1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
|
From bbf73b00697e77ca35ae60109418da77f257be52 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 11 Oct 2022 20:35:34 +0200
Subject: [PATCH 1/2] cryptsetup-util: Always define dlopen_cryptsetup()
---
src/shared/cryptsetup-util.c | 118 ++++++++++++++++++-----------------
src/shared/cryptsetup-util.h | 4 +-
2 files changed, 63 insertions(+), 59 deletions(-)
diff --git a/src/shared/cryptsetup-util.c b/src/shared/cryptsetup-util.c
index da6dcb2f093a..401e7a3f9c7d 100644
--- a/src/shared/cryptsetup-util.c
+++ b/src/shared/cryptsetup-util.c
@@ -50,63 +50,6 @@ int (*sym_crypt_token_max)(const char *type);
crypt_token_info (*sym_crypt_token_status)(struct crypt_device *cd, int token, const char **type);
int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size);
-int dlopen_cryptsetup(void) {
- int r;
-
- r = dlopen_many_sym_or_warn(
- &cryptsetup_dl, "libcryptsetup.so.12", LOG_DEBUG,
- DLSYM_ARG(crypt_activate_by_passphrase),
-#if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
- DLSYM_ARG(crypt_activate_by_signed_key),
-#endif
- DLSYM_ARG(crypt_activate_by_volume_key),
- DLSYM_ARG(crypt_deactivate_by_name),
- DLSYM_ARG(crypt_format),
- DLSYM_ARG(crypt_free),
- DLSYM_ARG(crypt_get_cipher),
- DLSYM_ARG(crypt_get_cipher_mode),
- DLSYM_ARG(crypt_get_data_offset),
- DLSYM_ARG(crypt_get_device_name),
- DLSYM_ARG(crypt_get_dir),
- DLSYM_ARG(crypt_get_type),
- DLSYM_ARG(crypt_get_uuid),
- DLSYM_ARG(crypt_get_verity_info),
- DLSYM_ARG(crypt_get_volume_key_size),
- DLSYM_ARG(crypt_init),
- DLSYM_ARG(crypt_init_by_name),
- DLSYM_ARG(crypt_keyslot_add_by_volume_key),
- DLSYM_ARG(crypt_keyslot_destroy),
- DLSYM_ARG(crypt_keyslot_max),
- DLSYM_ARG(crypt_load),
- DLSYM_ARG(crypt_resize),
- DLSYM_ARG(crypt_resume_by_passphrase),
- DLSYM_ARG(crypt_set_data_device),
- DLSYM_ARG(crypt_set_debug_level),
- DLSYM_ARG(crypt_set_log_callback),
-#if HAVE_CRYPT_SET_METADATA_SIZE
- DLSYM_ARG(crypt_set_metadata_size),
-#endif
- DLSYM_ARG(crypt_set_pbkdf_type),
- DLSYM_ARG(crypt_suspend),
- DLSYM_ARG(crypt_token_json_get),
- DLSYM_ARG(crypt_token_json_set),
-#if HAVE_CRYPT_TOKEN_MAX
- DLSYM_ARG(crypt_token_max),
-#endif
- DLSYM_ARG(crypt_token_status),
- DLSYM_ARG(crypt_volume_key_get));
- if (r <= 0)
- return r;
-
- /* Redirect the default logging calls of libcryptsetup to our own logging infra. (Note that
- * libcryptsetup also maintains per-"struct crypt_device" log functions, which we'll also set
- * whenever allocating a "struct crypt_device" context. Why set both? To be defensive: maybe some
- * other code loaded into this process also changes the global log functions of libcryptsetup, who
- * knows? And if so, we still want our own objects to log via our own infra, at the very least.) */
- cryptsetup_enable_logging(NULL);
- return 1;
-}
-
static void cryptsetup_log_glue(int level, const char *msg, void *usrptr) {
switch (level) {
@@ -246,6 +189,67 @@ int cryptsetup_add_token_json(struct crypt_device *cd, JsonVariant *v) {
}
#endif
+int dlopen_cryptsetup(void) {
+#if HAVE_LIBCRYPTSETUP
+ int r;
+
+ r = dlopen_many_sym_or_warn(
+ &cryptsetup_dl, "libcryptsetup.so.12", LOG_DEBUG,
+ DLSYM_ARG(crypt_activate_by_passphrase),
+#if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
+ DLSYM_ARG(crypt_activate_by_signed_key),
+#endif
+ DLSYM_ARG(crypt_activate_by_volume_key),
+ DLSYM_ARG(crypt_deactivate_by_name),
+ DLSYM_ARG(crypt_format),
+ DLSYM_ARG(crypt_free),
+ DLSYM_ARG(crypt_get_cipher),
+ DLSYM_ARG(crypt_get_cipher_mode),
+ DLSYM_ARG(crypt_get_data_offset),
+ DLSYM_ARG(crypt_get_device_name),
+ DLSYM_ARG(crypt_get_dir),
+ DLSYM_ARG(crypt_get_type),
+ DLSYM_ARG(crypt_get_uuid),
+ DLSYM_ARG(crypt_get_verity_info),
+ DLSYM_ARG(crypt_get_volume_key_size),
+ DLSYM_ARG(crypt_init),
+ DLSYM_ARG(crypt_init_by_name),
+ DLSYM_ARG(crypt_keyslot_add_by_volume_key),
+ DLSYM_ARG(crypt_keyslot_destroy),
+ DLSYM_ARG(crypt_keyslot_max),
+ DLSYM_ARG(crypt_load),
+ DLSYM_ARG(crypt_resize),
+ DLSYM_ARG(crypt_resume_by_passphrase),
+ DLSYM_ARG(crypt_set_data_device),
+ DLSYM_ARG(crypt_set_debug_level),
+ DLSYM_ARG(crypt_set_log_callback),
+#if HAVE_CRYPT_SET_METADATA_SIZE
+ DLSYM_ARG(crypt_set_metadata_size),
+#endif
+ DLSYM_ARG(crypt_set_pbkdf_type),
+ DLSYM_ARG(crypt_suspend),
+ DLSYM_ARG(crypt_token_json_get),
+ DLSYM_ARG(crypt_token_json_set),
+#if HAVE_CRYPT_TOKEN_MAX
+ DLSYM_ARG(crypt_token_max),
+#endif
+ DLSYM_ARG(crypt_token_status),
+ DLSYM_ARG(crypt_volume_key_get));
+ if (r <= 0)
+ return r;
+
+ /* Redirect the default logging calls of libcryptsetup to our own logging infra. (Note that
+ * libcryptsetup also maintains per-"struct crypt_device" log functions, which we'll also set
+ * whenever allocating a "struct crypt_device" context. Why set both? To be defensive: maybe some
+ * other code loaded into this process also changes the global log functions of libcryptsetup, who
+ * knows? And if so, we still want our own objects to log via our own infra, at the very least.) */
+ cryptsetup_enable_logging(NULL);
+ return 1;
+#else
+ return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "cryptsetup support is not compiled in.");
+#endif
+}
+
int cryptsetup_get_keyslot_from_token(JsonVariant *v) {
int keyslot, r;
JsonVariant *w;
diff --git a/src/shared/cryptsetup-util.h b/src/shared/cryptsetup-util.h
index b1ce07ec8a50..b390dc9a5cbb 100644
--- a/src/shared/cryptsetup-util.h
+++ b/src/shared/cryptsetup-util.h
@@ -65,8 +65,6 @@ static inline int crypt_token_max(_unused_ const char *type) {
extern crypt_token_info (*sym_crypt_token_status)(struct crypt_device *cd, int token, const char **type);
extern int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size);
-int dlopen_cryptsetup(void);
-
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct crypt_device *, crypt_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct crypt_device *, sym_crypt_free, NULL);
@@ -91,6 +89,8 @@ static inline void sym_crypt_freep(struct crypt_device** cd) {}
#endif
+int dlopen_cryptsetup(void);
+
int cryptsetup_get_keyslot_from_token(JsonVariant *v);
static inline const char *mangle_none(const char *s) {
From 86bebe385f6e35ecec708e44dae2b896f5bfa770 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 11 Oct 2022 20:36:03 +0200
Subject: [PATCH 2/2] repart: Always define VerityMode from/to string functions
---
src/partition/repart.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/partition/repart.c b/src/partition/repart.c
index a0f7d4164500..dd544d6415a9 100644
--- a/src/partition/repart.c
+++ b/src/partition/repart.c
@@ -255,12 +255,11 @@ static const char *verity_mode_table[_VERITY_MODE_MAX] = {
#if HAVE_LIBCRYPTSETUP
DEFINE_PRIVATE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(encrypt_mode, EncryptMode, ENCRYPT_KEY_FILE);
-DEFINE_PRIVATE_STRING_TABLE_LOOKUP(verity_mode, VerityMode);
#else
DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_BOOLEAN(encrypt_mode, EncryptMode, ENCRYPT_KEY_FILE);
-DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(verity_mode, VerityMode);
#endif
+DEFINE_PRIVATE_STRING_TABLE_LOOKUP(verity_mode, VerityMode);
static uint64_t round_down_size(uint64_t v, uint64_t p) {
return (v / p) * p;
From 748367c72368031ca0ef32fadd394c4bcacc126a Mon Sep 17 00:00:00 2001
From: David Seifert <soap@gentoo.org>
Date: Wed, 12 Oct 2022 21:47:29 +0200
Subject: [PATCH] gpt-auto: allow using without cryptsetup
Fixes #24978
---
src/gpt-auto-generator/gpt-auto-generator.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c
index 31377d877d5c..5584eb22af1a 100644
--- a/src/gpt-auto-generator/gpt-auto-generator.c
+++ b/src/gpt-auto-generator/gpt-auto-generator.c
@@ -571,11 +571,15 @@ static int add_root_rw(DissectedPartition *p) {
#if ENABLE_EFI
static int add_root_cryptsetup(void) {
+#if HAVE_LIBCRYPTSETUP
/* If a device /dev/gpt-auto-root-luks appears, then make it pull in systemd-cryptsetup-root.service, which
* sets it up, and causes /dev/gpt-auto-root to appear which is all we are looking for. */
return add_cryptsetup("root", "/dev/gpt-auto-root-luks", true, false, NULL);
+#else
+ return 0;
+#endif
}
#endif
|
