| Message ID | 20240712125713.2066512-2-stefan-koch@siemens.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [v2,1/4] initramfs-crypt-hook: Do not attempt to repair a partially encrypted filesystem | expand |
On 12.07.24 14:57, Stefan Koch wrote: > - Avoids that busybox losetup is used that > doesn't support the "--sizelimit" parameter. > You didn't address my comment on v1. Jan > Signed-off-by: Stefan Koch <stefan-koch@siemens.com> > --- > .../initramfs-crypt-hook/files/encrypt_partition.env.tmpl | 1 + > .../files/encrypt_partition.systemd.hook | 4 ++++ > .../initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb | 5 ++++- > 3 files changed, 9 insertions(+), 1 deletion(-) > > diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.env.tmpl b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.env.tmpl > index bb93361..72033d1 100644 > --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.env.tmpl > +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.env.tmpl > @@ -5,3 +5,4 @@ WATCHDOG_DEV="${INITRAMFS_WATCHDOG_DEVICE}" > HASH_TYPE="${CRYPT_HASH_TYPE}" > KEY_ALGORITHM="${CRYPT_KEY_ALGORITHM}" > ENCRYPTION_IS_OPTIONAL="${CRYPT_ENCRYPTION_OPTIONAL}" > +LOSETUP_PATH="${CRYPT_LOSETUP_PATH}" > diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook > index be8c117..2ace533 100755 > --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook > +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook > @@ -19,6 +19,9 @@ esac > > . /usr/share/initramfs-tools/hook-functions > > +# get configuration variables > +. /usr/share/encrypt_partition/encrypt_partition.env > + > hook_error() { > echo "(ERROR): $1" >&2 > exit 1 > @@ -47,6 +50,7 @@ copy_exec /usr/bin/sleep || hook_error "/usr/bin/sleep not found" > copy_exec /usr/sbin/e2fsck || hook_error "/usr/sbin/e2fsck not found" > copy_exec /usr/sbin/resize2fs || hook_error "/usr/sbin/resize2fs not found" > copy_exec /usr/sbin/cryptsetup || hook_error "/usr/sbin/cryptsetup not found" > +copy_exec /usr/sbin/losetup "$LOSETUP_PATH" || hook_error "/usr/sbin/losetup not found" > copy_exec /usr/bin/systemd-cryptenroll || hook_error "/usr/bin/systemd-cryptenroll not found" > copy_exec /usr/lib/systemd/systemd-cryptsetup || hook_error "/usr/lib/systemd/systemd-cryptsetup not found" > copy_exec /usr/bin/tpm2_pcrread || hook_error "Unable to copy /usr/bin/tpm2_pcrread" > diff --git a/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb b/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb > index 72de5b6..1679133 100644 > --- a/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb > +++ b/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb > @@ -9,7 +9,7 @@ > # SPDX-License-Identifier: MIT > > inherit dpkg-raw > -DEBIAN_DEPENDS = "initramfs-tools, cryptsetup, \ > +DEBIAN_DEPENDS = "initramfs-tools, mount, cryptsetup, \ > awk, openssl, libtss2-esys-3.0.2-0 | libtss2-esys0, \ > libtss2-rc0 | libtss2-esys0, libtss2-mu0 | libtss2-esys0, \ > e2fsprogs, tpm2-tools, coreutils, uuid-runtime" > @@ -57,6 +57,8 @@ CRYPT_PARTITIONS ??= "home:/home:reencrypt var:/var:reencrypt" > # CRYPT_CREATE_FILE_SYSTEM_CMD contains the shell command to create the filesystem > # in a newly formatted LUKS Partition > CRYPT_CREATE_FILE_SYSTEM_CMD ??= "/usr/sbin/mke2fs -t ext4" > +# Path to full (non-busybox) losetup binary > +CRYPT_LOSETUP_PATH ??= "/usr/local/sbin/losetup" > # Timeout for creating / re-encrypting partitions on first boot > CRYPT_SETUP_TIMEOUT ??= "600" > # Watchdog to service during the initial setup of the crypto partitions > @@ -68,6 +70,7 @@ CRYPT_ENCRYPTION_OPTIONAL ??= "false" > > TEMPLATE_VARS = "CRYPT_PARTITIONS CRYPT_CREATE_FILE_SYSTEM_CMD \ > CRYPT_SETUP_TIMEOUT INITRAMFS_WATCHDOG_DEVICE CRYPT_HASH_TYPE \ > + CRYPT_LOSETUP_PATH \ > CRYPT_KEY_ALGORITHM CRYPT_ENCRYPTION_OPTIONAL" > TEMPLATE_FILES = "encrypt_partition.env.tmpl" >
diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.env.tmpl b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.env.tmpl index bb93361..72033d1 100644 --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.env.tmpl +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.env.tmpl @@ -5,3 +5,4 @@ WATCHDOG_DEV="${INITRAMFS_WATCHDOG_DEVICE}" HASH_TYPE="${CRYPT_HASH_TYPE}" KEY_ALGORITHM="${CRYPT_KEY_ALGORITHM}" ENCRYPTION_IS_OPTIONAL="${CRYPT_ENCRYPTION_OPTIONAL}" +LOSETUP_PATH="${CRYPT_LOSETUP_PATH}" diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook index be8c117..2ace533 100755 --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.hook @@ -19,6 +19,9 @@ esac . /usr/share/initramfs-tools/hook-functions +# get configuration variables +. /usr/share/encrypt_partition/encrypt_partition.env + hook_error() { echo "(ERROR): $1" >&2 exit 1 @@ -47,6 +50,7 @@ copy_exec /usr/bin/sleep || hook_error "/usr/bin/sleep not found" copy_exec /usr/sbin/e2fsck || hook_error "/usr/sbin/e2fsck not found" copy_exec /usr/sbin/resize2fs || hook_error "/usr/sbin/resize2fs not found" copy_exec /usr/sbin/cryptsetup || hook_error "/usr/sbin/cryptsetup not found" +copy_exec /usr/sbin/losetup "$LOSETUP_PATH" || hook_error "/usr/sbin/losetup not found" copy_exec /usr/bin/systemd-cryptenroll || hook_error "/usr/bin/systemd-cryptenroll not found" copy_exec /usr/lib/systemd/systemd-cryptsetup || hook_error "/usr/lib/systemd/systemd-cryptsetup not found" copy_exec /usr/bin/tpm2_pcrread || hook_error "Unable to copy /usr/bin/tpm2_pcrread" diff --git a/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb b/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb index 72de5b6..1679133 100644 --- a/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb +++ b/recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb @@ -9,7 +9,7 @@ # SPDX-License-Identifier: MIT inherit dpkg-raw -DEBIAN_DEPENDS = "initramfs-tools, cryptsetup, \ +DEBIAN_DEPENDS = "initramfs-tools, mount, cryptsetup, \ awk, openssl, libtss2-esys-3.0.2-0 | libtss2-esys0, \ libtss2-rc0 | libtss2-esys0, libtss2-mu0 | libtss2-esys0, \ e2fsprogs, tpm2-tools, coreutils, uuid-runtime" @@ -57,6 +57,8 @@ CRYPT_PARTITIONS ??= "home:/home:reencrypt var:/var:reencrypt" # CRYPT_CREATE_FILE_SYSTEM_CMD contains the shell command to create the filesystem # in a newly formatted LUKS Partition CRYPT_CREATE_FILE_SYSTEM_CMD ??= "/usr/sbin/mke2fs -t ext4" +# Path to full (non-busybox) losetup binary +CRYPT_LOSETUP_PATH ??= "/usr/local/sbin/losetup" # Timeout for creating / re-encrypting partitions on first boot CRYPT_SETUP_TIMEOUT ??= "600" # Watchdog to service during the initial setup of the crypto partitions @@ -68,6 +70,7 @@ CRYPT_ENCRYPTION_OPTIONAL ??= "false" TEMPLATE_VARS = "CRYPT_PARTITIONS CRYPT_CREATE_FILE_SYSTEM_CMD \ CRYPT_SETUP_TIMEOUT INITRAMFS_WATCHDOG_DEVICE CRYPT_HASH_TYPE \ + CRYPT_LOSETUP_PATH \ CRYPT_KEY_ALGORITHM CRYPT_ENCRYPTION_OPTIONAL" TEMPLATE_FILES = "encrypt_partition.env.tmpl"
- Avoids that busybox losetup is used that doesn't support the "--sizelimit" parameter. Signed-off-by: Stefan Koch <stefan-koch@siemens.com> --- .../initramfs-crypt-hook/files/encrypt_partition.env.tmpl | 1 + .../files/encrypt_partition.systemd.hook | 4 ++++ .../initramfs-crypt-hook/initramfs-crypt-hook_0.2.bb | 5 ++++- 3 files changed, 9 insertions(+), 1 deletion(-)