]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/gpt-auto-generator/gpt-auto-generator.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
gpt-auto-generator: hook in "growfs" for the root fs if the GPT flag 59 says so
[thirdparty/systemd.git] / src / gpt-auto-generator / gpt-auto-generator.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <stdlib.h>
4 #include <sys/file.h>
5 #include <unistd.h>
6
7 #include "sd-device.h"
8 #include "sd-id128.h"
9
10 #include "alloc-util.h"
11 #include "blkid-util.h"
12 #include "blockdev-util.h"
13 #include "btrfs-util.h"
14 #include "device-util.h"
15 #include "devnum-util.h"
16 #include "dirent-util.h"
17 #include "dissect-image.h"
18 #include "dropin.h"
19 #include "efi-loader.h"
20 #include "fd-util.h"
21 #include "fileio.h"
22 #include "fs-util.h"
23 #include "fstab-util.h"
24 #include "generator.h"
25 #include "gpt.h"
26 #include "image-policy.h"
27 #include "initrd-util.h"
28 #include "mountpoint-util.h"
29 #include "parse-util.h"
30 #include "path-util.h"
31 #include "proc-cmdline.h"
32 #include "special.h"
33 #include "specifier.h"
34 #include "stat-util.h"
35 #include "string-util.h"
36 #include "strv.h"
37 #include "unit-name.h"
38 #include "virt.h"
39
40 static const char *arg_dest = NULL;
41 static bool arg_enabled = true;
42 static bool arg_root_enabled = true;
43 static bool arg_swap_enabled = true;
44 static char *arg_root_fstype = NULL;
45 static char *arg_root_options = NULL;
46 static int arg_root_rw = -1;
47 static ImagePolicy *arg_image_policy = NULL;
48
49 STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep);
50
51 STATIC_DESTRUCTOR_REGISTER(arg_root_fstype, freep);
52 STATIC_DESTRUCTOR_REGISTER(arg_root_options, freep);
53
54 static int add_cryptsetup(
55 const char *id,
56 const char *what,
57 bool rw,
58 bool require,
59 bool measure,
60 char **ret_device) {
61
62 #if HAVE_LIBCRYPTSETUP
63 _cleanup_free_ char *e = NULL, *n = NULL, *d = NULL, *options = NULL;
64 _cleanup_fclose_ FILE *f = NULL;
65 int r;
66
67 assert(id);
68 assert(what);
69
70 r = unit_name_from_path(what, ".device", &d);
71 if (r < 0)
72 return log_error_errno(r, "Failed to generate unit name: %m");
73
74 e = unit_name_escape(id);
75 if (!e)
76 return log_oom();
77
78 r = unit_name_build("systemd-cryptsetup", e, ".service", &n);
79 if (r < 0)
80 return log_error_errno(r, "Failed to generate unit name: %m");
81
82 r = generator_open_unit_file(arg_dest, /* source = */ NULL, n, &f);
83 if (r < 0)
84 return r;
85
86 r = generator_write_cryptsetup_unit_section(f, NULL);
87 if (r < 0)
88 return r;
89
90 fprintf(f,
91 "Before=umount.target cryptsetup.target\n"
92 "Conflicts=umount.target\n"
93 "BindsTo=%s\n"
94 "After=%s\n",
95 d, d);
96
97 if (!rw) {
98 options = strdup("read-only");
99 if (!options)
100 return log_oom();
101 }
102
103 if (measure) {
104 /* We only measure the root volume key into PCR 15 if we are booted with sd-stub (i.e. in a
105 * UKI), and sd-stub measured the UKI. We do this in order not to step into people's own PCR
106 * assignment, under the assumption that people who are fine to use sd-stub with its PCR
107 * assignments are also OK with our PCR 15 use here. */
108
109 r = efi_measured_uki(LOG_WARNING);
110 if (r == 0)
111 log_debug("Will not measure volume key of volume '%s', not booted via systemd-stub with measurements enabled.", id);
112 else if (r > 0) {
113 if (!strextend_with_separator(&options, ",", "tpm2-measure-pcr=yes"))
114 return log_oom();
115 }
116 }
117
118 r = generator_write_cryptsetup_service_section(f, id, what, NULL, options);
119 if (r < 0)
120 return r;
121
122 r = fflush_and_check(f);
123 if (r < 0)
