From 53ac130b51dc8b57e2b8af6f279e0b887408a8c3 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 19 May 2020 17:48:50 +0200
Subject: [PATCH] cryptsetup: support tmp= file system argument

Let's catch up with Debian a bit more.

This also changes the default from ext2 to ext4.

Fixes: #952
---
 man/crypttab.xml                      | 19 +++++++++----------
 src/cryptsetup/cryptsetup-generator.c | 27 ++++++++++++++++++++-------
 src/cryptsetup/cryptsetup.c           |  4 ++--
 3 files changed, 31 insertions(+), 19 deletions(-)

diff --git a/man/crypttab.xml b/man/crypttab.xml
index 3942fe67f9..3170e5880f 100644
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -393,18 +393,17 @@
       </varlistentry>
 
       <varlistentry>
-        <term><option>tmp</option></term>
+        <term><option>tmp=</option></term>
 
-        <listitem><para>The encrypted block device will be prepared
-        for using it as <filename>/tmp</filename>; it will be
-        formatted using
-        <citerefentry project='man-pages'><refentrytitle>mke2fs</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
-        This option implies <option>plain</option>.</para>
+        <listitem><para>The encrypted block device will be prepared for using it as
+        <filename>/tmp/</filename>; it will be formatted using <citerefentry
+        project='man-pages'><refentrytitle>mkfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>. Takes
+        a file system type as argument, such as <literal>ext4</literal>, <literal>xfs</literal> or
+        <literal>btrfs</literal>. If no argument is specified defaults to <literal>ext4</literal>. This
+        option implies <option>plain</option>.</para>
 
-        <para>WARNING: Using the <option>tmp</option> option will
-        destroy the contents of the named partition during every boot,
-        so make sure the underlying block device is specified
-        correctly.</para></listitem>
+        <para>WARNING: Using the <option>tmp</option> option will destroy the contents of the named partition
+        during every boot, so make sure the underlying block device is specified correctly.</para></listitem>
       </varlistentry>
 
       <varlistentry>
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index 7974c19a44..2c341702dd 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -237,18 +237,18 @@ static int create_disk(
 
         _cleanup_free_ char *n = NULL, *d = NULL, *u = NULL, *e = NULL,
                 *keydev_mount = NULL, *keyfile_timeout_value = NULL,
-                *filtered = NULL, *u_escaped = NULL, *name_escaped = NULL, *header_path = NULL, *password_buffer = NULL;
+                *filtered = NULL, *u_escaped = NULL, *name_escaped = NULL, *header_path = NULL, *password_buffer = NULL,
+                *tmp_fstype = NULL;
         _cleanup_fclose_ FILE *f = NULL;
         const char *dmname;
-        bool noauto, nofail, tmp, swap, netdev, attach_in_initrd;
-        int r, detached_header, keyfile_can_timeout;
+        bool noauto, nofail, swap, netdev, attach_in_initrd;
+        int r, detached_header, keyfile_can_timeout, tmp;
 
         assert(name);
         assert(device);
 
         noauto = fstab_test_yes_no_option(options, "noauto\0" "auto\0");
         nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0");
-        tmp = fstab_test_option(options, "tmp\0");
         swap = fstab_test_option(options, "swap\0");
         netdev = fstab_test_option(options, "_netdev\0");
         attach_in_initrd = fstab_test_option(options, "x-initrd.attach\0");
@@ -261,6 +261,10 @@ static int create_disk(
         if (detached_header < 0)
                 return log_error_errno(detached_header, "Failed to parse header= option value: %m");
 
+        tmp = fstab_filter_options(options, "tmp\0", NULL, &tmp_fstype, NULL);
+        if (tmp < 0)
+                return log_error_errno(tmp, "Failed to parse tmp= option value: %m");
+
         if (tmp && swap)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                        "Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.",
@@ -371,10 +375,19 @@ static int create_disk(
         if (r < 0)
                 return r;
 
-        if (tmp)
+        if (tmp) {
+                _cleanup_free_ char *tmp_fstype_escaped = NULL;
+
+                if (tmp_fstype) {
+                        tmp_fstype_escaped = specifier_escape(tmp_fstype);
+                        if (!tmp_fstype_escaped)
+                                return log_oom();
+                }
+
                 fprintf(f,
-                        "ExecStartPost=" ROOTLIBEXECDIR "/systemd-makefs ext2 '/dev/mapper/%s'\n",
-                        name_escaped);
+                        "ExecStartPost=" ROOTLIBEXECDIR "/systemd-makefs '%s' '/dev/mapper/%s'\n",
+                        tmp_fstype_escaped ?: "ext4", name_escaped);
+        }
 
         if (swap)
                 fprintf(f,
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 8c3eafbd61..5886f86db6 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -78,7 +78,6 @@ STATIC_DESTRUCTOR_REGISTER(arg_pkcs11_uri, freep);
     loud
     quiet
     keyscript=
-    tmp= (the version without argument is supported)
     initramfs
 */
 
@@ -232,7 +231,8 @@ static int parse_one_option(const char *option) {
         } else if (STR_IN_SET(option, "tcrypt-veracrypt", "veracrypt")) {
                 arg_type = CRYPT_TCRYPT;
                 arg_tcrypt_veracrypt = true;
-        } else if (STR_IN_SET(option, "plain", "swap", "tmp"))
+        } else if (STR_IN_SET(option, "plain", "swap", "tmp") ||
+                   startswith(option, "tmp="))
                 arg_type = CRYPT_PLAIN;
         else if ((val = startswith(option, "timeout="))) {