summaryrefslogtreecommitdiffstats
path: root/src/gpt-auto-generator/gpt-auto-generator.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpt-auto: remove directory check for ESP mountMichael Ferrari2024-10-161-17/+2
| | | | | | | | | | Ensure that we always attempt to mount the `ESP` partition to `/boot` when there is no `XBOOTLDR` partition. Fixes an issue when booting without a `XBOOTLDR` partition and an empty root partition, since it would mount the `ESP` partition to `/efi/` unconditionally causing boot entries to not be under `/boot/` as recommended by the Boot Loader Specification.
* gpt-auto: use RET_GATHER at one more placeMike Yuan2024-10-151-6/+5
|
* tree-wise: several cleanups for loggingYu Watanabe2024-04-301-1/+1
| | | | | | | | | | | - drop unnecessary SYNTHETIC_ERRNO() when the logger does not propagate error code, - drop unnecessary '%m' in error message when the error code is specified with SYNTHETIC_ERRNO(), - add missing full stop at the end of log message, - use RET_GATHER(), - add missing ", ignoring.", - upeercase the first letter, etc., etc...
* gpt-auto: ignore fstab_has_node failureMike Yuan2024-03-111-2/+2
| | | | | | | | After 8a1326581d9b066377f8d9f2d58e1bdfd8b645d0, we always check whether there're mounts under /boot/ or /efi/ first. Let's relax the check for fstab_has_node hence, since on initrd-less systems it might produce wrong results.
* gpt-auto-generator: fix argument passed to `parse_image_policy_argument`Antonio Alvarez Feijoo2024-02-191-1/+1
| | | | | | | | | | Otherwise: ``` Feb 19 16:35:34 localhost systemd-gpt-auto-generator[188]: Assertion 's' failed at src/shared/image-policy.c:656, function parse_image_policy_argument(). Aborting. ``` Fixes 06e78680e3c36589b785f90ecda64d124905a3f7
* Merge pull request #31181 from fbuihuu/gpt-auto-more-defensiveMike Yuan2024-02-121-46/+15
|\ | | | | gpt-auto-generator: be more defensive when checking the presence of E…
| * gpt-auto-generator: be more defensive when checking the presence of ESP in fstabFranck Bui2024-02-121-46/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Looking for the ESP node is useful to shortcut things but if we're told that the node is not referenced in fstab that doesn't necessarily mean that ESP is not mounted via fstab. Indeed the check is not reliable in all cases. Firstly because it assumes that udev already set the symlinks up. This is not the case for initrd-less boots. Secondly the devname of the ESP partition can be wrongly constructed by the dissect code. For example, the approach which consists in appending "p<partnum>" suffix to construct the partition devname from the disk devname doesn't work for DM devices. Hence this patch makes the logic more defensive and do not mount neither ESP nor XBOOTLDR automatically if any path in paths that starts with /efi or /boot exists.
* | mountpoint-util: introduce path_is_mount_point_fullMike Yuan2024-02-061-1/+1
|/
* gpt-auto-generator: enable TPM2 unlocking in gpt-auto-generatorLennart Poettering2023-11-281-6/+9
| | | | | | | If we detect a TPM, let's also unlock the disk with it, if it has an enrollment for that. Fixes: #30176
* gpt-auto-generator: hook in "growfs" for the root fs if the GPT flag 59 says soLennart Poettering2023-11-151-3/+31
| | | | Fixes: #29791
* gpt-auto-generator: don't eat up errors of generator_enable_remount_fs_service()Lennart Poettering2023-11-151-1/+3
| | | | | | I cannot see a reason why we should ignore this error, so let's not. We use RET_GATHER() on the returns anyway, i.e. collect errors but continue, so it makes sense to collect this one too.
* gpt-auto-generator: add comment + assert() explaining mode of invocationLennart Poettering2023-11-151-0/+5
| | | | We are not invoked in the initrd, and that deserves a comment.
* gpt-auto-generator: drop in_initrd() check in add_partition_root_rw()Lennart Poettering2023-11-151-4/+2
| | | | | | This call is never called in the initrd, hence we can drop the extra check, as it is redundant. Let's keep it as an assert() though, as a form of code-enforced documentation.
* efi-loader: rename efi_stub_measured() → efi_measured_uki()Lennart Poettering2023-09-271-1/+1
| | | | | | | | | | Let's say "uki" rather than "stub", since that is just too generic, and we shouldn't limit us to our own stub anyway, but generally define a concept of a "measured UKI", which is a UKI that measures its part to PCR 11. This is mostly preparation for exposing this check to the user via ConditionSecurity=.
* generators: use generator_open_unit_file where appropriateMike Yuan2023-08-191-31/+16
|
* tree-wise: drop unnecessary use of proc_cmdline_key_streq()Yu Watanabe2023-08-081-5/+5
| | | | | | | If the key does not contain '-' or '_', then it is not necessary to use proc_cmdline_key_streq(), and streq() is sufficient. This also adds missing assertions about 'key' argument.
* gpt-auto-generator: fix warnings about unused func when !ENABLE_EFIZbigniew Jędrzejewski-Szmek2023-07-311-27/+27
|
* gpt-auto: don't mount ESP if there's an fstab entry for itMike Yuan2023-07-291-12/+9
| | | | | | Follow-up for #28511 Fixes #28550
* Merge pull request #28359 from keszybz/ret-gatherDaan De Meyer2023-07-281-46/+25
|\ | | | | Add RET_GATHER macro to make continue-but-remember-first-error functions easier
| * gpt-auto-generator: use RET_GATHER, return first errorZbigniew Jędrzejewski-Szmek2023-07-131-46/+25
| |
* | gpt-auto: skip mounting ESP if fstab for /boot/ uses the same device as ↵Mike Yuan2023-07-261-0/+10
|/ | | | | | | | | | discovered one Follow-up for 6a488fa7cce8124fa885adf8a2f31363fe62f636 Currently, if an fstab entry for /boot/ exists, we'll skip to try /efi/ instead. However, if it's already using the same device as the discovered one, we should not duplicate the mount.
* gpt-auto: expand the loader partition UUID check to include XBOOTLDRMike Yuan2023-06-201-34/+57
| | | | | | | | Before this commit, we only accept the case when LoaderDevicePartUUID points to the ESP, while XBOOTLDR is mounted unconditionally. After this commit, we check if LoaderDevicePartUUID points to either ESP or XBOOTLDR. If it does, mount both, else nothing gets mounted.
* generators: change TimeoutSec=0 to TimeoutSec=infinityLennart Poettering2023-06-061-1/+1
| | | | | | | | | | | | | | | With these settings we intend to turn off timeouts for possibly interactive/slow commands. The officially documented way to turn off the time-outs is to setting them to infinity. So far we set them to zero here though. This lead to some confusiong, for example #18224. Let's fix this by uniformly spelling out TimeoutSec=infinity. This doesn't change behaviour. It just makes our generated files match what we document, without relying on historic compat support. Fixes: #18224
* gpt-auto-generator: rework/simplify logic for picking /efi or /bootZbigniew Jędrzejewski-Szmek2023-05-291-65/+109
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I started looking into https://github.com/uapi-group/specifications/issues/35. BLS says: > Otherwise [no existing XBOOTLDR partition], if on GPT and an ESP is found and > it is large enough (let’s say at least 1G) it should be used as $BOOT and > used as primary location to place boot loader menu resources in. > It is recommended to mount $BOOT to /boot/, and the ESP to /efi/. DPS says: > The ESP used for the current boot is automatically mounted to /efi/ (or > /boot/ as fallback), unless a different partition is mounted there (possibly > via /etc/fstab, or because the Extended Boot Loader Partition — see below — > exists) or the directory is non-empty on the root disk. I don't think we want to mount the same partition in two places. If the same partition is not mounted in two places, then the two specs are contradictory. The code in gpt-auto-generator implemented the logic from the DPS. It is modified to implement the logic from BLS. Effectively: - if both /boot and /efi are available: - if both XBOOTLDR and ESP exist: ESP on /efi, XBOOTLDR on /boot - if only ESP exists: ESP on /boot - if only XBOOTLDR exists: XBOOTLDR on /boot - if only /boot is available: - if XBOOTLDR exists: XBOOTLDR on /boot - if only ESP exists: ESP on /boot - if only /efi is available: - if ESP exists: ESP on /efi "Available" means that it the mount point is not mounted over and does not contain files. If the directory doesn't exist, it is also "available" and will be created later when the mount or automount unit is started. Thus, the generator attempts to match the partitions and mount points to the extent possible. In all cases, /boot is the primary place to install kernels. ESP can be found on /boot or /efi, depending on the situation. If this patch is merged, I'll submit fixes for BLS and DPS to describe the same logic.
* gpt-auto-generator: also honor systemd.swap=noDavid Tardon2023-05-251-0/+17
|
* gpt-auto-generator: "translate" errno codes into proper messagesZbigniew Jędrzejewski-Szmek2023-04-181-5/+4
| | | | | | | | | | | | E.g. in logs on jammy-ppc64el in https://github.com/systemd/systemd/pull/27294: Apr 16 17:42:50 H systemd-gpt-auto-generator[300]: Failed to dissect partition table of block device /dev/sda: No message of desired type Apr 16 17:42:50 H (sd-execu[295]: /usr/lib/systemd/system-generators/systemd-gpt-auto-generator failed with exit status 1. ee0e6e476e61d4baa2a18e241d212753e75003bf made this particular condition not an error. But for other errnos we want to print a better message too. dissect_loop_device_and_warn() already does this, but it always prints the error at error level. We want to suppress some of the errors, so let's make the print helper public and do the error suppression in the caller.
* gpt-auto: do not fail when no suitable partitions foundYu Watanabe2023-04-181-1/+2
| | | | Follow-up for 598fd4da1cf9665834110583fd9133073cc12481.
* image-policy: introduce parse_image_policy_argument() helperYu Watanabe2023-04-131-14/+2
| | | | | | | | | Addresses https://github.com/systemd/systemd/pull/25608/commits/84be0c710d9d562f6d2cf986cc2a8ff4c98a138b#r1060130312, https://github.com/systemd/systemd/pull/25608/commits/84be0c710d9d562f6d2cf986cc2a8ff4c98a138b#r1067927293, and https://github.com/systemd/systemd/pull/25608/commits/84be0c710d9d562f6d2cf986cc2a8ff4c98a138b#r1067926416. Follow-up for 84be0c710d9d562f6d2cf986cc2a8ff4c98a138b.
* tree-wide: hook up image dissection policy logic everywhereLennart Poettering2023-04-051-1/+21
|
* gpt-auto-generator: fix typoAntonio Alvarez Feijoo2023-03-211-1/+1
|
* gpt-auto-generator: port to partition_pick_mount_options() tooLennart Poettering2023-03-091-24/+59
| | | | | | | | This way we'll have the same mount options in place if we boot via the gpt generator, or if we mount a DDI locally. Note that this will also enable MS_NOSYMFOLLOW on ESP and XBOOTLDR now, if booted via gpt-auto-generator.
* gpt-auto: Check for /boot before putting ESP thereAdrian Vovk2023-03-061-3/+8
| | | | | | | | We prefer /efi as a mount point for the ESP, and use /boot as a fallback if /efi doesn't exist. However, when root=tmpfs, neither /efi nor /boot exist. gpt-auto should mount to /efi in this case, but it mounted to /boot instead. This is because gpt-auto didn't check for the existence of /boot. Here, we correct this
* bootctl: add new --print-root-device optionLennart Poettering2023-02-211-32/+7
| | | | | | | | | | | | | | | | | | | | | | | We already have this nice code in system that determines the block device backing the root file system, but it's only used internally in systemd-gpt-generator. Let's make this more accessible and expose it directly in bootctl. It doesn't fit immediately into the topic of bootctl, but I think it's close enough and behaves very similar to the existing "bootctl --print-boot-path" and "--print-esp-path" tools. If --print-root-device (or -R) is specified once, will show the block device backing the root fs, and if specified twice (probably easier: -RR) it will show the whole block device that block device belongs to in case it is a partition block device. Suggested use: # cfdisk `bootctl -RR` To get access to the partition table, behind the OS install, for whatever it might be.
* shared/efi-loader: fix compilation with !ENABLE_EFI, improve messagesZbigniew Jędrzejewski-Szmek2023-01-251-6/+6
| | | | | | | | | | | | When compiled without ENABLE_EFI, efi_stub_measured() was not defined, so compilation would fail. But it's not enough to add a stub that returns -EOPNOTSUPP. We call this function in various places and usually print the error at warning or error level, so we'd print a confusing message. We also can't add a stub that always returns 0, because then we'd print a message like "Kernel stub did not measure", which would be confusing too. Adding special handling for -EOPNOTSUPP in every caller is also unattractive. So instead efi_stub_measured() is reworked to log the warning or error internally, and such logging is removed from the callers, and a stub is added that logs a custom message.
* tree-wide: fix typoYu Watanabe2023-01-201-1/+1
|
* tpm2: add common helper for checking if we are running on UKI with TPM ↵Lennart Poettering2023-01-171-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | measurements Let's introduce a common implementation of a function that checks whether we are booted on a kernel with systemd-stub that has TPM PCR measurements enabled. Do our own userspace measurements only if we detect that. PCRs are scarce and most likely there are projects which already make use of them in other ways. Hence, instead of blindly stepping into their territory let's conditionalize things so that people have to explicitly buy into our PCR assignments before we start measuring things into them. Specifically bind everything to an UKI that reported measurements. This was previously already implemented in systemd-pcrphase, but with this change we expand this to all tools that process PCR measurement settings. The env var to override the check is renamed to SYSTEMD_FORCE_MEASURE, to make it more generic (since we'll use it at multiple places now). This is not a compat break, since the original env var for that was not included in any stable release yet.
* generators: optionally, measure file systems at bootLennart Poettering2023-01-171-0/+6
| | | | | | If we use gpt-auto-generator, automatically measure root fs and /var. Otherwise, add x-systemd.measure option to request this.
* gpt-auto-generator: automatically measure root/var volume keys into PCR 15Lennart Poettering2023-01-171-5/+31
| | | | | let's enable PCR 15 measurements automatically if gpt-auto discovery is used and systemd-stub is also used.
* gpt-auto: harden ESP/XBOOTLDR mounts with "noexec,nosuid,nodev"Mike Yuan2023-01-161-5/+5
| | | | | | | | | When these partitions are probed by gpt-auto, they will always be hardened with such options. See also: https://github.com/systemd/systemd/issues/25776#issuecomment-1364115711 Closes #25776
* gpt-auto-generator: improve log messages a bitLennart Poettering2023-01-061-2/+2
| | | | Fixes: #20331
* gpt-auto-generator: enable referencing partitions via diskseq symlinksLennart Poettering2022-12-231-1/+2
|
* dissect-image: let's lock down fstypes a bitLennart Poettering2022-12-221-0/+9
| | | | | | | | | | | | | | | | | When we dissect images automatically, let's be a bit more conservative with the file system types we are willing to mount: only mount common file systems automatically. Explicit mounts requested by admins should always be OK, but when we do automatic mounts, let's not permit barely maintained, possibly legacy file systems. The list for now covers the four common writable and two common read-only file systems. Sooner or later we might want to add more to the list. Also, it might make sense to eventually make this configurable via the image dissection policy logic.
* gpt-auto-generator: honour rootfstype= and rootflags= kernel cmdline optionLennart Poettering2022-12-211-2/+22
| | | | | | | | Even if root= is not specified on the kernel cmdline, we should honour the other rootXYZ= options. Fixes: #8411 See: #17034
* gpt-auto-generator: do not write "noauto" in unit optionsZbigniew Jędrzejewski-Szmek2022-12-051-5/+1
| | | | | "auto"/"noauto" only make sense in the fstab. Putting them in Options= in the generated unit has no effect and is confusing.
* dissect: rework DISSECT_IMAGE_ADD_PARTITION_DEVICES + ↵Lennart Poettering2022-12-011-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | DISSECT_IMAGE_OPEN_PARTITION_DEVICES Curently, these two flags were implied by dissect_loop_device(), but that's not right, because this means systemd-gpt-auto-generator will dissect the root block device with these flags set and that's not desirable: the generator should not cause the partition devices to be created (we don't intend to use them right-away after all, but expect udev to find/probe them first, and then mount them though .mount units). And there's no point in opening the partition devices, since we do not intend to mount them via fds either. Hence, rework this: instead of implying the flags, specify them explicitly. While we are at it, let's also rename the flags to make them more descriptive: DISSECT_IMAGE_MANAGE_PARTITION_DEVICES becomes DISSECT_IMAGE_ADD_PARTITION_DEVICES, since that's really all this does: add the partition devices via BLKPG. DISSECT_IMAGE_OPEN_PARTITION_DEVICES becomes DISSECT_IMAGE_PIN_PARTITION_DEVICES, since we not only open the devices, but keep the devices open continously (i.e. we "pin" them). Also, drop the DISSECT_IMAGE_BLOCK_DEVICE combination flag, since it is misleading, i.e. it suggests it was appropriate to specify on all dissected blocking devices, but that's precisely not the case, see the systemd-gpt-auto-generator case. My guess is that the confusion around this was actually the cause for this bug we are addressing here. Fixes: #25528
* basic: create new basic/initrd-util.[ch] for initrd-related functionsZbigniew Jędrzejewski-Szmek2022-11-081-1/+1
| | | | | | | | | I changed imports of util.h to initrd-util.h, or added an import of initrd-util.h, to keep compilation working. It turns out that many files didn't import util.h directly. When viewing the patch, don't be confused by git rename detection logic: a new .c file is added and two functions moved into it.
* gpt-auto: rename all functions that operate on a DissectedPartition object ↵Lennart Poettering2022-10-171-12/+11
| | | | | | | | | | | | | add_partition_xyz() The function for handling regular mounts based on DissectedPartition objects is called add_partition_mount(), so let's follow this scheme for all other functions that handle them, too. This nicely separates out the low-level functions (which get split up args) from the high-level functions (which get a DissectedPartition object): the latter are called add_partition_xyz() the former just add_xyz(). This makes naming a bit more systematic. No change in behaviour.
* gpt-auto-generator: use our usual ret_xyz parameter namingLennart Poettering2022-10-171-6/+12
|
* gpt-auto: allow using without cryptsetupDavid Seifert2022-10-121-0/+4
| | | | Fixes #24978
* loop-util: rename loop_device_open() -> loop_device_open_from_path()Yu Watanabe2022-09-281-1/+1
| | | | No functional changes, just preparation for later commits.