pmb/install/format.py: refactor luks related code (MR 1984)

format_and_mount_root() => format_luks_root(): * Rename to reflect what it's actually doing * Move the FDE check from format_luks_root to the only caller * Make arguments to "cryptsetup luksFormat" more readable format_and_mount_pm_crypt() => format_and_mount_root(): * Rename to reflect what it's actually doing * Don't overwrite device if doing FDE; instead provide the proper device in the caller The old function names were for historic reasons, early on it was only possible to create encrypted installations with pmbootstrap.
2020-10-11 13:23:27 +02:00 · 2020-10-11 13:23:27 +02:00 · 06d91897da
parent 77a5dd1910
commit 06d91897da
1 changed files with 24 additions and 21 deletions
--- a/pmb/install/format.py
+++ b/pmb/install/format.py
@ -23,36 +23,35 @@ def format_and_mount_boot(args):
    pmb.chroot.root(args, ["mount", device, mountpoint])


-def format_and_mount_root(args, device):
+def format_luks_root(args, device):
    """
    :param device: root partition on install block device (e.g. /dev/installp2)
    """
    mountpoint = "/dev/mapper/pm_crypt"
-    if args.full_disk_encryption:
-        logging.info("(native) format " + device + " (root, luks), mount to " +
-                     mountpoint)
-        logging.info(
-            " *** TYPE IN THE FULL DISK ENCRYPTION PASSWORD (TWICE!) ***")
-        pmb.chroot.root(args, ["cryptsetup", "luksFormat", "--use-urandom",
-                               "--cipher", args.cipher, "-q", device,
-                               "--iter-time", args.iter_time],
-                        output="interactive")
-        pmb.chroot.root(args, ["cryptsetup", "luksOpen", device,
-                               "pm_crypt"], output="interactive")
-        if not os.path.exists(args.work + "/chroot_native" + mountpoint):
-            raise RuntimeError("Failed to open cryptdevice!")
+
+    logging.info(f"(native) format {device} (root, luks), mount to"
+                 f" {mountpoint}")
+    logging.info(" *** TYPE IN THE FULL DISK ENCRYPTION PASSWORD (TWICE!) ***")
+
+    pmb.chroot.root(args, ["cryptsetup", "luksFormat",
+                           "-q",
+                           "--cipher", args.cipher,
+                           "--iter-time", args.iter_time,
+                           "--use-urandom",
+                           device], output="interactive")
+    pmb.chroot.root(args, ["cryptsetup", "luksOpen", device, "pm_crypt"],
+                    output="interactive")
+
+    if not os.path.exists(f"{args.work}/chroot_native/{mountpoint}"):
+        raise RuntimeError("Failed to open cryptdevice!")


-def format_and_mount_pm_crypt(args, device, root_label, sdcard):
+def format_and_mount_root(args, device, root_label, sdcard):
    """
    :param device: root partition on install block device (e.g. /dev/installp2)
    :param root_label: label of the root partition (e.g. "pmOS_root")
    :param sdcard: path to sdcard device (e.g. /dev/mmcblk0) or None
    """
-    # Block device
-    if args.full_disk_encryption:
-        device = "/dev/mapper/pm_crypt"
-
    # Format
    if not args.rsync:
        logging.info("(native) format " + device)
@ -84,6 +83,10 @@ def format(args, size_reserve, root_label, sdcard):
    :param sdcard: path to sdcard device (e.g. /dev/mmcblk0) or None
    """
    root_dev = "/dev/installp3" if size_reserve else "/dev/installp2"
-    format_and_mount_root(args, root_dev)
-    format_and_mount_pm_crypt(args, root_dev, root_label, sdcard)
+
+    if args.full_disk_encryption:
+        format_luks_root(args, root_dev)
+        root_dev = "/dev/mapper/pm_crypt"
+
+    format_and_mount_root(args, root_dev, root_label, sdcard)
    format_and_mount_boot(args)