summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xgui.py29
-rw-r--r--iw/autopart_type.py2
-rw-r--r--iw/lvm_dialog_gui.py14
-rw-r--r--iw/partition_dialog_gui.py28
-rw-r--r--iw/raid_dialog_gui.py28
-rw-r--r--partitions.py33
-rw-r--r--text.py28
-rw-r--r--ui/lukspassphrase.glade19
8 files changed, 156 insertions, 25 deletions
diff --git a/gui.py b/gui.py
index b7c3596d6..c0d3031f5 100755
--- a/gui.py
+++ b/gui.py
@@ -623,7 +623,8 @@ class InstallKeyWindow:
self.win.destroy()
class luksPassphraseWindow:
- def __init__(self, passphrase=None, device = "", parent = None):
+ def __init__(self, passphrase=None, device = "", isglobal = False,
+ parent = None):
luksxml = gtk.glade.XML(findGladeFile("lukspassphrase.glade"),
domain="anaconda",
root="luksPassphraseDialog")
@@ -633,6 +634,17 @@ class luksPassphraseWindow:
self.confirmEntry.set_visibility(False)
self.win = luksxml.get_widget("luksPassphraseDialog")
self.okButton = luksxml.get_widget("okbutton1")
+ self.globalcheckbutton = luksxml.get_widget("globalcheckbutton")
+ self.isglobal = isglobal
+ if isglobal and not passphrase:
+ # we must be prompting for autopart passphrase
+ self.globalcheckbutton.hide()
+ elif not passphrase:
+ # gently encourage the use of a global passphrase
+ self.globalcheckbutton.set_active(True)
+ else:
+ self.globalcheckbutton.set_active(isglobal)
+
self.minimumLength = 8 # arbitrary; should probably be much larger
if passphrase:
self.initialPassphrase = passphrase
@@ -679,6 +691,10 @@ class luksPassphraseWindow:
self.passphraseEntry.set_text("")
self.confirmEntry.set_text("")
continue
+
+ if not self.isglobal and not self.initialPassphrase:
+ self.isglobal = self.globalcheckbutton.get_active()
+
else:
self.passphraseEntry.set_text(self.initialPassphrase)
self.confirmEntry.set_text(self.initialPassphrase)
@@ -688,6 +704,9 @@ class luksPassphraseWindow:
def getPassphrase(self):
return self.passphraseEntry.get_text()
+ def getGlobal(self):
+ return self.isglobal
+
def getrc(self):
return self.rc
@@ -1228,17 +1247,19 @@ class InstallInterface:
d.destroy()
return ret
- def getLuksPassphrase(self, passphrase = "", device = ""):
+ def getLuksPassphrase(self, passphrase = "", device = "", isglobal = False):
if self.icw:
parent = self.icw.window
else:
parent = None
- d = luksPassphraseWindow(passphrase, device = device, parent = parent)
+ d = luksPassphraseWindow(passphrase, parent = parent, device = device,
+ isglobal = isglobal)
rc = d.run()
passphrase = d.getPassphrase()
+ isglobal = d.getGlobal()
d.destroy()
- return passphrase
+ return (passphrase, isglobal)
def passphraseEntryWindow(self, device):
if self.icw:
diff --git a/iw/autopart_type.py b/iw/autopart_type.py
index 3fc523c72..4fd230793 100644
--- a/iw/autopart_type.py
+++ b/iw/autopart_type.py
@@ -141,7 +141,7 @@ class PartitionTypeWindow(InstallWindow):
self.dispatch.skipStep("autopartitionexecute", skip = 0)
if self.xml.get_widget("encryptButton").get_active():
- thepass = self.intf.getLuksPassphrase(self.partitions.autoEncryptPass)
+ (thepass, isglobal) = self.intf.getLuksPassphrase(self.partitions.autoEncryptPass, isglobal=True)
if not thepass:
raise gui.StayOnScreen
self.partitions.autoEncryptPass = thepass
diff --git a/iw/lvm_dialog_gui.py b/iw/lvm_dialog_gui.py
index 74b67415e..24aab4e7c 100644
--- a/iw/lvm_dialog_gui.py
+++ b/iw/lvm_dialog_gui.py
@@ -661,14 +661,26 @@ class VolumeGroupEditor:
else:
passphrase = ""
+ isglobal = False
if not request.encryption or request.encryption.format:
- passphrase = self.intf.getLuksPassphrase(passphrase)
+ if not passphrase and self.partitions.globalPassphrase:
+ passphrase = self.partitions.globalPassphrase
+ else:
+ if passphrase and \
+ passphrase == self.partitions.globalPassphrase:
+ isglobal = True
+ (passphrase, isglobal) = self.intf.getLuksPassphrase(passphrase, isglobal=isglobal)
if passphrase and not request.encryption:
request.encryption = LUKSDevice(passphrase=passphrase,
format=1)
elif passphrase and request.encryption.format:
request.encryption.setPassphrase(passphrase)
+ else:
+ isglobal = False
+
+ if isglobal and not self.partitions.globalPassphrase:
+ self.partitions.globalPassphrase = passphrase
else:
request.encryption = None
diff --git a/iw/partition_dialog_gui.py b/iw/partition_dialog_gui.py
index 0b5e52d34..7e547cd7f 100644
--- a/iw/partition_dialog_gui.py
+++ b/iw/partition_dialog_gui.py
@@ -142,14 +142,26 @@ class PartitionEditor:
else:
passphrase = ""
+ isglobal = False
if not request.encryption or request.encryption.format:
- passphrase = self.intf.getLuksPassphrase(passphrase)
+ if not passphrase and self.partitions.globalPassphrase:
+ passphrase = self.partitions.globalPassphrase
+ else:
+ if passphrase and \
+ passphrase == self.partitions.globalPassphrase:
+ isglobal = True
+ (passphrase, isglobal) = self.intf.getLuksPassphrase(passphrase, isglobal=isglobal)
if passphrase and not request.encryption:
request.encryption = LUKSDevice(passphrase=passphrase,
format=1)
elif passphrase and request.encryption.format:
request.encryption.setPassphrase(passphrase)
+ else:
+ isglobal = False
+
+ if isglobal and not self.partitions.globalPassphrase:
+ self.partitions.globalPassphrase = passphrase
else:
request.encryption = None
@@ -252,14 +264,26 @@ class PartitionEditor:
else:
passphrase = ""
+ isglobal = False
if not request.encryption or request.encryption.format:
- passphrase = self.intf.getLuksPassphrase(passphrase)
+ if not passphrase and self.partitions.globalPassphrase:
+ passphrase = self.partitions.globalPassphrase
+ else:
+ if passphrase and \
+ passphrase == self.partitions.globalPassphrase:
+ isglobal = True
+ (passphrase, isglobal) = self.intf.getLuksPassphrase(passphrase, isglobal=isglobal)
if passphrase and not request.encryption:
request.encryption = LUKSDevice(passphrase=passphrase,
format=1)
elif passphrase and request.encryption.format:
request.encryption.setPassphrase(passphrase)
+ else:
+ isglobal = False
+
+ if isglobal and not self.partitions.globalPassphrase:
+ self.partitions.globalPassphrase = passphrase
else:
request.encryption = None
diff --git a/iw/raid_dialog_gui.py b/iw/raid_dialog_gui.py
index 35fcc4f28..1e300d14e 100644
--- a/iw/raid_dialog_gui.py
+++ b/iw/raid_dialog_gui.py
@@ -196,14 +196,26 @@ class RaidEditor:
else:
passphrase = ""
+ isglobal = False
if not request.encryption or request.encryption.format:
- passphrase = self.intf.getLuksPassphrase(passphrase)
+ if not passphrase and self.partitions.globalPassphrase:
+ passphrase = self.partitions.globalPassphrase
+ else:
+ if passphrase and \
+ passphrase == self.partitions.globalPassphrase:
+ isglobal = True
+ (passphrase, isglobal) = self.intf.getLuksPassphrase(passphrase, isglobal=isglobal)
if passphrase and not request.encryption:
request.encryption = LUKSDevice(passphrase=passphrase,
format=1)
elif passphrase and request.encryption.format:
request.encryption.setPassphrase(passphrase)
+ else:
+ isglobal = False
