Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/archinstall/lib/luks.py
diff options
context:
space:
mode:
authorAnton Hvornum <anton@hvornum.se>2021-03-09 00:12:03 +0100
committerAnton Hvornum <anton@hvornum.se>2021-03-09 00:12:03 +0100
commit7ee48156486101a43e90f834825dfeb0742247bd (patch)
tree3beb97042da4829183f1656216b5d135b1659d16 /archinstall/lib/luks.py
parentf1cb3209ad9deb609d9fff35c52ec76027ceffb4 (diff)
Adding encryption helpers to the Partition() class, that sets up and utilizes luks2.encrypt() in extension.
Diffstat (limited to 'archinstall/lib/luks.py')
-rw-r--r--archinstall/lib/luks.py25
1 files changed, 15 insertions, 10 deletions
diff --git a/archinstall/lib/luks.py b/archinstall/lib/luks.py
index b98994ef..c9946239 100644
--- a/archinstall/lib/luks.py
+++ b/archinstall/lib/luks.py
@@ -16,16 +16,17 @@ class luks2():
self.filesystem = 'crypto_LUKS'
def __enter__(self):
- if self.partition.allow_formatting:
- self.key_file = self.encrypt(self.partition, *self.args, **self.kwargs)
- else:
- if not self.key_file:
- self.key_file = f"/tmp/{os.path.basename(self.partition.path)}.disk_pw" # TODO: Make disk-pw-file randomly unique?
-
- if type(self.password) != bytes: self.password = bytes(self.password, 'UTF-8')
+ #if self.partition.allow_formatting:
+ # self.key_file = self.encrypt(self.partition, *self.args, **self.kwargs)
+ #else:
+ if not self.key_file:
+ self.key_file = f"/tmp/{os.path.basename(self.partition.path)}.disk_pw" # TODO: Make disk-pw-file randomly unique?
+
+ if type(self.password) != bytes:
+ self.password = bytes(self.password, 'UTF-8')
- with open(self.key_file, 'wb') as fh:
- fh.write(self.password)
+ with open(self.key_file, 'wb') as fh:
+ fh.write(self.password)
return self.unlock(self.partition, self.mountpoint, self.key_file)
@@ -38,6 +39,9 @@ class luks2():
def encrypt(self, partition, password=None, key_size=512, hash_type='sha512', iter_time=10000, key_file=None):
# TODO: We should be able to integrate this into the main log some how.
# Perhaps post-mortem?
+ if not self.partition.allow_formatting:
+ raise DiskError(f'Could not encrypt volume {self.partition} due to it having a formatting lock.')
+
log(f'Encrypting {partition} (This might take a while)', level=LOG_LEVELS.Info)
if not key_file:
@@ -49,7 +53,8 @@ class luks2():
if not password:
password = self.password
- if type(password) != bytes: password = bytes(password, 'UTF-8')
+ if type(password) != bytes:
+ password = bytes(password, 'UTF-8')
with open(key_file, 'wb') as fh:
fh.write(password)

Copyright © 2002-2022 Judd Vinet and Aaron Griffin. Copyright © 2022 Erich Eckner.
The Arch Linux name and logo are recognized trademarks. Some rights reserved. The registered trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis.