Commit 2e480f3b authored by Maarten de Waard's avatar Maarten de Waard 🤘🏻
Browse files

Merge branch '26-notification-hook-triggered-on-startup' into 'master'

Run notification hook on startup

Closes #26

See merge request !22
parents 0c267e4e 490c2caa
# Usage
`cryptops-api --root-device=DEV --crypt-name=LABEL [--notify-command=COMMAND]`
* The `--root-device=DEV` option is mandatory. `DEV` should be the root device
of the machine, like `/dev/sda` or `/dev/xvda`.
When the root device is still unencrypted (for example when starting
cryptops-api for the first time), this should be an unpartitioned device,
with the file system spanning the whole device.
As part of the encryption process, this device will be partitioned and the
encrypted contents will be stored on the second partition, but DEV should
still point to the whole device, as before.
* The `--crypt-name=LABEL` option is mandatory. `LABEL` will be used by
cryptsetup to name the encrypted volume. This will be visible to the operating
system, as the decrypted root disk is available at `/dev/mapper/LABEL`.
* The `--notify-command=COMMAND` option is optional. The given `COMMAND` will be
run whenever cryptops-api detects that the root device needs the user to enter
their password to continue the booting process. You can use this to notify the
user of this situation.
......@@ -28,11 +28,26 @@ int main(int argc, char ** argv)
y_init_logs("cryptops-api", Y_LOG_MODE_CONSOLE, Y_LOG_LEVEL_DEBUG,
NULL, "Starting cryptops-api");
y_log_message(Y_LOG_LEVEL_DEBUG, "root_device: %s", config.root_device);
y_log_message(Y_LOG_LEVEL_DEBUG, "info_partition_device: %s", config.info_partition_device);
y_log_message(Y_LOG_LEVEL_DEBUG, "data_partition_device: %s", config.data_partition_device);
y_log_message(Y_LOG_LEVEL_DEBUG, "mapped_device_name: %s", config.mapped_device_name);
y_log_message(Y_LOG_LEVEL_DEBUG, "mapped_device_path: %s", config.mapped_device_path);
y_log_message(Y_LOG_LEVEL_DEBUG, "root_device: %s",
config.root_device);
y_log_message(Y_LOG_LEVEL_DEBUG, "info_partition_device: %s",
config.info_partition_device);
y_log_message(Y_LOG_LEVEL_DEBUG, "data_partition_device: %s",
config.data_partition_device);
y_log_message(Y_LOG_LEVEL_DEBUG, "mapped_device_name: %s",
config.mapped_device_name);
y_log_message(Y_LOG_LEVEL_DEBUG, "mapped_device_path: %s",
config.mapped_device_path);
y_log_message(Y_LOG_LEVEL_DEBUG, "notify_command: %s",
config.notify_command);
// Check if the root device is encrypted, and if so, use the supplied
// command to notify the user.
if (path_exists(config.data_partition_device) &&
is_encrypted_device(config.data_partition_device))
{
system(config.notify_command);
}
// Set address to bind to.
struct sockaddr_in address;
......@@ -150,6 +165,7 @@ int main(int argc, char ** argv)
if (reboot)
{
y_log_message(Y_LOG_LEVEL_INFO, "rebooting...");
y_close_logs();
reboot_initrd(true);
}
......@@ -157,6 +173,7 @@ int main(int argc, char ** argv)
if (shutdown)
{
y_log_message(Y_LOG_LEVEL_INFO, "shutting down...");
y_close_logs();
reboot_initrd(false);
}
......
......@@ -11,6 +11,7 @@
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <getopt.h>
#include <sys/reboot.h>
#define U_DISABLE_CURL
......
......@@ -6,20 +6,91 @@ struct config
char * mapped_device_name;
char * mapped_device_path;
char * tmp_data_location;
char * notify_command;
};
extern struct config config;
struct config config;
void print_usage()
{
printf("Usage:\n");
printf(" cryptops-api --root-device=DEV --crypt-name=LABEL "
" [--notify-command=COMMAND]\n");
}
void set_config_from_arguments(int argc, char ** argv)
{
if (argc < 3)
// Set defaults.
char * crypt_name = NULL;
char * notify_command = "";
char * root_device = NULL;
static struct option long_options[] =
{
{"crypt-name" , required_argument, 0, 'c'},
{"notify-command", required_argument, 0, 'n'},
{"root-device" , required_argument, 0, 'r'},
{0, 0, 0, 0}
};
int option_index = 0;
int c;
while (true)
{
c = getopt_long(argc, argv, "c:n:r:", long_options, &option_index);
// Check if we have dealt with all options.
if (c == -1)
{
break;
}
switch (c)
{
case 'c':
crypt_name = optarg;
break;
case 'n':
notify_command = optarg;
break;
case 'r':
root_device = optarg;
break;
case '?':
// getopt_long already printed an error message.
break;
default:
abort();
}
}
// Print any remaining command line arguments (not options).
if (optind < argc)
{
printf("non-option ARGV-elements: ");
while (optind < argc)
{
printf("%s ", argv[optind++]);
}
putchar('\n');
}
if (root_device == NULL)
{
printf("Required option --root-device missing.\n");
print_usage();
exit(1);
}
if (crypt_name == NULL)
{
printf("Not enough arguments. Usage:\n cryptops-api ROOTDEV CRYPTNAME\n");
printf("Required option --crypt-name missing.\n");
print_usage();
exit(1);
}
config.root_device = argv[1];
config.mapped_device_name = argv[2];
config.root_device = root_device;
config.mapped_device_name = crypt_name;
config.notify_command = notify_command;
asprintf(&config.info_partition_device, "%s1", config.root_device);
asprintf(&config.data_partition_device, "%s2", config.root_device);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment