curtin-dev team mailing list archive

Thread
Date

Re: [Merge] ~ogayot/curtin:encrypted-zpool-requires-cryptsetup into curtin:master

To: mp+490155@xxxxxxxxxxxxxxxxxx
From: Dan Bungert <mp+490155@xxxxxxxxxxxxxxxxxx>
Date: Mon, 04 Aug 2025 13:08:14 -0000
In-reply-to: <175429478601.1703124.7454680694896691136.launchpad@scripts-bzrsyncd.lp.internal>
Reply-to: mp+490155@xxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

Functionally I think this addresses the bug but I think it has false positives on format=zfsroot cases.  Would you address that bit?

Diff comments:

> diff --git a/curtin/block/zfs.py b/curtin/block/zfs.py
> index bb78138..9f4eb8c 100644
> --- a/curtin/block/zfs.py
> +++ b/curtin/block/zfs.py
> @@ -462,6 +462,8 @@ def get_zpool_from_config(cfg):
>      sconfig = cfg['storage']['config']
>      for item in sconfig:
>          if item['type'] == 'zpool':
> +            if only_encrypted and item.get('encryption_style') is None:
> +                continue
>              zpools.append(item['pool'])
>          elif item['type'] == 'format':

the format=zfsroot case will trigger cryptsetup as well, which isn't overly harmful but doesn't strictly require cryptsetup as curtin's built-in zfsroot setup doesn't do encryption.  It would be nice to handle that case.

>              if item['fstype'] == 'zfsroot':


-- 
https://code.launchpad.net/~ogayot/curtin/+git/curtin/+merge/490155
Your team curtin developers is requested to review the proposed merge of ~ogayot/curtin:encrypted-zpool-requires-cryptsetup into curtin:master.

References

[Merge] ~ogayot/curtin:encrypted-zpool-requires-cryptsetup into curtin:master
From: Olivier Gayot, 2025-08-04