From e64912f96f3667d056f0cef583e3c41d91d93913 Mon Sep 17 00:00:00 2001 From: Itxaka Date: Tue, 11 Mar 2025 13:35:25 +0100 Subject: [PATCH] Do not filter for know label for unlock Also use the pasword when refreshing the luks device in order to add discards as it may ask for the password Signed-off-by: Itxaka --- pkg/config/config.go | 23 ----------------------- pkg/lib/lock.go | 8 +++++--- pkg/lib/unlock.go | 12 ++---------- 3 files changed, 7 insertions(+), 36 deletions(-) diff --git a/pkg/config/config.go b/pkg/config/config.go index c0520df..a344588 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -7,7 +7,6 @@ import ( "os" "strings" - "github.com/gofrs/uuid" "github.com/jaypipes/ghw/pkg/block" "github.com/kairos-io/kairos-sdk/collector" "github.com/pkg/errors" @@ -121,25 +120,3 @@ func (c Config) LookupLabelForUUID(uuid string) string { return "" } - -// GetLabelForUUID returns the partition label for a known UUID -// UUIDS are generated on luksify method -// They are generated by setting the namespace to DNS and the name to the fs label, so they are always the same -func (c Config) GetLabelForUUID(uuidCheck string) (string, error) { - persistent := uuid.NewV5(uuid.NamespaceURL, "COS_PERSISTENT") - oem := uuid.NewV5(uuid.NamespaceURL, "COS_OEM") - fmt.Printf("Checking uuid: %s\n", uuidCheck) - parsedUUID, err := uuid.FromString(uuidCheck) - if err != nil { - return "", err - } - switch parsedUUID { - case persistent: - return "COS_PERSISTENT", nil - case oem: - return "COS_OEM", nil - default: - return "", errors.New("no partition found with that uuid") - - } -} diff --git a/pkg/lib/lock.go b/pkg/lib/lock.go index 98fc0c3..bbb1daf 100644 --- a/pkg/lib/lock.go +++ b/pkg/lib/lock.go @@ -189,7 +189,7 @@ func LuksifyMeasurements(label string, publicKeyPcrs []string, pcrs []string, lo // label is the label we will set to the formatted partition // password is the pass to unlock the device to be able to format the underlying mapper func formatLuks(device, name, mapper, label, pass string, logger types.KairosLogger) error { - l := logger.Logger.With().Str("device", device).Str("name", name).Str("mapper", mapper).Logger() + l := logger.Logger.With().Str("device", device).Str("label", label).Str("name", name).Str("mapper", mapper).Logger() l.Debug().Msg("unlock") if err := LuksUnlock(device, name, pass); err != nil { return fmt.Errorf("unlock err: %w", err) @@ -208,9 +208,11 @@ func formatLuks(device, name, mapper, label, pass string, logger types.KairosLog } l.Debug().Msg("discards") - out, err = SH(fmt.Sprintf("cryptsetup refresh --persistent --allow-discards %s", mapper)) + cmd := exec.Command("cryptsetup", "refresh", "--persistent", "--allow-discards", mapper) + cmd.Stdin = strings.NewReader(pass) + output, err := cmd.CombinedOutput() if err != nil { - return fmt.Errorf("refresh err: %w, out: %s", err, out) + return fmt.Errorf("refresh err: %w, out: %s", err, output) } l.Debug().Msg("close") diff --git a/pkg/lib/unlock.go b/pkg/lib/unlock.go index 2fead66..31d40aa 100644 --- a/pkg/lib/unlock.go +++ b/pkg/lib/unlock.go @@ -11,7 +11,6 @@ import ( "github.com/kairos-io/kairos-sdk/types" "github.com/kairos-io/kairos-sdk/utils" "github.com/kairos-io/kcrypt/pkg/bus" - configpkg "github.com/kairos-io/kcrypt/pkg/config" "github.com/mudler/go-pluggable" ) @@ -26,11 +25,6 @@ func UnlockAllWithLogger(tpm bool, log types.KairosLogger) error { bus.Manager.Initialize() logger := log.Logger - config, err := configpkg.GetConfiguration(configpkg.ConfigScanDirs) - if err != nil { - logger.Info().Msgf("Warning: Could not read kcrypt configuration '%s'\n", err.Error()) - } - blk, err := ghw.Block() if err != nil { logger.Warn().Msgf("Warning: Error reading partitions '%s \n", err.Error()) @@ -71,10 +65,8 @@ func UnlockAllWithLogger(tpm bool, log types.KairosLogger) error { logger.Warn().Msgf("Unlocking failed, command output: '%s'\n", out) } } else { - p.FilesystemLabel, err = config.GetLabelForUUID(volumeUUID) - if err != nil { - return err - } + logger.Debug().Str("uuid", volumeUUID).Str("uuidp", p.UUID).Msg("Unlocking") + p.UUID = volumeUUID err = UnlockDisk(p) if err != nil { logger.Warn().Msgf("Unlocking failed: '%s'\n", err.Error())