g13: New option --no-mount.

* g13/g13.c (oNoMount): New. (opts): Add --no-mount. (main): Implement this. * g13/g13-common.h (opt): Add field no_mount. * common/status.h (STATUS_PLAINDEV): New. * g13/sh-cmd.c (has_option): Uncomment. (cmd_mount): Add option --no-mount and pass down. * g13/sh-dmcrypt.c (sh_dmcrypt_mount_container): Add arg nomount and emit PLAINDEV status line. (sh_dmcrypt_umount_container): Rund findmnt before umount. -- This option can be used to decrypt a device but not to mount it. For example to run fsck first. A command or option to run fsck before a mount will eventually be added. The use of findmnt is needed so that we can easily remove a device which has not been mounted.
2024-01-09 19:52:04 +01:00 · 2024-01-09 19:52:04 +01:00 · 6233a17ac9
parent 4ca017e43b
commit 6233a17ac9
8 changed files with 76 additions and 43 deletions
--- a/common/status.h
+++ b/common/status.h
@ -152,6 +152,7 @@ enum
    STATUS_TRUNCATED,
    STATUS_MOUNTPOINT,
    STATUS_BLOCKDEV,
+    STATUS_PLAINDEV,           /* The decrypted virtual device.  */

    STATUS_PINENTRY_LAUNCHED,

--- a/g13/call-syshelp.c
+++ b/g13/call-syshelp.c
@ -433,10 +433,15 @@ static gpg_error_t
 mount_status_cb (void *opaque, const char *line)
 {
  struct mount_parm_s *parm = opaque;
+  const char *s;

-  /* Nothing right now.  */
  (void)parm;
-  (void)line;
+
+  if ((s=has_leading_keyword (line, "PLAINDEV")))
+    {
+      if (opt.verbose || opt.no_mount)
+        log_info ("Device: %s\n", s);
+    }

  return 0;
 }
@ -497,7 +502,10 @@ call_syshelp_run_mount (ctrl_t ctrl, int conttype, const char *mountpoint,
    {
      ref_tupledesc (tuples);
      parm.keyblob = get_tupledesc_data (tuples, &parm.keybloblen);
-      err = assuan_transact (ctx, "MOUNT dm-crypt",
+      err = assuan_transact (ctx,
+                             (opt.no_mount
+                              ? "MOUNT --no-mount dm-crypt"
+                              : "MOUNT dm-crypt"),
                             NULL, NULL,
                             mount_inq_cb, &parm,
                             mount_status_cb, &parm);
--- a/g13/g13-common.h
+++ b/g13/g13-common.h
@ -81,6 +81,8 @@ struct
  /* Name of the output file - FIXME: what is this?  */
  const char *outfile;

+  int no_mount; /* Stop right before mounting a device.  */
+
 } opt;


--- a/g13/g13-syshelp.c
+++ b/g13/g13-syshelp.c
@ -584,7 +584,7 @@ g13_syshelp_i_know_what_i_am_doing (void)
  if (gnupg_access (fname, F_OK))
    {
      log_info ("*******************************************************\n");
-      log_info ("* The G13 support for DM-Crypt is new and not matured.\n");
+      log_info ("* The G13 support for DM-Crypt is not yet widely used.\n");
      log_info ("* Bugs or improper use may delete all your disks!\n");
      log_info ("* To confirm that you are ware of this risk, create\n");
      log_info ("* the file '%s'.\n", fname);
--- a/g13/g13-syshelp.h
+++ b/g13/g13-syshelp.h
@ -85,7 +85,7 @@ gpg_error_t sh_is_empty_partition (const char *name);
 gpg_error_t sh_dmcrypt_create_container (ctrl_t ctrl, const char *devname,
                                         estream_t devfp);
 gpg_error_t sh_dmcrypt_mount_container (ctrl_t ctrl, const char *devname,
-                                        tupledesc_t keyblob);
+                                        tupledesc_t keyblob, int nomount);
 gpg_error_t sh_dmcrypt_umount_container (ctrl_t ctrl, const char *devname);
 gpg_error_t sh_dmcrypt_suspend_container (ctrl_t ctrl, const char *devname);
 gpg_error_t sh_dmcrypt_resume_container (ctrl_t ctrl, const char *devname,
--- a/g13/g13.c
+++ b/g13/g13.c
@ -103,6 +103,7 @@ enum cmd_and_opt_values {
  oWithColons,
  oDryRun,
  oNoDetach,
+  oNoMount,

  oNoRandomSeedFile,
  oFakedSystemTime
@ -137,6 +138,7 @@ static gpgrt_opt_t opts[] = {
  ARGPARSE_s_s (oLogFile, "log-file",  N_("|FILE|write log output to FILE")),
  ARGPARSE_s_n (oNoLogFile, "no-log-file", "@"),
  ARGPARSE_s_i (oLoggerFD, "logger-fd", "@"),
+  ARGPARSE_s_n (oNoMount, "no-mount", N_("stop right before running mount")),

  ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),

@ -518,6 +520,8 @@ main (int argc, char **argv)

        case oNoDetach: /*nodetach = 1; */break;

+        case oNoMount: opt.no_mount = 1; break;
+
        case oDebug:
          if (parse_debug_flag (pargs.r.ret_str, &opt.debug, debug_flags))
            {
--- a/g13/sh-cmd.c
+++ b/g13/sh-cmd.c
@ -83,17 +83,17 @@ skip_options (const char *line)


 /* Check whether the option NAME appears in LINE.  */
-/* static int */
-/* has_option (const char *line, const char *name) */
-/* { */
-/*   const char *s; */
-/*   int n = strlen (name); */
+static int
+has_option (const char *line, const char *name)
+{
+  const char *s;
+  int n = strlen (name);

-/*   s = strstr (line, name); */
-/*   if (s && s >= skip_options (line)) */
-/*     return 0; */
-/*   return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n))); */
-/* } */
+  s = strstr (line, name);
+  if (s && s >= skip_options (line))
+    return 0;
+  return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n)));
+}


 /* Helper to print a message while leaving a command.  */
@ -431,10 +431,11 @@ cmd_getkeyblob (assuan_context_t ctx, char *line)


 static const char hlp_mount[] =
-  "MOUNT <type>\n"
+  "MOUNT [--no-mount] <type>\n"
  "\n"
  "Mount an encrypted partition on the current device.\n"
-  "<type> must be \"dm-crypt\" for now.";
+  "<type> must be \"dm-crypt\" for now.  Option --no-mount\n"
+  "stops right before calling the mount command.\n";
 static gpg_error_t
 cmd_mount (assuan_context_t ctx, char *line)
 {
@ -443,6 +444,9 @@ cmd_mount (assuan_context_t ctx, char *line)
  unsigned char *keyblob = NULL;
  size_t keybloblen;
  tupledesc_t tuples = NULL;
+  int nomount;
+
+  nomount = has_option (line, "--no-mount");

  line = skip_options (line);

@ -493,7 +497,7 @@ cmd_mount (assuan_context_t ctx, char *line)

  err = sh_dmcrypt_mount_container (ctrl,
                                    ctrl->server_local->devicename,
-                                    tuples);
+                                    tuples, nomount);

 leave:
  destroy_tupledesc (tuples);
--- a/g13/sh-dmcrypt.c
+++ b/g13/sh-dmcrypt.c
@ -220,7 +220,7 @@ mk_setup_area_prefix (size_t *r_length)
 }


-/* Create a new g13 styloe DM-Crypt container on devoce DEVNAME.  */
+/* Create a new g13 style DM-Crypt container on device DEVNAME.  */
 gpg_error_t
 sh_dmcrypt_create_container (ctrl_t ctrl, const char *devname, estream_t devfp)
 {
@ -538,10 +538,11 @@ sh_dmcrypt_create_container (ctrl_t ctrl, const char *devname, estream_t devfp)


 /* Mount a DM-Crypt container on device DEVNAME taking keys and other
- * meta data from KEYBLOB.  */
+ * meta data from KEYBLOB.  If NOMOUNT is set the actual mount command
+ * is not run.  */
 gpg_error_t
 sh_dmcrypt_mount_container (ctrl_t ctrl, const char *devname,
-                            tupledesc_t keyblob)
+                            tupledesc_t keyblob, int nomount)
 {
  gpg_error_t err;
  char *targetname_abs = NULL;
@ -696,8 +697,10 @@ sh_dmcrypt_mount_container (ctrl_t ctrl, const char *devname,
  xfree (result);
  result = NULL;

+  g13_status (ctrl, STATUS_PLAINDEV, targetname_abs, NULL);
+
  /* Mount if a mountpoint has been given.  */
-  if (ctrl->devti->mountpoint)
+  if (!nomount && ctrl->devti->mountpoint)
    {
      const char *argv[3];

@ -766,32 +769,43 @@ sh_dmcrypt_umount_container (ctrl_t ctrl, const char *devname)
      goto leave;
    }

-  /* Run the regular umount command.  */
+  /* Run the regular umount command but first test with findmnt.  */
  {
-    const char *argv[2];
+    const char *argv[3];

    argv[0] = targetname_abs;
    argv[1] = NULL;
-    log_debug ("now running \"umount %s\"\n", targetname_abs);
-    err = gnupg_exec_tool ("/bin/umount", argv, NULL, &result, NULL);
-  }
-  if (err)
-    {
-      log_error ("error running umount: %s\n", gpg_strerror (err));
-      if (1)
-        {
-          /* Try to show some info about processes using the partition. */
-          const char *argv[3];
+    log_debug ("now running \"findmnt %s\"\n", targetname_abs);
+    err = gnupg_exec_tool ("/bin/findmnt", argv, NULL, &result, NULL);

-          argv[0] = "-mv";
-          argv[1] = targetname_abs;
-          argv[2] = NULL;
-          gnupg_exec_tool ("/bin/fuser", argv, NULL, &result, NULL);
-        }
-      goto leave;
-    }
-  if (result && *result)  /* (We should not see output to stdout).  */
-    log_info ("WARNING: umount returned data on stdout! (%s)\n", result);
+    if (err)
+      log_info ("Note: device was not mounted\n");
+    else
+      {
+        xfree (result);
+        result = NULL;
+
+        argv[0] = targetname_abs;
+        argv[1] = NULL;
+        log_debug ("now running \"umount %s\"\n", targetname_abs);
+        err = gnupg_exec_tool ("/bin/umount", argv, NULL, &result, NULL);
+        if (err)
+          {
+            log_error ("error running umount: %s\n", gpg_strerror (err));
+            if (1)
+              {
+                /* Try to show some info about processes using the partition. */
+                argv[0] = "-mv";
+                argv[1] = targetname_abs;
+                argv[2] = NULL;
+                gnupg_exec_tool ("/bin/fuser", argv, NULL, &result, NULL);
+              }
+            goto leave;
+          }
+        if (result && *result)  /* (We should not see output to stdout).  */
+          log_info ("WARNING: umount returned data on stdout! (%s)\n", result);
+      }
+  }
  xfree (result);
  result = NULL;