]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/gpt-auto-generator/gpt-auto-generator.c
projects / thirdparty / systemd.git / blob
? search:


8ed8f15bbd9c696a82a0265ec87a92c8d96ba917
[thirdparty/systemd.git] / src / gpt-auto-generator / gpt-auto-generator.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <sys/file.h>
4
5 #include "sd-id128.h"
6
7 #include "alloc-util.h"
8 #include "blockdev-util.h"
9 #include "device-util.h"
10 #include "devnum-util.h"
11 #include "dissect-image.h"
12 #include "dropin.h"
13 #include "efi-loader.h"
14 #include "efivars.h"
15 #include "errno-util.h"
16 #include "factory-reset.h"
17 #include "fd-util.h"
18 #include "fileio.h"
19 #include "fstab-util.h"
20 #include "generator.h"
21 #include "gpt.h"
22 #include "hexdecoct.h"
23 #include "image-policy.h"
24 #include "initrd-util.h"
25 #include "loop-util.h"
26 #include "mountpoint-util.h"
27 #include "parse-util.h"
28 #include "path-util.h"
29 #include "proc-cmdline.h"
30 #include "special.h"
31 #include "stat-util.h"
32 #include "string-util.h"
33 #include "strv.h"
34 #include "time-util.h"
35 #include "unit-name.h"
36 #include "virt.h"
37
38 typedef enum MountPointFlags {
39 MOUNT_RW = 1 << 0,
40 MOUNT_GROWFS = 1 << 1,
41 MOUNT_MEASURE = 1 << 2,
42 MOUNT_VALIDATEFS = 1 << 3,
43 } MountPointFlags;
44
45 static const char *arg_dest = NULL;
46 static const char *arg_dest_late = NULL;
47 static bool arg_enabled = true;
48 static GptAutoRoot arg_auto_root = _GPT_AUTO_ROOT_INVALID;
49 static GptAutoRoot arg_auto_usr = _GPT_AUTO_ROOT_INVALID;
50 static VeritySettings arg_verity_settings = VERITY_SETTINGS_DEFAULT;
51 static bool arg_swap_enabled = true;
52 static char *arg_root_fstype = NULL;
53 static char *arg_root_options = NULL;
54 static int arg_root_rw = -1;
55 static char *arg_usr_fstype = NULL;
56 static char *arg_usr_options = NULL;
57 static ImagePolicy *arg_image_policy = NULL;
58 static ImageFilter *arg_image_filter = NULL;
59
60 STATIC_DESTRUCTOR_REGISTER(arg_root_fstype, freep);
61 STATIC_DESTRUCTOR_REGISTER(arg_root_options, freep);
62 STATIC_DESTRUCTOR_REGISTER(arg_usr_fstype, freep);
63 STATIC_DESTRUCTOR_REGISTER(arg_usr_options, freep);
64 STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep);
65 STATIC_DESTRUCTOR_REGISTER(arg_image_filter, image_filter_freep);
66
67 #define LOADER_PARTITION_IDLE_USEC (120 * USEC_PER_SEC)
68
69 static int add_cryptsetup(
70 const char *id,
71 const char *what,
72 const char *mount_opts,
73 MountPointFlags flags,
74 bool require,
75 char **ret_device) {
76
77 #if HAVE_LIBCRYPTSETUP
78 _cleanup_free_ char *e = NULL, *n = NULL, *d = NULL, *options = NULL;
79 _cleanup_fclose_ FILE *f = NULL;
80 int r;
81
82 assert(id);
83 assert(what);
84
85 r = unit_name_from_path(what, ".device", &d);
86 if (r < 0)
87 return log_error_errno(r, "Failed to generate unit name: %m");
88
89 e = unit_name_escape(id);
90 if (!e)
91 return log_oom();
92
93 r = unit_name_build("systemd-cryptsetup", e, ".service", &n);
94 if (r < 0)
95 return log_error_errno(r, "Failed to generate unit name: %m");
96
97 r = generator_open_unit_file(arg_dest_late, /* source = */ NULL, n, &f);
98 if (r < 0)
99 return r;
100
101 r = generator_write_cryptsetup_unit_section(f, NULL);
102 if (r < 0)
103 return r;
104
105 fprintf(f,
106 "Before=umount.target cryptsetup.target\n"
107 "Conflicts=umount.target\n"
108 "BindsTo=%s\n"
109 "After=%s\n",
110 d, d);
111
112 if (!FLAGS_SET(flags, MOUNT_RW)) {
113 options = strdup("read-only");
114 if (!options)
115 return log_oom();
116 }
117
118 r = efi_measured_uki(LOG_WARNING);
119 if (r > 0)
120 /* Enable TPM2 based unlocking automatically, if we have a TPM. See #30176. */
121 if (!strextend_with_separator(&options, ",", "tpm2-device=auto"))
122 return log_oom();
123
124 if (FLAGS_SET(flags, MOUNT_MEASURE)) {
125 /* We only measure the root volume key into PCR 15 if we are booted with sd-stub (i.e. in a
126 * UKI), and sd-stub measured the UKI. We do this in order not to step into people's own PCR
127 * assignment, under the assumption that people who are fine to use sd-stub with its PCR
128 * assignments are also OK with our PCR 15 use here. */
129 if (r > 0)
130 if (!strextend_with_separator(&options, ",", "tpm2-measure-pcr=yes"))
131 return log_oom();
132 if (r == 0)
133 log_debug("Will not measure volume key of volume '%s', not booted via systemd-stub with measurements enabled.", id);
134 }
135
136 r = generator_write_cryptsetup_service_section(f, id, what, NULL, options);
137 if (r < 0)
138 return r;
139
140 r = fflush_and_check(f);
141 if (r < 0)
142 return log_error_errno(r, "Failed to write file %s: %m", n);
143
144 r = generator_write_device_timeout(arg_dest_late, what, mount_opts, /* filtered = */ NULL);
145 if (r < 0)
146 return r;
147
148 r = generator_add_symlink(arg_dest_late, d, "wants", n);
149 if (r < 0)
150 return r;
151
152 const char *dmname = strjoina("dev-mapper-", e, ".device");
153
154 if (require) {
155 r = generator_add_symlink(arg_dest_late, "cryptsetup.target", "requires", n);
156 if (r < 0)
157 return r;
158
159 r = generator_add_symlink(arg_dest_late, dmname, "requires", n);
160 if (r < 0)
161 return r;
162 }
163
164 r = write_drop_in_format(arg_dest_late, dmname, 50, "job-timeout",
165 "# Automatically generated by systemd-gpt-auto-generator\n\n"
166 "[Unit]\n"
167 "JobTimeoutSec=infinity"); /* the binary handles timeouts anyway */
168 if (r < 0)
169 log_warning_errno(r, "Failed to write device timeout drop-in, ignoring: %m");
170
171 if (ret_device) {
172 char *s;
173
174 s = path_join("/dev/mapper", id);
175 if (!s)
176 return log_oom();
177
178 *ret_device = s;
179 }
180
181 return 0;
182 #else
183 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
184 "Partition is encrypted, but systemd-gpt-auto-generator was compiled without libcryptsetup support.");
185 #endif
186 }
187
188 #if ENABLE_EFI
189 static int add_veritysetup(
190 const char *id,
191 const char *data_what,
192 const char *hash_what,
193 const char *mount_opts) {
194
195 #if HAVE_LIBCRYPTSETUP
196 int r;
197
198 assert(id);
199 assert(data_what);
200 assert(hash_what);
201
202 _cleanup_free_ char *dd = NULL;
203 r = unit_name_from_path(data_what, ".device", &dd);
204 if (r < 0)
205 return log_error_errno(r, "Failed to generate data device unit name: %m");
206
207 _cleanup_free_ char *dh = NULL;
208 r = unit_name_from_path(hash_what, ".device", &dh);
209 if (r < 0)
210 return log_error_errno(r, "Failed to generate hash device unit name: %m");
211
212 _cleanup_free_ char *e = unit_name_escape(id);
213 if (!e)
214 return log_oom();
215
216 _cleanup_free_ char *n = NULL;
217 r = unit_name_build("systemd-veritysetup", e, ".service", &n);
218 if (r < 0)
219 return log_error_errno(r, "Failed to generate unit name: %m");
220
221 _cleanup_fclose_ FILE *f = NULL;
222 r = generator_open_unit_file(arg_dest_late, /* source= */ NULL, n, &f);
223 if (r < 0)
224 return r;
225
226 r = generator_write_veritysetup_unit_section(f, /* source= */ NULL);
227 if (r < 0)
228 return r;
229
230 fprintf(f,
231 "Before=veritysetup.target\n"
232 "BindsTo=%1$s %2$s\n"
233 "After=%1$s %2$s\n",
234 dd, dh);
235
236 r = generator_write_veritysetup_service_section(
237 f,
238 id,
239 data_what,
240 hash_what,
241 /* roothash= */ NULL, /* NULL means: derive root hash from udev property ID_DISSECT_PART_ROOTHASH */
242 "root-hash-signature=auto"); /* auto means: derive signature from udev property ID_DISSECT_PART_ROOTHASH_SIG */
243 if (r < 0)
244 return r;
245
246 r = fflush_and_check(f);
247 if (r < 0)
248 return log_error_errno(r, "Failed to write file %s: %m", n);
249
250 r = generator_write_device_timeout(arg_dest_late, data_what, mount_opts, /* filtered= */ NULL);
251 if (r < 0)
252 return r;
253
254 r = generator_write_device_timeout(arg_dest_late, hash_what, mount_opts, /* filtered= */ NULL);
255 if (r < 0)
256 return r;
257
258 r = generator_add_symlink(arg_dest_late, dd, "wants", n);
259 if (r < 0)
260 return r;
261
262 r = generator_add_symlink(arg_dest_late, dh, "wants", n);
263 if (r < 0)
264 return r;
265
266 _cleanup_free_ char *dmname = NULL;
267 dmname = strjoin("dev-mapper-", e, ".device");
268 if (!dmname)
269 return log_oom();
270
271 r = write_drop_in_format(
272 arg_dest_late,
273 dmname, 50, "job-timeout",
274 "# Automatically generated by systemd-gpt-auto-generator\n\n"
275 "[Unit]\n"
276 "JobTimeoutSec=infinity"); /* the binary handles timeouts anyway */
277 if (r < 0)
278 return log_error_errno(r, "Failed to write device timeout drop-in: %m");
279
280 return 0;
281 #else
282 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
283 "Partition is Verity protected, but systemd-gpt-auto-generator was compiled without libcryptsetup support.");
284 #endif
285 }
286 #endif
287
288 static int add_mount(
289 const char *id,
290 const char *what,
291 const char *where,
292 const char *fstype,
293 MountPointFlags flags,
294 const char *options,
295 const char *description,
296 const char *post) {
297
298 _cleanup_free_ char *unit = NULL, *crypto_what = NULL, *opts_filtered = NULL;
299 _cleanup_fclose_ FILE *f = NULL;
300 int r;
301
302 /* Note that we don't apply specifier escaping on the input strings here, since we know they are not configured
303 * externally, but all originate from our own sources here, and hence we know they contain no % characters that
304 * could potentially be understood as specifiers. */
305
306 assert(id);
307 assert(what);
308 assert(where);
309 assert(description);
310
311 log_debug("Adding %s: %s fstype=%s", where, what, fstype ?: "(any)");
312
313 if (streq_ptr(fstype, "crypto_LUKS")) {
314 /* Mount options passed are determined by partition_pick_mount_options(), whose result
315 * is known to not contain timeout options. */
316 r = add_cryptsetup(id, what, /* mount_opts = */ NULL, flags, /* require= */ true, &crypto_what);
317 if (r < 0)
318 return r;
319
320 what = crypto_what;
321 fstype = NULL;
322 } else if (fstype) {
323 r = dissect_fstype_ok(fstype);
