2010-11-08 05:02:45 +01:00
|
|
|
/***
|
|
|
|
This file is part of systemd.
|
|
|
|
|
|
|
|
Copyright 2010 Lennart Poettering
|
|
|
|
|
|
|
|
systemd is free software; you can redistribute it and/or modify it
|
2012-04-12 00:20:58 +02:00
|
|
|
under the terms of the GNU Lesser General Public License as published by
|
|
|
|
the Free Software Foundation; either version 2.1 of the License, or
|
2010-11-08 05:02:45 +01:00
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
systemd is distributed in the hope that it will be useful, but
|
|
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
2012-04-12 00:20:58 +02:00
|
|
|
Lesser General Public License for more details.
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2012-04-12 00:20:58 +02:00
|
|
|
You should have received a copy of the GNU Lesser General Public License
|
2010-11-08 05:02:45 +01:00
|
|
|
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
***/
|
|
|
|
|
|
|
|
#include <errno.h>
|
|
|
|
|
2015-10-27 03:01:06 +01:00
|
|
|
#include "alloc-util.h"
|
2014-12-02 18:49:28 +01:00
|
|
|
#include "dropin.h"
|
2015-10-25 13:14:12 +01:00
|
|
|
#include "fd-util.h"
|
2015-10-26 18:05:03 +01:00
|
|
|
#include "fileio.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "fstab-util.h"
|
2014-12-02 18:49:28 +01:00
|
|
|
#include "generator.h"
|
|
|
|
#include "hashmap.h"
|
2010-11-08 05:02:45 +01:00
|
|
|
#include "log.h"
|
2012-04-10 21:54:31 +02:00
|
|
|
#include "mkdir.h"
|
2015-10-26 16:18:16 +01:00
|
|
|
#include "parse-util.h"
|
2014-06-23 19:18:44 +02:00
|
|
|
#include "path-util.h"
|
2015-10-27 00:06:29 +01:00
|
|
|
#include "proc-cmdline.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "string-util.h"
|
2014-12-02 18:49:28 +01:00
|
|
|
#include "strv.h"
|
|
|
|
#include "unit-name.h"
|
|
|
|
#include "util.h"
|
|
|
|
|
|
|
|
typedef struct crypto_device {
|
|
|
|
char *uuid;
|
2014-12-02 18:49:29 +01:00
|
|
|
char *keyfile;
|
2014-12-02 18:49:30 +01:00
|
|
|
char *name;
|
2014-12-02 18:49:28 +01:00
|
|
|
char *options;
|
|
|
|
bool create;
|
|
|
|
} crypto_device;
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2012-06-22 10:11:06 +02:00
|
|
|
static const char *arg_dest = "/tmp";
|
|
|
|
static bool arg_enabled = true;
|
|
|
|
static bool arg_read_crypttab = true;
|
2014-12-02 18:49:28 +01:00
|
|
|
static bool arg_whitelist = false;
|
|
|
|
static Hashmap *arg_disks = NULL;
|
|
|
|
static char *arg_default_options = NULL;
|
|
|
|
static char *arg_default_keyfile = NULL;
|
2014-02-16 00:08:59 +01:00
|
|
|
|
2010-11-08 05:02:45 +01:00
|
|
|
static int create_disk(
|
|
|
|
const char *name,
|
|
|
|
const char *device,
|
|
|
|
const char *password,
|
|
|
|
const char *options) {
|
|
|
|
|
2014-07-01 00:41:17 +02:00
|
|
|
_cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL,
|
|
|
|
*filtered = NULL;
|
2013-04-18 09:11:22 +02:00
|
|
|
_cleanup_fclose_ FILE *f = NULL;
|
2013-08-15 02:47:59 +02:00
|
|
|
bool noauto, nofail, tmp, swap;
|
2014-03-06 02:26:52 +01:00
|
|
|
char *from;
|
|
|
|
int r;
|
2010-11-08 05:02:45 +01:00
|
|
|
|
|
|
|
assert(name);
|
|
|
|
assert(device);
|
|
|
|
|
2015-01-11 06:04:00 +01:00
|
|
|
noauto = fstab_test_yes_no_option(options, "noauto\0" "auto\0");
|
|
|
|
nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0");
|
2015-01-11 05:06:52 +01:00
|
|
|
tmp = fstab_test_option(options, "tmp\0");
|
|
|
|
swap = fstab_test_option(options, "swap\0");
|
2013-08-15 02:47:59 +02:00
|
|
|
|
|
|
|
if (tmp && swap) {
|
|
|
|
log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name);
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
2011-04-20 00:45:22 +02:00
|
|
|
|
2014-03-06 02:26:52 +01:00
|
|
|
e = unit_name_escape(name);
|
|
|
|
if (!e)
|
|
|
|
return log_oom();
|
|
|
|
|
2015-04-30 20:21:00 +02:00
|
|
|
r = unit_name_build("systemd-cryptsetup", e, ".service", &n);
|
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Failed to generate unit name: %m");
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2016-10-23 17:43:27 +02:00
|
|
|
p = strjoin(arg_dest, "/", n);
|
2013-03-08 10:50:33 +01:00
|
|
|
if (!p)
|
|
|
|
return log_oom();
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2012-05-21 17:22:36 +02:00
|
|
|
u = fstab_node_to_udev_node(device);
|
2013-03-08 10:50:33 +01:00
|
|
|
if (!u)
|
|
|
|
return log_oom();
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2015-04-30 20:21:00 +02:00
|
|
|
r = unit_name_from_path(u, ".device", &d);
|
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Failed to generate unit name: %m");
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2012-05-21 17:22:36 +02:00
|
|
|
f = fopen(p, "wxe");
|
2014-11-28 19:57:32 +01:00
|
|
|
if (!f)
|
|
|
|
return log_error_errno(errno, "Failed to create unit file %s: %m", p);
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2016-12-16 13:15:31 +01:00
|
|
|
fputs("# Automatically generated by systemd-cryptsetup-generator\n\n"
|
|
|
|
"[Unit]\n"
|
|
|
|
"Description=Cryptography Setup for %I\n"
|
|
|
|
"Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
|
|
|
|
"SourcePath=/etc/crypttab\n"
|
|
|
|
"DefaultDependencies=no\n"
|
|
|
|
"Conflicts=umount.target\n"
|
|
|
|
"BindsTo=dev-mapper-%i.device\n"
|
|
|
|
"IgnoreOnIsolate=true\n"
|
|
|
|
"After=cryptsetup-pre.target\n",
|
|
|
|
f);
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2011-04-20 00:45:22 +02:00
|
|
|
if (!nofail)
|
|
|
|
fprintf(f,
|
|
|
|
"Before=cryptsetup.target\n");
|
|
|
|
|
2013-03-29 23:01:12 +01:00
|
|
|
if (password) {
|
2014-03-06 02:26:52 +01:00
|
|
|
if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
|
2013-09-22 20:38:24 +02:00
|
|
|
fputs("After=systemd-random-seed.service\n", f);
|
2014-02-08 18:54:58 +01:00
|
|
|
else if (!streq(password, "-") && !streq(password, "none")) {
|
2014-03-06 02:26:52 +01:00
|
|
|
_cleanup_free_ char *uu;
|
|
|
|
|
|
|
|
uu = fstab_node_to_udev_node(password);
|
|
|
|
if (!uu)
|
2014-02-08 18:54:58 +01:00
|
|
|
return log_oom();
|
|
|
|
|
2014-06-23 19:18:44 +02:00
|
|
|
if (!path_equal(uu, "/dev/null")) {
|
2014-03-06 02:26:52 +01:00
|
|
|
|
2014-06-23 19:18:44 +02:00
|
|
|
if (is_device_path(uu)) {
|
2015-04-30 20:21:00 +02:00
|
|
|
_cleanup_free_ char *dd = NULL;
|
2014-02-08 18:54:58 +01:00
|
|
|
|
2015-04-30 20:21:00 +02:00
|
|
|
r = unit_name_from_path(uu, ".device", &dd);
|
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Failed to generate unit name: %m");
|
2014-06-23 19:18:44 +02:00
|
|
|
|
|
|
|
fprintf(f, "After=%1$s\nRequires=%1$s\n", dd);
|
|
|
|
} else
|
|
|
|
fprintf(f, "RequiresMountsFor=%s\n", password);
|
|
|
|
}
|
2014-02-08 18:54:58 +01:00
|
|
|
}
|
2013-03-29 23:01:12 +01:00
|
|
|
}
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2013-03-29 23:01:11 +01:00
|
|
|
if (is_device_path(u))
|
|
|
|
fprintf(f,
|
|
|
|
"BindsTo=%s\n"
|
|
|
|
"After=%s\n"
|
|
|
|
"Before=umount.target\n",
|
|
|
|
d, d);
|
|
|
|
else
|
|
|
|
fprintf(f,
|
|
|
|
"RequiresMountsFor=%s\n",
|
|
|
|
u);
|
|
|
|
|
2014-07-01 00:41:17 +02:00
|
|
|
r = generator_write_timeouts(arg_dest, device, name, options, &filtered);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
2010-11-08 05:02:45 +01:00
|
|
|
fprintf(f,
|
|
|
|
"\n[Service]\n"
|
|
|
|
"Type=oneshot\n"
|
|
|
|
"RemainAfterExit=yes\n"
|
2011-04-14 02:36:02 +02:00
|
|
|
"TimeoutSec=0\n" /* the binary handles timeouts anyway */
|
2010-11-14 01:53:46 +01:00
|
|
|
"ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
|
2010-11-12 00:39:17 +01:00
|
|
|
"ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
|
2014-07-01 00:41:17 +02:00
|
|
|
name, u, strempty(password), strempty(filtered),
|
2010-11-08 05:02:45 +01:00
|
|
|
name);
|
|
|
|
|
2013-08-15 02:47:59 +02:00
|
|
|
if (tmp)
|
2010-11-08 05:02:45 +01:00
|
|
|
fprintf(f,
|
2011-04-13 22:22:10 +02:00
|
|
|
"ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
|
2011-01-04 02:12:07 +01:00
|
|
|
name);
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2013-08-15 02:47:59 +02:00
|
|
|
if (swap)
|
2010-11-08 05:02:45 +01:00
|
|
|
fprintf(f,
|
2011-04-13 22:22:10 +02:00
|
|
|
"ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
|
2011-01-04 02:12:07 +01:00
|
|
|
name);
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2015-05-17 00:11:12 +02:00
|
|
|
r = fflush_and_check(f);
|
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Failed to write file %s: %m", p);
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2015-02-03 02:05:59 +01:00
|
|
|
from = strjoina("../", n);
|
2010-11-12 03:04:10 +01:00
|
|
|
|
2011-04-20 00:45:22 +02:00
|
|
|
if (!noauto) {
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2016-10-23 17:43:27 +02:00
|
|
|
to = strjoin(arg_dest, "/", d, ".wants/", n);
|
2013-03-08 10:50:33 +01:00
|
|
|
if (!to)
|
|
|
|
return log_oom();
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2012-05-31 12:40:20 +02:00
|
|
|
mkdir_parents_label(to, 0755);
|
2014-11-28 19:57:32 +01:00
|
|
|
if (symlink(from, to) < 0)
|
|
|
|
return log_error_errno(errno, "Failed to create symlink %s: %m", to);
|
2010-11-18 02:16:36 +01:00
|
|
|
|
|
|
|
free(to);
|
2011-04-20 00:45:22 +02:00
|
|
|
if (!nofail)
|
2016-10-23 17:43:27 +02:00
|
|
|
to = strjoin(arg_dest, "/cryptsetup.target.requires/", n);
|
2011-04-20 00:45:22 +02:00
|
|
|
else
|
2016-10-23 17:43:27 +02:00
|
|
|
to = strjoin(arg_dest, "/cryptsetup.target.wants/", n);
|
2013-03-08 10:50:33 +01:00
|
|
|
if (!to)
|
|
|
|
return log_oom();
|
2010-11-18 02:16:36 +01:00
|
|
|
|
2012-05-31 12:40:20 +02:00
|
|
|
mkdir_parents_label(to, 0755);
|
2014-11-28 19:57:32 +01:00
|
|
|
if (symlink(from, to) < 0)
|
|
|
|
return log_error_errno(errno, "Failed to create symlink %s: %m", to);
|
2012-05-21 17:22:36 +02:00
|
|
|
}
|
2010-11-12 03:04:10 +01:00
|
|
|
|
2013-03-25 23:49:13 +01:00
|
|
|
free(to);
|
2016-10-23 17:43:27 +02:00
|
|
|
to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n);
|
2013-03-08 10:50:33 +01:00
|
|
|
if (!to)
|
|
|
|
return log_oom();
|
2010-11-12 03:04:10 +01:00
|
|
|
|
2012-05-31 12:40:20 +02:00
|
|
|
mkdir_parents_label(to, 0755);
|
2014-11-28 19:57:32 +01:00
|
|
|
if (symlink(from, to) < 0)
|
|
|
|
return log_error_errno(errno, "Failed to create symlink %s: %m", to);
|
2010-11-12 03:04:10 +01:00
|
|
|
|
2013-03-01 15:13:43 +01:00
|
|
|
if (!noauto && !nofail) {
|
2014-09-28 03:05:41 +02:00
|
|
|
_cleanup_free_ char *dmname;
|
2016-10-23 17:43:27 +02:00
|
|
|
dmname = strjoin("dev-mapper-", e, ".device");
|
2014-09-28 03:05:41 +02:00
|
|
|
if (!dmname)
|
|
|
|
return log_oom();
|
|
|
|
|
|
|
|
r = write_drop_in(arg_dest, dmname, 90, "device-timeout",
|
2014-07-01 00:41:17 +02:00
|
|
|
"# Automatically generated by systemd-cryptsetup-generator \n\n"
|
|
|
|
"[Unit]\nJobTimeoutSec=0");
|
2014-11-28 18:23:20 +01:00
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Failed to write device drop-in: %m");
|
2013-03-01 15:13:43 +01:00
|
|
|
}
|
|
|
|
|
2013-03-08 10:50:33 +01:00
|
|
|
return 0;
|
2010-11-08 05:02:45 +01:00
|
|
|
}
|
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
static void free_arg_disks(void) {
|
|
|
|
crypto_device *d;
|
|
|
|
|
|
|
|
while ((d = hashmap_steal_first(arg_disks))) {
|
|
|
|
free(d->uuid);
|
2014-12-02 18:49:29 +01:00
|
|
|
free(d->keyfile);
|
2014-12-02 18:49:30 +01:00
|
|
|
free(d->name);
|
2014-12-02 18:49:28 +01:00
|
|
|
free(d->options);
|
|
|
|
free(d);
|
|
|
|
}
|
|
|
|
|
|
|
|
hashmap_free(arg_disks);
|
|
|
|
}
|
|
|
|
|
|
|
|
static crypto_device *get_crypto_device(const char *uuid) {
|
|
|
|
int r;
|
|
|
|
crypto_device *d;
|
|
|
|
|
|
|
|
assert(uuid);
|
|
|
|
|
|
|
|
d = hashmap_get(arg_disks, uuid);
|
|
|
|
if (!d) {
|
|
|
|
d = new0(struct crypto_device, 1);
|
|
|
|
if (!d)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
d->create = false;
|
2014-12-02 18:49:30 +01:00
|
|
|
d->keyfile = d->options = d->name = NULL;
|
2014-12-02 18:49:28 +01:00
|
|
|
|
|
|
|
d->uuid = strdup(uuid);
|
2016-10-17 00:28:30 +02:00
|
|
|
if (!d->uuid)
|
|
|
|
return mfree(d);
|
2014-12-02 18:49:28 +01:00
|
|
|
|
|
|
|
r = hashmap_put(arg_disks, d->uuid, d);
|
|
|
|
if (r < 0) {
|
|
|
|
free(d->uuid);
|
2016-10-17 00:28:30 +02:00
|
|
|
return mfree(d);
|
2014-12-02 18:49:28 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return d;
|
|
|
|
}
|
|
|
|
|
2016-10-22 20:24:52 +02:00
|
|
|
static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
|
2014-12-02 18:49:28 +01:00
|
|
|
_cleanup_free_ char *uuid = NULL, *uuid_value = NULL;
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
crypto_device *d;
|
|
|
|
int r;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
if (streq(key, "luks")) {
|
2014-03-06 17:05:55 +01:00
|
|
|
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
r = value ? parse_boolean(value) : 1;
|
2014-02-16 00:08:59 +01:00
|
|
|
if (r < 0)
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
log_warning("Failed to parse luks= kernel command line switch %s. Ignoring.", value);
|
2014-02-16 00:08:59 +01:00
|
|
|
else
|
|
|
|
arg_enabled = r;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
} else if (streq(key, "luks.crypttab")) {
|
2012-06-22 10:11:06 +02:00
|
|
|
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
r = value ? parse_boolean(value) : 1;
|
2014-02-16 00:08:59 +01:00
|
|
|
if (r < 0)
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
log_warning("Failed to parse luks.crypttab= kernel command line switch %s. Ignoring.", value);
|
2014-02-16 00:08:59 +01:00
|
|
|
else
|
|
|
|
arg_read_crypttab = r;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
} else if (streq(key, "luks.uuid")) {
|
|
|
|
|
|
|
|
if (proc_cmdline_value_missing(key, value))
|
|
|
|
return 0;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
d = get_crypto_device(startswith(value, "luks-") ? value+5 : value);
|
|
|
|
if (!d)
|
2014-02-16 00:08:59 +01:00
|
|
|
return log_oom();
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
d->create = arg_whitelist = true;
|
|
|
|
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
} else if (streq(key, "luks.options")) {
|
|
|
|
|
|
|
|
if (proc_cmdline_value_missing(key, value))
|
|
|
|
return 0;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
|
|
|
|
if (r == 2) {
|
|
|
|
d = get_crypto_device(uuid);
|
|
|
|
if (!d)
|
|
|
|
return log_oom();
|
|
|
|
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
free_and_replace(d->options, uuid_value);
|
2014-12-02 18:49:28 +01:00
|
|
|
} else if (free_and_strdup(&arg_default_options, value) < 0)
|
2014-02-16 00:08:59 +01:00
|
|
|
return log_oom();
|
2012-06-22 10:11:06 +02:00
|
|
|
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
} else if (streq(key, "luks.key")) {
|
|
|
|
|
|
|
|
if (proc_cmdline_value_missing(key, value))
|
|
|
|
return 0;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:29 +01:00
|
|
|
r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
|
|
|
|
if (r == 2) {
|
|
|
|
d = get_crypto_device(uuid);
|
|
|
|
if (!d)
|
|
|
|
return log_oom();
|
|
|
|
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
free_and_replace(d->keyfile, uuid_value);
|
2015-09-10 10:23:49 +02:00
|
|
|
} else if (free_and_strdup(&arg_default_keyfile, value) < 0)
|
2014-02-16 00:08:59 +01:00
|
|
|
return log_oom();
|
2013-08-18 08:59:00 +02:00
|
|
|
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
} else if (streq(key, "luks.name")) {
|
|
|
|
|
|
|
|
if (proc_cmdline_value_missing(key, value))
|
|
|
|
return 0;
|
2014-12-02 18:49:30 +01:00
|
|
|
|
|
|
|
r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
|
|
|
|
if (r == 2) {
|
|
|
|
d = get_crypto_device(uuid);
|
|
|
|
if (!d)
|
|
|
|
return log_oom();
|
|
|
|
|
|
|
|
d->create = arg_whitelist = true;
|
|
|
|
|
|
|
|
free(d->name);
|
|
|
|
d->name = uuid_value;
|
|
|
|
uuid_value = NULL;
|
|
|
|
} else
|
|
|
|
log_warning("Failed to parse luks name switch %s. Ignoring.", value);
|
2014-06-19 16:55:20 +02:00
|
|
|
}
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2013-03-08 10:50:33 +01:00
|
|
|
return 0;
|
2012-06-22 10:11:06 +02:00
|
|
|
}
|
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
static int add_crypttab_devices(void) {
|
|
|
|
struct stat st;
|
|
|
|
unsigned crypttab_line = 0;
|
2013-04-18 09:11:22 +02:00
|
|
|
_cleanup_fclose_ FILE *f = NULL;
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (!arg_read_crypttab)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
f = fopen("/etc/crypttab", "re");
|
|
|
|
if (!f) {
|
|
|
|
if (errno != ENOENT)
|
|
|
|
log_error_errno(errno, "Failed to open /etc/crypttab: %m");
|
|
|
|
return 0;
|
2010-11-08 05:02:45 +01:00
|
|
|
}
|
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (fstat(fileno(f), &st) < 0) {
|
|
|
|
log_error_errno(errno, "Failed to stat /etc/crypttab: %m");
|
|
|
|
return 0;
|
|
|
|
}
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
for (;;) {
|
|
|
|
int r, k;
|
|
|
|
char line[LINE_MAX], *l, *uuid;
|
|
|
|
crypto_device *d = NULL;
|
|
|
|
_cleanup_free_ char *name = NULL, *device = NULL, *keyfile = NULL, *options = NULL;
|
2011-08-01 20:52:18 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (!fgets(line, sizeof(line), f))
|
|
|
|
break;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
crypttab_line++;
|
2014-02-16 00:08:59 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
l = strstrip(line);
|
|
|
|
if (*l == '#' || *l == 0)
|
|
|
|
continue;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &keyfile, &options);
|
|
|
|
if (k < 2 || k > 4) {
|
|
|
|
log_error("Failed to parse /etc/crypttab:%u, ignoring.", crypttab_line);
|
|
|
|
continue;
|
|
|
|
}
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
uuid = startswith(device, "UUID=");
|
|
|
|
if (!uuid)
|
|
|
|
uuid = path_startswith(device, "/dev/disk/by-uuid/");
|
|
|
|
if (!uuid)
|
|
|
|
uuid = startswith(name, "luks-");
|
|
|
|
if (uuid)
|
|
|
|
d = hashmap_get(arg_disks, uuid);
|
2013-04-30 00:48:03 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (arg_whitelist && !d) {
