Merge remote-tracking branch 'origin/main' into tests

Author: desultory

examples/example.toml

@@ -1,5 +1,5 @@
 # This config will decrypt the LUKS volume with uuid "fdf442da-0574-4531-98c7-55227a041f1d", mapping it to "/dev/mapper/root"
-# It will attempt to mount the btrfs volume with label "rootfs" to /mnt/root
+# It will attempt to mount the btrfs volume with label "rootfs" to /target_rootfs
 # It will pull all current kernel modules from lspci -k results
 # It will try to process the cmdline and mount the rootfs based on the root= parameter
 

readme.md

@@ -354,7 +354,7 @@ Similarly `ugrd.kmod.novideo` `nonetwork`, and `nosound` exist to ignore video,
 
 `mounts`: A dictionary containing entries for mounts, with their associated config.
 
-`mounts.root` is predefined to have a destination of `/mnt/root` and defines the root filesystem mount, used by `switch_root`.
+`mounts.root` is predefined to have a destination of `/target_rootfs` and defines the root filesystem mount, used by `switch_root`.
 
 Each mount has the following available parameters:
 
@@ -413,7 +413,7 @@ Importing this module will run `btrfs device scan` and pull btrfs modules.
 * `subvol_selector` (false) The root subvolume will be selected at runtime based on existing subvolumes. Overridden by `root_subvol`.
 * `autodetect_root_subvol` (true) Autodetect the root subvolume, unless `root_subvol` or `subvol_selector` is set. Depends on `hostonly`.
 * `root_subvol` - Set the desired root subvolume.
-* `_base_mount_path` (/mnt/root_base) Sets where the subvolume selector mounts the base filesytem to scan for subvolumes.
+* `_base_mount_path` (/root_base) Sets where the subvolume selector mounts the base filesytem to scan for subvolumes.
 
 ### Cryptographic modules
 
@@ -488,6 +488,7 @@ Cryptsetup global config:
 * `cryptsetup_prompt` (false) Whether or not to prompt the user to press enter before attempting to unlock a device.
 * `cryptsetup_autoretry` (false) Whether or not to automatically retry mount attempts.
 * `cryptsetup_trim` (false) Whether or not to pass `--allow-discards` to cryptsetup (reduces security).
+* `cryptsetup_keyfile_validation` (true) Whether or not to validate that keyfiles should exist at runtime.
 
 ##### Key type definitions
 

src/ugrd/crypto/cryptsetup.py

@@ -1,5 +1,5 @@
 __author__ = 'desultory'
-__version__ = '2.4.2'
+__version__ = '2.5.0'
 
 from zenlib.util import check_dict
 
@@ -49,12 +49,18 @@ def _validate_crypysetup_key(self, key_paramters: dict) -> None:
     key_path = Path(key_paramters['key_file'])
 
     if not key_path.is_file():
-        raise FileNotFoundError("Key file not found: %s" % key_path)
+        if self['cryptsetup_keyfile_validation']:
+            raise FileNotFoundError("Key file not found: %s" % key_path)
+        else:
+            return self.logger.error("Key file not found: %s" % key_path)
 
     key_copy = key_path
     while parent := key_copy.parent:
         if parent == Path('/'):
-            raise ValueError("No mount is defined for external key file: %s" % key_path)
+            if self['cryptsetup_keyfile_validation']:
+                raise ValueError("No mount is defined for external key file: %s" % key_path)
+            else:
+                return self.logger.critical("No mount is defined for external key file: %s" % key_path)
         if str(parent).lstrip('/') in self['mounts']:
             self.logger.debug("Found mount for key file: %s" % parent)
             break

src/ugrd/crypto/cryptsetup.toml

@@ -10,6 +10,8 @@ cryptsetup_retries = 5
 cryptsetup_autoretry = true
 cryptsetup_prompt = true
 
+cryptsetup_keyfile_validation = true
+
 [imports.config_processing]
 "ugrd.crypto.cryptsetup" = [ "_process_cryptsetup_multi", "_process_cryptsetup_key_types_multi" ]
 
@@ -27,6 +29,7 @@ key_command = "cat {key_file} |"
 
 [custom_parameters]
 cryptsetup_key_type = "str"  # The default key type to use for unlocking devices
+cryptsetup_keyfile_validation = "bool"  # Whether to validate the key file
 cryptsetup_key_types = "dict"  # Dict containing key types and their associated mount commands
 cryptsetup_retries = "int"  # Number of times to retry unlocking a device
 cryptsetup_prompt = "bool"  # Whether to prompt the user to press enter before unlocking devices

src/ugrd/fs/btrfs.toml

@@ -1,7 +1,7 @@
 binaries = [ "btrfs" ]
 kmod_init = "btrfs"
 
-_base_mount_path = "/mnt/root_base"
+_base_mount_path = "/root_base"
 subvol_selector = false
 autodetect_root_subvol = true
 

src/ugrd/fs/mounts.toml

@@ -61,7 +61,7 @@ _blkid_info = "dict"  # The blkid information
 # Define the base of the root mount
 [mounts.root]
 options = ['ro']
-destination = "/mnt/root"
+destination = "/target_rootfs"
 
 # Define the default mounts
 # The format is mounts.mount where the mount is the name of the mount