pmb/install/format.py: refactor luks related code (MR 1984)
format_and_mount_root() => format_luks_root(): * Rename to reflect what it's actually doing * Move the FDE check from format_luks_root to the only caller * Make arguments to "cryptsetup luksFormat" more readable format_and_mount_pm_crypt() => format_and_mount_root(): * Rename to reflect what it's actually doing * Don't overwrite device if doing FDE; instead provide the proper device in the caller The old function names were for historic reasons, early on it was only possible to create encrypted installations with pmbootstrap.
This commit is contained in:
parent
77a5dd1910
commit
06d91897da
|
@ -23,36 +23,35 @@ def format_and_mount_boot(args):
|
|||
pmb.chroot.root(args, ["mount", device, mountpoint])
|
||||
|
||||
|
||||
def format_and_mount_root(args, device):
|
||||
def format_luks_root(args, device):
|
||||
"""
|
||||
:param device: root partition on install block device (e.g. /dev/installp2)
|
||||
"""
|
||||
mountpoint = "/dev/mapper/pm_crypt"
|
||||
if args.full_disk_encryption:
|
||||
logging.info("(native) format " + device + " (root, luks), mount to " +
|
||||
mountpoint)
|
||||
logging.info(
|
||||
" *** TYPE IN THE FULL DISK ENCRYPTION PASSWORD (TWICE!) ***")
|
||||
pmb.chroot.root(args, ["cryptsetup", "luksFormat", "--use-urandom",
|
||||
"--cipher", args.cipher, "-q", device,
|
||||
"--iter-time", args.iter_time],
|
||||
output="interactive")
|
||||
pmb.chroot.root(args, ["cryptsetup", "luksOpen", device,
|
||||
"pm_crypt"], output="interactive")
|
||||
if not os.path.exists(args.work + "/chroot_native" + mountpoint):
|
||||
raise RuntimeError("Failed to open cryptdevice!")
|
||||
|
||||
logging.info(f"(native) format {device} (root, luks), mount to"
|
||||
f" {mountpoint}")
|
||||
logging.info(" *** TYPE IN THE FULL DISK ENCRYPTION PASSWORD (TWICE!) ***")
|
||||
|
||||
pmb.chroot.root(args, ["cryptsetup", "luksFormat",
|
||||
"-q",
|
||||
"--cipher", args.cipher,
|
||||
"--iter-time", args.iter_time,
|
||||
"--use-urandom",
|
||||
device], output="interactive")
|
||||
pmb.chroot.root(args, ["cryptsetup", "luksOpen", device, "pm_crypt"],
|
||||
output="interactive")
|
||||
|
||||
if not os.path.exists(f"{args.work}/chroot_native/{mountpoint}"):
|
||||
raise RuntimeError("Failed to open cryptdevice!")
|
||||
|
||||
|
||||
def format_and_mount_pm_crypt(args, device, root_label, sdcard):
|
||||
def format_and_mount_root(args, device, root_label, sdcard):
|
||||
"""
|
||||
:param device: root partition on install block device (e.g. /dev/installp2)
|
||||
:param root_label: label of the root partition (e.g. "pmOS_root")
|
||||
:param sdcard: path to sdcard device (e.g. /dev/mmcblk0) or None
|
||||
"""
|
||||
# Block device
|
||||
if args.full_disk_encryption:
|
||||
device = "/dev/mapper/pm_crypt"
|
||||
|
||||
# Format
|
||||
if not args.rsync:
|
||||
logging.info("(native) format " + device)
|
||||
|
@ -84,6 +83,10 @@ def format(args, size_reserve, root_label, sdcard):
|
|||
:param sdcard: path to sdcard device (e.g. /dev/mmcblk0) or None
|
||||
"""
|
||||
root_dev = "/dev/installp3" if size_reserve else "/dev/installp2"
|
||||
format_and_mount_root(args, root_dev)
|
||||
format_and_mount_pm_crypt(args, root_dev, root_label, sdcard)
|
||||
|
||||
if args.full_disk_encryption:
|
||||
format_luks_root(args, root_dev)
|
||||
root_dev = "/dev/mapper/pm_crypt"
|
||||
|
||||
format_and_mount_root(args, root_dev, root_label, sdcard)
|
||||
format_and_mount_boot(args)
|
||||
|
|
Loading…
Reference in New Issue