From 220431724b9c5582db7c4f21e95b4bd712e3627a Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 17 Sep 2020 17:27:48 +0200 Subject: [PATCH 1/5] dissect: three trivial fixes Uppercase first char of log message, and indicate correct program name. Reindent comment table at one place. Use correct, specific, enum type at one more place. --- src/shared/dissect-image.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 2b76bcd17a..8bfbaba5ae 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -1466,7 +1466,8 @@ static int verity_partition( verity->root_hash_sig_size, CRYPT_ACTIVATE_READONLY); #else - r = log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "activation of verity device with signature requested, but not supported by cryptsetup due to missing crypt_activate_by_signed_key()"); + r = log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), + "Activation of verity device with signature requested, but not supported by %s due to missing crypt_activate_by_signed_key().", program_invocation_short_name); #endif } else r = sym_crypt_activate_by_volume_key( @@ -1483,10 +1484,10 @@ static int verity_partition( if (r == -EINVAL && FLAGS_SET(flags, DISSECT_IMAGE_VERITY_SHARE)) return verity_partition(m, v, verity, flags & ~DISSECT_IMAGE_VERITY_SHARE, d); if (!IN_SET(r, - 0, /* Success */ + 0, /* Success */ -EEXIST, /* Volume is already open and ready to be used */ - -EBUSY, /* Volume is being opened but not ready, crypt_init_by_name can fetch details */ - -ENODEV /* Volume is being opened but not ready, crypt_init_by_name would fail, try to open again */)) + -EBUSY, /* Volume is being opened but not ready, crypt_init_by_name can fetch details */ + -ENODEV /* Volume is being opened but not ready, crypt_init_by_name would fail, try to open again */)) return r; if (IN_SET(r, -EEXIST, -EBUSY)) { struct crypt_device *existing_cd = NULL; @@ -1588,7 +1589,7 @@ int dissected_image_decrypt( for (PartitionDesignator i = 0; i < _PARTITION_DESIGNATOR_MAX; i++) { DissectedPartition *p = m->partitions + i; - int k; + PartitionDesignator k; if (!p->found) continue; From 74cb2db9f403dfe17cabc6dac48b0f49a84eb03f Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 17 Sep 2020 17:32:34 +0200 Subject: [PATCH 2/5] dissect: always invalidate secondary arch partitions if we found primary arch Let's suppress the secondary arch data, since we never ever want to mount it if we found the primary arch. Previously we only suppressed in the Verity case, but there's little reason to entertain the idea of a secondary arch in non-Verity environments either, we are not going to use them, and should not do decryption or anything like that. --- src/shared/dissect-image.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 8bfbaba5ae..e7e05a5de6 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -793,7 +793,12 @@ int dissect_image( } } - if (!m->partitions[PARTITION_ROOT].found) { + if (m->partitions[PARTITION_ROOT].found) { + /* If we found the primary arch, then invalidate the secondary arch to avoid any ambiguities, + * since we never want to mount the secondary arch in this case. */ + m->partitions[PARTITION_ROOT_SECONDARY].found = false; + m->partitions[PARTITION_ROOT_SECONDARY_VERITY].found = false; + } else { /* No root partition found? Then let's see if ther's one for the secondary architecture. And if not * either, then check if there's a single generic one, and use that. */ @@ -848,12 +853,6 @@ int dissect_image( if (!m->partitions[PARTITION_ROOT_VERITY].found || !m->partitions[PARTITION_ROOT].found) return -EADDRNOTAVAIL; - /* If we found the primary root with the hash, then we definitely want to suppress any secondary root - * (which would be weird, after all the root hash should only be assigned to one pair of - * partitions... */ - m->partitions[PARTITION_ROOT_SECONDARY].found = false; - m->partitions[PARTITION_ROOT_SECONDARY_VERITY].found = false; - /* If we found a verity setup, then the root partition is necessarily read-only. */ m->partitions[PARTITION_ROOT].rw = false; From 3afda7c7976c25db786948a961873fa5c2c8e0e9 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 17 Sep 2020 17:24:33 +0200 Subject: [PATCH 3/5] dissect: is_loop_device() returns negative on error, don't mistake that is true --- src/shared/dissect-image.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index e7e05a5de6..2c339e38b8 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -1033,7 +1033,7 @@ static int mount_partition( /* If requested, turn on discard support. */ if (fstype_can_discard(fstype) && ((flags & DISSECT_IMAGE_DISCARD) || - ((flags & DISSECT_IMAGE_DISCARD_ON_LOOP) && is_loop_device(m->node)))) { + ((flags & DISSECT_IMAGE_DISCARD_ON_LOOP) && is_loop_device(m->node) > 0))) { options = strdup("discard"); if (!options) return -ENOMEM; From 943443854311c0f8954735f6ebfd50cdbd455e0c Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 17 Sep 2020 16:56:09 +0200 Subject: [PATCH 4/5] dissect: use structured initialization, it's prettier --- src/shared/dissect-image.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 2c339e38b8..b704268db2 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -1321,9 +1321,10 @@ static int decrypt_partition( return r == -EPERM ? -EKEYREJECTED : r; } - d->decrypted[d->n_decrypted].name = TAKE_PTR(name); - d->decrypted[d->n_decrypted].device = TAKE_PTR(cd); - d->n_decrypted++; + d->decrypted[d->n_decrypted++] = (DecryptedPartition) { + .name = TAKE_PTR(name), + .device = TAKE_PTR(cd), + }; m->decrypted_node = TAKE_PTR(node); @@ -1540,9 +1541,10 @@ static int verity_partition( /* Everything looks good and we'll be able to mount the device, so deferred remove will be re-enabled at that point. */ restore_deferred_remove = mfree(restore_deferred_remove); - d->decrypted[d->n_decrypted].name = TAKE_PTR(name); - d->decrypted[d->n_decrypted].device = TAKE_PTR(cd); - d->n_decrypted++; + d->decrypted[d->n_decrypted++] = (DecryptedPartition) { + .name = TAKE_PTR(name), + .device = TAKE_PTR(cd), + }; m->decrypted_node = TAKE_PTR(node); From 4f309abb3e91d001b79deb79732f8032e5025be0 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 17 Sep 2020 17:52:00 +0200 Subject: [PATCH 5/5] dissect: show partition output even if os-release is missing It's just too useful to immediately see with "systemd-dissect" what "systemd-repart" generated for us without having to populate it with /etc/os-release. Hence let's log a message if /etc/os-release is missing, but proceed otherwise and show the partition table. --- src/dissect/dissect.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/src/dissect/dissect.c b/src/dissect/dissect.c index 14cdad82b5..dd80e86fee 100644 --- a/src/dissect/dissect.c +++ b/src/dissect/dissect.c @@ -369,11 +369,11 @@ static int action_dissect(DissectedImage *m, LoopDevice *d) { r = dissected_image_acquire_metadata(m); if (r == -ENXIO) return log_error_errno(r, "No root partition discovered."); - if (r == -EMEDIUMTYPE) - return log_error_errno(r, "Not a valid OS image, no os-release file included."); if (r == -EUCLEAN) return log_error_errno(r, "File system check of image failed."); - if (r == -EUNATCH) + if (r == -EMEDIUMTYPE) + log_warning_errno(r, "Not a valid OS image, no os-release file included. Proceeding anyway."); + else if (r == -EUNATCH) log_warning_errno(r, "OS image is encrypted, proceeding without showing OS image metadata."); else if (r == -EBUSY) log_warning_errno(r, "OS image is currently in use, proceeding without showing OS image metadata."); @@ -403,9 +403,13 @@ static int action_dissect(DissectedImage *m, LoopDevice *d) { p == m->os_release ? "OS Release:" : " ", *p, *q); } - } - if (arg_json) { + if (m->hostname || + !sd_id128_is_null(m->machine_id) || + !strv_isempty(m->machine_info) || + !strv_isempty(m->os_release)) + putc('\n', stdout); + } else { _cleanup_(json_variant_unrefp) JsonVariant *mi = NULL, *osr = NULL; if (!strv_isempty(m->machine_info)) { @@ -431,9 +435,6 @@ static int action_dissect(DissectedImage *m, LoopDevice *d) { return log_oom(); } - if (!arg_json) - putc('\n', stdout); - t = table_new("rw", "designator", "partition uuid", "fstype", "architecture", "verity", "node", "partno"); if (!t) return log_oom();