Bug 508963 - [PATCH] Add key escrow options to pykickstart
[PATCH] Add key escrow options to pykickstart
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: pykickstart (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Chris Lumens
Fedora Extras Quality Assurance
: FutureFeature
Depends On:
Blocks: volume-key-escrow 508967 510545 607952
  Show dependency treegraph
 
Reported: 2009-06-30 13:01 EDT by Miloslav Trmač
Modified: 2010-06-25 05:34 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-10 11:06:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Add --escrowcert and --backuppassphrase (10.16 KB, patch)
2009-06-30 13:01 EDT, Miloslav Trmač
no flags Details | Diff
Add --escrowcert and --backuppassphrase (18.95 KB, patch)
2009-07-09 10:40 EDT, Miloslav Trmač
no flags Details | Diff

  None (edit)
Description Miloslav Trmač 2009-06-30 13:01:12 EDT
Created attachment 349973 [details]
Add --escrowcert and --backuppassphrase

This patch adds key escrow directives to pykickstart, used to store the encryption keys (and optionally create backup passphrases) of encrypted volumes.

The options apply to the "autopart" and "part" commands:
* --escrowcert=URL_for_X509_certificate
  If the volume is encrypted, store the encryption key used for the volume in
  /root/$label-$uuid-escrow of the installed system, encrypting it for the
  specified certificate.
* --backuppassphrase
  If --escrowcert is specified, and the volume format supports it (LUKS does),
  add an additional, randomly generated, passphrase to the volume, and store it
  in /root/$label-$uuid-escrow-backup-passphrase .
Comment 1 Chris Lumens 2009-07-01 11:13:08 EDT
Thanks for the patch.  I'll examine it later.  This will of course also require an anaconda patch to do the hard work.
Comment 2 Miloslav Trmač 2009-07-09 10:40:24 EDT
Created attachment 351082 [details]
Add --escrowcert and --backuppassphrase

Updated patch, adding the same options to the "raid" and "logvol" commands.
Comment 3 Chris Lumens 2009-09-10 11:06:43 EDT
Thanks for the patch.  I've added this to the git repo and pushed.

Note You need to log in before you can comment on or make changes to this bug.