From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Sat, 16 Nov 2024 07:00:54 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-wr1-f63.google.com (mail-wr1-f63.google.com [209.85.221.63]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 4AG60sVX012002 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sat, 16 Nov 2024 07:00:54 +0100 Received: by mail-wr1-f63.google.com with SMTP id ffacd0b85a97d-382342b66f5sf204659f8f.1 for ; Fri, 15 Nov 2024 22:00:54 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1731736848; cv=pass; d=google.com; s=arc-20240605; b=eSU+HeCu0vdEmh3I9EdfpC7UYZweZJgW/FCGfZd/U+47lAiVC9fpBJR2GC5GJhYtpG 6ENkmg/a5CwrqNH5u/+MiFsSPCMQJAd4Qc81naDAdB32ei5EOb3ggpuw5kIgn0mjhfOi KWM81QAW700bcYn2PtAmKRl4GdBvRFCUeN8B/eVD7cAPDkhfciR9McR8TTNSctSJf7WV MljH/l7lN+X7wFW3Zjn7z6JHe9xKMRWWycewOw6qTRLNdCI+tYwh4SoGiRSWcgvvXg6z zYzMb+9w79FTNwmKnNqXaNsGOQUKM/HCjXN1Ax8u4tVcT82vR8sjUGebDAAMTXmhy992 jDCA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:user-agent :content-transfer-encoding:references:in-reply-to:date:to:from :subject:message-id:sender:dkim-signature; bh=uiOMQcI5RiyX+ARIXoxpWVH08xFYSWT05tiCAQOlEWI=; fh=IV0rfmtTFFZzRIbfNpwG7W3QT7gGLnObABXcVB2bRA0=; b=KV4FHAtNY4q4UF0lE2xM7t+yRiXO+CzgCWDFigGM77vuyt6o+62kMuGX/6qvje57/y y8a1ug+blZ3VncPCnR4je1eufx5uWLB5Hj0D37IipUJA9krF43I1daYLxPa1rBf3UoUn Ieq1bAv4Zw3u09TRVchJk/DK1lHYqnp1moa4fqxGFDTYZsIdXqLOU2PytzaO/R2SDusM BYmyXVCbXrCBcOoA2xF/kHHIs0U8qRjCTsIF0+NhsBMEzAK5AU4uPN8SWfOGdzOn0Ske 1g4w8huaOKURbm5s1qpEKwdB+PF7vOZW/PUbQNm8C9JvuOd27mgg/TqIWMEBHkWrRKBB BAwA==; darn=ilbers.de ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1731736848; x=1732341648; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:user-agent:content-transfer-encoding :references:in-reply-to:date:to:from:subject:message-id:sender:from :to:cc:subject:date:message-id:reply-to; bh=uiOMQcI5RiyX+ARIXoxpWVH08xFYSWT05tiCAQOlEWI=; b=kcUWbf3vBEU/hCBr0rsxVLMOZW7rm3l3OXMZqBhYSSBc7G0X2XYjLM7QmDR3y1O/Yf 00y0Tt32EFbq34waWU+sfNLnhuuwfzAsf3w4D+567qsSLlY8YMzf9HNc8scyLdWOZfIa qBlpy5J/5YU6JvyH5pj9/q3n48ZPnps1Ja/+VvILL0RK52+W3PmfrQnVh04MELTs0u1u txKZk0O07ixtN9b2Zx+mFUxhieXQq2qx7qlpJcLPYDXP3dfcC8FWfmRUBJbRLveXWV08 C1R4nrjTw3vk24KKZmOVFcikZdi/ZCngMtvHSmfBdFF60RNFQu34v0XmQWt/ZaEOCmzc TrkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731736848; x=1732341648; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :user-agent:content-transfer-encoding:references:in-reply-to:date:to :from:subject:message-id:x-beenthere:x-gm-message-state:sender:from :to:cc:subject:date:message-id:reply-to; bh=uiOMQcI5RiyX+ARIXoxpWVH08xFYSWT05tiCAQOlEWI=; b=fYVTkUqLA9+QIQuLdYNiHyztoMsnZoQmxZKnz3I1njQ/KTyzR9j6vfv5PfE9j2LY+x WZw+4koYAbXBeiRS8i5rjDwLDGZnNPBJcdkDDPiCmS2SeEVbKZcfRzrk1NMHeEqvSGY8 oqtkj+xPN+GuPRiaBpSftciGTg2A85p6uk7fCxKqYjjBqTdi6RvxSfvRprxOKTNds13M HZsfEUSpMoDCeEfVrupaav86wb83F0MpSMquZwFmjE16pLOgVIL0NlENlmXWzxA43LKY ZTD7sxwlUC5ilHlCIUaMTB7Ciil0YDxaIk462Jv4PzLo7knMnWJ+djgi0VUdRQwsTUj1 m/8A== Sender: isar-users@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCVauaGjQs+2mtd7HSJ8XSQRF/NSfyjIOSxVgwiWJSCPzBrlhx7RZtxnRpUB3Y3Vxo64LhUm@ilbers.de X-Gm-Message-State: AOJu0YxY+KOSRSPTliGBDmMpJWahkPeTgCW2jqzYYxodHsbBVQpBO46T sqjYq7VwkF1Jb475ADqe7svXXP4wKDSewW/B8MqYvoMjpVkWsupE X-Google-Smtp-Source: AGHT+IHm+ye/YN1aJt0qJNWy+sU/LPUol7OpXk+8tvxMkjLqHmfqPdE2CJhPTBDgoGDuD1IyWRTbug== X-Received: by 2002:a5d:6d05:0:b0:37d:5296:4b2a with SMTP id ffacd0b85a97d-38225ab9856mr3173546f8f.58.1731736847711; Fri, 15 Nov 2024 22:00:47 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:adf:fecd:0:b0:382:31a4:73a6 with SMTP id ffacd0b85a97d-38231a4757fls294155f8f.0.