Commit 4d6a4202 authored by Matthias Klumpp's avatar Matthias Klumpp

Add experimental disk encryption page

parent 384ab5d5
# This file is autogenerated. DO NOT EDIT!
#
# Modifications should be made to debian/control.in instead.
# This file is regenerated automatically in the clean target.
Source: gnome-initial-setup
Section: gnome
Priority: optional
......
......@@ -28,6 +28,8 @@ CRYPTTAB_FILE = '/etc/crypttab'
KEYFILE = '/crypto_keyfile.bin'
KEYFILE_OLD = '/crypto_keyfile.bin.old'
CALAMARES_LUKS_PARTITION_FILE = '/var/lib/encrypted_partitions'
def run_command(command, input=None):
if not isinstance(command, list):
......@@ -55,8 +57,9 @@ def run_command(command, input=None):
return (output, stderr, pipe.returncode)
def run(new_password, partition_name):
partitions = [partition_name]
def run(new_password):
clp_f = open(CALAMARES_LUKS_PARTITION_FILE, 'r')
partitions = clp_f.readlines()
if not new_password:
raise Exception ("New disk password is empty")
......@@ -71,10 +74,13 @@ def run(new_password, partition_name):
"if=/dev/urandom",
"of=/crypto_keyfile.bin"])
if ret != 0:
raise Exception("Unable to create crypto_keyfile.bin: {} - {}".format(out, err))
raise Exception("Unable to create new crypto_keyfile.bin: {} - {}".format(out, err))
for partition in partitions:
if not partition.strip():
continue
out, err, ret = run_command(['cryptsetup',
'luksAddKey',
partition,
......@@ -94,6 +100,7 @@ def run(new_password, partition_name):
out, err, ret = run_command(['cryptsetup',
'luksAddKey',
partition,
new_password,
'--key-file', KEYFILE])
if ret != 0:
raise Exception("Unable to add key: {} - {}".format(out, err))
......@@ -108,6 +115,7 @@ def run(new_password, partition_name):
os.remove(KEYFILE_OLD)
os.remove(ENCRYPT_BYPASS_INITRAMFS_HOOK)
os.remove(CALAMARES_LUKS_PARTITION_FILE)
def main():
......@@ -116,7 +124,7 @@ def main():
parser.add_argument('-d', '--partition', type=str, required=True)
args = parser.parse_args()
if not os.path.isfile(ENCRYPT_BYPASS_INITRAMFS_HOOK):
if not os.path.isfile(ENCRYPT_BYPASS_INITRAMFS_HOOK) or not os.path.isfile(CALAMARES_LUKS_PARTITION_FILE):
print('Encrypt bypass initramfs hook does not exist, script will not do anything')
return
......
......@@ -2,3 +2,4 @@
02_pureos-data-transmission-privacy-default-off.patch
03_pureos-spawn-oem-installer-after-setup-on-live.patch
tmp_localegen-hack.patch
tmp_new-luks-page.patch
......@@ -21,7 +21,7 @@ This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
g_variant_builder_unref (b);
+
+ /* an absolutely awful hack, but it will do for now - however, we should not keep this */
+ tmp = g_strdup_printf ("pkexec /usr/lib/gnome-initial-setup/install-locale.py %s", priv->new_locale_id);
+ tmp = g_strdup_printf ("pkexec python3 /usr/lib/gnome-initial-setup/install-locale.py %s", priv->new_locale_id);
+ g_spawn_command_line_sync (tmp, NULL, NULL, NULL, NULL);
}
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment