Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--archinstall/lib/disk.py50
-rw-r--r--archinstall/lib/installer.py15
-rw-r--r--archinstall/lib/luks.py7
-rw-r--r--archinstall/lib/storage.py3
-rw-r--r--archinstall/lib/user_interaction.py23
-rw-r--r--examples/guided.py10
6 files changed, 48 insertions, 60 deletions
diff --git a/archinstall/lib/disk.py b/archinstall/lib/disk.py
index 97b982d8..7ef65a5c 100644
--- a/archinstall/lib/disk.py
+++ b/archinstall/lib/disk.py
@@ -76,6 +76,7 @@ def suggest_single_disk_layout(block_device):
"start" : "1MiB",
"size" : "513MiB",
"boot" : True,
+ "encrypted" : False,
"format" : True,
"mountpoint" : "/boot",
"filesystem" : {
@@ -86,7 +87,7 @@ def suggest_single_disk_layout(block_device):
# Root
"type" : "primary",
"start" : "513MiB",
- "encrypted" : True,
+ "encrypted" : False,
"format" : True,
"size" : "100%" if block_device.size < MIN_SIZE_TO_ALLOW_HOME_PART else f"{min(block_device.size, 20)*1024}MiB",
"mountpoint" : "/",
@@ -99,7 +100,7 @@ def suggest_single_disk_layout(block_device):
layout[block_device]['partitions'].append({
# Home
"type" : "primary",
- "encrypted" : True,
+ "encrypted" : False,
"format" : True,
"start" : f"{min(block_device.size*0.2, 20)*1024}MiB",
"size" : "100%",
@@ -138,6 +139,7 @@ def suggest_multi_disk_layout(block_devices):
"start" : "1MiB",
"size" : "513MiB",
"boot" : True,
+ "encrypted" : False,
"format" : True,
"mountpoint" : "/boot",
"filesystem" : {
@@ -148,7 +150,7 @@ def suggest_multi_disk_layout(block_devices):
# Root
"type" : "primary",
"start" : "513MiB",
- "encrypted" : True,
+ "encrypted" : False,
"format" : True,
"size" : "100%",
"mountpoint" : "/",
@@ -160,7 +162,7 @@ def suggest_multi_disk_layout(block_devices):
layout[home_device]['partitions'].append({
# Home
"type" : "primary",
- "encrypted" : True,
+ "encrypted" : False,
"format" : True,
"start" : "4MiB",
"size" : "100%",
@@ -514,7 +516,7 @@ class Partition:
from .luks import luks2
try:
- with luks2(self, 'luksloop', password, auto_unmount=True) as unlocked_device:
+ with luks2(self, storage.get('ENC_IDENTIFIER', 'ai')+'loop', password, auto_unmount=True) as unlocked_device:
return unlocked_device.filesystem
except SysCallError:
return None
@@ -540,35 +542,12 @@ class Partition:
return True if files > 0 else False
- def safe_to_format(self):
- if self.allow_formatting is False:
- log(f"Partition {self} is not marked for formatting.", level=logging.DEBUG)
- return False
- elif self.target_mountpoint == '/boot':
- try:
- if self.has_content():
- log(f"Partition {self} is a boot partition and has content inside.", level=logging.DEBUG)
- return False
- except SysCallError as err:
- log(err.message, logging.DEBUG)
- log(f"Partition {self} was identified as /boot but we could not mount to check for content, continuing!", level=logging.DEBUG)
- pass
-
- return True
-
def encrypt(self, *args, **kwargs):
"""
A wrapper function for luks2() instances and the .encrypt() method of that instance.
"""
from .luks import luks2
- if not self._encrypted:
- raise DiskError(f"Attempting to encrypt a partition that was not marked for encryption: {self}")
-
- if not self.safe_to_format():
- log(f"Partition {self} was marked as protected but encrypt() was called on it!", level=logging.ERROR, fg="red")
- return False
-
handle = luks2(self, None, None)
return handle.encrypt(self, *args, **kwargs)
@@ -745,6 +724,8 @@ class Filesystem:
return True
def load_layout(self, layout :dict):
+ from .luks import luks2
+
# If the layout tells us to wipe the drive, we do so
if layout.get('wipe', False):
if self.mode == GPT:
@@ -770,11 +751,11 @@ class Filesystem:
raise ValueError("BlockDevice().load_layout() doesn't know how to continue without either a UUID or creation of partition.")
if partition.get('filesystem', {}).get('format', None):
- if partition.get('encrypt', False):
+ if partition.get('encrypted', False):
assert partition.get('password')
partition['device_instance'].encrypt(password=partition['password'])
- with archinstall.luks2(partition['device_instance'], 'luksloop', partition['password']) as unlocked_device:
+ with luks2(partition['device_instance'], storage.get('ENC_IDENTIFIER', 'ai')+'loop', partition['password']) as unlocked_device:
unlocked_device.format(partition['filesystem']['format'], allow_formatting=partition.get('format', False))
else:
partition['device_instance'].format(partition['filesystem']['format'], allow_formatting=partition.get('format', False))
@@ -957,7 +938,8 @@ def encrypted_partitions(blockdevices :dict) -> bool:
if partition.get('encrypted', False):
yield partition
-def find_partition_by_mountpoint(partitions, relative_mountpoint :str):
- for partition in partitions:
- if partition.get('mountpoint', None) == relative_mountpoint:
- return partition \ No newline at end of file
+def find_partition_by_mountpoint(block_devices, relative_mountpoint :str):
+ for device in block_devices:
+ for partition in block_devices[device]['partitions']:
+ if partition.get('mountpoint', None) == relative_mountpoint:
+ return partition \ No newline at end of file
diff --git a/archinstall/lib/installer.py b/archinstall/lib/installer.py
index b1e38dc6..00d3a001 100644
--- a/archinstall/lib/installer.py
+++ b/archinstall/lib/installer.py
@@ -126,13 +126,21 @@ class Installer:
return True
def mount_ordered_layout(self, layouts :dict):
+ from .luks import luks2
+
mountpoints = {}
for blockdevice in layouts:
for partition in layouts[blockdevice]['partitions']:
- mountpoints[partition['mountpoint']] = partition['device_instance']
+ mountpoints[partition['mountpoint']] = partition
for mountpoint in sorted(mountpoints.keys()):
- mountpoints[mountpoint].mount(f"{self.target}{mountpoint}")
+ if mountpoints[mountpoint]['encrypted']:
+ loopdev = storage.get('ENC_IDENTIFIER', 'ai')+'loop'
+ password = mountpoints[mountpoint]['password']
+ with luks2(mountpoints[mountpoint]['device_instance'], loopdev, password, auto_unmount=False) as unlocked_device:
+ unlocked_device.mount(f"{self.target}{mountpoint}")
+ else:
+ mountpoints[mountpoint]['device_instance'].mount(f"{self.target}{mountpoint}")
def mount(self, partition, mountpoint, create_mountpoint=True):
if create_mountpoint and not os.path.isdir(f'{self.target}{mountpoint}'):
@@ -437,6 +445,9 @@ class Installer:
elif partition.mountpoint == self.target:
root_partition = partition
+ if boot_partition is None and root_partition is None:
+ raise ValueError(f"Could not detect root (/) or boot (/boot) in {self.target} based on: {self.partitions}")
+
self.log(f'Adding bootloader {bootloader} to {boot_partition if boot_partition else root_partition}', level=logging.INFO)
if bootloader == 'systemd-bootctl':
diff --git a/archinstall/lib/luks.py b/archinstall/lib/luks.py
index b910bfb2..781bed43 100644
--- a/archinstall/lib/luks.py
+++ b/archinstall/lib/luks.py
@@ -18,9 +18,6 @@ class luks2:
self.mapdev = None
def __enter__(self):
- # if self.partition.allow_formatting:
- # self.key_file = self.encrypt(self.partition, *self.args, **self.kwargs)
- # else:
if not self.key_file:
self.key_file = f"/tmp/{os.path.basename(self.partition.path)}.disk_pw" # TODO: Make disk-pw-file randomly unique?
@@ -42,9 +39,6 @@ class luks2:
return True
def encrypt(self, partition, password=None, key_size=512, hash_type='sha512', iter_time=10000, key_file=None):
- if not self.partition.allow_formatting:
- raise DiskError(f'Could not encrypt volume {partition} due to it having a formatting lock.')
-
log(f'Encrypting {partition} (This might take a while)', level=logging.INFO)
if not key_file:
@@ -132,7 +126,6 @@ class luks2:
if os.path.islink(f'/dev/mapper/{mountpoint}'):
self.mapdev = f'/dev/mapper/{mountpoint}'
unlocked_partition = Partition(self.mapdev, None, encrypted=True, filesystem=get_filesystem_type(self.mapdev), autodetect_filesystem=False)
- unlocked_partition.allow_formatting = self.partition.allow_formatting
return unlocked_partition
def close(self, mountpoint=None):
diff --git a/archinstall/lib/storage.py b/archinstall/lib/storage.py
index 4e19e4d4..67f8e716 100644
--- a/archinstall/lib/storage.py
+++ b/archinstall/lib/storage.py
@@ -18,5 +18,6 @@ storage = {
'PROFILE_DB': None, # Used in cases when listing profiles is desired, not mandatory for direct profile grabing.
'LOG_PATH': '/var/log/archinstall',
'LOG_FILE': 'install.log',
- 'MOUNT_POINT': '/mnt',
+ 'MOUNT_POINT': '/mnt/archinstall',
+ 'ENC_IDENTIFIER': 'ainst'
}
diff --git a/archinstall/lib/user_interaction.py b/archinstall/lib/user_interaction.py
index 07f98328..da9f9809 100644
--- a/archinstall/lib/user_interaction.py
+++ b/archinstall/lib/user_interaction.py
@@ -9,7 +9,7 @@ import signal
import sys
import time
-from .disk import BlockDevice, valid_fs_type, suggest_single_disk_layout, suggest_multi_disk_layout
+from .disk import BlockDevice, valid_fs_type, find_partition_by_mountpoint, suggest_single_disk_layout, suggest_multi_disk_layout
from .exceptions import *
from .general import SysCommand
from .hardware import AVAILABLE_GFX_DRIVERS, has_uefi
@@ -190,18 +190,19 @@ def generic_multi_select(options, text="Select one or more of the options above
sys.stdout.flush()
return selected_options
-def select_encrypted_partitions(blockdevices :dict) -> dict:
- if len(blockdevices) == 1:
- if len(blockdevices[0]['partitions']) == 2:
- root = find_partition_by_mountpoint(blockdevices[0]['partitions'], '/')
- blockdevices[0]['partitions'][root]['encrypted'] = True
- return True
+def select_encrypted_partitions(block_devices :dict, password :str) -> dict:
+ root = find_partition_by_mountpoint(block_devices, '/')
+ root['encrypted'] = True
+ root['password'] = password
+
+ return block_devices
- options = []
- for partition in blockdevices.values():
- options.append({key: val for key, val in partition.items() if val})
+ # TODO: Next version perhaps we can support multiple encrypted partitions
+ #options = []
+ #for partition in block_devices.values():
+ # options.append({key: val for key, val in partition.items() if val})
- print(generic_multi_select(options, f"Choose which partitions to encrypt (leave blank when done): "))
+ #print(generic_multi_select(options, f"Choose which partitions to encrypt (leave blank when done): "))
class MiniCurses:
def __init__(self, width, height):
diff --git a/examples/guided.py b/examples/guided.py
index 14cbe0a1..4136ca6e 100644
--- a/examples/guided.py
+++ b/examples/guided.py
@@ -87,11 +87,11 @@ def ask_user_questions():
if (passwd := archinstall.get_password(prompt='Enter disk encryption password (leave blank for no encryption): ')):
archinstall.arguments['!encryption-password'] = passwd
- # If no partitions was marked as encrypted (rare), but a password was supplied -
- # then we need to identify which partitions to encrypt. This will default to / (root) if only
- # root and boot are detected.
- if len(list(archinstall.encrypted_partitions(archinstall.storage['disk_layouts']))) == 0:
- archinstall.storage['disk_layouts'] = archinstall.select_encrypted_partitions(archinstall.storage['disk_layouts'])
+ if archinstall.arguments['harddrives'] and archinstall.arguments.get('!encryption-password', None):
+ # If no partitions was marked as encrypted, but a password was supplied and we have some disks to format..
+ # Then we need to identify which partitions to encrypt. This will default to / (root).
+ if len(list(archinstall.encrypted_partitions(archinstall.storage['disk_layouts']))) == 0:
+ archinstall.storage['disk_layouts'] = archinstall.select_encrypted_partitions(archinstall.storage['disk_layouts'], archinstall.arguments['!encryption-password'])
# Ask which boot-loader to use (will only ask if we're in BIOS (non-efi) mode)
if not archinstall.arguments.get("bootloader", None):

Copyright © 2002-2022 Judd Vinet and Aaron Griffin. Copyright © 2022 Erich Eckner.
The Arch Linux name and logo are recognized trademarks. Some rights reserved. The registered trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis.