Udevadm settle and kcrypt configuration on cmdline #988
+1,947
−55
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jimmykarily
added a commit
to kairos-io/kcrypt-discovery-challenger
that referenced
this pull request
Oct 8, 2025
because when COS_OEM is encrypted, we can't read it from there. Needs: kairos-io/kairos-agent#988 Signed-off-by: Dimitris Karakasilis <[email protected]>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| } | ||
|
|
||
| for _, args := range triggerCmds { | ||
| cmd := exec.Command(args[0], args[1:]...) |
Check failure
Code scanning / gosec
Subprocess launched with a potential tainted input or cmd arguments Error
Codecov Report❌ Patch coverage is
❌ Your project check has failed because the head coverage (7.59%) is below the target coverage (75.00%). You can increase the head coverage or adjust the target coverage. Additional details and impacted files@@ Coverage Diff @@
## main #988 +/- ##
==========================================
- Coverage 43.38% 42.28% -1.10%
==========================================
Files 60 60
Lines 7678 7863 +185
==========================================
- Hits 3331 3325 -6
- Misses 4023 4211 +188
- Partials 324 327 +3 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Signed-off-by: Dimitris Karakasilis <[email protected]>
Signed-off-by: Dimitris Karakasilis <[email protected]>
Signed-off-by: Dimitris Karakasilis <[email protected]>
because when COS_OEM is encrypted, we cannot read the KMS configuration until it's decrypted and we cannot decrypt it unless we read the configuration. We now store the relevant configuration on the cmdline automatically for non-UKI so that on the next boot, we can decrypt COS_OEM. For UKI, the user will have to set these values on the cmdline (for now manually, we'll provide docs). Signed-off-by: Dimitris Karakasilis <[email protected]>
Signed-off-by: Dimitris Karakasilis <[email protected]>
because when we encrypt the partition, the data on it is gone. We didn't care up to now because we didn't support encrypting OEM. Now we do. Signed-off-by: Dimitris Karakasilis <[email protected]>
because we don't use grup in uki mode Signed-off-by: Dimitris Karakasilis <[email protected]>
Signed-off-by: Dimitris Karakasilis <[email protected]>
jimmykarily
force-pushed
the
udevadm-settle
branch
from
682c592 to
e00ead8
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Part of: kairos-io/kcrypt-discovery-challenger#146