[Fai-commit] r6083 - branches/experimental/patches
Michael Tautschnig
mt at alioth.debian.org
Sun Sep 26 14:06:04 UTC 2010
Author: mt
Date: 2010-09-26 14:05:57 +0000 (Sun, 26 Sep 2010)
New Revision: 6083
Modified:
branches/experimental/patches/setup-storage_cryptsetup-passphrase
Log:
Trying to fix luks+passphrase code
Modified: branches/experimental/patches/setup-storage_cryptsetup-passphrase
===================================================================
--- branches/experimental/patches/setup-storage_cryptsetup-passphrase 2010-09-25 22:55:00 UTC (rev 6082)
+++ branches/experimental/patches/setup-storage_cryptsetup-passphrase 2010-09-26 14:05:57 UTC (rev 6083)
@@ -8,26 +8,37 @@
===================================================================
--- trunk.orig/lib/setup-storage/Commands.pm
+++ trunk/lib/setup-storage/Commands.pm
-@@ -248,6 +248,22 @@
- # add entries to crypttab
- push @FAI::crypttab, "$enc_dev_short_name\t$real_dev\t$keyfile\tluks";
+@@ -230,7 +230,7 @@
+ $pre_dep = "random_init_$real_dev";
+ }
-+ } elsif ($mode =~ /^luks:"([^"]+)"$/) {
-+ my $keyfile = "$ENV{LOGDIR}/$enc_dev_short_name";
+- if ($mode eq "luks") {
++ if ($mode =~ /^luks(:"([^"]+)")?$/) {
+ my $keyfile = "$ENV{LOGDIR}/$enc_dev_short_name";
+
+ # generate a key for encryption
+@@ -245,9 +245,23 @@
+ "cryptsetup luksOpen $real_dev $enc_dev_short_name --key-file $keyfile",
+ "crypt_format_$real_dev", "exist_$enc_dev_name" );
+
++ if (defined($1)) {
++ my $passphrase = $2;
+
-+ # use specified key for encryption
-+ &FAI::push_command("echo '$1' | tee $keyfile", "", "keyfile_$real_dev");
-+ # encrypt
-+ &FAI::push_command(
-+ "yes YES | cryptsetup luksFormat $real_dev $keyfile -c aes-cbc-essiv:sha256 -s 256",
-+ "$pre_dep,keyfile_$real_dev", "crypt_format_$real_dev" );
-+ &FAI::push_command(
-+ "cryptsetup luksOpen $real_dev $enc_dev_short_name --key-file $keyfile",
-+ "crypt_format_$real_dev", "exist_$enc_dev_name" );
++ # add user-defined key
++ &FAI::push_command(
++ "yes '$passphrase' | cryptsetup luksAddKey --key-file $keyfile $real_dev",
++ "exist_$enc_dev_name", "newkey_$enc_dev_name");
++ # remove previous key
++ &FAI::push_command(
++ "yes '$passphrase' | cryptsetup luksRemoveKey $real_dev $keyfile",
++ "newkey_$enc_dev_name", "removed_key_$enc_dev_name");
+
-+ # add entries to crypttab
-+ push @FAI::crypttab, "$enc_dev_short_name\t$real_dev\tnone\tluks";
++ $keyfile = "none";
++ }
+
+ # add entries to crypttab
+ push @FAI::crypttab, "$enc_dev_short_name\t$real_dev\t$keyfile\tluks";
+-
} elsif ($mode eq "tmp" || $mode eq "swap") {
&FAI::push_command(
"cryptsetup --key-file=/dev/urandom create $enc_dev_short_name $real_dev",
More information about the Fai-commit
mailing list