]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/gpt-auto-generator/gpt-auto-generator.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
core: Record ExecMainStartTimestamp before forking
[thirdparty/systemd.git] / src / gpt-auto-generator / gpt-auto-generator.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
1a14a53c 2
1a14a53c 3#include <stdlib.h>
41bc4849 4#include <sys/file.h>
cf0fbc49 5#include <unistd.h>
1a14a53c 6
85624f01 7#include "sd-device.h"
07630cea
LP		 8#include "sd-id128.h"
9
b5efdb8a 10#include "alloc-util.h"
07630cea 11#include "blkid-util.h"
18c528e9 12#include "blockdev-util.h"
07630cea 13#include "btrfs-util.h"
133432cc 14#include "device-util.h"
7176f06c 15#include "devnum-util.h"
a0956174 16#include "dirent-util.h"
72e18a98 17#include "dissect-image.h"
1fac34b9 18#include "dropin.h"
0bb2f0f1 19#include "efi-loader.h"
3ffd4af2 20#include "fd-util.h"
07630cea 21#include "fileio.h"
2bef2582 22#include "fs-util.h"
07630cea
LP		 23#include "fstab-util.h"
24#include "generator.h"
25#include "gpt.h"
84be0c71 26#include "image-policy.h"
baa6a42d 27#include "initrd-util.h"
049af8ad 28#include "mountpoint-util.h"
6bedfcbb 29#include "parse-util.h"
07630cea 30#include "path-util.h"
4e731273 31#include "proc-cmdline.h"
1a14a53c 32#include "special.h"
98bad05e 33#include "specifier.h"
8fcde012 34#include "stat-util.h"
07630cea 35#include "string-util.h"
85624f01 36#include "strv.h"
1a14a53c 37#include "unit-name.h"
9a5cb137 38#include "virt.h"
1a14a53c 39
ec6e9597 40static const char *arg_dest = NULL;
73b80ec2
LP		 41static bool arg_enabled = true;
42static bool arg_root_enabled = true;
9a2982b6 43static bool arg_swap_enabled = true;
cf451f38
LP		 44static char *arg_root_fstype = NULL;
45static char *arg_root_options = NULL;
c94b2417 46static int arg_root_rw = -1;
84be0c71
LP		 47static ImagePolicy *arg_image_policy = NULL;
48
49STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep);
1a14a53c 50
cf451f38
LP		 51STATIC_DESTRUCTOR_REGISTER(arg_root_fstype, freep);
52STATIC_DESTRUCTOR_REGISTER(arg_root_options, freep);
53
06648fa9
LP		 54static int add_cryptsetup(
55 const char *id,
56 const char *what,
57 bool rw,
58 bool require,
ff386f98 59 bool measure,
06648fa9
LP		 60 char **ret_device) {
61
5b137503 62#if HAVE_LIBCRYPTSETUP
ff386f98 63 _cleanup_free_ char *e = NULL, *n = NULL, *d = NULL, *options = NULL;
1af72119 64 _cleanup_fclose_ FILE *f = NULL;
1af72119
LP		 65 int r;
66
67 assert(id);
68 assert(what);
1af72119 69
7410616c
LP		 70 r = unit_name_from_path(what, ".device", &d);
71 if (r < 0)
72 return log_error_errno(r, "Failed to generate unit name: %m");
1af72119
LP		 73
74 e = unit_name_escape(id);
75 if (!e)
76 return log_oom();
77
7410616c
LP		 78 r = unit_name_build("systemd-cryptsetup", e, ".service", &n);
79 if (r < 0)
80 return log_error_errno(r, "Failed to generate unit name: %m");
1af72119 81
121ce4a6 82 r = generator_open_unit_file(arg_dest, /* source = */ NULL, n, &f);
a7e88558
LP		 83 if (r < 0)
84 return r;
98bad05e 85
a7e88558
LP		 86 r = generator_write_cryptsetup_unit_section(f, NULL);
87 if (r < 0)
88 return r;
1af72119
LP		 89
90 fprintf(f,
1af72119 91 "Before=umount.target cryptsetup.target\n"
a7e88558
LP		 92 "Conflicts=umount.target\n"
93 "BindsTo=%s\n"
94 "After=%s\n",
95 d, d);
96
ff386f98
LP		 97 if (!rw) {
98 options = strdup("read-only");
99 if (!options)
100 return log_oom();
101 }
102
0d5f59a2
LP		 103 r = efi_measured_uki(LOG_WARNING);
104 if (r > 0)
105 /* Enable TPM2 based unlocking automatically, if we have a TPM. See #30176. */
106 if (!strextend_with_separator(&options, ",", "tpm2-device=auto"))
107 return log_oom();
108
ff386f98
LP		 109 if (measure) {
110 /* We only measure the root volume key into PCR 15 if we are booted with sd-stub (i.e. in a
111 * UKI), and sd-stub measured the UKI. We do this in order not to step into people's own PCR
112 * assignment, under the assumption that people who are fine to use sd-stub with its PCR
113 * assignments are also OK with our PCR 15 use here. */
0d5f59a2 114 if (r > 0)
2f6c52b9
ZJS		 115 if (!strextend_with_separator(&options, ",", "tpm2-measure-pcr=yes"))
116 return log_oom();
0d5f59a2
LP		 117 if (r == 0)
118 log_debug("Will not measure volume key of volume '%s', not booted via systemd-stub with measurements enabled.", id);
ff386f98
LP		 119 }
120
121 r = generator_write_cryptsetup_service_section(f, id, what, NULL, options);
a7e88558
LP		 122 if (r < 0)
123 return r;
1af72119 124
dacd6cee
LP		 125 r = fflush_and_check(f);
126 if (r < 0)
a7e88558 127 return log_error_errno(r, "Failed to write file %s: %m", n);
1af72119 128
9cdcf368
ZJS		 129 r = generator_add_symlink(arg_dest, d, "wants", n);
130 if (r < 0)
131 return r;
1af72119 132
6a488fa7 133 const char *dmname = strjoina("dev-mapper-", e, ".device");
1af72119 134
1fac34b9 135 if (require) {
9cdcf368
ZJS		 136 r = generator_add_symlink(arg_dest, "cryptsetup.target", "requires", n);
137 if (r < 0)
138 return r;
01af8c01 139
9cdcf368
ZJS		 140 r = generator_add_symlink(arg_dest, dmname, "requires", n);
141 if (r < 0)
142 return r;
01af8c01 143 }
1af72119 144
1fac34b9
ZJS		 145 r = write_drop_in_format(arg_dest, dmname, 50, "job-timeout",
146 "# Automatically generated by systemd-gpt-auto-generator\n\n"
147 "[Unit]\n"
a9b837aa 148 "JobTimeoutSec=infinity"); /* the binary handles timeouts anyway */
23bbb0de 149 if (r < 0)
1fac34b9 150 log_warning_errno(r, "Failed to write device timeout drop-in, ignoring: %m");
1af72119 151
06648fa9
LP		 152 if (ret_device) {
153 char *s;
2aa2860b 154
06648fa9
LP		 155 s = path_join("/dev/mapper", id);
156 if (!s)
2aa2860b 157 return log_oom();
1af72119 158
06648fa9 159 *ret_device = s;
2aa2860b
ZJS		 160 }
161
1af72119 162 return 0;
5b137503 163#else
6a488fa7 164 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
4e494e6a 165 "Partition is encrypted, but systemd-gpt-auto-generator was compiled without libcryptsetup support.");
5b137503 166#endif
1af72119
LP		 167}
168
73b80ec2
LP		 169static int add_mount(
170 const char *id,
171 const char *what,
172 const char *where,
173 const char *fstype,
cca1dfdd 174 bool rw,
400c1e8f 175 bool growfs,
ff386f98 176 bool measure,
59512f21 177 const char *options,
73b80ec2
LP		 178 const char *description,
179 const char *post) {
180
121ce4a6 181 _cleanup_free_ char *unit = NULL, *crypto_what = NULL;
1a14a53c 182 _cleanup_fclose_ FILE *f = NULL;
e48fdd84 183 int r;
1a14a53c 184
98bad05e
LP		 185 /* Note that we don't apply specifier escaping on the input strings here, since we know they are not configured
186 * externally, but all originate from our own sources here, and hence we know they contain no % characters that
187 * could potentially be understood as specifiers. */
188
1af72119
LP		 189 assert(id);
190 assert(what);
191 assert(where);
1af72119
LP		 192 assert(description);
193
074cdb95 194 log_debug("Adding %s: %s fstype=%s", where, what, fstype ?: "(any)");
1a14a53c 195
73b80ec2 196 if (streq_ptr(fstype, "crypto_LUKS")) {
ff386f98 197 r = add_cryptsetup(id, what, rw, /* require= */ true, measure, &crypto_what);
1af72119
LP		 198 if (r < 0)
199 return r;
200
201 what = crypto_what;
202 fstype = NULL;
80ce8580
LP		 203 } else if (fstype) {
204 r = dissect_fstype_ok(fstype);
205 if (r < 0)
206 return log_error_errno(r, "Unable to determine of dissected file system type '%s' is permitted: %m", fstype);
207 if (!r)
208 return log_error_errno(
209 SYNTHETIC_ERRNO(EIDRM),
210 "Refusing to automatically mount uncommon file system '%s' to '%s'.",
211 fstype, where);
1af72119
LP		 212 }
213
7410616c
LP		 214 r = unit_name_from_path(where, ".mount", &unit);
215 if (r < 0)
216 return log_error_errno(r, "Failed to generate unit name: %m");
1a14a53c 217
121ce4a6
MY		 218 r = generator_open_unit_file(arg_dest, /* source = */ NULL, unit, &f);
219 if (r < 0)
220 return r;
1a14a53c
LP		 221
222 fprintf(f,
1a14a53c 223 "[Unit]\n"
c3834f9b
LP		 224 "Description=%s\n"
225 "Documentation=man:systemd-gpt-auto-generator(8)\n",
e48fdd84
LP		 226 description);
227
73b80ec2
LP		 228 if (post)
229 fprintf(f, "Before=%s\n", post);
230
e48fdd84
LP		 231 r = generator_write_fsck_deps(f, arg_dest, what, where, fstype);
232 if (r < 0)
233 return r;
234
a7e88558
LP		 235 r = generator_write_blockdev_dependency(f, what);
236 if (r < 0)
237 return r;
238
e48fdd84
LP		 239 fprintf(f,
240 "\n"
1a14a53c
LP		 241 "[Mount]\n"
242 "What=%s\n"
1af72119
LP		 243 "Where=%s\n",
244 what, where);
245
73b80ec2
LP		 246 if (fstype)
247 fprintf(f, "Type=%s\n", fstype);
248
59512f21 249 if (options)
de1461ac 250 fprintf(f, "Options=%s\n", options);
1a14a53c 251
dacd6cee
LP		 252 r = fflush_and_check(f);
253 if (r < 0)
121ce4a6 254 return log_error_errno(r, "Failed to write unit %s: %m", unit);
1a14a53c 255
400c1e8f
LP		 256 if (growfs) {
257 r = generator_hook_up_growfs(arg_dest, where, post);
258 if (r < 0)
259 return r;
260 }
261
04959faa
LP		 262 if (measure) {
263 r = generator_hook_up_pcrfs(arg_dest, where, post);
264 if (r < 0)
265 return r;
266 }
267
400c1e8f
LP		 268 if (post) {
269 r = generator_add_symlink(arg_dest, post, "requires", unit);
270 if (r < 0)
271 return r;
272 }
273
1a14a53c
LP		 274 return 0;
275}
276
e137880b 277static int path_is_busy(const char *where) {
59512f21
KS		 278 int r;
279
6a488fa7
ZJS		 280 assert(where);
281
59512f21 282 /* already a mountpoint; generators run during reload */
b409aacb 283 r = path_is_mount_point_full(where, /* root = */ NULL, AT_SYMLINK_FOLLOW);
59512f21
KS		 284 if (r > 0)
285 return false;
6a488fa7 286 /* The directory will be created by the mount or automount unit when it is started. */
59512f21
KS		 287 if (r == -ENOENT)
288 return false;
289
290 if (r < 0)
e137880b 291 return log_warning_errno(r, "Cannot check if \"%s\" is a mount point: %m", where);
59512f21
KS		 292
293 /* not a mountpoint but it contains files */
db55bbf2 294 r = dir_is_empty(where, /* ignore_hidden_or_backup= */ false);
6a488fa7
ZJS		 295 if (r == -ENOTDIR) {
296 log_debug("\"%s\" is not a directory, ignoring.", where);
297 return true;
298 } else if (r < 0)
e137880b 299 return log_warning_errno(r, "Cannot check if \"%s\" is empty: %m", where);
6a488fa7
ZJS		 300 else if (r == 0) {
301 log_debug("\"%s\" already populated, ignoring.", where);
302 return true;
303 }
59512f21 304
6a488fa7 305 return false;
59512f21
KS		 306}
307
72e18a98 308static int add_partition_mount(
de1461ac 309 PartitionDesignator d,
72e18a98 310 DissectedPartition *p,
61331eab 311 const char *id,
61331eab 312 const char *where,
72e18a98 313 const char *description) {
61331eab 314
de1461ac 315 _cleanup_free_ char *options = NULL;
e137880b 316 int r;
de1461ac 317
72e18a98 318 assert(p);
61331eab 319
e137880b
ZJS		 320 r = path_is_busy(where);
321 if (r != 0)
322 return r < 0 ? r : 0;
61331eab 323
de1461ac
LP		 324 r = partition_pick_mount_options(
325 d,
326 dissected_partition_fstype(p),
327 p->rw,
328 /* discard= */ true,
329 &options,
330 /* ret_ms_flags= */ NULL);
331 if (r < 0)
332 return r;
333
61331eab
LP		 334 return add_mount(
335 id,
72e18a98 336 p->node,
61331eab 337 where,
72e18a98
LP		 338 p->fstype,
339 p->rw,
400c1e8f 340 p->growfs,
ff386f98 341 /* measure= */ STR_IN_SET(id, "root", "var"), /* by default measure rootfs and /var, since they contain the "identity" of the system */
de1461ac 342 options,
61331eab 343 description,
72e18a98 344 SPECIAL_LOCAL_FS_TARGET);
61331eab
LP		 345}
346
235ae69c 347static int add_partition_swap(DissectedPartition *p) {
8859b8f7 348 const char *what;
121ce4a6 349 _cleanup_free_ char *name = NULL, *crypto_what = NULL;
59512f21
KS		 350 _cleanup_fclose_ FILE *f = NULL;
351 int r;
352
8859b8f7
HOB		 353 assert(p);
354 assert(p->node);
59512f21 355
9a2982b6
DT		 356 if (!arg_swap_enabled)
357 return 0;
358
fc5bc384
FB		 359 /* Disable the swap auto logic if at least one swap is defined in /etc/fstab, see #6192. */
360 r = fstab_has_fstype("swap");
361 if (r < 0)
362 return log_error_errno(r, "Failed to parse fstab: %m");
1a680ae3 363 if (r > 0) {
fc5bc384
FB		 364 log_debug("swap specified in fstab, ignoring.");
365 return 0;
366 }
367
8859b8f7 368 if (streq_ptr(p->fstype, "crypto_LUKS")) {
ff386f98 369 r = add_cryptsetup("swap", p->node, /* rw= */ true, /* require= */ true, /* measure= */ false, &crypto_what);
8859b8f7
HOB		 370 if (r < 0)
371 return r;
372 what = crypto_what;
373 } else
374 what = p->node;
375
376 log_debug("Adding swap: %s", what);
59512f21 377
8859b8f7 378 r = unit_name_from_path(what, ".swap", &name);
59512f21
KS		 379 if (r < 0)
380 return log_error_errno(r, "Failed to generate unit name: %m");
381
121ce4a6
MY		 382 r = generator_open_unit_file(arg_dest, /* source = */ NULL, name, &f);
383 if (r < 0)
384 return r;
59512f21
KS		 385
386 fprintf(f,
59512f21
KS		 387 "[Unit]\n"
388 "Description=Swap Partition\n"
a7e88558
LP		 389 "Documentation=man:systemd-gpt-auto-generator(8)\n");
390
8859b8f7 391 r = generator_write_blockdev_dependency(f, what);
a7e88558
LP		 392 if (r < 0)
393 return r;
394
395 fprintf(f,
396 "\n"
59512f21
KS		 397 "[Swap]\n"
398 "What=%s\n",
8859b8f7 399 what);
59512f21 400
dacd6cee
LP		 401 r = fflush_and_check(f);
402 if (r < 0)
121ce4a6 403 return log_error_errno(r, "Failed to write unit %s: %m", name);
59512f21 404
9cdcf368 405 return generator_add_symlink(arg_dest, SPECIAL_SWAP_TARGET, "wants", name);
59512f21
KS		 406}
407
7a1494aa
TG		 408static int add_automount(
409 const char *id,
410 const char *what,
411 const char *where,
412 const char *fstype,
413 bool rw,
400c1e8f 414 bool growfs,
7a1494aa
TG		 415 const char *options,
416 const char *description,
417 usec_t timeout) {
418
121ce4a6 419 _cleanup_free_ char *unit = NULL;
7a1494aa
TG		 420 _cleanup_fclose_ FILE *f = NULL;
421 int r;
422
423 assert(id);
424 assert(where);
425 assert(description);
426
7a1494aa
TG		 427 r = add_mount(id,
428 what,
429 where,
430 fstype,
431 rw,
400c1e8f 432 growfs,
ff386f98 433 /* measure= */ false,
d22771fc 434 options,
7a1494aa
TG		 435 description,
436 NULL);
437 if (r < 0)
438 return r;
439
440 r = unit_name_from_path(where, ".automount", &unit);
441 if (r < 0)
442 return log_error_errno(r, "Failed to generate unit name: %m");
443
121ce4a6
MY		 444 r = generator_open_unit_file(arg_dest, /* source = */ NULL, unit, &f);
445 if (r < 0)
446 return r;
7a1494aa
TG		 447
448 fprintf(f,
7a1494aa
TG		 449 "[Unit]\n"
450 "Description=%s\n"
451 "Documentation=man:systemd-gpt-auto-generator(8)\n"
452 "[Automount]\n"
453 "Where=%s\n"
70887c5f 454 "TimeoutIdleSec="USEC_FMT"\n",
7a1494aa
TG		 455 description,
456 where,
70887c5f 457 timeout / USEC_PER_SEC);
7a1494aa
TG		 458
459 r = fflush_and_check(f);
460 if (r < 0)
121ce4a6 461 return log_error_errno(r, "Failed to write unit %s: %m", unit);
7a1494aa 462
9cdcf368 463 return generator_add_symlink(arg_dest, SPECIAL_LOCAL_FS_TARGET, "wants", unit);
7a1494aa
TG		 464}
465
235ae69c 466static int add_partition_xbootldr(DissectedPartition *p) {
de1461ac 467 _cleanup_free_ char *options = NULL;
9f1cb0c1
LP		 468 int r;
469
470 assert(p);
471
472 if (in_initrd()) {
473 log_debug("In initrd, ignoring the XBOOTLDR partition.");
474 return 0;
475 }
476
9f1cb0c1
LP		 477 r = path_is_busy("/boot");
478 if (r < 0)
479 return r;
480 if (r > 0)
481 return 0;
482
de1461ac
LP		 483 r = partition_pick_mount_options(
484 PARTITION_XBOOTLDR,
485 dissected_partition_fstype(p),
486 /* rw= */ true,
487 /* discard= */ false,
488 &options,
489 /* ret_ms_flags= */ NULL);
490 if (r < 0)
6a488fa7
ZJS		 491 return log_error_errno(r, "Failed to determine default mount options for /boot/: %m");
492
493 return add_automount(
494 "boot",
495 p->node,
496 "/boot",
497 p->fstype,
498 /* rw= */ true,
499 /* growfs= */ false,
500 options,
501 "Boot Loader Partition",
502 120 * USEC_PER_SEC);
9f1cb0c1
LP		 503}
504
505#if ENABLE_EFI
7f4b3dc0
ZJS		 506static bool slash_boot_exists(void) {
507 static int cache = -1;
508
509 if (cache >= 0)
510 return cache;
511
512 if (access("/boot", F_OK) >= 0)
513 return (cache = true);
514 if (errno != ENOENT)
515 log_error_errno(errno, "Failed to determine whether /boot/ exists, assuming no: %m");
516 else
517 log_debug_errno(errno, "/boot/: %m");
518 return (cache = false);
519}
520
235ae69c 521static int add_partition_esp(DissectedPartition *p, bool has_xbootldr) {
9f1cb0c1 522 const char *esp_path = NULL, *id = NULL;
de1461ac 523 _cleanup_free_ char *options = NULL;
59512f21
KS		 524 int r;
525
72e18a98 526 assert(p);
59512f21 527
59512f21 528 if (in_initrd()) {
b52a109a 529 log_debug("In initrd, ignoring the ESP.");
59512f21
KS		 530 return 0;
531 }
532
7893a547
MY		 533 /* Check if there's an existing fstab entry for ESP. If so, we just skip the gpt-auto logic. */
534 r = fstab_has_node(p->node);
535 if (r < 0)
622f2dcc
MY		 536 log_warning_errno(r, "Failed to check if fstab entry for device '%s' exists, ignoring: %m",
537 p->node);
7893a547
MY		 538 if (r > 0)
539 return 0;
540
6a488fa7
ZJS		 541 /* If /boot/ is present, unused, and empty, we'll take that.
