creds-util: add common helper for determinign global boot credentials path

It's very useful being able to determine the directory where to write global boot credentials to, that are picked up by all kernels.
author: Lennart Poettering <lennart@poettering.net> 2024-06-06 12:14:35 +0200
committer: Luca Boccassi <luca.boccassi@gmail.com> 2024-06-15 00:52:35 +0200
commit: 7d9a8cc4acabb1ebd957c2879971d0c7a01387f1 (patch)
tree: a4286e3b1f3cf2e8a602dbb397677fc592e4ba33 /src/shared/creds-util.c
parent: fs-util: add simple open_mkdir() wrapper (diff)
download: systemd-7d9a8cc4acabb1ebd957c2879971d0c7a01387f1.tar.xz
systemd-7d9a8cc4acabb1ebd957c2879971d0c7a01387f1.zip
1 files changed, 51 insertions, 0 deletions
diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c
index eaf772bff2..e99477997a 100644
--- a/src/shared/creds-util.c
+++ b/src/shared/creds-util.c
@@ -19,6 +19,7 @@
 #include "env-util.h"
 #include "fd-util.h"
 #include "fileio.h"
+#include "find-esp.h"
 #include "format-util.h"
 #include "fs-util.h"
 #include "io-util.h"
@@ -1657,6 +1658,56 @@ int ipc_decrypt_credential(const char *validate_name, usec_t validate_timestamp,
         return 0;
 }
 
+int get_global_boot_credentials_path(char **ret) {
+        _cleanup_free_ char *path = NULL;
+        int r;
+
+        assert(ret);
+
+        /* Determines where to put global boot credentials in. Returns the path to the "/loader/credentials/"
+         * directory below the XBOOTLDR or ESP partition. Any credentials placed in this directory can be
+         * picked up later in the initrd. */
+
+        r = find_xbootldr_and_warn(
+                        /* root= */ NULL,
+                        /* path= */ NULL,
+                        /* unprivileged_mode= */ false,
+                        &path,
+                        /* ret_uuid= */ NULL,
+                        /* ret_devid= */ NULL);
+        if (r < 0) {
+                if (r != -ENOKEY)
+                        return log_error_errno(r, "Failed to find XBOOTLDR partition: %m");
+
+                r = find_esp_and_warn(
+                                /* root= */ NULL,
+                                /* path= */ NULL,
+                                /* unprivileged_mode= */ false,
+                                &path,
+                                /* ret_part= */ NULL,
+                                /* ret_pstart= */ NULL,
+                                /* ret_psize= */ NULL,
+                                /* ret_uuid= */ NULL,
+                                /* ret_devid= */ NULL);
+                if (r < 0) {
+                        if (r != -ENOKEY)
+                                return log_error_errno(r, "Failed to find ESP partition: %m");
+
+                        *ret = NULL;
+                        return 0; /* not found! */
+                }
+        }
+
+        _cleanup_free_ char *joined = path_join(path, "loader/credentials");
+        if (!joined)
+                return log_oom();
+
+        log_debug("Determined global boot credentials path as: %s", joined);
+
+        *ret = TAKE_PTR(joined);
+        return 1; /* found! */
+}
+
 static int pick_up_credential_one(
                 int credential_dir_fd,
                 const char *credential_name,
author	Lennart Poettering <lennart@poettering.net>	2024-06-06 12:14:35 +0200
committer	Luca Boccassi <luca.boccassi@gmail.com>	2024-06-15 00:52:35 +0200
commit	7d9a8cc4acabb1ebd957c2879971d0c7a01387f1 (patch)
tree	a4286e3b1f3cf2e8a602dbb397677fc592e4ba33 /src/shared/creds-util.c
parent	fs-util: add simple open_mkdir() wrapper (diff)
download	systemd-7d9a8cc4acabb1ebd957c2879971d0c7a01387f1.tar.xz systemd-7d9a8cc4acabb1ebd957c2879971d0c7a01387f1.zip