diff options
author | Miloslav Trmač <mitr@redhat.com> | 2009-08-10 15:27:24 +0200 |
---|---|---|
committer | David Lehman <dlehman@redhat.com> | 2009-09-14 15:56:58 -0500 |
commit | f516734ec62ba67aad15234d6efae47aff0a55bb (patch) | |
tree | 3d5338a6caddfac4e87ce2b0071a5166b739eaa0 /backend.py | |
parent | e40d37951c437a64cc3a2c9b5f99e21123e917e3 (diff) | |
download | anaconda-f516734ec62ba67aad15234d6efae47aff0a55bb.tar.gz anaconda-f516734ec62ba67aad15234d6efae47aff0a55bb.tar.xz anaconda-f516734ec62ba67aad15234d6efae47aff0a55bb.zip |
Add escrow support
Add support for storing an X.509 certificate used to encrypt the escrow
data, and a "create backup passphrase" flag, to storage.formats.LUKS,
and support for storing the same options of "autopart" globally to
storage.Storage.
While parsing kickstart directives, download the X.509 certificates
specified in thekickstart file (if any), enabling network access if
necessary, then store the data in the above-described storage objects.
While autopartitioning, copy the "autopart" escrow options into each
created LUKS volume.
Finally, as a part of doPostInstall, find all LUKS volumes with escrow
configured, create the escrow files and store them in /mnt/sysimage/root.
Changes since the previous version:
- Drop unused .encryptedDevice assignments
- Move writeEscrowPackets inside doPostInstall
- Fix bugs introduced while moving code to storage.formats.LUKS
Further changes:
- Don't pass escrow args to lvmpv format constructor.
- Move backup passphrase generation into storage.devicelibs.crypto.
- Use newer, clearer except syntax in storage.writeEscrowPackets.
Diffstat (limited to 'backend.py')
-rw-r--r-- | backend.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/backend.py b/backend.py index 04235a82c..5501ac801 100644 --- a/backend.py +++ b/backend.py @@ -31,6 +31,7 @@ from constants import * import isys import kickstart import packages +import storage from flags import flags log = logging.getLogger("anaconda") @@ -103,6 +104,8 @@ class AnacondaBackend: for d in glob.glob("/tmp/DD-*"): shutil.copytree(d, "/root/" + os.path.basename(d)) + storage.writeEscrowPackets(anaconda) + sys.stdout.flush() if flags.setupFilesystems: syslog.stop() |