From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 8 Oct 2021 16:26:12 +0000 (+0200)
Subject: cryptsetup: optionally turn off token module support in libcryptsetup
X-Git-Tag: v250-rc1~535^2~6
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=64c590fb06ff9089eef4ebee36047e0762ea4f50;p=thirdparty%2Fsystemd.git

cryptsetup: optionally turn off token module support in libcryptsetup

This is useful for debugging purposes.
---

diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index f23e671e8e7..43c6bf529f8 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -18,6 +18,7 @@
 #include "cryptsetup-util.h"
 #include "device-util.h"
 #include "efi-loader.h"
+#include "env-util.h"
 #include "escape.h"
 #include "fileio.h"
 #include "fs-util.h"
@@ -738,7 +739,16 @@ static int make_security_device_monitor(sd_event *event, sd_device_monitor **ret
 
 static bool libcryptsetup_plugins_support(void) {
 #if HAVE_LIBCRYPTSETUP_PLUGINS
-        return crypt_token_external_path() != NULL;
+        int r;
+
+        /* Permit a way to disable libcryptsetup token module support, for debugging purposes. */
+        r = getenv_bool("SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE");
+        if (r < 0 && r != -ENXIO)
+                log_debug_errno(r, "Failed to parse $SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE env var: %m");
+        if (r == 0)
+                return false;
+
+        return crypt_token_external_path();
 #else
         return false;
 #endif