diff options
| author | Hugo Osvaldo Barrera <hugo@barrera.io> | 2021-07-04 16:30:20 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2021-07-08 11:46:20 +0200 |
| commit | 8859b8f77a734af6a3b5deb8f042ba3d394c512b (patch) | |
| tree | 60880cf7bfdf1a939f30726b0fe5b69a15c09544 /src/gpt-auto-generator | |
| parent | 105a4245ff13d588e1e848e8ee3cffd6185bd0ae (diff) | |
| download | systemd-8859b8f77a734af6a3b5deb8f042ba3d394c512b.tar.gz | |
Mount encrypted swap partitions via gpt-auto
If the auto-discovered swap partition is LUKS encrypted, decrypt it
automatically.
This aligns with the Discoverable Partitions Specification, though I've
also updated it to explicitly mention that LUKS is now supported here.
Since systemd retries any key already in the kernel keyring, if the swap
partition has the same passphrase as the root partition, the user won't
be prompted a second time for a second passphrase.
See https://github.com/systemd/systemd/issues/20019
Diffstat (limited to 'src/gpt-auto-generator')
| -rw-r--r-- | src/gpt-auto-generator/gpt-auto-generator.c | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c index 10aa2d98a1..f5346f49ad 100644 --- a/src/gpt-auto-generator/gpt-auto-generator.c +++ b/src/gpt-auto-generator/gpt-auto-generator.c @@ -338,12 +338,14 @@ static int add_partition_mount( SPECIAL_LOCAL_FS_TARGET); } -static int add_swap(const char *path) { - _cleanup_free_ char *name = NULL, *unit = NULL; +static int add_swap(DissectedPartition *p) { + const char *what; + _cleanup_free_ char *name = NULL, *unit = NULL, *crypto_what = NULL; _cleanup_fclose_ FILE *f = NULL; int r; - assert(path); + assert(p); + assert(p->node); /* Disable the swap auto logic if at least one swap is defined in /etc/fstab, see #6192. */ r = fstab_has_fstype("swap"); @@ -354,9 +356,17 @@ static int add_swap(const char *path) { return 0; } - log_debug("Adding swap: %s", path); + if (streq_ptr(p->fstype, "crypto_LUKS")) { + r = add_cryptsetup("swap", p->node, true, true, &crypto_what); + if (r < 0) + return r; + what = crypto_what; + } else + what = p->node; + + log_debug("Adding swap: %s", what); - r = unit_name_from_path(path, ".swap", &name); + r = unit_name_from_path(what, ".swap", &name); if (r < 0) return log_error_errno(r, "Failed to generate unit name: %m"); @@ -374,7 +384,7 @@ static int add_swap(const char *path) { "Description=Swap Partition\n" "Documentation=man:systemd-gpt-auto-generator(8)\n"); - r = generator_write_blockdev_dependency(f, path); + r = generator_write_blockdev_dependency(f, what); if (r < 0) return r; @@ -382,7 +392,7 @@ static int add_swap(const char *path) { "\n" "[Swap]\n" "What=%s\n", - path); + what); r = fflush_and_check(f); if (r < 0) @@ -703,7 +713,7 @@ static int enumerate_partitions(dev_t devnum) { return log_error_errno(r, "Failed to dissect: %m"); if (m->partitions[PARTITION_SWAP].found) { - k = add_swap(m->partitions[PARTITION_SWAP].node); + k = add_swap(m->partitions + PARTITION_SWAP); if (k < 0) r = k; } |