From 93822c02e99ef2dbfcb23364f21bfca797e9f078 Mon Sep 17 00:00:00 2001 From: Malte Poll Date: Fri, 1 Sep 2023 16:48:15 +0200 Subject: [PATCH] wip --- .../BUILD.bazel | 0 ..._github_martinjungblut_go_cryptsetup.patch | 12 -------- bazel/toolchains/go_module_deps.bzl | 29 +++++++++++-------- csi/cryptmapper/BUILD.bazel | 4 +-- csi/cryptmapper/cryptmapper_cgo.go | 2 +- disk-mapper/internal/test/BUILD.bazel | 4 +-- disk-mapper/internal/test/benchmark_test.go | 2 +- disk-mapper/internal/test/integration_test.go | 2 +- go.mod | 4 +-- go.sum | 6 ++-- internal/cryptsetup/BUILD.bazel | 9 ++---- internal/cryptsetup/cryptsetup_cgo.go | 13 ++++----- 12 files changed, 38 insertions(+), 49 deletions(-) delete mode 100644 3rdparty/bazel/com_github_martinjungblut_go_cryptsetup/BUILD.bazel delete mode 100644 3rdparty/bazel/com_github_martinjungblut_go_cryptsetup/com_github_martinjungblut_go_cryptsetup.patch diff --git a/3rdparty/bazel/com_github_martinjungblut_go_cryptsetup/BUILD.bazel b/3rdparty/bazel/com_github_martinjungblut_go_cryptsetup/BUILD.bazel deleted file mode 100644 index e69de29bb..000000000 diff --git a/3rdparty/bazel/com_github_martinjungblut_go_cryptsetup/com_github_martinjungblut_go_cryptsetup.patch b/3rdparty/bazel/com_github_martinjungblut_go_cryptsetup/com_github_martinjungblut_go_cryptsetup.patch deleted file mode 100644 index b342055fe..000000000 --- a/3rdparty/bazel/com_github_martinjungblut_go_cryptsetup/com_github_martinjungblut_go_cryptsetup.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- BUILD.bazel -+++ BUILD.bazel -@@ -14,6 +14,9 @@ - "plain.go", - ], - cgo = True, -+ cdeps = [ -+ "@//rpm:cryptsetup", -+ ], - importpath = "github.com/martinjungblut/go-cryptsetup", - visibility = ["//visibility:public"], - ) diff --git a/bazel/toolchains/go_module_deps.bzl b/bazel/toolchains/go_module_deps.bzl index 6c1fbba2c..7f811ee03 100644 --- a/bazel/toolchains/go_module_deps.bzl +++ b/bazel/toolchains/go_module_deps.bzl @@ -1536,6 +1536,14 @@ def go_dependencies(): sum = "h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=", version = "v1.0.1", ) + go_repository( + name = "com_github_ebitengine_purego", + build_file_generation = "on", + build_file_proto_mode = "disable_global", + importpath = "github.com/ebitengine/purego", + sum = "h1:0gVgWGb8GjKYs7cufvfNSleJAD00m2xWC26FMwOjNrw=", + version = "v0.5.0-alpha.1", + ) go_repository( name = "com_github_edgelesssys_go_azguestattestation", @@ -3572,6 +3580,14 @@ def go_dependencies(): sum = "h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=", version = "v1.0.0", ) + go_repository( + name = "com_github_malt3_purego_cryptsetup", + build_file_generation = "on", + build_file_proto_mode = "disable_global", + importpath = "github.com/malt3/purego-cryptsetup", + sum = "h1:NUO4VzRZg7gjBWQ/CQdSq0Bp7rkpNvRqBRT6XQle8Qc=", + version = "v0.0.1-rc3", + ) go_repository( name = "com_github_markbates_errx", @@ -3597,18 +3613,7 @@ def go_dependencies(): sum = "h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI=", version = "v1.0.1", ) - go_repository( - name = "com_github_martinjungblut_go_cryptsetup", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/martinjungblut/go-cryptsetup", - patches = [ - "//3rdparty/bazel/com_github_martinjungblut_go_cryptsetup:com_github_martinjungblut_go_cryptsetup.patch", # keep - ], - replace = "github.com/daniel-weisse/go-cryptsetup", - sum = "h1:ToajP6trZoiqlZ3Z4uoG1P02/wtqSw1AcowOXOYjATk=", - version = "v0.0.0-20230705150314-d8c07bd1723c", - ) + go_repository( name = "com_github_masterminds_goutils", build_file_generation = "on", diff --git a/csi/cryptmapper/BUILD.bazel b/csi/cryptmapper/BUILD.bazel index 26014dc0a..5ee84a89f 100644 --- a/csi/cryptmapper/BUILD.bazel +++ b/csi/cryptmapper/BUILD.bazel @@ -18,12 +18,12 @@ go_library( "//internal/cryptsetup", ] + select({ "@io_bazel_rules_go//go/platform:android": [ - "@com_github_martinjungblut_go_cryptsetup//:go-cryptsetup", + "@com_github_malt3_purego_cryptsetup//:purego-cryptsetup", "@io_k8s_mount_utils//:mount-utils", "@io_k8s_utils//exec", ], "@io_bazel_rules_go//go/platform:linux": [ - "@com_github_martinjungblut_go_cryptsetup//:go-cryptsetup", + "@com_github_malt3_purego_cryptsetup//:purego-cryptsetup", "@io_k8s_mount_utils//:mount-utils", "@io_k8s_utils//exec", ], diff --git a/csi/cryptmapper/cryptmapper_cgo.go b/csi/cryptmapper/cryptmapper_cgo.go index f03a48bbb..220ac0cf3 100644 --- a/csi/cryptmapper/cryptmapper_cgo.go +++ b/csi/cryptmapper/cryptmapper_cgo.go @@ -12,7 +12,7 @@ import ( "fmt" ccryptsetup "github.com/edgelesssys/constellation/v2/internal/cryptsetup" - cryptsetup "github.com/martinjungblut/go-cryptsetup" + cryptsetup "github.com/malt3/purego-cryptsetup" mount "k8s.io/mount-utils" utilexec "k8s.io/utils/exec" ) diff --git a/disk-mapper/internal/test/BUILD.bazel b/disk-mapper/internal/test/BUILD.bazel index 8ad8083a4..2a5b069b0 100644 --- a/disk-mapper/internal/test/BUILD.bazel +++ b/disk-mapper/internal/test/BUILD.bazel @@ -13,7 +13,7 @@ go_test( "//disk-mapper/internal/diskencryption", "//internal/cryptsetup", "//internal/logger", - "@com_github_martinjungblut_go_cryptsetup//:go-cryptsetup", + "@com_github_malt3_purego_cryptsetup//:purego-cryptsetup", "@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//require", "@org_uber_go_goleak//:goleak", @@ -23,7 +23,7 @@ go_test( "//disk-mapper/internal/diskencryption", "//internal/cryptsetup", "//internal/logger", - "@com_github_martinjungblut_go_cryptsetup//:go-cryptsetup", + "@com_github_malt3_purego_cryptsetup//:purego-cryptsetup", "@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//require", "@org_uber_go_goleak//:goleak", diff --git a/disk-mapper/internal/test/benchmark_test.go b/disk-mapper/internal/test/benchmark_test.go index 6fc92a284..2e71c29fb 100644 --- a/disk-mapper/internal/test/benchmark_test.go +++ b/disk-mapper/internal/test/benchmark_test.go @@ -15,7 +15,7 @@ import ( "github.com/edgelesssys/constellation/v2/disk-mapper/internal/diskencryption" "github.com/edgelesssys/constellation/v2/internal/logger" - "github.com/martinjungblut/go-cryptsetup" + cryptsetup "github.com/malt3/purego-cryptsetup" "go.uber.org/zap/zapcore" ) diff --git a/disk-mapper/internal/test/integration_test.go b/disk-mapper/internal/test/integration_test.go index 526df601e..2d07786e4 100644 --- a/disk-mapper/internal/test/integration_test.go +++ b/disk-mapper/internal/test/integration_test.go @@ -19,7 +19,7 @@ import ( "github.com/edgelesssys/constellation/v2/disk-mapper/internal/diskencryption" ccryptsetup "github.com/edgelesssys/constellation/v2/internal/cryptsetup" "github.com/edgelesssys/constellation/v2/internal/logger" - cryptsetup "github.com/martinjungblut/go-cryptsetup" + cryptsetup "github.com/malt3/purego-cryptsetup" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "go.uber.org/goleak" diff --git a/go.mod b/go.mod index f78a1f3e0..cf3fd70b0 100644 --- a/go.mod +++ b/go.mod @@ -34,7 +34,6 @@ replace ( replace ( github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/v2/api => ./operators/constellation-node-operator/api github.com/google/go-tpm => github.com/thomasten/go-tpm v0.0.0-20230629092004-f43f8e2a59eb - github.com/martinjungblut/go-cryptsetup => github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c ) require ( @@ -94,7 +93,7 @@ require ( github.com/hashicorp/hcl/v2 v2.17.0 github.com/hashicorp/terraform-exec v0.18.1 github.com/hashicorp/terraform-json v0.15.0 - github.com/martinjungblut/go-cryptsetup v0.0.0-20220520180014-fd0874fd07a6 + github.com/malt3/purego-cryptsetup v0.0.1-rc3 github.com/mattn/go-isatty v0.0.19 github.com/microsoft/ApplicationInsights-Go v0.4.4 github.com/pkg/errors v0.9.1 @@ -193,6 +192,7 @@ require ( github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect github.com/docker/go-units v0.5.0 // indirect + github.com/ebitengine/purego v0.5.0-alpha.1 // indirect