Sync with archive

ubuntu/noble ubuntu/3.3.1-0ubuntu4
Aaron Rainbolt 10 months ago
parent 4930e95fb6
commit aff62fa055

19
debian/changelog vendored

@ -1,3 +1,22 @@
calamares (3.3.1-0ubuntu4) noble; urgency=medium
* Fix BTRFS+LUKS installations with unencrypted /boot.
-- Aaron Rainbolt <arraybolt3@ubuntu.com> Mon, 12 Feb 2024 11:51:59 -0600
calamares (3.3.1-0ubuntu3) noble; urgency=medium
* Allow specifying partitions that must remain unencrypted when using FDE.
* Allow specifying partitions that are only created when FDE is enabled.
-- Aaron Rainbolt <arraybolt3@ubuntu.com> Mon, 05 Feb 2024 18:12:47 -0600
calamares (3.3.1-0ubuntu2) noble; urgency=medium
* No-change rebuild with Python 3.12 as default
-- Graham Inggs <ginggs@ubuntu.com> Sat, 20 Jan 2024 08:39:43 +0000
calamares (3.3.1-0ubuntu1) noble; urgency=medium calamares (3.3.1-0ubuntu1) noble; urgency=medium
* New upstream release. * New upstream release.

@ -0,0 +1,126 @@
Description: Allow specifying partitions that are only present when FDE is used.
Author: Aaron Rainbolt <arraybolt3@ubuntu.com>
Origin: ubuntu
Forwarded: not-needed
Last-Update: 2024-02-06
Index: calamares-3.3.1/src/modules/partition/core/PartitionLayout.cpp
===================================================================
--- calamares-3.3.1.orig/src/modules/partition/core/PartitionLayout.cpp
+++ calamares-3.3.1/src/modules/partition/core/PartitionLayout.cpp
@@ -62,6 +62,7 @@ PartitionLayout::PartitionEntry::Partiti
const QString& mountPoint,
const QString& fs,
const bool& noEncrypt,
+ const bool& onlyPresentWithEncryption,
const QVariantMap& features,
const QString& size,
const QString& minSize,
@@ -78,6 +79,7 @@ PartitionLayout::PartitionEntry::Partiti
{
PartUtils::canonicalFilesystemName( fs, &partFileSystem );
partNoEncrypt = noEncrypt;
+ partOnlyPresentWithEncryption = onlyPresentWithEncryption;
}
bool
@@ -119,6 +121,7 @@ PartitionLayout::init( FileSystem::Type
Calamares::getString( pentry, "mountPoint" ),
Calamares::getString( pentry, "filesystem", "unformatted" ),
Calamares::getBool( pentry, "noEncrypt", false ),
+ Calamares::getBool( pentry, "onlyPresentWithEncryption", false ),
Calamares::getSubMap( pentry, "features", ok ),
Calamares::getString( pentry, "size", QStringLiteral( "0" ) ),
Calamares::getString( pentry, "minSize", QStringLiteral( "0" ) ),
@@ -228,6 +231,10 @@ PartitionLayout::createPartitions( Devic
cWarning() << "Partition" << entry.partMountPoint << "size is invalid, skipping...";
continue;
}
+ if ( luksPassphrase.isEmpty() && entry.partOnlyPresentWithEncryption ) {
+ // this partition is being skipped entirely
+ continue;
+ }
// Calculate partition size: Rely on "possibly uninitialized use"
// warnings to ensure that all the cases are covered below.
@@ -252,6 +259,10 @@ PartitionLayout::createPartitions( Devic
availableSectors = totalSectors;
for ( const auto& entry : qAsConst( m_partLayout ) )
{
+ if ( luksPassphrase.isEmpty() && entry.partOnlyPresentWithEncryption ) {
+ // this partition is being skipped entirely
+ continue;
+ }
qint64 sectors = partSectorsMap.value( &entry );
if ( entry.partMinSize.isValid() )
{
@@ -265,6 +276,10 @@ PartitionLayout::createPartitions( Devic
// Assign sectors for percentage-defined partitions.
for ( const auto& entry : qAsConst( m_partLayout ) )
{
+ if ( luksPassphrase.isEmpty() && entry.partOnlyPresentWithEncryption ) {
+ // this partition is being skipped entirely
+ continue;
+ }
if ( entry.partSize.unit() == Calamares::Partition::SizeUnit::Percent )
{
qint64 sectors
@@ -288,6 +303,10 @@ PartitionLayout::createPartitions( Devic
availableSectors = totalSectors;
for ( const auto& entry : qAsConst( m_partLayout ) )
{
+ if ( luksPassphrase.isEmpty() && entry.partOnlyPresentWithEncryption ) {
+ // this partition is being skipped entirely
+ continue;
+ }
// Adjust partition size based on available space.
qint64 sectors = partSectorsMap.value( &entry );
sectors = std::min( sectors, availableSectors );
Index: calamares-3.3.1/src/modules/partition/core/PartitionLayout.h
===================================================================
--- calamares-3.3.1.orig/src/modules/partition/core/PartitionLayout.h
+++ calamares-3.3.1/src/modules/partition/core/PartitionLayout.h
@@ -38,6 +38,7 @@ public:
QString partMountPoint;
FileSystem::Type partFileSystem = FileSystem::Unknown;
bool partNoEncrypt;
+ bool partOnlyPresentWithEncryption;
QVariantMap partFeatures;
Calamares::Partition::PartitionSize partSize;
Calamares::Partition::PartitionSize partMinSize;
@@ -63,6 +64,7 @@ public:
const QString& mountPoint,
const QString& fs,
const bool& noEncrypt,
+ const bool& onlyPresentWithEncryption,
const QVariantMap& features,
const QString& size,
const QString& minSize = QString(),
Index: calamares-3.3.1/src/modules/partition/partition.conf
===================================================================
--- calamares-3.3.1.orig/src/modules/partition/partition.conf
+++ calamares-3.3.1/src/modules/partition/partition.conf
@@ -259,6 +259,7 @@ defaultFileSystemType: "ext4"
# type: "4f68bce3-e8cd-4db1-96e7-fbcaf984b709"
# filesystem: "ext4"
# noEncrypt: false
+# onlyPresentWithEncryption: false
# mountPoint: "/"
# size: 20%
# minSize: 500M
@@ -268,6 +269,7 @@ defaultFileSystemType: "ext4"
# type: "933ac7e1-2eb4-4f13-b844-0e14e2aef915"
# filesystem: "ext4"
# noEncrypt: false
+# onlyPresentWithEncryption: false
# mountPoint: "/home"
# size: 3G
# minSize: 1.5G
@@ -296,6 +298,7 @@ defaultFileSystemType: "ext4"
# default filesystem type, or the user's choice, will be applied instead
# of "unknown" (e.g. the user might pick ext4, or xfs).
# - noEncrypt: whether this partition is exempt from encryption if enabled (optional parameter; default is false)
+# - onlyPresentWithEncryption: whether this partition is only created when encryption is enabled (optional parameter; default is false; ONLY SUPPORTED IN UBUNTU)
# - mountPoint: partition mount point (optional parameter; not mounted if unset)
# - size: partition size in bytes (append 'K', 'M' or 'G' for KiB, MiB or GiB)
# or

