]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/cryptsetup/cryptsetup-generator.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
28 #include "unit-name.h"
33 static const char *arg_dest
= "/tmp";
34 static bool arg_enabled
= true;
35 static bool arg_read_crypttab
= true;
36 static char **arg_disks
= NULL
;
37 static char **arg_options
= NULL
;
38 static char *arg_keyfile
= NULL
;
40 static bool has_option(const char *haystack
, const char *needle
) {
41 const char *f
= haystack
;
51 while ((f
= strstr(f
, needle
))) {
53 if (f
> haystack
&& f
[-1] != ',') {
58 if (f
[l
] != 0 && f
[l
] != ',') {
69 static int create_disk(
73 const char *options
) {
75 _cleanup_free_
char *p
= NULL
, *n
= NULL
, *d
= NULL
, *u
= NULL
, *to
= NULL
, *e
= NULL
;
76 _cleanup_fclose_
FILE *f
= NULL
;
77 bool noauto
, nofail
, tmp
, swap
;
84 noauto
= has_option(options
, "noauto");
85 nofail
= has_option(options
, "nofail");
86 tmp
= has_option(options
, "tmp");
87 swap
= has_option(options
, "swap");
90 log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name
);
94 e
= unit_name_escape(name
);
98 n
= unit_name_build("systemd-cryptsetup", e
, ".service");
102 p
= strjoin(arg_dest
, "/", n
, NULL
);
106 u
= fstab_node_to_udev_node(device
);
110 d
= unit_name_from_path(u
, ".device");
116 log_error("Failed to create unit file %s: %m", p
);
121 "# Automatically generated by systemd-cryptsetup-generator\n\n"
123 "Description=Cryptography Setup for %I\n"
124 "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
125 "SourcePath=/etc/crypttab\n"
126 "DefaultDependencies=no\n"
127 "Conflicts=umount.target\n"
128 "BindsTo=dev-mapper-%i.device\n"
129 "IgnoreOnIsolate=true\n"
130 "After=systemd-readahead-collect.service systemd-readahead-replay.service cryptsetup-pre.target\n",
135 "Before=cryptsetup.target\n");
138 if (STR_IN_SET(password
, "/dev/urandom", "/dev/random", "/dev/hw_random"))
139 fputs("After=systemd-random-seed.service\n", f
);
140 else if (!streq(password
, "-") && !streq(password
, "none")) {
141 _cleanup_free_
char *uu
;
143 uu
= fstab_node_to_udev_node(password
);
147 if (is_device_path(uu
)) {
148 _cleanup_free_
char *dd
;
150 dd
= unit_name_from_path(uu
, ".device");
154 fprintf(f
, "After=%1$s\nRequires=%1$s\n", dd
);
156 fprintf(f
, "RequiresMountsFor=%s\n", password
);
160 if (is_device_path(u
))
164 "Before=umount.target\n",
168 "RequiresMountsFor=%s\n",
174 "RemainAfterExit=yes\n"
175 "TimeoutSec=0\n" /* the binary handles timeouts anyway */
176 "ExecStart=" SYSTEMD_CRYPTSETUP_PATH
" attach '%s' '%s' '%s' '%s'\n"
177 "ExecStop=" SYSTEMD_CRYPTSETUP_PATH
" detach '%s'\n",
178 name
, u
, strempty(password
), strempty(options
),
183 "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
188 "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
193 log_error("Failed to write file %s: %m", p
);
197 from
= strappenda("../", n
);
201 to
= strjoin(arg_dest
, "/", d
, ".wants/", n
, NULL
);
205 mkdir_parents_label(to
, 0755);
206 if (symlink(from
, to
) < 0) {
207 log_error("Failed to create symlink %s: %m", to
);
213 to
= strjoin(arg_dest
, "/cryptsetup.target.requires/", n
, NULL
);
215 to
= strjoin(arg_dest
, "/cryptsetup.target.wants/", n
, NULL
);
219 mkdir_parents_label(to
, 0755);
220 if (symlink(from
, to
) < 0) {
221 log_error("Failed to create symlink %s: %m", to
);
227 to
= strjoin(arg_dest
, "/dev-mapper-", e
, ".device.requires/", n
, NULL
);
231 mkdir_parents_label(to
, 0755);
232 if (symlink(from
, to
) < 0) {
233 log_error("Failed to create symlink %s: %m", to
);
237 if (!noauto
&& !nofail
) {
240 p
= strjoin(arg_dest
, "/dev-mapper-", e
, ".device.d/50-job-timeout-sec-0.conf", NULL
);
244 mkdir_parents_label(p
, 0755);
245 r
= write_string_file(p
,
246 "# Automatically generated by systemd-cryptsetup-generator\n\n"
248 "JobTimeoutSec=0\n"); /* the binary handles timeouts anyway */
250 log_error("Failed to write device drop-in: %s", strerror(-r
));
258 static int parse_proc_cmdline_item(const char *key
, const char *value
) {
261 if (STR_IN_SET(key
, "luks", "rd.luks") && value
) {
263 r
= parse_boolean(value
);
265 log_warning("Failed to parse luks switch %s. Ignoring.", value
);
269 } else if (STR_IN_SET(key
, "luks.crypttab", "rd.luks.crypttab") && value
) {
271 r
= parse_boolean(value
);
273 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", value
);
275 arg_read_crypttab
= r
;
277 } else if (STR_IN_SET(key
, "luks.uuid", "rd.luks.uuid") && value
) {
279 if (strv_extend(&arg_disks
, value
) < 0)
282 } else if (STR_IN_SET(key
, "luks.options", "rd.luks.options") && value
) {
284 if (strv_extend(&arg_options
, value
) < 0)
287 } else if (STR_IN_SET(key
, "luks.key", "rd.luks.key") && value
) {
290 arg_keyfile
= strdup(value
);
294 } else if (startswith(key
, "luks.") || startswith(key
, "rd.luks."))
295 log_warning("Unknown kernel switch %s. Ignoring.", key
);
300 int main(int argc
, char *argv
[]) {
301 _cleanup_strv_free_
char **disks_done
= NULL
;
302 _cleanup_fclose_
FILE *f
= NULL
;
304 int r
= EXIT_FAILURE
, r2
= EXIT_FAILURE
;
307 if (argc
> 1 && argc
!= 4) {
308 log_error("This program takes three or no arguments.");
315 log_set_target(LOG_TARGET_SAFE
);
316 log_parse_environment();
321 if (parse_proc_cmdline(parse_proc_cmdline_item
) < 0)
325 r
= r2
= EXIT_SUCCESS
;
329 strv_uniq(arg_disks
);
331 if (arg_read_crypttab
) {
334 f
= fopen("/etc/crypttab", "re");
339 log_error("Failed to open /etc/crypttab: %m");
344 if (fstat(fileno(f
), &st
) < 0) {
345 log_error("Failed to stat /etc/crypttab: %m");
349 /* If we readd support for specifying passphrases
350 * directly in crypttabe we should upgrade the warning
351 * below, though possibly only if a passphrase is
352 * specified directly. */
353 if (st
.st_mode
& 0005)
354 log_debug("/etc/crypttab is world-readable. This is usually not a good idea.");
357 char line
[LINE_MAX
], *l
;
358 _cleanup_free_
char *name
= NULL
, *device
= NULL
, *password
= NULL
, *options
= NULL
;
361 if (!fgets(line
, sizeof(line
), f
))
367 if (*l
== '#' || *l
== 0)
370 k
= sscanf(l
, "%ms %ms %ms %ms", &name
, &device
, &password
, &options
);
371 if (k
< 2 || k
> 4) {
372 log_error("Failed to parse /etc/crypttab:%u, ignoring.", n
);
377 If options are specified on the kernel commandline, let them override
378 the ones from crypttab.
380 STRV_FOREACH(i
, arg_options
) {
381 _cleanup_free_
char *proc_uuid
= NULL
, *proc_options
= NULL
;
384 k
= sscanf(p
, "%m[0-9a-fA-F-]=%ms", &proc_uuid
, &proc_options
);
385 if (k
== 2 && streq(proc_uuid
, device
+ 5)) {
397 If luks UUIDs are specified on the kernel command line, use them as a filter
398 for /etc/crypttab and only generate units for those.
400 STRV_FOREACH(i
, arg_disks
) {
401 _cleanup_free_
char *proc_device
= NULL
, *proc_name
= NULL
;
404 if (startswith(p
, "luks-"))
407 proc_name
= strappend("luks-", p
);
408 proc_device
= strappend("UUID=", p
);
410 if (!proc_name
|| !proc_device
) {
415 if (streq(proc_device
, device
) || streq(proc_name
, name
)) {
416 if (create_disk(name
, device
, password
, options
) < 0)
419 if (strv_extend(&disks_done
, p
) < 0) {
425 } else if (create_disk(name
, device
, password
, options
) < 0)
434 STRV_FOREACH(i
, arg_disks
) {
436 Generate units for those UUIDs, which were specified
437 on the kernel command line and not yet written.
440 _cleanup_free_
char *name
= NULL
, *device
= NULL
, *options
= NULL
;
443 if (startswith(p
, "luks-"))
446 if (strv_contains(disks_done
, p
))
449 name
= strappend("luks-", p
);
450 device
= strappend("UUID=", p
);
452 if (!name
|| !device
) {
459 If options are specified on the kernel commandline, use them.
463 STRV_FOREACH(j
, arg_options
) {
464 _cleanup_free_
char *proc_uuid
= NULL
, *proc_options
= NULL
;
468 k
= sscanf(s
, "%m[0-9a-fA-F-]=%ms", &proc_uuid
, &proc_options
);
470 if (streq(proc_uuid
, device
+ 5)) {
472 options
= proc_options
;
475 } else if (!options
) {
477 Fall back to options without a specified UUID
489 options
= strdup("timeout=0");
496 if (create_disk(name
, device
, arg_keyfile
, options
) < 0)
503 strv_free(arg_disks
);
504 strv_free(arg_options
);
507 return r
!= EXIT_SUCCESS
? r
: r2
;