]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/gpt-auto-generator/gpt-auto-generator.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
TEST-55-OOMD: Verify that ExecStopPost= runs on oom-kill
[thirdparty/systemd.git] / src / gpt-auto-generator / gpt-auto-generator.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
1a14a53c 2
41bc4849 3#include <sys/file.h>
1a14a53c 4
07630cea
LP		 5#include "sd-id128.h"
6
b5efdb8a 7#include "alloc-util.h"
18c528e9 8#include "blockdev-util.h"
133432cc 9#include "device-util.h"
7176f06c 10#include "devnum-util.h"
72e18a98 11#include "dissect-image.h"
1fac34b9 12#include "dropin.h"
0bb2f0f1 13#include "efi-loader.h"
8857aa74
DDM		 14#include "efivars.h"
15#include "errno-util.h"
1c0b8270 16#include "factory-reset.h"
3ffd4af2 17#include "fd-util.h"
07630cea
LP		 18#include "fileio.h"
19#include "fstab-util.h"
20#include "generator.h"
21#include "gpt.h"
a8211e88 22#include "hexdecoct.h"
84be0c71 23#include "image-policy.h"
baa6a42d 24#include "initrd-util.h"
8857aa74 25#include "loop-util.h"
049af8ad 26#include "mountpoint-util.h"
6bedfcbb 27#include "parse-util.h"
07630cea 28#include "path-util.h"
4e731273 29#include "proc-cmdline.h"
1a14a53c 30#include "special.h"
8fcde012 31#include "stat-util.h"
07630cea 32#include "string-util.h"
85624f01 33#include "strv.h"
8857aa74 34#include "time-util.h"
1a14a53c 35#include "unit-name.h"
9a5cb137 36#include "virt.h"
1a14a53c 37
f872373a
LP		 38typedef enum MountPointFlags {
39 MOUNT_RW = 1 << 0,
40 MOUNT_GROWFS = 1 << 1,
41 MOUNT_MEASURE = 1 << 2,
42 MOUNT_VALIDATEFS = 1 << 3,
43} MountPointFlags;
44
ec6e9597 45static const char *arg_dest = NULL;
e5d2701b 46static const char *arg_dest_late = NULL;
73b80ec2 47static bool arg_enabled = true;
14ab9aaf 48static GptAutoRoot arg_auto_root = _GPT_AUTO_ROOT_INVALID;
7852e301 49static GptAutoRoot arg_auto_usr = _GPT_AUTO_ROOT_INVALID;
a8211e88 50static VeritySettings arg_verity_settings = VERITY_SETTINGS_DEFAULT;
9a2982b6 51static bool arg_swap_enabled = true;
cf451f38
LP		 52static char *arg_root_fstype = NULL;
53static char *arg_root_options = NULL;
c94b2417 54static int arg_root_rw = -1;
7852e301
LP		 55static char *arg_usr_fstype = NULL;
56static char *arg_usr_options = NULL;
84be0c71 57static ImagePolicy *arg_image_policy = NULL;
74cfd092 58static ImageFilter *arg_image_filter = NULL;
84be0c71 59
cf451f38
LP		 60STATIC_DESTRUCTOR_REGISTER(arg_root_fstype, freep);
61STATIC_DESTRUCTOR_REGISTER(arg_root_options, freep);
7852e301
LP		 62STATIC_DESTRUCTOR_REGISTER(arg_usr_fstype, freep);
63STATIC_DESTRUCTOR_REGISTER(arg_usr_options, freep);
cec81b23
AAF		 64STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep);
65STATIC_DESTRUCTOR_REGISTER(arg_image_filter, image_filter_freep);
cf451f38 66
756b6749
MY		 67#define LOADER_PARTITION_IDLE_USEC (120 * USEC_PER_SEC)
68
06648fa9
LP		 69static int add_cryptsetup(
70 const char *id,
71 const char *what,
f4a65d5f 72 const char *mount_opts,
f872373a 73 MountPointFlags flags,
06648fa9
LP		 74 bool require,
75 char **ret_device) {
76
5b137503 77#if HAVE_LIBCRYPTSETUP
ff386f98 78 _cleanup_free_ char *e = NULL, *n = NULL, *d = NULL, *options = NULL;
1af72119 79 _cleanup_fclose_ FILE *f = NULL;
1af72119
LP		 80 int r;
81
82 assert(id);
83 assert(what);
1af72119 84
7410616c
LP		 85 r = unit_name_from_path(what, ".device", &d);
86 if (r < 0)
87 return log_error_errno(r, "Failed to generate unit name: %m");
1af72119
LP		 88
89 e = unit_name_escape(id);
90 if (!e)
91 return log_oom();
92
7410616c
LP		 93 r = unit_name_build("systemd-cryptsetup", e, ".service", &n);
94 if (r < 0)
95 return log_error_errno(r, "Failed to generate unit name: %m");
1af72119 96
e5d2701b 97 r = generator_open_unit_file(arg_dest_late, /* source = */ NULL, n, &f);
a7e88558
LP		 98 if (r < 0)
99 return r;
98bad05e 100
a7e88558
LP		 101 r = generator_write_cryptsetup_unit_section(f, NULL);
102 if (r < 0)
103 return r;
1af72119
LP		 104
105 fprintf(f,
1af72119 106 "Before=umount.target cryptsetup.target\n"
a7e88558
LP		 107 "Conflicts=umount.target\n"
108 "BindsTo=%s\n"
109 "After=%s\n",
110 d, d);
111
f872373a 112 if (!FLAGS_SET(flags, MOUNT_RW)) {
ff386f98
LP		 113 options = strdup("read-only");
114 if (!options)
115 return log_oom();
116 }
117
0d5f59a2
LP		 118 r = efi_measured_uki(LOG_WARNING);
119 if (r > 0)
120 /* Enable TPM2 based unlocking automatically, if we have a TPM. See #30176. */
121 if (!strextend_with_separator(&options, ",", "tpm2-device=auto"))
122 return log_oom();
123
f872373a 124 if (FLAGS_SET(flags, MOUNT_MEASURE)) {
ff386f98
LP		 125 /* We only measure the root volume key into PCR 15 if we are booted with sd-stub (i.e. in a
126 * UKI), and sd-stub measured the UKI. We do this in order not to step into people's own PCR
127 * assignment, under the assumption that people who are fine to use sd-stub with its PCR
128 * assignments are also OK with our PCR 15 use here. */
0d5f59a2 129 if (r > 0)
2f6c52b9
ZJS		 130 if (!strextend_with_separator(&options, ",", "tpm2-measure-pcr=yes"))
131 return log_oom();
0d5f59a2
LP		 132 if (r == 0)
133 log_debug("Will not measure volume key of volume '%s', not booted via systemd-stub with measurements enabled.", id);
ff386f98
LP		 134 }
135
136 r = generator_write_cryptsetup_service_section(f, id, what, NULL, options);
a7e88558
LP		 137 if (r < 0)
138 return r;
1af72119 139
dacd6cee
LP		 140 r = fflush_and_check(f);
141 if (r < 0)
a7e88558 142 return log_error_errno(r, "Failed to write file %s: %m", n);
1af72119 143
e5d2701b 144 r = generator_write_device_timeout(arg_dest_late, what, mount_opts, /* filtered = */ NULL);
f4a65d5f
MY		 145 if (r < 0)
146 return r;
147
e5d2701b 148 r = generator_add_symlink(arg_dest_late, d, "wants", n);
9cdcf368
ZJS		 149 if (r < 0)
150 return r;
1af72119 151
6a488fa7 152 const char *dmname = strjoina("dev-mapper-", e, ".device");
1af72119 153
1fac34b9 154 if (require) {
e5d2701b 155 r = generator_add_symlink(arg_dest_late, "cryptsetup.target", "requires", n);
9cdcf368
ZJS		 156 if (r < 0)
157 return r;
01af8c01 158
e5d2701b 159 r = generator_add_symlink(arg_dest_late, dmname, "requires", n);
9cdcf368
ZJS		 160 if (r < 0)
161 return r;
01af8c01 162 }
1af72119 163
e5d2701b 164 r = write_drop_in_format(arg_dest_late, dmname, 50, "job-timeout",
1fac34b9
ZJS		 165 "# Automatically generated by systemd-gpt-auto-generator\n\n"
166 "[Unit]\n"
a9b837aa 167 "JobTimeoutSec=infinity"); /* the binary handles timeouts anyway */
23bbb0de 168 if (r < 0)
1fac34b9 169 log_warning_errno(r, "Failed to write device timeout drop-in, ignoring: %m");
1af72119 170
06648fa9
LP		 171 if (ret_device) {
172 char *s;
2aa2860b 173
06648fa9
LP		 174 s = path_join("/dev/mapper", id);
175 if (!s)
2aa2860b 176 return log_oom();
1af72119 177
06648fa9 178 *ret_device = s;
2aa2860b
ZJS		 179 }
180
1af72119 181 return 0;
5b137503 182#else
6a488fa7 183 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
4e494e6a 184 "Partition is encrypted, but systemd-gpt-auto-generator was compiled without libcryptsetup support.");
5b137503 185#endif
1af72119
LP		 186}
187
0a64b7ba
LP		 188#if ENABLE_EFI
189static int add_veritysetup(
190 const char *id,
191 const char *data_what,
192 const char *hash_what,
193 const char *mount_opts) {
194
195#if HAVE_LIBCRYPTSETUP
196 int r;
197
198 assert(id);
199 assert(data_what);
200 assert(hash_what);
201
202 _cleanup_free_ char *dd = NULL;
203 r = unit_name_from_path(data_what, ".device", &dd);
204 if (r < 0)
205 return log_error_errno(r, "Failed to generate data device unit name: %m");
206
207 _cleanup_free_ char *dh = NULL;
208 r = unit_name_from_path(hash_what, ".device", &dh);
209 if (r < 0)
210 return log_error_errno(r, "Failed to generate hash device unit name: %m");
211
212 _cleanup_free_ char *e = unit_name_escape(id);
213 if (!e)
214 return log_oom();
215
216 _cleanup_free_ char *n = NULL;
217 r = unit_name_build("systemd-veritysetup", e, ".service", &n);
218 if (r < 0)
219 return log_error_errno(r, "Failed to generate unit name: %m");
220
221 _cleanup_fclose_ FILE *f = NULL;
e5d2701b 222 r = generator_open_unit_file(arg_dest_late, /* source= */ NULL, n, &f);
0a64b7ba
LP		 223 if (r < 0)
224 return r;
225
226 r = generator_write_veritysetup_unit_section(f, /* source= */ NULL);
227 if (r < 0)
228 return r;
229
230 fprintf(f,
231 "Before=veritysetup.target\n"
232 "BindsTo=%1$s %2$s\n"
233 "After=%1$s %2$s\n",
234 dd, dh);
235
236 r = generator_write_veritysetup_service_section(
237 f,
238 id,
239 data_what,
240 hash_what,
241 /* roothash= */ NULL, /* NULL means: derive root hash from udev property ID_DISSECT_PART_ROOTHASH */
242 "root-hash-signature=auto"); /* auto means: derive signature from udev property ID_DISSECT_PART_ROOTHASH_SIG */
243 if (r < 0)
244 return r;
245
246 r = fflush_and_check(f);
247 if (r < 0)
248 return log_error_errno(r, "Failed to write file %s: %m", n);
249
e5d2701b 250 r = generator_write_device_timeout(arg_dest_late, data_what, mount_opts, /* filtered= */ NULL);
0a64b7ba
LP		 251 if (r < 0)
252 return r;
253
e5d2701b 254 r = generator_write_device_timeout(arg_dest_late, hash_what, mount_opts, /* filtered= */ NULL);
0a64b7ba
LP		 255 if (r < 0)
256 return r;
257
e5d2701b 258 r = generator_add_symlink(arg_dest_late, dd, "wants", n);
0a64b7ba
LP		 259 if (r < 0)
260 return r;
261
e5d2701b 262 r = generator_add_symlink(arg_dest_late, dh, "wants", n);
0a64b7ba
LP		 263 if (r < 0)
264 return r;
265
266 _cleanup_free_ char *dmname = NULL;
267 dmname = strjoin("dev-mapper-", e, ".device");
268 if (!dmname)
269 return log_oom();
270
271 r = write_drop_in_format(
e5d2701b 272 arg_dest_late,
0a64b7ba
LP		 273 dmname, 50, "job-timeout",
274 "# Automatically generated by systemd-gpt-auto-generator\n\n"
275 "[Unit]\n"
276 "JobTimeoutSec=infinity"); /* the binary handles timeouts anyway */
277 if (r < 0)
278 return log_error_errno(r, "Failed to write device timeout drop-in: %m");
279
280 return 0;
281#else
282 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
283 "Partition is Verity protected, but systemd-gpt-auto-generator was compiled without libcryptsetup support.");
284#endif
285}
286#endif
287
73b80ec2
LP		 288static int add_mount(
289 const char *id,
290 const char *what,
291 const char *where,
292 const char *fstype,
f872373a 293 MountPointFlags flags,
59512f21 294 const char *options,
73b80ec2
LP		 295 const char *description,
296 const char *post) {
297
f4a65d5f 298 _cleanup_free_ char *unit = NULL, *crypto_what = NULL, *opts_filtered = NULL;
1a14a53c 299 _cleanup_fclose_ FILE *f = NULL;
e48fdd84 300 int r;
1a14a53c 301
98bad05e
LP		 302 /* Note that we don't apply specifier escaping on the input strings here, since we know they are not configured
303 * externally, but all originate from our own sources here, and hence we know they contain no % characters that
304 * could potentially be understood as specifiers. */
305
1af72119
LP		 306 assert(id);
307 assert(what);
308 assert(where);
1af72119
LP		 309 assert(description);
310
074cdb95 311 log_debug("Adding %s: %s fstype=%s", where, what, fstype ?: "(any)");
1a14a53c 312
73b80ec2 313 if (streq_ptr(fstype, "crypto_LUKS")) {
f4a65d5f
MY		 314 /* Mount options passed are determined by partition_pick_mount_options(), whose result
315 * is known to not contain timeout options. */
f872373a 316 r = add_cryptsetup(id, what, /* mount_opts = */ NULL, flags, /* require= */ true, &crypto_what);
1af72119
LP		 317 if (r < 0)
318 return r;
319
320 what = crypto_what;
321 fstype = NULL;
80ce8580
LP		 322 } else if (fstype) {
323 r = dissect_fstype_ok(fstype);
324 if (r < 0)
325 return log_error_errno(r, "Unable to determine of dissected file system type '%s' is permitted: %m", fstype);
326 if (!r)
327 return log_error_errno(
328 SYNTHETIC_ERRNO(EIDRM),
329 "Refusing to automatically mount uncommon file system '%s' to '%s'.",
330 fstype, where);
1af72119
LP		 331 }
332
e5d2701b 333 r = generator_write_device_timeout(arg_dest_late, what, options, &opts_filtered);
f4a65d5f
MY		 334 if (r < 0)
335 return r;
336
7410616c
LP		 337 r = unit_name_from_path(where, ".mount", &unit);
338 if (r < 0)
339 return log_error_errno(r, "Failed to generate unit name: %m");
1a14a53c 340
e5d2701b 341 r = generator_open_unit_file(arg_dest_late, /* source = */ NULL, unit, &f);
121ce4a6
MY		 342 if (r < 0)
343 return r;
1a14a53c
LP		 344
345 fprintf(f,
1a14a53c 346 "[Unit]\n"
c3834f9b
LP		 347 "Description=%s\n"
348 "Documentation=man:systemd-gpt-auto-generator(8)\n",
e48fdd84
LP		 349 description);
350
73b80ec2
LP		 351 if (post)
352 fprintf(f, "Before=%s\n", post);
353
e5d2701b
LP		 354 /* NB: here we do not write to arg_dest_late, but to arg_dest! We typically leave the normal
355 * generator drop-in dir for explicit configuration via systemd-fstab-generator or similar, and put
356 * out automatic configuration in the arg_dest_late directory. But this one is an exception, since we
357 * need to override the static version of the fsck root service file. */
bed3ff8e 358 r = generator_write_fsck_deps(f, arg_dest, what, where, fstype, opts_filtered);
e48fdd84
LP		 359 if (r < 0)
360 return r;
361
a7e88558
LP		 362 r = generator_write_blockdev_dependency(f, what);
363 if (r < 0)
364 return r;
365
e48fdd84
LP		 366 fprintf(f,
367 "\n"
1a14a53c
LP		 368 "[Mount]\n"
369 "What=%s\n"
1af72119
LP		 370 "Where=%s\n",
371 what, where);
372
73b80ec2
LP		 373 if (fstype)
374 fprintf(f, "Type=%s\n", fstype);
375
f4a65d5f
MY		 376 if (opts_filtered)
377 fprintf(f, "Options=%s\n", opts_filtered);
378
379 r = generator_write_mount_timeout(f, where, opts_filtered);
380 if (r < 0)
381 return r;
1a14a53c 382
dacd6cee
LP		 383 r = fflush_and_check(f);
384 if (r < 0)
121ce4a6 385 return log_error_errno(r, "Failed to write unit %s: %m", unit);
1a14a53c 386
f872373a 387 if (FLAGS_SET(flags, MOUNT_VALIDATEFS)) {
e5d2701b 388 r = generator_hook_up_validatefs(arg_dest_late, where, post);
f872373a
LP		 389 if (r < 0)
390 return r;
391 }
392
393 if (FLAGS_SET(flags, MOUNT_GROWFS)) {
e5d2701b 394 r = generator_hook_up_growfs(arg_dest_late, where, post);
400c1e8f
LP		 395 if (r < 0)
396 return r;
397 }
398
f872373a 399 if (FLAGS_SET(flags, MOUNT_MEASURE)) {
e5d2701b 400 r = generator_hook_up_pcrfs(arg_dest_late, where, post);
04959faa
LP		 401 if (r < 0)
402 return r;
403 }
404
400c1e8f 405 if (post) {
e5d2701b 406 r = generator_add_symlink(arg_dest_late, post, "requires", unit);
400c1e8f
LP		 407 if (r < 0)
408 return r;
409 }
410
1a14a53c
LP		 411 return 0;
412}
413
e137880b 414static int path_is_busy(const char *where) {
59512f21
KS		 415 int r;
416
6a488fa7
ZJS		 417 assert(where);
418
59512f21 419 /* already a mountpoint; generators run during reload */
b409aacb 420 r = path_is_mount_point_full(where, /* root = */ NULL, AT_SYMLINK_FOLLOW);
59512f21
KS		 421 if (r > 0)
422 return false;
6a488fa7 423 /* The directory will be created by the mount or automount unit when it is started. */
59512f21
KS		 424 if (r == -ENOENT)
425 return false;
426
427 if (r < 0)
e137880b 428 return log_warning_errno(r, "Cannot check if \"%s\" is a mount point: %m", where);
59512f21
KS		 429
430 /* not a mountpoint but it contains files */
db55bbf2 431 r = dir_is_empty(where, /* ignore_hidden_or_backup= */ false);
6a488fa7
ZJS		 432 if (r == -ENOTDIR) {
433 log_debug("\"%s\" is not a directory, ignoring.", where);
434 return true;
435 } else if (r < 0)
e137880b 436 return log_warning_errno(r, "Cannot check if \"%s\" is empty: %m", where);
6a488fa7
ZJS		 437 else if (r == 0) {
438 log_debug("\"%s\" already populated, ignoring.", where);
439 return true;
440 }
59512f21 441
6a488fa7 442 return false;
59512f21
KS		 443}
444
72e18a98 445static int add_partition_mount(
de1461ac 446 PartitionDesignator d,
72e18a98 447 DissectedPartition *p,
61331eab 448 const char *id,
61331eab 449 const char *where,
72e18a98 450 const char *description) {
61331eab 451
de1461ac 452 _cleanup_free_ char *options = NULL;
e137880b 453 int r;
de1461ac 454
72e18a98 455 assert(p);
61331eab 456
e137880b
ZJS		 457 r = path_is_busy(where);
458 if (r != 0)
459 return r < 0 ? r : 0;
61331eab 460
de1461ac
LP		 461 r = partition_pick_mount_options(
462 d,
463 dissected_partition_fstype(p),
464 p->rw,
465 /* discard= */ true,
466 &options,
467 /* ret_ms_flags= */ NULL);
468 if (r < 0)
469 return r;
470
61331eab
LP		 471 return add_mount(
472 id,
72e18a98 473 p->node,
61331eab 474 where,
72e18a98 475 p->fstype,
f872373a
LP		 476 (p->rw ? MOUNT_RW : 0) |
477 MOUNT_VALIDATEFS |
478 (p->growfs ? MOUNT_GROWFS : 0) |
479 (STR_IN_SET(id, "root", "var") ? MOUNT_MEASURE : 0), /* by default measure rootfs and /var, since they contain the "identity" of the system */
de1461ac 480 options,
61331eab 481 description,
72e18a98 482 SPECIAL_LOCAL_FS_TARGET);
61331eab
LP		 483}
484
235ae69c 485static int add_partition_swap(DissectedPartition *p) {
8859b8f7 486 const char *what;
121ce4a6 487 _cleanup_free_ char *name = NULL, *crypto_what = NULL;
59512f21
KS		 488 _cleanup_fclose_ FILE *f = NULL;
489 int r;
490
8859b8f7
HOB		 491 assert(p);
492 assert(p->node);
59512f21 493
9a2982b6
DT		 494 if (!arg_swap_enabled)
495 return 0;
496
fc5bc384
FB		 497 /* Disable the swap auto logic if at least one swap is defined in /etc/fstab, see #6192. */
498 r = fstab_has_fstype("swap");
499 if (r < 0)
500 return log_error_errno(r, "Failed to parse fstab: %m");
1a680ae3 501 if (r > 0) {
fc5bc384
FB		 502 log_debug("swap specified in fstab, ignoring.");
503 return 0;
504 }
505
8859b8f7 506 if (streq_ptr(p->fstype, "crypto_LUKS")) {
f872373a 507 r = add_cryptsetup("swap", p->node, /* mount_opts = */ NULL, MOUNT_RW, /* require= */ true, &crypto_what);
8859b8f7
HOB		 508 if (r < 0)
509 return r;
510 what = crypto_what;
511 } else
512 what = p->node;
513
514 log_debug("Adding swap: %s", what);
59512f21 515
8859b8f7 516 r = unit_name_from_path(what, ".swap", &name);
59512f21
KS		 517 if (r < 0)
518 return log_error_errno(r, "Failed to generate unit name: %m");
519
e5d2701b 520 r = generator_open_unit_file(arg_dest_late, /* source = */ NULL, name, &f);
121ce4a6
MY		 521 if (r < 0)
522 return r;
59512f21
KS		 523
524 fprintf(f,
59512f21
KS		 525 "[Unit]\n"
526 "Description=Swap Partition\n"
a7e88558
LP		 527 "Documentation=man:systemd-gpt-auto-generator(8)\n");
528
8859b8f7 529 r = generator_write_blockdev_dependency(f, what);
a7e88558
LP		 530 if (r < 0)
531 return r;
532
533 fprintf(f,
534 "\n"
59512f21
KS		 535 "[Swap]\n"
536 "What=%s\n",
8859b8f7 537 what);
59512f21 538
dacd6cee
LP		 539 r = fflush_and_check(f);
540 if (r < 0)
121ce4a6 541 return log_error_errno(r, "Failed to write unit %s: %m", name);
59512f21 542
e5d2701b 543 return generator_add_symlink(arg_dest_late, SPECIAL_SWAP_TARGET, "wants", name);
59512f21
KS		 544}
545
7a1494aa
TG		 546static int add_automount(
547 const char *id,
548 const char *what,
549 const char *where,
550 const char *fstype,
f872373a 551 MountPointFlags flags,
7a1494aa
TG		 552 const char *options,
553 const char *description,
554 usec_t timeout) {
555
121ce4a6 556 _cleanup_free_ char *unit = NULL;
7a1494aa
TG		 557 _cleanup_fclose_ FILE *f = NULL;
558 int r;
559
560 assert(id);
561 assert(where);
562 assert(description);
563
7a1494aa
TG		 564 r = add_mount(id,
565 what,
566 where,
567 fstype,
f872373a 568 flags,
d22771fc 569 options,
7a1494aa 570 description,
f872373a 571 /* post= */ NULL);
7a1494aa
TG		 572 if (r < 0)
573 return r;
574
575 r = unit_name_from_path(where, ".automount", &unit);
576 if (r < 0)
577 return log_error_errno(r, "Failed to generate unit name: %m");
578
e5d2701b 579 r = generator_open_unit_file(arg_dest_late, /* source = */ NULL, unit, &f);
121ce4a6
MY		 580 if (r < 0)
581 return r;
7a1494aa
TG		 582
583 fprintf(f,
7a1494aa
TG		 584 "[Unit]\n"
585 "Description=%s\n"
586 "Documentation=man:systemd-gpt-auto-generator(8)\n"
587 "[Automount]\n"
588 "Where=%s\n"
70887c5f 589 "TimeoutIdleSec="USEC_FMT"\n",
7a1494aa
TG		 590 description,
591 where,
70887c5f 592 timeout / USEC_PER_SEC);
7a1494aa
TG		 593
594 r = fflush_and_check(f);
595 if (r < 0)
121ce4a6 596 return log_error_errno(r, "Failed to write unit %s: %m", unit);
7a1494aa 597
e5d2701b 598 return generator_add_symlink(arg_dest_late, SPECIAL_LOCAL_FS_TARGET, "wants", unit);
7a1494aa
TG		 599}
600
235ae69c 601static int add_partition_xbootldr(DissectedPartition *p) {
de1461ac 602 _cleanup_free_ char *options = NULL;
9f1cb0c1
LP		 603 int r;
604
605 assert(p);
87bffa1e 606 assert(!in_initrd());
9f1cb0c1 607
9f1cb0c1
LP		 608 r = path_is_busy("/boot");
609 if (r < 0)
610 return r;
611 if (r > 0)
612 return 0;
613
de1461ac
LP		 614 r = partition_pick_mount_options(
615 PARTITION_XBOOTLDR,
616 dissected_partition_fstype(p),
617 /* rw= */ true,
618 /* discard= */ false,
619 &options,
620 /* ret_ms_flags= */ NULL);
621 if (r < 0)
6a488fa7
ZJS		 622 return log_error_errno(r, "Failed to determine default mount options for /boot/: %m");
623
624 return add_automount(
625 "boot",
626 p->node,
627 "/boot",
628 p->fstype,
f872373a 629 MOUNT_RW,
6a488fa7
ZJS		 630 options,
631 "Boot Loader Partition",
756b6749 632 LOADER_PARTITION_IDLE_USEC);
9f1cb0c1
LP		 633}
634
635#if ENABLE_EFI
235ae69c 636static int add_partition_esp(DissectedPartition *p, bool has_xbootldr) {
9f1cb0c1 637 const char *esp_path = NULL, *id = NULL;
de1461ac 638 _cleanup_free_ char *options = NULL;
59512f21
KS		 639 int r;
640
72e18a98 641 assert(p);
87bffa1e 642 assert(!in_initrd());
59512f21 643
7893a547
MY		 644 /* Check if there's an existing fstab entry for ESP. If so, we just skip the gpt-auto logic. */
645 r = fstab_has_node(p->node);
646 if (r < 0)
622f2dcc
MY		 647 log_warning_errno(r, "Failed to check if fstab entry for device '%s' exists, ignoring: %m",
648 p->node);
7893a547
MY		 649 if (r > 0)
650 return 0;
651
28dbee46 652 /* If XBOOTLDR partition is not present and /boot/ is unused and empty, we'll take that.
6a488fa7 653 * Otherwise, if /efi/ is unused and empty (or missing), we'll take that.
7893a547 654 * Otherwise, we do nothing. */
28dbee46 655 if (!has_xbootldr) {
8a132658 656 r = path_is_busy("/boot");
6a488fa7
ZJS		 657 if (r < 0)
658 return r;
659 if (r == 0) {
8a132658
FB		 660 esp_path = "/boot";
661 id = "boot";
9f1cb0c1
LP		 662 }
663 }
6a488fa7
ZJS		 664
665 if (!esp_path) {
6a488fa7
ZJS		 666 r = path_is_busy("/efi");
667 if (r < 0)
668 return r;
669 if (r > 0)
670 return 0;
671
9f1cb0c1 672 esp_path = "/efi";
9f1cb0c1 673 id = "efi";
59512f21
KS		 674 }
675
de1461ac
LP		 676 r = partition_pick_mount_options(
677 PARTITION_ESP,
678 dissected_partition_fstype(p),
679 /* rw= */ true,
680 /* discard= */ false,
681 &options,
682 /* ret_ms_flags= */ NULL);
683 if (r < 0)
6a488fa7
ZJS		 684 return log_error_errno(r, "Failed to determine default mount options for %s: %m", esp_path);
685
686 return add_automount(
687 id,
688 p->node,
689 esp_path,
690 p->fstype,
f872373a 691 MOUNT_RW,
6a488fa7
ZJS		 692 options,
693 "EFI System Partition Automount",
756b6749 694 LOADER_PARTITION_IDLE_USEC);
7a1494aa 695}
59512f21 696#else
235ae69c 697static int add_partition_esp(DissectedPartition *p, bool has_xbootldr) {
59512f21 698 return 0;
59512f21 699}
7a1494aa 700#endif
59512f21 701
235ae69c 702static int add_partition_root_rw(DissectedPartition *p) {
fd89051e
LP		 703 const char *path;
704 int r;
705
706 assert(p);
5253b4a9 707 assert(!in_initrd());
fd89051e 708
5253b4a9 709 /* Invoked on the main system (not initrd), to honour GPT flag 60 on the root fs (ro) */
fd89051e
LP		 710
711 if (arg_root_rw >= 0) {
712 log_debug("Parameter ro/rw specified on kernel command line, not generating drop-in for systemd-remount-fs.service.");
713 return 0;
714 }
715
716 if (!p->rw) {
717 log_debug("Root partition marked read-only in GPT partition table, not generating drop-in for systemd-remount-fs.service.");
718 return 0;
719 }
720
e5d2701b 721 r = generator_enable_remount_fs_service(arg_dest_late);
40b1224e
LP		 722 if (r < 0)
723 return r;
9b69569d 724
e5d2701b 725 path = strjoina(arg_dest_late, "/systemd-remount-fs.service.d/50-remount-rw.conf");
fd89051e
LP		 726
727 r = write_string_file(path,
dd23292c 728 "# Automatically generated by systemd-gpt-auto-generator\n\n"
fd89051e
LP		 729 "[Service]\n"
730 "Environment=SYSTEMD_REMOUNT_ROOT_RW=1\n",
e82e549f 731 WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_NOFOLLOW|WRITE_STRING_FILE_MKDIR_0755);
fd89051e
LP		 732 if (r < 0)
733 return log_error_errno(r, "Failed to write drop-in file %s: %m", path);
734
735 return 0;
736}
737
6b5fe5d7
LP		 738static int add_partition_root_growfs(DissectedPartition *p) {
739
740 assert(p);
741 assert(!in_initrd());
742
743 /* Invoked on the main system (not initrd), to honour GPT flag 59 on the root fs (growfs) */
744
745 if (!p->growfs) {
746 log_debug("Root partition not marked for growing the file system in the GPT partition table, not generating drop-in for systemd-growfs-root.service.");
747 return 0;
748 }
749
e5d2701b 750 return generator_hook_up_growfs(arg_dest_late, "/", SPECIAL_LOCAL_FS_TARGET);
6b5fe5d7
LP		 751}
752
753static int add_partition_root_flags(DissectedPartition *p) {
754 int r = 0;
755
756 assert(p);
757 assert(!in_initrd());
758
759 RET_GATHER(r, add_partition_root_growfs(p));
760 RET_GATHER(r, add_partition_root_rw(p));
761
762 return r;
763}
764
9fe6f5cc
ZJS		 765#if ENABLE_EFI
766static int add_root_cryptsetup(void) {
d0523bb0 767#if HAVE_LIBCRYPTSETUP
1a14a53c 768
198f7bad 769 assert(arg_auto_root != GPT_AUTO_ROOT_OFF);
1a14a53c 770
198f7bad
LP		 771 /* If a device /dev/gpt-auto-root-luks or /dev/disk/by-designator/root-luks appears, then make it
772 * pull in systemd-cryptsetup@root.service, which sets it up, and causes /dev/gpt-auto-root or
773 * /dev/disk/by-designator/root to appear which is all we are looking for. */
1c0b8270 774
198f7bad
LP		 775 const char *bdev =
776 IN_SET(arg_auto_root, GPT_AUTO_ROOT_DISSECT, GPT_AUTO_ROOT_DISSECT_FORCE) ?
777 "/dev/disk/by-designator/root-luks" : "/dev/gpt-auto-root-luks";
778
779 if (IN_SET(arg_auto_root, GPT_AUTO_ROOT_FORCE, GPT_AUTO_ROOT_DISSECT_FORCE)) {
1c0b8270
LP		 780 /* Similar logic as in add_root_mount(), see below */
781 FactoryResetMode f = factory_reset_mode();
782 if (f < 0)
783 log_warning_errno(f, "Failed to determine whether we are in factory reset mode, assuming not: %m");
784
785 if (IN_SET(f, FACTORY_RESET_ON, FACTORY_RESET_COMPLETE))
198f7bad
LP		 786 bdev =
787 IN_SET(arg_auto_root, GPT_AUTO_ROOT_DISSECT, GPT_AUTO_ROOT_DISSECT_FORCE) ?
788 "/dev/disk/by-designator/root-luks-ignore-factory-reset" :
789 "/dev/gpt-auto-root-luks-ignore-factory-reset";
1c0b8270
LP		 790 }
791
7852e301
LP		 792 return add_cryptsetup(
793 "root",
794 bdev,
795 arg_root_options,
796 MOUNT_RW|MOUNT_MEASURE,
797 /* require= */ false,
798 /* ret_device= */ NULL);
d0523bb0
DS		 799#else
800 return 0;
801#endif
9fe6f5cc
ZJS		 802}
803#endif
d2a62382 804
9fe6f5cc
ZJS		 805static int add_root_mount(void) {
806#if ENABLE_EFI
de1461ac 807 _cleanup_free_ char *options = NULL;
9fe6f5cc 808 int r;
1a14a53c 809
1a95fc87 810 /* Explicitly disabled? Then exit immediately */
1c0b8270 811 if (arg_auto_root == GPT_AUTO_ROOT_OFF)
8090b41e 812 return 0;
61331eab 813
1a95fc87 814 /* Neither explicitly enabled nor disabled? Then decide based on the EFI partition variables to be set */
14ab9aaf 815 if (arg_auto_root < 0) {
1a95fc87
LP		 816 if (!is_efi_boot()) {
817 log_debug("Not an EFI boot, not creating root mount.");
818 return 0;
819 }
820
1cce9d93 821 r = efi_loader_get_device_part_uuid(/* ret= */ NULL);
1a95fc87 822 if (r == -ENOENT) {
bcc1eebd
ZJS		 823 log_notice("EFI loader partition unknown, not processing %s.\n"
824 "(The boot loader did not set EFI variable LoaderDevicePartUUID.)",
825 in_initrd() ? "/sysroot" : "/");
1a95fc87
LP		 826 return 0;
827 }
828 if (r < 0)
829 return log_error_errno(r, "Failed to read loader partition UUID: %m");
830 }
61331eab 831
1a95fc87 832 /* OK, we shall look for a root device, so let's wait for a root device to show up. A udev rule will
1c0b8270
LP		 833 * create the link for us under the right name.
834 *
835 * There are two distinct names: the /dev/gpt-auto-root-ignore-factory-reset symlink is created for
836 * the root partition if factory reset mode is enabled or complete, and the /dev/gpt-auto-root
837 * symlink is only created if factory reset mode is off or already complete (thus taking factory
838 * reset state into account). In scenarios where the root disk is partially reformatted during
839 * factory reset the latter is the link to use, otherwise the former (so that we don't accidentally
840 * mount a root partition too early that is about to be wiped and replaced by another one). */
841
198f7bad
LP		 842 const char *bdev =
843 IN_SET(arg_auto_root, GPT_AUTO_ROOT_DISSECT, GPT_AUTO_ROOT_DISSECT_FORCE) ?
844 "/dev/disk/by-designator/root" : "/dev/gpt-auto-root";
845 if (IN_SET(arg_auto_root, GPT_AUTO_ROOT_FORCE, GPT_AUTO_ROOT_DISSECT_FORCE)) {
1c0b8270
LP		 846 FactoryResetMode f = factory_reset_mode();
847 if (f < 0)
848 log_warning_errno(f, "Failed to determine whether we are in factory reset mode, assuming not: %m");
849
850 if (IN_SET(f, FACTORY_RESET_ON, FACTORY_RESET_COMPLETE))
198f7bad
LP		 851 bdev =
852 IN_SET(arg_auto_root, GPT_AUTO_ROOT_DISSECT, GPT_AUTO_ROOT_DISSECT_FORCE) ?
853 "/dev/disk/by-designator/root-ignore-factory-reset" :
854 "/dev/gpt-auto-root-ignore-factory-reset";
1c0b8270 855 }
61331eab 856
9fe6f5cc 857 if (in_initrd()) {
e5d2701b 858 r = generator_write_initrd_root_device_deps(arg_dest_late, bdev);
9fe6f5cc
ZJS		 859 if (r < 0)
860 return 0;
61331eab 861
9fe6f5cc
ZJS		 862 r = add_root_cryptsetup();
863 if (r < 0)
864 return r;
0a64b7ba
LP		 865
866 /* If a device /dev/disk/by-designator/root-verity or
867 * /dev/disk/by-designator/root-verity-data appears, then make it pull in
868 * systemd-cryptsetup@root.service, which sets it up, and causes /dev/disk/by-designator/root
869 * to appear. */
870 r = add_veritysetup(
871 "root",
872 "/dev/disk/by-designator/root-verity-data",
873 "/dev/disk/by-designator/root-verity",
874 arg_root_options);
875 if (r < 0)
876 return r;
61331eab
LP		 877 }
878
6b5fe5d7
LP		 879 /* Note that we do not need to enable systemd-remount-fs.service here. If /etc/fstab exists,
880 * systemd-fstab-generator will pull it in for us, and otherwise add_partition_root_flags() will do
881 * it, after the initrd transition. */
61331eab 882
de1461ac
LP		 883 r = partition_pick_mount_options(
884 PARTITION_ROOT,
885 arg_root_fstype,
886 arg_root_rw > 0,
887 /* discard= */ true,
888 &options,
889 /* ret_ms_flags= */ NULL);
890 if (r < 0)
891 return log_error_errno(r, "Failed to pick root mount options: %m");
892
893 if (arg_root_options)
894 if (!strextend_with_separator(&options, ",", arg_root_options))
895 return log_oom();
896
9fe6f5cc
ZJS		 897 return add_mount(
898 "root",
1c0b8270 899 bdev,
9fe6f5cc 900 in_initrd() ? "/sysroot" : "/",
cf451f38 901 arg_root_fstype,
f872373a
LP		 902 (arg_root_rw > 0 ? MOUNT_RW : 0) |
903 (in_initrd() ? MOUNT_VALIDATEFS : 0) |
904 MOUNT_MEASURE,
de1461ac 905 options,
9fe6f5cc
ZJS		 906 "Root Partition",
907 in_initrd() ? SPECIAL_INITRD_ROOT_FS_TARGET : SPECIAL_LOCAL_FS_TARGET);
908#else
909 return 0;
910#endif
72e18a98 911}
cb971249 912
7852e301
LP		 913static int add_usr_mount(void) {
914#if ENABLE_EFI
915 int r;
916
917 /* /usr/ discovery must be enabled explicitly. */
39642b01 918 if (arg_auto_usr <= 0)
7852e301
LP		 919 return 0;
920
921 /* We do not support the other gpt-auto modes for /usr/, but the parser should already have checked that. */
922 assert(arg_auto_usr == GPT_AUTO_ROOT_DISSECT);
923
924 if (arg_root_fstype && !arg_usr_fstype) {
925 arg_usr_fstype = strdup(arg_root_fstype);
926 if (!arg_usr_fstype)
927 return log_oom();
928 }
929
930 if (arg_root_options && !arg_usr_options) {
931 arg_usr_options = strdup(arg_root_options);
932 if (!arg_usr_options)
933 return log_oom();
934 }
935
936 if (in_initrd()) {
937 r = add_cryptsetup(
938 "usr",
939 "/dev/disk/by-designator/usr-luks",
940 arg_usr_options,
941 MOUNT_RW|MOUNT_MEASURE,
942 /* require= */ false,
943 /* ret_device= */ NULL);
944 if (r < 0)
945 return r;
0a64b7ba
LP		 946
947 /* If a device /dev/disk/by-designator/usr-verity or
948 * /dev/disk/by-designator/usr-verity-data appears, then make it pull in
949 * systemd-cryptsetup@usr.service, which sets it up, and causes /dev/disk/by-designator/usr
950 * to appear. */
951 r = add_veritysetup(
952 "usr",
953 "/dev/disk/by-designator/usr-verity-data",
954 "/dev/disk/by-designator/usr-verity",
955 arg_usr_options);
956 if (r < 0)
957 return r;
7852e301
LP		 958 }
959
960 _cleanup_free_ char *options = NULL;
961 r = partition_pick_mount_options(
962 PARTITION_USR,
963 arg_usr_fstype,
964 /* rw= */ false,
965 /* discard= */ true,
966 &options,
967 /* ret_ms_flags= */ NULL);
968 if (r < 0)
969 return log_error_errno(r, "Failed to pick /usr/ mount options: %m");
970
971 if (arg_usr_options)
972 if (!strextend_with_separator(&options, ",", arg_usr_options))
973 return log_oom();
974
975 r = add_mount("usr",
976 "/dev/disk/by-designator/usr",
977 in_initrd() ? "/sysusr/usr" : "/usr",
978 arg_usr_fstype,
7369c037 979 /* flags = */ 0,
7852e301
LP		 980 options,
981 "/usr/ Partition",
982 in_initrd() ? SPECIAL_INITRD_USR_FS_TARGET : SPECIAL_LOCAL_FS_TARGET);
983 if (r < 0)
984 return r;
985
39642b01
MY		 986 if (in_initrd()) {
987 log_debug("Synthesizing entry what=/sysusr/usr where=/sysroot/usr opts=bind");
988
989 r = add_mount("usr-bind",
990 "/sysusr/usr",
991 "/sysroot/usr",
992 /* fstype= */ NULL,
7369c037 993 MOUNT_VALIDATEFS,
39642b01
MY		 994 "bind",
995 "/usr/ Partition (Final)",
996 SPECIAL_INITRD_FS_TARGET);
997 if (r < 0)
998 return r;
999 }
7852e301 1000#endif
39642b01 1001 return 0;
7852e301
LP		 1002}
1003
68f8a86a
MY		 1004static int process_loader_partitions(DissectedPartition *esp, DissectedPartition *xbootldr) {
1005 sd_id128_t loader_uuid;
fa989c74 1006 int r;
68f8a86a
MY		 1007
1008 assert(esp);
1009 assert(xbootldr);
1010
