diff options
| author | David Lehman <dlehman@redhat.com> | 2009-04-15 17:05:38 -0500 |
|---|---|---|
| committer | David Lehman <dlehman@redhat.com> | 2009-04-24 12:28:43 -0500 |
| commit | daeccf205342a82022d2676b0d0eca9737df4ae1 (patch) | |
| tree | c8df67f7cc9b4121340fa41568f9618fc4dcf5dc | |
| parent | 63dfdf7cd2060392f30ffa3e6967e94cd901950a (diff) | |
| download | anaconda-daeccf205342a82022d2676b0d0eca9737df4ae1.tar.gz anaconda-daeccf205342a82022d2676b0d0eca9737df4ae1.tar.xz anaconda-daeccf205342a82022d2676b0d0eca9737df4ae1.zip | |
Add support for encryption passphrase retrofits.
This adds the newly established passphrase to all preexisting LUKS
devices so that the system can be booted by entering a single passphrase.
| -rw-r--r-- | storage/__init__.py | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/storage/__init__.py b/storage/__init__.py index 081e5435f..6f063d457 100644 --- a/storage/__init__.py +++ b/storage/__init__.py @@ -233,6 +233,7 @@ class Storage(object): def doIt(self): self.devicetree.processActions() + self.doEncryptionPassphraseRetrofits() # now set the boot partition's flag try: @@ -753,6 +754,27 @@ class Storage(object): return lvtemplate + def doEncryptionPassphraseRetrofits(self): + """ Add the global passphrase to all preexisting LUKS devices. + + This establishes a common passphrase for all encrypted devices + in the system so that users only have to enter one passphrase + during system boot. + """ + if not self.retrofitPassphrase: + return + + for device in self.devices: + if device.format.type == "luks" and \ + device.format._LUKS__passphrase != self.encryptionPassphrase: + log.info("adding new passphrase to preexisting encrypted " + "device %s" % device.path) + try: + device.format.addPassphrase(self.encryptionPassphrase) + except CryptoError: + log.error("failed to add new passphrase to existing " + "device %s" % device.path) + def sanityCheck(self): """ Run a series of tests to verify the storage configuration. |