@@ -32,6 +32,8 @@ use crate::task::Task;
3232// This ensures we end up under 512 to be small-sized.
3333pub ( crate ) const BOOTPN_SIZE_MB : u32 = 510 ;
3434pub ( crate ) const EFIPN_SIZE_MB : u32 = 512 ;
35+ /// The GPT type for "linux"
36+ pub ( crate ) const LINUX_PARTTYPE : & str = "0FC63DAF-8483-4772-8E79-3D69D8477DE4" ;
3537
3638#[ derive( clap:: ValueEnum , Debug , Copy , Clone , PartialEq , Eq , Serialize , Deserialize ) ]
3739#[ serde( rename_all = "kebab-case" ) ]
@@ -307,7 +309,7 @@ pub(crate) fn install_create_rootfs(
307309 rootpn,
308310 root_size,
309311 "root" ,
310- Some ( "0FC63DAF-8483-4772-8E79-3D69D8477DE4" ) ,
312+ Some ( LINUX_PARTTYPE ) ,
311313 ) ;
312314 sgdisk. run ( ) . context ( "Failed to run sgdisk" ) ?;
313315 tracing:: debug!( "Created partition table" ) ;
@@ -326,24 +328,18 @@ pub(crate) fn install_create_rootfs(
326328 // we're targeting, but this is a simple coarse hammer.
327329 crate :: blockdev:: udev_settle ( ) ?;
328330
329- // Now inspect the partitioned device again so we can find the names of the child devices.
330- let device_partitions = crate :: blockdev:: list_dev ( & devpath) ?
331- . children
332- . ok_or_else ( || anyhow:: anyhow!( "Failed to find children after partitioning" ) ) ?;
333- // Given a partition number, return the path to its device.
334- let findpart = |idx : u32 | -> Result < String > {
335- // checked_sub is here because our partition numbers start at 1, but the vec starts at 0
336- let devpath = device_partitions
337- . get ( idx. checked_sub ( 1 ) . unwrap ( ) as usize )
338- . ok_or_else ( || anyhow:: anyhow!( "Missing partition for index {idx}" ) ) ?
339- . path ( ) ;
340- Ok ( devpath)
341- } ;
342-
343- let base_rootdev = findpart ( rootpn) ?;
331+ // Re-read what we wrote into structured information
332+ let base_partitions = & crate :: blockdev:: partitions_of ( & devpath) ?;
344333
334+ let root_partition = base_partitions. find_partno ( rootpn) ?;
335+ if root_partition. parttype . as_str ( ) != LINUX_PARTTYPE {
336+ anyhow:: bail!(
337+ "root partition {partno} has type {}; expected {LINUX_PARTTYPE}" ,
338+ root_partition. parttype. as_str( )
339+ ) ;
340+ }
345341 let ( rootdev, root_blockdev_kargs) = match block_setup {
346- BlockSetup :: Direct => ( base_rootdev , None ) ,
342+ BlockSetup :: Direct => ( root_partition . node . to_owned ( ) , None ) ,
347343 BlockSetup :: Tpm2Luks => {
348344 let uuid = uuid:: Uuid :: new_v4 ( ) . to_string ( ) ;
349345 // This will be replaced via --wipe-slot=all when binding to tpm below
@@ -354,21 +350,23 @@ pub(crate) fn install_create_rootfs(
354350 let tmp_keyfile = tmp_keyfile. path ( ) ;
355351 let dummy_passphrase_input = Some ( dummy_passphrase. as_bytes ( ) ) ;
356352
353+ let root_devpath = root_partition. path ( ) ;
354+
357355 Task :: new ( "Initializing LUKS for root" , "cryptsetup" )
358356 . args ( [ "luksFormat" , "--uuid" , uuid. as_str ( ) , "--key-file" ] )
359357 . args ( [ tmp_keyfile] )
360- . args ( [ base_rootdev . as_str ( ) ] )
358+ . args ( [ root_devpath ] )
361359 . run ( ) ?;
362360 // The --wipe-slot=all removes our temporary passphrase, and binds to the local TPM device.
363361 // We also use .verbose() here as the details are important/notable.
364362 Task :: new ( "Enrolling root device with TPM" , "systemd-cryptenroll" )
365363 . args ( [ "--wipe-slot=all" , "--tpm2-device=auto" , "--unlock-key-file" ] )
366364 . args ( [ tmp_keyfile] )
367- . args ( [ base_rootdev . as_str ( ) ] )
365+ . args ( [ root_devpath ] )
368366 . verbose ( )
369367 . run_with_stdin_buf ( dummy_passphrase_input) ?;
370368 Task :: new ( "Opening root LUKS device" , "cryptsetup" )
371- . args ( [ "luksOpen" , base_rootdev . as_str ( ) , luks_name] )
369+ . args ( [ "luksOpen" , root_devpath . as_str ( ) , luks_name] )
372370 . run ( ) ?;
373371 let rootdev = format ! ( "/dev/mapper/{luks_name}" ) ;
374372 let kargs = vec ! [
@@ -381,12 +379,15 @@ pub(crate) fn install_create_rootfs(
381379
382380 // Initialize the /boot filesystem
383381 let bootdev = if let Some ( bootpn) = boot_partno {
384- Some ( findpart ( bootpn) ?)
382+ Some ( base_partitions . find_partno ( bootpn) ?)
385383 } else {
386384 None
387385 } ;
388- let boot_uuid = if let Some ( bootdev) = bootdev. as_deref ( ) {
389- Some ( mkfs ( bootdev, root_filesystem, "boot" , [ ] ) . context ( "Initializing /boot" ) ?)
386+ let boot_uuid = if let Some ( bootdev) = bootdev {
387+ Some (
388+ mkfs ( bootdev. node . as_str ( ) , root_filesystem, "boot" , [ ] )
389+ . context ( "Initializing /boot" ) ?,
390+ )
390391 } else {
391392 None
392393 } ;
@@ -416,23 +417,23 @@ pub(crate) fn install_create_rootfs(
416417 let bootfs = rootfs. join ( "boot" ) ;
417418 // Create the underlying mount point directory, which should be labeled
418419 crate :: lsm:: ensure_dir_labeled ( & target_rootfs, "boot" , None , 0o755 . into ( ) , sepolicy) ?;
419- if let Some ( bootdev) = bootdev. as_deref ( ) {
420- mount:: mount ( bootdev, & bootfs) ?;
420+ if let Some ( bootdev) = bootdev {
421+ mount:: mount ( bootdev. node . as_str ( ) , & bootfs) ?;
421422 }
422423 // And we want to label the root mount of /boot
423424 crate :: lsm:: ensure_dir_labeled ( & target_rootfs, "boot" , None , 0o755 . into ( ) , sepolicy) ?;
424425
425426 // Create the EFI system partition, if applicable
426427 if let Some ( esp_partno) = esp_partno {
427- let espdev = & findpart ( esp_partno) ?;
428+ let espdev = base_partitions . find_partno ( esp_partno) ?;
428429 Task :: new ( "Creating ESP filesystem" , "mkfs.fat" )
429- . args ( [ espdev. as_str ( ) , "-n" , "EFI-SYSTEM" ] )
430+ . args ( [ espdev. node . as_str ( ) , "-n" , "EFI-SYSTEM" ] )
430431 . verbose ( )
431432 . quiet_output ( )
432433 . run ( ) ?;
433434 let efifs_path = bootfs. join ( crate :: bootloader:: EFI_DIR ) ;
434435 std:: fs:: create_dir ( & efifs_path) . context ( "Creating efi dir" ) ?;
435- mount:: mount ( espdev, & efifs_path) ?;
436+ mount:: mount ( espdev. node . as_str ( ) , & efifs_path) ?;
436437 }
437438
438439 let luks_device = match block_setup {
0 commit comments