Refactor EncryptionType (#4438)
* Use UPPER_CASE for EncryptionType * Use StrEnum for EncryptionType
This commit is contained in:
parent
8fe8d4e35f
commit
9fdd7eb12e
|
|
@ -280,7 +280,7 @@ class DiskLayoutConfigurationMenu(AbstractSubMenu[DiskMenuConfig]):
|
||||||
if enc_config.encryption_password:
|
if enc_config.encryption_password:
|
||||||
output += tr('Password') + f': {enc_config.encryption_password.hidden()}\n'
|
output += tr('Password') + f': {enc_config.encryption_password.hidden()}\n'
|
||||||
|
|
||||||
if enc_type != EncryptionType.NoEncryption:
|
if enc_type != EncryptionType.NO_ENCRYPTION:
|
||||||
output += tr('Iteration time') + f': {enc_config.iter_time or DEFAULT_ITER_TIME}ms\n'
|
output += tr('Iteration time') + f': {enc_config.iter_time or DEFAULT_ITER_TIME}ms\n'
|
||||||
|
|
||||||
if enc_config.partitions:
|
if enc_config.partitions:
|
||||||
|
|
|
||||||
|
|
@ -105,19 +105,19 @@ class DiskEncryptionMenu(AbstractSubMenu[DiskEncryption]):
|
||||||
|
|
||||||
def _check_dep_enc_type(self) -> bool:
|
def _check_dep_enc_type(self) -> bool:
|
||||||
enc_type: EncryptionType | None = self._item_group.find_by_key('encryption_type').value
|
enc_type: EncryptionType | None = self._item_group.find_by_key('encryption_type').value
|
||||||
if enc_type and enc_type != EncryptionType.NoEncryption:
|
if enc_type and enc_type != EncryptionType.NO_ENCRYPTION:
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
def _check_dep_partitions(self) -> bool:
|
def _check_dep_partitions(self) -> bool:
|
||||||
enc_type: EncryptionType | None = self._item_group.find_by_key('encryption_type').value
|
enc_type: EncryptionType | None = self._item_group.find_by_key('encryption_type').value
|
||||||
if enc_type and enc_type in [EncryptionType.Luks, EncryptionType.LvmOnLuks]:
|
if enc_type and enc_type in [EncryptionType.LUKS, EncryptionType.LVM_ON_LUKS]:
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
def _check_dep_lvm_vols(self) -> bool:
|
def _check_dep_lvm_vols(self) -> bool:
|
||||||
enc_type: EncryptionType | None = self._item_group.find_by_key('encryption_type').value
|
enc_type: EncryptionType | None = self._item_group.find_by_key('encryption_type').value
|
||||||
if enc_type and enc_type == EncryptionType.LuksOnLvm:
|
if enc_type and enc_type == EncryptionType.LUKS_ON_LVM:
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
@ -137,13 +137,13 @@ class DiskEncryptionMenu(AbstractSubMenu[DiskEncryption]):
|
||||||
assert enc_partitions is not None
|
assert enc_partitions is not None
|
||||||
assert enc_lvm_vols is not None
|
assert enc_lvm_vols is not None
|
||||||
|
|
||||||
if enc_type in [EncryptionType.Luks, EncryptionType.LvmOnLuks] and enc_partitions:
|
if enc_type in [EncryptionType.LUKS, EncryptionType.LVM_ON_LUKS] and enc_partitions:
|
||||||
enc_lvm_vols = []
|
enc_lvm_vols = []
|
||||||
|
|
||||||
if enc_type == EncryptionType.LuksOnLvm:
|
if enc_type == EncryptionType.LUKS_ON_LVM:
|
||||||
enc_partitions = []
|
enc_partitions = []
|
||||||
|
|
||||||
if enc_type != EncryptionType.NoEncryption and enc_password and (enc_partitions or enc_lvm_vols):
|
if enc_type != EncryptionType.NO_ENCRYPTION and enc_password and (enc_partitions or enc_lvm_vols):
