Merge pull request #1952 from abalfoort/#1935

#1935 - Reuse luks partitions
This commit is contained in:
Adriaan de Groot 2022-05-17 10:35:51 +02:00 committed by GitHub
commit 9d6bb2ee2a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 361 additions and 173 deletions

View File

@ -162,13 +162,18 @@ class FstabGenerator(object):
crypttab_options = self.crypttab_options
# Set crypttab password for partition to none and remove crypttab options
# if crypto_keyfile.bin was not generated
if not os.path.exists(os.path.join(self.root_mount_point, "crypto_keyfile.bin")):
password = "none"
crypttab_options = ""
# on root partition when /boot is unencrypted
if partition["mountPoint"] == "/":
elif partition["mountPoint"] == "/":
if any([p["mountPoint"] == "/boot"
and "luksMapperName" not in p
for p in self.partitions]):
password = "none"
crypttab_options = ""
return dict(
name=mapper_name,

View File

@ -251,7 +251,9 @@ fillGSConfigurationEFI( Calamares::GlobalStorage* gs, const QVariantMap& configu
gs->insert( "efiSystemPartitionSize", sizeString );
gs->insert( "efiSystemPartitionSize_i", part_size.toBytes() );
if ( part_size.toBytes() != PartUtils::efiFilesystemMinimumSize() )
// Assign long long int to long unsigned int to prevent compilation warning
size_t unsigned_part_size = part_size.toBytes();
if ( unsigned_part_size != PartUtils::efiFilesystemMinimumSize() )
{
cWarning() << "EFI partition size" << sizeString << "has been adjusted to"
<< PartUtils::efiFilesystemMinimumSize() << "bytes";

