]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
1a14a53c | 2 | |
1a14a53c | 3 | #include <stdlib.h> |
41bc4849 | 4 | #include <sys/file.h> |
cf0fbc49 | 5 | #include <unistd.h> |
1a14a53c | 6 | |
85624f01 | 7 | #include "sd-device.h" |
07630cea LP |
8 | #include "sd-id128.h" |
9 | ||
b5efdb8a | 10 | #include "alloc-util.h" |
07630cea | 11 | #include "blkid-util.h" |
18c528e9 | 12 | #include "blockdev-util.h" |
07630cea | 13 | #include "btrfs-util.h" |
133432cc | 14 | #include "device-util.h" |
7176f06c | 15 | #include "devnum-util.h" |
a0956174 | 16 | #include "dirent-util.h" |
72e18a98 | 17 | #include "dissect-image.h" |
1fac34b9 | 18 | #include "dropin.h" |
0bb2f0f1 | 19 | #include "efi-loader.h" |
3ffd4af2 | 20 | #include "fd-util.h" |
07630cea | 21 | #include "fileio.h" |
2bef2582 | 22 | #include "fs-util.h" |
07630cea LP |
23 | #include "fstab-util.h" |
24 | #include "generator.h" | |
25 | #include "gpt.h" | |
07630cea | 26 | #include "mkdir.h" |
049af8ad | 27 | #include "mountpoint-util.h" |
6bedfcbb | 28 | #include "parse-util.h" |
07630cea | 29 | #include "path-util.h" |
4e731273 | 30 | #include "proc-cmdline.h" |
1a14a53c | 31 | #include "special.h" |
98bad05e | 32 | #include "specifier.h" |
8fcde012 | 33 | #include "stat-util.h" |
07630cea | 34 | #include "string-util.h" |
85624f01 | 35 | #include "strv.h" |
1a14a53c | 36 | #include "unit-name.h" |
07630cea | 37 | #include "util.h" |
9a5cb137 | 38 | #include "virt.h" |
1a14a53c | 39 | |
ec6e9597 | 40 | static const char *arg_dest = NULL; |
73b80ec2 LP |
41 | static bool arg_enabled = true; |
42 | static bool arg_root_enabled = true; | |
c94b2417 | 43 | static int arg_root_rw = -1; |
1a14a53c | 44 | |
3d92aa45 | 45 | static int open_parent_block_device(dev_t devnum, int *ret_fd) { |
9fe6f5cc ZJS |
46 | _cleanup_(sd_device_unrefp) sd_device *d = NULL; |
47 | const char *name, *devtype, *node; | |
48 | sd_device *parent; | |
49 | dev_t pn; | |
50 | int fd, r; | |
51 | ||
3d92aa45 | 52 | assert(ret_fd); |
9fe6f5cc ZJS |
53 | |
54 | r = sd_device_new_from_devnum(&d, 'b', devnum); | |
55 | if (r < 0) | |
4e910241 ZJS |
56 | return log_debug_errno(r, "Failed to create device object for block device "DEVNUM_FORMAT_STR": %m", |
57 | DEVNUM_FORMAT_VAL(devnum)); | |
9fe6f5cc ZJS |
58 | |
59 | if (sd_device_get_devname(d, &name) < 0) { | |
60 | r = sd_device_get_syspath(d, &name); | |
61 | if (r < 0) { | |
ec61371f LP |
62 | log_device_debug_errno(d, r, "Device " DEVNUM_FORMAT_STR " does not have a name, ignoring: %m", |
63 | DEVNUM_FORMAT_VAL(devnum)); | |
9fe6f5cc ZJS |
64 | return 0; |
65 | } | |
66 | } | |
67 | ||
68 | r = sd_device_get_parent(d, &parent); | |
69 | if (r < 0) { | |
70 | log_device_debug_errno(d, r, "Not a partitioned device, ignoring: %m"); | |
71 | return 0; | |
72 | } | |
73 | ||
74 | /* Does it have a devtype? */ | |
75 | r = sd_device_get_devtype(parent, &devtype); | |
76 | if (r < 0) { | |
77 | log_device_debug_errno(parent, r, "Parent doesn't have a device type, ignoring: %m"); | |
78 | return 0; | |
79 | } | |
80 | ||
81 | /* Is this a disk or a partition? We only care for disks... */ | |
82 | if (!streq(devtype, "disk")) { | |
83 | log_device_debug(parent, "Parent isn't a raw disk, ignoring."); | |
84 | return 0; | |
85 | } | |
86 | ||
87 | /* Does it have a device node? */ | |
88 | r = sd_device_get_devname(parent, &node); | |
89 | if (r < 0) { | |
90 | log_device_debug_errno(parent, r, "Parent device does not have device node, ignoring: %m"); | |
91 | return 0; | |
92 | } | |
93 | ||
94 | log_device_debug(d, "Root device %s.", node); | |
95 | ||
96 | r = sd_device_get_devnum(parent, &pn); | |
97 | if (r < 0) { | |
98 | log_device_debug_errno(parent, r, "Parent device is not a proper block device, ignoring: %m"); | |
99 | return 0; | |
100 | } | |
101 | ||
102 | fd = open(node, O_RDONLY|O_CLOEXEC|O_NOCTTY); | |
103 | if (fd < 0) | |
104 | return log_error_errno(errno, "Failed to open %s: %m", node); | |
105 | ||
3d92aa45 | 106 | *ret_fd = fd; |
9fe6f5cc ZJS |
107 | return 1; |
108 | } | |
109 | ||
01af8c01 | 110 | static int add_cryptsetup(const char *id, const char *what, bool rw, bool require, char **device) { |
5b137503 | 111 | #if HAVE_LIBCRYPTSETUP |
a7e88558 | 112 | _cleanup_free_ char *e = NULL, *n = NULL, *d = NULL; |
1af72119 | 113 | _cleanup_fclose_ FILE *f = NULL; |
1af72119 LP |
114 | int r; |
115 | ||
116 | assert(id); | |
117 | assert(what); | |
1af72119 | 118 | |
7410616c LP |
119 | r = unit_name_from_path(what, ".device", &d); |
120 | if (r < 0) | |
121 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
1af72119 LP |
122 | |
123 | e = unit_name_escape(id); | |
124 | if (!e) | |
125 | return log_oom(); | |
126 | ||
7410616c LP |
127 | r = unit_name_build("systemd-cryptsetup", e, ".service", &n); |
128 | if (r < 0) | |
129 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
1af72119 | 130 | |
a7e88558 LP |
131 | r = generator_open_unit_file(arg_dest, NULL, n, &f); |
132 | if (r < 0) | |
133 | return r; | |
98bad05e | 134 | |
a7e88558 LP |
135 | r = generator_write_cryptsetup_unit_section(f, NULL); |
136 | if (r < 0) | |
137 | return r; | |
1af72119 LP |
138 | |
139 | fprintf(f, | |
1af72119 | 140 | "Before=umount.target cryptsetup.target\n" |
a7e88558 LP |
141 | "Conflicts=umount.target\n" |
142 | "BindsTo=%s\n" | |
143 | "After=%s\n", | |
144 | d, d); | |
145 | ||
146 | r = generator_write_cryptsetup_service_section(f, id, what, NULL, rw ? NULL : "read-only"); | |
147 | if (r < 0) | |
148 | return r; | |
1af72119 | 149 | |
dacd6cee LP |
150 | r = fflush_and_check(f); |
151 | if (r < 0) | |
a7e88558 | 152 | return log_error_errno(r, "Failed to write file %s: %m", n); |
1af72119 | 153 | |
9cdcf368 ZJS |
154 | r = generator_add_symlink(arg_dest, d, "wants", n); |
155 | if (r < 0) | |
156 | return r; | |
1af72119 | 157 | |
1fac34b9 ZJS |
158 | const char *dmname; |
159 | dmname = strjoina("dev-mapper-", e, ".device"); | |
1af72119 | 160 | |
1fac34b9 | 161 | if (require) { |
9cdcf368 ZJS |
162 | r = generator_add_symlink(arg_dest, "cryptsetup.target", "requires", n); |
163 | if (r < 0) | |
164 | return r; | |
01af8c01 | 165 | |
9cdcf368 ZJS |
166 | r = generator_add_symlink(arg_dest, dmname, "requires", n); |
167 | if (r < 0) | |
168 | return r; | |
01af8c01 | 169 | } |
1af72119 | 170 | |
1fac34b9 ZJS |
171 | r = write_drop_in_format(arg_dest, dmname, 50, "job-timeout", |
172 | "# Automatically generated by systemd-gpt-auto-generator\n\n" | |
173 | "[Unit]\n" | |
174 | "JobTimeoutSec=0"); /* the binary handles timeouts anyway */ | |
23bbb0de | 175 | if (r < 0) |
1fac34b9 | 176 | log_warning_errno(r, "Failed to write device timeout drop-in, ignoring: %m"); |
1af72119 | 177 | |
2aa2860b ZJS |
178 | if (device) { |
179 | char *ret; | |
180 | ||
b910cc72 | 181 | ret = path_join("/dev/mapper", id); |
2aa2860b ZJS |
182 | if (!ret) |
183 | return log_oom(); | |
1af72119 | 184 | |
01af8c01 | 185 | *device = ret; |
2aa2860b ZJS |
186 | } |
187 | ||
1af72119 | 188 | return 0; |
5b137503 YG |
189 | #else |
190 | return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Partition is encrypted, but the project was compiled without libcryptsetup support"); | |
191 | #endif | |
1af72119 LP |
192 | } |
193 | ||
73b80ec2 LP |
194 | static int add_mount( |
195 | const char *id, | |
196 | const char *what, | |
197 | const char *where, | |
198 | const char *fstype, | |
cca1dfdd | 199 | bool rw, |
400c1e8f | 200 | bool growfs, |
59512f21 | 201 | const char *options, |
73b80ec2 LP |
202 | const char *description, |
203 | const char *post) { | |
204 | ||
9cdcf368 | 205 | _cleanup_free_ char *unit = NULL, *crypto_what = NULL, *p = NULL; |
1a14a53c | 206 | _cleanup_fclose_ FILE *f = NULL; |
e48fdd84 | 207 | int r; |
1a14a53c | 208 | |
98bad05e LP |
209 | /* Note that we don't apply specifier escaping on the input strings here, since we know they are not configured |
210 | * externally, but all originate from our own sources here, and hence we know they contain no % characters that | |
211 | * could potentially be understood as specifiers. */ | |
212 | ||
1af72119 LP |
213 | assert(id); |
214 | assert(what); | |
215 | assert(where); | |
1af72119 LP |
216 | assert(description); |
217 | ||
074cdb95 | 218 | log_debug("Adding %s: %s fstype=%s", where, what, fstype ?: "(any)"); |
1a14a53c | 219 | |
73b80ec2 | 220 | if (streq_ptr(fstype, "crypto_LUKS")) { |
01af8c01 | 221 | r = add_cryptsetup(id, what, rw, true, &crypto_what); |
1af72119 LP |
222 | if (r < 0) |
223 | return r; | |
224 | ||
225 | what = crypto_what; | |
226 | fstype = NULL; | |
227 | } | |
228 | ||
7410616c LP |
229 | r = unit_name_from_path(where, ".mount", &unit); |
230 | if (r < 0) | |
231 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
1a14a53c | 232 | |
657ee2d8 | 233 | p = path_join(empty_to_root(arg_dest), unit); |
e48fdd84 LP |
234 | if (!p) |
235 | return log_oom(); | |
236 | ||
237 | f = fopen(p, "wxe"); | |
4a62c710 MS |
238 | if (!f) |
239 | return log_error_errno(errno, "Failed to create unit file %s: %m", unit); | |
1a14a53c LP |
240 | |
241 | fprintf(f, | |
242 | "# Automatically generated by systemd-gpt-auto-generator\n\n" | |
243 | "[Unit]\n" | |
c3834f9b LP |
244 | "Description=%s\n" |
245 | "Documentation=man:systemd-gpt-auto-generator(8)\n", | |
e48fdd84 LP |
246 | description); |
247 | ||
73b80ec2 LP |
248 | if (post) |
249 | fprintf(f, "Before=%s\n", post); | |
250 | ||
e48fdd84 LP |
251 | r = generator_write_fsck_deps(f, arg_dest, what, where, fstype); |
252 | if (r < 0) | |
253 | return r; | |
254 | ||
a7e88558 LP |
255 | r = generator_write_blockdev_dependency(f, what); |
256 | if (r < 0) | |
257 | return r; | |
258 | ||
e48fdd84 LP |
259 | fprintf(f, |
260 | "\n" | |
1a14a53c LP |
261 | "[Mount]\n" |
262 | "What=%s\n" | |
1af72119 LP |
263 | "Where=%s\n", |
264 | what, where); | |
265 | ||
73b80ec2 LP |
266 | if (fstype) |
267 | fprintf(f, "Type=%s\n", fstype); | |
268 | ||
59512f21 KS |
269 | if (options) |
270 | fprintf(f, "Options=%s,%s\n", options, rw ? "rw" : "ro"); | |
271 | else | |
272 | fprintf(f, "Options=%s\n", rw ? "rw" : "ro"); | |
1a14a53c | 273 | |
dacd6cee LP |
274 | r = fflush_and_check(f); |
275 | if (r < 0) | |
276 | return log_error_errno(r, "Failed to write unit file %s: %m", p); | |
1a14a53c | 277 | |
400c1e8f LP |
278 | if (growfs) { |
279 | r = generator_hook_up_growfs(arg_dest, where, post); | |
280 | if (r < 0) | |
281 | return r; | |
282 | } | |
283 | ||
284 | if (post) { | |
285 | r = generator_add_symlink(arg_dest, post, "requires", unit); | |
286 | if (r < 0) | |
287 | return r; | |
288 | } | |
289 | ||
1a14a53c LP |
290 | return 0; |
291 | } | |
292 | ||
e137880b | 293 | static int path_is_busy(const char *where) { |
59512f21 KS |
294 | int r; |
295 | ||
296 | /* already a mountpoint; generators run during reload */ | |
e1873695 | 297 | r = path_is_mount_point(where, NULL, AT_SYMLINK_FOLLOW); |
59512f21 KS |
298 | if (r > 0) |
299 | return false; | |
300 | ||
301 | /* the directory might not exist on a stateless system */ | |
302 | if (r == -ENOENT) | |
303 | return false; | |
304 | ||
305 | if (r < 0) | |
e137880b | 306 | return log_warning_errno(r, "Cannot check if \"%s\" is a mount point: %m", where); |
59512f21 KS |
307 | |
308 | /* not a mountpoint but it contains files */ | |
db55bbf2 | 309 | r = dir_is_empty(where, /* ignore_hidden_or_backup= */ false); |
e137880b ZJS |
310 | if (r < 0) |
311 | return log_warning_errno(r, "Cannot check if \"%s\" is empty: %m", where); | |
312 | if (r > 0) | |
313 | return false; | |
59512f21 | 314 | |
e137880b ZJS |
315 | log_debug("\"%s\" already populated, ignoring.", where); |
316 | return true; | |
59512f21 KS |
317 | } |
318 | ||
72e18a98 LP |
319 | static int add_partition_mount( |
320 | DissectedPartition *p, | |
61331eab | 321 | const char *id, |
61331eab | 322 | const char *where, |
72e18a98 | 323 | const char *description) { |
61331eab | 324 | |
e137880b | 325 | int r; |
72e18a98 | 326 | assert(p); |
61331eab | 327 | |
e137880b ZJS |
328 | r = path_is_busy(where); |
329 | if (r != 0) | |
330 | return r < 0 ? r : 0; | |
61331eab | 331 | |
61331eab LP |
332 | return add_mount( |
333 | id, | |
72e18a98 | 334 | p->node, |
61331eab | 335 | where, |
72e18a98 LP |
336 | p->fstype, |
337 | p->rw, | |
400c1e8f | 338 | p->growfs, |
59512f21 | 339 | NULL, |
61331eab | 340 | description, |
72e18a98 | 341 | SPECIAL_LOCAL_FS_TARGET); |
61331eab LP |
342 | } |
343 | ||
8859b8f7 HOB |
344 | static int add_swap(DissectedPartition *p) { |
345 | const char *what; | |
346 | _cleanup_free_ char *name = NULL, *unit = NULL, *crypto_what = NULL; | |
59512f21 KS |
347 | _cleanup_fclose_ FILE *f = NULL; |
348 | int r; | |
349 | ||
8859b8f7 HOB |
350 | assert(p); |
351 | assert(p->node); | |
59512f21 | 352 | |
fc5bc384 FB |
353 | /* Disable the swap auto logic if at least one swap is defined in /etc/fstab, see #6192. */ |
354 | r = fstab_has_fstype("swap"); | |
355 | if (r < 0) | |
356 | return log_error_errno(r, "Failed to parse fstab: %m"); | |
1a680ae3 | 357 | if (r > 0) { |
fc5bc384 FB |
358 | log_debug("swap specified in fstab, ignoring."); |
359 | return 0; | |
360 | } | |
361 | ||
8859b8f7 HOB |
362 | if (streq_ptr(p->fstype, "crypto_LUKS")) { |
363 | r = add_cryptsetup("swap", p->node, true, true, &crypto_what); | |
364 | if (r < 0) | |
365 | return r; | |
366 | what = crypto_what; | |
367 | } else | |
368 | what = p->node; | |
369 | ||
370 | log_debug("Adding swap: %s", what); | |
59512f21 | 371 | |
8859b8f7 | 372 | r = unit_name_from_path(what, ".swap", &name); |
59512f21 KS |
373 | if (r < 0) |
374 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
375 | ||
657ee2d8 | 376 | unit = path_join(empty_to_root(arg_dest), name); |
59512f21 KS |
377 | if (!unit) |
378 | return log_oom(); | |
379 | ||
380 | f = fopen(unit, "wxe"); | |
381 | if (!f) | |
382 | return log_error_errno(errno, "Failed to create unit file %s: %m", unit); | |
383 | ||
384 | fprintf(f, | |
385 | "# Automatically generated by systemd-gpt-auto-generator\n\n" | |
386 | "[Unit]\n" | |
387 | "Description=Swap Partition\n" | |
a7e88558 LP |
388 | "Documentation=man:systemd-gpt-auto-generator(8)\n"); |
389 | ||
8859b8f7 | 390 | r = generator_write_blockdev_dependency(f, what); |
a7e88558 LP |
391 | if (r < 0) |
392 | return r; | |
393 | ||
394 | fprintf(f, | |
395 | "\n" | |
59512f21 KS |
396 | "[Swap]\n" |
397 | "What=%s\n", | |
8859b8f7 | 398 | what); |
59512f21 | 399 | |
dacd6cee LP |
400 | r = fflush_and_check(f); |
401 | if (r < 0) | |
402 | return log_error_errno(r, "Failed to write unit file %s: %m", unit); | |
59512f21 | 403 | |
9cdcf368 | 404 | return generator_add_symlink(arg_dest, SPECIAL_SWAP_TARGET, "wants", name); |
59512f21 KS |
405 | } |
406 | ||
7a1494aa TG |
407 | static int add_automount( |
408 | const char *id, | |
409 | const char *what, | |
410 | const char *where, | |
411 | const char *fstype, | |
412 | bool rw, | |
400c1e8f | 413 | bool growfs, |
7a1494aa TG |
414 | const char *options, |
415 | const char *description, | |
416 | usec_t timeout) { | |
417 | ||
8e7e4a73 | 418 | _cleanup_free_ char *unit = NULL, *p = NULL; |
7a1494aa | 419 | _cleanup_fclose_ FILE *f = NULL; |
8e7e4a73 | 420 | const char *opt = "noauto"; |
7a1494aa TG |
421 | int r; |
422 | ||
423 | assert(id); | |
424 | assert(where); | |
425 | assert(description); | |
426 | ||
427 | if (options) | |
2aa2860b | 428 | opt = strjoina(options, ",", opt); |
7a1494aa TG |
429 | |
430 | r = add_mount(id, | |
431 | what, | |
432 | where, | |
433 | fstype, | |
434 | rw, | |
400c1e8f | 435 | growfs, |
7a1494aa TG |
436 | opt, |
437 | description, | |
438 | NULL); | |
439 | if (r < 0) | |
440 | return r; | |
441 | ||
442 | r = unit_name_from_path(where, ".automount", &unit); | |
443 | if (r < 0) | |
444 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
445 | ||
8e7e4a73 LP |
446 | p = path_join(arg_dest, unit); |
447 | if (!p) | |
448 | return log_oom(); | |
449 | ||
7a1494aa TG |
450 | f = fopen(p, "wxe"); |
451 | if (!f) | |
452 | return log_error_errno(errno, "Failed to create unit file %s: %m", unit); | |
453 | ||
454 | fprintf(f, | |
455 | "# Automatically generated by systemd-gpt-auto-generator\n\n" | |
456 | "[Unit]\n" | |
457 | "Description=%s\n" | |
458 | "Documentation=man:systemd-gpt-auto-generator(8)\n" | |
459 | "[Automount]\n" | |
460 | "Where=%s\n" | |
70887c5f | 461 | "TimeoutIdleSec="USEC_FMT"\n", |
7a1494aa TG |
462 | description, |
463 | where, | |
70887c5f | 464 | timeout / USEC_PER_SEC); |
7a1494aa TG |
465 | |
466 | r = fflush_and_check(f); | |
467 | if (r < 0) | |
468 | return log_error_errno(r, "Failed to write unit file %s: %m", p); | |
469 | ||
