]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
d58ad743 LP |
2 | |
3 | #include "alloc-util.h" | |
f461a28d | 4 | #include "chase.h" |
9a4b883b | 5 | #include "dirent-util.h" |
686d13b9 | 6 | #include "env-file.h" |
7eda2d7f | 7 | #include "env-util.h" |
d58ad743 | 8 | #include "fd-util.h" |
4fa744a3 | 9 | #include "fileio.h" |
d58ad743 | 10 | #include "fs-util.h" |
28e5e1e9 | 11 | #include "glyph-util.h" |
d58ad743 LP |
12 | #include "macro.h" |
13 | #include "os-util.h" | |
9a4b883b | 14 | #include "parse-util.h" |
6ef06723 | 15 | #include "path-util.h" |
9a4b883b | 16 | #include "stat-util.h" |
c2cd9508 | 17 | #include "string-table.h" |
d58ad743 | 18 | #include "string-util.h" |
686d13b9 | 19 | #include "strv.h" |
6ef06723 | 20 | #include "utf8.h" |
9a4b883b | 21 | #include "xattr-util.h" |
6ef06723 | 22 | |
c2cd9508 YW |
23 | static const char* const image_class_table[_IMAGE_CLASS_MAX] = { |
24 | [IMAGE_MACHINE] = "machine", | |
25 | [IMAGE_PORTABLE] = "portable", | |
26 | [IMAGE_SYSEXT] = "extension", | |
27 | [IMAGE_CONFEXT] = "confext", | |
28 | }; | |
29 | ||
30 | DEFINE_STRING_TABLE_LOOKUP(image_class, ImageClass); | |
31 | ||
b60e0f57 | 32 | /* Helper struct for naming simplicity and reusability */ |
33 | static const struct { | |
34 | const char *release_file_directory; | |
35 | const char *release_file_path_prefix; | |
36 | } image_class_release_info[_IMAGE_CLASS_MAX] = { | |
37 | [IMAGE_SYSEXT] = { | |
38 | .release_file_directory = "/usr/lib/extension-release.d/", | |
39 | .release_file_path_prefix = "/usr/lib/extension-release.d/extension-release.", | |
40 | }, | |
41 | [IMAGE_CONFEXT] = { | |
42 | .release_file_directory = "/etc/extension-release.d/", | |
43 | .release_file_path_prefix = "/etc/extension-release.d/extension-release.", | |
44 | } | |
45 | }; | |
46 | ||
6ef06723 ZJS |
47 | bool image_name_is_valid(const char *s) { |
48 | if (!filename_is_valid(s)) | |
49 | return false; | |
50 | ||
51 | if (string_has_cc(s, NULL)) | |
52 | return false; | |
53 | ||
54 | if (!utf8_is_valid(s)) | |
55 | return false; | |
56 | ||
57 | /* Temporary files for atomically creating new files */ | |
58 | if (startswith(s, ".#")) | |
59 | return false; | |
60 | ||
61 | return true; | |
62 | } | |
d58ad743 | 63 | |
b60e0f57 | 64 | int path_is_extension_tree(ImageClass image_class, const char *path, const char *extension, bool relax_extension_release_check) { |
d58ad743 LP |
65 | int r; |
66 | ||
67 | assert(path); | |
68 | ||
69 | /* Does the path exist at all? If not, generate an error immediately. This is useful so that a missing root dir | |
5238e957 | 70 | * always results in -ENOENT, and we can properly distinguish the case where the whole root doesn't exist from |
d58ad743 LP |
71 | * the case where just the os-release file is missing. */ |
72 | if (laccess(path, F_OK) < 0) | |
73 | return -errno; | |
74 | ||
9a4b883b | 75 | /* We use /usr/lib/extension-release.d/extension-release[.NAME] as flag for something being a system extension, |
b60e0f57 | 76 | * /etc/extension-release.d/extension-release[.NAME] as flag for something being a system configuration, and finally, |
9a4b883b | 77 | * and {/etc|/usr/lib}/os-release as a flag for something being an OS (when not an extension). */ |
b60e0f57 | 78 | r = open_extension_release(path, image_class, extension, relax_extension_release_check, NULL, NULL); |
d58ad743 LP |
79 | if (r == -ENOENT) /* We got nothing */ |
80 | return 0; | |
81 | if (r < 0) | |
82 | return r; | |
83 | ||
84 | return 1; | |
85 | } | |
86 | ||
192a9b70 LB |
87 | static int extension_release_strict_xattr_value(int extension_release_fd, const char *extension_release_dir_path, const char *filename) { |
88 | int r; | |
89 | ||
90 | assert(extension_release_fd >= 0); | |
91 | assert(extension_release_dir_path); | |
92 | assert(filename); | |
93 | ||
94 | /* No xattr or cannot parse it? Then skip this. */ | |
95 | _cleanup_free_ char *extension_release_xattr = NULL; | |
96 | r = fgetxattr_malloc(extension_release_fd, "user.extension-release.strict", &extension_release_xattr); | |
97 | if (r < 0) { | |
98 | if (!ERRNO_IS_XATTR_ABSENT(r)) | |
99 | return log_debug_errno(r, | |
100 | "%s/%s: Failed to read 'user.extension-release.strict' extended attribute from file, ignoring: %m", | |
101 | extension_release_dir_path, filename); | |
102 | ||
103 | return log_debug_errno(r, "%s/%s does not have user.extension-release.strict xattr, ignoring.", extension_release_dir_path, filename); | |
104 | } | |
105 | ||
106 | /* Explicitly set to request strict matching? Skip it. */ | |
107 | r = parse_boolean(extension_release_xattr); | |
108 | if (r < 0) | |
109 | return log_debug_errno(r, | |
110 | "%s/%s: Failed to parse 'user.extension-release.strict' extended attribute from file, ignoring: %m", | |
111 | extension_release_dir_path, filename); | |
112 | if (r > 0) { | |
113 | log_debug("%s/%s: 'user.extension-release.strict' attribute is true, ignoring file.", | |
114 | extension_release_dir_path, filename); | |
115 | return true; | |
116 | } | |
117 | ||
118 | log_debug("%s/%s: 'user.extension-release.strict' attribute is false%s", | |
119 | extension_release_dir_path, filename, | |
120 | special_glyph(SPECIAL_GLYPH_ELLIPSIS)); | |
121 | ||
122 | return false; | |
123 | } | |
124 | ||
538d878d | 125 | int open_os_release_at(int rfd, char **ret_path, int *ret_fd) { |
a84677e0 YW |
126 | const char *e; |
127 | int r; | |
128 | ||
538d878d YW |
129 | assert(rfd >= 0 || rfd == AT_FDCWD); |
130 | ||
a84677e0 YW |
131 | e = secure_getenv("SYSTEMD_OS_RELEASE"); |
132 | if (e) | |
538d878d | 133 | return chaseat(rfd, e, CHASE_AT_RESOLVE_IN_ROOT, ret_path, ret_fd); |
a84677e0 YW |
134 | |
135 | FOREACH_STRING(path, "/etc/os-release", "/usr/lib/os-release") { | |
538d878d | 136 | r = chaseat(rfd, path, CHASE_AT_RESOLVE_IN_ROOT, ret_path, ret_fd); |
a84677e0 YW |
137 | if (r != -ENOENT) |
138 | return r; | |
139 | } | |
140 | ||
141 | return -ENOENT; | |
142 | } | |
143 | ||
538d878d YW |
