From: "'Jan Kiszka' via isar-users" <isar-users@googlegroups.com>
To: isar-users <isar-users@googlegroups.com>
Cc: Quirin Gylstorff <quirin.gylstorff@siemens.com>,
"Heinisch,
Alexander (T CED SES-AT)" <alexander.heinisch@siemens.com>
Subject: [PATCH 1/2] Revert "meta: Add option to specify additional dependencies for package expand-on-first-boot in case an encrypted disk has to be resized"
Date: Fri, 8 Nov 2024 12:27:15 +0100 [thread overview]
Message-ID: <5b0f1ad9-3d12-4d05-a5e4-bb9dcf258545@siemens.com> (raw)
From: Jan Kiszka <jan.kiszka@siemens.com>
This reverts commit 8b30a4f86cb3ea3369bff3884141872c3a7d9979.
On second thought, this approach turned out to be inapplicable on the
long-run. It is built around the assumption that the disk encryption
secret is still accessible after initramfs used it to unload the disk.
While the downstream implementation of cip-core currently fulfills this,
it is not expected to stay like that because of the increase attack
surface.
We will need a different solution for expanding encrypted partitions,
most likely with the help of the encryption hook in the initramfs.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
.../expand-on-first-boot_1.5.bb | 14 +-------------
1 file changed, 1 insertion(+), 13 deletions(-)
diff --git a/meta/recipes-support/expand-on-first-boot/expand-on-first-boot_1.5.bb b/meta/recipes-support/expand-on-first-boot/expand-on-first-boot_1.5.bb
index 2596706d..4b9cf376 100644
--- a/meta/recipes-support/expand-on-first-boot/expand-on-first-boot_1.5.bb
+++ b/meta/recipes-support/expand-on-first-boot/expand-on-first-boot_1.5.bb
@@ -10,19 +10,7 @@ inherit dpkg-raw
DESCRIPTION = "This service grows the last partition to the full medium during first boot"
MAINTAINER = "isar-users <isar-users@googlegroups.com>"
-# Additional packages that are needed to resize the disk if it is encrypted.
-ADDITIONAL_DISK_ENCRYPTION_PACKAGES ?= ""
-DEBIAN_DEPENDS = " \
- systemd, \
- sed, \
- grep, \
- coreutils, \
- mount, \
- e2fsprogs, \
- fdisk (>=2.29.2-3) | util-linux (<2.29.2-3), \
- util-linux, \
- ${ADDITIONAL_DISK_ENCRYPTION_PACKAGES} \
- "
+DEBIAN_DEPENDS = "systemd, sed, grep, coreutils, mount, e2fsprogs, fdisk (>=2.29.2-3) | util-linux (<2.29.2-3), util-linux"
SRC_URI = " \
file://expand-on-first-boot.service \
--
2.43.0
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/5b0f1ad9-3d12-4d05-a5e4-bb9dcf258545%40siemens.com.
next reply other threads:[~2024-11-08 11:27 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-08 11:27 'Jan Kiszka' via isar-users [this message]
2024-11-16 6:00 ` Uladzimir Bely
2024-11-16 6:46 ` 'Jan Kiszka' via isar-users
2024-11-18 6:10 ` Uladzimir Bely
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5b0f1ad9-3d12-4d05-a5e4-bb9dcf258545@siemens.com \
--to=isar-users@googlegroups.com \
--cc=alexander.heinisch@siemens.com \
--cc=jan.kiszka@siemens.com \
--cc=quirin.gylstorff@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox