• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

systemd / systemd / 12877533250

20 Jan 2025 11:16PM UTC coverage: 0.117%. Remained the same
12877533250

push

github

web-flow
pidfd: cache our own pidfd inode id, and use it at various places (#36060)

This is split out of and preparation for #35224, but makes a ton of
sense on its own

0 of 95 new or added lines in 10 files covered. (0.0%)

4667 existing lines in 34 files now uncovered.

478 of 408040 relevant lines covered (0.12%)

1.45 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0
/src/integritysetup/integritysetup.c
1
/* SPDX-License-Identifier: LGPL-2.1-or-later */
2

3
#include <errno.h>
4
#include <stdio.h>
5
#include <sys/stat.h>
6

7
#include "alloc-util.h"
8
#include "cryptsetup-util.h"
9
#include "fileio.h"
10
#include "hexdecoct.h"
11
#include "integrity-util.h"
12
#include "log.h"
13
#include "main-func.h"
14
#include "memory-util.h"
15
#include "parse-util.h"
16
#include "path-util.h"
17
#include "pretty-print.h"
18
#include "process-util.h"
19
#include "string-util.h"
20
#include "terminal-util.h"
21
#include "verbs.h"
22

23
static uint32_t arg_activate_flags;
24
static int arg_percent;
25
static usec_t arg_commit_time;
26
static char *arg_existing_data_device;
27
static char *arg_integrity_algorithm;
28

29
STATIC_DESTRUCTOR_REGISTER(arg_existing_data_device, freep);
×
UNCOV
30
STATIC_DESTRUCTOR_REGISTER(arg_integrity_algorithm, freep);
×
31

32
static int help(void) {
×
33
        _cleanup_free_ char *link = NULL;
×
UNCOV
34
        int r;
×
35

36
        r = terminal_urlify_man("systemd-integritysetup@.service", "8", &link);
×
37
        if (r < 0)
×
UNCOV
38
                return log_oom();
×
39

UNCOV
40
        printf("%s attach VOLUME DEVICE [HMAC_KEY_FILE|-] [OPTIONS]\n"
×
41
               "%s detach VOLUME\n\n"
42
               "Attach or detach an integrity protected block device.\n"
43
               "\nSee the %s for details.\n",
44
               program_invocation_short_name,
45
               program_invocation_short_name,
46
               link);
47

48
        return 0;
49
}
50

UNCOV
51
static int load_key_file(
×
52
                const char *key_file,
53
                void **ret_key_file_contents,
54
                size_t *ret_key_file_size) {
55
        int r;
×
56
        _cleanup_(erase_and_freep) char *tmp_key_file_contents = NULL;
×
UNCOV
57
        size_t tmp_key_file_size;
×
58

59
        if (!path_is_absolute(key_file))
×
UNCOV
60
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "key file not absolute path: %s", key_file);
×
61

UNCOV
62
        r = read_full_file_full(
×
63
                        AT_FDCWD, key_file, UINT64_MAX, DM_MAX_KEY_SIZE,
64
                        READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE|READ_FULL_FILE_CONNECT_SOCKET|READ_FULL_FILE_FAIL_WHEN_LARGER,
65
                        NULL,
66
                        &tmp_key_file_contents, &tmp_key_file_size);
67
        if (r < 0)
×
UNCOV
68
                return log_error_errno(r, "Failed to process key file: %m");
×
69

70
        if (ret_key_file_contents && ret_key_file_size) {
×
71
                *ret_key_file_contents = TAKE_PTR(tmp_key_file_contents);
×
UNCOV
72
                *ret_key_file_size = tmp_key_file_size;
×
73
        }
74

75
        return 0;
76
}
77

UNCOV
78
static const char *integrity_algorithm_select(const void *key_file_buf) {
×
79
        /*  To keep a bit of sanity for end users, the subset of integrity
80
            algorithms we support will match what is used in integritysetup */
81
        if (arg_integrity_algorithm) {
×
UNCOV
82
                if (streq("hmac-sha256", arg_integrity_algorithm))
×
83
                        return DM_HMAC_256;
84
                return arg_integrity_algorithm;
×
85
        } else if (key_file_buf)
×
UNCOV
86
                return DM_HMAC_256;
×
87
        return "crc32c";
88
}
89

90
static int verb_attach(int argc, char *argv[], void *userdata) {
×
91
        _cleanup_(crypt_freep) struct crypt_device *cd = NULL;
×
92
        crypt_status_info status;
×
UNCOV
93
        _cleanup_(erase_and_freep) void *key_buf = NULL;
×
94
        size_t key_buf_size = 0;
×
95
        int r;
×
96

