-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🌱 🐛 Run kcrypt in rootfs stage #1224
Conversation
Instead of having it as a serviec we can run it under the rootfs stage. This gives us the assurance that /oem is mounted by that time and that we run it on all boot modes except live mode Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>
✅ Deploy Preview for kairos-io canceled.
|
May fix #1223 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is looking good, at this point we can drop also the dracut package from the framework, right?
yyyeeeeee....maybe. Let me test if this actually works :D |
- name: "Unlock encrypted volumes" | ||
if: '[ ! -f "/run/cos/live_mode" ]' | ||
commands: | ||
- kcrypt unlock-all | ||
after-upgrade: | ||
- name: "Update plugins" | ||
if: "[ $(kairos-agent state get oem.found) == 'true' ]" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not part of this PR, I know, but I think the code right after it can be dropped too
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we don't need to copy the plugins anymore into oem since .. a while (can't find the PR now)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
will drop it in a following PR, good to know!
Yup, this fixes the issue, yay! |
Codecov Report
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more @@ Coverage Diff @@
## master #1224 +/- ##
==========================================
- Coverage 22.79% 22.07% -0.73%
==========================================
Files 22 16 -6
Lines 1610 1282 -328
==========================================
- Hits 367 283 -84
+ Misses 1179 950 -229
+ Partials 64 49 -15
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
If we run kcrypt in the rootfs stage, we no longer need to run it via dracut Signed-off-by: Itxaka <itxaka.garcia@spectrocloud.com>
Nope! Because we need the kcrypt binary in initramfs and the dracut module is the one inserting it. If we drop the package there is no kcrypt binary and the rootfs stage fails so we need a bit more changes before |
ah right! but we can drop the dracut-module logics to call it :) |
What this PR does / why we need it:
Instead of having it as a service we can run it under the rootfs stage. This gives us the assurance that /oem is mounted by that time and that we run it on all boot modes except live mode
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged):Fixes #