]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
a2ea3b2f LP |
2 | |
3 | #include <fcntl.h> | |
a2ea3b2f | 4 | #include <getopt.h> |
e08f94ac LP |
5 | #include <linux/loop.h> |
6 | #include <stdio.h> | |
19df770f | 7 | #include <sys/file.h> |
16b74592 LP |
8 | #include <sys/ioctl.h> |
9 | #include <sys/mount.h> | |
a2ea3b2f | 10 | |
ac1f1adf DDM |
11 | #include "sd-device.h" |
12 | ||
a2ea3b2f | 13 | #include "architecture.h" |
ac1f1adf | 14 | #include "blockdev-util.h" |
d6b4d1c7 | 15 | #include "build.h" |
f461a28d | 16 | #include "chase.h" |
33973b84 | 17 | #include "copy.h" |
ca822829 YW |
18 | #include "device-util.h" |
19 | #include "devnum-util.h" | |
0305cf6e | 20 | #include "discover-image.h" |
a2ea3b2f | 21 | #include "dissect-image.h" |
994c9c70 | 22 | #include "env-util.h" |
db02190e | 23 | #include "escape.h" |
33973b84 | 24 | #include "fd-util.h" |
89e62e0b | 25 | #include "fileio.h" |
89d00f2e | 26 | #include "format-table.h" |
16b74592 | 27 | #include "format-util.h" |
33973b84 | 28 | #include "fs-util.h" |
4623e8e6 | 29 | #include "hexdecoct.h" |
a2ea3b2f LP |
30 | #include "log.h" |
31 | #include "loop-util.h" | |
149afb45 | 32 | #include "main-func.h" |
33973b84 LP |
33 | #include "mkdir.h" |
34 | #include "mount-util.h" | |
ac1f1adf | 35 | #include "mountpoint-util.h" |
33973b84 | 36 | #include "namespace-util.h" |
614b022c | 37 | #include "parse-argument.h" |
e475f729 | 38 | #include "parse-util.h" |
e7cbe5cb | 39 | #include "path-util.h" |
5c05f062 | 40 | #include "pretty-print.h" |
06186c4c | 41 | #include "process-util.h" |
0cf16924 | 42 | #include "recurse-dir.h" |
db02190e | 43 | #include "sha256.h" |
33973b84 | 44 | #include "stat-util.h" |
a2ea3b2f | 45 | #include "string-util.h" |
a1edd22e | 46 | #include "strv.h" |
5c05f062 | 47 | #include "terminal-util.h" |
33973b84 | 48 | #include "tmpfile-util.h" |
12c0f4ff | 49 | #include "uid-alloc-range.h" |
2d3a5a73 | 50 | #include "user-util.h" |
a2ea3b2f LP |
51 | |
52 | static enum { | |
53 | ACTION_DISSECT, | |
54 | ACTION_MOUNT, | |
ac1f1adf | 55 | ACTION_UMOUNT, |
07d6072e LP |
56 | ACTION_ATTACH, |
57 | ACTION_DETACH, | |
0cf16924 | 58 | ACTION_LIST, |
db02190e | 59 | ACTION_MTREE, |
06186c4c | 60 | ACTION_WITH, |
33973b84 LP |
61 | ACTION_COPY_FROM, |
62 | ACTION_COPY_TO, | |
0305cf6e | 63 | ACTION_DISCOVER, |
dee4a623 | 64 | ACTION_VALIDATE, |
a2ea3b2f | 65 | } arg_action = ACTION_DISSECT; |
a3c3386e | 66 | static char *arg_image = NULL; |
2292fa1e | 67 | static char *arg_root = NULL; |
a3c3386e | 68 | static char *arg_path = NULL; |
33973b84 LP |
69 | static const char *arg_source = NULL; |
70 | static const char *arg_target = NULL; | |
4b5de5dd LP |
71 | static DissectImageFlags arg_flags = |
72 | DISSECT_IMAGE_GENERIC_ROOT | | |
4b5de5dd LP |
73 | DISSECT_IMAGE_DISCARD_ON_LOOP | |
74 | DISSECT_IMAGE_RELAX_VAR_CHECK | | |
75 | DISSECT_IMAGE_FSCK | | |
74a54bae | 76 | DISSECT_IMAGE_USR_NO_ROOT | |
73d88b80 LP |
77 | DISSECT_IMAGE_GROWFS | |
78 | DISSECT_IMAGE_PIN_PARTITION_DEVICES | | |
79 | DISSECT_IMAGE_ADD_PARTITION_DEVICES; | |
