summaryrefslogtreecommitdiff
path: root/src/gpt-auto-generator
Commit message (Collapse)AuthorAgeFilesLines
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* dissect: wrap verity settings in new VeritySettings structureLennart Poettering2020-09-171-1/+1
| | | | | | | | | | | | Just some refactoring: let's place the various verity related parameters in a common structure, and pass that around instead of the individual parameters. Also, let's load the PKCS#7 signature data when finding metadata right-away, instead of delaying this until we need it. In all cases we call this there's not much time difference between the metdata finding and the loading, hence this simplifies things and makes sure root hash data and its signature is now always acquired together.
* tree-wide: if get_block_device() returns zero devno, check for it in all casesLennart Poettering2020-09-081-1/+1
| | | | | And add a comment for the existing cases where things aren't clear already.
* btrfs: if BTRFS_IOC_DEV_INFO returns /dev/root generate a friendly error messageLennart Poettering2020-09-081-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | On systems that boot without initrd on a btrfs root file systems the BTRFS_IOC_DEV_INFO ioctl returns /dev/root as backing device. That sucks, since that is not a real device visible to userspace. Since this has been that way since forever, and it doesn't look like the kernel will get fixed soon for this, let's at least generate a useful error message in this case. This is not a bug fix, just a tweak to make this more recognizable. Once the kernel gets fixed to report the correct device nodes in this case, in a way userspace can make sense of them things will magically work for systemd, too. (Note that this doesn't add a log message about this to really all cases we call get_device() in, but just the main ones that are called in early boot context, after all all there's no benefit in seeing this message too many times.) https://github.com/systemd/systemd/issues/16953 https://bugs.freedesktop.org/show_bug.cgi?id=84689 https://bugzilla.kernel.org/show_bug.cgi?id=89721
* service: add new RootImageOptions featureLuca Boccassi2020-07-291-1/+1
| | | | | | | | | | Allows to specify mount options for RootImage. In case of multi-partition images, the partition number can be prefixed followed by colon. Eg: RootImageOptions=1:ro,dev 2:nosuid nodev In absence of a partition number, 0 is assumed.
* dissect: support single-filesystem verity images with external verity hashLuca Boccassi2020-06-091-1/+1
| | | | | | | | dm-verity support in dissect-image at the moment is restricted to GPT volumes. If the image a single-filesystem type without a partition table (eg: squashfs) and a roothash/verity file are passed, set the verity flag and mark as read-only.
* units: introduce blockdev@.target for properly ordering mounts/swaps against ↵Lennart Poettering2020-01-211-35/+28
| | | | | | | | | cryptsetup Let's hook it into both cryptsetup-generator and gpt-auto-generator with a shared implementation in generator.c Fixes: #8472
* Merge pull request #14390 from poettering/gpt-var-tmpZbigniew Jędrzejewski-Szmek2020-01-141-0/+12
|\ | | | | introduce GPT partition types for /var and /var/tmp and support them for auto-discovery
| * dissect: introduce new recognizable partition types for /var and /var/tmpLennart Poettering2019-12-231-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This has been requested many times before. Let's add it finally. GPT auto-discovery for /var is a bit more complex than for other partition types: the other partitions can to some degree be shared between multiple OS installations on the same disk (think: swap, /home, /srv). However, /var is inherently something bound to an installation, i.e. specific to its identity, or actually *is* its identity, and hence something that cannot be shared. To deal with this this new code is particularly careful when it comes to /var: it will not mount things blindly, but insist that the UUID of the partition matches a hashed version of the machine-id of the installation, so that each installation has a very specific /var associated with it, and would never use any other. (We actually use HMAC-SHA256 on the GPT partition type for /var, keyed by the machine-id, since machine-id is something we want to keep somewhat private). Setting the right UUID for installations takes extra care. To make things a bit simpler to set up, we avoid this safety check for nspawn and RootImage= in unit files, under the assumption that such container and service images unlikely will have multiple installations on them. The check is hence only required when booting full machines, i.e. in in systemd-gpt-auto-generator. To help with putting together images for full machines, PR #14368 introduces a repartition tool that can automatically fill in correctly calculated UUIDs on first boot if images have the var partition UUID initialized to all zeroes. With that in place systems can be put together in a way that on first boot the machine ID is determined and the partition table automatically adjusted to have the /var partition with the right UUID.
* | gpt-auto: don't assume XBOOTLDR is vfatLennart Poettering2020-01-081-2/+15
|/ | | | | | | Let's not assume "umask=" is a valid mount option for XBOOTLDR partitions unconditionally. Fixes: #14165
* gpt-auto-generator: rename function for clarityZbigniew Jędrzejewski-Szmek2019-11-301-5/+6
| | | | | As requested in https://github.com/systemd/systemd/pull/14196#discussion_r352036184.
* gpt-auto-generator: make it easier to notice if boot loader support is missingZbigniew Jędrzejewski-Szmek2019-11-301-1/+2
| | | | | | | The docs didn't talk about this, so let's add an explicit mention that the boot loader must cooperate. And also make the message from the generator notice level. This should help people who are trying to mix grub and the gpt auto logic.
* gpt-auto-generator: use write_drop_in_format() helper and downgrade failureZbigniew Jędrzejewski-Szmek2019-11-301-11/+9
| | | | | | | | If we fail to write the timeout, let's not exit. (This might happen if another generator writes the same dropin.) No need to make this fatal. Since this is non-fatal now and the name doesn't need to be unique, let's make the drop-in name shorter.
* gpt-auto-generator: improve debug messages a bitZbigniew Jędrzejewski-Szmek2019-11-301-2/+5
| | | | | In particular, let's give a hint when we do nothing in the common case of root= being used.
* gpt-auto-generator: move functions aroundZbigniew Jędrzejewski-Szmek2019-11-281-142/+141
| | | | | | open_parent_devno() which is a helper is moved out of the main "business logic" block of various add_*() functions. And parse_proc_cmdline_item() is moved to the end, near to run() where it is used. No functional change.
* tree-wide: drop stat.h or statfs.h when stat-util.h is includedYu Watanabe2019-11-041-1/+0
|
* tree-wide: drop blkid.h when blkid-util.h is includedYu Watanabe2019-11-041-1/+0
|
* tree-wide: drop missing.hYu Watanabe2019-10-311-1/+0
|
* util-lib: split shared/efivars into basic/efivars and shared/efi-loaderZbigniew Jędrzejewski-Szmek2019-09-161-1/+1
| | | | | | I want to use efivars.[ch] in proc-cmdline.c, but most of the efivars stuff is not needed in basic/. Move the file from shared/ to basic/, but then move back most of the higher-level functions to the new shared/efi-loader.c file.
* tree-wide: get rid of strappend()Lennart Poettering2019-07-121-1/+1
| | | | | It's a special case of strjoin(), so no need to keep both. In particular as typing strjoin() is even shoert than strappend().
* tree-wide: replace strjoina() with prefix_roota()Yu Watanabe2019-06-251-2/+2
|
* tree-wide: replace strjoin() with path_join()Yu Watanabe2019-06-211-2/+2
|
* tree-wide: make use of the new WRITE_STRING_FILE_MKDIR_0755 flagLennart Poettering2019-05-081-2/+1
|
* Merge pull request #11243 from poettering/nspawn-root-overlayZbigniew Jędrzejewski-Szmek2019-03-011-4/+22
|\ | | | | add systemd-nspawn --volatile=overlay support, as well as the same for host systems
| * gpt-auto-generator: use new /run/systemd/volatile-root symlink as fallback ↵Lennart Poettering2019-03-011-2/+20
| | | | | | | | when we otherwise cannot determine root device node
| * gpt-auto-generator: rename open_parent() → open_parent_devno() so that we ↵Lennart Poettering2019-03-011-2/+2
| | | | | | | | | | | | | | can include fs-util.h later As that header also defines a function open_parent() which does something different.
* | gpt-auto: also load the boot loader partition during regular bootsLennart Poettering2019-03-011-15/+71
|/
* Pull in systemd-remount-fs.service only when requiredZbigniew Jędrzejewski-Szmek2019-01-031-2/+5
| | | | | | Instead of enabling it unconditionally and then using ConditionPathExists=/etc/fstab, and possibly masking this condition if it should be enabled for auto gpt stuff, just pull it in explicitly when required.
