]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
a2ea3b2f LP |
2 | |
3 | #include <fcntl.h> | |
a2ea3b2f | 4 | #include <getopt.h> |
e08f94ac LP |
5 | #include <linux/loop.h> |
6 | #include <stdio.h> | |
a2ea3b2f LP |
7 | |
8 | #include "architecture.h" | |
9 | #include "dissect-image.h" | |
4623e8e6 | 10 | #include "hexdecoct.h" |
a2ea3b2f LP |
11 | #include "log.h" |
12 | #include "loop-util.h" | |
149afb45 | 13 | #include "main-func.h" |
e475f729 | 14 | #include "parse-util.h" |
e7cbe5cb | 15 | #include "path-util.h" |
a2ea3b2f | 16 | #include "string-util.h" |
a1edd22e | 17 | #include "strv.h" |
2d3a5a73 | 18 | #include "user-util.h" |
a2ea3b2f LP |
19 | #include "util.h" |
20 | ||
21 | static enum { | |
22 | ACTION_DISSECT, | |
23 | ACTION_MOUNT, | |
24 | } arg_action = ACTION_DISSECT; | |
25 | static const char *arg_image = NULL; | |
26 | static const char *arg_path = NULL; | |
e475f729 | 27 | static DissectImageFlags arg_flags = DISSECT_IMAGE_REQUIRE_ROOT|DISSECT_IMAGE_DISCARD_ON_LOOP|DISSECT_IMAGE_RELAX_VAR_CHECK|DISSECT_IMAGE_FSCK; |
4623e8e6 | 28 | static void *arg_root_hash = NULL; |
e7cbe5cb | 29 | static char *arg_verity_data = NULL; |
4623e8e6 | 30 | static size_t arg_root_hash_size = 0; |
c2923fdc LB |
31 | static char *arg_root_hash_sig_path = NULL; |
32 | static void *arg_root_hash_sig = NULL; | |
33 | static size_t arg_root_hash_sig_size = 0; | |
a2ea3b2f | 34 | |
149afb45 | 35 | STATIC_DESTRUCTOR_REGISTER(arg_root_hash, freep); |
e7cbe5cb | 36 | STATIC_DESTRUCTOR_REGISTER(arg_verity_data, freep); |
c2923fdc LB |
37 | STATIC_DESTRUCTOR_REGISTER(arg_root_hash_sig_path, freep); |
38 | STATIC_DESTRUCTOR_REGISTER(arg_root_hash_sig, freep); | |
149afb45 | 39 | |
a2ea3b2f LP |
40 | static void help(void) { |
41 | printf("%s [OPTIONS...] IMAGE\n" | |
42 | "%s [OPTIONS...] --mount IMAGE PATH\n" | |
43 | "Dissect a file system OS image.\n\n" | |
e7cbe5cb LB |
44 | " -h --help Show this help\n" |
45 | " --version Show package version\n" | |
46 | " -m --mount Mount the image to the specified directory\n" | |
47 | " -r --read-only Mount read-only\n" | |
48 | " --fsck=BOOL Run fsck before mounting\n" | |
49 | " --discard=MODE Choose 'discard' mode (disabled, loop, all, crypto)\n" | |
50 | " --root-hash=HASH Specify root hash for verity\n" | |
c2923fdc LB |
51 | " --root-hash-sig=SIG Specify pkcs7 signature of root hash for verity\n" |
52 | " as a DER encoded PKCS7, either as a path to a file\n" | |
53 | " or as an ASCII base64 encoded string prefixed by\n" | |
54 | " 'base64:'\n" | |
e7cbe5cb LB |
55 | " --verity-data=PATH Specify data file with hash tree for verity if it is\n" |
56 | " not embedded in IMAGE\n", | |
a2ea3b2f LP |
57 | program_invocation_short_name, |
58 | program_invocation_short_name); | |
59 | } | |
60 | ||
61 | static int parse_argv(int argc, char *argv[]) { | |
62 | ||
63 | enum { | |
64 | ARG_VERSION = 0x100, | |
18b5886e | 65 | ARG_DISCARD, |
4623e8e6 | 66 | ARG_ROOT_HASH, |
e475f729 | 67 | ARG_FSCK, |
e7cbe5cb | 68 | ARG_VERITY_DATA, |
c2923fdc | 69 | ARG_ROOT_HASH_SIG, |
a2ea3b2f LP |
70 | }; |
71 | ||
72 | static const struct option options[] = { | |
c2923fdc LB |
73 | { "help", no_argument, NULL, 'h' }, |