144 | int open_os_release(const char *root, char **ret_path, int *ret_fd) { |
145 | _cleanup_close_ int rfd = -EBADF, fd = -EBADF; | |
146 | _cleanup_free_ char *p = NULL; | |
147 | int r; | |
148 | ||
149 | rfd = open(empty_to_root(root), O_CLOEXEC | O_DIRECTORY | O_PATH); | |
150 | if (rfd < 0) | |
151 | return -errno; | |
152 | ||
153 | r = open_os_release_at(rfd, ret_path ? &p : NULL, ret_fd ? &fd : NULL); | |
154 | if (r < 0) | |
155 | return r; | |
156 | ||
157 | if (ret_path) { | |
158 | r = path_prefix_root_cwd(p, root, ret_path); | |
159 | if (r < 0) | |
160 | return r; | |
161 | } | |
162 | ||
163 | if (ret_fd) | |
164 | *ret_fd = TAKE_FD(fd); | |
165 | ||
166 | return 0; | |
167 | } | |
168 | ||
169 | int open_extension_release_at( | |
170 | int rfd, | |
a84677e0 YW |
171 | ImageClass image_class, |
172 | const char *extension, | |
173 | bool relax_extension_release_check, | |
174 | char **ret_path, | |
175 | int *ret_fd) { | |
176 | ||
61acfd83 YW |
177 | _cleanup_free_ char *dir_path = NULL, *path_found = NULL; |
178 | _cleanup_close_ int fd_found = -EBADF; | |
179 | _cleanup_closedir_ DIR *dir = NULL; | |
c9d64f8a | 180 | bool found = false; |
61acfd83 | 181 | const char *p; |
6f0f4d14 | 182 | int r; |
d58ad743 | 183 | |
538d878d | 184 | assert(rfd >= 0 || rfd == AT_FDCWD); |
a84677e0 | 185 | assert(!extension || (image_class >= 0 && image_class < _IMAGE_CLASS_MAX)); |
b60e0f57 | 186 | |
a84677e0 | 187 | if (!extension) |
538d878d | 188 | return open_os_release_at(rfd, ret_path, ret_fd); |
6ddd0511 | 189 | |
7421f20c YW |
190 | if (!IN_SET(image_class, IMAGE_SYSEXT, IMAGE_CONFEXT)) |
191 | return -EINVAL; | |
192 | ||
a84677e0 YW |
193 | if (!image_name_is_valid(extension)) |
194 | return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "The extension name %s is invalid.", extension); | |
ed15f8bc | 195 | |
61acfd83 | 196 | p = strjoina(image_class_release_info[image_class].release_file_path_prefix, extension); |
538d878d | 197 | r = chaseat(rfd, p, CHASE_AT_RESOLVE_IN_ROOT, ret_path, ret_fd); |
61acfd83 | 198 | log_full_errno_zerook(LOG_DEBUG, MIN(r, 0), "Checking for %s: %m", p); |
7213c750 YW |
199 | if (r != -ENOENT) |
200 | return r; | |
9a4b883b | 201 | |
a84677e0 YW |
202 | /* Cannot find the expected extension-release file? The image filename might have been mangled on |
203 | * deployment, so fallback to checking for any file in the extension-release.d directory, and return | |
204 | * the first one with a user.extension-release xattr instead. The user.extension-release.strict | |
205 | * xattr is checked to ensure the author of the image considers it OK if names do not match. */ | |
9a4b883b | 206 | |
61acfd83 | 207 | p = image_class_release_info[image_class].release_file_directory; |
538d878d | 208 | r = chase_and_opendirat(rfd, p, CHASE_AT_RESOLVE_IN_ROOT, &dir_path, &dir); |
7213c750 | 209 | if (r < 0) |
538d878d | 210 | return log_debug_errno(r, "Cannot open %s, ignoring: %m", p); |
9a4b883b | 211 | |
61acfd83 YW |
212 | FOREACH_DIRENT(de, dir, return -errno) { |
