1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
28 #include "unit-name.h"
34 static const char *arg_dest = "/tmp";
35 static bool arg_enabled = true;
36 static bool arg_read_crypttab = true;
37 static char **arg_proc_cmdline_disks = NULL;
39 static bool has_option(const char *haystack, const char *needle) {
40 const char *f = haystack;
50 while ((f = strstr(f, needle))) {
52 if (f > haystack && f[-1] != ',') {
57 if (f[l] != 0 && f[l] != ',') {
68 static int create_disk(
72 const char *options) {
74 char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *from = NULL, *to = NULL, *e = NULL;
82 noauto = has_option(options, "noauto");
83 nofail = has_option(options, "nofail");
85 n = unit_name_from_path_instance("systemd-cryptsetup", name, ".service");
91 p = strjoin(arg_dest, "/", n, NULL);
97 u = fstab_node_to_udev_node(device);
103 d = unit_name_from_path(u, ".device");
112 log_error("Failed to create unit file %s: %m", p);
117 "# Automatically generated by systemd-cryptsetup-generator\n\n"
119 "Description=Cryptography Setup for %%I\n"
120 "Documentation=man:systemd-cryptsetup@.service(8) man:crypttab(5)\n"
121 "SourcePath=/etc/crypttab\n"
122 "Conflicts=umount.target\n"
123 "DefaultDependencies=no\n"
124 "BindsTo=%s dev-mapper-%%i.device\n"
125 "After=systemd-readahead-collect.service systemd-readahead-replay.service %s\n"
126 "Before=umount.target\n",
131 "Before=cryptsetup.target\n");
133 if (password && (streq(password, "/dev/urandom") ||
134 streq(password, "/dev/random") ||
135 streq(password, "/dev/hw_random")))
136 fputs("After=systemd-random-seed-load.service\n", f);
138 fputs("Before=local-fs.target\n", f);
143 "RemainAfterExit=yes\n"
144 "TimeoutSec=0\n" /* the binary handles timeouts anyway */
145 "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
146 "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
147 name, u, strempty(password), strempty(options),
150 if (has_option(options, "tmp"))
152 "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
155 if (has_option(options, "swap"))
157 "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
164 log_error("Failed to write file %s: %m", p);
168 if (asprintf(&from, "../%s", n) < 0) {
175 to = strjoin(arg_dest, "/", d, ".wants/", n, NULL);
181 mkdir_parents_label(to, 0755);
182 if (symlink(from, to) < 0) {
183 log_error("Failed to create symlink '%s' to '%s': %m", from, to);
191 to = strjoin(arg_dest, "/cryptsetup.target.requires/", n, NULL);
193 to = strjoin(arg_dest, "/cryptsetup.target.wants/", n, NULL);
199 mkdir_parents_label(to, 0755);
200 if (symlink(from, to) < 0) {
201 log_error("Failed to create symlink '%s' to '%s': %m", from, to);
210 e = unit_name_escape(name);
211 to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n, NULL);
217 mkdir_parents_label(to, 0755);
218 if (symlink(from, to) < 0) {
219 log_error("Failed to create symlink '%s' to '%s': %m", from, to);
241 static int parse_proc_cmdline(void) {
242 char *line, *w, *state;
246 if (detect_container(NULL) > 0)
249 r = read_one_line_file("/proc/cmdline", &line);
251 log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
255 FOREACH_WORD_QUOTED(w, l, line, state) {
258 word = strndup(w, l);
264 if (startswith(word, "luks=")) {
265 r = parse_boolean(word + 5);
267 log_warning("Failed to parse luks switch %s. Ignoring.", word + 5);
271 } else if (startswith(word, "rd.luks=")) {
274 r = parse_boolean(word + 8);
276 log_warning("Failed to parse luks switch %s. Ignoring.", word + 8);
281 } else if (startswith(word, "luks.crypttab=")) {
282 r = parse_boolean(word + 14);
284 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", word + 14);
286 arg_read_crypttab = r;
288 } else if (startswith(word, "rd.luks.crypttab=")) {
291 r = parse_boolean(word + 17);
293 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", word + 17);
295 arg_read_crypttab = r;
298 } else if (startswith(word, "luks.uuid=")) {
301 t = strv_append(arg_proc_cmdline_disks, word + 10);
306 strv_free(arg_proc_cmdline_disks);
307 arg_proc_cmdline_disks = t;
309 } else if (startswith(word, "rd.luks.uuid=")) {
314 t = strv_append(arg_proc_cmdline_disks, word + 13);
319 strv_free(arg_proc_cmdline_disks);
320 arg_proc_cmdline_disks = t;
323 } else if (startswith(word, "luks.") ||
324 (in_initrd() && startswith(word, "rd.luks."))) {
326 log_warning("Unknown kernel switch %s. Ignoring.", word);
332 strv_uniq(arg_proc_cmdline_disks);
341 int main(int argc, char *argv[]) {
343 int r = EXIT_SUCCESS;
346 char **arg_proc_cmdline_disks_done = NULL;
348 if (argc > 1 && argc != 4) {
349 log_error("This program takes three or no arguments.");
356 log_set_target(LOG_TARGET_SAFE);
357 log_parse_environment();
362 if (parse_proc_cmdline() < 0)
370 if (arg_read_crypttab) {
371 f = fopen("/etc/crypttab", "re");
378 log_error("Failed to open /etc/crypttab: %m");
385 char line[LINE_MAX], *l;
386 char *name = NULL, *device = NULL, *password = NULL, *options = NULL;
389 if (!fgets(line, sizeof(line), f))
395 if (*l == '#' || *l == 0)
398 k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &password, &options);
399 if (k < 2 || k > 4) {
400 log_error("Failed to parse /etc/crypttab:%u, ignoring.", n);
405 if (arg_proc_cmdline_disks) {
407 If luks UUIDs are specified on the kernel command line, use them as a filter
408 for /etc/crypttab and only generate units for those.
410 STRV_FOREACH(i, arg_proc_cmdline_disks) {
411 char *proc_device, *proc_name;
414 if (startswith(p, "luks-"))
417 proc_name = strappend("luks-", p);
418 proc_device = strappend("UUID=", p);
420 if (!proc_name || !proc_device) {
427 if (streq(proc_device, device) || streq(proc_name, name)) {
430 if (create_disk(name, device, password, options) < 0)
433 t = strv_append(arg_proc_cmdline_disks_done, p);
438 strv_free(arg_proc_cmdline_disks_done);
439 arg_proc_cmdline_disks_done = t;
446 if (create_disk(name, device, password, options) < 0)
458 STRV_FOREACH(i, arg_proc_cmdline_disks) {
460 Generate units for those UUIDs, which were specified
461 on the kernel command line and not yet written.
467 if (startswith(p, "luks-"))
470 if (strv_contains(arg_proc_cmdline_disks_done, p))
473 name = strappend("luks-", p);
474 device = strappend("UUID=", p);
476 if (!name || !device) {
484 if (create_disk(name, device, NULL, "timeout=0") < 0)
495 strv_free(arg_proc_cmdline_disks);
496 strv_free(arg_proc_cmdline_disks_done);