aee36b4e | 80 | static VeritySettings arg_verity_settings = VERITY_SETTINGS_DEFAULT; |
6a01ea4a | 81 | static JsonFormatFlags arg_json_format_flags = JSON_FORMAT_OFF; |
17547fb5 LP |
82 | static PagerFlags arg_pager_flags = 0; |
83 | static bool arg_legend = true; | |
ac1f1adf | 84 | static bool arg_rmdir = false; |
6c07d570 | 85 | static bool arg_in_memory = false; |
06186c4c | 86 | static char **arg_argv = NULL; |
236d1fa2 | 87 | static char *arg_loop_ref = NULL; |
84be0c71 | 88 | static ImagePolicy* arg_image_policy = NULL; |
12d58b6c | 89 | static bool arg_mtree_hash = true; |
a2ea3b2f | 90 | |
a3c3386e | 91 | STATIC_DESTRUCTOR_REGISTER(arg_image, freep); |
2292fa1e | 92 | STATIC_DESTRUCTOR_REGISTER(arg_root, freep); |
a3c3386e | 93 | STATIC_DESTRUCTOR_REGISTER(arg_path, freep); |
89e62e0b | 94 | STATIC_DESTRUCTOR_REGISTER(arg_verity_settings, verity_settings_done); |
06186c4c | 95 | STATIC_DESTRUCTOR_REGISTER(arg_argv, strv_freep); |
236d1fa2 | 96 | STATIC_DESTRUCTOR_REGISTER(arg_loop_ref, freep); |
149afb45 | 97 | |
5c05f062 LP |
98 | static int help(void) { |
99 | _cleanup_free_ char *link = NULL; | |
100 | int r; | |
101 | ||
5fdec397 ZJS |
102 | pager_open(arg_pager_flags); |
103 | ||
5c05f062 LP |
104 | r = terminal_urlify_man("systemd-dissect", "1", &link); |
105 | if (r < 0) | |
106 | return log_oom(); | |
107 | ||
108 | printf("%1$s [OPTIONS...] IMAGE\n" | |
33973b84 | 109 | "%1$s [OPTIONS...] --mount IMAGE PATH\n" |
1b967529 | 110 | "%1$s [OPTIONS...] --umount PATH\n" |
07d6072e LP |
111 | "%1$s [OPTIONS...] --attach IMAGE\n" |
112 | "%1$s [OPTIONS...] --detach PATH\n" | |
0cf16924 | 113 | "%1$s [OPTIONS...] --list IMAGE\n" |
db02190e | 114 | "%1$s [OPTIONS...] --mtree IMAGE\n" |
06186c4c | 115 | "%1$s [OPTIONS...] --with IMAGE [COMMAND…]\n" |
33973b84 | 116 | "%1$s [OPTIONS...] --copy-from IMAGE PATH [TARGET]\n" |
d8def0f3 LP |
117 | "%1$s [OPTIONS...] --copy-to IMAGE [SOURCE] PATH\n" |
118 | "%1$s [OPTIONS...] --discover\n" | |
119 | "%1$s [OPTIONS...] --validate IMAGE\n" | |
120 | "\n%5$sDissect a Discoverable Disk Image (DDI).%6$s\n\n" | |
5c05f062 | 121 | "%3$sOptions:%4$s\n" |
17547fb5 LP |
122 | " --no-pager Do not pipe output into a pager\n" |
123 | " --no-legend Do not show the headers and footers\n" | |
e7cbe5cb LB |
124 | " -r --read-only Mount read-only\n" |
125 | " --fsck=BOOL Run fsck before mounting\n" | |
74a54bae | 126 | " --growfs=BOOL Grow file system to partition size, if marked\n" |
5c05f062 | 127 | " --mkdir Make mount directory before mounting, if missing\n" |
ac1f1adf | 128 | " --rmdir Remove mount directory after unmounting\n" |
e7cbe5cb | 129 | " --discard=MODE Choose 'discard' mode (disabled, loop, all, crypto)\n" |
6c07d570 | 130 | " --in-memory Copy image into memory\n" |
e7cbe5cb | 131 | " --root-hash=HASH Specify root hash for verity\n" |
c2923fdc LB |
132 | " --root-hash-sig=SIG Specify pkcs7 signature of root hash for verity\n" |
133 | " as a DER encoded PKCS7, either as a path to a file\n" | |
134 | " or as an ASCII base64 encoded string prefixed by\n" | |
