Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/archinstall/lib/luks.py
diff options
context:
space:
mode:
Diffstat (limited to 'archinstall/lib/luks.py')
-rw-r--r--archinstall/lib/luks.py25
1 files changed, 20 insertions, 5 deletions
diff --git a/archinstall/lib/luks.py b/archinstall/lib/luks.py
index 19c21795..62067ec1 100644
--- a/archinstall/lib/luks.py
+++ b/archinstall/lib/luks.py
@@ -1,4 +1,5 @@
import os
+import shlex
from .exceptions import *
from .general import *
from .disk import Partition
@@ -64,9 +65,23 @@ class luks2():
with open(key_file, 'wb') as fh:
fh.write(password)
+ cryptsetup_args = shlex.join([
+ '/usr/bin/cryptsetup',
+ '--batch-mode',
+ '--verbose',
+ '--type', 'luks2',
+ '--pbkdf', 'argon2i',
+ '--hash', hash_type,
+ '--key-size', str(key_size),
+ '--iter-time', str(iter_time),
+ '--key-file', os.path.abspath(key_file),
+ '--use-urandom',
+ 'luksFormat', partition.path,
+ ])
+
try:
# Try to setup the crypt-device
- cmd_handle = sys_command(f'/usr/bin/cryptsetup -q -v --type luks2 --pbkdf argon2i --hash {hash_type} --key-size {key_size} --iter-time {iter_time} --key-file {os.path.abspath(key_file)} --use-urandom luksFormat {partition.path}')
+ cmd_handle = sys_command(cryptsetup_args)
except SysCallError as err:
if err.exit_code == 256:
log(f'{partition} is being used, trying to unmount and crypt-close the device and running one more attempt at encrypting the device.', level=LOG_LEVELS.Debug)
@@ -90,12 +105,12 @@ class luks2():
sys_command(f"cryptsetup close {child['name']}")
# Then try again to set up the crypt-device
- cmd_handle = sys_command(f'/usr/bin/cryptsetup -q -v --type luks2 --pbkdf argon2i --hash {hash_type} --key-size {key_size} --iter-time {iter_time} --key-file {os.path.abspath(key_file)} --use-urandom luksFormat {partition.path}')
+ cmd_handle = sys_command(cryptsetup_args)
else:
raise err
- if b'Command successful.' not in b''.join(cmd_handle):
- raise DiskError(f'Could not encrypt volume "{partition.path}": {o}')
+ if cmd_handle.exit_code != 0:
+ raise DiskError(f'Could not encrypt volume "{partition.path}": {cmd_output}')
return key_file
@@ -126,4 +141,4 @@ class luks2():
def format(self, path):
if (handle := sys_command(f"/usr/bin/cryptsetup -q -v luksErase {path}")).exit_code != 0:
- raise DiskError(f'Could not format {path} with {self.filesystem} because: {b"".join(handle)}') \ No newline at end of file
+ raise DiskError(f'Could not format {path} with {self.filesystem} because: {b"".join(handle)}')

Copyright © 2002-2022 Judd Vinet and Aaron Griffin. Copyright © 2022 Erich Eckner.
The Arch Linux name and logo are recognized trademarks. Some rights reserved. The registered trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis.