aboutsummaryrefslogtreecommitdiffstats
path: root/backend
diff options
context:
space:
mode:
authorPapoteur <papoteur@mageia.org>2020-01-20 09:42:52 +0100
committerPapoteur <papoteur@mageia.org>2020-01-20 09:42:52 +0100
commit6bf666a534f5376ba813b0aaf8993691d2925496 (patch)
treedf20b98b0257618d994f2736107b08383cc82693 /backend
parent9f89ca4f026e708f7a5ddc59a0f0ee5f581ef37c (diff)
downloadisodumper-6bf666a534f5376ba813b0aaf8993691d2925496.tar
isodumper-6bf666a534f5376ba813b0aaf8993691d2925496.tar.gz
isodumper-6bf666a534f5376ba813b0aaf8993691d2925496.tar.bz2
isodumper-6bf666a534f5376ba813b0aaf8993691d2925496.tar.xz
isodumper-6bf666a534f5376ba813b0aaf8993691d2925496.zip
Add encryption for persistent partition
Diffstat (limited to 'backend')
-rwxr-xr-xbackend/magiback21
-rwxr-xr-xbackend/raw_write.py101
2 files changed, 93 insertions, 29 deletions
diff --git a/backend/magiback b/backend/magiback
index 6bf0202..e7541c3 100755
--- a/backend/magiback
+++ b/backend/magiback
@@ -40,6 +40,7 @@ class Isodumper(raw_write.Dumper):
<method name='do_persistence'>
<arg type='s' name='target' direction='in'/>
<arg type='s' name='label' direction='in'/>
+ <arg type='s' name='key' direction='in'/>
</method>
<method name='get_sum'>
<arg type='s' name='source' direction='in'/>
@@ -75,7 +76,7 @@ class Isodumper(raw_write.Dumper):
self.signature_checked = False
self.writing_perm = False
self.writing_target = ""
-
+
def do_write(self,source, target, size, dbus_context):
self.finished.clear()
@@ -90,19 +91,19 @@ class Isodumper(raw_write.Dumper):
logging.debug(self.return_message)
self.finished.set()
- def do_persistence(self, target, label):
+ def do_persistence(self, target, label, key):
self.finished.clear()
if self.writing_perm and self.writing_target == target :
- self._do_persistence(target, label)
+ self._do_persistence(target, label, key)
else:
self.return_message = "Persistence: Access denied"
self.writing_perm = False
self.writing_target = ""
-
+
@property
def done(self):
return self.finished.wait(1)
-
+
@property
def message(self):
return self.return_message
@@ -128,13 +129,13 @@ class Isodumper(raw_write.Dumper):
def get_sum(self, source):
self.key_thread = threading.Thread(target=self._get_sum, args=(source,))
self.key_thread.start()
-
+
def check_write(self,target, source):
if hasattr(self, 'key_thread'):
self.key_thread.join()
self.thread = threading.Thread(target=self._check_write, args=(target, source,))
self.thread.start()
-
+
def run(self):
self.loop.run()
@@ -142,7 +143,7 @@ def check_permission(action, dbus_context):
""" Check permission
"""
return dbus_context.is_authorized(action, {'polkit.icon_name': 'isodumper.png',}, interactive=True)
-
+
class ConfFile(object):
"""
<node>
@@ -161,7 +162,7 @@ class ConfFile(object):
"""
def __init__(self):
super().__init__()
-
+
def setName(self,file_name):
self.file_name = file_name
@@ -175,7 +176,7 @@ class ConfFile(object):
break
content += line
return content
-
+
def saveFile(self, tc, dbus_context):
if check_permission('org.mageia.Magiback.write',dbus_context):
try:
diff --git a/backend/raw_write.py b/backend/raw_write.py
index 699d1fc..9f06295 100755
--- a/backend/raw_write.py
+++ b/backend/raw_write.py
@@ -29,13 +29,14 @@
#import locale
import os
import io
+import sys
import gettext
from subprocess import call, Popen, PIPE
import hashlib
import gnupg
import time
import logging
-
+
class Dumper(object):
def _do_write(self,source,target, b):
@@ -150,6 +151,7 @@ class Dumper(object):
message += _('Error, umount returned {}').format(str(retcode))
except OSError as e:
message += _('Execution failed: {}').format(str(e))
+ print(message, file=sys.stderr)
logging.info(message)
return not bool(retcode), message
@@ -167,7 +169,7 @@ class Dumper(object):
with open(sig_file, 'rb') as g:
self.signature_found = True
verified = gpg.verify_file(g, source + ".sha512")
- if verified.valid:
+ if verified.valid:
self.signature_checked = True
logging.debug("signature checked")
else:
@@ -205,7 +207,7 @@ class Dumper(object):
if checked > steps[indice]:
self._progress = indice
indice +=1
- checked+=1024
+ checked+=1024
block = f.read(b-ncuts*1024)
sha512func.update(block)
sha512sumcalc=sha512func.hexdigest()
@@ -220,36 +222,97 @@ class Dumper(object):
self.return_message +="\n" + _("The sha512 sum check is OK and the sum is signed")
else :
self.return_message +="\n" + _("The sha512 sum check is OK but the signature can't be found")
- else:
+ else:
self.return_message +="\n" + _("/!\\The computed and stored sums don't match")
#except:
#pass
self._progress = 100
-
+
logging.info(self.return_message)
self.return_state = True
self.finished.set()
- def _do_persistence(self, target, label):
+ def _do_persistence(self, target, label, key):
logging.debug("Start doing persistence partition")
p = Popen(["fdisk",target], stdin = PIPE)
p.communicate(input=b'n\np\n3\n\n\nw\n')
# example mkfs.ext4 -L mgalive-persist /dev/sdf3
- process = Popen(['mkfs.ext4','-L', label, target+"3"])
- working=True
- while working:
- time.sleep(0.5)
- process.poll()
- rc=process.returncode
- if rc is None:
- working=True
- else:
- process = None
- working= False
- logging.debug("Persistence partition done")
+
+ if key == "":
+ print("No key provided", file=sys.stderr)
+ process = Popen(['mkfs.ext4','-L', label, target+"3"])
+ p.communicate()
+ working=True
+ while working:
+ time.sleep(0.5)
+ process.poll()
+ rc=process.returncode
+ if rc is None:
+ working=True
+ else:
+ process = None
+ working= False
+ logging.debug("Persistence partition done")
+ else:
+ # cryptsetup luksFormat /dev/sdb3
+ print("Crypt key provided",file=sys.stderr)
+ base_target = os.path.basename(target) + "3"
+ process = Popen(['cryptsetup','luksFormat','-q', target+"3", '-d', '-'],stdin=PIPE)
+ process.communicate(input=key.encode('utf-8'))
+ working=True
+ while working:
+ time.sleep(0.5)
+ process.poll()
+ rc=process.returncode
+ if rc is None:
+ working=True
+ else:
+ process = None
+ working= False
+ # cryptsetup open /dev/sdb3 crypt_sdb3
+
+ process = Popen(['cryptsetup','luksOpen', target + "3", 'crypt_' + base_target ,'-d','-'],stdin=PIPE)
+ process.communicate(input=key.encode('utf-8'))
+ working=True
+ while working:
+ time.sleep(0.5)
+ process.poll()
+ rc=process.returncode
+ if rc is None:
+ working=True
+ else:
+ process = None
+ working= False
+ # mkfs.ext4 -L mgalive-persist /dev/mapper/crypt_sdb3
+ process = Popen(['mkfs.ext4','-L', label, '/dev/mapper/crypt_' + base_target])
+ process.communicate()
+ working=True
+ while working:
+ time.sleep(0.5)
+ process.poll()
+ rc=process.returncode
+ if rc is None:
+ working=True
+ else:
+ process = None
+ working= False
+ # cryptsetup close crypt_sdb3
+
+ process = Popen(['cryptsetup','luksClose', 'crypt_' + base_target ])
+ process.communicate()
+ working=True
+ while working:
+ time.sleep(0.5)
+ process.poll()
+ rc=process.returncode
+ if rc is None:
+ working=True
+ else:
+ process = None
+ working= False
return rc
-
+
def __init__(self):
gettext.install('isodumper', localedir='/usr/share/locale')