]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
1a14a53c | 2 | |
6b5cf3ea | 3 | #include <blkid.h> |
1a14a53c | 4 | #include <stdlib.h> |
1a14a53c | 5 | #include <sys/statfs.h> |
cf0fbc49 | 6 | #include <unistd.h> |
1a14a53c | 7 | |
85624f01 | 8 | #include "sd-device.h" |
07630cea LP |
9 | #include "sd-id128.h" |
10 | ||
b5efdb8a | 11 | #include "alloc-util.h" |
07630cea | 12 | #include "blkid-util.h" |
18c528e9 | 13 | #include "blockdev-util.h" |
07630cea | 14 | #include "btrfs-util.h" |
133432cc | 15 | #include "device-util.h" |
a0956174 | 16 | #include "dirent-util.h" |
72e18a98 | 17 | #include "dissect-image.h" |
07630cea | 18 | #include "efivars.h" |
3ffd4af2 | 19 | #include "fd-util.h" |
07630cea | 20 | #include "fileio.h" |
2bef2582 | 21 | #include "fs-util.h" |
07630cea LP |
22 | #include "fstab-util.h" |
23 | #include "generator.h" | |
24 | #include "gpt.h" | |
1a14a53c | 25 | #include "missing.h" |
07630cea | 26 | #include "mkdir.h" |
049af8ad | 27 | #include "mountpoint-util.h" |
6bedfcbb | 28 | #include "parse-util.h" |
07630cea | 29 | #include "path-util.h" |
4e731273 | 30 | #include "proc-cmdline.h" |
1a14a53c | 31 | #include "special.h" |
98bad05e | 32 | #include "specifier.h" |
8fcde012 | 33 | #include "stat-util.h" |
07630cea | 34 | #include "string-util.h" |
85624f01 | 35 | #include "strv.h" |
1a14a53c | 36 | #include "unit-name.h" |
07630cea | 37 | #include "util.h" |
9a5cb137 | 38 | #include "virt.h" |
1a14a53c | 39 | |
ec6e9597 | 40 | static const char *arg_dest = NULL; |
73b80ec2 LP |
41 | static bool arg_enabled = true; |
42 | static bool arg_root_enabled = true; | |
c94b2417 | 43 | static int arg_root_rw = -1; |
1a14a53c | 44 | |
01af8c01 | 45 | static int add_cryptsetup(const char *id, const char *what, bool rw, bool require, char **device) { |
2aa2860b | 46 | _cleanup_free_ char *e = NULL, *n = NULL, *d = NULL, *id_escaped = NULL, *what_escaped = NULL; |
1af72119 | 47 | _cleanup_fclose_ FILE *f = NULL; |
2aa2860b | 48 | const char *p; |
1af72119 LP |
49 | int r; |
50 | ||
51 | assert(id); | |
52 | assert(what); | |
1af72119 | 53 | |
7410616c LP |
54 | r = unit_name_from_path(what, ".device", &d); |
55 | if (r < 0) | |
56 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
1af72119 LP |
57 | |
58 | e = unit_name_escape(id); | |
59 | if (!e) | |
60 | return log_oom(); | |
61 | ||
7410616c LP |
62 | r = unit_name_build("systemd-cryptsetup", e, ".service", &n); |
63 | if (r < 0) | |
64 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
1af72119 | 65 | |
98bad05e LP |
66 | id_escaped = specifier_escape(id); |
67 | if (!id_escaped) | |
68 | return log_oom(); | |
69 | ||
70 | what_escaped = specifier_escape(what); | |
71 | if (!what_escaped) | |
72 | return log_oom(); | |
73 | ||
2aa2860b | 74 | p = strjoina(arg_dest, "/", n); |
1af72119 | 75 | f = fopen(p, "wxe"); |
4a62c710 MS |
76 | if (!f) |
77 | return log_error_errno(errno, "Failed to create unit file %s: %m", p); | |
1af72119 LP |
78 | |
79 | fprintf(f, | |
80 | "# Automatically generated by systemd-gpt-auto-generator\n\n" | |
81 | "[Unit]\n" | |
82 | "Description=Cryptography Setup for %%I\n" | |
c3834f9b | 83 | "Documentation=man:systemd-gpt-auto-generator(8) man:systemd-cryptsetup@.service(8)\n" |
1af72119 LP |
84 | "DefaultDependencies=no\n" |
85 | "Conflicts=umount.target\n" | |
86 | "BindsTo=dev-mapper-%%i.device %s\n" | |
87 | "Before=umount.target cryptsetup.target\n" | |
88 | "After=%s\n" | |
89 | "IgnoreOnIsolate=true\n" | |
1af72119 LP |
90 | "[Service]\n" |
91 | "Type=oneshot\n" | |
92 | "RemainAfterExit=yes\n" | |
93 | "TimeoutSec=0\n" /* the binary handles timeouts anyway */ | |
0b1f68ac | 94 | "KeyringMode=shared\n" /* make sure we can share cached keys among instances */ |
cca1dfdd | 95 | "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '' '%s'\n" |
