1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
28 #include "unit-name.h"
34 static const char *arg_dest
= "/tmp";
35 static bool arg_enabled
= true;
36 static bool arg_read_crypttab
= true;
38 static bool has_option(const char *haystack
, const char *needle
) {
39 const char *f
= haystack
;
49 while ((f
= strstr(f
, needle
))) {
51 if (f
> haystack
&& f
[-1] != ',') {
56 if (f
[l
] != 0 && f
[l
] != ',') {
67 static int create_disk(
71 const char *options
) {
73 char _cleanup_free_
*p
= NULL
, *n
= NULL
, *d
= NULL
, *u
= NULL
, *from
= NULL
, *to
= NULL
, *e
= NULL
;
74 FILE _cleanup_fclose_
*f
= NULL
;
80 noauto
= has_option(options
, "noauto");
81 nofail
= has_option(options
, "nofail");
83 n
= unit_name_from_path_instance("systemd-cryptsetup", name
, ".service");
87 p
= strjoin(arg_dest
, "/", n
, NULL
);
91 u
= fstab_node_to_udev_node(device
);
95 d
= unit_name_from_path(u
, ".device");
101 log_error("Failed to create unit file %s: %m", p
);
106 "# Automatically generated by systemd-cryptsetup-generator\n\n"
108 "Description=Cryptography Setup for %%I\n"
109 "Documentation=man:systemd-cryptsetup@.service(8) man:crypttab(5)\n"
110 "SourcePath=/etc/crypttab\n"
111 "Conflicts=umount.target\n"
112 "DefaultDependencies=no\n"
113 "BindsTo=%s dev-mapper-%%i.device\n"
114 "After=systemd-readahead-collect.service systemd-readahead-replay.service %s\n"
115 "Before=umount.target\n",
120 "Before=cryptsetup.target\n");
122 if (password
&& (streq(password
, "/dev/urandom") ||
123 streq(password
, "/dev/random") ||
124 streq(password
, "/dev/hw_random")))
125 fputs("After=systemd-random-seed-load.service\n", f
);
127 fputs("Before=local-fs.target\n", f
);
132 "RemainAfterExit=yes\n"
133 "TimeoutSec=0\n" /* the binary handles timeouts anyway */
134 "ExecStart=" SYSTEMD_CRYPTSETUP_PATH
" attach '%s' '%s' '%s' '%s'\n"
135 "ExecStop=" SYSTEMD_CRYPTSETUP_PATH
" detach '%s'\n",
136 name
, u
, strempty(password
), strempty(options
),
139 if (has_option(options
, "tmp"))
141 "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
144 if (has_option(options
, "swap"))
146 "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
152 log_error("Failed to write file %s: %m", p
);
156 if (asprintf(&from
, "../%s", n
) < 0)
161 to
= strjoin(arg_dest
, "/", d
, ".wants/", n
, NULL
);
165 mkdir_parents_label(to
, 0755);
166 if (symlink(from
, to
) < 0) {
167 log_error("Failed to create symlink '%s' to '%s': %m", from
, to
);
173 to
= strjoin(arg_dest
, "/cryptsetup.target.requires/", n
, NULL
);
175 to
= strjoin(arg_dest
, "/cryptsetup.target.wants/", n
, NULL
);
179 mkdir_parents_label(to
, 0755);
180 if (symlink(from
, to
) < 0) {
181 log_error("Failed to create symlink '%s' to '%s': %m", from
, to
);
186 e
= unit_name_escape(name
);
191 to
= strjoin(arg_dest
, "/dev-mapper-", e
, ".device.requires/", n
, NULL
);
195 mkdir_parents_label(to
, 0755);
196 if (symlink(from
, to
) < 0) {
197 log_error("Failed to create symlink '%s' to '%s': %m", from
, to
);
204 static int parse_proc_cmdline(char ***arg_proc_cmdline_disks
) {
205 char _cleanup_free_
*line
= NULL
;
206 char *w
= NULL
, *state
= NULL
;
210 if (detect_container(NULL
) > 0)
213 r
= read_one_line_file("/proc/cmdline", &line
);
215 log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r
));
219 FOREACH_WORD_QUOTED(w
, l
, line
, state
) {
220 char _cleanup_free_
*word
= NULL
;
222 word
= strndup(w
, l
);
