Port veritysetup to new args parsing.

2025-12-11 19:00:02 +01:00 · 2020-07-20 20:27:37 +02:00
parent 958eaf4b24
commit 0851c2cfb0
5 changed files with 196 additions and 125 deletions
--- a/src/Makemodule.am
+++ b/src/Makemodule.am
@@ -48,9 +48,14 @@ veritysetup_SOURCES =		\
 	lib/utils_loop.c	\
 	lib/utils_io.c		\
 	lib/utils_blkid.c	\
+	src/utils_args.c	\
+	src/utils_arg_names.h	\
+	src/utils_arg_macros.h	\
 	src/utils_tools.c	\
 	src/utils_password.c	\
 	src/veritysetup.c	\
+	src/veritysetup_args.h	\
+	src/veritysetup_arg_list.h	\
 	src/cryptsetup.h

 veritysetup_LDADD = $(LDADD)	\
--- a/src/utils_arg_names.h
+++ b/src/utils_arg_names.h
@@ -30,7 +30,10 @@
 #define OPT_BITMAP_SECTORS_PER_BIT	"bitmap-sectors-per-bit"
 #define OPT_BLOCK_SIZE			"block-size"
 #define OPT_BUFFER_SECTORS		"buffer-sectors"
+#define OPT_CHECK_AT_MOST_ONCE		"check-at-most-once"
 #define OPT_CIPHER			"cipher"
+#define OPT_DATA_BLOCK_SIZE		"data-block-size"
+#define OPT_DATA_BLOCKS			"data-blocks"
 #define OPT_DATA_DEVICE			"data-device"
 #define OPT_DEBUG			"debug"
 #define OPT_DEBUG_JSON			"debug-json"
@@ -41,11 +44,19 @@
 #define OPT_DISABLE_LOCKS		"disable-locks"
 #define OPT_DUMP_MASTER_KEY		"dump-master-key"
 #define OPT_ENCRYPT			"encrypt"
+#define OPT_FEC_DEVICE			"fec-device"
+#define OPT_FEC_OFFSET			"fec-offset"
+#define OPT_FEC_ROOTS			"fec-roots"
 #define OPT_FORCE_PASSWORD		"force-password"
+#define OPT_FORMAT			"format"
 #define OPT_HASH			"hash"
+#define OPT_HASH_BLOCK_SIZE		"hash-block-size"
+#define OPT_HASH_OFFSET			"hash-offset"
 #define OPT_HEADER			"header"
 #define OPT_HEADER_BACKUP_FILE		"header-backup-file"
 #define OPT_HOTZONE_SIZE		"hotzone-size"
+#define OPT_IGNORE_CORRUPTION		"ignore-corruption"
+#define OPT_IGNORE_ZERO_BLOCKS		"ignore-zero-blocks"
 #define OPT_INIT_ONLY			"init-only"
 #define OPT_INTEGRITY			"integrity"
 #define OPT_INTEGRITY_BITMAP_MODE	"integrity-bitmap-mode"
@@ -78,6 +89,7 @@
 #define OPT_KEYFILE_SIZE		"keyfile-size"
 #define OPT_KEYSLOT_CIPHER		"keyslot-cipher"
 #define OPT_KEYSLOT_KEY_SIZE		"keyslot-key-size"
+#define OPT_NO_SUPERBLOCK		"no-superblock"
 #define OPT_NO_WIPE			"no-wipe"
 #define OPT_LABEL			"label"
 #define OPT_LUKS2_KEYSLOTS_SIZE		"luks2-keyslots-size"
@@ -102,7 +114,10 @@
 #define OPT_REFRESH			"refresh"
 #define OPT_RESILIENCE			"resilience"
 #define OPT_RESILIENCE_HASH		"resilience-hash"
+#define OPT_RESTART_ON_CORRUPTION	"restart-on-corruption"
 #define OPT_RESUME_ONLY			"resume-only"
+#define OPT_ROOT_HASH_SIGNATURE		"root-hash-signature"
+#define OPT_SALT			"salt"
 #define OPT_SECTOR_SIZE			"sector-size"
 #define OPT_SERIALIZE_MEMORY_HARD_PBKDF	"serialize-memory-hard-pbkdf"
 #define OPT_SHARED			"shared"
--- a/src/veritysetup.c
+++ b/src/veritysetup.c
@@ -20,38 +20,16 @@
 */

 #include "cryptsetup.h"
+#include "veritysetup_args.h"

 #define PACKAGE_VERITY "veritysetup"

-static char *opt_fec_device = NULL;
-static char *opt_hash_algorithm = NULL;
-static char *opt_salt = NULL;
-static char *opt_uuid = NULL;
-static char *opt_root_hash_signature = NULL;
-
-static int opt_use_superblock = 1;
-static int opt_fec_roots = DEFAULT_VERITY_FEC_ROOTS;
-static int opt_hash_type = 1;
-static int opt_data_block_size = DEFAULT_VERITY_DATA_BLOCK;
-static int opt_hash_block_size = DEFAULT_VERITY_HASH_BLOCK;
-static uint64_t data_blocks = 0;
-static uint64_t hash_offset = 0;
-static uint64_t fec_offset = 0;
-static int opt_restart_on_corruption = 0;
-static int opt_ignore_corruption = 0;
-static int opt_ignore_zero_blocks = 0;
-static int opt_check_at_most_once = 0;
-
 static const char **action_argv;
 static int action_argc;

 void tools_cleanup(void)
 {
-	FREE_AND_NULL(opt_fec_device);
-	FREE_AND_NULL(opt_hash_algorithm);
-	FREE_AND_NULL(opt_salt);
-	FREE_AND_NULL(opt_uuid);
-	FREE_AND_NULL(opt_root_hash_signature);
+	tools_args_free(tool_core_args, ARRAY_SIZE(tool_core_args));
 }

 static int _prepare_format(struct crypt_params_verity *params,
@@ -61,16 +39,16 @@ static int _prepare_format(struct crypt_params_verity *params,
 	char *salt = NULL;
 	int len;

-	params->hash_name = opt_hash_algorithm ?: DEFAULT_VERITY_HASH;
+	params->hash_name = ARG_STR(OPT_HASH_ID);
 	params->data_device = data_device;
-	params->fec_device = opt_fec_device;
-	params->fec_roots = opt_fec_roots;
+	params->fec_device = ARG_STR(OPT_FEC_DEVICE_ID);
+	params->fec_roots = ARG_UINT32(OPT_FEC_ROOTS_ID);

-	if (opt_salt && !strcmp(opt_salt, "-")) {
+	if (ARG_STR(OPT_SALT_ID) && !strcmp(ARG_STR(OPT_SALT_ID), "-")) {
 		params->salt_size = 0;
 		params->salt = NULL;
-	} else if (opt_salt) {
-		len = crypt_hex_to_bytes(opt_salt, &salt, 0);
+	} else if (ARG_SET(OPT_SALT_ID)) {
+		len = crypt_hex_to_bytes(ARG_STR(OPT_SALT_ID), &salt, 0);
 		if (len < 0) {
 			log_err(_("Invalid salt string specified."));
 			return -EINVAL;
@@ -82,12 +60,12 @@ static int _prepare_format(struct crypt_params_verity *params,
 		params->salt = NULL;
 	}

-	params->data_block_size = opt_data_block_size;
-	params->hash_block_size = opt_hash_block_size;
-	params->data_size = data_blocks;
-	params->hash_area_offset = hash_offset;
-	params->fec_area_offset = fec_offset;
-	params->hash_type = opt_hash_type;
+	params->data_block_size = ARG_UINT32(OPT_DATA_BLOCK_SIZE_ID);
+	params->hash_block_size = ARG_UINT32(OPT_HASH_BLOCK_SIZE_ID);
+	params->data_size = ARG_UINT64(OPT_DATA_BLOCKS_ID);
+	params->hash_area_offset = ARG_UINT64(OPT_HASH_OFFSET_ID);
+	params->fec_area_offset = ARG_UINT64(OPT_FEC_OFFSET_ID);
+	params->hash_type = ARG_UINT32(OPT_FORMAT_ID);
 	params->flags = flags;

