rancher/kcrypt
1
0
Fork 0
mirror of https://github.com/kairos-io/kcrypt.git synced 2025-08-22 17:16:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow passing extra args to luks device creation (#418)

Browse Source
This commit is contained in:
Itxaka 2024-07-24 15:13:33 +02:00 committed by GitHub
parent 74eb5903b3
commit 5c513aee21
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@ -38,7 +38,7 @@ require (
github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
github.com/denisbrodbeck/machineid v1.0.1 // indirect github.com/denisbrodbeck/machineid v1.0.1 // indirect
github.com/dgryski/go-camellia v0.0.0-20191119043421-69a8a13fb23d // indirect github.com/dgryski/go-camellia v0.0.0-20191119043421-69a8a13fb23d // indirect
github.com/distribution/reference v0.6.0 // indirect github.com/distribution/reference v0.5.0 // indirect
github.com/docker/cli v24.0.0+incompatible // indirect github.com/docker/cli v24.0.0+incompatible // indirect
github.com/docker/distribution v2.8.2+incompatible // indirect github.com/docker/distribution v2.8.2+incompatible // indirect
github.com/docker/docker v27.0.3+incompatible // indirect github.com/docker/docker v27.0.3+incompatible // indirect

4
go.sum
View File

@ -69,8 +69,8 @@ github.com/denisbrodbeck/machineid v1.0.1 h1:geKr9qtkB876mXguW2X6TU4ZynleN6ezuMS
github.com/denisbrodbeck/machineid v1.0.1/go.mod h1:dJUwb7PTidGDeYyUBmXZ2GphQBbjJCrnectwCyxcUSI= github.com/denisbrodbeck/machineid v1.0.1/go.mod h1:dJUwb7PTidGDeYyUBmXZ2GphQBbjJCrnectwCyxcUSI=
github.com/dgryski/go-camellia v0.0.0-20191119043421-69a8a13fb23d h1:CPqTNIigGweVPT4CYb+OO2E6XyRKFOmvTHwWRLgCAlE= github.com/dgryski/go-camellia v0.0.0-20191119043421-69a8a13fb23d h1:CPqTNIigGweVPT4CYb+OO2E6XyRKFOmvTHwWRLgCAlE=
github.com/dgryski/go-camellia v0.0.0-20191119043421-69a8a13fb23d/go.mod h1:QX5ZVULjAfZJux/W62Y91HvCh9hyW6enAwcrrv/sLj0= github.com/dgryski/go-camellia v0.0.0-20191119043421-69a8a13fb23d/go.mod h1:QX5ZVULjAfZJux/W62Y91HvCh9hyW6enAwcrrv/sLj0=
github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0=
github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
github.com/docker/cli v24.0.0+incompatible h1:0+1VshNwBQzQAx9lOl+OYCTCEAD8fKs/qeXMx3O0wqM= github.com/docker/cli v24.0.0+incompatible h1:0+1VshNwBQzQAx9lOl+OYCTCEAD8fKs/qeXMx3O0wqM=
github.com/docker/cli v24.0.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli v24.0.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=

13
pkg/lib/lock.go
View File

@ -49,7 +49,7 @@ func getRandomString(length int) string {
// This is because the label of the encrypted partition is not accessible unless // This is because the label of the encrypted partition is not accessible unless
// the partition is decrypted first and the uuid changed after encryption so // the partition is decrypted first and the uuid changed after encryption so
// any stored information needs to be updated (by the caller). // any stored information needs to be updated (by the caller).
func Luksify(label string, logger zerolog.Logger) (string, error) { func Luksify(label string, logger zerolog.Logger, argsCreate ...string) (string, error) {
var pass string var pass string
// Make sure ghw will see all partitions correctly. // Make sure ghw will see all partitions correctly.
@ -74,8 +74,9 @@ func Luksify(label string, logger zerolog.Logger) (string, error) {
mapper := fmt.Sprintf("/dev/mapper/%s", b.Name) mapper := fmt.Sprintf("/dev/mapper/%s", b.Name)
device := fmt.Sprintf("/dev/%s", part) device := fmt.Sprintf("/dev/%s", part)
partUUID := uuid.NewV5(uuid.NamespaceURL, label)
extraArgs := []string{"--uuid", partUUID.String()} extraArgs := []string{"--uuid", uuid.NewV5(uuid.NamespaceURL, label).String()}
extraArgs = append(extraArgs, argsCreate...)
if err := CreateLuks(device, pass, extraArgs...); err != nil { if err := CreateLuks(device, pass, extraArgs...); err != nil {
logger.Err(err).Msg("create luks") logger.Err(err).Msg("create luks")
@ -105,7 +106,7 @@ func Luksify(label string, logger zerolog.Logger) (string, error) {
// It can also be used to bind to things like the firmware code or efi drivers that we dont expect to change // It can also be used to bind to things like the firmware code or efi drivers that we dont expect to change
// default for publicKeyPcrs is 11 // default for publicKeyPcrs is 11
// default for pcrs is nothing, so it doesn't bind as we want to expand things like DBX and be able to blacklist certs and such // default for pcrs is nothing, so it doesn't bind as we want to expand things like DBX and be able to blacklist certs and such
func LuksifyMeasurements(label string, publicKeyPcrs []string, pcrs []string, logger zerolog.Logger) error { func LuksifyMeasurements(label string, publicKeyPcrs []string, pcrs []string, logger zerolog.Logger, argsCreate ...string) error {
// Make sure ghw will see all partitions correctly. // Make sure ghw will see all partitions correctly.
// older versions don't have --type=all. Try the simpler version then. // older versions don't have --type=all. Try the simpler version then.
out, err := SH("udevadm trigger --type=all || udevadm trigger") out, err := SH("udevadm trigger --type=all || udevadm trigger")
@ -124,9 +125,9 @@ func LuksifyMeasurements(label string, publicKeyPcrs []string, pcrs []string, lo
pass := getRandomString(32) pass := getRandomString(32)
mapper := fmt.Sprintf("/dev/mapper/%s", b.Name) mapper := fmt.Sprintf("/dev/mapper/%s", b.Name)
device := fmt.Sprintf("/dev/%s", part) device := fmt.Sprintf("/dev/%s", part)
partUUID := uuid.NewV5(uuid.NamespaceURL, label)
extraArgs := []string{"--uuid", partUUID.String()} extraArgs := []string{"--uuid", uuid.NewV5(uuid.NamespaceURL, label).String()}
extraArgs = append(extraArgs, argsCreate...)
if err := CreateLuks(device, pass, extraArgs...); err != nil { if err := CreateLuks(device, pass, extraArgs...); err != nil {
return err return err