=1)
- elif passphrase:
+ elif passphrase and request.encryption.format:
request.encryption.setPassphrase(passphrase)
- request.encryption.format = 1
else:
request.encryption = None
@@ -212,6 +214,7 @@ class PartitionEditor:
else:
# preexisting partition, just set mount point and format flag
request = copy.copy(self.origrequest)
+ request.encryption = copy.deepcopy(self.origrequest.encryption)
if self.fsoptionsDict.has_key("formatcb"):
request.format = self.fsoptionsDict["formatcb"].get_active()
@@ -243,23 +246,21 @@ class PartitionEditor:
else:
request.mountpoint = None
- if self.fsoptionsDict.has_key("lukscb"):
- lukscb = self.fsoptionsDict["lukscb"]
- else:
- lukscb = None
-
- if request.format and lukscb and lukscb.get_active():
+ lukscb = self.fsoptionsDict.get("lukscb")
+ if lukscb and lukscb.get_active():
if request.encryption:
passphrase = request.encryption.passphrase
else:
passphrase = ""
- passphrase = self.intf.getLuksPassphrase(passphrase)
+
+ if not request.encryption or request.encryption.format:
+ passphrase = self.intf.getLuksPassphrase(passphrase)
+
if passphrase and not request.encryption:
request.encryption = LUKSDevice(passphrase=passphrase,
format=1)
- elif passphrase:
+ elif passphrase and request.encryption.format:
request.encryption.setPassphrase(passphrase)
- request.encryption.format = 1
else:
request.encryption = None
@@ -331,8 +332,6 @@ class PartitionEditor:
lbl = createAlignedLabel(_("File System _Type:"))
maintable.attach(lbl, 0, 1, row, row + 1)
- self.lukscb = gtk.CheckButton(_("_Encrypt"))
- self.lukscb.set_data("formatstate", 1)
self.newfstypeCombo = createFSTypeMenu(self.origrequest.fstype,
fstypechangeCB,
self.mountCombo,
@@ -485,14 +484,15 @@ class PartitionEditor:
# checkbutton for encryption using dm-crypt/LUKS
if self.origrequest.type == REQUEST_NEW:
+ self.lukscb = gtk.CheckButton(_("_Encrypt"))
+ self.lukscb.set_data("formatstate", 1)
+
if self.origrequest.encryption:
self.lukscb.set_active(1)
else:
self.lukscb.set_active(0)
maintable.attach(self.lukscb, 0, 2, row, row + 1)
row = row + 1
- else:
- self.lukscb = None
# put main table into dialog
self.dialog.vbox.pack_start(maintable)
diff --git a/iw/partition_ui_helpers_gui.py b/iw/partition_ui_helpers_gui.py
index 210c93902..bc5960469 100644
--- a/iw/partition_ui_helpers_gui.py
+++ b/iw/partition_ui_helpers_gui.py
@@ -240,7 +240,8 @@ def formatOptionCB(widget, data):
if lukscb is not None:
lukscb.set_data("formatstate", widget.get_active())
if not widget.get_active():
- lukscb.set_active(0)
+ # set "Encrypt" checkbutton to match partition's initial state
+ lukscb.set_active(lukscb.get_data("encrypted"))
lukscb.set_sensitive(0)
else:
lukscb.set_sensitive(1)
@@ -354,9 +355,9 @@ def createPreExistFSOptionSection(origrequest, maintable, row, mountCombo,
formatcb.connect("toggled", formatOptionResizeCB, resizesb)
- if origrequest.encryption and formatcb.get_active():
- # probably never happen
+ if origrequest.encryption:
lukscb.set_active(1)
+ lukscb.set_data("encrypted", 1)
lukscb.set_sensitive(formatcb.get_active())
lukscb.set_data("formatstate", formatcb.get_active())
diff --git a/iw/raid_dialog_gui.py b/iw/raid_dialog_gui.py
index a30624ed7..d62e368fd 100644
--- a/iw/raid_dialog_gui.py
+++ b/iw/raid_dialog_gui.py
@@ -146,6 +146,7 @@ class RaidEditor:
# read out UI into a partition specification
request = copy.copy(self.origrequest)
+ request.encryption = copy.deepcopy(self.origrequest.encryption)
# doesn't make sense for RAID device
if not self.origrequest.getPreExisting():
