Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid entry in install.encrypted_partitions causes partially installed system #2578

Open
kreeuwijk opened this issue May 21, 2024 · 1 comment
Open

Invalid entry in install.encrypted_partitions causes partially installed system #2578

kreeuwijk opened this issue May 21, 2024 · 1 comment
Labels
bug Something isn't working triage Add this label to issues that should be triaged and prioretized in the next planning call unconfirmed

Comments

@kreeuwijk
Copy link

Kairos version:
Kairos 3.0.11

CPU architecture, OS, and Version:

Linux 0727e700-76d4-11e8-8be2-548351533800 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Describe the bug
I tried the following today to encrypt a secondary disk with Trusted Boot:

install:
  encrypted_partitions:
  - COS_SECONDARY

stages:
  kairos-install.pre.before:
  - if:  '[ -e "/dev/sda" ]'
    name: "Prepare secondary SSD"
    commands:
      - |
        parted --script --machine -- "/dev/sda" mklabel gpt
    layout:
      device:
        path: "/dev/sda"
      add_partitions:
        - fsLabel: COS_SECONDARY
          size: 0
          pLabel: secondary
          filesystem: "ext4"

This would not work since the correct stage name is actually kairos-uki-install.pre.before, not kairos-install.pre.before (might want to note that in the documentation for trusted boot). As a result, the commands in the stage above didn’t run and the encryption stage showed an error that it could not find the label (no further description but it was obvious this was for the secondary disk).
The regular partitions on the primary disk encrypted normally though. However I noticed that after rebooting the device, my userdata was not on the device. I flashed it again and canceled the shutdown, then checked the contents of the COS_OEM partition: the /oem/90_custom.yaml was indeed not there.

It seems that when install.encrypted_partitions contains an entry for a partition that it can't find, this isn't handled properly and the userdata does not get copied over to the device.

To Reproduce
Add a bogus entry to install.encrypted_partitions and flash a device. Notice that none of your userdata makes it to /oem

Expected behavior
The installation should either:

  1. Abort on the non-present partition
  2. Continue and complete all other steps normally, but show a warning after installation (and probably pause there for user confirmation to ensure this message is seen)
@kreeuwijk kreeuwijk added bug Something isn't working triage Add this label to issues that should be triaged and prioretized in the next planning call unconfirmed labels May 21, 2024
@ci-robbot
Copy link
Collaborator

Hello kreeuwijk, thank you for reporting the issue in the Kairos project. I'll review it and help you to provide all the required information.

Please provide the following details:

  • What is the problem?
  • What is the step-by-step procedure to reproduce the issue?
  • What versions of Kairos and related artifacts are you using?

Once you provide these details, I'll do my best to help you resolve the issue. If you need any more assistance, feel free to ask.

I'm a bot created by @mudler and @jimmykarily to assist in the auditing process, and I'll be here to support you. Have a great day!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working triage Add this label to issues that should be triaged and prioretized in the next planning call unconfirmed
Projects
🧙Issue tracking board
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kreeuwijk @ci-robbot