 	return 0;
@@ -110,13 +88,13 @@ static int action_format(int arg)
 		close(r);
 	}
 	/* Try to create FEC image if doesn't exist */
-	if (opt_fec_device) {
-		r = open(opt_fec_device, O_WRONLY | O_EXCL | O_CREAT, S_IRUSR | S_IWUSR);
+	if (ARG_SET(OPT_FEC_DEVICE_ID)) {
+		r = open(ARG_STR(OPT_FEC_DEVICE_ID), O_WRONLY | O_EXCL | O_CREAT, S_IRUSR | S_IWUSR);
 		if (r < 0 && errno != EEXIST) {
-			log_err(_("Cannot create FEC image %s for writing."), opt_fec_device);
+			log_err(_("Cannot create FEC image %s for writing."), ARG_STR(OPT_FEC_DEVICE_ID));
 			return -EINVAL;
 		} else if (r >= 0) {
-			log_dbg("Created FEC image %s.", opt_fec_device);
+			log_dbg("Created FEC image %s.", ARG_STR(OPT_FEC_DEVICE_ID));
 			close(r);
 		}
 	}
@@ -124,14 +102,14 @@ static int action_format(int arg)
 	if ((r = crypt_init(&cd, action_argv[1])))
 		goto out;

-	if (!opt_use_superblock)
+	if (ARG_SET(OPT_NO_SUPERBLOCK_ID))
 		flags |= CRYPT_VERITY_NO_HEADER;

 	r = _prepare_format(&params, action_argv[0], flags);
 	if (r < 0)
 		goto out;

-	r = crypt_format(cd, CRYPT_VERITY, NULL, NULL, opt_uuid, NULL, 0, &params);
+	r = crypt_format(cd, CRYPT_VERITY, NULL, NULL, ARG_STR(OPT_UUID_ID), NULL, 0, &params);
 	if (!r)
 		crypt_dump(cd);
 out:
@@ -158,21 +136,21 @@ static int _activate(const char *dm_device,
 	if ((r = crypt_init_data_device(&cd, hash_device, data_device)))
 		goto out;

-	if (opt_ignore_corruption)
+	if (ARG_SET(OPT_IGNORE_CORRUPTION_ID))
 		activate_flags |= CRYPT_ACTIVATE_IGNORE_CORRUPTION;
-	if (opt_restart_on_corruption)
+	if (ARG_SET(OPT_RESTART_ON_CORRUPTION_ID))
 		activate_flags |= CRYPT_ACTIVATE_RESTART_ON_CORRUPTION;
-	if (opt_ignore_zero_blocks)
+	if (ARG_SET(OPT_IGNORE_ZERO_BLOCKS_ID))
 		activate_flags |= CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS;
-	if (opt_check_at_most_once)
+	if (ARG_SET(OPT_CHECK_AT_MOST_ONCE_ID))
 		activate_flags |= CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE;

-	if (opt_use_superblock) {
+	if (!ARG_SET(OPT_NO_SUPERBLOCK_ID)) {
 		params.flags = flags;
-		params.hash_area_offset = hash_offset;
-		params.fec_area_offset = fec_offset;
-		params.fec_device = opt_fec_device;
-		params.fec_roots = opt_fec_roots;
+		params.hash_area_offset = ARG_UINT64(OPT_HASH_OFFSET_ID);
+		params.fec_area_offset = ARG_UINT64(OPT_FEC_OFFSET_ID);
+		params.fec_device = ARG_STR(OPT_FEC_DEVICE_ID);
+		params.fec_roots = ARG_UINT32(OPT_FEC_ROOTS_ID);
 		r = crypt_load(cd, CRYPT_VERITY, &params);
 	} else {
 		r = _prepare_format(&params, data_device, flags | CRYPT_VERITY_NO_HEADER);
@@ -190,17 +168,17 @@ static int _activate(const char *dm_device,
 		goto out;
 	}