1af72119 LP |
96 | "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n", |
97 | d, d, | |
98bad05e LP |
98 | id_escaped, what_escaped, rw ? "" : "read-only", |
99 | id_escaped); | |
1af72119 | 100 | |
dacd6cee LP |
101 | r = fflush_and_check(f); |
102 | if (r < 0) | |
103 | return log_error_errno(r, "Failed to write file %s: %m", p); | |
1af72119 | 104 | |
9cdcf368 ZJS |
105 | r = generator_add_symlink(arg_dest, d, "wants", n); |
106 | if (r < 0) | |
107 | return r; | |
1af72119 | 108 | |
01af8c01 | 109 | if (require) { |
9cdcf368 | 110 | const char *dmname; |
1af72119 | 111 | |
9cdcf368 ZJS |
112 | r = generator_add_symlink(arg_dest, "cryptsetup.target", "requires", n); |
113 | if (r < 0) | |
114 | return r; | |
01af8c01 | 115 | |
9cdcf368 ZJS |
116 | dmname = strjoina("dev-mapper-", e, ".device"); |
117 | r = generator_add_symlink(arg_dest, dmname, "requires", n); | |
118 | if (r < 0) | |
119 | return r; | |
01af8c01 | 120 | } |
1af72119 | 121 | |
2aa2860b | 122 | p = strjoina(arg_dest, "/dev-mapper-", e, ".device.d/50-job-timeout-sec-0.conf"); |
1af72119 LP |
123 | mkdir_parents_label(p, 0755); |
124 | r = write_string_file(p, | |
125 | "# Automatically generated by systemd-gpt-auto-generator\n\n" | |
126 | "[Unit]\n" | |
4c1fc3e4 DM |
127 | "JobTimeoutSec=0\n", |
128 | WRITE_STRING_FILE_CREATE); /* the binary handles timeouts anyway */ | |
23bbb0de MS |
129 | if (r < 0) |
130 | return log_error_errno(r, "Failed to write device drop-in: %m"); | |
1af72119 | 131 | |
2aa2860b ZJS |
132 | if (device) { |
133 | char *ret; | |
134 | ||
135 | ret = strappend("/dev/mapper/", id); | |
136 | if (!ret) | |
137 | return log_oom(); | |
1af72119 | 138 | |
01af8c01 | 139 | *device = ret; |
2aa2860b ZJS |
140 | } |
141 | ||
1af72119 LP |
142 | return 0; |
143 | } | |
144 | ||
73b80ec2 LP |
145 | static int add_mount( |
146 | const char *id, | |
147 | const char *what, | |
148 | const char *where, | |
149 | const char *fstype, | |
cca1dfdd | 150 | bool rw, |
59512f21 | 151 | const char *options, |
73b80ec2 LP |
152 | const char *description, |
153 | const char *post) { | |
154 | ||
9cdcf368 | 155 | _cleanup_free_ char *unit = NULL, *crypto_what = NULL, *p = NULL; |
1a14a53c | 156 | _cleanup_fclose_ FILE *f = NULL; |
e48fdd84 | 157 | int r; |
1a14a53c | 158 | |
98bad05e LP |
159 | /* Note that we don't apply specifier escaping on the input strings here, since we know they are not configured |
160 | * externally, but all originate from our own sources here, and hence we know they contain no % characters that | |
161 | * could potentially be understood as specifiers. */ | |
162 | ||
1af72119 LP |
163 | assert(id); |
164 | assert(what); | |
165 | assert(where); | |
1af72119 LP |
166 | assert(description); |
167 | ||
73b80ec2 | 168 | log_debug("Adding %s: %s %s", where, what, strna(fstype)); |
1a14a53c | 169 | |
73b80ec2 | 170 | if (streq_ptr(fstype, "crypto_LUKS")) { |
1af72119 | 171 | |
01af8c01 | 172 | r = add_cryptsetup(id, what, rw, true, &crypto_what); |
1af72119 LP |
173 | if (r < 0) |
174 | return r; | |
175 | ||
176 | what = crypto_what; | |
177 | fstype = NULL; | |
178 | } | |
179 | ||
7410616c LP |
180 | r = unit_name_from_path(where, ".mount", &unit); |
181 | if (r < 0) | |
182 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
1a14a53c | 183 | |
605405c6 | 184 | p = strjoin(arg_dest, "/", unit); |
e48fdd84 LP |
185 | if (!p) |
186 | return log_oom(); | |
187 | ||
188 | f = fopen(p, "wxe"); | |
4a62c710 MS |
189 | if (!f) |
190 | return log_error_errno(errno, "Failed to create unit file %s: %m", unit); | |
1a14a53c LP |
191 | |
192 | fprintf(f, | |
193 | "# Automatically generated by systemd-gpt-auto-generator\n\n" | |
194 | "[Unit]\n" | |
c3834f9b LP |
195 | "Description=%s\n" |
196 | "Documentation=man:systemd-gpt-auto-generator(8)\n", | |
e48fdd84 LP |
197 | description); |
198 | ||
73b80ec2 LP |
199 | if (post) |
200 | fprintf(f, "Before=%s\n", post); | |
201 | ||
e48fdd84 LP |
202 | r = generator_write_fsck_deps(f, arg_dest, what, where, fstype); |
203 | if (r < 0) | |
204 | return r; | |
205 | ||
206 | fprintf(f, | |
207 | "\n" | |
1a14a53c LP |
208 | "[Mount]\n" |
209 | "What=%s\n" | |
1af72119 LP |
210 | "Where=%s\n", |
211 | what, where); | |
212 | ||
73b80ec2 LP |
213 | if (fstype) |
214 | fprintf(f, "Type=%s\n", fstype); | |
215 | ||
59512f21 KS |
216 | if (options) |
217 | fprintf(f, "Options=%s,%s\n", options, rw ? "rw" : "ro"); | |
218 | else | |
219 | fprintf(f, "Options=%s\n", rw ? "rw" : "ro"); | |
1a14a53c | 220 | |
dacd6cee LP |
221 | r = fflush_and_check(f); |
222 | if (r < 0) | |
223 | return log_error_errno(r, "Failed to write unit file %s: %m", p); | |
1a14a53c | 224 | |
9cdcf368 ZJS |
225 | if (post) |
226 | return generator_add_symlink(arg_dest, post, "requires", unit); | |
1a14a53c LP |
227 | return 0; |
228 | } | |
229 | ||
e137880b | 230 | static int path_is_busy(const char *where) { |
59512f21 KS |
231 | int r; |
232 | ||
233 | /* already a mountpoint; generators run during reload */ | |
e1873695 | 234 | r = path_is_mount_point(where, NULL, AT_SYMLINK_FOLLOW); |
59512f21 KS |
235 | if (r > 0) |
236 | return false; | |
237 | ||
238 | /* the directory might not exist on a stateless system */ | |
239 | if (r == -ENOENT) | |
240 | return false; | |
241 | ||
242 | if (r < 0) | |
e137880b | 243 | return log_warning_errno(r, "Cannot check if \"%s\" is a mount point: %m", where); |
59512f21 KS |
244 | |
245 | /* not a mountpoint but it contains files */ | |
e137880b ZJS |
246 | r = dir_is_empty(where); |
247 | if (r < 0) | |
248 | return log_warning_errno(r, "Cannot check if \"%s\" is empty: %m", where); | |
249 | if (r > 0) | |
250 | return false; | |
59512f21 | 251 | |
e137880b ZJS |
252 | log_debug("\"%s\" already populated, ignoring.", where); |
253 | return true; | |
59512f21 KS |
254 | } |
255 | ||
72e18a98 LP |
256 | static int add_partition_mount( |
257 | DissectedPartition *p, | |
61331eab | 258 | const char *id, |
61331eab | 259 | const char *where, |
72e18a98 | 260 | const char *description) { |
61331eab | 261 | |
e137880b | 262 | int r; |
72e18a98 | 263 | assert(p); |
61331eab | 264 | |
e137880b ZJS |
265 | r = path_is_busy(where); |
266 | if (r != 0) | |
267 | return r < 0 ? r : 0; | |
61331eab | 268 | |
61331eab LP |
269 | return add_mount( |
270 | id, | |
72e18a98 | 271 | p->node, |
61331eab | 272 | where, |
72e18a98 LP |
273 | p->fstype, |
274 | p->rw, | |
59512f21 | 275 | NULL, |
61331eab | 276 | description, |
72e18a98 | 277 | SPECIAL_LOCAL_FS_TARGET); |
61331eab LP |
278 | } |
279 | ||
59512f21 | 280 | static int add_swap(const char *path) { |
9cdcf368 | 281 | _cleanup_free_ char *name = NULL, *unit = NULL; |
59512f21 KS |
282 | _cleanup_fclose_ FILE *f = NULL; |
283 | int r; | |
284 | ||
285 | assert(path); | |
286 | ||
fc5bc384 FB |
287 | /* Disable the swap auto logic if at least one swap is defined in /etc/fstab, see #6192. */ |
288 | r = fstab_has_fstype("swap"); | |
289 | if (r < 0) | |
290 | return log_error_errno(r, "Failed to parse fstab: %m"); | |
1a680ae3 | 291 | if (r > 0) { |
fc5bc384 FB |
292 | log_debug("swap specified in fstab, ignoring."); |
293 | return 0; | |
294 | } | |
295 | ||
59512f21 KS |
296 | log_debug("Adding swap: %s", path); |
297 | ||
298 | r = unit_name_from_path(path, ".swap", &name); | |
299 | if (r < 0) | |
300 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
301 | ||
605405c6 | 302 | unit = strjoin(arg_dest, "/", name); |
59512f21 KS |
303 | if (!unit) |
304 | return log_oom(); | |
305 | ||
306 | f = fopen(unit, "wxe"); | |
307 | if (!f) | |
308 | return log_error_errno(errno, "Failed to create unit file %s: %m", unit); | |
309 | ||
310 | fprintf(f, | |
311 | "# Automatically generated by systemd-gpt-auto-generator\n\n" | |
312 | "[Unit]\n" | |
313 | "Description=Swap Partition\n" | |
314 | "Documentation=man:systemd-gpt-auto-generator(8)\n\n" | |
315 | "[Swap]\n" | |
316 | "What=%s\n", | |
317 | path); | |
318 | ||
dacd6cee LP |
319 | r = fflush_and_check(f); |
320 | if (r < 0) | |
321 | return log_error_errno(r, "Failed to write unit file %s: %m", unit); | |
59512f21 | 322 | |
9cdcf368 | 323 | return generator_add_symlink(arg_dest, SPECIAL_SWAP_TARGET, "wants", name); |
59512f21 KS |
324 | } |
325 | ||
7a1494aa TG |
326 | static int add_automount( |
327 | const char *id, | |
328 | const char *what, | |
329 | const char *where, | |
330 | const char *fstype, | |
331 | bool rw, | |
332 | const char *options, | |
333 | const char *description, | |
334 | usec_t timeout) { | |
335 | ||
9cdcf368 | 336 | _cleanup_free_ char *unit = NULL; |
7a1494aa | 337 | _cleanup_fclose_ FILE *f = NULL; |
2aa2860b | 338 | const char *opt = "noauto", *p; |
7a1494aa TG |
339 | int r; |
340 | ||
341 | assert(id); | |
342 | assert(where); | |
343 | assert(description); | |
344 | ||
345 | if (options) | |
2aa2860b | 346 | opt = strjoina(options, ",", opt); |
7a1494aa TG |
347 | |
348 | r = add_mount(id, | |
349 | what, | |
350 | where, | |
351 | fstype, | |
352 | rw, | |
353 | opt, | |
354 | description, | |
355 | NULL); | |
356 | if (r < 0) | |
357 | return r; | |
358 | ||
359 | r = unit_name_from_path(where, ".automount", &unit); | |
360 | if (r < 0) | |
361 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
362 | ||
2aa2860b | 363 | p = strjoina(arg_dest, "/", unit); |
7a1494aa TG |
364 | f = fopen(p, "wxe"); |
365 | if (!f) | |
366 | return log_error_errno(errno, "Failed to create unit file %s: %m", unit); | |
367 | ||
368 | fprintf(f, | |
369 | "# Automatically generated by systemd-gpt-auto-generator\n\n" | |
370 | "[Unit]\n" | |
371 | "Description=%s\n" | |
372 | "Documentation=man:systemd-gpt-auto-generator(8)\n" | |
373 | "[Automount]\n" | |
374 | "Where=%s\n" | |
70887c5f | 375 | "TimeoutIdleSec="USEC_FMT"\n", |
7a1494aa TG |
376 | description, |
377 | where, | |
70887c5f | 378 | timeout / USEC_PER_SEC); |
7a1494aa TG |
379 | |
380 | r = fflush_and_check(f); | |
381 | if (r < 0) | |
382 | return log_error_errno(r, "Failed to write unit file %s: %m", p); | |
383 | ||
9cdcf368 | 384 | return generator_add_symlink(arg_dest, SPECIAL_LOCAL_FS_TARGET, "wants", unit); |
7a1494aa TG |
385 | } |
386 | ||
9f1cb0c1 LP |
387 | static int add_xbootldr(DissectedPartition *p) { |
388 | int r; | |
389 | ||
390 | assert(p); | |
391 | ||
392 | if (in_initrd()) { | |
393 | log_debug("In initrd, ignoring the XBOOTLDR partition."); | |
394 | return 0; | |
395 | } | |
396 | ||
397 | r = fstab_is_mount_point("/boot"); | |
398 | if (r < 0) | |
399 | return log_error_errno(r, "Failed to parse fstab: %m"); | |
400 | if (r > 0) { | |
401 | log_debug("/boot specified in fstab, ignoring XBOOTLDR partition."); | |
402 | return 0; | |
403 | } | |
404 | ||
405 | r = path_is_busy("/boot"); | |
406 | if (r < 0) | |
407 | return r; | |
408 | if (r > 0) | |
409 | return 0; | |
410 | ||
411 | return add_automount("boot", | |
412 | p->node, | |
413 | "/boot", | |
414 | p->fstype, | |
415 | true, | |
416 | "umask=0077", | |
417 | "Boot Loader Partition", | |
418 | 120 * USEC_PER_SEC); | |
419 | } | |
420 | ||
421 | #if ENABLE_EFI | |
422 | static int add_esp(DissectedPartition *p, bool has_xbootldr) { | |
423 | const char *esp_path = NULL, *id = NULL; | |
59512f21 KS |
424 | int r; |
425 | ||
72e18a98 | 426 | assert(p); |
59512f21 | 427 | |
59512f21 | 428 | if (in_initrd()) { |
b52a109a | 429 | log_debug("In initrd, ignoring the ESP."); |
59512f21 KS |
430 | return 0; |
431 | } | |
432 | ||
9f1cb0c1 LP |
433 | /* If /efi exists we'll use that. Otherwise we'll use /boot, as that's usually the better choice, but |
434 | * only if there's no explicit XBOOTLDR partition around. */ | |
435 | if (access("/efi", F_OK) < 0) { | |
436 | if (errno != ENOENT) | |
437 | return log_error_errno(errno, "Failed to determine whether /efi exists: %m"); | |
438 | ||
439 | /* Use /boot as fallback, but only if there's no XBOOTLDR partition */ | |
440 | if (!has_xbootldr) { | |
441 | esp_path = "/boot"; | |
442 | id = "boot"; | |
443 | } | |
444 | } | |
445 | if (!esp_path) | |
446 | esp_path = "/efi"; | |
447 | if (!id) | |
448 | id = "efi"; | |
59512f21 | 449 | |
0b6b6787 | 450 | /* We create an .automount which is not overridden by the .mount from the fstab generator. */ |
9f1cb0c1 | 451 | r = fstab_is_mount_point(esp_path); |
b9088048 FB |
452 | if (r < 0) |
453 | return log_error_errno(r, "Failed to parse fstab: %m"); | |
39b6a511 | 454 | if (r > 0) { |
9f1cb0c1 | 455 | log_debug("%s specified in fstab, ignoring.", esp_path); |
59512f21 KS |
456 | return 0; |
457 | } | |
458 | ||
9f1cb0c1 LP |
459 | r = path_is_busy(esp_path); |
460 | if (r < 0) | |
461 | return r; | |
462 | if (r > 0) | |
463 | return 0; | |
59512f21 | 464 | |
7ba25ab5 | 465 | if (is_efi_boot()) { |
72e18a98 | 466 | sd_id128_t loader_uuid; |
59512f21 | 467 | |
7ba25ab5 | 468 | /* If this is an EFI boot, be extra careful, and only mount the ESP if it was the ESP used for booting. */ |
59512f21 | 469 | |
7ba25ab5 LP |
470 | r = efi_loader_get_device_part_uuid(&loader_uuid); |
471 | if (r == -ENOENT) { | |
472 | log_debug("EFI loader partition unknown."); | |
473 | return 0; | |
474 | } | |
e28973ee ZJS |
475 | if (r < 0) |
476 | return log_error_errno(r, "Failed to read ESP partition UUID: %m"); | |
7ba25ab5 | 477 | |
72e18a98 | 478 | if (!sd_id128_equal(p->uuid, loader_uuid)) { |
9f1cb0c1 | 479 | log_debug("Partition for %s does not appear to be the partition we are booted from.", p->node); |
7ba25ab5 LP |
480 | return 0; |
481 | } | |
482 | } else | |
483 | log_debug("Not an EFI boot, skipping ESP check."); | |
484 | ||
9f1cb0c1 | 485 | return add_automount(id, |
72e18a98 | 486 | p->node, |
9f1cb0c1 | 487 | esp_path, |
72e18a98 LP |
488 | p->fstype, |
489 | true, | |
490 | "umask=0077", | |
491 | "EFI System Partition Automount", | |
492 | 120 * USEC_PER_SEC); | |
7a1494aa | 493 | } |
59512f21 | 494 | #else |
9f1cb0c1 | 495 | static int add_esp(DissectedPartition *p, bool has_xbootldr) { |
59512f21 | 496 | return 0; |
59512f21 | 497 | } |
7a1494aa | 498 | #endif |
59512f21 | 499 | |
fd89051e LP |
500 | static int add_root_rw(DissectedPartition *p) { |
501 | const char *path; | |
502 | int r; | |
503 | ||
504 | assert(p); | |
505 | ||
506 | if (in_initrd()) { | |
507 | log_debug("In initrd, not generating drop-in for systemd-remount-fs.service."); | |
508 | return 0; | |
509 | } | |
510 | ||
511 | if (arg_root_rw >= 0) { | |
512 | log_debug("Parameter ro/rw specified on kernel command line, not generating drop-in for systemd-remount-fs.service."); | |
513 | return 0; | |
514 | } | |
515 | ||
516 | if (!p->rw) { | |
517 | log_debug("Root partition marked read-only in GPT partition table, not generating drop-in for systemd-remount-fs.service."); | |
518 | return 0; | |
519 | } | |
520 | ||
9b69569d ZJS |
521 | (void) generator_enable_remount_fs_service(arg_dest); |
522 | ||
fd89051e | 523 | path = strjoina(arg_dest, "/systemd-remount-fs.service.d/50-remount-rw.conf"); |
fd89051e LP |
524 | |
525 | r = write_string_file(path, | |
526 | "# Automatically generated by systemd-gpt-generator\n\n" | |
fd89051e LP |
527 | "[Service]\n" |
528 | "Environment=SYSTEMD_REMOUNT_ROOT_RW=1\n", | |
e82e549f | 529 | WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_NOFOLLOW|WRITE_STRING_FILE_MKDIR_0755); |
