2010-11-08 05:02:45 +01:00
|
|
|
/***
|
|
|
|
This file is part of systemd.
|
|
|
|
|
|
|
|
Copyright 2010 Lennart Poettering
|
|
|
|
|
|
|
|
systemd is free software; you can redistribute it and/or modify it
|
2012-04-12 00:20:58 +02:00
|
|
|
under the terms of the GNU Lesser General Public License as published by
|
|
|
|
the Free Software Foundation; either version 2.1 of the License, or
|
2010-11-08 05:02:45 +01:00
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
systemd is distributed in the hope that it will be useful, but
|
|
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
2012-04-12 00:20:58 +02:00
|
|
|
Lesser General Public License for more details.
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2012-04-12 00:20:58 +02:00
|
|
|
You should have received a copy of the GNU Lesser General Public License
|
2010-11-08 05:02:45 +01:00
|
|
|
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
***/
|
|
|
|
|
|
|
|
#include <errno.h>
|
|
|
|
|
2015-10-27 03:01:06 +01:00
|
|
|
#include "alloc-util.h"
|
2014-12-02 18:49:28 +01:00
|
|
|
#include "dropin.h"
|
2015-10-25 13:14:12 +01:00
|
|
|
#include "fd-util.h"
|
2015-10-26 18:05:03 +01:00
|
|
|
#include "fileio.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "fstab-util.h"
|
2014-12-02 18:49:28 +01:00
|
|
|
#include "generator.h"
|
|
|
|
#include "hashmap.h"
|
2010-11-08 05:02:45 +01:00
|
|
|
#include "log.h"
|
2012-04-10 21:54:31 +02:00
|
|
|
#include "mkdir.h"
|
2015-10-26 16:18:16 +01:00
|
|
|
#include "parse-util.h"
|
2014-06-23 19:18:44 +02:00
|
|
|
#include "path-util.h"
|
2015-10-27 00:06:29 +01:00
|
|
|
#include "proc-cmdline.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "string-util.h"
|
2014-12-02 18:49:28 +01:00
|
|
|
#include "strv.h"
|
|
|
|
#include "unit-name.h"
|
|
|
|
#include "util.h"
|
|
|
|
|
|
|
|
typedef struct crypto_device {
|
|
|
|
char *uuid;
|
2014-12-02 18:49:29 +01:00
|
|
|
char *keyfile;
|
2014-12-02 18:49:30 +01:00
|
|
|
char *name;
|
2014-12-02 18:49:28 +01:00
|
|
|
char *options;
|
|
|
|
bool create;
|
|
|
|
} crypto_device;
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2012-06-22 10:11:06 +02:00
|
|
|
static const char *arg_dest = "/tmp";
|
|
|
|
static bool arg_enabled = true;
|
|
|
|
static bool arg_read_crypttab = true;
|
2014-12-02 18:49:28 +01:00
|
|
|
static bool arg_whitelist = false;
|
|
|
|
static Hashmap *arg_disks = NULL;
|
|
|
|
static char *arg_default_options = NULL;
|
|
|
|
static char *arg_default_keyfile = NULL;
|
2014-02-16 00:08:59 +01:00
|
|
|
|
2010-11-08 05:02:45 +01:00
|
|
|
static int create_disk(
|
|
|
|
const char *name,
|
|
|
|
const char *device,
|
|
|
|
const char *password,
|
|
|
|
const char *options) {
|
|
|
|
|
2014-07-01 00:41:17 +02:00
|
|
|
_cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL,
|
|
|
|
*filtered = NULL;
|
2013-04-18 09:11:22 +02:00
|
|
|
_cleanup_fclose_ FILE *f = NULL;
|
2013-08-15 02:47:59 +02:00
|
|
|
bool noauto, nofail, tmp, swap;
|
2014-03-06 02:26:52 +01:00
|
|
|
char *from;
|
|
|
|
int r;
|
2010-11-08 05:02:45 +01:00
|
|
|
|
|
|
|
assert(name);
|
|
|
|
assert(device);
|
|
|
|
|
2015-01-11 06:04:00 +01:00
|
|
|
noauto = fstab_test_yes_no_option(options, "noauto\0" "auto\0");
|
|
|
|
nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0");
|
2015-01-11 05:06:52 +01:00
|
|
|
tmp = fstab_test_option(options, "tmp\0");
|
|
|
|
swap = fstab_test_option(options, "swap\0");
|
2013-08-15 02:47:59 +02:00
|
|
|
|
|
|
|
if (tmp && swap) {
|
|
|
|
log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name);
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
2011-04-20 00:45:22 +02:00
|
|
|
|
2014-03-06 02:26:52 +01:00
|
|
|
e = unit_name_escape(name);
|
|
|
|
if (!e)
|
|
|
|
return log_oom();
|
|
|
|
|
2015-04-30 20:21:00 +02:00
|
|
|
r = unit_name_build("systemd-cryptsetup", e, ".service", &n);
|
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Failed to generate unit name: %m");
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2016-10-23 17:43:27 +02:00
|
|
|
p = strjoin(arg_dest, "/", n);
|
2013-03-08 10:50:33 +01:00
|
|
|
if (!p)
|
|
|
|
return log_oom();
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2012-05-21 17:22:36 +02:00
|
|
|
u = fstab_node_to_udev_node(device);
|
2013-03-08 10:50:33 +01:00
|
|
|
if (!u)
|
|
|
|
return log_oom();
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2015-04-30 20:21:00 +02:00
|
|
|
r = unit_name_from_path(u, ".device", &d);
|
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Failed to generate unit name: %m");
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2012-05-21 17:22:36 +02:00
|
|
|
f = fopen(p, "wxe");
|
2014-11-28 19:57:32 +01:00
|
|
|
if (!f)
|
|
|
|
return log_error_errno(errno, "Failed to create unit file %s: %m", p);
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2013-03-29 23:01:11 +01:00
|
|
|
fputs(
|
2012-05-22 19:23:33 +02:00
|
|
|
"# Automatically generated by systemd-cryptsetup-generator\n\n"
|
2010-11-08 05:02:45 +01:00
|
|
|
"[Unit]\n"
|
2013-03-29 23:01:11 +01:00
|
|
|
"Description=Cryptography Setup for %I\n"
|
2014-03-06 18:26:06 +01:00
|
|
|
"Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
|
2012-05-22 23:08:24 +02:00
|
|
|
"SourcePath=/etc/crypttab\n"
|
2010-11-08 05:02:45 +01:00
|
|
|
"DefaultDependencies=no\n"
|
2014-03-06 02:26:52 +01:00
|
|
|
"Conflicts=umount.target\n"
|
2013-03-29 23:01:11 +01:00
|
|
|
"BindsTo=dev-mapper-%i.device\n"
|
2013-09-29 13:37:30 +02:00
|
|
|
"IgnoreOnIsolate=true\n"
|
2014-08-26 21:17:22 +02:00
|
|
|
"After=cryptsetup-pre.target\n",
|
2013-03-29 23:01:11 +01:00
|
|
|
f);
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2011-04-20 00:45:22 +02:00
|
|
|
if (!nofail)
|
|
|
|
fprintf(f,
|
|
|
|
"Before=cryptsetup.target\n");
|
|
|
|
|
2013-03-29 23:01:12 +01:00
|
|
|
if (password) {
|
2014-03-06 02:26:52 +01:00
|
|
|
if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
|
2013-09-22 20:38:24 +02:00
|
|
|
fputs("After=systemd-random-seed.service\n", f);
|
2014-02-08 18:54:58 +01:00
|
|
|
else if (!streq(password, "-") && !streq(password, "none")) {
|
2014-03-06 02:26:52 +01:00
|
|
|
_cleanup_free_ char *uu;
|
|
|
|
|
|
|
|
uu = fstab_node_to_udev_node(password);
|
|
|
|
if (!uu)
|
2014-02-08 18:54:58 +01:00
|
|
|
return log_oom();
|
|
|
|
|
2014-06-23 19:18:44 +02:00
|
|
|
if (!path_equal(uu, "/dev/null")) {
|
2014-03-06 02:26:52 +01:00
|
|
|
|
2014-06-23 19:18:44 +02:00
|
|
|
if (is_device_path(uu)) {
|
2015-04-30 20:21:00 +02:00
|
|
|
_cleanup_free_ char *dd = NULL;
|
2014-02-08 18:54:58 +01:00
|
|
|
|
2015-04-30 20:21:00 +02:00
|
|
|
r = unit_name_from_path(uu, ".device", &dd);
|
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Failed to generate unit name: %m");
|
2014-06-23 19:18:44 +02:00
|
|
|
|
|
|
|
fprintf(f, "After=%1$s\nRequires=%1$s\n", dd);
|
|
|
|
} else
|
|
|
|
fprintf(f, "RequiresMountsFor=%s\n", password);
|
|
|
|
}
|
2014-02-08 18:54:58 +01:00
|
|
|
}
|
2013-03-29 23:01:12 +01:00
|
|
|
}
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2013-03-29 23:01:11 +01:00
|
|
|
if (is_device_path(u))
|
|
|
|
fprintf(f,
|
|
|
|
"BindsTo=%s\n"
|
|
|
|
"After=%s\n"
|
|
|
|
"Before=umount.target\n",
|
|
|
|
d, d);
|
|
|
|
else
|
|
|
|
fprintf(f,
|
|
|
|
"RequiresMountsFor=%s\n",
|
|
|
|
u);
|
|
|
|
|
2014-07-01 00:41:17 +02:00
|
|
|
r = generator_write_timeouts(arg_dest, device, name, options, &filtered);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
2010-11-08 05:02:45 +01:00
|
|
|
fprintf(f,
|
|
|
|
"\n[Service]\n"
|
|
|
|
"Type=oneshot\n"
|
|
|
|
"RemainAfterExit=yes\n"
|
2011-04-14 02:36:02 +02:00
|
|
|
"TimeoutSec=0\n" /* the binary handles timeouts anyway */
|
2010-11-14 01:53:46 +01:00
|
|
|
"ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
|
2010-11-12 00:39:17 +01:00
|
|
|
"ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
|
2014-07-01 00:41:17 +02:00
|
|
|
name, u, strempty(password), strempty(filtered),
|
2010-11-08 05:02:45 +01:00
|
|
|
name);
|
|
|
|
|
2013-08-15 02:47:59 +02:00
|
|
|
if (tmp)
|
2010-11-08 05:02:45 +01:00
|
|
|
fprintf(f,
|
2011-04-13 22:22:10 +02:00
|
|
|
"ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
|
2011-01-04 02:12:07 +01:00
|
|
|
name);
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2013-08-15 02:47:59 +02:00
|
|
|
if (swap)
|
2010-11-08 05:02:45 +01:00
|
|
|
fprintf(f,
|
2011-04-13 22:22:10 +02:00
|
|
|
"ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
|
2011-01-04 02:12:07 +01:00
|
|
|
name);
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2015-05-17 00:11:12 +02:00
|
|
|
r = fflush_and_check(f);
|
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Failed to write file %s: %m", p);
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2015-02-03 02:05:59 +01:00
|
|
|
from = strjoina("../", n);
|
2010-11-12 03:04:10 +01:00
|
|
|
|
2011-04-20 00:45:22 +02:00
|
|
|
if (!noauto) {
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2016-10-23 17:43:27 +02:00
|
|
|
to = strjoin(arg_dest, "/", d, ".wants/", n);
|
2013-03-08 10:50:33 +01:00
|
|
|
if (!to)
|
|
|
|
return log_oom();
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2012-05-31 12:40:20 +02:00
|
|
|
mkdir_parents_label(to, 0755);
|
2014-11-28 19:57:32 +01:00
|
|
|
if (symlink(from, to) < 0)
|
|
|
|
return log_error_errno(errno, "Failed to create symlink %s: %m", to);
|
2010-11-18 02:16:36 +01:00
|
|
|
|
|
|
|
free(to);
|
2011-04-20 00:45:22 +02:00
|
|
|
if (!nofail)
|
2016-10-23 17:43:27 +02:00
|
|
|
to = strjoin(arg_dest, "/cryptsetup.target.requires/", n);
|
2011-04-20 00:45:22 +02:00
|
|
|
else
|
2016-10-23 17:43:27 +02:00
|
|
|
to = strjoin(arg_dest, "/cryptsetup.target.wants/", n);
|
2013-03-08 10:50:33 +01:00
|
|
|
if (!to)
|
|
|
|
return log_oom();
|
2010-11-18 02:16:36 +01:00
|
|
|
|
2012-05-31 12:40:20 +02:00
|
|
|
mkdir_parents_label(to, 0755);
|
2014-11-28 19:57:32 +01:00
|
|
|
if (symlink(from, to) < 0)
|
|
|
|
return log_error_errno(errno, "Failed to create symlink %s: %m", to);
|
