fix: wipe disk by signatures

smira · smira · commit 4d44306dd148 · 2026-01-21T16:22:53.000+04:00
Fixes #12491 In (almost) all places we previously used `FastWipe`, use instead a helper which will try to discover filesystem/partition signatures, and wipe them. This fixes the issue when a partition re-created in the same place might already hit a scenario when the "old" filesystem is discovered in the same place. Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com> (cherry picked from commit 5127ef7)
diff --git a/internal/app/machined/pkg/controllers/block/internal/volumes/partition.go b/internal/app/machined/pkg/controllers/block/internal/volumes/partition.go
@@ -17,6 +17,7 @@ import (
 	"github.com/siderolabs/go-blockdevice/v2/partitioning/gpt"
 	"go.uber.org/zap"
 
+	"github.com/siderolabs/talos/internal/pkg/partition"
 	"github.com/siderolabs/talos/pkg/machinery/resources/block"
 )
 
@@ -101,7 +102,7 @@ func CreatePartition(ctx context.Context, logger *zap.Logger, diskPath string, v
 
 	defer partitionDev.Close() //nolint:errcheck
 
-	if err = partitionDev.FastWipe(); err != nil {
+	if err = partition.WipeWithSignatures(partitionDev, partitionDevName, logger.Sugar().Debugf); err != nil {
 		return CreatePartitionResult{}, xerrors.NewTaggedf[Retryable]("error wiping partition: %w", err)
 	}
 
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go b/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go
@@ -1125,7 +1125,11 @@ func ResetSystemDisk(_ runtime.Sequence, data any) (runtime.TaskExecutionFunc, s
 
 				defer dev.Close() //nolint:errcheck
 
-				return dev.FastWipe()
+				if err = partition.WipeWithSignatures(dev, devPath, logger.Printf); err != nil {
+					return err
+				}
+
+				return nil
 			}(systemDiskPath); err != nil {
 				return fmt.Errorf("failed to wipe system disk %s: %w", systemDiskPath, err)
 			}
@@ -1163,7 +1167,11 @@ func ResetUserDisks(_ runtime.Sequence, data any) (runtime.TaskExecutionFunc, st
 
 			logger.Printf("wiping user disk %s", deviceName)
 
-			return dev.FastWipe()
+			if err = partition.WipeWithSignatures(dev, deviceName, logger.Printf); err != nil {
+				return err
+			}
+
+			return nil
 		}
 
 		for _, deviceName := range in.GetUserDisksToWipe() {
diff --git a/internal/app/maintenance/server.go b/internal/app/maintenance/server.go
@@ -27,6 +27,7 @@ import (
 	"github.com/siderolabs/talos/internal/app/resources"
 	storaged "github.com/siderolabs/talos/internal/app/storaged"
 	"github.com/siderolabs/talos/internal/pkg/configuration"
+	"github.com/siderolabs/talos/internal/pkg/partition"
 	"github.com/siderolabs/talos/pkg/grpc/middleware/authz"
 	"github.com/siderolabs/talos/pkg/machinery/api/machine"
 	"github.com/siderolabs/talos/pkg/machinery/api/storage"
@@ -273,7 +274,7 @@ func (s *Server) Reset(ctx context.Context, in *machine.ResetRequest) (*machine.
 
 	defer dev.Close() //nolint:errcheck
 
-	if err = dev.FastWipe(); err != nil {
+	if err = partition.WipeWithSignatures(dev, systemDisk.DevPath, log.Printf); err != nil {
 		return nil, err
 	}
 
@@ -290,8 +291,7 @@ func (s *Server) Reset(ctx context.Context, in *machine.ResetRequest) (*machine.
 
 			log.Printf("wiping user disk %s", deviceName)
 
-			err = dev.FastWipe()
-			if err != nil {
+			if err = partition.WipeWithSignatures(dev, deviceName, log.Printf); err != nil {
 				return nil, err
 			}
 		}
diff --git a/internal/app/storaged/server.go b/internal/app/storaged/server.go
@@ -11,19 +11,17 @@ import (
 	"log"
 	"path/filepath"
 	"slices"
-	"strings"
 
 	"github.com/cosi-project/runtime/pkg/safe"
 	"github.com/cosi-project/runtime/pkg/state"
-	"github.com/siderolabs/gen/xslices"
-	"github.com/siderolabs/go-blockdevice/v2/blkid"
 	blockdev "github.com/siderolabs/go-blockdevice/v2/block"
 	"github.com/siderolabs/go-blockdevice/v2/partitioning/gpt"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/emptypb"
 
 	"github.com/siderolabs/talos/internal/app/machined/pkg/runtime"
+	"github.com/siderolabs/talos/internal/pkg/partition"
 	"github.com/siderolabs/talos/pkg/machinery/api/storage"
 	"github.com/siderolabs/talos/pkg/machinery/resources/block"
 )
@@ -305,31 +303,8 @@ func (s *Server) wipeDevice(deviceName string, method storage.BlockDeviceWipeDes
 	case storage.BlockDeviceWipeDescriptor_FAST:
 		log.Printf("wiping block device %q with fast method", deviceName)
 
-		info, err := blkid.Probe(bd.File(), blkid.WithSkipLocking(true))
-		if err == nil && info != nil && len(info.SignatureRanges) > 0 { // probe successful, wipe by signatures
-			if err = bd.FastWipe(xslices.Map(info.SignatureRanges, func(r blkid.SignatureRange) blockdev.Range {
-				return blockdev.Range(r)
-			})...); err != nil {
-				return status.Errorf(codes.Internal, "failed to wipe block device %q: %v", deviceName, err)
-			}
-
-			log.Printf("block device %q wiped by ranges: %s",
-				deviceName,
-				strings.Join(
-					xslices.Map(info.SignatureRanges,
-						func(r blkid.SignatureRange) string {
-							return fmt.Sprintf("%d-%d", r.Offset, r.Offset+r.Size)
-						},
-					),
-					", ",
-				),
-			)
-		} else { // probe failed, use default fast wipe
-			if err = bd.FastWipe(); err != nil {
-				return status.Errorf(codes.Internal, "failed to wipe block device %q: %v", deviceName, err)
-			}
-
-			log.Printf("block device %q wiped with fast method", deviceName)
+		if err = partition.WipeWithSignatures(bd, deviceName, log.Printf); err != nil {
+			return status.Error(codes.Internal, err.Error())
 		}
 	default:
 		return status.Errorf(codes.InvalidArgument, "unsupported wipe method %s", method)
diff --git a/internal/integration/api/update-hostname.go b/internal/integration/api/update-hostname.go
@@ -137,31 +137,11 @@ func (suite *UpdateHostnameSuite) TestUpdateHostname() {
 }
 
 func (suite *UpdateHostnameSuite) updateHostname(nodeCtx context.Context, newHostname string) {
-	// [TODO]: this should be dropped once Terraform Provider is updated for Talos 1.12
-	// do a negative patch removing v1alpha1 hostname-related config
-	// In "normal" tests config is generated without hostname v1alpha1 parts,
-	// but when the cluster is generated via Terraform, it uses outdated machinery and
-	// generates config with v1alpha1 hostname parts.
-	v1alpha1Drop := map[string]any{
-		"machine": map[string]any{
-			"network": map[string]any{
-				"hostname": map[string]any{
-					"$patch": "delete",
-				},
-			},
-			"features": map[string]any{
-				"stableHostname": map[string]any{
-					"$patch": "delete",
-				},
-			},
-		},
-	}
-
 	hostnameConfig := network.NewHostnameConfigV1Alpha1()
 	hostnameConfig.ConfigAuto = pointer.To(nethelpers.AutoHostnameKindOff)
 	hostnameConfig.ConfigHostname = newHostname
 