fd89051e LP |
530 | if (r < 0) |
531 | return log_error_errno(r, "Failed to write drop-in file %s: %m", path); | |
532 | ||
533 | return 0; | |
534 | } | |
535 | ||
46c82d49 | 536 | static int open_parent_devno(dev_t devnum, int *ret) { |
85624f01 | 537 | _cleanup_(sd_device_unrefp) sd_device *d = NULL; |
72e18a98 | 538 | const char *name, *devtype, *node; |
85624f01 | 539 | sd_device *parent; |
61331eab | 540 | dev_t pn; |
85624f01 | 541 | int fd, r; |
72e18a98 LP |
542 | |
543 | assert(ret); | |
1a14a53c | 544 | |
85624f01 YW |
545 | r = sd_device_new_from_devnum(&d, 'b', devnum); |
546 | if (r < 0) | |
547 | return log_debug_errno(r, "Failed to open device: %m"); | |
1a14a53c | 548 | |
85624f01 YW |
549 | if (sd_device_get_devname(d, &name) < 0) { |
550 | r = sd_device_get_syspath(d, &name); | |
551 | if (r < 0) { | |
133432cc | 552 | log_device_debug_errno(d, r, "Device %u:%u does not have a name, ignoring: %m", major(devnum), minor(devnum)); |
8090b41e | 553 | return 0; |
85624f01 | 554 | } |
d2a62382 ZJS |
555 | } |
556 | ||
85624f01 YW |
557 | r = sd_device_get_parent(d, &parent); |
558 | if (r < 0) { | |
133432cc | 559 | log_device_debug_errno(d, r, "Not a partitioned device, ignoring: %m"); |
8090b41e | 560 | return 0; |
fa041593 | 561 | } |
1a14a53c | 562 | |
61331eab | 563 | /* Does it have a devtype? */ |
85624f01 YW |
564 | r = sd_device_get_devtype(parent, &devtype); |
565 | if (r < 0) { | |
133432cc | 566 | log_device_debug_errno(parent, r, "Parent doesn't have a device type, ignoring: %m"); |
8090b41e | 567 | return 0; |
fa041593 | 568 | } |
61331eab LP |
569 | |
570 | /* Is this a disk or a partition? We only care for disks... */ | |
fa041593 | 571 | if (!streq(devtype, "disk")) { |
133432cc | 572 | log_device_debug(parent, "Parent isn't a raw disk, ignoring."); |
8090b41e | 573 | return 0; |
fa041593 | 574 | } |
61331eab LP |
575 | |
576 | /* Does it have a device node? */ | |
85624f01 YW |
577 | r = sd_device_get_devname(parent, &node); |
578 | if (r < 0) { | |
133432cc | 579 | log_device_debug_errno(parent, r, "Parent device does not have device node, ignoring: %m"); |
8090b41e | 580 | return 0; |
fa041593 | 581 | } |
61331eab | 582 | |
133432cc | 583 | log_device_debug(d, "Root device %s.", node); |
61331eab | 584 | |
85624f01 YW |
585 | r = sd_device_get_devnum(parent, &pn); |
586 | if (r < 0) { | |
133432cc | 587 | log_device_debug_errno(parent, r, "Parent device is not a proper block device, ignoring: %m"); |
8090b41e | 588 | return 0; |
61331eab LP |
589 | } |
590 | ||
72e18a98 LP |
591 | fd = open(node, O_RDONLY|O_CLOEXEC|O_NOCTTY); |
592 | if (fd < 0) | |
593 | return log_error_errno(errno, "Failed to open %s: %m", node); | |
61331eab | 594 | |
72e18a98 LP |
595 | *ret = fd; |
596 | return 1; | |
72e18a98 | 597 | } |
cb971249 | 598 | |
72e18a98 | 599 | static int enumerate_partitions(dev_t devnum) { |
72e18a98 LP |
600 | _cleanup_close_ int fd = -1; |
601 | _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL; | |
602 | int r, k; | |
61331eab | 603 | |
46c82d49 | 604 | r = open_parent_devno(devnum, &fd); |
72e18a98 LP |
605 | if (r <= 0) |
606 | return r; | |
61331eab | 607 | |
052eaf5c | 608 | r = dissect_image(fd, NULL, 0, DISSECT_IMAGE_GPT_ONLY|DISSECT_IMAGE_NO_UDEV, &m); |
72e18a98 LP |
609 | if (r == -ENOPKG) { |
610 | log_debug_errno(r, "No suitable partition table found, ignoring."); | |
611 | return 0; | |
61331eab | 612 | } |
23bbb0de | 613 | if (r < 0) |
72e18a98 | 614 | return log_error_errno(r, "Failed to dissect: %m"); |
0238d4c6 | 615 | |
72e18a98 LP |
616 | if (m->partitions[PARTITION_SWAP].found) { |
617 | k = add_swap(m->partitions[PARTITION_SWAP].node); | |
618 | if (k < 0) | |
619 | r = k; | |
1a14a53c LP |
620 | } |
621 | ||
9f1cb0c1 LP |
622 | if (m->partitions[PARTITION_XBOOTLDR].found) { |
