M7: add verbose mode for debugging

Add -v/--verbose persistent flag that prints debug info to stderr: D-Bus connection status, token plugin directory discovery, unlock method sequencing with per-method success/failure, and full cryptsetup command lines including LD_LIBRARY_PATH. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-24 08:37:08 -07:00
parent e44dd382dd
commit 0c19f94292
5 changed files with 36 additions and 0 deletions
--- a/internal/cryptsetup/cryptsetup.go
+++ b/internal/cryptsetup/cryptsetup.go
@@ -5,6 +5,9 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"strings"
+
+	"git.wntrmute.dev/kyle/arca/internal/verbose"
 )

 // Open opens a LUKS device using cryptsetup with token-based unlock.
@@ -12,6 +15,8 @@ func Open(devicePath, mapperName string) error {
 	args := withTokenPluginEnv([]string{"cryptsetup", "open", devicePath, mapperName, "--token-only"})
 	args = withPrivilege(args)

+	verbose.Printf("exec: %s", strings.Join(args, " "))
+
 	cmd := exec.Command(args[0], args[1:]...)
 	cmd.Stdin = os.Stdin
 	cmd.Stdout = os.Stdout
@@ -101,6 +106,7 @@ func findTokenPluginDir() string {
 	// NixOS stable symlink — survives rebuilds.
 	const nixSystemPath = "/run/current-system/sw/lib/cryptsetup"
 	if hasTokenPlugins(nixSystemPath) {
+		verbose.Printf("token plugin dir: %s", nixSystemPath)
 		return nixSystemPath
 	}

@@ -109,11 +115,13 @@ func findTokenPluginDir() string {
 		if resolved, err := filepath.EvalSymlinks(bin); err == nil {
 			dir := filepath.Join(filepath.Dir(filepath.Dir(resolved)), "lib", "cryptsetup")
 			if hasTokenPlugins(dir) {
+				verbose.Printf("token plugin dir (from systemd-cryptenroll): %s", dir)
 				return dir
 			}
 		}
 	}

+	verbose.Printf("no token plugin directory found")
 	return ""
 }