Basic rules are the same for partitions, LVs, RAID devices:
- Existing LUKS headers can only be removed if the device is being formatted.
- You can create a new filesystem on the device and retain the preexisting
LUKS header.
- You can add a LUKS header to a non-encrypted preexisting device only if
creating a new filesystem on the device.
- We prompt for passphrase only for non-preexisting LUKS headers, meaning
those that existed when we read the disk layout initially. We do not support
adding or changing passphrases for preexisting encrypted devices.
---
iw/lvm_dialog_gui.py | 8 ++++++--
iw/partition_dialog_gui.py | 32 ++++++++++++++++----------------
iw/partition_ui_helpers_gui.py | 7 ++++---
iw/raid_dialog_gui.py | 23 ++++++++++++++---------
ui/lukspassphrase.glade | 4 ++--
5 files changed, 42 insertions(+), 32 deletions(-)
diff --git a/iw/lvm_dialog_gui.py b/iw/lvm_dialog_gui.py
index 8bbb4a5..84e83a9 100644
--- a/iw/lvm_dialog_gui.py
+++ b/iw/lvm_dialog_gui.py
@@ -615,6 +615,7 @@ class VolumeGroupEditor:
# create potential request
request = copy.copy(logrequest)
+ request.encryption = copy.deepcopy(logrequest.encryption)
pesize = int(self.peCombo.get_active_value())
size = lvm.clampLVSizeRequest(size, pesize, roundup=1)
@@ -659,11 +660,14 @@ class VolumeGroupEditor:
else:
passphrase = ""
- passphrase = self.intf.getLuksPassphrase(passphrase)
+ if not request.encryption or request.encryption.format:
+ passphrase = self.intf.getLuksPassphrase(passphrase)
- if passphrase:
+ if passphrase and not request.encryption:
request.encryption = LUKSDevice(passphrase=passphrase,
format=1)
+ elif passphrase and request.encryption.format:
+ request.encryption.setPassphrase(passphrase)
else:
request.encryption = None
diff --git a/iw/partition_dialog_gui.py b/iw/partition_dialog_gui.py
index a38448e..7e1c8e1 100644
--- a/iw/partition_dialog_gui.py
+++ b/iw/partition_dialog_gui.py
@@ -141,13 +141,15 @@ class PartitionEditor:
passphrase = request.encryption.passphrase
else:
passphrase = ""
- passphrase = self.intf.getLuksPassphrase(passphrase)
+
+ if not request.encryption or request.encryption.format:
+ passphrase = self.intf.getLuksPassphrase(passphrase)
+
if passphrase and not request.encryption:
request.encryption = LUKSDevice(passphrase=passphrase,
format=1)
- elif passphrase:
+ elif passphrase and request.encryption.format:
request.encryption.setPassphrase(passphrase)
- request.encryption.format = 1
else:
request.encryption = None
@@ -212,6 +214,7 @@ class PartitionEditor:
else:
# preexisting partition, just set mount point and format flag
request = copy.copy(self.origrequest)
+ request.encryption = copy.deepcopy(self.origrequest.encryption)
if self.fsoptionsDict.has_key("formatcb"):
request.format = self.fsoptionsDict["formatcb"].get_active()
@@ -243,23 +246,21 @@ class PartitionEditor:
else:
request.mountpoint = None
- if self.fsoptionsDict.has_key("lukscb"):
- lukscb = self.fsoptionsDict["lukscb"]
- else:
- lukscb = None
-
- if request.format and lukscb and lukscb.get_active():
+ lukscb = self.fsoptionsDict.get("lukscb")
+ if lukscb and lukscb.get_active():
if request.encryption:
passphrase = request.encryption.passphrase
else:
passphrase = ""
- passphrase = self.intf.getLuksPassphrase(passphrase)
+
+ if not request.encryption or request.encryption.format:
+ passphrase = self.intf.getLuksPassphrase(passphrase)
+
if passphrase and not request.encryption:
request.encryption = LUKSDevice(passphrase=passphrase,
format=1)
- elif passphrase:
+ elif passphrase and request.encryption.format:
request.encryption.setPassphrase(passphrase)
- request.encryption.format = 1
else:
request.encryption = None
@@ -331,8 +332,6 @@ class PartitionEditor:
lbl = createAlignedLabel(_("File System _Type:"))
maintable.attach(lbl, 0, 1, row, row + 1)
- self.lukscb = gtk.CheckButton(_("_Encrypt"))
- self.lukscb.set_data("formatstate", 1)
self.newfstypeCombo = createFSTypeMenu(self.origrequest.fstype,
fstypechangeCB,
self.mountCombo,
@@ -485,14 +484,15 @@ class PartitionEditor:
# checkbutton for encryption using dm-crypt/LUKS
if self.origrequest.type == REQUEST_NEW:
+ self.lukscb = gtk.CheckButton(_("_Encrypt"))
+ self.lukscb.set_data("formatstate", 1)
+
if self.origrequest.encryption:
self.lukscb.set_active(1)
else:
self.lukscb.set_active(0)
maintable.attach(self.lukscb, 0, 2, row, row + 1)
row = row + 1
- else:
- self.lukscb = None
# put main table into dialog
self.dialog.vbox.pack_start(maintable)
diff --git a/iw/partition_ui_helpers_gui.py b/iw/partition_ui_helpers_gui.py
index 210c939..bc59604 100644
--- a/iw/partition_ui_helpers_gui.py
+++ b/iw/partition_ui_helpers_gui.py
@@ -240,7 +240,8 @@ def formatOptionCB(widget, data):
if lukscb is not None:
lukscb.set_data("formatstate", widget.get_active())
if not widget.get_active():
- lukscb.set_active(0)
+ # set "Encrypt" checkbutton to match partition's initial state
+ lukscb.set_active(lukscb.get_data("encrypted"))
lukscb.set_sensitive(0)
else:
lukscb.set_sensitive(1)
@@ -354,9 +355,9 @@ def createPreExistFSOptionSection(origrequest, maintable, row, mountCombo,
formatcb.connect("toggled", formatOptionResizeCB, resizesb)
- if origrequest.encryption and formatcb.get_active():
- # probably never happen
+ if origrequest.encryption:
lukscb.set_active(1)
+ lukscb.set_data("encrypted", 1)
lukscb.set_sensitive(formatcb.get_active())
lukscb.set_data("formatstate", formatcb.get_active())
diff --git a/iw/raid_dialog_gui.py b/iw/raid_dialog_gui.py
index a30624e..d62e368 100644
--- a/iw/raid_dialog_gui.py
+++ b/iw/raid_dialog_gui.py
@@ -146,6 +146,7 @@ class RaidEditor:
# read out UI into a partition specification
request = copy.copy(self.origrequest)
+ request.encryption = copy.deepcopy(self.origrequest.encryption)
# doesn't make sense for RAID device
if not self.origrequest.getPreExisting():
@@ -193,13 +194,15 @@ class RaidEditor:
passphrase = request.encryption.passphrase
else:
passphrase = ""
- passphrase = self.intf.getLuksPassphrase(passphrase)
+
+ if not request.encryption or request.encryption.format:
+ passphrase = self.intf.getLuksPassphrase(passphrase)
+
if passphrase and not request.encryption:
request.encryption = LUKSDevice(passphrase=passphrase,
format=1)
- elif passphrase:
- request.encryption.setPassphrase(passphrase)
- request.encryption.format = 1
+ elif passphrase and request.encryption.format:
+ request.setPassphrase(passphrase)
else:
request.encryption = None
else:
@@ -228,18 +231,20 @@ class RaidEditor:
request.mountpoint = None
lukscb = self.fsoptionsDict.get("lukscb")
- if request.format and lukscb and lukscb.get_active():
+ if lukscb and lukscb.get_active():
if request.encryption:
passphrase = request.encryption.passphrase
else:
passphrase = ""
- passphrase = self.intf.getLuksPassphrase(passphrase)
+
+ if not request.encryption or request.encryption.format:
+ passphrase = self.intf.getLuksPassphrase(passphrase)
+
if passphrase and not request.encryption:
request.encryption = LUKSDevice(passphrase=passphrase,
format=1)
- elif passphrase:
- request.encryption.setPassphrase(passphrase)
- request.encryption.format = 1
+ elif passphrase and request.encryption.format:
+ request.setPassphrase(passphrase)
else:
request.encryption = None
diff --git a/ui/lukspassphrase.glade b/ui/lukspassphrase.glade
index 7daee20..cb76e6b 100644
--- a/ui/lukspassphrase.glade
+++ b/ui/lukspassphrase.glade
@@ -223,8 +223,8 @@
<widget class="GtkDialog" id="passphraseEntryDialog">
<property name="visible">True</property>
<property name="title" translatable="yes">Passphrase</property>
- <property name="type">GTK_WINDOW_POPUP</property>
- <property name="window_position">GTK_WIN_POS_CENTER_ON_PAREN T</property>
+ <property name="type">GTK_WINDOW_TOPLEVEL</property>
+ <property name="window_position">GTK_WIN_POS_CENTER</property>
<property name="modal">True</property>
<property name="resizable">True</property>
<property name="destroy_with_parent">False</property>
--
1.5.4.1
_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
Partitioning UI for handling of preexisting encrypted devices.
