parent
ac2e4b4f44
commit
0c86b6cdbb
@ -1,98 +0,0 @@
|
||||
Description: Allow specifying partitions to keep unencrypted when using FDE
|
||||
Author: Aaron Rainbolt <arraybolt3@ubuntu.com>
|
||||
Origin: vendor
|
||||
Bug: https://github.com/calamares/calamares/issues/1938
|
||||
Forwarded: https://github.com/calamares/calamares/pull/2280
|
||||
Last-Update: 2024-02-05
|
||||
---
|
||||
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
|
||||
--- a/src/modules/partition/core/PartitionLayout.cpp
|
||||
+++ b/src/modules/partition/core/PartitionLayout.cpp
|
||||
@@ -61,6 +61,7 @@ PartitionLayout::PartitionEntry::Partiti
|
||||
quint64 attributes,
|
||||
const QString& mountPoint,
|
||||
const QString& fs,
|
||||
+ const bool& noEncrypt,
|
||||
const QVariantMap& features,
|
||||
const QString& size,
|
||||
const QString& minSize,
|
||||
@@ -76,6 +77,7 @@ PartitionLayout::PartitionEntry::Partiti
|
||||
, partMaxSize( maxSize )
|
||||
{
|
||||
PartUtils::canonicalFilesystemName( fs, &partFileSystem );
|
||||
+ partNoEncrypt = noEncrypt;
|
||||
}
|
||||
|
||||
bool
|
||||
@@ -116,6 +118,7 @@ PartitionLayout::init( FileSystem::Type
|
||||
Calamares::getUnsignedInteger( pentry, "attributes", 0 ),
|
||||
Calamares::getString( pentry, "mountPoint" ),
|
||||
Calamares::getString( pentry, "filesystem", "unformatted" ),
|
||||
+ Calamares::getBool( pentry, "noEncrypt", false ),
|
||||
Calamares::getSubMap( pentry, "features", ok ),
|
||||
Calamares::getString( pentry, "size", QStringLiteral( "0" ) ),
|
||||
Calamares::getString( pentry, "minSize", QStringLiteral( "0" ) ),
|
||||
@@ -295,8 +298,8 @@ PartitionLayout::createPartitions( Devic
|
||||
|
||||
Partition* part = nullptr;
|
||||
|
||||
- // Encryption for zfs is handled in the zfs module
|
||||
- if ( luksPassphrase.isEmpty() || correctFS( entry.partFileSystem ) == FileSystem::Zfs )
|
||||
+ // Encryption for zfs is handled in the zfs module, skip encryption on noEncrypt partitions
|
||||
+ if ( luksPassphrase.isEmpty() || correctFS( entry.partFileSystem ) == FileSystem::Zfs || entry.partNoEncrypt )
|
||||
{
|
||||
part = KPMHelpers::createNewPartition( parent,
|
||||
*dev,
|
||||
@@ -329,7 +332,7 @@ PartitionLayout::createPartitions( Devic
|
||||
QVariantMap zfsInfo;
|
||||
|
||||
// Save the information subsequent modules will need
|
||||
- zfsInfo[ "encrypted" ] = !luksPassphrase.isEmpty();
|
||||
+ zfsInfo[ "encrypted" ] = !luksPassphrase.isEmpty() && !entry.partNoEncrypt;
|
||||
zfsInfo[ "passphrase" ] = luksPassphrase;
|
||||
zfsInfo[ "mountpoint" ] = entry.partMountPoint;
|
||||
|
||||
--- a/src/modules/partition/core/PartitionLayout.h
|
||||
+++ b/src/modules/partition/core/PartitionLayout.h
|
||||
@@ -37,6 +37,7 @@ public:
|
||||
quint64 partAttributes = 0;
|
||||
QString partMountPoint;
|
||||
FileSystem::Type partFileSystem = FileSystem::Unknown;
|
||||
+ bool partNoEncrypt;
|
||||
QVariantMap partFeatures;
|
||||
Calamares::Partition::PartitionSize partSize;
|
||||
Calamares::Partition::PartitionSize partMinSize;
|
||||
@@ -61,6 +62,7 @@ public:
|
||||
quint64 attributes,
|
||||
const QString& mountPoint,
|
||||
const QString& fs,
|
||||
+ const bool& noEncrypt,
|
||||
const QVariantMap& features,
|
||||
const QString& size,
|
||||
const QString& minSize = QString(),
|
||||
--- a/src/modules/partition/partition.conf
|
||||
+++ b/src/modules/partition/partition.conf
|
||||
@@ -258,6 +258,7 @@ defaultFileSystemType: "ext4"
|
||||
# - name: "rootfs"
|
||||
# type: "4f68bce3-e8cd-4db1-96e7-fbcaf984b709"
|
||||
# filesystem: "ext4"
|
||||
+# noEncrypt: false
|
||||
# mountPoint: "/"
|
||||
# size: 20%
|
||||
# minSize: 500M
|
||||
@@ -266,6 +267,7 @@ defaultFileSystemType: "ext4"
|
||||
# - name: "home"
|
||||
# type: "933ac7e1-2eb4-4f13-b844-0e14e2aef915"
|
||||
# filesystem: "ext4"
|
||||
+# noEncrypt: false
|
||||
# mountPoint: "/home"
|
||||
# size: 3G
|
||||
# minSize: 1.5G
|
||||
@@ -293,6 +295,7 @@ defaultFileSystemType: "ext4"
|
||||
# - if "unknown" (or an unknown FS name, like "elephant") then the
|
||||
# default filesystem type, or the user's choice, will be applied instead
|
||||
# of "unknown" (e.g. the user might pick ext4, or xfs).
|
||||
+# - noEncrypt: whether this partition is exempt from encryption if enabled (optional parameter; default is false)
|
||||
# - mountPoint: partition mount point (optional parameter; not mounted if unset)
|
||||
# - size: partition size in bytes (append 'K', 'M' or 'G' for KiB, MiB or GiB)
|
||||
# or
|
||||
@ -1,28 +0,0 @@
|
||||
Description: Fix BTRFS+LUKS installations with unencrypted /boot
|
||||
Author: TJ <hacker@iam.tj>
|
||||
Origin: upstream, https://github.com/calamares/calamares/commit/60989290e02f20b56f7e90056a0239f000198cbb
|
||||
Bug: https://github.com/calamares/calamares/issues/2281
|
||||
Last-Update: 2024-02-12
|
||||
---
|
||||
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
|
||||
diff --git a/src/modules/fstab/main.py b/src/modules/fstab/main.py
|
||||
index 97e7e7486a..78cae63494 100755
|
||||
--- a/src/modules/fstab/main.py
|
||||
+++ b/src/modules/fstab/main.py
|
||||
@@ -14,6 +14,7 @@
|
||||
|
||||
import os
|
||||
import re
|
||||
+import copy
|
||||
|
||||
import libcalamares
|
||||
|
||||
@@ -201,7 +202,7 @@ def generate_fstab(self):
|
||||
# so all subvolumes here should be safe to add to fstab
|
||||
btrfs_subvolumes = libcalamares.globalstorage.value("btrfsSubvolumes")
|
||||
for s in btrfs_subvolumes:
|
||||
- mount_entry = partition
|
||||
+ mount_entry = copy.deepcopy(partition)
|
||||
mount_entry["mountPoint"] = s["mountPoint"]
|
||||
mount_entry["subvol"] = s["subvolume"]
|
||||
dct = self.generate_fstab_line_info(mount_entry)
|
||||
Loading…
Reference in new issue