-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade kcrypt partitions on boot #122
Conversation
Codecov Report
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more @@ Coverage Diff @@
## master #122 +/- ##
==========================================
- Coverage 18.60% 18.14% -0.47%
==========================================
Files 14 15 +1
Lines 1510 1549 +39
==========================================
Hits 281 281
- Misses 1205 1244 +39
Partials 24 24
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
f8ee8e7
to
0f0c21f
Compare
This works, tested upgrading from 1.X encrypted to master with this patch included. |
This solves the issue of upgrading from the old method of mappings to identify the kcrypt partitions, with the new one that uses predictable uuids to identify them. On boot we check for luks partitions that match the partitions persistent label (NOT THE FS LABEL) as that gets stored properly. If it matches persistent, we get its uuid and match it agsint the know uuid. If they dont match, we update it to match and proceed with booting. Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>
0f0c21f
to
6fe8200
Compare
Co-authored-by: Dimitris Karakasilis <jimmykarily@gmail.com>
|
||
// Mount COS_OEM (After root as it mounts under s.Rootdir/oem) | ||
s.LogIfError(s.MountOemDagStep(g, cnst.OpMountRoot, cnst.OpLvmActivate, cnst.OpKcryptUnlock), "oem mount") | ||
s.LogIfError(s.MountOemDagStep(g, cnst.OpMountRoot, cnst.OpLvmActivate), "oem mount") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Im still nto sure about this. Potentially on 2.1.X we could allow encrypting COS_OEM as well, in that case this should depend on the unlock method. But it has not been tested so.....making it easy for now
This solves the issue of upgrading from the old method of mappings to identify the kcrypt partitions, with the new one that uses predictable uuids to identify them.
On boot we check for luks partitions that match the partitions persistent label (NOT THE FS LABEL) as that gets stored properly. If it matches persistent, we get its uuid and match it agsint the know uuid. If they dont match, we update it to match and proceed with booting.
Fixes: kairos-io/kairos#1379