diff options
Diffstat (limited to 'src/partition')
-rw-r--r-- | src/partition/meson.build | 2 | ||||
-rw-r--r-- | src/partition/repart.c | 101 |
2 files changed, 77 insertions, 26 deletions
diff --git a/src/partition/meson.build b/src/partition/meson.build index 52e1368..2cfe43e 100644 --- a/src/partition/meson.build +++ b/src/partition/meson.build @@ -32,7 +32,7 @@ executables += [ 'sources' : files('repart.c'), 'c_args' : '-DSTANDALONE', 'link_with' : [ - libbasic, + libbasic_static, libshared_fdisk, libshared_static, libsystemd_static, diff --git a/src/partition/repart.c b/src/partition/repart.c index 6f67d46..3b7c165 100644 --- a/src/partition/repart.c +++ b/src/partition/repart.c @@ -187,6 +187,7 @@ STATIC_DESTRUCTOR_REGISTER(arg_tpm2_hash_pcr_values, freep); STATIC_DESTRUCTOR_REGISTER(arg_tpm2_public_key, freep); STATIC_DESTRUCTOR_REGISTER(arg_tpm2_pcrlock, freep); STATIC_DESTRUCTOR_REGISTER(arg_filter_partitions, freep); +STATIC_DESTRUCTOR_REGISTER(arg_defer_partitions, freep); STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep); STATIC_DESTRUCTOR_REGISTER(arg_copy_from, strv_freep); STATIC_DESTRUCTOR_REGISTER(arg_copy_source, freep); @@ -1894,6 +1895,34 @@ static int config_parse_encrypted_volume( static DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_verity, verity_mode, VerityMode, VERITY_OFF, "Invalid verity mode"); static DEFINE_CONFIG_PARSE_ENUM_WITH_DEFAULT(config_parse_minimize, minimize_mode, MinimizeMode, MINIMIZE_OFF, "Invalid minimize mode"); +static int partition_finalize_fstype(Partition *p, const char *path) { + _cleanup_free_ char *e = NULL, *upper = NULL; + + assert(p); + assert(path); + + if (!gpt_partition_type_has_filesystem(p->type)) + return 0; + + upper = strdup(partition_designator_to_string(p->type.designator)); + if (!upper) + return log_oom(); + + e = strjoin("SYSTEMD_REPART_OVERRIDE_FSTYPE_", string_replace_char(ascii_strupper(upper), '-', '_')); + if (!e) + return log_oom(); + + const char *v = secure_getenv(e); + if (!v || streq(p->format, v)) + return 0; + + log_syntax(NULL, LOG_NOTICE, path, 1, 0, + "Overriding defined file system type '%s' for '%s' partition with '%s'.", + p->format, partition_designator_to_string(p->type.designator), v); + + return free_and_strdup_warn(&p->format, v); +} + static int partition_read_definition(Partition *p, const char *path, const char *const *conf_file_dirs) { ConfigTableItem table[] = { @@ -2083,6 +2112,10 @@ static int partition_read_definition(Partition *p, const char *path, const char } else if (streq(p->split_name_format, "-")) p->split_name_format = mfree(p->split_name_format); + r = partition_finalize_fstype(p, path); + if (r < 0) + return r; + return 1; } @@ -2561,7 +2594,7 @@ static int context_load_partition_table(Context *context) { if (IN_SET(arg_empty, EMPTY_REQUIRE, EMPTY_FORCE, EMPTY_CREATE) && S_ISREG(st.st_mode)) /* Don't probe sector size from partition table if we are supposed to start from an empty disk */ - fs_secsz = ssz = 512; + ssz = 512; else { /* Auto-detect sector size if not specified. */ r = probe_sector_size_prefer_ioctl(context->backing_fd, &ssz); @@ -2571,8 +2604,10 @@ static int context_load_partition_table(Context *context) { /* If we found the sector size and we're operating on a block device, use it as the file * system sector size as well, as we know its the sector size of the actual block device and * not just the offset at which we found the GPT header. */ - if (r > 0 && S_ISBLK(st.st_mode)) + if (r > 0 && S_ISBLK(st.st_mode)) { + log_debug("Probed sector size of %s is %" PRIu32 " bytes.", context->node, ssz); fs_secsz = ssz; + } } r = fdisk_save_user_sector_size(c, /* phy= */ 0, ssz); @@ -2636,7 +2671,7 @@ static int context_load_partition_table(Context *context) { * larger */ grainsz = secsz < 4096 ? 4096 : secsz; - log_debug("Sector size of device is %lu bytes. Using grain size of %" PRIu64 ".", secsz, grainsz); + log_debug("Sector size of device is %lu bytes. Using filesystem sector size of %" PRIu64 " and grain size of %" PRIu64 ".", secsz, fs_secsz, grainsz); switch (arg_empty) { @@ -3913,7 +3948,7 @@ static int partition_target_sync(Context *context, Partition *p, PartitionTarget } static int partition_encrypt(Context *context, Partition *p, PartitionTarget *target, bool offline) { -#if HAVE_LIBCRYPTSETUP && HAVE_CRYPT_SET_DATA_OFFSET && HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE && HAVE_CRYPT_REENCRYPT +#if HAVE_LIBCRYPTSETUP && HAVE_CRYPT_SET_DATA_OFFSET && HAVE_CRYPT_REENCRYPT_INIT_BY_PASSPHRASE && (HAVE_CRYPT_REENCRYPT_RUN || HAVE_CRYPT_REENCRYPT) const char *node = partition_target_path(target); struct crypt_params_luks2 luks_params = { .label = strempty(ASSERT_PTR(p)->new_label), @@ -4220,7 +4255,11 @@ static int partition_encrypt(Context *context, Partition *p, PartitionTarget *ta if (r < 0) return log_error_errno(r, "Failed to load reencryption context: %m"); +#if HAVE_CRYPT_REENCRYPT_RUN + r = sym_crypt_reencrypt_run(cd, NULL, NULL); +#else r = sym_crypt_reencrypt(cd, NULL); +#endif if (r < 0) return log_error_errno(r, "Failed to encrypt %s: %m", node); } else { @@ -4232,7 +4271,7 @@ static int partition_encrypt(Context *context, Partition *p, PartitionTarget *ta dm_name, NULL, VOLUME_KEY_SIZE, - arg_discard ? CRYPT_ACTIVATE_ALLOW_DISCARDS : 0); + (arg_discard ? CRYPT_ACTIVATE_ALLOW_DISCARDS : 0) | CRYPT_ACTIVATE_PRIVATE); if (r < 0) return log_error_errno(r, "Failed to activate LUKS superblock: %m"); @@ -4886,14 +4925,14 @@ static int do_copy_files(Context *context, Partition *p, const char *root) { sfd, ".", pfd, fn, UID_INVALID, GID_INVALID, - COPY_REFLINK|COPY_HOLES|COPY_MERGE|COPY_REPLACE|COPY_SIGINT|COPY_HARDLINKS|COPY_ALL_XATTRS|COPY_GRACEFUL_WARN|COPY_TRUNCATE, + COPY_REFLINK|COPY_HOLES|COPY_MERGE|COPY_REPLACE|COPY_SIGINT|COPY_HARDLINKS|COPY_ALL_XATTRS|COPY_GRACEFUL_WARN|COPY_TRUNCATE|COPY_RESTORE_DIRECTORY_TIMESTAMPS, denylist, subvolumes_by_source_inode); } else r = copy_tree_at( sfd, ".", tfd, ".", UID_INVALID, GID_INVALID, - COPY_REFLINK|COPY_HOLES|COPY_MERGE|COPY_REPLACE|COPY_SIGINT|COPY_HARDLINKS|COPY_ALL_XATTRS|COPY_GRACEFUL_WARN|COPY_TRUNCATE, + COPY_REFLINK|COPY_HOLES|COPY_MERGE|COPY_REPLACE|COPY_SIGINT|COPY_HARDLINKS|COPY_ALL_XATTRS|COPY_GRACEFUL_WARN|COPY_TRUNCATE|COPY_RESTORE_DIRECTORY_TIMESTAMPS, denylist, subvolumes_by_source_inode); if (r < 0) return log_error_errno(r, "Failed to copy '%s%s' to '%s%s': %m", @@ -6897,26 +6936,38 @@ static int help(void) { if (r < 0) return log_oom(); - printf("%s [OPTIONS...] [DEVICE]\n" - "\n%sGrow and add partitions to partition table.%s\n\n" + printf("%1$s [OPTIONS...] [DEVICE]\n" + "\n%5$sGrow and add partitions to a partition table, and generate disk images (DDIs).%6$s\n\n" " -h --help Show this help\n" " --version Show package version\n" " --no-pager Do not pipe output into a pager\n" " --no-legend Do not show the headers and footers\n" + "\n%3$sOperation:%4$s\n" " --dry-run=BOOL Whether to run dry-run operation\n" " --empty=MODE One of refuse, allow, require, force, create; controls\n" " how to handle empty disks lacking partition tables\n" + " --offline=BOOL Whether to build the image offline\n" " --discard=BOOL Whether to discard backing blocks for new partitions\n" + " --sector-size=SIZE Set the logical sector size for the image\n" + " --architecture=ARCH Set the generic architecture for the image\n" + " --size=BYTES Grow