From 2f34e19636a8f8dd5e75d3a0d02f38acec8e85c1 Mon Sep 17 00:00:00 2001
From: Adphi <philippe.adrien.nousse@gmail.com>
Date: Thu, 23 Feb 2023 20:13:37 +0100
Subject: [PATCH] luks: implements support for debian like distibutions

Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>
---
 builder.go                  | 15 ++++++++++-----
 templates/debian.Dockerfile |  7 ++++++-
 templates/ubuntu.Dockerfile |  6 +++++-
 3 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/builder.go b/builder.go
index c26a8e4..d06f952 100644
--- a/builder.go
+++ b/builder.go
@@ -151,8 +151,8 @@ func NewBuilder(ctx context.Context, workdir, imgTag, disk string, size uint64,
 	}
 	if luksPassword != "" {
 		// TODO(adphi): remove this check when we support luks encryption on other distros
-		if osRelease.ID != ReleaseAlpine {
-			return nil, fmt.Errorf("luks encryption is only supported on alpine")
+		if osRelease.ID == ReleaseCentOS {
+			return nil, fmt.Errorf("luks encryption is not supported on centos")
 		}
 		if !splitBoot {
 			return nil, fmt.Errorf("luks encryption requires split boot")
@@ -381,7 +381,7 @@ func (b *builder) unmountImg(ctx context.Context) error {
 	}
 	merr = multierr.Append(merr, exec.Run(ctx, "umount", b.mntPoint))
 	if b.isLuksEnabled() {
-		merr = multierr.Append(merr, exec.Run(ctx, "cryptsetup", "close", b.cryptRoot))
+		merr = multierr.Append(merr, exec.Run(ctx, "cryptsetup", "close", b.mappedCryptRoot))
 	}
 	return multierr.Combine(
 		merr,
@@ -503,8 +503,13 @@ func (b *builder) installKernel(ctx context.Context) error {
 	}
 	var cfg string
 	if b.isLuksEnabled() {
-		cfg = fmt.Sprintf(sysconfig, b.rootUUID, fmt.Sprintf("%s root=/dev/mapper/root cryptdm=root", b.cmdLineExtra))
-		cfg = strings.Replace(cfg, "root=UUID="+b.rootUUID, "cryptroot=UUID="+b.cryptUUID, 1)
+		if b.osRelease.ID != ReleaseAlpine {
+			cfg = fmt.Sprintf(sysconfig, b.rootUUID, fmt.Sprintf("%s root=/dev/mapper/root cryptopts=target=root,source=UUID=%s", b.cmdLineExtra, b.cryptUUID))
+			cfg = strings.Replace(cfg, "root=UUID="+b.rootUUID, "", 1)
+		} else {
+			cfg = fmt.Sprintf(sysconfig, b.rootUUID, fmt.Sprintf("%s root=/dev/mapper/root cryptdm=root", b.cmdLineExtra))
+			cfg = strings.Replace(cfg, "root=UUID="+b.rootUUID, "cryptroot=UUID="+b.cryptUUID, 1)
+		}
 	} else {
 		cfg = fmt.Sprintf(sysconfig, b.rootUUID, b.cmdLineExtra)
 	}
diff --git a/templates/debian.Dockerfile b/templates/debian.Dockerfile
index 37d4fa5..da0f5ef 100644
--- a/templates/debian.Dockerfile
+++ b/templates/debian.Dockerfile
@@ -5,7 +5,7 @@ USER root
 RUN apt-get -y update && \
     DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends \
 {{- if .Luks }}
-      cryptsetup \
+      cryptsetup-initramfs \
 {{- end }}
       linux-image-amd64
 
@@ -44,3 +44,8 @@ allow-hotplug eth0\n\
 iface eth0 inet dhcp\n\
 ' > /etc/network/interfaces
 {{ end }}
+
+
+{{- if .Luks }}
+RUN update-initramfs -u -v
+{{- end }}
diff --git a/templates/ubuntu.Dockerfile b/templates/ubuntu.Dockerfile
index 1397ab3..fe439bc 100644
--- a/templates/ubuntu.Dockerfile
+++ b/templates/ubuntu.Dockerfile
@@ -7,7 +7,7 @@ RUN apt-get update -y && \
   linux-image-virtual \
   initramfs-tools \
 {{- if .Luks }}
-      cryptsetup \
+  cryptsetup-initramfs \
 {{- end }}
   systemd-sysv \
   systemd \
@@ -43,3 +43,7 @@ allow-hotplug eth0\n\
 iface eth0 inet dhcp\n\
 ' > /etc/network/interfaces
 {{ end }}
+
+{{- if .Luks }}
+RUN update-initramfs -u -v
+{{- end }}