Merge pull request #7 from kairos-io/fix/umount

Do not umount oem if we have found it out

dracut/29kcrypt/generator.sh

@@ -7,31 +7,32 @@ GENERATOR_DIR="$2"
 [ -z "$GENERATOR_DIR" ] && exit 1
 [ -d "$GENERATOR_DIR" ] || mkdir "$GENERATOR_DIR"
 
-if getargbool 0 rd.neednet; then
-    {
+oem_label=$(getarg rd.cos.oemlabel=)
+
+# See https://github.com/kairos-io/packages/blob/d12b12b043a71d8471454f7b4fc84c3181d2bf60/packages/system/dracut/immutable-rootfs/30cos-immutable-rootfs/cos-generator.sh#L29
+{
     echo "[Unit]"
     echo "DefaultDependencies=no"
-        echo "Description=kcrypt online mount"
     echo "Before=cos-immutable-rootfs.service"
-        echo "After=network-online.target"
+    echo "Conflicts=initrd-switch-root.target"
+    if getargbool 0 rd.neednet; then
         echo "Wants=network-online.target"
-        echo "[Service]"
-        echo "Type=oneshot"
-        echo "RemainAfterExit=no"
-        echo "ExecStart=/sbin/kcrypt-mount-local"
-    } > "$GENERATOR_DIR"/kcrypt.service
-else
-    {
-        echo "[Unit]"
-        echo "DefaultDependencies=no"
+        echo "After=network-online.target"
+        echo "Description=kcrypt online mount"
+    else
         echo "Description=kcrypt mount"
-        echo "Before=cos-immutable-rootfs.service"
+    fi
+    # OEM is special as kcrypt plugins might need that in order to unlock other partitions and plugins can reside in /oem as well and kcrypt needs to find them
+    if [ -n "${oem_label}" ]; then
+        echo "After=oem.mount"
+    fi
+    echo "After=sysroot.mount"
     echo "[Service]"
     echo "Type=oneshot"
     echo "RemainAfterExit=no"
-        echo "ExecStart=/sbin/kcrypt-mount-local"
-    } > "$GENERATOR_DIR"/kcrypt.service
-fi
+    echo "ExecStart=/usr/bin/kcrypt unlock-all"
+} > "$GENERATOR_DIR"/kcrypt.service
+
 
 if [ ! -e "$GENERATOR_DIR/initrd-fs.target.requires/kcrypt.service" ]; then
     mkdir -p "$GENERATOR_DIR"/initrd-fs.target.requires

dracut/29kcrypt/module-setup.sh

@@ -27,8 +27,7 @@ install() {
 
     inst_multiple \
         kcrypt
-    inst_script "${moddir}/mount-local.sh" "/sbin/kcrypt-mount-local"
-    #inst_hook pre-trigger 10 "$moddir/mount-local.sh"
+
     inst_script "${moddir}/generator.sh" \
         "${systemdutildir}/system-generators/dracut-kcrypt-generator"
 

dracut/29kcrypt/mount-local.sh

@@ -1,19 +0,0 @@
-#!/bin/sh
-# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
-# ex: ts=8 sw=4 sts=4 et filetype=sh
-
-type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh
-
-PATH=/usr/sbin:/usr/bin:/sbin:/bin
-
-OEM=$(blkid -L COS_OEM)
-if [ "$OEM" != "" ]; then
-    mkdir /oem
-    mount $OEM /oem
-fi
-
-kcrypt unlock-all
-
-if [ "$OEM" != "" ]; then
-umount /oem
-fi

earthly.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm -t -v $(pwd):/workspace -v earthly-tmp:/tmp/earthly:rw earthly/earthly:v0.6.21 --allow-privileged $@

main.go

@@ -283,15 +283,22 @@ func unlockAll() error {
 
 	partitionInfo, _, err := pi.NewPartitionInfoFromFile(pi.DefaultPartitionInfoFile)
 	if err != nil {
-		return err
+		fmt.Printf("Warning: Partition file not found '%s' \n", pi.DefaultPartitionInfoFile)
 	}
 
