]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/import/pull-common.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #17185 from yuwata/ethtool-update
[thirdparty/systemd.git] / src / import / pull-common.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #include <sys/prctl.h>
4
5 #include "alloc-util.h"
6 #include "btrfs-util.h"
7 #include "capability-util.h"
8 #include "copy.h"
9 #include "dirent-util.h"
10 #include "escape.h"
11 #include "fd-util.h"
12 #include "io-util.h"
13 #include "path-util.h"
14 #include "process-util.h"
15 #include "pull-common.h"
16 #include "pull-job.h"
17 #include "rlimit-util.h"
18 #include "rm-rf.h"
19 #include "signal-util.h"
20 #include "siphash24.h"
21 #include "string-util.h"
22 #include "strv.h"
23 #include "util.h"
24 #include "web-util.h"
25
26 #define FILENAME_ESCAPE "/.#\"\'"
27 #define HASH_URL_THRESHOLD_LENGTH (_POSIX_PATH_MAX - 16)
28
29 int pull_find_old_etags(
30 const char *url,
31 const char *image_root,
32 int dt,
33 const char *prefix,
34 const char *suffix,
35 char ***etags) {
36
37 _cleanup_free_ char *escaped_url = NULL;
38 _cleanup_closedir_ DIR *d = NULL;
39 _cleanup_strv_free_ char **l = NULL;
40 struct dirent *de;
41 int r;
42
43 assert(url);
44 assert(etags);
45
46 if (!image_root)
47 image_root = "/var/lib/machines";
48
49 escaped_url = xescape(url, FILENAME_ESCAPE);
50 if (!escaped_url)
51 return -ENOMEM;
52
53 d = opendir(image_root);
54 if (!d) {
55 if (errno == ENOENT) {
56 *etags = NULL;
57 return 0;
58 }
59
60 return -errno;
61 }
62
63 FOREACH_DIRENT_ALL(de, d, return -errno) {
64 _cleanup_free_ char *u = NULL;
65 const char *a, *b;
66
67 if (de->d_type != DT_UNKNOWN &&
68 de->d_type != dt)
69 continue;
70
71 if (prefix) {
72 a = startswith(de->d_name, prefix);
73 if (!a)
74 continue;
75 } else
76 a = de->d_name;
77
78 a = startswith(a, escaped_url);
79 if (!a)
80 continue;
81
82 a = startswith(a, ".");
83 if (!a)
84 continue;
85
86 if (suffix) {
87 b = endswith(de->d_name, suffix);
88 if (!b)
89 continue;
90 } else
91 b = strchr(de->d_name, 0);
92
93 if (a >= b)
94 continue;
95
96 r = cunescape_length(a, b - a, 0, &u);
97 if (r < 0)
98 return r;
99
100 if (!http_etag_is_valid(u))
101 continue;
102
103 r = strv_consume(&l, TAKE_PTR(u));
104 if (r < 0)
105 return r;
106 }
107
108 *etags = TAKE_PTR(l);
109
110 return 0;
111 }
112
113 int pull_make_local_copy(const char *final, const char *image_root, const char *local, bool force_local) {
114 const char *p;
115 int r;
116
117 assert(final);
118 assert(local);
119
120 if (!image_root)
121 image_root = "/var/lib/machines";
122
123 p = prefix_roota(image_root, local);
124
125 if (force_local)
126 (void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
127
128 r = btrfs_subvol_snapshot(final, p,
129 BTRFS_SNAPSHOT_QUOTA|
130 BTRFS_SNAPSHOT_FALLBACK_COPY|
131 BTRFS_SNAPSHOT_FALLBACK_DIRECTORY|
132 BTRFS_SNAPSHOT_RECURSIVE);
133 if (r < 0)
134 return log_error_errno(r, "Failed to create local image: %m");
135
136 log_info("Created new local image '%s'.", local);
137
138 return 0;
139 }
140
141 static int hash_url(const char *url, char **ret) {
142 uint64_t h;
143 static const sd_id128_t k = SD_ID128_ARRAY(df,89,16,87,01,cc,42,30,98,ab,4a,19,a6,a5,63,4f);
144
145 assert(url);
146
147 h = siphash24(url, strlen(url), k.bytes);
148 if (asprintf(ret, "%"PRIx64, h) < 0)
149 return -ENOMEM;
150
151 return 0;
152 }
153
154 int pull_make_path(const char *url, const char *etag, const char *image_root, const char *prefix, const char *suffix, char **ret) {
155 _cleanup_free_ char *escaped_url = NULL, *escaped_etag = NULL;
156 char *path;
157
158 assert(url);
159 assert(ret);
160
161 if (!image_root)
162 image_root = "/var/lib/machines";
163
164 escaped_url = xescape(url, FILENAME_ESCAPE);
165 if (!escaped_url)
166 return -ENOMEM;
167
168 if (etag) {
169 escaped_etag = xescape(etag, FILENAME_ESCAPE);
170 if (!escaped_etag)
171 return -ENOMEM;
172 }
173
174 path = strjoin(image_root, "/", strempty(prefix), escaped_url, escaped_etag ? "." : "",
175 strempty(escaped_etag), strempty(suffix));
176 if (!path)
177 return -ENOMEM;
178
179 /* URLs might make the path longer than the maximum allowed length for a file name.