9cdcf368 | 470 | return generator_add_symlink(arg_dest, SPECIAL_LOCAL_FS_TARGET, "wants", unit); |
7a1494aa TG |
471 | } |
472 | ||
4f084066 LP |
473 | static const char *esp_or_xbootldr_options(const DissectedPartition *p) { |
474 | assert(p); | |
475 | ||
476 | /* if we probed vfat or have no idea about the file system then assume these file systems are vfat | |
477 | * and thus understand "umask=0077". If we detected something else then don't specify any options and | |
478 | * use kernel defaults. */ | |
479 | ||
480 | if (!p->fstype || streq(p->fstype, "vfat")) | |
481 | return "umask=0077"; | |
482 | ||
483 | return NULL; | |
484 | } | |
485 | ||
9f1cb0c1 LP |
486 | static int add_xbootldr(DissectedPartition *p) { |
487 | int r; | |
488 | ||
489 | assert(p); | |
490 | ||
491 | if (in_initrd()) { | |
492 | log_debug("In initrd, ignoring the XBOOTLDR partition."); | |
493 | return 0; | |
494 | } | |
495 | ||
496 | r = fstab_is_mount_point("/boot"); | |
497 | if (r < 0) | |
498 | return log_error_errno(r, "Failed to parse fstab: %m"); | |
499 | if (r > 0) { | |
500 | log_debug("/boot specified in fstab, ignoring XBOOTLDR partition."); | |
501 | return 0; | |
502 | } | |
503 | ||
504 | r = path_is_busy("/boot"); | |
505 | if (r < 0) | |
506 | return r; | |
507 | if (r > 0) | |
508 | return 0; | |
509 | ||
510 | return add_automount("boot", | |
511 | p->node, | |
512 | "/boot", | |
513 | p->fstype, | |
400c1e8f LP |
514 | /* rw= */ true, |
515 | /* growfs= */ false, | |
4f084066 | 516 | esp_or_xbootldr_options(p), |
9f1cb0c1 LP |
517 | "Boot Loader Partition", |
518 | 120 * USEC_PER_SEC); | |
519 | } | |
520 | ||
521 | #if ENABLE_EFI | |
522 | static int add_esp(DissectedPartition *p, bool has_xbootldr) { | |
523 | const char *esp_path = NULL, *id = NULL; | |
59512f21 KS |
524 | int r; |
525 | ||
72e18a98 | 526 | assert(p); |
59512f21 | 527 | |
59512f21 | 528 | if (in_initrd()) { |
b52a109a | 529 | log_debug("In initrd, ignoring the ESP."); |
59512f21 KS |
530 | return 0; |
531 | } | |
532 | ||
9f1cb0c1 LP |
533 | /* If /efi exists we'll use that. Otherwise we'll use /boot, as that's usually the better choice, but |
534 | * only if there's no explicit XBOOTLDR partition around. */ | |
535 | if (access("/efi", F_OK) < 0) { | |
536 | if (errno != ENOENT) | |
537 | return log_error_errno(errno, "Failed to determine whether /efi exists: %m"); | |
538 | ||
539 | /* Use /boot as fallback, but only if there's no XBOOTLDR partition */ | |
540 | if (!has_xbootldr) { | |
541 | esp_path = "/boot"; | |
542 | id = "boot"; | |
543 | } | |
544 | } | |
545 | if (!esp_path) | |
546 | esp_path = "/efi"; | |
547 | if (!id) | |
548 | id = "efi"; | |
59512f21 | 549 | |
0b6b6787 | 550 | /* We create an .automount which is not overridden by the .mount from the fstab generator. */ |
9f1cb0c1 | 551 | r = fstab_is_mount_point(esp_path); |
b9088048 FB |
552 | if (r < 0) |
553 | return log_error_errno(r, "Failed to parse fstab: %m"); | |
39b6a511 | 554 | if (r > 0) { |
9f1cb0c1 | 555 | log_debug("%s specified in fstab, ignoring.", esp_path); |
59512f21 KS |
556 | return 0; |
557 | } | |
558 | ||
9f1cb0c1 LP |
559 | r = path_is_busy(esp_path); |
560 | if (r < 0) | |
561 | return r; | |
562 | if (r > 0) | |
563 | return 0; | |
59512f21 | 564 | |
7ba25ab5 | 565 | if (is_efi_boot()) { |
72e18a98 | 566 | sd_id128_t loader_uuid; |
59512f21 | 567 | |
7ba25ab5 | 568 | /* If this is an EFI boot, be extra careful, and only mount the ESP if it was the ESP used for booting. */ |
59512f21 | 569 | |
7ba25ab5 LP |
570 | r = efi_loader_get_device_part_uuid(&loader_uuid); |
571 | if (r == -ENOENT) { | |
572 | log_debug("EFI loader partition unknown."); | |
573 | return 0; | |
574 | } | |
e28973ee ZJS |
575 | if (r < 0) |
576 | return log_error_errno(r, "Failed to read ESP partition UUID: %m"); | |
7ba25ab5 | 577 | |
72e18a98 | 578 | if (!sd_id128_equal(p->uuid, loader_uuid)) { |
9f1cb0c1 | 579 | log_debug("Partition for %s does not appear to be the partition we are booted from.", p->node); |
7ba25ab5 LP |
580 | return 0; |
581 | } | |
582 | } else | |
583 | log_debug("Not an EFI boot, skipping ESP check."); | |
584 | ||
9f1cb0c1 | 585 | return add_automount(id, |
