From 21d874a8a5ef773be6621157b90e82492bc4f8d2 Mon Sep 17 00:00:00 2001 From: Andrey Smirnov Date: Mon, 2 Oct 2023 18:59:25 +0400 Subject: [PATCH] fix: clear the encryption config in META when STATE is reset When STATE is reset, we need to make sure we wipe the META keys containing encryption config as well. Fixes #7819 Signed-off-by: Andrey Smirnov (cherry picked from commit ef7be16c801176fc983299229841a98f935e18ed) --- .../v1alpha1/v1alpha1_sequencer_tasks.go | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go b/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go index fb15b18777..518190d315 100644 --- a/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go +++ b/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go @@ -1624,6 +1624,31 @@ func ResetSystemDiskSpec(_ runtime.Sequence, data any) (runtime.TaskExecutionFun } } + stateWiped := slices.Contains(in.GetSystemDiskTargets(), func(t runtime.PartitionTarget) bool { + return t.GetLabel() == constants.StatePartitionLabel + }) + + metaWiped := slices.Contains(in.GetSystemDiskTargets(), func(t runtime.PartitionTarget) bool { + return t.GetLabel() == constants.MetaPartitionLabel + }) + + if stateWiped && !metaWiped { + var removed bool + + removed, err = r.State().Machine().Meta().DeleteTag(ctx, meta.StateEncryptionConfig) + if err != nil { + return fmt.Errorf("failed to remove state encryption META config tag: %w", err) + } + + if removed { + if err = r.State().Machine().Meta().Flush(); err != nil { + return fmt.Errorf("failed to flush META: %w", err) + } + + logger.Printf("reset the state encryption META config tag") + } + } + logger.Printf("successfully reset system disk by the spec") return nil