mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-11 23:49:30 -05:00
CSI driver fixes (#668)
* Fix invalid key id for resize operations * Add udev rule for unlabeled disks Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
parent
6bd62f0f7a
commit
ad7baa667a
@ -182,12 +182,7 @@ func (c *CryptMapper) OpenCryptDevice(ctx context.Context, source, volumeID stri
|
|||||||
|
|
||||||
// ResizeCryptDevice resizes the underlying crypt device and returns the mapped device path.
|
// ResizeCryptDevice resizes the underlying crypt device and returns the mapped device path.
|
||||||
func (c *CryptMapper) ResizeCryptDevice(ctx context.Context, volumeID string) (string, error) {
|
func (c *CryptMapper) ResizeCryptDevice(ctx context.Context, volumeID string) (string, error) {
|
||||||
dek, err := c.kms.GetDEK(ctx, volumeID, crypto.StateDiskKeyLength)
|
if err := resizeCryptDevice(ctx, c.mapper, volumeID, c.kms.GetDEK); err != nil {
|
||||||
if err != nil {
|
|
||||||
return "", err
|
|
||||||
}
|
|
||||||
|
|
||||||
if err := resizeCryptDevice(c.mapper, volumeID, string(dek)); err != nil {
|
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -352,7 +347,9 @@ func performWipe(device DeviceMapper, volumeID string) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func resizeCryptDevice(device DeviceMapper, name, passphrase string) error {
|
func resizeCryptDevice(ctx context.Context, device DeviceMapper, name string,
|
||||||
|
getKey func(ctx context.Context, keyID string, keySize int) ([]byte, error),
|
||||||
|
) error {
|
||||||
packageLock.Lock()
|
packageLock.Lock()
|
||||||
defer packageLock.Unlock()
|
defer packageLock.Unlock()
|
||||||
|
|
||||||
@ -365,7 +362,12 @@ func resizeCryptDevice(device DeviceMapper, name, passphrase string) error {
|
|||||||
return fmt.Errorf("loading device: %w", err)
|
return fmt.Errorf("loading device: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := device.ActivateByPassphrase("", 0, passphrase, cryptsetup.CRYPT_ACTIVATE_KEYRING_KEY); err != nil {
|
passphrase, err := getKey(ctx, device.GetUUID(), crypto.StateDiskKeyLength)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("getting key: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := device.ActivateByPassphrase("", 0, string(passphrase), cryptsetup.CRYPT_ACTIVATE_KEYRING_KEY); err != nil {
|
||||||
return fmt.Errorf("activating keyrung for crypt device %q with passphrase: %w", name, err)
|
return fmt.Errorf("activating keyrung for crypt device %q with passphrase: %w", name, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
# prevent systemd udev rules from marking unformatted device mapper device as unready (SYSTEMD_READY=0)
|
# prevent systemd udev rules from marking unformatted device mapper device as unready (SYSTEMD_READY=0)
|
||||||
# this is the offending rule from systemd: SUBSYSTEM=="block", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0"
|
# this is the offending rule from systemd: SUBSYSTEM=="block", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0"
|
||||||
|
SUBSYSTEM=="block", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}="constellation-encrypted-disk"
|
||||||
SUBSYSTEM=="block", ENV{DM_NAME}=="state", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}="constellation-state"
|
SUBSYSTEM=="block", ENV{DM_NAME}=="state", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}="constellation-state"
|
||||||
|
Loading…
Reference in New Issue
Block a user