623 | k = add_xbootldr(m->partitions + PARTITION_XBOOTLDR); | |
624 | if (k < 0) | |
625 | r = k; | |
626 | } | |
627 | ||
72e18a98 | 628 | if (m->partitions[PARTITION_ESP].found) { |
9f1cb0c1 | 629 | k = add_esp(m->partitions + PARTITION_ESP, m->partitions[PARTITION_XBOOTLDR].found); |
59512f21 KS |
630 | if (k < 0) |
631 | r = k; | |
632 | } | |
633 | ||
72e18a98 LP |
634 | if (m->partitions[PARTITION_HOME].found) { |
635 | k = add_partition_mount(m->partitions + PARTITION_HOME, "home", "/home", "Home Partition"); | |
73b80ec2 LP |
636 | if (k < 0) |
637 | r = k; | |
638 | } | |
e48fdd84 | 639 | |
72e18a98 LP |
640 | if (m->partitions[PARTITION_SRV].found) { |
641 | k = add_partition_mount(m->partitions + PARTITION_SRV, "srv", "/srv", "Server Data Partition"); | |
73b80ec2 LP |
642 | if (k < 0) |
643 | r = k; | |
644 | } | |
1a14a53c | 645 | |
fd89051e LP |
646 | if (m->partitions[PARTITION_ROOT].found) { |
647 | k = add_root_rw(m->partitions + PARTITION_ROOT); | |
648 | if (k < 0) | |
649 | r = k; | |
650 | } | |
651 | ||
1a14a53c LP |
652 | return r; |
653 | } | |
654 | ||
96287a49 | 655 | static int parse_proc_cmdline_item(const char *key, const char *value, void *data) { |
73b80ec2 | 656 | int r; |
1a14a53c | 657 | |
73b80ec2 | 658 | assert(key); |
1a14a53c | 659 | |
8a9c44ed LP |
660 | if (proc_cmdline_key_streq(key, "systemd.gpt_auto") || |
661 | proc_cmdline_key_streq(key, "rd.systemd.gpt_auto")) { | |
1a14a53c | 662 | |
1d84ad94 | 663 | r = value ? parse_boolean(value) : 1; |
73b80ec2 | 664 | if (r < 0) |
0a1b9449 | 665 | log_warning_errno(r, "Failed to parse gpt-auto switch \"%s\", ignoring: %m", value); |
8086ffac ZJS |
666 | else |
667 | arg_enabled = r; | |
1a14a53c | 668 | |
8a9c44ed | 669 | } else if (proc_cmdline_key_streq(key, "root")) { |
1d84ad94 LP |
670 | |
671 | if (proc_cmdline_value_missing(key, value)) | |
672 | return 0; | |
73b80ec2 LP |
673 | |
674 | /* Disable root disk logic if there's a root= value | |
675 | * specified (unless it happens to be "gpt-auto") */ | |
676 | ||
677 | arg_root_enabled = streq(value, "gpt-auto"); | |
678 | ||
8a9c44ed | 679 | } else if (proc_cmdline_key_streq(key, "roothash")) { |
2f3dfc6f LP |
680 | |
681 | if (proc_cmdline_value_missing(key, value)) | |
682 | return 0; | |
683 | ||
684 | /* Disable root disk logic if there's roothash= defined (i.e. verity enabled) */ | |
685 | ||
686 | arg_root_enabled = false; | |
687 | ||
8a9c44ed | 688 | } else if (proc_cmdline_key_streq(key, "rw") && !value) |
73b80ec2 | 689 | arg_root_rw = true; |
8a9c44ed | 690 | else if (proc_cmdline_key_streq(key, "ro") && !value) |
73b80ec2 | 691 | arg_root_rw = false; |
73b80ec2 LP |
692 | |
693 | return 0; | |
694 | } | |
695 | ||
349cc4a5 | 696 | #if ENABLE_EFI |
01af8c01 LP |
697 | static int add_root_cryptsetup(void) { |
698 | ||
699 | /* If a device /dev/gpt-auto-root-luks appears, then make it pull in systemd-cryptsetup-root.service, which | |
700 | * sets it up, and causes /dev/gpt-auto-root to appear which is all we are looking for. */ | |
701 | ||
702 | return add_cryptsetup("root", "/dev/gpt-auto-root-luks", true, false, NULL); | |
703 | } | |
704 | #endif | |
705 | ||
73b80ec2 LP |
706 | static int add_root_mount(void) { |
707 | ||
349cc4a5 | 708 | #if ENABLE_EFI |
73b80ec2 LP |
709 | int r; |
710 | ||
711 | if (!is_efi_boot()) { | |
712 | log_debug("Not a EFI boot, not creating root mount."); | |
713 | return 0; | |
9a5cb137 ZJS |
714 | } |
715 | ||
73b80ec2 LP |
716 | r = efi_loader_get_device_part_uuid(NULL); |
717 | if (r == -ENOENT) { | |
718 | log_debug("EFI loader partition unknown, exiting."); | |
719 | return 0; | |
23bbb0de MS |
720 | } else if (r < 0) |
721 | return log_error_errno(r, "Failed to read ESP partition UUID: %m"); | |
1a14a53c | 722 | |
73b80ec2 LP |
723 | /* OK, we have an ESP partition, this is fantastic, so let's |
724 | * wait for a root device to show up. A udev rule will create | |
725 | * the link for us under the right name. */ | |
726 | ||
7163e1ca DD |
727 | if (in_initrd()) { |
728 | r = generator_write_initrd_root_device_deps(arg_dest, "/dev/gpt-auto-root"); | |
729 | if (r < 0) | |
730 | return 0; | |
01af8c01 LP |
731 | |
732 | r = add_root_cryptsetup(); | |
733 | if (r < 0) | |
734 | return r; | |
7163e1ca DD |
735 | } |
736 | ||
9b69569d ZJS |
737 | /* Note that we do not need to enable systemd-remount-fs.service here. If |
738 | * /etc/fstab exists, systemd-fstab-generator will pull it in for us. */ | |
739 | ||
73b80ec2 LP |
740 | return add_mount( |
741 | "root", | |
98b2f766 | 742 | "/dev/gpt-auto-root", |
73b80ec2 LP |
743 | in_initrd() ? "/sysroot" : "/", |
744 | NULL, | |
c94b2417 | 745 | arg_root_rw > 0, |
59512f21 | 746 | NULL, |
73b80ec2 LP |
747 | "Root Partition", |
748 | in_initrd() ? SPECIAL_INITRD_ROOT_FS_TARGET : SPECIAL_LOCAL_FS_TARGET); | |
749 | #else | |
750 | return 0; | |
751 | #endif | |
752 | } | |
753 | ||
754 | static int add_mounts(void) { | |
73b80ec2 LP |
755 | dev_t devno; |
756 | int r; | |
757 | ||
c6ba0c18 | 758 | r = get_block_device_harder("/", &devno); |
23bbb0de MS |
759 | if (r < 0) |
760 | return log_error_errno(r, "Failed to determine block device of root file system: %m"); | |
57ab9f89 | 761 | if (r == 0) { |
c6ba0c18 | 762 | r = get_block_device_harder("/usr", &devno); |
eafe88e3 TH |
763 | if (r < 0) |
764 | return log_error_errno(r, "Failed to determine block device of /usr file system: %m"); | |
57ab9f89 | 765 | if (r == 0) { |
2bef2582 LP |
766 | _cleanup_free_ char *p = NULL; |
767 | mode_t m; | |
768 | ||
769 | /* If the root mount has been replaced by some form of volatile file system (overlayfs), the | |
770 | * original root block device node is symlinked in /run/systemd/volatile-root. Let's read that | |
771 | * here. */ | |
772 | r = readlink_malloc("/run/systemd/volatile-root", &p); | |
773 | if (r == -ENOENT) { | |
774 | log_debug("Neither root nor /usr file system are on a (single) block device."); | |
775 | return 0; | |
776 | } | |
777 | if (r < 0) | |
778 | return log_error_errno(r, "Failed to read symlink /run/systemd/volatile-root: %m"); | |
779 | ||
780 | r = device_path_parse_major_minor(p, &m, &devno); | |
781 | if (r < 0) | |
782 | return log_error_errno(r, "Failed to parse major/minor device node: %m"); | |
783 | if (!S_ISBLK(m)) | |
784 | return log_error_errno(SYNTHETIC_ERRNO(ENOTBLK), "Volatile root device is of wrong type."); | |
eafe88e3 | 785 | } |
3db604b9 LP |
786 | } |
787 | ||
61331eab | 788 | return enumerate_partitions(devno); |
73b80ec2 LP |
789 | } |
790 | ||
ec6e9597 | 791 | static int run(const char *dest, const char *dest_early, const char *dest_late) { |
8f50e86a | 792 | int r, k; |
73b80ec2 | 793 | |
ec6e9597 | 794 | assert_se(arg_dest = dest_late); |
73b80ec2 | 795 | |
75f86906 | 796 | if (detect_container() > 0) { |
73b80ec2 | 797 | log_debug("In a container, exiting."); |
ec6e9597 | 798 | return 0; |
1a14a53c | 799 | } |
3db604b9 | 800 | |
1d84ad94 | 801 | r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, 0); |
b5884878 | 802 | if (r < 0) |
da927ba9 | 803 | log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m"); |
1a14a53c | 804 | |
73b80ec2 LP |
805 | if (!arg_enabled) { |
806 | log_debug("Disabled, exiting."); | |
ec6e9597 | 807 | return 0; |
73b80ec2 LP |
808 | } |
809 | ||
810 | if (arg_root_enabled) | |
811 | r = add_root_mount(); | |
812 | ||
813 | if (!in_initrd()) { | |
73b80ec2 | 814 | k = add_mounts(); |
ec6e9597 | 815 | if (r >= 0) |
73b80ec2 LP |
816 | r = k; |
817 | } | |
818 | ||
ec6e9597 | 819 | return r; |
1a14a53c | 820 | } |
ec6e9597 ZJS |
821 | |
822 | DEFINE_MAIN_GENERATOR_FUNCTION(run); |