180 * When that happens, a URL hash is used instead. Paths returned by this function
181 * can be later used with tempfn_random() which adds 16 bytes to the resulting name. */
182 if (strlen(path) >= HASH_URL_THRESHOLD_LENGTH) {
183 _cleanup_free_ char *hash = NULL;
184 int r;
185
186 free(path);
187
188 r = hash_url(url, &hash);
189 if (r < 0)
190 return r;
191
192 path = strjoin(image_root, "/", strempty(prefix), hash, escaped_etag ? "." : "",
193 strempty(escaped_etag), strempty(suffix));
194 if (!path)
195 return -ENOMEM;
196 }
197
198 *ret = path;
199 return 0;
200 }
201
202 int pull_make_auxiliary_job(
203 PullJob **ret,
204 const char *url,
205 int (*strip_suffixes)(const char *name, char **ret),
206 const char *suffix,
207 CurlGlue *glue,
208 PullJobFinished on_finished,
209 void *userdata) {
210
211 _cleanup_free_ char *last_component = NULL, *ll = NULL, *auxiliary_url = NULL;
212 _cleanup_(pull_job_unrefp) PullJob *job = NULL;
213 const char *q;
214 int r;
215
216 assert(ret);
217 assert(url);
218 assert(strip_suffixes);
219 assert(glue);
220
221 r = import_url_last_component(url, &last_component);
222 if (r < 0)
223 return r;
224
225 r = strip_suffixes(last_component, &ll);
226 if (r < 0)
227 return r;
228
229 q = strjoina(ll, suffix);
230
231 r = import_url_change_last_component(url, q, &auxiliary_url);
232 if (r < 0)
233 return r;
234
235 r = pull_job_new(&job, auxiliary_url, glue, userdata);
236 if (r < 0)
237 return r;
238
239 job->on_finished = on_finished;
240 job->compressed_max = job->uncompressed_max = 1ULL * 1024ULL * 1024ULL;
241
242 *ret = TAKE_PTR(job);
243
244 return 0;
245 }
246
247 int pull_make_verification_jobs(
248 PullJob **ret_checksum_job,
249 PullJob **ret_signature_job,
250 ImportVerify verify,
251 const char *url,
252 CurlGlue *glue,
253 PullJobFinished on_finished,
254 void *userdata) {
255
256 _cleanup_(pull_job_unrefp) PullJob *checksum_job = NULL, *signature_job = NULL;
257 int r;
258 const char *chksums = NULL;
259
260 assert(ret_checksum_job);
261 assert(ret_signature_job);
262 assert(verify >= 0);
263 assert(verify < _IMPORT_VERIFY_MAX);
264 assert(url);
265 assert(glue);
266
267 if (verify != IMPORT_VERIFY_NO) {
268 _cleanup_free_ char *checksum_url = NULL, *fn = NULL;
269
270 /* Queue jobs for the checksum file for the image. */
271 r = import_url_last_component(url, &fn);
272 if (r < 0)
273 return r;
274
275 chksums = strjoina(fn, ".sha256");
276
277 r = import_url_change_last_component(url, chksums, &checksum_url);
278 if (r < 0)
279 return r;
280
281 r = pull_job_new(&checksum_job, checksum_url, glue, userdata);
282 if (r < 0)
283 return r;
284
285 checksum_job->on_finished = on_finished;
286 checksum_job->uncompressed_max = checksum_job->compressed_max = 1ULL * 1024ULL * 1024ULL;
287 }
288
289 if (verify == IMPORT_VERIFY_SIGNATURE) {
290 _cleanup_free_ char *signature_url = NULL;
291
292 /* Queue job for the SHA256SUMS.gpg file for the image. */
293 r = import_url_change_last_component(url, "SHA256SUMS.gpg", &signature_url);
294 if (r < 0)
295 return r;
296
297 r = pull_job_new(&signature_job, signature_url, glue, userdata);
298 if (r < 0)
299 return r;
300
301 signature_job->on_finished = on_finished;
302 signature_job->uncompressed_max = signature_job->compressed_max = 1ULL * 1024ULL * 1024ULL;
303 }
304
305 *ret_checksum_job = checksum_job;
306 *ret_signature_job = signature_job;
307
308 checksum_job = signature_job = NULL;
309
310 return 0;
311 }
312
313 static int verify_one(PullJob *checksum_job, PullJob *job) {
314 _cleanup_free_ char *fn = NULL;
315 const char *line, *p;
316 int r;
317
318 assert(checksum_job);
319
320 if (!job)
321 return 0;
322
323 assert(IN_SET(job->state, PULL_JOB_DONE, PULL_JOB_FAILED));
324
325 /* Don't verify the checksum if we didn't actually successfully download something new */
326 if (job->state != PULL_JOB_DONE)
327 return 0;
328 if (job->error != 0)
329 return 0;
330 if (job->etag_exists)
331 return 0;
332
333 assert(job->calc_checksum);
334 assert(job->checksum);
335
336 r = import_url_last_component(job->url, &fn);
337 if (r < 0)
338 return log_oom();
339
340 if (!filename_is_valid(fn))
341 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG),
342 "Cannot verify checksum, could not determine server-side file name.");
343
344 line = strjoina(job->checksum, " *", fn, "\n");
345
346 p = memmem(checksum_job->payload,
347 checksum_job->payload_size,
348 line,
349 strlen(line));
350
351 if (!p) {
352 line = strjoina(job->checksum, " ", fn, "\n");
353
354 p = memmem(checksum_job->payload,
355 checksum_job->payload_size,
356 line,
357 strlen(line));
358 }
359
360 if (!p || (p != (char*) checksum_job->payload && p[-1] != '\n'))
361 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG),
362 "DOWNLOAD INVALID: Checksum of %s file did not checkout, file has been tampered with.", fn);
363
364 log_info("SHA256 checksum of %s is valid.", job->url);
365 return 1;
366 }
367
368 int pull_verify(PullJob *main_job,
369 PullJob *roothash_job,
370 PullJob *settings_job,
371 PullJob *checksum_job,
372 PullJob *signature_job) {
373
374 _cleanup_close_pair_ int gpg_pipe[2] = { -1, -1 };
375 _cleanup_close_ int sig_file = -1;
376 char sig_file_path[] = "/tmp/sigXXXXXX", gpg_home[] = "/tmp/gpghomeXXXXXX";
377 _cleanup_(sigkill_waitp) pid_t pid = 0;
378 bool gpg_home_created = false;
379 int r;
380
381 assert(main_job);
382 assert(main_job->state == PULL_JOB_DONE);
383
384 if (!checksum_job)
385 return 0;
386
387 assert(main_job->calc_checksum);
388 assert(main_job->checksum);
389
390 assert(checksum_job->state == PULL_JOB_DONE);
391
392 if (!checksum_job->payload || checksum_job->payload_size <= 0)
393 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG),
394 "Checksum is empty, cannot verify.");
395
396 r = verify_one(checksum_job, main_job);
397 if (r < 0)
398 return r;
399
400 r = verify_one(checksum_job, roothash_job);
401 if (r < 0)
402 return r;
403
404 r = verify_one(checksum_job, settings_job);
405 if (r < 0)
406 return r;
407
408 if (!signature_job)
409 return 0;
410
411 if (checksum_job->style == VERIFICATION_PER_FILE)
412 signature_job = checksum_job;
413
414 assert(signature_job->state == PULL_JOB_DONE);
415
416 if (!signature_job->payload || signature_job->payload_size <= 0)
417 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG),
418 "Signature is empty, cannot verify.");
419
420 r = pipe2(gpg_pipe, O_CLOEXEC);
421 if (r < 0)
422 return log_error_errno(errno, "Failed to create pipe for gpg: %m");
423
424 sig_file = mkostemp(sig_file_path, O_RDWR);
425 if (sig_file < 0)
426 return log_error_errno(errno, "Failed to create temporary file: %m");
427
428 r = loop_write(sig_file, signature_job->payload, signature_job->payload_size, false);
429 if (r < 0) {
430 log_error_errno(r, "Failed to write to temporary file: %m");
431 goto finish;
432 }
433
434 if (!mkdtemp(gpg_home)) {
435 r = log_error_errno(errno, "Failed to create temporary home for gpg: %m");
436 goto finish;
437 }
438
439 gpg_home_created = true;
440
441 r = safe_fork("(gpg)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
442 if (r < 0)
443 return r;
444 if (r == 0) {
445 const char *cmd[] = {
446 "gpg",
447 "--no-options",
448 "--no-default-keyring",
449 "--no-auto-key-locate",
450 "--no-auto-check-trustdb",
451 "--batch",
452 "--trust-model=always",
453 NULL, /* --homedir= */
454 NULL, /* --keyring= */
455 NULL, /* --verify */
456 NULL, /* signature file */
457 NULL, /* dash */
458 NULL /* trailing NULL */
459 };
460 unsigned k = ELEMENTSOF(cmd) - 6;
461
462 /* Child */
463
464 gpg_pipe[1] = safe_close(gpg_pipe[1]);
465
466 r = rearrange_stdio(gpg_pipe[0], -1, STDERR_FILENO);
467 if (r < 0) {
468 log_error_errno(r, "Failed to rearrange stdin/stdout: %m");
469 _exit(EXIT_FAILURE);
470 }
471
472 (void) rlimit_nofile_safe();
473
474 cmd[k++] = strjoina("--homedir=", gpg_home);
475
476 /* We add the user keyring only to the command line
477 * arguments, if it's around since gpg fails
478 * otherwise. */
479 if (access(USER_KEYRING_PATH, F_OK) >= 0)
480 cmd[k++] = "--keyring=" USER_KEYRING_PATH;
481 else
482 cmd[k++] = "--keyring=" VENDOR_KEYRING_PATH;
483
484 cmd[k++] = "--verify";
485 if (checksum_job->style == VERIFICATION_PER_DIRECTORY) {
486 cmd[k++] = sig_file_path;
487 cmd[k++] = "-";
488 cmd[k++] = NULL;
489 }
490
491 execvp("gpg2", (char * const *) cmd);
492 execvp("gpg", (char * const *) cmd);
493 log_error_errno(errno, "Failed to execute gpg: %m");
494 _exit(EXIT_FAILURE);
495 }
496
497 gpg_pipe[0] = safe_close(gpg_pipe[0]);
498
499 r = loop_write(gpg_pipe[1], checksum_job->payload, checksum_job->payload_size, false);
500 if (r < 0) {
501 log_error_errno(r, "Failed to write to pipe: %m");
502 goto finish;
503 }
504
505 gpg_pipe[1] = safe_close(gpg_pipe[1]);
506
507 r = wait_for_terminate_and_check("gpg", pid, WAIT_LOG_ABNORMAL);
508 pid = 0;
509 if (r < 0)
510 goto finish;
511 if (r != EXIT_SUCCESS) {
512 log_error("DOWNLOAD INVALID: Signature verification failed.");
513 r = -EBADMSG;
514 } else {
515 log_info("Signature verification succeeded.");
516 r = 0;
517 }
518
519 finish:
520 (void) unlink(sig_file_path);
521
522 if (gpg_home_created)
523 (void) rm_rf(gpg_home, REMOVE_ROOT|REMOVE_PHYSICAL);
524
525 return r;
526 }
Unnamed repository; edit this file 'description' to name the repository.