View File

@ -22,128 +22,210 @@
#include <kpmcore/core/partition.h>
#include <kpmcore/fs/filesystemfactory.h>
#include <kpmcore/fs/luks.h>
#include <kpmcore/fs/filesystem.h>
#include <kpmcore/util/externalcommand.h>
using CalamaresUtils::Partition::PartitionIterator;
namespace KPMHelpers
{
Partition*
findPartitionByMountPoint( const QList< Device* >& devices, const QString& mountPoint )
{
for ( auto device : devices )
for ( auto it = PartitionIterator::begin( device ); it != PartitionIterator::end( device ); ++it )
if ( PartitionInfo::mountPoint( *it ) == mountPoint )
{
return *it;
}
return nullptr;
}
Partition*
createNewPartition( PartitionNode* parent,
const Device& device,
const PartitionRole& role,
FileSystem::Type fsType,
const QString& fsLabel,
qint64 firstSector,
qint64 lastSector,
PartitionTable::Flags flags )
{
FileSystem* fs = FileSystemFactory::create( fsType, firstSector, lastSector, device.logicalSize() );
fs->setLabel( fsLabel );
return new Partition( parent,
device,
role,
fs,
fs->firstSector(),
fs->lastSector(),
QString() /* path */,
KPM_PARTITION_FLAG( None ) /* availableFlags */,
QString() /* mountPoint */,
false /* mounted */,
flags /* activeFlags */,
KPM_PARTITION_STATE( New ) );
}
Partition*
createNewEncryptedPartition( PartitionNode* parent,
const Device& device,
const PartitionRole& role,
FileSystem::Type fsType,
const QString& fsLabel,
qint64 firstSector,
qint64 lastSector,
const QString& passphrase,
PartitionTable::Flags flags )
{
PartitionRole::Roles newRoles = role.roles();
if ( !role.has( PartitionRole::Luks ) )
Partition*
findPartitionByMountPoint( const QList< Device* >& devices, const QString& mountPoint )
{
newRoles |= PartitionRole::Luks;
}
FS::luks* fs = dynamic_cast< FS::luks* >(
FileSystemFactory::create( FileSystem::Luks, firstSector, lastSector, device.logicalSize() ) );
if ( !fs )
{
cError() << "cannot create LUKS filesystem. Giving up.";
for ( auto device : devices )
for ( auto it = PartitionIterator::begin( device ); it != PartitionIterator::end( device ); ++it )
if ( PartitionInfo::mountPoint( *it ) == mountPoint )
{
return *it;
}
return nullptr;
}
fs->createInnerFileSystem( fsType );
fs->setPassphrase( passphrase );
fs->setLabel( fsLabel );
Partition* p = new Partition( parent,
device,
PartitionRole( newRoles ),
fs,
fs->firstSector(),
fs->lastSector(),
QString() /* path */,
KPM_PARTITION_FLAG( None ) /* availableFlags */,
QString() /* mountPoint */,
false /* mounted */,
flags /* activeFlags */,
KPM_PARTITION_STATE( New ) );
return p;
}
Partition*
clonePartition( Device* device, Partition* partition )
{
FileSystem* fs = FileSystemFactory::create(
partition->fileSystem().type(), partition->firstSector(), partition->lastSector(), device->logicalSize() );
return new Partition( partition->parent(),
*device,
partition->roles(),
fs,
fs->firstSector(),
fs->lastSector(),
partition->partitionPath(),
partition->activeFlags() );
}
Calamares::JobResult
execute( Operation& operation, const QString& failureMessage )
{
operation.setStatus( Operation::StatusRunning );
Report report( nullptr );
if ( operation.execute( report ) )
Partition*
createNewPartition( PartitionNode* parent,
const Device& device,
const PartitionRole& role,
FileSystem::Type fsType,
const QString& fsLabel,
qint64 firstSector,
qint64 lastSector,
PartitionTable::Flags flags )
{
return Calamares::JobResult::ok();
FileSystem* fs = FileSystemFactory::create( fsType, firstSector, lastSector, device.logicalSize() );
fs->setLabel( fsLabel );
return new Partition( parent,
device,
role,
fs,
fs->firstSector(),
fs->lastSector(),
QString() /* path */,
KPM_PARTITION_FLAG( None ) /* availableFlags */,
QString() /* mountPoint */,
false /* mounted */,
flags /* activeFlags */,
KPM_PARTITION_STATE( New ) );
}
// Remove the === lines from the report by trimming them to empty
QStringList l = report.toText().split( '\n' );
std::for_each( l.begin(), l.end(), []( QString& s ) { CalamaresUtils::removeLeading( s, '=' ); } );
return Calamares::JobResult::error( failureMessage, l.join( '\n' ) );
}
Partition*
createNewEncryptedPartition( PartitionNode* parent,
const Device& device,
const PartitionRole& role,
FileSystem::Type fsType,
const QString& fsLabel,
qint64 firstSector,
qint64 lastSector,
const QString& passphrase,
PartitionTable::Flags flags )
{
PartitionRole::Roles newRoles = role.roles();
if ( !role.has( PartitionRole::Luks ) )
{
newRoles |= PartitionRole::Luks;
}
FS::luks* fs = dynamic_cast< FS::luks* >(
FileSystemFactory::create( FileSystem::Luks, firstSector, lastSector, device.logicalSize() ) );
if ( !fs )
{
cError() << "cannot create LUKS filesystem. Giving up.";
return nullptr;
}
fs->createInnerFileSystem( fsType );
fs->setPassphrase( passphrase );
fs->setLabel( fsLabel );
Partition* p = new Partition( parent,
device,
PartitionRole( newRoles ),
fs,
fs->firstSector(),
fs->lastSector(),
QString() /* path */,
KPM_PARTITION_FLAG( None ) /* availableFlags */,
QString() /* mountPoint */,
false /* mounted */,
flags /* activeFlags */,
KPM_PARTITION_STATE( New ) );
return p;
}
Partition*
clonePartition( Device* device, Partition* partition )
{
FileSystem* fs = FileSystemFactory::create(
partition->fileSystem().type(), partition->firstSector(), partition->lastSector(), device->logicalSize() );
return new Partition( partition->parent(),
*device,
partition->roles(),
fs,
fs->firstSector(),
fs->lastSector(),
partition->partitionPath(),
partition->activeFlags() );
}
// Adapted from luks cryptOpen which always opens a dialog to ask for a passphrase
int
updateLuksDevice( Partition* partition, const QString& passphrase )
{
const QString deviceNode = partition->partitionPath();
cDebug() << "Update Luks device: " << deviceNode;
if ( passphrase.isEmpty() )
{
cWarning() << Logger::SubEntry << "#1: Passphrase is empty";
return 1;
}
if ( partition->fileSystem().type() != FileSystem::Luks )
{
cWarning() << Logger::SubEntry << "#2: Not a luks encrypted device";
return 2;
}
// Cast partition fs to luks fs
FS::luks* luksFs = dynamic_cast< FS::luks* >( &partition->fileSystem() );
// Test the given passphrase
if ( !luksFs->testPassphrase( deviceNode, passphrase ) )
{
cWarning() << Logger::SubEntry << "#3: Passphrase incorrect";
return 3;
}
if ( luksFs->isCryptOpen() )
{
if ( !luksFs->mapperName().isEmpty())
{
cWarning() << Logger::SubEntry << "#4: Device already decrypted";
return 4;
}
else
{
cDebug() << Logger::SubEntry << "No mapper node found";
luksFs->setCryptOpen( false );
}
}
ExternalCommand openCmd( QStringLiteral( "cryptsetup" ),
{ QStringLiteral( "open" ),
deviceNode,
luksFs->suggestedMapperName( deviceNode ) } );
if ( !( openCmd.write( passphrase.toLocal8Bit() + '\n' ) &&
openCmd.start( -1 ) &&
openCmd.exitCode() == 0 ) )
{
cWarning() << Logger::SubEntry << openCmd.exitCode() << ": cryptsetup command failed";
return openCmd.exitCode();
}
// Save the existing passphrase
luksFs->setPassphrase( passphrase );
luksFs->scan( deviceNode );
if ( luksFs->mapperName().isEmpty() )
{
cWarning() << Logger::SubEntry << "#5: No mapper node found";
return 5;
}
luksFs->loadInnerFileSystem( luksFs->mapperName() );
luksFs->setCryptOpen( luksFs->innerFS() != nullptr );
if ( !luksFs->isCryptOpen() )
{
cWarning() << Logger::SubEntry << "#6: Device could not be decrypted";
return 6;
}
return 0;
}
Calamares::JobResult
execute( Operation& operation, const QString& failureMessage )
{
operation.setStatus( Operation::StatusRunning );
Report report( nullptr );
if ( operation.execute( report ) )
{
return Calamares::JobResult::ok();
}
// Remove the === lines from the report by trimming them to empty
QStringList l = report.toText().split( '\n' );
std::for_each( l.begin(), l.end(), []( QString& s ) { CalamaresUtils::removeLeading( s, '=' ); } );
return Calamares::JobResult::error( failureMessage, l.join( '\n' ) );
}
} // namespace KPMHelpers

View File

@ -43,54 +43,56 @@ class PartitionRole;
namespace KPMHelpers
{
/**
* Iterates on all devices and return the first partition which is associated
* with mountPoint. This uses PartitionInfo::mountPoint(), not Partition::mountPoint()
*/
Partition* findPartitionByMountPoint( const QList< Device* >& devices, const QString& mountPoint );
/**
* Iterates on all devices and return the first partition which is associated
* with mountPoint. This uses PartitionInfo::mountPoint(), not Partition::mountPoint()
*/
Partition* findPartitionByMountPoint( const QList< Device* >& devices, const QString& mountPoint );
/**
* Helper function to create a new Partition object (does not create anything
* on the disk) associated with a FileSystem.
*/
Partition* createNewPartition( PartitionNode* parent,
const Device& device,
const PartitionRole& role,
FileSystem::Type fsType,
const QString& fsLabel,
qint64 firstSector,
qint64 lastSector,
PartitionTable::Flags flags );
/**
* Helper function to create a new Partition object (does not create anything
* on the disk) associated with a FileSystem.
*/
Partition* createNewPartition( PartitionNode* parent,
const Device& device,
const PartitionRole& role,
FileSystem::Type fsType,
const QString& fsLabel,
qint64 firstSector,
qint64 lastSector,
PartitionTable::Flags flags );
Partition* createNewEncryptedPartition( PartitionNode* parent,
const Device& device,
const PartitionRole& role,
FileSystem::Type fsType,
const QString& fsLabel,
qint64 firstSector,
qint64 lastSector,
const QString& passphrase,
PartitionTable::Flags flags );
Partition* createNewEncryptedPartition( PartitionNode* parent,
const Device& device,
const PartitionRole& role,
FileSystem::Type fsType,
const QString& fsLabel,
qint64 firstSector,
qint64 lastSector,
const QString& passphrase,
PartitionTable::Flags flags );
Partition* clonePartition( Device* device, Partition* partition );
Partition* clonePartition( Device* device, Partition* partition );
/** @brief Return a result for an @p operation
*
* Executes the operation, and if successful, returns a success result.
* Otherwise returns an error using @p failureMessage as the primary part
* of the error, and details obtained from the operation.
*/
Calamares::JobResult execute( Operation& operation, const QString& failureMessage );
/** @brief Return a result for an @p operation
*
* It's acceptable to use an rvalue: the operation-running is the effect
* you're interested in, rather than keeping the temporary around.
*/
static inline Calamares::JobResult
execute( Operation&& operation, const QString& failureMessage )
{
return execute( operation, failureMessage );
}
int updateLuksDevice( Partition* partition, const QString& passphrase );
/** @brief Return a result for an @p operation
*
* Executes the operation, and if successful, returns a success result.
* Otherwise returns an error using @p failureMessage as the primary part
* of the error, and details obtained from the operation.
*/
Calamares::JobResult execute( Operation& operation, const QString& failureMessage );
/** @brief Return a result for an @p operation
*
* It's acceptable to use an rvalue: the operation-running is the effect
* you're interested in, rather than keeping the temporary around.
*/
static inline Calamares::JobResult
execute( Operation&& operation, const QString& failureMessage )
{
return execute( operation, failureMessage );
}
} // namespace KPMHelpers

View File

@ -20,6 +20,7 @@
#include "core/PartUtils.h"
#include "core/PartitionCoreModule.h"
#include "core/PartitionInfo.h"
#include "core/KPMHelpers.h"
#include "gui/PartitionDialogHelpers.h"
#include "gui/PartitionSizeController.h"
@ -28,14 +29,18 @@
#include "Settings.h"
#include "partition/FileSystem.h"
#include "utils/Logger.h"
#include "widgets/TranslationFix.h"
#include <kpmcore/core/device.h>
#include <kpmcore/core/partition.h>
#include <kpmcore/fs/filesystemfactory.h>
#include <kpmcore/fs/luks.h>
#include <QComboBox>
#include <QDir>
#include <QPushButton>
#include <QProcess>
#include <QMessageBox>
using CalamaresUtils::Partition::untranslatedFS;
using CalamaresUtils::Partition::userVisibleFS;
@ -52,6 +57,7 @@ EditExistingPartitionDialog::EditExistingPartitionDialog( Device* device,
, m_usedMountPoints( usedMountPoints )
{
m_ui->setupUi( this );
m_ui->encryptWidget->hide();
standardMountPoints( *( m_ui->mountPointComboBox ), PartitionInfo::mountPoint( partition ) );
QColor color = ColorUtils::colorForPartition( m_partition );
@ -132,10 +138,8 @@ EditExistingPartitionDialog::EditExistingPartitionDialog( Device* device,
setFlagList( *( m_ui->m_listFlags ), m_partition->availableFlags(), PartitionInfo::flags( m_partition ) );
}
EditExistingPartitionDialog::~EditExistingPartitionDialog() {}
PartitionTable::Flags
EditExistingPartitionDialog::newFlags() const
{
@ -242,8 +246,31 @@ EditExistingPartitionDialog::applyChanges( PartitionCoreModule* core )
{
core->setFilesystemLabel( m_device, m_partition, fsLabel );
}
core->refreshPartition( m_device, m_partition );
}
// Update the existing luks partition
const QString passphrase = m_ui->encryptWidget->passphrase();
if ( !passphrase.isEmpty() )
{
int retCode = KPMHelpers::updateLuksDevice( m_partition, passphrase );
if ( retCode != 0 )
{
QString message = tr( "Passphrase for existing partition" );
QString description = tr( "Partition %1 could not be decrypted "
"with the given passphrase."
"<br/><br/>"
"Edit the partition again and give the correct passphrase"
"or delete and create a new encrypted partition." )
.arg( m_partition->partitionPath() );
QMessageBox mb( QMessageBox::Information, message, description,
QMessageBox::Ok, this->parentWidget() );
Calamares::fixButtonLabels( &mb );
mb.exec();
}
}
}
}
@ -266,7 +293,6 @@ EditExistingPartitionDialog::replacePartResizerWidget()
m_partitionSizeController->setPartResizerWidget( widget, m_ui->formatRadioButton->isChecked() );
}
void
EditExistingPartitionDialog::updateMountPointPicker()
{
@ -293,13 +319,50 @@ EditExistingPartitionDialog::updateMountPointPicker()
{
setSelectedMountPoint( m_ui->mountPointComboBox, QString() );
}
toggleEncryptWidget();
}
void
EditExistingPartitionDialog::checkMountPointSelection()
{
validateMountPoint( selectedMountPoint( m_ui->mountPointComboBox ),
m_usedMountPoints,
m_ui->mountPointExplanation,
m_ui->buttonBox->button( QDialogButtonBox::Ok ) );
if ( validateMountPoint( selectedMountPoint( m_ui->mountPointComboBox ),
m_usedMountPoints,
m_ui->mountPointExplanation,
m_ui->buttonBox->button( QDialogButtonBox::Ok ) ) )
{
toggleEncryptWidget();
}
}
void
EditExistingPartitionDialog::toggleEncryptWidget()
{
// Show/hide encryptWidget:
// check if partition is a previously luks formatted partition
// and not currently formatted
// and its mount point not a standard mount point except when it's /home
QString mp = selectedMountPoint( m_ui->mountPointComboBox );
if ( !mp.isEmpty()
&& m_partition->fileSystem().type() == FileSystem::Luks
&& !m_ui->formatRadioButton->isChecked()
&& ( !standardMountPoints().contains(mp) || mp == "/home" ) )
{
m_ui->encryptWidget->show();
m_ui->encryptWidget->reset( false );
}
// TODO: When formatting a partition user must be able to encrypt that partition
// Probably need to delete this partition and create a new one
// else if ( m_ui->formatRadioButton->isChecked()
// && !mp.isEmpty())
// {
// m_ui->encryptWidget->show();
// m_ui->encryptWidget->reset();
// }
else
{
m_ui->encryptWidget->reset();
m_ui->encryptWidget->hide();
}
}

View File

@ -32,6 +32,11 @@ class EditExistingPartitionDialog : public QDialog
{
Q_OBJECT
public:
struct FreeSpace
{
Partition* p;
};
EditExistingPartitionDialog( Device* device,
Partition* partition,
const QStringList& usedMountPoints,
@ -53,6 +58,7 @@ private:
PartitionTable::Flags newFlags() const;
void replacePartResizerWidget();
void updateMountPointPicker();
void toggleEncryptWidget();
};
#endif /* EDITEXISTINGPARTITIONDIALOG_H */