loopback file to specified size\n" + " --seed=UUID 128-bit seed UUID to derive all UUIDs from\n" + " --split=BOOL Whether to generate split artifacts\n" + "\n%3$sOutput:%4$s\n" " --pretty=BOOL Whether to show pretty summary before doing changes\n" + " --json=pretty|short|off\n" + " Generate JSON output\n" + "\n%3$sFactory Reset:%4$s\n" " --factory-reset=BOOL Whether to remove data partitions before recreating\n" " them\n" " --can-factory-reset Test whether factory reset is defined\n" + "\n%3$sConfiguration & Image Control:%4$s\n" " --root=PATH Operate relative to root path\n" " --image=PATH Operate relative to image file\n" " --image-policy=POLICY\n" " Specify disk image dissection policy\n" " --definitions=DIR Find partition definitions in specified directory\n" - " --key-file=PATH Key to use when encrypting partitions\n" + "\n%3$sVerity:%4$s\n" " --private-key=PATH|URI\n" " Private key to use when generating verity roothash\n" " signatures, or an engine or provider specific\n" @@ -6927,6 +6978,8 @@ static int help(void) { " verity roothash signatures\n" " --certificate=PATH PEM certificate to use when generating verity\n" " roothash signatures\n" + "\n%3$sEncryption:%4$s\n" + " --key-file=PATH Key to use when encrypting partitions\n" " --tpm2-device=PATH Path to TPM2 device node to use\n" " --tpm2-device-key=PATH\n" " Enroll a TPM2 device using its public key\n" @@ -6940,11 +6993,7 @@ static int help(void) { " Enroll signed TPM2 PCR policy for specified TPM2 PCRs\n" " --tpm2-pcrlock=PATH\n" " Specify pcrlock policy to lock against\n" - " --seed=UUID 128-bit seed UUID to derive all UUIDs from\n" - " --size=BYTES Grow loopback file to specified size\n" - " --json=pretty|short|off\n" - " Generate JSON output\n" - " --split=BOOL Whether to generate split artifacts\n" + "\n%3$sPartition Control:%4$s\n" " --include-partitions=PARTITION1,PARTITION2,PARTITION3,…\n" " Ignore partitions not of the specified types\n" " --exclude-partitions=PARTITION1,PARTITION2,PARTITION3,…\n" @@ -6952,23 +7001,25 @@ static int help(void) { " --defer-partitions=PARTITION1,PARTITION2,PARTITION3,…\n" " Take partitions of the specified types into account\n" " but don't populate them yet\n" - " --sector-size=SIZE Set the logical sector size for the image\n" - " --architecture=ARCH Set the generic architecture for the image\n" - " --offline=BOOL Whether to build the image offline\n" + "\n%3$sCopying:%4$s\n" " -s --copy-source=PATH Specify the primary source tree to copy files from\n" " --copy-from=IMAGE Copy partitions from the given image(s)\n" + "\n%3$sDDI Profile:%4$s\n" " -S --make-ddi=sysext Make a system extension DDI\n" " -C --make-ddi=confext Make a configuration extension DDI\n" " -P --make-ddi=portable Make a portable service DDI\n" + "\n%3$sAuxiliary Resource Generation:%4$s\n" " --generate-fstab=PATH\n" " Write fstab configuration to the given path\n" " --generate-crypttab=PATH\n" " Write crypttab configuration to the given path\n" - "\nSee the %s for details.\n", + "\nSee the %2$s for details.\n", program_invocation_short_name, - ansi_highlight(), + link, + ansi_underline(), ansi_normal(), - link); + ansi_highlight(), + ansi_normal()); return 0; } @@ -8104,6 +8155,10 @@ static int run(int argc, char *argv[]) { if (!context) return log_oom(); + r = context_read_seed(context, arg_root); + if (r < 0) + return r; + r = context_copy_from(context); if (r < 0) return r; @@ -8181,10 +8236,6 @@ static int run(int argc, char *argv[]) { return r; } - r = context_read_seed(context, arg_root); - if (r < 0) - return r; - /* Make sure each partition has a unique UUID and unique label */ r = context_acquire_partition_uuids_and_labels(context); if (r < 0) |