-	if (opt_root_hash_signature) {
+	if (ARG_SET(OPT_ROOT_HASH_SIGNATURE_ID)) {
 		// FIXME: check max file size
-		if (stat(opt_root_hash_signature, &st) || !S_ISREG(st.st_mode) || !st.st_size) {
-			log_err(_("Invalid signature file %s."), opt_root_hash_signature);
+		if (stat(ARG_STR(OPT_ROOT_HASH_SIGNATURE_ID), &st) || !S_ISREG(st.st_mode) || !st.st_size) {
+			log_err(_("Invalid signature file %s."), ARG_STR(OPT_ROOT_HASH_SIGNATURE_ID));
 			r = -EINVAL;
 			goto out;
 		}
 		signature_size = st.st_size;
-		r = tools_read_mk(opt_root_hash_signature, &signature, signature_size);
+		r = tools_read_mk(ARG_STR(OPT_ROOT_HASH_SIGNATURE_ID), &signature, signature_size);
 		if (r < 0) {
-			log_err(_("Cannot read signature file %s."), opt_root_hash_signature);
+			log_err(_("Cannot read signature file %s."), ARG_STR(OPT_ROOT_HASH_SIGNATURE_ID));
 			goto out;
 		}
 	}
@@ -223,7 +201,7 @@ static int action_open(int arg)
 			 action_argv[0],
 			 action_argv[2],
 			 action_argv[3],
-			 opt_root_hash_signature ? CRYPT_VERITY_ROOT_HASH_SIGNATURE : 0);
+			 ARG_SET(OPT_ROOT_HASH_SIGNATURE_ID) ? CRYPT_VERITY_ROOT_HASH_SIGNATURE : 0);
 }

 static int action_verify(int arg)
@@ -335,7 +313,7 @@ static int action_status(int arg)

 		if (vp.fec_device) {
 			log_std("  FEC device:  %s\n", vp.fec_device);
-			if ((backing_file = crypt_loop_backing_file(opt_fec_device))) {
+			if ((backing_file = crypt_loop_backing_file(ARG_STR(OPT_FEC_DEVICE_ID)))) {
 				log_std("  FEC loop:    %s\n", backing_file);
 				free(backing_file);
 			}
@@ -382,8 +360,8 @@ static int action_dump(int arg)
 	if ((r = crypt_init(&cd, action_argv[0])))
 		return r;

-	params.hash_area_offset = hash_offset;
-	params.fec_area_offset = fec_offset;
+	params.hash_area_offset = ARG_UINT64(OPT_HASH_OFFSET_ID);
+	params.fec_area_offset = ARG_UINT64(OPT_FEC_OFFSET_ID);
 	r = crypt_load(cd, CRYPT_VERITY, &params);
 	if (!r)
 		crypt_dump(cd);
@@ -459,6 +437,15 @@ static int run_action(struct action_type *action)
 	return translate_errno(r);
 }

+static void basic_options_cb(poptContext popt_context,
+		 enum poptCallbackReason reason __attribute__((unused)),
+		 struct poptOption *key,
+		 const char *arg,
+		 void *data __attribute__((unused)))
+{
+	tools_parse_arg_value(popt_context, tool_core_args[key->val].type, tool_core_args + key->val, arg, key->val, NULL);
+}
+
 int main(int argc, const char **argv)
 {
 	static const char *null_action_argv[] = {NULL};
@@ -469,27 +456,16 @@ int main(int argc, const char **argv)
 		{ "version",'V', POPT_ARG_NONE,     NULL, 0, N_("Print package version"),  NULL },
 		POPT_TABLEEND
 	};
+	static struct poptOption popt_basic_options[] = {
+		{ NULL,    '\0', POPT_ARG_CALLBACK, basic_options_cb, 0, NULL, NULL },
+#define ARG(A, B, C, D, E, F, G, H) { A, B, C, NULL, A ## _ID, D, E },
+#include "veritysetup_arg_list.h"
+#undef arg
+		POPT_TABLEEND
+	};
 	static struct poptOption popt_options[] = {
 		{ NULL,              '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL },
-		{ "verbose",         'v',  POPT_ARG_NONE, &opt_verbose,      0, N_("Shows more detailed error messages"), NULL },
-		{ "debug",           '\0', POPT_ARG_NONE, &opt_debug,        0, N_("Show debug messages"), NULL },
-		{ "no-superblock",   0,    POPT_ARG_VAL,  &opt_use_superblock,   0, N_("Do not use verity superblock"), NULL },
-		{ "format",          0,    POPT_ARG_INT,  &opt_hash_type,        0, N_("Format type (1 - normal, 0 - original Chrome OS)"), N_("number") },
-		{ "data-block-size", 0,    POPT_ARG_INT,  &opt_data_block_size,  0, N_("Block size on the data device"), N_("bytes") },
-		{ "hash-block-size", 0,    POPT_ARG_INT,  &opt_hash_block_size,  0, N_("Block size on the hash device"), N_("bytes") },
-		{ "fec-roots",       0,    POPT_ARG_INT,  &opt_fec_roots,        0, N_("FEC parity bytes"), N_("bytes") },
-		{ "data-blocks",     0,    POPT_ARG_STRING, NULL,       1, N_("The number of blocks in the data file"), N_("blocks") },
-		{ "fec-device",      0,    POPT_ARG_STRING, &opt_fec_device,     0, N_("Path to device with error correction data"), N_("path") },
-		{ "hash-offset",     0,    POPT_ARG_STRING, NULL,       2, N_("Starting offset on the hash device"), N_("bytes") },
-		{ "fec-offset",      0,    POPT_ARG_STRING, NULL,       3, N_("Starting offset on the FEC device"), N_("bytes") },
-		{ "hash",            'h',  POPT_ARG_STRING, &opt_hash_algorithm, 0, N_("Hash algorithm"), N_("string") },
-		{ "salt",            's',  POPT_ARG_STRING, &opt_salt,    0, N_("Salt"), N_("hex string") },
-		{ "uuid",            '\0', POPT_ARG_STRING, &opt_uuid,       0, N_("UUID for device to use"), NULL },
-		{ "root-hash-signature",'\0', POPT_ARG_STRING, &opt_root_hash_signature,  0, N_("Path to root hash signature file"), NULL },
-		{ "restart-on-corruption", 0,POPT_ARG_NONE,&opt_restart_on_corruption, 0, N_("Restart kernel if corruption is detected"), NULL },
-		{ "ignore-corruption", 0,  POPT_ARG_NONE, &opt_ignore_corruption,  0, N_("Ignore corruption, log it only"), NULL },
-		{ "ignore-zero-blocks", 0, POPT_ARG_NONE, &opt_ignore_zero_blocks, 0, N_("Do not verify zeroed blocks"), NULL },
-		{ "check-at-most-once", 0, POPT_ARG_NONE, &opt_check_at_most_once, 0, N_("Verify data block only the first time it is read"), NULL },
+		{ NULL,              '\0', POPT_ARG_INCLUDE_TABLE, popt_basic_options, 0, NULL, NULL },
 		POPT_TABLEEND
 	};

@@ -508,34 +484,7 @@ int main(int argc, const char **argv)
 	poptSetOtherOptionHelp(popt_context,
 	                       _("[OPTION...] <action> <action-specific>"));

-	while((r = poptGetNextOpt(popt_context)) > 0) {
-		unsigned long long ull_value;
-		char *endp, *str = poptGetOptArg(popt_context);
-
-		errno = 0;
-		ull_value = strtoull(str, &endp, 10);
-		if (*endp || !*str || !isdigit(*str) ||
-		    (errno == ERANGE && ull_value == ULLONG_MAX) ||
-		    (errno != 0 && ull_value == 0))
-			r = POPT_ERROR_BADNUMBER;
-
-		free(str);
-
-		switch(r) {
-			case 1:
-				data_blocks = ull_value;
-				break;
-			case 2:
-				hash_offset = ull_value;
-				break;
-			case 3:
-				fec_offset = ull_value;
-				break;
-		}
-
-		if (r < 0)
-			break;
-	}
+	while((r = poptGetNextOpt(popt_context)) > 0) {}

 	if (r < -1)
 		usage(popt_context, EXIT_FAILURE, poptStrerror(r),
@@ -583,33 +532,22 @@ int main(int argc, const char **argv)
 		      poptGetInvocationName(popt_context));
 	}

-	if (opt_data_block_size < 0 || opt_hash_block_size < 0 || opt_hash_type < 0) {
-		usage(popt_context, EXIT_FAILURE,
-		      _("Negative number for option not permitted."),
-		      poptGetInvocationName(popt_context));
-	}
+	tools_check_args(action->type, tool_core_args, ARRAY_SIZE(tool_core_args), popt_context);

-	if ((opt_ignore_corruption || opt_restart_on_corruption || opt_ignore_zero_blocks) && strcmp(aname, "open"))
-		usage(popt_context, EXIT_FAILURE,
-		_("Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."),
-		poptGetInvocationName(popt_context));
-
-	if (opt_root_hash_signature && strcmp(aname, "open"))
-		usage(popt_context, EXIT_FAILURE,
-		_("Option --root-hash-signature can be used only for open operation."),
-		poptGetInvocationName(popt_context));
-
-	if (opt_ignore_corruption && opt_restart_on_corruption)
+	if (ARG_SET(OPT_IGNORE_CORRUPTION_ID) && ARG_SET(OPT_RESTART_ON_CORRUPTION_ID))
 		usage(popt_context, EXIT_FAILURE,
 		_("Option --ignore-corruption and --restart-on-corruption cannot be used together."),
 		poptGetInvocationName(popt_context));

-	if (opt_debug) {
-		opt_verbose = 1;
+	if (ARG_SET(OPT_DEBUG_ID)) {
+		ARG_SET(OPT_VERBOSE_ID) = true;
 		crypt_set_debug_level(CRYPT_DEBUG_ALL);
 		dbg_version_and_cmd(argc, argv);
 	}

+	opt_verbose = ARG_SET(OPT_VERBOSE_ID) ? 1 : 0;
+	opt_debug = ARG_SET(OPT_DEBUG_ID) ? 1 : 0;
+
 	r = run_action(action);
 	tools_cleanup();
 	poptFreeContext(popt_context);
--- a/src/veritysetup_arg_list.h
+++ b/src/veritysetup_arg_list.h
@@ -0,0 +1,60 @@
+/*
+ * Veritysetup command line arguments list
+ *
+ * Copyright (C) 2020 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2020 Ondrej Kozina
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+/* long name, short name, popt type, help description, units, internal argument type, default value, allowed actions (empty=global) */
+
+ARG(OPT_CHECK_AT_MOST_ONCE, '\0', POPT_ARG_NONE, N_("Verify data block only the first time it is read"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_DATA_BLOCK_SIZE, '\0', POPT_ARG_STRING, N_("Block size on the data device"), N_("bytes"), CRYPT_ARG_UINT32, { .u32_value = DEFAULT_VERITY_DATA_BLOCK }, {})
+
+ARG(OPT_DATA_BLOCKS, '\0', POPT_ARG_STRING, N_("The number of blocks in the data file"), N_("blocks"), CRYPT_ARG_UINT64, {}, {})
+
+ARG(OPT_DEBUG, '\0', POPT_ARG_NONE, N_("Show debug messages"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_FEC_DEVICE, '\0', POPT_ARG_STRING, N_("Path to device with error correction data"), N_("path"), CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_FEC_OFFSET, '\0', POPT_ARG_STRING, N_("Starting offset on the FEC device"), N_("bytes"), CRYPT_ARG_UINT64, {}, {})
+
+ARG(OPT_FEC_ROOTS, '\0', POPT_ARG_STRING, N_("FEC parity bytes"), N_("bytes"), CRYPT_ARG_UINT32, { .u32_value = DEFAULT_VERITY_FEC_ROOTS }, {})
+
+ARG(OPT_FORMAT, '\0', POPT_ARG_STRING, N_("Format type (1 - normal, 0 - original Chrome OS)"), N_("number"), CRYPT_ARG_UINT32, { .u32_value = 1 }, {})
+
+ARG(OPT_HASH, 'h',  POPT_ARG_STRING, N_("Hash algorithm"), N_("string"), CRYPT_ARG_STRING, { .str_value = CONST_CAST(void *)DEFAULT_VERITY_HASH }, {})
+
+ARG(OPT_HASH_BLOCK_SIZE, '\0', POPT_ARG_STRING, N_("Block size on the hash device"), N_("bytes"), CRYPT_ARG_UINT32, { .u32_value = DEFAULT_VERITY_HASH_BLOCK }, {})
+
+ARG(OPT_HASH_OFFSET, '\0', POPT_ARG_STRING, N_("Starting offset on the hash device"), N_("bytes"), CRYPT_ARG_UINT64, {}, {})
+
+ARG(OPT_IGNORE_CORRUPTION, '\0', POPT_ARG_NONE, N_("Ignore corruption, log it only"), NULL, CRYPT_ARG_BOOL, {}, OPT_IGNORE_CORRUPTION_ACTIONS)
+
+ARG(OPT_IGNORE_ZERO_BLOCKS, '\0', POPT_ARG_NONE, N_("Do not verify zeroed blocks"), NULL, CRYPT_ARG_BOOL, {}, OPT_IGNORE_ZERO_BLOCKS_ACTIONS)
+
+ARG(OPT_NO_SUPERBLOCK, '\0', POPT_ARG_NONE, N_("Do not use verity superblock"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_RESTART_ON_CORRUPTION, '\0', POPT_ARG_NONE, N_("Restart kernel if corruption is detected"), NULL, CRYPT_ARG_BOOL, {}, OPT_RESTART_ON_CORRUPTION_ACTIONS)
+
+ARG(OPT_ROOT_HASH_SIGNATURE, '\0', POPT_ARG_STRING, N_("Path to root hash signature file"), NULL, CRYPT_ARG_STRING, {}, OPT_ROOT_HASH_SIGNATURE_ACTIONS)
+
+ARG(OPT_SALT, 's', POPT_ARG_STRING, N_("Salt"), N_("hex string"), CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_UUID, '\0', POPT_ARG_STRING, N_("UUID for device to use"), NULL, CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_VERBOSE, 'v', POPT_ARG_NONE, N_("Shows more detailed error messages"), NULL, CRYPT_ARG_BOOL, {}, {})
--- a/src/veritysetup_args.h
+++ b/src/veritysetup_args.h
@@ -0,0 +1,53 @@
+/*
+ * Command line arguments helpers
+ *
+ * Copyright (C) 2020 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2020 Ondrej Kozina
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef VERITYSETUP_ARGS_H
+#define VERITYSETUP_ARGS_H
+
+#include "utils_arg_names.h"
+#include "utils_arg_macros.h"
+
+#define CLOSE_ACTION	"close"
+#define DUMP_ACTION	"dump"
+#define FORMAT_ACTION	"format"
+#define OPEN_ACTION	"open"
+#define STATUS_ACTION	"status"
+#define VERIFY_ACTION	"verify"
+
+#define OPT_IGNORE_CORRUPTION_ACTIONS		{ OPEN_ACTION }
+#define OPT_IGNORE_ZERO_BLOCKS_ACTIONS		{ OPEN_ACTION }
+#define OPT_RESTART_ON_CORRUPTION_ACTIONS	{ OPEN_ACTION }
+#define OPT_ROOT_HASH_SIGNATURE_ACTIONS		{ OPEN_ACTION }
+
+enum {
+OPT_UNUSED_ID = 0,
+#define ARG(A, B, C, D, E, F, G, H) A ## _ID,
+#include "veritysetup_arg_list.h"
+#undef ARG
+};
+
+static struct tools_arg tool_core_args[] = { { NULL, false, CRYPT_ARG_BOOL }, // UNUSED
+#define ARG(A, B, C, D, E, F, G, H) { A, false, F, G, H },
+#include "veritysetup_arg_list.h"
+#undef ARG
+};
+
+#endif