Commit graph

307 commits

Author SHA1 Message Date
Martin Pitt 4eac277367 cryptsetup: Implement offset and skip options
These are useful for plain devices as they don't have any metadata by
themselves. Instead of using an unreliable hardcoded device name in crypttab
you can then put static metadata at the start of the partition for a stable
UUID or label.

https://bugs.freedesktop.org/show_bug.cgi?id=87717
https://bugs.debian.org/751707
https://launchpad.net/bugs/953875
2015-04-17 10:53:01 -05:00
Tom Gundersen 9a97aaae3b cryptsetup: port from libudev to sd-device 2015-04-02 00:18:27 +02:00
Zbigniew Jędrzejewski-Szmek 71e4e12584 cryptsetup-generator: remove warning about crypttab access mode
This file contains no privileged data — just names of devices to decrypt
and files containing keys. On a running system most of this can be inferred from
the device tree anyway.
2015-03-14 23:03:44 -04:00
Thomas Hindoe Paaboel Andersen 2eec67acbb remove unused includes
This patch removes includes that are not used. The removals were found with
include-what-you-use which checks if any of the symbols from a header is
in use.
2015-02-23 23:53:42 +01:00
Lennart Poettering 63c372cb9d util: rework strappenda(), and rename it strjoina()
After all it is now much more like strjoin() than strappend(). At the
same time, add support for NULL sentinels, even if they are normally not
necessary.
2015-02-03 02:05:59 +01:00
Martin Pitt 3f4d56a069 cryptsetup: only warn on real key files
Simplify the check from commit 05f73ad to only apply the warning to regular
files instead of enumerating device nodes.
2015-02-02 16:53:39 +01:00
Cristian Rodríguez 05f73ad22b cryptsetup: Do not warn If the key is /dev/*random
Using /dev/urandom as a key is valid for swap, do not
warn if this devices are world readable.
2015-02-02 16:41:31 +01:00
Zbigniew Jędrzejewski-Szmek b9f111b93f Support negated fstab options
We would ignore options like "fail" and "auto", and for any option
which takes a value the first assignment would win. Repeated and
options equivalent to the default are rarely used, but they have been
documented forever, and people might use them. Especially on the
kernel command line it is easier to append a repeated or negated
option at the end.
2015-01-11 23:41:41 -05:00
Zbigniew Jędrzejewski-Szmek a6dba97829 cryptsetup-generator: remove duplicated function 2015-01-11 23:41:41 -05:00
Andrey Chaser 7376e83528 cryptsetup: support header= option
https://bugs.freedesktop.org/show_bug.cgi?id=66396
2015-01-08 16:33:59 -05:00
Jan Janssen baade8cc23 cryptsetup-generator: Add support for naming luks devices on kernel cmdline 2014-12-05 01:29:45 +01:00
Jan Janssen 6cd5b12aa5 cryptsetup-generator: Add support for UUID-specific key files on kernel command line 2014-12-05 01:29:43 +01:00
Jan Janssen 0fa9e53d12 cryptsetup-generator: Split main() into more functions and use hasmaps 2014-12-05 01:27:00 +01:00
Michal Schmidt 4a62c710b6 treewide: another round of simplifications
Using the same scripts as in f647962d64 "treewide: yet more log_*_errno
+ return simplifications".
2014-11-28 19:57:32 +01:00
Michal Schmidt 56f64d9576 treewide: use log_*_errno whenever %m is in the format string
If the format string contains %m, clearly errno must have a meaningful
value, so we might as well use log_*_errno to have ERRNO= logged.

