state

package

v0.5.0 Latest Latest Go to latest Published: Sep 27, 2024 License: Apache-2.0 Imports: 26 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kairos-io/immucore

Links

Open Source Insights

Documentation ¶

Index ¶

func UKIExtendPCR(extension string) error
type State

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func UKIExtendPCR ¶ added in v0.1.25

func UKIExtendPCR(extension string) error

UKIExtendPCR extends the PCR with the given extension in a graceful way.

Types ¶

type State ¶

type State struct {
	Rootdir       string // where to mount the root partition e.g. /sysroot inside initrd with pivot, / with nopivot
	TargetImage   string // image from the state partition to mount as loop device e.g. /cOS/active.img
	TargetDevice  string // e.g. /dev/disk/by-label/COS_ACTIVE
	RootMountMode string // How to mount the root partition e.g. ro or rw

	// /run/cos-layout.env (different!)
	OverlayDirs  []string          // e.g. /var
	BindMounts   []string          // e.g. /etc/kubernetes
	CustomMounts map[string]string // e.g. diskid : mountpoint
	OverlayBase  string            // Overlay config, defaults to tmpfs:20%
	StateDir     string            // e.g. "/usr/local/.state"
	// contains filtered or unexported fields
}

func (*State) AddToFstab ¶

func (s *State) AddToFstab(tmpFstab *fstab.Mount)

AddToFstab will try to add an entry to the fstab list Will check if the entry exists before adding it to avoid duplicates.

func (*State) CopySysExtensionsDagStep ¶ added in v0.2.0

func (s *State) CopySysExtensionsDagStep(g *herd.Graph, opts ...herd.OpOption) error

CopySysExtensionsDagStep Copies extensions from the EFI partitions to the persistent one so they can be started.

func (*State) ExtractCerts ¶ added in v0.2.0

func (s *State) ExtractCerts(g *herd.Graph, opts ...herd.OpOption) error

func (*State) InitramfsStageDagStep ¶

func (s *State) InitramfsStageDagStep(g *herd.Graph, opts ...herd.OpOption) error

InitramfsStageDagStep will add the rootfs stage.

func (*State) LVMActivation ¶

func (s *State) LVMActivation(g *herd.Graph) error

LVMActivation will try to activate lvm volumes/groups on the system.

func (*State) LoadEnvLayoutDagStep ¶

func (s *State) LoadEnvLayoutDagStep(g *herd.Graph, opts ...herd.OpOption) error

LoadEnvLayoutDagStep will add the stage to load from cos-layout.env and fill the proper CustomMounts, OverlayDirs and BindMounts.

func (*State) LogIfError ¶

func (s *State) LogIfError(e error, msgContext string)

LogIfError will log if there is an error with the given context as message Context can be empty.

func (*State) LogIfErrorAndPanic ¶

func (s *State) LogIfErrorAndPanic(e error, msgContext string)

LogIfErrorAndPanic will log if there is an error with the given context as message Context can be empty Will also panic.

func (*State) LogIfErrorAndReturn ¶

func (s *State) LogIfErrorAndReturn(e error, msgContext string) error

LogIfErrorAndReturn will log if there is an error with the given context as message Context can be empty Will also return the error.

func (*State) MountBaseOverlayDagStep ¶

func (s *State) MountBaseOverlayDagStep(g *herd.Graph, opts ...herd.OpOption) error

MountBaseOverlayDagStep will add mounting /run/overlay as an overlay dir Requires the config-load step because some parameters can come from there.

func (*State) MountCustomBindsDagStep ¶

func (s *State) MountCustomBindsDagStep(g *herd.Graph, opts ...herd.OpOption) error

MountCustomBindsDagStep will add mounting s.BindMounts mount state is defined over a custom mount (/usr/local/.state for instance, needs to be mounted over a device).

func (*State) MountCustomMountsDagStep ¶

func (s *State) MountCustomMountsDagStep(g *herd.Graph, opts ...herd.OpOption) error

MountCustomMountsDagStep will add mounting s.CustomMounts .

func (*State) MountCustomOverlayDagStep ¶

func (s *State) MountCustomOverlayDagStep(g *herd.Graph, opts ...herd.OpOption) error

MountCustomOverlayDagStep will add mounting s.OverlayDirs under /run/overlay .

func (*State) MountOemDagStep ¶

func (s *State) MountOemDagStep(g *herd.Graph, opts ...herd.OpOption) error

MountOemDagStep will add mounting COS_OEM partition under s.Rootdir + /oem .

func (*State) MountRootDagStep ¶

func (s *State) MountRootDagStep(g *herd.Graph) error

MountRootDagStep will add the step to mount the Rootdir for the system 1 - mount the state partition to find the images (active/passive/recovery) 2 - mount the image as a loop device 3 - Mount the labels as /sysroot .

