This commit adds support for LUKS2 behind a new `partition.conf` key:
`luksGeneration`.
A bit of context, LUKS2 is the default encryption operating mode since
cryptsetup >= 2.1.0 (See [Arch
wiki](https://wiki.archlinux.org/title/dm-crypt/Device_encryption#Encryption_options_with_dm-crypt).
It is considered more secured and allows additional extensions. It also
comes with Argon2id as the default Password Based Key Derivation
Function (`--pbkdf` option). So it's important to provide this as an
option for Calamares in order to make Linux installs more secure, for
those who wish to encrypt their system.
This commit was tested on a custom Manjaro installer with:
- grub bootloader with the [argon patches](https://aur.archlinux.org/packages/grub-improved-luks2-git).
- [rEFInd](https://wiki.archlinux.org/title/REFInd) bootloader with
unencrypted `/boot` partition because rEFInd [doesn't support booting
from an encrypted volume](https://sourceforge.net/p/refind/discussion/general/thread/400418ac/)
**Important consideration for distribution maintainers**:
- You need to have compile flag `WITH_KPMCORE4API` on
- If you are shipping with grub by default please note that you need to
ship it with the Argon patches. Example on Arch Linux: [grub-improved-luks2-git](https://aur.archlinux.org/packages/grub-improved-luks2-git)
- If `luksGeneration` is not found in partition.conf, it will default to
luks1
- Please test this on your own distribution as this was only tested on
Manjaro installer (see above).
- Put this in a method of its own even though it's used
only once, so we can put a good name on it.
- If there are no FS choices (e.g. the sample settings file)
then there is no combo-box, and the check was crashing.
FIXES#2029
Previously, state() just returned a stored state, which changed
via updateState(). However, when updateState() started taking
visibility-of-the-widget into account, it became possible to
de-sync the *apparent* state of the encryption widget, from the
stored one:
- make an encryption widget, which is not visible
- show it.
Now the stored-state takes visibility into account that is
different (hidden, so we end up with a state of Unconfirmed)
from the apparent value (shown and unchecked).
Move the calculation to state() instead, so whenever queried,
it checks the current checks-and-visibility values. Restore
the previously-reverted bit for accepting LUKS partitions.
SEE #1935
SEE #1953
- a hidden checkbox should not be handled the same as a checkbox
that is checked; if there is a setting that can be checked or
unchecked, it can only be checked when visible.
FIXES#1953
- Improve the messages a bit
- Remove useless variable (it is checking that the switch(choice)
statement covers all the cases; let's leave that to the compiler)
Setting labels (e.g. in manual partitioning) landed some time
ago, but the progress display still shows a raw device path.
Make it more expressive.
FIXES#449FIXES#540
- this makes createBootloaderComboBox obsolete, since that was
an implementation detail for creating the panel.
- add the panel also when doing an alongside install.
- credits to Anubhav, whose PR started this code.
This is a rather clunky implementation of re-check requirements.
"Clunky" because the UI parts are re-created each time, rather
than fishing from a model of checked (or unchecked) requirements.
The Widgets parts should be updated to use a full model, rather
than the recreate-list-of-Widgets implementation they have now.
Unrelated changes pull in a bunch of improvements to the
waiting spinner widget.
Although this is 3rd-party code, it now diverges -- by merging the
stale PR from upstream, and from adding features of our own --
enough that we should not pretend that it is the original 3rdparty
code.
Chase a couple of include paths that called this from 3rdparty/
- _find and _each Doesn't need to be part of the class API
- Rename to *Transform() because that's more in-line with what it
does, applying an operation to the tree.
Reduce warnings by using unsigned consistently; this fights
the KPMCore API (which uses signed sizes for, e.g. sectorSize)
a little, but states more clearly that a disk cannot have a
negative size.
Existing code reinitialized the layout, losing whatever
layout was set in the config. Refactor so that you can
access the partition-layout API, and change the default
FS through that -- which is the point of the code block
here in `doAutopartition()`, to look up the currently-
selected default FS.
Inspired by Santosh's work in #1903, #1759.
By default, calamares renames the label of root partition
to "root" overriding the name specified in partiton.conf
Signed-off-by: Santosh Mahto <santosh.mahto@collabora.com>
Don't do the actual KPM work, but pretend that they were done.
This can be useful -- independently of the existing unsafe-
options and failing partitioning entirely -- for testing
partition layouts in modules following the *partition* one.
- the length parameter to diskDescription() is worse than
useless, because it doesn't say anything about what will
be done if there's more than one disk.
- if nothing is selected (index -1, which now shows the placeholder), the text is empty
- if something has been entered, return it (e.g. if the user is typing)
- if something is selected, the text gets set to that anyway
The warning about the mount point -- that it was in-use or
invalid -- had been separated from the drop-down by the
FSLabel field. Move it back, rename the variable for
clarity while we're at it.
- make the boxes expand, rather than stick to a minimum
size that doesn't align with other boxes in the dialog,
and which may be too small to contain the text they display.
There is a mismatch between how the configuration interprets
*initialSwapChoice* when it is not a valid choice, and how
the UI interprets it. If you e.g. do not have a *userSwapChoices*
setting at all, whatever *initialSwapChoice* is set is interpreted
by the UI as "suspend".
Avoid that by putting the choice in the configuration and
warning the user (which ought to be a warning to the distro).
FIXES#1881
This is the infrastructure bit; if someone can come up with a way
of **meaningfully** detecting support, the detection function can
be given a better implementation.
FIXES#1725
