1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
28 #include "unit-name.h"
32 #include "path-util.h"
34 #include "generator.h"
36 static const char *arg_dest = "/tmp";
37 static bool arg_enabled = true;
38 static bool arg_read_crypttab = true;
39 static char **arg_disks = NULL;
40 static char **arg_options = NULL;
41 static char *arg_keyfile = NULL;
43 static bool has_option(const char *haystack, const char *needle) {
44 const char *f = haystack;
54 while ((f = strstr(f, needle))) {
56 if (f > haystack && f[-1] != ',') {
61 if (f[l] != 0 && f[l] != ',') {
72 static int create_disk(
76 const char *options) {
78 _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL,
80 _cleanup_fclose_ FILE *f = NULL;
81 bool noauto, nofail, tmp, swap;
88 noauto = has_option(options, "noauto");
89 nofail = has_option(options, "nofail");
90 tmp = has_option(options, "tmp");
91 swap = has_option(options, "swap");
94 log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name);
98 e = unit_name_escape(name);
102 n = unit_name_build("systemd-cryptsetup", e, ".service");
106 p = strjoin(arg_dest, "/", n, NULL);
110 u = fstab_node_to_udev_node(device);
114 d = unit_name_from_path(u, ".device");
120 log_error_errno(errno, "Failed to create unit file %s: %m", p);
125 "# Automatically generated by systemd-cryptsetup-generator\n\n"
127 "Description=Cryptography Setup for %I\n"
128 "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n"
129 "SourcePath=/etc/crypttab\n"
130 "DefaultDependencies=no\n"
131 "Conflicts=umount.target\n"
132 "BindsTo=dev-mapper-%i.device\n"
133 "IgnoreOnIsolate=true\n"
134 "After=cryptsetup-pre.target\n",
139 "Before=cryptsetup.target\n");
142 if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random"))
143 fputs("After=systemd-random-seed.service\n", f);
144 else if (!streq(password, "-") && !streq(password, "none")) {
145 _cleanup_free_ char *uu;
147 uu = fstab_node_to_udev_node(password);
151 if (!path_equal(uu, "/dev/null")) {
153 if (is_device_path(uu)) {
154 _cleanup_free_ char *dd;
156 dd = unit_name_from_path(uu, ".device");
160 fprintf(f, "After=%1$s\nRequires=%1$s\n", dd);
162 fprintf(f, "RequiresMountsFor=%s\n", password);
167 if (is_device_path(u))
171 "Before=umount.target\n",
175 "RequiresMountsFor=%s\n",
178 r = generator_write_timeouts(arg_dest, device, name, options, &filtered);
185 "RemainAfterExit=yes\n"
186 "TimeoutSec=0\n" /* the binary handles timeouts anyway */
187 "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
188 "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
189 name, u, strempty(password), strempty(filtered),
194 "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
199 "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
204 log_error_errno(errno, "Failed to write file %s: %m", p);
208 from = strappenda("../", n);
212 to = strjoin(arg_dest, "/", d, ".wants/", n, NULL);
216 mkdir_parents_label(to, 0755);
217 if (symlink(from, to) < 0) {
218 log_error_errno(errno, "Failed to create symlink %s: %m", to);
224 to = strjoin(arg_dest, "/cryptsetup.target.requires/", n, NULL);
226 to = strjoin(arg_dest, "/cryptsetup.target.wants/", n, NULL);
230 mkdir_parents_label(to, 0755);
231 if (symlink(from, to) < 0) {
232 log_error_errno(errno, "Failed to create symlink %s: %m", to);
238 to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n, NULL);
242 mkdir_parents_label(to, 0755);
243 if (symlink(from, to) < 0) {
244 log_error_errno(errno, "Failed to create symlink %s: %m", to);
248 if (!noauto && !nofail) {
249 _cleanup_free_ char *dmname;
250 dmname = strjoin("dev-mapper-", e, ".device", NULL);
254 r = write_drop_in(arg_dest, dmname, 90, "device-timeout",
255 "# Automatically generated by systemd-cryptsetup-generator \n\n"
256 "[Unit]\nJobTimeoutSec=0");
258 return log_error_errno(r, "Failed to write device drop-in: %m");
264 static int parse_proc_cmdline_item(const char *key, const char *value) {
267 if (STR_IN_SET(key, "luks", "rd.luks") && value) {
269 r = parse_boolean(value);
271 log_warning("Failed to parse luks switch %s. Ignoring.", value);
275 } else if (STR_IN_SET(key, "luks.crypttab", "rd.luks.crypttab") && value) {
277 r = parse_boolean(value);
279 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", value);
281 arg_read_crypttab = r;
283 } else if (STR_IN_SET(key, "luks.uuid", "rd.luks.uuid") && value) {
285 if (strv_extend(&arg_disks, value) < 0)
288 } else if (STR_IN_SET(key, "luks.options", "rd.luks.options") && value) {
290 if (strv_extend(&arg_options, value) < 0)
293 } else if (STR_IN_SET(key, "luks.key", "rd.luks.key") && value) {
296 arg_keyfile = strdup(value);
305 int main(int argc, char *argv[]) {
306 _cleanup_strv_free_ char **disks_done = NULL;
307 _cleanup_fclose_ FILE *f = NULL;
309 int r = EXIT_FAILURE, r2 = EXIT_FAILURE, z;
312 if (argc > 1 && argc != 4) {
313 log_error("This program takes three or no arguments.");
320 log_set_target(LOG_TARGET_SAFE);
321 log_parse_environment();
326 z = parse_proc_cmdline(parse_proc_cmdline_item);
328 log_warning_errno(z, "Failed to parse kernel command line, ignoring: %m");
331 r = r2 = EXIT_SUCCESS;
335 strv_uniq(arg_disks);
337 if (arg_read_crypttab) {
340 f = fopen("/etc/crypttab", "re");
345 log_error_errno(errno, "Failed to open /etc/crypttab: %m");
350 if (fstat(fileno(f), &st) < 0) {
351 log_error_errno(errno, "Failed to stat /etc/crypttab: %m");
355 /* If we readd support for specifying passphrases
356 * directly in crypttabe we should upgrade the warning
357 * below, though possibly only if a passphrase is
358 * specified directly. */
359 if (st.st_mode & 0005)
360 log_debug("/etc/crypttab is world-readable. This is usually not a good idea.");
363 char line[LINE_MAX], *l;
364 _cleanup_free_ char *name = NULL, *device = NULL, *password = NULL, *options = NULL;
367 if (!fgets(line, sizeof(line), f))
373 if (*l == '#' || *l == 0)
376 k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &password, &options);
377 if (k < 2 || k > 4) {
378 log_error("Failed to parse /etc/crypttab:%u, ignoring.", n);
383 If options are specified on the kernel command line, let them override
384 the ones from crypttab.
386 STRV_FOREACH(i, arg_options) {
387 _cleanup_free_ char *proc_uuid = NULL, *proc_options = NULL;
390 k = sscanf(p, "%m[0-9a-fA-F-]=%ms", &proc_uuid, &proc_options);
391 if (k == 2 && streq(proc_uuid, device + 5)) {
403 If luks UUIDs are specified on the kernel command line, use them as a filter
404 for /etc/crypttab and only generate units for those.
406 STRV_FOREACH(i, arg_disks) {
407 _cleanup_free_ char *proc_device = NULL, *proc_name = NULL;
410 if (startswith(p, "luks-"))
413 proc_name = strappend("luks-", p);
414 proc_device = strappend("UUID=", p);
416 if (!proc_name || !proc_device) {
421 if (streq(proc_device, device) || streq(proc_name, name)) {
422 if (create_disk(name, device, password, options) < 0)
425 if (strv_extend(&disks_done, p) < 0) {
431 } else if (create_disk(name, device, password, options) < 0)
440 STRV_FOREACH(i, arg_disks) {
442 Generate units for those UUIDs, which were specified
443 on the kernel command line and not yet written.
446 _cleanup_free_ char *name = NULL, *device = NULL, *options = NULL;
449 if (startswith(p, "luks-"))
452 if (strv_contains(disks_done, p))
455 name = strappend("luks-", p);
456 device = strappend("UUID=", p);
458 if (!name || !device) {
465 If options are specified on the kernel command line, use them.
469 STRV_FOREACH(j, arg_options) {
470 _cleanup_free_ char *proc_uuid = NULL, *proc_options = NULL;
474 k = sscanf(s, "%m[0-9a-fA-F-]=%ms", &proc_uuid, &proc_options);
476 if (streq(proc_uuid, device + 5)) {
478 options = proc_options;
481 } else if (!options) {
483 Fall back to options without a specified UUID
495 options = strdup("timeout=0");
502 if (create_disk(name, device, arg_keyfile, options) < 0)
509 strv_free(arg_disks);
510 strv_free(arg_options);
513 return r != EXIT_SUCCESS ? r : r2;
~ianmdlvl / elogind.git / blob