[v3,1/4] initramfs-crypt-hook: Do not attempt to repair a partially encrypted filesystem

Commit Message

Stefan Koch July 15, 2024, 1:46 p.m. UTC

Avoids that e2fsck will repair the partially rencrypted
filesystem after power-loss while reencryption.

In general, cryptsetup is capable to resume a partial encryption,
but there is no key available to unlock the partial encrypted data, yet.
The key is enrolled only after fully succeeded reencryption, yet.

Signed-off-by: Stefan Koch <stefan-koch@siemens.com>
---
 .../initramfs-crypt-hook/files/encrypt_partition.script   | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

Patch

diff --git a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script
index ff4c135..f943aea 100644
--- a/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script
+++ b/recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script
@@ -77,7 +77,13 @@  reencrypt_existing_partition() {
 [options]
 	broken_system_clock=true
 EOF
-		e2fsck -p -f "$1"
+		# ensure that filesystem is clean otherwise resize2fs will fail
+		# do not attempt to repair a partially encrypted filesystem
+		# ensure that there is no attempt to
+		# repair a partially encrypted filesystem
+		if ! cryptsetup luksUUID "$1" &> /dev/null; then
+			e2fsck -p -f "$1"
+		fi
 		if ! resize2fs "$1" "${reduced_size_in_kb}"; then
 			panic "reencryption of filesystem $1 cannot continue!"
 		fi