From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 21 Oct 2020 08:41:11 +0000 (+0200)
Subject: Merge pull request #16444 from oniko/luks-detached-header
X-Git-Tag: v247-rc1~33
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=aa5502bb336fdc4546e564c60d36b3d4e7909bc7;p=thirdparty%2Fsystemd.git

Merge pull request #16444 from oniko/luks-detached-header

Add support for detached LUKS header on kernel cmd line
---

aa5502bb336fdc4546e564c60d36b3d4e7909bc7
diff --cc src/cryptsetup/cryptsetup-generator.c
index bfd71cd595c,cd40cb42084..df589ec3e4a
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@@ -385,8 -404,58 +404,57 @@@ static int create_disk
                                  umount_unit,
                                  umount_unit
                          );
 -                }
          }
  
+         if (headerdev) {
+                 _cleanup_free_ char *unit = NULL, *umount_unit = NULL, *p = NULL;
+ 
+                 r = generate_device_mount(
+                         name,
+                         headerdev,
+                         "headerdev",
+                         NULL,
+                         /* canfail=  */ false, /* header is always necessary */
+                         /* readonly= */ false, /* LUKS2 recovery requires rw header access */
+                         &unit,
+                         &headerdev_mount);
+                 if (r < 0)
+                         return log_error_errno(r, "Failed to generate header device mount unit: %m");
+ 
+                 r = generate_device_umount(name, headerdev_mount, "headerdev", &umount_unit);
+                 if (r < 0)
+                         return log_error_errno(r, "Failed to generate header device umount unit: %m");
+ 
+                 p = path_join(headerdev_mount, header_path);
+                 if (!p)
+                         return log_oom();
+ 
+                 free_and_replace(header_path, p);
+ 
+                 if (isempty(filtered_header))
+                         p = strjoin("header=", header_path);
+                 else
+                         p = strjoin(filtered_header, ",header=", header_path);
+ 
+                 if (!p)
+                         return log_oom();
+ 
+                 free_and_replace(filtered_header, p);
+                 options = filtered_header;
+ 
+                 fprintf(f, "After=%s\n"
+                            "Requires=%s\n", unit, unit);
+ 
+                 if (umount_unit) {
+                         fprintf(f,
+                                 "Wants=%s\n"
+                                 "Before=%s\n",
+                                 umount_unit,
+                                 umount_unit
+                         );
+                 }
+         }
+ 
          if (!nofail)
                  fprintf(f,
                          "Before=%s\n",
@@@ -633,8 -783,14 +781,9 @@@ static int add_crypttab_devices(void) 
                  return 0;
          }
  
 -        if (fstat(fileno(f), &st) < 0) {
 -                log_error_errno(errno, "Failed to stat %s: %m", arg_crypttab);
 -                return 0;
 -        }
 -
          for (;;) {
-                 _cleanup_free_ char *line = NULL, *name = NULL, *device = NULL, *keyspec = NULL, *options = NULL, *keyfile = NULL, *keydev = NULL;
+                 _cleanup_free_ char *line = NULL, *name = NULL, *device = NULL, *keyspec = NULL, *options = NULL,
+                                     *keyfile = NULL, *keydev = NULL, *headerdev = NULL, *filtered_header = NULL;
                  crypto_device *d = NULL;
                  char *l, *uuid;
                  int k;