This commit adds support for LUKS2 behind a new `partition.conf` key:
`luksGeneration`.
A bit of context, LUKS2 is the default encryption operating mode since
cryptsetup >= 2.1.0 (See [Arch
wiki](https://wiki.archlinux.org/title/dm-crypt/Device_encryption#Encryption_options_with_dm-crypt).
It is considered more secured and allows additional extensions. It also
comes with Argon2id as the default Password Based Key Derivation
Function (`--pbkdf` option). So it's important to provide this as an
option for Calamares in order to make Linux installs more secure, for
those who wish to encrypt their system.
This commit was tested on a custom Manjaro installer with:
- grub bootloader with the [argon patches](https://aur.archlinux.org/packages/grub-improved-luks2-git).
- [rEFInd](https://wiki.archlinux.org/title/REFInd) bootloader with
unencrypted `/boot` partition because rEFInd [doesn't support booting
from an encrypted volume](https://sourceforge.net/p/refind/discussion/general/thread/400418ac/)
**Important consideration for distribution maintainers**:
- You need to have compile flag `WITH_KPMCORE4API` on
- If you are shipping with grub by default please note that you need to
ship it with the Argon patches. Example on Arch Linux: [grub-improved-luks2-git](https://aur.archlinux.org/packages/grub-improved-luks2-git)
- If `luksGeneration` is not found in partition.conf, it will default to
luks1
- Please test this on your own distribution as this was only tested on
Manjaro installer (see above).
Setting labels (e.g. in manual partitioning) landed some time
ago, but the progress display still shows a raw device path.
Make it more expressive.
FIXES#449FIXES#540
- Use the Calamares support-functions for running lsblk and mount
(these might need to have privilege support if Cala is not
running as root, so this is future-proofing)
- use hex-trailer
- while here, convert DebugRow to use a copy rather than a reference,
to avoid dangling references when applied to temporaries
- convert *partition* module to use the RedactedNames
- Strings were being used as logical values, and then logged
(which should be in English) and also used in the UI (which
should be localized). Replace with a MessageAndPath class,
used only locally, that defers the translation until called-
upon explicitly.
- Replace some VG stuff with similar calls to apply().
Returning partition full-paths instead of only the block-device-name
simplifies later code -- which would prepend /dev/ to the block-
device-name and umount that.
- the tryX() functions weirdly return a string that is used for
debug-logging. Document that. The untranslated string is
later used for user-facing messages. Mark that as FIXME.
- factor out the loop-over-names-and-append to news, because that
makes the overall story of what is happening hard to read.
- all calls to tryCryptoClose() called tryUnmount() first, so
put that call inside tryCryptoClose(), so the interface is simpler.
