parent
4930e95fb6
commit
aff62fa055
@ -0,0 +1,126 @@
|
|||||||
|
Description: Allow specifying partitions that are only present when FDE is used.
|
||||||
|
Author: Aaron Rainbolt <arraybolt3@ubuntu.com>
|
||||||
|
Origin: ubuntu
|
||||||
|
Forwarded: not-needed
|
||||||
|
Last-Update: 2024-02-06
|
||||||
|
|
||||||
|
Index: calamares-3.3.1/src/modules/partition/core/PartitionLayout.cpp
|
||||||
|
===================================================================
|
||||||
|
--- calamares-3.3.1.orig/src/modules/partition/core/PartitionLayout.cpp
|
||||||
|
+++ calamares-3.3.1/src/modules/partition/core/PartitionLayout.cpp
|
||||||
|
@@ -62,6 +62,7 @@ PartitionLayout::PartitionEntry::Partiti
|
||||||
|
const QString& mountPoint,
|
||||||
|
const QString& fs,
|
||||||
|
const bool& noEncrypt,
|
||||||
|
+ const bool& onlyPresentWithEncryption,
|
||||||
|
const QVariantMap& features,
|
||||||
|
const QString& size,
|
||||||
|
const QString& minSize,
|
||||||
|
@@ -78,6 +79,7 @@ PartitionLayout::PartitionEntry::Partiti
|
||||||
|
{
|
||||||
|
PartUtils::canonicalFilesystemName( fs, &partFileSystem );
|
||||||
|
partNoEncrypt = noEncrypt;
|
||||||
|
+ partOnlyPresentWithEncryption = onlyPresentWithEncryption;
|
||||||
|
}
|
||||||
|
|
||||||
|
bool
|
||||||
|
@@ -119,6 +121,7 @@ PartitionLayout::init( FileSystem::Type
|
||||||
|
Calamares::getString( pentry, "mountPoint" ),
|
||||||
|
Calamares::getString( pentry, "filesystem", "unformatted" ),
|
||||||
|
Calamares::getBool( pentry, "noEncrypt", false ),
|
||||||
|
+ Calamares::getBool( pentry, "onlyPresentWithEncryption", false ),
|
||||||
|
Calamares::getSubMap( pentry, "features", ok ),
|
||||||
|
Calamares::getString( pentry, "size", QStringLiteral( "0" ) ),
|
||||||
|
Calamares::getString( pentry, "minSize", QStringLiteral( "0" ) ),
|
||||||
|
@@ -228,6 +231,10 @@ PartitionLayout::createPartitions( Devic
|
||||||
|
cWarning() << "Partition" << entry.partMountPoint << "size is invalid, skipping...";
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
+ if ( luksPassphrase.isEmpty() && entry.partOnlyPresentWithEncryption ) {
|
||||||
|
+ // this partition is being skipped entirely
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
// Calculate partition size: Rely on "possibly uninitialized use"
|
||||||
|
// warnings to ensure that all the cases are covered below.
|
||||||
|
@@ -252,6 +259,10 @@ PartitionLayout::createPartitions( Devic
|
||||||
|
availableSectors = totalSectors;
|
||||||
|
for ( const auto& entry : qAsConst( m_partLayout ) )
|
||||||
|
{
|
||||||
|
+ if ( luksPassphrase.isEmpty() && entry.partOnlyPresentWithEncryption ) {
|
||||||
|
+ // this partition is being skipped entirely
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
qint64 sectors = partSectorsMap.value( &entry );
|
||||||
|
if ( entry.partMinSize.isValid() )
|
||||||
|
{
|
||||||
|
@@ -265,6 +276,10 @@ PartitionLayout::createPartitions( Devic
|
||||||
|
// Assign sectors for percentage-defined partitions.
|
||||||
|
for ( const auto& entry : qAsConst( m_partLayout ) )
|
||||||
|
{
|
||||||
|
+ if ( luksPassphrase.isEmpty() && entry.partOnlyPresentWithEncryption ) {
|
||||||
|
+ // this partition is being skipped entirely
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
if ( entry.partSize.unit() == Calamares::Partition::SizeUnit::Percent )
|
||||||
|
{
|
||||||
|
qint64 sectors
|
||||||
|
@@ -288,6 +303,10 @@ PartitionLayout::createPartitions( Devic
|
||||||
|
availableSectors = totalSectors;
|
||||||
|
for ( const auto& entry : qAsConst( m_partLayout ) )
|
||||||
|
{
|
||||||
|
+ if ( luksPassphrase.isEmpty() && entry.partOnlyPresentWithEncryption ) {
|
||||||
|
+ // this partition is being skipped entirely
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
// Adjust partition size based on available space.
