On Wed, Jan 05, 2022 at 12:35:35PM +0000, Richard W.M. Jones
wrote:> On Tue, Jan 04, 2022 at 06:53:39PM -0800, Chris V wrote:
> > I am working on building an automated pipeline with a disk that
contains a LUKS
> > partition. since it is running automated i need a method to provide
the LUKS
> > key using a file but i keep getting prompted to enter the keys. I am
creating
> > a file with only the key stored in it and using the --key option but i
still
> > get the key prompt.
> >
> > here is the command that i am running, can you advise me on what i
need to
> > change?:
> > sudo guestfish -a disk.qcow2 --key /dev/sda2:file:key.txt run :
part-init /dev/
I should have read the command line a bit closer. The --key option
here only applies when you automatically mount the filesystems (with
the -i option). Otherwise IIRC it doesn't do anything. So the answer
below is still correct. I would definitely use a scripting language
with the API.
> > sda msdos : part-add /dev/sda p 2048 500000 : part-add /dev/sda p
500001
> > 2097118 : mkfs ext4 /dev/sda1 : luks-format /dev/sda2 0 : luks-open
/dev/sda2
> > sda2_crypt : mkfs ext4 /dev/mapper/sda2_crypt
>
> The easiest way is probably this guestfish flag:
>
> --keys-from-stdin
> Read key or passphrase parameters from stdin. The default is to
> try to read passphrases from the user by opening /dev/tty.
>
> If there are multiple encrypted devices then you may need to
supply
> multiple keys on stdin, one per line.
>
> You can feed the key by redirecting stdin.
>
> However a better way is likely to use the API directly for what you
> want, eg. through a Perl or Python script. You can supply the key
> directly as a parameter when using the API.
>
> https://libguestfs.org/guestfs.3.html#guestfs_luks_open
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org