2017-11-18 17:09:20 +01:00
/* SPDX-License-Identifier: LGPL-2.1+ */
2016-12-01 20:25:26 +01:00
2019-11-11 17:57:45 +01:00
# if HAVE_VALGRIND_MEMCHECK_H
# include <valgrind/memcheck.h>
# endif
2019-04-10 12:55:53 +02:00
# include <linux/dm-ioctl.h>
# include <linux/loop.h>
2016-12-01 20:25:26 +01:00
# include <sys/mount.h>
2017-11-14 23:22:46 +01:00
# include <sys/prctl.h>
# include <sys/wait.h>
2020-07-29 15:16:27 +02:00
# include <sysexits.h>
2016-12-01 20:25:26 +01:00
2018-08-22 06:57:36 +02:00
# include "sd-device.h"
2018-01-11 00:39:12 +01:00
# include "sd-id128.h"
2016-12-01 20:25:26 +01:00
# include "architecture.h"
2016-12-05 16:26:48 +01:00
# include "ask-password-api.h"
2016-12-01 20:25:26 +01:00
# include "blkid-util.h"
2017-12-22 15:22:59 +01:00
# include "blockdev-util.h"
2017-11-14 23:22:46 +01:00
# include "copy.h"
2017-11-02 09:16:47 +01:00
# include "crypt-util.h"
2017-11-14 23:22:46 +01:00
# include "def.h"
2017-10-31 09:37:15 +01:00
# include "device-nodes.h"
2018-08-28 09:05:35 +02:00
# include "device-util.h"
2016-12-01 20:25:26 +01:00
# include "dissect-image.h"
2018-12-23 19:19:51 +01:00
# include "dm-util.h"
2018-11-30 22:08:41 +01:00
# include "env-file.h"
2016-12-05 16:26:48 +01:00
# include "fd-util.h"
2016-12-23 17:10:42 +01:00
# include "fileio.h"
2016-12-23 11:09:47 +01:00
# include "fs-util.h"
2020-01-29 19:13:24 +01:00
# include "fsck-util.h"
2016-12-01 20:25:26 +01:00
# include "gpt.h"
2016-12-23 17:10:42 +01:00
# include "hexdecoct.h"
2017-11-14 23:22:46 +01:00
# include "hostname-util.h"
# include "id128-util.h"
2020-07-28 18:16:19 +02:00
# include "mkdir.h"
2016-12-01 20:25:26 +01:00
# include "mount-util.h"
2018-11-30 21:05:27 +01:00
# include "mountpoint-util.h"
2020-07-28 18:16:19 +02:00
# include "namespace-util.h"
2019-03-14 13:14:33 +01:00
# include "nulstr-util.h"
2018-03-26 16:32:40 +02:00
# include "os-util.h"
2016-12-01 20:25:26 +01:00
# include "path-util.h"
2017-11-14 23:22:46 +01:00
# include "process-util.h"
# include "raw-clone.h"
# include "signal-util.h"
2016-12-01 20:25:26 +01:00
# include "stat-util.h"
2016-12-05 16:26:48 +01:00
# include "stdio-util.h"
2016-12-01 20:25:26 +01:00
# include "string-table.h"
# include "string-util.h"
2016-12-23 11:09:47 +01:00
# include "strv.h"
2018-11-30 21:05:27 +01:00
# include "tmpfile-util.h"
2018-12-13 16:39:05 +01:00
# include "udev-util.h"
2017-11-28 16:46:26 +01:00
# include "user-util.h"
2016-12-23 17:38:12 +01:00
# include "xattr-util.h"
2016-12-01 20:25:26 +01:00
2017-11-21 18:56:52 +01:00
int probe_filesystem ( const char * node , char * * ret_fstype ) {
2017-11-30 12:09:36 +01:00
/* Try to find device content type and return it in *ret_fstype. If nothing is found,
2019-04-27 02:22:40 +02:00
* 0 / NULL will be returned . - EUCLEAN will be returned for ambiguous results , and an
2017-11-30 12:09:36 +01:00
* different error otherwise . */
2017-10-03 10:41:51 +02:00
# if HAVE_BLKID
tree-wide: drop redundant _cleanup_ macros (#8810)
This drops a good number of type-specific _cleanup_ macros, and patches
all users to just use the generic ones.
In most recent code we abstained from defining type-specific macros, and
this basically removes all those added already, with the exception of
the really low-level ones.
Having explicit macros for this is not too useful, as the expression
without the extra macro is generally just 2ch wider. We should generally
emphesize generic code, unless there are really good reasons for
specific code, hence let's follow this in this case too.
Note that _cleanup_free_ and similar really low-level, libc'ish, Linux
API'ish macros continue to be defined, only the really high-level OO
ones are dropped. From now on this should really be the rule: for really
low-level stuff, such as memory allocation, fd handling and so one, go
ahead and define explicit per-type macros, but for high-level, specific
program code, just use the generic _cleanup_() macro directly, in order
to keep things simple and as readable as possible for the uninitiated.
Note that before this patch some of the APIs (notable libudev ones) were
already used with the high-level macros at some places and with the
generic _cleanup_ macro at others. With this patch we hence unify on the
latter.
2018-04-25 12:31:45 +02:00
_cleanup_ ( blkid_free_probep ) blkid_probe b = NULL ;
2016-12-05 16:26:48 +01:00
const char * fstype ;
int r ;
2017-11-24 21:31:47 +01:00
errno = 0 ;
2016-12-05 16:26:48 +01:00
b = blkid_new_probe_from_filename ( node ) ;
if ( ! b )
2019-07-11 15:42:14 +02:00
return errno_or_else ( ENOMEM ) ;
2016-12-05 16:26:48 +01:00
blkid_probe_enable_superblocks ( b , 1 ) ;
blkid_probe_set_superblocks_flags ( b , BLKID_SUBLKS_TYPE ) ;
errno = 0 ;
r = blkid_do_safeprobe ( b ) ;
2017-11-30 12:09:36 +01:00
if ( r = = 1 ) {
log_debug ( " No type detected on partition %s " , node ) ;
2016-12-05 16:26:48 +01:00
goto not_found ;
}
2020-05-18 18:30:49 +02:00
if ( r = = - 2 )
return log_debug_errno ( SYNTHETIC_ERRNO ( EUCLEAN ) ,
" Results ambiguous for partition %s " , node ) ;
2017-02-21 22:41:33 +01:00
if ( r ! = 0 )
2019-07-11 15:42:14 +02:00
return errno_or_else ( EIO ) ;
2016-12-05 16:26:48 +01:00
( void ) blkid_probe_lookup_value ( b , " TYPE " , & fstype , NULL ) ;
if ( fstype ) {
char * t ;
t = strdup ( fstype ) ;
if ( ! t )
return - ENOMEM ;
* ret_fstype = t ;
return 1 ;
}
not_found :
* ret_fstype = NULL ;
return 0 ;
2017-04-19 01:05:05 +02:00
# else
return - EOPNOTSUPP ;
2017-04-01 05:21:20 +02:00
# endif
2017-04-19 01:05:05 +02:00
}
2016-12-05 16:26:48 +01:00
2018-05-16 12:40:07 +02:00
# if HAVE_BLKID
2018-04-03 14:51:18 +02:00
/* Detect RPMB and Boot partitions, which are not listed by blkid.
* See https : //github.com/systemd/systemd/issues/5806. */
2018-08-22 06:57:36 +02:00
static bool device_is_mmc_special_partition ( sd_device * d ) {
2018-04-05 13:03:37 +02:00
const char * sysname ;
2018-12-19 18:16:41 +01:00
assert ( d ) ;
2018-08-22 06:57:36 +02:00
if ( sd_device_get_sysname ( d , & sysname ) < 0 )
return false ;
return startswith ( sysname , " mmcblk " ) & &
2018-04-04 09:05:56 +02:00
( endswith ( sysname , " rpmb " ) | | endswith ( sysname , " boot0 " ) | | endswith ( sysname , " boot1 " ) ) ;
2018-04-03 14:51:18 +02:00
}
2018-08-22 06:57:36 +02:00
static bool device_is_block ( sd_device * d ) {
2018-04-05 13:03:37 +02:00
const char * ss ;
2018-12-19 18:16:41 +01:00
assert ( d ) ;
2018-08-22 06:57:36 +02:00
if ( sd_device_get_subsystem ( d , & ss ) < 0 )
2018-04-05 13:03:37 +02:00
return false ;
return streq ( ss , " block " ) ;
}
2018-12-13 13:28:58 +01:00
static int enumerator_for_parent ( sd_device * d , sd_device_enumerator * * ret ) {
_cleanup_ ( sd_device_enumerator_unrefp ) sd_device_enumerator * e = NULL ;
int r ;
2018-12-19 18:16:41 +01:00
assert ( d ) ;
assert ( ret ) ;
2018-12-13 13:28:58 +01:00
r = sd_device_enumerator_new ( & e ) ;
if ( r < 0 )
return r ;
r = sd_device_enumerator_allow_uninitialized ( e ) ;
if ( r < 0 )
return r ;
r = sd_device_enumerator_add_match_parent ( e , d ) ;
if ( r < 0 )
return r ;
* ret = TAKE_PTR ( e ) ;
return 0 ;
}
/* how many times to wait for the device nodes to appear */
# define N_DEVICE_NODE_LIST_ATTEMPTS 10
static int wait_for_partitions_to_appear (
int fd ,
sd_device * d ,
unsigned num_partitions ,
2018-12-19 17:17:35 +01:00
DissectImageFlags flags ,
2018-12-13 13:28:58 +01:00
sd_device_enumerator * * ret_enumerator ) {
_cleanup_ ( sd_device_enumerator_unrefp ) sd_device_enumerator * e = NULL ;
sd_device * q ;
unsigned n ;
int r ;
2018-12-19 18:16:41 +01:00
assert ( fd > = 0 ) ;
assert ( d ) ;
assert ( ret_enumerator ) ;
2018-12-13 13:28:58 +01:00
r = enumerator_for_parent ( d , & e ) ;
if ( r < 0 )
return r ;
/* Count the partitions enumerated by the kernel */
n = 0 ;
FOREACH_DEVICE ( e , q ) {
if ( sd_device_get_devnum ( q , NULL ) < 0 )
continue ;
if ( ! device_is_block ( q ) )
continue ;
if ( device_is_mmc_special_partition ( q ) )
continue ;
2018-12-19 17:17:35 +01:00
if ( ! FLAGS_SET ( flags , DISSECT_IMAGE_NO_UDEV ) ) {
2019-06-01 18:01:31 +02:00
r = device_wait_for_initialization ( q , " block " , USEC_INFINITY , NULL ) ;
2018-12-19 17:17:35 +01:00
if ( r < 0 )
return r ;
}
2018-12-13 16:39:05 +01:00
2018-12-13 13:28:58 +01:00
n + + ;
}
if ( n = = num_partitions + 1 ) {
* ret_enumerator = TAKE_PTR ( e ) ;
return 0 ; /* success! */
}
if ( n > num_partitions + 1 )
return log_debug_errno ( SYNTHETIC_ERRNO ( EIO ) ,
" blkid and kernel partition lists do not match. " ) ;
/* The kernel has probed fewer partitions than blkid? Maybe the kernel prober is still running or it
* got EBUSY because udev already opened the device . Let ' s reprobe the device , which is a synchronous
* call that waits until probing is complete . */
for ( unsigned j = 0 ; ; j + + ) {
if ( j + + > 20 )
return - EBUSY ;
if ( ioctl ( fd , BLKRRPART , 0 ) > = 0 )
break ;
r = - errno ;
if ( r = = - EINVAL ) {
2020-08-06 10:35:29 +02:00
/* If we are running on a block device that has partition scanning off, return an
* explicit recognizable error about this , so that callers can generate a proper
* message explaining the situation . */
2018-12-13 13:28:58 +01:00
2020-08-06 10:35:29 +02:00
r = blockdev_partscan_enabled ( fd ) ;
if ( r < 0 )
return r ;
if ( r = = 0 )
return log_debug_errno ( EPROTONOSUPPORT ,
" Device is a loop device and partition scanning is off! " ) ;
2019-11-11 17:57:45 +01:00
2020-08-06 10:35:29 +02:00
return - EINVAL ; /* original error */
2018-12-13 13:28:58 +01:00
}
if ( r ! = - EBUSY )
return r ;
/* If something else has the device open, such as an udev rule, the ioctl will return
* EBUSY . Since there ' s no way to wait until it isn ' t busy anymore , let ' s just wait a bit ,
* and try again .
