From f75b0c7313a4ccdbec3565511aa2ed81b50466c8 Mon Sep 17 00:00:00 2001 From: Adphi Date: Tue, 28 Feb 2023 17:42:52 +0100 Subject: [PATCH] luks: fix ubuntu <22.04 support Signed-off-by: Adphi --- builder.go | 5 ++++- e2e/e2e_test.go | 8 ++++---- templates/alpine.Dockerfile | 6 ++---- templates/centos.Dockerfile | 14 ++++++++------ templates/debian.Dockerfile | 6 ++---- templates/ubuntu.Dockerfile | 6 ++---- 6 files changed, 22 insertions(+), 23 deletions(-) diff --git a/builder.go b/builder.go index 259b85a..4c5afd6 100644 --- a/builder.go +++ b/builder.go @@ -505,7 +505,10 @@ func (b *builder) installKernel(ctx context.Context) error { case ReleaseCentOS: cfg = fmt.Sprintf(sysconfig, b.rootUUID, fmt.Sprintf("%s rd.luks.name=UUID=%s rd.luks.uuid=%s rd.luks.crypttab=0", b.cmdLineExtra, b.rootUUID, b.cryptUUID)) default: - cfg = fmt.Sprintf(sysconfig, b.rootUUID, fmt.Sprintf("%s root=/dev/mapper/root cryptopts=target=root,source=UUID=%s", b.cmdLineExtra, b.cryptUUID)) + // for some versions of debian, the cryptopts parameter MUST contain all the following: target,srouce,key,opts... + // see https://salsa.debian.org/cryptsetup-team/cryptsetup/-/blob/debian/buster/debian/functions + // and https://cryptsetup-team.pages.debian.net/cryptsetup/README.initramfs.html + cfg = fmt.Sprintf(sysconfig, b.rootUUID, fmt.Sprintf("%s root=/dev/mapper/root cryptopts=target=root,source=UUID=%s,key=none,luks", b.cmdLineExtra, b.cryptUUID)) cfg = strings.Replace(cfg, "root=UUID="+b.rootUUID, "", 1) } } else { diff --git a/e2e/e2e_test.go b/e2e/e2e_test.go index 5b4dcdd..554fb21 100644 --- a/e2e/e2e_test.go +++ b/e2e/e2e_test.go @@ -45,7 +45,8 @@ type img struct { var images = []img{ {name: "alpine:3.17", luks: "Enter passphrase for /dev/sda2:"}, - {name: "ubuntu:20.04", luks: "Please unlock disk root:"}, + {name: "ubuntu:18.04", luks: "Please unlock disk root:"}, + {name: "ubuntu:22.04", luks: "Please unlock disk root:"}, {name: "debian:11", luks: "Please unlock disk root:"}, {name: "centos:8", luks: "Please enter passphrase for disk"}, } @@ -68,7 +69,7 @@ func TestConvert(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - // t.Parallel() + dir := filepath.Join("/tmp", "d2vm-e2e", tt.name) require.NoError(os.MkdirAll(dir, os.ModePerm)) @@ -78,7 +79,6 @@ func TestConvert(t *testing.T) { ctx, cancel := context.WithCancel(context.Background()) defer cancel() - // t.Parallel() require := require2.New(t) out := filepath.Join(dir, strings.NewReplacer(":", "-", ".", "-").Replace(img.name)+".qcow2") @@ -86,7 +86,7 @@ func TestConvert(t *testing.T) { if _, err := os.Stat(out); err == nil { require.NoError(os.Remove(out)) } - + require.NoError(docker.RunD2VM(ctx, d2vm.Image, d2vm.Version, dir, dir, "convert", append([]string{"-p", "root", "-o", "/out/" + filepath.Base(out), "-v", "--keep-cache", img.name}, tt.args...)...)) inr, inw := io.Pipe() diff --git a/templates/alpine.Dockerfile b/templates/alpine.Dockerfile index 22f1d4d..fb675a1 100644 --- a/templates/alpine.Dockerfile +++ b/templates/alpine.Dockerfile @@ -6,9 +6,6 @@ RUN apk update --no-cache && \ apk add \ util-linux \ linux-virt \ -{{- if .Luks }} - cryptsetup \ -{{- end }} {{- if ge .Release.VersionID "3.17" }} busybox-openrc \ busybox-mdev-openrc \ @@ -34,7 +31,8 @@ iface eth0 inet dhcp\n\ {{ end }} {{- if .Luks }} -RUN source /etc/mkinitfs/mkinitfs.conf && \ +RUN apk add --no-cache cryptsetup && \ + source /etc/mkinitfs/mkinitfs.conf && \ echo "features=\"${features} cryptsetup\"" > /etc/mkinitfs/mkinitfs.conf && \ mkinitfs $(ls /lib/modules) {{- end }} diff --git a/templates/centos.Dockerfile b/templates/centos.Dockerfile index 7c9082d..292f588 100644 --- a/templates/centos.Dockerfile +++ b/templates/centos.Dockerfile @@ -12,17 +12,19 @@ RUN yum install -y \ systemd \ NetworkManager \ e2fsprogs \ - {{- if .Luks }} - cryptsetup \ - {{- end }} sudo && \ systemctl enable NetworkManager && \ systemctl unmask systemd-remount-fs.service && \ - systemctl unmask getty.target - -RUN dracut --no-hostonly --regenerate-all --force {{ if .Luks }}--install="/usr/sbin/cryptsetup"{{ end }}&& \ + systemctl unmask getty.target && \ cd /boot && \ ln -s $(find . -name 'vmlinuz-*') vmlinuz && \ ln -s $(find . -name 'initramfs-*.img') initrd.img +{{ if .Luks }} +RUN yum install -y cryptsetup && \ + dracut --no-hostonly --regenerate-all --force --install="/usr/sbin/cryptsetup" && \ +{{ else }} +RUN dracut --no-hostonly --regenerate-all --force +{{ end }} + {{ if .Password }}RUN echo "root:{{ .Password }}" | chpasswd {{ end }} diff --git a/templates/debian.Dockerfile b/templates/debian.Dockerfile index da0f5ef..472dcbd 100644 --- a/templates/debian.Dockerfile +++ b/templates/debian.Dockerfile @@ -4,9 +4,6 @@ USER root RUN apt-get -y update && \ DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends \ -{{- if .Luks }} - cryptsetup-initramfs \ -{{- end }} linux-image-amd64 RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ @@ -47,5 +44,6 @@ iface eth0 inet dhcp\n\ {{- if .Luks }} -RUN update-initramfs -u -v +RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends cryptsetup-initramfs && \ + update-initramfs -u -v {{- end }} diff --git a/templates/ubuntu.Dockerfile b/templates/ubuntu.Dockerfile index fe439bc..5cf1ba7 100644 --- a/templates/ubuntu.Dockerfile +++ b/templates/ubuntu.Dockerfile @@ -6,9 +6,6 @@ RUN apt-get update -y && \ DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends \ linux-image-virtual \ initramfs-tools \ -{{- if .Luks }} - cryptsetup-initramfs \ -{{- end }} systemd-sysv \ systemd \ dbus \ @@ -45,5 +42,6 @@ iface eth0 inet dhcp\n\ {{ end }} {{- if .Luks }} -RUN update-initramfs -u -v +RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends cryptsetup-initramfs && \ + update-initramfs -u -v {{- end }}