aa8a787dfd
Added functionality to run luks-fs-mgr as daemon
service. Included library libdaemon which provides functions and
utilities to daemonize a program.
The daemon function is called to daemonize the program.
The daemon function is provided by libdaemon, and it sets up the
necessary environment for a daemon process. It is called with two
arguments, both set to 0. The first argument is the nochdir
parameter, which tells the function not to change the current
working directory to the root directory ("/").
The second argument is the noclose parameter, which tells the
function not to close standard input, output, and error streams.
Depends on: https://review.opendev.org/c/starlingx/integ/+/898695
Test Plan:
PASSED: build-pkgs -c -p luks-fs-mgr
PASSED: build-image
PASSED: AIO-SX bootstrap
PASSED: binary available at /usr/local/sbin/
PASSED: systemd unit file available at /lib/systemd/system
PASSED: luks_config.json avaiable at /etc/luks-fs-mgr.d/
PASSED: sudo systemctl start luks-fs-mgr
luks-fs-mgr.service - Create and mount encrypted vault using
LUKS
Loaded: loaded (/lib/systemd/system/luks-fs-mgr.service;
enabled; vendor preset: enabled)
Active: active (running) since Fri 2023-10-13 05:58:04 UTC;
1h 34min ago
Main PID: 1770 (luks-fs-mgr)
Tasks: 1 (limit: 28602)
Memory: 2.1M
CPU: 3.422s
CGroup: /system.slice/luks-fs-mgr.service
└─1770 /usr/local/sbin/luks-fs-mgr start
PASSED: sudo systemctl stop luks-fs-mgr
Story: 2010872
Task: 48944
Change-Id: I975409d749fed8f27b291db80fa10223de60b05c
Signed-off-by: Rahul Roshan Kachchap <rahulroshan.kachchap@windriver.com>
34 lines
1.7 KiB
Plaintext
34 lines
1.7 KiB
Plaintext
Source: luks-fs-mgr
|
|
Section: admin
|
|
Priority: optional
|
|
Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
|
|
Build-Depends: debhelper-compat (= 13),
|
|
libjson-c-dev,
|
|
libdaemon-dev
|
|
Standards-Version: 4.5.1
|
|
Homepage: https://www.starlingx.io
|
|
|
|
Package: luks-fs-mgr
|
|
Architecture: any
|
|
Depends: ${misc:Depends}, ${shlibs:Depends}, systemd
|
|
Description: Luks encryption service manager
|
|
The Luks Encryption Service Manager operates as an essential component during
|
|
the boot process and host unlocking, serving as a critical safeguard for data
|
|
on StarlingX. This service is responsible for managing the creation,
|
|
configuration, and utilization of encrypted volumes, all in accordance with
|
|
the Linux Unified Key Setup (LUKS) standard. Its functionality is driven by
|
|
the information provided in the luks_config.json file, which acts as a
|
|
blueprint for configuring the encryption process.
|
|
Upon startup, the service reads the luks_config.json file to extract crucial
|
|
parameters, such as the vault file path, volume size, volume name, and
|
|
mounting path. If the service detects that the encryption volume is already
|
|
open, it unseals it. This step ensures a seamless experience for users, as they
|
|
can quickly access their encrypted data without redundant processes.
|
|
However, if the encryption volume is not open, the service dynamically creates
|
|
one based on the parameters defined in the JSON configuration. It initializes
|
|
the vault file using random data, then proceeds to set up the LUKS encryption
|
|
mechanism and unseals the newly created volume.
|
|
To ensure the highest level of security, the Luks Encryption Service Manager
|
|
employs error handling and logging mechanisms, enabling administrators to
|
|
monitor and troubleshoot any issues that may arise.
|