|
||||||
|
qint64 sectors = partSectorsMap.value( &entry );
|
||||||
|
sectors = std::min( sectors, availableSectors );
|
||||||
|
Index: calamares-3.3.1/src/modules/partition/core/PartitionLayout.h
|
||||||
|
===================================================================
|
||||||
|
--- calamares-3.3.1.orig/src/modules/partition/core/PartitionLayout.h
|
||||||
|
+++ calamares-3.3.1/src/modules/partition/core/PartitionLayout.h
|
||||||
|
@@ -38,6 +38,7 @@ public:
|
||||||
|
QString partMountPoint;
|
||||||
|
FileSystem::Type partFileSystem = FileSystem::Unknown;
|
||||||
|
bool partNoEncrypt;
|
||||||
|
+ bool partOnlyPresentWithEncryption;
|
||||||
|
QVariantMap partFeatures;
|
||||||
|
Calamares::Partition::PartitionSize partSize;
|
||||||
|
Calamares::Partition::PartitionSize partMinSize;
|
||||||
|
@@ -63,6 +64,7 @@ public:
|
||||||
|
const QString& mountPoint,
|
||||||
|
const QString& fs,
|
||||||
|
const bool& noEncrypt,
|
||||||
|
+ const bool& onlyPresentWithEncryption,
|
||||||
|
const QVariantMap& features,
|
||||||
|
const QString& size,
|
||||||
|
const QString& minSize = QString(),
|
||||||
|
Index: calamares-3.3.1/src/modules/partition/partition.conf
|
||||||
|
===================================================================
|
||||||
|
--- calamares-3.3.1.orig/src/modules/partition/partition.conf
|
||||||
|
+++ calamares-3.3.1/src/modules/partition/partition.conf
|
||||||
|
@@ -259,6 +259,7 @@ defaultFileSystemType: "ext4"
|
||||||
|
# type: "4f68bce3-e8cd-4db1-96e7-fbcaf984b709"
|
||||||
|
# filesystem: "ext4"
|
||||||
|
# noEncrypt: false
|
||||||
|
+# onlyPresentWithEncryption: false
|
||||||
|
# mountPoint: "/"
|
||||||
|
# size: 20%
|
||||||
|
# minSize: 500M
|
||||||
|
@@ -268,6 +269,7 @@ defaultFileSystemType: "ext4"
|
||||||
|
# type: "933ac7e1-2eb4-4f13-b844-0e14e2aef915"
|
||||||
|
# filesystem: "ext4"
|
||||||
|
# noEncrypt: false
|
||||||
|
+# onlyPresentWithEncryption: false
|
||||||
|
# mountPoint: "/home"
|
||||||
|
# size: 3G
|
||||||
|
# minSize: 1.5G
|
||||||
|
@@ -296,6 +298,7 @@ defaultFileSystemType: "ext4"
|
||||||
|
# default filesystem type, or the user's choice, will be applied instead
|
||||||
|
# of "unknown" (e.g. the user might pick ext4, or xfs).
|
||||||
|
# - noEncrypt: whether this partition is exempt from encryption if enabled (optional parameter; default is false)
|
||||||
|
+# - onlyPresentWithEncryption: whether this partition is only created when encryption is enabled (optional parameter; default is false; ONLY SUPPORTED IN UBUNTU)
|
||||||
|
# - mountPoint: partition mount point (optional parameter; not mounted if unset)
|
||||||
|
# - size: partition size in bytes (append 'K', 'M' or 'G' for KiB, MiB or GiB)
|
||||||
|
# or
|
@ -0,0 +1,98 @@
|
|||||||
|
Description: Allow specifying partitions to keep unencrypted when using FDE
|
||||||
|
Author: Aaron Rainbolt <arraybolt3@ubuntu.com>
|
||||||
|
Origin: vendor
|
||||||
|
Bug: https://github.com/calamares/calamares/issues/1938
|
||||||
|
Forwarded: https://github.com/calamares/calamares/pull/2280
|
||||||
|
Last-Update: 2024-02-05
|
||||||
|
---
|
||||||
|
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
|
||||||
|
--- a/src/modules/partition/core/PartitionLayout.cpp
|
||||||
|
+++ b/src/modules/partition/core/PartitionLayout.cpp
|
||||||
|
@@ -61,6 +61,7 @@ PartitionLayout::PartitionEntry::Partiti
|
||||||
|
quint64 attributes,
|
||||||
|
const QString& mountPoint,
|
||||||
|
const QString& fs,
|
||||||
|
+ const bool& noEncrypt,
|
||||||
|
const QVariantMap& features,
|
||||||
|
const QString& size,
|
||||||
|
const QString& minSize,
|
||||||
|
@@ -76,6 +77,7 @@ PartitionLayout::PartitionEntry::Partiti
|
||||||
|
, partMaxSize( maxSize )
|
||||||
|
{
|
||||||
|
PartUtils::canonicalFilesystemName( fs, &partFileSystem );
|
||||||
|
+ partNoEncrypt = noEncrypt;
|
||||||
|
}
|
||||||
|
|
||||||
|
bool
|
||||||
|
@@ -116,6 +118,7 @@ PartitionLayout::init( FileSystem::Type
|
||||||
|
Calamares::getUnsignedInteger( pentry, "attributes", 0 ),
|
||||||
|
Calamares::getString( pentry, "mountPoint" ),
|
||||||
|
Calamares::getString( pentry, "filesystem", "unformatted" ),
|
||||||
|
+ Calamares::getBool( pentry, "noEncrypt", false ),
|
||||||
|
Calamares::getSubMap( pentry, "features", ok ),
|
||||||
|
Calamares::getString( pentry, "size", QStringLiteral( "0" ) ),
|
||||||
|
Calamares::getString( pentry, "minSize", QStringLiteral( "0" ) ),
|
||||||
|
@@ -295,8 +298,8 @@ PartitionLayout::createPartitions( Devic
|
||||||
|
|
||||||
|
Partition* part = nullptr;
|
||||||
|
|
||||||
|
- // Encryption for zfs is handled in the zfs module
|
||||||
|
- if ( luksPassphrase.isEmpty() || correctFS( entry.partFileSystem ) == FileSystem::Zfs )
|
||||||
|
+ // Encryption for zfs is handled in the zfs module, skip encryption on noEncrypt partitions
|
||||||
|
+ if ( luksPassphrase.isEmpty() || correctFS( entry.partFileSystem ) == FileSystem::Zfs || entry.partNoEncrypt )
|
||||||
|
{
|
||||||
|
part = KPMHelpers::createNewPartition( parent,
|
||||||
|
*dev,
|
||||||
|
@@ -329,7 +332,7 @@ PartitionLayout::createPartitions( Devic
|
||||||
|
QVariantMap zfsInfo;
|
||||||
|
|
||||||
|
// Save the information subsequent modules will need
|
||||||
|
- zfsInfo[ "encrypted" ] = !luksPassphrase.isEmpty();
|
||||||
|
+ zfsInfo[ "encrypted" ] = !luksPassphrase.isEmpty() && !entry.partNoEncrypt;
|
||||||
|
zfsInfo[ "passphrase" ] = luksPassphrase;
|
||||||
|
zfsInfo[ "mountpoint" ] = entry.partMountPoint;
|
||||||
|
|
||||||
|
--- a/src/modules/partition/core/PartitionLayout.h
|
||||||
|
+++ b/src/modules/partition/core/PartitionLayout.h
|
||||||
|
@@ -37,6 +37,7 @@ public:
