Unfortunately, rsync returns exit code 23 (Partial transfer due to
error) if it cannot write extended attributes (with -X) because the
target file system does not support it, e.g., the FAT EFI system
partition. We need -X because distributions using file system
capabilities and/or SELinux require the extended attributes. But
distributions using SELinux may also have SELinux labels set on files
under /boot/efi, and rsync complains about those. The only clean way
would be to split the rsync into one with -X and --exclude /boot/efi and
a separate one without -X for /boot/efi, but only if /boot/efi is
actually an EFI system partition. For now, this hack will have to do.
See also:
https://bugzilla.redhat.com/show_bug.cgi?id=868755#c50
for the same issue in Anaconda, which uses a similar workaround.
In other words, support:
hidden: false
selected: true
groups.
This was supposed to work according to README.md, but not actually
implemented. Now it should be working.
Since sddm.conf follows the INI format we can use configparser
with a few added options to properly parse the config and write
it out instead of manually parsing each line which is slow and
prone to error.
For eg. The old code would fail to parse a conf which had no
commented out User key but where the user had configured autologin
in Calamares.
Address an old FIXME in
PartitionCoreModule::scanForEfiSystemPartitions(): Check the FlagEsp on
the Partition object (that KPMcore has been supporting since 2.1.0)
instead of running sgdisk.
The manual partitioning setup was already requiring the user to check
the ESP flag for the EFI System Partition. Now the autopartitioning also
sets it directly (a one-line change). The sgdisk call in the bootloader
module is thus no longer necessary (it was only a workaround because
kpmcore < 2.1.0 did not support FlagEsp), so remove that snippet.
This fixes configurations such as NVME disks where splitting boot_device
into boot_device[-1:] and boot_device[:-1] is not the correct split
(because the partition gets a 2-letter suffix) (reported by demmm on
IRC).
* add rd.luks.uuid to GRUB_CMDLINE (fixes unbootable system with dracut --nohostonly, and doesn't affect any other initramfs generators)
* typo
* only write rd.luks.uuid line if dracut is present, and leave other initramfs generators alone :D
* add missing = operator
Add a dracutlukscfg module to write a
/etc/dracut.conf.d/calamares-luks.conf file for LUKS full disk
encryption support with Dracut.
You should run:
* partition
* luksbootkeyfile
* dracutlukscfg
* dracut
in that order (not necessarily in immediate sequence). The
luksopenswaphook module is not used with Dracut.
If we use .replace("'", "'\\''") for escaping, we also need to use
single quotes, not double quotes.
This was broken by the port from '%' to format, which also randomly
changed quoting characters for no good reason. Changing the outer ones
does not matter, but \" or ' within a string is not the same thing!
Added an initramfscfg module to handle pre-configuration for the Debian
update-initramfs, such as installing hooks (needed for luks/FDE support
on Debian-based distros).
Closes#254. (Cherry-picked from the pull request.)
fstab.conf: Add a new "crypttabOptions" option that defaults to "luks".
Document that for Debian and Debian-based distributions, the
setting should be changed to "luks,keyscript=/bin/cat".
main.py: Append the options from the above setting to the end of every
line in crypttab.
At least the "luks" option should always be there, because there may be
different encryption types. The Debian initramfs-tools also require the
Debian-specific keyscript option and will otherwise ignore the keyfile
entirely (see pull request #254).
At least the Debian update-initramfs needs the entry to be there (see
pull request #254). Dracut will probably need it too. And logically, it
should be there.