1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2013 Lennart Poettering
10 #include <sys/statfs.h>
16 #include "alloc-util.h"
17 #include "blkid-util.h"
18 #include "blockdev-util.h"
19 #include "btrfs-util.h"
20 #include "dirent-util.h"
21 #include "dissect-image.h"
25 #include "fstab-util.h"
26 #include "generator.h"
30 #include "mount-util.h"
31 #include "parse-util.h"
32 #include "path-util.h"
33 #include "proc-cmdline.h"
35 #include "specifier.h"
36 #include "stat-util.h"
37 #include "string-util.h"
38 #include "udev-util.h"
39 #include "unit-name.h"
43 static const char *arg_dest
= "/tmp";
44 static bool arg_enabled
= true;
45 static bool arg_root_enabled
= true;
46 static bool arg_root_rw
= false;
48 static int add_cryptsetup(const char *id
, const char *what
, bool rw
, bool require
, char **device
) {
49 _cleanup_free_
char *e
= NULL
, *n
= NULL
, *d
= NULL
, *id_escaped
= NULL
, *what_escaped
= NULL
;
50 _cleanup_fclose_
FILE *f
= NULL
;
57 r
= unit_name_from_path(what
, ".device", &d
);
59 return log_error_errno(r
, "Failed to generate unit name: %m");
61 e
= unit_name_escape(id
);
65 r
= unit_name_build("systemd-cryptsetup", e
, ".service", &n
);
67 return log_error_errno(r
, "Failed to generate unit name: %m");
69 id_escaped
= specifier_escape(id
);
73 what_escaped
= specifier_escape(what
);
77 p
= strjoina(arg_dest
, "/", n
);
80 return log_error_errno(errno
, "Failed to create unit file %s: %m", p
);
83 "# Automatically generated by systemd-gpt-auto-generator\n\n"
85 "Description=Cryptography Setup for %%I\n"
86 "Documentation=man:systemd-gpt-auto-generator(8) man:systemd-cryptsetup@.service(8)\n"
87 "DefaultDependencies=no\n"
88 "Conflicts=umount.target\n"
89 "BindsTo=dev-mapper-%%i.device %s\n"
90 "Before=umount.target cryptsetup.target\n"
92 "IgnoreOnIsolate=true\n"
95 "RemainAfterExit=yes\n"
96 "TimeoutSec=0\n" /* the binary handles timeouts anyway */
97 "KeyringMode=shared\n" /* make sure we can share cached keys among instances */
98 "ExecStart=" SYSTEMD_CRYPTSETUP_PATH
" attach '%s' '%s' '' '%s'\n"
99 "ExecStop=" SYSTEMD_CRYPTSETUP_PATH
" detach '%s'\n",
101 id_escaped
, what_escaped
, rw
? "" : "read-only",
104 r
= fflush_and_check(f
);
106 return log_error_errno(r
, "Failed to write file %s: %m", p
);
108 r
= generator_add_symlink(arg_dest
, d
, "wants", n
);
115 r
= generator_add_symlink(arg_dest
, "cryptsetup.target", "requires", n
);
119 dmname
= strjoina("dev-mapper-", e
, ".device");
120 r
= generator_add_symlink(arg_dest
, dmname
, "requires", n
);
125 p
= strjoina(arg_dest
, "/dev-mapper-", e
, ".device.d/50-job-timeout-sec-0.conf");
126 mkdir_parents_label(p
, 0755);
127 r
= write_string_file(p
,
128 "# Automatically generated by systemd-gpt-auto-generator\n\n"
131 WRITE_STRING_FILE_CREATE
); /* the binary handles timeouts anyway */
133 return log_error_errno(r
, "Failed to write device drop-in: %m");
138 ret
= strappend("/dev/mapper/", id
);
148 static int add_mount(
155 const char *description
,
158 _cleanup_free_
char *unit
= NULL
, *crypto_what
= NULL
, *p
= NULL
;
159 _cleanup_fclose_
FILE *f
= NULL
;
162 /* Note that we don't apply specifier escaping on the input strings here, since we know they are not configured
163 * externally, but all originate from our own sources here, and hence we know they contain no % characters that
164 * could potentially be understood as specifiers. */
171 log_debug("Adding %s: %s %s", where
, what
, strna(fstype
));
173 if (streq_ptr(fstype
, "crypto_LUKS")) {
175 r
= add_cryptsetup(id
, what
, rw
, true, &crypto_what
);
183 r
= unit_name_from_path(where
, ".mount", &unit
);
185 return log_error_errno(r
, "Failed to generate unit name: %m");
187 p
= strjoin(arg_dest
, "/", unit
);
193 return log_error_errno(errno
, "Failed to create unit file %s: %m", unit
);
196 "# Automatically generated by systemd-gpt-auto-generator\n\n"
199 "Documentation=man:systemd-gpt-auto-generator(8)\n",
203 fprintf(f
, "Before=%s\n", post
);
205 r
= generator_write_fsck_deps(f
, arg_dest
, what
, where
, fstype
);
217 fprintf(f
, "Type=%s\n", fstype
);
220 fprintf(f
, "Options=%s,%s\n", options
, rw
? "rw" : "ro");
222 fprintf(f
, "Options=%s\n", rw
? "rw" : "ro");
224 r
= fflush_and_check(f
);
226 return log_error_errno(r
, "Failed to write unit file %s: %m", p
);
229 return generator_add_symlink(arg_dest
, post
, "requires", unit
);
233 static int path_is_busy(const char *where
) {
236 /* already a mountpoint; generators run during reload */
237 r
= path_is_mount_point(where
, NULL
, AT_SYMLINK_FOLLOW
);
241 /* the directory might not exist on a stateless system */
246 return log_warning_errno(r
, "Cannot check if \"%s\" is a mount point: %m", where
);
248 /* not a mountpoint but it contains files */
249 r
= dir_is_empty(where
);
251 return log_warning_errno(r
, "Cannot check if \"%s\" is empty: %m", where
);
255 log_debug("\"%s\" already populated, ignoring.", where
);
259 static int add_partition_mount(
260 DissectedPartition
*p
,
263 const char *description
) {
268 r
= path_is_busy(where
);
270 return r
< 0 ? r
: 0;
280 SPECIAL_LOCAL_FS_TARGET
);
283 static int add_swap(const char *path
) {
284 _cleanup_free_
char *name
= NULL
, *unit
= NULL
;
285 _cleanup_fclose_
FILE *f
= NULL
;
290 /* Disable the swap auto logic if at least one swap is defined in /etc/fstab, see #6192. */
291 r
= fstab_has_fstype("swap");
293 return log_error_errno(r
, "Failed to parse fstab: %m");
295 log_debug("swap specified in fstab, ignoring.");
299 log_debug("Adding swap: %s", path
);
301 r
= unit_name_from_path(path
, ".swap", &name
);
303 return log_error_errno(r
, "Failed to generate unit name: %m");
305 unit
= strjoin(arg_dest
, "/", name
);
309 f
= fopen(unit
, "wxe");
311 return log_error_errno(errno
, "Failed to create unit file %s: %m", unit
);
314 "# Automatically generated by systemd-gpt-auto-generator\n\n"
316 "Description=Swap Partition\n"
317 "Documentation=man:systemd-gpt-auto-generator(8)\n\n"
322 r
= fflush_and_check(f
);
324 return log_error_errno(r
, "Failed to write unit file %s: %m", unit
);
326 return generator_add_symlink(arg_dest
, SPECIAL_SWAP_TARGET
, "wants", name
);
330 static int add_automount(
337 const char *description
,
340 _cleanup_free_
char *unit
= NULL
;
341 _cleanup_fclose_
FILE *f
= NULL
;
342 const char *opt
= "noauto", *p
;
350 opt
= strjoina(options
, ",", opt
);
363 r
= unit_name_from_path(where
, ".automount", &unit
);
365 return log_error_errno(r
, "Failed to generate unit name: %m");
367 p
= strjoina(arg_dest
, "/", unit
);
370 return log_error_errno(errno
, "Failed to create unit file %s: %m", unit
);
373 "# Automatically generated by systemd-gpt-auto-generator\n\n"
376 "Documentation=man:systemd-gpt-auto-generator(8)\n"
