]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/sysupdate/sysupdate-resource.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #23070 from poettering/devnum-split
[thirdparty/systemd.git] / src / sysupdate / sysupdate-resource.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <fcntl.h>
4 #include <sys/stat.h>
5 #include <unistd.h>
6
7 #include "alloc-util.h"
8 #include "blockdev-util.h"
9 #include "chase-symlinks.h"
10 #include "devnum-util.h"
11 #include "dirent-util.h"
12 #include "env-util.h"
13 #include "fd-util.h"
14 #include "fileio.h"
15 #include "glyph-util.h"
16 #include "gpt.h"
17 #include "hexdecoct.h"
18 #include "import-util.h"
19 #include "macro.h"
20 #include "process-util.h"
21 #include "sort-util.h"
22 #include "string-table.h"
23 #include "sysupdate-cache.h"
24 #include "sysupdate-instance.h"
25 #include "sysupdate-pattern.h"
26 #include "sysupdate-resource.h"
27 #include "sysupdate.h"
28 #include "utf8.h"
29
30 void resource_destroy(Resource *rr) {
31 assert(rr);
32
33 free(rr->path);
34 strv_free(rr->patterns);
35
36 for (size_t i = 0; i < rr->n_instances; i++)
37 instance_free(rr->instances[i]);
38 free(rr->instances);
39 }
40
41 static int resource_add_instance(
42 Resource *rr,
43 const char *path,
44 const InstanceMetadata *f,
45 Instance **ret) {
46
47 Instance *i;
48 int r;
49
50 assert(rr);
51 assert(path);
52 assert(f);
53 assert(f->version);
54
55 if (!GREEDY_REALLOC(rr->instances, rr->n_instances + 1))
56 return log_oom();
57
58 r = instance_new(rr, path, f, &i);
59 if (r < 0)
60 return r;
61
62 rr->instances[rr->n_instances++] = i;
63
64 if (ret)
65 *ret = i;
66
67 return 0;
68 }
69
70 static int resource_load_from_directory(
71 Resource *rr,
72 mode_t m) {
73
74 _cleanup_(closedirp) DIR *d = NULL;
75 int r;
76
77 assert(rr);
78 assert(IN_SET(rr->type, RESOURCE_TAR, RESOURCE_REGULAR_FILE, RESOURCE_DIRECTORY, RESOURCE_SUBVOLUME));
79 assert(IN_SET(m, S_IFREG, S_IFDIR));
80
81 d = opendir(rr->path);
82 if (!d) {
83 if (errno == ENOENT) {
84 log_debug("Directory %s does not exist, not loading any resources.", rr->path);
85 return 0;
86 }
87
88 return log_error_errno(errno, "Failed to open directory '%s': %m", rr->path);
89 }
90
91 for (;;) {
92 _cleanup_(instance_metadata_destroy) InstanceMetadata extracted_fields = INSTANCE_METADATA_NULL;
93 _cleanup_free_ char *joined = NULL;
94 Instance *instance;
95 struct dirent *de;
96 struct stat st;
97
98 errno = 0;
99 de = readdir_no_dot(d);
100 if (!de) {
101 if (errno != 0)
102 return log_error_errno(errno, "Failed to read directory '%s': %m", rr->path);
103 break;
104 }
105
106 switch (de->d_type) {
107
108 case DT_UNKNOWN:
109 break;
110
111 case DT_DIR:
112 if (m != S_IFDIR)
113 continue;
114
115 break;
116
117 case DT_REG:
118 if (m != S_IFREG)
119 continue;
120 break;
121
122 default:
123 continue;
124 }
125
126 if (fstatat(dirfd(d), de->d_name, &st, AT_NO_AUTOMOUNT) < 0) {
127 if (errno == ENOENT) /* Gone by now? */
128 continue;
129
130 return log_error_errno(errno, "Failed to stat %s/%s: %m", rr->path, de->d_name);
131 }
132
133 if ((st.st_mode & S_IFMT) != m)
134 continue;
135
136 r = pattern_match_many(rr->patterns, de->d_name, &extracted_fields);
137 if (r < 0)
138 return log_error_errno(r, "Failed to match pattern: %m");
139 if (r == 0)
140 continue;
141
142 joined = path_join(rr->path, de->d_name);
143 if (!joined)
144 return log_oom();
145
146 r = resource_add_instance(rr, joined, &extracted_fields, &instance);
147 if (r < 0)
148 return r;
149
150 /* Inherit these from the source, if not explicitly overwritten */
151 if (instance->metadata.mtime == USEC_INFINITY)
152 instance->metadata.mtime = timespec_load(&st.st_mtim) ?: USEC_INFINITY;
153
154 if (instance->metadata.mode == MODE_INVALID)
155 instance->metadata.mode = st.st_mode & 0775; /* mask out world-writability and suid and stuff, for safety */
156 }
157
158 return 0;
159 }
160
161 static int resource_load_from_blockdev(Resource *rr) {
162 _cleanup_(fdisk_unref_contextp) struct fdisk_context *c = NULL;
163 _cleanup_(fdisk_unref_tablep) struct fdisk_table *t = NULL;
164 size_t n_partitions;
165 int r;
166
167 assert(rr);
168
169 c = fdisk_new_context();
170 if (!c)
171 return log_oom();
172
173 r = fdisk_assign_device(c, rr->path, /* readonly= */ true);
174 if (r < 0)
175 return log_error_errno(r, "Failed to open device '%s': %m", rr->path);
176
177 if (!fdisk_is_labeltype(c, FDISK_DISKLABEL_GPT))
178 return log_error_errno(SYNTHETIC_ERRNO(EHWPOISON), "Disk %s has no GPT disk label, not suitable.", rr->path);
179
180 r = fdisk_get_partitions(c, &t);
181 if (r < 0)
182 return log_error_errno(r, "Failed to acquire partition table: %m");
183
184 n_partitions = fdisk_table_get_nents(t);
185 for (size_t i = 0; i < n_partitions; i++) {
186 _cleanup_(instance_metadata_destroy) InstanceMetadata extracted_fields = INSTANCE_METADATA_NULL;
187 _cleanup_(partition_info_destroy) PartitionInfo pinfo = PARTITION_INFO_NULL;
188 Instance *instance;
189
190 r = read_partition_info(c, t, i, &pinfo);
191 if (r < 0)
192 return r;
193 if (r == 0) /* not assigned */
194 continue;
195
196 /* Check if partition type matches */
197 if (rr->partition_type_set && !sd_id128_equal(pinfo.type, rr->partition_type))
198 continue;
199
200 /* A label of "_empty" means "not used so far" for us */
201 if (streq_ptr(pinfo.label, "_empty")) {
202 rr->n_empty++;
203 continue;
204 }
205
206 r = pattern_match_many(rr->patterns, pinfo.label, &extracted_fields);
207 if (r < 0)
208 return log_error_errno(r, "Failed to match pattern: %m");
209 if (r == 0)
210 continue;
211
212 r = resource_add_instance(rr, pinfo.device, &extracted_fields, &instance);
213 if (r < 0)
214 return r;
215
216 instance->partition_info = pinfo;
217 pinfo = (PartitionInfo) PARTITION_INFO_NULL;
218
219 /* Inherit data from source if not configured explicitly */
220 if (!instance->metadata.partition_uuid_set) {
221 instance->metadata.partition_uuid = instance->partition_info.uuid;
222 instance->metadata.partition_uuid_set = true;
223 }
224
225 if (!instance->metadata.partition_flags_set) {
226 instance->metadata.partition_flags = instance->partition_info.flags;
227 instance->metadata.partition_flags_set = true;
228 }
229
230 if (instance->metadata.read_only < 0)
231 instance->metadata.read_only = instance->partition_info.read_only;
232 }
233
234 return 0;
235 }
236
237 static int download_manifest(
238 const char *url,
239 bool verify_signature,
240 char **ret_buffer,
241 size_t *ret_size) {
242
243 _cleanup_free_ char *buffer = NULL, *suffixed_url = NULL;
244 _cleanup_(close_pairp) int pfd[2] = { -1, -1 };
245 _cleanup_fclose_ FILE *manifest = NULL;
246 size_t size = 0;
247 pid_t pid;
248 int r;
249
250 assert(url);
251 assert(ret_buffer);
252 assert(ret_size);
253
254 /* Download a SHA256SUMS file as manifest */
255
256 r = import_url_append_component(url, "SHA256SUMS", &suffixed_url);
257 if (r < 0)
258 return log_error_errno(r, "Failed to append SHA256SUMS to URL: %m");
259
260 if (pipe2(pfd, O_CLOEXEC) < 0)
261 return log_error_errno(errno, "Failed to allocate pipe: %m");
262
263 log_info("%s Acquiring manifest file %s…", special_glyph(SPECIAL_GLYPH_DOWNLOAD), suffixed_url);
264
265 r = safe_fork("(sd-pull)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
266 if (r < 0)
267 return r;
268 if (r == 0) {
269 /* Child */
270
271 const char *cmdline[] = {
272 "systemd-pull",
273 "raw",
274 "--direct", /* just download the specified URL, don't download anything else */
275 "--verify", verify_signature ? "signature" : "no", /* verify the manifest file */
276 suffixed_url,
277 "-", /* write to stdout */
278 NULL
279 };
280
281 pfd[0] = safe_close(pfd[0]);
282
283 r = rearrange_stdio(-1, pfd[1], STDERR_FILENO);
284 if (r < 0) {
285 log_error_errno(r, "Failed to rearrange stdin/stdout: %m");
286 _exit(EXIT_FAILURE);
287 }
288
289 (void) unsetenv("NOTIFY_SOCKET");
290 execv(pull_binary_path(), (char *const*) cmdline);
291 log_error_errno(errno, "Failed to execute %s tool: %m", pull_binary_path());
292 _exit(EXIT_FAILURE);
293 };
294
295 pfd[1] = safe_close(pfd[1]);
296
297 /* We'll first load the entire manifest into memory before parsing it. That's because the
298 * systemd-pull tool can validate the download only after its completion, but still pass the data to
299 * us as it runs. We thus need to check the return value of the process *before* parsing, to be
300 * reasonably safe. */
301
302 manifest = fdopen(pfd[0], "r");
303 if (!manifest)
304 return log_error_errno(errno, "Failed allocate FILE object for manifest file: %m");
305
306 TAKE_FD(pfd[0]);
307
308 r = read_full_stream(manifest, &buffer, &size);
309 if (r < 0)
310 return log_error_errno(r, "Failed to read manifest file from child: %m");
311
312 manifest = safe_fclose(manifest);
313
314 r = wait_for_terminate_and_check("(sd-pull)", pid, WAIT_LOG);
315 if (r < 0)
316 return r;
317 if (r != 0)
318 return -EPROTO;
319
320 *ret_buffer = TAKE_PTR(buffer);
321 *ret_size = size;
322
323 return 0;
324 }
325
326 static int resource_load_from_web(
327 Resource *rr,
328 bool verify,
329 Hashmap **web_cache) {
330
331 size_t manifest_size = 0, left = 0;
332 _cleanup_free_ char *buf = NULL;
333 const char *manifest, *p;
334 size_t line_nr = 1;
335 WebCacheItem *ci;
336 int r;
337
338 assert(rr);
339
340 ci = web_cache ? web_cache_get_item(*web_cache, rr->path, verify) : NULL;
341 if (ci) {
342 log_debug("Manifest web cache hit for %s.", rr->path);
343
344 manifest = (char*) ci->data;
345 manifest_size = ci->size;
346 } else {
347 log_debug("Manifest web cache miss for %s.", rr->path);
348
349 r = download_manifest(rr->path, verify, &buf, &manifest_size);
350 if (r < 0)
351 return r;
352
353 manifest = buf;
354 }
355
356 if (memchr(manifest, 0, manifest_size))
357 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Manifest file has embedded NUL byte, refusing.");
358 if (!utf8_is_valid_n(manifest, manifest_size))
359 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Manifest file is not valid UTF-8, refusing.");
360
361 p = manifest;
362 left = manifest_size;
363
364 while (left > 0) {
365 _cleanup_(instance_metadata_destroy) InstanceMetadata extracted_fields = INSTANCE_METADATA_NULL;
366 _cleanup_free_ char *fn = NULL;
367 _cleanup_free_ void *h = NULL;
368 Instance *instance;
369 const char *e;
370 size_t hlen;
371
372 /* 64 character hash + separator + filename + newline */
373 if (left < 67)
374 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Corrupt manifest at line %zu, refusing.", line_nr);
375
376 if (p[0] == '\\')
377 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "File names with escapes not supported in manifest at line %zu, refusing.", line_nr);
378
379 r = unhexmem(p, 64, &h, &hlen);
380 if (r < 0)
381 return log_error_errno(r, "Failed to parse digest at manifest line %zu, refusing.", line_nr);
382
383 p += 64, left -= 64;
384
385 if (*p != ' ')
386 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Missing space separator at manifest line %zu, refusing.", line_nr);
387 p++, left--;
388
389 if (!IN_SET(*p, '*', ' '))
390 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Missing binary/text input marker at manifest line %zu, refusing.", line_nr);
391 p++, left--;
392
393 e = memchr(p, '\n', left);
394 if (!e)
395 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Truncated manifest file at line %zu, refusing.", line_nr);
396 if (e == p)