-pod-prod-02-eu; Fri, 15 Nov 2024 22:00:43 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCV8sf7hw+CqVhRTI/Qpz2eJUGMsbiRjxSfo0MPxlQH2GYwheKjDiPOW9Forgnw2ligSX1etfL2zTX78@googlegroups.com X-Received: by 2002:a05:6000:2108:b0:382:25c2:b0c9 with SMTP id ffacd0b85a97d-38225c2b224mr3209170f8f.6.1731736843172; Fri, 15 Nov 2024 22:00:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1731736843; cv=none; d=google.com; s=arc-20240605; b=Ks1z93YL0EhhVyNtD4MrwGrsLoguxbW3Hkpb0s6nZuCeqcL8v9FXPTuC60ipOUXJ3v gcRVzUREMC8b4d9DRD1nfxvD+WcsR8zjju0oFJ2/jdx/APgV1cDOPGbzPvR5OipGtxbv 44Piti0LqrvgNDxhq7FMHRz90MzzGkVQxpUsL3QnSA/27tS7KM+F5exA9JDV8AI71oQE lnvXlxCtzllFTmVOHHjgX9rf4YKpwFcCTzpcUBvEEafqqsuATtoDDzvNux0iWO2WyjjJ ivTPKN9KyIHMYcYJESNQwKK8QWtLDXSksRBEwjPWH2vio/r0fA05/7BkRkjhYNE1SLGP 3QaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:to:from:subject:message-id; bh=7weZWOlH2bN6L19vHrkK5fvYt8wWwJELUu1J9pBwDJ4=; fh=IxbeHM4vWxalf1XNf2rnGcQL+r1v0Lr0C6ICsGNNkYw=; b=TE1NutoGn3H8Yyytouwtjb7sWgF1dUkefUj9TTgAOPjGnEVNN1qXxPKEpeJpF/nfU8 I5b+lDQ504oRdbMzMf5CP+bcjKLDCrFXkVtZxqZg3KBRjuDGBaH5DtmM2UdGGW8kNsfd vCDO7P+OlloY24ZWKriPvd1whCGoAzHdDlAC27KzYdphtPhy9XsHIeXFL2kYDl7Sr+Kf 84jnzgmGehLMh6UXeRJuufJo7XDphtOX/agd8ERPK8lpUW+p5WC0O9oS1+3vkXix/QiD UFbDceC+WZnld7n6mW6rh3mXFBupGugJrTelSZgam5EN8rt2qB8O557qA4DuvHBbr5FQ eslA==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id ffacd0b85a97d-3822b58ce5fsi40937f8f.2.2024.11.15.22.00.42 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 15 Nov 2024 22:00:43 -0800 (PST) Received-SPF: pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Received: from [127.0.0.1] (host-80-81-17-52.static.customer.m-online.net [80.81.17.52]) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 4AG60dcN011996 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 16 Nov 2024 07:00:42 +0100 Message-ID: Subject: Re: [PATCH 1/2] Revert "meta: Add option to specify additional dependencies for package expand-on-first-boot in case an encrypted disk has to be resized" From: Uladzimir Bely To: Jan Kiszka , isar-users Date: Sat, 16 Nov 2024 09:00:38 +0300 In-Reply-To: <5b0f1ad9-3d12-4d05-a5e4-bb9dcf258545@siemens.com> References: <5b0f1ad9-3d12-4d05-a5e4-bb9dcf258545@siemens.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.54.0 (by Flathub.org) MIME-Version: 1.0 X-Spam-Status: No, score=-4.6 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-Original-Sender: ubely@ilbers.de X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-TUID: As1j2woO48bG On Fri, 2024-11-08 at 12:27 +0100, 'Jan Kiszka' via isar-users wrote: > From: Jan Kiszka >=20 > This reverts commit 8b30a4f86cb3ea3369bff3884141872c3a7d9979. >=20 > On second thought, this approach turned out to be