luks: implements support for debian like distibutions

Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>
2023-02-23 20:13:37 +01:00 · 2023-02-23 20:13:37 +01:00 · 2f34e19636
parent 3ec9bdfb01
commit 2f34e19636
3 changed files with 21 additions and 7 deletions
--- a/builder.go
+++ b/builder.go
@ -151,8 +151,8 @@ func NewBuilder(ctx context.Context, workdir, imgTag, disk string, size uint64,
 	}
 	if luksPassword != "" {
 		// TODO(adphi): remove this check when we support luks encryption on other distros
-		if osRelease.ID != ReleaseAlpine {
-			return nil, fmt.Errorf("luks encryption is only supported on alpine")
+		if osRelease.ID == ReleaseCentOS {
+			return nil, fmt.Errorf("luks encryption is not supported on centos")
 		}
 		if !splitBoot {
 			return nil, fmt.Errorf("luks encryption requires split boot")
@ -381,7 +381,7 @@ func (b *builder) unmountImg(ctx context.Context) error {
 	}
 	merr = multierr.Append(merr, exec.Run(ctx, "umount", b.mntPoint))
 	if b.isLuksEnabled() {
-		merr = multierr.Append(merr, exec.Run(ctx, "cryptsetup", "close", b.cryptRoot))
+		merr = multierr.Append(merr, exec.Run(ctx, "cryptsetup", "close", b.mappedCryptRoot))
 	}
 	return multierr.Combine(
 		merr,
@ -503,8 +503,13 @@ func (b *builder) installKernel(ctx context.Context) error {
 	}
 	var cfg string
 	if b.isLuksEnabled() {
-		cfg = fmt.Sprintf(sysconfig, b.rootUUID, fmt.Sprintf("%s root=/dev/mapper/root cryptdm=root", b.cmdLineExtra))
-		cfg = strings.Replace(cfg, "root=UUID="+b.rootUUID, "cryptroot=UUID="+b.cryptUUID, 1)
+		if b.osRelease.ID != ReleaseAlpine {
+			cfg = fmt.Sprintf(sysconfig, b.rootUUID, fmt.Sprintf("%s root=/dev/mapper/root cryptopts=target=root,source=UUID=%s", b.cmdLineExtra, b.cryptUUID))
+			cfg = strings.Replace(cfg, "root=UUID="+b.rootUUID, "", 1)
+		} else {
+			cfg = fmt.Sprintf(sysconfig, b.rootUUID, fmt.Sprintf("%s root=/dev/mapper/root cryptdm=root", b.cmdLineExtra))
+			cfg = strings.Replace(cfg, "root=UUID="+b.rootUUID, "cryptroot=UUID="+b.cryptUUID, 1)
+		}
 	} else {
 		cfg = fmt.Sprintf(sysconfig, b.rootUUID, b.cmdLineExtra)
 	}
--- a/templates/debian.Dockerfile
+++ b/templates/debian.Dockerfile
@ -5,7 +5,7 @@ USER root
 RUN apt-get -y update && \
    DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends \
 {{- if .Luks }}
-      cryptsetup \
+      cryptsetup-initramfs \
 {{- end }}
      linux-image-amd64

@ -44,3 +44,8 @@ allow-hotplug eth0\n\
 iface eth0 inet dhcp\n\
 ' > /etc/network/interfaces
 {{ end }}
+
+
+{{- if .Luks }}
+RUN update-initramfs -u -v
+{{- end }}
--- a/templates/ubuntu.Dockerfile
+++ b/templates/ubuntu.Dockerfile
@ -7,7 +7,7 @@ RUN apt-get update -y && \
  linux-image-virtual \
  initramfs-tools \
 {{- if .Luks }}
-      cryptsetup \
+  cryptsetup-initramfs \
 {{- end }}
  systemd-sysv \
  systemd \
@ -43,3 +43,7 @@ allow-hotplug eth0\n\
 iface eth0 inet dhcp\n\
 ' > /etc/network/interfaces
 {{ end }}
+
+{{- if .Luks }}
+RUN update-initramfs -u -v
+{{- end }}