search

coreycothrum / meta-mender-luks

mender with LUKS encrypted partitions
MIT License
11 stars 5 forks source link

feat: support encryption on first boot #18

Open Alvenix opened 7 months ago

Alvenix commented 7 months ago

I have copied/modified mender_luks_encrypt_part in mender-luks-init.sh.

If you recommend so, I could attempt to make this function part of mender-luks-util.sh and attempt to make the same logic used in mender-luks-encrypt-image.sh. But personally I would argue against it in this case, and would prefer copying the code as it is small and on boot we are very restricted so there is meaningful difference now (and perhaps more for future changes).

If you also want to, I could later make another PR to change mender-luks-encrypt-image.sh to be interruptible and repeatable same as with the boot, which would fix 15

coreycothrum commented 7 months ago

If you recommend so, I could attempt to make this function part of mender-luks-util.sh and attempt to make the same logic used in mender-luks-encrypt-image.sh.

I think what you've done here is fine. Not worth doing anything to mender-luks-util.sh or mender-luks-encrypt-image.sh.

If you also want to, I could later make another PR to change mender-luks-encrypt-image.sh to be interruptible and repeatable same as with the boot, which would fix 15

I think that's a good idea (but the priority (IMO) is low).

Alvenix commented 7 months ago

If you recommend so, I could attempt to make this function part of mender-luks-util.sh and attempt to make the same logic used in mender-luks-encrypt-image.sh.

I think what you've done here is fine. Not worth doing anything to mender-luks-util.sh or mender-luks-encrypt-image.sh.

Is it okay to remove --batch-mode so that the user can check the logs when booting? or should I change the assignment of the variable to use "?=" so that the user can remove it if he wants to. There are no more changes that I think of, other than this.

If you also want to, I could later make another PR to change mender-luks-encrypt-image.sh to be interruptible and repeatable same as with the boot, which would fix 15

I think that's a good idea (but the priority (IMO) is low).

I agree about the priority.

Alvenix commented 6 months ago

I removed the logic which attempt to recover if first boot was interrupted to simplify the code.