*
* This is really something they should fix in the kernel ! */
( void ) usleep ( 50 * USEC_PER_MSEC ) ;
}
return - EAGAIN ; /* no success yet, try again */
}
static int loop_wait_for_partitions_to_appear (
int fd ,
sd_device * d ,
unsigned num_partitions ,
2018-12-19 17:17:35 +01:00
DissectImageFlags flags ,
2018-12-13 13:28:58 +01:00
sd_device_enumerator * * ret_enumerator ) {
2018-12-13 16:39:05 +01:00
_cleanup_ ( sd_device_unrefp ) sd_device * device = NULL ;
2018-12-13 13:28:58 +01:00
int r ;
2018-12-19 18:16:41 +01:00
assert ( fd > = 0 ) ;
assert ( d ) ;
assert ( ret_enumerator ) ;
2018-12-13 14:35:15 +01:00
log_debug ( " Waiting for device (parent + %d partitions) to appear... " , num_partitions ) ;
2018-12-19 17:17:35 +01:00
if ( ! FLAGS_SET ( flags , DISSECT_IMAGE_NO_UDEV ) ) {
2019-06-01 18:01:31 +02:00
r = device_wait_for_initialization ( d , " block " , USEC_INFINITY , & device ) ;
2018-12-19 17:17:35 +01:00
if ( r < 0 )
return r ;
} else
device = sd_device_ref ( d ) ;
2018-12-13 16:39:05 +01:00
2018-12-13 13:28:58 +01:00
for ( unsigned i = 0 ; i < N_DEVICE_NODE_LIST_ATTEMPTS ; i + + ) {
2018-12-19 17:17:35 +01:00
r = wait_for_partitions_to_appear ( fd , device , num_partitions , flags , ret_enumerator ) ;
2018-12-13 13:28:58 +01:00
if ( r ! = - EAGAIN )
return r ;
}
return log_debug_errno ( SYNTHETIC_ERRNO ( ENXIO ) ,
" Kernel partitions dit not appear within %d attempts " ,
N_DEVICE_NODE_LIST_ATTEMPTS ) ;
}
2020-01-29 18:08:36 +01:00
static void check_partition_flags (
const char * node ,
unsigned long long pflags ,
unsigned long long supported ) {
assert ( node ) ;
/* Mask away all flags supported by this partition's type and the three flags the UEFI spec defines generically */
pflags & = ~ ( supported | GPT_FLAG_REQUIRED_PARTITION | GPT_FLAG_NO_BLOCK_IO_PROTOCOL | GPT_FLAG_LEGACY_BIOS_BOOTABLE ) ;
if ( pflags = = 0 )
return ;
/* If there are other bits set, then log about it, to make things discoverable */
for ( unsigned i = 0 ; i < sizeof ( pflags ) * 8 ; i + + ) {
unsigned long long bit = 1ULL < < i ;
if ( ! FLAGS_SET ( pflags , bit ) )
continue ;
log_debug ( " Unexpected partition flag %llu set on %s! " , bit , node ) ;
}
}
2018-05-16 12:40:07 +02:00
# endif
2018-04-05 13:03:37 +02:00
2018-03-21 12:10:01 +01:00
int dissect_image (
int fd ,
const void * root_hash ,
size_t root_hash_size ,
2020-05-29 18:51:20 +02:00
const char * verity_data ,
2020-06-29 14:19:31 +02:00
const MountOptions * mount_options ,
2018-03-21 12:10:01 +01:00
DissectImageFlags flags ,
DissectedImage * * ret ) {
2016-12-01 20:25:26 +01:00
2017-10-03 10:41:51 +02:00
# if HAVE_BLKID
2016-12-07 18:28:13 +01:00
sd_id128_t root_uuid = SD_ID128_NULL , verity_uuid = SD_ID128_NULL ;
2018-08-22 06:57:36 +02:00
_cleanup_ ( sd_device_enumerator_unrefp ) sd_device_enumerator * e = NULL ;
2016-12-01 20:25:26 +01:00
bool is_gpt , is_mbr , generic_rw , multiple_generic = false ;
2018-08-22 06:57:36 +02:00
_cleanup_ ( sd_device_unrefp ) sd_device * d = NULL ;
2016-12-01 20:25:26 +01:00
_cleanup_ ( dissected_image_unrefp ) DissectedImage * m = NULL ;
tree-wide: drop redundant _cleanup_ macros (#8810)
This drops a good number of type-specific _cleanup_ macros, and patches
all users to just use the generic ones.
In most recent code we abstained from defining type-specific macros, and
this basically removes all those added already, with the exception of
the really low-level ones.
Having explicit macros for this is not too useful, as the expression
without the extra macro is generally just 2ch wider. We should generally
emphesize generic code, unless there are really good reasons for
specific code, hence let's follow this in this case too.
Note that _cleanup_free_ and similar really low-level, libc'ish, Linux
API'ish macros continue to be defined, only the really high-level OO
ones are dropped. From now on this should really be the rule: for really
low-level stuff, such as memory allocation, fd handling and so one, go
ahead and define explicit per-type macros, but for high-level, specific
program code, just use the generic _cleanup_() macro directly, in order
to keep things simple and as readable as possible for the uninitiated.
Note that before this patch some of the APIs (notable libudev ones) were
already used with the high-level macros at some places and with the
generic _cleanup_ macro at others. With this patch we hence unify on the
latter.
2018-04-25 12:31:45 +02:00
_cleanup_ ( blkid_free_probep ) blkid_probe b = NULL ;
2016-12-01 20:25:26 +01:00
_cleanup_free_ char * generic_node = NULL ;
2016-12-15 17:17:43 +01:00
sd_id128_t generic_uuid = SD_ID128_NULL ;
2016-12-09 18:39:15 +01:00
const char * pttype = NULL ;
2016-12-01 20:25:26 +01:00
blkid_partlist pl ;
int r , generic_nr ;
struct stat st ;
2018-08-22 06:57:36 +02:00
sd_device * q ;
2016-12-01 20:25:26 +01:00
unsigned i ;
assert ( fd > = 0 ) ;
assert ( ret ) ;
2016-12-07 18:28:13 +01:00
assert ( root_hash | | root_hash_size = = 0 ) ;
2020-05-29 18:51:20 +02:00
assert ( ! ( ( flags & DISSECT_IMAGE_GPT_ONLY ) & & ( flags & DISSECT_IMAGE_NO_PARTITION_TABLE ) ) ) ;
2016-12-01 20:25:26 +01:00
/* Probes a disk image, and returns information about what it found in *ret.
*
2016-12-07 18:28:13 +01:00
* Returns - ENOPKG if no suitable partition table or file system could be found .
* Returns - EADDRNOTAVAIL if a root hash was specified but no matching root / verity partitions found . */
if ( root_hash ) {
/* If a root hash is supplied, then we use the root partition that has a UUID that match the first
* 128 bit of the root hash . And we use the verity partition that has a UUID that match the final
* 128 bit . */
if ( root_hash_size < sizeof ( sd_id128_t ) )
return - EINVAL ;
memcpy ( & root_uuid , root_hash , sizeof ( sd_id128_t ) ) ;
memcpy ( & verity_uuid , ( const uint8_t * ) root_hash + root_hash_size - sizeof ( sd_id128_t ) , sizeof ( sd_id128_t ) ) ;
if ( sd_id128_is_null ( root_uuid ) )
return - EINVAL ;
if ( sd_id128_is_null ( verity_uuid ) )
return - EINVAL ;
}
2016-12-01 20:25:26 +01:00
if ( fstat ( fd , & st ) < 0 )
return - errno ;
if ( ! S_ISBLK ( st . st_mode ) )
return - ENOTBLK ;
b = blkid_new_probe ( ) ;
if ( ! b )
return - ENOMEM ;
errno = 0 ;
r = blkid_probe_set_device ( b , fd , 0 , 0 ) ;
2017-02-21 22:41:33 +01:00
if ( r ! = 0 )
2019-07-11 15:42:14 +02:00
return errno_or_else ( ENOMEM ) ;
2016-12-01 20:25:26 +01:00
2016-12-09 18:39:15 +01:00
if ( ( flags & DISSECT_IMAGE_GPT_ONLY ) = = 0 ) {
/* Look for file system superblocks, unless we only shall look for GPT partition tables */
blkid_probe_enable_superblocks ( b , 1 ) ;
blkid_probe_set_superblocks_flags ( b , BLKID_SUBLKS_TYPE | BLKID_SUBLKS_USAGE ) ;
}
2016-12-01 20:25:26 +01:00
blkid_probe_enable_partitions ( b , 1 ) ;
blkid_probe_set_partitions_flags ( b , BLKID_PARTS_ENTRY_DETAILS ) ;
errno = 0 ;
r = blkid_do_safeprobe ( b ) ;
2019-01-23 16:59:57 +01:00
if ( IN_SET ( r , - 2 , 1 ) )
return log_debug_errno ( SYNTHETIC_ERRNO ( ENOPKG ) , " Failed to identify any partition table. " ) ;
2017-02-21 22:41:33 +01:00
if ( r ! = 0 )
2019-07-11 15:42:14 +02:00
return errno_or_else ( EIO ) ;
2016-12-01 20:25:26 +01:00
m = new0 ( DissectedImage , 1 ) ;
if ( ! m )
return - ENOMEM ;
2018-12-13 14:35:15 +01:00
r = sd_device_new_from_devnum ( & d , ' b ' , st . st_rdev ) ;
if ( r < 0 )
return r ;
2020-05-29 18:51:20 +02:00
if ( ( ! ( flags & DISSECT_IMAGE_GPT_ONLY ) & &
( flags & DISSECT_IMAGE_REQUIRE_ROOT ) ) | |
( flags & DISSECT_IMAGE_NO_PARTITION_TABLE ) ) {
2016-12-09 18:39:15 +01:00
const char * usage = NULL ;
2016-12-01 20:25:26 +01:00
2016-12-09 18:39:15 +01:00
( void ) blkid_probe_lookup_value ( b , " USAGE " , & usage , NULL ) ;
if ( STRPTR_IN_SET ( usage , " filesystem " , " crypto " ) ) {
2020-06-29 14:19:31 +02:00
_cleanup_free_ char * t = NULL , * n = NULL , * o = NULL ;
const char * fstype = NULL , * options = NULL ;
2016-12-01 20:25:26 +01:00
2016-12-09 18:39:15 +01:00
/* OK, we have found a file system, that's our root partition then. */
( void ) blkid_probe_lookup_value ( b , " TYPE " , & fstype , NULL ) ;
2016-12-01 20:25:26 +01:00
2016-12-09 18:39:15 +01:00
if ( fstype ) {
t = strdup ( fstype ) ;
if ( ! t )
return - ENOMEM ;
}
2018-06-29 16:49:23 +02:00
r = device_path_make_major_minor ( st . st_mode , st . st_rdev , & n ) ;
if ( r < 0 )
return r ;
2016-12-01 20:25:26 +01:00
2020-05-29 18:51:20 +02:00
m - > single_file_system = true ;
m - > verity = root_hash & & verity_data ;
m - > can_verity = ! ! verity_data ;
2020-06-29 14:19:31 +02:00
options = mount_options_from_part ( mount_options , 0 ) ;
if ( options ) {
o = strdup ( options ) ;
if ( ! o )
return - ENOMEM ;
}
2016-12-09 18:39:15 +01:00
m - > partitions [ PARTITION_ROOT ] = ( DissectedPartition ) {
. found = true ,
2020-05-29 18:51:20 +02:00
. rw = ! m - > verity ,
2016-12-09 18:39:15 +01:00
. partno = - 1 ,
. architecture = _ARCHITECTURE_INVALID ,
2018-04-05 07:26:26 +02:00
. fstype = TAKE_PTR ( t ) ,
. node = TAKE_PTR ( n ) ,
2020-06-29 14:19:31 +02:00
. mount_options = TAKE_PTR ( o ) ,
2016-12-09 18:39:15 +01:00
} ;
2016-12-01 20:25:26 +01:00
2018-10-09 13:50:55 +02:00
m - > encrypted = streq_ptr ( fstype , " crypto_LUKS " ) ;
2016-12-05 16:26:48 +01:00
2020-06-03 20:47:39 +02:00
/* Even on a single partition we need to wait for udev to create the
* / dev / block / X : Y symlink to / dev / loopZ */
r = loop_wait_for_partitions_to_appear ( fd , d , 0 , flags , & e ) ;
if ( r < 0 )
return r ;
2018-04-05 07:26:26 +02:00
* ret = TAKE_PTR ( m ) ;
2016-12-01 20:25:26 +01:00
2016-12-09 18:39:15 +01:00
return 0 ;
}
2016-12-01 20:25:26 +01:00
}
( void ) blkid_probe_lookup_value ( b , " PTTYPE " , & pttype , NULL ) ;
if ( ! pttype )
return - ENOPKG ;
is_gpt = streq_ptr ( pttype , " gpt " ) ;
is_mbr = streq_ptr ( pttype , " dos " ) ;
2016-12-09 18:39:15 +01:00
if ( ! is_gpt & & ( ( flags & DISSECT_IMAGE_GPT_ONLY ) | | ! is_mbr ) )
2016-12-01 20:25:26 +01:00
return - ENOPKG ;
errno = 0 ;
pl = blkid_probe_get_partitions ( b ) ;
2017-02-21 22:41:33 +01:00
if ( ! pl )
2019-07-11 15:42:14 +02:00
return errno_or_else ( ENOMEM ) ;
2016-12-01 20:25:26 +01:00
2018-12-19 17:17:35 +01:00
r = loop_wait_for_partitions_to_appear ( fd , d , blkid_partlist_numof_partitions ( pl ) , flags , & e ) ;
2018-12-13 13:28:58 +01:00
if ( r < 0 )
return r ;
2016-12-01 20:25:26 +01:00
2018-08-28 09:05:35 +02:00
FOREACH_DEVICE ( e , q ) {
2016-12-09 18:39:15 +01:00
unsigned long long pflags ;
2016-12-01 20:25:26 +01:00
blkid_partition pp ;
2018-04-03 14:51:18 +02:00
const char * node ;
2016-12-01 20:25:26 +01:00
dev_t qn ;
int nr ;
2018-08-22 06:57:36 +02:00
r = sd_device_get_devnum ( q , & qn ) ;
if ( r < 0 )
2016-12-01 20:25:26 +01:00
continue ;
if ( st . st_rdev = = qn )
continue ;
2018-04-05 13:03:37 +02:00
if ( ! device_is_block ( q ) )
continue ;
2018-04-03 14:51:18 +02:00
if ( device_is_mmc_special_partition ( q ) )
2017-06-22 17:40:50 +02:00
continue ;
2018-08-22 06:57:36 +02:00
r = sd_device_get_devname ( q , & node ) ;
if ( r < 0 )
2016-12-01 20:25:26 +01:00
continue ;
pp = blkid_partlist_devno_to_partition ( pl , qn ) ;
if ( ! pp )
continue ;
2016-12-09 18:39:15 +01:00
pflags = blkid_partition_get_flags ( pp ) ;
2016-12-01 20:25:26 +01:00
nr = blkid_partition_get_partno ( pp ) ;
if ( nr < 0 )
continue ;
if ( is_gpt ) {
int designator = _PARTITION_DESIGNATOR_INVALID , architecture = _ARCHITECTURE_INVALID ;
2016-12-07 18:28:13 +01:00
const char * stype , * sid , * fstype = NULL ;
