0

I'm implementing a tool to manage encrypted volumes in a Linux/Docker environment using Python. This tool run a bunch of commands in the system to create, open and close this LUKS encrypted volumes.

The part that I'm having difficulties is to create the LUKS volumes using cryptsetup interactive shell. When I run cryptsetup with the necessary parameters, a interactive shell is executed and some information are requested. This input that I cannot implement in my code:

[root@8263d0d1a794 module_files]# cryptsetup -y --cipher aes-xts-plain64 --hash sha512 --key-size 512 luksFormat /module_files/test.img 

WARNING: Device /module_files/test.img already contains a 'ext4' superblock signature.

WARNING!
========
This will overwrite data on /module_files/test.img irrevocably.

Are you sure? (Type 'yes' in capital letters): **YES**
Enter passphrase for /module_files/test.img: **MY_PASSWORD**
Verify passphrase: **MY_PASSWORD**

In this example, I ran the cryptsetup command directly over the CLI to demonstrate what is necessary to implement.

This is a simple example of a function that Im testing to run this logic:

def create_encrypted_volume(self):
    """Create the LUKS volume, **all data will be lost.**"""
    
    cmd = f"cryptsetup -y --cipher aes-xts-plain64 --hash sha512 --key-size 512 luksFormat {self.partition}"
    cmd_return = subprocess.getoutput(cmd)
    
    logging.info(f"Encrypted volume {self.partition} created")
    logging.debug(f"Command executed: {cmd_return} |||")

When I run the project, the CLI get stuck in this part waiting my keyboard input to give the necessary information. The biggest problem that I found till here, is related to the process kill when subprocess.getoutput finish the execution. I've already tried to use PIPEs over subprocess, but I cannot implement all the steps of this interactive shell properly.

Is there any option to create this shell flow automatically without this keyboard input? I know that bash is an option, passing all the parameters in order during the first execution, but Im avoiding to use another solution beyond python to run it.

Lucas Bulegon
  • 1
  • Look at [this](https://github.com/pexpect/pexpect) or similar ... :) – tink Jun 08 '23 at 20:17
  • https://stackoverflow.com/questions/70072820/responding-to-interactive-programs-in-bash-with-python-subprocess – tink Jun 08 '23 at 20:22
  • From crypsetup documentation, *`--batch-mode, -q`, Do not ask for confirmation*. There is also a section on how to do passwords from stdin or a key file. See https://linux.die.net/man/8/cryptsetup – Nic3500 Jun 08 '23 at 20:27

0 Answers0