8a132658
FB		 1011 /* If any paths in fstab look similar to our favorite paths for ESP or XBOOTLDR, we just exit
1012 * early. We also don't bother with cases where one is configured explicitly and the other shall be
1013 * mounted automatically. */
1014
1015 r = fstab_has_mount_point_prefix_strv(STRV_MAKE("/boot", "/efi"));
1016 if (r > 0) {
1017 log_debug("Found mount entries in the /boot/ or /efi/ hierarchies in fstab, not generating ESP or XBOOTLDR mounts.");
1018 return 0;
1019 }
1020 if (r < 0)
1021 log_debug_errno(r, "Failed to check fstab existing paths, ignoring: %m");
1022
68f8a86a
MY		 1023 if (!is_efi_boot()) {
1024 log_debug("Not an EFI boot, skipping loader partition UUID check.");
1025 goto mount;
1026 }
1027
1028 /* Let's check if LoaderDevicePartUUID points to either ESP or XBOOTLDR. We prefer it pointing
1029 * to the ESP, but we accept XBOOTLDR too. If it points to neither of them, don't mount any
1030 * loader partitions, since they are not the ones used for booting. */
1031
1032 r = efi_loader_get_device_part_uuid(&loader_uuid);
1033 if (r == -ENOENT) {
1034 log_debug_errno(r, "EFI loader partition unknown, skipping ESP and XBOOTLDR mounts.");
1035 return 0;
1036 }
1037 if (r < 0)
1038 return log_debug_errno(r, "Failed to read loader partition UUID, ignoring: %m");
1039
1040 if (esp->found && sd_id128_equal(esp->uuid, loader_uuid))
1041 goto mount;
1042
1043 if (xbootldr->found && sd_id128_equal(xbootldr->uuid, loader_uuid)) {
1044 log_debug("LoaderDevicePartUUID points to XBOOTLDR partition.");
1045 goto mount;
1046 }
1047
1048 log_debug("LoaderDevicePartUUID points to neither ESP nor XBOOTLDR, ignoring.");
1049 return 0;
1050
1051mount:
fa989c74 1052 r = 0;
68f8a86a 1053
fa989c74
ZJS		 1054 if (xbootldr->found)
1055 RET_GATHER(r, add_partition_xbootldr(xbootldr));
1056 if (esp->found)
1057 RET_GATHER(r, add_partition_esp(esp, xbootldr->found));
68f8a86a 1058
fa989c74 1059 return r;
68f8a86a
MY		 1060}
1061
72e18a98 1062static int enumerate_partitions(dev_t devnum) {
72e18a98 1063 _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL;
55a065cd
YW		 1064 _cleanup_(loop_device_unrefp) LoopDevice *loop = NULL;
1065 _cleanup_free_ char *devname = NULL;
fa989c74 1066 int r;
61331eab 1067
ca8ac0f9
LP		 1068 assert(!in_initrd());
1069
1070 /* Run on the final root fs (not in the initrd), to mount auxiliary partitions, and hook in rw
1071 * remount and growfs of the root partition */
1072
55a065cd
YW		 1073 r = block_get_whole_disk(devnum, &devnum);
1074 if (r < 0)
1075 return log_debug_errno(r, "Failed to get whole block device for " DEVNUM_FORMAT_STR ": %m",
1076 DEVNUM_FORMAT_VAL(devnum));
1077
1078 r = devname_from_devnum(S_IFBLK, devnum, &devname);
1079 if (r < 0)
1080 return log_debug_errno(r, "Failed to get device node of " DEVNUM_FORMAT_STR ": %m",
1081 DEVNUM_FORMAT_VAL(devnum));
61331eab 1082
41bc4849
LP		 1083 /* Let's take a LOCK_SH lock on the block device, in case udevd is already running. If we don't take
1084 * the lock, udevd might end up issuing BLKRRPART in the middle, and we don't want that, since that
1085 * might remove all partitions while we are operating on them. */
de3b7f16 1086 r = loop_device_open_from_path(devname, O_RDONLY, LOCK_SH, &loop);
55a065cd 1087 if (r < 0)
af3d3873 1088 return log_debug_errno(r, "Failed to open %s: %m", devname);
41bc4849 1089
55a065cd
YW		 1090 r = dissect_loop_device(
1091 loop,
a8211e88 1092 &arg_verity_settings,
84be0c71 1093 /* mount_options= */ NULL,
a8211e88 1094 arg_image_policy ?: &image_policy_host,
74cfd092 1095 arg_image_filter,
d04faa4e 1096 DISSECT_IMAGE_GPT_ONLY|
8716a76c 1097 DISSECT_IMAGE_USR_NO_ROOT|
ee0e6e47
YW		 1098 DISSECT_IMAGE_DISKSEQ_DEVNODE|
1099 DISSECT_IMAGE_ALLOW_EMPTY,
73d88b80
LP		 1100 /* NB! Unlike most other places where we dissect block devices we do not use
1101 * DISSECT_IMAGE_ADD_PARTITION_DEVICES here: we want that the kernel finds the
1102 * devices, and udev probes them before we mount them via .mount units much later
1103 * on. And thus we also don't set DISSECT_IMAGE_PIN_PARTITION_DEVICES here, because
1104 * we don't actually mount anything immediately. */
d04faa4e 1105 &m);
4953e39c
ZJS		 1106 if (r < 0) {
1107 bool ok = r == -ENOPKG;
1108 dissect_log_error(ok ? LOG_DEBUG : LOG_ERR, r, devname, NULL);
1109 return ok ? 0 : r;
61331eab 1110 }
0238d4c6 1111
fa989c74
ZJS		 1112 if (m->partitions[PARTITION_SWAP].found)
1113 RET_GATHER(r, add_partition_swap(m->partitions + PARTITION_SWAP));
1a14a53c 1114
fa989c74 1115 RET_GATHER(r, process_loader_partitions(m->partitions + PARTITION_ESP, m->partitions + PARTITION_XBOOTLDR));
59512f21 1116
fa989c74
ZJS		 1117 if (m->partitions[PARTITION_HOME].found)
1118 RET_GATHER(r, add_partition_mount(PARTITION_HOME, m->partitions + PARTITION_HOME,
1119 "home", "/home", "Home Partition"));
e48fdd84 1120
fa989c74
ZJS		 1121 if (m->partitions[PARTITION_SRV].found)
1122 RET_GATHER(r, add_partition_mount(PARTITION_SRV, m->partitions + PARTITION_SRV,
1123 "srv", "/srv", "Server Data Partition"));
1a14a53c 1124
fa989c74
ZJS		 1125 if (m->partitions[PARTITION_VAR].found)
1126 RET_GATHER(r, add_partition_mount(PARTITION_VAR, m->partitions + PARTITION_VAR,
1127 "var", "/var", "Variable Data Partition"));
d4dffb85 1128
fa989c74
ZJS		 1129 if (m->partitions[PARTITION_TMP].found)
1130 RET_GATHER(r, add_partition_mount(PARTITION_TMP, m->partitions + PARTITION_TMP,
1131 "var-tmp", "/var/tmp", "Temporary Data Partition"));
d4dffb85 1132
fa989c74 1133 if (m->partitions[PARTITION_ROOT].found)
6b5fe5d7 1134 RET_GATHER(r, add_partition_root_flags(m->partitions + PARTITION_ROOT));
fd89051e 1135
1a14a53c
LP		 1136 return r;
1137}
1138
9fe6f5cc 1139static int add_mounts(void) {
b00651cf 1140 dev_t devno;
c56be2c2 1141 int r;
9fe6f5cc 1142
87bffa1e
LP		 1143 if (in_initrd())
1144 return 0;
1145
c56be2c2
LP		 1146 r = blockdev_get_root(LOG_ERR, &devno);
1147 if (r < 0)
1148 return r;
1149 if (r == 0) {