@ -0,0 +1,98 @@
Description: Allow specifying partitions to keep unencrypted when using FDE
Author: Aaron Rainbolt <arraybolt3@ubuntu.com>
Origin: vendor
Bug: https://github.com/calamares/calamares/issues/1938
Forwarded: https://github.com/calamares/calamares/pull/2280
Last-Update: 2024-02-05
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/src/modules/partition/core/PartitionLayout.cpp
+++ b/src/modules/partition/core/PartitionLayout.cpp
@@ -61,6 +61,7 @@ PartitionLayout::PartitionEntry::Partiti
quint64 attributes,
const QString& mountPoint,
const QString& fs,
+ const bool& noEncrypt,
const QVariantMap& features,
const QString& size,
const QString& minSize,
@@ -76,6 +77,7 @@ PartitionLayout::PartitionEntry::Partiti
, partMaxSize( maxSize )
{
PartUtils::canonicalFilesystemName( fs, &partFileSystem );
+ partNoEncrypt = noEncrypt;
}
bool
@@ -116,6 +118,7 @@ PartitionLayout::init( FileSystem::Type
Calamares::getUnsignedInteger( pentry, "attributes", 0 ),
Calamares::getString( pentry, "mountPoint" ),
Calamares::getString( pentry, "filesystem", "unformatted" ),
+ Calamares::getBool( pentry, "noEncrypt", false ),
Calamares::getSubMap( pentry, "features", ok ),
Calamares::getString( pentry, "size", QStringLiteral( "0" ) ),
Calamares::getString( pentry, "minSize", QStringLiteral( "0" ) ),
@@ -295,8 +298,8 @@ PartitionLayout::createPartitions( Devic
Partition* part = nullptr;
- // Encryption for zfs is handled in the zfs module
- if ( luksPassphrase.isEmpty() || correctFS( entry.partFileSystem ) == FileSystem::Zfs )
+ // Encryption for zfs is handled in the zfs module, skip encryption on noEncrypt partitions
+ if ( luksPassphrase.isEmpty() || correctFS( entry.partFileSystem ) == FileSystem::Zfs || entry.partNoEncrypt )
{
part = KPMHelpers::createNewPartition( parent,
*dev,
@@ -329,7 +332,7 @@ PartitionLayout::createPartitions( Devic
QVariantMap zfsInfo;
// Save the information subsequent modules will need
- zfsInfo[ "encrypted" ] = !luksPassphrase.isEmpty();
+ zfsInfo[ "encrypted" ] = !luksPassphrase.isEmpty() && !entry.partNoEncrypt;
zfsInfo[ "passphrase" ] = luksPassphrase;
zfsInfo[ "mountpoint" ] = entry.partMountPoint;
--- a/src/modules/partition/core/PartitionLayout.h
+++ b/src/modules/partition/core/PartitionLayout.h
@@ -37,6 +37,7 @@ public:
quint64 partAttributes = 0;
QString partMountPoint;
FileSystem::Type partFileSystem = FileSystem::Unknown;
+ bool partNoEncrypt;
QVariantMap partFeatures;
Calamares::Partition::PartitionSize partSize;
Calamares::Partition::PartitionSize partMinSize;
@@ -61,6 +62,7 @@ public:
quint64 attributes,
const QString& mountPoint,
const QString& fs,
+ const bool& noEncrypt,
const QVariantMap& features,
const QString& size,
const QString& minSize = QString(),
--- a/src/modules/partition/partition.conf
+++ b/src/modules/partition/partition.conf
@@ -258,6 +258,7 @@ defaultFileSystemType: "ext4"
# - name: "rootfs"
# type: "4f68bce3-e8cd-4db1-96e7-fbcaf984b709"
# filesystem: "ext4"
+# noEncrypt: false
# mountPoint: "/"
# size: 20%
# minSize: 500M
@@ -266,6 +267,7 @@ defaultFileSystemType: "ext4"
# - name: "home"
# type: "933ac7e1-2eb4-4f13-b844-0e14e2aef915"
# filesystem: "ext4"
+# noEncrypt: false
# mountPoint: "/home"
# size: 3G
# minSize: 1.5G
@@ -293,6 +295,7 @@ defaultFileSystemType: "ext4"
# - if "unknown" (or an unknown FS name, like "elephant") then the
# default filesystem type, or the user's choice, will be applied instead
# of "unknown" (e.g. the user might pick ext4, or xfs).
+# - noEncrypt: whether this partition is exempt from encryption if enabled (optional parameter; default is false)
# - mountPoint: partition mount point (optional parameter; not mounted if unset)
# - size: partition size in bytes (append 'K', 'M' or 'G' for KiB, MiB or GiB)
# or

