From 18572583219acbcb78a95a7ddb0878206abdd590 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sat, 1 Jan 2022 10:36:58 +0200 Subject: feat: cryptsetup step Sponsored-by: author --- vmdb/plugins/cryptsetup.mdwn | 18 +++++++++++++++ vmdb/plugins/cryptsetup_plugin.py | 46 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 vmdb/plugins/cryptsetup.mdwn create mode 100644 vmdb/plugins/cryptsetup_plugin.py diff --git a/vmdb/plugins/cryptsetup.mdwn b/vmdb/plugins/cryptsetup.mdwn new file mode 100644 index 0000000..f438e4f --- /dev/null +++ b/vmdb/plugins/cryptsetup.mdwn @@ -0,0 +1,18 @@ +Step: cryptsetup +----------------------------------------------------------------------------- + +Use cryptsetup to set up encryption of a block device. + +Step keys: + +* `cryptsetup` — REQUIRED; tag of block device + +* `password` — REQUIRED; the encryption password + +* `name` — REQUIRED; name of the encrypted device when opened + +Example (in the .vmdb file): + + - cryptsetup: cleartext_pv0 + password: hunter2 + name: pv0 diff --git a/vmdb/plugins/cryptsetup_plugin.py b/vmdb/plugins/cryptsetup_plugin.py new file mode 100644 index 0000000..12d5c22 --- /dev/null +++ b/vmdb/plugins/cryptsetup_plugin.py @@ -0,0 +1,46 @@ +# Copyright 2022 Lars Wirzenius +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# =*= License: GPL-3+ =*= + + +import os +import shutil +import tempfile + +import vmdb + + +class CryptsetupPlugin(vmdb.Plugin): + def enable(self): + self.app.step_runners.add(CryptsetupStepRunner()) + + +class CryptsetupStepRunner(vmdb.StepRunnerInterface): + def get_key_spec(self): + return {"cryptsetup": str, "password": str, "name": str} + + def run(self, step, settings, state): + cleartext_tag = step["cryptsetup"] + password = step["password"] + name = step["name"] + + device = state.tags.get_dev(cleartext_tag) + tmp = tempfile.mkdtemp() + key = os.path.join(tmp, "key") + with open(key, "w") as f: + f.write(password) + vmdb.runcmd(["cleartext", "luksFormat", device, key]) + shutil.rmtree(tmp) -- cgit v1.2.1