124 return log_error_errno(r, "Failed to write file %s: %m", n);
125
126 r = generator_add_symlink(arg_dest, d, "wants", n);
127 if (r < 0)
128 return r;
129
130 const char *dmname = strjoina("dev-mapper-", e, ".device");
131
132 if (require) {
133 r = generator_add_symlink(arg_dest, "cryptsetup.target", "requires", n);
134 if (r < 0)
135 return r;
136
137 r = generator_add_symlink(arg_dest, dmname, "requires", n);
138 if (r < 0)
139 return r;
140 }
141
142 r = write_drop_in_format(arg_dest, dmname, 50, "job-timeout",
143 "# Automatically generated by systemd-gpt-auto-generator\n\n"
144 "[Unit]\n"
145 "JobTimeoutSec=infinity"); /* the binary handles timeouts anyway */
146 if (r < 0)
147 log_warning_errno(r, "Failed to write device timeout drop-in, ignoring: %m");
148
149 if (ret_device) {
150 char *s;
151
152 s = path_join("/dev/mapper", id);
153 if (!s)
154 return log_oom();
155
156 *ret_device = s;
157 }
158
159 return 0;
160 #else
161 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
162 "Partition is encrypted, but systemd-gpt-auto-generator was compiled without libcryptsetup support");
163 #endif
164 }
165
166 static int add_mount(
167 const char *id,
168 const char *what,
169 const char *where,
170 const char *fstype,
171 bool rw,
172 bool growfs,
173 bool measure,
174 const char *options,
175 const char *description,
176 const char *post) {
177
178 _cleanup_free_ char *unit = NULL, *crypto_what = NULL;
179 _cleanup_fclose_ FILE *f = NULL;
180 int r;
181
182 /* Note that we don't apply specifier escaping on the input strings here, since we know they are not configured
183 * externally, but all originate from our own sources here, and hence we know they contain no % characters that
184 * could potentially be understood as specifiers. */
185
186 assert(id);
187 assert(what);
188 assert(where);
189 assert(description);
190
191 log_debug("Adding %s: %s fstype=%s", where, what, fstype ?: "(any)");
192
193 if (streq_ptr(fstype, "crypto_LUKS")) {
194 r = add_cryptsetup(id, what, rw, /* require= */ true, measure, &crypto_what);
195 if (r < 0)
196 return r;
197
198 what = crypto_what;
199 fstype = NULL;
200 } else if (fstype) {
201 r = dissect_fstype_ok(fstype);
202 if (r < 0)
203 return log_error_errno(r, "Unable to determine of dissected file system type '%s' is permitted: %m", fstype);
204 if (!r)
205 return log_error_errno(
206 SYNTHETIC_ERRNO(EIDRM),
207 "Refusing to automatically mount uncommon file system '%s' to '%s'.",
208 fstype, where);
209 }
210
211 r = unit_name_from_path(where, ".mount", &unit);
212 if (r < 0)
213 return log_error_errno(r, "Failed to generate unit name: %m");
214
215 r = generator_open_unit_file(arg_dest, /* source = */ NULL, unit, &f);
216 if (r < 0)
217 return r;
218
219 fprintf(f,
220 "[Unit]\n"
221 "Description=%s\n"
222 "Documentation=man:systemd-gpt-auto-generator(8)\n",
223 description);
224
225 if (post)
226 fprintf(f, "Before=%s\n", post);
227
228 r = generator_write_fsck_deps(f, arg_dest, what, where, fstype);
229 if (r < 0)
230 return r;
231
232 r = generator_write_blockdev_dependency(f, what);
233 if (r < 0)
234 return r;
235
236 fprintf(f,
237 "\n"
238 "[Mount]\n"
239 "What=%s\n"
240 "Where=%s\n",
241 what, where);
242
243 if (fstype)
244 fprintf(f, "Type=%s\n", fstype);
245
246 if (options)
247 fprintf(f, "Options=%s\n", options);
248
249 r = fflush_and_check(f);
250 if (r < 0)
251 return log_error_errno(r, "Failed to write unit %s: %m", unit);
252
253 if (growfs) {
254 r = generator_hook_up_growfs(arg_dest, where, post);
255 if (r < 0)
256 return r;
257 }
258
259 if (measure) {
260 r = generator_hook_up_pcrfs(arg_dest, where, post);
261 if (r < 0)
262 return r;
263 }
264
265 if (post) {
