def create(name, decrypted_name, mount_point, config_file, unmount_time='', device='', lvm=False, vgname='', lvname='', size='', fstype='', homedir='', cryptsetup_args=[], mkfs_args=''): """ Will create the GnuPPG device. If not using LVM, device is a block device. If using LVM, lvm will be True. We require: vgname: name of the volume group lvname: name of the logical volume size: size of the logical volume In both cases, we require: fstype: filesystem type, there must be a mkfs.fstype homedir: path to the GnuPG homedir Optional arguments: cryptsetup_args: extra cryptsetup arguments mkfs_args: extra mkfs arguments """ assert fstype, "Please provide a filesystem type" assert homedir, "Please provide a path to a GnuPG homedir" assert config, "Please provide a path to a GnuPPG configuration file" if (device and lvm) or (not device and (lvm == False)): raise ValueError("Please provide either device or a True value to lvm") homedir = GppgHomedir(section=name, config=config_file) try: homedir.config.set(homedir.section, 'decrypted_name', decrypted_name) except ConfigParser.NoSectionError: homedir.config.add_section(homedir.section) homedir.config.set(homedir.section, 'decrypted_name', decrypted_name) if device: # We want to ask for the passphrase twice. run_cryptsetup('luksFormat', ['-y'] + cryptsetup_args, device) homedir.config.set(homedir.section, 'encrypted_device', device) # Do we need the next line? cryptopen(homedir) run_mkfs(fstype, '/dev/mapper/%s' % decrypted_name, mkfs_args) else: create_lv(vgname, lvname, size, ['-y'] + cryptsetup_args) lv = '/dev/mapper/%(vgname)s-%(lvname)s' % {'vgname': vgname, 'lvname': lvname} run_cryptsetup('luksFormat', ['-y'] + cryptsetup_args, lv) homedir.config.set(homedir.section, 'encrypted_device', lv) cryptopen(homedir) run_mkfs(fstype, '/dev/mapper/%s' % decrypted_name, mkfs_args) run_mount('/dev/mapper/%s' % decrypted_name, mount_point) shutil.copytree(homedir, os.path.join(mount_point, '.gnupg')) os.symlink(os.path.join(mount_point, '.gnupg'), homedir) homedir.config.set(homedir.section, 'mount_point', mount_point) if unmount_time: homedir.config.set(homedir.section, 'unmount_time', unmount_time) return homedir
def cryptopen(GppgHdir): """ Decrypts a GppgHomedir. """ run_cryptsetup('luksOpen', GppgHd.encrypted_device, GppgHd.decrypted_name)