Add label to luks partition and dont gate on label (#471)

* Add label to luks partition and dont gate on label Instead of gating on labels, lets just add the label to the luks partition, the same way we do to the underlying unlocked partition, so they share the fs label. That way, the locking and unlocking refer to the same label always --------- Signed-off-by: Itxaka <itxaka@kairos.io> (cherry picked from commit b0b2518e6a)
2025-09-09 02:41:11 +00:00 · 2025-03-13 10:34:23 +01:00
parent 33ce07902b
commit 08d8a003e6
3 changed files with 12 additions and 51 deletions
--- a/pkg/lib/unlock.go
+++ b/pkg/lib/unlock.go
@@ -3,14 +3,12 @@ package lib
 import (
 	"fmt"
 	"path/filepath"
-	"strings"

 	"github.com/anatol/luks.go"
 	"github.com/jaypipes/ghw"
 	"github.com/jaypipes/ghw/pkg/block"
 	"github.com/kairos-io/kairos-sdk/utils"
 	"github.com/kairos-io/kcrypt/pkg/bus"
-	configpkg "github.com/kairos-io/kcrypt/pkg/config"
 	"github.com/mudler/go-pluggable"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
@@ -26,11 +24,6 @@ func UnlockAll(tpm bool) error {
 func UnlockAllWithLogger(tpm bool, logger zerolog.Logger) error {
 	bus.Manager.Initialize()

-	config, err := configpkg.GetConfiguration(configpkg.ConfigScanDirs)
-	if err != nil {
-		logger.Info().Msgf("Warning: Could not read kcrypt configuration '%s'\n", err.Error())
-	}
-
 	blk, err := ghw.Block()
 	if err != nil {
 		logger.Warn().Msgf("Warning: Error reading partitions '%s \n", err.Error())
@@ -49,36 +42,22 @@ func UnlockAllWithLogger(tpm bool, logger zerolog.Logger) error {
 	for _, disk := range blk.Disks {
 		for _, p := range disk.Partitions {
 			if p.Type == "crypto_LUKS" {
-				// Get the luks UUID directly from cryptsetup
-				volumeUUID, err := utils.SH(fmt.Sprintf("cryptsetup luksUUID %s", filepath.Join("/dev", p.Name)))
-				logger.Info().Msgf("Got luks UUID %s for partition %s\n", volumeUUID, p.Name)
-				if err != nil {
-					return err
-				}
-				volumeUUID = strings.TrimSpace(volumeUUID)
-				if volumeUUID == "" {
-					logger.Warn().Msgf("No uuid for %s, skipping\n", p.Name)
-					continue
-				}
 				// Check if device is already mounted
 				// We mount it under /dev/mapper/DEVICE, so It's pretty easy to check
 				if !utils.Exists(filepath.Join("/dev", "mapper", p.Name)) {
-					logger.Info().Msgf("Unmounted Luks found at '%s' \n", filepath.Join("/dev", p.Name))
+					logger.Info().Msgf("Unmounted Luks found at '%s'", filepath.Join("/dev", p.Name))
 					if tpm {
 						out, err := utils.SH(fmt.Sprintf("/usr/lib/systemd/systemd-cryptsetup attach %s %s - tpm2-device=auto", p.Name, filepath.Join("/dev", p.Name)))
 						if err != nil {
-							logger.Warn().Msgf("Unlocking failed: '%s'\n", err.Error())
-							logger.Warn().Msgf("Unlocking failed, command output: '%s'\n", out)
+							logger.Warn().Msgf("Unlocking failed: '%s'", err.Error())
+							logger.Warn().Msgf("Unlocking failed, command output: '%s'", out)
 						}
 					} else {
-						p.FilesystemLabel, err = config.GetLabelForUUID(volumeUUID)
-						if err != nil {
-							return err
-						}
 						err = UnlockDisk(p)
 						if err != nil {
-							logger.Warn().Msgf("Unlocking failed: '%s'\n", err.Error())
+							logger.Warn().Msgf("Unlocking failed: '%s'", err.Error())
 						}
+						logger.Info().Msg("Unlocking succeeded")
 					}
 				} else {
 					logger.Info().Msgf("Device %s seems to be mounted at %s, skipping\n", filepath.Join("/dev", p.Name), filepath.Join("/dev", "mapper", p.Name))