]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/veritysetup/veritysetup.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
dhcp6: reduce whitespace a bit
[thirdparty/systemd.git] / src / veritysetup / veritysetup.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #include <errno.h>
4 #include <stdio.h>
5 #include <sys/stat.h>
6
7 #include "alloc-util.h"
8 #include "crypt-util.h"
9 #include "hexdecoct.h"
10 #include "log.h"
11 #include "string-util.h"
12 #include "terminal-util.h"
13
14 static char *arg_root_hash = NULL;
15 static char *arg_data_what = NULL;
16 static char *arg_hash_what = NULL;
17
18 static int help(void) {
19 _cleanup_free_ char *link = NULL;
20 int r;
21
22 r = terminal_urlify_man("systemd-veritysetup@.service", "8", &link);
23 if (r < 0)
24 return log_oom();
25
26 printf("%s attach VOLUME DATADEVICE HASHDEVICE ROOTHASH\n"
27 "%s detach VOLUME\n\n"
28 "Attaches or detaches an integrity protected block device.\n"
29 "\nSee the %s for details.\n"
30 , program_invocation_short_name
31 , program_invocation_short_name
32 , link
33 );
34
35 return 0;
36 }
37
38 int main(int argc, char *argv[]) {
39 _cleanup_(crypt_freep) struct crypt_device *cd = NULL;
40 int r;
41
42 if (argc <= 1) {
43 r = help();
44 goto finish;
45 }
46
47 if (argc < 3) {
48 log_error("This program requires at least two arguments.");
49 r = -EINVAL;
50 goto finish;
51 }
52
53 log_set_target(LOG_TARGET_AUTO);
54 log_parse_environment();
55 log_open();
56
57 umask(0022);
58
59 if (streq(argv[1], "attach")) {
60 _cleanup_free_ void *m = NULL;
61 crypt_status_info status;
62 size_t l;
63
64 if (argc < 6) {
65 log_error("attach requires at least two arguments.");
66 r = -EINVAL;
67 goto finish;
68 }
69
70 r = unhexmem(argv[5], strlen(argv[5]), &m, &l);
71 if (r < 0) {
72 log_error("Failed to parse root hash.");
73 goto finish;
74 }
75
76 r = crypt_init(&cd, argv[4]);
77 if (r < 0) {
78 log_error_errno(r, "Failed to open verity device %s: %m", argv[4]);
79 goto finish;
80 }
81
82 crypt_set_log_callback(cd, cryptsetup_log_glue, NULL);
83
84 status = crypt_status(cd, argv[2]);
85 if (IN_SET(status, CRYPT_ACTIVE, CRYPT_BUSY)) {
86 log_info("Volume %s already active.", argv[2]);
87 r = 0;
88 goto finish;
89 }
90
91 r = crypt_load(cd, CRYPT_VERITY, NULL);
92 if (r < 0) {
93 log_error_errno(r, "Failed to load verity superblock: %m");
94 goto finish;
95 }
96
97 r = crypt_set_data_device(cd, argv[3]);
98 if (r < 0) {
99 log_error_errno(r, "Failed to configure data device: %m");
100 goto finish;
101 }
102
103 r = crypt_activate_by_volume_key(cd, argv[2], m, l, CRYPT_ACTIVATE_READONLY);
104 if (r < 0) {
105 log_error_errno(r, "Failed to set up verity device: %m");
106 goto finish;
107 }
108
109 } else if (streq(argv[1], "detach")) {
110
111 r = crypt_init_by_name(&cd, argv[2]);
112 if (r == -ENODEV) {
113 log_info("Volume %s already inactive.", argv[2]);
114 goto finish;
115 } else if (r < 0) {
116 log_error_errno(r, "crypt_init_by_name() failed: %m");
117 goto finish;
118 }
119
120 crypt_set_log_callback(cd, cryptsetup_log_glue, NULL);
121
122 r = crypt_deactivate(cd, argv[2]);
123 if (r < 0) {
124 log_error_errno(r, "Failed to deactivate: %m");
125 goto finish;
126 }
127
128 } else {
129 log_error("Unknown verb %s.", argv[1]);
130 r = -EINVAL;
131 goto finish;
132 }
133
134 r = 0;
135
136 finish:
137 free(arg_root_hash);
138 free(arg_data_what);
139 free(arg_hash_what);
140
141 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
142 }
Unnamed repository; edit this file 'description' to name the repository.