397 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Empty filename specified at manifest line %zu, refusing.", line_nr);
398
399 fn = strndup(p, e - p);
400 if (!fn)
401 return log_oom();
402
403 if (!filename_is_valid(fn))
404 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid filename specified at manifest line %zu, refusing.", line_nr);
405 if (string_has_cc(fn, NULL))
406 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Filename contains control characters at manifest line %zu, refusing.", line_nr);
407
408 r = pattern_match_many(rr->patterns, fn, &extracted_fields);
409 if (r < 0)
410 return log_error_errno(r, "Failed to match pattern: %m");
411 if (r > 0) {
412 _cleanup_free_ char *path = NULL;
413
414 r = import_url_append_component(rr->path, fn, &path);
415 if (r < 0)
416 return log_error_errno(r, "Failed to build instance URL: %m");
417
418 r = resource_add_instance(rr, path, &extracted_fields, &instance);
419 if (r < 0)
420 return r;
421
422 assert(hlen == sizeof(instance->metadata.sha256sum));
423
424 if (instance->metadata.sha256sum_set) {
425 if (memcmp(instance->metadata.sha256sum, h, hlen) != 0)
426 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "SHA256 sum parsed from filename and manifest don't match at line %zu, refusing.", line_nr);
427 } else {
428 memcpy(instance->metadata.sha256sum, h, hlen);
429 instance->metadata.sha256sum_set = true;
430 }
431 }
432
433 left -= (e - p) + 1;
434 p = e + 1;
435
436 line_nr++;
437 }
438
439 if (!ci && web_cache) {
440 r = web_cache_add_item(web_cache, rr->path, verify, manifest, manifest_size);
441 if (r < 0)
442 log_debug_errno(r, "Failed to add manifest '%s' to cache, ignoring: %m", rr->path);
443 else
444 log_debug("Added manifest '%s' to cache.", rr->path);
445 }
446
447 return 0;
448 }
449
450 static int instance_cmp(Instance *const*a, Instance *const*b) {
451 int r;
452
453 assert(a);
454 assert(b);
455 assert(*a);
456 assert(*b);
457 assert((*a)->metadata.version);
458 assert((*b)->metadata.version);
459
460 /* Newest version at the beginning */
461 r = strverscmp_improved((*a)->metadata.version, (*b)->metadata.version);
462 if (r != 0)
463 return -r;
464
465 /* Instances don't have to be uniquely named (uniqueness on partition tables is not enforced at all,
466 * and since we allow multiple matching patterns not even in directories they are unique). Hence
467 * let's order by path as secondary ordering key. */
468 return path_compare((*a)->path, (*b)->path);
469 }
470
471 int resource_load_instances(Resource *rr, bool verify, Hashmap **web_cache) {
472 int r;
473
474 assert(rr);
475
476 switch (rr->type) {
477
478 case RESOURCE_TAR:
479 case RESOURCE_REGULAR_FILE:
480 r = resource_load_from_directory(rr, S_IFREG);
481 break;
482
483 case RESOURCE_DIRECTORY:
484 case RESOURCE_SUBVOLUME:
485 r = resource_load_from_directory(rr, S_IFDIR);
486 break;
487
488 case RESOURCE_PARTITION:
489 r = resource_load_from_blockdev(rr);
490 break;
491
492 case RESOURCE_URL_FILE:
493 case RESOURCE_URL_TAR:
494 r = resource_load_from_web(rr, verify, web_cache);
495 break;
496
497 default:
498 assert_not_reached();
499 }
500 if (r < 0)
501 return r;
502
503 typesafe_qsort(rr->instances, rr->n_instances, instance_cmp);
504 return 0;
505 }
506
507 Instance* resource_find_instance(Resource *rr, const char *version) {
508 Instance key = {
509 .metadata.version = (char*) version,
510 }, *k = &key;
511
512 return typesafe_bsearch(&k, rr->instances, rr->n_instances, instance_cmp);
513 }
514
515 int resource_resolve_path(
516 Resource *rr,
517 const char *root,
518 const char *node) {
519
520 _cleanup_free_ char *p = NULL;
521 dev_t d;
522 int r;
523
524 assert(rr);
525
526 if (rr->path_auto) {
527
528 /* NB: we don't actually check the backing device of the root fs "/", but of "/usr", in order
