cryptsetup: support keyfile-timeout for using a device as the key file

Closes https://github.com/systemd/systemd/issues/21993
author: Chih-Hsuan Yen <yan12125@gmail.com> 2022-08-05 00:45:33 +0800
committer: Luca Boccassi <luca.boccassi@gmail.com> 2022-08-08 17:03:28 +0100
commit: 7aa0b0121e2eef5d4caa676e746faed99d9ab097 (patch)
tree: 50c65700ac5a6a4d32ab10f31b56110bc38ca9c7 /src/cryptsetup
parent: 57a0e3f5036a0a1ac4c362ed7b8a2c5b62df23b9 (diff)
download: systemd-7aa0b0121e2eef5d4caa676e746faed99d9ab097.tar.gz
1 files changed, 19 insertions, 6 deletions
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
index 8f5ad67f48..07903f1044 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -227,9 +227,11 @@ static int generate_device_umount(const char *name,
         return 0;
 }
 
-static int print_dependencies(FILE *f, const char* device_path) {
+static int print_dependencies(FILE *f, const char* device_path, const char* timeout_value, bool canfail) {
         int r;
 
+        assert(!canfail || timeout_value);
+
         if (STR_IN_SET(device_path, "-", "none"))
                 /* None, nothing to do */
                 return 0;
@@ -259,9 +261,16 @@ static int print_dependencies(FILE *f, const char* device_path) {
                 if (r < 0)
                         return log_error_errno(r, "Failed to generate unit name: %m");
 
-                fprintf(f,
-                        "After=%1$s\n"
-                        "Requires=%1$s\n", unit);
+                fprintf(f, "After=%1$s\n", unit);
+                if (canfail) {
+                        fprintf(f, "Wants=%1$s\n", unit);
+                        r = write_drop_in_format(arg_dest, unit, 90, "device-timeout",
+                                "# Automatically generated by systemd-cryptsetup-generator \n\n"
+                                "[Unit]\nJobRunningTimeoutSec=%s", timeout_value);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to write device drop-in: %m");
+                } else
+                        fprintf(f, "Requires=%1$s\n", unit);
         } else {
                 /* Regular file, add mount dependency */
                 _cleanup_free_ char *escaped_path = specifier_escape(device_path);
@@ -463,14 +472,18 @@ static int create_disk(
                         netdev ? "remote-cryptsetup.target" : "cryptsetup.target");
 
         if (key_file && !keydev) {
-                r = print_dependencies(f, key_file);
+                r = print_dependencies(f, key_file,
+                        keyfile_timeout_value,
+                        /* canfail= */ keyfile_can_timeout > 0);
                 if (r < 0)
                         return r;
         }
 
         /* Check if a header option was specified */
         if (detached_header > 0 && !headerdev) {
-                r = print_dependencies(f, header_path);
+                r = print_dependencies(f, header_path,
+                        NULL,
+                        /* canfail= */ false); /* header is always necessary */
                 if (r < 0)
                         return r;
         }
author	Chih-Hsuan Yen <yan12125@gmail.com>	2022-08-05 00:45:33 +0800
committer	Luca Boccassi <luca.boccassi@gmail.com>	2022-08-08 17:03:28 +0100
commit	7aa0b0121e2eef5d4caa676e746faed99d9ab097 (patch)
tree	50c65700ac5a6a4d32ab10f31b56110bc38ca9c7 /src/cryptsetup
parent	57a0e3f5036a0a1ac4c362ed7b8a2c5b62df23b9 (diff)
download	systemd-7aa0b0121e2eef5d4caa676e746faed99d9ab097.tar.gz