72e18a98 | 586 | p->node, |
9f1cb0c1 | 587 | esp_path, |
72e18a98 | 588 | p->fstype, |
400c1e8f LP |
589 | /* rw= */ true, |
590 | /* growfs= */ false, | |
4f084066 | 591 | esp_or_xbootldr_options(p), |
72e18a98 LP |
592 | "EFI System Partition Automount", |
593 | 120 * USEC_PER_SEC); | |
7a1494aa | 594 | } |
59512f21 | 595 | #else |
9f1cb0c1 | 596 | static int add_esp(DissectedPartition *p, bool has_xbootldr) { |
59512f21 | 597 | return 0; |
59512f21 | 598 | } |
7a1494aa | 599 | #endif |
59512f21 | 600 | |
fd89051e LP |
601 | static int add_root_rw(DissectedPartition *p) { |
602 | const char *path; | |
603 | int r; | |
604 | ||
605 | assert(p); | |
606 | ||
607 | if (in_initrd()) { | |
608 | log_debug("In initrd, not generating drop-in for systemd-remount-fs.service."); | |
609 | return 0; | |
610 | } | |
611 | ||
612 | if (arg_root_rw >= 0) { | |
613 | log_debug("Parameter ro/rw specified on kernel command line, not generating drop-in for systemd-remount-fs.service."); | |
614 | return 0; | |
615 | } | |
616 | ||
617 | if (!p->rw) { | |
618 | log_debug("Root partition marked read-only in GPT partition table, not generating drop-in for systemd-remount-fs.service."); | |
619 | return 0; | |
620 | } | |
621 | ||
9b69569d ZJS |
622 | (void) generator_enable_remount_fs_service(arg_dest); |
623 | ||
fd89051e | 624 | path = strjoina(arg_dest, "/systemd-remount-fs.service.d/50-remount-rw.conf"); |
fd89051e LP |
625 | |
626 | r = write_string_file(path, | |
627 | "# Automatically generated by systemd-gpt-generator\n\n" | |
fd89051e LP |
628 | "[Service]\n" |
629 | "Environment=SYSTEMD_REMOUNT_ROOT_RW=1\n", | |
e82e549f | 630 | WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_NOFOLLOW|WRITE_STRING_FILE_MKDIR_0755); |
fd89051e LP |
631 | if (r < 0) |
632 | return log_error_errno(r, "Failed to write drop-in file %s: %m", path); | |
633 | ||
634 | return 0; | |
635 | } | |
636 | ||
9fe6f5cc ZJS |
637 | #if ENABLE_EFI |
638 | static int add_root_cryptsetup(void) { | |
1a14a53c | 639 | |
9fe6f5cc ZJS |
640 | /* If a device /dev/gpt-auto-root-luks appears, then make it pull in systemd-cryptsetup-root.service, which |
641 | * sets it up, and causes /dev/gpt-auto-root to appear which is all we are looking for. */ | |
1a14a53c | 642 | |
9fe6f5cc ZJS |
643 | return add_cryptsetup("root", "/dev/gpt-auto-root-luks", true, false, NULL); |
644 | } | |
645 | #endif | |
d2a62382 | 646 | |
9fe6f5cc ZJS |
647 | static int add_root_mount(void) { |
648 | #if ENABLE_EFI | |
649 | int r; | |
1a14a53c | 650 | |
9fe6f5cc | 651 | if (!is_efi_boot()) { |
387f6955 | 652 | log_debug("Not an EFI boot, not creating root mount."); |
8090b41e | 653 | return 0; |
fa041593 | 654 | } |
61331eab | 655 | |
9fe6f5cc ZJS |
656 | r = efi_loader_get_device_part_uuid(NULL); |
657 | if (r == -ENOENT) { | |
b50a3a15 ZJS |
658 | log_notice("EFI loader partition unknown, exiting.\n" |
659 | "(The boot loader did not set EFI variable LoaderDevicePartUUID.)"); | |
8090b41e | 660 | return 0; |
9fe6f5cc ZJS |
661 | } else if (r < 0) |
662 | return log_error_errno(r, "Failed to read ESP partition UUID: %m"); | |
61331eab | 663 | |
9fe6f5cc ZJS |
664 | /* OK, we have an ESP partition, this is fantastic, so let's |
665 | * wait for a root device to show up. A udev rule will create | |
666 | * the link for us under the right name. */ | |
61331eab | 667 | |
9fe6f5cc ZJS |
668 | if (in_initrd()) { |
669 | r = generator_write_initrd_root_device_deps(arg_dest, "/dev/gpt-auto-root"); | |
670 | if (r < 0) | |
671 | return 0; | |
61331eab | 672 | |
9fe6f5cc ZJS |
673 | r = add_root_cryptsetup(); |
674 | if (r < 0) | |
675 | return r; | |
61331eab LP |
676 | } |
677 | ||
9fe6f5cc ZJS |
678 | /* Note that we do not need to enable systemd-remount-fs.service here. If |
679 | * /etc/fstab exists, systemd-fstab-generator will pull it in for us. */ | |
61331eab | 680 | |
9fe6f5cc ZJS |
681 | return add_mount( |
682 | "root", | |
683 | "/dev/gpt-auto-root", | |
684 | in_initrd() ? "/sysroot" : "/", | |
685 | NULL, | |
400c1e8f LP |
686 | /* rw= */ arg_root_rw > 0, |
687 | /* growfs= */ false, | |
9fe6f5cc ZJS |
688 | NULL, |
689 | "Root Partition", | |
