wip

2025-04-20 15:35:55 -04:00 · 2023-09-01 16:48:15 +02:00 · 2023-09-01 16:48:15 +02:00 · 93822c02e9
commit 93822c02e9
parent eed2be0aa3
12 changed files with 38 additions and 49 deletions
--- a/3rdparty/bazel/com_github_martinjungblut_go_cryptsetup/BUILD.bazel
+++ b/3rdparty/bazel/com_github_martinjungblut_go_cryptsetup/BUILD.bazel
--- a/3rdparty/bazel/com_github_martinjungblut_go_cryptsetup/com_github_martinjungblut_go_cryptsetup.patch
+++ b/3rdparty/bazel/com_github_martinjungblut_go_cryptsetup/com_github_martinjungblut_go_cryptsetup.patch
@ -1,12 +0,0 @@
--- BUILD.bazel
-+++ BUILD.bazel
-@@ -14,6 +14,9 @@
-         "plain.go",
-     ],
-     cgo = True,
-+    cdeps = [
-+        "@//rpm:cryptsetup",
-+    ],
-     importpath = "github.com/martinjungblut/go-cryptsetup",
-     visibility = ["//visibility:public"],
- )
--- a/bazel/toolchains/go_module_deps.bzl
+++ b/bazel/toolchains/go_module_deps.bzl
@ -1536,6 +1536,14 @@ def go_dependencies():
        sum = "h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=",
        version = "v1.0.1",
    )
+    go_repository(
+        name = "com_github_ebitengine_purego",
+        build_file_generation = "on",
+        build_file_proto_mode = "disable_global",
+        importpath = "github.com/ebitengine/purego",
+        sum = "h1:0gVgWGb8GjKYs7cufvfNSleJAD00m2xWC26FMwOjNrw=",
+        version = "v0.5.0-alpha.1",
+    )

    go_repository(
        name = "com_github_edgelesssys_go_azguestattestation",
@ -3572,6 +3580,14 @@ def go_dependencies():
        sum = "h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=",
        version = "v1.0.0",
    )
+    go_repository(
+        name = "com_github_malt3_purego_cryptsetup",
+        build_file_generation = "on",
+        build_file_proto_mode = "disable_global",
+        importpath = "github.com/malt3/purego-cryptsetup",
+        sum = "h1:NUO4VzRZg7gjBWQ/CQdSq0Bp7rkpNvRqBRT6XQle8Qc=",
+        version = "v0.0.1-rc3",
+    )

    go_repository(
        name = "com_github_markbates_errx",
@ -3597,18 +3613,7 @@ def go_dependencies():
        sum = "h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI=",
        version = "v1.0.1",
    )
-    go_repository(
-        name = "com_github_martinjungblut_go_cryptsetup",
-        build_file_generation = "on",
-        build_file_proto_mode = "disable_global",
-        importpath = "github.com/martinjungblut/go-cryptsetup",
-        patches = [
-            "//3rdparty/bazel/com_github_martinjungblut_go_cryptsetup:com_github_martinjungblut_go_cryptsetup.patch",  # keep
-        ],
-        replace = "github.com/daniel-weisse/go-cryptsetup",
-        sum = "h1:ToajP6trZoiqlZ3Z4uoG1P02/wtqSw1AcowOXOYjATk=",
-        version = "v0.0.0-20230705150314-d8c07bd1723c",
-    )
+
    go_repository(
        name = "com_github_masterminds_goutils",
        build_file_generation = "on",
--- a/csi/cryptmapper/BUILD.bazel
+++ b/csi/cryptmapper/BUILD.bazel
@ -18,12 +18,12 @@ go_library(
        "//internal/cryptsetup",
    ] + select({
        "@io_bazel_rules_go//go/platform:android": [
-            "@com_github_martinjungblut_go_cryptsetup//:go-cryptsetup",
+            "@com_github_malt3_purego_cryptsetup//:purego-cryptsetup",
            "@io_k8s_mount_utils//:mount-utils",
            "@io_k8s_utils//exec",
        ],
        "@io_bazel_rules_go//go/platform:linux": [
-            "@com_github_martinjungblut_go_cryptsetup//:go-cryptsetup",
+            "@com_github_malt3_purego_cryptsetup//:purego-cryptsetup",
            "@io_k8s_mount_utils//:mount-utils",
            "@io_k8s_utils//exec",
        ],
--- a/csi/cryptmapper/cryptmapper_cgo.go
+++ b/csi/cryptmapper/cryptmapper_cgo.go
@ -12,7 +12,7 @@ import (
 	"fmt"

 	ccryptsetup "github.com/edgelesssys/constellation/v2/internal/cryptsetup"
-	cryptsetup "github.com/martinjungblut/go-cryptsetup"
+	cryptsetup "github.com/malt3/purego-cryptsetup"
 	mount "k8s.io/mount-utils"
 	utilexec "k8s.io/utils/exec"
 )
--- a/disk-mapper/internal/test/BUILD.bazel
+++ b/disk-mapper/internal/test/BUILD.bazel
@ -13,7 +13,7 @@ go_test(
            "//disk-mapper/internal/diskencryption",
            "//internal/cryptsetup",
            "//internal/logger",
-            "@com_github_martinjungblut_go_cryptsetup//:go-cryptsetup",
+            "@com_github_malt3_purego_cryptsetup//:purego-cryptsetup",
            "@com_github_stretchr_testify//assert",
            "@com_github_stretchr_testify//require",
            "@org_uber_go_goleak//:goleak",
@ -23,7 +23,7 @@ go_test(
            "//disk-mapper/internal/diskencryption",
            "//internal/cryptsetup",
            "//internal/logger",
-            "@com_github_martinjungblut_go_cryptsetup//:go-cryptsetup",
+            "@com_github_malt3_purego_cryptsetup//:purego-cryptsetup",
            "@com_github_stretchr_testify//assert",
            "@com_github_stretchr_testify//require",
            "@org_uber_go_goleak//:goleak",
--- a/disk-mapper/internal/test/benchmark_test.go
+++ b/disk-mapper/internal/test/benchmark_test.go
@ -15,7 +15,7 @@ import (

 	"github.com/edgelesssys/constellation/v2/disk-mapper/internal/diskencryption"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
-	"github.com/martinjungblut/go-cryptsetup"
+	cryptsetup "github.com/malt3/purego-cryptsetup"
 	"go.uber.org/zap/zapcore"
 )

--- a/disk-mapper/internal/test/integration_test.go
+++ b/disk-mapper/internal/test/integration_test.go
@ -19,7 +19,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/disk-mapper/internal/diskencryption"
 	ccryptsetup "github.com/edgelesssys/constellation/v2/internal/cryptsetup"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
-	cryptsetup "github.com/martinjungblut/go-cryptsetup"
+	cryptsetup "github.com/malt3/purego-cryptsetup"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/goleak"
--- a/go.mod
+++ b/go.mod
@ -34,7 +34,6 @@ replace (
 replace (
 	github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/v2/api => ./operators/constellation-node-operator/api
 	github.com/google/go-tpm => github.com/thomasten/go-tpm v0.0.0-20230629092004-f43f8e2a59eb
-	github.com/martinjungblut/go-cryptsetup => github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c
 )

 require (
@ -94,7 +93,7 @@ require (
 	github.com/hashicorp/hcl/v2 v2.17.0
 	github.com/hashicorp/terraform-exec v0.18.1
 	github.com/hashicorp/terraform-json v0.15.0
-	github.com/martinjungblut/go-cryptsetup v0.0.0-20220520180014-fd0874fd07a6
+	github.com/malt3/purego-cryptsetup v0.0.1-rc3
 	github.com/mattn/go-isatty v0.0.19
 	github.com/microsoft/ApplicationInsights-Go v0.4.4
 	github.com/pkg/errors v0.9.1
@ -193,6 +192,7 @@ require (
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
+	github.com/ebitengine/purego v0.5.0-alpha.1 // indirect
 	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
--- a/go.sum
+++ b/go.sum
@ -276,8 +276,6 @@ github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 h
 github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw=
 github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI=
 github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
-github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c h1:ToajP6trZoiqlZ3Z4uoG1P02/wtqSw1AcowOXOYjATk=
-github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c/go.mod h1:gZoZ0+POlM1ge/VUxWpMmZVNPzzMJ7l436CgkQ5+qzU=
 github.com/danieljoos/wincred v1.1.2 h1:QLdCxFs1/Yl4zduvBdcHB8goaYk9RARS2SgLLRuAyr0=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@ -306,6 +304,8 @@ github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
+github.com/ebitengine/purego v0.5.0-alpha.1 h1:0gVgWGb8GjKYs7cufvfNSleJAD00m2xWC26FMwOjNrw=
+github.com/ebitengine/purego v0.5.0-alpha.1/go.mod h1:ah1In8AOtksoNK6yk5z1HTJeUkC1Ez4Wk2idgGslMwQ=
 github.com/edgelesssys/go-azguestattestation v0.0.0-20230707101700-a683be600fcf h1:1iKB7b+i7svWC0aKXwggi+kHf0K57g8r9hN4VOpJYYg=
 github.com/edgelesssys/go-azguestattestation v0.0.0-20230707101700-a683be600fcf/go.mod h1:T8Rv3qrCpUJZbKq49OA9tcC1ZbRkGtDxiafsj++LYIE=
 github.com/edgelesssys/go-tdx-qpl v0.0.0-20230530085549-fd2878a4dead h1:Q2TI34V/NCLGQQkdc0/KmPx/7ix9YnGDUQDT+gqvDw0=
@ -749,6 +749,8 @@ github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN
 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/malt3/purego-cryptsetup v0.0.1-rc3 h1:NUO4VzRZg7gjBWQ/CQdSq0Bp7rkpNvRqBRT6XQle8Qc=
+github.com/malt3/purego-cryptsetup v0.0.1-rc3/go.mod h1:j4mhDxufFZjQvjV/Rtc45/Vi1Qmc1+fAhKbAZxSq4Z4=
 github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI=
 github.com/markbates/errx v1.1.0/go.mod h1:PLa46Oex9KNbVDZhKel8v1OT7hD5JZ2eI7AHhA0wswc=
 github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
--- a/internal/cryptsetup/BUILD.bazel
+++ b/internal/cryptsetup/BUILD.bazel
@ -7,19 +7,14 @@ go_library(
        "cryptsetup_cgo.go",
        "cryptsetup_cross.go",
    ],
-    # keep
-    cdeps = [
-        "@//rpm:cryptsetup",
-    ],
-    cgo = True,
    importpath = "github.com/edgelesssys/constellation/v2/internal/cryptsetup",
    visibility = ["//:__subpackages__"],
    deps = select({
        "@io_bazel_rules_go//go/platform:android": [
-            "@com_github_martinjungblut_go_cryptsetup//:go-cryptsetup",
+            "@com_github_malt3_purego_cryptsetup//:purego-cryptsetup",
        ],
        "@io_bazel_rules_go//go/platform:linux": [
-            "@com_github_martinjungblut_go_cryptsetup//:go-cryptsetup",
+            "@com_github_malt3_purego_cryptsetup//:purego-cryptsetup",
        ],
        "//conditions:default": [],
    }),
--- a/internal/cryptsetup/cryptsetup_cgo.go
+++ b/internal/cryptsetup/cryptsetup_cgo.go
@ -7,20 +7,19 @@ SPDX-License-Identifier: AGPL-3.0-only
 */
 package cryptsetup

-// #include <libcryptsetup.h>
-import "C"
-
 import (
 	"errors"

-	"github.com/martinjungblut/go-cryptsetup"
+	cryptsetup "github.com/malt3/purego-cryptsetup"
 )

 const (
 	// ReadWriteQueueBypass is a flag to disable the write and read workqueues for a crypt device.
-	ReadWriteQueueBypass = C.CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE | C.CRYPT_ACTIVATE_NO_READ_WORKQUEUE
-	wipeFlags            = cryptsetup.CRYPT_ACTIVATE_PRIVATE | cryptsetup.CRYPT_ACTIVATE_NO_JOURNAL
-	wipePattern          = cryptsetup.CRYPT_WIPE_ZERO
+	ReadWriteQueueBypass          = cryptActivateNoReadWorkqueue | cryptActivateNoWriteWorkqueue
+	cryptActivateNoReadWorkqueue  = 0x1000000
+	cryptActivateNoWriteWorkqueue = 0x2000000
+	wipeFlags                     = cryptsetup.CRYPT_ACTIVATE_PRIVATE | cryptsetup.CRYPT_ACTIVATE_NO_JOURNAL
+	wipePattern                   = cryptsetup.CRYPT_WIPE_ZERO
 )

 var errInvalidType = errors.New("device is not a *cryptsetup.Device")