]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
1a14a53c | 2 | |
1a14a53c | 3 | #include <stdlib.h> |
1a14a53c | 4 | #include <sys/statfs.h> |
cf0fbc49 | 5 | #include <unistd.h> |
1a14a53c | 6 | |
85624f01 | 7 | #include "sd-device.h" |
07630cea LP |
8 | #include "sd-id128.h" |
9 | ||
b5efdb8a | 10 | #include "alloc-util.h" |
07630cea | 11 | #include "blkid-util.h" |
18c528e9 | 12 | #include "blockdev-util.h" |
07630cea | 13 | #include "btrfs-util.h" |
133432cc | 14 | #include "device-util.h" |
a0956174 | 15 | #include "dirent-util.h" |
72e18a98 | 16 | #include "dissect-image.h" |
0bb2f0f1 | 17 | #include "efi-loader.h" |
3ffd4af2 | 18 | #include "fd-util.h" |
07630cea | 19 | #include "fileio.h" |
2bef2582 | 20 | #include "fs-util.h" |
07630cea LP |
21 | #include "fstab-util.h" |
22 | #include "generator.h" | |
23 | #include "gpt.h" | |
07630cea | 24 | #include "mkdir.h" |
049af8ad | 25 | #include "mountpoint-util.h" |
6bedfcbb | 26 | #include "parse-util.h" |
07630cea | 27 | #include "path-util.h" |
4e731273 | 28 | #include "proc-cmdline.h" |
1a14a53c | 29 | #include "special.h" |
98bad05e | 30 | #include "specifier.h" |
8fcde012 | 31 | #include "stat-util.h" |
07630cea | 32 | #include "string-util.h" |
85624f01 | 33 | #include "strv.h" |
1a14a53c | 34 | #include "unit-name.h" |
07630cea | 35 | #include "util.h" |
9a5cb137 | 36 | #include "virt.h" |
1a14a53c | 37 | |
ec6e9597 | 38 | static const char *arg_dest = NULL; |
73b80ec2 LP |
39 | static bool arg_enabled = true; |
40 | static bool arg_root_enabled = true; | |
c94b2417 | 41 | static int arg_root_rw = -1; |
1a14a53c | 42 | |
01af8c01 | 43 | static int add_cryptsetup(const char *id, const char *what, bool rw, bool require, char **device) { |
2aa2860b | 44 | _cleanup_free_ char *e = NULL, *n = NULL, *d = NULL, *id_escaped = NULL, *what_escaped = NULL; |
1af72119 | 45 | _cleanup_fclose_ FILE *f = NULL; |
2aa2860b | 46 | const char *p; |
1af72119 LP |
47 | int r; |
48 | ||
49 | assert(id); | |
50 | assert(what); | |
1af72119 | 51 | |
7410616c LP |
52 | r = unit_name_from_path(what, ".device", &d); |
53 | if (r < 0) | |
54 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
1af72119 LP |
55 | |
56 | e = unit_name_escape(id); | |
57 | if (!e) | |
58 | return log_oom(); | |
59 | ||
7410616c LP |
60 | r = unit_name_build("systemd-cryptsetup", e, ".service", &n); |
61 | if (r < 0) | |
62 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
1af72119 | 63 | |
98bad05e LP |
64 | id_escaped = specifier_escape(id); |
65 | if (!id_escaped) | |
66 | return log_oom(); | |
67 | ||
68 | what_escaped = specifier_escape(what); | |
69 | if (!what_escaped) | |
70 | return log_oom(); | |
71 | ||
270384b2 | 72 | p = prefix_roota(arg_dest, n); |
1af72119 | 73 | f = fopen(p, "wxe"); |
4a62c710 MS |
74 | if (!f) |
75 | return log_error_errno(errno, "Failed to create unit file %s: %m", p); | |
1af72119 LP |
76 | |
77 | fprintf(f, | |
78 | "# Automatically generated by systemd-gpt-auto-generator\n\n" | |
79 | "[Unit]\n" | |
80 | "Description=Cryptography Setup for %%I\n" | |
c3834f9b | 81 | "Documentation=man:systemd-gpt-auto-generator(8) man:systemd-cryptsetup@.service(8)\n" |
1af72119 LP |
82 | "DefaultDependencies=no\n" |
83 | "Conflicts=umount.target\n" | |
84 | "BindsTo=dev-mapper-%%i.device %s\n" | |
85 | "Before=umount.target cryptsetup.target\n" | |
86 | "After=%s\n" | |
87 | "IgnoreOnIsolate=true\n" | |
1af72119 LP |
88 | "[Service]\n" |
89 | "Type=oneshot\n" | |
90 | "RemainAfterExit=yes\n" | |
91 | "TimeoutSec=0\n" /* the binary handles timeouts anyway */ | |
0b1f68ac | 92 | "KeyringMode=shared\n" /* make sure we can share cached keys among instances */ |
cca1dfdd | 93 | "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '' '%s'\n" |
1af72119 LP |
94 | "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n", |