2012-05-21 17:22:36 +02:00
|
|
|
}
|
2010-11-12 03:04:10 +01:00
|
|
|
|
2013-03-25 23:49:13 +01:00
|
|
|
free(to);
|
2016-10-23 17:43:27 +02:00
|
|
|
to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n);
|
2013-03-08 10:50:33 +01:00
|
|
|
if (!to)
|
|
|
|
return log_oom();
|
2010-11-12 03:04:10 +01:00
|
|
|
|
2012-05-31 12:40:20 +02:00
|
|
|
mkdir_parents_label(to, 0755);
|
2014-11-28 19:57:32 +01:00
|
|
|
if (symlink(from, to) < 0)
|
|
|
|
return log_error_errno(errno, "Failed to create symlink %s: %m", to);
|
2010-11-12 03:04:10 +01:00
|
|
|
|
2013-03-01 15:13:43 +01:00
|
|
|
if (!noauto && !nofail) {
|
2014-09-28 03:05:41 +02:00
|
|
|
_cleanup_free_ char *dmname;
|
2016-10-23 17:43:27 +02:00
|
|
|
dmname = strjoin("dev-mapper-", e, ".device");
|
2014-09-28 03:05:41 +02:00
|
|
|
if (!dmname)
|
|
|
|
return log_oom();
|
|
|
|
|
|
|
|
r = write_drop_in(arg_dest, dmname, 90, "device-timeout",
|
2014-07-01 00:41:17 +02:00
|
|
|
"# Automatically generated by systemd-cryptsetup-generator \n\n"
|
|
|
|
"[Unit]\nJobTimeoutSec=0");
|
2014-11-28 18:23:20 +01:00
|
|
|
if (r < 0)
|
|
|
|
return log_error_errno(r, "Failed to write device drop-in: %m");
|
2013-03-01 15:13:43 +01:00
|
|
|
}
|
|
|
|
|
2013-03-08 10:50:33 +01:00
|
|
|
return 0;
|
2010-11-08 05:02:45 +01:00
|
|
|
}
|
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
static void free_arg_disks(void) {
|
|
|
|
crypto_device *d;
|
|
|
|
|
|
|
|
while ((d = hashmap_steal_first(arg_disks))) {
|
|
|
|
free(d->uuid);
|
2014-12-02 18:49:29 +01:00
|
|
|
free(d->keyfile);
|
2014-12-02 18:49:30 +01:00
|
|
|
free(d->name);
|
2014-12-02 18:49:28 +01:00
|
|
|
free(d->options);
|
|
|
|
free(d);
|
|
|
|
}
|
|
|
|
|
|
|
|
hashmap_free(arg_disks);
|
|
|
|
}
|
|
|
|
|
|
|
|
static crypto_device *get_crypto_device(const char *uuid) {
|
|
|
|
int r;
|
|
|
|
crypto_device *d;
|
|
|
|
|
|
|
|
assert(uuid);
|
|
|
|
|
|
|
|
d = hashmap_get(arg_disks, uuid);
|
|
|
|
if (!d) {
|
|
|
|
d = new0(struct crypto_device, 1);
|
|
|
|
if (!d)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
d->create = false;
|
2014-12-02 18:49:30 +01:00
|
|
|
d->keyfile = d->options = d->name = NULL;
|
2014-12-02 18:49:28 +01:00
|
|
|
|
|
|
|
d->uuid = strdup(uuid);
|
2016-10-17 00:28:30 +02:00
|
|
|
if (!d->uuid)
|
|
|
|
return mfree(d);
|
2014-12-02 18:49:28 +01:00
|
|
|
|
|
|
|
r = hashmap_put(arg_disks, d->uuid, d);
|
|
|
|
if (r < 0) {
|
|
|
|
free(d->uuid);
|
2016-10-17 00:28:30 +02:00
|
|
|
return mfree(d);
|
2014-12-02 18:49:28 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return d;
|
|
|
|
}
|
|
|
|
|
2016-10-22 20:24:52 +02:00
|
|
|
static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
|
2013-11-06 03:15:16 +01:00
|
|
|
int r;
|
2014-12-02 18:49:28 +01:00
|
|
|
crypto_device *d;
|
|
|
|
_cleanup_free_ char *uuid = NULL, *uuid_value = NULL;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
tree-wide: make parse_proc_cmdline() strip "rd." prefix automatically
This stripping is contolled by a new boolean parameter. When the parameter
is true, it means that the caller does not care about the distinction between
initrd and real root, and wants to act on both rd-dot-prefixed and unprefixed
parameters in the initramfs, and only on the unprefixed parameters in real
root. If the parameter is false, behaviour is the same as before.