sd_id128_t type_id , id ;
2016-12-01 20:25:26 +01:00
bool rw = true ;
2016-12-07 18:28:13 +01:00
sid = blkid_partition_get_uuid ( pp ) ;
if ( ! sid )
continue ;
if ( sd_id128_from_string ( sid , & id ) < 0 )
continue ;
2016-12-01 20:25:26 +01:00
stype = blkid_partition_get_type_string ( pp ) ;
if ( ! stype )
continue ;
if ( sd_id128_from_string ( stype , & type_id ) < 0 )
continue ;
if ( sd_id128_equal ( type_id , GPT_HOME ) ) {
2017-02-08 04:10:48 +01:00
2020-01-29 18:08:36 +01:00
check_partition_flags ( node , pflags , GPT_FLAG_NO_AUTO | GPT_FLAG_READ_ONLY ) ;
2017-02-08 04:10:48 +01:00
if ( pflags & GPT_FLAG_NO_AUTO )
continue ;
2016-12-01 20:25:26 +01:00
designator = PARTITION_HOME ;
2016-12-09 18:39:15 +01:00
rw = ! ( pflags & GPT_FLAG_READ_ONLY ) ;
2016-12-01 20:25:26 +01:00
} else if ( sd_id128_equal ( type_id , GPT_SRV ) ) {
2017-02-08 04:10:48 +01:00
2020-01-29 18:08:36 +01:00
check_partition_flags ( node , pflags , GPT_FLAG_NO_AUTO | GPT_FLAG_READ_ONLY ) ;
2017-02-08 04:10:48 +01:00
if ( pflags & GPT_FLAG_NO_AUTO )
continue ;
2016-12-01 20:25:26 +01:00
designator = PARTITION_SRV ;
2016-12-09 18:39:15 +01:00
rw = ! ( pflags & GPT_FLAG_READ_ONLY ) ;
2016-12-01 20:25:26 +01:00
} else if ( sd_id128_equal ( type_id , GPT_ESP ) ) {
2017-02-08 04:10:48 +01:00
/* Note that we don't check the GPT_FLAG_NO_AUTO flag for the ESP, as it is not defined
* there . We instead check the GPT_FLAG_NO_BLOCK_IO_PROTOCOL , as recommended by the
* UEFI spec ( See " 12.3.3 Number and Location of System Partitions " ) . */
if ( pflags & GPT_FLAG_NO_BLOCK_IO_PROTOCOL )
continue ;
2016-12-01 20:25:26 +01:00
designator = PARTITION_ESP ;
fstype = " vfat " ;
2019-01-23 11:34:31 +01:00
} else if ( sd_id128_equal ( type_id , GPT_XBOOTLDR ) ) {
2020-01-29 18:08:36 +01:00
check_partition_flags ( node , pflags , GPT_FLAG_NO_AUTO | GPT_FLAG_READ_ONLY ) ;
2019-01-23 11:34:31 +01:00
if ( pflags & GPT_FLAG_NO_AUTO )
continue ;
designator = PARTITION_XBOOTLDR ;
rw = ! ( pflags & GPT_FLAG_READ_ONLY ) ;
2016-12-01 20:25:26 +01:00
}
# ifdef GPT_ROOT_NATIVE
else if ( sd_id128_equal ( type_id , GPT_ROOT_NATIVE ) ) {
2016-12-07 18:28:13 +01:00
2020-01-29 18:08:36 +01:00
check_partition_flags ( node , pflags , GPT_FLAG_NO_AUTO | GPT_FLAG_READ_ONLY ) ;
2017-02-08 04:10:48 +01:00
if ( pflags & GPT_FLAG_NO_AUTO )
continue ;
2016-12-07 18:28:13 +01:00
/* If a root ID is specified, ignore everything but the root id */
if ( ! sd_id128_is_null ( root_uuid ) & & ! sd_id128_equal ( root_uuid , id ) )
continue ;
2016-12-01 20:25:26 +01:00
designator = PARTITION_ROOT ;
architecture = native_architecture ( ) ;
2016-12-09 18:39:15 +01:00
rw = ! ( pflags & GPT_FLAG_READ_ONLY ) ;
2016-12-10 19:35:47 +01:00
} else if ( sd_id128_equal ( type_id , GPT_ROOT_NATIVE_VERITY ) ) {
2016-12-07 18:28:13 +01:00
2020-01-29 18:08:36 +01:00
check_partition_flags ( node , pflags , GPT_FLAG_NO_AUTO | GPT_FLAG_READ_ONLY ) ;
2017-02-08 04:10:48 +01:00
if ( pflags & GPT_FLAG_NO_AUTO )
continue ;
2016-12-07 18:28:13 +01:00
m - > can_verity = true ;
/* Ignore verity unless a root hash is specified */
if ( sd_id128_is_null ( verity_uuid ) | | ! sd_id128_equal ( verity_uuid , id ) )
continue ;
designator = PARTITION_ROOT_VERITY ;
fstype = " DM_verity_hash " ;
architecture = native_architecture ( ) ;
rw = false ;
}
# endif
2016-12-01 20:25:26 +01:00
# ifdef GPT_ROOT_SECONDARY
else if ( sd_id128_equal ( type_id , GPT_ROOT_SECONDARY ) ) {
2016-12-07 18:28:13 +01:00
2020-01-29 18:08:36 +01:00
check_partition_flags ( node , pflags , GPT_FLAG_NO_AUTO | GPT_FLAG_READ_ONLY ) ;
2017-02-08 04:10:48 +01:00
if ( pflags & GPT_FLAG_NO_AUTO )
continue ;
2016-12-07 18:28:13 +01:00
/* If a root ID is specified, ignore everything but the root id */
if ( ! sd_id128_is_null ( root_uuid ) & & ! sd_id128_equal ( root_uuid , id ) )
continue ;
2016-12-01 20:25:26 +01:00
designator = PARTITION_ROOT_SECONDARY ;
architecture = SECONDARY_ARCHITECTURE ;
2016-12-09 18:39:15 +01:00
rw = ! ( pflags & GPT_FLAG_READ_ONLY ) ;
2016-12-10 19:35:47 +01:00
} else if ( sd_id128_equal ( type_id , GPT_ROOT_SECONDARY_VERITY ) ) {
2017-02-08 04:10:48 +01:00
2020-01-29 18:08:36 +01:00
check_partition_flags ( node , pflags , GPT_FLAG_NO_AUTO | GPT_FLAG_READ_ONLY ) ;
2017-02-08 04:10:48 +01:00
if ( pflags & GPT_FLAG_NO_AUTO )
continue ;
2016-12-07 18:28:13 +01:00
m - > can_verity = true ;
/* Ignore verity unless root has is specified */
if ( sd_id128_is_null ( verity_uuid ) | | ! sd_id128_equal ( verity_uuid , id ) )
continue ;
designator = PARTITION_ROOT_SECONDARY_VERITY ;
fstype = " DM_verity_hash " ;
architecture = SECONDARY_ARCHITECTURE ;
rw = false ;
}
2016-12-01 20:25:26 +01:00
# endif
else if ( sd_id128_equal ( type_id , GPT_SWAP ) ) {
2017-02-08 04:10:48 +01:00
2020-01-29 18:08:36 +01:00
check_partition_flags ( node , pflags , GPT_FLAG_NO_AUTO ) ;
2017-02-08 04:10:48 +01:00
if ( pflags & GPT_FLAG_NO_AUTO )
continue ;
2016-12-01 20:25:26 +01:00
designator = PARTITION_SWAP ;
fstype = " swap " ;
} else if ( sd_id128_equal ( type_id , GPT_LINUX_GENERIC ) ) {
2020-01-29 18:08:36 +01:00
check_partition_flags ( node , pflags , GPT_FLAG_NO_AUTO | GPT_FLAG_READ_ONLY ) ;
2017-02-08 04:10:48 +01:00
if ( pflags & GPT_FLAG_NO_AUTO )
continue ;
2016-12-01 20:25:26 +01:00
if ( generic_node )
multiple_generic = true ;
else {
generic_nr = nr ;
2016-12-09 18:39:15 +01:00
generic_rw = ! ( pflags & GPT_FLAG_READ_ONLY ) ;
2016-12-15 17:17:43 +01:00
generic_uuid = id ;
2016-12-01 20:25:26 +01:00
generic_node = strdup ( node ) ;
if ( ! generic_node )
return - ENOMEM ;
}
dissect: introduce new recognizable partition types for /var and /var/tmp
This has been requested many times before. Let's add it finally.
GPT auto-discovery for /var is a bit more complex than for other
partition types: the other partitions can to some degree be shared
between multiple OS installations on the same disk (think: swap, /home,
/srv). However, /var is inherently something bound to an installation,
i.e. specific to its identity, or actually *is* its identity, and hence
something that cannot be shared.
To deal with this this new code is particularly careful when it comes to
/var: it will not mount things blindly, but insist that the UUID of the
partition matches a hashed version of the machine-id of the
installation, so that each installation has a very specific /var
associated with it, and would never use any other. (We actually use
HMAC-SHA256 on the GPT partition type for /var, keyed by the machine-id,
since machine-id is something we want to keep somewhat private).
Setting the right UUID for installations takes extra care. To make
things a bit simpler to set up, we avoid this safety check for nspawn
and RootImage= in unit files, under the assumption that such container
and service images unlikely will have multiple installations on them.
The check is hence only required when booting full machines, i.e. in
in systemd-gpt-auto-generator.
To help with putting together images for full machines, PR #14368
introduces a repartition tool that can automatically fill in correctly
calculated UUIDs on first boot if images have the var partition UUID
initialized to all zeroes. With that in place systems can be put
together in a way that on first boot the machine ID is determined and
the partition table automatically adjusted to have the /var partition
with the right UUID.
2019-12-18 12:22:40 +01:00
} else if ( sd_id128_equal ( type_id , GPT_TMP ) ) {
2020-01-29 18:08:36 +01:00
check_partition_flags ( node , pflags , GPT_FLAG_NO_AUTO | GPT_FLAG_READ_ONLY ) ;
dissect: introduce new recognizable partition types for /var and /var/tmp
This has been requested many times before. Let's add it finally.
GPT auto-discovery for /var is a bit more complex than for other
partition types: the other partitions can to some degree be shared
between multiple OS installations on the same disk (think: swap, /home,
/srv). However, /var is inherently something bound to an installation,
i.e. specific to its identity, or actually *is* its identity, and hence
something that cannot be shared.
To deal with this this new code is particularly careful when it comes to
/var: it will not mount things blindly, but insist that the UUID of the
partition matches a hashed version of the machine-id of the
installation, so that each installation has a very specific /var
associated with it, and would never use any other. (We actually use
HMAC-SHA256 on the GPT partition type for /var, keyed by the machine-id,
since machine-id is something we want to keep somewhat private).
Setting the right UUID for installations takes extra care. To make
things a bit simpler to set up, we avoid this safety check for nspawn
and RootImage= in unit files, under the assumption that such container
and service images unlikely will have multiple installations on them.
The check is hence only required when booting full machines, i.e. in
in systemd-gpt-auto-generator.
To help with putting together images for full machines, PR #14368
introduces a repartition tool that can automatically fill in correctly
calculated UUIDs on first boot if images have the var partition UUID
initialized to all zeroes. With that in place systems can be put
together in a way that on first boot the machine ID is determined and
the partition table automatically adjusted to have the /var partition
with the right UUID.
2019-12-18 12:22:40 +01:00
if ( pflags & GPT_FLAG_NO_AUTO )
continue ;
designator = PARTITION_TMP ;
rw = ! ( pflags & GPT_FLAG_READ_ONLY ) ;
} else if ( sd_id128_equal ( type_id , GPT_VAR ) ) {
2020-01-29 18:08:36 +01:00
check_partition_flags ( node , pflags , GPT_FLAG_NO_AUTO | GPT_FLAG_READ_ONLY ) ;
dissect: introduce new recognizable partition types for /var and /var/tmp
This has been requested many times before. Let's add it finally.
GPT auto-discovery for /var is a bit more complex than for other
partition types: the other partitions can to some degree be shared
between multiple OS installations on the same disk (think: swap, /home,
/srv). However, /var is inherently something bound to an installation,
i.e. specific to its identity, or actually *is* its identity, and hence
something that cannot be shared.
To deal with this this new code is particularly careful when it comes to
/var: it will not mount things blindly, but insist that the UUID of the
partition matches a hashed version of the machine-id of the
installation, so that each installation has a very specific /var
associated with it, and would never use any other. (We actually use
HMAC-SHA256 on the GPT partition type for /var, keyed by the machine-id,
since machine-id is something we want to keep somewhat private).
Setting the right UUID for installations takes extra care. To make
things a bit simpler to set up, we avoid this safety check for nspawn
and RootImage= in unit files, under the assumption that such container
and service images unlikely will have multiple installations on them.
The check is hence only required when booting full machines, i.e. in
in systemd-gpt-auto-generator.
To help with putting together images for full machines, PR #14368
introduces a repartition tool that can automatically fill in correctly
calculated UUIDs on first boot if images have the var partition UUID
initialized to all zeroes. With that in place systems can be put
together in a way that on first boot the machine ID is determined and
the partition table automatically adjusted to have the /var partition
with the right UUID.