690 | in_initrd() ? SPECIAL_INITRD_ROOT_FS_TARGET : SPECIAL_LOCAL_FS_TARGET); | |
691 | #else | |
692 | return 0; | |
693 | #endif | |
72e18a98 | 694 | } |
cb971249 | 695 | |
72e18a98 | 696 | static int enumerate_partitions(dev_t devnum) { |
72e18a98 LP |
697 | _cleanup_close_ int fd = -1; |
698 | _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL; | |
699 | int r, k; | |
61331eab | 700 | |
3d92aa45 | 701 | r = open_parent_block_device(devnum, &fd); |
72e18a98 LP |
702 | if (r <= 0) |
703 | return r; | |
61331eab | 704 | |
41bc4849 LP |
705 | /* Let's take a LOCK_SH lock on the block device, in case udevd is already running. If we don't take |
706 | * the lock, udevd might end up issuing BLKRRPART in the middle, and we don't want that, since that | |
707 | * might remove all partitions while we are operating on them. */ | |
708 | if (flock(fd, LOCK_SH) < 0) | |
709 | return log_error_errno(errno, "Failed to lock root block device: %m"); | |
710 | ||
d04faa4e LP |
711 | r = dissect_image( |
712 | fd, | |
713 | NULL, NULL, | |
a3642997 | 714 | /* diskseq= */ 0, |
75dc190d | 715 | UINT64_MAX, |
4a62257d | 716 | USEC_INFINITY, |
d04faa4e | 717 | DISSECT_IMAGE_GPT_ONLY| |
d04faa4e LP |
718 | DISSECT_IMAGE_USR_NO_ROOT, |
719 | &m); | |
72e18a98 LP |
720 | if (r == -ENOPKG) { |
721 | log_debug_errno(r, "No suitable partition table found, ignoring."); | |
722 | return 0; | |
61331eab | 723 | } |
23bbb0de | 724 | if (r < 0) |
72e18a98 | 725 | return log_error_errno(r, "Failed to dissect: %m"); |
0238d4c6 | 726 | |
72e18a98 | 727 | if (m->partitions[PARTITION_SWAP].found) { |
8859b8f7 | 728 | k = add_swap(m->partitions + PARTITION_SWAP); |
72e18a98 LP |
729 | if (k < 0) |
730 | r = k; | |
1a14a53c LP |
731 | } |
732 | ||
9f1cb0c1 LP |
733 | if (m->partitions[PARTITION_XBOOTLDR].found) { |
734 | k = add_xbootldr(m->partitions + PARTITION_XBOOTLDR); | |
735 | if (k < 0) | |
736 | r = k; | |
737 | } | |
738 | ||
72e18a98 | 739 | if (m->partitions[PARTITION_ESP].found) { |
9f1cb0c1 | 740 | k = add_esp(m->partitions + PARTITION_ESP, m->partitions[PARTITION_XBOOTLDR].found); |
59512f21 KS |
741 | if (k < 0) |
742 | r = k; | |
743 | } | |
744 | ||
72e18a98 LP |
745 | if (m->partitions[PARTITION_HOME].found) { |
746 | k = add_partition_mount(m->partitions + PARTITION_HOME, "home", "/home", "Home Partition"); | |
73b80ec2 LP |
747 | if (k < 0) |
748 | r = k; | |
749 | } | |
e48fdd84 | 750 | |
72e18a98 LP |
751 | if (m->partitions[PARTITION_SRV].found) { |
752 | k = add_partition_mount(m->partitions + PARTITION_SRV, "srv", "/srv", "Server Data Partition"); | |
73b80ec2 LP |
753 | if (k < 0) |
754 | r = k; | |
755 | } | |
1a14a53c | 756 | |
d4dffb85 LP |
757 | if (m->partitions[PARTITION_VAR].found) { |
758 | k = add_partition_mount(m->partitions + PARTITION_VAR, "var", "/var", "Variable Data Partition"); | |
759 | if (k < 0) | |
760 | r = k; | |
761 | } | |
762 | ||
763 | if (m->partitions[PARTITION_TMP].found) { | |
764 | k = add_partition_mount(m->partitions + PARTITION_TMP, "var-tmp", "/var/tmp", "Temporary Data Partition"); | |
765 | if (k < 0) | |
766 | r = k; | |
767 | } | |
768 | ||
fd89051e LP |
769 | if (m->partitions[PARTITION_ROOT].found) { |
770 | k = add_root_rw(m->partitions + PARTITION_ROOT); | |
771 | if (k < 0) | |
772 | r = k; | |
773 | } | |
774 | ||
75d7e04e DDM |
775 | dissected_image_relinquish(m); |
776 | ||
1a14a53c LP |
777 | return r; |
778 | } | |
779 | ||
9fe6f5cc | 780 | static int add_mounts(void) { |
b00651cf | 781 | _cleanup_free_ char *p = NULL; |
9fe6f5cc | 782 | int r; |
b00651cf | 783 | dev_t devno; |
9fe6f5cc | 784 | |
b00651cf KK |
785 | /* If the root mount has been replaced by some form of volatile file system (overlayfs), the |
786 | * original root block device node is symlinked in /run/systemd/volatile-root. Let's read that | |
787 | * here. */ | |
788 | r = readlink_malloc("/run/systemd/volatile-root", &p); | |
789 | if (r == -ENOENT) { /* volatile-root not found */ | |
790 | r = get_block_device_harder("/", &devno); | |
67f0ac8c | 791 | if (r == -EUCLEAN) |
b00651cf | 792 | return btrfs_log_dev_root(LOG_ERR, r, "root file system"); |
9fe6f5cc | 793 | if (r < 0) |
b00651cf | 794 | return log_error_errno(r, "Failed to determine block device of root file system: %m"); |
d5cb053c | 795 | if (r == 0) { /* Not backed by a single block device. (Could be NFS or so, or could be multi-device RAID or so) */ |
b00651cf KK |
796 | r = get_block_device_harder("/usr", &devno); |
797 | if (r == -EUCLEAN) | |
798 | return btrfs_log_dev_root(LOG_ERR, r, "/usr"); | |
9fe6f5cc | 799 | if (r < 0) |
d5cb053c LP |
800 | return log_error_errno(r, "Failed to determine block device of /usr/ file system: %m"); |
801 | if (r == 0) { /* /usr/ not backed by single block device, either. */ | |
802 | log_debug("Neither root nor /usr/ file system are on a (single) block device."); | |
803 | return 0; | |
804 | } | |
9fe6f5cc | 805 | } |
b00651cf KK |
806 | } else if (r < 0) |
807 | return log_error_errno(r, "Failed to read symlink /run/systemd/volatile-root: %m"); | |
808 | else { | |
809 | mode_t m; | |
810 | r = device_path_parse_major_minor(p, &m, &devno); | |
811 | if (r < 0) | |
812 | return log_error_errno(r, "Failed to parse major/minor device node: %m"); | |
813 | if (!S_ISBLK(m)) | |
814 | return log_error_errno(SYNTHETIC_ERRNO(ENOTBLK), "Volatile root device is of wrong type."); | |
9fe6f5cc ZJS |
815 | } |
816 | ||
817 | return enumerate_partitions(devno); | |
818 | } | |
819 | ||
96287a49 | 820 | static int parse_proc_cmdline_item(const char *key, const char *value, void *data) { |
73b80ec2 | 821 | int r; |
1a14a53c | 822 | |
73b80ec2 | 823 | assert(key); |
1a14a53c | 824 | |
8a9c44ed LP |
825 | if (proc_cmdline_key_streq(key, "systemd.gpt_auto") || |
826 | proc_cmdline_key_streq(key, "rd.systemd.gpt_auto")) { | |
1a14a53c | 827 | |
1d84ad94 | 828 | r = value ? parse_boolean(value) : 1; |
73b80ec2 | 829 | if (r < 0) |
0a1b9449 | 830 | log_warning_errno(r, "Failed to parse gpt-auto switch \"%s\", ignoring: %m", value); |
8086ffac ZJS |
831 | else |
832 | arg_enabled = r; | |
1a14a53c | 833 | |
8a9c44ed | 834 | } else if (proc_cmdline_key_streq(key, "root")) { |
1d84ad94 LP |
835 | |
836 | if (proc_cmdline_value_missing(key, value)) | |
837 | return 0; | |
73b80ec2 LP |
838 | |
839 | /* Disable root disk logic if there's a root= value | |
840 | * specified (unless it happens to be "gpt-auto") */ | |
841 | ||
074cdb95 ZJS |
842 | if (!streq(value, "gpt-auto")) { |
843 | arg_root_enabled = false; | |
844 | log_debug("Disabling root partition auto-detection, root= is defined."); | |
845 | } | |
73b80ec2 | 846 | |
8a9c44ed | 847 | } else if (proc_cmdline_key_streq(key, "roothash")) { |
2f3dfc6f LP |
848 | |
849 | if (proc_cmdline_value_missing(key, value)) | |
850 | return 0; | |
851 | ||
852 | /* Disable root disk logic if there's roothash= defined (i.e. verity enabled) */ | |
853 | ||
854 | arg_root_enabled = false; | |
855 | ||
8a9c44ed | 856 | } else if (proc_cmdline_key_streq(key, "rw") && !value) |
73b80ec2 | 857 | arg_root_rw = true; |
8a9c44ed | 858 | else if (proc_cmdline_key_streq(key, "ro") && !value) |
73b80ec2 | 859 | arg_root_rw = false; |
73b80ec2 LP |
860 | |
861 | return 0; | |
862 | } | |
863 | ||
ec6e9597 | 864 | static int run(const char *dest, const char *dest_early, const char *dest_late) { |
8f50e86a | 865 | int r, k; |
73b80ec2 | 866 | |
ec6e9597 | 867 | assert_se(arg_dest = dest_late); |
73b80ec2 | 868 | |
75f86906 | 869 | if (detect_container() > 0) { |
73b80ec2 | 870 | log_debug("In a container, exiting."); |
ec6e9597 | 871 | return 0; |
1a14a53c | 872 | } |
3db604b9 | 873 | |
1d84ad94 | 874 | r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, 0); |
b5884878 | 875 | if (r < 0) |
da927ba9 | 876 | log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m"); |
1a14a53c | 877 | |
73b80ec2 LP |
878 | if (!arg_enabled) { |
879 | log_debug("Disabled, exiting."); | |
ec6e9597 | 880 | return 0; |
73b80ec2 LP |
881 | } |
882 | ||
883 | if (arg_root_enabled) | |
884 | r = add_root_mount(); | |
885 | ||
886 | if (!in_initrd()) { | |
73b80ec2 | 887 | k = add_mounts(); |
ec6e9597 | 888 | if (r >= 0) |
73b80ec2 LP |
889 | r = k; |
890 | } | |
891 | ||
ec6e9597 | 892 | return r; |
1a14a53c | 893 | } |
ec6e9597 ZJS |
894 | |
895 | DEFINE_MAIN_GENERATOR_FUNCTION(run); |