Bug 508963 - [PATCH] Add key escrow options to pykickstart
Summary: [PATCH] Add key escrow options to pykickstart
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: pykickstart
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Chris Lumens
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords: FutureFeature
Depends On:
Blocks: volume-key-escrow 508967 510545 607952
TreeView+ depends on / blocked
 
Reported: 2009-06-30 17:01 UTC by Miloslav Trmač
Modified: 2010-06-25 09:34 UTC (History)
1 user (show)

(edit)
Clone Of:
(edit)
Last Closed: 2009-09-10 15:06:43 UTC


Attachments (Terms of Use)
Add --escrowcert and --backuppassphrase (10.16 KB, patch)
2009-06-30 17:01 UTC, Miloslav Trmač
no flags Details | Diff
Add --escrowcert and --backuppassphrase (18.95 KB, patch)
2009-07-09 14:40 UTC, Miloslav Trmač
no flags Details | Diff

Description Miloslav Trmač 2009-06-30 17:01:12 UTC
Created attachment 349973 [details]
Add --escrowcert and --backuppassphrase

This patch adds key escrow directives to pykickstart, used to store the encryption keys (and optionally create backup passphrases) of encrypted volumes.

The options apply to the "autopart" and "part" commands:
* --escrowcert=URL_for_X509_certificate
  If the volume is encrypted, store the encryption key used for the volume in
  /root/$label-$uuid-escrow of the installed system, encrypting it for the
  specified certificate.
* --backuppassphrase
  If --escrowcert is specified, and the volume format supports it (LUKS does),
  add an additional, randomly generated, passphrase to the volume, and store it
  in /root/$label-$uuid-escrow-backup-passphrase .

Comment 1 Chris Lumens 2009-07-01 15:13:08 UTC
Thanks for the patch.  I'll examine it later.  This will of course also require an anaconda patch to do the hard work.

Comment 2 Miloslav Trmač 2009-07-09 14:40:24 UTC
Created attachment 351082 [details]
Add --escrowcert and --backuppassphrase

Updated patch, adding the same options to the "raid" and "logvol" commands.

Comment 3 Chris Lumens 2009-09-10 15:06:43 UTC
Thanks for the patch.  I've added this to the git repo and pushed.


Note You need to log in before you can comment on or make changes to this bug.