2019-12-18 12:22:40 +01:00
if ( pflags & GPT_FLAG_NO_AUTO )
continue ;
if ( ! FLAGS_SET ( flags , DISSECT_IMAGE_RELAX_VAR_CHECK ) ) {
sd_id128_t var_uuid ;
/* For /var we insist that the uuid of the partition matches the
* HMAC - SHA256 of the / var GPT partition type uuid , keyed by machine
* ID . Why ? Unlike the other partitions / var is inherently
* installation specific , hence we need to be careful not to mount it
* in the wrong installation . By hashing the partition UUID from
* / etc / machine - id we can securely bind the partition to the
* installation . */
r = sd_id128_get_machine_app_specific ( GPT_VAR , & var_uuid ) ;
if ( r < 0 )
return r ;
if ( ! sd_id128_equal ( var_uuid , id ) ) {
log_debug ( " Found a /var/ partition, but its UUID didn't match our expectations, ignoring. " ) ;
continue ;
}
}
designator = PARTITION_VAR ;
rw = ! ( pflags & GPT_FLAG_READ_ONLY ) ;
2016-12-01 20:25:26 +01:00
}
if ( designator ! = _PARTITION_DESIGNATOR_INVALID ) {
2020-06-29 14:19:31 +02:00
_cleanup_free_ char * t = NULL , * n = NULL , * o = NULL ;
const char * options = NULL ;
2016-12-01 20:25:26 +01:00
/* First one wins */
if ( m - > partitions [ designator ] . found )
continue ;
if ( fstype ) {
t = strdup ( fstype ) ;
if ( ! t )
return - ENOMEM ;
}
n = strdup ( node ) ;
if ( ! n )
return - ENOMEM ;
2020-06-29 14:19:31 +02:00
options = mount_options_from_part ( mount_options , nr ) ;
if ( options ) {
o = strdup ( options ) ;
if ( ! o )
return - ENOMEM ;
}
2016-12-01 20:25:26 +01:00
m - > partitions [ designator ] = ( DissectedPartition ) {
. found = true ,
. partno = nr ,
. rw = rw ,
. architecture = architecture ,
2018-04-05 07:26:26 +02:00
. node = TAKE_PTR ( n ) ,
. fstype = TAKE_PTR ( t ) ,
2016-12-15 17:17:43 +01:00
. uuid = id ,
2020-06-29 14:19:31 +02:00
. mount_options = TAKE_PTR ( o ) ,
2016-12-01 20:25:26 +01:00
} ;
}
} else if ( is_mbr ) {
2019-01-23 11:34:31 +01:00
switch ( blkid_partition_get_type ( pp ) ) {
2016-12-01 20:25:26 +01:00
2019-01-23 11:34:31 +01:00
case 0x83 : /* Linux partition */
if ( pflags ! = 0x80 ) /* Bootable flag */
continue ;
2016-12-01 20:25:26 +01:00
2019-01-23 11:34:31 +01:00
if ( generic_node )
multiple_generic = true ;
else {
generic_nr = nr ;
generic_rw = true ;
generic_node = strdup ( node ) ;
if ( ! generic_node )
return - ENOMEM ;
}
break ;
case 0xEA : { /* Boot Loader Spec extended $BOOT partition */
2020-06-29 14:19:31 +02:00
_cleanup_free_ char * n = NULL , * o = NULL ;
2019-01-23 11:34:31 +01:00
sd_id128_t id = SD_ID128_NULL ;
2020-06-29 14:19:31 +02:00
const char * sid , * options = NULL ;
2019-01-23 11:34:31 +01:00
/* First one wins */
if ( m - > partitions [ PARTITION_XBOOTLDR ] . found )
continue ;
sid = blkid_partition_get_uuid ( pp ) ;
if ( sid )
( void ) sd_id128_from_string ( sid , & id ) ;
n = strdup ( node ) ;
if ( ! n )
2016-12-01 20:25:26 +01:00
return - ENOMEM ;
2019-01-23 11:34:31 +01:00
2020-06-29 14:19:31 +02:00
options = mount_options_from_part ( mount_options , nr ) ;
if ( options ) {
o = strdup ( options ) ;
if ( ! o )
return - ENOMEM ;
}
2019-01-23 11:34:31 +01:00
m - > partitions [ PARTITION_XBOOTLDR ] = ( DissectedPartition ) {
. found = true ,
. partno = nr ,
. rw = true ,
. architecture = _ARCHITECTURE_INVALID ,
. node = TAKE_PTR ( n ) ,
. uuid = id ,
2020-06-29 14:19:31 +02:00
. mount_options = TAKE_PTR ( o ) ,
2019-01-23 11:34:31 +01:00
} ;
break ;
} }
2016-12-01 20:25:26 +01:00
}
}
if ( ! m - > partitions [ PARTITION_ROOT ] . found ) {
/* No root partition found? Then let's see if ther's one for the secondary architecture. And if not
* either , then check if there ' s a single generic one , and use that . */
2016-12-07 18:28:13 +01:00
if ( m - > partitions [ PARTITION_ROOT_VERITY ] . found )
2016-12-15 17:38:11 +01:00
return - EADDRNOTAVAIL ;
2016-12-07 18:28:13 +01:00
2016-12-01 20:25:26 +01:00
if ( m - > partitions [ PARTITION_ROOT_SECONDARY ] . found ) {
m - > partitions [ PARTITION_ROOT ] = m - > partitions [ PARTITION_ROOT_SECONDARY ] ;
zero ( m - > partitions [ PARTITION_ROOT_SECONDARY ] ) ;
2016-12-07 18:28:13 +01:00
m - > partitions [ PARTITION_ROOT_VERITY ] = m - > partitions [ PARTITION_ROOT_SECONDARY_VERITY ] ;
zero ( m - > partitions [ PARTITION_ROOT_SECONDARY_VERITY ] ) ;
2016-12-15 17:38:11 +01:00
} else if ( flags & DISSECT_IMAGE_REQUIRE_ROOT ) {
2020-06-29 14:19:31 +02:00
_cleanup_free_ char * o = NULL ;
const char * options = NULL ;
2016-12-15 17:38:11 +01:00
2020-08-20 11:23:26 +02:00
/* If the root hash was set, then we won't fall back to a generic node, because the
* root hash decides . */
2016-12-15 17:38:11 +01:00
if ( root_hash )
return - EADDRNOTAVAIL ;
2016-12-01 20:25:26 +01:00
2016-12-15 17:38:11 +01:00
/* If we didn't find a generic node, then we can't fix this up either */
if ( ! generic_node )
return - ENXIO ;
/* If we didn't find a properly marked root partition, but we did find a single suitable
* generic Linux partition , then use this as root partition , if the caller asked for it . */
2016-12-01 20:25:26 +01:00
if ( multiple_generic )
return - ENOTUNIQ ;
2020-06-29 14:19:31 +02:00
options = mount_options_from_part ( mount_options , generic_nr ) ;
if ( options ) {
o = strdup ( options ) ;
if ( ! o )
return - ENOMEM ;
}
2016-12-01 20:25:26 +01:00
m - > partitions [ PARTITION_ROOT ] = ( DissectedPartition ) {
. found = true ,
. rw = generic_rw ,
. partno = generic_nr ,
. architecture = _ARCHITECTURE_INVALID ,
2018-04-05 07:26:26 +02:00
. node = TAKE_PTR ( generic_node ) ,
2016-12-15 17:17:43 +01:00
. uuid = generic_uuid ,
2020-06-29 14:19:31 +02:00
. mount_options = TAKE_PTR ( o ) ,
2016-12-01 20:25:26 +01:00
} ;
2016-12-15 17:38:11 +01:00
}
2016-12-01 20:25:26 +01:00
}
2016-12-07 18:28:13 +01:00
if ( root_hash ) {
2016-12-15 17:38:11 +01:00
if ( ! m - > partitions [ PARTITION_ROOT_VERITY ] . found | | ! m - > partitions [ PARTITION_ROOT ] . found )
2016-12-07 18:28:13 +01:00
return - EADDRNOTAVAIL ;
/* If we found the primary root with the hash, then we definitely want to suppress any secondary root
* ( which would be weird , after all the root hash should only be assigned to one pair of
* partitions . . . */
m - > partitions [ PARTITION_ROOT_SECONDARY ] . found = false ;
m - > partitions [ PARTITION_ROOT_SECONDARY_VERITY ] . found = false ;
/* If we found a verity setup, then the root partition is necessarily read-only. */
m - > partitions [ PARTITION_ROOT ] . rw = false ;
m - > verity = true ;
}
2016-12-05 16:26:48 +01:00
blkid_free_probe ( b ) ;
b = NULL ;
2016-12-01 20:25:26 +01:00
/* Fill in file system types if we don't know them yet. */
for ( i = 0 ; i < _PARTITION_DESIGNATOR_MAX ; i + + ) {
2016-12-05 16:26:48 +01:00
DissectedPartition * p = m - > partitions + i ;
2016-12-01 20:25:26 +01:00
2016-12-05 16:26:48 +01:00
if ( ! p - > found )
2016-12-01 20:25:26 +01:00
continue ;
2016-12-05 16:26:48 +01:00
if ( ! p - > fstype & & p - > node ) {
r = probe_filesystem ( p - > node , & p - > fstype ) ;
2017-11-30 12:09:36 +01:00
if ( r < 0 & & r ! = - EUCLEAN )
2016-12-05 16:26:48 +01:00
return r ;
2016-12-01 20:25:26 +01:00
}
2016-12-05 16:26:48 +01:00
if ( streq_ptr ( p - > fstype , " crypto_LUKS " ) )
m - > encrypted = true ;
2017-09-29 14:19:22 +02:00
if ( p - > fstype & & fstype_is_ro ( p - > fstype ) )
p - > rw = false ;
2016-12-01 20:25:26 +01:00
}
2018-04-05 07:26:26 +02:00
* ret = TAKE_PTR ( m ) ;
2016-12-01 20:25:26 +01:00
return 0 ;
# else
return - EOPNOTSUPP ;
# endif
}
DissectedImage * dissected_image_unref ( DissectedImage * m ) {
unsigned i ;
if ( ! m )
return NULL ;
for ( i = 0 ; i < _PARTITION_DESIGNATOR_MAX ; i + + ) {
free ( m - > partitions [ i ] . fstype ) ;
free ( m - > partitions [ i ] . node ) ;
2016-12-05 16:26:48 +01:00
free ( m - > partitions [ i ] . decrypted_fstype ) ;
free ( m - > partitions [ i ] . decrypted_node ) ;
2020-06-29 14:19:31 +02:00
free ( m - > partitions [ i ] . mount_options ) ;
2016-12-01 20:25:26 +01:00
}
2017-11-14 23:22:46 +01:00
free ( m - > hostname ) ;
strv_free ( m - > machine_info ) ;
strv_free ( m - > os_release ) ;
2017-11-24 11:31:49 +01:00
return mfree ( m ) ;
2016-12-01 20:25:26 +01:00
}
2016-12-05 16:26:48 +01:00
static int is_loop_device ( const char * path ) {
2017-10-31 09:37:15 +01:00
char s [ SYS_BLOCK_PATH_MAX ( " /../loop/ " ) ] ;
2016-12-05 16:26:48 +01:00
struct stat st ;
assert ( path ) ;
if ( stat ( path , & st ) < 0 )
return - errno ;
if ( ! S_ISBLK ( st . st_mode ) )
return - ENOTBLK ;
2017-10-31 09:37:15 +01:00
xsprintf_sys_block_path ( s , " /loop/ " , st . st_dev ) ;
2016-12-05 16:26:48 +01:00
if ( access ( s , F_OK ) < 0 ) {
if ( errno ! = ENOENT )
return - errno ;
/* The device itself isn't a loop device, but maybe it's a partition and its parent is? */
2017-10-31 09:37:15 +01:00
xsprintf_sys_block_path ( s , " /../loop/ " , st . st_dev ) ;
2016-12-05 16:26:48 +01:00
if ( access ( s , F_OK ) < 0 )
return errno = = ENOENT ? false : - errno ;
}
return true ;
}
2020-01-29 19:13:24 +01:00
static int run_fsck ( const char * node , const char * fstype ) {
int r , exit_status ;
pid_t pid ;
assert ( node ) ;
assert ( fstype ) ;
r = fsck_exists ( fstype ) ;
if ( r < 0 ) {
log_debug_errno ( r , " Couldn't determine whether fsck for %s exists, proceeding anyway. " , fstype ) ;
return 0 ;
}
if ( r = = 0 ) {
log_debug ( " Not checking partition %s, as fsck for %s does not exist. " , node , fstype ) ;
return 0 ;
}
r = safe_fork ( " (fsck) " , FORK_RESET_SIGNALS | FORK_CLOSE_ALL_FDS | FORK_RLIMIT_NOFILE_SAFE | FORK_DEATHSIG | FORK_NULL_STDIO , & pid ) ;
if ( r < 0 )
return log_debug_errno ( r , " Failed to fork off fsck: %m " ) ;
if ( r = = 0 ) {
/* Child */
execl ( " /sbin/fsck " , " /sbin/fsck " , " -aT " , node , NULL ) ;
log_debug_errno ( errno , " Failed to execl() fsck: %m " ) ;
_exit ( FSCK_OPERATIONAL_ERROR ) ;
}
exit_status = wait_for_terminate_and_check ( " fsck " , pid , 0 ) ;
if ( exit_status < 0 )
return log_debug_errno ( exit_status , " Failed to fork off /sbin/fsck: %m " ) ;
if ( ( exit_status & ~ FSCK_ERROR_CORRECTED ) ! = FSCK_SUCCESS ) {
log_debug ( " fsck failed with exit status %i. " , exit_status ) ;
if ( ( exit_status & ( FSCK_SYSTEM_SHOULD_REBOOT | FSCK_ERRORS_LEFT_UNCORRECTED ) ) ! = 0 )
return log_debug_errno ( SYNTHETIC_ERRNO ( EUCLEAN ) , " File system is corrupted, refusing. " ) ;
log_debug ( " Ignoring fsck error. " ) ;
}
return 0 ;
}
2016-12-05 16:26:48 +01:00
static int mount_partition (
DissectedPartition * m ,
const char * where ,
const char * directory ,
2017-11-28 16:46:26 +01:00
uid_t uid_shift ,
2016-12-05 16:26:48 +01:00
DissectImageFlags flags ) {
2017-11-28 16:46:26 +01:00
_cleanup_free_ char * chased = NULL , * options = NULL ;
const char * p , * node , * fstype ;
2016-12-01 20:25:26 +01:00
bool rw ;
2016-12-23 11:09:47 +01:00
int r ;
2016-12-01 20:25:26 +01:00
assert ( m ) ;
assert ( where ) ;
2016-12-05 16:26:48 +01:00
node = m - > decrypted_node ? : m - > node ;
fstype = m - > decrypted_fstype ? : m - > fstype ;
if ( ! m - > found | | ! node | | ! fstype )
2016-12-01 20:25:26 +01:00
return 0 ;
2020-08-11 15:54:16 +02:00
/* We are looking at an encrypted partition? This either means stacked encryption, or the caller didn't call dissected_image_decrypt() beforehand. Let's return a recognizable error for this case. */
2016-12-05 16:26:48 +01:00
if ( streq_ptr ( fstype , " crypto_LUKS " ) )
2020-08-11 15:54:16 +02:00
return - EUNATCH ;
2016-12-05 16:26:48 +01:00
rw = m - > rw & & ! ( flags & DISSECT_IMAGE_READ_ONLY ) ;
2016-12-01 20:25:26 +01:00
2020-01-29 19:13:24 +01:00
if ( FLAGS_SET ( flags , DISSECT_IMAGE_FSCK ) & & rw ) {
r = run_fsck ( node , fstype ) ;
if ( r < 0 )
return r ;
}
2016-12-23 11:09:47 +01:00
if ( directory ) {
2019-10-24 10:33:20 +02:00
r = chase_symlinks ( directory , where , CHASE_PREFIX_ROOT , & chased , NULL ) ;
2016-12-23 11:09:47 +01:00
if ( r < 0 )
return r ;
p = chased ;
} else
2016-12-01 20:25:26 +01:00
p = where ;
2016-12-05 16:26:48 +01:00
/* If requested, turn on discard support. */
2017-09-29 14:23:17 +02:00
if ( fstype_can_discard ( fstype ) & &
2016-12-05 16:26:48 +01:00
( ( flags & DISSECT_IMAGE_DISCARD ) | |
2017-11-28 16:46:26 +01:00
( ( flags & DISSECT_IMAGE_DISCARD_ON_LOOP ) & & is_loop_device ( m - > node ) ) ) ) {
options = strdup ( " discard " ) ;
if ( ! options )
return - ENOMEM ;
}
if ( uid_is_valid ( uid_shift ) & & uid_shift ! = 0 & & fstype_can_uid_gid ( fstype ) ) {
_cleanup_free_ char * uid_option = NULL ;
if ( asprintf ( & uid_option , " uid= " UID_FMT " ,gid= " GID_FMT , uid_shift , ( gid_t ) uid_shift ) < 0 )
return - ENOMEM ;
if ( ! strextend_with_separator ( & options , " , " , uid_option , NULL ) )
return - ENOMEM ;
}
2016-12-01 20:25:26 +01:00
2020-06-29 14:19:31 +02:00
if ( ! isempty ( m - > mount_options ) )
if ( ! strextend_with_separator ( & options , " , " , m - > mount_options , NULL ) )
return - ENOMEM ;
2020-07-28 18:50:17 +02:00
if ( FLAGS_SET ( flags , DISSECT_IMAGE_MKDIR ) ) {
r = mkdir_p ( p , 0755 ) ;
if ( r < 0 )
return r ;
}
2019-01-23 11:53:28 +01:00
r = mount_verbose ( LOG_DEBUG , node , p , fstype , MS_NODEV | ( rw ? 0 : MS_RDONLY ) , options ) ;
if ( r < 0 )
return r ;
return 1 ;
2016-12-01 20:25:26 +01:00
}
2017-11-28 16:46:26 +01:00
int dissected_image_mount ( DissectedImage * m , const char * where , uid_t uid_shift , DissectImageFlags flags ) {
2019-01-23 11:53:28 +01:00
int r , boot_mounted ;
2016-12-01 20:25:26 +01:00
assert ( m ) ;
assert ( where ) ;
2020-08-11 15:54:16 +02:00
/* Returns:
*
* - ENXIO → No root partition found
* - EMEDIUMTYPE → DISSECT_IMAGE_VALIDATE_OS set but no os - release file found
* - EUNATCH → Encrypted partition found for which no dm - crypt was set up yet
* - EUCLEAN → fsck for file system failed
* - EBUSY → File system already mounted / used elsewhere ( kernel )
*/
2016-12-01 20:25:26 +01:00
if ( ! m - > partitions [ PARTITION_ROOT ] . found )
return - ENXIO ;
2017-11-28 16:46:26 +01:00
if ( ( flags & DISSECT_IMAGE_MOUNT_NON_ROOT_ONLY ) = = 0 ) {
r = mount_partition ( m - > partitions + PARTITION_ROOT , where , NULL , uid_shift , flags ) ;
if ( r < 0 )
return r ;
2018-03-23 20:39:32 +01:00
if ( flags & DISSECT_IMAGE_VALIDATE_OS ) {
r = path_is_os_tree ( where ) ;
if ( r < 0 )
return r ;
if ( r = = 0 )
return - EMEDIUMTYPE ;
}
2017-11-28 16:46:26 +01:00
}
2018-11-13 09:08:24 +01:00
if ( flags & DISSECT_IMAGE_MOUNT_ROOT_ONLY )
2017-11-28 16:46:26 +01:00
return 0 ;
2016-12-01 20:25:26 +01:00
2020-07-28 18:50:17 +02:00
/* Mask DISSECT_IMAGE_MKDIR for all subdirs: the idea is that only the top-level mount point is
* created if needed , but the image itself not modified . */
flags & = ~ DISSECT_IMAGE_MKDIR ;
2017-11-28 16:46:26 +01:00
r = mount_partition ( m - > partitions + PARTITION_HOME , where , " /home " , uid_shift , flags ) ;
2016-12-01 20:25:26 +01:00
if ( r < 0 )
return r ;
2017-11-28 16:46:26 +01:00
r = mount_partition ( m - > partitions + PARTITION_SRV , where , " /srv " , uid_shift , flags ) ;
2016-12-01 20:25:26 +01:00
if ( r < 0 )
return r ;
dissect: introduce new recognizable partition types for /var and /var/tmp
This has been requested many times before. Let's add it finally.
GPT auto-discovery for /var is a bit more complex than for other
partition types: the other partitions can to some degree be shared
between multiple OS installations on the same disk (think: swap, /home,
/srv). However, /var is inherently something bound to an installation,
i.e. specific to its identity, or actually *is* its identity, and hence
something that cannot be shared.
To deal with this this new code is particularly careful when it comes to
/var: it will not mount things blindly, but insist that the UUID of the
partition matches a hashed version of the machine-id of the
installation, so that each installation has a very specific /var
associated with it, and would never use any other. (We actually use
HMAC-SHA256 on the GPT partition type for /var, keyed by the machine-id,
since machine-id is something we want to keep somewhat private).
Setting the right UUID for installations takes extra care. To make
things a bit simpler to set up, we avoid this safety check for nspawn
and RootImage= in unit files, under the assumption that such container
and service images unlikely will have multiple installations on them.
The check is hence only required when booting full machines, i.e. in
in systemd-gpt-auto-generator.
To help with putting together images for full machines, PR #14368
introduces a repartition tool that can automatically fill in correctly
calculated UUIDs on first boot if images have the var partition UUID
initialized to all zeroes. With that in place systems can be put
together in a way that on first boot the machine ID is determined and
the partition table automatically adjusted to have the /var partition
with the right UUID.
2019-12-18 12:22:40 +01:00
r = mount_partition ( m - > partitions + PARTITION_VAR , where , " /var " , uid_shift , flags ) ;
if ( r < 0 )
return r ;
r = mount_partition ( m - > partitions + PARTITION_TMP , where , " /var/tmp " , uid_shift , flags ) ;
if ( r < 0 )
return r ;
2019-01-23 11:53:28 +01:00
boot_mounted = mount_partition ( m - > partitions + PARTITION_XBOOTLDR , where , " /boot " , uid_shift , flags ) ;
if ( boot_mounted < 0 )
return boot_mounted ;
2016-12-01 20:25:26 +01:00
if ( m - > partitions [ PARTITION_ESP ] . found ) {
2019-01-23 11:53:28 +01:00
/* Mount the ESP to /efi if it exists. If it doesn't exist, use /boot instead, but only if it
* exists and is empty , and we didn ' t already mount the XBOOTLDR partition into it . */
2016-12-01 20:25:26 +01:00
2019-10-24 10:33:20 +02:00
r = chase_symlinks ( " /efi " , where , CHASE_PREFIX_ROOT , NULL , NULL ) ;
2019-01-23 11:53:28 +01:00
if ( r > = 0 ) {
r = mount_partition ( m - > partitions + PARTITION_ESP , where , " /efi " , uid_shift , flags ) ;
if ( r < 0 )
return r ;
2016-12-01 20:25:26 +01:00
2019-01-23 11:53:28 +01:00
} else if ( boot_mounted < = 0 ) {
2016-12-23 11:09:47 +01:00
_cleanup_free_ char * p = NULL ;
2019-10-24 10:33:20 +02:00
r = chase_symlinks ( " /boot " , where , CHASE_PREFIX_ROOT , & p , NULL ) ;
2019-01-23 11:53:28 +01:00
if ( r > = 0 & & dir_is_empty ( p ) > 0 ) {
r = mount_partition ( m - > partitions + PARTITION_ESP , where , " /boot " , uid_shift , flags ) ;
2016-12-23 11:09:47 +01:00
if ( r < 0 )
return r ;
}
2016-12-01 20:25:26 +01:00
}
}
return 0 ;
}
2020-08-11 15:56:12 +02:00
int dissected_image_mount_and_warn ( DissectedImage * m , const char * where , uid_t uid_shift , DissectImageFlags flags ) {
int r ;
assert ( m ) ;
assert ( where ) ;
r = dissected_image_mount ( m , where , uid_shift , flags ) ;
if ( r = = - ENXIO )
return log_error_errno ( r , " Not root file system found in image. " ) ;
if ( r = = - EMEDIUMTYPE )
return log_error_errno ( r , " No suitable os-release file in image found. " ) ;
if ( r = = - EUNATCH )
return log_error_errno ( r , " Encrypted file system discovered, but decryption not requested. " ) ;
if ( r = = - EUCLEAN )
return log_error_errno ( r , " File system check on image failed. " ) ;
if ( r = = - EBUSY )
return log_error_errno ( r , " File system already mounted elsewhere. " ) ;
if ( r < 0 )
return log_error_errno ( r , " Failed to mount image: %m " ) ;
return r ;
}
2017-10-03 10:41:51 +02:00
# if HAVE_LIBCRYPTSETUP
2016-12-05 16:26:48 +01:00
typedef struct DecryptedPartition {
struct crypt_device * device ;
char * name ;
bool relinquished ;
} DecryptedPartition ;
struct DecryptedImage {
DecryptedPartition * decrypted ;
size_t n_decrypted ;
size_t n_allocated ;
} ;
# endif
DecryptedImage * decrypted_image_unref ( DecryptedImage * d ) {
2017-10-03 10:41:51 +02:00
# if HAVE_LIBCRYPTSETUP
2016-12-05 16:26:48 +01:00
size_t i ;
int r ;
if ( ! d )
return NULL ;
for ( i = 0 ; i < d - > n_decrypted ; i + + ) {
DecryptedPartition * p = d - > decrypted + i ;
if ( p - > device & & p - > name & & ! p - > relinquished ) {
r = crypt_deactivate ( p - > device , p - > name ) ;
if ( r < 0 )
log_debug_errno ( r , " Failed to deactivate encrypted partition %s " , p - > name ) ;
}
if ( p - > device )
crypt_free ( p - > device ) ;
free ( p - > name ) ;
}
free ( d ) ;
# endif
return NULL ;
}
2017-10-03 10:41:51 +02:00
# if HAVE_LIBCRYPTSETUP
2016-12-07 18:28:13 +01:00
static int make_dm_name_and_node ( const void * original_node , const char * suffix , char * * ret_name , char * * ret_node ) {
_cleanup_free_ char * name = NULL , * node = NULL ;
const char * base ;
assert ( original_node ) ;
assert ( suffix ) ;
assert ( ret_name ) ;
assert ( ret_node ) ;
base = strrchr ( original_node , ' / ' ) ;
if ( ! base )
2020-07-08 20:57:31 +02:00
base = original_node ;
else
base + + ;
2016-12-07 18:28:13 +01:00
if ( isempty ( base ) )
return - EINVAL ;
name = strjoin ( base , suffix ) ;
if ( ! name )
return - ENOMEM ;
if ( ! filename_is_valid ( name ) )
return - EINVAL ;
2019-06-20 20:07:01 +02:00
node = path_join ( crypt_get_dir ( ) , name ) ;
2016-12-07 18:28:13 +01:00
if ( ! node )
return - ENOMEM ;
2018-04-05 07:26:26 +02:00
* ret_name = TAKE_PTR ( name ) ;
* ret_node = TAKE_PTR ( node ) ;
2016-12-07 18:28:13 +01:00
return 0 ;
}
2016-12-05 16:26:48 +01:00
static int decrypt_partition (
DissectedPartition * m ,
const char * passphrase ,
DissectImageFlags flags ,
DecryptedImage * d ) {
_cleanup_free_ char * node = NULL , * name = NULL ;
2017-11-02 09:16:47 +01:00
_cleanup_ ( crypt_freep ) struct crypt_device * cd = NULL ;
2016-12-05 16:26:48 +01:00
int r ;
assert ( m ) ;
assert ( d ) ;
if ( ! m - > found | | ! m - > node | | ! m - > fstype )
return 0 ;
if ( ! streq ( m - > fstype , " crypto_LUKS " ) )
return 0 ;
2017-11-27 13:16:09 +01:00
if ( ! passphrase )
return - ENOKEY ;
2016-12-07 18:28:13 +01:00
r = make_dm_name_and_node ( m - > node , " -decrypted " , & name , & node ) ;
if ( r < 0 )
return r ;
2016-12-05 16:26:48 +01:00
if ( ! GREEDY_REALLOC0 ( d - > decrypted , d - > n_allocated , d - > n_decrypted + 1 ) )
return - ENOMEM ;
r = crypt_init ( & cd , m - > node ) ;
if ( r < 0 )
2017-08-09 18:18:53 +02:00
return log_debug_errno ( r , " Failed to initialize dm-crypt: %m " ) ;
2016-12-05 16:26:48 +01:00
2020-08-10 12:45:07 +02:00
cryptsetup_enable_logging ( cd ) ;
2020-04-02 15:57:26 +02:00
2017-10-13 15:27:30 +02:00
r = crypt_load ( cd , CRYPT_LUKS , NULL ) ;
2017-11-02 09:16:47 +01:00
if ( r < 0 )
return log_debug_errno ( r , " Failed to load LUKS metadata: %m " ) ;
2016-12-05 16:26:48 +01:00
r = crypt_activate_by_passphrase ( cd , name , CRYPT_ANY_SLOT , passphrase , strlen ( passphrase ) ,
( ( flags & DISSECT_IMAGE_READ_ONLY ) ? CRYPT_ACTIVATE_READONLY : 0 ) |
( ( flags & DISSECT_IMAGE_DISCARD_ON_CRYPTO ) ? CRYPT_ACTIVATE_ALLOW_DISCARDS : 0 ) ) ;
2017-11-02 09:16:47 +01:00
if ( r < 0 ) {
2017-08-09 18:18:53 +02:00
log_debug_errno ( r , " Failed to activate LUKS device: %m " ) ;
2017-11-02 09:16:47 +01:00
return r = = - EPERM ? - EKEYREJECTED : r ;
2016-12-05 16:26:48 +01:00
}
2018-04-05 07:26:26 +02:00
d - > decrypted [ d - > n_decrypted ] . name = TAKE_PTR ( name ) ;
d - > decrypted [ d - > n_decrypted ] . device = TAKE_PTR ( cd ) ;
2016-12-05 16:26:48 +01:00
d - > n_decrypted + + ;
2018-04-05 07:26:26 +02:00
m - > decrypted_node = TAKE_PTR ( node ) ;
2016-12-05 16:26:48 +01:00
return 0 ;
2016-12-07 18:28:13 +01:00
}
2020-07-08 20:57:31 +02:00
static int verity_can_reuse ( const void * root_hash , size_t root_hash_size , bool has_sig , const char * name , struct crypt_device * * ret_cd ) {
/* If the same volume was already open, check that the root hashes match, and reuse it if they do */
_cleanup_free_ char * root_hash_existing = NULL ;
_cleanup_ ( crypt_freep ) struct crypt_device * cd = NULL ;
struct crypt_params_verity crypt_params = { } ;
size_t root_hash_existing_size = root_hash_size ;
int r ;
assert ( ret_cd ) ;
r = crypt_init_by_name ( & cd , name ) ;
if ( r < 0 )
return log_debug_errno ( r , " Error opening verity device, crypt_init_by_name failed: %m " ) ;
r = crypt_get_verity_info ( cd , & crypt_params ) ;
if ( r < 0 )
return log_debug_errno ( r , " Error opening verity device, crypt_get_verity_info failed: %m " ) ;
root_hash_existing = malloc0 ( root_hash_size ) ;
if ( ! root_hash_existing )
return - ENOMEM ;
r = crypt_volume_key_get ( cd , CRYPT_ANY_SLOT , root_hash_existing , & root_hash_existing_size , NULL , 0 ) ;
if ( r < 0 )
return log_debug_errno ( r , " Error opening verity device, crypt_volume_key_get failed: %m " ) ;
if ( root_hash_size ! = root_hash_existing_size | | memcmp ( root_hash_existing , root_hash , root_hash_size ) ! = 0 )
return log_debug_errno ( SYNTHETIC_ERRNO ( EINVAL ) , " Error opening verity device, it already exists but root hashes are different. " ) ;
# if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
/* Ensure that, if signatures are supported, we only reuse the device if the previous mount
* used the same settings , so that a previous unsigned mount will not be reused if the user
* asks to use signing for the new one , and viceversa . */
if ( has_sig ! = ! ! ( crypt_params . flags & CRYPT_VERITY_ROOT_HASH_SIGNATURE ) )
return log_debug_errno ( SYNTHETIC_ERRNO ( EINVAL ) , " Error opening verity device, it already exists but signature settings are not the same. " ) ;
# endif
* ret_cd = TAKE_PTR ( cd ) ;
return 0 ;
}
static inline void dm_deferred_remove_clean ( char * name ) {
if ( ! name )
return ;
( void ) crypt_deactivate_by_name ( NULL , name , CRYPT_DEACTIVATE_DEFERRED ) ;
free ( name ) ;
}
DEFINE_TRIVIAL_CLEANUP_FUNC ( char * , dm_deferred_remove_clean ) ;
2016-12-07 18:28:13 +01:00
static int verity_partition (
DissectedPartition * m ,
DissectedPartition * v ,
const void * root_hash ,
size_t root_hash_size ,
2020-05-29 18:51:20 +02:00
const char * verity_data ,
2020-06-02 16:35:58 +02:00
const char * root_hash_sig_path ,
const void * root_hash_sig ,
size_t root_hash_sig_size ,
2016-12-07 18:28:13 +01:00
DissectImageFlags flags ,
DecryptedImage * d ) {
2020-07-08 20:57:31 +02:00
_cleanup_free_ char * node = NULL , * name = NULL , * hash_sig_from_file = NULL ;
2017-11-02 09:16:47 +01:00
_cleanup_ ( crypt_freep ) struct crypt_device * cd = NULL ;
2020-07-08 20:57:31 +02:00
_cleanup_ ( dm_deferred_remove_cleanp ) char * restore_deferred_remove = NULL ;
2016-12-07 18:28:13 +01:00
int r ;
assert ( m ) ;
2020-05-29 18:51:20 +02:00
assert ( v | | verity_data ) ;
2016-12-07 18:28:13 +01:00
if ( ! root_hash )
return 0 ;
if ( ! m - > found | | ! m - > node | | ! m - > fstype )
return 0 ;
2020-05-29 18:51:20 +02:00
if ( ! verity_data ) {
if ( ! v - > found | | ! v - > node | | ! v - > fstype )
return 0 ;
2016-12-07 18:28:13 +01:00
2020-05-29 18:51:20 +02:00
if ( ! streq ( v - > fstype , " DM_verity_hash " ) )
return 0 ;
}
2016-12-07 18:28:13 +01:00
2020-07-08 20:57:31 +02:00
if ( FLAGS_SET ( flags , DISSECT_IMAGE_VERITY_SHARE ) ) {
/* Use the roothash, which is unique per volume, as the device node name, so that it can be reused */
_cleanup_free_ char * root_hash_encoded = NULL ;
root_hash_encoded = hexmem ( root_hash , root_hash_size ) ;
if ( ! root_hash_encoded )
return - ENOMEM ;
r = make_dm_name_and_node ( root_hash_encoded , " -verity " , & name , & node ) ;
} else
r = make_dm_name_and_node ( m - > node , " -verity " , & name , & node ) ;
2016-12-07 18:28:13 +01:00
if ( r < 0 )
return r ;
2020-07-08 20:57:31 +02:00
if ( ! root_hash_sig & & root_hash_sig_path ) {
r = read_full_file_full ( AT_FDCWD , root_hash_sig_path , 0 , & hash_sig_from_file , & root_hash_sig_size ) ;
if ( r < 0 )
return r ;
}
2016-12-07 18:28:13 +01:00
2020-05-29 18:51:20 +02:00
r = crypt_init ( & cd , verity_data ? : v - > node ) ;
2016-12-07 18:28:13 +01:00
if ( r < 0 )
return r ;
2020-08-10 12:45:07 +02:00
cryptsetup_enable_logging ( cd ) ;
2020-04-02 15:57:26 +02:00
2016-12-07 18:28:13 +01:00
r = crypt_load ( cd , CRYPT_VERITY , NULL ) ;
if ( r < 0 )
2017-11-02 09:16:47 +01:00
return r ;
2016-12-07 18:28:13 +01:00
r = crypt_set_data_device ( cd , m - > node ) ;
if ( r < 0 )
2017-11-02 09:16:47 +01:00
return r ;
2016-12-07 18:28:13 +01:00
2020-07-08 20:57:31 +02:00
if ( ! GREEDY_REALLOC0 ( d - > decrypted , d - > n_allocated , d - > n_decrypted + 1 ) )
return - ENOMEM ;
/* If activating fails because the device already exists, check the metadata and reuse it if it matches.
* In case of ENODEV / ENOENT , which can happen if another process is activating at the exact same time ,
* retry a few times before giving up . */
for ( unsigned i = 0 ; i < N_DEVICE_NODE_LIST_ATTEMPTS ; i + + ) {
if ( root_hash_sig | | hash_sig_from_file ) {
2020-06-02 16:35:58 +02:00
# if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
2020-07-08 20:57:31 +02:00
r = crypt_activate_by_signed_key ( cd , name , root_hash , root_hash_size , root_hash_sig ? : hash_sig_from_file , root_hash_sig_size , CRYPT_ACTIVATE_READONLY ) ;
# else
r = log_debug_errno ( SYNTHETIC_ERRNO ( EOPNOTSUPP ) , " activation of verity device with signature requested, but not supported by cryptsetup due to missing crypt_activate_by_signed_key() " ) ;
# endif
} else
r = crypt_activate_by_volume_key ( cd , name , root_hash , root_hash_size , CRYPT_ACTIVATE_READONLY ) ;
/* libdevmapper can return EINVAL when the device is already in the activation stage.
* There ' s no way to distinguish this situation from a genuine error due to invalid
2020-08-20 11:23:26 +02:00
* parameters , so immediately fall back to activating the device with a unique name .
2020-07-08 20:57:31 +02:00
* Improvements in libcrypsetup can ensure this never happens : https : //gitlab.com/cryptsetup/cryptsetup/-/merge_requests/96 */
if ( r = = - EINVAL & & FLAGS_SET ( flags , DISSECT_IMAGE_VERITY_SHARE ) )
return verity_partition ( m , v , root_hash , root_hash_size , verity_data , NULL , root_hash_sig ? : hash_sig_from_file , root_hash_sig_size , flags & ~ DISSECT_IMAGE_VERITY_SHARE , d ) ;
2020-08-10 12:15:48 +02:00
if ( ! IN_SET ( r ,
0 , /* Success */
- EEXIST , /* Volume is already open and ready to be used */
- EBUSY , /* Volume is being opened but not ready, crypt_init_by_name can fetch details */
- ENODEV /* Volume is being opened but not ready, crypt_init_by_name would fail, try to open again */ ) )
2020-07-08 20:57:31 +02:00
return r ;
2020-08-10 12:15:48 +02:00
if ( IN_SET ( r , - EEXIST , - EBUSY ) ) {
2020-07-08 20:57:31 +02:00
struct crypt_device * existing_cd = NULL ;
2020-06-02 16:35:58 +02:00
2020-07-08 20:57:31 +02:00
if ( ! restore_deferred_remove ) {
/* To avoid races, disable automatic removal on umount while setting up the new device. Restore it on failure. */
r = dm_deferred_remove_cancel ( name ) ;
2020-08-10 12:15:48 +02:00
/* If activation returns EBUSY there might be no deferred removal to cancel, that's fine */
if ( r < 0 & & r ! = - ENXIO )
2020-07-08 20:57:31 +02:00
return log_debug_errno ( r , " Disabling automated deferred removal for verity device %s failed: %m " , node ) ;
2020-08-10 12:15:48 +02:00
if ( r = = 0 ) {
restore_deferred_remove = strdup ( name ) ;
if ( ! restore_deferred_remove )
return - ENOMEM ;
}
2020-07-08 20:57:31 +02:00
}
2020-06-02 16:35:58 +02:00
2020-07-08 20:57:31 +02:00
r = verity_can_reuse ( root_hash , root_hash_size , ! ! root_hash_sig | | ! ! hash_sig_from_file , name , & existing_cd ) ;
/* Same as above, -EINVAL can randomly happen when it actually means -EEXIST */
if ( r = = - EINVAL & & FLAGS_SET ( flags , DISSECT_IMAGE_VERITY_SHARE ) )
return verity_partition ( m , v , root_hash , root_hash_size , verity_data , NULL , root_hash_sig ? : hash_sig_from_file , root_hash_sig_size , flags & ~ DISSECT_IMAGE_VERITY_SHARE , d ) ;
2020-08-10 12:15:48 +02:00
if ( ! IN_SET ( r , 0 , - ENODEV , - ENOENT , - EBUSY ) )
2020-07-08 20:57:31 +02:00
return log_debug_errno ( r , " Checking whether existing verity device %s can be reused failed: %m " , node ) ;
if ( r = = 0 ) {
2020-08-10 12:19:22 +02:00
/* devmapper might say that the device exists, but the devlink might not yet have been
* created . Check and wait for the udev event in that case . */
r = device_wait_for_devlink ( node , " block " , 100 * USEC_PER_MSEC , NULL ) ;
/* Fallback to activation with a unique device if it's taking too long */
if ( r = = - ETIMEDOUT )
break ;
if ( r < 0 )
return r ;
2020-07-08 20:57:31 +02:00
if ( cd )
crypt_free ( cd ) ;
cd = existing_cd ;
}
2020-06-02 16:35:58 +02:00
}
2020-07-08 20:57:31 +02:00
if ( r = = 0 )
break ;
2020-08-10 12:22:30 +02:00
/* Device is being opened by another process, but it has not finished yet, yield for 2ms */
( void ) usleep ( 2 * USEC_PER_MSEC ) ;
2020-07-08 20:57:31 +02:00
}
/* An existing verity device was reported by libcryptsetup/libdevmapper, but we can't use it at this time.
