mirror of
https://github.com/systemd/systemd
synced 2026-04-24 07:55:12 +02:00
Compare commits
No commits in common. "d6d450074ff7729d43476804e0e19c049c03141d" and "f81ac115dc1b2688756ffc78599ce98f31c57195" have entirely different histories.
d6d450074f
...
f81ac115dc
5
TODO
5
TODO
@ -78,11 +78,6 @@ Janitorial Clean-ups:
|
||||
|
||||
Features:
|
||||
|
||||
* support uefi/http boots with sd-boot: instead of looking for dropin files in
|
||||
/loader/entries/ dir, look for a file /loader/entries/SHA256SUMS and use that
|
||||
as directory manifest. The file would be a standard directory listing as
|
||||
generated by GNU sha256sums.
|
||||
|
||||
* initialize machine ID from systemd credential picked up from the ESP via
|
||||
sd-stub, so that machine ID is stable even on systems where unified kernels
|
||||
are used, and hence kernel cmdline cannot be modified locally
|
||||
|
||||
@ -30,7 +30,7 @@ manpages = [
|
||||
['journalctl', '1', [], ''],
|
||||
['journald.conf', '5', ['journald.conf.d', 'journald@.conf'], ''],
|
||||
['kernel-command-line', '7', [], ''],
|
||||
['kernel-install', '8', [], 'ENABLE_KERNEL_INSTALL'],
|
||||
['kernel-install', '8', [], ''],
|
||||
['libudev', '3', [], ''],
|
||||
['loader.conf', '5', [], 'HAVE_GNU_EFI'],
|
||||
['locale.conf', '5', [], ''],
|
||||
|
||||
@ -1675,9 +1675,6 @@ else
|
||||
endif
|
||||
conf.set10('ENABLE_IMPORTD', have)
|
||||
|
||||
want_kernel_install = get_option('kernel-install')
|
||||
conf.set10('ENABLE_KERNEL_INSTALL', want_kernel_install)
|
||||
|
||||
want_homed = get_option('homed')
|
||||
if want_homed != 'false'
|
||||
have = (conf.get('HAVE_OPENSSL') == 1 and
|
||||
@ -4146,7 +4143,7 @@ foreach tuple : [
|
||||
['hwdb'],
|
||||
['importd'],
|
||||
['initrd'],
|
||||
['kernel-install'],
|
||||
['kernel-install', get_option('kernel-install')],
|
||||
['localed'],
|
||||
['logind'],
|
||||
['machined'],
|
||||
|
||||
@ -31,7 +31,7 @@ items = [['busctl', ''],
|
||||
['systemd-path', ''],
|
||||
['systemd-run', ''],
|
||||
['udevadm', ''],
|
||||
['kernel-install', 'ENABLE_KERNEL_INSTALL'],
|
||||
['kernel-install', ''],
|
||||
['bootctl', 'HAVE_GNU_EFI'],
|
||||
['coredumpctl', 'ENABLE_COREDUMP'],
|
||||
['homectl', 'ENABLE_HOMED'],
|
||||
|
||||
@ -22,7 +22,7 @@ items = [['_busctl', ''],
|
||||
['_systemd-path', ''],
|
||||
['_systemd-run', ''],
|
||||
['_udevadm', ''],
|
||||
['_kernel-install', 'ENABLE_KERNEL_INSTALL'],
|
||||
['_kernel-install', ''],
|
||||
['_sd_hosts_or_user_at_host', ''],
|
||||
['_sd_outputmodes', ''],
|
||||
['_sd_unit_files', ''],
|
||||
|
||||
@ -14,11 +14,10 @@
|
||||
#include "mkdir.h"
|
||||
#include "parse-util.h"
|
||||
#include "pretty-print.h"
|
||||
#include "process-util.h"
|
||||
#include "terminal-util.h"
|
||||
#include "reboot-util.h"
|
||||
#include "string-util.h"
|
||||
#include "strv.h"
|
||||
#include "terminal-util.h"
|
||||
#include "util.h"
|
||||
|
||||
static int help(void) {
|
||||
@ -369,7 +368,7 @@ static int run(int argc, char *argv[]) {
|
||||
|
||||
log_setup();
|
||||
|
||||
if (argv_looks_like_help(argc, argv))
|
||||
if (strv_contains(strv_skip(argv, 1), "--help"))
|
||||
return help();
|
||||
|
||||
if (argc != 3)
|
||||
|
||||
@ -174,23 +174,13 @@ void* greedy_realloc0(void **p, size_t need, size_t size);
|
||||
* is compatible with _FORTIFY_SOURCES. If _FORTIFY_SOURCES is used many memory operations will take the
|
||||
* object size as returned by __builtin_object_size() into account. Hence, let's return the smaller size of
|
||||
* malloc_usable_size() and __builtin_object_size() here, so that we definitely operate in safe territory by
|
||||
* both the compiler's and libc's standards. Note that _FORTIFY_SOURCES=3 handles also dynamically allocated
|
||||
* objects and thus it's safer using __builtin_dynamic_object_size if _FORTIFY_SOURCES=3 is used (#22801).
|
||||
* Moreover, when NULL is passed malloc_usable_size() is documented to return zero, and
|
||||
* both the compiler's and libc's standards. Note that __builtin_object_size() evaluates to SIZE_MAX if the
|
||||
* size cannot be determined, hence the MIN() expression should be safe with dynamically sized memory,
|
||||
* too. Moreover, when NULL is passed malloc_usable_size() is documented to return zero, and
|
||||
* __builtin_object_size() returns SIZE_MAX too, hence we also return a sensible value of 0 in this corner
|
||||
* case. */
|
||||
|
||||
#if defined __has_builtin
|
||||
# if __has_builtin(__builtin_dynamic_object_size)
|
||||
# define MALLOC_SIZEOF_SAFE(x) \
|
||||
MIN(malloc_usable_size(x), __builtin_dynamic_object_size(x, 0))
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#ifndef MALLOC_SIZEOF_SAFE
|
||||
#define MALLOC_SIZEOF_SAFE(x) \
|
||||
MIN(malloc_usable_size(x), __builtin_object_size(x, 0))
|
||||
#endif
|
||||
|
||||
/* Inspired by ELEMENTSOF() but operates on malloc()'ed memory areas: typesafely returns the number of items
|
||||
* that fit into the specified memory block */
|
||||
|
||||
@ -1615,30 +1615,6 @@ _noreturn_ void freeze(void) {
|
||||
pause();
|
||||
}
|
||||
|
||||
bool argv_looks_like_help(int argc, char **argv) {
|
||||
char **l;
|
||||
|
||||
/* Scans the command line for indications the user asks for help. This is supposed to be called by
|
||||
* tools that do not implement getopt() style command line parsing because they are not primarily
|
||||
* user-facing. Detects four ways of asking for help:
|
||||
*
|
||||
* 1. Passing zero arguments
|
||||
* 2. Passing "help" as first argument
|
||||
* 3. Passing --help as any argument
|
||||
* 4. Passing -h as any argument
|
||||
*/
|
||||
|
||||
if (argc <= 1)
|
||||
return true;
|
||||
|
||||
if (streq_ptr(argv[1], "help"))
|
||||
return true;
|
||||
|
||||
l = strv_skip(argv, 1);
|
||||
|
||||
return strv_contains(l, "--help") ||
|
||||
strv_contains(l, "-h");
|
||||
}
|
||||
|
||||
static const char *const sigchld_code_table[] = {
|
||||
[CLD_EXITED] = "exited",
|
||||
|
||||
@ -191,5 +191,3 @@ int setpriority_closest(int priority);
|
||||
bool invoked_as(char *argv[], const char *token);
|
||||
|
||||
_noreturn_ void freeze(void);
|
||||
|
||||
bool argv_looks_like_help(int argc, char **argv);
|
||||
|
||||
@ -34,7 +34,6 @@
|
||||
#include "path-util.h"
|
||||
#include "pkcs11-util.h"
|
||||
#include "pretty-print.h"
|
||||
#include "process-util.h"
|
||||
#include "random-util.h"
|
||||
#include "string-util.h"
|
||||
#include "strv.h"
|
||||
@ -851,7 +850,7 @@ static int acquire_pins_from_env_variable(char ***ret_pins) {
|
||||
}
|
||||
#endif
|
||||
|
||||
static int attach_luks2_by_fido2_via_plugin(
|
||||
static int attach_luks2_by_fido2(
|
||||
struct crypt_device *cd,
|
||||
const char *name,
|
||||
usec_t until,
|
||||
@ -981,7 +980,7 @@ static int attach_luks_or_plain_or_bitlk_by_fido2(
|
||||
|
||||
for (;;) {
|
||||
if (use_libcryptsetup_plugin && !arg_fido2_cid) {
|
||||
r = attach_luks2_by_fido2_via_plugin(cd, name, until, arg_headless, arg_fido2_device, flags);
|
||||
r = attach_luks2_by_fido2(cd, name, until, arg_headless, arg_fido2_device, flags);
|
||||
if (IN_SET(r, -ENOTUNIQ, -ENXIO, -ENOENT))
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN),
|
||||
"Automatic FIDO2 metadata discovery was not possible because missing or not unique, falling back to traditional unlocking.");
|
||||
@ -1054,7 +1053,7 @@ static int attach_luks_or_plain_or_bitlk_by_fido2(
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int attach_luks2_by_pkcs11_via_plugin(
|
||||
static int attach_luks2_by_pkcs11(
|
||||
struct crypt_device *cd,
|
||||
const char *name,
|
||||
const char *friendly_name,
|
||||
@ -1134,7 +1133,7 @@ static int attach_luks_or_plain_or_bitlk_by_pkcs11(
|
||||
|
||||
for (;;) {
|
||||
if (use_libcryptsetup_plugin && arg_pkcs11_uri_auto)
|
||||
r = attach_luks2_by_pkcs11_via_plugin(cd, name, friendly, until, arg_headless, flags);
|
||||
r = attach_luks2_by_pkcs11(cd, name, friendly, until, arg_headless, flags);
|
||||
else {
|
||||
r = decrypt_pkcs11_key(
|
||||
name,
|
||||
@ -1247,7 +1246,7 @@ static int make_tpm2_device_monitor(
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int attach_luks2_by_tpm2_via_plugin(
|
||||
static int attach_luks2_by_tpm2(
|
||||
struct crypt_device *cd,
|
||||
const char *name,
|
||||
uint32_t flags) {
|
||||
@ -1323,28 +1322,23 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2(
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 PIN unlock failed, falling back to traditional unlocking.");
|
||||
if (ERRNO_IS_NOT_SUPPORTED(r)) /* TPM2 support not compiled in? */
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 support not available, falling back to traditional unlocking.");
|
||||
/* EAGAIN means: no tpm2 chip found */
|
||||
if (r != -EAGAIN) {
|
||||
log_notice_errno(r, "TPM2 operation failed, falling back to traditional unlocking: %m");
|
||||
return -EAGAIN; /* Mangle error code: let's make any form of TPM2 failure non-fatal. */
|
||||
}
|
||||
if (r != -EAGAIN) /* EAGAIN means: no tpm2 chip found */
|
||||
return r;
|
||||
} else {
|
||||
r = attach_luks2_by_tpm2_via_plugin(cd, name, flags);
|
||||
r = attach_luks2_by_tpm2(cd, name, flags);
|
||||
/* EAGAIN means: no tpm2 chip found
|
||||
* EOPNOTSUPP means: no libcryptsetup plugins support */
|
||||
if (r == -ENXIO)
|
||||
return log_notice_errno(SYNTHETIC_ERRNO(EAGAIN),
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN),
|
||||
"No TPM2 metadata matching the current system state found in LUKS2 header, falling back to traditional unlocking.");
|
||||
if (r == -ENOENT)
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN),
|
||||
"No TPM2 metadata enrolled in LUKS2 header or TPM2 support not available, falling back to traditional unlocking.");
|
||||
if (!IN_SET(r, -EOPNOTSUPP, -EAGAIN)) {
|
||||
log_notice_errno(r, "TPM2 operation failed, falling back to traditional unlocking: %m");
|
||||
return -EAGAIN; /* Mangle error code: let's make any form of TPM2 failure non-fatal. */
|
||||
}
|
||||
if (!IN_SET(r, -EOPNOTSUPP, -EAGAIN))
|
||||
return r;
|
||||
}
|
||||
|
||||
if (r == -EOPNOTSUPP) { /* Plugin not available, let's process TPM2 stuff right here instead */
|
||||
if (r == -EOPNOTSUPP) {
|
||||
_cleanup_free_ void *blob = NULL, *policy_hash = NULL;
|
||||
size_t blob_size, policy_hash_size;
|
||||
bool found_some = false;
|
||||
@ -1373,8 +1367,7 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2(
|
||||
&tpm2_flags);
|
||||
if (r == -ENXIO)
|
||||
/* No further TPM2 tokens found in the LUKS2 header. */
|
||||
return log_full_errno(found_some ? LOG_NOTICE : LOG_DEBUG,
|
||||
SYNTHETIC_ERRNO(EAGAIN),
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN),
|
||||
found_some
|
||||
? "No TPM2 metadata matching the current system state found in LUKS2 header, falling back to traditional unlocking."
