]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/dissect/dissect.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #26410 from DaanDeMeyer/xattr-symlink
[thirdparty/systemd.git] / src / dissect / dissect.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
a2ea3b2f
LP		 2
3#include <fcntl.h>
a2ea3b2f 4#include <getopt.h>
e08f94ac
LP		 5#include <linux/loop.h>
6#include <stdio.h>
19df770f 7#include <sys/file.h>
16b74592
LP		 8#include <sys/ioctl.h>
9#include <sys/mount.h>
a2ea3b2f 10
ac1f1adf
DDM		 11#include "sd-device.h"
12
a2ea3b2f 13#include "architecture.h"
ac1f1adf 14#include "blockdev-util.h"
d6b4d1c7 15#include "build.h"
f4351959 16#include "chase-symlinks.h"
33973b84 17#include "copy.h"
ca822829
YW		 18#include "device-util.h"
19#include "devnum-util.h"
0305cf6e 20#include "discover-image.h"
a2ea3b2f 21#include "dissect-image.h"
994c9c70 22#include "env-util.h"
db02190e 23#include "escape.h"
33973b84 24#include "fd-util.h"
89e62e0b 25#include "fileio.h"
89d00f2e 26#include "format-table.h"
16b74592 27#include "format-util.h"
33973b84 28#include "fs-util.h"
4623e8e6 29#include "hexdecoct.h"
a2ea3b2f
LP		 30#include "log.h"
31#include "loop-util.h"
149afb45 32#include "main-func.h"
33973b84
LP		 33#include "mkdir.h"
34#include "mount-util.h"
ac1f1adf 35#include "mountpoint-util.h"
33973b84 36#include "namespace-util.h"
614b022c 37#include "parse-argument.h"
e475f729 38#include "parse-util.h"
e7cbe5cb 39#include "path-util.h"
5c05f062 40#include "pretty-print.h"
06186c4c 41#include "process-util.h"
0cf16924 42#include "recurse-dir.h"
db02190e 43#include "sha256.h"
33973b84 44#include "stat-util.h"
a2ea3b2f 45#include "string-util.h"
a1edd22e 46#include "strv.h"
5c05f062 47#include "terminal-util.h"
33973b84 48#include "tmpfile-util.h"
2d3a5a73 49#include "user-util.h"
a2ea3b2f
LP		 50
51static enum {
52 ACTION_DISSECT,
53 ACTION_MOUNT,
ac1f1adf 54 ACTION_UMOUNT,
0cf16924 55 ACTION_LIST,
db02190e 56 ACTION_MTREE,
06186c4c 57 ACTION_WITH,
33973b84
LP		 58 ACTION_COPY_FROM,
59 ACTION_COPY_TO,
0305cf6e 60 ACTION_DISCOVER,
a2ea3b2f
LP		 61} arg_action = ACTION_DISSECT;
62static const char *arg_image = NULL;
63static const char *arg_path = NULL;
33973b84
LP		 64static const char *arg_source = NULL;
65static const char *arg_target = NULL;
4b5de5dd
LP		 66static DissectImageFlags arg_flags =
67 DISSECT_IMAGE_GENERIC_ROOT |
4b5de5dd
LP		 68 DISSECT_IMAGE_DISCARD_ON_LOOP |
69 DISSECT_IMAGE_RELAX_VAR_CHECK |
70 DISSECT_IMAGE_FSCK |
74a54bae 71 DISSECT_IMAGE_USR_NO_ROOT |
73d88b80
LP		 72 DISSECT_IMAGE_GROWFS |
73 DISSECT_IMAGE_PIN_PARTITION_DEVICES |
74 DISSECT_IMAGE_ADD_PARTITION_DEVICES;
aee36b4e 75static VeritySettings arg_verity_settings = VERITY_SETTINGS_DEFAULT;
6a01ea4a 76static JsonFormatFlags arg_json_format_flags = JSON_FORMAT_OFF;
17547fb5
LP		 77static PagerFlags arg_pager_flags = 0;
78static bool arg_legend = true;
ac1f1adf 79static bool arg_rmdir = false;
6c07d570 80static bool arg_in_memory = false;
06186c4c 81static char **arg_argv = NULL;
a2ea3b2f 82
89e62e0b 83STATIC_DESTRUCTOR_REGISTER(arg_verity_settings, verity_settings_done);
06186c4c 84STATIC_DESTRUCTOR_REGISTER(arg_argv, strv_freep);
149afb45 85
5c05f062
LP		 86static int help(void) {
87 _cleanup_free_ char *link = NULL;
88 int r;
89
90 r = terminal_urlify_man("systemd-dissect", "1", &link);
91 if (r < 0)
92 return log_oom();
93
94 printf("%1$s [OPTIONS...] IMAGE\n"
33973b84 95 "%1$s [OPTIONS...] --mount IMAGE PATH\n"
1b967529 96 "%1$s [OPTIONS...] --umount PATH\n"
0cf16924 97 "%1$s [OPTIONS...] --list IMAGE\n"
db02190e 98 "%1$s [OPTIONS...] --mtree IMAGE\n"
06186c4c 99 "%1$s [OPTIONS...] --with IMAGE [COMMAND…]\n"
33973b84
LP		 100 "%1$s [OPTIONS...] --copy-from IMAGE PATH [TARGET]\n"
101 "%1$s [OPTIONS...] --copy-to IMAGE [SOURCE] PATH\n\n"
a94a199c 102 "%5$sDissect a Discoverable Disk Image (DDI).%6$s\n\n"
5c05f062 103 "%3$sOptions:%4$s\n"
17547fb5
LP		 104 " --no-pager Do not pipe output into a pager\n"
105 " --no-legend Do not show the headers and footers\n"
e7cbe5cb
LB		 106 " -r --read-only Mount read-only\n"
107 " --fsck=BOOL Run fsck before mounting\n"
74a54bae 108 " --growfs=BOOL Grow file system to partition size, if marked\n"
5c05f062 109 " --mkdir Make mount directory before mounting, if missing\n"
ac1f1adf 110 " --rmdir Remove mount directory after unmounting\n"
e7cbe5cb 111 " --discard=MODE Choose 'discard' mode (disabled, loop, all, crypto)\n"
6c07d570 112 " --in-memory Copy image into memory\n"
e7cbe5cb 113 " --root-hash=HASH Specify root hash for verity\n"
c2923fdc
LB		 114 " --root-hash-sig=SIG Specify pkcs7 signature of root hash for verity\n"
115 " as a DER encoded PKCS7, either as a path to a file\n"
116 " or as an ASCII base64 encoded string prefixed by\n"
117 " 'base64:'\n"
e7cbe5cb 118 " --verity-data=PATH Specify data file with hash tree for verity if it is\n"
5c05f062 119 " not embedded in IMAGE\n"
de8231b0
LP		 120 " --json=pretty|short|off\n"
121 " Generate JSON output\n"
5c05f062
LP		 122 "\n%3$sCommands:%4$s\n"
123 " -h --help Show this help\n"
124 " --version Show package version\n"
125 " -m --mount Mount the image to the specified directory\n"
126 " -M Shortcut for --mount --mkdir\n"
ac1f1adf
DDM		 127 " -u --umount Unmount the image from the specified directory\n"
128 " -U Shortcut for --umount --rmdir\n"
0cf16924
AAF		 129 " -l --list List all the files and directories of the specified\n"
130 " OS image\n"
db02190e 131 " --mtree Show BSD mtree manifest of OS image\n"
06186c4c 132 " --with Mount, run command, unmount\n"
33973b84
LP		 133 " -x --copy-from Copy files from image to host\n"
134 " -a --copy-to Copy files from host to image\n"
0305cf6e 135 " --discover Discover DDIs in well known directories\n"
bc556335
DDM		 136 "\nSee the %2$s for details.\n",
137 program_invocation_short_name,
138 link,
139 ansi_underline(),
140 ansi_normal(),
141 ansi_highlight(),
142 ansi_normal());
5c05f062
LP		 143
144 return 0;
a2ea3b2f
LP		 145}
146
06186c4c
LP		 147static int patch_argv(int *argc, char ***argv, char ***buf) {
148 _cleanup_free_ char **l = NULL;
149 char **e;
150
151 assert(argc);
152 assert(*argc >= 0);
153 assert(argv);
154 assert(*argv);
155 assert(buf);
156
157 /* Ugly hack: if --with is included in command line, also insert "--" immediately after it, to make
158 * getopt_long() stop processing switches */
159
160 for (e = *argv + 1; e < *argv + *argc; e++) {
161 assert(*e);
162
163 if (streq(*e, "--with"))
164 break;
165 }
166
167 if (e >= *argv + *argc || streq_ptr(e[1], "--")) {
168 /* No --with used? Or already followed by "--"? Then don't do anything */
169 *buf = NULL;
170 return 0;
171 }
172
173 /* Insert the extra "--" right after the --with */