* Fall back to activating it with a unique device name . */
if ( r ! = 0 & & FLAGS_SET ( flags , DISSECT_IMAGE_VERITY_SHARE ) )
return verity_partition ( m , v , root_hash , root_hash_size , verity_data , NULL , root_hash_sig ? : hash_sig_from_file , root_hash_sig_size , flags & ~ DISSECT_IMAGE_VERITY_SHARE , d ) ;
/* Everything looks good and we'll be able to mount the device, so deferred remove will be re-enabled at that point. */
restore_deferred_remove = mfree ( restore_deferred_remove ) ;
2016-12-07 18:28:13 +01:00
2018-04-05 07:26:26 +02:00
d - > decrypted [ d - > n_decrypted ] . name = TAKE_PTR ( name ) ;
d - > decrypted [ d - > n_decrypted ] . device = TAKE_PTR ( cd ) ;
2016-12-07 18:28:13 +01:00
d - > n_decrypted + + ;
2018-04-05 07:26:26 +02:00
m - > decrypted_node = TAKE_PTR ( node ) ;
2016-12-07 18:28:13 +01:00
return 0 ;
2016-12-05 16:26:48 +01:00
}
# endif
int dissected_image_decrypt (
DissectedImage * m ,
const char * passphrase ,
2016-12-07 18:28:13 +01:00
const void * root_hash ,
size_t root_hash_size ,
2020-05-29 18:51:20 +02:00
const char * verity_data ,
2020-06-02 16:35:58 +02:00
const char * root_hash_sig_path ,
const void * root_hash_sig ,
size_t root_hash_sig_size ,
2016-12-05 16:26:48 +01:00
DissectImageFlags flags ,
DecryptedImage * * ret ) {
2017-10-03 10:41:51 +02:00
# if HAVE_LIBCRYPTSETUP
2017-12-05 10:34:46 +01:00
_cleanup_ ( decrypted_image_unrefp ) DecryptedImage * d = NULL ;
2016-12-05 16:26:48 +01:00
unsigned i ;
int r ;
# endif
assert ( m ) ;
2016-12-07 18:28:13 +01:00
assert ( root_hash | | root_hash_size = = 0 ) ;
2016-12-05 16:26:48 +01:00
/* Returns:
*
* = 0 → There was nothing to decrypt
* > 0 → Decrypted successfully
2017-04-19 01:05:05 +02:00
* - ENOKEY → There ' s something to decrypt but no key was supplied
2016-12-05 16:26:48 +01:00
* - EKEYREJECTED → Passed key was not correct
*/
2016-12-07 18:28:13 +01:00
if ( root_hash & & root_hash_size < sizeof ( sd_id128_t ) )
return - EINVAL ;
if ( ! m - > encrypted & & ! m - > verity ) {
2016-12-05 16:26:48 +01:00
* ret = NULL ;
return 0 ;
}
2017-10-03 10:41:51 +02:00
# if HAVE_LIBCRYPTSETUP
2016-12-05 16:26:48 +01:00
d = new0 ( DecryptedImage , 1 ) ;
if ( ! d )
return - ENOMEM ;
for ( i = 0 ; i < _PARTITION_DESIGNATOR_MAX ; i + + ) {
DissectedPartition * p = m - > partitions + i ;
2016-12-07 18:28:13 +01:00
int k ;
2016-12-05 16:26:48 +01:00
if ( ! p - > found )
continue ;
r = decrypt_partition ( p , passphrase , flags , d ) ;
if ( r < 0 )
return r ;
2016-12-07 18:28:13 +01:00
k = PARTITION_VERITY_OF ( i ) ;
if ( k > = 0 ) {
2020-07-08 20:57:31 +02:00
r = verity_partition ( p , m - > partitions + k , root_hash , root_hash_size , verity_data , root_hash_sig_path , root_hash_sig , root_hash_sig_size , flags | DISSECT_IMAGE_VERITY_SHARE , d ) ;
2016-12-07 18:28:13 +01:00
if ( r < 0 )
return r ;
}
2016-12-05 16:26:48 +01:00
if ( ! p - > decrypted_fstype & & p - > decrypted_node ) {
r = probe_filesystem ( p - > decrypted_node , & p - > decrypted_fstype ) ;
2017-11-30 12:09:36 +01:00
if ( r < 0 & & r ! = - EUCLEAN )
2016-12-05 16:26:48 +01:00
return r ;
}
}
2018-04-05 07:26:26 +02:00
* ret = TAKE_PTR ( d ) ;
2016-12-05 16:26:48 +01:00
return 1 ;
# else
return - EOPNOTSUPP ;
# endif
}
int dissected_image_decrypt_interactively (
DissectedImage * m ,
const char * passphrase ,
2016-12-07 18:28:13 +01:00
const void * root_hash ,
size_t root_hash_size ,
2020-05-29 18:51:20 +02:00
const char * verity_data ,
2020-06-02 16:35:58 +02:00
const char * root_hash_sig_path ,
const void * root_hash_sig ,
size_t root_hash_sig_size ,
2016-12-05 16:26:48 +01:00
DissectImageFlags flags ,
DecryptedImage * * ret ) {
_cleanup_strv_free_erase_ char * * z = NULL ;
int n = 3 , r ;
if ( passphrase )
n - - ;
for ( ; ; ) {
2020-06-02 16:35:58 +02:00
r = dissected_image_decrypt ( m , passphrase , root_hash , root_hash_size , verity_data , root_hash_sig_path , root_hash_sig , root_hash_sig_size , flags , ret ) ;
2016-12-05 16:26:48 +01:00
if ( r > = 0 )
return r ;
if ( r = = - EKEYREJECTED )
log_error_errno ( r , " Incorrect passphrase, try again! " ) ;
2018-08-07 08:48:37 +02:00
else if ( r ! = - ENOKEY )
return log_error_errno ( r , " Failed to decrypt image: %m " ) ;
2016-12-05 16:26:48 +01:00
2018-11-20 23:40:44 +01:00
if ( - - n < 0 )
return log_error_errno ( SYNTHETIC_ERRNO ( EKEYREJECTED ) ,
" Too many retries. " ) ;
2016-12-05 16:26:48 +01:00
z = strv_free ( z ) ;
2018-10-09 16:13:34 +02:00
r = ask_password_auto ( " Please enter image passphrase: " , NULL , " dissect " , " dissect " , USEC_INFINITY , 0 , & z ) ;
2016-12-05 16:26:48 +01:00
if ( r < 0 )
return log_error_errno ( r , " Failed to query for passphrase: %m " ) ;
passphrase = z [ 0 ] ;
}
}
int decrypted_image_relinquish ( DecryptedImage * d ) {
2017-10-03 10:41:51 +02:00
# if HAVE_LIBCRYPTSETUP
2016-12-05 16:26:48 +01:00
size_t i ;
int r ;
# endif
assert ( d ) ;
/* Turns on automatic removal after the last use ended for all DM devices of this image, and sets a boolean so
* that we don ' t clean it up ourselves either anymore */
2017-10-03 10:41:51 +02:00
# if HAVE_LIBCRYPTSETUP
2016-12-05 16:26:48 +01:00
for ( i = 0 ; i < d - > n_decrypted ; i + + ) {
DecryptedPartition * p = d - > decrypted + i ;
if ( p - > relinquished )
continue ;
2020-07-14 16:07:21 +02:00
r = crypt_deactivate_by_name ( NULL , p - > name , CRYPT_DEACTIVATE_DEFERRED ) ;
2016-12-05 16:26:48 +01:00
if ( r < 0 )
return log_debug_errno ( r , " Failed to mark %s for auto-removal: %m " , p - > name ) ;
p - > relinquished = true ;
}
# endif
return 0 ;
}
2020-07-29 15:16:27 +02:00
int verity_metadata_load (
const char * image ,
const char * root_hash_path ,
void * * ret_roothash ,
size_t * ret_roothash_size ,
char * * ret_verity_data ,
char * * ret_roothashsig ) {
2020-06-02 16:35:58 +02:00
_cleanup_free_ char * verity_filename = NULL , * roothashsig_filename = NULL ;
2020-05-29 18:51:20 +02:00
_cleanup_free_ void * roothash_decoded = NULL ;
size_t roothash_decoded_size = 0 ;
2016-12-23 17:10:42 +01:00
int r ;
assert ( image ) ;
if ( is_device_path ( image ) ) {
/* If we are asked to load the root hash for a device node, exit early */
2020-05-29 18:51:20 +02:00
if ( ret_roothash )
* ret_roothash = NULL ;
if ( ret_roothash_size )
* ret_roothash_size = 0 ;
if ( ret_verity_data )
* ret_verity_data = NULL ;
2020-06-02 16:35:58 +02:00
if ( ret_roothashsig )
* ret_roothashsig = NULL ;
2016-12-23 17:10:42 +01:00
return 0 ;
}
2020-05-29 18:51:20 +02:00
if ( ret_verity_data ) {
char * e ;
2016-12-23 17:10:42 +01:00
2020-05-29 18:51:20 +02:00
verity_filename = new ( char , strlen ( image ) + STRLEN ( " .verity " ) + 1 ) ;
if ( ! verity_filename )
return - ENOMEM ;
strcpy ( verity_filename , image ) ;
e = endswith ( verity_filename , " .raw " ) ;
2016-12-23 17:38:12 +01:00
if ( e )
2020-05-29 18:51:20 +02:00
strcpy ( e , " .verity " ) ;
else
strcat ( verity_filename , " .verity " ) ;
2016-12-23 17:38:12 +01:00
2020-05-29 18:51:20 +02:00
r = access ( verity_filename , F_OK ) ;
if ( r < 0 ) {
if ( errno ! = ENOENT )
return - errno ;
verity_filename = mfree ( verity_filename ) ;
2016-12-23 17:38:12 +01:00
}
2016-12-23 17:10:42 +01:00
}
2020-06-02 16:35:58 +02:00
if ( ret_roothashsig ) {
char * e ;
/* Follow naming convention recommended by the relevant RFC:
* https : //tools.ietf.org/html/rfc5751#section-3.2.1 */
roothashsig_filename = new ( char , strlen ( image ) + STRLEN ( " .roothash.p7s " ) + 1 ) ;
if ( ! roothashsig_filename )
return - ENOMEM ;
strcpy ( roothashsig_filename , image ) ;
e = endswith ( roothashsig_filename , " .raw " ) ;
if ( e )
strcpy ( e , " .roothash.p7s " ) ;
else
strcat ( roothashsig_filename , " .roothash.p7s " ) ;
r = access ( roothashsig_filename , R_OK ) ;
if ( r < 0 ) {
if ( errno ! = ENOENT )
return - errno ;
roothashsig_filename = mfree ( roothashsig_filename ) ;
}
}
2020-05-29 18:51:20 +02:00
if ( ret_roothash ) {
_cleanup_free_ char * text = NULL ;
assert ( ret_roothash_size ) ;
2020-06-03 10:50:45 +02:00
if ( root_hash_path ) {
/* We have the path to a roothash to load and decode, eg: RootHash=/foo/bar.roothash */
r = read_one_line_file ( root_hash_path , & text ) ;
if ( r < 0 )
2020-05-29 18:51:20 +02:00
return r ;
2020-06-03 10:50:45 +02:00
} else {
r = getxattr_malloc ( image , " user.verity.roothash " , & text , true ) ;
if ( r < 0 ) {
char * fn , * e , * n ;
if ( ! IN_SET ( r , - ENODATA , - EOPNOTSUPP , - ENOENT ) )
return r ;
2016-12-23 17:10:42 +01:00
2020-06-03 10:50:45 +02:00
fn = newa ( char , strlen ( image ) + STRLEN ( " .roothash " ) + 1 ) ;
n = stpcpy ( fn , image ) ;
e = endswith ( fn , " .raw " ) ;
if ( e )
n = e ;
2020-05-29 18:51:20 +02:00
2020-06-03 10:50:45 +02:00
strcpy ( n , " .roothash " ) ;
2020-05-29 18:51:20 +02:00
2020-06-03 10:50:45 +02:00
r = read_one_line_file ( fn , & text ) ;
if ( r < 0 & & r ! = - ENOENT )
return r ;
}
2020-05-29 18:51:20 +02:00
}
if ( text ) {
r = unhexmem ( text , strlen ( text ) , & roothash_decoded , & roothash_decoded_size ) ;
if ( r < 0 )
return r ;
if ( roothash_decoded_size < sizeof ( sd_id128_t ) )
return - EINVAL ;
}
}
if ( ret_roothash ) {
* ret_roothash = TAKE_PTR ( roothash_decoded ) ;
* ret_roothash_size = roothash_decoded_size ;
}
if ( ret_verity_data )
* ret_verity_data = TAKE_PTR ( verity_filename ) ;
2020-06-02 16:35:58 +02:00
if ( roothashsig_filename )
* ret_roothashsig = TAKE_PTR ( roothashsig_filename ) ;
2016-12-23 17:10:42 +01:00
return 1 ;
}
2017-11-14 23:22:46 +01:00
int dissected_image_acquire_metadata ( DissectedImage * m ) {
enum {
META_HOSTNAME ,
META_MACHINE_ID ,
META_MACHINE_INFO ,
META_OS_RELEASE ,
_META_MAX ,
} ;
static const char * const paths [ _META_MAX ] = {
[ META_HOSTNAME ] = " /etc/hostname \0 " ,
[ META_MACHINE_ID ] = " /etc/machine-id \0 " ,
[ META_MACHINE_INFO ] = " /etc/machine-info \0 " ,
dissect: introduce new recognizable partition types for /var and /var/tmp
This has been requested many times before. Let's add it finally.
GPT auto-discovery for /var is a bit more complex than for other
partition types: the other partitions can to some degree be shared
between multiple OS installations on the same disk (think: swap, /home,
/srv). However, /var is inherently something bound to an installation,
i.e. specific to its identity, or actually *is* its identity, and hence
something that cannot be shared.
To deal with this this new code is particularly careful when it comes to
/var: it will not mount things blindly, but insist that the UUID of the
partition matches a hashed version of the machine-id of the
installation, so that each installation has a very specific /var
associated with it, and would never use any other. (We actually use
HMAC-SHA256 on the GPT partition type for /var, keyed by the machine-id,
since machine-id is something we want to keep somewhat private).
Setting the right UUID for installations takes extra care. To make
things a bit simpler to set up, we avoid this safety check for nspawn
and RootImage= in unit files, under the assumption that such container
and service images unlikely will have multiple installations on them.
The check is hence only required when booting full machines, i.e. in
in systemd-gpt-auto-generator.
To help with putting together images for full machines, PR #14368
introduces a repartition tool that can automatically fill in correctly
calculated UUIDs on first boot if images have the var partition UUID
initialized to all zeroes. With that in place systems can be put
together in a way that on first boot the machine ID is determined and
the partition table automatically adjusted to have the /var partition
with the right UUID.