|
||||
: "No TPM2 metadata enrolled in LUKS2 header, falling back to traditional unlocking.");
|
||||
@ -1400,7 +1393,7 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2(
|
||||
arg_ask_password_flags,
|
||||
&decrypted_key, &decrypted_key_size);
|
||||
if (IN_SET(r, -EACCES, -ENOLCK))
|
||||
return log_notice_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 PIN unlock failed, falling back to traditional unlocking.");
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 PIN unlock failed, falling back to traditional unlocking.");
|
||||
if (r != -EPERM)
|
||||
break;
|
||||
|
||||
@ -1409,11 +1402,8 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2(
|
||||
|
||||
if (r >= 0)
|
||||
break;
|
||||
/* EAGAIN means: no tpm2 chip found */
|
||||
if (r != -EAGAIN) {
|
||||
log_notice_errno(r, "TPM2 operation failed, falling back to traditional unlocking: %m");
|
||||
return -EAGAIN; /* Mangle error code: let's make any form of TPM2 failure non-fatal. */
|
||||
}
|
||||
if (r != -EAGAIN) /* EAGAIN means: no tpm2 chip found */
|
||||
return r;
|
||||
}
|
||||
|
||||
if (!monitor) {
|
||||
@ -1728,7 +1718,7 @@ static int run(int argc, char *argv[]) {
|
||||
const char *verb;
|
||||
int r;
|
||||
|
||||
if (argv_looks_like_help(argc, argv))
|
||||
if (argc <= 1)
|
||||
return help();
|
||||
|
||||
if (argc < 3)
|
||||
@ -1760,8 +1750,8 @@ static int run(int argc, char *argv[]) {
|
||||
|
||||
volume = argv[2];
|
||||
source = argv[3];
|
||||
key_file = mangle_none(argc >= 5 ? argv[4] : NULL);
|
||||
options = mangle_none(argc >= 6 ? argv[5] : NULL);
|
||||
key_file = argc >= 5 && !STR_IN_SET(argv[4], "", "-", "none") ? argv[4] : NULL;
|
||||
options = argc >= 6 && !STR_IN_SET(argv[5], "", "-", "none") ? argv[5] : NULL;
|
||||
|
||||
if (!filename_is_valid(volume))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", volume);
|
||||
|
||||
@ -12,10 +12,9 @@
|
||||
#include "log.h"
|
||||
#include "main-func.h"
|
||||
#include "memory-util.h"
|
||||
#include "parse-util.h"
|
||||
#include "path-util.h"
|
||||
#include "parse-util.h"
|
||||
#include "pretty-print.h"
|
||||
#include "process-util.h"
|
||||
#include "string-util.h"
|
||||
#include "terminal-util.h"
|
||||
|
||||
@ -88,16 +87,19 @@ static const char *integrity_algorithm_select(const void *key_file_buf) {
|
||||
|
||||
static int run(int argc, char *argv[]) {
|
||||
_cleanup_(crypt_freep) struct crypt_device *cd = NULL;
|
||||
char *verb, *volume;
|
||||
int r;
|
||||
char *action, *volume;
|
||||
|
||||
if (argv_looks_like_help(argc, argv))
|
||||
if (argc <= 1 ||
|
||||
strv_contains(strv_skip(argv, 1), "--help") ||
|
||||
strv_contains(strv_skip(argv, 1), "-h") ||
|
||||
streq(argv[1], "help"))
|
||||
return help();
|
||||
|
||||
if (argc < 3)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "This program requires at least two arguments.");
|
||||
|
||||
verb = argv[1];
|
||||
action = argv[1];
|
||||
volume = argv[2];
|
||||
|
||||
log_setup();
|
||||
@ -106,7 +108,7 @@ static int run(int argc, char *argv[]) {
|
||||
|
||||
umask(0022);
|
||||
|
||||
if (streq(verb, "attach")) {
|
||||
if (streq(action, "attach")) {
|
||||
/* attach name device optional_key_file optional_options */
|
||||
|
||||
crypt_status_info status;
|
||||
@ -121,11 +123,8 @@ static int run(int argc, char *argv[]) {
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "attach has a maximum of five arguments.");
|
||||
|
||||
device = argv[3];
|
||||
key_file = mangle_none(argc > 4 ? argv[4] : NULL);
|
||||
options = mangle_none(argc > 5 ? argv[5] : NULL);
|
||||
|
||||
if (!filename_is_valid(volume))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", volume);
|
||||
key_file = (argc > 4) ? empty_or_dash_to_null(argv[4]) : NULL;
|
||||
options = (argc > 5) ? empty_or_dash_to_null(argv[5]) : NULL;
|
||||
|
||||
if (key_file) {
|
||||
r = load_key_file(key_file, &key_buf, &key_buf_size);
|
||||
@ -172,19 +171,14 @@ static int run(int argc, char *argv[]) {
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to set up integrity device: %m");
|
||||
|
||||
} else if (streq(verb, "detach")) {
|
||||
} else if (streq(action, "detach")) {
|
||||
|
||||
if (argc > 3)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "detach has a maximum of two arguments.");
|
||||
|
||||
if (!filename_is_valid(volume))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", volume);
|
||||
|
||||
r = crypt_init_by_name(&cd, volume);
|
||||
if (r == -ENODEV) {
|
||||
log_info("Volume %s already inactive.", volume);
|
||||
if (r == -ENODEV)
|
||||
return 0;
|
||||
}
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "crypt_init_by_name() failed: %m");
|
||||
|
||||
@ -195,7 +189,7 @@ static int run(int argc, char *argv[]) {
|
||||
return log_error_errno(r, "Failed to deactivate: %m");
|
||||
|
||||
} else
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unknown verb %s.", verb);
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unknown verb %s.", action);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -1,5 +1,7 @@
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
want_kernel_install = get_option('kernel-install')
|
||||
|
||||
if want_kernel_install
|
||||
install_data('kernel-install',
|
||||
install_mode : 'rwxr-xr-x',
|
||||
|
||||
@ -86,8 +86,3 @@ static inline void sym_crypt_free(struct crypt_device* cd) {}
|
||||
static inline void sym_crypt_freep(struct crypt_device** cd) {}
|
||||
|
||||
#endif
|
||||
|
||||
static inline const char *mangle_none(const char *s) {
|
||||
/* A helper that turns cryptsetup/integritysetup/veritysetup "options" strings into NULL if they are effectively empty */
|
||||
return isempty(s) || STR_IN_SET(s, "-", "none") ? NULL : s;
|
||||
}
|
||||
|
||||
@ -12,7 +12,6 @@
|
||||
#include "main-func.h"
|
||||
#include "path-util.h"
|
||||
#include "pretty-print.h"
|
||||
#include "process-util.h"
|
||||
#include "string-util.h"
|
||||
#include "terminal-util.h"
|
||||
|
||||
@ -112,10 +111,12 @@ static int parse_options(const char *options) {
|
||||
|
||||
static int run(int argc, char *argv[]) {
|
||||
_cleanup_(crypt_freep) struct crypt_device *cd = NULL;
|
||||
const char *verb;
|
||||
int r;
|
||||
|
||||
if (argv_looks_like_help(argc, argv))
|
||||
if (argc <= 1 ||
|
||||
strv_contains(strv_skip(argv, 1), "--help") ||
|
||||
strv_contains(strv_skip(argv, 1), "-h") ||
|
||||
streq(argv[1], "help"))
|
||||
return help();
|
||||
|
||||
if (argc < 3)
|
||||
@ -127,10 +128,7 @@ static int run(int argc, char *argv[]) {
|
||||
|
||||
umask(0022);
|
||||
|
||||
verb = argv[1];
|
||||
|
||||
if (streq(verb, "attach")) {
|
||||
const char *volume, *data_device, *verity_device, *root_hash, *options;
|
||||
if (streq(argv[1], "attach")) {
|
||||
_cleanup_free_ void *m = NULL;
|
||||
crypt_status_info status;
|
||||
size_t l;
|
||||
@ -138,33 +136,24 @@ static int run(int argc, char *argv[]) {
|
||||
if (argc < 6)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "attach requires at least four arguments.");
|
||||
|
||||
volume = argv[2];
|
||||
data_device = argv[3];
|
||||
verity_device = argv[4];
|
||||
root_hash = argv[5];
|
||||
options = mangle_none(argc > 6 ? argv[6] : NULL);
|
||||
|
||||
if (!filename_is_valid(volume))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", volume);
|
||||
|
||||
r = unhexmem(root_hash, SIZE_MAX, &m, &l);
|
||||
r = unhexmem(argv[5], strlen(argv[5]), &m, &l);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to parse root hash: %m");
|
||||
|
||||
r = crypt_init(&cd, verity_device);
|
||||
r = crypt_init(&cd, argv[4]);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to open verity device %s: %m", verity_device);
|
||||
return log_error_errno(r, "Failed to open verity device %s: %m", argv[4]);
|
||||
|
||||
cryptsetup_enable_logging(cd);
|
||||
|
||||
status = crypt_status(cd, volume);
|
||||
status = crypt_status(cd, argv[2]);
|
||||
if (IN_SET(status, CRYPT_ACTIVE, CRYPT_BUSY)) {
|
||||
log_info("Volume %s already active.", volume);
|
||||
log_info("Volume %s already active.", argv[2]);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (options) {
|
||||
r = parse_options(options);
|
||||
if (argc > 6) {
|
||||
r = parse_options(argv[6]);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to parse options: %m");
|
||||
}
|
||||
@ -173,7 +162,7 @@ static int run(int argc, char *argv[]) {
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to load verity superblock: %m");
|
||||
|
||||
r = crypt_set_data_device(cd, data_device);
|
||||
r = crypt_set_data_device(cd, argv[3]);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to configure data device: %m");
|
||||
|
||||
@ -197,26 +186,20 @@ static int run(int argc, char *argv[]) {
|
||||
return log_error_errno(r, "Failed to read root hash signature: %m");
|
||||
}
|
||||
|
||||
r = crypt_activate_by_signed_key(cd, volume, m, l, hash_sig, hash_sig_size, arg_activate_flags);
|
||||
r = crypt_activate_by_signed_key(cd, argv[2], m, l, hash_sig, hash_sig_size, arg_activate_flags);
|
||||
#else
|
||||
assert_not_reached();
|
||||
#endif
|
||||
} else
|
||||
r = crypt_activate_by_volume_key(cd, volume, m, l, arg_activate_flags);
|
||||
r = crypt_activate_by_volume_key(cd, argv[2], m, l, arg_activate_flags);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to set up verity device: %m");
|
||||
|
||||
} else if (streq(verb, "detach")) {
|
||||
const char *volume;
|
||||
} else if (streq(argv[1], "detach")) {
|
||||
|
||||
volume = argv[2];
|
||||
|
||||
if (!filename_is_valid(volume))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", volume);
|
||||
|
||||
r = crypt_init_by_name(&cd, volume);
|
||||
r = crypt_init_by_name(&cd, argv[2]);
|
||||
if (r == -ENODEV) {
|
||||
log_info("Volume %s already inactive.", volume);
|
||||
log_info("Volume %s already inactive.", argv[2]);
|
||||
return 0;
|
||||
}
|
||||
if (r < 0)
|
||||
@ -224,12 +207,12 @@ static int run(int argc, char *argv[]) {
|
||||
|
||||
cryptsetup_enable_logging(cd);
|
||||
|
||||
r = crypt_deactivate(cd, volume);
|
||||
r = crypt_deactivate(cd, argv[2]);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to deactivate: %m");
|
||||
|
||||
} else
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unknown verb %s.", verb);
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unknown verb %s.", argv[1]);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user