2
0
mirror of https://github.com/linka-cloud/d2vm.git synced 2024-11-29 11:06:24 +00:00

luks: implements support for debian like distibutions

Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>
This commit is contained in:
Adphi 2023-02-23 20:13:37 +01:00 committed by Adphi
parent 3ec9bdfb01
commit 2f34e19636
3 changed files with 21 additions and 7 deletions

View File

@ -151,8 +151,8 @@ func NewBuilder(ctx context.Context, workdir, imgTag, disk string, size uint64,
} }
if luksPassword != "" { if luksPassword != "" {
// TODO(adphi): remove this check when we support luks encryption on other distros // TODO(adphi): remove this check when we support luks encryption on other distros
if osRelease.ID != ReleaseAlpine { if osRelease.ID == ReleaseCentOS {
return nil, fmt.Errorf("luks encryption is only supported on alpine") return nil, fmt.Errorf("luks encryption is not supported on centos")
} }
if !splitBoot { if !splitBoot {
return nil, fmt.Errorf("luks encryption requires split boot") return nil, fmt.Errorf("luks encryption requires split boot")
@ -381,7 +381,7 @@ func (b *builder) unmountImg(ctx context.Context) error {
} }
merr = multierr.Append(merr, exec.Run(ctx, "umount", b.mntPoint)) merr = multierr.Append(merr, exec.Run(ctx, "umount", b.mntPoint))
if b.isLuksEnabled() { if b.isLuksEnabled() {
merr = multierr.Append(merr, exec.Run(ctx, "cryptsetup", "close", b.cryptRoot)) merr = multierr.Append(merr, exec.Run(ctx, "cryptsetup", "close", b.mappedCryptRoot))
} }
return multierr.Combine( return multierr.Combine(
merr, merr,
@ -503,8 +503,13 @@ func (b *builder) installKernel(ctx context.Context) error {
} }
var cfg string var cfg string
if b.isLuksEnabled() { if b.isLuksEnabled() {
cfg = fmt.Sprintf(sysconfig, b.rootUUID, fmt.Sprintf("%s root=/dev/mapper/root cryptdm=root", b.cmdLineExtra)) if b.osRelease.ID != ReleaseAlpine {
cfg = strings.Replace(cfg, "root=UUID="+b.rootUUID, "cryptroot=UUID="+b.cryptUUID, 1) cfg = fmt.Sprintf(sysconfig, b.rootUUID, fmt.Sprintf("%s root=/dev/mapper/root cryptopts=target=root,source=UUID=%s", b.cmdLineExtra, b.cryptUUID))
cfg = strings.Replace(cfg, "root=UUID="+b.rootUUID, "", 1)
} else {
cfg = fmt.Sprintf(sysconfig, b.rootUUID, fmt.Sprintf("%s root=/dev/mapper/root cryptdm=root", b.cmdLineExtra))
cfg = strings.Replace(cfg, "root=UUID="+b.rootUUID, "cryptroot=UUID="+b.cryptUUID, 1)
}
} else { } else {
cfg = fmt.Sprintf(sysconfig, b.rootUUID, b.cmdLineExtra) cfg = fmt.Sprintf(sysconfig, b.rootUUID, b.cmdLineExtra)
} }

View File

@ -5,7 +5,7 @@ USER root
RUN apt-get -y update && \ RUN apt-get -y update && \
DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends \ DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends \
{{- if .Luks }} {{- if .Luks }}
cryptsetup \ cryptsetup-initramfs \
{{- end }} {{- end }}
linux-image-amd64 linux-image-amd64
@ -44,3 +44,8 @@ allow-hotplug eth0\n\
iface eth0 inet dhcp\n\ iface eth0 inet dhcp\n\
' > /etc/network/interfaces ' > /etc/network/interfaces
{{ end }} {{ end }}
{{- if .Luks }}
RUN update-initramfs -u -v
{{- end }}

View File

@ -7,7 +7,7 @@ RUN apt-get update -y && \
linux-image-virtual \ linux-image-virtual \
initramfs-tools \ initramfs-tools \
{{- if .Luks }} {{- if .Luks }}
cryptsetup \ cryptsetup-initramfs \
{{- end }} {{- end }}
systemd-sysv \ systemd-sysv \
systemd \ systemd \
@ -43,3 +43,7 @@ allow-hotplug eth0\n\
iface eth0 inet dhcp\n\ iface eth0 inet dhcp\n\
' > /etc/network/interfaces ' > /etc/network/interfaces
{{ end }} {{ end }}
{{- if .Luks }}
RUN update-initramfs -u -v
{{- end }}