[thirdparty/systemd.git] / src / veritysetup / veritysetup.c

/* SPDX-License-Identifier: LGPL-2.1+ */

#include <errno.h>
#include <stdio.h>
#include <sys/stat.h>

#include "alloc-util.h"
#include "crypt-util.h"
#include "hexdecoct.h"
#include "log.h"
#include "main-func.h"
#include "pretty-print.h"
#include "string-util.h"
#include "terminal-util.h"

static char *arg_root_hash = NULL;
static char *arg_data_what = NULL;
static char *arg_hash_what = NULL;

STATIC_DESTRUCTOR_REGISTER(arg_root_hash, freep);
STATIC_DESTRUCTOR_REGISTER(arg_data_what, freep);
STATIC_DESTRUCTOR_REGISTER(arg_hash_what, freep);

static int help(void) {
        _cleanup_free_ char *link = NULL;
        int r;

        r = terminal_urlify_man("systemd-veritysetup@.service", "8", &link);
        if (r < 0)
                return log_oom();

        printf("%s attach VOLUME DATADEVICE HASHDEVICE ROOTHASH\n"
               "%s detach VOLUME\n\n"
               "Attaches or detaches an integrity protected block device.\n"
               "\nSee the %s for details.\n"
               , program_invocation_short_name
               , program_invocation_short_name
               , link
        );

        return 0;
}

static int run(int argc, char *argv[]) {
        _cleanup_(crypt_freep) struct crypt_device *cd = NULL;
        int r;

        if (argc <= 1)
                return help();

        if (argc < 3)
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "This program requires at least two arguments.");

        log_setup_service();

        umask(0022);

        if (streq(argv[1], "attach")) {
                _cleanup_free_ void *m = NULL;
                crypt_status_info status;
                size_t l;

                if (argc < 6)
                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "attach requires at least two arguments.");

                r = unhexmem(argv[5], strlen(argv[5]), &m, &l);
                if (r < 0)
                        return log_error_errno(r, "Failed to parse root hash: %m");

                r = crypt_init(&cd, argv[4]);
                if (r < 0)
                        return log_error_errno(r, "Failed to open verity device %s: %m", argv[4]);

                crypt_set_log_callback(cd, cryptsetup_log_glue, NULL);

                status = crypt_status(cd, argv[2]);
                if (IN_SET(status, CRYPT_ACTIVE, CRYPT_BUSY)) {
                        log_info("Volume %s already active.", argv[2]);
                        return 0;
                }

                r = crypt_load(cd, CRYPT_VERITY, NULL);
                if (r < 0)
                        return log_error_errno(r, "Failed to load verity superblock: %m");

                r = crypt_set_data_device(cd, argv[3]);
                if (r < 0)
                        return log_error_errno(r, "Failed to configure data device: %m");

                r = crypt_activate_by_volume_key(cd, argv[2], m, l, CRYPT_ACTIVATE_READONLY);
                if (r < 0)
                        return log_error_errno(r, "Failed to set up verity device: %m");

        } else if (streq(argv[1], "detach")) {

                r = crypt_init_by_name(&cd, argv[2]);
                if (r == -ENODEV) {
                        log_info("Volume %s already inactive.", argv[2]);
                        return 0;
                }
                if (r < 0)
                        return log_error_errno(r, "crypt_init_by_name() failed: %m");

                crypt_set_log_callback(cd, cryptsetup_log_glue, NULL);

                r = crypt_deactivate(cd, argv[2]);
                if (r < 0)
                        return log_error_errno(r, "Failed to deactivate: %m");

        } else
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unknown verb %s.", argv[1]);

        return 0;
}

DEFINE_MAIN_FUNCTION(run);
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
2f3dfc6f	2
dccca82b	3	#include <errno.h>
2f3dfc6f LP	4	#include <stdio.h>
	5	#include <sys/stat.h>
	6
dccca82b	7	#include "alloc-util.h"
294bd454	8	#include "crypt-util.h"
2f3dfc6f	9	#include "hexdecoct.h"
dccca82b	10	#include "log.h"
6b9306b2	11	#include "main-func.h"
294bf0c3	12	#include "pretty-print.h"
2f3dfc6f	13	#include "string-util.h"
37ec0fdd	14	#include "terminal-util.h"
2f3dfc6f LP	15
	16	static char *arg_root_hash = NULL;
	17	static char *arg_data_what = NULL;
	18	static char *arg_hash_what = NULL;
	19
6b9306b2 YW	20	STATIC_DESTRUCTOR_REGISTER(arg_root_hash, freep);
	21	STATIC_DESTRUCTOR_REGISTER(arg_data_what, freep);
	22	STATIC_DESTRUCTOR_REGISTER(arg_hash_what, freep);
	23
2f3dfc6f	24	static int help(void) {
37ec0fdd LP	25	_cleanup_free_ char *link = NULL;
	26	int r;
	27
	28	r = terminal_urlify_man("systemd-veritysetup@.service", "8", &link);
	29	if (r < 0)
	30	return log_oom();
	31
2f3dfc6f LP	32	printf("%s attach VOLUME DATADEVICE HASHDEVICE ROOTHASH\n"
2f3dfc6f LP	33	"%s detach VOLUME\n\n"
37ec0fdd LP	34	"Attaches or detaches an integrity protected block device.\n"
	35	"\nSee the %s for details.\n"
	36	, program_invocation_short_name
	37	, program_invocation_short_name
	38	, link
	39	);
2f3dfc6f LP	40
	41	return 0;
	42	}
	43
6b9306b2	44	static int run(int argc, char *argv[]) {
294bd454	45	_cleanup_(crypt_freep) struct crypt_device *cd = NULL;
2f3dfc6f LP	46	int r;
2f3dfc6f LP	47
6b9306b2 YW	48	if (argc <= 1)
6b9306b2 YW	49	return help();
2f3dfc6f	50
6b9306b2 YW	51	if (argc < 3)
6b9306b2 YW	52	return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "This program requires at least two arguments.");
2f3dfc6f	53
6bf3c61c	54	log_setup_service();
2f3dfc6f LP	55
	56	umask(0022);
	57
	58	if (streq(argv[1], "attach")) {
	59	_cleanup_free_ void *m = NULL;
	60	crypt_status_info status;
	61	size_t l;
	62
6b9306b2 YW	63	if (argc < 6)
6b9306b2 YW	64	return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "attach requires at least two arguments.");
2f3dfc6f LP	65
2f3dfc6f LP	66	r = unhexmem(argv[5], strlen(argv[5]), &m, &l);
6b9306b2 YW	67	if (r < 0)
6b9306b2 YW	68	return log_error_errno(r, "Failed to parse root hash: %m");
2f3dfc6f LP	69
2f3dfc6f LP	70	r = crypt_init(&cd, argv[4]);
6b9306b2 YW	71	if (r < 0)
6b9306b2 YW	72	return log_error_errno(r, "Failed to open verity device %s: %m", argv[4]);
2f3dfc6f	73
691c2e2e	74	crypt_set_log_callback(cd, cryptsetup_log_glue, NULL);
2f3dfc6f LP	75
2f3dfc6f LP	76	status = crypt_status(cd, argv[2]);
3742095b	77	if (IN_SET(status, CRYPT_ACTIVE, CRYPT_BUSY)) {
2f3dfc6f	78	log_info("Volume %s already active.", argv[2]);
6b9306b2	79	return 0;
2f3dfc6f LP	80	}
	81
	82	r = crypt_load(cd, CRYPT_VERITY, NULL);
6b9306b2 YW	83	if (r < 0)
6b9306b2 YW	84	return log_error_errno(r, "Failed to load verity superblock: %m");
2f3dfc6f LP	85
2f3dfc6f LP	86	r = crypt_set_data_device(cd, argv[3]);
6b9306b2 YW	87	if (r < 0)
6b9306b2 YW	88	return log_error_errno(r, "Failed to configure data device: %m");
2f3dfc6f LP	89
2f3dfc6f LP	90	r = crypt_activate_by_volume_key(cd, argv[2], m, l, CRYPT_ACTIVATE_READONLY);
6b9306b2 YW	91	if (r < 0)
6b9306b2 YW	92	return log_error_errno(r, "Failed to set up verity device: %m");
2f3dfc6f LP	93
	94	} else if (streq(argv[1], "detach")) {
	95
	96	r = crypt_init_by_name(&cd, argv[2]);
	97	if (r == -ENODEV) {
	98	log_info("Volume %s already inactive.", argv[2]);
6b9306b2	99	return 0;
2f3dfc6f	100	}
6b9306b2 YW	101	if (r < 0)
6b9306b2 YW	102	return log_error_errno(r, "crypt_init_by_name() failed: %m");
2f3dfc6f	103
691c2e2e	104	crypt_set_log_callback(cd, cryptsetup_log_glue, NULL);
2f3dfc6f LP	105
2f3dfc6f LP	106	r = crypt_deactivate(cd, argv[2]);
6b9306b2 YW	107	if (r < 0)
6b9306b2 YW	108	return log_error_errno(r, "Failed to deactivate: %m");
2f3dfc6f	109
6b9306b2 YW	110	} else
6b9306b2 YW	111	return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unknown verb %s.", argv[1]);
2f3dfc6f	112
6b9306b2	113	return 0;
2f3dfc6f	114	}
6b9306b2 YW	115
6b9306b2 YW	116	DEFINE_MAIN_FUNCTION(run);