adds encrypted var partition to config

Vanilla-OS · Jul 22, 2024 · 17353c0 · 17353c0
1 parent 4efe354
commit 17353c0
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -77,6 +77,7 @@ The configuration file is a JSON file with the following structure:
     "partLabelB": "vos-b",
     "partLabelBoot": "vos-boot",
     "partLabelEfi": "vos-efi",
+    "PartCryptVar": "/dev/mapper/vos--var-var",
 
     "thinProvisioning": false,
     "thinInitVolume": "",
@@ -108,6 +109,7 @@ The following table describes each of the configuration options:
 | `partLabelB` | The label of the partition dedicated to the system's `B` root. |
 | `partLabelBoot` | The label of the partition dedicated to the master boot. |
 | `partLabelEfi` | The label of the partition dedicated to the EFI boot. |
+| `PartCryptVar` | The encrypted partition to unlock during boot. On a non-lvm setup this would be something like `/dev/nvme1n1p3`. |
 | `thinProvisioning` | If set to `true`, ABRoot will use and look for a thin provisioning setup. Check the section about [thin provisioning](#thin-provisioning) for more information. |
 | `thinInitVolume` | The init volume of the thin provisioning setup. |
 | `libPathStates` | NOT_IMPLEMENTED |

diff --git a/cmd/unlock-var.go b/cmd/unlock-var.go
@@ -26,12 +26,6 @@ import (
 	"github.com/vanilla-os/orchid/cmdr"
 )
 
-type VarConfigError struct{}
-
-func (e *VarConfigError) Error() string {
-	return "reading the var disk from config is not implemented yet"
-}
-
 type VarInvalidError struct {
 	passedDisk string
 }
@@ -63,6 +57,7 @@ func NewUnlockVarCommand() *cmdr.Command {
 		),
 	)
 
+	// this is just meant for compatability with old Installations
 	cmd.WithStringFlag(
 		cmdr.NewStringFlag(
 			"var-disk",
@@ -126,7 +121,13 @@ func unlockVar(cmd *cobra.Command, _ []string) error {
 	}
 
 	if varDisk == "" {
-		return &VarConfigError{}
+		if settings.Cnf.PartCryptVar == "" {
+			cmdr.Error.Println("Encrypted var partition not found in configuration.")
+			os.Exit(3)
+			return nil
+		}
+
+		varDisk = settings.Cnf.PartCryptVar
 	}
 
 	dryRun, err := cmd.Flags().GetBool("dry-run")

diff --git a/config/abroot.json b/config/abroot.json
@@ -22,6 +22,7 @@
     "partLabelB": "vos-b",
     "partLabelBoot": "vos-boot",
     "partLabelEfi": "vos-efi",
+    "PartCryptVar": "/dev/mapper/vos--var-var",
 
     "thinProvisioning": false,
     "thinInitVolume": "",

diff --git a/core/disk-manager.go b/core/disk-manager.go
@@ -220,5 +220,5 @@ func (p *Partition) IsDevMapper() bool {
 
 // IsEncrypted returns whether the partition is encrypted
 func (p *Partition) IsEncrypted() bool {
-	return strings.HasPrefix(p.Device, "luks-")
+	return strings.HasPrefix(p.FsType, "crypto_")
 }
diff --git a/core/system.go b/core/system.go
@@ -430,6 +430,18 @@ func (s *ABSystem) RunOperation(operation ABSystemOperation) error {
 		return err
 	}
 
+	varParent := s.RootM.VarPartition.Parent
+	if varParent != nil && varParent.IsEncrypted() {
+		device := varParent.Device
+		if varParent.IsDevMapper() {
+			device = "/dev/mapper/" + device
+		} else {
+			device = "/dev/" + device
+		}
+
+		settings.Cnf.PartCryptVar = device
+	}
+
 	err = settings.WriteConfigToFile(filepath.Join(systemNew, "/usr/share/abroot/abroot.json"))
 	if err != nil {
 		PrintVerboseErr("ABSystem.RunOperation", 5.25, err)

diff --git a/settings/config.go b/settings/config.go
@@ -50,6 +50,7 @@ type Config struct {
 	PartLabelB    string `json:"partLabelB"`
 	PartLabelBoot string `json:"partLabelBoot"`
 	PartLabelEfi  string `json:"partLabelEfivar"`
+	PartCryptVar  string `json:"PartCryptVar"`
 
 	// Structure
 	ThinProvisioning bool   `json:"thinProvisioning"`
@@ -117,6 +118,7 @@ func init() {
 		PartLabelB:    viper.GetString("partLabelB"),
 		PartLabelBoot: viper.GetString("partLabelBoot"),
 		PartLabelEfi:  viper.GetString("partLabelEfi"),
+		PartCryptVar:  viper.GetString("PartCryptVar"),
 
 		// Structure
 		ThinProvisioning: viper.GetBool("thinProvisioning"),