| index : archinstall32 | |
| Archlinux32 installer | gitolite user |
| summaryrefslogtreecommitdiff |
| -rw-r--r-- | archinstall/lib/luks.py | 43 |
diff --git a/archinstall/lib/luks.py b/archinstall/lib/luks.py index 7f8485e6..b910bfb2 100644 --- a/archinstall/lib/luks.py +++ b/archinstall/lib/luks.py @@ -1,15 +1,11 @@ -import os -import shlex -import time import pathlib -import logging -from .exceptions import * -from .general import * + from .disk import Partition +from .general import * from .output import log -from .storage import storage -class luks2(): + +class luks2: def __init__(self, partition, mountpoint, password, key_file=None, auto_unmount=False, *args, **kwargs): self.password = password self.partition = partition @@ -22,12 +18,12 @@ class luks2(): self.mapdev = None def __enter__(self): - #if self.partition.allow_formatting: - # self.key_file = self.encrypt(self.partition, *self.args, **self.kwargs) - #else: + # if self.partition.allow_formatting: + # self.key_file = self.encrypt(self.partition, *self.args, **self.kwargs) + # else: if not self.key_file: self.key_file = f"/tmp/{os.path.basename(self.partition.path)}.disk_pw" # TODO: Make disk-pw-file randomly unique? - + if type(self.password) != bytes: self.password = bytes(self.password, 'UTF-8') @@ -47,7 +43,7 @@ class luks2(): def encrypt(self, partition, password=None, key_size=512, hash_type='sha512', iter_time=10000, key_file=None): if not self.partition.allow_formatting: - raise DiskError(f'Could not encrypt volume {self.partition} due to it having a formatting lock.') + raise DiskError(f'Could not encrypt volume {partition} due to it having a formatting lock.') log(f'Encrypting {partition} (This might take a while)', level=logging.INFO) @@ -82,7 +78,7 @@ class luks2(): try: # Try to setup the crypt-device - cmd_handle = sys_command(cryptsetup_args) + cmd_handle = SysCommand(cryptsetup_args) except SysCallError as err: if err.exit_code == 256: log(f'{partition} is being used, trying to unmount and crypt-close the device and running one more attempt at encrypting the device.', level=logging.DEBUG) @@ -91,7 +87,7 @@ class luks2(): # Get crypt-information about the device by doing a reverse lookup starting with the partition path # For instance: /dev/sda - devinfo = json.loads(b''.join(sys_command(f"lsblk --fs -J {partition.path}")).decode('UTF-8'))['blockdevices'][0] + devinfo = json.loads(b''.join(SysCommand(f"lsblk --fs -J {partition.path}")).decode('UTF-8'))['blockdevices'][0] # For each child (sub-partition/sub-device) if len(children := devinfo.get('children', [])): @@ -99,20 +95,20 @@ class luks2(): # Unmount the child location if child_mountpoint := child.get('mountpoint', None): log(f'Unmounting {child_mountpoint}', level=logging.DEBUG) - sys_command(f"umount -R {child_mountpoint}") + SysCommand(f"umount -R {child_mountpoint}") # And close it if possible. log(f"Closing crypt device {child['name']}", level=logging.DEBUG) - sys_command(f"cryptsetup close {child['name']}") + SysCommand(f"cryptsetup close {child['name']}") # Then try again to set up the crypt-device - cmd_handle = sys_command(cryptsetup_args) + cmd_handle = SysCommand(cryptsetup_args) else: raise err if cmd_handle.exit_code != 0: - raise DiskError(f'Could not encrypt volume "{partition.path}": {cmd_output}') - + raise DiskError(f'Could not encrypt volume "{partition.path}": {b"".join(cmd_handle)}') + return key_file def unlock(self, partition, mountpoint, key_file): @@ -124,6 +120,7 @@ class luks2(): :type mountpoint: str """ from .disk import get_filesystem_type + if '/' in mountpoint: os.path.basename(mountpoint) # TODO: Raise exception instead? @@ -131,7 +128,7 @@ class luks2(): while pathlib.Path(partition.path).exists() is False and time.time() - wait_timer < 10: time.sleep(0.025) - sys_command(f'/usr/bin/cryptsetup open {partition.path} {mountpoint} --key-file {os.path.abspath(key_file)} --type luks2') + SysCommand(f'/usr/bin/cryptsetup open {partition.path} {mountpoint} --key-file {os.path.abspath(key_file)} --type luks2') if os.path.islink(f'/dev/mapper/{mountpoint}'): self.mapdev = f'/dev/mapper/{mountpoint}' unlocked_partition = Partition(self.mapdev, None, encrypted=True, filesystem=get_filesystem_type(self.mapdev), autodetect_filesystem=False) @@ -142,9 +139,9 @@ class luks2(): if not mountpoint: mountpoint = self.mapdev - sys_command(f'/usr/bin/cryptsetup close {self.mapdev}') + SysCommand(f'/usr/bin/cryptsetup close {self.mapdev}') return os.path.islink(self.mapdev) is False def format(self, path): - if (handle := sys_command(f"/usr/bin/cryptsetup -q -v luksErase {path}")).exit_code != 0: + if (handle := SysCommand(f"/usr/bin/cryptsetup -q -v luksErase {path}")).exit_code != 0: raise DiskError(f'Could not format {path} with {self.filesystem} because: {b"".join(handle)}') |