fix: update systemd-cryptsetup path for snap environments#505
Open
gabelluardo wants to merge 2 commits intocanonical:masterfrom
Open
fix: update systemd-cryptsetup path for snap environments#505gabelluardo wants to merge 2 commits intocanonical:masterfrom
gabelluardo wants to merge 2 commits intocanonical:masterfrom
Conversation
gabelluardo
force-pushed
the
fix-cryptsetup-path
branch
from
9a5e9fd to
64a9ec9
Compare
didrocks
reviewed
Feb 10, 2026
internal/luks2/activate.go
Outdated
| var ( | ||
| systemdCryptsetupPath = "/lib/systemd/systemd-cryptsetup" | ||
| systemdCryptsetupPath string | ||
| once sync.Once |
There was a problem hiding this comment.
I would rename this once to link it to systemdCryptsetupPath, to show that both are related.
However, I would remove that until we have demonstrated that getting an environment has a high cost compared to fork/exec in a subprocess.
internal/luks2/export_test.go
Outdated
| func MockSystemdCryptsetupPath(path string) (restore func()) { | ||
| origSystemdCryptsetupPath := systemdCryptsetupPath | ||
| systemdCryptsetupPath = path | ||
| origFn := getSystemdCryptsetupPath |
There was a problem hiding this comment.
nitpick: I would just use orig (you generally don’t suffix with the variable type name)
internal/luks2/activate.go
Outdated
| ) | ||
|
|
||
| func defaultSystemdCryptsetupPath() string { | ||
| once.Do(func() { |
There was a problem hiding this comment.
Suggested change
| once.Do(func() { | |
| root := "/" | |
| if p := os.Getenv("SNAP"); p != "" { | |
| root = p | |
| } | |
| return filepath.Join(root, "lib", "systemd", "systemd-cryptsetup") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In
snap-tpmctl, the application run within a strictly confined snap, making the hardcoded path tosystemd-cryptsetupinaccessible. While this was previously addressed with a workaround, this PR implements a cleaner and more robust solution to resolve the binary path dinamically.