1150 log_debug("Skipping automatic GPT dissection logic, root file system not backed by a (single) whole block device.");
1151 return 0;
9fe6f5cc
ZJS		 1152 }
1153
1154 return enumerate_partitions(devno);
1155}
1156
96287a49 1157static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
73b80ec2 1158 int r;
1a14a53c 1159
73b80ec2 1160 assert(key);
1a14a53c 1161
8a9c44ed
LP		 1162 if (proc_cmdline_key_streq(key, "systemd.gpt_auto") ||
1163 proc_cmdline_key_streq(key, "rd.systemd.gpt_auto")) {
1a14a53c 1164
1d84ad94 1165 r = value ? parse_boolean(value) : 1;
73b80ec2 1166 if (r < 0)
0a1b9449 1167 log_warning_errno(r, "Failed to parse gpt-auto switch \"%s\", ignoring: %m", value);
8086ffac
ZJS		 1168 else
1169 arg_enabled = r;
1a14a53c 1170
a8d3315b 1171 } else if (streq(key, "root")) {
1d84ad94
LP		 1172
1173 if (proc_cmdline_value_missing(key, value))
1174 return 0;
73b80ec2 1175
1c0b8270
LP		 1176 /* Disable root disk logic if there's a root= value specified (unless it happens to be
1177 * "gpt-auto" or "gpt-auto-force") */
73b80ec2 1178
7852e301 1179 arg_auto_root = parse_gpt_auto_root("root=", value);
14ab9aaf 1180 assert(arg_auto_root >= 0);
73b80ec2 1181
a8d3315b 1182 } else if (streq(key, "roothash")) {
2f3dfc6f
LP		 1183
1184 if (proc_cmdline_value_missing(key, value))
1185 return 0;
1186
1187 /* Disable root disk logic if there's roothash= defined (i.e. verity enabled) */
1188
1c0b8270 1189 arg_auto_root = GPT_AUTO_ROOT_OFF;
1a95fc87 1190 log_debug("Disabling root partition auto-detection, roothash= is set.");
2f3dfc6f 1191
a8211e88
DDM		 1192 arg_verity_settings.designator = PARTITION_ROOT;
1193
1194 free(arg_verity_settings.root_hash);
1195 r = unhexmem(value, &arg_verity_settings.root_hash, &arg_verity_settings.root_hash_size);
1196 if (r < 0)
1197 return log_error_errno(r, "Failed to parse roothash= from kernel command line: %m");
1198
1199 } else if (streq(key, "usrhash")) {
1200
1201 if (proc_cmdline_value_missing(key, value))
1202 return 0;
1203
1204 arg_verity_settings.designator = PARTITION_USR;
1205
1206 free(arg_verity_settings.root_hash);
1207 r = unhexmem(value, &arg_verity_settings.root_hash, &arg_verity_settings.root_hash_size);
1208 if (r < 0)
1209 return log_error_errno(r, "Failed to parse usrhash= from kernel command line: %m");
1210
cf451f38
LP		 1211 } else if (streq(key, "rootfstype")) {
1212
1213 if (proc_cmdline_value_missing(key, value))
1214 return 0;
1215
1216 return free_and_strdup_warn(&arg_root_fstype, value);
1217
1218 } else if (streq(key, "rootflags")) {
1219
1220 if (proc_cmdline_value_missing(key, value))
1221 return 0;
1222
1223 if (!strextend_with_separator(&arg_root_options, ",", value))
1224 return log_oom();
1225
7852e301
LP		 1226 } else if (streq(key, "mount.usr")) {
1227
1228 if (proc_cmdline_value_missing(key, value))
1229 return 0;
1230
1231 /* Disable root disk logic if there's a root= value specified (unless it happens to be
1232 * "gpt-auto" or "gpt-auto-force") */
1233
1234 arg_auto_usr = parse_gpt_auto_root("mount.usr=", value);
1235 assert(arg_auto_usr >= 0);
1236
1237 if (IN_SET(arg_auto_usr, GPT_AUTO_ROOT_ON, GPT_AUTO_ROOT_FORCE, GPT_AUTO_ROOT_DISSECT_FORCE)) {
1238 log_warning("'gpt-auto', 'gpt-auto-force' and 'dissect-force' are not supported for mount.usr=. Automatically resorting to mount.usr=dissect mode instead.");
1239 arg_auto_usr = GPT_AUTO_ROOT_DISSECT;
1240 }
1241
1242 } else if (streq(key, "mount.usrfstype")) {
1243
1244 if (proc_cmdline_value_missing(key, value))
1245 return 0;
1246
1247 return free_and_strdup_warn(&arg_usr_fstype, empty_to_null(value));
1248
1249 } else if (streq(key, "mount.usrflags")) {
1250
1251 if (proc_cmdline_value_missing(key, value))
1252 return 0;
1253
1254 if (!strextend_with_separator(&arg_usr_options, ",", value))
1255 return log_oom();
1256
a8d3315b 1257 } else if (streq(key, "rw") && !value)
73b80ec2 1258 arg_root_rw = true;
a8d3315b 1259 else if (streq(key, "ro") && !value)
73b80ec2 1260 arg_root_rw = false;
06e78680 1261 else if (proc_cmdline_key_streq(key, "systemd.image_policy"))
d0a0059c 1262 return parse_image_policy_argument(value, &arg_image_policy);
74cfd092
LP		 1263 else if (proc_cmdline_key_streq(key, "systemd.image_filter")) {
1264 _cleanup_(image_filter_freep) ImageFilter *f = NULL;
73b80ec2 1265
74cfd092
LP		 1266 r = image_filter_parse(value, &f);
1267 if (r < 0)
1268 return log_error_errno(r, "Failed to parse image filter: %s", value);
1269
1270 image_filter_free(arg_image_filter);
1271 arg_image_filter = TAKE_PTR(f);
1272
1273 } else if (streq(key, "systemd.swap")) {
9a2982b6
DT		 1274
1275 r = value ? parse_boolean(value) : 1;
1276 if (r < 0)
1277 log_warning_errno(r, "Failed to parse swap switch \"%s\", ignoring: %m", value);
1278 else
1279 arg_swap_enabled = r;
1280
1281 if (!arg_swap_enabled)
1282 log_debug("Disabling swap partitions auto-detection, systemd.swap=no is defined.");
1283
1284 }
1285
73b80ec2
LP		 1286 return 0;
1287}
1288
ec6e9597 1289static int run(const char *dest, const char *dest_early, const char *dest_late) {
1cfe9737 1290 int r;
73b80ec2 1291
e5d2701b
LP		 1292 assert_se(arg_dest = dest);
1293 assert_se(arg_dest_late = dest_late);
73b80ec2 1294
75f86906 1295 if (detect_container() > 0) {
73b80ec2 1296 log_debug("In a container, exiting.");
ec6e9597 1297 return 0;
1a14a53c 1298 }
3db604b9 1299
1d84ad94 1300 r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, 0);
b5884878 1301 if (r < 0)
da927ba9 1302 log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
1a14a53c 1303
73b80ec2
LP		 1304 if (!arg_enabled) {
1305 log_debug("Disabled, exiting.");
ec6e9597 1306 return 0;
73b80ec2
LP		 1307 }
1308
87bffa1e
LP		 1309 r = 0;
1310 RET_GATHER(r, add_root_mount());
7852e301 1311 RET_GATHER(r, add_usr_mount());
87bffa1e 1312 RET_GATHER(r, add_mounts());
73b80ec2 1313
ec6e9597 1314 return r;
1a14a53c 1315}
ec6e9597
ZJS		 1316
1317DEFINE_MAIN_GENERATOR_FUNCTION(run);
Unnamed repository; edit this file 'description' to name the repository.