174 l = new(char*, *argc + 2);
175 if (!l)
176 return log_oom();
177
178 size_t idx = e - *argv + 1;
179 memcpy(l, *argv, sizeof(char*) * idx); /* copy everything up to and including the --with */
180 l[idx] = (char*) "--"; /* insert "--" */
181 memcpy(l + idx + 1, e + 1, sizeof(char*) * (*argc - idx + 1)); /* copy the rest, including trailing NULL entry */
182
183 (*argc)++;
184 (*argv) = l;
185
186 *buf = TAKE_PTR(l);
187 return 1;
188}
189
a2ea3b2f
LP		 190static int parse_argv(int argc, char *argv[]) {
191
192 enum {
193 ARG_VERSION = 0x100,
17547fb5
LP		 194 ARG_NO_PAGER,
195 ARG_NO_LEGEND,
06186c4c 196 ARG_WITH,
18b5886e 197 ARG_DISCARD,
e475f729 198 ARG_FSCK,
74a54bae 199 ARG_GROWFS,
89e62e0b 200 ARG_ROOT_HASH,
c2923fdc 201 ARG_ROOT_HASH_SIG,
89e62e0b 202 ARG_VERITY_DATA,
5c05f062 203 ARG_MKDIR,
ac1f1adf 204 ARG_RMDIR,
6c07d570 205 ARG_IN_MEMORY,
de8231b0 206 ARG_JSON,
db02190e 207 ARG_MTREE,
0305cf6e 208 ARG_DISCOVER,
a2ea3b2f
LP		 209 };
210
211 static const struct option options[] = {
c2923fdc
LB		 212 { "help", no_argument, NULL, 'h' },
213 { "version", no_argument, NULL, ARG_VERSION },
17547fb5
LP		 214 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
215 { "no-legend", no_argument, NULL, ARG_NO_LEGEND },
c2923fdc 216 { "mount", no_argument, NULL, 'm' },
ac1f1adf 217 { "umount", no_argument, NULL, 'u' },
06186c4c 218 { "with", no_argument, NULL, ARG_WITH },
c2923fdc
LB		 219 { "read-only", no_argument, NULL, 'r' },
220 { "discard", required_argument, NULL, ARG_DISCARD },
c2923fdc 221 { "fsck", required_argument, NULL, ARG_FSCK },
74a54bae 222 { "growfs", required_argument, NULL, ARG_GROWFS },
89e62e0b 223 { "root-hash", required_argument, NULL, ARG_ROOT_HASH },
c2923fdc 224 { "root-hash-sig", required_argument, NULL, ARG_ROOT_HASH_SIG },
89e62e0b 225 { "verity-data", required_argument, NULL, ARG_VERITY_DATA },
5c05f062 226 { "mkdir", no_argument, NULL, ARG_MKDIR },
ac1f1adf 227 { "rmdir", no_argument, NULL, ARG_RMDIR },
6c07d570 228 { "in-memory", no_argument, NULL, ARG_IN_MEMORY },
0cf16924 229 { "list", no_argument, NULL, 'l' },
db02190e 230 { "mtree", no_argument, NULL, ARG_MTREE },
33973b84
LP		 231 { "copy-from", no_argument, NULL, 'x' },
232 { "copy-to", no_argument, NULL, 'a' },
de8231b0 233 { "json", required_argument, NULL, ARG_JSON },
0305cf6e 234 { "discover", no_argument, NULL, ARG_DISCOVER },
a2ea3b2f
LP		 235 {}
236 };
237
06186c4c 238 _cleanup_free_ char **buf = NULL; /* we use free(), not strv_free() here, as we don't copy the strings here */
4623e8e6 239 int c, r;
a2ea3b2f
LP		 240
241 assert(argc >= 0);
242 assert(argv);
243
06186c4c
LP		 244 r = patch_argv(&argc, &argv, &buf);
245 if (r < 0)
246 return r;
247
0cf16924 248 while ((c = getopt_long(argc, argv, "hmurMUlxa", options, NULL)) >= 0) {
a2ea3b2f
LP		 249
250 switch (c) {
251
252 case 'h':
5c05f062 253 return help();
a2ea3b2f
LP		 254
255 case ARG_VERSION:
256 return version();
257
17547fb5
LP		 258 case ARG_NO_PAGER:
259 arg_pager_flags |= PAGER_DISABLE;
260 break;
261
262 case ARG_NO_LEGEND:
263 arg_legend = false;
264 break;
265
a2ea3b2f
LP		 266 case 'm':
267 arg_action = ACTION_MOUNT;
268 break;
269
5c05f062
LP		 270 case ARG_MKDIR:
271 arg_flags |= DISSECT_IMAGE_MKDIR;
272 break;
273
274 case 'M':
275 /* Shortcut combination of the above two */
276 arg_action = ACTION_MOUNT;
277 arg_flags |= DISSECT_IMAGE_MKDIR;
278 break;
279
ac1f1adf
DDM		 280 case 'u':
281 arg_action = ACTION_UMOUNT;
282 break;
283
284 case ARG_RMDIR:
285 arg_rmdir = true;
286 break;
287
288 case 'U':
289 /* Shortcut combination of the above two */
290 arg_action = ACTION_UMOUNT;
291 arg_rmdir = true;
292 break;
293
0cf16924
AAF		 294 case 'l':
295 arg_action = ACTION_LIST;
296 arg_flags |= DISSECT_IMAGE_READ_ONLY;
297 break;
298
db02190e
LP		 299 case ARG_MTREE:
300 arg_action = ACTION_MTREE;
301 arg_flags |= DISSECT_IMAGE_READ_ONLY;
302 break;
303
06186c4c
LP		 304 case ARG_WITH:
305 arg_action = ACTION_WITH;
306 break;
307
33973b84
LP		 308 case 'x':
309 arg_action = ACTION_COPY_FROM;
310 arg_flags |= DISSECT_IMAGE_READ_ONLY;
311 break;
312
313 case 'a':
314 arg_action = ACTION_COPY_TO;
315 break;
316
a2ea3b2f 317 case 'r':
18b5886e
LP		 318 arg_flags |= DISSECT_IMAGE_READ_ONLY;
319 break;
320
971e2ef0
ZJS		 321 case ARG_DISCARD: {
322 DissectImageFlags flags;
323
18b5886e 324 if (streq(optarg, "disabled"))
971e2ef0 325 flags = 0;
18b5886e 326 else if (streq(optarg, "loop"))
971e2ef0 327 flags = DISSECT_IMAGE_DISCARD_ON_LOOP;
18b5886e 328 else if (streq(optarg, "all"))
971e2ef0 329 flags = DISSECT_IMAGE_DISCARD_ON_LOOP | DISSECT_IMAGE_DISCARD;
18b5886e 330 else if (streq(optarg, "crypt"))
971e2ef0 331 flags = DISSECT_IMAGE_DISCARD_ANY;
140788f7
LP		 332 else if (streq(optarg, "list")) {
333 puts("disabled\n"
334 "all\n"
335 "crypt\n"
336 "loop");
337 return 0;
338 } else
baaa35ad
ZJS		 339 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
340 "Unknown --discard= parameter: %s",
341 optarg);
971e2ef0 342 arg_flags = (arg_flags & ~DISSECT_IMAGE_DISCARD_ANY) | flags;
18b5886e 343
a2ea3b2f 344 break;
971e2ef0 345 }
a2ea3b2f 346
6c07d570
LP		 347 case ARG_IN_MEMORY:
348 arg_in_memory = true;
349 break;
350
4623e8e6 351 case ARG_ROOT_HASH: {
89e62e0b 352 _cleanup_free_ void *p = NULL;
4623e8e6
LP		 353 size_t l;
354
355 r = unhexmem(optarg, strlen(optarg), &p, &l);
356 if (r < 0)
63cf2d75 357 return log_error_errno(r, "Failed to parse root hash '%s': %m", optarg);
89e62e0b
LP		 358 if (l < sizeof(sd_id128_t))
359 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
360 "Root hash must be at least 128bit long: %s", optarg);
4623e8e6 361
89e62e0b
LP		 362 free_and_replace(arg_verity_settings.root_hash, p);
363 arg_verity_settings.root_hash_size = l;
4623e8e6
LP		 364 break;
365 }
366
c2923fdc
LB		 367 case ARG_ROOT_HASH_SIG: {
368 char *value;
89e62e0b
LP		 369 size_t l;
370 void *p;
c2923fdc
LB		 371
372 if ((value = startswith(optarg, "base64:"))) {
c2923fdc
LB		 373 r = unbase64mem(value, strlen(value), &p, &l);
374 if (r < 0)
375 return log_error_errno(r, "Failed to parse root hash signature '%s': %m", optarg);
c2923fdc 376 } else {
89e62e0b 377 r = read_full_file(optarg, (char**) &p, &l);
c2923fdc 378 if (r < 0)
89e62e0b 379 return log_error_errno(r, "Failed to read root hash signature file '%s': %m", optarg);
c2923fdc
LB		 380 }
381
89e62e0b
LP		 382 free_and_replace(arg_verity_settings.root_hash_sig, p);
383 arg_verity_settings.root_hash_sig_size = l;
c2923fdc
LB		 384 break;
385 }
386
89e62e0b 387 case ARG_VERITY_DATA:
614b022c 388 r = parse_path_argument(optarg, false, &arg_verity_settings.data_path);
89e62e0b
LP		 389 if (r < 0)
390 return r;
391 break;
392
e475f729
LP		 393 case ARG_FSCK:
394 r = parse_boolean(optarg);
395 if (r < 0)
396 return log_error_errno(r, "Failed to parse --fsck= parameter: %s", optarg);
397
398 SET_FLAG(arg_flags, DISSECT_IMAGE_FSCK, r);
399 break;
400
74a54bae
LP		 401 case ARG_GROWFS:
402 r = parse_boolean(optarg);
403 if (r < 0)
404 return log_error_errno(r, "Failed to parse --growfs= parameter: %s", optarg);
405
406 SET_FLAG(arg_flags, DISSECT_IMAGE_GROWFS, r);
407 break;
408
de8231b0 409 case ARG_JSON:
b1e8f46c 410 r = parse_json_argument(optarg, &arg_json_format_flags);
6a01ea4a
LP		 411 if (r <= 0)
412 return r;
de8231b0
LP		 413
414 break;
415
0305cf6e
LP		 416 case ARG_DISCOVER:
417 arg_action = ACTION_DISCOVER;
418 break;
419
a2ea3b2f
LP		 420 case '?':
421 return -EINVAL;
422
423 default:
04499a70 424 assert_not_reached();
a2ea3b2f 425 }
a2ea3b2f
LP		 426 }
427
428 switch (arg_action) {
429
430 case ACTION_DISSECT:
baaa35ad
ZJS		 431 if (optind + 1 != argc)
432 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
33973b84 433 "Expected an image file path as only argument.");
a2ea3b2f
LP		 434
435 arg_image = argv[optind];
18b5886e 436 arg_flags |= DISSECT_IMAGE_READ_ONLY;
a2ea3b2f
LP		 437 break;
438
439 case ACTION_MOUNT:
baaa35ad
ZJS		 440 if (optind + 2 != argc)
441 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
33973b84 442 "Expected an image file path and mount point path as only arguments.");
a2ea3b2f
LP		 443
444 arg_image = argv[optind];
445 arg_path = argv[optind + 1];
166ff731 446 arg_flags |= DISSECT_IMAGE_REQUIRE_ROOT;
a2ea3b2f
LP		 447 break;
448
ac1f1adf
DDM		 449 case ACTION_UMOUNT:
450 if (optind + 1 != argc)
451 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
452 "Expected a mount point path as only argument.");
453
454 arg_path = argv[optind];
455 break;
456
0cf16924 457 case ACTION_LIST:
db02190e 458 case ACTION_MTREE:
0cf16924
AAF		 459 if (optind + 1 != argc)
460 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
461 "Expected an image file path as only argument.");
462
463 arg_image = argv[optind];
464 arg_flags |= DISSECT_IMAGE_READ_ONLY | DISSECT_IMAGE_REQUIRE_ROOT;
465 break;
466
33973b84
LP		 467 case ACTION_COPY_FROM:
468 if (argc < optind + 2 || argc > optind + 3)
469 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
470 "Expected an image file path, a source path and an optional destination path as only arguments.");
471
472 arg_image = argv[optind];
473 arg_source = argv[optind + 1];
474 arg_target = argc > optind + 2 ? argv[optind + 2] : "-" /* this means stdout */ ;
475
166ff731 476 arg_flags |= DISSECT_IMAGE_READ_ONLY | DISSECT_IMAGE_REQUIRE_ROOT;
33973b84
LP		 477 break;
478
479 case ACTION_COPY_TO:
480 if (argc < optind + 2 || argc > optind + 3)
481 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
482 "Expected an image file path, an optional source path and a destination path as only arguments.");
483
484 arg_image = argv[optind];
485
486 if (argc > optind + 2) {
487 arg_source = argv[optind + 1];
488 arg_target = argv[optind + 2];
489 } else {
490 arg_source = "-"; /* this means stdin */
491 arg_target = argv[optind + 1];
492 }
493
166ff731 494 arg_flags |= DISSECT_IMAGE_REQUIRE_ROOT;
33973b84
LP		 495 break;
496
06186c4c
LP		 497 case ACTION_WITH:
498 if (optind >= argc)
499 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
500 "Expected an image file path and an optional command line.");
501
502 arg_image = argv[optind];
503 if (argc > optind + 1) {
504 arg_argv = strv_copy(argv + optind + 1);
505 if (!arg_argv)
506 return log_oom();
507 }
508
509 break;
510
0305cf6e
LP		 511 case ACTION_DISCOVER:
512 if (optind != argc)
513 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
514 "Expected no argument.");
515
516 break;
517
a2ea3b2f 518 default:
04499a70 519 assert_not_reached();
a2ea3b2f
LP		 520 }
521
522 return 1;
523}
524
de8231b0
LP		 525static int strv_pair_to_json(char **l, JsonVariant **ret) {
526 _cleanup_strv_free_ char **jl = NULL;
de8231b0
LP		 527
528 STRV_FOREACH_PAIR(a, b, l) {
529 char *j;
530
531 j = strjoin(*a, "=", *b);
532 if (!j)
533 return log_oom();
534
535 if (strv_consume(&jl, j) < 0)
536 return log_oom();
537 }
538
539 return json_variant_new_array_strv(ret, jl);
540}
541
8570b98b 542static void strv_pair_print(char **l, const char *prefix) {
8570b98b
LP		 543 assert(prefix);
544
7f5b2615 545 STRV_FOREACH_PAIR(p, q, l)
8570b98b
LP		 546 if (p == l)
547 printf("%s %s=%s\n", prefix, *p, *q);
548 else
549 printf("%*s %s=%s\n", (int) strlen(prefix), "", *p, *q);
8570b98b
LP		 550}
551
994c9c70
LP		 552static int get_sysext_scopes(DissectedImage *m, char ***ret_scopes) {
553 _cleanup_strv_free_ char **l = NULL;
554 const char *e;
555
556 assert(m);
557 assert(ret_scopes);
558
559 /* If there's no extension-release file its not a system extension. Otherwise the SYSEXT_SCOPE field
560 * indicates which scope it is for — and it defaults to "system" + "portable" if unset. */
561
562 if (!m->extension_release) {
563 *ret_scopes = NULL;
564 return 0;
565 }
566
567 e = strv_env_pairs_get(m->extension_release, "SYSEXT_SCOPE");
568 if (e)
569 l = strv_split(e, WHITESPACE);
570 else
571 l = strv_new("system", "portable");
572 if (!l)
573 return -ENOMEM;
574
575 *ret_scopes = TAKE_PTR(l);
576 return 1;
577}
578
37e44c3f 579static int action_dissect(DissectedImage *m, LoopDevice *d) {
de8231b0 580 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
37e44c3f 581 _cleanup_(table_unrefp) Table *t = NULL;
cfb623b6 582 _cleanup_free_ char *bn = NULL;
de8231b0 583 uint64_t size = UINT64_MAX;
a2ea3b2f
LP		 584 int r;
585
37e44c3f
LP		 586 assert(m);
587 assert(d);
a2ea3b2f 588
cfb623b6
LP		 589 r = path_extract_filename(arg_image, &bn);
590 if (r < 0)
591 return log_error_errno(r, "Failed to extract file name from image path '%s': %m", arg_image);
592
17547fb5 593 if (arg_json_format_flags & (JSON_FORMAT_OFF|JSON_FORMAT_PRETTY|JSON_FORMAT_PRETTY_AUTO))
384c2c32 594 pager_open(arg_pager_flags);
17547fb5 595
6a01ea4a 596 if (arg_json_format_flags & JSON_FORMAT_OFF)
5db8b0bc 597 printf(" Name: %s%s%s\n", ansi_highlight(), bn, ansi_normal());
a2ea3b2f 598
37e44c3f
LP		 599 if (ioctl(d->fd, BLKGETSIZE64, &size) < 0)
600 log_debug_errno(errno, "Failed to query size of loopback device: %m");
2b59bf51
ZJS		 601 else if (arg_json_format_flags & JSON_FORMAT_OFF)
602 printf(" Size: %s\n", FORMAT_BYTES(size));
a2ea3b2f 603
1d93c003
LP		 604 printf(" Sec. Size: %" PRIu32 "\n", m->sector_size);
605
6a01ea4a 606 if (arg_json_format_flags & JSON_FORMAT_OFF)
de8231b0 607 putc('\n', stdout);
af8219d5 608
1d93c003
LP		 609 fflush(stdout);
610
22847508 611 r = dissected_image_acquire_metadata(m, 0);
af8219d5
LP		 612 if (r == -ENXIO)