135 | " 'base64:'\n" | |
e7cbe5cb | 136 | " --verity-data=PATH Specify data file with hash tree for verity if it is\n" |
5c05f062 | 137 | " not embedded in IMAGE\n" |
84be0c71 LP |
138 | " --image-policy=POLICY\n" |
139 | " Specify image dissection policy\n" | |
de8231b0 LP |
140 | " --json=pretty|short|off\n" |
141 | " Generate JSON output\n" | |
236d1fa2 | 142 | " --loop-ref=NAME Set reference string for loopback device\n" |
12d58b6c | 143 | " --mtree-hash=BOOL Whether to include SHA256 hash in the mtree output\n" |
5c05f062 LP |
144 | "\n%3$sCommands:%4$s\n" |
145 | " -h --help Show this help\n" | |
146 | " --version Show package version\n" | |
147 | " -m --mount Mount the image to the specified directory\n" | |
148 | " -M Shortcut for --mount --mkdir\n" | |
ac1f1adf DDM |
149 | " -u --umount Unmount the image from the specified directory\n" |
150 | " -U Shortcut for --umount --rmdir\n" | |
07d6072e LP |
151 | " --attach Attach the disk image to a loopback block device\n" |
152 | " --detach Detach a loopback block device gain\n" | |
0cf16924 AAF |
153 | " -l --list List all the files and directories of the specified\n" |
154 | " OS image\n" | |
db02190e | 155 | " --mtree Show BSD mtree manifest of OS image\n" |
06186c4c | 156 | " --with Mount, run command, unmount\n" |
33973b84 LP |
157 | " -x --copy-from Copy files from image to host\n" |
158 | " -a --copy-to Copy files from host to image\n" | |
0305cf6e | 159 | " --discover Discover DDIs in well known directories\n" |
dee4a623 | 160 | " --validate Validate image and image policy\n" |
bc556335 DDM |
161 | "\nSee the %2$s for details.\n", |
162 | program_invocation_short_name, | |
163 | link, | |
164 | ansi_underline(), | |
165 | ansi_normal(), | |
166 | ansi_highlight(), | |
167 | ansi_normal()); | |
5c05f062 LP |
168 | |
169 | return 0; | |
a2ea3b2f LP |
170 | } |
171 | ||
06186c4c LP |
172 | static int patch_argv(int *argc, char ***argv, char ***buf) { |
173 | _cleanup_free_ char **l = NULL; | |
174 | char **e; | |
175 | ||
176 | assert(argc); | |
177 | assert(*argc >= 0); | |
178 | assert(argv); | |
179 | assert(*argv); | |
180 | assert(buf); | |
181 | ||
182 | /* Ugly hack: if --with is included in command line, also insert "--" immediately after it, to make | |
183 | * getopt_long() stop processing switches */ | |
184 | ||
185 | for (e = *argv + 1; e < *argv + *argc; e++) { | |
186 | assert(*e); | |
187 | ||
188 | if (streq(*e, "--with")) | |
189 | break; | |
190 | } | |
191 | ||
192 | if (e >= *argv + *argc || streq_ptr(e[1], "--")) { | |
193 | /* No --with used? Or already followed by "--"? Then don't do anything */ | |
194 | *buf = NULL; | |
195 | return 0; | |
196 | } | |
197 | ||
198 | /* Insert the extra "--" right after the --with */ | |
199 | l = new(char*, *argc + 2); | |
200 | if (!l) | |
201 | return log_oom(); | |
202 | ||
203 | size_t idx = e - *argv + 1; | |
204 | memcpy(l, *argv, sizeof(char*) * idx); /* copy everything up to and including the --with */ | |
205 | l[idx] = (char*) "--"; /* insert "--" */ | |