Using:
find . -name '*.[ch]' | xargs sed -r -i -e \
's/log_(debug|info|notice|warning|error|emergency)\((".*%m.*")/log_\1_errno(errno, \2/'

Plus some whitespace, linewrap, and indent adjustments.
2014-11-28 19:49:27 +01:00
Michal Schmidt 23bbb0de4e treewide: more log_*_errno + return simplifications 2014-11-28 18:24:30 +01:00
Michal Schmidt da927ba997 treewide: no need to negate errno for log_*_errno()
It corrrectly handles both positive and negative errno values.
2014-11-28 13:29:21 +01:00
Michal Schmidt 0a1beeb642 treewide: auto-convert the simple cases to log_*_errno()
As a followup to 086891e5c1 "log: add an "error" parameter to all
low-level logging calls and intrdouce log_error_errno() as log calls
that take error numbers", use sed to convert the simple cases to use
the new macros:

find . -name '*.[ch]' | xargs sed -r -i -e \
's/log_(debug|info|notice|warning|error|emergency)\("(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_\1_errno(-\4, "\2%m"\3);/'

Multi-line log_*() invocations are not covered.
And we also should add log_unit_*_errno().
2014-11-28 12:04:41 +01:00
Zbigniew Jędrzejewski-Szmek 8a52210c93 cryptsetup: default to no hash when keyfile is specified
For plain dm-crypt devices, the behavior of cryptsetup package is to
ignore the hash algorithm when a key file is provided. It seems wrong
to ignore a hash when it is explicitly specified, but we should default
to no hash if the keyfile is specified.

https://bugs.freedesktop.org/show_bug.cgi?id=52630
2014-11-24 09:14:18 -05:00
Lennart Poettering b5884878a2 util: simplify proc_cmdline() to reuse get_process_cmdline()
Also, make all parsing of the kernel cmdline non-fatal.
2014-11-07 01:19:56 +01:00
Harald Hoyer 3f85ef0f05 s/commandline/command line/g 2014-11-06 15:34:18 +01:00
Hugo Grostabussiat a6fb0dc138 cryptsetup: Fix timeout on dm device.
Fix a bug in systemd-cryptsetup-generator which caused the drop-in
setting the job timeout for the dm device unit to be written with a
name different than the unit name.

https://bugs.freedesktop.org/show_bug.cgi?id=84409
2014-10-24 02:14:49 +02:00
Lennart Poettering 0e2f14014c cryptsetup: fix an OOM check 2014-10-23 00:39:42 +02:00
Daniel Buch d6bc8348d5 readahead: wipe out readahead 2014-09-25 16:39:18 +02:00
Zbigniew Jędrzejewski-Szmek a2a5291b3f Reject invalid quoted strings
String which ended in an unfinished quote were accepted, potentially
with bad memory accesses.

Reject anything which ends in a unfished quote, or contains
non-whitespace characters right after the closing quote.

_FOREACH_WORD now returns the invalid character in *state. But this return
value is not checked anywhere yet.

Also, make 'word' and 'state' variables const pointers, and rename 'w'
to 'word' in various places. Things are easier to read if the same name
is used consistently.

mbiebl_> am I correct that something like this doesn't work
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"'
mbiebl_> systemd seems to strip of the quotes
mbiebl_> systemctl status shows
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS  $RootDir $MountPoint
mbiebl_> which is pretty weird
2014-07-31 04:00:31 -04:00
Karel Zak 7de80bfe2e Always check asprintf return code
There is a small number of the places in sources where we don't check
asprintf() return code and assume that after error the function
returns NULL pointer via the first argument. That's wrong, after
error the content of pointer is undefined.
2014-07-26 15:08:41 -04:00
Zbigniew Jędrzejewski-Szmek 8eea868708 cryptsetup: allow x-systemd.device-timeout
https://bugs.freedesktop.org/show_bug.cgi?id=54210
2014-06-30 18:41:17 -04:00
Lennart Poettering bde29068aa cryptsetup: don't add unit dependency on /dev/null devices when it is listed as password file
As special magic, don't create device dependencies for /dev/null. Of
course, there might be similar devices we might want to include, but
given that none of them really make sense to specify as password source
there's really no point in checking for anything else here.

https://bugs.freedesktop.org/show_bug.cgi?id=75816
2014-06-23 19:18:44 +02:00
Lennart Poettering 8501384436 stop complaining about unknown kernel cmdline options
Also stop warning about unknown kernel cmdline options in the various
tools, not just in PID 1
2014-06-19 16:55:20 +02:00
Lennart Poettering 9542239eaf cryptsetup: introduce new cryptsetup-pre.traget unit so that services can make sure they are started before and stopped after any LUKS setup
https://bugzilla.redhat.com/show_bug.cgi?id=1097938
2014-06-18 00:09:46 +02:00
Thomas Hindoe Paaboel Andersen f268f57f63 cryptsetup: check that password is not null
Beef up the assert to protect against passing null to strlen.

Found with scan-build.
2014-06-13 00:30:40 +02:00
David Härdeman 6131a78b4d Fix keysize handling in cryptsetup (bits vs. bytes)
The command line key-size is in bits but the libcryptsetup API expects bytes.

Note that the modulo 8 check is in the original cryptsetup binary as well, so
it's no new limitation.

(v2: changed the point at which the /= 8 is performed, rebased, removed tabs)
2014-04-24 09:23:57 +02:00
David Härdeman 9fa1de965a Add more password agent information
Add an (optional) "Id" key in the password agent .ask files. The Id is
supposed to be a simple string in "<subsystem>:<target>" form which
is used to provide more information on what the requested passphrase
is to be used for (which e.g. allows an agent to only react to cryptsetup
requests).

(v2: rebased, fixed indentation, escape name, use strappenda)
2014-04-24 09:23:54 +02:00
Matthew Monaco 66aaf85e17 cryptsetup: copy value, not key for (rd.)luks.key 2014-04-19 23:38:14 -04:00
Lennart Poettering ac1a87b9f2 cryptsetup: minor typo fix 2014-03-24 23:46:13 +01:00
Lennart Poettering f75cac3746 cryptsetup: call static variables parsed from command line arg_XYZ like in all other tools 2014-03-13 00:46:58 +01:00
Lennart Poettering c3834f9b88 generators: add Documentation= fields that point to the generator man pages 2014-03-06 18:48:22 +01:00
Lennart Poettering 059cb3858a util: move more intellegince into parse_proc_cmdline()
Already split variable assignments before invoking the callback. And
drop "rd." settings if we are not in an initrd.
2014-03-06 18:48:22 +01:00
Lennart Poettering 744198e925 cryptsetup: some fixes 2014-03-06 04:00:42 +01:00
Zbigniew Jędrzejewski-Szmek 141a79f491 Extract looping over /proc/cmdline into a shared function
In cryptsetup-generator automatic cleanup had to be replaced
with manual cleanup, and the code gets a bit longer. But existing
code had the issue that it returned negative values from main(),
which was wrong, so should be reworked anyway.
2014-02-17 02:26:22 -05:00
Dave Reisner 66a5dbdf28 cryptsetup-generator: auto add deps for device as password
If the password is a device file, we can add Requires/After dependencies
on the device rather than requiring the user to do so.
2014-02-08 13:53:02 -05:00
Christian Seiler b4a11878f2 cryptsetup: Support key-slot option
Debian recently introduced the option key-slot to /etc/crypttab to
specify the LUKS key slot to be used for decrypting the device. On
systems where a keyfile is used and the key is not in the first slot,
this can speed up the boot process quite a bit, since cryptsetup does
not need to try all of the slots sequentially. (Unsuccessfully testing
a key slot typically takes up to about 1 second.)

This patch makes systemd aware of this option.

Debian bug that introduced the feature:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704470
2014-01-26 13:24:01 +01:00
Lennart Poettering 74df0fca09 util: unify reading of /proc/cmdline
Instead of individually checking for containers in each user do this
once in a new call proc_cmdline() that read the file only if we are not
in a container.
2013-11-06 03:15:16 +01:00
Zbigniew Jędrzejewski-Szmek 1ca208fb4f Introduce udev object cleanup functions 2013-10-13 17:56:55 -04:00
Zbigniew Jędrzejewski-Szmek 5862d652ba Introduce _cleanup_endmntent_ 2013-10-03 22:13:55 -04:00
Lennart Poettering 4b93637fd7 cryptsetup: fix OOM handling when parsing mount options 2013-10-02 19:45:12 +02:00
Andrey Borzenkov 4469ff4ade set IgnoreOnIsolate=true for systemd-cryptsetup@.service
When crypttab contains noauto, cryptsetup service does not have any
explicit dependencies. If service is started later manually (directly or via
mount dependency) it will be stopped on isolate.