* Merge pull request #10912 from poettering/gpt-root-rwZbigniew Jędrzejewski-Szmek2018-12-201-7/+51
|\ | | | | make sure to propagate GPT root partition r/w flag into mount r/w flag
| * gpt-auto: propagate gpt partition ro/rw flag into root mountLennart Poettering2018-12-181-0/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This ensures that the read/write state of the root mount matches the read/write flag in the GPT partition table entry. This is only used as fallback in case no ro/rw flag is specified on the kernel cmdline, and there's no entry for the root partition in /etc/fstab. This is missing functionality of the GPT auto logic, as without this the root partition was always mounted read-only — when booting with zero configuration in /etc/fstab and /proc/cmdline —, as we defaulted to read-only behaviour for all mounts. Moreover we honoured the r/o flag in the partition table for all other partition types, except for the root partition.
| * gpt-auto: make arg_root_rw a tri-stateLennart Poettering2018-12-181-2/+2
| | | | | | | | | | No change in behaviour, but let's track whether ro or rw are specified on the kernel cmdline at all.
| * gpt-auto: compare kernel cmdline args with proc_cmdline_key_streq()Lennart Poettering2018-12-181-5/+6
| |
* | gpt-auto-generator: don't wait for udevLennart Poettering2018-12-191-1/+1
|/ | | | | | | | | | | | | | | | Generators run in a context where waiting for udev is not an option, simply because it's not running there yet. Hence, let's not wait for it in this case. This is generally OK to do as we are operating on the root disk only here, which should have been probed already by the time we come this far. An alternative fix might be to remove the udev dependency from image dissection again in the long run (and thus replace reliance on /dev/block/x:y somehow with something else). Fixes: #11205
* gpt-auto-generator: use the new main function definerZbigniew Jędrzejewski-Szmek2018-12-121-17/+9
| | | | The first error is now returned.
* generators: configure logging before the first useZbigniew Jędrzejewski-Szmek2018-12-121-2/+2
|
* Split out part of mount-util.c into mountpoint-util.cZbigniew Jędrzejewski-Szmek2018-11-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The idea is that anything which is related to actually manipulating mounts is in mount-util.c, but functions for mountpoint introspection are moved to the new file. Anything which requires libmount must be in mount-util.c. This was supposed to be a preparation for further changes, with no functional difference, but it results in a significant change in linkage: $ ldd build/libnss_*.so.2 (before) build/libnss_myhostname.so.2: linux-vdso.so.1 (0x00007fff77bf5000) librt.so.1 => /lib64/librt.so.1 (0x00007f4bbb7b2000) libmount.so.1 => /lib64/libmount.so.1 (0x00007f4bbb755000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f4bbb734000) libc.so.6 => /lib64/libc.so.6 (0x00007f4bbb56e000) /lib64/ld-linux-x86-64.so.2 (0x00007f4bbb8c1000) libblkid.so.1 => /lib64/libblkid.so.1 (0x00007f4bbb51b000) libuuid.so.1 => /lib64/libuuid.so.1 (0x00007f4bbb512000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f4bbb4e3000) libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f4bbb45e000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f4bbb458000) build/libnss_mymachines.so.2: linux-vdso.so.1 (0x00007ffc19cc0000) librt.so.1 => /lib64/librt.so.1 (0x00007fdecb74b000) libcap.so.2 => /lib64/libcap.so.2 (0x00007fdecb744000) libmount.so.1 => /lib64/libmount.so.1 (0x00007fdecb6e7000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fdecb6c6000) libc.so.6 => /lib64/libc.so.6 (0x00007fdecb500000) /lib64/ld-linux-x86-64.so.2 (0x00007fdecb8a9000) libblkid.so.1 => /lib64/libblkid.so.1 (0x00007fdecb4ad000) libuuid.so.1 => /lib64/libuuid.so.1 (0x00007fdecb4a2000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fdecb475000) libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fdecb3f0000) libdl.so.2 => /lib64/libdl.so.2 (0x00007fdecb3ea000) build/libnss_resolve.so.2: linux-vdso.so.1 (0x00007ffe8ef8e000) librt.so.1 => /lib64/librt.so.1 (0x00007fcf314bd000) libcap.so.2 => /lib64/libcap.so.2 (0x00007fcf314b6000) libmount.so.1 => /lib64/libmount.so.1 (0x00007fcf31459000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fcf31438000) libc.so.6 => /lib64/libc.so.6 (0x00007fcf31272000) /lib64/ld-linux-x86-64.so.2 (0x00007fcf31615000) libblkid.so.1 => /lib64/libblkid.so.1 (0x00007fcf3121f000) libuuid.so.1 => /lib64/libuuid.so.1 (0x00007fcf31214000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fcf311e7000) libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fcf31162000) libdl.so.2 => /lib64/libdl.so.2 (0x00007fcf3115c000) build/libnss_systemd.so.2: linux-vdso.so.1 (0x00007ffda6d17000) librt.so.1 => /lib64/librt.so.1 (0x00007f610b83c000) libcap.so.2 => /lib64/libcap.so.2 (0x00007f610b835000) libmount.so.1 => /lib64/libmount.so.1 (0x00007f610b7d8000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f610b7b7000) libc.so.6 => /lib64/libc.so.6 (0x00007f610b5f1000) /lib64/ld-linux-x86-64.so.2 (0x00007f610b995000) libblkid.so.1 => /lib64/libblkid.so.1 (0x00007f610b59e000) libuuid.so.1 => /lib64/libuuid.so.1 (0x00007f610b593000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f610b566000) libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f610b4e1000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f610b4db000) (after) build/libnss_myhostname.so.2: linux-vdso.so.1 (0x00007fff0b5e2000) librt.so.1 => /lib64/librt.so.1 (0x00007fde0c328000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fde0c307000) libc.so.6 => /lib64/libc.so.6 (0x00007fde0c141000) /lib64/ld-linux-x86-64.so.2 (0x00007fde0c435000) build/libnss_mymachines.so.2: linux-vdso.so.1 (0x00007ffdc30a7000) librt.so.1 => /lib64/librt.so.1 (0x00007f06ecabb000) libcap.so.2 => /lib64/libcap.so.2 (0x00007f06ecab4000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f06eca93000) libc.so.6 => /lib64/libc.so.6 (0x00007f06ec8cd000) /lib64/ld-linux-x86-64.so.2 (0x00007f06ecc15000) build/libnss_resolve.so.2: linux-vdso.so.1 (0x00007ffe95747000) librt.so.1 => /lib64/librt.so.1 (0x00007fa56a80f000) libcap.so.2 => /lib64/libcap.so.2 (0x00007fa56a808000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fa56a7e7000) libc.so.6 => /lib64/libc.so.6 (0x00007fa56a621000) /lib64/ld-linux-x86-64.so.2 (0x00007fa56a964000) build/libnss_systemd.so.2: linux-vdso.so.1 (0x00007ffe67b51000) librt.so.1 => /lib64/librt.so.1 (0x00007ffb32113000) libcap.so.2 => /lib64/libcap.so.2 (0x00007ffb3210c000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007ffb320eb000) libc.so.6 => /lib64/libc.so.6 (0x00007ffb31f25000) /lib64/ld-linux-x86-64.so.2 (0x00007ffb3226a000) I don't quite understand what is going on here, but let's not be too picky.
* generators: drop umask callsZbigniew Jędrzejewski-Szmek2018-11-211-2/+0
| | | | | | | | | systemd already sets the umask (see e3b8d0637dd755b3426f3363b2cdad63f738116c). When running under systemd, we don't need to set it. And when *not* running under systemd, for example during development, there is no reason to override the user config. Let's just drop those calls. $ git grep -e 'umask\(' -l 'src/*generator*' |xargs perl -i -0pe 's|^[^\n]*umask\([^\n]+\n\n||gms'
* generators: introduce a common implementation for the log setup boilerplateLennart Poettering2018-11-201-4/+1
|
* gpt-auto-generator: use log_device_*()Yu Watanabe2018-10-231-7/+8
|
* gpt-auto-generator: include error cause in log messageYu Watanabe2018-10-201-1/+1
|
* gpt-auto-generator: do not assign '*ret' on errorYu Watanabe2018-09-231-11/+6
|
* gpt-auto-generator: replace udev_device by sd_deviceYu Watanabe2018-08-231-31/+26
|
* tree-wide: remove Lennart's copyright linesLennart Poettering2018-06-141-3/+0
| | | | | | | | | | | These lines are generally out-of-date, incomplete and unnecessary. With SPDX and git repository much more accurate and fine grained information about licensing and authorship is available, hence let's drop the per-file copyright notice. Of course, removing copyright lines of others is problematic, hence this commit only removes my own lines and leaves all others untouched. It might be nicer if sooner or later those could go away too, making git the only and accurate source of authorship information.
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141-2/+0
| | | | | | | | | | | | | | | | This part of the copyright blurb stems from the GPL use recommendations: https://www.gnu.org/licenses/gpl-howto.en.html The concept appears to originate in times where version control was per file, instead of per tree, and was a way to glue the files together. Ultimately, we nowadays don't live in that world anymore, and this information is entirely useless anyway, as people are very welcome to copy these files into any projects they like, and they shouldn't have to change bits that are part of our copyright header for that. hence, let's just get rid of this old cruft, and shorten our codebase a bit.
* Merge pull request #8812 from keszybz/gpt-auto-memleakLennart Poettering2018-04-251-38/+31
|\ | | | | gpt-auto-generator: use stack variables and fix minor memleak
| * gpt-auto-generator: emit warnings and fail if we fail to query mount pointsZbigniew Jędrzejewski-Szmek2018-04-251-13/+16
| | | | | | | | | | | | | | | | | | | | | | Right now gpt-auto-generator will iterate through all mount entries, and silently ignore failure to check if the mount point target is empty. This can hide real errors (in particular from MAC), so instead let's warn and return failure at the end if this happens. We will still iterate over other candidates, so there should be no change in behaviour. Logging is moved into path_is_busy() to avoid the duplication of the same logging code in the two callers.
| * gpt-auto-generator: use stack variables and fix minor memleakZbigniew Jędrzejewski-Szmek2018-04-251-25/+15
| |
* | tree-wide: drop redundant _cleanup_ macros (#8810)Lennart Poettering2018-04-251-2/+2
|/ | | | | | | | | | | | | | | | | | | | | | | | | | This drops a good number of type-specific _cleanup_ macros, and patches all users to just use the generic ones. In most recent code we abstained from defining type-specific macros, and this basically removes all those added already, with the exception of the really low-level ones. Having explicit macros for this is not too useful, as the expression without the extra macro is generally just 2ch wider. We should generally emphesize generic code, unless there are really good reasons for specific code, hence let's follow this in this case too. Note that _cleanup_free_ and similar really low-level, libc'ish, Linux API'ish macros continue to be defined, only the really high-level OO ones are dropped. From now on this should really be the rule: for really low-level stuff, such as memory allocation, fd handling and so one, go ahead and define explicit per-type macros, but for high-level, specific program code, just use the generic _cleanup_() macro directly, in order to keep things simple and as readable as possible for the uninitiated. Note that before this patch some of the APIs (notable libudev ones) were already used with the high-level macros at some places and with the generic _cleanup_ macro at others. With this patch we hence unify on the latter.
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
| | | | | | | | | | Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
* log: remove LOG_TARGET_SAFE pseudo log targetLennart Poettering2018-01-241-1/+2
| | | | | | | | | | | | | This removes LOG_TARGET_SAFE. It's made redundant by the new "prohibit-ipc" logging flag, as it used to have a similar effect: avoid logging to the journal/syslog, i.e. any local services in order to avoid deadlocks when we lock from PID 1 or its utility processes (such as generators). All previous users of LOG_TARGET_SAFE are switched over to the new setting. This makes things a bit safer for all, as not even the SYSTEMD_LOG_TARGET env var can be used to accidentally log to the journal anymore in these programs.
View Lorry Controller Status