]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/import/pull-tar.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tree-wide: fix typos reported by Fossies Codespell report
[thirdparty/systemd.git] / src / import / pull-tar.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <curl/curl.h>
4 #include <sys/prctl.h>
5
6 #include "sd-daemon.h"
7
8 #include "alloc-util.h"
9 #include "btrfs-util.h"
10 #include "copy.h"
11 #include "curl-util.h"
12 #include "fd-util.h"
13 #include "fs-util.h"
14 #include "hostname-util.h"
15 #include "import-common.h"
16 #include "import-util.h"
17 #include "install-file.h"
18 #include "macro.h"
19 #include "mkdir-label.h"
20 #include "path-util.h"
21 #include "process-util.h"
22 #include "pull-common.h"
23 #include "pull-job.h"
24 #include "pull-tar.h"
25 #include "rm-rf.h"
26 #include "string-util.h"
27 #include "strv.h"
28 #include "tmpfile-util.h"
29 #include "user-util.h"
30 #include "utf8.h"
31 #include "web-util.h"
32
33 typedef enum TarProgress {
34 TAR_DOWNLOADING,
35 TAR_VERIFYING,
36 TAR_FINALIZING,
37 TAR_COPYING,
38 } TarProgress;
39
40 struct TarPull {
41 sd_event *event;
42 CurlGlue *glue;
43
44 PullFlags flags;
45 ImportVerify verify;
46 char *image_root;
47
48 PullJob *tar_job;
49 PullJob *checksum_job;
50 PullJob *signature_job;
51 PullJob *settings_job;
52
53 TarPullFinished on_finished;
54 void *userdata;
55
56 char *local;
57
58 pid_t tar_pid;
59
60 char *final_path;
61 char *temp_path;
62
63 char *settings_path;
64 char *settings_temp_path;
65
66 char *checksum;
67 };
68
69 TarPull* tar_pull_unref(TarPull *i) {
70 if (!i)
71 return NULL;
72
73 if (i->tar_pid > 1)
74 sigkill_wait(i->tar_pid);
75
76 pull_job_unref(i->tar_job);
77 pull_job_unref(i->checksum_job);
78 pull_job_unref(i->signature_job);
79 pull_job_unref(i->settings_job);
80
81 curl_glue_unref(i->glue);
82 sd_event_unref(i->event);
83
84 rm_rf_subvolume_and_free(i->temp_path);
85 unlink_and_free(i->settings_temp_path);
86
87 free(i->final_path);
88 free(i->settings_path);
89 free(i->image_root);
90 free(i->local);
91 free(i->checksum);
92
93 return mfree(i);
94 }
95
96 int tar_pull_new(
97 TarPull **ret,
98 sd_event *event,
99 const char *image_root,
100 TarPullFinished on_finished,
101 void *userdata) {
102
103 _cleanup_(curl_glue_unrefp) CurlGlue *g = NULL;
104 _cleanup_(sd_event_unrefp) sd_event *e = NULL;
105 _cleanup_(tar_pull_unrefp) TarPull *i = NULL;
106 _cleanup_free_ char *root = NULL;
107 int r;
108
109 assert(ret);
110
111 root = strdup(image_root ?: "/var/lib/machines");
112 if (!root)
113 return -ENOMEM;
114
115 if (event)
116 e = sd_event_ref(event);
117 else {
118 r = sd_event_default(&e);
119 if (r < 0)
120 return r;
121 }
122
123 r = curl_glue_new(&g, e);
124 if (r < 0)
125 return r;
126
127 i = new(TarPull, 1);
128 if (!i)
129 return -ENOMEM;
130
131 *i = (TarPull) {
132 .on_finished = on_finished,
133 .userdata = userdata,
134 .image_root = TAKE_PTR(root),
135 .event = TAKE_PTR(e),
136 .glue = TAKE_PTR(g),
137 };
138
139 i->glue->on_finished = pull_job_curl_on_finished;
140 i->glue->userdata = i;
141
142 *ret = TAKE_PTR(i);
143
144 return 0;
145 }
146
147 static void tar_pull_report_progress(TarPull *i, TarProgress p) {
148 unsigned percent;
149
150 assert(i);
151
152 switch (p) {
153
154 case TAR_DOWNLOADING: {
155 unsigned remain = 85;
156
157 percent = 0;
158
159 if (i->checksum_job) {
160 percent += i->checksum_job->progress_percent * 5 / 100;
161 remain -= 5;
162 }
163
164 if (i->signature_job) {
165 percent += i->signature_job->progress_percent * 5 / 100;
166 remain -= 5;
167 }
168
169 if (i->settings_job) {
170 percent += i->settings_job->progress_percent * 5 / 100;
171 remain -= 5;
172 }
173
174 if (i->tar_job)
175 percent += i->tar_job->progress_percent * remain / 100;
176 break;
177 }
178
179 case TAR_VERIFYING:
180 percent = 85;
181 break;
182
183 case TAR_FINALIZING:
184 percent = 90;
185 break;
186
187 case TAR_COPYING:
188 percent = 95;
189 break;
190
191 default:
192 assert_not_reached();
193 }
194
195 sd_notifyf(false, "X_IMPORT_PROGRESS=%u", percent);
196 log_debug("Combined progress %u%%", percent);
197 }
198
199 static int tar_pull_determine_path(
200 TarPull *i,
201 const char *suffix,
202 char **field /* input + output (!) */) {
203 int r;
204
205 assert(i);
206 assert(field);
207
208 if (*field)
209 return 0;
210
211 assert(i->tar_job);
212
213 r = pull_make_path(i->tar_job->url, i->tar_job->etag, i->image_root, ".tar-", suffix, field);
214 if (r < 0)
215 return log_oom();
216
217 return 1;
218 }
219
220 static int tar_pull_make_local_copy(TarPull *i) {
221 _cleanup_(rm_rf_subvolume_and_freep) char *t = NULL;
222 const char *p;
223 int r;
224
225 assert(i);
226 assert(i->tar_job);
227
228 if (!i->local)
229 return 0;
230
231 assert(i->final_path);
232
233 p = prefix_roota(i->image_root, i->local);
234
235 r = tempfn_random(p, NULL, &t);
236 if (r < 0)
237 return log_error_errno(r, "Failed to generate temporary filename for %s: %m", p);
238
239 if (i->flags & PULL_BTRFS_SUBVOL)
240 r = btrfs_subvol_snapshot_at(
241 AT_FDCWD, i->final_path,
242 AT_FDCWD, t,
243 (i->flags & PULL_BTRFS_QUOTA ? BTRFS_SNAPSHOT_QUOTA : 0)|
244 BTRFS_SNAPSHOT_FALLBACK_COPY|
245 BTRFS_SNAPSHOT_FALLBACK_DIRECTORY|
246 BTRFS_SNAPSHOT_RECURSIVE);
247 else
248 r = copy_tree(i->final_path, t, UID_INVALID, GID_INVALID, COPY_REFLINK|COPY_HARDLINKS, NULL);
249 if (r < 0)
250 return log_error_errno(r, "Failed to create local image: %m");
251
252 r = install_file(AT_FDCWD, t,
253 AT_FDCWD, p,
254 (i->flags & PULL_FORCE ? INSTALL_REPLACE : 0) |
255 (i->flags & PULL_READ_ONLY ? INSTALL_READ_ONLY : 0) |
256 (i->flags & PULL_SYNC ? INSTALL_SYNCFS : 0));
257 if (r < 0)
258 return log_error_errno(r, "Failed to install local image '%s': %m", p);
259
260 t = mfree(t);
261
262 log_info("Created new local image '%s'.", i->local);
263
264 if (FLAGS_SET(i->flags, PULL_SETTINGS)) {
265 const char *local_settings;
266 assert(i->settings_job);
267
268 r = tar_pull_determine_path(i, ".nspawn", &i->settings_path);
269 if (r < 0)
270 return r;
271
272 local_settings = strjoina(i->image_root, "/", i->local, ".nspawn");
273
274 r = copy_file_atomic(
275 i->settings_path,
276 local_settings,
277 0664,
278 COPY_REFLINK |
279 (FLAGS_SET(i->flags, PULL_FORCE) ? COPY_REPLACE : 0) |
280 (FLAGS_SET(i->flags, PULL_SYNC) ? COPY_FSYNC_FULL : 0));
281 if (r == -EEXIST)
282 log_warning_errno(r, "Settings file %s already exists, not replacing.", local_settings);
283 else if (r == -ENOENT)
284 log_debug_errno(r, "Skipping creation of settings file, since none was found.");
285 else if (r < 0)
286 log_warning_errno(r, "Failed to copy settings files %s, ignoring: %m", local_settings);
287 else
288 log_info("Created new settings file %s.", local_settings);
289 }
290
291 return 0;
292 }
293
294 static bool tar_pull_is_done(TarPull *i) {
295 assert(i);
296 assert(i->tar_job);
297
298 if (!PULL_JOB_IS_COMPLETE(i->tar_job))
299 return false;
300 if (i->checksum_job && !PULL_JOB_IS_COMPLETE(i->checksum_job))
301 return false;
302 if (i->signature_job && !PULL_JOB_IS_COMPLETE(i->signature_job))
303 return false;
304 if (i->settings_job && !PULL_JOB_IS_COMPLETE(i->settings_job))
305 return false;
306
307 return true;
308 }
309
310 static void tar_pull_job_on_finished(PullJob *j) {
311 TarPull *i;
312 int r;
313
314 assert(j);
315 assert(j->userdata);
316
317 i = j->userdata;
318
319 if (j->error != 0) {
320 if (j == i->tar_job) {
321 if (j->error == ENOMEDIUM) /* HTTP 404 */
322 r = log_error_errno(j->error, "Failed to retrieve image file. (Wrong URL?)");
323 else
324 r = log_error_errno(j->error, "Failed to retrieve image file.");
325 goto finish;
326 } else if (j == i->checksum_job) {
327 r = log_error_errno(j->error, "Failed to retrieve SHA256 checksum, cannot verify. (Try --verify=no?)");
328 goto finish;
329 } else if (j == i->signature_job)
330 log_debug_errno(j->error, "Signature job for %s failed, proceeding for now.", j->url);
331 else if (j == i->settings_job)
332 log_info_errno(j->error, "Settings file could not be retrieved, proceeding without.");
333 else
334 assert("unexpected job");
335 }
336
337 /* This is invoked if either the download completed successfully, or the download was skipped because
338 * we already have the etag. */
339
340 if (!tar_pull_is_done(i))
341 return;
342
343 if (i->signature_job && i->signature_job->error != 0) {
344 VerificationStyle style;
345
346 assert(i->checksum_job);
347
348 r = verification_style_from_url(i->checksum_job->url, &style);
349 if (r < 0) {
350 log_error_errno(r, "Failed to determine verification style from checksum URL: %m");
351 goto finish;
352 }
353
354 if (style == VERIFICATION_PER_DIRECTORY) { /* A failed signature file download only matters
355 * in per-directory verification mode, since only
356 * then the signature is detached, and thus a file
357 * of its own. */
358 r = log_error_errno(i->signature_job->error,
359 "Failed to retrieve signature file, cannot verify. (Try --verify=no?)");
360 goto finish;
361 }
362 }
363
364 pull_job_close_disk_fd(i->tar_job);
365 pull_job_close_disk_fd(i->settings_job);
366
367 if (i->tar_pid > 0) {
368 r = wait_for_terminate_and_check("tar", TAKE_PID(i->tar_pid), WAIT_LOG);
369 if (r < 0)
370 goto finish;
371 if (r != EXIT_SUCCESS) {
372 r = -EIO;
373 goto finish;
374 }
375 }
376
377 if (!i->tar_job->etag_exists) {
378 /* This is a new download, verify it, and move it into place */
379
380 tar_pull_report_progress(i, TAR_VERIFYING);
381
382 r = pull_verify(i->verify,
383 i->checksum,
384 i->tar_job,
385 i->checksum_job,
386 i->signature_job,
387 i->settings_job,
388 /* roothash_job = */ NULL,
389 /* roothash_signature_job = */ NULL,
390 /* verity_job = */ NULL);
391 if (r < 0)
392 goto finish;
393 }
394
395 if (i->flags & PULL_DIRECT) {
396 assert(!i->settings_job);
397 assert(i->local);
398 assert(!i->temp_path);
399
400 tar_pull_report_progress(i, TAR_FINALIZING);
401
402 r = import_mangle_os_tree(i->local);
403 if (r < 0)
404 goto finish;
405
406 r = install_file(
407 AT_FDCWD, i->local,
408 AT_FDCWD, NULL,
409 (i->flags & PULL_READ_ONLY) ? INSTALL_READ_ONLY : 0 |
410 (i->flags & PULL_SYNC ? INSTALL_SYNCFS : 0));
411 if (r < 0) {
412 log_error_errno(r, "Failed to finalize '%s': %m", i->local);
413 goto finish;
414 }
415 } else {
416 r = tar_pull_determine_path(i, NULL, &i->final_path);
417 if (r < 0)
418 goto finish;
419
420 if (!i->tar_job->etag_exists) {
421 /* This is a new download, verify it, and move it into place */
422
423 assert(i->temp_path);
424 assert(i->final_path);
425
426 tar_pull_report_progress(i, TAR_FINALIZING);
427
428 r = import_mangle_os_tree(i->temp_path);
429 if (r < 0)
430 goto finish;
431
432 r = install_file(
433 AT_FDCWD, i->temp_path,
434 AT_FDCWD, i->final_path,
435 INSTALL_READ_ONLY|
436 (i->flags & PULL_SYNC ? INSTALL_SYNCFS : 0));
437 if (r < 0) {
438 log_error_errno(r, "Failed to rename to final image name to %s: %m", i->final_path);
439 goto finish;
440 }
441
442 i->temp_path = mfree(i->temp_path);
443
444 if (i->settings_job &&
445 i->settings_job->error == 0) {
446
447 /* Also move the settings file into place, if it exists. Note that we do so only if we also
448 * moved the tar file in place, to keep things strictly in sync. */
449 assert(i->settings_temp_path);
450
451 /* Regenerate final name for this auxiliary file, we might know the etag of the file now, and
452 * we should incorporate it in the file name if we can */
453 i->settings_path = mfree(i->settings_path);
454
455 r = tar_pull_determine_path(i, ".nspawn", &i->settings_path);
456 if (r < 0)
457 goto finish;
458
459 r = install_file(
460 AT_FDCWD, i->settings_temp_path,
461 AT_FDCWD, i->settings_path,
462 INSTALL_READ_ONLY|
463 (i->flags & PULL_SYNC ? INSTALL_FSYNC_FULL : 0));
464 if (r < 0) {
465 log_error_errno(r, "Failed to rename settings file to %s: %m", i->settings_path);
466 goto finish;
467 }
468
469 i->settings_temp_path = mfree(i->settings_temp_path);
470 }
471 }
472
473 tar_pull_report_progress(i, TAR_COPYING);
474
475 r = tar_pull_make_local_copy(i);
476 if (r < 0)
477 goto finish;
478 }
479
480 r = 0;
481
482 finish:
483 if (i->on_finished)
484 i->on_finished(i, r, i->userdata);
485 else
486 sd_event_exit(i->event, r);
487 }
488
489 static int tar_pull_job_on_open_disk_tar(PullJob *j) {
490 const char *where;
491 TarPull *i;
492 int r;
493
494 assert(j);
495 assert(j->userdata);
496
497 i = j->userdata;
498 assert(i->tar_job == j);
499 assert(i->tar_pid <= 0);
500
501 if (i->flags & PULL_DIRECT)
502 where = i->local;
503 else {
504 if (!i->temp_path) {
505 r = tempfn_random_child(i->image_root, "tar", &i->temp_path);
506 if (r < 0)
507 return log_oom();
508 }
509
510 where = i->temp_path;
511 }
512
513 (void) mkdir_parents_label(where, 0700);
514
515 if (FLAGS_SET(i->flags, PULL_DIRECT|PULL_FORCE))
516 (void) rm_rf(where, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
517
518 if (i->flags & PULL_BTRFS_SUBVOL)
519 r = btrfs_subvol_make_fallback(where, 0755);
520 else
521 r = RET_NERRNO(mkdir(where, 0755));
522 if (r == -EEXIST && (i->flags & PULL_DIRECT)) /* EEXIST is OK if in direct mode, but not otherwise,
523 * because in that case our temporary path collided */
524 r = 0;
525 if (r < 0)
526 return log_error_errno(r, "Failed to create directory/subvolume %s: %m", where);
527 if (r > 0 && (i->flags & PULL_BTRFS_QUOTA)) { /* actually btrfs subvol */
528 if (!(i->flags & PULL_DIRECT))
529 (void) import_assign_pool_quota_and_warn(i->image_root);
530 (void) import_assign_pool_quota_and_warn(where);
531 }
532
533 j->disk_fd = import_fork_tar_x(where, &i->tar_pid);
534 if (j->disk_fd < 0)
535 return j->disk_fd;
536
537 return 0;
538 }
539
540 static int tar_pull_job_on_open_disk_settings(PullJob *j) {
541 TarPull *i;
542 int r;
543
544 assert(j);
545 assert(j->userdata);
546
547 i = j->userdata;
548 assert(i->settings_job == j);
549
550 if (!i->settings_temp_path) {
551 r = tempfn_random_child(i->image_root, "settings", &i->settings_temp_path);
552 if (r < 0)
553 return log_oom();
554 }
555
556 (void) mkdir_parents_label(i->settings_temp_path, 0700);
557
558 j->disk_fd = open(i->settings_temp_path, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0664);
559 if (j->disk_fd < 0)
560 return log_error_errno(errno, "Failed to create %s: %m", i->settings_temp_path);
561
562 return 0;
563 }
564
565 static void tar_pull_job_on_progress(PullJob *j) {
566 TarPull *i;
567
568 assert(j);
569 assert(j->userdata);
570
571 i = j->userdata;
572
573 tar_pull_report_progress(i, TAR_DOWNLOADING);
574 }
575
576 int tar_pull_start(
577 TarPull *i,
578 const char *url,
579 const char *local,
580 PullFlags flags,
581 ImportVerify verify,
582 const char *checksum) {
583
584 PullJob *j;
585 int r;
586
587 assert(i);
588 assert(verify == _IMPORT_VERIFY_INVALID || verify < _IMPORT_VERIFY_MAX);
589 assert(verify == _IMPORT_VERIFY_INVALID || verify >= 0);
590 assert((verify < 0) || !checksum);
591 assert(!(flags & ~PULL_FLAGS_MASK_TAR));
592 assert(!(flags & PULL_SETTINGS) || !(flags & PULL_DIRECT));
593 assert(!(flags & PULL_SETTINGS) || !checksum);
594
595 if (!http_url_is_valid(url) && !file_url_is_valid(url))
596 return -EINVAL;
597
598 if (local && !pull_validate_local(local, flags))
599 return -EINVAL;
600
601 if (i->tar_job)
602 return -EBUSY;
603
604 r = free_and_strdup(&i->local, local);
605 if (r < 0)
606 return r;
607
608 r = free_and_strdup(&i->checksum, checksum);
609 if (r < 0)
610 return r;
611
612 i->flags = flags;
613 i->verify = verify;
614
615 /* Set up download job for TAR file */
616 r = pull_job_new(&i->tar_job, url, i->glue, i);
617 if (r < 0)
618 return r;
619
620 i->tar_job->on_finished = tar_pull_job_on_finished;
621 i->tar_job->on_open_disk = tar_pull_job_on_open_disk_tar;
622 i->tar_job->calc_checksum = checksum || IN_SET(verify, IMPORT_VERIFY_CHECKSUM, IMPORT_VERIFY_SIGNATURE);
623
624 if (!FLAGS_SET(flags, PULL_DIRECT)) {
625 r = pull_find_old_etags(url, i->image_root, DT_DIR, ".tar-", NULL, &i->tar_job->old_etags);
626 if (r < 0)
627 return r;
628 }
629
630 /* Set up download of checksum/signature files */
631 r = pull_make_verification_jobs(
632 &i->checksum_job,
633 &i->signature_job,
634 verify,
635 checksum,
636 url,
637 i->glue,
638 tar_pull_job_on_finished,
639 i);
640 if (r < 0)
641 return r;
642
643 /* Set up download job for the settings file (.nspawn) */
644 if (FLAGS_SET(flags, PULL_SETTINGS)) {
645 r = pull_make_auxiliary_job(
646 &i->settings_job,
647 url,
648 tar_strip_suffixes,
649 ".nspawn",
650 verify,
651 i->glue,
652 tar_pull_job_on_open_disk_settings,
653 tar_pull_job_on_finished,
654 i);
655 if (r < 0)
656 return r;
657 }
658
659 FOREACH_POINTER(j,
660 i->tar_job,
661 i->checksum_job,
662 i->signature_job,
663 i->settings_job) {
664
665 if (!j)
666 continue;
667
668 j->on_progress = tar_pull_job_on_progress;
669 j->sync = FLAGS_SET(flags, PULL_SYNC);
670
671 r = pull_job_begin(j);
672 if (r < 0)
673 return r;
674 }
675
676 return 0;
677 }
Unnamed repository; edit this file 'description' to name the repository.