mirror of
https://github.com/kairos-io/kcrypt.git
synced 2025-11-04 11:45:31 +00:00
Compare commits
13 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
361e1ab817 | ||
|
|
4234ae7034 | ||
|
|
193a7da9ee | ||
|
e0316ade0a | ||
|
|
1c3a3ac510 | ||
|
|
641fc6ffa7 | ||
|
|
214ae51333 | ||
|
|
7f397a3459 | ||
|
|
b3d7b86591 | ||
|
|
24240b6421 | ||
|
bb144f204a | ||
|
7d077c9353 | ||
|
|
0e278a89f0 |
@@ -7,34 +7,35 @@ GENERATOR_DIR="$2"
|
||||
[ -z "$GENERATOR_DIR" ] && exit 1
|
||||
[ -d "$GENERATOR_DIR" ] || mkdir "$GENERATOR_DIR"
|
||||
|
||||
if getargbool 0 rd.neednet; then
|
||||
{
|
||||
echo "[Unit]"
|
||||
echo "DefaultDependencies=no"
|
||||
echo "Description=kcrypt online mount"
|
||||
echo "Before=cos-immutable-rootfs.service"
|
||||
echo "After=network-online.target"
|
||||
oem_label=$(getarg rd.cos.oemlabel=)
|
||||
|
||||
# See https://github.com/kairos-io/packages/blob/d12b12b043a71d8471454f7b4fc84c3181d2bf60/packages/system/dracut/immutable-rootfs/30cos-immutable-rootfs/cos-generator.sh#L29
|
||||
{
|
||||
echo "[Unit]"
|
||||
echo "DefaultDependencies=no"
|
||||
echo "Before=cos-immutable-rootfs.service"
|
||||
echo "Conflicts=initrd-switch-root.target"
|
||||
if getargbool 0 rd.neednet; then
|
||||
echo "Wants=network-online.target"
|
||||
echo "[Service]"
|
||||
echo "Type=oneshot"
|
||||
echo "RemainAfterExit=no"
|
||||
echo "ExecStart=/sbin/kcrypt-mount-local"
|
||||
} > "$GENERATOR_DIR"/kcrypt.service
|
||||
else
|
||||
{
|
||||
echo "[Unit]"
|
||||
echo "DefaultDependencies=no"
|
||||
echo "After=network-online.target"
|
||||
echo "Description=kcrypt online mount"
|
||||
else
|
||||
echo "Description=kcrypt mount"
|
||||
echo "Before=cos-immutable-rootfs.service"
|
||||
echo "[Service]"
|
||||
echo "Type=oneshot"
|
||||
echo "RemainAfterExit=no"
|
||||
echo "ExecStart=/sbin/kcrypt-mount-local"
|
||||
} > "$GENERATOR_DIR"/kcrypt.service
|
||||
fi
|
||||
fi
|
||||
# OEM is special as kcrypt plugins might need that in order to unlock other partitions and plugins can reside in /oem as well and kcrypt needs to find them
|
||||
if [ -n "${oem_label}" ]; then
|
||||
echo "After=oem.mount"
|
||||
fi
|
||||
echo "After=sysroot.mount"
|
||||
echo "[Service]"
|
||||
echo "Type=oneshot"
|
||||
echo "RemainAfterExit=no"
|
||||
echo "ExecStart=/usr/bin/kcrypt unlock-all"
|
||||
} > "$GENERATOR_DIR"/kcrypt.service
|
||||
|
||||
|
||||
if [ ! -e "$GENERATOR_DIR/initrd-fs.target.requires/kcrypt.service" ]; then
|
||||
mkdir -p "$GENERATOR_DIR"/initrd-fs.target.requires
|
||||
ln -s "$GENERATOR_DIR"/kcrypt.service \
|
||||
"$GENERATOR_DIR"/initrd-fs.target.requires/kcrypt.service
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -27,8 +27,7 @@ install() {
|
||||
|
||||
inst_multiple \
|
||||
kcrypt
|
||||
inst_script "${moddir}/mount-local.sh" "/sbin/kcrypt-mount-local"
|
||||
#inst_hook pre-trigger 10 "$moddir/mount-local.sh"
|
||||
|
||||
inst_script "${moddir}/generator.sh" \
|
||||
"${systemdutildir}/system-generators/dracut-kcrypt-generator"
|
||||
|
||||
|
||||
@@ -1,19 +0,0 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
|
||||
# ex: ts=8 sw=4 sts=4 et filetype=sh
|
||||
|
||||
type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh
|
||||
|
||||
PATH=/usr/sbin:/usr/bin:/sbin:/bin
|
||||
|
||||
OEM=$(blkid -L COS_OEM)
|
||||
if [ "$OEM" != "" ]; then
|
||||
mkdir /oem
|
||||
mount $OEM /oem
|
||||
fi
|
||||
|
||||
kcrypt unlock-all
|
||||
|
||||
if [ "$OEM" != "" ]; then
|
||||
umount /oem
|
||||
fi
|
||||
3
earthly.sh
Executable file
3
earthly.sh
Executable file
@@ -0,0 +1,3 @@
|
||||
#!/bin/bash
|
||||
|
||||
docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm -t -v $(pwd):/workspace -v earthly-tmp:/tmp/earthly:rw earthly/earthly:v0.6.21 --allow-privileged $@
|
||||
30
main.go
30
main.go
@@ -283,26 +283,32 @@ func unlockAll() error {
|
||||
|
||||
partitionInfo, _, err := pi.NewPartitionInfoFromFile(pi.DefaultPartitionInfoFile)
|
||||
if err != nil {
|
||||
return err
|
||||
fmt.Printf("Warning: Partition file not found '%s' \n", pi.DefaultPartitionInfoFile)
|
||||
}
|
||||
|
||||
block, err := ghw.Block()
|
||||
if err == nil {
|
||||
for _, disk := range block.Disks {
|
||||
for _, p := range disk.Partitions {
|
||||
if p.Type == "crypto_LUKS" {
|
||||
if err != nil {
|
||||
fmt.Printf("Warning: Error reading partitions '%s \n", err.Error())
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
for _, disk := range block.Disks {
|
||||
for _, p := range disk.Partitions {
|
||||
if p.Type == "crypto_LUKS" {
|
||||
if partitionInfo != nil {
|
||||
p.Label = partitionInfo.LookupLabelForUUID(p.UUID)
|
||||
fmt.Printf("Unmounted Luks found at '%s' LABEL '%s' \n", p.Name, p.Label)
|
||||
err = multierror.Append(err, unlockDisk(p))
|
||||
if err != nil {
|
||||
fmt.Printf("Unlocking failed: '%s'\n", err.Error())
|
||||
}
|
||||
time.Sleep(10 * time.Second)
|
||||
}
|
||||
fmt.Printf("Unmounted Luks found at '%s' LABEL '%s' \n", p.Name, p.Label)
|
||||
err = multierror.Append(err, unlockDisk(p))
|
||||
if err != nil {
|
||||
fmt.Printf("Unlocking failed: '%s'\n", err.Error())
|
||||
}
|
||||
time.Sleep(10 * time.Second)
|
||||
}
|
||||
}
|
||||
}
|
||||
return err
|
||||
return nil
|
||||
}
|
||||
|
||||
func main() {
|
||||
|
||||
@@ -28,7 +28,7 @@ type Bus struct {
|
||||
|
||||
func (b *Bus) LoadProviders() {
|
||||
wd, _ := os.Getwd()
|
||||
b.Manager.Autoload("kcrypt-discovery", "/system/discovery", "/oem/kcrypt", "/oem/system/discovery", wd).Register()
|
||||
b.Manager.Autoload("kcrypt-discovery", "/sysroot/system/discovery", "/system/discovery", "/oem/kcrypt", "/oem/system/discovery", wd).Register()
|
||||
}
|
||||
|
||||
func (b *Bus) Initialize() {
|
||||
|
||||
@@ -71,6 +71,10 @@ func (pi PartitionInfo) UpdateMapping(partitionData string) error {
|
||||
return pi.save()
|
||||
}
|
||||
|
||||
func (pi PartitionInfo) IsMappingNil() bool {
|
||||
return pi.mapping == nil
|
||||
}
|
||||
|
||||
func (pi PartitionInfo) save() error {
|
||||
data, err := yaml.Marshal(&pi.mapping)
|
||||
if err != nil {
|
||||
@@ -107,6 +111,9 @@ func ParsePartitionInfoFile(file string) (map[string]string, error) {
|
||||
if err != nil {
|
||||
return result, errors.Wrap(err, "unmarshalling partition info file")
|
||||
}
|
||||
if result == nil {
|
||||
result = map[string]string{}
|
||||
}
|
||||
|
||||
return result, nil
|
||||
}
|
||||
@@ -120,6 +127,8 @@ func createInfoFileIfNotExists(fileName string) (bool, error) {
|
||||
return false, err
|
||||
}
|
||||
return false, nil
|
||||
} else if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return true, nil
|
||||
}
|
||||
|
||||
@@ -38,13 +38,26 @@ var _ = Describe("Partition Info file parsing", func() {
|
||||
fmt.Sprintf("partition-info-%d.yaml", time.Now().UnixNano()))
|
||||
})
|
||||
|
||||
It("creates the file and returns 'false' and an (empty) mapping", func() {
|
||||
When("there is some error other than the file doesn't exist", func() {
|
||||
It("returns 'false' and the error", func() {
|
||||
// We are trying to write to a path that doesn't exist (not the file, the path).
|
||||
// https://stackoverflow.com/a/66808328
|
||||
fileName = "\000x"
|
||||
_, _, err := pi.NewPartitionInfoFromFile(fileName)
|
||||
Expect(err).To(HaveOccurred())
|
||||
Expect(err.Error()).To(ContainSubstring("stat \000x: invalid argument"))
|
||||
})
|
||||
})
|
||||
|
||||
It("creates the file and returns 'false' and a non nil mapping", func() {
|
||||
result, existed, err := pi.NewPartitionInfoFromFile(fileName)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
Expect(result).ToNot(BeNil())
|
||||
Expect(existed).To(BeFalse())
|
||||
_, err = os.Stat(fileName)
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
Expect(result).ToNot(BeNil())
|
||||
Expect(result.IsMappingNil()).To(BeFalse())
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
Reference in New Issue
Block a user