diff options
author | Ville-Pekka Vainio <vpivaini@cs.helsinki.fi> | 2008-03-28 17:40:12 +0000 |
---|---|---|
committer | Ville-Pekka Vainio <vpivaini@cs.helsinki.fi> | 2008-03-28 17:40:12 +0000 |
commit | 7bd335b29c8157ec5e63ebead612818023285b79 (patch) | |
tree | 4ff9095e03d08773344cc6e1eac19a36687248e4 | |
parent | 1f89b9074c66db7477380b80d426e4b90c5e6dd7 (diff) | |
parent | 60034d0f1904aaa6b9618cb8b092a33db225019b (diff) | |
download | anaconda-7bd335b29c8157ec5e63ebead612818023285b79.tar.gz anaconda-7bd335b29c8157ec5e63ebead612818023285b79.tar.xz anaconda-7bd335b29c8157ec5e63ebead612818023285b79.zip |
Merge branch 'master' of ssh://git.fedorahosted.org/git/anaconda
-rw-r--r-- | cryptodev.py | 28 | ||||
-rw-r--r-- | firewall.py | 3 | ||||
-rw-r--r-- | instdata.py | 2 | ||||
-rwxr-xr-x | isys/isys.py | 2 | ||||
-rw-r--r-- | iutil.py | 4 | ||||
-rw-r--r-- | iw/lvm_dialog_gui.py | 8 | ||||
-rw-r--r-- | iw/partition_dialog_gui.py | 32 | ||||
-rw-r--r-- | iw/partition_ui_helpers_gui.py | 7 | ||||
-rw-r--r-- | iw/raid_dialog_gui.py | 23 | ||||
-rw-r--r-- | loader2/hdinstall.c | 2 | ||||
-rw-r--r-- | packages.py | 2 | ||||
-rw-r--r-- | partedUtils.py | 8 | ||||
-rw-r--r-- | partitions.py | 93 | ||||
-rw-r--r-- | security.py | 4 | ||||
-rw-r--r-- | ui/lukspassphrase.glade | 4 |
15 files changed, 168 insertions, 54 deletions
diff --git a/cryptodev.py b/cryptodev.py index 080d198b6..47ae3509f 100644 --- a/cryptodev.py +++ b/cryptodev.py @@ -38,6 +38,17 @@ def isLuks(device): else: return True +def luksUUID(device): + if not device.startswith("/"): + device = "/dev/" + device + + if not isLuks(device): + return None + + uuid = iutil.execWithCapture("cryptsetup", ["luksUUID", device]) + uuid = uuid.strip() + return uuid + class LUKSDevice: """LUKSDevice represents an encrypted block device using LUKS/dm-crypt. It requires an underlying block device and a passphrase to become @@ -46,6 +57,7 @@ class LUKSDevice: self._device = None self.passphrase = "" self.name = "" + self.uuid = None self.nameLocked = False self.format = format self.preexist = not format @@ -67,11 +79,8 @@ class LUKSDevice: self._device = device if device is not None: - if device.startswith("/dev/"): - device = device[5:] - name = "%s-%s" % (self.scheme.lower(), - device.replace("/", "-")) + os.path.basename(device)) self.setName(name) def getDevice(self, encrypted=0): @@ -82,6 +91,17 @@ class LUKSDevice: return dev + def getUUID(self): + if self.format: + # self.format means we're going to reformat but haven't yet + # so we shouldn't act like there's anything worth seeing there + return + + if not self.uuid: + self.uuid = luksUUID(self.getDevice(encrypted=1)) + + return self.uuid + def setName(self, name, lock=False): """Set the name of the mapped device, eg: 'dmcrypt-sda3'""" if self.name == name: diff --git a/firewall.py b/firewall.py index 87c036c63..8f870c91c 100644 --- a/firewall.py +++ b/firewall.py @@ -68,7 +68,8 @@ class Firewall: try: if not flags.test: iutil.execWithRedirect("/usr/sbin/lokkit", args, - root=instPath, stdout=None, stderr=None) + root=instPath, stdout="/dev/null", + stderr="/dev/null") else: log.error("would have run %s", args) except RuntimeError, msg: diff --git a/instdata.py b/instdata.py index d66757f59..1ae678855 100644 --- a/instdata.py +++ b/instdata.py @@ -173,7 +173,7 @@ class InstallData: try: if not flags.test: iutil.execWithRedirect("/usr/sbin/authconfig", args, - stdout = None, stderr = None, + stdout = "/dev/tty5", stderr = "/dev/tty5", root = self.anaconda.rootPath) else: log.error("Would have run: %s", args) diff --git a/isys/isys.py b/isys/isys.py index 8c20d1e76..5cb63030f 100755 --- a/isys/isys.py +++ b/isys/isys.py @@ -790,6 +790,8 @@ def readFSType(device): return "physical volume (LVM)" if fstype == "ext4": return "ext4dev" + elif fstype == "lvm2pv": + return "physical volume (LVM)" return fstype def ext2Clobber(device): @@ -59,7 +59,9 @@ def execWithRedirect(command, argv, stdin = 0, stdout = 1, stderr = 2, if type(stderr) == type("string"): stderr = open(stderr, "w") - stdout.write("Running... %s\n" %([command] + argv,)) + if stdout is not None: + stdout.write("Running... %s\n" %([command] + argv,)) + try: proc = subprocess.Popen([command] + argv, stdin=stdin, stdout=stdout, stderr=stderr, preexec_fn=chroot, cwd=root) diff --git a/iw/lvm_dialog_gui.py b/iw/lvm_dialog_gui.py index 8bbb4a506..84e83a92d 100644 --- a/iw/lvm_dialog_gui.py +++ b/iw/lvm_dialog_gui.py @@ -615,6 +615,7 @@ class VolumeGroupEditor: # create potential request request = copy.copy(logrequest) + request.encryption = copy.deepcopy(logrequest.encryption) pesize = int(self.peCombo.get_active_value()) size = lvm.clampLVSizeRequest(size, pesize, roundup=1) @@ -659,11 +660,14 @@ class VolumeGroupEditor: else: passphrase = "" - passphrase = self.intf.getLuksPassphrase(passphrase) + if not request.encryption or request.encryption.format: + passphrase = self.intf.getLuksPassphrase(passphrase) - if passphrase: + if passphrase and not request.encryption: request.encryption = LUKSDevice(passphrase=passphrase, format=1) + elif passphrase and request.encryption.format: + request.encryption.setPassphrase(passphrase) else: request.encryption = None diff --git a/iw/partition_dialog_gui.py b/iw/partition_dialog_gui.py index a38448ed2..7e1c8e118 100644 --- a/iw/partition_dialog_gui.py +++ b/iw/partition_dialog_gui.py @@ -141,13 +141,15 @@ class PartitionEditor: passphrase = request.encryption.passphrase else: passphrase = "" - passphrase = self.intf.getLuksPassphrase(passphrase) + + if not request.encryption or request.encryption.format: + passphrase = self.intf.getLuksPassphrase(passphrase) + if passphrase and not request.encryption: request.encryption = LUKSDevice(passphrase=passphrase, format=1) - elif passphrase: + elif passphrase and request.encryption.format: request.encryption.setPassphrase(passphrase) - request.encryption.format = 1 else: request.encryption = None @@ -212,6 +214,7 @@ class PartitionEditor: else: # preexisting partition, just set mount point and format flag request = copy.copy(self.origrequest) + request.encryption = copy.deepcopy(self.origrequest.encryption) if self.fsoptionsDict.has_key("formatcb"): request.format = self.fsoptionsDict["formatcb"].get_active() @@ -243,23 +246,21 @@ class PartitionEditor: else: request.mountpoint = None - if self.fsoptionsDict.has_key("lukscb"): - lukscb = self.fsoptionsDict["lukscb"] - else: - lukscb = None - - if request.format and lukscb and lukscb.get_active(): + lukscb = self.fsoptionsDict.get("lukscb") + if lukscb and lukscb.get_active(): if request.encryption: passphrase = request.encryption.passphrase else: passphrase = "" - passphrase = self.intf.getLuksPassphrase(passphrase) + + if not request.encryption or request.encryption.format: + passphrase = self.intf.getLuksPassphrase(passphrase) + if passphrase and not request.encryption: request.encryption = LUKSDevice(passphrase=passphrase, format=1) - elif passphrase: + elif passphrase and request.encryption.format: request.encryption.setPassphrase(passphrase) - request.encryption.format = 1 else: request.encryption = None @@ -331,8 +332,6 @@ class PartitionEditor: lbl = createAlignedLabel(_("File System _Type:")) maintable.attach(lbl, 0, 1, row, row + 1) - self.lukscb = gtk.CheckButton(_("_Encrypt")) - self.lukscb.set_data("formatstate", 1) self.newfstypeCombo = createFSTypeMenu(self.origrequest.fstype, fstypechangeCB, self.mountCombo, @@ -485,14 +484,15 @@ class PartitionEditor: # checkbutton for encryption using dm-crypt/LUKS if self.origrequest.type == REQUEST_NEW: + self.lukscb = gtk.CheckButton(_("_Encrypt")) + self.lukscb.set_data("formatstate", 1) + if self.origrequest.encryption: self.lukscb.set_active(1) else: self.lukscb.set_active(0) maintable.attach(self.lukscb, 0, 2, row, row + 1) row = row + 1 - else: - self.lukscb = None # put main table into dialog self.dialog.vbox.pack_start(maintable) diff --git a/iw/partition_ui_helpers_gui.py b/iw/partition_ui_helpers_gui.py index 210c93902..bc5960469 100644 --- a/iw/partition_ui_helpers_gui.py +++ b/iw/partition_ui_helpers_gui.py @@ -240,7 +240,8 @@ def formatOptionCB(widget, data): if lukscb is not None: lukscb.set_data("formatstate", widget.get_active()) if not widget.get_active(): - lukscb.set_active(0) + # set "Encrypt" checkbutton to match partition's initial state + lukscb.set_active(lukscb.get_data("encrypted")) lukscb.set_sensitive(0) else: lukscb.set_sensitive(1) @@ -354,9 +355,9 @@ def createPreExistFSOptionSection(origrequest, maintable, row, mountCombo, formatcb.connect("toggled", formatOptionResizeCB, resizesb) - if origrequest.encryption and formatcb.get_active(): - # probably never happen + if origrequest.encryption: lukscb.set_active(1) + lukscb.set_data("encrypted", 1) lukscb.set_sensitive(formatcb.get_active()) lukscb.set_data("formatstate", formatcb.get_active()) diff --git a/iw/raid_dialog_gui.py b/iw/raid_dialog_gui.py index a30624ed7..d62e368fd 100644 --- a/iw/raid_dialog_gui.py +++ b/iw/raid_dialog_gui.py @@ -146,6 +146,7 @@ class RaidEditor: # read out UI into a partition specification request = copy.copy(self.origrequest) + request.encryption = copy.deepcopy(self.origrequest.encryption) # doesn't make sense for RAID device if not self.origrequest.getPreExisting(): @@ -193,13 +194,15 @@ class RaidEditor: passphrase = request.encryption.passphrase else: passphrase = "" - passphrase = self.intf.getLuksPassphrase(passphrase) + + if not request.encryption or request.encryption.format: + passphrase = self.intf.getLuksPassphrase(passphrase) + if passphrase and not request.encryption: request.encryption = LUKSDevice(passphrase=passphrase, format=1) - elif passphrase: - request.encryption.setPassphrase(passphrase) - request.encryption.format = 1 + elif passphrase and request.encryption.format: + request.setPassphrase(passphrase) else: request.encryption = None else: @@ -228,18 +231,20 @@ class RaidEditor: request.mountpoint = None lukscb = self.fsoptionsDict.get("lukscb") - if request.format and lukscb and lukscb.get_active(): + if lukscb and lukscb.get_active(): if request.encryption: passphrase = request.encryption.passphrase else: passphrase = "" - passphrase = self.intf.getLuksPassphrase(passphrase) + + if not request.encryption or request.encryption.format: + passphrase = self.intf.getLuksPassphrase(passphrase) + if passphrase and not request.encryption: request.encryption = LUKSDevice(passphrase=passphrase, format=1) - elif passphrase: - request.encryption.setPassphrase(passphrase) - request.encryption.format = 1 + elif passphrase and request.encryption.format: + request.setPassphrase(passphrase) else: request.encryption = None diff --git a/loader2/hdinstall.c b/loader2/hdinstall.c index 1a34b294c..8dd270ac2 100644 --- a/loader2/hdinstall.c +++ b/loader2/hdinstall.c @@ -221,7 +221,7 @@ static char * setupIsoImages(char * device, char * dirName, char * location) { /* and mounting */ rc = loadHDImages("/mnt/source", "/", "/dev/loop0", "/mnt/runtime", location); - umountLoopback("/mnt/source", "/dev/loop0"); + umountLoopback("/mnt/source", "/dev/loop1"); if (rc) { umount("/mnt/isodir"); diff --git a/packages.py b/packages.py index c4b22fcd3..b52580886 100644 --- a/packages.py +++ b/packages.py @@ -322,7 +322,7 @@ def recreateInitrd (kernelTag, instRoot): log.info("recreating initrd for %s" % (kernelTag,)) iutil.execWithRedirect("/sbin/new-kernel-pkg", [ "--mkinitrd", "--depmod", "--install", kernelTag ], - stdout = None, stderr = None, + stdout = "/dev/null", stderr = "/dev/null", searchPath = 1, root = instRoot) def regKeyScreen(anaconda): diff --git a/partedUtils.py b/partedUtils.py index 4c050efa5..6cb4830bf 100644 --- a/partedUtils.py +++ b/partedUtils.py @@ -809,6 +809,11 @@ class DiskSet: lvm.vgscan() lvm.vgactivate() + for dev, crypto in self.anaconda.id.partitions.encryptedDevices.items(): + # FIXME: order these so LVM and RAID always work on the first try + if crypto.openDevice(): + log.error("failed to open encrypted device %s" % (dev,)) + for (vg, lv, size, lvorigin) in lvm.lvlist(): if lvorigin: continue @@ -816,7 +821,8 @@ class DiskSet: found = 0 theDev = dev node = "%s/%s" % (vg, lv) - crypto = self.anaconda.id.partitions.encryptedDevices.get(node) + dmnode = "mapper/%s-%s" % (vg, lv) + crypto = self.anaconda.id.partitions.encryptedDevices.get(dmnode) if crypto and not crypto.openDevice(): theDev = "/dev/%s" % (crypto.getDevice(),) elif crypto: diff --git a/partitions.py b/partitions.py index e3297f7c8..399fd8cc5 100644 --- a/partitions.py +++ b/partitions.py @@ -184,6 +184,12 @@ class Partitions: return self.protected def getCryptoDev(self, device): + log.info("going to get passphrase for encrypted device %s" % device) + luksDev = self.encryptedDevices.get(device) + if luksDev: + log.debug("passphrase for device %s already known" % device) + return luksDev + intf = self.anaconda.intf luksDev = cryptodev.LUKSDevice(device) if self.globalPassphrase: @@ -198,8 +204,9 @@ class Partitions: return buttons = [_("Back"), _("Continue")] + devname = os.path.basename(device) while True: - (passphrase, isglobal) = intf.passphraseEntryWindow(device) + (passphrase, isglobal) = intf.passphraseEntryWindow(devname) if not passphrase: rc = intf.messageWindow(_("Confirm"), _("Are you sure you want to skip " @@ -208,7 +215,7 @@ class Partitions: "If you skip this step the " "device's contents will not " "be available during " - "installation.") % device, + "installation.") % devname, type = "custom", default = 0, custom_buttons = buttons) @@ -275,19 +282,25 @@ class Partitions: if lvvg != vg: continue - theDev = "/dev/%s/%s" %(vg, lv) + theDev = "/dev/mapper/%s-%s" %(vg, lv) if cryptodev.isLuks(theDev): - self.getCryptoDev("%s/%s" % (vg, lv)) + self.getCryptoDev("mapper/%s-%s" % (vg, lv)) lvm.vgdeactivate() diskset.stopMdRaid() for luksDev in self.encryptedDevices.values(): luksDev.closeDevice() + # try again now that encryption mappings are closed + lvm.vgdeactivate() + diskset.stopMdRaid() + for luksDev in self.encryptedDevices.values(): + luksDev.closeDevice() def setFromDisk(self, diskset): """Clear the delete list and set self.requests to reflect disk.""" self.deletes = [] self.requests = [] + self.getEncryptedDevices(diskset) labels = diskset.getInfo() drives = diskset.disks.keys() drives.sort() @@ -316,7 +329,17 @@ class Partitions: # handling instead some day. if ptype is None: ptype = fsset.fileSystemTypeGet("foreign") - + + device = partedUtils.get_partition_name(part) + luksDev = self.encryptedDevices.get(device) + if luksDev and not luksDev.openDevice(): + mappedDev = luksDev.getDevice() + fsname = partedUtils.sniffFilesystemType("/dev/%s" % mappedDev) + try: + ptype = fsset.fileSystemTypeGet(fsname) + except: + ptype = fsset.fileSystemTypeGet("foreign") + start = part.geom.start end = part.geom.end size = partedUtils.getPartSizeMB(part) @@ -329,6 +352,7 @@ class Partitions: drive = drive, format = format) spec.device = fsset.PartedPartitionDevice(part).getDevice() + spec.encryption = luksDev spec.maxResizeSize = partedUtils.getMaxAvailPartSizeMB(part) # set label if makes sense @@ -336,7 +360,9 @@ class Partitions: if spec.device in labels.keys(): if labels[spec.device] and len(labels[spec.device])>0: spec.fslabel = labels[spec.device] - + elif luksDev and not luksDev.getStatus() and mappedDev in labels.keys(): + if labels[mappedDev] and len(labels[mappedDev])>0: + spec.fslabel = labels[mappedDev] self.addRequest(spec) part = disk.next_partition(part) @@ -372,14 +398,20 @@ class Partitions: raidvols.append(req.uniqueID) - fs = partedUtils.sniffFilesystemType("/dev/%s" %(theDev,)) + luksDev = self.encryptedDevices.get(theDev) + if luksDev and not luksDev.openDevice(): + device = luksDev.getDevice() + else: + device = theDev + + fs = partedUtils.sniffFilesystemType("/dev/%s" %(device,)) try: fsystem = fsset.fileSystemTypeGet(fs) except: fsystem = fsset.fileSystemTypeGet("foreign") try: - fslabel = isys.readFSLabel(theDev) + fslabel = isys.readFSLabel(device) except: fslabel = None @@ -397,6 +429,7 @@ class Partitions: chunksize = chunk, fslabel = fslabel) spec.size = spec.getActualSize(self, diskset) + spec.encryption = luksDev self.addRequest(spec) lvm.writeForceConf() @@ -441,7 +474,14 @@ class Partitions: lvsize = float(size) theDev = "/dev/%s/%s" %(vg, lv) - fs = partedUtils.sniffFilesystemType(theDev) + + luksDev = self.encryptedDevices.get("mapper/%s-%s" % (vg, lv)) + if luksDev and not luksDev.openDevice(): + device = luksDev.getDevice() + else: + device = theDev + + fs = partedUtils.sniffFilesystemType(device) fslabel = None try: @@ -450,7 +490,7 @@ class Partitions: fsystem = fsset.fileSystemTypeGet("foreign") try: - fslabel = isys.readFSLabel(theDev) + fslabel = isys.readFSLabel(device) except: fslabel = None @@ -463,6 +503,7 @@ class Partitions: preexist = 1) if fsystem.isResizable(): spec.minResizeSize = fsystem.getMinimumSize("%s/%s" %(vg, lv)) + spec.encryption = luksDev self.addRequest(spec) for vg in lvm.partialvgs(): @@ -470,8 +511,15 @@ class Partitions: self.addDelete(spec) lvm.vgdeactivate() + diskset.stopMdRaid() + for luksDev in self.encryptedDevices.values(): + luksDev.closeDevice() + # try again now that encryption mappings are closed + lvm.vgdeactivate() diskset.stopMdRaid() + for luksDev in self.encryptedDevices.values(): + luksDev.closeDevice() def addRequest (self, request): """Add a new request to the list.""" @@ -514,6 +562,13 @@ class Partitions: if tmp == device: return request elif request.device == device: + return request + elif request.encryption: + deviceUUID = cryptodev.luksUUID("/dev/" + device) + cryptoDev = request.encryption.getDevice() + cryptoUUID = request.encryption.getUUID() + if cryptoDev == device or \ + (cryptoUUID and cryptoUUID == deviceUUID): return request return None @@ -1533,6 +1588,8 @@ class Partitions: diskset.startMPath() diskset.startDmRaid() diskset.startMdRaid() + for luksDev in self.encryptedDevices.values(): + luksDev.openDevice() lvm.vgactivate() snapshots = {} @@ -1561,6 +1618,10 @@ class Partitions: for name,vg in lvm_parent_deletes: log.info("removing lv %s" % (name,)) + key = "mapper/%s-%s" % (vg, name) + if key in self.encryptedDevices.keys(): + self.encryptedDevices[key].closeDevice() + del self.encryptedDevices[key] lvm.lvremove(name, vg) # now, go through and delete volume groups @@ -1571,6 +1632,18 @@ class Partitions: delete.setDeleted(1) lvm.vgdeactivate() + + # now, remove obsolete cryptodev instances + for (device, luksDev) in self.encryptedDevices.items(): + luksDev.closeDevice() + found = 0 + for req in self.requests: + if req.encryption == luksDev: + found = 1 + + if not found: + del self.encryptedDevices[device] + diskset.stopMdRaid() def doMetaResizes(self, diskset): diff --git a/security.py b/security.py index 5de3c0673..7a76364a5 100644 --- a/security.py +++ b/security.py @@ -67,8 +67,8 @@ class Security: try: if not flags.test: iutil.execWithRedirect("/usr/sbin/lokkit", args, - root = instPath, stdout = None, - stderr = None) + root = instPath, stdout = "/dev/null", + stderr = "/dev/null") else: log.info("would have run %s" %(args,)) except RuntimeError, msg: diff --git a/ui/lukspassphrase.glade b/ui/lukspassphrase.glade index 7daee2055..cb76e6b3f 100644 --- a/ui/lukspassphrase.glade +++ b/ui/lukspassphrase.glade @@ -223,8 +223,8 @@ <widget class="GtkDialog" id="passphraseEntryDialog"> <property name="visible">True</property> <property name="title" translatable="yes">Passphrase</property> - <property name="type">GTK_WINDOW_POPUP</property> - <property name="window_position">GTK_WIN_POS_CENTER_ON_PARENT</property> + <property name="type">GTK_WINDOW_TOPLEVEL</property> + <property name="window_position">GTK_WIN_POS_CENTER</property> <property name="modal">True</property> <property name="resizable">True</property> <property name="destroy_with_parent">False</property> |