324 if (r < 0)
325 return log_error_errno(r, "Unable to determine of dissected file system type '%s' is permitted: %m", fstype);
326 if (!r)
327 return log_error_errno(
328 SYNTHETIC_ERRNO(EIDRM),
329 "Refusing to automatically mount uncommon file system '%s' to '%s'.",
330 fstype, where);
331 }
332
333 r = generator_write_device_timeout(arg_dest_late, what, options, &opts_filtered);
334 if (r < 0)
335 return r;
336
337 r = unit_name_from_path(where, ".mount", &unit);
338 if (r < 0)
339 return log_error_errno(r, "Failed to generate unit name: %m");
340
341 r = generator_open_unit_file(arg_dest_late, /* source = */ NULL, unit, &f);
342 if (r < 0)
343 return r;
344
345 fprintf(f,
346 "[Unit]\n"
347 "Description=%s\n"
348 "Documentation=man:systemd-gpt-auto-generator(8)\n",
349 description);
350
351 if (post)
352 fprintf(f, "Before=%s\n", post);
353
354 /* NB: here we do not write to arg_dest_late, but to arg_dest! We typically leave the normal
355 * generator drop-in dir for explicit configuration via systemd-fstab-generator or similar, and put
356 * out automatic configuration in the arg_dest_late directory. But this one is an exception, since we
357 * need to override the static version of the fsck root service file. */
358 r = generator_write_fsck_deps(f, arg_dest, what, where, fstype, opts_filtered);
359 if (r < 0)
360 return r;
361
362 r = generator_write_blockdev_dependency(f, what);
363 if (r < 0)
364 return r;
365
366 fprintf(f,
367 "\n"
368 "[Mount]\n"
369 "What=%s\n"
370 "Where=%s\n",
371 what, where);
372
373 if (fstype)
374 fprintf(f, "Type=%s\n", fstype);
375
376 if (opts_filtered)
377 fprintf(f, "Options=%s\n", opts_filtered);
378
379 r = generator_write_mount_timeout(f, where, opts_filtered);
380 if (r < 0)
381 return r;
382
383 r = fflush_and_check(f);
384 if (r < 0)
385 return log_error_errno(r, "Failed to write unit %s: %m", unit);
386
387 if (FLAGS_SET(flags, MOUNT_VALIDATEFS)) {
388 r = generator_hook_up_validatefs(arg_dest_late, where, post);
389 if (r < 0)
390 return r;
391 }
392
393 if (FLAGS_SET(flags, MOUNT_GROWFS)) {
394 r = generator_hook_up_growfs(arg_dest_late, where, post);
395 if (r < 0)
396 return r;
397 }
398
399 if (FLAGS_SET(flags, MOUNT_MEASURE)) {
400 r = generator_hook_up_pcrfs(arg_dest_late, where, post);
401 if (r < 0)
402 return r;
403 }
404
405 if (post) {
406 r = generator_add_symlink(arg_dest_late, post, "requires", unit);
407 if (r < 0)
408 return r;
409 }
410
411 return 0;
412 }
413
414 static int path_is_busy(const char *where) {
415 int r;
416
417 assert(where);
418
419 /* already a mountpoint; generators run during reload */
420 r = path_is_mount_point_full(where, /* root = */ NULL, AT_SYMLINK_FOLLOW);
421 if (r > 0)
422 return false;
423 /* The directory will be created by the mount or automount unit when it is started. */
424 if (r == -ENOENT)
425 return false;
426
427 if (r < 0)
428 return log_warning_errno(r, "Cannot check if \"%s\" is a mount point: %m", where);
429
430 /* not a mountpoint but it contains files */
431 r = dir_is_empty(where, /* ignore_hidden_or_backup= */ false);
432 if (r == -ENOTDIR) {
433 log_debug("\"%s\" is not a directory, ignoring.", where);
434 return true;
435 } else if (r < 0)
436 return log_warning_errno(r, "Cannot check if \"%s\" is empty: %m", where);
437 else if (r == 0) {
438 log_debug("\"%s\" already populated, ignoring.", where);
439 return true;
440 }
441
442 return false;
443 }
444
445 static int add_partition_mount(
446 PartitionDesignator d,
447 DissectedPartition *p,
448 const char *id,
449 const char *where,
450 const char *description) {
451
452 _cleanup_free_ char *options = NULL;
453 int r;
454
455 assert(p);
456
457 r = path_is_busy(where);
458 if (r != 0)
459 return r < 0 ? r : 0;
460
461 r = partition_pick_mount_options(
462 d,
463 dissected_partition_fstype(p),
464 p->rw,
465 /* discard= */ true,
466 &options,
467 /* ret_ms_flags= */ NULL);
468 if (r < 0)
469 return r;
470
471 return add_mount(
472 id,
473 p->node,
474 where,
475 p->fstype,
476 (p->rw ? MOUNT_RW : 0) |
477 MOUNT_VALIDATEFS |
478 (p->growfs ? MOUNT_GROWFS : 0) |
479 (STR_IN_SET(id, "root", "var") ? MOUNT_MEASURE : 0), /* by default measure rootfs and /var, since they contain the "identity" of the system */
480 options,
481 description,
482 SPECIAL_LOCAL_FS_TARGET);
483 }
484
485 static int add_partition_swap(DissectedPartition *p) {
486 const char *what;
487 _cleanup_free_ char *name = NULL, *crypto_what = NULL;
488 _cleanup_fclose_ FILE *f = NULL;
489 int r;
490
491 assert(p);
492 assert(p->node);
493
494 if (!arg_swap_enabled)
495 return 0;
496
497 /* Disable the swap auto logic if at least one swap is defined in /etc/fstab, see #6192. */
498 r = fstab_has_fstype("swap");
499 if (r < 0)
500 return log_error_errno(r, "Failed to parse fstab: %m");
501 if (r > 0) {
502 log_debug("swap specified in fstab, ignoring.");
503 return 0;
504 }
505
506 if (streq_ptr(p->fstype, "crypto_LUKS")) {
