diff options
author | Papoteur <papoteur@mageia.org> | 2020-01-20 09:42:52 +0100 |
---|---|---|
committer | Papoteur <papoteur@mageia.org> | 2020-01-20 09:42:52 +0100 |
commit | 6bf666a534f5376ba813b0aaf8993691d2925496 (patch) | |
tree | df20b98b0257618d994f2736107b08383cc82693 /backend/raw_write.py | |
parent | 9f89ca4f026e708f7a5ddc59a0f0ee5f581ef37c (diff) | |
download | isodumper-6bf666a534f5376ba813b0aaf8993691d2925496.tar isodumper-6bf666a534f5376ba813b0aaf8993691d2925496.tar.gz isodumper-6bf666a534f5376ba813b0aaf8993691d2925496.tar.bz2 isodumper-6bf666a534f5376ba813b0aaf8993691d2925496.tar.xz isodumper-6bf666a534f5376ba813b0aaf8993691d2925496.zip |
Add encryption for persistent partition
Diffstat (limited to 'backend/raw_write.py')
-rwxr-xr-x | backend/raw_write.py | 101 |
1 files changed, 82 insertions, 19 deletions
diff --git a/backend/raw_write.py b/backend/raw_write.py index 699d1fc..9f06295 100755 --- a/backend/raw_write.py +++ b/backend/raw_write.py @@ -29,13 +29,14 @@ #import locale import os import io +import sys import gettext from subprocess import call, Popen, PIPE import hashlib import gnupg import time import logging - + class Dumper(object): def _do_write(self,source,target, b): @@ -150,6 +151,7 @@ class Dumper(object): message += _('Error, umount returned {}').format(str(retcode)) except OSError as e: message += _('Execution failed: {}').format(str(e)) + print(message, file=sys.stderr) logging.info(message) return not bool(retcode), message @@ -167,7 +169,7 @@ class Dumper(object): with open(sig_file, 'rb') as g: self.signature_found = True verified = gpg.verify_file(g, source + ".sha512") - if verified.valid: + if verified.valid: self.signature_checked = True logging.debug("signature checked") else: @@ -205,7 +207,7 @@ class Dumper(object): if checked > steps[indice]: self._progress = indice indice +=1 - checked+=1024 + checked+=1024 block = f.read(b-ncuts*1024) sha512func.update(block) sha512sumcalc=sha512func.hexdigest() @@ -220,36 +222,97 @@ class Dumper(object): self.return_message +="\n" + _("The sha512 sum check is OK and the sum is signed") else : self.return_message +="\n" + _("The sha512 sum check is OK but the signature can't be found") - else: + else: self.return_message +="\n" + _("/!\\The computed and stored sums don't match") #except: #pass self._progress = 100 - + logging.info(self.return_message) self.return_state = True self.finished.set() - def _do_persistence(self, target, label): + def _do_persistence(self, target, label, key): logging.debug("Start doing persistence partition") p = Popen(["fdisk",target], stdin = PIPE) p.communicate(input=b'n\np\n3\n\n\nw\n') # example mkfs.ext4 -L mgalive-persist /dev/sdf3 - process = Popen(['mkfs.ext4','-L', label, target+"3"]) - working=True - while working: - time.sleep(0.5) - process.poll() - rc=process.returncode - if rc is None: - working=True - else: - process = None - working= False - logging.debug("Persistence partition done") + + if key == "": + print("No key provided", file=sys.stderr) + process = Popen(['mkfs.ext4','-L', label, target+"3"]) + p.communicate() + working=True + while working: + time.sleep(0.5) + process.poll() + rc=process.returncode + if rc is None: + working=True + else: + process = None + working= False + logging.debug("Persistence partition done") + else: + # cryptsetup luksFormat /dev/sdb3 + print("Crypt key provided",file=sys.stderr) + base_target = os.path.basename(target) + "3" + process = Popen(['cryptsetup','luksFormat','-q', target+"3", '-d', '-'],stdin=PIPE) + process.communicate(input=key.encode('utf-8')) + working=True + while working: + time.sleep(0.5) + process.poll() + rc=process.returncode + if rc is None: + working=True + else: + process = None + working= False + # cryptsetup open /dev/sdb3 crypt_sdb3 + + process = Popen(['cryptsetup','luksOpen', target + "3", 'crypt_' + base_target ,'-d','-'],stdin=PIPE) + process.communicate(input=key.encode('utf-8')) + working=True + while working: + time.sleep(0.5) + process.poll() + rc=process.returncode + if rc is None: + working=True + else: + process = None + working= False + # mkfs.ext4 -L mgalive-persist /dev/mapper/crypt_sdb3 + process = Popen(['mkfs.ext4','-L', label, '/dev/mapper/crypt_' + base_target]) + process.communicate() + working=True + while working: + time.sleep(0.5) + process.poll() + rc=process.returncode + if rc is None: + working=True + else: + process = None + working= False + # cryptsetup close crypt_sdb3 + + process = Popen(['cryptsetup','luksClose', 'crypt_' + base_target ]) + process.communicate() + working=True + while working: + time.sleep(0.5) + process.poll() + rc=process.returncode + if rc is None: + working=True + else: + process = None + working= False return rc - + def __init__(self): gettext.install('isodumper', localedir='/usr/share/locale') |