Documentation ¶
Index ¶
- Constants
- Variables
- func AddDefaultKeyfile(keyFileDir, devPath string, encrypt configuration.RootEncryption) (fullKeyPath string, err error)
- func ApplyRawBinaries(diskDevPath string, disk configuration.Disk) (err error)
- func ApplyRawBinary(diskDevPath string, rawBinary configuration.RawBinary) (err error)
- func BlockOnDiskIO(diskDevPath string) (err error)
- func BlockOnDiskIOByIds(debugName string, maj string, min string) (err error)
- func BytesToSizeAndUnit(bytes uint64) string
- func CleanupEncryptedDisks(encryptedRoot EncryptedRootDevice, isOfflineInstall bool) (err error)
- func CreateEmptyDisk(workDirPath, diskName string, maxSize uint64) (diskFilePath string, err error)
- func CreatePartitions(diskDevPath string, disk configuration.Disk, ...) (partDevPathMap map[string]string, partIDToFsTypeMap map[string]string, ...)
- func CreateSinglePartition(diskDevPath string, partitionNumber int, partitionTableType string, ...) (partDevPath string, err error)
- func CreateSparseDisk(diskPath string, size uint64, perm os.FileMode) (err error)
- func DetachLoopbackDevice(diskDevPath string) (err error)
- func FormatSinglePartition(partDevPath string, partition configuration.Partition) (fsType string, err error)
- func GetDiskIds(diskDevPath string) (maj string, min string, err error)
- func GetEncryptedRootVol() string
- func GetEncryptedRootVolMapping() string
- func GetEncryptedRootVolPath() string
- func GetLuksMappingName(uuid string) (mappingName string)
- func InitializeSinglePartition(diskDevPath string, partitionNumber int, partitionTableType string, ...) (partDevPath string, err error)
- func IsEncryptedDevice(devicePath string) (result bool)
- func IsReadOnlyDevice(devicePath string) (result bool)
- func SetupLoopbackDevice(diskFilePath string) (devicePath string, err error)
- func SizeAndUnitToBytes(sizeAndUnit string) (bytes uint64, err error)
- func WaitForDevicesToSettle() error
- func WaitForLoopbackToDetach(devicePath string, diskPath string) error
- type EncryptedRootDevice
- type FstabEntry
- type InitramfsMount
- type MountFlags
- type PartitionInfo
- type SystemBlockDevice
- type VerityDevice
Constants ¶
const ( // AutoEndSize is used as the disk's "End" value to indicate it should be picked automatically AutoEndSize = 0 EfiSystemPartitionTypeUuid = "c12a7328-f81f-11d2-ba4b-00a0c93ec93b" BiosBootPartitionTypeUuid = "21686148-6449-6e6f-744e-656564454649" )
const ( B = 1 KB = 1000 MB = 1000 * 1000 GB = 1000 * 1000 * 1000 TB = 1000 * 1000 * 1000 * 1000 KiB = 1024 MiB = 1024 * 1024 GiB = 1024 * 1024 * 1024 TiB = 1024 * 1024 * 1024 * 1024 )
Unit to byte conversion values See https://www.gnu.org/software/parted/manual/parted.html#unit
const (
// DefaultKeyFilePath points to the initramfs keyfile for the install chroot
DefaultKeyFilePath = "/etc/default.keyfile"
)
Variables ¶
var ( // When calling mkfs, the default options change depending on the host OS you are running on and typically match // what the distro has decided is best for their OS. For example, for ext2/3/4, the defaults are stored in // /etc/mke2fs.conf. // However, when building Mariner images, the defaults should be as consistent as possible and should only contain // features that are supported on Mariner. DefaultMkfsOptions = map[string][]string{ "ext2": {"-b", "4096", "-O", "none,sparse_super,large_file,filetype,resize_inode,dir_index,ext_attr"}, "ext3": {"-b", "4096", "-O", "none,sparse_super,large_file,filetype,resize_inode,dir_index,ext_attr,has_journal"}, "ext4": {"-b", "4096", "-O", "none,sparse_super,large_file,filetype,resize_inode,dir_index,ext_attr,has_journal,extent,huge_file,flex_bg,metadata_csum,64bit,dir_nlink,extra_isize"}, } )
Functions ¶
func AddDefaultKeyfile ¶
func AddDefaultKeyfile(keyFileDir, devPath string, encrypt configuration.RootEncryption) (fullKeyPath string, err error)
AddDefaultKeyfile adds a LUKS keyfile for initramfs unlock - keyFileDir is the directory to make the keyfile in - devPath is the path of the encrypted LUKS device - encrypt is the encryption settings
func ApplyRawBinaries ¶
func ApplyRawBinaries(diskDevPath string, disk configuration.Disk) (err error)
ApplyRawBinaries applies all raw binaries described in disk configuration to the specified disk
func ApplyRawBinary ¶
func ApplyRawBinary(diskDevPath string, rawBinary configuration.RawBinary) (err error)
ApplyRawBinary applies a single raw binary at offset (seek) with blocksize to the specified disk
func BlockOnDiskIO ¶
BlockOnDiskIO waits until all outstanding operations against a disk complete.
func BlockOnDiskIOByIds ¶
BlockOnDiskIOById waits until all outstanding operations against a disk complete.
func BytesToSizeAndUnit ¶
BytesToSizeAndUnit takes a number of bytes and returns friendly representation of a size (for example 100GB).
func CleanupEncryptedDisks ¶
func CleanupEncryptedDisks(encryptedRoot EncryptedRootDevice, isOfflineInstall bool) (err error)
CleanupEncryptedDisks performs cleanup work
func CreateEmptyDisk ¶
CreateEmptyDisk creates an empty raw disk in the given working directory as described in disk configuration
func CreatePartitions ¶
func CreatePartitions(diskDevPath string, disk configuration.Disk, rootEncryption configuration.RootEncryption, readOnlyRootConfig configuration.ReadOnlyVerityRoot, ) (partDevPathMap map[string]string, partIDToFsTypeMap map[string]string, encryptedRoot EncryptedRootDevice, readOnlyRoot VerityDevice, err error)
CreatePartitions creates partitions on the specified disk according to the disk config
func CreateSinglePartition ¶
func CreateSinglePartition(diskDevPath string, partitionNumber int, partitionTableType string, partition configuration.Partition, partType string) (partDevPath string, err error)
CreateSinglePartition creates a single partition based on the partition config
func CreateSparseDisk ¶
CreateSparseDisk creates an empty sparse disk file.
func DetachLoopbackDevice ¶
DetachLoopbackDevice detaches the specified disk
func FormatSinglePartition ¶
func FormatSinglePartition(partDevPath string, partition configuration.Partition, ) (fsType string, err error)
FormatSinglePartition formats the given partition to the type specified in the partition configuration
func GetEncryptedRootVol ¶
func GetEncryptedRootVol() string
GetEncryptedRootVol returns the full root volume name
func GetEncryptedRootVolMapping ¶
func GetEncryptedRootVolMapping() string
GetEncryptedRootVolMapping returns the device mapping path of the root volume
func GetEncryptedRootVolPath ¶
func GetEncryptedRootVolPath() string
GetEncryptedRootVolPath returns the device path of the root volume
func GetLuksMappingName ¶
GetLuksMappingName returns the device name under /dev/mapepr
func InitializeSinglePartition ¶
func InitializeSinglePartition(diskDevPath string, partitionNumber int, partitionTableType string, partition configuration.Partition) (partDevPath string, err error)
InitializeSinglePartition initializes a single partition based on the given partition configuration
func IsEncryptedDevice ¶
IsEncryptedDevice checks if a given device is a luks or LVM encrypted device - devicePath is the device to check
func IsReadOnlyDevice ¶
IsReadOnlyDevice checks if a given device is a dm-verity read-only device - devicePath is the device to check
func SetupLoopbackDevice ¶
SetupLoopbackDevice creates a /dev/loop device for the given disk file
func SizeAndUnitToBytes ¶
SizeAndUnitToBytes takes a friendly representation of a size (for example 100GB) and return the number of bytes it represents.
func WaitForDevicesToSettle ¶
func WaitForDevicesToSettle() error
WaitForDevicesToSettle waits for all udev events to be processed on the system. This can be used to wait for partitions to be discovered after mounting a disk.
