From ea029ed3f9b1bd63c878d42649c29b3ba8ba249b Mon Sep 17 00:00:00 2001
From: Anton Hvornum <anton@hvornum.se>
Date: Mon, 27 Feb 2023 09:39:48 +0100
Subject: Patch for 1557 (#1645)

* Attempting a retry-attempt on the broken part of lsblk

* Improved logging

* Adding a retry to Partition._call_lsblk()

* Added error checks if lsblk returns nothing, also handles empty Partition().info instance.

* Added missing check of disk encryption is None or not.

* Added tweak to catching output from lsblk.stderr

* Added missing check of disk encryption is None or not.

* Fixed a logic test for empty lsblk info

* Fixed instances of None being interated

* Added some errro handling for weird block devices

* Fixed flake8

* Added /etc/vconsole.conf generation in Installer.mkinitcpio() as it's a dependency for it to generate properly without errors. Otherwise we'll get ==> ERRROR: file not found: '/etc/vconsole.conf'

* Prep for tagging RC1 of 2.5.3

* Corrected helpers.py get_blockdevice_info() to deal with empty lsblk results
---
 archinstall/lib/installer.py | 52 +++++++++++++++++++++-----------------------
 1 file changed, 25 insertions(+), 27 deletions(-)

(limited to 'archinstall/lib/installer.py')

diff --git a/archinstall/lib/installer.py b/archinstall/lib/installer.py
index 1926f593..43542bc3 100644
--- a/archinstall/lib/installer.py
+++ b/archinstall/lib/installer.py
@@ -198,7 +198,7 @@ class Installer:
 	def _create_keyfile(self,luks_handle , partition :dict, password :str):
 		""" roiutine to create keyfiles, so it can be moved elsewhere
 		"""
-		if self._disk_encryption.generate_encryption_file(partition):
+		if self._disk_encryption and self._disk_encryption.generate_encryption_file(partition):
 			if not (cryptkey_dir := pathlib.Path(f"{self.target}/etc/cryptsetup-keys.d")).exists():
 				cryptkey_dir.mkdir(parents=True)
 			# Once we store the key as ../xyzloop.key systemd-cryptsetup can automatically load this key
@@ -246,20 +246,21 @@ class Installer:
 		mount_queue = {}
 
 		# we manage the encrypted partititons
-		for partition in self._disk_encryption.partitions:
-			# open the luks device and all associate stuff
-			loopdev = f"{storage.get('ENC_IDENTIFIER', 'ai')}{pathlib.Path(partition['device_instance'].path).name}"
-
-			# note that we DON'T auto_unmount (i.e. close the encrypted device so it can be used
-			with (luks_handle := luks2(partition['device_instance'], loopdev, self._disk_encryption.encryption_password, auto_unmount=False)) as unlocked_device:
-				if self._disk_encryption.generate_encryption_file(partition) and not self._has_root(partition):
-					list_luks_handles.append([luks_handle, partition, self._disk_encryption.encryption_password])
-				# this way all the requesrs will be to the dm_crypt device and not to the physical partition
-				partition['device_instance'] = unlocked_device
-
-			if self._has_root(partition) and self._disk_encryption.generate_encryption_file(partition) is False:
-				if self._disk_encryption.hsm_device:
-					Fido2.fido2_enroll(self._disk_encryption.hsm_device, partition['device_instance'], self._disk_encryption.encryption_password)
+		if self._disk_encryption:
+			for partition in self._disk_encryption.partitions:
+				# open the luks device and all associate stuff
+				loopdev = f"{storage.get('ENC_IDENTIFIER', 'ai')}{pathlib.Path(partition['device_instance'].path).name}"
+
+				# note that we DON'T auto_unmount (i.e. close the encrypted device so it can be used
+				with (luks_handle := luks2(partition['device_instance'], loopdev, self._disk_encryption.encryption_password, auto_unmount=False)) as unlocked_device:
+					if self._disk_encryption.generate_encryption_file(partition) and not self._has_root(partition):
+						list_luks_handles.append([luks_handle, partition, self._disk_encryption.encryption_password])
+					# this way all the requesrs will be to the dm_crypt device and not to the physical partition
+					partition['device_instance'] = unlocked_device
+
+				if self._has_root(partition) and self._disk_encryption.generate_encryption_file(partition) is False:
+					if self._disk_encryption.hsm_device:
+						Fido2.fido2_enroll(self._disk_encryption.hsm_device, partition['device_instance'], self._disk_encryption.encryption_password)
 
