diff options
| author | Craig Jennings <c@cjennings.net> | 2026-04-27 16:39:38 -0500 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-04-27 16:39:38 -0500 |
| commit | ea494c7d0fc41bb1cab888f92408fab29c190e75 (patch) | |
| tree | 08960ee41a47a5d37863f90b38740bad91dcd8ed /installer/lib | |
| parent | 6dcdf180289823fceda376c67af9d4ea659463a8 (diff) | |
| download | archangel-ea494c7d0fc41bb1cab888f92408fab29c190e75.tar.gz archangel-ea494c7d0fc41bb1cab888f92408fab29c190e75.zip | |
refactor: drop dead configure_luks_grub from Btrfs install path
Problem: configure_luks_grub appended GRUB_ENABLE_CRYPTODISK=y and prepended cryptdevice= to /etc/default/grub during the LUKS-target setup phase, but configure_grub at lib/btrfs.sh:578 does `cat > /etc/default/grub` later in the same install, with a single redirect that overwrites the file. Between the two, only generate_btrfs_fstab and configure_btrfs_initramfs run, neither of which touches /etc/default/grub. So configure_luks_grub's writes never reach the installed system. The live LUKS-cmdline work is configure_grub's own LUKS-enabled block at lib/btrfs.sh:597-627.
Solution: drop configure_luks_grub from btrfs_configure_luks_target and delete the function (no other callers). configure_luks_initramfs stays since it writes to mkinitcpio, not /etc/default/grub.
VM tests on the btrfs-luks path have always been passing because they exercise configure_grub's live block. prepend_grub_cmdline_linux already has bats coverage for the live cmdline path.
Bats: 147, 0 fail. Lint clean.
Diffstat (limited to 'installer/lib')
| -rw-r--r-- | installer/lib/btrfs.sh | 28 |
1 files changed, 0 insertions, 28 deletions
diff --git a/installer/lib/btrfs.sh b/installer/lib/btrfs.sh index 3704c65..0715ba7 100644 --- a/installer/lib/btrfs.sh +++ b/installer/lib/btrfs.sh @@ -229,33 +229,6 @@ configure_luks_initramfs() { info "Added encrypt hook to initramfs." } -configure_luks_grub() { - local partition="$1" - - step "Configuring GRUB for LUKS" - - local uuid - uuid=$(blkid -s UUID -o value "$partition") - - # Enable GRUB cryptodisk support (required for encrypted /boot) - echo "GRUB_ENABLE_CRYPTODISK=y" >> $MNTPOINT/etc/default/grub - - # Add cryptdevice to GRUB cmdline - # For testing mode, also add cryptkey parameter for automated unlock - local cryptkey_param="" - if [[ "${TESTING:-}" == "yes" ]]; then - # rootfs: prefix tells encrypt hook the keyfile is in the initramfs - cryptkey_param="cryptkey=rootfs:$LUKS_KEYFILE " - info "Testing mode: adding cryptkey parameter for automated unlock" - fi - - prepend_grub_cmdline_linux \ - "cryptdevice=UUID=$uuid:$LUKS_MAPPER_NAME:allow-discards ${cryptkey_param}" \ - $MNTPOINT/etc/default/grub - - info "GRUB configured with cryptdevice parameter and cryptodisk enabled." -} - ############################# # Btrfs Pre-flight ############################# @@ -961,7 +934,6 @@ btrfs_configure_luks_target() { [[ "$NO_ENCRYPT" == "yes" ]] && return 0 setup_luks_testing_keyfile "$LUKS_PASSPHRASE" "${_root_parts[@]}" configure_crypttab "${_root_parts[@]}" - configure_luks_grub "${_root_parts[0]}" configure_luks_initramfs } |