aboutsummaryrefslogtreecommitdiffstats
path: root/backend/raw_write.py
diff options
context:
space:
mode:
authorPapoteur <papoteur@mageia.org>2020-01-20 09:42:52 +0100
committerPapoteur <papoteur@mageia.org>2020-01-20 09:42:52 +0100
commit6bf666a534f5376ba813b0aaf8993691d2925496 (patch)
treedf20b98b0257618d994f2736107b08383cc82693 /backend/raw_write.py
parent9f89ca4f026e708f7a5ddc59a0f0ee5f581ef37c (diff)
downloadisodumper-6bf666a534f5376ba813b0aaf8993691d2925496.tar
isodumper-6bf666a534f5376ba813b0aaf8993691d2925496.tar.gz
isodumper-6bf666a534f5376ba813b0aaf8993691d2925496.tar.bz2
isodumper-6bf666a534f5376ba813b0aaf8993691d2925496.tar.xz
isodumper-6bf666a534f5376ba813b0aaf8993691d2925496.zip
Add encryption for persistent partition
Diffstat (limited to 'backend/raw_write.py')
-rwxr-xr-xbackend/raw_write.py101
1 files changed, 82 insertions, 19 deletions
diff --git a/backend/raw_write.py b/backend/raw_write.py
index 699d1fc..9f06295 100755
--- a/backend/raw_write.py
+++ b/backend/raw_write.py
@@ -29,13 +29,14 @@
#import locale
import os
import io
+import sys
import gettext
from subprocess import call, Popen, PIPE
import hashlib
import gnupg
import time
import logging
-
+
class Dumper(object):
def _do_write(self,source,target, b):
@@ -150,6 +151,7 @@ class Dumper(object):
message += _('Error, umount returned {}').format(str(retcode))
except OSError as e:
message += _('Execution failed: {}').format(str(e))
+ print(message, file=sys.stderr)
logging.info(message)
return not bool(retcode), message
@@ -167,7 +169,7 @@ class Dumper(object):
with open(sig_file, 'rb') as g:
self.signature_found = True
verified = gpg.verify_file(g, source + ".sha512")
- if verified.valid:
+ if verified.valid:
self.signature_checked = True
logging.debug("signature checked")
else:
@@ -205,7 +207,7 @@ class Dumper(object):
if checked > steps[indice]:
self._progress = indice
indice +=1
- checked+=1024
+ checked+=1024
block = f.read(b-ncuts*1024)
sha512func.update(block)
sha512sumcalc=sha512func.hexdigest()
@@ -220,36 +222,97 @@ class Dumper(object):
self.return_message +="\n" + _("The sha512 sum check is OK and the sum is signed")
else :
self.return_message +="\n" + _("The sha512 sum check is OK but the signature can't be found")
- else:
+ else:
self.return_message +="\n" + _("/!\\The computed and stored sums don't match")
#except:
#pass
self._progress = 100
-
+
logging.info(self.return_message)
self.return_state = True
self.finished.set()
- def _do_persistence(self, target, label):
+ def _do_persistence(self, target, label, key):
logging.debug("Start doing persistence partition")
p = Popen(["fdisk",target], stdin = PIPE)
p.communicate(input=b'n\np\n3\n\n\nw\n')
# example mkfs.ext4 -L mgalive-persist /dev/sdf3
- process = Popen(['mkfs.ext4','-L', label, target+"3"])
- working=True
- while working:
- time.sleep(0.5)
- process.poll()
- rc=process.returncode
- if rc is None:
- working=True
- else:
- process = None
- working= False
- logging.debug("Persistence partition done")
+
+ if key == "":
+ print("No key provided", file=sys.stderr)
+ process = Popen(['mkfs.ext4','-L', label, target+"3"])
+ p.communicate()
+ working=True
+ while working:
+ time.sleep(0.5)
+ process.poll()
+ rc=process.returncode
+ if rc is None:
+ working=True
+ else:
+ process = None
+ working= False
+ logging.debug("Persistence partition done")
+ else:
+ # cryptsetup luksFormat /dev/sdb3
+ print("Crypt key provided",file=sys.stderr)
+ base_target = os.path.basename(target) + "3"
+ process = Popen(['cryptsetup','luksFormat','-q', target+"3", '-d', '-'],stdin=PIPE)
+ process.communicate(input=key.encode('utf-8'))
+ working=True
+ while working:
+ time.sleep(0.5)
+ process.poll()
+ rc=process.returncode
+ if rc is None:
+ working=True
+ else:
+ process = None
+ working= False
+ # cryptsetup open /dev/sdb3 crypt_sdb3
+
+ process = Popen(['cryptsetup','luksOpen', target + "3", 'crypt_' + base_target ,'-d','-'],stdin=PIPE)
+ process.communicate(input=key.encode('utf-8'))
+ working=True
+ while working:
+ time.sleep(0.5)
+ process.poll()
+ rc=process.returncode
+ if rc is None:
+ working=True
+ else:
+ process = None
+ working= False
+ # mkfs.ext4 -L mgalive-persist /dev/mapper/crypt_sdb3
+ process = Popen(['mkfs.ext4','-L', label, '/dev/mapper/crypt_' + base_target])
+ process.communicate()
+ working=True
+ while working:
+ time.sleep(0.5)
+ process.poll()
+ rc=process.returncode
+ if rc is None:
+ working=True
+ else:
+ process = None
+ working= False
+ # cryptsetup close crypt_sdb3
+
+ process = Popen(['cryptsetup','luksClose', 'crypt_' + base_target ])
+ process.communicate()
+ working=True
+ while working:
+ time.sleep(0.5)
+ process.poll()
+ rc=process.returncode
+ if rc is None:
+ working=True
+ else:
+ process = None
+ working= False
return rc
-
+
def __init__(self):
gettext.install('isodumper', localedir='/usr/share/locale')