@@ -193,13 +194,15 @@ class RaidEditor:
passphrase = request.encryption.passphrase
else:
passphrase = ""
- passphrase = self.intf.getLuksPassphrase(passphrase)
+
+ if not request.encryption or request.encryption.format:
+ passphrase = self.intf.getLuksPassphrase(passphrase)
+
if passphrase and not request.encryption:
request.encryption = LUKSDevice(passphrase=passphrase,
format=1)
- elif passphrase:
- request.encryption.setPassphrase(passphrase)
- request.encryption.format = 1
+ elif passphrase and request.encryption.format:
+ request.setPassphrase(passphrase)
else:
request.encryption = None
else:
@@ -228,18 +231,20 @@ class RaidEditor:
request.mountpoint = None
lukscb = self.fsoptionsDict.get("lukscb")
- if request.format and lukscb and lukscb.get_active():
+ if lukscb and lukscb.get_active():
if request.encryption:
passphrase = request.encryption.passphrase
else:
passphrase = ""
- passphrase = self.intf.getLuksPassphrase(passphrase)
+
+ if not request.encryption or request.encryption.format:
+ passphrase = self.intf.getLuksPassphrase(passphrase)
+
if passphrase and not request.encryption:
request.encryption = LUKSDevice(passphrase=passphrase,
format=1)
- elif passphrase:
- request.encryption.setPassphrase(passphrase)
- request.encryption.format = 1
+ elif passphrase and request.encryption.format:
+ request.setPassphrase(passphrase)
else:
request.encryption = None
diff --git a/loader2/hdinstall.c b/loader2/hdinstall.c
index 1a34b294c..8dd270ac2 100644
--- a/loader2/hdinstall.c
+++ b/loader2/hdinstall.c
@@ -221,7 +221,7 @@ static char * setupIsoImages(char * device, char * dirName, char * location) {
/* and mounting */
rc = loadHDImages("/mnt/source", "/", "/dev/loop0",
"/mnt/runtime", location);
- umountLoopback("/mnt/source", "/dev/loop0");
+ umountLoopback("/mnt/source", "/dev/loop1");
if (rc) {
umount("/mnt/isodir");
diff --git a/packages.py b/packages.py
index c4b22fcd3..b52580886 100644
--- a/packages.py
+++ b/packages.py
@@ -322,7 +322,7 @@ def recreateInitrd (kernelTag, instRoot):
log.info("recreating initrd for %s" % (kernelTag,))
iutil.execWithRedirect("/sbin/new-kernel-pkg",
[ "--mkinitrd", "--depmod", "--install", kernelTag ],
- stdout = None, stderr = None,
+ stdout = "/dev/null", stderr = "/dev/null",
searchPath = 1, root = instRoot)
def regKeyScreen(anaconda):
diff --git a/partedUtils.py b/partedUtils.py
index 4c050efa5..6cb4830bf 100644
--- a/partedUtils.py
+++ b/partedUtils.py
@@ -809,6 +809,11 @@ class DiskSet:
lvm.vgscan()
lvm.vgactivate()
+ for dev, crypto in self.anaconda.id.partitions.encryptedDevices.items():
+ # FIXME: order these so LVM and RAID always work on the first try
+ if crypto.openDevice():
+ log.error("failed to open encrypted device %s" % (dev,))
+
for (vg, lv, size, lvorigin) in lvm.lvlist():
if lvorigin:
continue
@@ -816,7 +821,8 @@ class DiskSet:
found = 0
theDev = dev
node = "%s/%s" % (vg, lv)
- crypto = self.anaconda.id.partitions.encryptedDevices.get(node)
+ dmnode = "mapper/%s-%s" % (vg, lv)
+ crypto = self.anaconda.id.partitions.encryptedDevices.get(dmnode)
if crypto and not crypto.openDevice():
theDev = "/dev/%s" % (crypto.getDevice(),)
elif crypto:
diff --git a/partitions.py b/partitions.py
index e3297f7c8..399fd8cc5 100644
--- a/partitions.py
+++ b/partitions.py
@@ -184,6 +184,12 @@ class Partitions:
return self.protected
def getCryptoDev(self, device):
+ log.info("going to get passphrase for encrypted device %s" % device)
+ luksDev = self.encryptedDevices.get(device)
+ if luksDev:
+ log.debug("passphrase for device %s already known" % device)
+ return luksDev
+
intf = self.anaconda.intf
luksDev = cryptodev.LUKSDevice(device)
if self.globalPassphrase:
@@ -198,8 +204,9 @@ class Partitions:
return
buttons = [_("Back"), _("Continue")]
+ devname = os.path.basename(device)
while True:
- (passphrase, isglobal) = intf.passphraseEntryWindow(device)
+ (passphrase, isglobal) = intf.passphraseEntryWindow(devname)
if not passphrase:
rc = intf.messageWindow(_("Confirm"),
_("Are you sure you want to skip "
@@ -208,7 +215,7 @@ class Partitions:
"If you skip this step the "
"device's contents will not "
"be available during "
- "installation.") % device,
+ "installation.") % devname,
type = "custom",
default = 0,
custom_buttons = buttons)
@@ -275,19 +282,25 @@ class Partitions:
if lvvg != vg:
continue
- theDev = "/dev/%s/%s" %(vg, lv)
+ theDev = "/dev/mapper/%s-%s" %(vg, lv)
if cryptodev.isLuks(theDev):
- self.getCryptoDev("%s/%s" % (vg, lv))
+ self.getCryptoDev("mapper/%s-%s" % (vg, lv))
lvm.vgdeactivate()
diskset.stopMdRaid()
for luksDev in self.encryptedDevices.values():
luksDev.closeDevice()
+ # try again now that encryption mappings are closed
+ lvm.vgdeactivate()
+ diskset.stopMdRaid()
+ for luksDev in self.encryptedDevices.values():
+ luksDev.closeDevice()
def setFromDisk(self, diskset):
"""Clear the delete list and set self.requests to reflect disk."""
self.deletes = []
self.requests = []
+ self.getEncryptedDevices(diskset)
labels = diskset.getInfo()
drives = diskset.disks.keys()
drives.sort()
@@ -316,7 +329,17 @@ class Partitions:
# handling instead some day.
if ptype is None:
ptype = fsset.fileSystemTypeGet("foreign")
-
+
+ device = partedUtils.get_partition_name(part)
+ luksDev = self.encryptedDevices.get(device)
+ if luksDev and not luksDev.openDevice():
+ mappedDev = luksDev.getDevice()
+ fsname = partedUtils.sniffFilesystemType("/dev/%s" % mappedDev)
+ try:
+ ptype = fsset.fileSystemTypeGet(fsname)
+ except:
+ ptype = fsset.fileSystemTypeGet("foreign")
+
start = part.geom.start
end = part.geom.end
size = partedUtils.getPartSizeMB(part)
@@ -329,6 +352,7 @@ class Partitions:
drive = drive,
format = format)
spec.device = fsset.PartedPartitionDevice(part).getDevice()
+ spec.encryption = luksDev
spec.maxResizeSize = partedUtils.getMaxAvailPartSizeMB(part)
# set label if makes sense
@@ -336,7 +360,9 @@ class Partitions:
if spec.device in labels.keys():
if labels[spec.device] and len(labels[spec.device])>0:
spec.fslabel = labels[spec.device]
-
+ elif luksDev and not luksDev.getStatus() and mappedDev in labels.keys():
+ if labels[mappedDev] and len(labels[mappedDev])>0:
+ spec.fslabel = labels[mappedDev]
self.addRequest(spec)
part = disk.next_partition(part)
@@ -372,14 +398,20 @@ class Partitions:
raidvols.append(req.uniqueID)
- fs = partedUtils.sniffFilesystemType("/dev/%s" %(theDev,))
+ luksDev = self.encryptedDevices.get(theDev)
+ if luksDev and not luksDev.openDevice():
+ device = luksDev.getDevice()
+ else:
+ device = theDev
+
+ fs = partedUtils.sniffFilesystemType("/dev/%s" %(device,))
try:
fsystem = fsset.fileSystemTypeGet(fs)
except:
fsystem = fsset.fileSystemTypeGet("foreign")
try:
- fslabel = isys.readFSLabel(theDev)
+ fslabel = isys.readFSLabel(device)
except:
fslabel = None
@@ -397,6 +429,7 @@ class Partitions:
chunksize = chunk,
fslabel = fslabel)
spec.size = spec.getActualSize(self, diskset)
+ spec.encryption = luksDev
self.addRequest(spec)
lvm.writeForceConf()
@@ -441,7 +474,14 @@ class Partitions:
lvsize = float(size)
theDev = "/dev/%s/%s" %(vg, lv)
- fs = partedUtils.sniffFilesystemType(theDev)
+