379 "TimeoutIdleSec="USEC_FMT
"\n",
382 timeout
/ USEC_PER_SEC
);
384 r
= fflush_and_check(f
);
386 return log_error_errno(r
, "Failed to write unit file %s: %m", p
);
388 return generator_add_symlink(arg_dest
, SPECIAL_LOCAL_FS_TARGET
, "wants", unit
);
391 static int add_esp(DissectedPartition
*p
) {
398 log_debug("In initrd, ignoring the ESP.");
402 /* If /efi exists we'll use that. Otherwise we'll use /boot, as that's usually the better choice */
403 esp
= access("/efi/", F_OK
) >= 0 ? "/efi" : "/boot";
405 /* We create an .automount which is not overridden by the .mount from the fstab generator. */
406 r
= fstab_is_mount_point(esp
);
408 return log_error_errno(r
, "Failed to parse fstab: %m");
410 log_debug("%s specified in fstab, ignoring.", esp
);
414 r
= path_is_busy(esp
);
416 return r
< 0 ? r
: 0;
419 sd_id128_t loader_uuid
;
421 /* If this is an EFI boot, be extra careful, and only mount the ESP if it was the ESP used for booting. */
423 r
= efi_loader_get_device_part_uuid(&loader_uuid
);
425 log_debug("EFI loader partition unknown.");
429 return log_error_errno(r
, "Failed to read ESP partition UUID: %m");
431 if (!sd_id128_equal(p
->uuid
, loader_uuid
)) {
432 log_debug("Partition for %s does not appear to be the partition we are booted from.", esp
);
436 log_debug("Not an EFI boot, skipping ESP check.");
438 return add_automount("boot",
444 "EFI System Partition Automount",
448 static int add_esp(DissectedPartition
*p
) {
453 static int open_parent(dev_t devnum
, int *ret
) {
454 _cleanup_(udev_device_unrefp
) struct udev_device
*d
= NULL
;
455 _cleanup_(udev_unrefp
) struct udev
*udev
= NULL
;
456 const char *name
, *devtype
, *node
;
457 struct udev_device
*parent
;
467 d
= udev_device_new_from_devnum(udev
, 'b', devnum
);
471 name
= udev_device_get_devnode(d
);
473 name
= udev_device_get_syspath(d
);
475 log_debug("Device %u:%u does not have a name, ignoring.", major(devnum
), minor(devnum
));
479 parent
= udev_device_get_parent(d
);
481 log_debug("%s: not a partitioned device, ignoring.", name
);
485 /* Does it have a devtype? */
486 devtype
= udev_device_get_devtype(parent
);
488 log_debug("%s: parent doesn't have a device type, ignoring.", name
);
492 /* Is this a disk or a partition? We only care for disks... */
493 if (!streq(devtype
, "disk")) {
494 log_debug("%s: parent isn't a raw disk, ignoring.", name
);
498 /* Does it have a device node? */
499 node
= udev_device_get_devnode(parent
);
501 log_debug("%s: parent device does not have device node, ignoring.", name
);
505 log_debug("%s: root device %s.", name
, node
);
507 pn
= udev_device_get_devnum(parent
);
508 if (major(pn
) == 0) {
509 log_debug("%s: parent device is not a proper block device, ignoring.", name
);
513 fd
= open(node
, O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
515 return log_error_errno(errno
, "Failed to open %s: %m", node
);
525 static int enumerate_partitions(dev_t devnum
) {
527 _cleanup_close_
int fd
= -1;
528 _cleanup_(dissected_image_unrefp
) DissectedImage
*m
= NULL
;
531 r
= open_parent(devnum
, &fd
);
535 r
= dissect_image(fd
, NULL
, 0, DISSECT_IMAGE_GPT_ONLY
, &m
);
537 log_debug_errno(r
, "No suitable partition table found, ignoring.");
541 return log_error_errno(r
, "Failed to dissect: %m");
543 if (m
->partitions
[PARTITION_SWAP
].found
) {
544 k
= add_swap(m
->partitions