529 * to support environments where the root fs is a tmpfs, and the OS itself placed exclusively
530 * in /usr/. */
531
532 if (rr->type != RESOURCE_PARTITION)
533 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
534 "Automatic root path discovery only supported for partition resources.");
535
536 if (node) { /* If --image= is specified, directly use the loopback device */
537 r = free_and_strdup_warn(&rr->path, node);
538 if (r < 0)
539 return r;
540
541 return 0;
542 }
543
544 if (root)
545 return log_error_errno(SYNTHETIC_ERRNO(EPERM),
546 "Block device is not allowed when using --root= mode.");
547
548 r = get_block_device_harder("/usr/", &d);
549
550 } else if (rr->type == RESOURCE_PARTITION) {
551 _cleanup_close_ int fd = -1, real_fd = -1;
552 _cleanup_free_ char *resolved = NULL;
553 struct stat st;
554
555 r = chase_symlinks(rr->path, root, CHASE_PREFIX_ROOT, &resolved, &fd);
556 if (r < 0)
557 return log_error_errno(r, "Failed to resolve '%s': %m", rr->path);
558
559 if (fstat(fd, &st) < 0)
560 return log_error_errno(errno, "Failed to stat '%s': %m", resolved);
561
562 if (S_ISBLK(st.st_mode) && root)
563 return log_error_errno(SYNTHETIC_ERRNO(EPERM), "When using --root= or --image= access to device nodes is prohibited.");
564
565 if (S_ISREG(st.st_mode) || S_ISBLK(st.st_mode)) {
566 /* Not a directory, hence no need to find backing block device for the path */
567 free_and_replace(rr->path, resolved);
568 return 0;
569 }
570
571 if (!S_ISDIR(st.st_mode))
572 return log_error_errno(SYNTHETIC_ERRNO(ENOTDIR), "Target path '%s' does not refer to regular file, directory or block device, refusing.", rr->path);
573
574 if (node) { /* If --image= is specified all file systems are backed by the same loopback device, hence shortcut things. */
575 r = free_and_strdup_warn(&rr->path, node);
576 if (r < 0)
577 return r;
578
579 return 0;
580 }
581
582 real_fd = fd_reopen(fd, O_RDONLY|O_CLOEXEC|O_DIRECTORY);
583 if (real_fd < 0)
584 return log_error_errno(real_fd, "Failed to convert O_PATH file descriptor for %s to regular file descriptor: %m", rr->path);
585
586 r = get_block_device_harder_fd(fd, &d);
587
588 } else if (RESOURCE_IS_FILESYSTEM(rr->type) && root) {
589 _cleanup_free_ char *resolved = NULL;
590
591 r = chase_symlinks(rr->path, root, CHASE_PREFIX_ROOT, &resolved, NULL);
592 if (r < 0)
593 return log_error_errno(r, "Failed to resolve '%s': %m", rr->path);
594
595 free_and_replace(rr->path, resolved);
596 return 0;
597 } else
598 return 0; /* Otherwise assume there's nothing to resolve */
599
600 if (r < 0)
601 return log_error_errno(r, "Failed to determine block device of file system: %m");
602
603 r = block_get_whole_disk(d, &d);
604 if (r < 0)
605 return log_error_errno(r, "Failed to find whole disk device for partition backing file system: %m");
606 if (r == 0)
607 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
608 "File system is not placed on a partition block device, cannot determine whole block device backing root file system.");
609
610 r = device_path_make_canonical(S_IFBLK, d, &p);
611 if (r < 0)
612 return r;
613
614 if (rr->path)
615 log_info("Automatically discovered block device '%s' from '%s'.", p, rr->path);
616 else
617 log_info("Automatically discovered root block device '%s'.", p);
618
619 free_and_replace(rr->path, p);
620 return 1;
621 }
622
623 static const char *resource_type_table[_RESOURCE_TYPE_MAX] = {
624 [RESOURCE_URL_FILE] = "url-file",
625 [RESOURCE_URL_TAR] = "url-tar",
626 [RESOURCE_TAR] = "tar",
627 [RESOURCE_PARTITION] = "partition",
628 [RESOURCE_REGULAR_FILE] = "regular-file",
629 [RESOURCE_DIRECTORY] = "directory",
630 [RESOURCE_SUBVOLUME] = "subvolume",
631 };
632
633 DEFINE_STRING_TABLE_LOOKUP(resource_type, ResourceType);
Unnamed repository; edit this file 'description' to name the repository.