226 if (startswith(word
, "luks=")) {
227 r
= parse_boolean(word
+ 5);
229 log_warning("Failed to parse luks switch %s. Ignoring.", word
+ 5);
233 } else if (startswith(word
, "rd.luks=")) {
236 r
= parse_boolean(word
+ 8);
238 log_warning("Failed to parse luks switch %s. Ignoring.", word
+ 8);
243 } else if (startswith(word
, "luks.crypttab=")) {
244 r
= parse_boolean(word
+ 14);
246 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", word
+ 14);
248 arg_read_crypttab
= r
;
250 } else if (startswith(word
, "rd.luks.crypttab=")) {
253 r
= parse_boolean(word
+ 17);
255 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", word
+ 17);
257 arg_read_crypttab
= r
;
260 } else if (startswith(word
, "luks.uuid=")) {
263 t
= strv_append(*arg_proc_cmdline_disks
, word
+ 10);
267 strv_free(*arg_proc_cmdline_disks
);
268 *arg_proc_cmdline_disks
= t
;
270 } else if (startswith(word
, "rd.luks.uuid=")) {
275 t
= strv_append(*arg_proc_cmdline_disks
, word
+ 13);
279 strv_free(*arg_proc_cmdline_disks
);
280 *arg_proc_cmdline_disks
= t
;
283 } else if (startswith(word
, "luks.") ||
284 (in_initrd() && startswith(word
, "rd.luks."))) {
286 log_warning("Unknown kernel switch %s. Ignoring.", word
);
290 strv_uniq(*arg_proc_cmdline_disks
);
295 int main(int argc
, char *argv
[]) {
296 FILE _cleanup_fclose_
*f
= NULL
;
298 int r
= EXIT_SUCCESS
;
300 char _cleanup_strv_free_
**arg_proc_cmdline_disks_done
= NULL
;
301 char _cleanup_strv_free_
**arg_proc_cmdline_disks
= NULL
;
303 if (argc
> 1 && argc
!= 4) {
304 log_error("This program takes three or no arguments.");
311 log_set_target(LOG_TARGET_SAFE
);
312 log_parse_environment();
317 if (parse_proc_cmdline(&arg_proc_cmdline_disks
) < 0)
323 if (arg_read_crypttab
) {
324 f
= fopen("/etc/crypttab", "re");
331 log_error("Failed to open /etc/crypttab: %m");
334 char line
[LINE_MAX
], *l
;
335 char _cleanup_free_
*name
= NULL
, *device
= NULL
, *password
= NULL
, *options
= NULL
;
338 if (!fgets(line
, sizeof(line
), f
))
344 if (*l
== '#' || *l
== 0)
347 k
= sscanf(l
, "%ms %ms %ms %ms", &name
, &device
, &password
, &options
);
348 if (k
< 2 || k
> 4) {
349 log_error("Failed to parse /etc/crypttab:%u, ignoring.", n
);
354 if (arg_proc_cmdline_disks
) {
356 If luks UUIDs are specified on the kernel command line, use them as a filter
357 for /etc/crypttab and only generate units for those.
359 STRV_FOREACH(i
, arg_proc_cmdline_disks
) {
360 char _cleanup_free_
*proc_device
= NULL
, *proc_name
= NULL
;
363 if (startswith(p
, "luks-"))
366 proc_name
= strappend("luks-", p
);
367 proc_device
= strappend("UUID=", p
);
369 if (!proc_name
|| !proc_device
)
372 if (streq(proc_device
, device
) || streq(proc_name
, name
)) {
375 if (create_disk(name
, device
, password
, options
) < 0)
378 t
= strv_append(arg_proc_cmdline_disks_done
, p
);
382 strv_free(arg_proc_cmdline_disks_done
);
383 arg_proc_cmdline_disks_done
= t
;
387 if (create_disk(name
, device
, password
, options
) < 0)
393 STRV_FOREACH(i
, arg_proc_cmdline_disks
) {
395 Generate units for those UUIDs, which were specified
396 on the kernel command line and not yet written.
399 char _cleanup_free_
*name
= NULL
, *device
= NULL
;
402 if (startswith(p
, "luks-"))
405 if (strv_contains(arg_proc_cmdline_disks_done
, p
))
408 name
= strappend("luks-", p
);
409 device
= strappend("UUID=", p
);
411 if (!name
|| !device
)
414 if (create_disk(name
, device
, NULL
, "timeout=0") < 0)