calamares-packaging/debian/patches/enable-optional-part-encryption.patch

Description: Allow specifying partitions to keep unencrypted when using FDE
Author: Aaron Rainbolt <arraybolt3@ubuntu.com>
Origin: vendor
Bug: https://github.com/calamares/calamares/issues/1938
Forwarded: https://github.com/calamares/calamares/pull/2280
Last-Update: 2024-02-05
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/src/modules/partition/core/PartitionLayout.cpp
+++ b/src/modules/partition/core/PartitionLayout.cpp
@@ -61,6 +61,7 @@ PartitionLayout::PartitionEntry::Partiti
                                                  quint64 attributes,
                                                  const QString& mountPoint,
                                                  const QString& fs,
+                                                 const bool& noEncrypt,
                                                  const QVariantMap& features,
                                                  const QString& size,
                                                  const QString& minSize,
@@ -76,6 +77,7 @@ PartitionLayout::PartitionEntry::Partiti
     , partMaxSize( maxSize )
 {
     PartUtils::canonicalFilesystemName( fs, &partFileSystem );
+    partNoEncrypt = noEncrypt;
 }
 
 bool
@@ -116,6 +118,7 @@ PartitionLayout::init( FileSystem::Type
                           Calamares::getUnsignedInteger( pentry, "attributes", 0 ),
                           Calamares::getString( pentry, "mountPoint" ),
                           Calamares::getString( pentry, "filesystem", "unformatted" ),
+                          Calamares::getBool( pentry, "noEncrypt", false ),
                           Calamares::getSubMap( pentry, "features", ok ),
                           Calamares::getString( pentry, "size", QStringLiteral( "0" ) ),
                           Calamares::getString( pentry, "minSize", QStringLiteral( "0" ) ),
@@ -295,8 +298,8 @@ PartitionLayout::createPartitions( Devic
 
         Partition* part = nullptr;
 
-        // Encryption for zfs is handled in the zfs module
-        if ( luksPassphrase.isEmpty() || correctFS( entry.partFileSystem ) == FileSystem::Zfs )
+        // Encryption for zfs is handled in the zfs module, skip encryption on noEncrypt partitions
+        if ( luksPassphrase.isEmpty() || correctFS( entry.partFileSystem ) == FileSystem::Zfs || entry.partNoEncrypt )
         {
             part = KPMHelpers::createNewPartition( parent,
                                                    *dev,
@@ -329,7 +332,7 @@ PartitionLayout::createPartitions( Devic
             QVariantMap zfsInfo;
 
             // Save the information subsequent modules will need
-            zfsInfo[ "encrypted" ] = !luksPassphrase.isEmpty();
+            zfsInfo[ "encrypted" ] = !luksPassphrase.isEmpty() && !entry.partNoEncrypt;
             zfsInfo[ "passphrase" ] = luksPassphrase;
             zfsInfo[ "mountpoint" ] = entry.partMountPoint;
 
--- a/src/modules/partition/core/PartitionLayout.h
+++ b/src/modules/partition/core/PartitionLayout.h
@@ -37,6 +37,7 @@ public:
         quint64 partAttributes = 0;
         QString partMountPoint;
         FileSystem::Type partFileSystem = FileSystem::Unknown;
+        bool partNoEncrypt;
         QVariantMap partFeatures;
         Calamares::Partition::PartitionSize partSize;
         Calamares::Partition::PartitionSize partMinSize;
@@ -61,6 +62,7 @@ public:
                         quint64 attributes,
                         const QString& mountPoint,
                         const QString& fs,
+                        const bool& noEncrypt,
                         const QVariantMap& features,
                         const QString& size,
                         const QString& minSize = QString(),
--- a/src/modules/partition/partition.conf
+++ b/src/modules/partition/partition.conf
@@ -258,6 +258,7 @@ defaultFileSystemType:  "ext4"
 #     - name: "rootfs"
 #       type: "4f68bce3-e8cd-4db1-96e7-fbcaf984b709"
 #       filesystem: "ext4"
+#       noEncrypt: false
 #       mountPoint: "/"
 #       size: 20%
 #       minSize: 500M
@@ -266,6 +267,7 @@ defaultFileSystemType:  "ext4"
 #     - name: "home"
 #       type: "933ac7e1-2eb4-4f13-b844-0e14e2aef915"
 #       filesystem: "ext4"
+#       noEncrypt: false
 #       mountPoint: "/home"
 #       size: 3G
 #       minSize: 1.5G
@@ -293,6 +295,7 @@ defaultFileSystemType:  "ext4"
 #       - if "unknown" (or an unknown FS name, like "elephant") then the
 #         default filesystem type, or the user's choice, will be applied instead
 #         of "unknown" (e.g. the user might pick ext4, or xfs).
+#   - noEncrypt: whether this partition is exempt from encryption if enabled (optional parameter; default is false)
 #   - mountPoint: partition mount point (optional parameter; not mounted if unset)
 #   - size: partition size in bytes (append 'K', 'M' or 'G' for KiB, MiB or GiB)
 #           or