95 | d, d, | |
98bad05e LP |
96 | id_escaped, what_escaped, rw ? "" : "read-only", |
97 | id_escaped); | |
1af72119 | 98 | |
dacd6cee LP |
99 | r = fflush_and_check(f); |
100 | if (r < 0) | |
101 | return log_error_errno(r, "Failed to write file %s: %m", p); | |
1af72119 | 102 | |
9cdcf368 ZJS |
103 | r = generator_add_symlink(arg_dest, d, "wants", n); |
104 | if (r < 0) | |
105 | return r; | |
1af72119 | 106 | |
01af8c01 | 107 | if (require) { |
9cdcf368 | 108 | const char *dmname; |
1af72119 | 109 | |
9cdcf368 ZJS |
110 | r = generator_add_symlink(arg_dest, "cryptsetup.target", "requires", n); |
111 | if (r < 0) | |
112 | return r; | |
01af8c01 | 113 | |
9cdcf368 ZJS |
114 | dmname = strjoina("dev-mapper-", e, ".device"); |
115 | r = generator_add_symlink(arg_dest, dmname, "requires", n); | |
116 | if (r < 0) | |
117 | return r; | |
01af8c01 | 118 | } |
1af72119 | 119 | |
2aa2860b | 120 | p = strjoina(arg_dest, "/dev-mapper-", e, ".device.d/50-job-timeout-sec-0.conf"); |
1af72119 LP |
121 | mkdir_parents_label(p, 0755); |
122 | r = write_string_file(p, | |
123 | "# Automatically generated by systemd-gpt-auto-generator\n\n" | |
124 | "[Unit]\n" | |
4c1fc3e4 DM |
125 | "JobTimeoutSec=0\n", |
126 | WRITE_STRING_FILE_CREATE); /* the binary handles timeouts anyway */ | |
23bbb0de MS |
127 | if (r < 0) |
128 | return log_error_errno(r, "Failed to write device drop-in: %m"); | |
1af72119 | 129 | |
2aa2860b ZJS |
130 | if (device) { |
131 | char *ret; | |
132 | ||
b910cc72 | 133 | ret = path_join("/dev/mapper", id); |
2aa2860b ZJS |
134 | if (!ret) |
135 | return log_oom(); | |
1af72119 | 136 | |
01af8c01 | 137 | *device = ret; |
2aa2860b ZJS |
138 | } |
139 | ||
1af72119 LP |
140 | return 0; |
141 | } | |
142 | ||
73b80ec2 LP |
143 | static int add_mount( |
144 | const char *id, | |
145 | const char *what, | |
146 | const char *where, | |
147 | const char *fstype, | |
cca1dfdd | 148 | bool rw, |
59512f21 | 149 | const char *options, |
73b80ec2 LP |
150 | const char *description, |
151 | const char *post) { | |
152 | ||
9cdcf368 | 153 | _cleanup_free_ char *unit = NULL, *crypto_what = NULL, *p = NULL; |
1a14a53c | 154 | _cleanup_fclose_ FILE *f = NULL; |
e48fdd84 | 155 | int r; |
1a14a53c | 156 | |
98bad05e LP |
157 | /* Note that we don't apply specifier escaping on the input strings here, since we know they are not configured |
158 | * externally, but all originate from our own sources here, and hence we know they contain no % characters that | |
159 | * could potentially be understood as specifiers. */ | |
160 | ||
1af72119 LP |
161 | assert(id); |
162 | assert(what); | |
163 | assert(where); | |
1af72119 LP |
164 | assert(description); |
165 | ||
73b80ec2 | 166 | log_debug("Adding %s: %s %s", where, what, strna(fstype)); |
1a14a53c | 167 | |
73b80ec2 | 168 | if (streq_ptr(fstype, "crypto_LUKS")) { |
1af72119 | 169 | |
01af8c01 | 170 | r = add_cryptsetup(id, what, rw, true, &crypto_what); |
1af72119 LP |
171 | if (r < 0) |
172 | return r; | |
173 | ||
174 | what = crypto_what; | |
175 | fstype = NULL; | |
176 | } | |
177 | ||
7410616c LP |
178 | r = unit_name_from_path(where, ".mount", &unit); |
179 | if (r < 0) | |
180 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
1a14a53c | 181 | |
657ee2d8 | 182 | p = path_join(empty_to_root(arg_dest), unit); |
e48fdd84 LP |
183 | if (!p) |
184 | return log_oom(); | |
185 | ||
186 | f = fopen(p, "wxe"); | |
4a62c710 MS |
187 | if (!f) |
188 | return log_error_errno(errno, "Failed to create unit file %s: %m", unit); | |
1a14a53c LP |
189 | |
190 | fprintf(f, | |
191 | "# Automatically generated by systemd-gpt-auto-generator\n\n" | |
192 | "[Unit]\n" | |
c3834f9b LP |
193 | "Description=%s\n" |
194 | "Documentation=man:systemd-gpt-auto-generator(8)\n", | |
e48fdd84 LP |
195 | description); |
