napcok/calamares
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add configurable variable m_luks2Hash

Browse Source
This commit is contained in:
abalfoort 2023-05-31 14:43:39 +02:00
parent 1e2a51f952
commit c4496ef86b
2 changed files with 41 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
src/modules/luksbootkeyfile/LuksBootKeyFileJob.cpp
View File

@ -135,7 +135,7 @@ generateTargetKeyfile()
} }
static bool static bool
setupLuks( const LuksDevice& d ) setupLuks( const LuksDevice& d, const QString& luks2Hash )
{ {
// Get luksDump for this device // Get luksDump for this device
int slots_count = 0; int slots_count = 0;
@ -151,39 +151,33 @@ setupLuks( const LuksDevice& d )
return false; return false;
} }
// Check for LUKS2 // Check LUKS version
QString luks2_hash = QString(); int luks_version = 0;
QRegularExpression pbkdf_re( QStringLiteral( R"(pbkdf:\s*(.*))" ), QRegularExpression::CaseInsensitiveOption ); QRegularExpression version_re( QStringLiteral( R"(version:\s*([0-9]))" ), QRegularExpression::CaseInsensitiveOption );
QRegularExpressionMatch match = pbkdf_re.match( luks_dump.getOutput() ); QRegularExpressionMatch match = version_re.match( luks_dump.getOutput() );
if ( match.hasMatch() ) { if ( ! match.hasMatch() )
luks2_hash = match.captured(1);
cDebug() << "Setup LUKS2 " << luks2_hash << " for " << d.device;
}
else
{ {
cDebug() << "Setup LUKS1 for " << d.device; cWarning() << "Could not get LUKS version on device: " << d.device;
return false;
} }
luks_version = match.captured(1).toInt();
cDebug() << "LUKS" << luks_version << " found on device: " << d.device;
// Check the number of slots used // Check the number of slots used
// Output of LUKS1 and LUKS2 differ // Output of LUKS1 and LUKS2 differ
auto search_pattern = luks2_hash.isEmpty() ? QStringLiteral( R"(\d+:\s*enabled)" ) : QStringLiteral( R"(\d+:\s*luks2)" ); auto search_pattern = luks_version == 1 ? QStringLiteral( R"(\d+:\s*enabled)" ) : QStringLiteral( R"(\d+:\s*luks2)" );
QRegularExpression slots_re( search_pattern, QRegularExpression::CaseInsensitiveOption ); QRegularExpression slots_re( search_pattern, QRegularExpression::CaseInsensitiveOption );
slots_count = luks_dump.getOutput().count( slots_re ); slots_count = luks_dump.getOutput().count( slots_re );
if ( luks_version == 1 && slots_count == 8 )
if ( ( luks2_hash.isEmpty() && slots_count == 8 ) ||
( !luks2_hash.isEmpty() && slots_count == 32 ))
{ {
// No key slots left: return gracefully cWarning() << "No key slots left on LUKS1 device: " << d.device;
return true; return false;
} }
// Add the key to the keyfile // Add the key to the keyfile
QStringList args = { QStringLiteral( "cryptsetup" ), QStringLiteral( "luksAddKey" ) }; QStringList args_luks1 = { QStringLiteral( "cryptsetup" ), QStringLiteral( "luksAddKey" ), d.device, keyfile };
if ( !luks2_hash.isEmpty() ) QStringList args_luks2 = { QStringLiteral( "cryptsetup" ), QStringLiteral( "luksAddKey" ), "--pbkdf", luks2Hash, d.device, keyfile };
{ QStringList args = luks_version == 1 ? args_luks1 : args_luks2;
args << "--pbkdf" << luks2_hash;
}
args << d.device << keyfile;
auto r = CalamaresUtils::System::instance()->targetEnvCommand( auto r = CalamaresUtils::System::instance()->targetEnvCommand(
args, args,
QString(), QString(),
@ -269,6 +263,12 @@ LuksBootKeyFileJob::exec()
"LuksBootKeyFile", tr( "No partitions are defined." ), Calamares::JobResult::InvalidConfiguration ); "LuksBootKeyFile", tr( "No partitions are defined." ), Calamares::JobResult::InvalidConfiguration );
} }
if ( m_luks2Hash.isEmpty() )
{
return Calamares::JobResult::internalError(
"LuksBootKeyFile", tr( "No luks2Hash is set." ), Calamares::JobResult::InvalidConfiguration );
}
cDebug() << "There are" << s.devices.count() << "LUKS partitions"; cDebug() << "There are" << s.devices.count() << "LUKS partitions";
if ( s.devices.count() < 1 ) if ( s.devices.count() < 1 )
{ {
@ -321,13 +321,22 @@ LuksBootKeyFileJob::exec()
continue; continue;
} }
if ( !setupLuks( d ) ) if ( !setupLuks( d, m_luks2Hash ) )
return Calamares::JobResult::error( {
tr( "Encryption setup error" ), // Could not configure the LUKS partition
tr( "Could not configure LUKS on partition %1." ).arg( d.device ) ); // This should not stop the installation: do not return Calamares::JobResult::error.
cError() << "Encrypted rootfs setup error: could not configure LUKS key file on partition " << d.device;
}
} }
return Calamares::JobResult::ok(); return Calamares::JobResult::ok();
} }
void
LuksBootKeyFileJob::setConfigurationMap( const QVariantMap& configurationMap )
{
m_luks2Hash = CalamaresUtils::getString(
configurationMap, QStringLiteral( "luks2Hash" ), QStringLiteral( "pbkdf2" ) );
}
CALAMARES_PLUGIN_FACTORY_DEFINITION( LuksBootKeyFileJobFactory, registerPlugin< LuksBootKeyFileJob >(); ) CALAMARES_PLUGIN_FACTORY_DEFINITION( LuksBootKeyFileJobFactory, registerPlugin< LuksBootKeyFileJob >(); )

5
src/modules/luksbootkeyfile/LuksBootKeyFileJob.h
View File

@ -30,6 +30,11 @@ public:
QString prettyName() const override; QString prettyName() const override;
Calamares::JobResult exec() override; Calamares::JobResult exec() override;
void setConfigurationMap( const QVariantMap& configurationMap ) override;
private:
QString m_luks2Hash;
}; };
CALAMARES_PLUGIN_FACTORY_DECLARATION( LuksBootKeyFileJobFactory ) CALAMARES_PLUGIN_FACTORY_DECLARATION( LuksBootKeyFileJobFactory )