2019-12-18 12:22:40 +01:00
[ META_OS_RELEASE ] = " /etc/os-release \0 "
" /usr/lib/os-release \0 " ,
2017-11-14 23:22:46 +01:00
} ;
_cleanup_strv_free_ char * * machine_info = NULL , * * os_release = NULL ;
2020-08-11 15:59:44 +02:00
_cleanup_close_pair_ int error_pipe [ 2 ] = { - 1 , - 1 } ;
2017-11-14 23:22:46 +01:00
_cleanup_ ( rmdir_and_freep ) char * t = NULL ;
_cleanup_ ( sigkill_waitp ) pid_t child = 0 ;
sd_id128_t machine_id = SD_ID128_NULL ;
_cleanup_free_ char * hostname = NULL ;
unsigned n_meta_initialized = 0 , k ;
2020-08-11 15:59:44 +02:00
int fds [ 2 * _META_MAX ] , r , v ;
ssize_t n ;
2017-11-14 23:22:46 +01:00
BLOCK_SIGNALS ( SIGCHLD ) ;
assert ( m ) ;
for ( ; n_meta_initialized < _META_MAX ; n_meta_initialized + + )
if ( pipe2 ( fds + 2 * n_meta_initialized , O_CLOEXEC ) < 0 ) {
r = - errno ;
goto finish ;
}
r = mkdtemp_malloc ( " /tmp/dissect-XXXXXX " , & t ) ;
if ( r < 0 )
goto finish ;
2020-08-11 15:59:44 +02:00
if ( pipe2 ( error_pipe , O_CLOEXEC ) < 0 ) {
r = - errno ;
goto finish ;
}
2018-03-23 20:52:46 +01:00
r = safe_fork ( " (sd-dissect) " , FORK_RESET_SIGNALS | FORK_DEATHSIG | FORK_NEW_MOUNTNS | FORK_MOUNTNS_SLAVE , & child ) ;
2017-12-29 18:52:20 +01:00
if ( r < 0 )
2017-11-14 23:22:46 +01:00
goto finish ;
2017-12-29 18:52:20 +01:00
if ( r = = 0 ) {
2020-08-11 15:59:44 +02:00
error_pipe [ 0 ] = safe_close ( error_pipe [ 0 ] ) ;
2018-03-23 20:39:32 +01:00
r = dissected_image_mount ( m , t , UID_INVALID , DISSECT_IMAGE_READ_ONLY | DISSECT_IMAGE_MOUNT_ROOT_ONLY | DISSECT_IMAGE_VALIDATE_OS ) ;
2018-04-05 13:15:43 +02:00
if ( r < 0 ) {
2020-08-11 15:59:44 +02:00
/* Let parent know the error */
( void ) write ( error_pipe [ 1 ] , & r , sizeof ( r ) ) ;
2018-04-05 13:15:43 +02:00
log_debug_errno ( r , " Failed to mount dissected image: %m " ) ;
2017-11-14 23:22:46 +01:00
_exit ( EXIT_FAILURE ) ;
2018-04-05 13:15:43 +02:00
}
2017-11-14 23:22:46 +01:00
for ( k = 0 ; k < _META_MAX ; k + + ) {
2020-07-29 15:17:22 +02:00
_cleanup_close_ int fd = - ENOENT ;
2017-11-14 23:22:46 +01:00
const char * p ;
fds [ 2 * k ] = safe_close ( fds [ 2 * k ] ) ;
NULSTR_FOREACH ( p , paths [ k ] ) {
2018-03-26 19:22:16 +02:00
fd = chase_symlinks_and_open ( p , t , CHASE_PREFIX_ROOT , O_RDONLY | O_CLOEXEC | O_NOCTTY , NULL ) ;
2017-11-14 23:22:46 +01:00
if ( fd > = 0 )
break ;
}
2018-03-26 19:22:16 +02:00
if ( fd < 0 ) {
log_debug_errno ( fd , " Failed to read %s file of image, ignoring: %m " , paths [ k ] ) ;
2020-07-29 15:17:22 +02:00
fds [ 2 * k + 1 ] = safe_close ( fds [ 2 * k + 1 ] ) ;
2017-11-14 23:22:46 +01:00
continue ;
2018-03-26 19:22:16 +02:00
}
2017-11-14 23:22:46 +01:00
r = copy_bytes ( fd , fds [ 2 * k + 1 ] , ( uint64_t ) - 1 , 0 ) ;
2020-08-11 15:59:44 +02:00
if ( r < 0 ) {
( void ) write ( error_pipe [ 1 ] , & r , sizeof ( r ) ) ;
2017-11-14 23:22:46 +01:00
_exit ( EXIT_FAILURE ) ;
2020-08-11 15:59:44 +02:00
}
2017-11-14 23:22:46 +01:00
fds [ 2 * k + 1 ] = safe_close ( fds [ 2 * k + 1 ] ) ;
}
_exit ( EXIT_SUCCESS ) ;
}
2020-08-11 15:59:44 +02:00
error_pipe [ 1 ] = safe_close ( error_pipe [ 1 ] ) ;
2017-11-14 23:22:46 +01:00
for ( k = 0 ; k < _META_MAX ; k + + ) {
_cleanup_fclose_ FILE * f = NULL ;
fds [ 2 * k + 1 ] = safe_close ( fds [ 2 * k + 1 ] ) ;
2020-03-31 10:07:21 +02:00
f = take_fdopen ( & fds [ 2 * k ] , " r " ) ;
2017-11-14 23:22:46 +01:00
if ( ! f ) {
r = - errno ;
goto finish ;
}
switch ( k ) {
case META_HOSTNAME :
r = read_etc_hostname_stream ( f , & hostname ) ;
if ( r < 0 )
log_debug_errno ( r , " Failed to read /etc/hostname: %m " ) ;
break ;
case META_MACHINE_ID : {
_cleanup_free_ char * line = NULL ;
r = read_line ( f , LONG_LINE_MAX , & line ) ;
if ( r < 0 )
log_debug_errno ( r , " Failed to read /etc/machine-id: %m " ) ;
else if ( r = = 33 ) {
r = sd_id128_from_string ( line , & machine_id ) ;
if ( r < 0 )
log_debug_errno ( r , " Image contains invalid /etc/machine-id: %s " , line ) ;
} else if ( r = = 0 )
log_debug ( " /etc/machine-id file is empty. " ) ;
else
log_debug ( " /etc/machine-id has unexpected length %i. " , r ) ;
break ;
}
case META_MACHINE_INFO :
2018-11-12 14:04:47 +01:00
r = load_env_file_pairs ( f , " machine-info " , & machine_info ) ;
2017-11-14 23:22:46 +01:00
if ( r < 0 )
log_debug_errno ( r , " Failed to read /etc/machine-info: %m " ) ;
break ;
case META_OS_RELEASE :
2018-11-12 14:04:47 +01:00
r = load_env_file_pairs ( f , " os-release " , & os_release ) ;
2017-11-14 23:22:46 +01:00
if ( r < 0 )
log_debug_errno ( r , " Failed to read OS release file: %m " ) ;
break ;
}
}
2017-12-29 18:07:00 +01:00
r = wait_for_terminate_and_check ( " (sd-dissect) " , child , 0 ) ;
2017-11-14 23:22:46 +01:00
child = 0 ;
2017-12-29 18:07:00 +01:00
if ( r < 0 )
2020-08-11 15:59:44 +02:00
return r ;
n = read ( error_pipe [ 0 ] , & v , sizeof ( v ) ) ;
if ( n < 0 )
return - errno ;
if ( n = = sizeof ( v ) )
return v ; /* propagate error sent to us from child */
if ( n ! = 0 )
return - EIO ;
2017-12-29 18:07:00 +01:00
if ( r ! = EXIT_SUCCESS )
return - EPROTO ;
2017-11-14 23:22:46 +01:00
free_and_replace ( m - > hostname , hostname ) ;
m - > machine_id = machine_id ;
strv_free_and_replace ( m - > machine_info , machine_info ) ;
strv_free_and_replace ( m - > os_release , os_release ) ;
finish :
for ( k = 0 ; k < n_meta_initialized ; k + + )
safe_close_pair ( fds + 2 * k ) ;
return r ;
}
2018-03-21 12:10:01 +01:00
int dissect_image_and_warn (
int fd ,
const char * name ,
const void * root_hash ,
size_t root_hash_size ,
2020-05-29 18:51:20 +02:00
const char * verity_data ,
2020-06-29 14:19:31 +02:00
const MountOptions * mount_options ,
2018-03-21 12:10:01 +01:00
DissectImageFlags flags ,
DissectedImage * * ret ) {
_cleanup_free_ char * buffer = NULL ;
int r ;
if ( ! name ) {
r = fd_get_path ( fd , & buffer ) ;
if ( r < 0 )
return r ;
name = buffer ;
}
2020-06-29 14:19:31 +02:00
r = dissect_image ( fd , root_hash , root_hash_size , verity_data , mount_options , flags , ret ) ;
2018-03-21 12:10:01 +01:00
switch ( r ) {
case - EOPNOTSUPP :
return log_error_errno ( r , " Dissecting images is not supported, compiled without blkid support. " ) ;
case - ENOPKG :
return log_error_errno ( r , " Couldn't identify a suitable partition table or file system in '%s'. " , name ) ;
case - EADDRNOTAVAIL :
return log_error_errno ( r , " No root partition for specified root hash found in '%s'. " , name ) ;
case - ENOTUNIQ :
return log_error_errno ( r , " Multiple suitable root partitions found in image '%s'. " , name ) ;
case - ENXIO :
return log_error_errno ( r , " No suitable root partition found in image '%s'. " , name ) ;
case - EPROTONOSUPPORT :
return log_error_errno ( r , " Device '%s' is loopback block device with partition scanning turned off, please turn it on. " , name ) ;
default :
if ( r < 0 )
return log_error_errno ( r , " Failed to dissect image '%s': %m " , name ) ;
return r ;
}
}
2020-05-29 18:51:20 +02:00
bool dissected_image_can_do_verity ( const DissectedImage * image , unsigned partition_designator ) {
if ( image - > single_file_system )
return partition_designator = = PARTITION_ROOT & & image - > can_verity ;
return PARTITION_VERITY_OF ( partition_designator ) > = 0 ;
}
bool dissected_image_has_verity ( const DissectedImage * image , unsigned partition_designator ) {
int k ;
if ( image - > single_file_system )
return partition_designator = = PARTITION_ROOT & & image - > verity ;
k = PARTITION_VERITY_OF ( partition_designator ) ;
return k > = 0 & & image - > partitions [ k ] . found ;
}
2020-06-29 14:19:31 +02:00
MountOptions * mount_options_free_all ( MountOptions * options ) {
MountOptions * m ;
while ( ( m = options ) ) {
LIST_REMOVE ( mount_options , options , m ) ;
free ( m - > options ) ;
free ( m ) ;
}
return NULL ;
}
const char * mount_options_from_part ( const MountOptions * options , unsigned int partition_number ) {
MountOptions * m ;
LIST_FOREACH ( mount_options , m , ( MountOptions * ) options )
if ( partition_number = = m - > partition_number & & ! isempty ( m - > options ) )
return m - > options ;
2020-07-28 18:16:19 +02:00
2020-06-29 14:19:31 +02:00
return NULL ;
}
2020-07-28 18:16:19 +02:00
int mount_image_privately_interactively (
const char * image ,
DissectImageFlags flags ,
char * * ret_directory ,
LoopDevice * * ret_loop_device ,
DecryptedImage * * ret_decrypted_image ) {
_cleanup_ ( loop_device_unrefp ) LoopDevice * d = NULL ;
_cleanup_ ( decrypted_image_unrefp ) DecryptedImage * decrypted_image = NULL ;
_cleanup_ ( dissected_image_unrefp ) DissectedImage * dissected_image = NULL ;
_cleanup_ ( rmdir_and_freep ) char * created_dir = NULL ;
_cleanup_free_ char * temp = NULL ;
int r ;
/* Mounts an OS image at a temporary place, inside a newly created mount namespace of our own. This
* is used by tools such as systemd - tmpfiles or systemd - firstboot to operate on some disk image
* easily . */
assert ( image ) ;
assert ( ret_directory ) ;
assert ( ret_loop_device ) ;
assert ( ret_decrypted_image ) ;
r = tempfn_random_child ( NULL , program_invocation_short_name , & temp ) ;
if ( r < 0 )
return log_error_errno ( r , " Failed to generate temporary mount directory: %m " ) ;
r = loop_device_make_by_path (
image ,
FLAGS_SET ( flags , DISSECT_IMAGE_READ_ONLY ) ? O_RDONLY : O_RDWR ,
FLAGS_SET ( flags , DISSECT_IMAGE_NO_PARTITION_TABLE ) ? 0 : LO_FLAGS_PARTSCAN ,
& d ) ;
if ( r < 0 )
return log_error_errno ( r , " Failed to set up loopback device: %m " ) ;
r = dissect_image_and_warn ( d - > fd , image , NULL , 0 , NULL , NULL , flags , & dissected_image ) ;
if ( r < 0 )
return r ;
r = dissected_image_decrypt_interactively ( dissected_image , NULL , NULL , 0 , NULL , NULL , NULL , 0 , flags , & decrypted_image ) ;
if ( r < 0 )
return r ;
r = detach_mount_namespace ( ) ;
if ( r < 0 )
return log_error_errno ( r , " Failed to detach mount namespace: %m " ) ;
r = mkdir_p ( temp , 0700 ) ;
if ( r < 0 )
return log_error_errno ( r , " Failed to create mount point: %m " ) ;
created_dir = TAKE_PTR ( temp ) ;
2020-08-11 15:56:12 +02:00
r = dissected_image_mount_and_warn ( dissected_image , created_dir , UID_INVALID , flags ) ;
2020-07-28 18:16:19 +02:00
if ( r < 0 )
2020-08-11 15:56:12 +02:00
return r ;
2020-07-28 18:16:19 +02:00
if ( decrypted_image ) {
r = decrypted_image_relinquish ( decrypted_image ) ;
if ( r < 0 )
return log_error_errno ( r , " Failed to relinquish DM devices: %m " ) ;
}
loop_device_relinquish ( d ) ;
* ret_directory = TAKE_PTR ( created_dir ) ;
* ret_loop_device = TAKE_PTR ( d ) ;
* ret_decrypted_image = TAKE_PTR ( decrypted_image ) ;
return 0 ;
}
2016-12-01 20:25:26 +01:00
static const char * const partition_designator_table [ ] = {
[ PARTITION_ROOT ] = " root " ,
[ PARTITION_ROOT_SECONDARY ] = " root-secondary " ,
[ PARTITION_HOME ] = " home " ,
[ PARTITION_SRV ] = " srv " ,
[ PARTITION_ESP ] = " esp " ,
2019-01-23 11:34:31 +01:00
[ PARTITION_XBOOTLDR ] = " xbootldr " ,
2016-12-01 20:25:26 +01:00
[ PARTITION_SWAP ] = " swap " ,
2016-12-07 18:28:13 +01:00
[ PARTITION_ROOT_VERITY ] = " root-verity " ,
[ PARTITION_ROOT_SECONDARY_VERITY ] = " root-secondary-verity " ,
dissect: introduce new recognizable partition types for /var and /var/tmp
This has been requested many times before. Let's add it finally.
GPT auto-discovery for /var is a bit more complex than for other
partition types: the other partitions can to some degree be shared
between multiple OS installations on the same disk (think: swap, /home,
/srv). However, /var is inherently something bound to an installation,
i.e. specific to its identity, or actually *is* its identity, and hence
something that cannot be shared.
To deal with this this new code is particularly careful when it comes to
/var: it will not mount things blindly, but insist that the UUID of the
partition matches a hashed version of the machine-id of the
installation, so that each installation has a very specific /var
associated with it, and would never use any other. (We actually use
HMAC-SHA256 on the GPT partition type for /var, keyed by the machine-id,
since machine-id is something we want to keep somewhat private).
Setting the right UUID for installations takes extra care. To make
things a bit simpler to set up, we avoid this safety check for nspawn
and RootImage= in unit files, under the assumption that such container
and service images unlikely will have multiple installations on them.
The check is hence only required when booting full machines, i.e. in
in systemd-gpt-auto-generator.
To help with putting together images for full machines, PR #14368
introduces a repartition tool that can automatically fill in correctly
calculated UUIDs on first boot if images have the var partition UUID
initialized to all zeroes. With that in place systems can be put
together in a way that on first boot the machine ID is determined and
the partition table automatically adjusted to have the /var partition
with the right UUID.
2019-12-18 12:22:40 +01:00
[ PARTITION_TMP ] = " tmp " ,
[ PARTITION_VAR ] = " var " ,
2016-12-01 20:25:26 +01:00
} ;
DEFINE_STRING_TABLE_LOOKUP ( partition_designator , int ) ;