97
        /* attach name device optional_key_file optional_options */
98

UNCOV
99
        assert(argc >= 3 && argc <= 5);
×
100

101
        const char *volume = argv[1],
×
UNCOV
102
                *device = argv[2],
×
103
                *key_file = mangle_none(argc > 3 ? argv[3] : NULL),
×
UNCOV
104
                *options = mangle_none(argc > 4 ? argv[4] : NULL);
×
105

UNCOV
106
        if (!filename_is_valid(volume))
×
107
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", volume);
×
108

109
        if (key_file) {
×
UNCOV
110
                r = load_key_file(key_file, &key_buf, &key_buf_size);
×
UNCOV
111
                if (r < 0)
×
112
                        return r;
113
        }
114

115
        if (options) {
×
UNCOV
116
                r = parse_integrity_options(options, &arg_activate_flags, &arg_percent,
×
117
                                            &arg_commit_time, &arg_existing_data_device, &arg_integrity_algorithm);
118
                if (r < 0)
×
119
                        return r;
120
        }
121

UNCOV
122
        r = crypt_init(&cd, device);
×
123
        if (r < 0)
×
124
                return log_error_errno(r, "Failed to open integrity device %s: %m", device);
×
125

UNCOV
126
        cryptsetup_enable_logging(cd);
×
127

128
        status = crypt_status(cd, volume);
×
UNCOV
129
        if (IN_SET(status, CRYPT_ACTIVE, CRYPT_BUSY)) {
×
130
                log_info("Volume %s already active.", volume);
×
131
                return 0;
×
132
        }
133

UNCOV
134
        r = crypt_load(cd,
×
135
                       CRYPT_INTEGRITY,
136
                       &(struct crypt_params_integrity) {
×
137
                               .journal_watermark = arg_percent,
UNCOV
138
                               .journal_commit_time = DIV_ROUND_UP(arg_commit_time, USEC_PER_SEC),
×
139
                               .integrity = integrity_algorithm_select(key_buf),
×
140
                       });
UNCOV
141
        if (r < 0)
×
UNCOV
142
                return log_error_errno(r, "Failed to load integrity superblock: %m");
×
143

144
        if (!isempty(arg_existing_data_device)) {
×
145
                r = crypt_set_data_device(cd, arg_existing_data_device);
×
UNCOV
146
                if (r < 0)
×
147
                        return log_error_errno(r, "Failed to add separate data device: %m");
×
148
        }
149

150
        r = crypt_activate_by_volume_key(cd, volume, key_buf, key_buf_size, arg_activate_flags);
×
151
        if (r < 0)
×
152
                return log_error_errno(r, "Failed to set up integrity device: %m");
×
153

154
        return 0;
155
}
156

157
static int verb_detach(int argc, char *argv[], void *userdata) {
×
UNCOV
158
        _cleanup_(crypt_freep) struct crypt_device *cd = NULL;
×
159
        int r;
×
160

UNCOV
161
        assert(argc == 2);
×
162

163
        const char *volume = argv[1];
×
164

165
        if (!filename_is_valid(volume))
×
166
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Volume name '%s' is not valid.", volume);
×
167

168
        r = crypt_init_by_name(&cd, volume);
×
UNCOV
169
        if (r == -ENODEV) {
×
UNCOV
170
                log_info("Volume %s already inactive.", volume);
×
171
                return 0;
×
172
        }
173
        if (r < 0)
×
UNCOV
174
                return log_error_errno(r, "crypt_init_by_name() failed: %m");
×
175

UNCOV
176
        cryptsetup_enable_logging(cd);
×
177

178
        r = crypt_deactivate(cd, volume);
×
UNCOV
179
        if (r < 0)
×
180
                return log_error_errno(r, "Failed to deactivate: %m");
×
181

182
        return 0;
183
}
184

185
static int run(int argc, char *argv[]) {
×
186
        if (argv_looks_like_help(argc, argv))
×
UNCOV
187
                return help();
×
188

189
        log_setup();
×
190

191
        cryptsetup_enable_logging(NULL);
×
192

193
        umask(0022);
×
194

195
        static const Verb verbs[] = {
×
196
                { "attach", 3, 5, 0, verb_attach },
197
                { "detach", 2, 2, 0, verb_detach },
198
                {}
199
        };
200

UNCOV
201
        return dispatch_verb(argc, argv, verbs, NULL);
×
202
}
203

UNCOV
204
DEFINE_MAIN_FUNCTION(run);
×
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc