]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/cryptsetup/cryptsetup-generator.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
28 #include "unit-name.h"
32 #include "path-util.h"
34 #include "generator.h"
36 static const char *arg_dest
= "/tmp";
37 static bool arg_enabled
= true;
38 static bool arg_read_crypttab
= true;
39 static char **arg_disks
= NULL
;
40 static char **arg_options
= NULL
;
41 static char *arg_keyfile
= NULL
;
43 static bool has_option(const char *haystack
, const char *needle
) {
44 const char *f
= haystack
;
54 while ((f
= strstr(f
, needle
))) {
56 if (f
> haystack
&& f
[-1] != ',') {
61 if (f
[l
] != 0 && f
[l
] != ',') {
72 static int create_disk(
76 const char *options
) {
78 _cleanup_free_
char *p
= NULL
, *n
= NULL
, *d
= NULL
, *u
= NULL
, *to
= NULL
, *e
= NULL
,
80 _cleanup_fclose_
FILE *f
= NULL
;
81 bool noauto
, nofail
, tmp
, swap
;
88 noauto
= has_option(options
, "noauto");
89 nofail
= has_option(options
, "nofail");
90 tmp
= has_option(options
, "tmp");
91 swap
= has_option(options
, "swap");
94 log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name
);
98 e
= unit_name_escape(name
);
102 n
= unit_name_build("systemd-cryptsetup", e
, ".service");
106 p
= strjoin(arg_dest
, "/", n
, NULL
);
110 u
= fstab_node_to_udev_node(device
);
114 d
= unit_name_from_path(u
, ".device");
120 log_error("Failed to create unit file %s: %m", p
);
125 "# Automatically generated by systemd-cryptsetup-generator\n\n"
127 "Description=Cryptography Setup for %I\n"
128 "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
129 "SourcePath=/etc/crypttab\n"
130 "DefaultDependencies=no\n"
131 "Conflicts=umount.target\n"
132 "BindsTo=dev-mapper-%i.device\n"
133 "IgnoreOnIsolate=true\n"
134 "After=cryptsetup-pre.target\n",
139 "Before=cryptsetup.target\n");
142 if (STR_IN_SET(password
, "/dev/urandom", "/dev/random", "/dev/hw_random"))
143 fputs("After=systemd-random-seed.service\n", f
);
144 else if (!streq(password
, "-") && !streq(password
, "none")) {
145 _cleanup_free_
char *uu
;
147 uu
= fstab_node_to_udev_node(password
);
151 if (!path_equal(uu
, "/dev/null")) {
153 if (is_device_path(uu
)) {
154 _cleanup_free_
char *dd
;
156 dd
= unit_name_from_path(uu
, ".device");
160 fprintf(f
, "After=%1$s\nRequires=%1$s\n", dd
);
162 fprintf(f
, "RequiresMountsFor=%s\n", password
);
167 if (is_device_path(u
))
171 "Before=umount.target\n",
175 "RequiresMountsFor=%s\n",
178 r
= generator_write_timeouts(arg_dest
, device
, name
, options
, &filtered
);
185 "RemainAfterExit=yes\n"
186 "TimeoutSec=0\n" /* the binary handles timeouts anyway */
187 "ExecStart=" SYSTEMD_CRYPTSETUP_PATH
" attach '%s' '%s' '%s' '%s'\n"
188 "ExecStop=" SYSTEMD_CRYPTSETUP_PATH
" detach '%s'\n",
189 name
, u
, strempty(password
), strempty(filtered
),
194 "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
199 "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
204 log_error("Failed to write file %s: %m", p
);
208 from
= strappenda("../", n
);
212 to
= strjoin(arg_dest
, "/", d
, ".wants/", n
, NULL
);
216 mkdir_parents_label(to
, 0755);
217 if (symlink(from
, to
) < 0) {
218 log_error("Failed to create symlink %s: %m", to
);
224 to
= strjoin(arg_dest
, "/cryptsetup.target.requires/", n
, NULL
);
226 to
= strjoin(arg_dest
, "/cryptsetup.target.wants/", n
, NULL
);
230 mkdir_parents_label(to
, 0755);
231 if (symlink(from
, to
) < 0) {
232 log_error("Failed to create symlink %s: %m", to
);
238 to
= strjoin(arg_dest
, "/dev-mapper-", e
, ".device.requires/", n
, NULL
);
242 mkdir_parents_label(to
, 0755);
243 if (symlink(from
, to
) < 0) {
244 log_error("Failed to create symlink %s: %m", to
);
248 if (!noauto
&& !nofail
) {
249 r
= write_drop_in(arg_dest
, name
, 90, "device-timeout",
250 "# Automatically generated by systemd-cryptsetup-generator \n\n"
251 "[Unit]\nJobTimeoutSec=0");
253 log_error("Failed to write device drop-in: %s", strerror(-r
));
261 static int parse_proc_cmdline_item(const char *key
, const char *value
) {
264 if (STR_IN_SET(key
, "luks", "rd.luks") && value
) {
266 r
= parse_boolean(value
);
268 log_warning("Failed to parse luks switch %s. Ignoring.", value
);
272 } else if (STR_IN_SET(key
, "luks.crypttab", "rd.luks.crypttab") && value
) {
274 r
= parse_boolean(value
);
276 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", value
);
278 arg_read_crypttab
= r
;
280 } else if (STR_IN_SET(key
, "luks.uuid", "rd.luks.uuid") && value
) {
282 if (strv_extend(&arg_disks
, value
) < 0)
285 } else if (STR_IN_SET(key
, "luks.options", "rd.luks.options") && value
) {
287 if (strv_extend(&arg_options
, value
) < 0)
290 } else if (STR_IN_SET(key
, "luks.key", "rd.luks.key") && value
) {
293 arg_keyfile
= strdup(value
);
302 int main(int argc
, char *argv
[]) {
303 _cleanup_strv_free_
char **disks_done
= NULL
;
304 _cleanup_fclose_
FILE *f
= NULL
;
306 int r
= EXIT_FAILURE
, r2
= EXIT_FAILURE
;
309 if (argc
> 1 && argc
!= 4) {
310 log_error("This program takes three or no arguments.");
317 log_set_target(LOG_TARGET_SAFE
);
318 log_parse_environment();
323 if (parse_proc_cmdline(parse_proc_cmdline_item
) < 0)
327 r
= r2
= EXIT_SUCCESS
;
331 strv_uniq(arg_disks
);
333 if (arg_read_crypttab
) {
336 f
= fopen("/etc/crypttab", "re");
341 log_error("Failed to open /etc/crypttab: %m");
346 if (fstat(fileno(f
), &st
) < 0) {
347 log_error("Failed to stat /etc/crypttab: %m");
351 /* If we readd support for specifying passphrases
352 * directly in crypttabe we should upgrade the warning
353 * below, though possibly only if a passphrase is
354 * specified directly. */
355 if (st
.st_mode
& 0005)
356 log_debug("/etc/crypttab is world-readable. This is usually not a good idea.");
359 char line
[LINE_MAX
], *l
;
360 _cleanup_free_
char *name
= NULL
, *device
= NULL
, *password
= NULL
, *options
= NULL
;
363 if (!fgets(line
, sizeof(line
), f
))
369 if (*l
== '#' || *l
== 0)
372 k
= sscanf(l
, "%ms %ms %ms %ms", &name
, &device
, &password
, &options
);
373 if (k
< 2 || k
> 4) {
374 log_error("Failed to parse /etc/crypttab:%u, ignoring.", n
);
379 If options are specified on the kernel commandline, let them override
380 the ones from crypttab.
382 STRV_FOREACH(i
, arg_options
) {
383 _cleanup_free_
char *proc_uuid
= NULL
, *proc_options
= NULL
;
386 k
= sscanf(p
, "%m[0-9a-fA-F-]=%ms", &proc_uuid
, &proc_options
);
387 if (k
== 2 && streq(proc_uuid
, device
+ 5)) {
399 If luks UUIDs are specified on the kernel command line, use them as a filter
400 for /etc/crypttab and only generate units for those.
402 STRV_FOREACH(i
, arg_disks
) {
403 _cleanup_free_
char *proc_device
= NULL
, *proc_name
= NULL
;
406 if (startswith(p
, "luks-"))
409 proc_name
= strappend("luks-", p
);
410 proc_device
= strappend("UUID=", p
);
412 if (!proc_name
|| !proc_device
) {
417 if (streq(proc_device
, device
) || streq(proc_name
, name
)) {
418 if (create_disk(name
, device
, password
, options
) < 0)
421 if (strv_extend(&disks_done
, p
) < 0) {
427 } else if (create_disk(name
, device
, password
, options
) < 0)
436 STRV_FOREACH(i
, arg_disks
) {
438 Generate units for those UUIDs, which were specified
439 on the kernel command line and not yet written.
442 _cleanup_free_
char *name
= NULL
, *device
= NULL
, *options
= NULL
;
445 if (startswith(p
, "luks-"))
448 if (strv_contains(disks_done
, p
))
451 name
= strappend("luks-", p
);
452 device
= strappend("UUID=", p
);
454 if (!name
|| !device
) {
461 If options are specified on the kernel commandline, use them.
465 STRV_FOREACH(j
, arg_options
) {
466 _cleanup_free_
char *proc_uuid
= NULL
, *proc_options
= NULL
;
470 k
= sscanf(s
, "%m[0-9a-fA-F-]=%ms", &proc_uuid
, &proc_options
);
472 if (streq(proc_uuid
, device
+ 5)) {
474 options
= proc_options
;
477 } else if (!options
) {
479 Fall back to options without a specified UUID
491 options
= strdup("timeout=0");
498 if (create_disk(name
, device
, arg_keyfile
, options
) < 0)
505 strv_free(arg_disks
);
506 strv_free(arg_options
);
509 return r
!= EXIT_SUCCESS
? r
: r2
;