Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
C
Calamares
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Wiki
Requirements
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Test cases
Artifacts
Deploy
Releases
Package registry
Container registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
osak
Calamares
Commits
017aa1ec
Commit
017aa1ec
authored
May 6, 2016
by
Teo Mrnjavac
Browse files
Options
Downloads
Patches
Plain Diff
luksbootkeyfile module, mandatory if installing with encrypted GRUB2.
parent
31106629
No related branches found
No related tags found
No related merge requests found
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
src/modules/luksbootkeyfile/main.py
+67
-0
67 additions, 0 deletions
src/modules/luksbootkeyfile/main.py
src/modules/luksbootkeyfile/module.desc
+5
-0
5 additions, 0 deletions
src/modules/luksbootkeyfile/module.desc
with
72 additions
and
0 deletions
src/modules/luksbootkeyfile/main.py
0 → 100644
+
67
−
0
View file @
017aa1ec
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# === This file is part of Calamares - <http://github.com/calamares> ===
#
# Copyright 2016, Teo Mrnjavac <teo@kde.org>
#
# Calamares is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Calamares is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Calamares. If not, see <http://www.gnu.org/licenses/>.
import
libcalamares
from
libcalamares.utils
import
check_target_env_call
def
run
():
"""
This module sets up a file crypto_keyfile.bin on the rootfs, assuming the rootfs
is LUKS encrypted and a passphrase is provided. This file is then included in the
initramfs and used for unlocking the rootfs from a previously unlocked GRUB2
session.
:return:
"""
partitions
=
libcalamares
.
globalstorage
.
value
(
"
partitions
"
)
luks_device
=
""
luks_passphrase
=
""
for
partition
in
partitions
:
if
partition
[
"
mountPoint
"
]
==
"
/
"
and
"
luksMapperName
"
in
partition
:
luks_device
=
partition
[
"
device
"
]
luks_passphrase
=
partition
[
"
luksPassphrase
"
]
if
not
luks_device
:
return
None
if
not
luks_passphrase
:
return
(
"
Encrypted rootfs setup error
"
,
"
Rootfs partition {!s} is LUKS but no passphrase found.
"
.
format
(
luks_device
))
# Generate random keyfile
check_target_env_call
([
"
dd
"
,
"
bs=512
"
,
"
count=4
"
,
"
if=/dev/urandom
"
,
"
of=/crypto_keyfile.bin
"
])
check_target_env_call
([
"
cryptsetup
"
,
"
luksAddKey
"
,
luks_device
,
"
/crypto_keyfile.bin
"
],
luks_passphrase
)
check_target_env_call
([
"
chmod
"
,
"
g-rwx,o-rwx
"
,
"
/crypto_keyfile.bin
"
])
return
None
This diff is collapsed.
Click to expand it.
src/modules/luksbootkeyfile/module.desc
0 → 100644
+
5
−
0
View file @
017aa1ec
---
type: "job"
name: "luksbootkeyfile"
interface: "python"
script: "main.py"
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
