[isar-cip-core,1/3] initramfs-crypt-hook: Remove needless differences between clevis and systemd scripts

Message ID	1365151926687b7dfadcf7bb13b2600772cb6a55.1688630668.git.jan.kiszka@siemens.com (mailing list archive)
State	Superseded
Headers	show Return-Path: <jan.kiszka@siemens.com> ip: 185.136.64.228, mailfrom: fm-294854-20230706080429eb9cd6c46ba30f2db8-y8b3_r@rts-flowmailer.siemens.com) From: Jan Kiszka <jan.kiszka@siemens.com> To: cip-dev@lists.cip-project.org Cc: Quirin Gylstorff <quirin.gylstorff@siemens.com> Subject: [isar-cip-core][PATCH 1/3] initramfs-crypt-hook: Remove needless differences between clevis and systemd scripts Date: Thu, 6 Jul 2023 10:04:26 +0200 Message-Id: <1365151926687b7dfadcf7bb13b2600772cb6a55.1688630668.git.jan.kiszka@siemens.com> In-Reply-To: <cover.1688630668.git.jan.kiszka@siemens.com> References: <cover.1688630668.git.jan.kiszka@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Feedback-ID: 519:519-294854:519-21489:flowmailer
Series	Service watchdog in initramfs-crypto-hook, harden watchdog settings \| expand [isar-cip-core,0/3] Service watchdog in initramfs-crypto-hook, harden watchdog settings [isar-cip-core,1/3] initramfs-crypt-hook: Remove needless differences between clevis and systemd sc… [isar-cip-core,2/3] initramfs-crypt-hook: Service watchdog while setting up the crypto partitions [isar-cip-core,3/3] x86: Harden watchdog settings

diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.script b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.script index bcb5a048..9a1c37ba 100644 --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.script +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.clevis.script @@ -41,7 +41,7 @@ tpm_device=/dev/tpmrm0 partition_sets="$PARTITIONS" create_file_system_cmd="$CREATE_FILE_SYSTEM_CMD" -if [ -z "${create_file_system_cmd}" ];then +if [ -z "${create_file_system_cmd}" ]; then create_file_system_cmd="mke2fs -t ext4" fi @@ -73,7 +73,6 @@ reencrypt_existing_partition() { else /usr/sbin/cryptsetup reencrypt --encrypt --reduce-device-size "$reduce_device_size"k "$1" < "$2" fi - } if [ ! -e "$tpm_device" ]; then @@ -89,7 +88,7 @@ for partition_set in $partition_sets; do partition_label="$(awk -v var="$partition_set" 'BEGIN{split(var,a,":"); print a[1]}')" partition_mountpoint="$(awk -v var="$partition_set" 'BEGIN{split(var,a,":"); print a[2]}')" partition_format="$(awk -v var="$partition_set" 'BEGIN{split(var,a,":"); print a[3]}')" - partition=/dev/disk/by-partlabel/$partition_label + partition=/dev/disk/by-partlabel/"$partition_label" crypt_mount_name="encrypted_$partition_label" decrypted_part=/dev/mapper/"$crypt_mount_name" # clevis does not work with links in /dev/disk* diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script index 927184c0..eefac4bd 100644 --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script @@ -8,6 +8,7 @@ # Quirin Gylstorff <quirin.gylstorff@siemens.com> # # SPDX-License-Identifier: MIT + prereqs() { # Make sure that this script is run last in local-top @@ -52,11 +53,11 @@ open_tpm2_partition() { } enroll_tpm2_token() { - #check systemd version and export password if necessary + # check systemd version and export password if necessary if [ -x /usr/bin/systemd-cryptenroll ]; then systemd_version=$(systemd-cryptenroll --version | \ awk -F " " 'NR==1{print $2 }') - #check systemd version and export password if necessary + # check systemd version and export password if necessary if [ "$systemd_version" -ge "251" ]; then PASSWORD=$(cat "$2" ) export PASSWORD @@ -72,20 +73,19 @@ enroll_tpm2_token() { } reencrypt_existing_partition() { - part_device=$(readlink -f "$partition") - part_size_blocks=$(cat /sys/class/block/"$(awk -v dev="$part_device" 'BEGIN{split(dev,a,"/"); print a[3]}' )"/size) + part_device="$(readlink -f "$partition")" + part_size_blocks="$(cat /sys/class/block/"$(awk -v dev="$part_device" 'BEGIN{split(dev,a,"/"); print a[3]}' )"/size)" # reduce the filesystem and partition by 32M to fit the LUKS header reduce_device_size=32768 - reduced_size=$(expr "$part_size_blocks" - 65536 ) - reduced_size_in_byte=$(expr "$reduced_size" \* 512) - reduced_size_in_kb=$(expr "$reduced_size_in_byte" / 1024)K + reduced_size="$(expr "$part_size_blocks" - 65536 )" + reduced_size_in_byte="$(expr "$reduced_size" \* 512)" + reduced_size_in_kb="$(expr "$reduced_size_in_byte" / 1024)K" resize2fs "$1" "${reduced_size_in_kb}" if [ -x /usr/sbin/cryptsetup-reencrypt ]; then /usr/sbin/cryptsetup-reencrypt --new --reduce-device-size "$reduce_device_size"k "$1" < "$2" else /usr/sbin/cryptsetup reencrypt --encrypt --reduce-device-size "$reduce_device_size"k "$1" < "$2" fi - } if [ ! -e "$tpm_device" ]; then @@ -93,9 +93,9 @@ if [ ! -e "$tpm_device" ]; then fi for partition_set in $partition_sets; do - partition_label=$(awk -v var="$partition_set" 'BEGIN{split(var,a,":"); print a[1]}') - partition_mountpoint=$(awk -v var="$partition_set" 'BEGIN{split(var,a,":"); print a[2]}') - partition_format=$(awk -v var="$partition_set" 'BEGIN{split(var,a,":"); print a[3]}') + partition_label="$(awk -v var="$partition_set" 'BEGIN{split(var,a,":"); print a[1]}')" + partition_mountpoint="$(awk -v var="$partition_set" 'BEGIN{split(var,a,":"); print a[2]}')" + partition_format="$(awk -v var="$partition_set" 'BEGIN{split(var,a,":"); print a[3]}')" partition=/dev/disk/by-partlabel/"$partition_label" crypt_mount_name="encrypted_$partition_label" decrypted_part=/dev/mapper/"$crypt_mount_name"

[isar-cip-core,1/3] initramfs-crypt-hook: Remove needless differences between clevis and systemd scripts

Commit Message

Patch