-
Notifications
You must be signed in to change notification settings - Fork 566
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
snap-bootstrap: add scan-disk subcommand #12006
base: master
Are you sure you want to change the base?
snap-bootstrap: add scan-disk subcommand #12006
Conversation
This works with snapcore/core-initrd#107 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be possible to get the same information just by running blkid
instead of using the library?
} else if part.Name == "ubuntu-data-enc" { | ||
has_data = true | ||
data_uuid = part.UUID | ||
} else if part.Name == "ubuntu-data" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if someone appends unencrypted ubuntu-data to a hard-drive, then it will be mounted instead of ubuntu-data-enc? surely we should try to find -enc paritions, and not search for non-encrypted ones afterwords?
Also I thought udev database already has all of this information inside it's database, which maybe can be queried directly in the udev rule alone without this helper binary? Apart from the LoaderDevicePartUUID bit, which i thought there should be a udev symlink for.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if someone appends unencrypted ubuntu-data to a hard-drive, then it will be mounted instead of ubuntu-data-enc? surely we should try to find -enc paritions, and not search for non-encrypted ones afterwords?
Maybe I mixed up, but I think the filesystem labels have "-enc" suffix. But the partition name does not. See for example:
/dev/vda4: UUID="2eeba654-032f-4384-8a46-075be2b415b5" LABEL="ubuntu-save-enc" TYPE="crypto_LUKS" PARTLABEL="ubuntu-save" PARTUUID="a154643d-4398-714a-9704-71335e5ea856"
PARTLABEL
is not the same as LABEL
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Inside ubuntu-save-enc there is ubuntu-save. Outside of ubuntu-save-enc there can be a malicious second partition with an FS ubuntu-save. Does above code handle this fine? As far as I can tell, after scanning and finding ubuntu-data-enc and using it; it will then find unencrypted ubuntu-data and override it.
Somehow this feels odd that after the first one is detected, it can be detected again, and override previously found result.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also I thought udev database already has all of this information inside it's database, which maybe can be queried directly in the udev rule alone without this helper binary? Apart from the LoaderDevicePartUUID bit, which i thought there should be a udev symlink for.
Good question. I have tried before to use more rules and less code. But there were issues. And I do not remember. I will try again to document why this is not possible.
I am guessing it was the fallback for non-uefi boot that was a bit tricky.
gpt-auto-generator
can create a symlink. But it has to be a partition with a specific uuid on the same disk as the booting partition. We do not use that uuid. And we should not use it. It is not made for that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Inside ubuntu-save-enc there is ubuntu-save. Outside of ubuntu-save-enc there can be a malicious second partition with an FS ubuntu-save.
I am not sure I understood this.
This binary only looks at partition names. Not filesystem labels. If there are other partitions with conflicting filesystem labels, we will not look at them, because we only look at the partition names.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Today, someone can remove an encrypted ubuntu-save and replace it by a non encrypted one. snap-bootstrap
will then fallback to it. What would be the difference?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also I thought udev database already has all of this information inside it's database, which maybe can be queried directly in the udev rule alone without this helper binary? Apart from the LoaderDevicePartUUID bit, which i thought there should be a udev symlink for.
Good question. I have tried before to use more rules and less code. But there were issues. And I do not remember. I will try again to document why this is not possible.
Now I remember. It is possible to not call it on ENV{DEVTYPE}=="partition"
. Though we need to make sure that IMPORT{builtin}="blkid [...]"
has been called yet, so post 60-persistent-storage.rules
. Then what we have to do is compare ID_PART_ENTRY_UUID
with UBUNTU_SEED
(or the 3 others).
However, for ENV{DEVTYPE}=="disk"
we do need to scan the partitions and find the booting one. And this we cannot do with just udev rules. We have LoaderDevicePartUUID
which points to the boot partition. But we are processing the disk at this point.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
gpt-auto-generator
can create a symlink.
By the way, I was wrong about it. It is in an udev rule that the symlink is created. gpt-auto-generator
only makes sysroot.mount
and -.mount
to use that symlink.
We cannot list partitions from blkid. |
Given SEED is ESP; and we bind the initramfs-mounts unit to the SEED; i am wondering if we can instead turn on / patch the systemd's gpt-auto-generator which can create esp mount in /efi and use that instead? Looking more at this, I actually don't quite like the behaviour of gpt-auto-generator. Because the good bits of it are not what we need here. Ideally we would only read efi_loader_get_device_part_uuid (aka LoaderDevicePartUUID) and generate .device unit for it, and bind initramfs-mounts service unit to it. Before any drives appear. Thus without waiting udev to exec scan-disk to process them all either. |
So almost what I have done, but a symlink on the whole disk rather than the partitions? |
4e7a21e
to
999e91c
Compare
49c9437
to
4060872
Compare
ebb8a9b
to
7b6adbd
Compare
@valentindavid can the description or some comment in the code include the actual udev rules that this will be used from? it's a bit unclear just from the code how things go from the code in scan-disk to have /dev/ubuntu/disk symlinked? What's the plan for testing the cmd_scan_disk code? |
Sure. We could even add the rules to snapd and install them into core-initrd.
I think I will need to mock libblkid somehow to test it. Loop devices need root to be setup, and I do not think there is as this point any nice user land block devices. I think only character devices can be emulated with CUSE. Not block. |
7b6adbd
to
71cc643
Compare
I have added tests. I still have to add tests for the changes in |
2f663fa
to
05f7751
Compare
42a76f8
to
8b70e59
Compare
8b70e59
to
6c23e69
Compare
e876771
to
6ee943e
Compare
Codecov ReportAttention: Patch coverage is
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## master #12006 +/- ##
==========================================
- Coverage 78.88% 78.84% -0.04%
==========================================
Files 1037 1039 +2
Lines 132881 133744 +863
==========================================
+ Hits 104817 105454 +637
- Misses 21523 21692 +169
- Partials 6541 6598 +57
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
This command is expected to be called from udev. This creates symlinks `/dev/ubuntu/ubuntu-{seed,boot,data,save}`. Then we can bind `snap-bootstrap initramfs-mounts` to `dev-ubuntu-ubuntu-seed.device`.
6ee943e
to
e5f419c
Compare
This command is expected to be called from udev. This creates
symlinks
/dev/ubuntu/ubuntu-{seed,boot,data,save}
.Then we can bind
snap-bootstrap initramfs-mounts
todev-ubuntu-ubuntu-seed.device
.