| Message ID | 20230728143320.3891194-2-stefan-koch@siemens.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | initramfs-crypt-hook: Fix disk encryption | expand |
On 28.07.23 16:33, Koch, Stefan (DI PA DCP R&D 3) wrote: > This prevents writing random data at reencryption > after resize2fs had already failed. > > Signed-off-by: Stefan Koch <stefan-koch@siemens.com> > --- > .../files/encrypt_partition.systemd.script | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script > index 330188a..83c3238 100644 > --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script > +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script > @@ -87,7 +87,9 @@ reencrypt_existing_partition() { > reduced_size="$(expr "$part_size_blocks" - 65536 )" > reduced_size_in_byte="$(expr "$reduced_size" \* 512)" > reduced_size_in_kb="$(expr "$reduced_size_in_byte" / 1024)K" > - resize2fs "$1" "${reduced_size_in_kb}" > + if ! resize2fs "$1" "${reduced_size_in_kb}"; then > + panic "reencryption of filesystem $1 cannot continue!" > + fi > if [ -x /usr/sbin/cryptsetup-reencrypt ]; then > /usr/sbin/cryptsetup-reencrypt --new --reduce-device-size "$reduce_device_size"k "$1" < "$2" > else Thanks, applied this one already. Jan
diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script index 330188a..83c3238 100644 --- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script +++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.systemd.script @@ -87,7 +87,9 @@ reencrypt_existing_partition() { reduced_size="$(expr "$part_size_blocks" - 65536 )" reduced_size_in_byte="$(expr "$reduced_size" \* 512)" reduced_size_in_kb="$(expr "$reduced_size_in_byte" / 1024)K" - resize2fs "$1" "${reduced_size_in_kb}" + if ! resize2fs "$1" "${reduced_size_in_kb}"; then + panic "reencryption of filesystem $1 cannot continue!" + fi if [ -x /usr/sbin/cryptsetup-reencrypt ]; then /usr/sbin/cryptsetup-reencrypt --new --reduce-device-size "$reduce_device_size"k "$1" < "$2" else
This prevents writing random data at reencryption after resize2fs had already failed. Signed-off-by: Stefan Koch <stefan-koch@siemens.com> --- .../files/encrypt_partition.systemd.script | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)