summaryrefslogtreecommitdiffstats
path: root/perl-install/fs/dmcrypt.pm
diff options
context:
space:
mode:
Diffstat (limited to 'perl-install/fs/dmcrypt.pm')
-rw-r--r--perl-install/fs/dmcrypt.pm93
1 files changed, 76 insertions, 17 deletions
diff --git a/perl-install/fs/dmcrypt.pm b/perl-install/fs/dmcrypt.pm
index e2d67b37a..a78a495d1 100644
--- a/perl-install/fs/dmcrypt.pm
+++ b/perl-install/fs/dmcrypt.pm
@@ -1,4 +1,4 @@
-package fs::dmcrypt; # $Id: $
+package fs::dmcrypt;
use diagnostics;
use strict;
@@ -11,15 +11,29 @@ use fs::type;
use fs::get;
use run_program;
+=head1 SYNOPSYS
+
+Manage encrypted file systems using cryptsetup
+
+=head1 Functions
+
+=over
+
+=cut
+
sub _crypttab() { "$::prefix/etc/crypttab" }
+=item init()
+
+Load kernel modules and init device mapper.
+
+=cut
+
sub init() {
whereis_binary('cryptsetup') or die "cryptsetup not installed";
- eval { modules::load('dm-crypt', 'cbc', 'sha256_generic', arch() =~ /i.86/ ? 'aes-i586' : 'aes') };
+ eval { modules::load('dm-crypt', list_modules::category2modules('various/crypto')) };
devices::init_device_mapper();
- if ($::isInstall) {
- }
1;
}
my $initialized;
@@ -27,25 +41,38 @@ sub _ensure_initialized() {
$initialized++ or init();
}
-sub read_crypttab {
- my ($all_hds) = @_;
+sub read_crypttab_ {
+ my ($all_hds, $crypttab) = @_;
- -e _crypttab() or return;
+ -e $crypttab or return;
my @raw_parts = grep { fs::type::isRawLUKS($_) } fs::get::really_all_fstab($all_hds);
- foreach (cat_(_crypttab())) {
+ foreach (cat_($crypttab)) {
+ next if /^#/;
my ($dm_name, $dev) = split;
my $raw_part = fs::get::device2part($dev, \@raw_parts)
or log::l("crypttab: unknown device $dev for $dm_name"), next;
$raw_part->{dm_name} = $dm_name;
+ _get_existing_one_with_state($raw_part);
}
}
-sub save_crypttab {
+=item read_crypttab($all_hds)
+
+Read /etc/crypttab
+
+=cut
+
+sub read_crypttab {
my ($all_hds) = @_;
+ read_crypttab_($all_hds, _crypttab());
+}
+
+sub save_crypttab_ {
+ my ($all_hds, $crypttab) = @_;
my @raw_parts = grep { $_->{dm_name} } fs::get::really_all_fstab($all_hds) or return;
@@ -59,7 +86,18 @@ sub save_crypttab {
if (eof) {
$_ .= join('', map { "$_ $names{$_}\n" } sort keys %names);
}
- } _crypttab();
+ } $crypttab;
+}
+
+=item save_crypttab($all_hds)
+
+Save /etc/crypttab
+
+=cut
+
+sub save_crypttab {
+ my ($all_hds) = @_;
+ save_crypttab_($all_hds, _crypttab());
}
sub format_part {
@@ -67,9 +105,9 @@ sub format_part {
my $tmp_key_file = "/tmp/.dmcrypt_key-$$";
common::with_private_tmp_file($tmp_key_file, $part->{dmcrypt_key}, sub {
- _run_or_die('luksFormat', '--batch-mode', devices::make($part->{device}), $_[0]);
+ _run_or_die('--cipher=aes-xts-benbi', '--key-size=512', 'luksFormat', '--batch-mode', devices::make($part->{device}), $_[0]);
});
- fs::format::after_formatting($part, 1);
+ fs::format::after_formatting($part);
}
sub open_part {
@@ -80,10 +118,17 @@ sub open_part {
_run_or_die('luksOpen', devices::make($part->{device}),
$part->{dm_name}, '--key-file', $_[0]);
});
+ run_program::run('udevadm', 'settle');
+
+ push @$dmcrypts, _get_existing_one_with_state($part);
+}
+
+sub _get_existing_one_with_state {
+ my ($part) = @_;
my $active_dmcrypt = _parse_dmsetup_table($part->{dm_name},
run_program::get_stdout('dmsetup', 'table', $part->{dm_name}));
- push @$dmcrypts, _get_existing_one([$part], $active_dmcrypt);
+ _get_existing_one([$part], $active_dmcrypt);
}
sub close_part {
@@ -91,7 +136,12 @@ sub close_part {
my $dm_part = fs::get::device2part("mapper/$part->{dm_name}", $dmcrypts);
_run_or_die('luksClose', devices::make($dm_part->{device}));
$part->{dm_active} = 0;
- @$dmcrypts = grep { $_ != $dm_part } @$dmcrypts;
+ @$dmcrypts = grep { $_ != $dm_part } @$dmcrypts;
+ # remove partition from /etc/crypttab when deleted (mga#25891)
+ substInFile {
+ my ($name, $_dev) = split;
+ undef $_ if $name eq $part->{dm_name};
+ } _crypttab();
}
sub _run_or_die {
@@ -110,8 +160,11 @@ sub get_existing {
sub _get_existing_one {
my ($fstab, $active_dmcrypt) = @_;
+ my $p = fs::wild_device::to_subpart("/dev/mapper/$active_dmcrypt->{name}");
+
my $part = { device => "mapper/$active_dmcrypt->{name}", size => $active_dmcrypt->{size},
- options => 'noatime', dmcrypt_name => $active_dmcrypt->{name} };
+ options => 'noatime', dmcrypt_name => $active_dmcrypt->{name},
+ major => $p->{major}, minor => $p->{minor} };
if (my $raw_part = find { fs::get::is_same_hd($active_dmcrypt, $_) } @$fstab) {
$part->{rootDevice} = $raw_part->{device};
@@ -125,8 +178,10 @@ sub _get_existing_one {
put_in_hash($part, $type);
}
fs::type::set_isFormatted($part, to_bool($part->{fs_type}));
-
- $part->{fs_type} or fs::type::set_fs_type($part, 'ext3');
+
+ unless (fs::type::cannotBeMountable($part)) {
+ $part->{fs_type} or fs::type::set_fs_type($part, defaultFS());
+ }
log::l("dmcrypt: found $part->{device} type $part->{fs_type} with rootDevice $part->{rootDevice}");
@@ -154,4 +209,8 @@ sub active_dm() {
} run_program::get_stdout('dmsetup', 'table');
}
+=back
+
+=cut
+
1;
generated by cgit v1.2.1 (git 2.21.0) at 2025-10-23 20:00:16 +0000