Merge pull request #587 from samueldr-wip/feature/crypsetup-args

boot/init: Honor some cryptsetup arguments
2024-09-11 03:55:23 +03:00 · 2023-03-03 16:39:24 -05:00 · 2023-03-03 16:39:24 -05:00 · 9a0c317a02
commit 9a0c317a02
parent 60ef9490da bf43312242
2 changed files with 43 additions and 3 deletions
--- a/boot/init/lib/mounting.rb
+++ b/boot/init/lib/mounting.rb
@ -77,7 +77,7 @@ module Mounting
    auto_depend_mount_points(mount_points)

    (Configuration["luksDevices"] or []).each do |mapper, info|
-      Tasks::Luks.new(info["device"], mapper)
+      Tasks::Luks.new(info["device"], mapper, info)
    end
  end

--- a/boot/init/tasks/luks.rb
+++ b/boot/init/tasks/luks.rb
@ -23,10 +23,44 @@ class Tasks::Luks < Task
    @registry
  end

-  def initialize(source, mapper)
+  def initialize(source, mapper, info)
    @source = source
    @mapper = mapper

+    # Current known and used keys
+    #    "device", # First param, source
+    #    "allowDiscards",
+    #    "bypassWorkqueues",
+    #
+    # Current known and unused (by design) keys
+    #    "fallbackToPassword", # Nothing else than password
+    #
+    # Currently known unsupported keys (contributions welcome)
+    #    "crypttabExtraOpts",
+    #    "fido2",
+    #    "header",
+    #    "gpgCard",
+    #    "keyFile",
+    #    "keyFileOffset",
+    #    "keyFileSize",
+    #    "postOpenCommands",
+    #    "preLVM",
+    #    "preOpenCommands",
+    #    "yubikey",
+    @info = info
+    @cryptsetup_args = []
+    if @info["allowDiscards"]
+      @cryptsetup_args.concat [
+        "--allow-discards",
+      ]
+    end
+    if @info["bypassWorkqueues"] then
+      @cryptsetup_args.concat [
+        "--perf-no_read_workqueue",
+        "--perf-no_write_workqueue",
+      ]
+    end
+
    add_dependency(:Task, Tasks::UDev.instance)
    add_dependency(:Devices, source)
    add_dependency(:Mount, "/run")
@ -48,8 +82,14 @@ class Tasks::Luks < Task

      begin
        Progress.exec_with_message("Checking...") do
+          args = [
+            "luksOpen",
+            source,
+            mapper,
+            *@cryptsetup_args,
+          ]
          # TODO: implement with process redirection rather than shelling out
-          System.run("echo #{passphrase.shellescape} | exec cryptsetup luksOpen #{source.shellescape} #{mapper.shellescape}")
+          System.run("echo #{passphrase.shellescape} | exec cryptsetup #{args.shelljoin}")
        end
        Progress.update({label: nil})