return 0;
}
-int pull_make_local_copy(const char *final, const char *image_root, const char *local, bool force_local) {
+int pull_make_local_copy(const char *final, const char *image_root, const char *local, PullFlags flags) {
const char *p;
int r;
p = prefix_roota(image_root, local);
- if (force_local)
+ if (FLAGS_SET(flags, PULL_FORCE))
(void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
r = btrfs_subvol_snapshot(final, p,
#include "import-util.h"
#include "pull-job.h"
-int pull_make_local_copy(const char *final, const char *root, const char *local, bool force_local);
+typedef enum PullFlags {
+ PULL_FORCE = 1 << 0, /* replace existing image */
+ PULL_SETTINGS = 1 << 1, /* .nspawn settings file */
+ PULL_ROOTHASH = 1 << 2, /* only for raw: .roothash file for verity */
+ PULL_ROOTHASH_SIGNATURE = 1 << 3, /* only for raw: .roothash.p7s file for verity */
+ PULL_VERITY = 1 << 4, /* only for raw: .verity file for verity */
+
+ /* The supported flags for the tar and the raw pulling */
+ PULL_FLAGS_MASK_TAR = PULL_FORCE|PULL_SETTINGS,
+ PULL_FLAGS_MASK_RAW = PULL_FORCE|PULL_SETTINGS|PULL_ROOTHASH|PULL_ROOTHASH_SIGNATURE|PULL_VERITY,
+} PullFlags;
+
+int pull_make_local_copy(const char *final, const char *root, const char *local, PullFlags flags);
int pull_find_old_etags(const char *url, const char *root, int dt, const char *prefix, const char *suffix, char ***etags);
sd_event *event;
CurlGlue *glue;
+ PullFlags flags;
+ ImportVerify verify;
char *image_root;
PullJob *raw_job;
- PullJob *roothash_job;
- PullJob *settings_job;
PullJob *checksum_job;
PullJob *signature_job;
+ PullJob *settings_job;
+ PullJob *roothash_job;
+ PullJob *roothash_signature_job;
+ PullJob *verity_job;
RawPullFinished on_finished;
void *userdata;
char *local;
- bool force_local;
- bool settings;
- bool roothash;
char *final_path;
char *temp_path;
char *roothash_path;
char *roothash_temp_path;
- ImportVerify verify;
+ char *roothash_signature_path;
+ char *roothash_signature_temp_path;
+
+ char *verity_path;
+ char *verity_temp_path;
};
RawPull* raw_pull_unref(RawPull *i) {
return NULL;
pull_job_unref(i->raw_job);
- pull_job_unref(i->settings_job);
- pull_job_unref(i->roothash_job);
pull_job_unref(i->checksum_job);
pull_job_unref(i->signature_job);
+ pull_job_unref(i->settings_job);
+ pull_job_unref(i->roothash_job);
+ pull_job_unref(i->roothash_signature_job);
+ pull_job_unref(i->verity_job);
curl_glue_unref(i->glue);
sd_event_unref(i->event);
- if (i->temp_path) {
- (void) unlink(i->temp_path);
- free(i->temp_path);
- }
-
- if (i->roothash_temp_path) {
- (void) unlink(i->roothash_temp_path);
- free(i->roothash_temp_path);
- }
-
- if (i->settings_temp_path) {
- (void) unlink(i->settings_temp_path);
- free(i->settings_temp_path);
- }
+ unlink_and_free(i->temp_path);
+ unlink_and_free(i->settings_temp_path);
+ unlink_and_free(i->roothash_temp_path);
+ unlink_and_free(i->roothash_signature_temp_path);
+ unlink_and_free(i->verity_temp_path);
free(i->final_path);
- free(i->roothash_path);
free(i->settings_path);
+ free(i->roothash_path);
+ free(i->roothash_signature_path);
+ free(i->verity_path);
free(i->image_root);
free(i->local);
+
return mfree(i);
}
percent = 0;
+ if (i->checksum_job) {
+ percent += i->checksum_job->progress_percent * 5 / 100;
+ remain -= 5;
+ }
+
+ if (i->signature_job) {
+ percent += i->signature_job->progress_percent * 5 / 100;
+ remain -= 5;
+ }
+
if (i->settings_job) {
percent += i->settings_job->progress_percent * 5 / 100;
remain -= 5;
remain -= 5;
}
- if (i->checksum_job) {
- percent += i->checksum_job->progress_percent * 5 / 100;
+ if (i->roothash_signature_job) {
+ percent += i->roothash_signature_job->progress_percent * 5 / 100;
remain -= 5;
}
- if (i->signature_job) {
- percent += i->signature_job->progress_percent * 5 / 100;
- remain -= 5;
+ if (i->verity_job) {
+ percent += i->verity_job->progress_percent * 10 / 100;
+ remain -= 10;
}
if (i->raw_job)
local = strjoina(i->image_root, "/", i->local, suffix);
- r = copy_file_atomic(*path, local, 0644, 0, 0, COPY_REFLINK | (i->force_local ? COPY_REPLACE : 0));
+ r = copy_file_atomic(*path, local, 0644, 0, 0, COPY_REFLINK | (FLAGS_SET(i->flags, PULL_FORCE) ? COPY_REPLACE : 0));
if (r == -EEXIST)
log_warning_errno(r, "File %s already exists, not replacing.", local);
else if (r == -ENOENT)
p = strjoina(i->image_root, "/", i->local, ".raw");
- if (i->force_local)
+ if (FLAGS_SET(i->flags, PULL_FORCE))
(void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
r = tempfn_random(p, NULL, &tp);
log_info("Created new local image '%s'.", i->local);
- if (i->roothash) {
+ if (FLAGS_SET(i->flags, PULL_SETTINGS)) {
+ r = raw_pull_copy_auxiliary_file(i, ".nspawn", &i->settings_path);
+ if (r < 0)
+ return r;
+ }
+
+ if (FLAGS_SET(i->flags, PULL_ROOTHASH)) {
r = raw_pull_copy_auxiliary_file(i, ".roothash", &i->roothash_path);
if (r < 0)
return r;
}
- if (i->settings) {
- r = raw_pull_copy_auxiliary_file(i, ".nspawn", &i->settings_path);
+ if (FLAGS_SET(i->flags, PULL_ROOTHASH_SIGNATURE)) {
+ r = raw_pull_copy_auxiliary_file(i, ".roothash.p7s", &i->roothash_signature_path);
+ if (r < 0)
+ return r;
+ }
+
+ if (FLAGS_SET(i->flags, PULL_VERITY)) {
+ r = raw_pull_copy_auxiliary_file(i, ".verity", &i->verity_path);
if (r < 0)
return r;
}
if (!PULL_JOB_IS_COMPLETE(i->raw_job))
return false;
- if (i->roothash_job && !PULL_JOB_IS_COMPLETE(i->roothash_job))
+ if (i->checksum_job && !PULL_JOB_IS_COMPLETE(i->checksum_job))
+ return false;
+ if (i->signature_job && !PULL_JOB_IS_COMPLETE(i->signature_job))
return false;
if (i->settings_job && !PULL_JOB_IS_COMPLETE(i->settings_job))
return false;
- if (i->checksum_job && !PULL_JOB_IS_COMPLETE(i->checksum_job))
+ if (i->roothash_job && !PULL_JOB_IS_COMPLETE(i->roothash_job))
return false;
- if (i->signature_job && !PULL_JOB_IS_COMPLETE(i->signature_job))
+ if (i->roothash_signature_job && !PULL_JOB_IS_COMPLETE(i->roothash_signature_job))
+ return false;
+ if (i->verity_job && !PULL_JOB_IS_COMPLETE(i->verity_job))
return false;
return true;
assert(j->userdata);
i = j->userdata;
- if (j == i->roothash_job) {
+ if (j == i->settings_job) {
+ if (j->error != 0)
+ log_info_errno(j->error, "Settings file could not be retrieved, proceeding without.");
+ } else if (j == i->roothash_job) {
if (j->error != 0)
log_info_errno(j->error, "Root hash file could not be retrieved, proceeding without.");
- } else if (j == i->settings_job) {
+ } else if (j == i->roothash_signature_job) {
if (j->error != 0)
- log_info_errno(j->error, "Settings file could not be retrieved, proceeding without.");
+ log_info_errno(j->error, "Root hash signature file could not be retrieved, proceeding without.");
+ } else if (j == i->verity_job) {
+ if (j->error != 0)
+ log_info_errno(j->error, "Verity integrity file could not be retrieved, proceeding without. %s", j->url);
} else if (j->error != 0 && j != i->signature_job) {
if (j == i->checksum_job)
log_error_errno(j->error, "Failed to retrieve SHA256 checksum, cannot verify. (Try --verify=no?)");
goto finish;
}
- /* This is invoked if either the download completed
- * successfully, or the download was skipped because we
- * already have the etag. In this case ->etag_exists is
- * true.
+ /* This is invoked if either the download completed successfully, or the download was skipped because
+ * we already have the etag. In this case ->etag_exists is true.
*
* We only do something when we got all three files */
}
}
- if (i->roothash_job)
- i->roothash_job->disk_fd = safe_close(i->roothash_job->disk_fd);
if (i->settings_job)
i->settings_job->disk_fd = safe_close(i->settings_job->disk_fd);
+ if (i->roothash_job)
+ i->roothash_job->disk_fd = safe_close(i->roothash_job->disk_fd);
+ if (i->roothash_signature_job)
+ i->roothash_signature_job->disk_fd = safe_close(i->roothash_signature_job->disk_fd);
+ if (i->verity_job)
+ i->verity_job->disk_fd = safe_close(i->verity_job->disk_fd);
r = raw_pull_determine_path(i, ".raw", &i->final_path);
if (r < 0)
return 0;
}
+static int raw_pull_job_on_open_disk_settings(PullJob *j) {
+ RawPull *i;
+
+ assert(j);
+ assert(j->userdata);
+
+ i = j->userdata;
+ assert(i->settings_job == j);
+
+ return raw_pull_job_on_open_disk_generic(i, j, "settings", &i->settings_temp_path);
+}
+
static int raw_pull_job_on_open_disk_roothash(PullJob *j) {
RawPull *i;
return raw_pull_job_on_open_disk_generic(i, j, "roothash", &i->roothash_temp_path);
}
-static int raw_pull_job_on_open_disk_settings(PullJob *j) {
+static int raw_pull_job_on_open_disk_roothash_signature(PullJob *j) {
RawPull *i;
assert(j);
assert(j->userdata);
i = j->userdata;
- assert(i->settings_job == j);
+ assert(i->roothash_signature_job == j);
- return raw_pull_job_on_open_disk_generic(i, j, "settings", &i->settings_temp_path);
+ return raw_pull_job_on_open_disk_generic(i, j, "roothash.p7s", &i->roothash_signature_temp_path);
+}
+
+static int raw_pull_job_on_open_disk_verity(PullJob *j) {
+ RawPull *i;
+
+ assert(j);
+ assert(j->userdata);
+
+ i = j->userdata;
+ assert(i->verity_job == j);
+
+ return raw_pull_job_on_open_disk_generic(i, j, "verity", &i->verity_temp_path);
}
static void raw_pull_job_on_progress(PullJob *j) {
RawPull *i,
const char *url,
const char *local,
- bool force_local,
- ImportVerify verify,
- bool settings,
- bool roothash) {
+ PullFlags flags,
+ ImportVerify verify) {
int r;
assert(i);
assert(verify < _IMPORT_VERIFY_MAX);
assert(verify >= 0);
+ assert(!(flags & ~PULL_FLAGS_MASK_RAW));
if (!http_url_is_valid(url))
return -EINVAL;
if (r < 0)
return r;
- i->force_local = force_local;
+ i->flags = flags;
i->verify = verify;
- i->settings = settings;
- i->roothash = roothash;
/* Queue job for the image itself */
r = pull_job_new(&i->raw_job, url, i->glue, i);
if (r < 0)
return r;
- if (roothash) {
+ r = pull_make_verification_jobs(&i->checksum_job, &i->signature_job, verify, url, i->glue, raw_pull_job_on_finished, i);
+ if (r < 0)
+ return r;
+
+ if (FLAGS_SET(flags, PULL_SETTINGS)) {
+ r = pull_make_auxiliary_job(&i->settings_job, url, raw_strip_suffixes, ".nspawn", i->glue, raw_pull_job_on_finished, i);
+ if (r < 0)
+ return r;
+
+ i->settings_job->on_open_disk = raw_pull_job_on_open_disk_settings;
+ i->settings_job->on_progress = raw_pull_job_on_progress;
+ i->settings_job->calc_checksum = verify != IMPORT_VERIFY_NO;
+ }
+
+ if (FLAGS_SET(flags, PULL_ROOTHASH)) {
r = pull_make_auxiliary_job(&i->roothash_job, url, raw_strip_suffixes, ".roothash", i->glue, raw_pull_job_on_finished, i);
if (r < 0)
return r;
i->roothash_job->calc_checksum = verify != IMPORT_VERIFY_NO;
}
- if (settings) {
- r = pull_make_auxiliary_job(&i->settings_job, url, raw_strip_suffixes, ".nspawn", i->glue, raw_pull_job_on_finished, i);
+ if (FLAGS_SET(flags, PULL_ROOTHASH_SIGNATURE)) {
+ r = pull_make_auxiliary_job(&i->roothash_signature_job, url, raw_strip_suffixes, ".roothash.p7s", i->glue, raw_pull_job_on_finished, i);
if (r < 0)
return r;
- i->settings_job->on_open_disk = raw_pull_job_on_open_disk_settings;
- i->settings_job->on_progress = raw_pull_job_on_progress;
- i->settings_job->calc_checksum = verify != IMPORT_VERIFY_NO;
+ i->roothash_signature_job->on_open_disk = raw_pull_job_on_open_disk_roothash_signature;
+ i->roothash_signature_job->on_progress = raw_pull_job_on_progress;
+ i->roothash_signature_job->calc_checksum = verify != IMPORT_VERIFY_NO;
}
- r = pull_make_verification_jobs(&i->checksum_job, &i->signature_job, verify, url, i->glue, raw_pull_job_on_finished, i);
- if (r < 0)
- return r;
+ if (FLAGS_SET(flags, PULL_VERITY)) {
+ r = pull_make_auxiliary_job(&i->verity_job, url, raw_strip_suffixes, ".verity", i->glue, raw_pull_job_on_finished, i);
+ if (r < 0)
+ return r;
+
+ i->verity_job->on_open_disk = raw_pull_job_on_open_disk_verity;
+ i->verity_job->on_progress = raw_pull_job_on_progress;
+ i->verity_job->calc_checksum = verify != IMPORT_VERIFY_NO;
+ }
r = pull_job_begin(i->raw_job);
if (r < 0)
return r;
- if (i->roothash_job) {
- r = pull_job_begin(i->roothash_job);
+ if (i->checksum_job) {
+ i->checksum_job->on_progress = raw_pull_job_on_progress;
+ i->checksum_job->on_not_found = pull_job_restart_with_sha256sum;
+
+ r = pull_job_begin(i->checksum_job);
+ if (r < 0)
+ return r;
+ }
+
+ if (i->signature_job) {
+ i->signature_job->on_progress = raw_pull_job_on_progress;
+
+ r = pull_job_begin(i->signature_job);
if (r < 0)
return r;
}
return r;
}
- if (i->checksum_job) {
- i->checksum_job->on_progress = raw_pull_job_on_progress;
- i->checksum_job->on_not_found = pull_job_restart_with_sha256sum;
-
- r = pull_job_begin(i->checksum_job);
+ if (i->roothash_job) {
+ r = pull_job_begin(i->roothash_job);
if (r < 0)
return r;
}
- if (i->signature_job) {
- i->signature_job->on_progress = raw_pull_job_on_progress;
+ if (i->roothash_signature_job) {
+ r = pull_job_begin(i->roothash_signature_job);
+ if (r < 0)
+ return r;
+ }
- r = pull_job_begin(i->signature_job);
+ if (i->verity_job) {
+ r = pull_job_begin(i->verity_job);
if (r < 0)
return r;
}
#include "import-util.h"
#include "macro.h"
+#include "pull-common.h"
typedef struct RawPull RawPull;
DEFINE_TRIVIAL_CLEANUP_FUNC(RawPull*, raw_pull_unref);
-int raw_pull_start(RawPull *pull, const char *url, const char *local, bool force_local, ImportVerify verify, bool settings, bool roothash);
+int raw_pull_start(RawPull *pull, const char *url, const char *local, PullFlags flags, ImportVerify verify);
sd_event *event;
CurlGlue *glue;
+ PullFlags flags;
+ ImportVerify verify;
char *image_root;
PullJob *tar_job;
- PullJob *settings_job;
PullJob *checksum_job;
PullJob *signature_job;
+ PullJob *settings_job;
TarPullFinished on_finished;
void *userdata;
char *local;
- bool force_local;
- bool settings;
pid_t tar_pid;
char *settings_path;
char *settings_temp_path;
-
- ImportVerify verify;
};
TarPull* tar_pull_unref(TarPull *i) {
}
pull_job_unref(i->tar_job);
- pull_job_unref(i->settings_job);
pull_job_unref(i->checksum_job);
pull_job_unref(i->signature_job);
+ pull_job_unref(i->settings_job);
curl_glue_unref(i->glue);
sd_event_unref(i->event);
- if (i->temp_path) {
- (void) rm_rf(i->temp_path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
- free(i->temp_path);
- }
-
- if (i->settings_temp_path) {
- (void) unlink(i->settings_temp_path);
- free(i->settings_temp_path);
- }
+ rm_rf_subvolume_and_free(i->temp_path);
+ unlink_and_free(i->settings_temp_path);
free(i->final_path);
free(i->settings_path);
percent = 0;
- if (i->settings_job) {
- percent += i->settings_job->progress_percent * 5 / 100;
- remain -= 5;
- }
-
if (i->checksum_job) {
percent += i->checksum_job->progress_percent * 5 / 100;
remain -= 5;
remain -= 5;
}
+ if (i->settings_job) {
+ percent += i->settings_job->progress_percent * 5 / 100;
+ remain -= 5;
+ }
+
if (i->tar_job)
percent += i->tar_job->progress_percent * remain / 100;
break;
if (!i->local)
return 0;
- r = pull_make_local_copy(i->final_path, i->image_root, i->local, i->force_local);
+ r = pull_make_local_copy(i->final_path, i->image_root, i->local, i->flags);
if (r < 0)
return r;
- if (i->settings) {
+ if (FLAGS_SET(i->flags, PULL_SETTINGS)) {
const char *local_settings;
assert(i->settings_job);
local_settings = strjoina(i->image_root, "/", i->local, ".nspawn");
- r = copy_file_atomic(i->settings_path, local_settings, 0664, 0, 0, COPY_REFLINK | (i->force_local ? COPY_REPLACE : 0));
+ r = copy_file_atomic(i->settings_path, local_settings, 0664, 0, 0, COPY_REFLINK | (FLAGS_SET(i->flags, PULL_FORCE) ? COPY_REPLACE : 0));
if (r == -EEXIST)
log_warning_errno(r, "Settings file %s already exists, not replacing.", local_settings);
else if (r == -ENOENT)
if (!PULL_JOB_IS_COMPLETE(i->tar_job))
return false;
- if (i->settings_job && !PULL_JOB_IS_COMPLETE(i->settings_job))
- return false;
if (i->checksum_job && !PULL_JOB_IS_COMPLETE(i->checksum_job))
return false;
if (i->signature_job && !PULL_JOB_IS_COMPLETE(i->signature_job))
return false;
+ if (i->settings_job && !PULL_JOB_IS_COMPLETE(i->settings_job))
+ return false;
return true;
}
TarPull *i,
const char *url,
const char *local,
- bool force_local,
- ImportVerify verify,
- bool settings) {
+ PullFlags flags,
+ ImportVerify verify) {
int r;
assert(i);
assert(verify < _IMPORT_VERIFY_MAX);
assert(verify >= 0);
+ assert(!(flags & ~PULL_FLAGS_MASK_TAR));
if (!http_url_is_valid(url))
return -EINVAL;
if (r < 0)
return r;
- i->force_local = force_local;
+ i->flags = flags;
i->verify = verify;
- i->settings = settings;
/* Set up download job for TAR file */
r = pull_job_new(&i->tar_job, url, i->glue, i);
if (r < 0)
return r;
+ /* Set up download of checksum/signature files */
+ r = pull_make_verification_jobs(&i->checksum_job, &i->signature_job, verify, url, i->glue, tar_pull_job_on_finished, i);
+ if (r < 0)
+ return r;
+
/* Set up download job for the settings file (.nspawn) */
- if (settings) {
+ if (FLAGS_SET(flags, PULL_SETTINGS)) {
r = pull_make_auxiliary_job(&i->settings_job, url, tar_strip_suffixes, ".nspawn", i->glue, tar_pull_job_on_finished, i);
if (r < 0)
return r;
i->settings_job->calc_checksum = verify != IMPORT_VERIFY_NO;
}
- /* Set up download of checksum/signature files */
- r = pull_make_verification_jobs(&i->checksum_job, &i->signature_job, verify, url, i->glue, tar_pull_job_on_finished, i);
- if (r < 0)
- return r;
-
r = pull_job_begin(i->tar_job);
if (r < 0)
return r;
- if (i->settings_job) {
- r = pull_job_begin(i->settings_job);
- if (r < 0)
- return r;
- }
-
if (i->checksum_job) {
i->checksum_job->on_progress = tar_pull_job_on_progress;
i->checksum_job->on_not_found = pull_job_restart_with_sha256sum;
return r;
}
+ if (i->settings_job) {
+ r = pull_job_begin(i->settings_job);
+ if (r < 0)
+ return r;
+ }
+
return 0;
}
#include "import-util.h"
#include "macro.h"
+#include "pull-common.h"
typedef struct TarPull TarPull;
DEFINE_TRIVIAL_CLEANUP_FUNC(TarPull*, tar_pull_unref);
-int tar_pull_start(TarPull *pull, const char *url, const char *local, bool force_local, ImportVerify verify, bool settings);
+int tar_pull_start(TarPull *pull, const char *url, const char *local, PullFlags flags, ImportVerify verify);
#include "verbs.h"
#include "web-util.h"
-static bool arg_force = false;
static const char *arg_image_root = "/var/lib/machines";
static ImportVerify arg_verify = IMPORT_VERIFY_SIGNATURE;
-static bool arg_settings = true;
-static bool arg_roothash = true;
+static PullFlags arg_pull_flags = PULL_SETTINGS | PULL_ROOTHASH | PULL_ROOTHASH_SIGNATURE | PULL_VERITY;
static int interrupt_signal_handler(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
log_notice("Transfer aborted.");
"Local image name '%s' is not valid.",
local);
- if (!arg_force) {
+ if (!FLAGS_SET(arg_pull_flags, PULL_FORCE)) {
r = image_find(IMAGE_MACHINE, local, NULL, NULL);
if (r < 0) {
if (r != -ENOENT)
if (r < 0)
return log_error_errno(r, "Failed to allocate puller: %m");
- r = tar_pull_start(pull, url, local, arg_force, arg_verify, arg_settings);
+ r = tar_pull_start(pull, url, local, arg_pull_flags & PULL_FLAGS_MASK_TAR, arg_verify);
if (r < 0)
return log_error_errno(r, "Failed to pull image: %m");
"Local image name '%s' is not valid.",
local);
