diff options
| author | Pascal Terjan <pterjan@mandriva.org> | 2010-04-21 16:25:24 +0000 |
|---|---|---|
| committer | Pascal Terjan <pterjan@mandriva.org> | 2010-04-21 16:25:24 +0000 |
| commit | c5db0bde74fc91561ce2449a6da5be5a3211227b (patch) | |
| tree | 09d850a88314ca2f674c1426365fdd7189cb0ba3 | |
| parent | 25efa73c66538205781c5536ce1153216f8f9c51 (diff) | |
| download | drakx-c5db0bde74fc91561ce2449a6da5be5a3211227b.tar drakx-c5db0bde74fc91561ce2449a6da5be5a3211227b.tar.gz drakx-c5db0bde74fc91561ce2449a6da5be5a3211227b.tar.bz2 drakx-c5db0bde74fc91561ce2449a6da5be5a3211227b.tar.xz drakx-c5db0bde74fc91561ce2449a6da5be5a3211227b.zip | |
First step of diskdrake crypto update
o offer encryption in a more visible way when creating a partition
o remove cryptoloop from diskdrake interface and transparently use dm-crypt
o support having dm-crypt partition with non default FS
| -rw-r--r-- | perl-install/NEWS | 3 | ||||
| -rw-r--r-- | perl-install/diskdrake/interactive.pm | 67 | ||||
| -rw-r--r-- | perl-install/fs/mount_options.pm | 3 | ||||
| -rw-r--r-- | perl-install/fs/type.pm | 2 |
4 files changed, 43 insertions, 32 deletions
diff --git a/perl-install/NEWS b/perl-install/NEWS index 4372d45dc..fad3eb531 100644 --- a/perl-install/NEWS +++ b/perl-install/NEWS @@ -1,5 +1,8 @@ - diskdrake: o allow resizing empty FAT (#58770) + o offer encryption in a more visible way when creating a partition + o remove cryptoloop from diskdrake interface and transparently use dm-crypt + o support having dm-crypt partition with non default FS Version 13.19 - 13 April 2010 diff --git a/perl-install/diskdrake/interactive.pm b/perl-install/diskdrake/interactive.pm index 5a6fec2fc..6fb1a3b6c 100644 --- a/perl-install/diskdrake/interactive.pm +++ b/perl-install/diskdrake/interactive.pm @@ -481,6 +481,8 @@ sub Create { my $type_name = fs::type::part2type_name($part); my $mb_size = to_Mb($part->{size}); my $has_startsector = ($::expert || arch() !~ /i.86/) && !isLVM($hd); + my $use_dmcrypt; + my $requested_type; $in->ask_from(N("Create a new partition"), '', [ @@ -502,14 +504,30 @@ sub Create { if_($::expert && isLVM($hd), { label => N("Logical volume name "), val => \$part->{lv_name}, list => [ qw(root swap usr home var), '' ], sort => 0, not_edit => 0 }, ), + { label => N("Encrypt partition"), type => 'bool', val => \$use_dmcrypt }, + { label => N("Encryption key "), val => \$part->{dmcrypt_key}, disabled => sub { !$use_dmcrypt }, hidden => 1, weakness_check => 1 }, + { label => N("Type again encryption key "), val => \$part->{dmcrypt_key2}, disabled => sub { !$use_dmcrypt }, hidden => 1 }, ], complete => sub { $part->{size} = from_Mb($mb_size, min_partition_size($hd), $max - $part->{start}); #- need this to be able to get back the approximation of using MB - put_in_hash($part, fs::type::type_name2subpart($type_name)); $do_suggest_mount_point = 0 if !$part->{mntpoint}; $part->{mntpoint} = '' if isNonMountable($part); $part->{mntpoint} = 'swap' if isSwap($part); fs::mount_options::set_default($part, ignore_is_removable => 1); + # if user asked to encrypt the partition, use dm-crypt and create requested fs inside + if ($use_dmcrypt) { + my $err; + $err = N("Encryption keys differ") unless ($part->{dmcrypt_key} eq $part->{dmcrypt_key2}); + $err = N("Missing encryption key") unless ($part->{dmcrypt_key}); + if ($err) { + $in->ask_warn(N("Error"), $err); + return 1; + } + $requested_type = $type_name; + $type_name = 'Encrypted'; + } + + put_in_hash($part, fs::type::type_name2subpart($type_name)); check($in, $hd, $part, $all_hds) or return 1; $migrate_files = need_migration($in, $part->{mntpoint}) or return 1; @@ -533,9 +551,28 @@ First remove a primary partition and create an extended partition.")); }, ) or return; + write_partitions($in, $hd) or return; + if ($use_dmcrypt) { + # Initialize it and format it + dmcrypt_format($in, $hd, $part, $all_hds); + my $p = find { $part->{dm_name} eq $_->{dmcrypt_name} } @{$all_hds->{dmcrypts}}; + my $p2 = fs::type::type_name2subpart($requested_type); + $p->{fs_type} = $p2->{fs_type}; + if ($::isStandalone) { + fs::format::check_package_is_installed_format($in->do_pkgs, $p->{fs_type}) or log::l("Missing package"); + } + if ($::expert && !member($p->{fs_type}, 'reiserfs', 'reiser4', 'xfs', 'hfs', 'ntfs', 'ntfs-3g')) { + $p->{toFormatCheck} = $in->ask_yesorno(N("Confirmation"), N("Check bad blocks?")); + } + $p->{isFormatted} = 0; #- force format; + my ($_w, $wait_message) = $in->wait_message_with_progress_bar; + fs::format::part($all_hds, $p, $wait_message); + } + warn_if_renumbered($in, $hd); if ($migrate_files eq 'migrate') { + # FIXME check encrypt case format_($in, $hd, $part, $all_hds) or return; migrate_files($in, $hd, $part); fs::mount::part($part); @@ -914,8 +951,6 @@ sub Add2LVM { my ($in, $hd, $part, $all_hds) = @_; my $lvms = $all_hds->{lvms}; my @lvm_names = map { $_->{VG_name} } @$lvms; - use Data::Dumper; - print Dumper(@lvm_names); write_partitions($in, $_) or return foreach isRAID($part) ? @{$all_hds->{hds}} : $hd; my $lvm = $in->ask_from_listf_(N("Add to LVM"), N("Choose an existing LVM to add to"), @@ -1058,27 +1093,6 @@ sub Options { if (($options->{usrquota} || $options->{grpquota}) && !$::isInstall) { $in->do_pkgs->ensure_binary_is_installed('quota', 'quotacheck'); } - if ($options->{encrypted}) { - # modify $part->{options} for the check - local $part->{options}; - fs::mount_options::pack($part, $options, $unknown); - if (!check($in, $hd, $part, $all_hds)) { - $options->{encrypted} = 0; - } elsif (!$part->{encrypt_key} && !isSwap($part)) { - if (my ($encrypt_key, $encrypt_algo) = choose_encrypt_key($in, $options, '')) { - $options->{'encryption='} = $encrypt_algo; - $part->{encrypt_key} = $encrypt_key; - } else { - $options->{encrypted} = 0; - } - } - #- don't be sure of anything - set_isFormatted($part, 0); - $part->{notFormatted} = 0; - } else { - delete $options->{'encryption='}; - delete $part->{encrypt_key}; - } }) or return; fs::mount_options::pack($part, $options, $unknown); @@ -1212,10 +1226,7 @@ sub write_partitions { sub ensure_we_have_encrypt_key_if_needed { my ($in, $part) = @_; - if ($part->{options} =~ /encrypted/ && !$part->{encrypt_key}) { - my ($options, $_unknown) = fs::mount_options::unpack($part); - $part->{encrypt_key} = choose_encrypt_key($in, $options, 'skip_encrypt_algo') or return; - } elsif (fs::type::isRawLUKS($part)) { + if (fs::type::isRawLUKS($part)) { $part->{dmcrypt_key} ||= choose_encrypt_key($in, {}, 'skip_encrypt_algo') or return; } 1; diff --git a/perl-install/fs/mount_options.pm b/perl-install/fs/mount_options.pm index 1413fc8a6..5bcb333b9 100644 --- a/perl-install/fs/mount_options.pm +++ b/perl-install/fs/mount_options.pm @@ -42,7 +42,6 @@ sub unpack { } $non_defaults->{relatime} = 1 if isTrueLocalFS($part) || $part->{fs_type} eq 'ntfs-3g'; - $non_defaults->{encrypted} = 1; my $defaults = { reverse %$non_defaults }; my %options = map { $_ => '' } keys %$non_defaults; @@ -111,8 +110,6 @@ sub pack { sub help() { ( - 'encrypted' => N("Use an encrypted file system"), - 'flush' => N("Flush write cache on file close"), 'grpquota' => N("Enable group disk quota accounting and optionally enforce limits"), diff --git a/perl-install/fs/type.pm b/perl-install/fs/type.pm index e49ac3ed4..b32da7891 100644 --- a/perl-install/fs/type.pm +++ b/perl-install/fs/type.pm @@ -185,7 +185,7 @@ if_(arch() !~ /ppc/, sub type_names { my ($expert, $o_hd) = @_; my @l = @{$type_names{important}}; - push @l, @{$type_names{non_fs_type}}; + push @l, grep { $_ ne 'Encrypted' } @{$type_names{non_fs_type}}; push @l, sort @{$type_names{other}} if $expert; if ($o_hd && !$o_hd->use_pt_type) { warn "$_ => $type_name2fs_type{$_}\n" foreach @l; |