mount units already have IgnoreOnIsolate set by default. Set it by
default for cryptsetup units as well.
2013-09-29 20:36:59 +02:00
Eelco Dolstra a0f708053b Fix obsolete references to systemd-random-seed-load.service
This service was merged with systemd-random-seed-save.service in
c35b956d34.
2013-09-23 11:41:30 +02:00
Tom Gundersen 7ab064a6d6 cryptsetup-generator: allow specifying options in /proc/cmdline
The main usecase for this is to make it possible to use cryptsetup in
the initrd without it having to include a host-specific /etc/crypttab.

Tested-by: Thomas Bächler <thomas@archlinux.org>
2013-09-13 11:52:14 +02:00
Tom Gundersen 8c11d3c1b5 cryptsetup-generator: don't create tmp+swap units 2013-09-13 11:52:14 +02:00
Thomas Bächler 404dac4d96 cryptsetup: Retry indefinitely if tries=0 option has been set.
When running from initrd, entering a wrong passphrase usually means that
you cannot boot. Therefore, we allow trying indefinitely.
2013-09-11 17:44:33 +02:00
Ondrej Balaz 1acbb95c2b systemd-cryptsetup: makes “discard” a synonym for “allow-discards”
systemd-cryptsetup recognizes option 'allow-discards' in /etc/crypttab
to enable TRIM passthrough to underlying encrypted device. In Debian
this option was changed to 'discard' to avoid hyphen in option name.
(see: #648868 and `man crypttab`).

[zj: update crypttab(5) too, making "discard" the default.]
2013-08-14 22:54:07 -04:00
Jan Janssen 8cf3ca8068 cryptsetup: Add tcrypt support
Tcrypt uses a different approach to passphrases/key files. The
passphrase and all key files are incorporated into the "password"
to open the volume. So, the idea of slots that provide a way to
open the volume with different passphrases/key files that are
independent from each other like with LUKS does not apply.

Therefore, we use the key file from /etc/crypttab as the source
for the passphrase. The actual key files that are combined with
the passphrase into a password are provided as a new option in
/etc/crypttab and can be given multiple times if more than one
key file is used by a volume.
2013-07-16 01:24:31 +02:00
Jan Janssen 10fb4e35fd cryptsetup: Move attaching of the device out of main 2013-07-16 01:24:28 +02:00
Jan Janssen e7d90b7127 cryptsetup: Move password query out of main
Also use _cleanup_free_ where possible.
2013-07-16 01:24:24 +02:00
Lennart Poettering 2b68185ac9 cryptsetup: downgrade world-writable warning again
This semi-reverts 8973790ee6.
2013-05-03 15:25:44 +02:00
Lennart Poettering 5f1dac6bf6 cryptsetup: warn if keyfiles are world-readable 2013-04-30 08:36:01 -03:00
Lennart Poettering 8973790ee6 cryptsetup: warn if /etc/crypttab is world-readable 2013-04-30 08:36:01 -03:00
Zbigniew Jędrzejewski-Szmek c79bb9e4e2 Standarize on one spelling of symlink error message
It's polite to print the name of the link that wasn't created,
and it makes little sense to print the target.
2013-04-24 00:25:04 -04:00
Lukas Nykryn 5a8e217859 crypt-setup-generator: correctly check return of strdup 2013-04-19 10:10:41 -04:00
Harald Hoyer 8d768d9962 cryptsetup: ask for password, if key file cannot be accessed
If the key file cannot be accessed, we can at least ask for the
password.
2013-04-18 22:17:13 +02:00
Harald Hoyer 7fd1b19bc9 move _cleanup_ attribute in front of the type
http://lists.freedesktop.org/archives/systemd-devel/2013-April/010510.html
2013-04-18 09:11:22 +02:00
Harald Hoyer 951657bd0a cryptsetup-generator: add support for rd.luks.key=
Also clarify rd.luks.uuid and luks.uuid in the manual.

https://bugzilla.redhat.com/show_bug.cgi?id=905683
2013-04-18 02:45:01 +02:00
Harald Hoyer 49714341c3 cryptsetup: set the timeout to 0 by default
cryptsetup itself has no timeout as default from the beginning. So the
default timeout has been "0" from the beginning.

https://bugzilla.redhat.com/show_bug.cgi?id=949702
2013-04-18 02:19:46 +02:00
Zbigniew Jędrzejewski-Szmek b92bea5d2a Use initalization instead of explicit zeroing
Before, we would initialize many fields twice: first
by filling the structure with zeros, and then a second
time with the real values. We can let the compiler do
the job for us, avoiding one copy.

A downside of this patch is that text gets slightly
bigger. This is because all zero() calls are effectively
inlined:

$ size build/.libs/systemd
         text    data     bss     dec     hex filename
before 897737  107300    2560 1007597   f5fed build/.libs/systemd
after  897873  107300    2560 1007733   f6075 build/.libs/systemd

… actually less than 1‰.

A few asserts that the parameter is not null had to be removed. I
don't think this changes much, because first, it is quite unlikely
for the assert to fail, and second, an immediate SEGV is almost as
good as an assert.
2013-04-05 19:50:57 -04:00
Harald Hoyer 68395007f3 cryptsetup-generator: add JobTimeoutSec=0 for the decrypted crypt devices
The password query for a crypto device currently times out after 90s,
which is too short to grab a cup of coffee when a machine boots	up.

The resulting decrypted device /dev/mapper/luks-<uuid> might not
be a mountpoint (but part of a LVM PV or raid array)
and therefore the timeout cannot be controlled by the settings
in /etc/fstab. For this reason this device should not carry its own timeout.

Also the encrypted device /dev/disk/by-*/* already has a timeout and
additionally the timeout for the password query is set in /etc/crypttab.

This patch disables the timeout of the resulting decrypted devices by creating
<device-unit>.d/50-job-timeout-sec-0.conf files with "JobTimeoutSec=0".
2013-04-04 17:40:09 +02:00
Lennart Poettering 7f602784de util: rename parse_usec() to parse_sec() sinds the default unit is seconds
Internally we store all time values in usec_t, however parse_usec()
actually was used mostly to parse values in seconds (unless explicit
units were specified to define a different unit). Hence, be clear about
this and name the function about what we pass into it, not what we get
out of it.
2013-04-03 20:12:57 +02:00
Thomas Weißschuh ceca950145 cryptsetup: add RequiresMountsFor for keyfile
This ensures that the keyfile is available during the opening of the encrypted
device.

Also dropped the explicit ordering Before=local-fs.target, as the containers
are ordered implicitly by their content.
2013-04-01 00:37:48 -04:00
Thomas Weißschuh 9ece938a67 cryptsetup: RequiresMountsFor if source is a file
Fixes: https://bugzilla.novell.com/show_bug.cgi?id=730496
       https://bugs.freedesktop.org/show_bug.cgi?id=60821
2013-04-01 00:37:48 -04:00
Lennart Poettering 74b1c37174 cryptsetup: when prompting for password use GPT partition label
If there's a GPT partition label set for a LUKS partition, then it's
nicer to show that than the model number, when asking for a passphrase.
2013-03-26 15:24:44 +01:00
Lennart Poettering e32530cbef cryptsetup-generator: let's be a bit more efficient with strv_extend() 2013-03-25 23:51:32 +01:00
Lennart Poettering 608d41f355 cryptsetup-generator: add a missing OOM check 2013-03-25 23:49:13 +01:00
Harald Hoyer 24a988e9aa cryptsetup-generator: use _cleanup_ where possible 2013-03-13 09:18:30 +01:00
Harald Hoyer e2cb60fa97 cryptsetup-generator: fix the kernel command line strategy for luks.uuid
If rd.luks.uuid or luks.uuid is specified on the kernel command, only
generate units for these UUIDs. Additionally use the information in
/etc/crypttab unless rd.luks.crypttab=0 or luks.crypttab=0 is specified.
2013-03-01 15:05:28 +01:00
Harald Hoyer a860325e7e added some missing include for a5c32cff1f 2013-02-14 16:37:31 +01:00
Michal Schmidt 18cf1a1be5 cryptsetup: accept both "read-only" and "readonly" spellings
Mukund Sivaraman pointed out that cryptsetup(5) mentions the "read-only"
option, while the code understands "readonly".

We could just fix the manpage, but for consistency in naming of
multi-word options it would be prettier to have "read-only". So let's
accept both spellings.

BZ: https://bugzilla.redhat.com/show_bug.cgi?id=903463
2013-01-31 19:57:56 +01:00
Michal Schmidt 1cda32b8a2 cryptsetup-generator: state file name in error messages 2012-11-23 14:19:30 +01:00
Michal Schmidt 74576bea7a cryptsetup-generator: use log_oom() everywhere 2012-11-23 14:19:30 +01:00
Tom Gundersen adc40dc2f6 cryptsetup: fix nofail support
This was documented in the man page and supported in the generator,
but systemd-cryptestup itself would fail with this option.

systemd-cryptsetup should ignore 'nofail', as it does with 'noauto'.
2012-11-21 12:53:28 +01:00
Dave Reisner 8db9d8c2a4 cryptsetup: fix inverted comparison in pass_volume_key 2012-11-06 10:18:10 -05:00
Dave Reisner 65343c7494 cryptsetup: hash=plain means don't use a hash
"plain" is a semantic value that cryptsetup(8) uses to describe a plain
dm-crypt volume that does not use a hash. Catch this value earlier and
ensure that a NULL params.hash is passed to crypt_format to avoid
passing an invalid hash type to the libcryptsetup backend.

FDO bug #56593.
2012-11-06 09:53:00 -05:00
Lennart Poettering 64825d3c58 fix a couple of issues found with llvm-analyze 2012-08-08 23:54:21 +02:00
Tom Gundersen 4271d8235f cryptsetup: add keyfile-size= support
This is useful e.g. if the keyfile is a raw device, where only parts of it
should be read. It is typically used whenever the keyfile-offset= option is
specified.

Tested-by: Erik Westrup <erik.westrup@gmail.com>
2012-08-03 20:49:55 +02:00
Shawn Landden 0d0f0c50d3 log.h: new log_oom() -> int -ENOMEM, use it
also a number of minor fixups and bug fixes: spelling, oom errors
that didn't print errors, not properly forwarding error codes,
few more consistency issues, et cetera
2012-07-26 11:48:26 +02:00
Shawn Landden 669241a076 use "Out of memory." consistantly (or with "\n")
glibc/glib both use "out of memory" consistantly so maybe we should
consider that instead of this.

Eliminates one string out of a number of binaries. Also fixes extra newline
in udev/scsi_id
2012-07-25 11:23:57 +02:00
Lennart Poettering 7f2cddae09 unit: rename BindTo= to BindsTo=
all other dependencies are in 3rd person. Change BindTo= accordingly to
BindsTo=.

Of course, the dependency is widely used, hence we parse the old name
too for compatibility.
2012-07-13 23:34:40 +02:00
Lennart Poettering b7def68494 util: rename join() to strjoin()
This is to match strappend() and the other string related functions.
2012-07-13 13:41:01 +02:00
Tom Gundersen 880a599e26 cryptsetup: add keyfile-offset= support
This is useful if your keyfile is a block device, and you want to
use a specific part of it, such as an area between the MBR and the
first partition.

This feature is documented in the Arch wiki[0], and has been supported
by the Arch initscripts, so would be nice to get this into systemd.

This requires libcryptsetup >= 1.4.2 (released 12.4.2012).

Acked-by: Paul Menzel <paulepanter@users.sourceforge.net>

[0]:
<https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS#
Storing_the_key_between_MBR_and_1st_partition>
2012-07-09 22:07:52 +02:00
Lennart Poettering 1c7327004a man: add reference to crypttab(5) from cryptsetup units 2012-06-27 13:24:13 +02:00
Lennart Poettering d0d6944cdc man: document systemd-cryptsetup 2012-06-27 12:19:35 +02:00
Lennart Poettering 35eb6b124e cryptsetup: fix escaping when generating cryptsetup units 2012-06-25 20:16:15 +02:00
Lennart Poettering 6d37ea8a8e units: rename cryptsetup@.service to systemd-cryptsetup@.service
It's also our own code, hence should have the prefix.
2012-06-25 14:28:50 +02:00
Lennart Poettering 66a78c2b95 cryptsetup: allow configuration of LUKS disks via the kernel cmdline
This generalizes a bit of the functionality already available in dracut.
2012-06-22 10:11:06 +02:00
Kay Sievers d2e54fae5c mkdir: append _label to all mkdir() calls that explicitly set the selinux context 2012-05-31 12:40:20 +02:00
Lennart Poettering 07719a21b6 manager: rework generator logic
Previously generated units were always placed at the end of the search
path. With this change there will be three unit dirs instead of one, to
place generated entries at the beginning, in the middle and at the end
of the search path:

beginning: for units that need to override all configuration, regardless
of user or vendor. Example use: system-update-generator uses this to
temporarily redirect default.target.

middle: for units that need to override vendor configuration, but not
vendor configuration. Example use: /etc/fstab should override vendor
supplied configuration (think /tmp), but should not override native user
configuration.

end: does not override anything but is available as well. Possible usage
might be to convert D-Bus bus service files to native units but allowing
vendor supplied native units to win.
2012-05-23 03:43:29 +02:00
Lennart Poettering 1b64d026af units: remove service sysv_path variable and replace it by generic unit_path
UnitPath= is also writable via native units and may be used by generators
to clarify from which file a unit is generated. This patch also hooks up
the cryptsetup and fstab generators to set UnitPath= accordingly.
2012-05-22 23:08:24 +02:00
Lennart Poettering a690306153 log: make sure generators never log into the journal to avoid activation deadlocks
This makes all generators log to kmsg by default.
2012-05-22 22:00:37 +02:00
Lennart Poettering 6b1dc2bd3c mount: replace PID1 internal fstab parser with generator
Bit by bit we should remove non-unit parsing from PID 1 and move into
generators, to clean up our code base a bit and clearly separate
parsers.
2012-05-22 19:25:17 +02:00
Matthew Monaco 2a2aab602e cryptsetup: support discards (TRIM) 2012-05-21 17:28:06 +02:00
Lennart Poettering f7f21d33db cryptsetup: a few simplifications 2012-05-21 17:22:40 +02:00
Kay Sievers 9eb977db5b util: split-out path-util.[ch] 2012-05-08 02:33:10 +02:00
Lennart Poettering e0295d2651 mount: don't fail if fstab doesn't exist 2012-04-22 15:33:43 +02:00
Lennart Poettering 5430f7f2bc relicense to LGPLv2.1 (with exceptions)
We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.

Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.

The bits that used to be MIT continue to be MIT.

The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
2012-04-12 00:24:39 +02:00
Kay Sievers 49e942b2bc rename basic.la to shared.la and put selinux deps in shared-selinx.la
Only 34 of 74 tools need libselinux linked, and libselinux is a pain
with its unconditional library constructor.
2012-04-10 22:43:05 +02:00
Lennart Poettering 4cfa2c999d core: switch all log targets to go directly to the journal, instead via syslog 2012-01-12 05:09:06 +01:00
Lennart Poettering 2f9dec073b build-sys: add stub makefiles to subdirs 2012-01-05 16:29:21 +01:00
Lennart Poettering b4d0195b05 cryptsetup: split off cryptsetup into its own subdir 2012-01-03 21:08:57 +01:00