luks: fix ubuntu <22.04 support

Signed-off-by: Adphi <[email protected]>
linka-cloud · Mar 1, 2023 · f75b0c7 · f75b0c7
1 parent bfa5f0d
commit f75b0c7
Show file tree

Hide file tree

Showing 6 changed files with 22 additions and 23 deletions.
diff --git a/builder.go b/builder.go
@@ -505,7 +505,10 @@ func (b *builder) installKernel(ctx context.Context) error {
 		case ReleaseCentOS:
 			cfg = fmt.Sprintf(sysconfig, b.rootUUID, fmt.Sprintf("%s rd.luks.name=UUID=%s rd.luks.uuid=%s rd.luks.crypttab=0", b.cmdLineExtra, b.rootUUID, b.cryptUUID))
 		default:
-			cfg = fmt.Sprintf(sysconfig, b.rootUUID, fmt.Sprintf("%s root=/dev/mapper/root cryptopts=target=root,source=UUID=%s", b.cmdLineExtra, b.cryptUUID))
+			// for some versions of debian, the cryptopts parameter MUST contain all the following: target,srouce,key,opts...
+			// see https://salsa.debian.org/cryptsetup-team/cryptsetup/-/blob/debian/buster/debian/functions
+			// and https://cryptsetup-team.pages.debian.net/cryptsetup/README.initramfs.html
+			cfg = fmt.Sprintf(sysconfig, b.rootUUID, fmt.Sprintf("%s root=/dev/mapper/root cryptopts=target=root,source=UUID=%s,key=none,luks", b.cmdLineExtra, b.cryptUUID))
 			cfg = strings.Replace(cfg, "root=UUID="+b.rootUUID, "", 1)
 		}
 	} else {

diff --git a/e2e/e2e_test.go b/e2e/e2e_test.go
@@ -45,7 +45,8 @@ type img struct {
 
 var images = []img{
 	{name: "alpine:3.17", luks: "Enter passphrase for /dev/sda2:"},
-	{name: "ubuntu:20.04", luks: "Please unlock disk root:"},
+	{name: "ubuntu:18.04", luks: "Please unlock disk root:"},
+	{name: "ubuntu:22.04", luks: "Please unlock disk root:"},
 	{name: "debian:11", luks: "Please unlock disk root:"},
 	{name: "centos:8", luks: "Please enter passphrase for disk"},
 }
@@ -68,7 +69,7 @@ func TestConvert(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			// t.Parallel()
+
 			dir := filepath.Join("/tmp", "d2vm-e2e", tt.name)
 			require.NoError(os.MkdirAll(dir, os.ModePerm))
 
@@ -78,15 +79,14 @@ func TestConvert(t *testing.T) {
 					ctx, cancel := context.WithCancel(context.Background())
 					defer cancel()
 
-					// t.Parallel()
 					require := require2.New(t)
 
 					out := filepath.Join(dir, strings.NewReplacer(":", "-", ".", "-").Replace(img.name)+".qcow2")
 
 					if _, err := os.Stat(out); err == nil {
 						require.NoError(os.Remove(out))
 					}
-					
+
 					require.NoError(docker.RunD2VM(ctx, d2vm.Image, d2vm.Version, dir, dir, "convert", append([]string{"-p", "root", "-o", "/out/" + filepath.Base(out), "-v", "--keep-cache", img.name}, tt.args...)...))
 
 					inr, inw := io.Pipe()

diff --git a/templates/alpine.Dockerfile b/templates/alpine.Dockerfile
@@ -6,9 +6,6 @@ RUN apk update --no-cache && \
     apk add \
       util-linux \
       linux-virt \
-{{- if .Luks }}
-      cryptsetup \
-{{- end }}
 {{- if ge .Release.VersionID "3.17" }}
       busybox-openrc \
       busybox-mdev-openrc \
@@ -34,7 +31,8 @@ iface eth0 inet dhcp\n\
 {{ end }}
 
 {{- if .Luks }}
-RUN source /etc/mkinitfs/mkinitfs.conf && \
+RUN apk add --no-cache cryptsetup && \
+    source /etc/mkinitfs/mkinitfs.conf && \
     echo "features=\"${features} cryptsetup\"" > /etc/mkinitfs/mkinitfs.conf && \
     mkinitfs $(ls /lib/modules)
 {{- end }}
diff --git a/templates/centos.Dockerfile b/templates/centos.Dockerfile
@@ -12,17 +12,19 @@ RUN yum install -y \
     systemd \
     NetworkManager \
     e2fsprogs \
-    {{- if .Luks }}
-    cryptsetup \
-    {{- end }}
     sudo && \
     systemctl enable NetworkManager && \
     systemctl unmask systemd-remount-fs.service && \
-    systemctl unmask getty.target
-
-RUN dracut --no-hostonly --regenerate-all --force {{ if .Luks }}--install="/usr/sbin/cryptsetup"{{ end }}&& \
+    systemctl unmask getty.target && \
     cd /boot && \
     ln -s $(find . -name 'vmlinuz-*') vmlinuz && \
     ln -s $(find . -name 'initramfs-*.img') initrd.img
 
+{{ if .Luks }}
+RUN yum install -y cryptsetup && \
+    dracut --no-hostonly --regenerate-all --force --install="/usr/sbin/cryptsetup" && \
+{{ else }}
+RUN dracut --no-hostonly --regenerate-all --force
+{{ end }}
+
 {{ if .Password }}RUN echo "root:{{ .Password }}" | chpasswd {{ end }}
diff --git a/templates/debian.Dockerfile b/templates/debian.Dockerfile
@@ -4,9 +4,6 @@ USER root
 
 RUN apt-get -y update && \
     DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends \
-{{- if .Luks }}
-      cryptsetup-initramfs \
-{{- end }}
       linux-image-amd64
 
 RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
@@ -47,5 +44,6 @@ iface eth0 inet dhcp\n\
 
 
 {{- if .Luks }}
-RUN update-initramfs -u -v
+RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends cryptsetup-initramfs && \
+     update-initramfs -u -v
 {{- end }}
diff --git a/templates/ubuntu.Dockerfile b/templates/ubuntu.Dockerfile
@@ -6,9 +6,6 @@ RUN apt-get update -y && \
   DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends \
   linux-image-virtual \
   initramfs-tools \
-{{- if .Luks }}
-  cryptsetup-initramfs \
-{{- end }}
   systemd-sysv \
   systemd \
   dbus \
@@ -45,5 +42,6 @@ iface eth0 inet dhcp\n\
 {{ end }}
 
 {{- if .Luks }}
-RUN update-initramfs -u -v
+RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends cryptsetup-initramfs && \
+     update-initramfs -u -v
 {{- end }}