213 | _cleanup_close_ int fd = -EBADF; | |
214 | const char *image_name; | |
9a4b883b | 215 | |
7213c750 YW |
216 | if (!IN_SET(de->d_type, DT_REG, DT_UNKNOWN)) |
217 | continue; | |
a84677e0 | 218 | |
61acfd83 | 219 | image_name = startswith(de->d_name, "extension-release."); |
7213c750 YW |
220 | if (!image_name) |
221 | continue; | |
222 | ||
223 | if (!image_name_is_valid(image_name)) { | |
61acfd83 | 224 | log_debug("%s/%s is not a valid release file name, ignoring.", dir_path, de->d_name); |
7213c750 YW |
225 | continue; |
226 | } | |
227 | ||
228 | /* We already chased the directory, and checked that this is a real file, so we shouldn't | |
229 | * fail to open it. */ | |
61acfd83 YW |
230 | fd = openat(dirfd(dir), de->d_name, O_PATH|O_CLOEXEC|O_NOFOLLOW); |
231 | if (fd < 0) | |
232 | return log_debug_errno(errno, "Failed to open release file %s/%s: %m", dir_path, de->d_name); | |
7213c750 YW |
233 | |
234 | /* Really ensure it is a regular file after we open it. */ | |
61acfd83 | 235 | r = fd_verify_regular(fd); |
59c47075 | 236 | if (r < 0) { |
61acfd83 | 237 | log_debug_errno(r, "%s/%s is not a regular file, ignoring: %m", dir_path, de->d_name); |
7213c750 YW |
238 | continue; |
239 | } | |
240 | ||
61acfd83 YW |
241 | if (!relax_extension_release_check && |
242 | extension_release_strict_xattr_value(fd, dir_path, de->d_name) != 0) | |
243 | continue; | |
7213c750 YW |
244 | |
245 | /* We already found what we were looking for, but there's another candidate? We treat this as | |
246 | * an error, as we want to enforce that there are no ambiguities in case we are in the | |
247 | * fallback path. */ | |
c9d64f8a YW |
248 | if (found) |
249 | return -ENOTUNIQ; | |
7213c750 | 250 | |
c9d64f8a | 251 | found = true; |
7213c750 YW |
252 | |
253 | if (ret_fd) | |
61acfd83 | 254 | fd_found = TAKE_FD(fd); |
7213c750 YW |
255 | |
256 | if (ret_path) { | |
61acfd83 YW |
257 | path_found = path_join(dir_path, de->d_name); |
258 | if (!path_found) | |
7213c750 | 259 | return -ENOMEM; |
a84677e0 | 260 | } |
d58ad743 | 261 | } |
c9d64f8a YW |
262 | if (!found) |
263 | return -ENOENT; | |
d58ad743 | 264 | |
396ec958 | 265 | if (ret_fd) |
61acfd83 | 266 | *ret_fd = TAKE_FD(fd_found); |
d58ad743 | 267 | if (ret_path) |
61acfd83 | 268 | *ret_path = TAKE_PTR(path_found); |
d58ad743 LP |
269 | |
270 | return 0; | |
271 | } | |
272 | ||
538d878d | 273 | int open_extension_release( |
f4a1d32c YW |
274 | const char *root, |
275 | ImageClass image_class, | |
538d878d | 276 | const char *extension, |
f4a1d32c | 277 | bool relax_extension_release_check, |
538d878d YW |
278 | char **ret_path, |
279 | int *ret_fd) { | |
280 | ||
281 | _cleanup_close_ int rfd = -EBADF, fd = -EBADF; | |
282 | _cleanup_free_ char *p = NULL; | |
283 | int r; | |
284 | ||
285 | rfd = open(empty_to_root(root), O_CLOEXEC | O_DIRECTORY | O_PATH); | |
286 | if (rfd < 0) | |
287 | return -errno; | |
288 | ||
289 | r = open_extension_release_at(rfd, image_class, extension, relax_extension_release_check, | |
290 | ret_path ? &p : NULL, ret_fd ? &fd : NULL); | |
291 | if (r < 0) | |
292 | return r; | |
293 | ||
294 | if (ret_path) { | |
295 | r = path_prefix_root_cwd(p, root, ret_path); | |
296 | if (r < 0) | |
297 | return r; | |
298 | } | |
299 | ||
300 | if (ret_fd) | |
301 | *ret_fd = TAKE_FD(fd); | |
302 | ||
303 | return 0; | |
304 | } | |
305 | ||
306 | static int parse_extension_release_atv( | |
307 | int rfd, | |
308 | ImageClass image_class, | |
f4a1d32c | 309 | const char *extension, |
538d878d YW |
310 | bool relax_extension_release_check, |
311 | va_list ap) { | |
f4a1d32c | 312 | |
53cbf5f9 | 313 | _cleanup_close_ int fd = -EBADF; |
d58ad743 | 314 | _cleanup_free_ char *p = NULL; |
d58ad743 LP |
315 | int r; |
316 | ||
538d878d YW |
317 | assert(rfd >= 0 || rfd == AT_FDCWD); |
318 | ||
319 | r = open_extension_release_at(rfd, image_class, extension, relax_extension_release_check, &p, &fd); | |
d58ad743 LP |
320 | if (r < 0) |
321 | return r; | |
322 | ||
538d878d YW |
323 | return parse_env_file_fdv(fd, p, ap); |
324 | } | |
325 | ||
326 | int parse_extension_release_at_sentinel( | |
327 | int rfd, | |
328 | ImageClass image_class, | |
329 | bool relax_extension_release_check, | |
330 | const char *extension, | |
331 | ...) { | |
332 | ||
333 | va_list ap; | |
334 | int r; | |
335 | ||
336 | assert(rfd >= 0 || rfd == AT_FDCWD); | |
337 | ||
338 | va_start(ap, extension); | |
339 | r = parse_extension_release_atv(rfd, image_class, extension, relax_extension_release_check, ap); | |
340 | va_end(ap); | |
341 | return r; | |
342 | } | |
343 | ||
344 | int parse_extension_release_sentinel( | |
345 | const char *root, | |
346 | ImageClass image_class, | |
347 | bool relax_extension_release_check, | |
348 | const char *extension, | |
349 | ...) { | |
350 | ||
351 | _cleanup_close_ int rfd = -EBADF; | |
352 | va_list ap; | |
353 | int r; | |
354 | ||
355 | rfd = open(empty_to_root(root), O_CLOEXEC | O_DIRECTORY | O_PATH); | |
356 | if (rfd < 0) | |
357 | return -errno; | |
358 | ||
6ddd0511 | 359 | va_start(ap, extension); |
538d878d | 360 | r = parse_extension_release_atv(rfd, image_class, extension, relax_extension_release_check, ap); |
d58ad743 | 361 | va_end(ap); |
d58ad743 LP |
362 | return r; |
363 | } | |
364 | ||
e1bb4b0d LB |
365 | int load_os_release_pairs_with_prefix(const char *root, const char *prefix, char ***ret) { |
366 | _cleanup_strv_free_ char **os_release_pairs = NULL, **os_release_pairs_prefixed = NULL; | |
e1bb4b0d LB |
367 | int r; |
368 | ||
369 | r = load_os_release_pairs(root, &os_release_pairs); | |
370 | if (r < 0) | |
371 | return r; | |
372 | ||
373 | STRV_FOREACH_PAIR(p, q, os_release_pairs) { | |
374 | char *line; | |
375 | ||
2094cd49 | 376 | /* We strictly return only the four main ID fields and ignore the rest */ |
e1bb4b0d LB |
377 | if (!STR_IN_SET(*p, "ID", "VERSION_ID", "BUILD_ID", "VARIANT_ID")) |
378 | continue; | |
379 | ||
380 | ascii_strlower(*p); | |
381 | line = strjoin(prefix, *p, "=", *q); | |
382 | if (!line) | |
383 | return -ENOMEM; | |
384 | r = strv_consume(&os_release_pairs_prefixed, line); | |
385 | if (r < 0) | |
386 | return r; | |
387 | } | |
388 | ||
389 | *ret = TAKE_PTR(os_release_pairs_prefixed); | |
390 | ||
391 | return 0; | |
392 | } | |
eb590035 | 393 | |
b60e0f57 | 394 | int load_extension_release_pairs(const char *root, ImageClass image_class, const char *extension, bool relax_extension_release_check, char ***ret) { |
53cbf5f9 | 395 | _cleanup_close_ int fd = -EBADF; |
eb590035 LB |
396 | _cleanup_free_ char *p = NULL; |
397 | int r; | |
398 | ||
53cbf5f9 | 399 | r = open_extension_release(root, image_class, extension, relax_extension_release_check, &p, &fd); |
eb590035 LB |
400 | if (r < 0) |
401 | return r; | |
402 | ||
53cbf5f9 | 403 | return load_env_file_pairs_fd(fd, p, ret); |
eb590035 | 404 | } |
4bd03515 | 405 | |
6bfe9b3b | 406 | int os_release_support_ended(const char *support_end, bool quiet, usec_t *ret_eol) { |
4bd03515 ZJS |
407 | _cleanup_free_ char *_support_end_alloc = NULL; |
408 | int r; | |
409 | ||
410 | if (!support_end) { | |
411 | /* If the caller has the variably handy, they can pass it in. If not, we'll read it | |
412 | * ourselves. */ | |
413 | ||
414 | r = parse_os_release(NULL, | |
415 | "SUPPORT_END", &_support_end_alloc); | |
469af08f LP |
416 | if (r < 0 && r != -ENOENT) |
417 | return log_full_errno(quiet ? LOG_DEBUG : LOG_WARNING, r, | |
4bd03515 | 418 | "Failed to read os-release file, ignoring: %m"); |
4bd03515 ZJS |
419 | |
420 | support_end = _support_end_alloc; | |
421 | } | |
422 | ||
a9bd4b4e LP |
423 | if (isempty(support_end)) /* An empty string is a explicit way to say "no EOL exists" */ |
424 | return false; /* no end date defined */ | |
4bd03515 | 425 | |
a9bd4b4e | 426 | struct tm tm = {}; |
4bd03515 ZJS |
427 | const char *k = strptime(support_end, "%Y-%m-%d", &tm); |
428 | if (!k || *k) | |
429 | return log_full_errno(quiet ? LOG_DEBUG : LOG_WARNING, SYNTHETIC_ERRNO(EINVAL), | |
430 | "Failed to parse SUPPORT_END= in os-release file, ignoring: %m"); | |
431 | ||
856ad0fd | 432 | time_t eol = timegm(&tm); |
4bd03515 ZJS |
433 | if (eol == (time_t) -1) |
434 | return log_full_errno(quiet ? LOG_DEBUG : LOG_WARNING, SYNTHETIC_ERRNO(EINVAL), | |
435 | "Failed to convert SUPPORT_END= in os-release file, ignoring: %m"); | |
436 | ||
6bfe9b3b LP |
437 | if (ret_eol) |
438 | *ret_eol = eol * USEC_PER_SEC; | |
439 | ||
440 | return DIV_ROUND_UP(now(CLOCK_REALTIME), USEC_PER_SEC) > (usec_t) eol; | |
4bd03515 | 441 | } |
02b7005e LP |
442 | |
443 | const char *os_release_pretty_name(const char *pretty_name, const char *name) { | |
444 | /* Distills a "pretty" name to show from os-release data. First argument is supposed to be the | |
445 | * PRETTY_NAME= field, the second one the NAME= field. This function is trivial, of course, and | |
446 | * exists mostly to ensure we use the same logic wherever possible. */ | |
447 | ||
448 | return empty_to_null(pretty_name) ?: | |
449 | empty_to_null(name) ?: "Linux"; | |
450 | } |