+
+ if isglobal and not self.partitions.globalPassphrase:
+ self.partitions.globalPassphrase = passphrase
else:
request.encryption = None
else:
@@ -238,14 +250,26 @@ class RaidEditor:
else:
passphrase = ""
+ isglobal = False
if not request.encryption or request.encryption.format:
- passphrase = self.intf.getLuksPassphrase(passphrase)
+ if not passphrase and self.partitions.globalPassphrase:
+ passphrase = self.partitions.globalPassphrase
+ else:
+ if passphrase and \
+ passphrase == self.partitions.globalPassphrase:
+ isglobal = True
+ (passphrase, isglobal) = self.intf.getLuksPassphrase(passphrase, isglobal=isglobal)
if passphrase and not request.encryption:
request.encryption = LUKSDevice(passphrase=passphrase,
format=1)
elif passphrase and request.encryption.format:
request.encryption.setPassphrase(passphrase)
+ else:
+ isglobal = False
+
+ if isglobal and not self.partitions.globalPassphrase:
+ self.partitions.globalPassphrase = passphrase
else:
request.encryption = None
diff --git a/partitions.py b/partitions.py
index 8c3d5cb7f..636d65775 100644
--- a/partitions.py
+++ b/partitions.py
@@ -94,6 +94,7 @@ def partitioningComplete(anaconda):
anaconda.id.partitions.sortRequests()
anaconda.id.fsset.reset()
+ undoAutoEncrypt = False
for request in anaconda.id.partitions.requests:
# XXX improve sanity checking
if (not request.fstype or (request.fstype.isMountable()
@@ -105,6 +106,10 @@ def partitioningComplete(anaconda):
partitions = anaconda.id.partitions
if partitions.autoEncrypt and partitions.autoEncryptPass:
request.encryption.setPassphrase(partitions.autoEncryptPass)
+ elif partitions.globalPassphrase:
+ request.encryption.setPassphrase(partitions.globalPassphrase)
+ elif undoAutoEncrypt:
+ request.encryption = None
else:
if partitions.autoEncrypt:
dev = ""
@@ -112,25 +117,34 @@ def partitioningComplete(anaconda):
dev = request.getDevice(partitions).getDevice(asBoot=1)
while True:
- passphrase = anaconda.intf.getLuksPassphrase(device=dev)
+ (passphrase, isglobal) = anaconda.intf.getLuksPassphrase(device=dev, isglobal=partitions.autoEncrypt)
if passphrase:
request.encryption.setPassphrase(passphrase)
if partitions.autoEncrypt:
partitions.autoEncryptPass = passphrase
+ elif isglobal:
+ partitions.globalPassphrase = passphrase
break
else:
- # perhaps a warning that we're not going to encrypt?
+ if dev:
+ devstr = _(" for device %s") % (dev,)
+ else:
+ devstr = ""
rc = anaconda.intf.messageWindow(_("Encrypt device?"),
- _("You specified that device %s should be "
- "encrypted, but you have not supplied a "
- "passphrase. If you do not go back and "
- "provide a passphrase, the device will "
- "not be encrypted.") % (dev,),
+ _("You specified block device encryption "
+ "should be enabled%s, but you have not "
+ "supplied a passphrase. If you do not "
+ "go back and provide a passphrase, "
+ "block device encryption%s will be "
+ "disabled.") % (devstr, devstr),
type="custom",
custom_buttons=[_("Back"), _("Continue")],
default=0)
if rc == 1:
request.encryption = None
+ if partitions.autoEncrypt:
+ partitions.autoEncrypt = False
+ undoAutoEncrypt = True
break
entry = request.toEntry(anaconda.id.partitions)
@@ -336,6 +350,11 @@ class Partitions:
for luksDev in self.encryptedDevices.values():
luksDev.closeDevice()
+ # We shouldn't have any further need for the global passphrase
+ # except for new device creation, in which case we want to give
+ # the user a chance to establish a new global passphrase.
+ self.globalPassphrase = ""
+
def setFromDisk(self, diskset):
"""Clear the delete list and set self.requests to reflect disk."""
self.deletes = []
diff --git a/text.py b/text.py
index 8e221e741..e98e849d3 100644
--- a/text.py
+++ b/text.py
@@ -311,10 +311,11 @@ class MainExceptionWindow:
self.screen.refresh()
class LuksPassphraseWindow:
- def __init__(self, screen, passphrase = "", device = ""):
+ def __init__(self, screen, passphrase = "", device = "", isglobal = False):
self.screen = screen
self.passphrase = passphrase
self.minLength = 8
+ self.isglobal = isglobal
if device:
deviceStr = " (%s)" % (device,)
else:
@@ -326,7 +327,7 @@ class LuksPassphraseWindow:
def run(self):
toplevel = GridForm(self.screen, _("Passphrase for encrypted device"),
- 1, 4)
+ 1, 5)
txt = TextboxReflowed(65, self.txt)
toplevel.add(txt, 0, 0)
@@ -337,8 +338,17 @@ class LuksPassphraseWindow:
confirmentry = Entry(60, password = 1)
toplevel.add(confirmentry, 0, 2, (0,0,0,1))
+ if not (self.isglobal and not self.passphrase):
+ if not self.passphrase:
+ isglobal = True
+ else:
+ isglobal = self.isglobal
+ # if we don't hit this we're prompting for autopart passphrase
+ globalcheckbox = Checkbox(_("Use this passphrase for all new encrypted devices"), isOn = isglobal)
+ toplevel.add(globalcheckbox, 0, 3)
+
buttons = ButtonBar(self.screen, [TEXT_OK_BUTTON, TEXT_CANCEL_BUTTON])
- toplevel.add(buttons, 0, 3, growx=1)
+ toplevel.add(buttons, 0, 4, growx=1)
passphraseentry.set(self.passphrase)
confirmentry.set(self.passphrase)
@@ -376,8 +386,10 @@ class LuksPassphraseWindow:
passphraseentry.set(self.passphrase)
confirmentry.set(self.passphrase)
+ if not self.isglobal and not self.passphrase:
+ self.isglobal = globalcheckbox.selected()
self.rc = passphrase
- return self.rc
+ return (self.rc, self.isglobal)
def pop(self):
self.screen.popWindow()
@@ -480,12 +492,12 @@ class InstallInterface:
r.strip()
return r
- def getLuksPassphrase(self, passphrase = "", device = ""):
+ def getLuksPassphrase(self, passphrase = "", device = "", isglobal = False):
w = LuksPassphraseWindow(self.screen, passphrase = passphrase,
- device = device)
- passphrase = w.run()
+ device = device, isglobal = isglobal)
+ (passphrase, isglobal) = w.run()
w.pop()
- return passphrase
+ return (passphrase, isglobal)
def passphraseEntryWindow(self, device):
w = PassphraseEntryWindow(self.screen, device)
diff --git a/ui/lukspassphrase.glade b/ui/lukspassphrase.glade
index b3e91bed5..4132a93db 100644
--- a/ui/lukspassphrase.glade
+++ b/ui/lukspassphrase.glade
@@ -239,6 +239,25 @@
<property name="fill">True</property>
</packing>
</child>
+ <child>
+ <widget class="GtkCheckButton" id="globalcheckbutton">
+ <property name="border_width">5</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">Use this passphrase for all new encrypted devices</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
</widget>
<packing>
<property name="padding">0</property>
generated by cgit (git 2.34.1) at 2024-11-19 17:27:20 +0000