206 | memcpy(l + idx + 1, e + 1, sizeof(char*) * (*argc - idx + 1)); /* copy the rest, including trailing NULL entry */ | |
207 | ||
208 | (*argc)++; | |
209 | (*argv) = l; | |
210 | ||
211 | *buf = TAKE_PTR(l); | |
212 | return 1; | |
213 | } | |
214 | ||
2292fa1e DDM |
215 | static int parse_image_path_argument(const char *path, char **ret_root, char **ret_image) { |
216 | _cleanup_free_ char *p = NULL; | |
217 | struct stat st; | |
218 | int r; | |
219 | ||
220 | assert(ret_image); | |
221 | ||
222 | r = parse_path_argument(path, /* suppress_root= */ false, &p); | |
223 | if (r < 0) | |
224 | return r; | |
225 | ||
226 | if (stat(p, &st) < 0) | |
227 | return log_error_errno(errno, "Failed to stat %s: %m", p); | |
228 | ||
229 | if (S_ISDIR(st.st_mode)) { | |
230 | if (!ret_root) | |
231 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "%s is not an image file.", p); | |
232 | ||
233 | *ret_root = TAKE_PTR(p); | |
234 | } else | |
235 | *ret_image = TAKE_PTR(p); | |
236 | ||
237 | return 0; | |
238 | } | |
239 | ||
a2ea3b2f LP |
240 | static int parse_argv(int argc, char *argv[]) { |
241 | ||
242 | enum { | |
243 | ARG_VERSION = 0x100, | |
17547fb5 LP |
244 | ARG_NO_PAGER, |
245 | ARG_NO_LEGEND, | |
06186c4c | 246 | ARG_WITH, |
18b5886e | 247 | ARG_DISCARD, |
e475f729 | 248 | ARG_FSCK, |
74a54bae | 249 | ARG_GROWFS, |
89e62e0b | 250 | ARG_ROOT_HASH, |
c2923fdc | 251 | ARG_ROOT_HASH_SIG, |
89e62e0b | 252 | ARG_VERITY_DATA, |
5c05f062 | 253 | ARG_MKDIR, |
ac1f1adf | 254 | ARG_RMDIR, |
6c07d570 | 255 | ARG_IN_MEMORY, |
de8231b0 | 256 | ARG_JSON, |
db02190e | 257 | ARG_MTREE, |
0305cf6e | 258 | ARG_DISCOVER, |
07d6072e LP |
259 | ARG_ATTACH, |
260 | ARG_DETACH, | |
236d1fa2 | 261 | ARG_LOOP_REF, |
84be0c71 | 262 | ARG_IMAGE_POLICY, |
dee4a623 | 263 | ARG_VALIDATE, |
12d58b6c | 264 | ARG_MTREE_HASH, |
a2ea3b2f LP |
265 | }; |
266 | ||
267 | static const struct option options[] = { | |
c2923fdc LB |
268 | { "help", no_argument, NULL, 'h' }, |
269 | { "version", no_argument, NULL, ARG_VERSION }, | |
17547fb5 LP |
270 | { "no-pager", no_argument, NULL, ARG_NO_PAGER }, |
271 | { "no-legend", no_argument, NULL, ARG_NO_LEGEND }, | |
c2923fdc | 272 | { "mount", no_argument, NULL, 'm' }, |
ac1f1adf | 273 | { "umount", no_argument, NULL, 'u' }, |
07d6072e LP |
274 | { "attach", no_argument, NULL, ARG_ATTACH }, |
275 | { "detach", no_argument, NULL, ARG_DETACH }, | |
06186c4c | 276 | { "with", no_argument, NULL, ARG_WITH }, |
c2923fdc LB |
277 | { "read-only", no_argument, NULL, 'r' }, |
278 | { "discard", required_argument, NULL, ARG_DISCARD }, | |
c2923fdc | 279 | { "fsck", required_argument, NULL, ARG_FSCK }, |
74a54bae | 280 | { "growfs", required_argument, NULL, ARG_GROWFS }, |
89e62e0b | 281 | { "root-hash", required_argument, NULL, ARG_ROOT_HASH }, |
c2923fdc | 282 | { "root-hash-sig", required_argument, NULL, ARG_ROOT_HASH_SIG }, |
89e62e0b | 283 | { "verity-data", required_argument, NULL, ARG_VERITY_DATA }, |
5c05f062 | 284 | { "mkdir", no_argument, NULL, ARG_MKDIR }, |
ac1f1adf | 285 | { "rmdir", no_argument, NULL, ARG_RMDIR }, |