Changes by caller:
log.c (systemd.log_*): changed to accept rd-dot-prefix params
pid1: no change, custom logic
cryptsetup-generator: no change, still accepts rd-dot-prefix params
debug-generator: no change, does not accept rd-dot-prefix params
fsck: changed to accept rd-dot-prefix params
fstab-generator: no change, custom logic
gpt-auto-generator: no change, custom logic
hibernate-resume-generator: no change, does not accept rd-dot-prefix params
journald: changed to accept rd-dot-prefix params
modules-load: no change, still accepts rd-dot-prefix params
quote-check: no change, does not accept rd-dot-prefix params
udevd: no change, still accepts rd-dot-prefix params
I added support for "rd." params in the three cases where I think it's
useful: logging, fsck options, journald forwarding options.
2016-10-22 21:31:14 +02:00
|
|
|
if (streq(key, "luks") && value) {
|
2014-03-06 17:05:55 +01:00
|
|
|
|
|
|
|
r = parse_boolean(value);
|
2014-02-16 00:08:59 +01:00
|
|
|
if (r < 0)
|
2014-03-06 17:05:55 +01:00
|
|
|
log_warning("Failed to parse luks switch %s. Ignoring.", value);
|
2014-02-16 00:08:59 +01:00
|
|
|
else
|
|
|
|
arg_enabled = r;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
tree-wide: make parse_proc_cmdline() strip "rd." prefix automatically
This stripping is contolled by a new boolean parameter. When the parameter
is true, it means that the caller does not care about the distinction between
initrd and real root, and wants to act on both rd-dot-prefixed and unprefixed
parameters in the initramfs, and only on the unprefixed parameters in real
root. If the parameter is false, behaviour is the same as before.
Changes by caller:
log.c (systemd.log_*): changed to accept rd-dot-prefix params
pid1: no change, custom logic
cryptsetup-generator: no change, still accepts rd-dot-prefix params
debug-generator: no change, does not accept rd-dot-prefix params
fsck: changed to accept rd-dot-prefix params
fstab-generator: no change, custom logic
gpt-auto-generator: no change, custom logic
hibernate-resume-generator: no change, does not accept rd-dot-prefix params
journald: changed to accept rd-dot-prefix params
modules-load: no change, still accepts rd-dot-prefix params
quote-check: no change, does not accept rd-dot-prefix params
udevd: no change, still accepts rd-dot-prefix params
I added support for "rd." params in the three cases where I think it's
useful: logging, fsck options, journald forwarding options.
2016-10-22 21:31:14 +02:00
|
|
|
} else if (streq(key, "luks.crypttab") && value) {
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-03-06 17:05:55 +01:00
|
|
|
r = parse_boolean(value);
|
2014-02-16 00:08:59 +01:00
|
|
|
if (r < 0)
|
2014-03-06 17:05:55 +01:00
|
|
|
log_warning("Failed to parse luks crypttab switch %s. Ignoring.", value);
|
2014-02-16 00:08:59 +01:00
|
|
|
else
|
|
|
|
arg_read_crypttab = r;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
tree-wide: make parse_proc_cmdline() strip "rd." prefix automatically
This stripping is contolled by a new boolean parameter. When the parameter
is true, it means that the caller does not care about the distinction between
initrd and real root, and wants to act on both rd-dot-prefixed and unprefixed
parameters in the initramfs, and only on the unprefixed parameters in real
root. If the parameter is false, behaviour is the same as before.
Changes by caller:
log.c (systemd.log_*): changed to accept rd-dot-prefix params
pid1: no change, custom logic
cryptsetup-generator: no change, still accepts rd-dot-prefix params
debug-generator: no change, does not accept rd-dot-prefix params
fsck: changed to accept rd-dot-prefix params
fstab-generator: no change, custom logic
gpt-auto-generator: no change, custom logic
hibernate-resume-generator: no change, does not accept rd-dot-prefix params
journald: changed to accept rd-dot-prefix params
modules-load: no change, still accepts rd-dot-prefix params
quote-check: no change, does not accept rd-dot-prefix params
udevd: no change, still accepts rd-dot-prefix params
I added support for "rd." params in the three cases where I think it's
useful: logging, fsck options, journald forwarding options.
2016-10-22 21:31:14 +02:00
|
|
|
} else if (streq(key, "luks.uuid") && value) {
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
d = get_crypto_device(startswith(value, "luks-") ? value+5 : value);
|
|
|
|
if (!d)
|
2014-02-16 00:08:59 +01:00
|
|
|
return log_oom();
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
d->create = arg_whitelist = true;
|
|
|
|
|
tree-wide: make parse_proc_cmdline() strip "rd." prefix automatically
This stripping is contolled by a new boolean parameter. When the parameter
is true, it means that the caller does not care about the distinction between
initrd and real root, and wants to act on both rd-dot-prefixed and unprefixed
parameters in the initramfs, and only on the unprefixed parameters in real
root. If the parameter is false, behaviour is the same as before.