@ -0,0 +1,28 @@
Description: Fix BTRFS+LUKS installations with unencrypted /boot
Author: TJ <hacker@iam.tj>
Origin: upstream, https://github.com/calamares/calamares/commit/60989290e02f20b56f7e90056a0239f000198cbb
Bug: https://github.com/calamares/calamares/issues/2281
Last-Update: 2024-02-12
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
diff --git a/src/modules/fstab/main.py b/src/modules/fstab/main.py
index 97e7e7486a..78cae63494 100755
--- a/src/modules/fstab/main.py
+++ b/src/modules/fstab/main.py
@@ -14,6 +14,7 @@
import os
import re
+import copy
import libcalamares
@@ -201,7 +202,7 @@ def generate_fstab(self):
# so all subvolumes here should be safe to add to fstab
btrfs_subvolumes = libcalamares.globalstorage.value("btrfsSubvolumes")
for s in btrfs_subvolumes:
- mount_entry = partition
+ mount_entry = copy.deepcopy(partition)
mount_entry["mountPoint"] = s["mountPoint"]
mount_entry["subvol"] = s["subvolume"]
dct = self.generate_fstab_line_info(mount_entry)

@ -1,2 +1,5 @@
0001-replace-pkexec-by-sudo.patch 0001-replace-pkexec-by-sudo.patch
apport-package-hook.patch apport-package-hook.patch
enable-optional-part-encryption.patch
enable-only-present-with-encryption-partitions.patch
fix-btrfs-luks.patch

Loading…
Cancel
Save