 		btrfs_subvolumes = [entry for entry in list_part if entry.get('btrfs', {}).get('subvolumes', [])]
 
@@ -292,7 +293,7 @@ class Installer:
 			else:
 				mount_queue[mountpoint] = lambda instance=partition['device_instance'], target=f"{self.target}{mountpoint}": instance.mount(target)
 
-		log(f"Using mount order: {list(sorted(mount_queue.items(), key=lambda item: item[0]))}", level=logging.INFO, fg="white")
+		log(f"Using mount order: {list(sorted(mount_queue.items(), key=lambda item: item[0]))}", level=logging.DEBUG, fg="white")
 
 		# We mount everything by sorting on the mountpoint itself.
 		for mountpoint, frozen_func in sorted(mount_queue.items(), key=lambda item: item[0]):
@@ -641,12 +642,17 @@ class Installer:
 				if plugin.on_mkinitcpio(self):
 					return True
 
+		# mkinitcpio will error out if there's no vconsole.
+		if (vconsole := pathlib.Path(f"{self.target}/etc/vconsole.conf")).exists() is False:
+			with vconsole.open('w') as fh:
+				fh.write(f"KEYMAP={storage['arguments']['keyboard-layout']}\n")
+
 		with open(f'{self.target}/etc/mkinitcpio.conf', 'w') as mkinit:
 			mkinit.write(f"MODULES=({' '.join(self.MODULES)})\n")
 			mkinit.write(f"BINARIES=({' '.join(self.BINARIES)})\n")
 			mkinit.write(f"FILES=({' '.join(self.FILES)})\n")
 
-			if not self._disk_encryption.hsm_device:
+			if self._disk_encryption and not self._disk_encryption.hsm_device:
 				# For now, if we don't use HSM we revert to the old
 				# way of setting up encryption hooks for mkinitcpio.
 				# This is purely for stability reasons, we're going away from this.
@@ -690,7 +696,7 @@ class Installer:
 					self.HOOKS.remove('fsck')
 
 			if self.detect_encryption(partition):
-				if self._disk_encryption.hsm_device:
+				if self._disk_encryption and self._disk_encryption.hsm_device:
 					# Required bby mkinitcpio to add support for fido2-device options
 					self.pacstrap('libfido2')
 
@@ -754,14 +760,6 @@ class Installer:
 		# TODO: Use python functions for this
 		SysCommand(f'/usr/bin/arch-chroot {self.target} chmod 700 /root')
 
-		if self._disk_encryption.hsm_device:
-			# TODO:
-			# A bit of a hack, but we need to get vconsole.conf in there
-			# before running `mkinitcpio` because it expects it in HSM mode.
-			if (vconsole := pathlib.Path(f"{self.target}/etc/vconsole.conf")).exists() is False:
-				with vconsole.open('w') as fh:
-					fh.write(f"KEYMAP={storage['arguments']['keyboard-layout']}\n")
-
 		self.mkinitcpio('-P')
 
 		self.helper_flags['base'] = True
@@ -882,7 +880,7 @@ class Installer:
 
 					kernel_options = f"options"
 
-					if self._disk_encryption.hsm_device:
+					if self._disk_encryption and self._disk_encryption.hsm_device:
 						# Note: lsblk UUID must be used, not PARTUUID for sd-encrypt to work
 						kernel_options += f" rd.luks.name={real_device.uuid}=luksdev"
 						# Note: tpm2-device and fido2-device don't play along very well:
-- 
cgit v1.2.3-70-g09d2