507 r = add_cryptsetup("swap", p->node, /* mount_opts = */ NULL, MOUNT_RW, /* require= */ true, &crypto_what);
508 if (r < 0)
509 return r;
510 what = crypto_what;
511 } else
512 what = p->node;
513
514 log_debug("Adding swap: %s", what);
515
516 r = unit_name_from_path(what, ".swap", &name);
517 if (r < 0)
518 return log_error_errno(r, "Failed to generate unit name: %m");
519
520 r = generator_open_unit_file(arg_dest_late, /* source = */ NULL, name, &f);
521 if (r < 0)
522 return r;
523
524 fprintf(f,
525 "[Unit]\n"
526 "Description=Swap Partition\n"
527 "Documentation=man:systemd-gpt-auto-generator(8)\n");
528
529 r = generator_write_blockdev_dependency(f, what);
530 if (r < 0)
531 return r;
532
533 fprintf(f,
534 "\n"
535 "[Swap]\n"
536 "What=%s\n",
537 what);
538
539 r = fflush_and_check(f);
540 if (r < 0)
541 return log_error_errno(r, "Failed to write unit %s: %m", name);
542
543 return generator_add_symlink(arg_dest_late, SPECIAL_SWAP_TARGET, "wants", name);
544 }
545
546 static int add_automount(
547 const char *id,
548 const char *what,
549 const char *where,
550 const char *fstype,
551 MountPointFlags flags,
552 const char *options,
553 const char *description,
554 usec_t timeout) {
555
556 _cleanup_free_ char *unit = NULL;
557 _cleanup_fclose_ FILE *f = NULL;
558 int r;
559
560 assert(id);
561 assert(where);
562 assert(description);
563
564 r = add_mount(id,
565 what,
566 where,
567 fstype,
568 flags,
569 options,
570 description,
571 /* post= */ NULL);
572 if (r < 0)
573 return r;
574
575 r = unit_name_from_path(where, ".automount", &unit);
576 if (r < 0)
577 return log_error_errno(r, "Failed to generate unit name: %m");
578
579 r = generator_open_unit_file(arg_dest_late, /* source = */ NULL, unit, &f);
580 if (r < 0)
581 return r;
582
583 fprintf(f,
584 "[Unit]\n"
585 "Description=%s\n"
586 "Documentation=man:systemd-gpt-auto-generator(8)\n"
587 "[Automount]\n"
588 "Where=%s\n"
589 "TimeoutIdleSec="USEC_FMT"\n",
590 description,
591 where,
592 timeout / USEC_PER_SEC);
593
594 r = fflush_and_check(f);
595 if (r < 0)
596 return log_error_errno(r, "Failed to write unit %s: %m", unit);
597
598 return generator_add_symlink(arg_dest_late, SPECIAL_LOCAL_FS_TARGET, "wants", unit);
599 }
600
601 static int add_partition_xbootldr(DissectedPartition *p) {
602 _cleanup_free_ char *options = NULL;
603 int r;
604
605 assert(p);
606 assert(!in_initrd());
607
608 r = path_is_busy("/boot");
609 if (r < 0)
610 return r;
611 if (r > 0)
612 return 0;
613
614 r = partition_pick_mount_options(
615 PARTITION_XBOOTLDR,
616 dissected_partition_fstype(p),
617 /* rw= */ true,
618 /* discard= */ false,
619 &options,
620 /* ret_ms_flags= */ NULL);
621 if (r < 0)
622 return log_error_errno(r, "Failed to determine default mount options for /boot/: %m");
623
624 return add_automount(
625 "boot",
626 p->node,
627 "/boot",
628 p->fstype,
629 MOUNT_RW,
630 options,
631 "Boot Loader Partition",
632 LOADER_PARTITION_IDLE_USEC);
633 }
634
635 #if ENABLE_EFI
636 static int add_partition_esp(DissectedPartition *p, bool has_xbootldr) {
637 const char *esp_path = NULL, *id = NULL;
638 _cleanup_free_ char *options = NULL;
639 int r;
640
641 assert(p);
642 assert(!in_initrd());
643
644 /* Check if there's an existing fstab entry for ESP. If so, we just skip the gpt-auto logic. */
645 r = fstab_has_node(p->node);
646 if (r < 0)
647 log_warning_errno(r, "Failed to check if fstab entry for device '%s' exists, ignoring: %m",
648 p->node);
649 if (r > 0)
650 return 0;
651
652 /* If XBOOTLDR partition is not present and /boot/ is unused and empty, we'll take that.
653 * Otherwise, if /efi/ is unused and empty (or missing), we'll take that.
654 * Otherwise, we do nothing. */
655 if (!has_xbootldr) {
656 r = path_is_busy("/boot");
657 if (r < 0)
658 return r;
659 if (r == 0) {
660 esp_path = "/boot";
661 id = "boot";
662 }
663 }
664
665 if (!esp_path) {
666 r = path_is_busy("/efi");
667 if (r < 0)
668 return r;
669 if (r > 0)
670 return 0;
671
672 esp_path = "/efi";
673 id = "efi";
674 }
675
676 r = partition_pick_mount_options(
677 PARTITION_ESP,
678 dissected_partition_fstype(p),
679 /* rw= */ true,
680 /* discard= */ false,
681 &options,
682 /* ret_ms_flags= */ NULL);
683 if (r < 0)
684 return log_error_errno(r, "Failed to determine default mount options for %s: %m", esp_path);
685
686 return add_automount(
687 id,
688 p->node,
689 esp_path,
690 p->fstype,
691 MOUNT_RW,
692 options,
693 "EFI System Partition Automount",
694 LOADER_PARTITION_IDLE_USEC);
695 }
696 #else
697 static int add_partition_esp(DissectedPartition *p, bool has_xbootldr) {
698 return 0;
699 }
700 #endif
701
702 static int add_partition_root_rw(DissectedPartition *p) {
703 const char *path;
704 int r;
705
706 assert(p);
707 assert(!in_initrd());
708
709 /* Invoked on the main system (not initrd), to honour GPT flag 60 on the root fs (ro) */
710
711 if (arg_root_rw >= 0) {
712 log_debug("Parameter ro/rw specified on kernel command line, not generating drop-in for systemd-remount-fs.service.");
713 return 0;
714 }
715
716 if (!p->rw) {
717 log_debug("Root partition marked read-only in GPT partition table, not generating drop-in for systemd-remount-fs.service.");
718 return 0;
719 }
720
721 r = generator_enable_remount_fs_service(arg_dest_late);
722 if (r < 0)
723 return r;
724
725 path = strjoina(arg_dest_late, "/systemd-remount-fs.service.d/50-remount-rw.conf");
726
727 r = write_string_file(path,
728 "# Automatically generated by systemd-gpt-auto-generator\n\n"
729 "[Service]\n"
730 "Environment=SYSTEMD_REMOUNT_ROOT_RW=1\n",
731 WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_NOFOLLOW|WRITE_STRING_FILE_MKDIR_0755);
732 if (r < 0)
733 return log_error_errno(r, "Failed to write drop-in file %s: %m", path);
734
735 return 0;
736 }
737
738 static int add_partition_root_growfs(DissectedPartition *p) {
739
740 assert(p);
741 assert(!in_initrd());
742
743 /* Invoked on the main system (not initrd), to honour GPT flag 59 on the root fs (growfs) */
744
745 if (!p->growfs) {
746 log_debug("Root partition not marked for growing the file system in the GPT partition table, not generating drop-in for systemd-growfs-root.service.");
747 return 0;
748 }
749
750 return generator_hook_up_growfs(arg_dest_late, "/", SPECIAL_LOCAL_FS_TARGET);
751 }
752
753 static int add_partition_root_flags(DissectedPartition *p) {
754 int r = 0;
755
756 assert(p);
757 assert(!in_initrd());
758
759 RET_GATHER(r, add_partition_root_growfs(p));
760 RET_GATHER(r, add_partition_root_rw(p));
761
762 return r;
763 }
764
765 #if ENABLE_EFI
766 static int add_root_cryptsetup(void) {
767 #if HAVE_LIBCRYPTSETUP
768
769 assert(arg_auto_root != GPT_AUTO_ROOT_OFF);
770
771 /* If a device /dev/gpt-auto-root-luks or /dev/disk/by-designator/root-luks appears, then make it
772 * pull in systemd-cryptsetup@root.service, which sets it up, and causes /dev/gpt-auto-root or
773 * /dev/disk/by-designator/root to appear which is all we are looking for. */
774
775 const char *bdev =
776 IN_SET(arg_auto_root, GPT_AUTO_ROOT_DISSECT, GPT_AUTO_ROOT_DISSECT_FORCE) ?
777 "/dev/disk/by-designator/root-luks" : "/dev/gpt-auto-root-luks";
778
779 if (IN_SET(arg_auto_root, GPT_AUTO_ROOT_FORCE, GPT_AUTO_ROOT_DISSECT_FORCE)) {
780 /* Similar logic as in add_root_mount(), see below */
781 FactoryResetMode f = factory_reset_mode();
782 if (f < 0)
783 log_warning_errno(f, "Failed to determine whether we are in factory reset mode, assuming not: %m");
784
785 if (IN_SET(f, FACTORY_RESET_ON, FACTORY_RESET_COMPLETE))
786 bdev =
787 IN_SET(arg_auto_root, GPT_AUTO_ROOT_DISSECT, GPT_AUTO_ROOT_DISSECT_FORCE) ?
788 "/dev/disk/by-designator/root-luks-ignore-factory-reset" :
789 "/dev/gpt-auto-root-luks-ignore-factory-reset";
790 }
791
792 return add_cryptsetup(
793 "root",
794 bdev,
795 arg_root_options,
796 MOUNT_RW|MOUNT_MEASURE,
797 /* require= */ false,
798 /* ret_device= */ NULL);
799 #else
800 return 0;
801 #endif
802 }
803 #endif
804
805 static int add_root_mount(void) {
806 #if ENABLE_EFI
807 _cleanup_free_ char *options = NULL;
808 int r;
809
810 /* Explicitly disabled? Then exit immediately */
811 if (arg_auto_root == GPT_AUTO_ROOT_OFF)
812 return 0;
813
814 /* Neither explicitly enabled nor disabled? Then decide based on the EFI partition variables to be set */
815 if (arg_auto_root < 0) {
816 if (!is_efi_boot()) {
817 log_debug("Not an EFI boot, not creating root mount.");
818 return 0;
819 }
820
821 r = efi_loader_get_device_part_uuid(/* ret= */ NULL);
822 if (r == -ENOENT) {
823 log_notice("EFI loader partition unknown, not processing %s.\n"
824 "(The boot loader did not set EFI variable LoaderDevicePartUUID.)",
825 in_initrd() ? "/sysroot" : "/");
826 return 0;
827 }
828 if (r < 0)
829 return log_error_errno(r, "Failed to read loader partition UUID: %m");
830 }
831
832 /* OK, we shall look for a root device, so let's wait for a root device to show up. A udev rule will
833 * create the link for us under the right name.
834 *
835 * There are two distinct names: the /dev/gpt-auto-root-ignore-factory-reset symlink is created for
836 * the root partition if factory reset mode is enabled or complete, and the /dev/gpt-auto-root
837 * symlink is only created if factory reset mode is off or already complete (thus taking factory
838 * reset state into account). In scenarios where the root disk is partially reformatted during
839 * factory reset the latter is the link to use, otherwise the former (so that we don't accidentally
840 * mount a root partition too early that is about to be wiped and replaced by another one). */
841
842 const char *bdev =
843 IN_SET(arg_auto_root, GPT_AUTO_ROOT_DISSECT, GPT_AUTO_ROOT_DISSECT_FORCE) ?
844 "/dev/disk/by-designator/root" : "/dev/gpt-auto-root";
845 if (IN_SET(arg_auto_root, GPT_AUTO_ROOT_FORCE, GPT_AUTO_ROOT_DISSECT_FORCE)) {
846 FactoryResetMode f = factory_reset_mode();
847 if (f < 0)
848 log_warning_errno(f, "Failed to determine whether we are in factory reset mode, assuming not: %m");
849
850 if (IN_SET(f, FACTORY_RESET_ON, FACTORY_RESET_COMPLETE))
851 bdev =
852 IN_SET(arg_auto_root, GPT_AUTO_ROOT_DISSECT, GPT_AUTO_ROOT_DISSECT_FORCE) ?
853 "/dev/disk/by-designator/root-ignore-factory-reset" :
854 "/dev/gpt-auto-root-ignore-factory-reset";
855 }
856
857 if (in_initrd()) {
858 r = generator_write_initrd_root_device_deps(arg_dest_late, bdev);
859 if (r < 0)
860 return 0;
861
862 r = add_root_cryptsetup();
863 if (r < 0)
864 return r;
865
866 /* If a device /dev/disk/by-designator/root-verity or
867 * /dev/disk/by-designator/root-verity-data appears, then make it pull in
868 * systemd-cryptsetup@root.service, which sets it up, and causes /dev/disk/by-designator/root
869 * to appear. */
870 r = add_veritysetup(
871 "root",
872 "/dev/disk/by-designator/root-verity-data",
873 "/dev/disk/by-designator/root-verity",
874 arg_root_options);
875 if (r < 0)
876 return r;
877 }
878
879 /* Note that we do not need to enable systemd-remount-fs.service here. If /etc/fstab exists,
880 * systemd-fstab-generator will pull it in for us, and otherwise add_partition_root_flags() will do
881 * it, after the initrd transition. */
882
883 r = partition_pick_mount_options(
884 PARTITION_ROOT,
885 arg_root_fstype,
886 arg_root_rw > 0,
887 /* discard= */ true,
888 &options,
889 /* ret_ms_flags= */ NULL);
890 if (r < 0)
891 return log_error_errno(r, "Failed to pick root mount options: %m");
892
893 if (arg_root_options)
894 if (!strextend_with_separator(&options, ",", arg_root_options))
895 return log_oom();
896
897 return add_mount(
898 "root",
899 bdev,
900 in_initrd() ? "/sysroot" : "/",
901 arg_root_fstype,
902 (arg_root_rw > 0 ? MOUNT_RW : 0) |
903 (in_initrd() ? MOUNT_VALIDATEFS : 0) |
904 MOUNT_MEASURE,
905 options,
906 "Root Partition",
907 in_initrd() ? SPECIAL_INITRD_ROOT_FS_TARGET : SPECIAL_LOCAL_FS_TARGET);
908 #else
909 return 0;
910 #endif
911 }
912
913 static int add_usr_mount(void) {
914 #if ENABLE_EFI
915 int r;
916
917 /* /usr/ discovery must be enabled explicitly. */
918 if (arg_auto_usr <= 0)
919 return 0;
920
921 /* We do not support the other gpt-auto modes for /usr/, but the parser should already have checked that. */
922 assert(arg_auto_usr == GPT_AUTO_ROOT_DISSECT);
923
924 if (arg_root_fstype && !arg_usr_fstype) {
925 arg_usr_fstype = strdup(arg_root_fstype);
926 if (!arg_usr_fstype)
927 return log_oom();
928 }
929
930 if (arg_root_options && !arg_usr_options) {
931 arg_usr_options = strdup(arg_root_options);
932 if (!arg_usr_options)
933 return log_oom();
934 }
935
936 if (in_initrd()) {
937 r = add_cryptsetup(
938 "usr",
939 "/dev/disk/by-designator/usr-luks",
940 arg_usr_options,
941 MOUNT_RW|MOUNT_MEASURE,
942 /* require= */ false,
943 /* ret_device= */ NULL);
944 if (r < 0)
945 return r;
946
947 /* If a device /dev/disk/by-designator/usr-verity or
948 * /dev/disk/by-designator/usr-verity-data appears, then make it pull in
949 * systemd-cryptsetup@usr.service, which sets it up, and causes /dev/disk/by-designator/usr
950 * to appear. */
951 r = add_veritysetup(
952 "usr",
953 "/dev/disk/by-designator/usr-verity-data",
954 "/dev/disk/by-designator/usr-verity",
955 arg_usr_options);
956 if (r < 0)
957 return r;
958 }
959
960 _cleanup_free_ char *options = NULL;
961 r = partition_pick_mount_options(
962 PARTITION_USR,
963 arg_usr_fstype,
964 /* rw= */ false,
965 /* discard= */ true,
966 &options,
967 /* ret_ms_flags= */ NULL);
968 if (r < 0)
969 return log_error_errno(r, "Failed to pick /usr/ mount options: %m");
970
971 if (arg_usr_options)
972 if (!strextend_with_separator(&options, ",", arg_usr_options))
973 return log_oom();
974
975 r = add_mount("usr",
976 "/dev/disk/by-designator/usr",
977 in_initrd() ? "/sysusr/usr" : "/usr",
978 arg_usr_fstype,
979 /* flags = */ 0,
980 options,
981 "/usr/ Partition",
982 in_initrd() ? SPECIAL_INITRD_USR_FS_TARGET : SPECIAL_LOCAL_FS_TARGET);
983 if (r < 0)
984 return r;
985
986 if (in_initrd()) {
987 log_debug("Synthesizing entry what=/sysusr/usr where=/sysroot/usr opts=bind");
988
989 r = add_mount("usr-bind",
990 "/sysusr/usr",
991 "/sysroot/usr",
992 /* fstype= */ NULL,
993 MOUNT_VALIDATEFS,
994 "bind",
995 "/usr/ Partition (Final)",
996 SPECIAL_INITRD_FS_TARGET);
997 if (r < 0)
998 return r;
999 }
1000 #endif
1001 return 0;
1002 }
1003
1004 static int process_loader_partitions(DissectedPartition *esp, DissectedPartition *xbootldr) {
1005 sd_id128_t loader_uuid;
1006 int r;
1007
1008 assert(esp);
1009 assert(xbootldr);
1010
1011 /* If any paths in fstab look similar to our favorite paths for ESP or XBOOTLDR, we just exit
1012 * early. We also don't bother with cases where one is configured explicitly and the other shall be
1013 * mounted automatically. */
1014
1015 r = fstab_has_mount_point_prefix_strv(STRV_MAKE("/boot", "/efi"));
1016 if (r > 0) {
1017 log_debug("Found mount entries in the /boot/ or /efi/ hierarchies in fstab, not generating ESP or XBOOTLDR mounts.");
1018 return 0;
1019 }
1020 if (r < 0)
1021 log_debug_errno(r, "Failed to check fstab existing paths, ignoring: %m");
1022
1023 if (!is_efi_boot()) {
1024 log_debug("Not an EFI boot, skipping loader partition UUID check.");
1025 goto mount;
1026 }
1027
1028 /* Let's check if LoaderDevicePartUUID points to either ESP or XBOOTLDR. We prefer it pointing
1029 * to the ESP, but we accept XBOOTLDR too. If it points to neither of them, don't mount any
1030 * loader partitions, since they are not the ones used for booting. */
1031
1032 r = efi_loader_get_device_part_uuid(&loader_uuid);
1033 if (r == -ENOENT) {
1034 log_debug_errno(r, "EFI loader partition unknown, skipping ESP and XBOOTLDR mounts.");
1035 return 0;
1036 }
1037 if (r < 0)
1038 return log_debug_errno(r, "Failed to read loader partition UUID, ignoring: %m");
1039
1040 if (esp->found && sd_id128_equal(esp->uuid, loader_uuid))
1041 goto mount;
1042
1043 if (xbootldr->found && sd_id128_equal(xbootldr->uuid, loader_uuid)) {
1044 log_debug("LoaderDevicePartUUID points to XBOOTLDR partition.");
1045 goto mount;
1046 }
1047
1048 log_debug("LoaderDevicePartUUID points to neither ESP nor XBOOTLDR, ignoring.");
1049 return 0;
1050
1051 mount:
1052 r = 0;
1053
1054 if (xbootldr->found)
1055 RET_GATHER(r, add_partition_xbootldr(xbootldr));
1056 if (esp->found)
1057 RET_GATHER(r, add_partition_esp(esp, xbootldr->found));
1058
1059 return r;
1060 }
1061
1062 static int enumerate_partitions(dev_t devnum) {
1063 _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL;
1064 _cleanup_(loop_device_unrefp) LoopDevice *loop = NULL;
1065 _cleanup_free_ char *devname = NULL;
1066 int r;
1067
1068 assert(!in_initrd());
1069
1070 /* Run on the final root fs (not in the initrd), to mount auxiliary partitions, and hook in rw
1071 * remount and growfs of the root partition */
1072
1073 r = block_get_whole_disk(devnum, &devnum);
1074 if (r < 0)
1075 return log_debug_errno(r, "Failed to get whole block device for " DEVNUM_FORMAT_STR ": %m",
1076 DEVNUM_FORMAT_VAL(devnum));
1077
1078 r = devname_from_devnum(S_IFBLK, devnum, &devname);
1079 if (r < 0)
1080 return log_debug_errno(r, "Failed to get device node of " DEVNUM_FORMAT_STR ": %m",
1081 DEVNUM_FORMAT_VAL(devnum));
1082
1083 /* Let's take a LOCK_SH lock on the block device, in case udevd is already running. If we don't take
1084 * the lock, udevd might end up issuing BLKRRPART in the middle, and we don't want that, since that
1085 * might remove all partitions while we are operating on them. */
1086 r = loop_device_open_from_path(devname, O_RDONLY, LOCK_SH, &loop);
1087 if (r < 0)
1088 return log_debug_errno(r, "Failed to open %s: %m", devname);
1089
1090 r = dissect_loop_device(
1091 loop,
1092 &arg_verity_settings,
1093 /* mount_options= */ NULL,
1094 arg_image_policy ?: &image_policy_host,
1095 arg_image_filter,
1096 DISSECT_IMAGE_GPT_ONLY|
1097 DISSECT_IMAGE_USR_NO_ROOT|
1098 DISSECT_IMAGE_DISKSEQ_DEVNODE|
1099 DISSECT_IMAGE_ALLOW_EMPTY,
1100 /* NB! Unlike most other places where we dissect block devices we do not use
1101 * DISSECT_IMAGE_ADD_PARTITION_DEVICES here: we want that the kernel finds the
1102 * devices, and udev probes them before we mount them via .mount units much later
1103 * on. And thus we also don't set DISSECT_IMAGE_PIN_PARTITION_DEVICES here, because
1104 * we don't actually mount anything immediately. */
1105 &m);
1106 if (r < 0) {
1107 bool ok = r == -ENOPKG;
1108 dissect_log_error(ok ? LOG_DEBUG : LOG_ERR, r, devname, NULL);
1109 return ok ? 0 : r;
1110 }
1111
1112 if (m->partitions[PARTITION_SWAP].found)
1113 RET_GATHER(r, add_partition_swap(m->partitions + PARTITION_SWAP));
1114
1115 RET_GATHER(r, process_loader_partitions(m->partitions + PARTITION_ESP, m->partitions + PARTITION_XBOOTLDR));
1116
1117 if (m->partitions[PARTITION_HOME].found)
1118 RET_GATHER(r, add_partition_mount(PARTITION_HOME, m->partitions + PARTITION_HOME,
1119 "home", "/home", "Home Partition"));
1120
1121 if (m->partitions[PARTITION_SRV].found)
1122 RET_GATHER(r, add_partition_mount(PARTITION_SRV, m->partitions + PARTITION_SRV,
1123 "srv", "/srv", "Server Data Partition"));
1124
1125 if (m->partitions[PARTITION_VAR].found)
1126 RET_GATHER(r, add_partition_mount(PARTITION_VAR, m->partitions + PARTITION_VAR,
1127 "var", "/var", "Variable Data Partition"));
1128
1129 if (m->partitions[PARTITION_TMP].found)
1130 RET_GATHER(r, add_partition_mount(PARTITION_TMP, m->partitions + PARTITION_TMP,
1131 "var-tmp", "/var/tmp", "Temporary Data Partition"));
1132
1133 if (m->partitions[PARTITION_ROOT].found)
1134 RET_GATHER(r, add_partition_root_flags(m->partitions + PARTITION_ROOT));
1135
1136 return r;
1137 }
1138
1139 static int add_mounts(void) {
1140 dev_t devno;
1141 int r;
1142
1143 if (in_initrd())
1144 return 0;
1145
1146 r = blockdev_get_root(LOG_ERR, &devno);
1147 if (r < 0)
1148 return r;
1149 if (r == 0) {
1150 log_debug("Skipping automatic GPT dissection logic, root file system not backed by a (single) whole block device.");
1151 return 0;
1152 }
1153
1154 return enumerate_partitions(devno);
1155 }
1156
1157 static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
1158 int r;
1159
1160 assert(key);
1161
1162 if (proc_cmdline_key_streq(key, "systemd.gpt_auto") ||
1163 proc_cmdline_key_streq(key, "rd.systemd.gpt_auto")) {
1164
1165 r = value ? parse_boolean(value) : 1;
1166 if (r < 0)
1167 log_warning_errno(r, "Failed to parse gpt-auto switch \"%s\", ignoring: %m", value);
1168 else
1169 arg_enabled = r;
1170
1171 } else if (streq(key, "root")) {
1172
1173 if (proc_cmdline_value_missing(key, value))
1174 return 0;
1175
1176 /* Disable root disk logic if there's a root= value specified (unless it happens to be
1177 * "gpt-auto" or "gpt-auto-force") */
1178
1179 arg_auto_root = parse_gpt_auto_root("root=", value);
1180 assert(arg_auto_root >= 0);
1181
1182 } else if (streq(key, "roothash")) {
1183
1184 if (proc_cmdline_value_missing(key, value))
1185 return 0;
1186
1187 /* Disable root disk logic if there's roothash= defined (i.e. verity enabled) */
1188
1189 arg_auto_root = GPT_AUTO_ROOT_OFF;
1190 log_debug("Disabling root partition auto-detection, roothash= is set.");
1191
1192 arg_verity_settings.designator = PARTITION_ROOT;
1193
1194 free(arg_verity_settings.root_hash);
1195 r = unhexmem(value, &arg_verity_settings.root_hash, &arg_verity_settings.root_hash_size);
1196 if (r < 0)
1197 return log_error_errno(r, "Failed to parse roothash= from kernel command line: %m");
1198
1199 } else if (streq(key, "usrhash")) {
1200
1201 if (proc_cmdline_value_missing(key, value))
1202 return 0;
1203
1204 arg_verity_settings.designator = PARTITION_USR;
1205
1206 free(arg_verity_settings.root_hash);
1207 r = unhexmem(value, &arg_verity_settings.root_hash, &arg_verity_settings.root_hash_size);
1208 if (r < 0)
1209 return log_error_errno(r, "Failed to parse usrhash= from kernel command line: %m");
1210
1211 } else if (streq(key, "rootfstype")) {
1212
1213 if (proc_cmdline_value_missing(key, value))
1214 return 0;
1215
1216 return free_and_strdup_warn(&arg_root_fstype, value);
1217
1218 } else if (streq(key, "rootflags")) {
1219
1220 if (proc_cmdline_value_missing(key, value))
1221 return 0;
1222
1223 if (!strextend_with_separator(&arg_root_options, ",", value))
1224 return log_oom();
1225
1226 } else if (streq(key, "mount.usr")) {
1227
1228 if (proc_cmdline_value_missing(key, value))
1229 return 0;
1230
1231 /* Disable root disk logic if there's a root= value specified (unless it happens to be
1232 * "gpt-auto" or "gpt-auto-force") */
1233
1234 arg_auto_usr = parse_gpt_auto_root("mount.usr=", value);
1235 assert(arg_auto_usr >= 0);
1236
1237 if (IN_SET(arg_auto_usr, GPT_AUTO_ROOT_ON, GPT_AUTO_ROOT_FORCE, GPT_AUTO_ROOT_DISSECT_FORCE)) {
1238 log_warning("'gpt-auto', 'gpt-auto-force' and 'dissect-force' are not supported for mount.usr=. Automatically resorting to mount.usr=dissect mode instead.");
1239 arg_auto_usr = GPT_AUTO_ROOT_DISSECT;
1240 }
1241
1242 } else if (streq(key, "mount.usrfstype")) {
1243
1244 if (proc_cmdline_value_missing(key, value))
1245 return 0;
1246
1247 return free_and_strdup_warn(&arg_usr_fstype, empty_to_null(value));
1248
1249 } else if (streq(key, "mount.usrflags")) {
1250
1251 if (proc_cmdline_value_missing(key, value))
1252 return 0;
1253
1254 if (!strextend_with_separator(&arg_usr_options, ",", value))
1255 return log_oom();
1256
1257 } else if (streq(key, "rw") && !value)
1258 arg_root_rw = true;
1259 else if (streq(key, "ro") && !value)
1260 arg_root_rw = false;
1261 else if (proc_cmdline_key_streq(key, "systemd.image_policy"))
1262 return parse_image_policy_argument(value, &arg_image_policy);
1263 else if (proc_cmdline_key_streq(key, "systemd.image_filter")) {
1264 _cleanup_(image_filter_freep) ImageFilter *f = NULL;
1265
1266 r = image_filter_parse(value, &f);
1267 if (r < 0)
1268 return log_error_errno(r, "Failed to parse image filter: %s", value);
1269
1270 image_filter_free(arg_image_filter);
1271 arg_image_filter = TAKE_PTR(f);
1272
1273 } else if (streq(key, "systemd.swap")) {
1274
1275 r = value ? parse_boolean(value) : 1;
1276 if (r < 0)
1277 log_warning_errno(r, "Failed to parse swap switch \"%s\", ignoring: %m", value);
1278 else
1279 arg_swap_enabled = r;
1280
1281 if (!arg_swap_enabled)
1282 log_debug("Disabling swap partitions auto-detection, systemd.swap=no is defined.");
1283
1284 }
1285
1286 return 0;
1287 }
1288
1289 static int run(const char *dest, const char *dest_early, const char *dest_late) {
1290 int r;
1291
1292 assert_se(arg_dest = dest);
1293 assert_se(arg_dest_late = dest_late);
1294
1295 if (detect_container() > 0) {
1296 log_debug("In a container, exiting.");
1297 return 0;
1298 }
1299
1300 r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, 0);
1301 if (r < 0)
1302 log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
1303
1304 if (!arg_enabled) {
1305 log_debug("Disabled, exiting.");
1306 return 0;
1307 }
1308
1309 r = 0;
1310 RET_GATHER(r, add_root_mount());
1311 RET_GATHER(r, add_usr_mount());
1312 RET_GATHER(r, add_mounts());
1313
1314 return r;
1315 }
1316
1317 DEFINE_MAIN_GENERATOR_FUNCTION(run);
Unnamed repository; edit this file 'description' to name the repository.