Changes by caller:
log.c (systemd.log_*): changed to accept rd-dot-prefix params
pid1: no change, custom logic
cryptsetup-generator: no change, still accepts rd-dot-prefix params
debug-generator: no change, does not accept rd-dot-prefix params
fsck: changed to accept rd-dot-prefix params
fstab-generator: no change, custom logic
gpt-auto-generator: no change, custom logic
hibernate-resume-generator: no change, does not accept rd-dot-prefix params
journald: changed to accept rd-dot-prefix params
modules-load: no change, still accepts rd-dot-prefix params
quote-check: no change, does not accept rd-dot-prefix params
udevd: no change, still accepts rd-dot-prefix params
I added support for "rd." params in the three cases where I think it's
useful: logging, fsck options, journald forwarding options.
2016-10-22 21:31:14 +02:00
|
|
|
} else if (streq(key, "luks.options") && value) {
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
|
|
|
|
if (r == 2) {
|
|
|
|
d = get_crypto_device(uuid);
|
|
|
|
if (!d)
|
|
|
|
return log_oom();
|
|
|
|
|
|
|
|
free(d->options);
|
|
|
|
d->options = uuid_value;
|
|
|
|
uuid_value = NULL;
|
|
|
|
} else if (free_and_strdup(&arg_default_options, value) < 0)
|
2014-02-16 00:08:59 +01:00
|
|
|
return log_oom();
|
2012-06-22 10:11:06 +02:00
|
|
|
|
tree-wide: make parse_proc_cmdline() strip "rd." prefix automatically
This stripping is contolled by a new boolean parameter. When the parameter
is true, it means that the caller does not care about the distinction between
initrd and real root, and wants to act on both rd-dot-prefixed and unprefixed
parameters in the initramfs, and only on the unprefixed parameters in real
root. If the parameter is false, behaviour is the same as before.
Changes by caller:
log.c (systemd.log_*): changed to accept rd-dot-prefix params
pid1: no change, custom logic
cryptsetup-generator: no change, still accepts rd-dot-prefix params
debug-generator: no change, does not accept rd-dot-prefix params
fsck: changed to accept rd-dot-prefix params
fstab-generator: no change, custom logic
gpt-auto-generator: no change, custom logic
hibernate-resume-generator: no change, does not accept rd-dot-prefix params
journald: changed to accept rd-dot-prefix params
modules-load: no change, still accepts rd-dot-prefix params
quote-check: no change, does not accept rd-dot-prefix params
udevd: no change, still accepts rd-dot-prefix params
I added support for "rd." params in the three cases where I think it's
useful: logging, fsck options, journald forwarding options.
2016-10-22 21:31:14 +02:00
|
|
|
} else if (streq(key, "luks.key") && value) {
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:29 +01:00
|
|
|
r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
|
|
|
|
if (r == 2) {
|
|
|
|
d = get_crypto_device(uuid);
|
|
|
|
if (!d)
|
|
|
|
return log_oom();
|
|
|
|
|
|
|
|
free(d->keyfile);
|
|
|
|
d->keyfile = uuid_value;
|
|
|
|
uuid_value = NULL;
|
2015-09-10 10:23:49 +02:00
|
|
|
} else if (free_and_strdup(&arg_default_keyfile, value) < 0)
|
2014-02-16 00:08:59 +01:00
|
|
|
return log_oom();
|
2013-08-18 08:59:00 +02:00
|
|
|
|
tree-wide: make parse_proc_cmdline() strip "rd." prefix automatically
This stripping is contolled by a new boolean parameter. When the parameter
is true, it means that the caller does not care about the distinction between
initrd and real root, and wants to act on both rd-dot-prefixed and unprefixed
parameters in the initramfs, and only on the unprefixed parameters in real
root. If the parameter is false, behaviour is the same as before.
