Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix hooks under encrypted partitions #702

Merged
merged 7 commits into from
Mar 13, 2025
Merged

Fix hooks under encrypted partitions #702

merged 7 commits into from
Mar 13, 2025

Conversation

Itxaka
Copy link
Member

@Itxaka Itxaka commented Mar 12, 2025

We had a mess of mounting and unmounting things around when we try to copy things to persistent.

Part of the changes (using the by-label to mount the persistent) are due to the change in kcrypt. As we set the same label to the encrypted fs and unencrypted fs, our utils.Mount could get mistaken and return the first hit, which usually its the encrypted one, and we cannot mount that one.

This patch brings it up to date.

  • Makes bundles and logs hooks work when we have encrypted persistent. It didnt work before.
  • Makes both workflows the same.
  • Locks everything once its over, to not leave encrypted parts around
  • Mounts OEM so kcrypt can read the config if we are using a remote server for encryption
  • Mounts by label so there is not a change of getting the wrong device
  • Uses the mount syscall directly. The util can mistake and return the actual encrypted part if they both have the same label and finds it first

@Itxaka
Fix hooks under encrypted partitions
fde2f0d 
We had a mess of mounting and unmounting things around when we try to
copy things to persistent.

Part of the changes (using the by-label to mount the persistent) are due
to the change in kcrypt. As we set the same label to the encrypted fs
and unencrypted fs, our utils.Mount could get mistaken and return the
first hit, which usually its the encrypted one, and we cannot mount that
one.

This patch brings it up to date.

 - Makes bundles and logs hooks work when we have encrypted persistent.
   It didnt work before.
 - Makes both workflows the same.
 - Locks everything once its over, to not leave encrypted parts around
 - Mounts OEM so kcrypt can read the config if we are using a remote
   server for encryption
 - Mounts by label so there is not a change of getting the wrong device
 - Uses the mount syscall directly. The util can mistake and return the
   actual encrypted part if they both have the same label and finds it
   first

Signed-off-by: Itxaka <[email protected]>
@Itxaka Itxaka requested a review from a team March 12, 2025 19:38
@Itxaka
Bump version
4017794 
Signed-off-by: Itxaka <[email protected]>
@Itxaka Itxaka mentioned this pull request Mar 12, 2025
Merged
jimmykarily
jimmykarily approved these changes Mar 13, 2025
View reviewed changes
@codecov Codecov
Copy link

codecov bot commented Mar 13, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 0% with 59 lines in your changes missing coverage. Please review.

Project coverage is 47.90%. Comparing base (11cdddc) to head (bdba63e).
Report is 4 commits behind head on main.

Files with missing lines Patch % Lines
internal/agent/hooks/bundles.go 0.00% 36 Missing ⚠️
internal/agent/hooks/logs.go 0.00% 15 Missing ⚠️
internal/agent/hooks/kcrypt.go 0.00% 5 Missing ⚠️
internal/agent/hooks/kcrypt_uki.go 0.00% 3 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #702      +/-   ##
==========================================
- Coverage   48.25%   47.90%   -0.36%     
==========================================
  Files          48       48              
  Lines        6169     6202      +33     
==========================================
- Hits         2977     2971       -6     
- Misses       2912     2949      +37     
- Partials      280      282       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@Itxaka Itxaka merged commit b5869b4 into main Mar 13, 2025
14 checks passed
@Itxaka Itxaka deleted the random_encrypt_v2 branch March 13, 2025 10:22
Itxaka added a commit that referenced this pull request Mar 13, 2025
@Itxaka
Fix hooks under encrypted partitions (#702)
d7b0a90 
* Fix hooks under encrypted partitions

We had a mess of mounting and unmounting things around when we try to
copy things to persistent.

Part of the changes (using the by-label to mount the persistent) are due
to the change in kcrypt. As we set the same label to the encrypted fs
and unencrypted fs, our utils.Mount could get mistaken and return the
first hit, which usually its the encrypted one, and we cannot mount that
one.

This patch brings it up to date.

 - Makes bundles and logs hooks work when we have encrypted persistent.
   It didnt work before.
 - Makes both workflows the same.
 - Locks everything once its over, to not leave encrypted parts around
 - Mounts OEM so kcrypt can read the config if we are using a remote
   server for encryption
 - Mounts by label so there is not a change of getting the wrong device
 - Uses the mount syscall directly. The util can mistake and return the
   actual encrypted part if they both have the same label and finds it
   first

---------

Signed-off-by: Itxaka <[email protected]>
(cherry picked from commit b5869b4)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jimmykarily jimmykarily jimmykarily approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Itxaka @jimmykarily