From 8967af08327daac4cdca221971fd790961039cbe Mon Sep 17 00:00:00 2001
From: Pascal Terjan <pterjan@mandriva.org>
Date: Thu, 29 Apr 2010 13:33:17 +0000
Subject: refuse to have /boot encrypted

---
 perl-install/NEWS                     |  1 +
 perl-install/diskdrake/interactive.pm |  4 ++--
 perl-install/fs/type.pm               |  3 ++-
 perl-install/fsedit.pm                | 10 ++++++++++
 perl-install/install/NEWS             |  4 ++++
 5 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/perl-install/NEWS b/perl-install/NEWS
index 4203251e8..4da7d1855 100644
--- a/perl-install/NEWS
+++ b/perl-install/NEWS
@@ -1,5 +1,6 @@
 - diskdrake:
   o correctly set mountpoint on included partition, not encrypted one
+  o refuse to have /boot encrypted
 
 Version 13.21 - 27 April 2010
 
diff --git a/perl-install/diskdrake/interactive.pm b/perl-install/diskdrake/interactive.pm
index 34709b826..51c25703c 100644
--- a/perl-install/diskdrake/interactive.pm
+++ b/perl-install/diskdrake/interactive.pm
@@ -601,7 +601,7 @@ sub Delete {
 	if (arch() =~ /ppc/) {
 	    undef $partition_table::mac::bootstrap_part if isAppleBootstrap($part) && ($part->{device} = $partition_table::mac::bootstrap_part);
 	}
-	if ($part->{dmcrypt_name}) {
+	if (fs::type::isLUKS($part)) {
 	    my $p = find { $_->{dm_name} eq $part->{dmcrypt_name} } partition_table::get_normal_parts($hd);
 	    RemoveFromDm($in, $hd, $p, $all_hds);
 	    $part = $p;
@@ -1375,7 +1375,7 @@ sub format_part_info {
     $info .= N("Not formatted\n") if !$part->{isFormatted} && $part->{notFormatted};
     $info .= N("Mounted\n") if $part->{isMounted};
     $info .= N("RAID %s\n", $part->{raid}) if isPartOfRAID($part);
-    if (fs::type::isRawLUKS($part) || $part->{dmcrypt_name}) {
+    if (fs::type::isRawLUKS($part) || fs::type::isLUKS($part)) {
 	$info .= N("Encrypted")."\n";
 	if (fs::type::isRawLUKS($part)) {
 	    $info .= ($part->{dm_active} && $part->{dm_name} ? N(" (mapped on %s)", $part->{dm_name}) :
diff --git a/perl-install/fs/type.pm b/perl-install/fs/type.pm
index b32da7891..54b3d1afd 100644
--- a/perl-install/fs/type.pm
+++ b/perl-install/fs/type.pm
@@ -9,7 +9,7 @@ use devices;
 
 our @ISA = qw(Exporter);
 our @EXPORT = qw(
-   isEmpty isExtended isTrueLocalFS isTrueFS isDos isSwap isOtherAvailableFS isRawLVM isRawRAID isRAID isLVM isMountableRW isNonMountable isPartOfLVM isPartOfRAID isPartOfLoopback isLoopback isMounted isBusy isSpecial isApple isAppleBootstrap isWholedisk isFat_or_NTFS isRecovery
+   isEmpty isExtended isTrueLocalFS isTrueFS isDos isSwap isOtherAvailableFS isRawLVM isRawRAID isRAID isLVM isLUKS isMountableRW isNonMountable isPartOfLVM isPartOfRAID isPartOfLoopback isLoopback isMounted isBusy isSpecial isApple isAppleBootstrap isWholedisk isFat_or_NTFS isRecovery
    maybeFormatted set_isFormatted defaultFS
 );
 
@@ -356,6 +356,7 @@ sub isPartOfLoopback { defined $_[0]{loopback} }
 sub isRAID { $_[0]{device} =~ /^md/ && $_[0]{level} }
 sub isUBD { $_[0]{device} =~ /^ubd/ } #- should be always true during an $::uml_install
 sub isLVM { $_[0]{VG_name} || $_[0]{lv_name} }
+sub isLUKS { defined $_[0]{dmcrypt_name} }
 sub isLoopback { defined $_[0]{loopback_file} }
 sub isMounted { $_[0]{isMounted} }
 sub isBusy { isMounted($_[0]) || isPartOfRAID($_[0]) || isPartOfLVM($_[0]) || $_[0]{dm_active} || isPartOfLoopback($_[0]) }
diff --git a/perl-install/fsedit.pm b/perl-install/fsedit.pm
index 5c796bafd..8c8561b2a 100644
--- a/perl-install/fsedit.pm
+++ b/perl-install/fsedit.pm
@@ -433,6 +433,16 @@ No bootloader is able to handle this without a /boot partition.
 Please be sure to add a /boot partition") if $md_part->{level} ne '1'; # lilo handles / on RAID1
     }
 
+    if ($mntpoint eq "/" && isLUKS($part) && !fs::get::has_mntpoint("/boot", $all_hds)) {
+	cdie N("You've selected an encrypted partition as root (/).
+No bootloader is able to handle this without a /boot partition.
+Please be sure to add a /boot partition");
+    }
+
+    if ($mntpoint eq "/boot" && isLUKS($part))  {
+	die N("You can not use an encrypted file system for mount point %s", "/boot");
+    }
+
     #- NB: if the LV doesn't exist, lv_nb_pvs returns 0
     die N("You can not use the LVM Logical Volume for mount point %s since it spans physical volumes", $mntpoint)
       if $mntpoint eq '/boot' && isLVM($part) && lvm::lv_nb_pvs($part) > 1;
diff --git a/perl-install/install/NEWS b/perl-install/install/NEWS
index 5e6344398..40a94142b 100644
--- a/perl-install/install/NEWS
+++ b/perl-install/install/NEWS
@@ -1,3 +1,7 @@
+- diskdrake:
+  o correctly set mountpoint on included partition, not encrypted one
+  o refuse to have /boot encrypted
+
 Version 13.21 - 27 April 2010
 
 - diskdrake:
-- 
cgit v1.2.1