Changes by caller:
log.c (systemd.log_*): changed to accept rd-dot-prefix params
pid1: no change, custom logic
cryptsetup-generator: no change, still accepts rd-dot-prefix params
debug-generator: no change, does not accept rd-dot-prefix params
fsck: changed to accept rd-dot-prefix params
fstab-generator: no change, custom logic
gpt-auto-generator: no change, custom logic
hibernate-resume-generator: no change, does not accept rd-dot-prefix params
journald: changed to accept rd-dot-prefix params
modules-load: no change, still accepts rd-dot-prefix params
quote-check: no change, does not accept rd-dot-prefix params
udevd: no change, still accepts rd-dot-prefix params
I added support for "rd." params in the three cases where I think it's
useful: logging, fsck options, journald forwarding options.
2016-10-22 21:31:14 +02:00
|
|
|
} else if (streq(key, "luks.name") && value) {
|
2014-12-02 18:49:30 +01:00
|
|
|
|
|
|
|
r = sscanf(value, "%m[0-9a-fA-F-]=%ms", &uuid, &uuid_value);
|
|
|
|
if (r == 2) {
|
|
|
|
d = get_crypto_device(uuid);
|
|
|
|
if (!d)
|
|
|
|
return log_oom();
|
|
|
|
|
|
|
|
d->create = arg_whitelist = true;
|
|
|
|
|
|
|
|
free(d->name);
|
|
|
|
d->name = uuid_value;
|
|
|
|
uuid_value = NULL;
|
|
|
|
} else
|
|
|
|
log_warning("Failed to parse luks name switch %s. Ignoring.", value);
|
|
|
|
|
2014-06-19 16:55:20 +02:00
|
|
|
}
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2013-03-08 10:50:33 +01:00
|
|
|
return 0;
|
2012-06-22 10:11:06 +02:00
|
|
|
}
|
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
static int add_crypttab_devices(void) {
|
|
|
|
struct stat st;
|
|
|
|
unsigned crypttab_line = 0;
|
2013-04-18 09:11:22 +02:00
|
|
|
_cleanup_fclose_ FILE *f = NULL;
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (!arg_read_crypttab)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
f = fopen("/etc/crypttab", "re");
|
|
|
|
if (!f) {
|
|
|
|
if (errno != ENOENT)
|
|
|
|
log_error_errno(errno, "Failed to open /etc/crypttab: %m");
|
|
|
|
return 0;
|
2010-11-08 05:02:45 +01:00
|
|
|
}
|
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (fstat(fileno(f), &st) < 0) {
|
|
|
|
log_error_errno(errno, "Failed to stat /etc/crypttab: %m");
|
|
|
|
return 0;
|
|
|
|
}
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
for (;;) {
|
|
|
|
int r, k;
|
|
|
|
char line[LINE_MAX], *l, *uuid;
|
|
|
|
crypto_device *d = NULL;
|
|
|
|
_cleanup_free_ char *name = NULL, *device = NULL, *keyfile = NULL, *options = NULL;
|
2011-08-01 20:52:18 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (!fgets(line, sizeof(line), f))
|
|
|
|
break;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
crypttab_line++;
|
2014-02-16 00:08:59 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
l = strstrip(line);
|
|
|
|
if (*l == '#' || *l == 0)
|
|
|
|
continue;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &keyfile, &options);
|
|
|
|
if (k < 2 || k > 4) {
|
|
|
|
log_error("Failed to parse /etc/crypttab:%u, ignoring.", crypttab_line);
|
|
|
|
continue;
|
|
|
|
}
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
uuid = startswith(device, "UUID=");
|
|
|
|
if (!uuid)
|
|
|
|
uuid = path_startswith(device, "/dev/disk/by-uuid/");
|
|
|
|
if (!uuid)
|
|
|
|
uuid = startswith(name, "luks-");
|
|
|
|
if (uuid)
|
|
|
|
d = hashmap_get(arg_disks, uuid);
|
2013-04-30 00:48:03 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (arg_whitelist && !d) {
|
|
|
|
log_info("Not creating device '%s' because it was not specified on the kernel command line.", name);
|
|
|
|
continue;
|
2013-04-30 00:48:03 +02:00
|
|
|
}
|
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
r = create_disk(name, device, keyfile, (d && d->options) ? d->options : options);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2013-04-30 00:48:03 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (d)
|
|
|
|
d->create = false;
|
|
|
|
}
|
2013-04-30 00:48:03 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
return 0;
|
|
|
|
}
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
static int add_proc_cmdline_devices(void) {
|
|
|
|
int r;
|
|
|
|
Iterator i;
|
|
|
|
crypto_device *d;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
HASHMAP_FOREACH(d, arg_disks, i) {
|
|
|
|
const char *options;
|
2014-12-02 18:49:30 +01:00
|
|
|
_cleanup_free_ char *device = NULL;
|
2012-06-22 10:11:06 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (!d->create)
|
|
|
|
continue;
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:30 +01:00
|
|
|
if (!d->name) {
|
|
|
|
d->name = strappend("luks-", d->uuid);
|
|
|
|
if (!d->name)
|
|
|
|
return log_oom();
|
|
|
|
}
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
device = strappend("UUID=", d->uuid);
|
|
|
|
if (!device)
|
|
|
|
return log_oom();
|
2013-08-18 08:59:00 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (d->options)
|
|
|
|
options = d->options;
|
|
|
|
else if (arg_default_options)
|
|
|
|
options = arg_default_options;
|
|
|
|
else
|
|
|
|
options = "timeout=0";
|
2014-02-16 00:08:59 +01:00
|
|
|
|
2014-12-02 18:49:30 +01:00
|
|
|
r = create_disk(d->name, device, d->keyfile ?: arg_default_keyfile, options);
|
2014-12-02 18:49:28 +01:00
|
|
|
if (r < 0)
|
|
|
|
return r;
|
2010-11-08 05:02:45 +01:00
|
|
|
}
|
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
return 0;
|
|
|
|
}
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
int main(int argc, char *argv[]) {
|
|
|
|
int r = EXIT_FAILURE;
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (argc > 1 && argc != 4) {
|
|
|
|
log_error("This program takes three or no arguments.");
|
|
|
|
return EXIT_FAILURE;
|
|
|
|
}
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (argc > 1)
|
|
|
|
arg_dest = argv[1];
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
log_set_target(LOG_TARGET_SAFE);
|
|
|
|
log_parse_environment();
|
|
|
|
log_open();
|
2013-03-01 11:33:14 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
umask(0022);
|
2010-11-08 05:02:45 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
arg_disks = hashmap_new(&string_hash_ops);
|
|
|
|
if (!arg_disks)
|
|
|
|
goto cleanup;
|
2013-08-18 08:59:00 +02:00
|
|
|
|
tree-wide: make parse_proc_cmdline() strip "rd." prefix automatically
This stripping is contolled by a new boolean parameter. When the parameter
is true, it means that the caller does not care about the distinction between
initrd and real root, and wants to act on both rd-dot-prefixed and unprefixed
parameters in the initramfs, and only on the unprefixed parameters in real
root. If the parameter is false, behaviour is the same as before.
Changes by caller:
log.c (systemd.log_*): changed to accept rd-dot-prefix params
pid1: no change, custom logic
cryptsetup-generator: no change, still accepts rd-dot-prefix params
debug-generator: no change, does not accept rd-dot-prefix params
fsck: changed to accept rd-dot-prefix params
fstab-generator: no change, custom logic
gpt-auto-generator: no change, custom logic
hibernate-resume-generator: no change, does not accept rd-dot-prefix params
journald: changed to accept rd-dot-prefix params
modules-load: no change, still accepts rd-dot-prefix params
quote-check: no change, does not accept rd-dot-prefix params
udevd: no change, still accepts rd-dot-prefix params
I added support for "rd." params in the three cases where I think it's
useful: logging, fsck options, journald forwarding options.
2016-10-22 21:31:14 +02:00
|
|
|
r = parse_proc_cmdline(parse_proc_cmdline_item, NULL, true);
|
2014-12-02 18:49:28 +01:00
|
|
|
if (r < 0) {
|
|
|
|
log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
|
|
|
|
r = EXIT_FAILURE;
|
|
|
|
}
|
2013-08-18 08:59:00 +02:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (!arg_enabled) {
|
|
|
|
r = EXIT_SUCCESS;
|
|
|
|
goto cleanup;
|
2010-11-08 05:02:45 +01:00
|
|
|
}
|
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
if (add_crypttab_devices() < 0)
|
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
if (add_proc_cmdline_devices() < 0)
|
|
|
|
goto cleanup;
|
|
|
|
|
|
|
|
r = EXIT_SUCCESS;
|
2014-02-16 00:08:59 +01:00
|
|
|
|
|
|
|
cleanup:
|
2014-12-02 18:49:28 +01:00
|
|
|
free_arg_disks();
|
|
|
|
free(arg_default_options);
|
|
|
|
free(arg_default_keyfile);
|
2014-02-16 00:08:59 +01:00
|
|
|
|
2014-12-02 18:49:28 +01:00
|
|
|
return r;
|
2010-11-08 05:02:45 +01:00
|
|
|
}
|