266 r = generator_add_symlink(arg_dest, post, "requires", unit);
267 if (r < 0)
268 return r;
269 }
270
271 return 0;
272 }
273
274 static int path_is_busy(const char *where) {
275 int r;
276
277 assert(where);
278
279 /* already a mountpoint; generators run during reload */
280 r = path_is_mount_point(where, NULL, AT_SYMLINK_FOLLOW);
281 if (r > 0)
282 return false;
283 /* The directory will be created by the mount or automount unit when it is started. */
284 if (r == -ENOENT)
285 return false;
286
287 if (r < 0)
288 return log_warning_errno(r, "Cannot check if \"%s\" is a mount point: %m", where);
289
290 /* not a mountpoint but it contains files */
291 r = dir_is_empty(where, /* ignore_hidden_or_backup= */ false);
292 if (r == -ENOTDIR) {
293 log_debug("\"%s\" is not a directory, ignoring.", where);
294 return true;
295 } else if (r < 0)
296 return log_warning_errno(r, "Cannot check if \"%s\" is empty: %m", where);
297 else if (r == 0) {
298 log_debug("\"%s\" already populated, ignoring.", where);
299 return true;
300 }
301
302 return false;
303 }
304
305 static int add_partition_mount(
306 PartitionDesignator d,
307 DissectedPartition *p,
308 const char *id,
309 const char *where,
310 const char *description) {
311
312 _cleanup_free_ char *options = NULL;
313 int r;
314
315 assert(p);
316
317 r = path_is_busy(where);
318 if (r != 0)
319 return r < 0 ? r : 0;
320
321 r = partition_pick_mount_options(
322 d,
323 dissected_partition_fstype(p),
324 p->rw,
325 /* discard= */ true,
326 &options,
327 /* ret_ms_flags= */ NULL);
328 if (r < 0)
329 return r;
330
331 return add_mount(
332 id,
333 p->node,
334 where,
335 p->fstype,
336 p->rw,
337 p->growfs,
338 /* measure= */ STR_IN_SET(id, "root", "var"), /* by default measure rootfs and /var, since they contain the "identity" of the system */
339 options,
340 description,
341 SPECIAL_LOCAL_FS_TARGET);
342 }
343
344 static int add_partition_swap(DissectedPartition *p) {
345 const char *what;
346 _cleanup_free_ char *name = NULL, *crypto_what = NULL;
347 _cleanup_fclose_ FILE *f = NULL;
348 int r;
349
350 assert(p);
351 assert(p->node);
352
353 if (!arg_swap_enabled)
354 return 0;
355
356 /* Disable the swap auto logic if at least one swap is defined in /etc/fstab, see #6192. */
357 r = fstab_has_fstype("swap");
358 if (r < 0)
359 return log_error_errno(r, "Failed to parse fstab: %m");
360 if (r > 0) {
361 log_debug("swap specified in fstab, ignoring.");
362 return 0;
363 }
364
365 if (streq_ptr(p->fstype, "crypto_LUKS")) {
366 r = add_cryptsetup("swap", p->node, /* rw= */ true, /* require= */ true, /* measure= */ false, &crypto_what);
367 if (r < 0)
368 return r;
369 what = crypto_what;
370 } else
371 what = p->node;
372
373 log_debug("Adding swap: %s", what);
374
375 r = unit_name_from_path(what, ".swap", &name);
376 if (r < 0)
377 return log_error_errno(r, "Failed to generate unit name: %m");
378
379 r = generator_open_unit_file(arg_dest, /* source = */ NULL, name, &f);
380 if (r < 0)
381 return r;
382
383 fprintf(f,
384 "[Unit]\n"
385 "Description=Swap Partition\n"
386 "Documentation=man:systemd-gpt-auto-generator(8)\n");
387
388 r = generator_write_blockdev_dependency(f, what);
389 if (r < 0)
390 return r;
391
392 fprintf(f,
393 "\n"
394 "[Swap]\n"
395 "What=%s\n",
396 what);
397
398 r = fflush_and_check(f);
399 if (r < 0)
400 return log_error_errno(r, "Failed to write unit %s: %m", name);
401
402 return generator_add_symlink(arg_dest, SPECIAL_SWAP_TARGET, "wants", name);
403 }
404
405 static int add_automount(
406 const char *id,
407 const char *what,
408 const char *where,
409 const char *fstype,
410 bool rw,
411 bool growfs,
412 const char *options,
413 const char *description,
414 usec_t timeout) {
415
416 _cleanup_free_ char *unit = NULL;
417 _cleanup_fclose_ FILE *f = NULL;
418 int r;
419
420 assert(id);
421 assert(where);
422 assert(description);
423
424 r = add_mount(id,
425 what,
426 where,
427 fstype,
428 rw,
429 growfs,
430 /* measure= */ false,
431 options,
432 description,
433 NULL);
434 if (r < 0)
435 return r;
436
437 r = unit_name_from_path(where, ".automount", &unit);
438 if (r < 0)
439 return log_error_errno(r, "Failed to generate unit name: %m");
440
441 r = generator_open_unit_file(arg_dest, /* source = */ NULL, unit, &f);
442 if (r < 0)
443 return r;
444
445 fprintf(f,
446 "[Unit]\n"
447 "Description=%s\n"
448 "Documentation=man:systemd-gpt-auto-generator(8)\n"
449 "[Automount]\n"
450 "Where=%s\n"
451 "TimeoutIdleSec="USEC_FMT"\n",
452 description,
453 where,
454 timeout / USEC_PER_SEC);
455
456 r = fflush_and_check(f);
457 if (r < 0)
458 return log_error_errno(r, "Failed to write unit %s: %m", unit);
459
460 return generator_add_symlink(arg_dest, SPECIAL_LOCAL_FS_TARGET, "wants", unit);
461 }
462
463 static int slash_boot_in_fstab(void) {
464 static int cache = -1;
465
466 if (cache >= 0)
467 return cache;
468
469 cache = fstab_is_mount_point("/boot");
470 if (cache < 0)
471 return log_error_errno(cache, "Failed to parse fstab: %m");
472 return cache;
473 }
474
475 static int add_partition_xbootldr(DissectedPartition *p) {
476 _cleanup_free_ char *options = NULL;
477 int r;
478
479 assert(p);
480
481 if (in_initrd()) {
482 log_debug("In initrd, ignoring the XBOOTLDR partition.");
483 return 0;
484 }
485
486 r = slash_boot_in_fstab();
487 if (r < 0)
488 return r;
489 if (r > 0) {
490 log_debug("/boot/ specified in fstab, ignoring XBOOTLDR partition.");
491 return 0;
492 }
493
494 r = path_is_busy("/boot");
495 if (r < 0)
496 return r;
497 if (r > 0)
498 return 0;
499
500 r = partition_pick_mount_options(
501 PARTITION_XBOOTLDR,
502 dissected_partition_fstype(p),
503 /* rw= */ true,
504 /* discard= */ false,
505 &options,
506 /* ret_ms_flags= */ NULL);
507 if (r < 0)
508 return log_error_errno(r, "Failed to determine default mount options for /boot/: %m");
509
510 return add_automount(
511 "boot",
512 p->node,
513 "/boot",
514 p->fstype,
515 /* rw= */ true,
516 /* growfs= */ false,
517 options,
518 "Boot Loader Partition",
519 120 * USEC_PER_SEC);
520 }
521
522 #if ENABLE_EFI
523 static int slash_efi_in_fstab(void) {
524 static int cache = -1;
525
526 if (cache >= 0)
527 return cache;
528
529 cache = fstab_is_mount_point("/efi");
530 if (cache < 0)
531 return log_error_errno(cache, "Failed to parse fstab: %m");
532 return cache;
533 }
534
535 static bool slash_boot_exists(void) {
536 static int cache = -1;
537
538 if (cache >= 0)
539 return cache;
540
541 if (access("/boot", F_OK) >= 0)
542 return (cache = true);
543 if (errno != ENOENT)
544 log_error_errno(errno, "Failed to determine whether /boot/ exists, assuming no: %m");
545 else
546 log_debug_errno(errno, "/boot/: %m");
547 return (cache = false);
548 }
549
550 static int add_partition_esp(DissectedPartition *p, bool has_xbootldr) {
551 const char *esp_path = NULL, *id = NULL;
552 _cleanup_free_ char *options = NULL;
553 int r;
554
555 assert(p);
556
557 if (in_initrd()) {
558 log_debug("In initrd, ignoring the ESP.");
559 return 0;
560 }
561
562 /* Check if there's an existing fstab entry for ESP. If so, we just skip the gpt-auto logic. */
563 r = fstab_has_node(p->node);
564 if (r < 0)
565 return log_error_errno(r,
566 "Failed to check if fstab entry for device '%s' exists: %m", p->node);
567 if (r > 0)
568 return 0;
569
570 /* If /boot/ is present, unused, and empty, we'll take that.
