[Fai-commit] r6083 - branches/experimental/patches

[Michael Tautschnig]

Author: mt
Date: 2010-09-26 14:05:57 +0000 (Sun, 26 Sep 2010)
New Revision: 6083

Modified:
   branches/experimental/patches/setup-storage_cryptsetup-passphrase
Log:
Trying to fix luks+passphrase code


Modified: branches/experimental/patches/setup-storage_cryptsetup-passphrase
===================================================================
--- branches/experimental/patches/setup-storage_cryptsetup-passphrase	2010-09-25 22:55:00 UTC (rev 6082)
+++ branches/experimental/patches/setup-storage_cryptsetup-passphrase	2010-09-26 14:05:57 UTC (rev 6083)
@@ -8,26 +8,37 @@
 ===================================================================
 --- trunk.orig/lib/setup-storage/Commands.pm
 +++ trunk/lib/setup-storage/Commands.pm	
-@@ -248,6 +248,22 @@
-         # add entries to crypttab
-         push @FAI::crypttab, "$enc_dev_short_name\t$real_dev\t$keyfile\tluks";
+@@ -230,7 +230,7 @@
+         $pre_dep = "random_init_$real_dev";
+       }
  
-+      } elsif ($mode =~ /^luks:"([^"]+)"$/) {
-+        my $keyfile = "$ENV{LOGDIR}/$enc_dev_short_name";
+-      if ($mode eq "luks") {
++      if ($mode =~ /^luks(:"([^"]+)")?$/) {
+         my $keyfile = "$ENV{LOGDIR}/$enc_dev_short_name";
+ 
+         # generate a key for encryption
+@@ -245,9 +245,23 @@
+           "cryptsetup luksOpen $real_dev $enc_dev_short_name --key-file $keyfile",
+           "crypt_format_$real_dev", "exist_$enc_dev_name" );
+ 
++        if (defined($1)) {
++          my $passphrase = $2;
 +
-+        # use specified key for encryption
-+        &FAI::push_command("echo '$1' | tee $keyfile", "", "keyfile_$real_dev");
-+        # encrypt
-+        &FAI::push_command(
-+          "yes YES | cryptsetup luksFormat $real_dev $keyfile -c aes-cbc-essiv:sha256 -s 256",
-+          "$pre_dep,keyfile_$real_dev", "crypt_format_$real_dev" );
-+        &FAI::push_command(
-+          "cryptsetup luksOpen $real_dev $enc_dev_short_name --key-file $keyfile",
-+          "crypt_format_$real_dev", "exist_$enc_dev_name" );
++          # add user-defined key
++          &FAI::push_command(
++            "yes '$passphrase' | cryptsetup luksAddKey --key-file $keyfile $real_dev",
++            "exist_$enc_dev_name", "newkey_$enc_dev_name");
++          # remove previous key
++          &FAI::push_command(
++            "yes '$passphrase' | cryptsetup luksRemoveKey $real_dev $keyfile",
++            "newkey_$enc_dev_name", "removed_key_$enc_dev_name");
 +
-+        # add entries to crypttab
-+        push @FAI::crypttab, "$enc_dev_short_name\t$real_dev\tnone\tluks";
++          $keyfile = "none";
++        }
 +
+         # add entries to crypttab
+         push @FAI::crypttab, "$enc_dev_short_name\t$real_dev\t$keyfile\tluks";
+-
        } elsif ($mode eq "tmp" || $mode eq "swap") {
          &FAI::push_command(
            "cryptsetup --key-file=/dev/urandom create $enc_dev_short_name $real_dev",