cryptenroll: add --list-devices switch that shows candidate block devices

2024-09-06 08:46:19 +00:00 · 2024-07-01 11:51:14 +02:00 · 2024-07-01 11:51:14 +02:00 · e742c99999
parent 68ff31fa0a
commit e742c99999
3 changed files with 23 additions and 0 deletions
--- a/man/systemd-cryptenroll.xml
+++ b/man/systemd-cryptenroll.xml
@ -675,6 +675,16 @@
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term><option>--list-devices</option></term>
+
+        <listitem><para>Show a list of candidate block devices this command may operate on. Specifically,
+        this enumerates block devices currently present that contain a LUKS superblock, and shows their device
+        node paths along with any of their symlinks.</para>
+
+        <xi:include href="version-info.xml" xpointer="v257"/></listitem>
+      </varlistentry>
+
      <xi:include href="standard-options.xml" xpointer="help" />
      <xi:include href="standard-options.xml" xpointer="version" />
    </variablelist>
--- a/src/cryptenroll/cryptenroll.c
+++ b/src/cryptenroll/cryptenroll.c
@ -4,6 +4,7 @@
 #include <sys/mman.h>

 #include "ask-password-api.h"
+#include "blockdev-list.h"
 #include "blockdev-util.h"
 #include "build.h"
 #include "cryptenroll-fido2.h"
@ -179,6 +180,7 @@ static int help(void) {
               "%5$sEnroll a security token or authentication credential to a LUKS volume.%6$s\n\n"
               "  -h --help            Show this help\n"
               "     --version         Show package version\n"
+               "     --list-devices    List candidate block devices to operate on\n"
               "     --wipe-slot=SLOT1,SLOT2,…\n"
               "                       Wipe specified slots\n"
               "\n%3$sUnlocking:%4$s\n"
@ -266,6 +268,7 @@ static int parse_argv(int argc, char *argv[]) {
                ARG_FIDO2_WITH_UP,
                ARG_FIDO2_WITH_UV,
                ARG_FIDO2_CRED_ALG,
+                ARG_LIST_DEVICES,
        };

        static const struct option options[] = {
@ -294,6 +297,7 @@ static int parse_argv(int argc, char *argv[]) {
                { "tpm2-pcrlock",                  required_argument, NULL, ARG_TPM2_PCRLOCK               },
                { "tpm2-with-pin",                 required_argument, NULL, ARG_TPM2_WITH_PIN              },
                { "wipe-slot",                     required_argument, NULL, ARG_WIPE_SLOT                  },
+                { "list-devices",                  no_argument,       NULL, ARG_LIST_DEVICES               },
                {}
        };

@ -622,6 +626,13 @@ static int parse_argv(int argc, char *argv[]) {
                        break;
                }

+                case ARG_LIST_DEVICES:
+                        r = blockdev_list(BLOCKDEV_LIST_SHOW_SYMLINKS|BLOCKDEV_LIST_REQUIRE_LUKS);
+                        if (r < 0)
+                                return r;
+
+                        return 0;
+
                case '?':
                        return -EINVAL;

--- a/test/units/TEST-24-CRYPTSETUP.sh
+++ b/test/units/TEST-24-CRYPTSETUP.sh
@ -270,4 +270,6 @@ cryptsetup_start_and_check detached_slot{0..1}
 cryptsetup_start_and_check -f detached_slot_fail
 cryptsetup_start_and_check -u detached_nofail

+systemd-cryptenroll --list-devices
+
 touch /testok