542 * Otherwise, if /efi/ is unused and empty (or missing), we'll take that.
7893a547 543 * Otherwise, we do nothing. */
6a488fa7 544 if (!has_xbootldr && slash_boot_exists()) {
8a132658 545 r = path_is_busy("/boot");
6a488fa7
ZJS		 546 if (r < 0)
547 return r;
548 if (r == 0) {
8a132658
FB		 549 esp_path = "/boot";
550 id = "boot";
9f1cb0c1
LP		 551 }
552 }
6a488fa7
ZJS		 553
554 if (!esp_path) {
6a488fa7
ZJS		 555 r = path_is_busy("/efi");
556 if (r < 0)
557 return r;
558 if (r > 0)
559 return 0;
560
9f1cb0c1 561 esp_path = "/efi";
9f1cb0c1 562 id = "efi";
59512f21
KS		 563 }
564
de1461ac
LP		 565 r = partition_pick_mount_options(
566 PARTITION_ESP,
567 dissected_partition_fstype(p),
568 /* rw= */ true,
569 /* discard= */ false,
570 &options,
571 /* ret_ms_flags= */ NULL);
572 if (r < 0)
6a488fa7
ZJS		 573 return log_error_errno(r, "Failed to determine default mount options for %s: %m", esp_path);
574
575 return add_automount(
576 id,
577 p->node,
578 esp_path,
579 p->fstype,
580 /* rw= */ true,
581 /* growfs= */ false,
582 options,
583 "EFI System Partition Automount",
584 120 * USEC_PER_SEC);
7a1494aa 585}
59512f21 586#else
235ae69c 587static int add_partition_esp(DissectedPartition *p, bool has_xbootldr) {
59512f21 588 return 0;
59512f21 589}
7a1494aa 590#endif
59512f21 591
235ae69c 592static int add_partition_root_rw(DissectedPartition *p) {
fd89051e
LP		 593 const char *path;
594 int r;
595
596 assert(p);
5253b4a9 597 assert(!in_initrd());
fd89051e 598
5253b4a9 599 /* Invoked on the main system (not initrd), to honour GPT flag 60 on the root fs (ro) */
fd89051e
LP		 600
601 if (arg_root_rw >= 0) {
602 log_debug("Parameter ro/rw specified on kernel command line, not generating drop-in for systemd-remount-fs.service.");
603 return 0;
604 }
605
606 if (!p->rw) {
607 log_debug("Root partition marked read-only in GPT partition table, not generating drop-in for systemd-remount-fs.service.");
608 return 0;
609 }
610
40b1224e
LP		 611 r = generator_enable_remount_fs_service(arg_dest);
612 if (r < 0)
613 return r;
9b69569d 614
fd89051e 615 path = strjoina(arg_dest, "/systemd-remount-fs.service.d/50-remount-rw.conf");
fd89051e
LP		 616
617 r = write_string_file(path,
dd23292c 618 "# Automatically generated by systemd-gpt-auto-generator\n\n"
fd89051e
LP		 619 "[Service]\n"
620 "Environment=SYSTEMD_REMOUNT_ROOT_RW=1\n",
e82e549f 621 WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_NOFOLLOW|WRITE_STRING_FILE_MKDIR_0755);
fd89051e
LP		 622 if (r < 0)
623 return log_error_errno(r, "Failed to write drop-in file %s: %m", path);
624
625 return 0;
626}
627
6b5fe5d7
LP		 628static int add_partition_root_growfs(DissectedPartition *p) {
629
630 assert(p);
631 assert(!in_initrd());
632
633 /* Invoked on the main system (not initrd), to honour GPT flag 59 on the root fs (growfs) */
634
635 if (!p->growfs) {
636 log_debug("Root partition not marked for growing the file system in the GPT partition table, not generating drop-in for systemd-growfs-root.service.");
637 return 0;
638 }
639
640 return generator_hook_up_growfs(arg_dest, "/", SPECIAL_LOCAL_FS_TARGET);
641}
642
643static int add_partition_root_flags(DissectedPartition *p) {
644 int r = 0;
645
646 assert(p);
647 assert(!in_initrd());
648
649 RET_GATHER(r, add_partition_root_growfs(p));
650 RET_GATHER(r, add_partition_root_rw(p));
651
652 return r;
653}
654
9fe6f5cc
ZJS		 655#if ENABLE_EFI
656static int add_root_cryptsetup(void) {
d0523bb0 657#if HAVE_LIBCRYPTSETUP
1a14a53c 658
9fe6f5cc
ZJS		 659 /* If a device /dev/gpt-auto-root-luks appears, then make it pull in systemd-cryptsetup-root.service, which
660 * sets it up, and causes /dev/gpt-auto-root to appear which is all we are looking for. */
1a14a53c 661
ff386f98 662 return add_cryptsetup("root", "/dev/gpt-auto-root-luks", /* rw= */ true, /* require= */ false, /* measure= */ true, NULL);
d0523bb0
DS		 663#else
664 return 0;
665#endif
9fe6f5cc
ZJS		 666}
667#endif
d2a62382 668
9fe6f5cc
ZJS		 669static int add_root_mount(void) {
670#if ENABLE_EFI
de1461ac 671 _cleanup_free_ char *options = NULL;
9fe6f5cc 672 int r;
1a14a53c 673
9fe6f5cc 674 if (!is_efi_boot()) {
387f6955 675 log_debug("Not an EFI boot, not creating root mount.");
8090b41e 676 return 0;
fa041593 677 }
61331eab 678
9fe6f5cc
ZJS		 679 r = efi_loader_get_device_part_uuid(NULL);
680 if (r == -ENOENT) {
b50a3a15
ZJS		 681 log_notice("EFI loader partition unknown, exiting.\n"
682 "(The boot loader did not set EFI variable LoaderDevicePartUUID.)");
8090b41e 683 return 0;
9fe6f5cc 684 } else if (r < 0)
68f8a86a 685 return log_error_errno(r, "Failed to read loader partition UUID: %m");
61331eab 686
68f8a86a
MY		 687 /* OK, we have an ESP/XBOOTLDR partition, this is fantastic, so let's wait for a root device to show up.
688 * A udev rule will create the link for us under the right name. */
61331eab 689
9fe6f5cc
ZJS		 690 if (in_initrd()) {
691 r = generator_write_initrd_root_device_deps(arg_dest, "/dev/gpt-auto-root");
692 if (r < 0)
693 return 0;
61331eab 694
9fe6f5cc
ZJS		 695 r = add_root_cryptsetup();
696 if (r < 0)
697 return r;
61331eab
LP		 698 }
699
6b5fe5d7
LP		 700 /* Note that we do not need to enable systemd-remount-fs.service here. If /etc/fstab exists,
701 * systemd-fstab-generator will pull it in for us, and otherwise add_partition_root_flags() will do
702 * it, after the initrd transition. */
61331eab 703
de1461ac
LP		 704 r = partition_pick_mount_options(
705 PARTITION_ROOT,
706 arg_root_fstype,
707 arg_root_rw > 0,
708 /* discard= */ true,
709 &options,
710 /* ret_ms_flags= */ NULL);
711 if (r < 0)
712 return log_error_errno(r, "Failed to pick root mount options: %m");
713
714 if (arg_root_options)
715 if (!strextend_with_separator(&options, ",", arg_root_options))
716 return log_oom();
717
9fe6f5cc
ZJS		 718 return add_mount(
719 "root",
720 "/dev/gpt-auto-root",
721 in_initrd() ? "/sysroot" : "/",
cf451f38 722 arg_root_fstype,
400c1e8f
LP		 723 /* rw= */ arg_root_rw > 0,
724 /* growfs= */ false,
ff386f98 725 /* measure= */ true,
de1461ac 726 options,
9fe6f5cc
ZJS		 727 "Root Partition",
728 in_initrd() ? SPECIAL_INITRD_ROOT_FS_TARGET : SPECIAL_LOCAL_FS_TARGET);
729#else
730 return 0;
731#endif
72e18a98 732}
cb971249 733
68f8a86a
MY		 734static int process_loader_partitions(DissectedPartition *esp, DissectedPartition *xbootldr) {
735 sd_id128_t loader_uuid;
fa989c74 736 int r;
68f8a86a
MY		 737
738 assert(esp);
739 assert(xbootldr);
740
8a132658
FB		 741 /* If any paths in fstab look similar to our favorite paths for ESP or XBOOTLDR, we just exit
742 * early. We also don't bother with cases where one is configured explicitly and the other shall be
743 * mounted automatically. */
744
745 r = fstab_has_mount_point_prefix_strv(STRV_MAKE("/boot", "/efi"));
746 if (r > 0) {
747 log_debug("Found mount entries in the /boot/ or /efi/ hierarchies in fstab, not generating ESP or XBOOTLDR mounts.");
748 return 0;
749 }
750 if (r < 0)
751 log_debug_errno(r, "Failed to check fstab existing paths, ignoring: %m");
752
68f8a86a
MY		 753 if (!is_efi_boot()) {
754 log_debug("Not an EFI boot, skipping loader partition UUID check.");
755 goto mount;
756 }
757
758 /* Let's check if LoaderDevicePartUUID points to either ESP or XBOOTLDR. We prefer it pointing
759 * to the ESP, but we accept XBOOTLDR too. If it points to neither of them, don't mount any
760 * loader partitions, since they are not the ones used for booting. */
761
762 r = efi_loader_get_device_part_uuid(&loader_uuid);
763 if (r == -ENOENT) {
764 log_debug_errno(r, "EFI loader partition unknown, skipping ESP and XBOOTLDR mounts.");
765 return 0;
766 }
767 if (r < 0)
768 return log_debug_errno(r, "Failed to read loader partition UUID, ignoring: %m");
769
770 if (esp->found && sd_id128_equal(esp->uuid, loader_uuid))
771 goto mount;
772
773 if (xbootldr->found && sd_id128_equal(xbootldr->uuid, loader_uuid)) {
774 log_debug("LoaderDevicePartUUID points to XBOOTLDR partition.");
775 goto mount;
776 }
777
778 log_debug("LoaderDevicePartUUID points to neither ESP nor XBOOTLDR, ignoring.");
779 return 0;
780
781mount:
fa989c74 782 r = 0;
68f8a86a 783
fa989c74
ZJS		 784 if (xbootldr->found)
785 RET_GATHER(r, add_partition_xbootldr(xbootldr));
786 if (esp->found)
787 RET_GATHER(r, add_partition_esp(esp, xbootldr->found));
68f8a86a 788
fa989c74 789 return r;
68f8a86a
MY		 790}
791
72e18a98 792static int enumerate_partitions(dev_t devnum) {
72e18a98 793 _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL;
55a065cd
YW		 794 _cleanup_(loop_device_unrefp) LoopDevice *loop = NULL;
795 _cleanup_free_ char *devname = NULL;
fa989c74 796 int r;
61331eab 797
ca8ac0f9
LP		 798 assert(!in_initrd());
799
800 /* Run on the final root fs (not in the initrd), to mount auxiliary partitions, and hook in rw
801 * remount and growfs of the root partition */
802
55a065cd
YW		 803 r = block_get_whole_disk(devnum, &devnum);
804 if (r < 0)
805 return log_debug_errno(r, "Failed to get whole block device for " DEVNUM_FORMAT_STR ": %m",
806 DEVNUM_FORMAT_VAL(devnum));
807
808 r = devname_from_devnum(S_IFBLK, devnum, &devname);
809 if (r < 0)
810 return log_debug_errno(r, "Failed to get device node of " DEVNUM_FORMAT_STR ": %m",
811 DEVNUM_FORMAT_VAL(devnum));
61331eab 812
41bc4849
LP		 813 /* Let's take a LOCK_SH lock on the block device, in case udevd is already running. If we don't take
814 * the lock, udevd might end up issuing BLKRRPART in the middle, and we don't want that, since that
815 * might remove all partitions while we are operating on them. */
de3b7f16 816 r = loop_device_open_from_path(devname, O_RDONLY, LOCK_SH, &loop);
55a065cd 817 if (r < 0)
af3d3873 818 return log_debug_errno(r, "Failed to open %s: %m", devname);
41bc4849 819
55a065cd
YW		 820 r = dissect_loop_device(
821 loop,
84be0c71
LP		 822 /* verity= */ NULL,
823 /* mount_options= */ NULL,
824 arg_image_policy ?: &image_policy_host,
d04faa4e 825 DISSECT_IMAGE_GPT_ONLY|
8716a76c 826 DISSECT_IMAGE_USR_NO_ROOT|
ee0e6e47
YW		 827 DISSECT_IMAGE_DISKSEQ_DEVNODE|
828 DISSECT_IMAGE_ALLOW_EMPTY,
73d88b80
LP		 829 /* NB! Unlike most other places where we dissect block devices we do not use
830 * DISSECT_IMAGE_ADD_PARTITION_DEVICES here: we want that the kernel finds the
831 * devices, and udev probes them before we mount them via .mount units much later
832 * on. And thus we also don't set DISSECT_IMAGE_PIN_PARTITION_DEVICES here, because
833 * we don't actually mount anything immediately. */
d04faa4e 834 &m);
4953e39c
ZJS		 835 if (r < 0) {
836 bool ok = r == -ENOPKG;
837 dissect_log_error(ok ? LOG_DEBUG : LOG_ERR, r, devname, NULL);
838 return ok ? 0 : r;
61331eab 839 }
0238d4c6 840
fa989c74
ZJS		 841 if (m->partitions[PARTITION_SWAP].found)
842 RET_GATHER(r, add_partition_swap(m->partitions + PARTITION_SWAP));
1a14a53c 843
fa989c74 844 RET_GATHER(r, process_loader_partitions(m->partitions + PARTITION_ESP, m->partitions + PARTITION_XBOOTLDR));
59512f21 845
fa989c74
ZJS		 846 if (m->partitions[PARTITION_HOME].found)
847 RET_GATHER(r, add_partition_mount(PARTITION_HOME, m->partitions + PARTITION_HOME,
848 "home", "/home", "Home Partition"));
e48fdd84 849
fa989c74
ZJS		 850 if (m->partitions[PARTITION_SRV].found)
851 RET_GATHER(r, add_partition_mount(PARTITION_SRV, m->partitions + PARTITION_SRV,
852 "srv", "/srv", "Server Data Partition"));
1a14a53c 853
fa989c74
ZJS		 854 if (m->partitions[PARTITION_VAR].found)
855 RET_GATHER(r, add_partition_mount(PARTITION_VAR, m->partitions + PARTITION_VAR,
856 "var", "/var", "Variable Data Partition"));
d4dffb85 857
fa989c74
ZJS		 858 if (m->partitions[PARTITION_TMP].found)
859 RET_GATHER(r, add_partition_mount(PARTITION_TMP, m->partitions + PARTITION_TMP,
860 "var-tmp", "/var/tmp", "Temporary Data Partition"));
d4dffb85 861
fa989c74 862 if (m->partitions[PARTITION_ROOT].found)
6b5fe5d7 863 RET_GATHER(r, add_partition_root_flags(m->partitions + PARTITION_ROOT));
fd89051e 864
1a14a53c
LP		 865 return r;
866}
867
9fe6f5cc 868static int add_mounts(void) {
b00651cf 869 dev_t devno;
c56be2c2 870 int r;
9fe6f5cc 871
c56be2c2
LP		 872 r = blockdev_get_root(LOG_ERR, &devno);
873 if (r < 0)
874 return r;
875 if (r == 0) {
876 log_debug("Skipping automatic GPT dissection logic, root file system not backed by a (single) whole block device.");
877 return 0;
9fe6f5cc
ZJS		 878 }
879
880 return enumerate_partitions(devno);
881}
882
96287a49 883static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
73b80ec2 884 int r;
1a14a53c 885
73b80ec2 886 assert(key);
1a14a53c 887
8a9c44ed
LP		 888 if (proc_cmdline_key_streq(key, "systemd.gpt_auto") ||
889 proc_cmdline_key_streq(key, "rd.systemd.gpt_auto")) {
1a14a53c 890
1d84ad94 891 r = value ? parse_boolean(value) : 1;
73b80ec2 892 if (r < 0)
0a1b9449 893 log_warning_errno(r, "Failed to parse gpt-auto switch \"%s\", ignoring: %m", value);
8086ffac
ZJS		 894 else
895 arg_enabled = r;
1a14a53c 896
a8d3315b 897 } else if (streq(key, "root")) {
1d84ad94
LP		 898
899 if (proc_cmdline_value_missing(key, value))
900 return 0;
73b80ec2
LP		 901
902 /* Disable root disk logic if there's a root= value
903 * specified (unless it happens to be "gpt-auto") */
904
074cdb95
ZJS		 905 if (!streq(value, "gpt-auto")) {
906 arg_root_enabled = false;
907 log_debug("Disabling root partition auto-detection, root= is defined.");
908 }
73b80ec2 909
a8d3315b 910 } else if (streq(key, "roothash")) {
2f3dfc6f
LP		 911
912 if (proc_cmdline_value_missing(key, value))
913 return 0;
914
915 /* Disable root disk logic if there's roothash= defined (i.e. verity enabled) */
916
917 arg_root_enabled = false;
918
cf451f38
LP		 919 } else if (streq(key, "rootfstype")) {
920
921 if (proc_cmdline_value_missing(key, value))
922 return 0;
923
924 return free_and_strdup_warn(&arg_root_fstype, value);
925
926 } else if (streq(key, "rootflags")) {
927
928 if (proc_cmdline_value_missing(key, value))
929 return 0;
930
931 if (!strextend_with_separator(&arg_root_options, ",", value))
932 return log_oom();
933
a8d3315b 934 } else if (streq(key, "rw") && !value)
73b80ec2 935 arg_root_rw = true;
a8d3315b 936 else if (streq(key, "ro") && !value)
73b80ec2 937 arg_root_rw = false;
06e78680 938 else if (proc_cmdline_key_streq(key, "systemd.image_policy"))
d0a0059c 939 return parse_image_policy_argument(value, &arg_image_policy);
73b80ec2 940
a8d3315b 941 else if (streq(key, "systemd.swap")) {
9a2982b6
DT		 942
943 r = value ? parse_boolean(value) : 1;
944 if (r < 0)
945 log_warning_errno(r, "Failed to parse swap switch \"%s\", ignoring: %m", value);
946 else
947 arg_swap_enabled = r;
948
949 if (!arg_swap_enabled)
950 log_debug("Disabling swap partitions auto-detection, systemd.swap=no is defined.");
951
952 }
953
73b80ec2
LP		 954 return 0;
955}
956
ec6e9597 957static int run(const char *dest, const char *dest_early, const char *dest_late) {
8f50e86a 958 int r, k;
73b80ec2 959
ec6e9597 960 assert_se(arg_dest = dest_late);
73b80ec2 961
75f86906 962 if (detect_container() > 0) {
73b80ec2 963 log_debug("In a container, exiting.");
ec6e9597 964 return 0;
1a14a53c 965 }
3db604b9 966
1d84ad94 967 r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, 0);
b5884878 968 if (r < 0)
da927ba9 969 log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m");
1a14a53c 970
73b80ec2
LP		 971 if (!arg_enabled) {
972 log_debug("Disabled, exiting.");
ec6e9597 973 return 0;
73b80ec2
LP		 974 }
975
976 if (arg_root_enabled)
977 r = add_root_mount();
978
979 if (!in_initrd()) {
73b80ec2 980 k = add_mounts();
ec6e9597 981 if (r >= 0)
73b80ec2
LP		 982 r = k;
983 }
984
ec6e9597 985 return r;
1a14a53c 986}
ec6e9597
ZJS		 987
988DEFINE_MAIN_GENERATOR_FUNCTION(run);
Unnamed repository; edit this file 'description' to name the repository.