From a393ffe12683d92c2cfec1110b1eff5c8c9e321f Mon Sep 17 00:00:00 2001 From: Adriaan de Groot Date: Tue, 21 Sep 2021 11:58:22 +0200 Subject: [PATCH 1/4] [luksbootkeyfile] Don't dd in the target to get entropy --- .../luksbootkeyfile/LuksBootKeyFileJob.cpp | 24 +++++++++++++++---- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/src/modules/luksbootkeyfile/LuksBootKeyFileJob.cpp b/src/modules/luksbootkeyfile/LuksBootKeyFileJob.cpp index 075dadafe..3cd98d3ae 100644 --- a/src/modules/luksbootkeyfile/LuksBootKeyFileJob.cpp +++ b/src/modules/luksbootkeyfile/LuksBootKeyFileJob.cpp @@ -8,7 +8,9 @@ #include "LuksBootKeyFileJob.h" #include "utils/CalamaresUtilsSystem.h" +#include "utils/Entropy.h" #include "utils/Logger.h" +#include "utils/NamedEnum.h" #include "utils/UMask.h" #include "utils/Variant.h" @@ -102,15 +104,27 @@ static bool generateTargetKeyfile() { CalamaresUtils::UMask m( CalamaresUtils::UMask::Safe ); - auto r = CalamaresUtils::System::instance()->targetEnvCommand( - { "dd", "bs=512", "count=4", "if=/dev/urandom", QString( "of=%1" ).arg( keyfile ) } ); - if ( r.getExitCode() != 0 ) + + // Get the data + QByteArray entropy; + auto entropySource = CalamaresUtils::getEntropy( 2048, entropy ); + if ( entropySource != CalamaresUtils::EntropySource::URandom ) { - cWarning() << "Could not create LUKS keyfile:" << r.getOutput() << "(exit code" << r.getExitCode() << ')'; + cWarning() << "Could not get entropy from /dev/urandom for LUKS."; return false; } + + auto fileResult = CalamaresUtils::System::instance()->createTargetFile( + keyfile, entropy, CalamaresUtils::System::WriteMode::Overwrite ); + entropy.fill( 'A' ); + if ( !fileResult ) + { + cWarning() << "Could not create LUKS keyfile:" << smash( fileResult.code() ); + return false; + } + // Give ample time to check that the file was created correctly - r = CalamaresUtils::System::instance()->targetEnvCommand( { "ls", "-la", "/" } ); + auto r = CalamaresUtils::System::instance()->targetEnvCommand( { "ls", "-la", "/" } ); cDebug() << "In target system after creating LUKS file" << r.getOutput(); return true; } From ada13c19fd9437978d4d469dd8a0551b0d1f638d Mon Sep 17 00:00:00 2001 From: Adriaan de Groot Date: Tue, 21 Sep 2021 12:02:26 +0200 Subject: [PATCH 2/4] [libcalamares] Simplify filling the entropy buffer --- src/libcalamares/utils/Entropy.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/libcalamares/utils/Entropy.cpp b/src/libcalamares/utils/Entropy.cpp index d28230a85..67a0718f5 100644 --- a/src/libcalamares/utils/Entropy.cpp +++ b/src/libcalamares/utils/Entropy.cpp @@ -18,15 +18,17 @@ CalamaresUtils::EntropySource CalamaresUtils::getEntropy( int size, QByteArray& b ) { + constexpr const char filler = char( 0xcb ); + + b.fill( filler ); b.clear(); if ( size < 1 ) { return EntropySource::None; } - b.resize( size ); + b.fill( filler, size ); char* buffer = b.data(); - std::fill( buffer, buffer + size, 0xcb ); qint64 readSize = 0; QFile urandom( "/dev/urandom" ); From 1d812f88cea8c645e36e52a6479cf13a8a302e7e Mon Sep 17 00:00:00 2001 From: Adriaan de Groot Date: Tue, 21 Sep 2021 12:10:21 +0200 Subject: [PATCH 3/4] [luksbootkeyfile] Bump timeout for adding LUKS keyfile --- src/modules/luksbootkeyfile/LuksBootKeyFileJob.cpp | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/modules/luksbootkeyfile/LuksBootKeyFileJob.cpp b/src/modules/luksbootkeyfile/LuksBootKeyFileJob.cpp index 3cd98d3ae..43da3971a 100644 --- a/src/modules/luksbootkeyfile/LuksBootKeyFileJob.cpp +++ b/src/modules/luksbootkeyfile/LuksBootKeyFileJob.cpp @@ -123,8 +123,10 @@ generateTargetKeyfile() return false; } - // Give ample time to check that the file was created correctly - auto r = CalamaresUtils::System::instance()->targetEnvCommand( { "ls", "-la", "/" } ); + // Give ample time to check that the file was created correctly; + // we actually expect ls to return pretty-much-instantly. + auto r = CalamaresUtils::System::instance()->targetEnvCommand( + { "ls", "-la", "/" }, QString(), QString(), std::chrono::seconds( 5 ) ); cDebug() << "In target system after creating LUKS file" << r.getOutput(); return true; } @@ -132,8 +134,10 @@ generateTargetKeyfile() static bool setupLuks( const LuksDevice& d ) { + // Adding the key can take some times, measured around 15 seconds with + // a HDD (spinning rust) and a slow-ish computer. Give it a minute. auto r = CalamaresUtils::System::instance()->targetEnvCommand( - { "cryptsetup", "luksAddKey", d.device, keyfile }, QString(), d.passphrase, std::chrono::seconds( 15 ) ); + { "cryptsetup", "luksAddKey", d.device, keyfile }, QString(), d.passphrase, std::chrono::seconds( 60 ) ); if ( r.getExitCode() != 0 ) { cWarning() << "Could not configure LUKS keyfile on" << d.device << ':' << r.getOutput() << "(exit code" From 9f803905cb85c7f4b0d38664d4a7ca7ff30b0074 Mon Sep 17 00:00:00 2001 From: Adriaan de Groot Date: Tue, 21 Sep 2021 12:13:25 +0200 Subject: [PATCH 4/4] Changes: post-release housekeeping --- CHANGES | 12 ++++++++++++ CMakeLists.txt | 4 ++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 535a8e57b..1bbf793c2 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,18 @@ contributors are listed. Note that Calamares does not have a historical changelog -- this log starts with version 3.2.0. The release notes on the website will have to do for older versions. +# 3.2.44 (unreleased) # + +This release contains contributions from (alphabetically by first name): + - No external contributors yet + +## Core ## + - No core changes yet + +## Modules ## + - No module changes yet + + # 3.2.43 (2021-09-17) # This release contains contributions from (alphabetically by first name): diff --git a/CMakeLists.txt b/CMakeLists.txt index 1c2e6fdf9..807cdfabf 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -41,11 +41,11 @@ # TODO:3.3: Require CMake 3.12 cmake_minimum_required( VERSION 3.3 FATAL_ERROR ) project( CALAMARES - VERSION 3.2.43 + VERSION 3.2.44 LANGUAGES C CXX ) -set( CALAMARES_VERSION_RC 0 ) # Set to 0 during release cycle, 1 during development +set( CALAMARES_VERSION_RC 1 ) # Set to 0 during release cycle, 1 during development ### OPTIONS #