gpt-auto-generator: support LUKS encrypted root partitions

Previously, we supported GPT auto-discovery for /home and /srv, but not
for the root partition. Add that, too.

Fixes: #859

diff --git a/rules/60-persistent-storage.rules b/rules/60-persistent-storage.rules
index 6f60ae9024e4bc2fa9089936a5b36f51a2ca4b17..28e41ea968528a99b3838f3788f2c90d4024f6fa 100644 (file)
--- a/rules/60-persistent-storage.rules
+++ b/rules/60-persistent-storage.rules
@@ -88,7 +88,4 @@ ENV{DEVTYPE}=="partition", ENV{ID_WWN_WITH_EXTENSION}=="?*", SYMLINK+="disk/by-i
 ENV{ID_PART_ENTRY_UUID}=="?*", SYMLINK+="disk/by-partuuid/$env{ID_PART_ENTRY_UUID}"
 ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}"
 
-# add symlink to GPT root disk
-ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_GPT_AUTO_ROOT}=="1", SYMLINK+="gpt-auto-root"
-
 LABEL="persistent_storage_end"

diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in
index ca52cf165b86ee3679afcbfba84204fa0d7930f9..98153bce0f72b9aca1b38668dcbc60562a19568b 100644 (file)
--- a/rules/99-systemd.rules.in
+++ b/rules/99-systemd.rules.in
@@ -17,6 +17,11 @@ SUBSYSTEM=="block", ACTION=="add", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", E
 # we are probably still calling mke2fs or mkswap on it.
 SUBSYSTEM=="block", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0"
 
+# add symlink to GPT root disk
+SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}!="crypto_LUKS", SYMLINK+="gpt-auto-root"
+SUBSYSTEM=="block", ENV{ID_PART_GPT_AUTO_ROOT}=="1", ENV{ID_FS_TYPE}=="crypto_LUKS", SYMLINK+="gpt-auto-root-luks"
+SUBSYSTEM=="block", ENV{DM_UUID}=="CRYPT-*", ENV{DM_NAME}=="root", SYMLINK+="gpt-auto-root"
+
 # Ignore raid devices that are not yet assembled and started
 SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", TEST!="md/array_state", ENV{SYSTEMD_READY}="0"
 SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", ATTR{md/array_state}=="|clear|inactive", ENV{SYSTEMD_READY}="0"

diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c
index f993c5d1e2504baff1ac587a4fd425e7267dadde..e506f395218ac0b6af9c112aec5d509ba1664bc0 100644 (file)
--- a/src/gpt-auto-generator/gpt-auto-generator.c
+++ b/src/gpt-auto-generator/gpt-auto-generator.c
@@ -54,7 +54,7 @@ static bool arg_enabled = true;
 static bool arg_root_enabled = true;
 static bool arg_root_rw = false;
 
-static int add_cryptsetup(const char *id, const char *what, bool rw, char **device) {
+static int add_cryptsetup(const char *id, const char *what, bool rw, bool require, char **device) {
         _cleanup_free_ char *e = NULL, *n = NULL, *p = NULL, *d = NULL, *to = NULL;
         _cleanup_fclose_ FILE *f = NULL;
         char *from, *ret;
@@ -62,7 +62,6 @@ static int add_cryptsetup(const char *id, const char *what, bool rw, char **devi
 
         assert(id);
         assert(what);
-        assert(device);
 
         r = unit_name_from_path(what, ".device", &d);
         if (r < 0)
@@ -119,23 +118,26 @@ static int add_cryptsetup(const char *id, const char *what, bool rw, char **devi
         if (symlink(from, to) < 0)
                 return log_error_errno(errno, "Failed to create symlink %s: %m", to);
 
-        free(to);
-        to = strjoin(arg_dest, "/cryptsetup.target.requires/", n);
-        if (!to)
-                return log_oom();
+        if (require) {
+                free(to);
 
-        mkdir_parents_label(to, 0755);
-        if (symlink(from, to) < 0)
-                return log_error_errno(errno, "Failed to create symlink %s: %m", to);
+                to = strjoin(arg_dest, "/cryptsetup.target.requires/", n);
+                if (!to)
+                        return log_oom();
 
-        free(to);
-        to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n);
-        if (!to)
-                return log_oom();
+                mkdir_parents_label(to, 0755);
+                if (symlink(from, to) < 0)
+                        return log_error_errno(errno, "Failed to create symlink %s: %m", to);
 
-        mkdir_parents_label(to, 0755);
-        if (symlink(from, to) < 0)
-                return log_error_errno(errno, "Failed to create symlink %s: %m", to);
+                free(to);
+                to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n);
+                if (!to)
+                        return log_oom();
+
+                mkdir_parents_label(to, 0755);
+                if (symlink(from, to) < 0)
+                        return log_error_errno(errno, "Failed to create symlink %s: %m", to);
+        }
 
         free(p);
         p = strjoin(arg_dest, "/dev-mapper-", e, ".device.d/50-job-timeout-sec-0.conf");
@@ -155,7 +157,8 @@ static int add_cryptsetup(const char *id, const char *what, bool rw, char **devi
         if (!ret)
                 return log_oom();
 
-        *device = ret;
+        if (device)
+                *device = ret;
         return 0;
 }
 
@@ -182,7 +185,7 @@ static int add_mount(
 
         if (streq_ptr(fstype, "crypto_LUKS")) {
 
-                r = add_cryptsetup(id, what, rw, &crypto_what);
+                r = add_cryptsetup(id, what, rw, true, &crypto_what);
                 if (r < 0)
                         return r;
 
@@ -938,6 +941,16 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
         return 0;
 }
 
+#ifdef ENABLE_EFI
+static int add_root_cryptsetup(void) {
+
+        /* If a device /dev/gpt-auto-root-luks appears, then make it pull in systemd-cryptsetup-root.service, which
+         * sets it up, and causes /dev/gpt-auto-root to appear which is all we are looking for. */
+
+        return add_cryptsetup("root", "/dev/gpt-auto-root-luks", true, false, NULL);
+}
+#endif
+
 static int add_root_mount(void) {
 
 #ifdef ENABLE_EFI
@@ -963,6 +976,10 @@ static int add_root_mount(void) {
                 r = generator_write_initrd_root_device_deps(arg_dest, "/dev/gpt-auto-root");
                 if (r < 0)
                         return 0;
+
+                r = add_root_cryptsetup();
+                if (r < 0)
+                        return r;
         }
 
         return add_mount(