|
|
|
|
log_info("Not creating device '%s' because it was not specified on the kernel command line.", name);
|
|
|
|
continue;
|
2013-04-30 00:48:03 +02:00
|
|
|
}
|
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
r = create_disk(name, device, keyfile, (d && d->options) ? d->options : options);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-04-30 00:48:03 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (d)
|
|
|
|
d->create = false;
|
|
|
|
}
|
2013-04-30 00:48:03 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
return 0;
|
|
|
|
}
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
static int add_proc_cmdline_devices(void) {
|
|
|
|
int r;
|
|
|
|
Iterator i;
|
|
|
|
crypto_device *d;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
HASHMAP_FOREACH(d, arg_disks, i) {
|
|
|
|
const char *options;
|
2014-12-02 18:49:30 +01:00
|
|
|
_cleanup_free_ char *device = NULL;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (!d->create)
|
|
|
|
continue;
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:30 +01:00
|
|
|
if (!d->name) {
|
|
|
|
d->name = strappend("luks-", d->uuid);
|
|
|
|
if (!d->name)
|
|
|
|
return log_oom();
|
|
|
|
}
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
device = strappend("UUID=", d->uuid);
|
|
|
|
if (!device)
|
|
|
|
return log_oom();
|
2013-08-18 08:59:00 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (d->options)
|
|
|
|
options = d->options;
|
|
|
|
else if (arg_default_options)
|
|
|
|
options = arg_default_options;
|
|
|
|
else
|
|
|
|
options = "timeout=0";
|
2014-02-16 00:08:59 +01:00
|
|
|
|
2014-12-02 18:49:30 +01:00
|
|
|
r = create_disk(d->name, device, d->keyfile ?: arg_default_keyfile, options);
|
2014-12-02 18:49:28 +01:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2010-11-08 05:02:45 +01:00
|
|
|
}
|
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
return 0;
|
|
|
|
}
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
int main(int argc, char *argv[]) {
|
2016-12-16 13:15:31 +01:00
|
|
|
int r;
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (argc > 1 && argc != 4) {
|
|
|
|
log_error("This program takes three or no arguments.");
|
|
|
|
return EXIT_FAILURE;
|
|
|
|
}
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (argc > 1)
|
|
|
|
arg_dest = argv[1];
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
log_set_target(LOG_TARGET_SAFE);
|
|
|
|
log_parse_environment();
|
|
|
|
log_open();
|
2013-03-01 11:33:14 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
umask(0022);
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
arg_disks = hashmap_new(&string_hash_ops);
|
2016-12-16 13:15:31 +01:00
|
|
|
if (!arg_disks) {
|
|
|
|
r = log_oom();
|
|
|
|
goto finish;
|
|
|
|
}
|
2013-08-18 08:59:00 +02:00
|
|
|
|
util-lib: various improvements to kernel command line parsing
This improves kernel command line parsing in a number of ways:
a) An kernel option "foo_bar=xyz" is now considered equivalent to
"foo-bar-xyz", i.e. when comparing kernel command line option names "-" and
"_" are now considered equivalent (this only applies to the option names
though, not the option values!). Most of our kernel options used "-" as word
separator in kernel command line options so far, but some used "_". With
this change, which was a source of confusion for users (well, at least of
one user: myself, I just couldn't remember that it's systemd.debug-shell,
not systemd.debug_shell). Considering both as equivalent is inspired how
modern kernel module loading normalizes all kernel module names to use
underscores now too.
b) All options previously using a dash for separating words in kernel command
line options now use an underscore instead, in all documentation and in
code. Since a) has been implemented this should not create any compatibility
problems, but normalizes our documentation and our code.
c) All kernel command line options which take booleans (or are boolean-like)
have been reworked so that "foobar" (without argument) is now equivalent to
"foobar=1" (but not "foobar=0"), thus normalizing the handling of our
boolean arguments. Specifically this means systemd.debug-shell and
systemd_debug_shell=1 are now entirely equivalent.
d) All kernel command line options which take an argument, and where no
argument is specified will now result in a log message. e.g. passing just
"systemd.unit" will no result in a complain that it needs an argument. This
is implemented in the proc_cmdline_missing_value() function.
e) There's now a call proc_cmdline_get_bool() similar to proc_cmdline_get_key()
that parses booleans (following the logic explained in c).
f) The proc_cmdline_parse() call's boolean argument has been replaced by a new
flags argument that takes a common set of bits with proc_cmdline_get_key().
g) All kernel command line APIs now begin with the same "proc_cmdline_" prefix.
h) There are now tests for much of this. Yay!
2016-12-12 18:29:15 +01:00
|
|
|
r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, PROC_CMDLINE_STRIP_RD_PREFIX);
|
2014-12-02 18:49:28 +01:00
|
|
|
if (r < 0) {
|
2016-12-16 13:15:31 +01:00
|
|
|
log_warning_errno(r, "Failed to parse kernel command line: %m");
|
|
|
|
goto finish;
|
2014-12-02 18:49:28 +01:00
|
|
|
}
|
2013-08-18 08:59:00 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (!arg_enabled) {
|
2016-12-16 13:15:31 +01:00
|
|
|
r = 0;
|
|
|
|
goto finish;
|
2010-11-08 05:02:45 +01:00
|
|
|
}
|
|
|
|
|
2016-12-16 13:15:31 +01:00
|
|
|
r = add_crypttab_devices();
|
|
|
|
if (r < 0)
|
|
|
|
goto finish;
|
2014-12-02 18:49:28 +01:00
|
|
|
|
2016-12-16 13:15:31 +01:00
|
|
|
r = add_proc_cmdline_devices();
|
|
|
|
if (r < 0)
|
|
|
|
goto finish;
|
2014-12-02 18:49:28 +01:00
|
|
|
|
2016-12-16 13:15:31 +01:00
|
|
|
r = 0;
|
2014-02-16 00:08:59 +01:00
|
|
|
|
2016-12-16 13:15:31 +01:00
|
|
|
finish:
|
2014-12-02 18:49:28 +01:00
|
|
|
free_arg_disks();
|
|
|
|
free(arg_default_options);
|
|
|
|
free(arg_default_keyfile);
|
2014-02-16 00:08:59 +01:00
|
|
|
|
2016-12-16 13:15:31 +01:00
|
|
|
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
|
2010-11-08 05:02:45 +01:00
|
|
|
}
|