196 | ||
73b80ec2 LP |
197 | if (post) |
198 | fprintf(f, "Before=%s\n", post); | |
199 | ||
e48fdd84 LP |
200 | r = generator_write_fsck_deps(f, arg_dest, what, where, fstype); |
201 | if (r < 0) | |
202 | return r; | |
203 | ||
204 | fprintf(f, | |
205 | "\n" | |
1a14a53c LP |
206 | "[Mount]\n" |
207 | "What=%s\n" | |
1af72119 LP |
208 | "Where=%s\n", |
209 | what, where); | |
210 | ||
73b80ec2 LP |
211 | if (fstype) |
212 | fprintf(f, "Type=%s\n", fstype); | |
213 | ||
59512f21 KS |
214 | if (options) |
215 | fprintf(f, "Options=%s,%s\n", options, rw ? "rw" : "ro"); | |
216 | else | |
217 | fprintf(f, "Options=%s\n", rw ? "rw" : "ro"); | |
1a14a53c | 218 | |
dacd6cee LP |
219 | r = fflush_and_check(f); |
220 | if (r < 0) | |
221 | return log_error_errno(r, "Failed to write unit file %s: %m", p); | |
1a14a53c | 222 | |
9cdcf368 ZJS |
223 | if (post) |
224 | return generator_add_symlink(arg_dest, post, "requires", unit); | |
1a14a53c LP |
225 | return 0; |
226 | } | |
227 | ||
e137880b | 228 | static int path_is_busy(const char *where) { |
59512f21 KS |
229 | int r; |
230 | ||
231 | /* already a mountpoint; generators run during reload */ | |
e1873695 | 232 | r = path_is_mount_point(where, NULL, AT_SYMLINK_FOLLOW); |
59512f21 KS |
233 | if (r > 0) |
234 | return false; | |
235 | ||
236 | /* the directory might not exist on a stateless system */ | |
237 | if (r == -ENOENT) | |
238 | return false; | |
239 | ||
240 | if (r < 0) | |
e137880b | 241 | return log_warning_errno(r, "Cannot check if \"%s\" is a mount point: %m", where); |
59512f21 KS |
242 | |
243 | /* not a mountpoint but it contains files */ | |
e137880b ZJS |
244 | r = dir_is_empty(where); |
245 | if (r < 0) | |
246 | return log_warning_errno(r, "Cannot check if \"%s\" is empty: %m", where); | |
247 | if (r > 0) | |
248 | return false; | |
59512f21 | 249 | |
e137880b ZJS |
250 | log_debug("\"%s\" already populated, ignoring.", where); |
251 | return true; | |
59512f21 KS |
252 | } |
253 | ||
72e18a98 LP |
254 | static int add_partition_mount( |
255 | DissectedPartition *p, | |
61331eab | 256 | const char *id, |
61331eab | 257 | const char *where, |
72e18a98 | 258 | const char *description) { |
61331eab | 259 | |
e137880b | 260 | int r; |
72e18a98 | 261 | assert(p); |
61331eab | 262 | |
e137880b ZJS |
263 | r = path_is_busy(where); |
264 | if (r != 0) | |
265 | return r < 0 ? r : 0; | |
61331eab | 266 | |
61331eab LP |
267 | return add_mount( |
268 | id, | |
72e18a98 | 269 | p->node, |
61331eab | 270 | where, |
72e18a98 LP |
271 | p->fstype, |
272 | p->rw, | |
59512f21 | 273 | NULL, |
61331eab | 274 | description, |
72e18a98 | 275 | SPECIAL_LOCAL_FS_TARGET); |
61331eab LP |
276 | } |
277 | ||
59512f21 | 278 | static int add_swap(const char *path) { |
9cdcf368 | 279 | _cleanup_free_ char *name = NULL, *unit = NULL; |
59512f21 KS |
280 | _cleanup_fclose_ FILE *f = NULL; |
281 | int r; | |
282 | ||
283 | assert(path); | |
284 | ||
fc5bc384 FB |
285 | /* Disable the swap auto logic if at least one swap is defined in /etc/fstab, see #6192. */ |
286 | r = fstab_has_fstype("swap"); | |
287 | if (r < 0) | |
288 | return log_error_errno(r, "Failed to parse fstab: %m"); | |
1a680ae3 | 289 | if (r > 0) { |
fc5bc384 FB |
290 | log_debug("swap specified in fstab, ignoring."); |
291 | return 0; | |
292 | } | |
293 | ||
59512f21 KS |
294 | log_debug("Adding swap: %s", path); |
295 | ||
296 | r = unit_name_from_path(path, ".swap", &name); | |
297 | if (r < 0) | |
298 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
299 | ||
657ee2d8 | 300 | unit = path_join(empty_to_root(arg_dest), name); |
59512f21 KS |
301 | if (!unit) |
302 | return log_oom(); | |
303 | ||
304 | f = fopen(unit, "wxe"); | |
305 | if (!f) | |
306 | return log_error_errno(errno, "Failed to create unit file %s: %m", unit); | |
307 | ||
