1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
28 #include "unit-name.h"
34 static const char *arg_dest = "/tmp";
35 static bool arg_enabled = true;
36 static bool arg_read_crypttab = true;
38 static bool has_option(const char *haystack, const char *needle) {
39 const char *f = haystack;
49 while ((f = strstr(f, needle))) {
51 if (f > haystack && f[-1] != ',') {
56 if (f[l] != 0 && f[l] != ',') {
67 static int create_disk(
71 const char *options) {
73 char _cleanup_free_ *p = NULL, *n = NULL, *d = NULL, *u = NULL, *from = NULL, *to = NULL, *e = NULL;
74 FILE _cleanup_fclose_ *f = NULL;
80 noauto = has_option(options, "noauto");
81 nofail = has_option(options, "nofail");
83 n = unit_name_from_path_instance("systemd-cryptsetup", name, ".service");
87 p = strjoin(arg_dest, "/", n, NULL);
91 u = fstab_node_to_udev_node(device);
95 d = unit_name_from_path(u, ".device");
101 log_error("Failed to create unit file %s: %m", p);
106 "# Automatically generated by systemd-cryptsetup-generator\n\n"
108 "Description=Cryptography Setup for %I\n"
109 "Documentation=man:systemd-cryptsetup@.service(8) man:crypttab(5)\n"
110 "SourcePath=/etc/crypttab\n"
111 "Conflicts=umount.target\n"
112 "DefaultDependencies=no\n"
113 "BindsTo=dev-mapper-%i.device\n"
114 "After=systemd-readahead-collect.service systemd-readahead-replay.service\n",
119 "Before=cryptsetup.target\n");
122 if (streq(password, "/dev/urandom") ||
123 streq(password, "/dev/random") ||
124 streq(password, "/dev/hw_random"))
125 fputs("After=systemd-random-seed-load.service\n", f);
126 else if (!streq(password, "-") &&
127 !streq(password, "none"))
129 "RequiresMountsFor=%s\n",
133 if (is_device_path(u))
137 "Before=umount.target\n",
141 "RequiresMountsFor=%s\n",
147 "RemainAfterExit=yes\n"
148 "TimeoutSec=0\n" /* the binary handles timeouts anyway */
149 "ExecStart=" SYSTEMD_CRYPTSETUP_PATH " attach '%s' '%s' '%s' '%s'\n"
150 "ExecStop=" SYSTEMD_CRYPTSETUP_PATH " detach '%s'\n",
151 name, u, strempty(password), strempty(options),
154 if (has_option(options, "tmp"))
156 "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n",
159 if (has_option(options, "swap"))
161 "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n",
167 log_error("Failed to write file %s: %m", p);
171 if (asprintf(&from, "../%s", n) < 0)
176 to = strjoin(arg_dest, "/", d, ".wants/", n, NULL);
180 mkdir_parents_label(to, 0755);
181 if (symlink(from, to) < 0) {
182 log_error("Failed to create symlink '%s' to '%s': %m", from, to);
188 to = strjoin(arg_dest, "/cryptsetup.target.requires/", n, NULL);
190 to = strjoin(arg_dest, "/cryptsetup.target.wants/", n, NULL);
194 mkdir_parents_label(to, 0755);
195 if (symlink(from, to) < 0) {
196 log_error("Failed to create symlink '%s' to '%s': %m", from, to);
201 e = unit_name_escape(name);
206 to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n, NULL);
210 mkdir_parents_label(to, 0755);
211 if (symlink(from, to) < 0) {
212 log_error("Failed to create symlink '%s' to '%s': %m", from, to);
219 static int parse_proc_cmdline(char ***arg_proc_cmdline_disks) {
220 char _cleanup_free_ *line = NULL;
221 char *w = NULL, *state = NULL;
225 if (detect_container(NULL) > 0)
228 r = read_one_line_file("/proc/cmdline", &line);
230 log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r));
234 FOREACH_WORD_QUOTED(w, l, line, state) {
235 char _cleanup_free_ *word = NULL;
237 word = strndup(w, l);
241 if (startswith(word, "luks=")) {
242 r = parse_boolean(word + 5);
244 log_warning("Failed to parse luks switch %s. Ignoring.", word + 5);
248 } else if (startswith(word, "rd.luks=")) {
251 r = parse_boolean(word + 8);
253 log_warning("Failed to parse luks switch %s. Ignoring.", word + 8);
258 } else if (startswith(word, "luks.crypttab=")) {
259 r = parse_boolean(word + 14);
261 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", word + 14);
263 arg_read_crypttab = r;
265 } else if (startswith(word, "rd.luks.crypttab=")) {
268 r = parse_boolean(word + 17);
270 log_warning("Failed to parse luks crypttab switch %s. Ignoring.", word + 17);
272 arg_read_crypttab = r;
275 } else if (startswith(word, "luks.uuid=")) {
276 if (strv_extend(arg_proc_cmdline_disks, word + 10) < 0)
279 } else if (startswith(word, "rd.luks.uuid=")) {
282 if (strv_extend(arg_proc_cmdline_disks, word + 13) < 0)
286 } else if (startswith(word, "luks.") ||
287 (in_initrd() && startswith(word, "rd.luks."))) {
289 log_warning("Unknown kernel switch %s. Ignoring.", word);
293 strv_uniq(*arg_proc_cmdline_disks);
298 int main(int argc, char *argv[]) {
299 FILE _cleanup_fclose_ *f = NULL;
301 int r = EXIT_SUCCESS;
303 char _cleanup_strv_free_ **arg_proc_cmdline_disks_done = NULL;
304 char _cleanup_strv_free_ **arg_proc_cmdline_disks = NULL;
306 if (argc > 1 && argc != 4) {
307 log_error("This program takes three or no arguments.");
314 log_set_target(LOG_TARGET_SAFE);
315 log_parse_environment();
320 if (parse_proc_cmdline(&arg_proc_cmdline_disks) < 0)
326 if (arg_read_crypttab) {
327 f = fopen("/etc/crypttab", "re");
334 log_error("Failed to open /etc/crypttab: %m");
337 char line[LINE_MAX], *l;
338 char _cleanup_free_ *name = NULL, *device = NULL, *password = NULL, *options = NULL;
341 if (!fgets(line, sizeof(line), f))
347 if (*l == '#' || *l == 0)
350 k = sscanf(l, "%ms %ms %ms %ms", &name, &device, &password, &options);
351 if (k < 2 || k > 4) {
352 log_error("Failed to parse /etc/crypttab:%u, ignoring.", n);
357 if (arg_proc_cmdline_disks) {
359 If luks UUIDs are specified on the kernel command line, use them as a filter
360 for /etc/crypttab and only generate units for those.
362 STRV_FOREACH(i, arg_proc_cmdline_disks) {
363 char _cleanup_free_ *proc_device = NULL, *proc_name = NULL;
366 if (startswith(p, "luks-"))
369 proc_name = strappend("luks-", p);
370 proc_device = strappend("UUID=", p);
372 if (!proc_name || !proc_device)
375 if (streq(proc_device, device) || streq(proc_name, name)) {
376 if (create_disk(name, device, password, options) < 0)
379 if (strv_extend(&arg_proc_cmdline_disks_done, p) < 0)
384 if (create_disk(name, device, password, options) < 0)
390 STRV_FOREACH(i, arg_proc_cmdline_disks) {
392 Generate units for those UUIDs, which were specified
393 on the kernel command line and not yet written.
396 char _cleanup_free_ *name = NULL, *device = NULL;
399 if (startswith(p, "luks-"))
402 if (strv_contains(arg_proc_cmdline_disks_done, p))
405 name = strappend("luks-", p);
406 device = strappend("UUID=", p);
408 if (!name || !device)
411 if (create_disk(name, device, NULL, "timeout=0") < 0)