1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
28 #include "unit-name.h"
34 static const char *arg_dest = "/tmp";
35 static bool arg_enabled = true;
36 static bool arg_read_crypttab = true;
38 static bool has_option(const char *haystack, const char *needle) {
39 const char *f = haystack;
49 while ((f = strstr(f, needle))) {
51 if (f > haystack && f[-1] != ',') {
56 if (f[l] != 0 && f[l] != ',') {
67 static int create_disk(
71 const char *options) {
73 char _cleanup_free_ *p = NULL, *n = NULL, *d = NULL, *u = NULL, *from = NULL, *to = NULL, *e = NULL;
74 FILE _cleanup_fclose_ *f = NULL;
80 noauto = has_option(options, "noauto");
81 nofail = has_option(options, "nofail");
83 n = unit_name_from_path_instance("systemd-cryptsetup", name, ".service");
87 p = strjoin(arg_dest, "/", n, NULL);
91 u = fstab_node_to_udev_node(device);
95 d = unit_name_from_path(u, ".device");
101 log_error("Failed to create unit file %s: %m", p);
106 "# Automatically generated by systemd-cryptsetup-generator\n\n"
108 "Description=Cryptography Setup for %I\n"
109 "Documentation=man:systemd-cryptsetup@.service(8) man:crypttab(5)\n"
110 "SourcePath=/etc/crypttab\n"
111 "Conflicts=umount.target\n"
112 "DefaultDependencies=no\n"
113 "BindsTo=dev-mapper-%i.device\n"
114 "After=systemd-readahead-collect.service systemd-readahead-replay.service\n",
119 "Before=cryptsetup.target\n");
121 if (password && (streq(password, "/dev/urandom") ||
122 streq(password, "/dev/random") ||
123 streq(password, "/dev/hw_random")))
124 fputs("After=systemd-random-seed-load.service\n", f);
126 fputs("Before=local-fs.target\n", f);
128 if (is_device_path(u))
132 "Before=umount.target\n",
136 "RequiresMountsFor=%s\n",
142 "RemainAfterExit=yes\n"
143 "TimeoutSec=0\n" /* the binary handles timeouts anyway */
144 "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
145 "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
146 name, u, strempty(password), strempty(options),
149 if (has_option(options, "tmp"))
151 "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
154 if (has_option(options, "swap"))
156 "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
162 log_error("Failed to write file %s: %m", p);
166 if (asprintf(&from, "../%s", n) < 0)
171 to = strjoin(arg_dest, "/", d, ".wants/", n, NULL);
175 mkdir_parents_label(to, 0755);
176 if (symlink(from, to) < 0) {
177 log_error("Failed to create symlink '%s' to '%s': %m", from, to);
183 to = strjoin(arg_dest, "/cryptsetup.target.requires/", n, NULL);
185 to = strjoin(arg_dest, "/cryptsetup.target.wants/", n, NULL);
189 mkdir_parents_label(to, 0755);
190 if (symlink(from, to) < 0) {
191 log_error("Failed to create symlink '%s' to '%s': %m", from, to);
196 e = unit_name_escape(name);
201 to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n, NULL);
205 mkdir_parents_label(to, 0755);
206 if (symlink(from, to) < 0) {
207 log_error("Failed to create symlink '%s' to '%s': %m", from, to);
214 static int parse_proc_cmdline(char ***arg_proc_cmdline_disks) {
215 char _cleanup_free_ *line = NULL;
216 char *w = NULL, *state = NULL;
220 if (detect_container(NULL) > 0)
223 r = read_one_line_file("/proc/cmdline", &line);
225 log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
229 FOREACH_WORD_QUOTED(w, l, line, state) {
230 char _cleanup_free_ *word = NULL;
232 word = strndup(w, l);
236 if (startswith(word, "luks=")) {
237 r = parse_boolean(word + 5);
239 log_warning("Failed to parse luks switch %s. Ignoring.", word + 5);
243 } else if (startswith(word, "rd.luks=")) {
246 r = parse_boolean(word + 8);
248 log_warning("Failed to parse luks switch %s. Ignoring.", word + 8);
253 } else if (startswith(word, "luks.crypttab=")) {
254 r = parse_boolean(word + 14);
256 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", word + 14);
258 arg_read_crypttab = r;
260 } else if (startswith(word, "rd.luks.crypttab=")) {
263 r = parse_boolean(word + 17);
265 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", word + 17);
267 arg_read_crypttab = r;
270 } else if (startswith(word, "luks.uuid=")) {
271 if (strv_extend(arg_proc_cmdline_disks, word + 10) < 0)
274 } else if (startswith(word, "rd.luks.uuid=")) {
277 if (strv_extend(arg_proc_cmdline_disks, word + 13) < 0)
281 } else if (startswith(word, "luks.") ||
282 (in_initrd() && startswith(word, "rd.luks."))) {
284 log_warning("Unknown kernel switch %s. Ignoring.", word);
288 strv_uniq(*arg_proc_cmdline_disks);
293 int main(int argc, char *argv[]) {
294 FILE _cleanup_fclose_ *f = NULL;
296 int r = EXIT_SUCCESS;
298 char _cleanup_strv_free_ **arg_proc_cmdline_disks_done = NULL;
299 char _cleanup_strv_free_ **arg_proc_cmdline_disks = NULL;
301 if (argc > 1 && argc != 4) {
302 log_error("This program takes three or no arguments.");
309 log_set_target(LOG_TARGET_SAFE);
310 log_parse_environment();
315 if (parse_proc_cmdline(&arg_proc_cmdline_disks) < 0)
321 if (arg_read_crypttab) {
322 f = fopen("/etc/crypttab", "re");
329 log_error("Failed to open /etc/crypttab: %m");
332 char line[LINE_MAX], *l;
333 char _cleanup_free_ *name = NULL, *device = NULL, *password = NULL, *options = NULL;
336 if (!fgets(line, sizeof(line), f))
342 if (*l == '#' || *l == 0)
345 k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &password, &options);
346 if (k < 2 || k > 4) {
347 log_error("Failed to parse /etc/crypttab:%u, ignoring.", n);
352 if (arg_proc_cmdline_disks) {
354 If luks UUIDs are specified on the kernel command line, use them as a filter
355 for /etc/crypttab and only generate units for those.
357 STRV_FOREACH(i, arg_proc_cmdline_disks) {
358 char _cleanup_free_ *proc_device = NULL, *proc_name = NULL;
361 if (startswith(p, "luks-"))
364 proc_name = strappend("luks-", p);
365 proc_device = strappend("UUID=", p);
367 if (!proc_name || !proc_device)
370 if (streq(proc_device, device) || streq(proc_name, name)) {
371 if (create_disk(name, device, password, options) < 0)
374 if (strv_extend(&arg_proc_cmdline_disks_done, p) < 0)
379 if (create_disk(name, device, password, options) < 0)
385 STRV_FOREACH(i, arg_proc_cmdline_disks) {
387 Generate units for those UUIDs, which were specified
388 on the kernel command line and not yet written.
391 char _cleanup_free_ *name = NULL, *device = NULL;
394 if (startswith(p, "luks-"))
397 if (strv_contains(arg_proc_cmdline_disks_done, p))
400 name = strappend("luks-", p);
401 device = strappend("UUID=", p);
403 if (!name || !device)
406 if (create_disk(name, device, NULL, "timeout=0") < 0)