func WaitForLoopbackToDetach ¶
Types ¶
type EncryptedRootDevice ¶
EncryptedRootDevice holds settings for an encrypted root partition or disk
type FstabEntry ¶
type FstabEntry struct { Source string `json:"source"` Target string `json:"target"` FsType string `json:"fstype"` Options MountFlags `json:"vfs-options"` FsOptions string `json:"fs-options"` Freq int `json:"freq"` PassNo int `json:"passno"` }
func ReadFstabFile ¶
func ReadFstabFile(fstabPath string) ([]FstabEntry, error)
type InitramfsMount ¶
type InitramfsMount struct {
// contains filtered or unexported fields
}
InitramfsMount represented an editable initramfs
func CreateInitramfs ¶
func CreateInitramfs(initramfsPath string) (initramfs InitramfsMount, err error)
CreateInitramfs creates a new initramfs Caller is responsible for calling initramfs.Close() when finished
func OpenInitramfs ¶
func OpenInitramfs(initramfsPath string) (initramfs InitramfsMount, err error)
OpenInitramfs makes an existing initramfs editable Caller is responsible for calling initramfs.Close() when finished
func (*InitramfsMount) AddFileToInitramfs ¶
func (i *InitramfsMount) AddFileToInitramfs(sourcePath, destPath string) (err error)
AddFileToInitramfs places a single file in the initramfs at the destination path. - sourcePath: Path to file which is to be added - destPath: Final destination in the initramfs
func (*InitramfsMount) Close ¶
func (i *InitramfsMount) Close() (err error)
Close flushes the archives and closes all initramfs resources
type MountFlags ¶
type MountFlags uintptr
func (*MountFlags) UnmarshalJSON ¶
func (f *MountFlags) UnmarshalJSON(b []byte) (err error)
type PartitionInfo ¶
type PartitionInfo struct { Name string `json:"name"` // Example: nbd0p1 Path string `json:"path"` // Example: /dev/nbd0p1 PartitionTypeUuid string `json:"parttype"` // Example: c12a7328-f81f-11d2-ba4b-00a0c93ec93b FileSystemType string `json:"fstype"` // Example: vfat Uuid string `json:"uuid"` // Example: 4BD9-3A78 PartUuid string `json:"partuuid"` // Example: 7b1367a6-5845-43f2-99b1-a742d873f590 Mountpoint string `json:"mountpoint"` // Example: /mnt/os/boot PartLabel string `json:"partlabel"` // Example: boot Type string `json:"type"` // Example: part }
func GetDiskPartitions ¶
func GetDiskPartitions(diskDevPath string) ([]PartitionInfo, error)
type SystemBlockDevice ¶
type SystemBlockDevice struct { DevicePath string // Example: /dev/sda RawDiskSize uint64 // Size in bytes Model string // Example: Virtual Disk }
SystemBlockDevice defines a block device on the host computer
func SystemBlockDevices ¶
func SystemBlockDevices() (systemDevices []SystemBlockDevice, err error)
SystemBlockDevices returns all block devices on the host system.
type VerityDevice ¶
type VerityDevice struct { MappedName string MappedDevice string BackingDevice string FecRoots int ValidateOnBoot bool UseRootHashSignature bool ErrorBehavior string TmpfsOverlays []string TmpfsOverlaySize string TmpfsOverlaysDebugMount string }
VerityDevice represents a device mapper linear device used for a dm-verity read-only partition. - MappedName is the desired device mapper name - MappedDevice is the full path of the created device mapper device - BackingDevice is the underlying file/device which backs the partition - FecRoots is the number of error correcting roots, 0 to omit error correction - ValidateOnBoot will cause a full, user-mode analysis of the verity disk during boot (good for debugging) - UseRootHashSignature indicates a signature file has been included with the verity disk and should be checked - ErrorBehavior is what dm-verity should do in the event of corruption (ignore, panic, restart) - TmpfsOverlays is a list of tmpfs overlays which will be created after the verity partition is mounted - TmpfsOverlaySize is the size argument to pass to the tmpfs mount command (1234, 1234<k,m,g>, 20%) - TmpfsOverlaysDebugMount indicates if the overlays should be made accessible for debugging purposes
func PrepReadOnlyDevice ¶
func PrepReadOnlyDevice(partDevPath string, partition configuration.Partition, readOnlyConfig configuration.ReadOnlyVerityRoot) (readOnlyDevice VerityDevice, err error)
PrepReadOnlyDevice sets up a device mapper linear map. This map will have the correct name of the final verity disk, and can be switched to read-only when the final image is ready for measurement. - partDevPath is the path of the root partition device (likely a loopback device) - partition is the disk configuration - readOnlyConfig is the root read-only settings
func (*VerityDevice) AddRootVerityFilesToInitramfs ¶
func (v *VerityDevice) AddRootVerityFilesToInitramfs(workingFolder, initramfsPath string) (err error)
AddRootVerityFilesToInitramfs adds files needed for a verity root to the initramfs - workingFolder is a temporary folder to extract the initramfs to - initramfsPath is the path to the initramfs
func (*VerityDevice) CleanupVerityDevice ¶
func (v *VerityDevice) CleanupVerityDevice() (err error)
CleanupVerityDevice removes the device mapper linear mapping, but leaves the backing device unchanged
func (*VerityDevice) SwitchDeviceToReadOnly ¶
func (v *VerityDevice) SwitchDeviceToReadOnly(mountPointOrDevice, mountArgs string) (err error)
SwitchDeviceToReadOnly switches the root device linear map to read only Will also re-mount the moint point to respect this. - mountPointOrDevice is either the location of the mount, or the device which was mounted (mount command will take either) - mountArgs are any special mount options used which should continue to be used