From 5c513aee21135248e5481cd4f5584885e289d160 Mon Sep 17 00:00:00 2001
From: Itxaka <itxaka.garcia@spectrocloud.com>
Date: Wed, 24 Jul 2024 15:13:33 +0200
Subject: [PATCH] Allow passing extra args to luks device creation (#418)

---
 go.mod          |  2 +-
 go.sum          |  4 ++--
 pkg/lib/lock.go | 13 +++++++------
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 2be70385..ee7e0f3b 100644
--- a/go.mod
+++ b/go.mod
@@ -38,7 +38,7 @@ require (
 	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
 	github.com/denisbrodbeck/machineid v1.0.1 // indirect
 	github.com/dgryski/go-camellia v0.0.0-20191119043421-69a8a13fb23d // indirect
-	github.com/distribution/reference v0.6.0 // indirect
+	github.com/distribution/reference v0.5.0 // indirect
 	github.com/docker/cli v24.0.0+incompatible // indirect
 	github.com/docker/distribution v2.8.2+incompatible // indirect
 	github.com/docker/docker v27.0.3+incompatible // indirect
diff --git a/go.sum b/go.sum
index 29bf1142..e115bbda 100644
--- a/go.sum
+++ b/go.sum
@@ -69,8 +69,8 @@ github.com/denisbrodbeck/machineid v1.0.1 h1:geKr9qtkB876mXguW2X6TU4ZynleN6ezuMS
 github.com/denisbrodbeck/machineid v1.0.1/go.mod h1:dJUwb7PTidGDeYyUBmXZ2GphQBbjJCrnectwCyxcUSI=
 github.com/dgryski/go-camellia v0.0.0-20191119043421-69a8a13fb23d h1:CPqTNIigGweVPT4CYb+OO2E6XyRKFOmvTHwWRLgCAlE=
 github.com/dgryski/go-camellia v0.0.0-20191119043421-69a8a13fb23d/go.mod h1:QX5ZVULjAfZJux/W62Y91HvCh9hyW6enAwcrrv/sLj0=
-github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
-github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
+github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0=
+github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/docker/cli v24.0.0+incompatible h1:0+1VshNwBQzQAx9lOl+OYCTCEAD8fKs/qeXMx3O0wqM=
 github.com/docker/cli v24.0.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
diff --git a/pkg/lib/lock.go b/pkg/lib/lock.go
index 2ee38183..d9b1208c 100644
--- a/pkg/lib/lock.go
+++ b/pkg/lib/lock.go
@@ -49,7 +49,7 @@ func getRandomString(length int) string {
 // This is because the label of the encrypted partition is not accessible unless
 // the partition is decrypted first and the uuid changed after encryption so
 // any stored information needs to be updated (by the caller).
-func Luksify(label string, logger zerolog.Logger) (string, error) {
+func Luksify(label string, logger zerolog.Logger, argsCreate ...string) (string, error) {
 	var pass string
 
 	// Make sure ghw will see all partitions correctly.
@@ -74,8 +74,9 @@ func Luksify(label string, logger zerolog.Logger) (string, error) {
 
 	mapper := fmt.Sprintf("/dev/mapper/%s", b.Name)
 	device := fmt.Sprintf("/dev/%s", part)
-	partUUID := uuid.NewV5(uuid.NamespaceURL, label)
-	extraArgs := []string{"--uuid", partUUID.String()}
+
+	extraArgs := []string{"--uuid", uuid.NewV5(uuid.NamespaceURL, label).String()}
+	extraArgs = append(extraArgs, argsCreate...)
 
 	if err := CreateLuks(device, pass, extraArgs...); err != nil {
 		logger.Err(err).Msg("create luks")
@@ -105,7 +106,7 @@ func Luksify(label string, logger zerolog.Logger) (string, error) {
 // It can also be used to bind to things like the firmware code or efi drivers that we dont expect to change
 // default for publicKeyPcrs is 11
 // default for pcrs is nothing, so it doesn't bind as we want to expand things like DBX and be able to blacklist certs and such
-func LuksifyMeasurements(label string, publicKeyPcrs []string, pcrs []string, logger zerolog.Logger) error {
+func LuksifyMeasurements(label string, publicKeyPcrs []string, pcrs []string, logger zerolog.Logger, argsCreate ...string) error {
 	// Make sure ghw will see all partitions correctly.
 	// older versions don't have --type=all. Try the simpler version then.
 	out, err := SH("udevadm trigger --type=all || udevadm trigger")
@@ -124,9 +125,9 @@ func LuksifyMeasurements(label string, publicKeyPcrs []string, pcrs []string, lo
 	pass := getRandomString(32)
 	mapper := fmt.Sprintf("/dev/mapper/%s", b.Name)
 	device := fmt.Sprintf("/dev/%s", part)
-	partUUID := uuid.NewV5(uuid.NamespaceURL, label)
 
-	extraArgs := []string{"--uuid", partUUID.String()}
+	extraArgs := []string{"--uuid", uuid.NewV5(uuid.NamespaceURL, label).String()}
+	extraArgs = append(extraArgs, argsCreate...)
 
 	if err := CreateLuks(device, pass, extraArgs...); err != nil {
 		return err