View File

@ -10,8 +10,8 @@ SPDX-License-Identifier: GPL-3.0-or-later
<rect>
<x>0</x>
<y>0</y>
<width>450</width>
<height>615</height>
<width>570</width>
<height>689</height>
</rect>
</property>
<property name="sizePolicy">
@ -97,7 +97,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
</property>
</widget>
</item>
<item row="6" column="0">
<item row="8" column="0">
<widget class="QLabel" name="mountPointLabel">
<property name="text">
<string>&amp;Mount Point:</string>
@ -107,7 +107,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
</property>
</widget>
</item>
<item row="6" column="1">
<item row="8" column="1">
<widget class="QComboBox" name="mountPointComboBox">
<property name="sizePolicy">
<sizepolicy hsizetype="MinimumExpanding" vsizetype="Fixed">
@ -153,14 +153,14 @@ SPDX-License-Identifier: GPL-3.0-or-later
<item row="5" column="1">
<widget class="QComboBox" name="fileSystemComboBox"/>
</item>
<item row="10" column="0">
<item row="15" column="0">
<widget class="QLabel" name="label_4">
<property name="text">
<string>Flags:</string>
</property>
</widget>
</item>
<item row="10" column="1">
<item row="15" column="1">
<widget class="QListWidget" name="m_listFlags">
<property name="alternatingRowColors">
<bool>true</bool>
@ -173,7 +173,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
</property>
</widget>
</item>
<item row="8" column="1">
<item row="13" column="1">
<widget class="QLineEdit" name="fileSystemLabelEdit">
<property name="toolTip">
<string>Label for the filesystem</string>
@ -183,20 +183,39 @@ SPDX-License-Identifier: GPL-3.0-or-later
</property>
</widget>
</item>
<item row="8" column="0">
<item row="13" column="0">
<widget class="QLabel" name="fileSystemLabelLabel">
<property name="text">
<string>FS Label:</string>
</property>
</widget>
</item>
<item row="7" column="1">
<item row="10" column="1">
<widget class="QLabel" name="mountPointExplanation">
<property name="text">
<string/>
</property>
</widget>
</item>
<item row="11" column="1">
<widget class="EncryptWidget" name="encryptWidget" native="true"/>
</item>
<item row="12" column="1">
<spacer name="verticalSpacer">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeType">
<enum>QSizePolicy::Fixed</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>13</height>
</size>
</property>
</spacer>
</item>
</layout>
</item>
<item>
@ -218,6 +237,12 @@ SPDX-License-Identifier: GPL-3.0-or-later
<header location="global">kpmcore/gui/partresizerwidget.h</header>
<container>1</container>
</customwidget>
<customwidget>
<class>EncryptWidget</class>
<extends>QWidget</extends>
<header>gui/EncryptWidget.h</header>
<container>1</container>
</customwidget>
</customwidgets>
<tabstops>
<tabstop>sizeSpinBox</tabstop>

View File

@ -70,14 +70,17 @@ EncryptWidget::EncryptWidget( QWidget* parent )
void
EncryptWidget::reset()
EncryptWidget::reset( bool checkVisible )
{
m_ui->m_passphraseLineEdit->clear();
m_ui->m_confirmLineEdit->clear();
m_ui->m_encryptCheckBox->setChecked( false );
}
m_ui->m_encryptCheckBox->setVisible( checkVisible );
m_ui->m_passphraseLineEdit->setVisible( !checkVisible );
m_ui->m_confirmLineEdit->setVisible( !checkVisible );
}
EncryptWidget::Encryption
EncryptWidget::state() const
@ -146,7 +149,7 @@ EncryptWidget::updateState()
}
Encryption newState;
if ( m_ui->m_encryptCheckBox->isChecked() )
if ( m_ui->m_encryptCheckBox->isChecked() || !m_ui->m_encryptCheckBox->isVisible())
{
if ( !m_ui->m_passphraseLineEdit->text().isEmpty()
&& m_ui->m_passphraseLineEdit->text() == m_ui->m_confirmLineEdit->text() )

View File

@ -33,7 +33,7 @@ public:
explicit EncryptWidget( QWidget* parent = nullptr );
void reset();
void reset( bool checkVisible = true );
Encryption state() const;
void setText( const QString& text );