|
||||||
return DiskEncryption(
|
return DiskEncryption(
|
||||||
encryption_password=enc_password,
|
encryption_password=enc_password,
|
||||||
encryption_type=enc_type,
|
encryption_type=enc_type,
|
||||||
|
|
@ -227,7 +227,7 @@ class DiskEncryptionMenu(AbstractSubMenu[DiskEncryption]):
|
||||||
iter_time = item.value
|
iter_time = item.value
|
||||||
enc_type = self._item_group.find_by_key('encryption_type').value
|
enc_type = self._item_group.find_by_key('encryption_type').value
|
||||||
|
|
||||||
if iter_time and enc_type != EncryptionType.NoEncryption:
|
if iter_time and enc_type != EncryptionType.NO_ENCRYPTION:
|
||||||
return f'{tr("Iteration time")}: {iter_time}ms'
|
return f'{tr("Iteration time")}: {iter_time}ms'
|
||||||
|
|
||||||
return None
|
return None
|
||||||
|
|
@ -240,9 +240,9 @@ async def select_encryption_type(
|
||||||
options: list[EncryptionType] = []
|
options: list[EncryptionType] = []
|
||||||
|
|
||||||
if lvm_config:
|
if lvm_config:
|
||||||
options = [EncryptionType.LvmOnLuks, EncryptionType.LuksOnLvm]
|
options = [EncryptionType.LVM_ON_LUKS, EncryptionType.LUKS_ON_LVM]
|
||||||
else:
|
else:
|
||||||
options = [EncryptionType.Luks]
|
options = [EncryptionType.LUKS]
|
||||||
|
|
||||||
if not preset:
|
if not preset:
|
||||||
preset = options[0]
|
preset = options[0]
|
||||||
|
|
|
||||||
|
|
@ -139,7 +139,7 @@ class FilesystemHandler:
|
||||||
self._format_lvm_vols(self._disk_config.lvm_config)
|
self._format_lvm_vols(self._disk_config.lvm_config)
|
||||||
|
|
||||||
def _setup_lvm_encrypted(self, lvm_config: LvmConfiguration, enc_config: DiskEncryption) -> None:
|
def _setup_lvm_encrypted(self, lvm_config: LvmConfiguration, enc_config: DiskEncryption) -> None:
|
||||||
if enc_config.encryption_type == EncryptionType.LvmOnLuks:
|
if enc_config.encryption_type == EncryptionType.LVM_ON_LUKS:
|
||||||
enc_mods = self._encrypt_partitions(enc_config, lock_after_create=False)
|
enc_mods = self._encrypt_partitions(enc_config, lock_after_create=False)
|
||||||
|
|
||||||
self._setup_lvm(lvm_config, enc_mods)
|
self._setup_lvm(lvm_config, enc_mods)
|
||||||
|
|
@ -148,7 +148,7 @@ class FilesystemHandler:
|
||||||
# Don't close LVM or LUKS during setup - keep everything active
|
# Don't close LVM or LUKS during setup - keep everything active
|
||||||
# The installation phase will handle unlocking and mounting
|
# The installation phase will handle unlocking and mounting
|
||||||
# Closing causes "parent leaked" and lvchange errors
|
# Closing causes "parent leaked" and lvchange errors
|
||||||
elif enc_config.encryption_type == EncryptionType.LuksOnLvm:
|
elif enc_config.encryption_type == EncryptionType.LUKS_ON_LVM:
|
||||||
self._setup_lvm(lvm_config)
|
self._setup_lvm(lvm_config)
|
||||||
enc_vols = self._encrypt_lvm_vols(lvm_config, enc_config, False)
|
enc_vols = self._encrypt_lvm_vols(lvm_config, enc_config, False)
|
||||||
self._format_lvm_vols(lvm_config, enc_vols)
|
self._format_lvm_vols(lvm_config, enc_vols)
|
||||||
|
|
|
||||||
|
|
@ -82,7 +82,7 @@ class Installer:
|
||||||
self.kernels = kernels or ['linux']
|
self.kernels = kernels or ['linux']
|
||||||
self._disk_config = disk_config
|
self._disk_config = disk_config
|
||||||
|
|
||||||
self._disk_encryption = disk_config.disk_encryption or DiskEncryption(EncryptionType.NoEncryption)
|
self._disk_encryption = disk_config.disk_encryption or DiskEncryption(EncryptionType.NO_ENCRYPTION)
|
||||||
self.target: Path = target
|
self.target: Path = target
|
||||||
|
|
||||||
self.init_time = time.strftime('%Y-%m-%d_%H-%M-%S')
|
self.init_time = time.strftime('%Y-%m-%d_%H-%M-%S')
|
||||||
|
|
@ -254,16 +254,16 @@ class Installer:
|
||||||
luks_handlers: dict[Any, Luks2] = {}
|
luks_handlers: dict[Any, Luks2] = {}
|
||||||
|
|
||||||
match self._disk_encryption.encryption_type:
|
match self._disk_encryption.encryption_type:
|
||||||
case EncryptionType.NoEncryption:
|
case EncryptionType.NO_ENCRYPTION:
|
||||||
self._import_lvm()
|
self._import_lvm()
|
||||||
self._mount_lvm_layout()
|
self._mount_lvm_layout()
|
||||||
case EncryptionType.Luks:
|
case EncryptionType.LUKS:
|
||||||
luks_handlers = self._prepare_luks_partitions(self._disk_encryption.partitions)
|
luks_handlers = self._prepare_luks_partitions(self._disk_encryption.partitions)
|
||||||
case EncryptionType.LvmOnLuks:
|
case EncryptionType.LVM_ON_LUKS:
|
||||||
luks_handlers = self._prepare_luks_partitions(self._disk_encryption.partitions)
|
luks_handlers = self._prepare_luks_partitions(self._disk_encryption.partitions)
|
||||||
self._import_lvm()
|
self._import_lvm()
|
||||||
self._mount_lvm_layout(luks_handlers)
|
self._mount_lvm_layout(luks_handlers)
|
||||||
case EncryptionType.LuksOnLvm:
|
case EncryptionType.LUKS_ON_LVM:
|
||||||
self._import_lvm()
|
self._import_lvm()
|
||||||
luks_handlers = self._prepare_luks_lvm(self._disk_encryption.lvm_volumes)
|
luks_handlers = self._prepare_luks_lvm(self._disk_encryption.lvm_volumes)
|
||||||
self._mount_lvm_layout(luks_handlers)
|
self._mount_lvm_layout(luks_handlers)
|
||||||
|
|
@ -433,11 +433,11 @@ class Installer:
|
||||||
|
|
||||||
def generate_key_files(self) -> None:
|
def generate_key_files(self) -> None:
|
||||||
match self._disk_encryption.encryption_type:
|
match self._disk_encryption.encryption_type:
|
||||||
case EncryptionType.Luks:
|
case EncryptionType.LUKS:
|
||||||
self._generate_key_files_partitions()
|
self._generate_key_files_partitions()
|
||||||
case EncryptionType.LuksOnLvm:
|
case EncryptionType.LUKS_ON_LVM:
|
||||||
self._generate_key_file_lvm_volumes()
|
self._generate_key_file_lvm_volumes()
|
||||||
case EncryptionType.LvmOnLuks:
|
case EncryptionType.LVM_ON_LUKS:
|
||||||
# currently LvmOnLuks only supports a single
|
# currently LvmOnLuks only supports a single
|
||||||
# partitioning layout (boot + partition)
|
# partitioning layout (boot + partition)
|
||||||
# so we won't need any keyfile generation atm
|
# so we won't need any keyfile generation atm
|
||||||
|
|
@ -899,7 +899,7 @@ class Installer:
|
||||||
if vol.fs_type is not None:
|
if vol.fs_type is not None:
|
||||||
self._prepare_fs_type(vol.fs_type, vol.mountpoint)
|
self._prepare_fs_type(vol.fs_type, vol.mountpoint)
|
||||||
|
|
||||||
types = (EncryptionType.LvmOnLuks, EncryptionType.LuksOnLvm)
|
types = (EncryptionType.LVM_ON_LUKS, EncryptionType.LUKS_ON_LVM)
|
||||||
if self._disk_encryption.encryption_type in types:
|
if self._disk_encryption.encryption_type in types:
|
||||||
self._prepare_encrypt(lvm)
|
self._prepare_encrypt(lvm)
|
||||||
else:
|
else:
|
||||||
|
|
@ -1137,7 +1137,7 @@ class Installer:
|
||||||
kernel_parameters = []
|
kernel_parameters = []
|
||||||
|
|
||||||
match self._disk_encryption.encryption_type:
|
match self._disk_encryption.encryption_type:
|
||||||
case EncryptionType.LvmOnLuks:
|
case EncryptionType.LVM_ON_LUKS:
|
||||||
if not lvm.vg_name:
|
if not lvm.vg_name:
|
||||||
raise ValueError(f'Unable to determine VG name for {lvm.name}')
|
raise ValueError(f'Unable to determine VG name for {lvm.name}')
|
||||||
|
|
||||||
|
|
@ -1154,7 +1154,7 @@ class Installer:
|
||||||
else:
|
else:
|
||||||
debug(f'LvmOnLuks, encrypted root partition, identifying by UUID: {uuid}')
|
debug(f'LvmOnLuks, encrypted root partition, identifying by UUID: {uuid}')
|
||||||
kernel_parameters.append(f'cryptdevice=UUID={uuid}:cryptlvm root={lvm.safe_dev_path}')
|
kernel_parameters.append(f'cryptdevice=UUID={uuid}:cryptlvm root={lvm.safe_dev_path}')
|
||||||
case EncryptionType.LuksOnLvm:
|
case EncryptionType.LUKS_ON_LVM:
|
||||||
uuid = self._get_luks_uuid_from_mapper_dev(lvm.mapper_path)
|
uuid = self._get_luks_uuid_from_mapper_dev(lvm.mapper_path)
|
||||||
|
|
||||||
if self._disk_encryption.hsm_device:
|
if self._disk_encryption.hsm_device:
|
||||||
|
|
@ -1163,7 +1163,7 @@ class Installer:
|
||||||
else:
|
else:
|
||||||
debug(f'LuksOnLvm, encrypted root partition, identifying by UUID: {uuid}')
|
debug(f'LuksOnLvm, encrypted root partition, identifying by UUID: {uuid}')
|
||||||
kernel_parameters.append(f'cryptdevice=UUID={uuid}:root root=/dev/mapper/root')
|
kernel_parameters.append(f'cryptdevice=UUID={uuid}:root root=/dev/mapper/root')
|
||||||
case EncryptionType.NoEncryption:
|
case EncryptionType.NO_ENCRYPTION:
|
||||||
debug(f'Identifying root lvm by mapper device: {lvm.dev_path}')
|
debug(f'Identifying root lvm by mapper device: {lvm.dev_path}')
|
||||||
kernel_parameters.append(f'root={lvm.safe_dev_path}')
|
kernel_parameters.append(f'root={lvm.safe_dev_path}')
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1400,19 +1400,19 @@ class DeviceModification:
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
class EncryptionType(Enum):
|
class EncryptionType(StrEnum):
|
||||||
NoEncryption = 'no_encryption'
|
NO_ENCRYPTION = auto()
|
||||||
Luks = 'luks'
|
LUKS = auto()
|
||||||
LvmOnLuks = 'lvm_on_luks'
|
LVM_ON_LUKS = auto()
|
||||||
LuksOnLvm = 'luks_on_lvm'
|
LUKS_ON_LVM = auto()
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def _encryption_type_mapper(cls) -> dict[str, Self]:
|
def _encryption_type_mapper(cls) -> dict[str, Self]:
|
||||||
return {
|
return {
|
||||||
tr('No Encryption'): cls.NoEncryption,
|
tr('No Encryption'): cls.NO_ENCRYPTION,
|
||||||
tr('LUKS'): cls.Luks,
|
tr('LUKS'): cls.LUKS,
|
||||||
tr('LVM on LUKS'): cls.LvmOnLuks,
|
tr('LVM on LUKS'): cls.LVM_ON_LUKS,
|
||||||
tr('LUKS on LVM'): cls.LuksOnLvm,
|
tr('LUKS on LVM'): cls.LUKS_ON_LVM,
|
||||||
}
|
}
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
|
|
@ -1436,7 +1436,7 @@ class _DiskEncryptionSerialization(TypedDict):
|
||||||
|
|
||||||
@dataclass
|
@dataclass
|
||||||
class DiskEncryption:
|
class DiskEncryption:
|
||||||
encryption_type: EncryptionType = EncryptionType.NoEncryption
|
encryption_type: EncryptionType = EncryptionType.NO_ENCRYPTION
|
||||||
encryption_password: Password | None = None
|
encryption_password: Password | None = None
|
||||||
partitions: list[PartitionModification] = field(default_factory=list)
|
partitions: list[PartitionModification] = field(default_factory=list)
|
||||||
lvm_volumes: list[LvmVolume] = field(default_factory=list)
|
lvm_volumes: list[LvmVolume] = field(default_factory=list)
|
||||||
|
|
@ -1444,10 +1444,10 @@ class DiskEncryption:
|
||||||
iter_time: int = DEFAULT_ITER_TIME
|
iter_time: int = DEFAULT_ITER_TIME
|
||||||
|
|
||||||
def __post_init__(self) -> None:
|
def __post_init__(self) -> None:
|
||||||
if self.encryption_type in [EncryptionType.Luks, EncryptionType.LvmOnLuks] and not self.partitions:
|
if self.encryption_type in [EncryptionType.LUKS, EncryptionType.LVM_ON_LUKS] and not self.partitions:
|
||||||
raise ValueError('Luks or LvmOnLuks encryption require partitions to be defined')
|
raise ValueError('Luks or LvmOnLuks encryption require partitions to be defined')
|
||||||
|
|
||||||
if self.encryption_type == EncryptionType.LuksOnLvm and not self.lvm_volumes:
|
if self.encryption_type == EncryptionType.LUKS_ON_LVM and not self.lvm_volumes:
|
||||||
raise ValueError('LuksOnLvm encryption require LMV volumes to be defined')
|
raise ValueError('LuksOnLvm encryption require LMV volumes to be defined')
|
||||||
|
|
||||||
def should_generate_encryption_file(self, dev: PartitionModification | LvmVolume) -> bool:
|
def should_generate_encryption_file(self, dev: PartitionModification | LvmVolume) -> bool:
|
||||||
|
|
|
||||||
|
|
@ -92,7 +92,7 @@ def perform_installation(
|
||||||
)
|
)
|
||||||
|
|
||||||
if disk_config.config_type != DiskLayoutType.Pre_mount:
|
if disk_config.config_type != DiskLayoutType.Pre_mount:
|
||||||
if disk_config.disk_encryption and disk_config.disk_encryption.encryption_type != EncryptionType.NoEncryption:
|
if disk_config.disk_encryption and disk_config.disk_encryption.encryption_type != EncryptionType.NO_ENCRYPTION:
|
||||||
# generate encryption key files for the mounted luks devices
|
# generate encryption key files for the mounted luks devices
|
||||||
installation.generate_key_files()
|
installation.generate_key_files()
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -82,7 +82,7 @@ disk_config = DiskLayoutConfiguration(
|
||||||
# disk encryption configuration (Optional)
|
# disk encryption configuration (Optional)
|
||||||
disk_encryption = DiskEncryption(
|
disk_encryption = DiskEncryption(
|
||||||
encryption_password=Password(plaintext='enc_password'),
|
encryption_password=Password(plaintext='enc_password'),
|
||||||
encryption_type=EncryptionType.Luks,
|
encryption_type=EncryptionType.LUKS,
|
||||||
partitions=[home_partition],
|
partitions=[home_partition],
|
||||||
hsm_device=None,
|
hsm_device=None,
|
||||||
)
|
)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue