Add label to luks partition and dont gate on label

Instead of gating on labels, lets just add the label to the luks partition, the same way we do to the underlying unlocked partition, so they share the fs label. That way, the locking and unlocking refer to the same label always Signed-off-by: Itxaka <itxaka@kairos.io>
2025-07-31 07:04:24 +00:00 · 2025-03-12 20:23:15 +01:00 · 2025-03-12 20:23:15 +01:00 · 531e4ff400
commit 531e4ff400
parent 654d4de653
3 changed files with 6 additions and 49 deletions
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@ -7,7 +7,6 @@ import (
 	"os"
 	"strings"

-	"github.com/gofrs/uuid"
 	"github.com/jaypipes/ghw/pkg/block"
 	"github.com/kairos-io/kairos-sdk/collector"
 	"github.com/pkg/errors"
@ -121,25 +120,3 @@ func (c Config) LookupLabelForUUID(uuid string) string {

 	return ""
 }
-
-// GetLabelForUUID returns the partition label for a known UUID
-// UUIDS are generated on luksify method
-// They are generated by setting the namespace to DNS and the name to the fs label, so they are always the same
-func (c Config) GetLabelForUUID(uuidCheck string) (string, error) {
-	persistent := uuid.NewV5(uuid.NamespaceURL, "COS_PERSISTENT")
-	oem := uuid.NewV5(uuid.NamespaceURL, "COS_OEM")
-	fmt.Printf("Checking uuid: %s\n", uuidCheck)
-	parsedUUID, err := uuid.FromString(uuidCheck)
-	if err != nil {
-		return "", err
-	}
-	switch parsedUUID {
-	case persistent:
-		return "COS_PERSISTENT", nil
-	case oem:
-		return "COS_OEM", nil
-	default:
-		return "", errors.New("no partition found with that uuid")
-
-	}
-}
--- a/pkg/lib/lock.go
+++ b/pkg/lib/lock.go
@ -76,6 +76,7 @@ func Luksify(label string, logger types.KairosLogger, argsCreate ...string) (str
 	device := fmt.Sprintf("/dev/%s", part)

 	extraArgs := []string{"--uuid", uuid.NewV5(uuid.NamespaceURL, label).String()}
+	extraArgs = append(extraArgs, "--label", label)
 	extraArgs = append(extraArgs, argsCreate...)

 	if err := CreateLuks(device, pass, extraArgs...); err != nil {
--- a/pkg/lib/unlock.go
+++ b/pkg/lib/unlock.go
@ -3,7 +3,6 @@ package lib
 import (
 	"fmt"
 	"path/filepath"
-	"strings"

 	"github.com/anatol/luks.go"
 	"github.com/jaypipes/ghw"
@ -11,7 +10,6 @@ import (
 	"github.com/kairos-io/kairos-sdk/types"
 	"github.com/kairos-io/kairos-sdk/utils"
 	"github.com/kairos-io/kcrypt/pkg/bus"
-	configpkg "github.com/kairos-io/kcrypt/pkg/config"
 	"github.com/mudler/go-pluggable"
 )

@ -26,11 +24,6 @@ func UnlockAllWithLogger(tpm bool, log types.KairosLogger) error {
 	bus.Manager.Initialize()
 	logger := log.Logger

-	config, err := configpkg.GetConfiguration(configpkg.ConfigScanDirs)
-	if err != nil {
-		logger.Info().Msgf("Warning: Could not read kcrypt configuration '%s'\n", err.Error())
-	}
-
 	blk, err := ghw.Block()
 	if err != nil {
 		logger.Warn().Msgf("Warning: Error reading partitions '%s \n", err.Error())
@ -49,36 +42,22 @@ func UnlockAllWithLogger(tpm bool, log types.KairosLogger) error {
 	for _, disk := range blk.Disks {
 		for _, p := range disk.Partitions {
 			if p.Type == "crypto_LUKS" {
-				// Get the luks UUID directly from cryptsetup
-				volumeUUID, err := utils.SH(fmt.Sprintf("cryptsetup luksUUID %s", filepath.Join("/dev", p.Name)))
-				logger.Info().Msgf("Got luks UUID %s for partition %s\n", volumeUUID, p.Name)
-				if err != nil {
-					return err
-				}
-				volumeUUID = strings.TrimSpace(volumeUUID)
-				if volumeUUID == "" {
-					logger.Warn().Msgf("No uuid for %s, skipping\n", p.Name)
-					continue
-				}
 				// Check if device is already mounted
 				// We mount it under /dev/mapper/DEVICE, so It's pretty easy to check
 				if !utils.Exists(filepath.Join("/dev", "mapper", p.Name)) {
-					logger.Info().Msgf("Unmounted Luks found at '%s' \n", filepath.Join("/dev", p.Name))
+					logger.Info().Msgf("Unmounted Luks found at '%s'", filepath.Join("/dev", p.Name))
 					if tpm {
 						out, err := utils.SH(fmt.Sprintf("/usr/lib/systemd/systemd-cryptsetup attach %s %s - tpm2-device=auto", p.Name, filepath.Join("/dev", p.Name)))
 						if err != nil {
-							logger.Warn().Msgf("Unlocking failed: '%s'\n", err.Error())
-							logger.Warn().Msgf("Unlocking failed, command output: '%s'\n", out)
+							logger.Warn().Msgf("Unlocking failed: '%s'", err.Error())
+							logger.Warn().Msgf("Unlocking failed, command output: '%s'", out)
 						}
 					} else {
-						p.FilesystemLabel, err = config.GetLabelForUUID(volumeUUID)
-						if err != nil {
-							return err
-						}
 						err = UnlockDisk(p)
 						if err != nil {
-							logger.Warn().Msgf("Unlocking failed: '%s'\n", err.Error())
+							logger.Warn().Msgf("Unlocking failed: '%s'", err.Error())
 						}
+						logger.Info().Msg("Unlocking succeeded")
 					}
 				} else {
 					logger.Info().Msgf("Device %s seems to be mounted at %s, skipping\n", filepath.Join("/dev", p.Name), filepath.Join("/dev", "mapper", p.Name))