image: add LUKS support and --[no-]encryption CLI flag to build & inspect subcommands

2023-07-09 03:20:33 +02:00 · 2023-07-09 03:20:33 +02:00 · a9cd8178c8
commit a9cd8178c8
parent 6de8137c90
5 changed files with 236 additions and 49 deletions
--- a/image/cryptsetup.py
+++ b/image/cryptsetup.py
@ -1,4 +1,5 @@
 import atexit
+import click
 import logging
 import os

@ -8,6 +9,14 @@ from constants import LUKS_LABEL_DEFAULT
 from chroot.build import BuildChroot
 from exec.cmd import run_cmd, CompletedProcess

+encryption_option = click.option(
+    '--encryption/--no-encryption',
+    help="Force applying/ignoring LUKS encryption when handling the device image."
+    "Defaults to using the Profile's setting.",
+    default=None,
+    is_flag=True,
+)
+

 def get_accessible_user(path):
    return None if os.access(path, os.R_OK) else 'root'
@ -47,6 +56,38 @@ def is_luks(device_path: str, native_chroot: Optional[BuildChroot] = None) -> bo
    return bool(result.stdout and result.stdout.strip())


+def get_luks_offset(
+    mapper_name: str,
+    native_chroot: Optional[BuildChroot] = None,
+) -> tuple[int, int]:
+    device_path = get_cryptmapper_path(mapper_name)
+    check_dev_exists(device_path, 'get offset of')
+    run_func = native_chroot.run_cmd if native_chroot else run_cmd
+    user = get_accessible_user(device_path)
+    stdout: str = ''
+    cmd = ['cryptsetup', 'status', mapper_name]
+    result = run_func(cmd, capture_output=True, switch_user=user)  # type: ignore[operator]
+    assert isinstance(result, CompletedProcess)
+    if not (result.stdout and (stdout := result.stdout.strip())):
+        raise Exception(f"Couldn't get LUKS offset for {mapper_name!r} from 'cryptsetup status': empty stdout: {stdout!r}")
+    markers = {'offset': -1, 'sector size': -1}
+    for line in stdout.decode().split('\n'):
+        line = line.strip()
+        for item in markers:
+            offset_marker = f'{item}:'
+            if line.startswith(offset_marker):
+                try:
+                    markers[item] = int(line.split(offset_marker)[-1].strip().split(' ')[0])
+                except Exception as ex:
+                    raise Exception(f"Couldn't get LUKS {item=} for {mapper_name!r} due to an exception parsing cryptsetup output: {ex}")
+    for i in markers.values():
+        if i != -1:
+            continue
+        logging.debug(f"Failed to find ':' in stdout: {stdout}")
+        raise Exception(f"Failed to find LUKS offset for {mapper_name!r}: Offset line not found")
+    return markers['offset'], markers['sector size']
+
+
 def luks_create(
    backing_device: str,
    label: str = LUKS_LABEL_DEFAULT,