571 * Otherwise, if /efi/ is unused and empty (or missing), we'll take that.
572 * Otherwise, we do nothing. */
573 if (!has_xbootldr && slash_boot_exists()) {
574 r = slash_boot_in_fstab();
575 if (r < 0)
576 return r;
577 if (r == 0) {
578 r = path_is_busy("/boot");
579 if (r < 0)
580 return r;
581 if (r == 0) {
582 esp_path = "/boot";
583 id = "boot";
584 }
585 }
586 }
587
588 if (!esp_path) {
589 r = slash_efi_in_fstab();
590 if (r < 0)
591 return r;
592 if (r > 0)
593 return 0;
594
595 r = path_is_busy("/efi");
596 if (r < 0)
597 return r;
598 if (r > 0)
599 return 0;
600
601 esp_path = "/efi";
602 id = "efi";
603 }
604
605 r = partition_pick_mount_options(
606 PARTITION_ESP,
607 dissected_partition_fstype(p),
608 /* rw= */ true,
609 /* discard= */ false,
610 &options,
611 /* ret_ms_flags= */ NULL);
612 if (r < 0)
613 return log_error_errno(r, "Failed to determine default mount options for %s: %m", esp_path);
614
615 return add_automount(
616 id,
617 p->node,
618 esp_path,
619 p->fstype,
620 /* rw= */ true,
621 /* growfs= */ false,
622 options,
623 "EFI System Partition Automount",
624 120 * USEC_PER_SEC);
625 }
626 #else
627 static int add_partition_esp(DissectedPartition *p, bool has_xbootldr) {
628 return 0;
629 }
630 #endif
631
632 static int add_partition_root_rw(DissectedPartition *p) {
633 const char *path;
634 int r;
635
636 assert(p);
637 assert(!in_initrd());
638
639 /* Invoked on the main system (not initrd), to honour GPT flag 60 on the root fs (ro) */
640
641 if (arg_root_rw >= 0) {
642 log_debug("Parameter ro/rw specified on kernel command line, not generating drop-in for systemd-remount-fs.service.");
643 return 0;
644 }
645
646 if (!p->rw) {
647 log_debug("Root partition marked read-only in GPT partition table, not generating drop-in for systemd-remount-fs.service.");
648 return 0;
649 }
650
651 r = generator_enable_remount_fs_service(arg_dest);
652 if (r < 0)
653 return r;
654
655 path = strjoina(arg_dest, "/systemd-remount-fs.service.d/50-remount-rw.conf");
656
657 r = write_string_file(path,
658 "# Automatically generated by systemd-gpt-auto-generator\n\n"
659 "[Service]\n"
660 "Environment=SYSTEMD_REMOUNT_ROOT_RW=1\n",
661 WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_NOFOLLOW|WRITE_STRING_FILE_MKDIR_0755);
662 if (r < 0)
663 return log_error_errno(r, "Failed to write drop-in file %s: %m", path);
664
665 return 0;
666 }
667
668 static int add_partition_root_growfs(DissectedPartition *p) {
669
670 assert(p);
671 assert(!in_initrd());
672
673 /* Invoked on the main system (not initrd), to honour GPT flag 59 on the root fs (growfs) */
674
675 if (!p->growfs) {
676 log_debug("Root partition not marked for growing the file system in the GPT partition table, not generating drop-in for systemd-growfs-root.service.");
677 return 0;
678 }
679
680 return generator_hook_up_growfs(arg_dest, "/", SPECIAL_LOCAL_FS_TARGET);
681 }
682
683 static int add_partition_root_flags(DissectedPartition *p) {
684 int r = 0;
685
686 assert(p);
687 assert(!in_initrd());
688
689 RET_GATHER(r, add_partition_root_growfs(p));
690 RET_GATHER(r, add_partition_root_rw(p));
691
692 return r;
693 }
694
695 #if ENABLE_EFI
696 static int add_root_cryptsetup(void) {
697 #if HAVE_LIBCRYPTSETUP
698
699 /* If a device /dev/gpt-auto-root-luks appears, then make it pull in systemd-cryptsetup-root.service, which
700 * sets it up, and causes /dev/gpt-auto-root to appear which is all we are looking for. */
701
702 return add_cryptsetup("root", "/dev/gpt-auto-root-luks", /* rw= */ true, /* require= */ false, /* measure= */ true, NULL);
703 #else
704 return 0;
705 #endif
706 }
707 #endif
708
709 static int add_root_mount(void) {
710 #if ENABLE_EFI
711 _cleanup_free_ char *options = NULL;
712 int r;
713
714 if (!is_efi_boot()) {
715 log_debug("Not an EFI boot, not creating root mount.");
716 return 0;
717 }
718
719 r = efi_loader_get_device_part_uuid(NULL);
720 if (r == -ENOENT) {
721 log_notice("EFI loader partition unknown, exiting.\n"
722 "(The boot loader did not set EFI variable LoaderDevicePartUUID.)");
723 return 0;
724 } else if (r < 0)
725 return log_error_errno(r, "Failed to read loader partition UUID: %m");
726
727 /* OK, we have an ESP/XBOOTLDR partition, this is fantastic, so let's wait for a root device to show up.
728 * A udev rule will create the link for us under the right name. */
729
730 if (in_initrd()) {
731 r = generator_write_initrd_root_device_deps(arg_dest, "/dev/gpt-auto-root");
732 if (r < 0)
733 return 0;
734
735 r = add_root_cryptsetup();
736 if (r < 0)
737 return r;
738 }
739
740 /* Note that we do not need to enable systemd-remount-fs.service here. If /etc/fstab exists,
741 * systemd-fstab-generator will pull it in for us, and otherwise add_partition_root_flags() will do
742 * it, after the initrd transition. */
743
744 r = partition_pick_mount_options(
745 PARTITION_ROOT,
746 arg_root_fstype,
747 arg_root_rw > 0,
748 /* discard= */ true,
749 &options,
750 /* ret_ms_flags= */ NULL);
751 if (r < 0)
752 return log_error_errno(r, "Failed to pick root mount options: %m");
753
754 if (arg_root_options)
755 if (!strextend_with_separator(&options, ",", arg_root_options))
756 return log_oom();
757
758 return add_mount(
759 "root",
760 "/dev/gpt-auto-root",
761 in_initrd() ? "/sysroot" : "/",
762 arg_root_fstype,
763 /* rw= */ arg_root_rw > 0,
764 /* growfs= */ false,
765 /* measure= */ true,
766 options,
767 "Root Partition",
768 in_initrd() ? SPECIAL_INITRD_ROOT_FS_TARGET : SPECIAL_LOCAL_FS_TARGET);
769 #else
770 return 0;
771 #endif
772 }
773
774 static int process_loader_partitions(DissectedPartition *esp, DissectedPartition *xbootldr) {
775 sd_id128_t loader_uuid;
776 int r;
777
778 assert(esp);
779 assert(xbootldr);
780
781 if (!is_efi_boot()) {
782 log_debug("Not an EFI boot, skipping loader partition UUID check.");
783 goto mount;
784 }
785
786 /* Let's check if LoaderDevicePartUUID points to either ESP or XBOOTLDR. We prefer it pointing
787 * to the ESP, but we accept XBOOTLDR too. If it points to neither of them, don't mount any
788 * loader partitions, since they are not the ones used for booting. */
789
790 r = efi_loader_get_device_part_uuid(&loader_uuid);
791 if (r == -ENOENT) {
792 log_debug_errno(r, "EFI loader partition unknown, skipping ESP and XBOOTLDR mounts.");
793 return 0;
794 }
795 if (r < 0)
796 return log_debug_errno(r, "Failed to read loader partition UUID, ignoring: %m");
797
798 if (esp->found && sd_id128_equal(esp->uuid, loader_uuid))
799 goto mount;
800
801 if (xbootldr->found && sd_id128_equal(xbootldr->uuid, loader_uuid)) {
802 log_debug("LoaderDevicePartUUID points to XBOOTLDR partition.");
803 goto mount;
804 }
805
806 log_debug("LoaderDevicePartUUID points to neither ESP nor XBOOTLDR, ignoring.");
807 return 0;
808
809 mount:
810 r = 0;
811
812 if (xbootldr->found)
813 RET_GATHER(r, add_partition_xbootldr(xbootldr));
814 if (esp->found)
815 RET_GATHER(r, add_partition_esp(esp, xbootldr->found));
816
817 return r;
818 }
819
820 static int enumerate_partitions(dev_t devnum) {
821 _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL;
822 _cleanup_(loop_device_unrefp) LoopDevice *loop = NULL;
823 _cleanup_free_ char *devname = NULL;
824 int r;
825
826 assert(!in_initrd());
827
828 /* Run on the final root fs (not in the initrd), to mount auxiliary partitions, and hook in rw
829 * remount and growfs of the root partition */
830
831 r = block_get_whole_disk(devnum, &devnum);
832 if (r < 0)
833 return log_debug_errno(r, "Failed to get whole block device for " DEVNUM_FORMAT_STR ": %m",
834 DEVNUM_FORMAT_VAL(devnum));
835
836 r = devname_from_devnum(S_IFBLK, devnum, &devname);
837 if (r < 0)
838 return log_debug_errno(r, "Failed to get device node of " DEVNUM_FORMAT_STR ": %m",
839 DEVNUM_FORMAT_VAL(devnum));
840
841 /* Let's take a LOCK_SH lock on the block device, in case udevd is already running. If we don't take
842 * the lock, udevd might end up issuing BLKRRPART in the middle, and we don't want that, since that
843 * might remove all partitions while we are operating on them. */
844 r = loop_device_open_from_path(devname, O_RDONLY, LOCK_SH, &loop);
845 if (r < 0)
846 return log_debug_errno(r, "Failed to open %s: %m", devname);
847
848 r = dissect_loop_device(
849 loop,
850 /* verity= */ NULL,
851 /* mount_options= */ NULL,
852 arg_image_policy ?: &image_policy_host,
853 DISSECT_IMAGE_GPT_ONLY|
854 DISSECT_IMAGE_USR_NO_ROOT|
855 DISSECT_IMAGE_DISKSEQ_DEVNODE|
856 DISSECT_IMAGE_ALLOW_EMPTY,
857 /* NB! Unlike most other places where we dissect block devices we do not use
858 * DISSECT_IMAGE_ADD_PARTITION_DEVICES here: we want that the kernel finds the
859 * devices, and udev probes them before we mount them via .mount units much later
860 * on. And thus we also don't set DISSECT_IMAGE_PIN_PARTITION_DEVICES here, because
861 * we don't actually mount anything immediately. */
862 &m);
863 if (r < 0) {
864 bool ok = r == -ENOPKG;
865 dissect_log_error(ok ? LOG_DEBUG : LOG_ERR, r, devname, NULL);
866 return ok ? 0 : r;
867 }
868
869 if (m->partitions[PARTITION_SWAP].found)
870 RET_GATHER(r, add_partition_swap(m->partitions + PARTITION_SWAP));
871
872 RET_GATHER(r, process_loader_partitions(m->partitions + PARTITION_ESP, m->partitions + PARTITION_XBOOTLDR));
873
874 if (m->partitions[PARTITION_HOME].found)
875 RET_GATHER(r, add_partition_mount(PARTITION_HOME, m->partitions + PARTITION_HOME,
876 "home", "/home", "Home Partition"));
877
878 if (m->partitions[PARTITION_SRV].found)
879 RET_GATHER(r, add_partition_mount(PARTITION_SRV, m->partitions + PARTITION_SRV,
880 "srv", "/srv", "Server Data Partition"));
881
882 if (m->partitions[PARTITION_VAR].found)
883 RET_GATHER(r, add_partition_mount(PARTITION_VAR, m->partitions + PARTITION_VAR,
884 "var", "/var", "Variable Data Partition"));
885
886 if (m->partitions[PARTITION_TMP].found)
887 RET_GATHER(r, add_partition_mount(PARTITION_TMP, m->partitions + PARTITION_TMP,
888 "var-tmp", "/var/tmp", "Temporary Data Partition"));
889
890 if (m->partitions[PARTITION_ROOT].found)
891 RET_GATHER(r, add_partition_root_flags(m->partitions + PARTITION_ROOT));
892
893 return r;
894 }
895
896 static int add_mounts(void) {
897 dev_t devno;
898 int r;
899
900 r = blockdev_get_root(LOG_ERR, &devno);
901 if (r < 0)
902 return r;
903 if (r == 0) {
904 log_debug("Skipping automatic GPT dissection logic, root file system not backed by a (single) whole block device.");
905 return 0;
906 }
907
908 return enumerate_partitions(devno);
909 }
910
911 static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
912 int r;
913
914 assert(key);
915
916 if (proc_cmdline_key_streq(key, "systemd.gpt_auto") ||
917 proc_cmdline_key_streq(key, "rd.systemd.gpt_auto")) {
918
919 r = value ? parse_boolean(value) : 1;
920 if (r < 0)
921 log_warning_errno(r, "Failed to parse gpt-auto switch \"%s\", ignoring: %m", value);
922 else
923 arg_enabled = r;
924
925 } else if (streq(key, "root")) {
926
927 if (proc_cmdline_value_missing(key, value))
928 return 0;
929
930 /* Disable root disk logic if there's a root= value
931 * specified (unless it happens to be "gpt-auto") */
932
933 if (!streq(value, "gpt-auto")) {
934 arg_root_enabled = false;
935 log_debug("Disabling root partition auto-detection, root= is defined.");
936 }
937
938 } else if (streq(key, "roothash")) {
939
940 if (proc_cmdline_value_missing(key, value))
941 return 0;
942
943 /* Disable root disk logic if there's roothash= defined (i.e. verity enabled) */
944
945 arg_root_enabled = false;
946
947 } else if (streq(key, "rootfstype")) {
948
949 if (proc_cmdline_value_missing(key, value))
950 return 0;
951
952 return free_and_strdup_warn(&arg_root_fstype, value);
953
954 } else if (streq(key, "rootflags")) {
955
956 if (proc_cmdline_value_missing(key, value))
957 return 0;
958
959 if (!strextend_with_separator(&arg_root_options, ",", value))
960 return log_oom();
961
962 } else if (streq(key, "rw") && !value)
963 arg_root_rw = true;
964 else if (streq(key, "ro") && !value)
965 arg_root_rw = false;
966 else if (proc_cmdline_key_streq(key, "systemd.image_policy"))
967 return parse_image_policy_argument(optarg, &arg_image_policy);
968
969 else if (streq(key, "systemd.swap")) {
970
971 r = value ? parse_boolean(value) : 1;
972 if (r < 0)
973 log_warning_errno(r, "Failed to parse swap switch \"%s\", ignoring: %m", value);
974 else
975 arg_swap_enabled = r;
976
977 if (!arg_swap_enabled)
978 log_debug("Disabling swap partitions auto-detection, systemd.swap=no is defined.");
979
980 }
981
982 return 0;
983 }
984
985 static int run(const char *dest, const char *dest_early, const char *dest_late) {
986 int r, k;
987
988 assert_se(arg_dest = dest_late);
989
990 if (detect_container() > 0) {
991 log_debug("In a container, exiting.");
992 return 0;
993 }
994
995 r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, 0);
996 if (r < 0)
997 log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
998
999 if (!arg_enabled) {
1000 log_debug("Disabled, exiting.");
1001 return 0;
1002 }
1003
1004 if (arg_root_enabled)
1005 r = add_root_mount();
1006
1007 if (!in_initrd()) {
1008 k = add_mounts();
1009 if (r >= 0)
1010 r = k;
1011 }
1012
1013 return r;
1014 }
1015
1016 DEFINE_MAIN_GENERATOR_FUNCTION(run);
Unnamed repository; edit this file 'description' to name the repository.