func (*State) MountTmpfsDagStep ¶

func (s *State) MountTmpfsDagStep(g *herd.Graph) error

MountTmpfsDagStep adds the step to mount /tmp .

func (*State) RootfsStageDagStep ¶

func (s *State) RootfsStageDagStep(g *herd.Graph, opts ...herd.OpOption) error

RootfsStageDagStep will add the rootfs stage.

func (*State) RunKcrypt ¶

func (s *State) RunKcrypt(g *herd.Graph, opts ...herd.OpOption) error

RunKcrypt will run the UnlockAll method of kcrypt to unlock the encrypted partitions Requires sysroot to be mounted as the kcrypt-challenger binary is not injected in the initramfs.

func (*State) RunKcryptUpgrade ¶

func (s *State) RunKcryptUpgrade(g *herd.Graph, opts ...herd.OpOption) error

RunKcryptUpgrade will upgrade encrypted partitions created with 1.x to the new 2.x format, where we inspect the uuid of the partition directly to know which label to use for the key As those old installs have an old agent the only way to do it is during the first boot after the upgrade to the newest immucore.

func (*State) RunStageOp ¶

func (s *State) RunStageOp(stage string) func(context.Context) error

RunStageOp runs elemental run-stage stage. If its rootfs its special as it needs som symlinks If its uki we don't symlink as we already have everything in the sysroot.

func (*State) SortedBindMounts ¶

func (s *State) SortedBindMounts() []string

SortedBindMounts returns the nodes with less depth first and in alphabetical order.

func (*State) UKIBootInitDagStep ¶

func (s *State) UKIBootInitDagStep(g *herd.Graph) error

UKIBootInitDagStep tries to launch /sbin/init in root and pass over the system booting to the real init process Drops to emergency if not able to. Panic if it cant even launch emergency.

func (*State) UKILoadKernelModules ¶

func (s *State) UKILoadKernelModules(g *herd.Graph) error

UKILoadKernelModules loads kernel modules needed during uki boot to load the disks for. Mainly block devices and net devices probably others down the line.

func (*State) UKIMountBaseSystem ¶

func (s *State) UKIMountBaseSystem(g *herd.Graph) error

UKIMountBaseSystem mounts the base system for the UKI boot system as when booting in UKI mode we have a blank slate and we need to mount everything Make sure we set the directories as MS_SHARED This is important afterwards when running containers and they get unshared and so on And can lead to rootfs out of boundaries issues for them also it doesnt help when mounting the final rootfs as we want to broke the mounts into it and any submounts.

func (*State) UKIMountESPPartition ¶

func (s *State) UKIMountESPPartition(g *herd.Graph, opts ...herd.OpOption) error

UKIMountESPPartition tries to mount the ESP into /efi Doesnt matter if it fails, its just for niceness.

func (*State) UKIMountLiveCd ¶

func (s *State) UKIMountLiveCd(g *herd.Graph, opts ...herd.OpOption) error

UKIMountLiveCd tries to mount the livecd if we are booting from one into /run/initramfs/live to mimic the same behavior as the livecd on non-uki boot.

func (*State) UKIUdevDaemon ¶

func (s *State) UKIUdevDaemon(g *herd.Graph) error

UKIUdevDaemon launches the udevd daemon and triggers+settles in order to discover devices Needed if we expect to find devices by label...

func (*State) UKIUnlock ¶

func (s *State) UKIUnlock(g *herd.Graph, opts ...herd.OpOption) error

UKIUnlock tries to unlock the disks with the TPM policy.

func (*State) UkiPivotToSysroot ¶ added in v0.1.25

func (s *State) UkiPivotToSysroot(g *herd.Graph) error

UkiPivotToSysroot moves the rootfs to the sysroot and chroots into it Making the /sysroot the new rootfs with a tmpfs fs And moving all the mounts into it and all the files as well.

func (*State) WaitForSysrootDagStep ¶

func (s *State) WaitForSysrootDagStep(g *herd.Graph) error

WaitForSysrootDagStep waits for the s.Rootdir and s.Rootdir/system paths to be there Useful for livecd/netboot as we want to run steps after s.Rootdir is ready but we don't mount it ourselves.

func (*State) WriteDAG ¶

func (s *State) WriteDAG(g *herd.Graph) (out string)

WriteDAG writes the dag.

func (*State) WriteFstab ¶

func (s *State) WriteFstab() func(context.Context) error

func (*State) WriteFstabDagStep ¶

func (s *State) WriteFstabDagStep(g *herd.Graph, opts ...herd.OpOption) error

WriteFstabDagStep will add writing the final fstab file with all the mounts Depends on everything but weak, so it will still try to write.

func (*State) WriteSentinelDagStep ¶

func (s *State) WriteSentinelDagStep(g *herd.Graph, deps ...string) error

WriteSentinelDagStep sets the sentinel file to identify the boot mode. This is used by several things to know in which state they are, for example cloud configs.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL