6f177c7dc0 caused key file errors to immediately fail, which would make it hard to correct an issue due to e.g. a crypttab typo or a damaged key file.
Closes#11723.
First of all let's always log where the errors happen, and not in an
upper stackframe, in all cases. Previously we'd do this somethis one way
and sometimes another, which resulted in sometimes duplicate logging and
sometimes none.
When we cannot activate something due to bad password the kernel gives
us EPERM. Let's uniformly return this EAGAIN, so tha the next password
is tried. (previously this was done in most cases but not in all)
When we get EPERM let's also explicitly indicate that this probably
means the password is simply wrong.
Fixes: #11498
Ideally, coccinelle would strip unnecessary braces too. But I do not see any
option in coccinelle for this, so instead, I edited the patch text using
search&replace to remove the braces. Unfortunately this is not fully automatic,
in particular it didn't deal well with if-else-if-else blocks and ifdefs, so
there is an increased likelikehood be some bugs in such spots.
I also removed part of the patch that coccinelle generated for udev, where we
returns -1 for failure. This should be fixed independently.
Instead of
Please enter passphrase for disk <disk-name>!
use
Please enter passphrase for disk <disk-name>:
which is more polite and matches Plymouth convention.
This is a bit like the info link in most of GNU's --help texts, but we
don't do info but man pages, and we make them properly clickable on
terminal supporting that, because awesome.
I think it's generally advisable to link up our (brief) --help texts and
our (more comprehensive) man pages a bit, so this should be an easy and
straight-forward way to do it.
These lines are generally out-of-date, incomplete and unnecessary. With
SPDX and git repository much more accurate and fine grained information
about licensing and authorship is available, hence let's drop the
per-file copyright notice. Of course, removing copyright lines of others
is problematic, hence this commit only removes my own lines and leaves
all others untouched. It might be nicer if sooner or later those could
go away too, making git the only and accurate source of authorship
information.
This part of the copyright blurb stems from the GPL use recommendations:
https://www.gnu.org/licenses/gpl-howto.en.html
The concept appears to originate in times where version control was per
file, instead of per tree, and was a way to glue the files together.
Ultimately, we nowadays don't live in that world anymore, and this
information is entirely useless anyway, as people are very welcome to
copy these files into any projects they like, and they shouldn't have to
change bits that are part of our copyright header for that.
hence, let's just get rid of this old cruft, and shorten our codebase a
bit.
Files which are installed as-is (any .service and other unit files, .conf
files, .policy files, etc), are left as is. My assumption is that SPDX
identifiers are not yet that well known, so it's better to retain the
extended header to avoid any doubt.
I also kept any copyright lines. We can probably remove them, but it'd nice to
obtain explicit acks from all involved authors before doing that.
This macro will read a pointer of any type, return it, and set the
pointer to NULL. This is useful as an explicit concept of passing
ownership of a memory area between pointers.
This takes inspiration from Rust:
https://doc.rust-lang.org/std/option/enum.Option.html#method.take
and was suggested by Alan Jenkins (@sourcejedi).
It drops ~160 lines of code from our codebase, which makes me like it.
Also, I think it clarifies passing of ownership, and thus helps
readability a bit (at least for the initiated who know the new macro)
Let's rename escaped_name to disk_path since this is an actual content
that pointer refers to. It is either path to encrypted block device
or path to encrypted image file.
Also drop redundant function disk_major_minor(). src is always set, and
it always points to either encrypted block device path (or symlink to
such device) or to encrypted image. In case it is set to device path
there is no need to reset it to /dev/block/major:minor symlink since
those paths are equivalent.
Some ask-password agents (e.g. clevis-luks-askpass) use Id option from
/run/systemd/ask-password/ask* file in order to obtain the password for
the device.
Id option should be in the following format,
e.g. Id=subsystem:data. Where data part is supposed to identify object
that ask-password query is done for. Since
e51b9486d1 this field has format
Id=cryptsetup:/dev/block/major:minor when systemd-cryptsetup is
unlocking encrypted block device. However, crypttab also supports
encrypted image files in which case we usually set data part of Id to
"vol on mountpoint". This is unexpected and actually breaks network
based device encryption as implemented by clevis.
Example:
$ cat /etc/crypttab
clevis-unlocked /clevis-test-disk-image none luks,_netdev
$ systemctl start 'systemd-cryptsetup@clevis\x2dunlocked.service'
$ grep Id /run/systemd/ask-password/ask*
Before:
$ Id=cryptsetup:clevis-unlocked on /clevis-test-disk-image-mnt
After:
$ Id=cryptsetup:/clevis-test-disk-image
Also do not include libcryptsetup.h directly, but only through crypt-util.h.
This way we do not have to repeat the define in every file where it is used.
Allow cryptsetup utility to activate LUKS2 devices (with appropriate
libcryptsetup)
The change itself doesn't enforce new libcryptsetup 2.x and is backward
compatible with versions 1.x
When building without veracrypt, gcc warns
../src/cryptsetup/cryptsetup.c:55:13: warning: ‘arg_tcrypt_veracrypt’ defined but not used [-Wunused-variable]
static bool arg_tcrypt_veracrypt = false;
Fix this by conditionalizing the declaration.
This extends 2d79a0bbb9 to the kernel
command line parsing.
The parsing is changed a bit to only understand "0" as infinity. If units are
specified, parse normally, e.g. "0s" is just 0. This makes it possible to
provide a zero timeout if necessary.
Simple test is added.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1462378.
I think it's an antipattern to have to count the number of bytes in
the prefix by hand. We should do this automatically to avoid wasting
programmer time, and possible errors. I didn't any offsets that were
wrong, so this change is mostly to make future development easier.
It could be that our .service is being stopped precisely because the
device already disappeared (e.g. due to a manual `cryptsetup close`, or
due to UDisks2 cleaning up).
GLIB has recently started to officially support the gcc cleanup
attribute in its public API, hence let's do the same for our APIs.
With this patch we'll define an xyz_unrefp() call for each public
xyz_unref() call, to make it easy to use inside a
__attribute__((cleanup())) expression. Then, all code is ported over to
make use of this.
The new calls are also documented in the man pages, with examples how to
use them (well, I only added docs where the _unref() call itself already
had docs, and the examples, only cover sd_bus_unrefp() and
sd_event_unrefp()).
This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we
tend to call our destructors these days.
Note that this defines no public macro that wraps gcc's attribute and
makes it easier to use. While I think it's our duty in the library to
make our stuff easy to use, I figure it's not our duty to make gcc's own
features easy to use on its own. Most likely, client code which wants to
make use of this should define its own:
#define _cleanup_(function) __attribute__((cleanup(function)))
Or similar, to make the gcc feature easier to use.
Making this logic public has the benefit that we can remove three header
files whose only purpose was to define these functions internally.
See #2008.