613 return log_error_errno(r, "No root partition discovered.");
af8219d5
LP		 614 if (r == -EUCLEAN)
615 return log_error_errno(r, "File system check of image failed.");
4f309abb
LP		 616 if (r == -EMEDIUMTYPE)
617 log_warning_errno(r, "Not a valid OS image, no os-release file included. Proceeding anyway.");
618 else if (r == -EUNATCH)
af8219d5
LP		 619 log_warning_errno(r, "OS image is encrypted, proceeding without showing OS image metadata.");
620 else if (r == -EBUSY)
621 log_warning_errno(r, "OS image is currently in use, proceeding without showing OS image metadata.");
622 else if (r < 0)
623 return log_error_errno(r, "Failed to acquire image metadata: %m");
6a01ea4a 624 else if (arg_json_format_flags & JSON_FORMAT_OFF) {
994c9c70
LP		 625 _cleanup_strv_free_ char **sysext_scopes = NULL;
626
b387778c
LP		 627 if (!sd_id128_is_null(m->image_uuid))
628 printf("Image UUID: %s\n", SD_ID128_TO_UUID_STRING(m->image_uuid));
629
af8219d5
LP		 630 if (m->hostname)
631 printf(" Hostname: %s\n", m->hostname);
a2ea3b2f 632
af8219d5
LP		 633 if (!sd_id128_is_null(m->machine_id))
634 printf("Machine ID: " SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(m->machine_id));
a1edd22e 635
8570b98b
LP		 636 strv_pair_print(m->machine_info,
637 "Mach. Info:");
638 strv_pair_print(m->os_release,
639 "OS Release:");
fab22946
LP		 640 strv_pair_print(m->initrd_release,
641 "initrd R.:");
8570b98b
LP		 642 strv_pair_print(m->extension_release,
643 " Ext. Rel.:");
7718ac97 644
4f309abb
LP		 645 if (m->hostname ||
646 !sd_id128_is_null(m->machine_id) ||
647 !strv_isempty(m->machine_info) ||
8570b98b 648 !strv_isempty(m->os_release) ||
fab22946 649 !strv_isempty(m->initrd_release) ||
8570b98b 650 !strv_isempty(m->extension_release))
4f309abb 651 putc('\n', stdout);
994c9c70
LP		 652
653 printf(" Use As: %s bootable system for UEFI\n", COLOR_MARK_BOOL(m->partitions[PARTITION_ESP].found));
654
655 if (m->has_init_system >= 0)
656 printf(" %s bootable system for container\n", COLOR_MARK_BOOL(m->has_init_system));
657
658 printf(" %s portable service\n",
659 COLOR_MARK_BOOL(strv_env_pairs_get(m->os_release, "PORTABLE_PREFIXES")));
fab22946
LP		 660 printf(" %s initrd\n",
661 COLOR_MARK_BOOL(!strv_isempty(m->initrd_release)));
994c9c70
LP		 662
663 r = get_sysext_scopes(m, &sysext_scopes);
664 if (r < 0)
665 return log_error_errno(r, "Failed to parse SYSEXT_SCOPE: %m");
666
667 printf(" %s extension for system\n",
668 COLOR_MARK_BOOL(strv_contains(sysext_scopes, "system")));
669 printf(" %s extension for initrd\n",
670 COLOR_MARK_BOOL(strv_contains(sysext_scopes, "initrd")));
671 printf(" %s extension for portable service\n",
672 COLOR_MARK_BOOL(strv_contains(sysext_scopes, "portable")));
673
674 putc('\n', stdout);
4f309abb 675 } else {
fab22946 676 _cleanup_(json_variant_unrefp) JsonVariant *mi = NULL, *osr = NULL, *irdr = NULL, *exr = NULL;
994c9c70 677 _cleanup_strv_free_ char **sysext_scopes = NULL;
de8231b0
LP		 678
679 if (!strv_isempty(m->machine_info)) {
680 r = strv_pair_to_json(m->machine_info, &mi);
681 if (r < 0)
682 return log_oom();
683 }
684
685 if (!strv_isempty(m->os_release)) {
686 r = strv_pair_to_json(m->os_release, &osr);
687 if (r < 0)
688 return log_oom();
689 }
690
fab22946
LP		 691 if (!strv_isempty(m->initrd_release)) {
692 r = strv_pair_to_json(m->initrd_release, &irdr);
693 if (r < 0)
694 return log_oom();
695 }
696
7718ac97
LB		 697 if (!strv_isempty(m->extension_release)) {
698 r = strv_pair_to_json(m->extension_release, &exr);
699 if (r < 0)
700 return log_oom();
701 }
702
994c9c70
LP		 703 r = get_sysext_scopes(m, &sysext_scopes);
704 if (r < 0)
705 return log_error_errno(r, "Failed to parse SYSEXT_SCOPE: %m");
706
de8231b0 707 r = json_build(&v, JSON_BUILD_OBJECT(
cfb623b6 708 JSON_BUILD_PAIR("name", JSON_BUILD_STRING(bn)),
b387778c 709 JSON_BUILD_PAIR_CONDITION(!sd_id128_is_null(m->image_uuid), "imageUuid", JSON_BUILD_UUID(m->image_uuid)),
de8231b0 710 JSON_BUILD_PAIR("size", JSON_BUILD_INTEGER(size)),
1d93c003 711 JSON_BUILD_PAIR("sectorSize", JSON_BUILD_INTEGER(m->sector_size)),
de8231b0
LP		 712 JSON_BUILD_PAIR_CONDITION(m->hostname, "hostname", JSON_BUILD_STRING(m->hostname)),
713 JSON_BUILD_PAIR_CONDITION(!sd_id128_is_null(m->machine_id), "machineId", JSON_BUILD_ID128(m->machine_id)),
714 JSON_BUILD_PAIR_CONDITION(mi, "machineInfo", JSON_BUILD_VARIANT(mi)),
7718ac97 715 JSON_BUILD_PAIR_CONDITION(osr, "osRelease", JSON_BUILD_VARIANT(osr)),
fab22946 716 JSON_BUILD_PAIR_CONDITION(osr, "initrdRelease", JSON_BUILD_VARIANT(irdr)),
994c9c70
LP		 717 JSON_BUILD_PAIR_CONDITION(exr, "extensionRelease", JSON_BUILD_VARIANT(exr)),
718 JSON_BUILD_PAIR("useBootableUefi", JSON_BUILD_BOOLEAN(m->partitions[PARTITION_ESP].found)),
719 JSON_BUILD_PAIR_CONDITION(m->has_init_system >= 0, "useBootableContainer", JSON_BUILD_BOOLEAN(m->has_init_system)),
fab22946 720 JSON_BUILD_PAIR("useInitrd", JSON_BUILD_BOOLEAN(!strv_isempty(m->initrd_release))),
994c9c70
LP		 721 JSON_BUILD_PAIR("usePortableService", JSON_BUILD_BOOLEAN(strv_env_pairs_get(m->os_release, "PORTABLE_MATCHES"))),
722 JSON_BUILD_PAIR("useSystemExtension", JSON_BUILD_BOOLEAN(strv_contains(sysext_scopes, "system"))),
723 JSON_BUILD_PAIR("useInitRDExtension", JSON_BUILD_BOOLEAN(strv_contains(sysext_scopes, "initrd"))),
724 JSON_BUILD_PAIR("usePortableExtension", JSON_BUILD_BOOLEAN(strv_contains(sysext_scopes, "portable")))));
de8231b0
LP		 725 if (r < 0)
726 return log_oom();
727 }
728
ee8e497d 729 t = table_new("rw", "designator", "partition uuid", "partition label", "fstype", "architecture", "verity", "growfs", "node", "partno");
37e44c3f
LP		 730 if (!t)
731 return log_oom();
a1edd22e 732
c8b62cf6 733 table_set_ersatz_string(t, TABLE_ERSATZ_DASH);
37e44c3f 734 (void) table_set_align_percent(t, table_get_cell(t, 0, 7), 100);
a2ea3b2f 735
569a0e42 736 for (PartitionDesignator i = 0; i < _PARTITION_DESIGNATOR_MAX; i++) {
37e44c3f 737 DissectedPartition *p = m->partitions + i;
89d00f2e 738
37e44c3f
LP		 739 if (!p->found)
740 continue;
89d00f2e 741
37e44c3f
LP		 742 r = table_add_many(
743 t,
744 TABLE_STRING, p->rw ? "rw" : "ro",
745 TABLE_STRING, partition_designator_to_string(i));
746 if (r < 0)
747 return table_log_add_error(r);
89d00f2e 748
37e44c3f
LP		 749 if (sd_id128_is_null(p->uuid))
750 r = table_add_cell(t, NULL, TABLE_EMPTY, NULL);
751 else
752 r = table_add_cell(t, NULL, TABLE_UUID, &p->uuid);
753 if (r < 0)
754 return table_log_add_error(r);
89d00f2e 755
37e44c3f
LP		 756 r = table_add_many(
757 t,
1474d7ac 758 TABLE_STRING, p->label,
37e44c3f
LP		 759 TABLE_STRING, p->fstype,
760 TABLE_STRING, architecture_to_string(p->architecture));
761 if (r < 0)
762 return table_log_add_error(r);
763
89e62e0b 764 if (arg_verity_settings.data_path)
37e44c3f 765 r = table_add_cell(t, NULL, TABLE_STRING, "external");
49536766 766 else if (dissected_image_verity_candidate(m, i))
8ee9615e
LP		 767 r = table_add_cell(t, NULL, TABLE_STRING,
768 dissected_image_verity_sig_ready(m, i) ? "signed" :
769 yes_no(dissected_image_verity_ready(m, i)));
37e44c3f
LP		 770 else
771 r = table_add_cell(t, NULL, TABLE_EMPTY, NULL);
772 if (r < 0)
773 return table_log_add_error(r);
89d00f2e 774
ee8e497d
LP		 775 r = table_add_many(t, TABLE_BOOLEAN, (int) p->growfs);
776 if (r < 0)
777 return table_log_add_error(r);
778
37e44c3f
LP		 779 if (p->partno < 0) /* no partition table, naked file system */ {
780 r = table_add_cell(t, NULL, TABLE_STRING, arg_image);
89d00f2e
LP		 781 if (r < 0)
782 return table_log_add_error(r);
783
37e44c3f
LP		 784 r = table_add_cell(t, NULL, TABLE_EMPTY, NULL);
785 } else {
786 r = table_add_cell(t, NULL, TABLE_STRING, p->node);
89d00f2e
LP		 787 if (r < 0)
788 return table_log_add_error(r);
789
37e44c3f
LP		 790 r = table_add_cell(t, NULL, TABLE_INT, &p->partno);
791 }
792 if (r < 0)
793 return table_log_add_error(r);
794 }
89d00f2e 795
6a01ea4a 796 if (arg_json_format_flags & JSON_FORMAT_OFF) {
17547fb5
LP		 797 (void) table_set_header(t, arg_legend);
798
799 r = table_print(t, NULL);
6a01ea4a
LP		 800 if (r < 0)
801 return table_log_print_error(r);
802 } else {
de8231b0
LP		 803 _cleanup_(json_variant_unrefp) JsonVariant *jt = NULL;
804
805 r = table_to_json(t, &jt);
806 if (r < 0)
807 return log_error_errno(r, "Failed to convert table to JSON: %m");
808
809 r = json_variant_set_field(&v, "mounts", jt);
810 if (r < 0)
811 return log_oom();
812
813 json_variant_dump(v, arg_json_format_flags, stdout, NULL);
de8231b0 814 }
89d00f2e 815
37e44c3f
LP		 816 return 0;
817}
89d00f2e 818
37e44c3f 819static int action_mount(DissectedImage *m, LoopDevice *d) {
37e44c3f 820 int r;
89d00f2e 821
37e44c3f
LP		 822 assert(m);
823 assert(d);
89d00f2e 824
37e44c3f
LP		 825 r = dissected_image_decrypt_interactively(
826 m, NULL,
89e62e0b 827 &arg_verity_settings,
e330f97a 828 arg_flags);
37e44c3f
LP		 829 if (r < 0)
830 return r;
89d00f2e 831
21b61b1d 832 r = dissected_image_mount_and_warn(m, arg_path, UID_INVALID, UID_INVALID, arg_flags);
37e44c3f 833 if (r < 0)
af187ab2 834 return r;
89d00f2e 835
41bc4849
LP		 836 r = loop_device_flock(d, LOCK_UN);
837 if (r < 0)
838 return log_error_errno(r, "Failed to unlock loopback block device: %m");
839
3044d343
YW		 840 r = dissected_image_relinquish(m);
841 if (r < 0)
842 return log_error_errno(r, "Failed to relinquish DM and loopback block devices: %m");
a2ea3b2f 843
37e44c3f
LP		 844 return 0;
845}
18b5886e 846
0cf16924
AAF		 847static int list_print_item(
848 RecurseDirEvent event,
849 const char *path,
850 int dir_fd,
851 int inode_fd,
852 const struct dirent *de,
853 const struct statx *sx,
854 void *userdata) {
855
167f2c1a 856 assert(path);
0cf16924
AAF		 857
858 if (event == RECURSE_DIR_ENTER)
bb69ec95 859 printf("%s%s/%s\n", path, ansi_grey(), ansi_normal());
0cf16924
AAF		 860 else if (event == RECURSE_DIR_ENTRY)
861 printf("%s\n", path);
862
863 return RECURSE_DIR_CONTINUE;
864}
865
db02190e 866static int get_file_sha256(int inode_fd, uint8_t ret[static SHA256_DIGEST_SIZE]) {
254d1313 867 _cleanup_close_ int fd = -EBADF;
db02190e
LP		 868 struct sha256_ctx ctx;
869
870 /* convert O_PATH fd into a regular one */
871 fd = fd_reopen(inode_fd, O_RDONLY|O_CLOEXEC);
872 if (fd < 0)
873 return fd;
874
875 /* Calculating the SHA sum might be slow, hence let's flush STDOUT first, to give user an idea where we are slow. */
876 fflush(stdout);
877
878 sha256_init_ctx(&ctx);
879
880 for (;;) {
881 uint8_t buffer[64 * 1024];
882 ssize_t n;
883
884 n = read(fd, buffer, sizeof(buffer));
885 if (n < 0)
886 return -errno;
887 if (n == 0)
888 break;
889
890 sha256_process_bytes(buffer, n, &ctx);
891 }
892
893 sha256_finish_ctx(&ctx, ret);
894 return 0;
895}
896
897static int mtree_print_item(
898 RecurseDirEvent event,
899 const char *path,
900 int dir_fd,
901 int inode_fd,
902 const struct dirent *de,
903 const struct statx *sx,
904 void *userdata) {
905
01a33cf7 906 _cleanup_free_ char *escaped = NULL;
db02190e
LP		 907 int r;
908
167f2c1a 909 assert(path);
db02190e 910
01a33cf7
YW		 911 if (!IN_SET(event, RECURSE_DIR_ENTER, RECURSE_DIR_ENTRY))
912 return RECURSE_DIR_CONTINUE;
db02190e 913
01a33cf7 914 assert(sx);
5ffa6a0a 915
01a33cf7
YW		 916 if (isempty(path))
917 path = ".";
918 else {
919 /* BSD mtree uses either C or octal escaping, and covers whitespace, comments and glob characters. We use C style escaping and follow suit */
920 path = escaped = xescape(path, WHITESPACE COMMENTS GLOB_CHARS);
921 if (!escaped)
922 return log_oom();
923 }
db02190e 924
01a33cf7
YW		 925 printf("%s", isempty(path) ? "." : path);
926
927 if (FLAGS_SET(sx->stx_mask, STATX_TYPE)) {
928 if (S_ISDIR(sx->stx_mode))
929 printf("%s/%s", ansi_grey(), ansi_normal());
930
931 printf(" %stype=%s%s%s%s",
932 ansi_grey(),
933 ansi_normal(),
934 S_ISDIR(sx->stx_mode) ? ansi_highlight_blue() :
935 S_ISLNK(sx->stx_mode) ? ansi_highlight_cyan() :
936 (S_ISFIFO(sx->stx_mode) || S_ISCHR(sx->stx_mode) || S_ISBLK(sx->stx_mode)) ? ansi_highlight_yellow4() :
937 S_ISSOCK(sx->stx_mode) ? ansi_highlight_magenta() : "",
938 ASSERT_PTR(S_ISDIR(sx->stx_mode) ? "dir" :
939 S_ISREG(sx->stx_mode) ? "file" :
940 S_ISLNK(sx->stx_mode) ? "link" :
941 S_ISFIFO(sx->stx_mode) ? "fifo" :
942 S_ISBLK(sx->stx_mode) ? "block" :
943 S_ISCHR(sx->stx_mode) ? "char" :
944 S_ISSOCK(sx->stx_mode) ? "socket" : NULL),
945 ansi_normal());
946 }
db02190e 947
01a33cf7
YW		 948 if (FLAGS_SET(sx->stx_mask, STATX_MODE) && (!FLAGS_SET(sx->stx_mask, STATX_TYPE) || !S_ISLNK(sx->stx_mode)))
949 printf(" %smode=%s%04o",
950 ansi_grey(),
951 ansi_normal(),
952 (unsigned) (sx->stx_mode & 0777));
953
954 if (FLAGS_SET(sx->stx_mask, STATX_UID))
955 printf(" %suid=%s" UID_FMT,
956 ansi_grey(),
957 ansi_normal(),
958 sx->stx_uid);
959
960 if (FLAGS_SET(sx->stx_mask, STATX_GID))
961 printf(" %sgid=%s" GID_FMT,
962 ansi_grey(),
963 ansi_normal(),
964 sx->stx_gid);
965
966 if (FLAGS_SET(sx->stx_mask, STATX_TYPE|STATX_SIZE) && S_ISREG(sx->stx_mode)) {
967 printf(" %ssize=%s%" PRIu64,
968 ansi_grey(),
969 ansi_normal(),
970 (uint64_t) sx->stx_size);
971
972 if (inode_fd >= 0 && sx->stx_size > 0) {
973 uint8_t hash[SHA256_DIGEST_SIZE];
974
975 r = get_file_sha256(inode_fd, hash);
db02190e 976 if (r < 0)
01a33cf7 977 log_warning_errno(r, "Failed to calculate file SHA256 sum for '%s', ignoring: %m", path);
db02190e 978 else {
01a33cf7 979 _cleanup_free_ char *h = NULL;
db02190e 980
01a33cf7
YW		 981 h = hexmem(hash, sizeof(hash));
982 if (!h)
db02190e
LP		 983 return log_oom();
984
01a33cf7 985 printf(" %ssha256sum=%s%s",
db02190e
LP		 986 ansi_grey(),
987 ansi_normal(),
01a33cf7 988 h);
db02190e
LP		 989 }
990 }
01a33cf7 991 }
db02190e 992
01a33cf7
YW		 993 if (FLAGS_SET(sx->stx_mask, STATX_TYPE) && S_ISLNK(sx->stx_mode) && inode_fd >= 0) {
994 _cleanup_free_ char *target = NULL;
995
996 r = readlinkat_malloc(inode_fd, "", &target);
997 if (r < 0)
998 log_warning_errno(r, "Failed to read symlink '%s', ignoring: %m", path);
999 else {
1000 _cleanup_free_ char *target_escaped = NULL;
1001
1002 target_escaped = xescape(target, WHITESPACE COMMENTS GLOB_CHARS);
1003 if (!target_escaped)
1004 return log_oom();
1005
1006 printf(" %slink=%s%s",
db02190e
LP		 1007 ansi_grey(),
1008 ansi_normal(),
01a33cf7
YW		 1009 target_escaped);
1010 }
db02190e
LP		 1011 }
1012
01a33cf7
YW		 1013 if (FLAGS_SET(sx->stx_mask, STATX_TYPE) && (S_ISBLK(sx->stx_mode) || S_ISCHR(sx->stx_mode)))
1014 printf(" %sdevice=%slinux,%" PRIu64 ",%" PRIu64,
1015 ansi_grey(),
1016 ansi_normal(),
1017 (uint64_t) sx->stx_rdev_major,
1018 (uint64_t) sx->stx_rdev_minor);
1019
1020 printf("\n");
1021
db02190e
LP		 1022 return RECURSE_DIR_CONTINUE;
1023}
1024
1025static int action_list_or_mtree_or_copy(DissectedImage *m, LoopDevice *d) {
37e44c3f 1026 _cleanup_(umount_and_rmdir_and_freep) char *mounted_dir = NULL;
37e44c3f
LP		 1027 _cleanup_(rmdir_and_freep) char *created_dir = NULL;
1028 _cleanup_free_ char *temp = NULL;
1029 int r;
a2ea3b2f 1030
37e44c3f
LP		 1031 assert(m);
1032 assert(d);
18b5886e 1033
37e44c3f
LP		 1034 r = dissected_image_decrypt_interactively(
1035 m, NULL,
89e62e0b 1036 &arg_verity_settings,
e330f97a 1037 arg_flags);
37e44c3f
LP		 1038 if (r < 0)
1039 return r;
a2ea3b2f 1040
37e44c3f
LP		 1041 r = detach_mount_namespace();
1042 if (r < 0)
1043 return log_error_errno(r, "Failed to detach mount namespace: %m");
33973b84 1044
37e44c3f
LP		 1045 r = tempfn_random_child(NULL, program_invocation_short_name, &temp);
1046 if (r < 0)
1047 return log_error_errno(r, "Failed to generate temporary mount directory: %m");
33973b84 1048
37e44c3f
LP		 1049 r = mkdir_p(temp, 0700);
1050 if (r < 0)
1051 return log_error_errno(r, "Failed to create mount point: %m");
33973b84 1052
37e44c3f
LP		 1053 created_dir = TAKE_PTR(temp);
1054
21b61b1d 1055 r = dissected_image_mount_and_warn(m, created_dir, UID_INVALID, UID_INVALID, arg_flags);
37e44c3f 1056 if (r < 0)
af187ab2 1057 return r;
33973b84 1058
37e44c3f 1059 mounted_dir = TAKE_PTR(created_dir);
33973b84 1060
41bc4849
LP		 1061 r = loop_device_flock(d, LOCK_UN);
1062 if (r < 0)
1063 return log_error_errno(r, "Failed to unlock loopback block device: %m");
1064
3044d343
YW		 1065 r = dissected_image_relinquish(m);
1066 if (r < 0)
1067 return log_error_errno(r, "Failed to relinquish DM and loopback block devices: %m");
33973b84 1068
37e44c3f 1069 if (arg_action == ACTION_COPY_FROM) {
254d1313 1070 _cleanup_close_ int source_fd = -EBADF, target_fd = -EBADF;
33973b84 1071
37e44c3f
LP		 1072 source_fd = chase_symlinks_and_open(arg_source, mounted_dir, CHASE_PREFIX_ROOT|CHASE_WARN, O_RDONLY|O_CLOEXEC|O_NOCTTY, NULL);
1073 if (source_fd < 0)
1074 return log_error_errno(source_fd, "Failed to open source path '%s' in image '%s': %m", arg_source, arg_image);
1075
1076 /* Copying to stdout? */
1077 if (streq(arg_target, "-")) {
f5fbe71d 1078 r = copy_bytes(source_fd, STDOUT_FILENO, UINT64_MAX, COPY_REFLINK);
33973b84 1079 if (r < 0)
37e44c3f
LP		 1080 return log_error_errno(r, "Failed to copy bytes from %s in mage '%s' to stdout: %m", arg_source, arg_image);
1081
38db55ab 1082 /* When we copy to stdout we don't copy any attributes (i.e. no access mode, no ownership, no xattr, no times) */
37e44c3f 1083 return 0;
33973b84
LP		 1084 }
1085
37e44c3f 1086 /* Try to copy as directory? */
dd480f78 1087 r = copy_directory_fd(source_fd, arg_target, COPY_REFLINK|COPY_MERGE_EMPTY|COPY_SIGINT|COPY_HARDLINKS);
37e44c3f
LP		 1088 if (r >= 0)
1089 return 0;
1090 if (r != -ENOTDIR)
1091 return log_error_errno(r, "Failed to copy %s in image '%s' to '%s': %m", arg_source, arg_image, arg_target);
1092
1093 r = fd_verify_regular(source_fd);
1094 if (r == -EISDIR)
1095 return log_error_errno(r, "Target '%s' exists already and is not a directory.", arg_target);
1096 if (r < 0)
1097 return log_error_errno(r, "Source path %s in image '%s' is neither regular file nor directory, refusing: %m", arg_source, arg_image);
33973b84 1098
37e44c3f
LP		 1099 /* Nah, it's a plain file! */
1100 target_fd = open(arg_target, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0600);
1101 if (target_fd < 0)
1102 return log_error_errno(errno, "Failed to create regular file at target path '%s': %m", arg_target);
33973b84 1103
f5fbe71d 1104 r = copy_bytes(source_fd, target_fd, UINT64_MAX, COPY_REFLINK);
37e44c3f
LP		 1105 if (r < 0)
1106 return log_error_errno(r, "Failed to copy bytes from %s in mage '%s' to '%s': %m", arg_source, arg_image, arg_target);
33973b84 1107
c17cfe6e 1108 (void) copy_xattr(source_fd, NULL, target_fd, NULL, 0);
37e44c3f
LP		 1109 (void) copy_access(source_fd, target_fd);
1110 (void) copy_times(source_fd, target_fd, 0);
33973b84 1111
37e44c3f 1112 /* When this is a regular file we don't copy ownership! */
33973b84 1113
0cf16924 1114 } else if (arg_action == ACTION_COPY_TO) {
254d1313 1115 _cleanup_close_ int source_fd = -EBADF, target_fd = -EBADF, dfd = -EBADF;
cfb623b6 1116 _cleanup_free_ char *dn = NULL, *bn = NULL;
83802e9a 1117 bool is_dir;
33973b84 1118
45519d13
LP		 1119 r = path_extract_directory(arg_target, &dn);
1120 if (r < 0)
cfb623b6
LP		 1121 return log_error_errno(r, "Failed to extract directory from target path '%s': %m", arg_target);
1122 r = path_extract_filename(arg_target, &bn);
1123 if (r < 0)
1124 return log_error_errno(r, "Failed to extract filename from target path '%s': %m", arg_target);
83802e9a 1125 is_dir = r == O_DIRECTORY;
37e44c3f
LP		 1126
1127 r = chase_symlinks(dn, mounted_dir, CHASE_PREFIX_ROOT|CHASE_WARN, NULL, &dfd);
1128 if (r < 0)
1129 return log_error_errno(r, "Failed to open '%s': %m", dn);
33973b84 1130
37e44c3f
LP		 1131 /* Are we reading from stdin? */
1132 if (streq(arg_source, "-")) {
83802e9a
LP		 1133 if (is_dir)
1134 return log_error_errno(SYNTHETIC_ERRNO(EISDIR), "Cannot copy STDIN to a directory, refusing.");
1135
cfb623b6 1136 target_fd = openat(dfd, bn, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_EXCL, 0644);
33973b84 1137 if (target_fd < 0)
37e44c3f 1138 return log_error_errno(errno, "Failed to open target file '%s': %m", arg_target);
33973b84 1139
f5fbe71d 1140 r = copy_bytes(STDIN_FILENO, target_fd, UINT64_MAX, COPY_REFLINK);
33973b84 1141 if (r < 0)