74 | { "version", no_argument, NULL, ARG_VERSION }, | |
75 | { "mount", no_argument, NULL, 'm' }, | |
76 | { "read-only", no_argument, NULL, 'r' }, | |
77 | { "discard", required_argument, NULL, ARG_DISCARD }, | |
78 | { "root-hash", required_argument, NULL, ARG_ROOT_HASH }, | |
79 | { "fsck", required_argument, NULL, ARG_FSCK }, | |
80 | { "verity-data", required_argument, NULL, ARG_VERITY_DATA }, | |
81 | { "root-hash-sig", required_argument, NULL, ARG_ROOT_HASH_SIG }, | |
a2ea3b2f LP |
82 | {} |
83 | }; | |
84 | ||
4623e8e6 | 85 | int c, r; |
a2ea3b2f LP |
86 | |
87 | assert(argc >= 0); | |
88 | assert(argv); | |
89 | ||
90 | while ((c = getopt_long(argc, argv, "hmr", options, NULL)) >= 0) { | |
91 | ||
92 | switch (c) { | |
93 | ||
94 | case 'h': | |
95 | help(); | |
96 | return 0; | |
97 | ||
98 | case ARG_VERSION: | |
99 | return version(); | |
100 | ||
101 | case 'm': | |
102 | arg_action = ACTION_MOUNT; | |
103 | break; | |
104 | ||
105 | case 'r': | |
18b5886e LP |
106 | arg_flags |= DISSECT_IMAGE_READ_ONLY; |
107 | break; | |
108 | ||
971e2ef0 ZJS |
109 | case ARG_DISCARD: { |
110 | DissectImageFlags flags; | |
111 | ||
18b5886e | 112 | if (streq(optarg, "disabled")) |
971e2ef0 | 113 | flags = 0; |
18b5886e | 114 | else if (streq(optarg, "loop")) |
971e2ef0 | 115 | flags = DISSECT_IMAGE_DISCARD_ON_LOOP; |
18b5886e | 116 | else if (streq(optarg, "all")) |
971e2ef0 | 117 | flags = DISSECT_IMAGE_DISCARD_ON_LOOP | DISSECT_IMAGE_DISCARD; |
18b5886e | 118 | else if (streq(optarg, "crypt")) |
971e2ef0 | 119 | flags = DISSECT_IMAGE_DISCARD_ANY; |
baaa35ad ZJS |
120 | else |
121 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
122 | "Unknown --discard= parameter: %s", | |
123 | optarg); | |
971e2ef0 | 124 | arg_flags = (arg_flags & ~DISSECT_IMAGE_DISCARD_ANY) | flags; |
18b5886e | 125 | |
a2ea3b2f | 126 | break; |
971e2ef0 | 127 | } |
a2ea3b2f | 128 | |
4623e8e6 LP |
129 | case ARG_ROOT_HASH: { |
130 | void *p; | |
131 | size_t l; | |
132 | ||
133 | r = unhexmem(optarg, strlen(optarg), &p, &l); | |
134 | if (r < 0) | |
63cf2d75 | 135 | return log_error_errno(r, "Failed to parse root hash '%s': %m", optarg); |
4623e8e6 LP |
136 | if (l < sizeof(sd_id128_t)) { |
137 | log_error("Root hash must be at least 128bit long: %s", optarg); | |
138 | free(p); | |
139 | return -EINVAL; | |
140 | } | |
141 | ||
142 | free(arg_root_hash); | |
143 | arg_root_hash = p; | |
144 | arg_root_hash_size = l; | |
145 | break; | |
146 | } | |
147 | ||
e7cbe5cb LB |
148 | case ARG_VERITY_DATA: |
149 | r = parse_path_argument_and_warn(optarg, false, &arg_verity_data); | |
150 | if (r < 0) | |
151 | return r; | |
152 | break; | |
153 | ||
c2923fdc LB |
154 | case ARG_ROOT_HASH_SIG: { |
155 | char *value; | |
156 | ||
157 | if ((value = startswith(optarg, "base64:"))) { | |
158 | void *p; | |
159 | size_t l; | |
160 | ||
161 | r = unbase64mem(value, strlen(value), &p, &l); | |
162 | if (r < 0) | |
163 | return log_error_errno(r, "Failed to parse root hash signature '%s': %m", optarg); | |
164 | ||
165 | free_and_replace(arg_root_hash_sig, p); | |
166 | arg_root_hash_sig_size = l; | |
167 | arg_root_hash_sig_path = mfree(arg_root_hash_sig_path); | |