308 | fprintf(f, | |
309 | "# Automatically generated by systemd-gpt-auto-generator\n\n" | |
310 | "[Unit]\n" | |
311 | "Description=Swap Partition\n" | |
312 | "Documentation=man:systemd-gpt-auto-generator(8)\n\n" | |
313 | "[Swap]\n" | |
314 | "What=%s\n", | |
315 | path); | |
316 | ||
dacd6cee LP |
317 | r = fflush_and_check(f); |
318 | if (r < 0) | |
319 | return log_error_errno(r, "Failed to write unit file %s: %m", unit); | |
59512f21 | 320 | |
9cdcf368 | 321 | return generator_add_symlink(arg_dest, SPECIAL_SWAP_TARGET, "wants", name); |
59512f21 KS |
322 | } |
323 | ||
7a1494aa TG |
324 | static int add_automount( |
325 | const char *id, | |
326 | const char *what, | |
327 | const char *where, | |
328 | const char *fstype, | |
329 | bool rw, | |
330 | const char *options, | |
331 | const char *description, | |
332 | usec_t timeout) { | |
333 | ||
9cdcf368 | 334 | _cleanup_free_ char *unit = NULL; |
7a1494aa | 335 | _cleanup_fclose_ FILE *f = NULL; |
2aa2860b | 336 | const char *opt = "noauto", *p; |
7a1494aa TG |
337 | int r; |
338 | ||
339 | assert(id); | |
340 | assert(where); | |
341 | assert(description); | |
342 | ||
343 | if (options) | |
2aa2860b | 344 | opt = strjoina(options, ",", opt); |
7a1494aa TG |
345 | |
346 | r = add_mount(id, | |
347 | what, | |
348 | where, | |
349 | fstype, | |
350 | rw, | |
351 | opt, | |
352 | description, | |
353 | NULL); | |
354 | if (r < 0) | |
355 | return r; | |
356 | ||
357 | r = unit_name_from_path(where, ".automount", &unit); | |
358 | if (r < 0) | |
359 | return log_error_errno(r, "Failed to generate unit name: %m"); | |
360 | ||
270384b2 | 361 | p = prefix_roota(arg_dest, unit); |
7a1494aa TG |
362 | f = fopen(p, "wxe"); |
363 | if (!f) | |
364 | return log_error_errno(errno, "Failed to create unit file %s: %m", unit); | |
365 | ||
366 | fprintf(f, | |
367 | "# Automatically generated by systemd-gpt-auto-generator\n\n" | |
368 | "[Unit]\n" | |
369 | "Description=%s\n" | |
370 | "Documentation=man:systemd-gpt-auto-generator(8)\n" | |
371 | "[Automount]\n" | |
372 | "Where=%s\n" | |
70887c5f | 373 | "TimeoutIdleSec="USEC_FMT"\n", |
7a1494aa TG |
374 | description, |
375 | where, | |
70887c5f | 376 | timeout / USEC_PER_SEC); |
7a1494aa TG |
377 | |
378 | r = fflush_and_check(f); | |
379 | if (r < 0) | |
380 | return log_error_errno(r, "Failed to write unit file %s: %m", p); | |
381 | ||
9cdcf368 | 382 | return generator_add_symlink(arg_dest, SPECIAL_LOCAL_FS_TARGET, "wants", unit); |
7a1494aa TG |
383 | } |
384 | ||
9f1cb0c1 LP |
385 | static int add_xbootldr(DissectedPartition *p) { |
386 | int r; | |
387 | ||
388 | assert(p); | |
389 | ||
390 | if (in_initrd()) { | |
391 | log_debug("In initrd, ignoring the XBOOTLDR partition."); | |
392 | return 0; | |
393 | } | |
394 | ||
395 | r = fstab_is_mount_point("/boot"); | |
396 | if (r < 0) | |
397 | return log_error_errno(r, "Failed to parse fstab: %m"); | |
398 | if (r > 0) { | |
399 | log_debug("/boot specified in fstab, ignoring XBOOTLDR partition."); | |
400 | return 0; | |
401 | } | |
402 | ||
403 | r = path_is_busy("/boot"); | |
404 | if (r < 0) | |
405 | return r; | |
406 | if (r > 0) | |
407 | return 0; | |
408 | ||
409 | return add_automount("boot", | |
410 | p->node, | |
411 | "/boot", | |
412 | p->fstype, | |
413 | true, | |
414 | "umask=0077", | |
415 | "Boot Loader Partition", | |
416 | 120 * USEC_PER_SEC); | |
417 | } | |
418 | ||
419 | #if ENABLE_EFI | |
420 | static int add_esp(DissectedPartition *p, bool has_xbootldr) { | |
421 | const char *esp_path = NULL, *id = NULL; | |
59512f21 KS |
422 | int r; |
423 | ||
72e18a98 | 424 | assert(p); |
59512f21 | 425 | |
59512f21 | 426 | if (in_initrd()) { |
b52a109a | 427 | log_debug("In initrd, ignoring the ESP."); |
59512f21 KS |
428 | return 0; |
429 | } | |
430 | ||
9f1cb0c1 LP |
431 | /* If /efi exists we'll use that. Otherwise we'll use /boot, as that's usually the better choice, but |
432 | * only if there's no explicit XBOOTLDR partition around. */ | |
433 | if (access("/efi", F_OK) < 0) { | |
434 | if (errno != ENOENT) | |
435 | return log_error_errno(errno, "Failed to determine whether /efi exists: %m"); | |
436 | ||
437 | /* Use /boot as fallback, but only if there's no XBOOTLDR partition */ | |
438 | if (!has_xbootldr) { | |
439 | esp_path = "/boot"; | |
440 | id = "boot"; | |
441 | } | |
442 | } | |
443 | if (!esp_path) | |
444 | esp_path = "/efi"; | |
445 | if (!id) | |
446 | id = "efi"; | |
59512f21 | 447 | |
0b6b6787 | 448 | /* We create an .automount which is not overridden by the .mount from the fstab generator. */ |
9f1cb0c1 | 449 | r = fstab_is_mount_point(esp_path); |
b9088048 FB |
450 | if (r < 0) |
451 | return log_error_errno(r, "Failed to parse fstab: %m"); | |
39b6a511 | 452 | if (r > 0) { |
9f1cb0c1 | 453 | log_debug("%s specified in fstab, ignoring.", esp_path); |
59512f21 KS |
454 | return 0; |
455 | } | |
456 | ||
9f1cb0c1 LP |
457 | r = path_is_busy(esp_path); |
458 | if (r < 0) | |
459 | return r; | |
460 | if (r > 0) | |
461 | return 0; | |
59512f21 | 462 | |
7ba25ab5 | 463 | if (is_efi_boot()) { |
72e18a98 | 464 | sd_id128_t loader_uuid; |
59512f21 | 465 | |
7ba25ab5 | 466 | /* If this is an EFI boot, be extra careful, and only mount the ESP if it was the ESP used for booting. */ |
59512f21 | 467 | |
7ba25ab5 LP |
468 | r = efi_loader_get_device_part_uuid(&loader_uuid); |
469 | if (r == -ENOENT) { | |
470 | log_debug("EFI loader partition unknown."); | |
471 | return 0; | |
472 | } | |
e28973ee ZJS |
473 | if (r < 0) |
474 | return log_error_errno(r, "Failed to read ESP partition UUID: %m"); | |
7ba25ab5 | 475 | |
72e18a98 | 476 | if (!sd_id128_equal(p->uuid, loader_uuid)) { |
9f1cb0c1 | 477 | log_debug("Partition for %s does not appear to be the partition we are booted from.", p->node); |
7ba25ab5 LP |
478 | return 0; |
479 | } | |
480 | } else | |
481 | log_debug("Not an EFI boot, skipping ESP check."); | |
482 | ||
9f1cb0c1 | 483 | return add_automount(id, |
72e18a98 | 484 | p->node, |
9f1cb0c1 | 485 | esp_path, |
72e18a98 LP |
486 | p->fstype, |
487 | true, | |
488 | "umask=0077", | |
489 | "EFI System Partition Automount", | |
490 | 120 * USEC_PER_SEC); | |
7a1494aa | 491 | } |
59512f21 | 492 | #else |
9f1cb0c1 | 493 | static int add_esp(DissectedPartition *p, bool has_xbootldr) { |
59512f21 | 494 | return 0; |
59512f21 | 495 | } |
7a1494aa | 496 | #endif |
59512f21 | 497 | |
fd89051e LP |
498 | static int add_root_rw(DissectedPartition *p) { |
499 | const char *path; | |
500 | int r; | |
501 | ||
502 | assert(p); | |
503 | ||
504 | if (in_initrd()) { | |
505 | log_debug("In initrd, not generating drop-in for systemd-remount-fs.service."); | |
506 | return 0; | |
507 | } | |
508 | ||
509 | if (arg_root_rw >= 0) { | |
510 | log_debug("Parameter ro/rw specified on kernel command line, not generating drop-in for systemd-remount-fs.service."); | |
511 | return 0; | |
512 | } | |
513 | ||
514 | if (!p->rw) { | |
515 | log_debug("Root partition marked read-only in GPT partition table, not generating drop-in for systemd-remount-fs.service."); | |
516 | return 0; | |
517 | } | |
518 | ||
9b69569d ZJS |
519 | (void) generator_enable_remount_fs_service(arg_dest); |
520 | ||
fd89051e | 521 | path = strjoina(arg_dest, "/systemd-remount-fs.service.d/50-remount-rw.conf"); |
fd89051e LP |
522 | |
523 | r = write_string_file(path, | |
524 | "# Automatically generated by systemd-gpt-generator\n\n" | |
fd89051e LP |
525 | "[Service]\n" |
526 | "Environment=SYSTEMD_REMOUNT_ROOT_RW=1\n", | |
e82e549f | 527 | WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_NOFOLLOW|WRITE_STRING_FILE_MKDIR_0755); |
fd89051e LP |
528 | if (r < 0) |
529 | return log_error_errno(r, "Failed to write drop-in file %s: %m", path); | |
530 | ||
531 | return 0; | |
532 | } | |
533 | ||
46c82d49 | 534 | static int open_parent_devno(dev_t devnum, int *ret) { |
85624f01 | 535 | _cleanup_(sd_device_unrefp) sd_device *d = NULL; |
72e18a98 | 536 | const char *name, *devtype, *node; |
85624f01 | 537 | sd_device *parent; |
61331eab | 538 | dev_t pn; |
85624f01 | 539 | int fd, r; |
72e18a98 LP |
540 | |
541 | assert(ret); | |
1a14a53c | 542 | |
85624f01 YW |
543 | r = sd_device_new_from_devnum(&d, 'b', devnum); |
544 | if (r < 0) | |
545 | return log_debug_errno(r, "Failed to open device: %m"); | |
1a14a53c | 546 | |
85624f01 YW |
547 | if (sd_device_get_devname(d, &name) < 0) { |
548 | r = sd_device_get_syspath(d, &name); | |
549 | if (r < 0) { | |
133432cc | 550 | log_device_debug_errno(d, r, "Device %u:%u does not have a name, ignoring: %m", major(devnum), minor(devnum)); |
8090b41e | 551 | return 0; |
85624f01 | 552 | } |
d2a62382 ZJS |
553 | } |
554 | ||
85624f01 YW |
555 | r = sd_device_get_parent(d, &parent); |
556 | if (r < 0) { | |
133432cc | 557 | log_device_debug_errno(d, r, "Not a partitioned device, ignoring: %m"); |
8090b41e | 558 | return 0; |
fa041593 | 559 | } |
1a14a53c | 560 | |
61331eab | 561 | /* Does it have a devtype? */ |
85624f01 YW |
562 | r = sd_device_get_devtype(parent, &devtype); |
563 | if (r < 0) { | |
133432cc | 564 | log_device_debug_errno(parent, r, "Parent doesn't have a device type, ignoring: %m"); |
8090b41e | 565 | return 0; |
fa041593 | 566 | } |
61331eab LP |
567 | |
568 | /* Is this a disk or a partition? We only care for disks... */ | |
fa041593 | 569 | if (!streq(devtype, "disk")) { |
133432cc | 570 | log_device_debug(parent, "Parent isn't a raw disk, ignoring."); |
8090b41e | 571 | return 0; |
fa041593 | 572 | } |
61331eab LP |
573 | |
574 | /* Does it have a device node? */ | |
85624f01 YW |
575 | r = sd_device_get_devname(parent, &node); |
576 | if (r < 0) { | |
133432cc | 577 | log_device_debug_errno(parent, r, "Parent device does not have device node, ignoring: %m"); |
8090b41e | 578 | return 0; |
fa041593 | 579 | } |
61331eab | 580 | |
133432cc | 581 | log_device_debug(d, "Root device %s.", node); |
61331eab | 582 | |
85624f01 YW |
583 | r = sd_device_get_devnum(parent, &pn); |
584 | if (r < 0) { | |
133432cc | 585 | log_device_debug_errno(parent, r, "Parent device is not a proper block device, ignoring: %m"); |
8090b41e | 586 | return 0; |
61331eab LP |
587 | } |
588 | ||
72e18a98 LP |
589 | fd = open(node, O_RDONLY|O_CLOEXEC|O_NOCTTY); |
590 | if (fd < 0) | |
591 | return log_error_errno(errno, "Failed to open %s: %m", node); | |
61331eab | 592 | |
72e18a98 LP |
593 | *ret = fd; |
594 | return 1; | |
72e18a98 | 595 | } |
cb971249 | 596 | |
72e18a98 | 597 | static int enumerate_partitions(dev_t devnum) { |
72e18a98 LP |
598 | _cleanup_close_ int fd = -1; |
599 | _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL; | |
600 | int r, k; | |
61331eab | 601 | |
46c82d49 | 602 | r = open_parent_devno(devnum, &fd); |
72e18a98 LP |
603 | if (r <= 0) |
604 | return r; | |
61331eab | 605 | |
052eaf5c | 606 | r = dissect_image(fd, NULL, 0, DISSECT_IMAGE_GPT_ONLY|DISSECT_IMAGE_NO_UDEV, &m); |
72e18a98 LP |
607 | if (r == -ENOPKG) { |
608 | log_debug_errno(r, "No suitable partition table found, ignoring."); | |
609 | return 0; | |
61331eab | 610 | } |
23bbb0de | 611 | if (r < 0) |
72e18a98 | 612 | return log_error_errno(r, "Failed to dissect: %m"); |
0238d4c6 | 613 | |
72e18a98 LP |
614 | if (m->partitions[PARTITION_SWAP].found) { |
615 | k = add_swap(m->partitions[PARTITION_SWAP].node); | |
616 | if (k < 0) | |
617 | r = k; | |
1a14a53c LP |
618 | } |
619 | ||
9f1cb0c1 LP |
620 | if (m->partitions[PARTITION_XBOOTLDR].found) { |
621 | k = add_xbootldr(m->partitions + PARTITION_XBOOTLDR); | |
622 | if (k < 0) | |
623 | r = k; | |
624 | } | |
625 | ||
72e18a98 | 626 | if (m->partitions[PARTITION_ESP].found) { |
9f1cb0c1 | 627 | k = add_esp(m->partitions + PARTITION_ESP, m->partitions[PARTITION_XBOOTLDR].found); |
59512f21 KS |
628 | if (k < 0) |
629 | r = k; | |
630 | } | |
631 | ||
72e18a98 LP |
632 | if (m->partitions[PARTITION_HOME].found) { |
633 | k = add_partition_mount(m->partitions + PARTITION_HOME, "home", "/home", "Home Partition"); | |
73b80ec2 LP |
634 | if (k < 0) |
635 | r = k; | |
636 | } | |
e48fdd84 | 637 | |
72e18a98 LP |
638 | if (m->partitions[PARTITION_SRV].found) { |
639 | k = add_partition_mount(m->partitions + PARTITION_SRV, "srv", "/srv", "Server Data Partition"); | |
73b80ec2 LP |
640 | if (k < 0) |
641 | r = k; | |
642 | } | |
1a14a53c | 643 | |
fd89051e LP |
644 | if (m->partitions[PARTITION_ROOT].found) { |
645 | k = add_root_rw(m->partitions + PARTITION_ROOT); | |
646 | if (k < 0) | |
647 | r = k; | |
648 | } | |
649 | ||
1a14a53c LP |
650 | return r; |
651 | } | |
652 | ||
96287a49 | 653 | static int parse_proc_cmdline_item(const char *key, const char *value, void *data) { |
73b80ec2 | 654 | int r; |
1a14a53c | 655 | |
73b80ec2 | 656 | assert(key); |
1a14a53c | 657 | |
8a9c44ed LP |
658 | if (proc_cmdline_key_streq(key, "systemd.gpt_auto") || |
659 | proc_cmdline_key_streq(key, "rd.systemd.gpt_auto")) { | |
1a14a53c | 660 | |
1d84ad94 | 661 | r = value ? parse_boolean(value) : 1; |
73b80ec2 | 662 | if (r < 0) |
0a1b9449 | 663 | log_warning_errno(r, "Failed to parse gpt-auto switch \"%s\", ignoring: %m", value); |
8086ffac ZJS |
664 | else |
665 | arg_enabled = r; | |
1a14a53c | 666 | |
8a9c44ed | 667 | } else if (proc_cmdline_key_streq(key, "root")) { |
1d84ad94 LP |
668 | |
669 | if (proc_cmdline_value_missing(key, value)) | |
670 | return 0; | |
73b80ec2 LP |
671 | |
672 | /* Disable root disk logic if there's a root= value | |
673 | * specified (unless it happens to be "gpt-auto") */ | |
674 | ||
675 | arg_root_enabled = streq(value, "gpt-auto"); | |
676 | ||
8a9c44ed | 677 | } else if (proc_cmdline_key_streq(key, "roothash")) { |
2f3dfc6f LP |
678 | |
679 | if (proc_cmdline_value_missing(key, value)) | |
680 | return 0; | |
681 | ||
682 | /* Disable root disk logic if there's roothash= defined (i.e. verity enabled) */ | |
683 | ||
684 | arg_root_enabled = false; | |
685 | ||
8a9c44ed | 686 | } else if (proc_cmdline_key_streq(key, "rw") && !value) |
73b80ec2 | 687 | arg_root_rw = true; |
8a9c44ed | 688 | else if (proc_cmdline_key_streq(key, "ro") && !value) |
73b80ec2 | 689 | arg_root_rw = false; |
73b80ec2 LP |
690 | |
691 | return 0; | |
692 | } | |
693 | ||
349cc4a5 | 694 | #if ENABLE_EFI |
01af8c01 LP |
695 | static int add_root_cryptsetup(void) { |
696 | ||
697 | /* If a device /dev/gpt-auto-root-luks appears, then make it pull in systemd-cryptsetup-root.service, which | |
698 | * sets it up, and causes /dev/gpt-auto-root to appear which is all we are looking for. */ | |
699 | ||
700 | return add_cryptsetup("root", "/dev/gpt-auto-root-luks", true, false, NULL); | |
701 | } | |
702 | #endif | |
703 | ||
73b80ec2 LP |
704 | static int add_root_mount(void) { |
705 | ||
349cc4a5 | 706 | #if ENABLE_EFI |
73b80ec2 LP |
707 | int r; |
708 | ||
709 | if (!is_efi_boot()) { | |
710 | log_debug("Not a EFI boot, not creating root mount."); | |
711 | return 0; | |
9a5cb137 ZJS |
712 | } |
713 | ||
73b80ec2 LP |
714 | r = efi_loader_get_device_part_uuid(NULL); |
715 | if (r == -ENOENT) { | |
716 | log_debug("EFI loader partition unknown, exiting."); | |
717 | return 0; | |
23bbb0de MS |
718 | } else if (r < 0) |
719 | return log_error_errno(r, "Failed to read ESP partition UUID: %m"); | |
1a14a53c | 720 | |
73b80ec2 LP |
721 | /* OK, we have an ESP partition, this is fantastic, so let's |
722 | * wait for a root device to show up. A udev rule will create | |
723 | * the link for us under the right name. */ | |
724 | ||
7163e1ca DD |
725 | if (in_initrd()) { |
726 | r = generator_write_initrd_root_device_deps(arg_dest, "/dev/gpt-auto-root"); | |
727 | if (r < 0) | |
728 | return 0; | |
01af8c01 LP |
729 | |
730 | r = add_root_cryptsetup(); | |
731 | if (r < 0) | |
732 | return r; | |
7163e1ca DD |
733 | } |
734 | ||
9b69569d ZJS |
735 | /* Note that we do not need to enable systemd-remount-fs.service here. If |
736 | * /etc/fstab exists, systemd-fstab-generator will pull it in for us. */ | |
737 | ||
73b80ec2 LP |
738 | return add_mount( |
739 | "root", | |
98b2f766 | 740 | "/dev/gpt-auto-root", |
73b80ec2 LP |
741 | in_initrd() ? "/sysroot" : "/", |
742 | NULL, | |
c94b2417 | 743 | arg_root_rw > 0, |
59512f21 | 744 | NULL, |
73b80ec2 LP |
745 | "Root Partition", |
746 | in_initrd() ? SPECIAL_INITRD_ROOT_FS_TARGET : SPECIAL_LOCAL_FS_TARGET); | |
747 | #else | |
748 | return 0; | |
749 | #endif | |
750 | } | |
751 | ||
752 | static int add_mounts(void) { | |
73b80ec2 LP |
753 | dev_t devno; |
754 | int r; | |
755 | ||
c6ba0c18 | 756 | r = get_block_device_harder("/", &devno); |
23bbb0de MS |
757 | if (r < 0) |
758 | return log_error_errno(r, "Failed to determine block device of root file system: %m"); | |
57ab9f89 | 759 | if (r == 0) { |
c6ba0c18 | 760 | r = get_block_device_harder("/usr", &devno); |
eafe88e3 TH |
761 | if (r < 0) |
762 | return log_error_errno(r, "Failed to determine block device of /usr file system: %m"); | |
57ab9f89 | 763 | if (r == 0) { |
2bef2582 LP |
764 | _cleanup_free_ char *p = NULL; |
765 | mode_t m; | |
766 | ||
767 | /* If the root mount has been replaced by some form of volatile file system (overlayfs), the | |
768 | * original root block device node is symlinked in /run/systemd/volatile-root. Let's read that | |
769 | * here. */ | |
770 | r = readlink_malloc("/run/systemd/volatile-root", &p); | |
771 | if (r == -ENOENT) { | |
772 | log_debug("Neither root nor /usr file system are on a (single) block device."); | |
773 | return 0; | |
774 | } | |
775 | if (r < 0) | |
776 | return log_error_errno(r, "Failed to read symlink /run/systemd/volatile-root: %m"); | |
777 | ||
778 | r = device_path_parse_major_minor(p, &m, &devno); | |
779 | if (r < 0) | |
780 | return log_error_errno(r, "Failed to parse major/minor device node: %m"); | |
781 | if (!S_ISBLK(m)) | |
782 | return log_error_errno(SYNTHETIC_ERRNO(ENOTBLK), "Volatile root device is of wrong type."); | |
eafe88e3 | 783 | } |
3db604b9 LP |
784 | } |
785 | ||
61331eab | 786 | return enumerate_partitions(devno); |
73b80ec2 LP |
787 | } |
788 | ||
ec6e9597 | 789 | static int run(const char *dest, const char *dest_early, const char *dest_late) { |
8f50e86a | 790 | int r, k; |
73b80ec2 | 791 | |
ec6e9597 | 792 | assert_se(arg_dest = dest_late); |
73b80ec2 | 793 | |
75f86906 | 794 | if (detect_container() > 0) { |
73b80ec2 | 795 | log_debug("In a container, exiting."); |
ec6e9597 | 796 | return 0; |
1a14a53c | 797 | } |
3db604b9 | 798 | |
1d84ad94 | 799 | r = proc_cmdline_parse(parse_proc_cmdline_item, NULL, 0); |
b5884878 | 800 | if (r < 0) |
da927ba9 | 801 | log_warning_errno(r, "Failed to parse kernel command line, ignoring: %m"); |
1a14a53c | 802 | |
73b80ec2 LP |
803 | if (!arg_enabled) { |
804 | log_debug("Disabled, exiting."); | |
ec6e9597 | 805 | return 0; |
73b80ec2 LP |
806 | } |
807 | ||
808 | if (arg_root_enabled) | |
809 | r = add_root_mount(); | |
810 | ||
811 | if (!in_initrd()) { | |
73b80ec2 | 812 | k = add_mounts(); |
ec6e9597 | 813 | if (r >= 0) |
73b80ec2 LP |
814 | r = k; |
815 | } | |
816 | ||
ec6e9597 | 817 | return r; |
1a14a53c | 818 | } |
ec6e9597 ZJS |
819 | |
820 | DEFINE_MAIN_GENERATOR_FUNCTION(run); |