37e44c3f 1142 return log_error_errno(r, "Failed to copy bytes from stdin to '%s' in image '%s': %m", arg_target, arg_image);
33973b84 1143
37e44c3f
LP		 1144 /* When we copy from stdin we don't copy any attributes (i.e. no access mode, no ownership, no xattr, no times) */
1145 return 0;
1146 }
33973b84 1147
37e44c3f
LP		 1148 source_fd = open(arg_source, O_RDONLY|O_CLOEXEC|O_NOCTTY);
1149 if (source_fd < 0)
1150 return log_error_errno(source_fd, "Failed to open source path '%s': %m", arg_source);
33973b84 1151
37e44c3f
LP		 1152 r = fd_verify_regular(source_fd);
1153 if (r < 0) {
1154 if (r != -EISDIR)
1155 return log_error_errno(r, "Source '%s' is neither regular file nor directory: %m", arg_source);
33973b84 1156
37e44c3f 1157 /* We are looking at a directory. */
33973b84 1158
cfb623b6 1159 target_fd = openat(dfd, bn, O_RDONLY|O_DIRECTORY|O_CLOEXEC);
37e44c3f
LP		 1160 if (target_fd < 0) {
1161 if (errno != ENOENT)
1162 return log_error_errno(errno, "Failed to open destination '%s': %m", arg_target);
33973b84 1163
a424958a 1164 r = copy_tree_at(source_fd, ".", dfd, bn, UID_INVALID, GID_INVALID, COPY_REFLINK|COPY_REPLACE|COPY_SIGINT|COPY_HARDLINKS, NULL);
37e44c3f 1165 } else
a424958a 1166 r = copy_tree_at(source_fd, ".", target_fd, ".", UID_INVALID, GID_INVALID, COPY_REFLINK|COPY_REPLACE|COPY_SIGINT|COPY_HARDLINKS, NULL);
33973b84 1167 if (r < 0)
37e44c3f 1168 return log_error_errno(r, "Failed to copy '%s' to '%s' in image '%s': %m", arg_source, arg_target, arg_image);
33973b84 1169
37e44c3f
LP		 1170 return 0;
1171 }
33973b84 1172
83802e9a
LP		 1173 if (is_dir)
1174 return log_error_errno(SYNTHETIC_ERRNO(EISDIR), "Source is a regular file, but target is not, refusing.");
1175
37e44c3f 1176 /* We area looking at a regular file */
83802e9a 1177 target_fd = openat(dfd, bn, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_EXCL, 0600);
37e44c3f
LP		 1178 if (target_fd < 0)
1179 return log_error_errno(errno, "Failed to open target file '%s': %m", arg_target);
33973b84 1180
f5fbe71d 1181 r = copy_bytes(source_fd, target_fd, UINT64_MAX, COPY_REFLINK);
37e44c3f
LP		 1182 if (r < 0)
1183 return log_error_errno(r, "Failed to copy bytes from '%s' to '%s' in image '%s': %m", arg_source, arg_target, arg_image);
33973b84 1184
c17cfe6e 1185 (void) copy_xattr(source_fd, NULL, target_fd, NULL, 0);
37e44c3f
LP		 1186 (void) copy_access(source_fd, target_fd);
1187 (void) copy_times(source_fd, target_fd, 0);
33973b84 1188
37e44c3f 1189 /* When this is a regular file we don't copy ownership! */
0cf16924
AAF		 1190
1191 } else {
254d1313 1192 _cleanup_close_ int dfd = -EBADF;
0cf16924 1193
0cf16924
AAF		 1194 dfd = open(mounted_dir, O_DIRECTORY|O_CLOEXEC|O_RDONLY);
1195 if (dfd < 0)
1196 return log_error_errno(errno, "Failed to open mount directory: %m");
1197
2e1f76f6
LP		 1198 pager_open(arg_pager_flags);
1199
db02190e
LP		 1200 if (arg_action == ACTION_LIST)
1201 r = recurse_dir(dfd, NULL, 0, UINT_MAX, RECURSE_DIR_SORT, list_print_item, NULL);
1202 else if (arg_action == ACTION_MTREE)
1203 r = recurse_dir(dfd, ".", STATX_TYPE|STATX_MODE|STATX_UID|STATX_GID|STATX_SIZE, UINT_MAX, RECURSE_DIR_SORT|RECURSE_DIR_INODE_FD|RECURSE_DIR_TOPLEVEL, mtree_print_item, NULL);
1204 else
1205 assert_not_reached();
0cf16924
AAF		 1206 if (r < 0)
1207 return log_error_errno(r, "Failed to list image: %m");
37e44c3f 1208 }
33973b84 1209
37e44c3f
LP		 1210 return 0;
1211}
33973b84 1212
ac1f1adf 1213static int action_umount(const char *path) {
254d1313 1214 _cleanup_close_ int fd = -EBADF;
040d3439 1215 _cleanup_free_ char *canonical = NULL;
ac1f1adf 1216 _cleanup_(loop_device_unrefp) LoopDevice *d = NULL;
040d3439 1217 _cleanup_(sd_device_unrefp) sd_device *dev = NULL;
e8383058 1218 int r;
ac1f1adf
DDM		 1219
1220 fd = chase_symlinks_and_open(path, NULL, 0, O_DIRECTORY, &canonical);
1221 if (fd == -ENOTDIR)
1222 return log_error_errno(SYNTHETIC_ERRNO(ENOTDIR), "'%s' is not a directory", path);
1223 if (fd < 0)
1224 return log_error_errno(fd, "Failed to resolve path '%s': %m", path);
1225
1226 r = fd_is_mount_point(fd, NULL, 0);
1227 if (r == 0)
1228 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "'%s' is not a mount point", canonical);
1229 if (r < 0)
1230 return log_error_errno(r, "Failed to determine whether '%s' is a mount point: %m", canonical);
1231
040d3439 1232 r = block_device_new_from_fd(fd, BLOCK_DEVICE_LOOKUP_WHOLE_DISK | BLOCK_DEVICE_LOOKUP_BACKING, &dev);
41a95b18 1233 if (r < 0) {
254d1313 1234 _cleanup_close_ int usr_fd = -EBADF;
41a95b18
YW		 1235
1236 /* The command `systemd-dissect --mount` expects that the image at least has the root or /usr
1237 * partition. If it does not have the root partition, then we mount the /usr partition on a
1238 * tmpfs. Hence, let's try to find the backing block device through the /usr partition. */
1239
1240 usr_fd = openat(fd, "usr", O_CLOEXEC | O_DIRECTORY | O_NOFOLLOW);
1241 if (usr_fd < 0)
1242 return log_error_errno(errno, "Failed to open '%s/usr': %m", canonical);
1243
1244 r = block_device_new_from_fd(usr_fd, BLOCK_DEVICE_LOOKUP_WHOLE_DISK | BLOCK_DEVICE_LOOKUP_BACKING, &dev);
1245 }
ac1f1adf
DDM		 1246 if (r < 0)
1247 return log_error_errno(r, "Failed to find backing block device for '%s': %m", canonical);
1248
040d3439 1249 r = loop_device_open(dev, 0, LOCK_EX, &d);
ac1f1adf 1250 if (r < 0)
040d3439 1251 return log_device_error_errno(dev, r, "Failed to open loopback block device: %m");
ac1f1adf 1252
ac1f1adf
DDM		 1253 /* We've locked the loop device, now we're ready to unmount. To allow the unmount to succeed, we have
1254 * to close the O_PATH fd we opened earlier. */
1255 fd = safe_close(fd);
1256
1257 r = umount_recursive(canonical, 0);
1258 if (r < 0)
1259 return log_error_errno(r, "Failed to unmount '%s': %m", canonical);
1260
0b75493d 1261 /* We managed to lock and unmount successfully? That means we can try to remove the loop device. */
ac1f1adf
DDM		 1262 loop_device_unrelinquish(d);
1263
1264 if (arg_rmdir) {
e8383058
LP		 1265 r = RET_NERRNO(rmdir(canonical));
1266 if (r < 0)
1267 return log_error_errno(r, "Failed to remove mount directory '%s': %m", canonical);
ac1f1adf 1268 }
ac1f1adf 1269
e8383058 1270 return 0;
ac1f1adf
DDM		 1271}
1272
06186c4c
LP		 1273static int action_with(DissectedImage *m, LoopDevice *d) {
1274 _cleanup_(umount_and_rmdir_and_freep) char *mounted_dir = NULL;
1275 _cleanup_(rmdir_and_freep) char *created_dir = NULL;
1276 _cleanup_free_ char *temp = NULL;
1277 int r, rcode;
1278
1279 r = dissected_image_decrypt_interactively(
1280 m, NULL,
1281 &arg_verity_settings,
1282 arg_flags);
1283 if (r < 0)
1284 return r;
1285
1286 r = tempfn_random_child(NULL, program_invocation_short_name, &temp);
1287 if (r < 0)
1288 return log_error_errno(r, "Failed to generate temporary mount directory: %m");
1289
1290 r = mkdir_p(temp, 0700);
1291 if (r < 0)
1292 return log_error_errno(r, "Failed to create mount point: %m");
1293
1294 created_dir = TAKE_PTR(temp);
1295
1296 r = dissected_image_mount_and_warn(m, created_dir, UID_INVALID, UID_INVALID, arg_flags);
1297 if (r < 0)
1298 return r;
1299
1300 mounted_dir = TAKE_PTR(created_dir);
1301
1302 r = dissected_image_relinquish(m);
1303 if (r < 0)
1304 return log_error_errno(r, "Failed to relinquish DM and loopback block devices: %m");
1305
1306 r = loop_device_flock(d, LOCK_UN);
1307 if (r < 0)
1308 return log_error_errno(r, "Failed to unlock loopback block device: %m");
1309
1310 rcode = safe_fork("(with)", FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_WAIT, NULL);
1311 if (rcode == 0) {
1312 /* Child */
1313
1314 if (chdir(mounted_dir) < 0) {
1315 log_error_errno(errno, "Failed to change to '%s' directory: %m", mounted_dir);
1316 _exit(EXIT_FAILURE);
1317 }
1318
1319 if (setenv("SYSTEMD_DISSECT_ROOT", mounted_dir, /* overwrite= */ true) < 0) {
1320 log_error_errno(errno, "Failed to set $SYSTEMD_DISSECT_ROOT: %m");
1321 _exit(EXIT_FAILURE);
1322 }
1323
1324 if (strv_isempty(arg_argv)) {
1325 const char *sh;
1326
1327 sh = secure_getenv("SHELL");
1328 if (sh) {
1329 execvp(sh, STRV_MAKE(sh));
1330 log_warning_errno(errno, "Failed to execute $SHELL, falling back to /bin/sh: %m");
1331 }
1332
1333 execl("/bin/sh", "sh", NULL);
1334 log_error_errno(errno, "Failed to invoke /bin/sh: %m");
1335 } else {
1336 execvp(arg_argv[0], arg_argv);
1337 log_error_errno(errno, "Failed to execute '%s': %m", arg_argv[0]);
1338 }
1339
1340 _exit(EXIT_FAILURE);
1341 }
1342
1343 /* Let's manually detach everything, to make things synchronous */
1344 r = loop_device_flock(d, LOCK_SH);
1345 if (r < 0)
1346 log_warning_errno(r, "Failed to lock loopback block device, ignoring: %m");
1347
1348 r = umount_recursive(mounted_dir, 0);
1349 if (r < 0)
1350 log_warning_errno(r, "Failed to unmount '%s', ignoring: %m", mounted_dir);
1351 else
1352 loop_device_unrelinquish(d); /* Let's try to destroy the loopback device */
1353
1354 created_dir = TAKE_PTR(mounted_dir);
1355
1356 if (rmdir(created_dir) < 0)
1357 log_warning_errno(r, "Failed to remove directory '%s', ignoring: %m", created_dir);
1358
1359 temp = TAKE_PTR(created_dir);
1360
1361 return rcode;
1362}
1363
0305cf6e
LP		 1364static int action_discover(void) {
1365 _cleanup_(hashmap_freep) Hashmap *images = NULL;
1366 _cleanup_(table_unrefp) Table *t = NULL;
1367 Image *img;
1368 int r;
1369
1370 images = hashmap_new(&image_hash_ops);
1371 if (!images)
1372 return log_oom();
1373
1374 for (ImageClass cl = 0; cl < _IMAGE_CLASS_MAX; cl++) {
1375 r = image_discover(cl, NULL, images);
1376 if (r < 0)
1377 return log_error_errno(r, "Failed to discover images: %m");
1378 }
1379
1380 if ((arg_json_format_flags & JSON_FORMAT_OFF) && hashmap_isempty(images)) {
1381 log_info("No images found.");
1382 return 0;
1383 }
1384
1385 t = table_new("name", "type", "class", "ro", "path", "time", "usage");
1386 if (!t)
1387 return log_oom();
1388
1389 HASHMAP_FOREACH(img, images) {
1390
1391 if (!IN_SET(img->type, IMAGE_RAW, IMAGE_BLOCK))
1392 continue;
1393
1394 r = table_add_many(
1395 t,
1396 TABLE_STRING, img->name,
1397 TABLE_STRING, image_type_to_string(img->type),
1398 TABLE_STRING, image_class_to_string(img->class),
1399 TABLE_BOOLEAN, img->read_only,
1400 TABLE_PATH, img->path,
1401 TABLE_TIMESTAMP, img->mtime != 0 ? img->mtime : img->crtime,
1402 TABLE_SIZE, img->usage);
1403 if (r < 0)
1404 return table_log_add_error(r);
1405 }
1406
1407 (void) table_set_sort(t, (size_t) 0);
1408
1409 return table_print_with_pager(t, arg_json_format_flags, arg_pager_flags, arg_legend);
1410}
1411
37e44c3f
LP		 1412static int run(int argc, char *argv[]) {
1413 _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL;
1414 _cleanup_(loop_device_unrefp) LoopDevice *d = NULL;
6c07d570
LP		 1415 uint32_t loop_flags;
1416 int open_flags, r;
33973b84 1417
5acb31a6 1418 log_setup();
33973b84 1419
37e44c3f
LP		 1420 r = parse_argv(argc, argv);
1421 if (r <= 0)
1422 return r;
33973b84 1423
ac1f1adf
DDM		 1424 if (arg_action == ACTION_UMOUNT)
1425 return action_umount(arg_path);
0305cf6e
LP		 1426 if (arg_action == ACTION_DISCOVER)
1427 return action_discover();
ac1f1adf 1428
89e62e0b
LP		 1429 r = verity_settings_load(
1430 &arg_verity_settings,
1431 arg_image, NULL, NULL);
37e44c3f
LP		 1432 if (r < 0)
1433 return log_error_errno(r, "Failed to read verity artifacts for %s: %m", arg_image);
33973b84 1434
89e62e0b
LP		 1435 if (arg_verity_settings.data_path)
1436 arg_flags |= DISSECT_IMAGE_NO_PARTITION_TABLE; /* We only support Verity per file system,
1437 * hence if there's external Verity data
1438 * available we turn off partition table
1439 * support */
1440
6c07d570
LP		 1441 open_flags = FLAGS_SET(arg_flags, DISSECT_IMAGE_DEVICE_READ_ONLY) ? O_RDONLY : O_RDWR;
1442 loop_flags = FLAGS_SET(arg_flags, DISSECT_IMAGE_NO_PARTITION_TABLE) ? 0 : LO_FLAGS_PARTSCAN;
1443
1444 if (arg_in_memory)
22ee78a8 1445 r = loop_device_make_by_path_memory(arg_image, open_flags, /* sector_size= */ UINT32_MAX, loop_flags, LOCK_SH, &d);
6c07d570 1446 else
22ee78a8 1447 r = loop_device_make_by_path(arg_image, open_flags, /* sector_size= */ UINT32_MAX, loop_flags, LOCK_SH, &d);
37e44c3f 1448 if (r < 0)
7b87fe4c 1449 return log_error_errno(r, "Failed to set up loopback device for %s: %m", arg_image);
33973b84 1450
bad31660 1451 r = dissect_loop_device_and_warn(
bad31660 1452 d,
89e62e0b 1453 &arg_verity_settings,
37e44c3f
LP		 1454 NULL,
1455 arg_flags,
1456 &m);
1457 if (r < 0)
1458 return r;
33973b84 1459
88b3300f
LP		 1460 r = dissected_image_load_verity_sig_partition(
1461 m,
1462 d->fd,
1463 &arg_verity_settings);
1464 if (r < 0)
738edfe6 1465 return log_error_errno(r, "Failed to load verity signature partition: %m");
88b3300f 1466
37e44c3f 1467 switch (arg_action) {
33973b84 1468
37e44c3f
LP		 1469 case ACTION_DISSECT:
1470 r = action_dissect(m, d);
1471 break;
1472
1473 case ACTION_MOUNT:
1474 r = action_mount(m, d);
1475 break;
1476
0cf16924 1477 case ACTION_LIST:
db02190e 1478 case ACTION_MTREE:
37e44c3f
LP		 1479 case ACTION_COPY_FROM:
1480 case ACTION_COPY_TO:
db02190e 1481 r = action_list_or_mtree_or_copy(m, d);
33973b84 1482 break;
33973b84 1483
06186c4c
LP		 1484 case ACTION_WITH:
1485 r = action_with(m, d);
1486 break;
1487
a2ea3b2f 1488 default:
04499a70 1489 assert_not_reached();
a2ea3b2f
LP		 1490 }
1491
37e44c3f 1492 return r;
a2ea3b2f 1493}
149afb45
YW		 1494
1495DEFINE_MAIN_FUNCTION(run);
Unnamed repository; edit this file 'description' to name the repository.