168 | } else { | |
169 | r = parse_path_argument_and_warn(optarg, false, &arg_root_hash_sig_path); | |
170 | if (r < 0) | |
171 | return r; | |
172 | arg_root_hash_sig = mfree(arg_root_hash_sig); | |
173 | arg_root_hash_sig_size = 0; | |
174 | } | |
175 | ||
176 | break; | |
177 | } | |
178 | ||
e475f729 LP |
179 | case ARG_FSCK: |
180 | r = parse_boolean(optarg); | |
181 | if (r < 0) | |
182 | return log_error_errno(r, "Failed to parse --fsck= parameter: %s", optarg); | |
183 | ||
184 | SET_FLAG(arg_flags, DISSECT_IMAGE_FSCK, r); | |
185 | break; | |
186 | ||
a2ea3b2f LP |
187 | case '?': |
188 | return -EINVAL; | |
189 | ||
190 | default: | |
191 | assert_not_reached("Unhandled option"); | |
192 | } | |
193 | ||
194 | } | |
195 | ||
196 | switch (arg_action) { | |
197 | ||
198 | case ACTION_DISSECT: | |
baaa35ad ZJS |
199 | if (optind + 1 != argc) |
200 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
201 | "Expected a file path as only argument."); | |
a2ea3b2f LP |
202 | |
203 | arg_image = argv[optind]; | |
18b5886e | 204 | arg_flags |= DISSECT_IMAGE_READ_ONLY; |
a2ea3b2f LP |
205 | break; |
206 | ||
207 | case ACTION_MOUNT: | |
baaa35ad ZJS |
208 | if (optind + 2 != argc) |
209 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
210 | "Expected a file path and mount point path as only arguments."); | |
a2ea3b2f LP |
211 | |
212 | arg_image = argv[optind]; | |
213 | arg_path = argv[optind + 1]; | |
214 | break; | |
215 | ||
216 | default: | |
217 | assert_not_reached("Unknown action."); | |
218 | } | |
219 | ||
220 | return 1; | |
221 | } | |
222 | ||
149afb45 | 223 | static int run(int argc, char *argv[]) { |
a2ea3b2f | 224 | _cleanup_(loop_device_unrefp) LoopDevice *d = NULL; |
18b5886e | 225 | _cleanup_(decrypted_image_unrefp) DecryptedImage *di = NULL; |
a2ea3b2f LP |
226 | _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL; |
227 | int r; | |
228 | ||
229 | log_parse_environment(); | |
230 | log_open(); | |
231 | ||
232 | r = parse_argv(argc, argv); | |
233 | if (r <= 0) | |
149afb45 | 234 | return r; |
a2ea3b2f | 235 | |
e08f94ac | 236 | r = loop_device_make_by_path(arg_image, (arg_flags & DISSECT_IMAGE_READ_ONLY) ? O_RDONLY : O_RDWR, LO_FLAGS_PARTSCAN, &d); |
149afb45 YW |
237 | if (r < 0) |
238 | return log_error_errno(r, "Failed to set up loopback device: %m"); | |
a2ea3b2f | 239 | |
0389f4fa | 240 | r = verity_metadata_load(arg_image, NULL, arg_root_hash ? NULL : &arg_root_hash, &arg_root_hash_size, |
c2923fdc LB |
241 | arg_verity_data ? NULL : &arg_verity_data, |
242 | arg_root_hash_sig_path || arg_root_hash_sig ? NULL : &arg_root_hash_sig_path); | |
e7cbe5cb LB |
243 | if (r < 0) |
244 | return log_error_errno(r, "Failed to read verity artefacts for %s: %m", arg_image); | |
245 | arg_flags |= arg_verity_data ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0; | |
78ebe980 | 246 | |
18d73705 | 247 | r = dissect_image_and_warn(d->fd, arg_image, arg_root_hash, arg_root_hash_size, arg_verity_data, NULL, arg_flags, &m); |
4526113f | 248 | if (r < 0) |
149afb45 | 249 | return r; |
a2ea3b2f LP |
250 | |
251 | switch (arg_action) { | |
252 | ||
253 | case ACTION_DISSECT: { | |
254 | unsigned i; | |
255 | ||
256 | for (i = 0; i < _PARTITION_DESIGNATOR_MAX; i++) { | |
257 | DissectedPartition *p = m->partitions + i; | |
258 | ||
259 | if (!p->found) | |
260 | continue; | |
261 | ||
262 | printf("Found %s '%s' partition", | |
263 | p->rw ? "writable" : "read-only", | |
264 | partition_designator_to_string(i)); | |
265 | ||
be30ad41 LP |
266 | if (!sd_id128_is_null(p->uuid)) |
267 | printf(" (UUID " SD_ID128_FORMAT_STR ")", SD_ID128_FORMAT_VAL(p->uuid)); | |
268 | ||
a2ea3b2f LP |
269 | if (p->fstype) |
270 | printf(" of type %s", p->fstype); | |
271 | ||
272 | if (p->architecture != _ARCHITECTURE_INVALID) | |
273 | printf(" for %s", architecture_to_string(p->architecture)); | |
274 | ||
e7cbe5cb LB |
275 | if (dissected_image_can_do_verity(m, i)) |
276 | printf(" %s verity", dissected_image_has_verity(m, i) ? "with" : "without"); | |
4623e8e6 | 277 | |
a2ea3b2f LP |
278 | if (p->partno >= 0) |
279 | printf(" on partition #%i", p->partno); | |
280 | ||
281 | if (p->node) | |
282 | printf(" (%s)", p->node); | |
283 | ||
284 | putchar('\n'); | |
285 | } | |
a1edd22e LP |
286 | |
287 | r = dissected_image_acquire_metadata(m); | |
149afb45 YW |
288 | if (r < 0) |
289 | return log_error_errno(r, "Failed to acquire image metadata: %m"); | |
a1edd22e LP |
290 | |
291 | if (m->hostname) | |
292 | printf(" Hostname: %s\n", m->hostname); | |
293 | ||
294 | if (!sd_id128_is_null(m->machine_id)) | |
295 | printf("Machine ID: " SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(m->machine_id)); | |
296 | ||
297 | if (!strv_isempty(m->machine_info)) { | |
298 | char **p, **q; | |
299 | ||
300 | STRV_FOREACH_PAIR(p, q, m->machine_info) | |
301 | printf("%s %s=%s\n", | |
302 | p == m->machine_info ? "Mach. Info:" : " ", | |
303 | *p, *q); | |
304 | } | |
305 | ||
306 | if (!strv_isempty(m->os_release)) { | |
307 | char **p, **q; | |
308 | ||
309 | STRV_FOREACH_PAIR(p, q, m->os_release) | |
310 | printf("%s %s=%s\n", | |
311 | p == m->os_release ? "OS Release:" : " ", | |
312 | *p, *q); | |
313 | } | |
a2ea3b2f LP |
314 | |
315 | break; | |
316 | } | |
317 | ||
318 | case ACTION_MOUNT: | |
c2923fdc | 319 | r = dissected_image_decrypt_interactively(m, NULL, arg_root_hash, arg_root_hash_size, arg_verity_data, arg_root_hash_sig_path, arg_root_hash_sig, arg_root_hash_sig_size, arg_flags, &di); |
18b5886e | 320 | if (r < 0) |
149afb45 | 321 | return r; |
18b5886e | 322 | |
2d3a5a73 | 323 | r = dissected_image_mount(m, arg_path, UID_INVALID, arg_flags); |
e475f729 LP |
324 | if (r == -EUCLEAN) |
325 | return log_error_errno(r, "File system check on image failed: %m"); | |
149afb45 YW |
326 | if (r < 0) |
327 | return log_error_errno(r, "Failed to mount image: %m"); | |
a2ea3b2f | 328 | |
18b5886e LP |
329 | if (di) { |
330 | r = decrypted_image_relinquish(di); | |
149afb45 YW |
331 | if (r < 0) |
332 | return log_error_errno(r, "Failed to relinquish DM devices: %m"); | |
18b5886e LP |
333 | } |
334 | ||
a2ea3b2f LP |
335 | loop_device_relinquish(d); |
336 | break; | |
337 | ||
338 | default: | |
339 | assert_not_reached("Unknown action."); | |
340 | } | |
341 | ||
149afb45 | 342 | return 0; |
a2ea3b2f | 343 | } |
149afb45 YW |
344 | |
345 | DEFINE_MAIN_FUNCTION(run); |