- if (!arg_force) {
+ if (!FLAGS_SET(arg_pull_flags, PULL_FORCE)) {
r = image_find(IMAGE_MACHINE, local, NULL, NULL);
if (r < 0) {
if (r != -ENOENT)
if (r < 0)
return log_error_errno(r, "Failed to allocate puller: %m");
- r = raw_pull_start(pull, url, local, arg_force, arg_verify, arg_settings, arg_roothash);
+ r = raw_pull_start(pull, url, local, arg_pull_flags & PULL_FLAGS_MASK_RAW, arg_verify);
if (r < 0)
return log_error_errno(r, "Failed to pull image: %m");
" 'checksum', 'signature'\n"
" --settings=BOOL Download settings file with image\n"
" --roothash=BOOL Download root hash file with image\n"
+ " --roothash-sigature=BOOL Download root hash signature file with image\n"
+ " --verity=BOOL Download verity file with image\n"
" --image-root=PATH Image root directory\n\n"
"Commands:\n"
" tar URL [NAME] Download a TAR image\n"
ARG_VERIFY,
ARG_SETTINGS,
ARG_ROOTHASH,
+ ARG_ROOTHASH_SIGNATURE,
+ ARG_VERITY,
};
static const struct option options[] = {
- { "help", no_argument, NULL, 'h' },
- { "version", no_argument, NULL, ARG_VERSION },
- { "force", no_argument, NULL, ARG_FORCE },
- { "image-root", required_argument, NULL, ARG_IMAGE_ROOT },
- { "verify", required_argument, NULL, ARG_VERIFY },
- { "settings", required_argument, NULL, ARG_SETTINGS },
- { "roothash", required_argument, NULL, ARG_ROOTHASH },
+ { "help", no_argument, NULL, 'h' },
+ { "version", no_argument, NULL, ARG_VERSION },
+ { "force", no_argument, NULL, ARG_FORCE },
+ { "image-root", required_argument, NULL, ARG_IMAGE_ROOT },
+ { "verify", required_argument, NULL, ARG_VERIFY },
+ { "settings", required_argument, NULL, ARG_SETTINGS },
+ { "roothash", required_argument, NULL, ARG_ROOTHASH },
+ { "roothash-signature", required_argument, NULL, ARG_ROOTHASH_SIGNATURE },
+ { "verity", required_argument, NULL, ARG_VERITY },
{}
};
return version();
case ARG_FORCE:
- arg_force = true;
+ arg_pull_flags |= PULL_FORCE;
break;
case ARG_IMAGE_ROOT:
if (r < 0)
return log_error_errno(r, "Failed to parse --settings= parameter '%s': %m", optarg);
- arg_settings = r;
+ SET_FLAG(arg_pull_flags, PULL_SETTINGS, r);
break;
case ARG_ROOTHASH:
if (r < 0)
return log_error_errno(r, "Failed to parse --roothash= parameter '%s': %m", optarg);
- arg_roothash = r;
+ SET_FLAG(arg_pull_flags, PULL_ROOTHASH, r);
+
+ /* If we were asked to turn off the root hash, implicitly also turn off the root hash signature */
+ if (!r)
+ SET_FLAG(arg_pull_flags, PULL_ROOTHASH_SIGNATURE, false);
+ break;
+
+ case ARG_ROOTHASH_SIGNATURE:
+ r = parse_boolean(optarg);
+ if (r < 0)
+ return log_error_errno(r, "Failed to parse --roothash-signature= parameter '%s': %m", optarg);
+
+ SET_FLAG(arg_pull_flags, PULL_ROOTHASH_SIGNATURE, r);
+ break;
+
+ case ARG_VERITY:
+ r = parse_boolean(optarg);
+ if (r < 0)
+ return log_error_errno(r, "Failed to parse --verity= parameter '%s': %m", optarg);
+
+ SET_FLAG(arg_pull_flags, PULL_VERITY, r);
break;
case '?':
projects / thirdparty / systemd.git / commitdiff