+ luksDev = self.encryptedDevices.get("mapper/%s-%s" % (vg, lv))
+ if luksDev and not luksDev.openDevice():
+ device = luksDev.getDevice()
+ else:
+ device = theDev
+
+ fs = partedUtils.sniffFilesystemType(device)
fslabel = None
try:
@@ -450,7 +490,7 @@ class Partitions:
fsystem = fsset.fileSystemTypeGet("foreign")
try:
- fslabel = isys.readFSLabel(theDev)
+ fslabel = isys.readFSLabel(device)
except:
fslabel = None
@@ -463,6 +503,7 @@ class Partitions:
preexist = 1)
if fsystem.isResizable():
spec.minResizeSize = fsystem.getMinimumSize("%s/%s" %(vg, lv))
+ spec.encryption = luksDev
self.addRequest(spec)
for vg in lvm.partialvgs():
@@ -470,8 +511,15 @@ class Partitions:
self.addDelete(spec)
lvm.vgdeactivate()
+ diskset.stopMdRaid()
+ for luksDev in self.encryptedDevices.values():
+ luksDev.closeDevice()
+ # try again now that encryption mappings are closed
+ lvm.vgdeactivate()
diskset.stopMdRaid()
+ for luksDev in self.encryptedDevices.values():
+ luksDev.closeDevice()
def addRequest (self, request):
"""Add a new request to the list."""
@@ -514,6 +562,13 @@ class Partitions:
if tmp == device:
return request
elif request.device == device:
+ return request
+ elif request.encryption:
+ deviceUUID = cryptodev.luksUUID("/dev/" + device)
+ cryptoDev = request.encryption.getDevice()
+ cryptoUUID = request.encryption.getUUID()
+ if cryptoDev == device or \
+ (cryptoUUID and cryptoUUID == deviceUUID):
return request
return None
@@ -1533,6 +1588,8 @@ class Partitions:
diskset.startMPath()
diskset.startDmRaid()
diskset.startMdRaid()
+ for luksDev in self.encryptedDevices.values():
+ luksDev.openDevice()
lvm.vgactivate()
snapshots = {}
@@ -1561,6 +1618,10 @@ class Partitions:
for name,vg in lvm_parent_deletes:
log.info("removing lv %s" % (name,))
+ key = "mapper/%s-%s" % (vg, name)
+ if key in self.encryptedDevices.keys():
+ self.encryptedDevices[key].closeDevice()
+ del self.encryptedDevices[key]
lvm.lvremove(name, vg)
# now, go through and delete volume groups
@@ -1571,6 +1632,18 @@ class Partitions:
delete.setDeleted(1)
lvm.vgdeactivate()
+
+ # now, remove obsolete cryptodev instances
+ for (device, luksDev) in self.encryptedDevices.items():
+ luksDev.closeDevice()
+ found = 0
+ for req in self.requests:
+ if req.encryption == luksDev:
+ found = 1
+
+ if not found:
+ del self.encryptedDevices[device]
+
diskset.stopMdRaid()
def doMetaResizes(self, diskset):
diff --git a/security.py b/security.py
index 5de3c0673..7a76364a5 100644
--- a/security.py
+++ b/security.py
@@ -67,8 +67,8 @@ class Security:
try:
if not flags.test:
iutil.execWithRedirect("/usr/sbin/lokkit", args,
- root = instPath, stdout = None,
- stderr = None)
+ root = instPath, stdout = "/dev/null",
+ stderr = "/dev/null")
else:
log.info("would have run %s" %(args,))
except RuntimeError, msg:
diff --git a/ui/lukspassphrase.glade b/ui/lukspassphrase.glade
index 7daee2055..cb76e6b3f 100644
--- a/ui/lukspassphrase.glade
+++ b/ui/lukspassphrase.glade
@@ -223,8 +223,8 @@
<widget class="GtkDialog" id="passphraseEntryDialog">
<property name="visible">True</property>
<property name="title" translatable="yes">Passphrase</property>
- <property name="type">GTK_WINDOW_POPUP</property>
- <property name="window_position">GTK_WIN_POS_CENTER_ON_PARENT</property>
+ <property name="type">GTK_WINDOW_TOPLEVEL</property>
+ <property name="window_position">GTK_WIN_POS_CENTER</property>
<property name="modal">True</property>
<property name="resizable">True</property>
<property name="destroy_with_parent">False</property>
generated by cgit (git 2.34.1) at 2024-06-06 19:08:48 +0000