|
||||||
|
quint64 partAttributes = 0;
|
||||||
|
QString partMountPoint;
|
||||||
|
FileSystem::Type partFileSystem = FileSystem::Unknown;
|
||||||
|
+ bool partNoEncrypt;
|
||||||
|
QVariantMap partFeatures;
|
||||||
|
Calamares::Partition::PartitionSize partSize;
|
||||||
|
Calamares::Partition::PartitionSize partMinSize;
|
||||||
|
@@ -61,6 +62,7 @@ public:
|
||||||
|
quint64 attributes,
|
||||||
|
const QString& mountPoint,
|
||||||
|
const QString& fs,
|
||||||
|
+ const bool& noEncrypt,
|
||||||
|
const QVariantMap& features,
|
||||||
|
const QString& size,
|
||||||
|
const QString& minSize = QString(),
|
||||||
|
--- a/src/modules/partition/partition.conf
|
||||||
|
+++ b/src/modules/partition/partition.conf
|
||||||
|
@@ -258,6 +258,7 @@ defaultFileSystemType: "ext4"
|
||||||
|
# - name: "rootfs"
|
||||||
|
# type: "4f68bce3-e8cd-4db1-96e7-fbcaf984b709"
|
||||||
|
# filesystem: "ext4"
|
||||||
|
+# noEncrypt: false
|
||||||
|
# mountPoint: "/"
|
||||||
|
# size: 20%
|
||||||
|
# minSize: 500M
|
||||||
|
@@ -266,6 +267,7 @@ defaultFileSystemType: "ext4"
|
||||||
|
# - name: "home"
|
||||||
|
# type: "933ac7e1-2eb4-4f13-b844-0e14e2aef915"
|
||||||
|
# filesystem: "ext4"
|
||||||
|
+# noEncrypt: false
|
||||||
|
# mountPoint: "/home"
|
||||||
|
# size: 3G
|
||||||
|
# minSize: 1.5G
|
||||||
|
@@ -293,6 +295,7 @@ defaultFileSystemType: "ext4"
|
||||||
|
# - if "unknown" (or an unknown FS name, like "elephant") then the
|
||||||
|
# default filesystem type, or the user's choice, will be applied instead
|
||||||
|
# of "unknown" (e.g. the user might pick ext4, or xfs).
|
||||||
|
+# - noEncrypt: whether this partition is exempt from encryption if enabled (optional parameter; default is false)
|
||||||
|
# - mountPoint: partition mount point (optional parameter; not mounted if unset)
|
||||||
|
# - size: partition size in bytes (append 'K', 'M' or 'G' for KiB, MiB or GiB)
|
||||||
|
# or
|
@ -0,0 +1,28 @@
|
|||||||
|
Description: Fix BTRFS+LUKS installations with unencrypted /boot
|
||||||
|
Author: TJ <hacker@iam.tj>
|
||||||
|
Origin: upstream, https://github.com/calamares/calamares/commit/60989290e02f20b56f7e90056a0239f000198cbb
|
||||||
|
Bug: https://github.com/calamares/calamares/issues/2281
|
||||||
|
Last-Update: 2024-02-12
|
||||||
|
---
|
||||||
|
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
|
||||||
|
diff --git a/src/modules/fstab/main.py b/src/modules/fstab/main.py
|
||||||
|
index 97e7e7486a..78cae63494 100755
|
||||||
|
--- a/src/modules/fstab/main.py
|
||||||
|
+++ b/src/modules/fstab/main.py
|
||||||
|
@@ -14,6 +14,7 @@
|
||||||
|
|
||||||
|
import os
|
||||||
|
import re
|
||||||
|
+import copy
|
||||||
|
|
||||||
|
import libcalamares
|
||||||
|
|
||||||
|
@@ -201,7 +202,7 @@ def generate_fstab(self):
|
||||||
|
# so all subvolumes here should be safe to add to fstab
|
||||||
|
btrfs_subvolumes = libcalamares.globalstorage.value("btrfsSubvolumes")
|
||||||
|
for s in btrfs_subvolumes:
|
||||||
|
- mount_entry = partition
|
||||||
|
+ mount_entry = copy.deepcopy(partition)
|
||||||
|
mount_entry["mountPoint"] = s["mountPoint"]
|
||||||
|
mount_entry["subvol"] = s["subvolume"]
|
||||||
|
dct = self.generate_fstab_line_info(mount_entry)
|
@ -1,2 +1,5 @@
|
|||||||
0001-replace-pkexec-by-sudo.patch
|
0001-replace-pkexec-by-sudo.patch
|
||||||
apport-package-hook.patch
|
apport-package-hook.patch
|
||||||
|
enable-optional-part-encryption.patch
|
||||||
|
enable-only-present-with-encryption-partitions.patch
|
||||||
|
fix-btrfs-luks.patch
|
||||||
|
Loading…
Reference in new issue