 	block, err := ghw.Block()
-	if err == nil {
+	if err != nil {
+		fmt.Printf("Warning: Error reading partitions '%s \n", err.Error())
+
+		return nil
+	}
+
 	for _, disk := range block.Disks {
 		for _, p := range disk.Partitions {
 			if p.Type == "crypto_LUKS" {
+				if partitionInfo != nil {
 					p.Label = partitionInfo.LookupLabelForUUID(p.UUID)
+				}
 				fmt.Printf("Unmounted Luks found at '%s' LABEL '%s' \n", p.Name, p.Label)
 				err = multierror.Append(err, unlockDisk(p))
 				if err != nil {
@@ -301,8 +308,7 @@ func unlockAll() error {
 			}
 		}
 	}
-	}
-	return err
+	return nil
 }
 
 func main() {

pkg/bus/bus.go

@@ -28,7 +28,7 @@ type Bus struct {
 
 func (b *Bus) LoadProviders() {
 	wd, _ := os.Getwd()
-	b.Manager.Autoload("kcrypt-discovery", "/system/discovery", "/oem/kcrypt", "/oem/system/discovery", wd).Register()
+	b.Manager.Autoload("kcrypt-discovery", "/sysroot/system/discovery", "/system/discovery", "/oem/kcrypt", "/oem/system/discovery", wd).Register()
 }
 
 func (b *Bus) Initialize() {

pkg/partition_info/partition_info.go

@@ -71,6 +71,10 @@ func (pi PartitionInfo) UpdateMapping(partitionData string) error {
 	return pi.save()
 }
 
+func (pi PartitionInfo) IsMappingNil() bool {
+	return pi.mapping == nil
+}
+
 func (pi PartitionInfo) save() error {
 	data, err := yaml.Marshal(&pi.mapping)
 	if err != nil {
@@ -107,6 +111,9 @@ func ParsePartitionInfoFile(file string) (map[string]string, error) {
 	if err != nil {
 		return result, errors.Wrap(err, "unmarshalling partition info file")
 	}
+	if result == nil {
+		result = map[string]string{}
+	}
 
 	return result, nil
 }
@@ -120,6 +127,8 @@ func createInfoFileIfNotExists(fileName string) (bool, error) {
 			return false, err
 		}
 		return false, nil
+	} else if err != nil {
+		return false, err
 	}
 	return true, nil
 }

pkg/partition_info/partition_info_test.go

@@ -38,13 +38,26 @@ var _ = Describe("Partition Info file parsing", func() {
 					fmt.Sprintf("partition-info-%d.yaml", time.Now().UnixNano()))
 			})
 
-			It("creates the file and returns 'false' and an (empty) mapping", func() {
+			When("there is some error other than the file doesn't exist", func() {
+				It("returns 'false' and the error", func() {
+					// We are trying to write to a path that doesn't exist (not the file, the path).
+					// https://stackoverflow.com/a/66808328
+					fileName = "\000x"
+					_, _, err := pi.NewPartitionInfoFromFile(fileName)
+					Expect(err).To(HaveOccurred())
+					Expect(err.Error()).To(ContainSubstring("stat \000x: invalid argument"))
+				})
+			})
+
+			It("creates the file and returns 'false' and a non nil mapping", func() {
 				result, existed, err := pi.NewPartitionInfoFromFile(fileName)
 				Expect(err).ToNot(HaveOccurred())
 				Expect(result).ToNot(BeNil())
 				Expect(existed).To(BeFalse())
 				_, err = os.Stat(fileName)
 				Expect(err).ToNot(HaveOccurred())
+				Expect(result).ToNot(BeNil())
+				Expect(result.IsMappingNil()).To(BeFalse())
 			})
 		})
 	})