[neon/neon/calamares-settings/Neon/release] desktop: fix luks disk encryption in calamares installer

Carlos De Maine null at kde.org
Mon Mar 11 03:57:24 GMT 2024 

Git commit 2ea3d5b74dc00fa141b9b4505a4a18e650790fce by Carlos De Maine.
Committed on 11/03/2024 at 03:57.
Pushed by carlosdem into branch 'Neon/release'.

fix luks disk encryption in calamares installer

utilise the initramfs module to hook luksbootkeyfile into place.  calamares-cyptsetup continues to provide the required GRUB_ENABLE_CRYPTODISK option as neon doesn't need the grubcfg module as options are only added to the existing ubuntu stuffs

M  +1    -0    desktop/calamares/desktop/settings.conf
M  +0    -9    desktop/usr/bin/calamares-cryptsetup

https://invent.kde.org/neon/neon/calamares-settings/-/commit/2ea3d5b74dc00fa141b9b4505a4a18e650790fce

diff --git a/desktop/calamares/desktop/settings.conf b/desktop/calamares/desktop/settings.conf
index a6a4064..99190e8 100644
--- a/desktop/calamares/desktop/settings.conf
+++ b/desktop/calamares/desktop/settings.conf
@@ -52,6 +52,7 @@ sequence:
     - keyboard
     - localecfg
     - luksbootkeyfile
+    - initramfscfg
     - users
     - displaymanager
     - networkcfg
diff --git a/desktop/usr/bin/calamares-cryptsetup b/desktop/usr/bin/calamares-cryptsetup
index 49642eb..94e8819 100755
--- a/desktop/usr/bin/calamares-cryptsetup
+++ b/desktop/usr/bin/calamares-cryptsetup
@@ -17,15 +17,6 @@ fi
 # full disk encryption (unlike ubuntu by default) we need to let grub be encrypted as well.
 echo 'GRUB_ENABLE_CRYPTODISK=y' > /etc/default/grub.d/00_calamares.cfg
 
-# path is hardcoed in luksbootkeyfile module of calamares
-# NB: this modifies an installed file and will make debconf angry. There's nothing
-#   to be done about this unfortunately since cryptosetup-initramfs sources this file
-#   and makes no attempts at supporting a foo.d/ scheme. Also it explicitly unsets
-#   the variable before trying to source meaning we cannot seed it through the environment
-#   or something either.
-echo '# This enables your disk encryption. Do not lose this!' >> /etc/cryptsetup-initramfs/conf-hook
-echo 'KEYFILE_PATTERN=/crypto_keyfile.bin' >> /etc/cryptsetup-initramfs/conf-hook
-
 # Since the initrd contains the keyfile in a full disk encryption setup it must not
 # be world readable. This is also set by calamares, but better safe than sorry I should think.
 echo 'UMASK=0077' > /etc/initramfs-tools/conf.d/00_calamares-neon-hardening.conf

More information about the Neon-commits mailing list