inapplicable on the > long-run. It is built around the assumption that the disk encryption > secret is still accessible after initramfs used it to unload the > disk. > While the downstream implementation of cip-core currently fulfills > this, > it is not expected to stay like that because of the increase attack > surface. >=20 > We will need a different solution for expanding encrypted partitions, > most likely with the help of the encryption hook in the initramfs. >=20 Hello. Does this mean that current solution we revert here is not working anymore in some downstream it was originally implemented for? We wouldn't like to revert any functionality if it's still used somewhere. Im asking since in the meanwhile I was trying to test/merge other patches (https://groups.google.com/g/isar-users/c/sDsUCt0zMgQ and https://groups.google.com/g/isar-users/c/BkAmajnmVIk) and found out that they depend on this patchset applied first. It happens due to pure technical reasons (e.g., one-line/row representation of DEBIAN_DEPENDS). If we apply these reverts, does it mean "proper" patches for expanding encrypted partition are expected later? Or will they be implemented on downstream side providing that new "configurable" expand-on-first boot patches together with https://groups.google.com/g/isar-users/c/rSZGRUCVvus would allow this without changes in Isar required? > Signed-off-by: Jan Kiszka > --- > =C2=A0.../expand-on-first-boot_1.5.bb=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 | 14 +----------- > -- > =C2=A01 file changed, 1 insertion(+), 13 deletions(-) >=20 > diff --git a/meta/recipes-support/expand-on-first-boot/expand-on- > first-boot_1.5.bb b/meta/recipes-support/expand-on-first-boot/expand- > on-first-boot_1.5.bb > index 2596706d..4b9cf376 100644 > --- a/meta/recipes-support/expand-on-first-boot/expand-on-first- > boot_1.5.bb > +++ b/meta/recipes-support/expand-on-first-boot/expand-on-first- > boot_1.5.bb > @@ -10,19 +10,7 @@ inherit dpkg-raw > =C2=A0DESCRIPTION =3D "This service grows the last partition to the full > medium during first boot" > =C2=A0MAINTAINER =3D "isar-users " > =C2=A0 > -# Additional packages that are needed to resize the disk if it is > encrypted. > -ADDITIONAL_DISK_ENCRYPTION_PACKAGES ?=3D "" > -DEBIAN_DEPENDS =3D " \ > -=C2=A0=C2=A0=C2=A0 systemd, \ > -=C2=A0=C2=A0=C2=A0 sed, \ > -=C2=A0=C2=A0=C2=A0 grep, \ > -=C2=A0=C2=A0=C2=A0 coreutils, \ > -=C2=A0=C2=A0=C2=A0 mount, \ > -=C2=A0=C2=A0=C2=A0 e2fsprogs, \ > -=C2=A0=C2=A0=C2=A0 fdisk (>=3D2.29.2-3) | util-linux (<2.29.2-3), \ > -=C2=A0=C2=A0=C2=A0 util-linux, \ > -=C2=A0=C2=A0=C2=A0 ${ADDITIONAL_DISK_ENCRYPTION_PACKAGES} \ > -=C2=A0=C2=A0=C2=A0 " > +DEBIAN_DEPENDS =3D "systemd, sed, grep, coreutils, mount, e2fsprogs, > fdisk (>=3D2.29.2-3) | util-linux (<2.29.2-3), util-linux" > =C2=A0 > =C2=A0SRC_URI =3D " \ > =C2=A0=C2=A0=C2=A0=C2=A0 file://expand-on-first-boot.service=C2=A0\ > --=20 > 2.43.0 >=20 --=20 Best regards, Uladzimir. --=20 You received this message because you are subscribed to the Google Groups "= isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/= bd8cf0136388e8354a700240e91ca71315a95334.camel%40ilbers.de.