github.com/emicklei/go-restful/v3 v3.10.1 // indirect github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect diff --git a/go.sum b/go.sum index e6f84bb8f..98543aade 100644 --- a/go.sum +++ b/go.sum @@ -276,8 +276,6 @@ github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 h github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= -github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c h1:ToajP6trZoiqlZ3Z4uoG1P02/wtqSw1AcowOXOYjATk= -github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c/go.mod h1:gZoZ0+POlM1ge/VUxWpMmZVNPzzMJ7l436CgkQ5+qzU= github.com/danieljoos/wincred v1.1.2 h1:QLdCxFs1/Yl4zduvBdcHB8goaYk9RARS2SgLLRuAyr0= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= @@ -306,6 +304,8 @@ github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1 h1:ZClxb8laGDf5arXfYcAtECDFgAgHklGI8CxgjHnXKJ4= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= +github.com/ebitengine/purego v0.5.0-alpha.1 h1:0gVgWGb8GjKYs7cufvfNSleJAD00m2xWC26FMwOjNrw= +github.com/ebitengine/purego v0.5.0-alpha.1/go.mod h1:ah1In8AOtksoNK6yk5z1HTJeUkC1Ez4Wk2idgGslMwQ= github.com/edgelesssys/go-azguestattestation v0.0.0-20230707101700-a683be600fcf h1:1iKB7b+i7svWC0aKXwggi+kHf0K57g8r9hN4VOpJYYg= github.com/edgelesssys/go-azguestattestation v0.0.0-20230707101700-a683be600fcf/go.mod h1:T8Rv3qrCpUJZbKq49OA9tcC1ZbRkGtDxiafsj++LYIE= github.com/edgelesssys/go-tdx-qpl v0.0.0-20230530085549-fd2878a4dead h1:Q2TI34V/NCLGQQkdc0/KmPx/7ix9YnGDUQDT+gqvDw0= @@ -749,6 +749,8 @@ github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/malt3/purego-cryptsetup v0.0.1-rc3 h1:NUO4VzRZg7gjBWQ/CQdSq0Bp7rkpNvRqBRT6XQle8Qc= +github.com/malt3/purego-cryptsetup v0.0.1-rc3/go.mod h1:j4mhDxufFZjQvjV/Rtc45/Vi1Qmc1+fAhKbAZxSq4Z4= github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI= github.com/markbates/errx v1.1.0/go.mod h1:PLa46Oex9KNbVDZhKel8v1OT7hD5JZ2eI7AHhA0wswc= github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= diff --git a/internal/cryptsetup/BUILD.bazel b/internal/cryptsetup/BUILD.bazel index db8a1f465..3834c967d 100644 --- a/internal/cryptsetup/BUILD.bazel +++ b/internal/cryptsetup/BUILD.bazel @@ -7,19 +7,14 @@ go_library( "cryptsetup_cgo.go", "cryptsetup_cross.go", ], - # keep - cdeps = [ - "@//rpm:cryptsetup", - ], - cgo = True, importpath = "github.com/edgelesssys/constellation/v2/internal/cryptsetup", visibility = ["//:__subpackages__"], deps = select({ "@io_bazel_rules_go//go/platform:android": [ - "@com_github_martinjungblut_go_cryptsetup//:go-cryptsetup", + "@com_github_malt3_purego_cryptsetup//:purego-cryptsetup", ], "@io_bazel_rules_go//go/platform:linux": [ - "@com_github_martinjungblut_go_cryptsetup//:go-cryptsetup", + "@com_github_malt3_purego_cryptsetup//:purego-cryptsetup", ], "//conditions:default": [], }), diff --git a/internal/cryptsetup/cryptsetup_cgo.go b/internal/cryptsetup/cryptsetup_cgo.go index 555e07dfe..1a05cb34a 100644 --- a/internal/cryptsetup/cryptsetup_cgo.go +++ b/internal/cryptsetup/cryptsetup_cgo.go @@ -7,20 +7,19 @@ SPDX-License-Identifier: AGPL-3.0-only */ package cryptsetup -// #include -import "C" - import ( "errors" - "github.com/martinjungblut/go-cryptsetup" + cryptsetup "github.com/malt3/purego-cryptsetup" ) const ( // ReadWriteQueueBypass is a flag to disable the write and read workqueues for a crypt device. - ReadWriteQueueBypass = C.CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE | C.CRYPT_ACTIVATE_NO_READ_WORKQUEUE - wipeFlags = cryptsetup.CRYPT_ACTIVATE_PRIVATE | cryptsetup.CRYPT_ACTIVATE_NO_JOURNAL - wipePattern = cryptsetup.CRYPT_WIPE_ZERO + ReadWriteQueueBypass = cryptActivateNoReadWorkqueue | cryptActivateNoWriteWorkqueue + cryptActivateNoReadWorkqueue = 0x1000000 + cryptActivateNoWriteWorkqueue = 0x2000000 + wipeFlags = cryptsetup.CRYPT_ACTIVATE_PRIVATE | cryptsetup.CRYPT_ACTIVATE_NO_JOURNAL + wipePattern = cryptsetup.CRYPT_WIPE_ZERO ) var errInvalidType = errors.New("device is not a *cryptsetup.Device")