[PARTITION_SWAP
].node
);
549 if (m
->partitions
[PARTITION_ESP
].found
) {
550 k
= add_esp(m
->partitions
+ PARTITION_ESP
);
555 if (m
->partitions
[PARTITION_HOME
].found
) {
556 k
= add_partition_mount(m
->partitions
+ PARTITION_HOME
, "home", "/home", "Home Partition");
561 if (m
->partitions
[PARTITION_SRV
].found
) {
562 k
= add_partition_mount(m
->partitions
+ PARTITION_SRV
, "srv", "/srv", "Server Data Partition");
570 static int parse_proc_cmdline_item(const char *key
, const char *value
, void *data
) {
575 if (STR_IN_SET(key
, "systemd.gpt_auto", "rd.systemd.gpt_auto")) {
577 r
= value
? parse_boolean(value
) : 1;
579 log_warning("Failed to parse gpt-auto switch \"%s\". Ignoring.", value
);
583 } else if (streq(key
, "root")) {
585 if (proc_cmdline_value_missing(key
, value
))
588 /* Disable root disk logic if there's a root= value
589 * specified (unless it happens to be "gpt-auto") */
591 arg_root_enabled
= streq(value
, "gpt-auto");
593 } else if (streq(key
, "roothash")) {
595 if (proc_cmdline_value_missing(key
, value
))
598 /* Disable root disk logic if there's roothash= defined (i.e. verity enabled) */
600 arg_root_enabled
= false;
602 } else if (streq(key
, "rw") && !value
)
604 else if (streq(key
, "ro") && !value
)
611 static int add_root_cryptsetup(void) {
613 /* If a device /dev/gpt-auto-root-luks appears, then make it pull in systemd-cryptsetup-root.service, which
614 * sets it up, and causes /dev/gpt-auto-root to appear which is all we are looking for. */
616 return add_cryptsetup("root", "/dev/gpt-auto-root-luks", true, false, NULL
);
620 static int add_root_mount(void) {
625 if (!is_efi_boot()) {
626 log_debug("Not a EFI boot, not creating root mount.");
630 r
= efi_loader_get_device_part_uuid(NULL
);
632 log_debug("EFI loader partition unknown, exiting.");
635 return log_error_errno(r
, "Failed to read ESP partition UUID: %m");
637 /* OK, we have an ESP partition, this is fantastic, so let's
638 * wait for a root device to show up. A udev rule will create
639 * the link for us under the right name. */
642 r
= generator_write_initrd_root_device_deps(arg_dest
, "/dev/gpt-auto-root");
646 r
= add_root_cryptsetup();
653 "/dev/gpt-auto-root",
654 in_initrd() ? "/sysroot" : "/",
659 in_initrd() ? SPECIAL_INITRD_ROOT_FS_TARGET
: SPECIAL_LOCAL_FS_TARGET
);
665 static int add_mounts(void) {
669 r
= get_block_device_harder("/", &devno
);
671 return log_error_errno(r
, "Failed to determine block device of root file system: %m");
673 r
= get_block_device_harder("/usr", &devno
);
675 return log_error_errno(r
, "Failed to determine block device of /usr file system: %m");
677 log_debug("Neither root nor /usr file system are on a (single) block device.");
682 return enumerate_partitions(devno
);
685 int main(int argc
, char *argv
[]) {
688 if (argc
> 1 && argc
!= 4) {
689 log_error("This program takes three or no arguments.");
696 log_set_prohibit_ipc(true);
697 log_set_target(LOG_TARGET_AUTO
);
698 log_parse_environment();
703 if (detect_container() > 0) {
704 log_debug("In a container, exiting.");
708 r
= proc_cmdline_parse(parse_proc_cmdline_item
, NULL
, 0);
710 log_warning_errno(r
, "Failed to parse kernel command line, ignoring: %m");
713 log_debug("Disabled, exiting.");
717 if (arg_root_enabled
)
718 r
= add_root_mount();
728 return r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
;