kairos/kairos-agent
1
0
Fork 0
mirror of https://github.com/kairos-io/kairos-agent.git synced 2025-08-16 07:23:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

[uki] Wait for oem to appear after encryption (#216)

Browse Source
This commit is contained in:
Itxaka 2024-01-30 14:28:54 +01:00 committed by GitHub
parent 3b5ae90dfe
commit 1a46f0910f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
internal/agent/hooks/kcrypt_uki.go
View File

@ -1,6 +1,7 @@
package hook package hook
import ( import (
"fmt"
"os" "os"
"strconv" "strconv"
"strings" "strings"
@ -96,10 +97,40 @@ func (k KcryptUKI) Run(c config.Config, _ v1.Spec) error {
c.Logger.Infof("Done encrypting %s", p) c.Logger.Infof("Done encrypting %s", p)
} }
_, _ = utils.SH("sync")
err = kcrypt.UnlockAll(true) err = kcrypt.UnlockAll(true)
if err != nil { if err != nil {
return err return err
} }
// Close the unlocked partitions after dealing with them, otherwise we leave them open and they can be mounted by anyone
defer func() {
for _, p := range append([]string{"COS_OEM", "COS_PERSISTENT"}, c.Install.Encrypt...) {
c.Logger.Debugf("Closing unencrypted /dev/disk/by-label/%s", p)
out, err := utils.SH(fmt.Sprintf("cryptsetup close /dev/disk/by-label/%s", p))
// There is a known error with cryptsetup that it can't close the device because of a semaphore
// doesnt seem to affect anything as the device is closed as expected so we ignore it if it matches the
// output of the error
if err != nil && !strings.Contains(out, "incorrect semaphore state") {
c.Logger.Errorf("could not close /dev/disk/by-label/%s: %s", p, out)
}
}
}()
// Here it can take the oem partition a bit of time to appear after unlocking so we need to retry a couple of time with some waiting
// retry + backoff
for i := 0; i < 10; i++ {
c.Logger.Infof("Waiting for unlocked partition to appear")
_, _ = utils.SH("sync")
part, _ := utils.SH("blkid -L COS_OEM")
if part == "" {
c.Logger.Infof("Partition not found, waiting %d seconds before retrying", i)
time.Sleep(time.Duration(i) * time.Second)
continue
}
c.Logger.Infof("Partition found, continuing")
break
}
err = machine.Mount("COS_OEM", constants.OEMDir) err = machine.Mount("COS_OEM", constants.OEMDir)
if err != nil { if err != nil {
return err return err
@ -108,7 +139,7 @@ func (k KcryptUKI) Run(c config.Config, _ v1.Spec) error {
if err != nil { if err != nil {
return err return err
} }
err = machine.Umount(constants.OEMDir) //nolint:errcheck err = machine.Umount(constants.OEMDir)
if err != nil { if err != nil {
return err return err
} }