-	suite.PatchMachineConfig(nodeCtx, v1alpha1Drop, hostnameConfig)
+	suite.PatchMachineConfig(nodeCtx, hostnameConfig)
 }
 
 func init() {
diff --git a/internal/pkg/partition/helpers.go b/internal/pkg/partition/helpers.go
@@ -0,0 +1,59 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+package partition
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/siderolabs/gen/xslices"
+	"github.com/siderolabs/go-blockdevice/v2/blkid"
+	"github.com/siderolabs/go-blockdevice/v2/block"
+)
+
+// WipeWithSignatures wipes the given block device by its signatures (if available)
+// and falls back to fast wipe otherwise.
+//
+// The function assumes that the caller locked properly the block device (or the parent
+// device in case of partitions) before calling it.
+//
+// If non-nil log function is passed, it will be used to log the wipe process.
+func WipeWithSignatures(bd *block.Device, deviceName string, log func(string, ...any)) error {
+	info, err := blkid.Probe(bd.File(), blkid.WithSkipLocking(true))
+	if err == nil && info != nil && len(info.SignatureRanges) > 0 { // probe successful, wipe by signatures
+		if err = bd.FastWipe(xslices.Map(info.SignatureRanges, func(r blkid.SignatureRange) block.Range {
+			return block.Range(r)
+		})...); err != nil {
+			return fmt.Errorf("failed to wipe block device %q: %v", deviceName, err)
+		}
+
+		if log != nil {
+			log("block device %q wiped by ranges: %s",
+				deviceName,
+				strings.Join(
+					xslices.Map(info.SignatureRanges,
+						func(r blkid.SignatureRange) string {
+							return fmt.Sprintf("%d-%d", r.Offset, r.Offset+r.Size)
+						},
+					),
+					", ",
+				),
+			)
+		}
+
+		return nil
+	}
+
+	// probe failed or no signatures found, fast wipe
+	if err = bd.FastWipe(); err != nil {
+		return fmt.Errorf("failed to wipe block device %q: %v", deviceName, err)
+	}
+
+	if log != nil {
+		log("block device %q wiped with fast method", deviceName)
+	}
+
+	return nil
+}
diff --git a/internal/pkg/partition/wipe.go b/internal/pkg/partition/wipe.go
@@ -107,7 +107,7 @@ func (v *VolumeWipeTarget) wipeWithParentLocked(log func(string, ...any)) error
 
 	log("wiping volume %q (%s)", v.GetLabel(), v.devName)
 
-	return bd.FastWipe()
+	return WipeWithSignatures(bd, v.devName, log)
 }
 
 func (v *VolumeWipeTarget) dropWithParentLocked(parentBd *block.Device, log func(string, ...any)) error {

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@ import (`
`17`	`17`	`"github.com/siderolabs/go-blockdevice/v2/partitioning/gpt"`
`18`	`18`	`"go.uber.org/zap"`
`19`	`19`
	`20`	`+ "github.com/siderolabs/talos/internal/pkg/partition"`
`20`	`21`	`"github.com/siderolabs/talos/pkg/machinery/resources/block"`
`21`	`22`	`)`
`22`	`23`
`@@ -101,7 +102,7 @@ func CreatePartition(ctx context.Context, logger *zap.Logger, diskPath string, v`
`101`	`102`
`102`	`103`	`defer partitionDev.Close() //nolint:errcheck`
`103`	`104`
`104`		`- if err = partitionDev.FastWipe(); err != nil {`
	`105`	`+ if err = partition.WipeWithSignatures(partitionDev, partitionDevName, logger.Sugar().Debugf); err != nil {`
`105`	`106`	`return CreatePartitionResult{}, xerrors.NewTaggedf[Retryable]("error wiping partition: %w", err)`
`106`	`107`	`}`
`107`	`108`
Original file line number	Diff line number	Diff line change
`@@ -107,7 +107,7 @@ func (v *VolumeWipeTarget) wipeWithParentLocked(log func(string, ...any)) error`
`107`	`107`
`108`	`108`	`log("wiping volume %q (%s)", v.GetLabel(), v.devName)`
`109`	`109`
`110`		`- return bd.FastWipe()`
	`110`	`+ return WipeWithSignatures(bd, v.devName, log)`
`111`	`111`	`}`
`112`	`112`
`113`	`113`	`func (v VolumeWipeTarget) dropWithParentLocked(parentBd block.Device, log func(string, ...any)) error {`