rancher/immucore
1
0
Fork 0
mirror of https://github.com/kairos-io/immucore.git synced 2025-04-28 03:21:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Unlock after oem to read the server config (#126)

Browse Source
This commit is contained in:
Itxaka 2023-05-09 15:45:26 +02:00 committed by GitHub
parent d59fa6789c
commit 18c70b4ff1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/mount/dag_normal_boot.go
View File

@ -28,13 +28,14 @@ func (s *State) RegisterNormalBoot(g *herd.Graph) error {
// Depend on LVM in case the LVM is encrypted somehow? Not sure if possible.
s.LogIfError(s.RunKcryptUpgrade(g, herd.WithDeps(cnst.OpLvmActivate)), "upgrade kcrypt partitions")
// Mount COS_OEM (After root as it mounts under s.Rootdir/oem)
s.LogIfError(s.MountOemDagStep(g, cnst.OpMountRoot, cnst.OpLvmActivate), "oem mount")
// Run unlock.
// Depends on mount root because it needs the kcrypt-discovery-challenger available under /sysroot
// Depends on OpKcryptUpgrade until we don't support upgrading from 1.X to the current version
s.LogIfError(s.RunKcrypt(g, herd.WithDeps(cnst.OpMountRoot, cnst.OpKcryptUpgrade)), "kcrypt unlock")
// Mount COS_OEM (After root as it mounts under s.Rootdir/oem)
s.LogIfError(s.MountOemDagStep(g, cnst.OpMountRoot, cnst.OpLvmActivate), "oem mount")
// Depends on mount oem to read the server configuration
s.LogIfError(s.RunKcrypt(g, herd.WithDeps(cnst.OpMountRoot, cnst.OpKcryptUpgrade, cnst.OpMountOEM)), "kcrypt unlock")
// Run yip stage rootfs. Requires root+oem+sentinel to be mounted
s.LogIfError(s.RootfsStageDagStep(g, herd.WithDeps(cnst.OpMountRoot, cnst.OpMountOEM, cnst.OpSentinel)), "running rootfs stage")