Fixing broken encryption support in GRUB (#724)

* Added multiple `partprobe` calls and added a `.partprobe()` function on partitions, filesystem and blockdevice. * Adding retry attempts to all UUID related operations tied to the boot process * Tweaked logging for mounting and disk related operations * Removed potential SysCall exception disruptor causing exceptions to go by unnoticed * Increased the start position from 1MiB to 5MiB of /boot partition * Optimized the GRUB installation & config code * Improved Partition().uuid to never return None. Instead it will raise an exception if it can't get a PARTUUID within X retries with Y delay per attempt. * Increased sleep timer for partition uuid retrieval, because even with a 3 second sleep it wasn't long enough even on fast devices. * Make GRUB install to /dev/sda instead of /dev/sda1. * Added 10 retries for retreiving PARTUUID with a one second sleep. Instead of increasing the sleep simply add more retries until we find a good balance on slower disks.
author: Anton Hvornum <anton@hvornum.se> 2021-11-17 18:02:20 +0000
committer: GitHub <noreply@github.com> 2021-11-17 19:02:20 +0100
commit: 7d991ecb9f87f863e1e78ce7e2d06c4d2f9568db (patch)
tree: 09c93925204c14165ab1292c688e668c4a02f990 /archinstall/lib/installer.py
parent: 5cc88a74ab79b245e9fbe0c4964a052088a22aea (diff)
1 files changed, 14 insertions, 10 deletions
diff --git a/archinstall/lib/installer.py b/archinstall/lib/installer.py
index 7ac80047..fff62201 100644
--- a/archinstall/lib/installer.py
+++ b/archinstall/lib/installer.py
@@ -174,16 +174,17 @@ class Installer:
 				mountpoints[partition['mountpoint']] = partition
 
 		for mountpoint in sorted(mountpoints.keys()):
-			log(f"Mounting {mountpoint} to {self.target}{mountpoint}", level=logging.INFO)
 			if mountpoints[mountpoint].get('encrypted', False):
 				loopdev = storage.get('ENC_IDENTIFIER', 'ai') + 'loop'
 				if not (password := mountpoints[mountpoint].get('!password', None)):
 					raise RequirementError(f"Missing mountpoint {mountpoint} encryption password in layout: {mountpoints[mountpoint]}")
 
 				with luks2(mountpoints[mountpoint]['device_instance'], loopdev, password, auto_unmount=False) as unlocked_device:
+					log(f"Mounting {mountpoint} to {self.target}{mountpoint} using {unlocked_device}", level=logging.INFO)
 					unlocked_device.mount(f"{self.target}{mountpoint}")
 
 			else:
+				log(f"Mounting {mountpoint} to {self.target}{mountpoint} using {mountpoints[mountpoint]['device_instance']}", level=logging.INFO)
 				mountpoints[mountpoint]['device_instance'].mount(f"{self.target}{mountpoint}")
 
 			time.sleep(1)
@@ -607,25 +608,28 @@ class Installer:
 			self.pacstrap('grub') # no need?
 
 			if real_device := self.detect_encryption(root_partition):
-				_file = "/etc/default/grub"
 				root_uuid = SysCommand(f"blkid -s UUID -o value {real_device.path}").decode().rstrip()
+				_file = "/etc/default/grub"
 				add_to_CMDLINE_LINUX = f"sed -i 's/GRUB_CMDLINE_LINUX=\"\"/GRUB_CMDLINE_LINUX=\"cryptdevice=UUID={root_uuid}:cryptlvm\"/'"
 				enable_CRYPTODISK = "sed -i 's/#GRUB_ENABLE_CRYPTODISK=y/GRUB_ENABLE_CRYPTODISK=y/'"
 
+				log(f"Using UUID {root_uuid} of {real_device} as encrypted root identifier.", level=logging.INFO)
 				SysCommand(f"/usr/bin/arch-chroot {self.target} {add_to_CMDLINE_LINUX} {_file}")
 				SysCommand(f"/usr/bin/arch-chroot {self.target} {enable_CRYPTODISK} {_file}")
 
+			log(f"GRUB uses {boot_partition.path} as the boot partition.", level=logging.INFO)
 			if has_uefi():
-				self.pacstrap('efibootmgr') # TODO: Do we need?
-				SysCommand(f'/usr/bin/arch-chroot {self.target} grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB')
-				SysCommand(f'/usr/bin/arch-chroot {self.target} grub-mkconfig -o /boot/grub/grub.cfg')
-				self.helper_flags['bootloader'] = True
-				return True
+				self.pacstrap('efibootmgr') # TODO: Do we need? Yes, but remove from minimal_installation() instead?
+				if not (handle := SysCommand(f'/usr/bin/arch-chroot {self.target} grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB')).exit_code == 0:
+					raise DiskError(f"Could not install GRUB to {self.target}/boot: {handle}")
 			else:
-				SysCommand(f'/usr/bin/arch-chroot {self.target} grub-install --target=i386-pc --recheck {boot_partition.path}')
-				SysCommand(f'/usr/bin/arch-chroot {self.target} grub-mkconfig -o /boot/grub/grub.cfg')
-				self.helper_flags['bootloader'] = True
+				if not (handle := SysCommand(f'/usr/bin/arch-chroot {self.target} grub-install --target=i386-pc --recheck {boot_partition.parent}')).exit_code == 0:
+					raise DiskError(f"Could not install GRUB to {boot_partition.path}: {handle}")
+
+			if not (handle := SysCommand(f'/usr/bin/arch-chroot {self.target} grub-mkconfig -o /boot/grub/grub.cfg')).exit_code == 0:
+				raise DiskError(f"Could not configure GRUB: {handle}")
 
+			self.helper_flags['bootloader'] = True
 		elif bootloader == 'efistub':
 			self.pacstrap('efibootmgr')
author	Anton Hvornum <anton@hvornum.se>	2021-11-17 18:02:20 +0000
committer	GitHub <noreply@github.com>	2021-11-17 19:02:20 +0100
commit	7d991ecb9f87f863e1e78ce7e2d06c4d2f9568db (patch)
tree	09c93925204c14165ab1292c688e668c4a02f990 /archinstall/lib/installer.py
parent	5cc88a74ab79b245e9fbe0c4964a052088a22aea (diff)