repart: make No-Auto GPT partition flag configurable too

This is useful for provisioning initially empty secondary A/B root file
systems. We don't want those to ever be considered for automatic
mounting, for example in "systemd-nspawn --image=", hence we should
create them with the No-Auto flag turned on. Once a file system image is
dropped into the partition the flag may be turned off by the updater
tool, so that it is considered from then on.

Thew new option for this is called NoAuto. I dislike negated options
like this, but this is taken from the naming in the spec, which in turn
inherited the name from the same flag for Microsoft Data Partitions. To
minimize confusion, let's stick to the name hence.

man/repart.d.xml

@@ -571,33 +571,34 @@
       <varlistentry>
         <term><varname>Flags=</varname></term>
 
-        <listitem><para>Configures the 64bit GPT partition flags to set for the partition when creating
+        <listitem><para>Configures the 64bit GPT partition flags field to set for the partition when creating
         it. This option has no effect if the partition already exists. If not specified the flags values is
-        set to all zeroes, except if the partition type (as configured with <varname>Type=</varname> above)
+        set to all zeroes, except for the three bits that can also be configured via
-        refers to a Verity partition, in which case bit 60 is set (i.e. the read-only bit). This bit may also
+        <varname>NoAuto=</varname>, <varname>ReadOnly=</varname> and <varname>GrowFileSystem=</varname>; see
-        be configured separately via <varname>ReadOnly=</varname>, see below. Specify the flags value in
+        below for details on the defaults for these three flags. Specify the flags value in hexadecimal (by
-        hexadecimal (by prefixing it with <literal>0x</literal>), binary (prefix <literal>0b</literal>) or
+        prefixing it with <literal>0x</literal>), binary (prefix <literal>0b</literal>) or decimal (no
-        decimal (no prefix).</para></listitem>
+        prefix).</para></listitem>
       </varlistentry>
 
       <varlistentry>
+        <term><varname>NoAuto=</varname></term>
         <term><varname>ReadOnly=</varname></term>
         <term><varname>GrowFileSystem=</varname></term>
 
-        <listitem><para>Configures the Read-Only and Grow-File-System partition flags (bit 60 and 59) of the
+        <listitem><para>Configures the No-Auto, Read-Only and Grow-File-System partition flags (bit 63, 60
-        partition table entry, as defined by the <ulink
+        and 59) of the partition table entry, as defined by the <ulink
         url="https://systemd.io/DISCOVERABLE_PARTITIONS">Discoverable Partitions Specification</ulink>. Only
-        available for partition types supported by the specification. This option is a friendly way to set bit
+        available for partition types supported by the specification. This option is a friendly way to set
-        60 and 59 of the partition flags value without setting any of the other bits, and may be set via
+        bits 63, 60 and 59 of the partition flags value without setting any of the other bits, and may be set
-        <varname>Flags=</varname> too, see above.</para>
+        via <varname>Flags=</varname> too, see above.</para>
 
-        <para>If <varname>Flags=</varname> is used in conjunction with one or both of
+        <para>If <varname>Flags=</varname> is used in conjunction with one or more of
-        <varname>ReadOnly=</varname>/<varname>GrowFileSystem=</varname> the latter control the value of the
+        <varname>NoAuto=</varname>/<varname>ReadOnly=</varname>/<varname>GrowFileSystem=</varname> the latter
-        relevant flags, i.e. the high-level settings
+        control the value of the relevant flags, i.e. the high-level settings
-        <varname>ReadOnly=</varname>/<varname>GrowFileSystem=</varname> override the low-level setting
+        <varname>NoAuto=</varname>/<varname>ReadOnly=</varname>/<varname>GrowFileSystem=</varname> override
-        <varname>Flags=</varname>.</para>
+        the relevant bits of the low-level setting <varname>Flags=</varname>.</para>
 
-        <para>Note that the two flags affect only automatic partition mounting, as implemented by
+        <para>Note that the three flags affect only automatic partition mounting, as implemented by
         <citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
         or the <option>--image=</option> option of various commands (such as
         <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>). It
@@ -611,10 +612,10 @@
         precedence in most tools reading these flags, and since growing the file system involves writing to
         the partition it is consequently ignored.</para>
 
-        <para><varname>ReadOnly=</varname> defaults to on for Verity partition
+        <para><varname>NoAuto=</varname> defaults to off. <varname>ReadOnly=</varname> defaults to on for
-        types. <varname>GrowFileSystem=</varname> defaults to on for all partition types that support it,
+        Verity partition types, and off for all others. <varname>GrowFileSystem=</varname> defaults to on for
-        except if the partition is marked read-only (and thus effectively, defaults to off for Verity
+        all partition types that support it, except if the partition is marked read-only (and thus
-        partitions).</para></listitem>
+        effectively, defaults to off for Verity partitions).</para></listitem>
       </varlistentry>
     </variablelist>
   </refsect1>

man/systemd-resolved.service.xml

@@ -242,7 +242,7 @@
       control of the client library. <filename>nss-dns</filename> will first try to resolve names using
       search domains and even if those queries are routed to <filename>systemd-resolved</filename>, it will
       send them out over the network using the usual rules for multi-label name routing <footnote><para>For
-      example, if <filename>/etc/nsswitch.conf</filename> has <programlisting>nameserver 127.0.0.53
+      example, if <filename>/etc/resolv.conf</filename> has <programlisting>nameserver 127.0.0.53
 search foobar.com barbar.com
       </programlisting>and we look up <literal>localhost</literal>, <filename>nss-dns</filename> will send
       the following queries to <filename>systemd-resolved</filename> listening on 127.0.0.53:53: first

src/basic/path-util.c

@@ -514,10 +514,6 @@ int path_compare(const char *a, const char *b) {
         }
 }
 
-bool path_equal(const char *a, const char *b) {
-        return path_compare(a, b) == 0;
-}
-
 bool path_equal_or_files_same(const char *a, const char *b, int flags) {
         return path_equal(a, b) || files_same(a, b, flags) > 0;
 }

src/basic/path-util.h

@@ -62,7 +62,11 @@ static inline char* path_startswith(const char *path, const char *prefix) {
         return path_startswith_full(path, prefix, true);
 }
 int path_compare(const char *a, const char *b) _pure_;
-bool path_equal(const char *a, const char *b) _pure_;
+
+static inline bool path_equal(const char *a, const char *b) {
+        return path_compare(a, b) == 0;
+}
+
 bool path_equal_or_files_same(const char *a, const char *b, int flags);
 /* Compares only the last portion of the input paths, ie: the filenames */
 bool path_equal_filename(const char *a, const char *b);

src/partition/repart.c

@@ -169,6 +169,7 @@ struct Partition {
         EncryptMode encrypt;
 
         uint64_t gpt_flags;
+        int no_auto;
         int read_only;
         int growfs;
 
@@ -243,6 +244,7 @@ static Partition *partition_new(void) {
                 .offset = UINT64_MAX,
                 .copy_blocks_fd = -1,
                 .copy_blocks_size = UINT64_MAX,
+                .no_auto = -1,
                 .read_only = -1,
                 .growfs = -1,
         };
@@ -1312,6 +1314,7 @@ static int partition_read_definition(Partition *p, const char *path) {
                 { "Partition", "Encrypt",         config_parse_encrypt,     0, &p->encrypt          },
                 { "Partition", "Flags",           config_parse_gpt_flags,   0, &p->gpt_flags        },
                 { "Partition", "ReadOnly",        config_parse_tristate,    0, &p->read_only        },
+                { "Partition", "NoAuto",          config_parse_tristate,    0, &p->no_auto          },
                 { "Partition", "GrowFileSystem",  config_parse_tristate,    0, &p->growfs           },
                 {}
         };
@@ -3269,6 +3272,17 @@ static uint64_t partition_merge_flags(Partition *p) {
 
         f = p->gpt_flags;
 
+        if (p->no_auto >= 0) {
+                if (gpt_partition_type_knows_no_auto(p->type_uuid))
+                        SET_FLAG(f, GPT_FLAG_NO_AUTO, p->no_auto);
+                else {
+                        char buffer[ID128_UUID_STRING_MAX];
+                        log_warning("Configured NoAuto=%s for partition type '%s' that doesn't support it, ignoring.",
+                                    yes_no(p->no_auto),
+                                    gpt_partition_type_uuid_to_string_harder(p->type_uuid, buffer));
+                }
+        }
+
         if (p->read_only >= 0) {
                 if (gpt_partition_type_knows_read_only(p->type_uuid))
                         SET_FLAG(f, GPT_FLAG_READ_ONLY, p->read_only);
@@ -3409,7 +3423,7 @@ static int context_mangle_partitions(Context *context) {
                         if (r < 0)
                                 return log_error_errno(r, "Failed to set partition label: %m");
 
-                        /* Merge the read only + growfs setting with the literal flags, and set them for the partition */
+                        /* Merge the no auto + read only + growfs setting with the literal flags, and set them for the partition */
                         r = set_gpt_flags(q, partition_merge_flags(p));
                         if (r < 0)
                                 return log_error_errno(r, "Failed to set GPT partition flags: %m");

src/shared/gpt.c

@@ -174,3 +174,17 @@ bool gpt_partition_type_knows_growfs(sd_id128_t id) {
                                 GPT_TMP,
                                 GPT_XBOOTLDR);
 }
+
+bool gpt_partition_type_knows_no_auto(sd_id128_t id) {
+        return gpt_partition_type_is_root(id) ||
+                gpt_partition_type_is_root_verity(id) ||
+                gpt_partition_type_is_usr(id) ||
+                gpt_partition_type_is_usr_verity(id) ||
+                sd_id128_in_set(id,
+                                GPT_HOME,
+                                GPT_SRV,
+                                GPT_VAR,
+                                GPT_TMP,
+                                GPT_XBOOTLDR,
+                                GPT_SWAP);
+}

src/shared/gpt.h

@@ -140,3 +140,4 @@ bool gpt_partition_type_is_usr_verity(sd_id128_t id);
 
 bool gpt_partition_type_knows_read_only(sd_id128_t id);
 bool gpt_partition_type_knows_growfs(sd_id128_t id);
+bool gpt_partition_type_knows_no_auto(sd_id128_t id);

test/units/testsuite-11.sh

@@ -4,9 +4,10 @@ set -o pipefail
 
 systemctl --no-block start fail-on-restart.service
 active_state=$(systemctl show --value --property ActiveState fail-on-restart.service)
-while [[ "$active_state" == "activating" || "$active_state" == "active" ]]; do
+while [[ "$active_state" == "activating" || "$active_state" =~ ^(in)?active$ ]]; do
-    sleep 1
+    sleep .5
     active_state=$(systemctl show --value --property ActiveState fail-on-restart.service)
 done
 systemctl is-failed fail-on-restart.service || exit 1
+[[ "$(systemctl show --value --property NRestarts fail-on-restart.service)" -le 3 ]] || exit 1
 touch /testok