6c07d570 | 286 | { "in-memory", no_argument, NULL, ARG_IN_MEMORY }, |
0cf16924 | 287 | { "list", no_argument, NULL, 'l' }, |
db02190e | 288 | { "mtree", no_argument, NULL, ARG_MTREE }, |
33973b84 LP |
289 | { "copy-from", no_argument, NULL, 'x' }, |
290 | { "copy-to", no_argument, NULL, 'a' }, | |
de8231b0 | 291 | { "json", required_argument, NULL, ARG_JSON }, |
0305cf6e | 292 | { "discover", no_argument, NULL, ARG_DISCOVER }, |
236d1fa2 | 293 | { "loop-ref", required_argument, NULL, ARG_LOOP_REF }, |
84be0c71 | 294 | { "image-policy", required_argument, NULL, ARG_IMAGE_POLICY }, |
dee4a623 | 295 | { "validate", no_argument, NULL, ARG_VALIDATE }, |
12d58b6c | 296 | { "mtree-hash", required_argument, NULL, ARG_MTREE_HASH }, |
a2ea3b2f LP |
297 | {} |
298 | }; | |
299 | ||
06186c4c | 300 | _cleanup_free_ char **buf = NULL; /* we use free(), not strv_free() here, as we don't copy the strings here */ |
4623e8e6 | 301 | int c, r; |
a2ea3b2f LP |
302 | |
303 | assert(argc >= 0); | |
304 | assert(argv); | |
305 | ||
06186c4c LP |
306 | r = patch_argv(&argc, &argv, &buf); |
307 | if (r < 0) | |
308 | return r; | |
309 | ||
0cf16924 | 310 | while ((c = getopt_long(argc, argv, "hmurMUlxa", options, NULL)) >= 0) { |
a2ea3b2f LP |
311 | |
312 | switch (c) { | |
313 | ||
314 | case 'h': | |
5c05f062 | 315 | return help(); |
a2ea3b2f LP |
316 | |
317 | case ARG_VERSION: | |
318 | return version(); | |
319 | ||
17547fb5 LP |
320 | case ARG_NO_PAGER: |
321 | arg_pager_flags |= PAGER_DISABLE; | |
322 | break; | |
323 | ||
324 | case ARG_NO_LEGEND: | |
325 | arg_legend = false; | |
326 | break; | |
327 | ||
a2ea3b2f LP |
328 | case 'm': |
329 | arg_action = ACTION_MOUNT; | |
330 | break; | |
331 | ||
5c05f062 LP |
332 | case ARG_MKDIR: |
333 | arg_flags |= DISSECT_IMAGE_MKDIR; | |
334 | break; | |
335 | ||
336 | case 'M': | |
337 | /* Shortcut combination of the above two */ | |
338 | arg_action = ACTION_MOUNT; | |
339 | arg_flags |= DISSECT_IMAGE_MKDIR; | |
340 | break; | |
341 | ||
ac1f1adf DDM |
342 | case 'u': |
343 | arg_action = ACTION_UMOUNT; | |
344 | break; | |
345 | ||
346 | case ARG_RMDIR: | |
347 | arg_rmdir = true; | |
348 | break; | |
349 | ||
350 | case 'U': | |
351 | /* Shortcut combination of the above two */ | |
352 | arg_action = ACTION_UMOUNT; | |
353 | arg_rmdir = true; | |
354 | break; | |
355 | ||
07d6072e LP |
356 | case ARG_ATTACH: |
357 | arg_action = ACTION_ATTACH; | |
358 | break; | |
359 | ||
360 | case ARG_DETACH: | |
361 | arg_action = ACTION_DETACH; | |
362 | break; | |
363 | ||
0cf16924 AAF |
364 | case 'l': |
365 | arg_action = ACTION_LIST; | |
366 | arg_flags |= DISSECT_IMAGE_READ_ONLY; | |
367 | break; | |
368 | ||
db02190e LP |
369 | case ARG_MTREE: |
370 | arg_action = ACTION_MTREE; | |
371 | arg_flags |= DISSECT_IMAGE_READ_ONLY; | |
372 | break; | |
373 | ||
06186c4c LP |
374 | case ARG_WITH: |
375 | arg_action = ACTION_WITH; | |
376 | break; | |
377 | ||
33973b84 LP |
378 | case 'x': |
379 | arg_action = ACTION_COPY_FROM; | |
380 | arg_flags |= DISSECT_IMAGE_READ_ONLY; | |
381 | break; | |
382 | ||
383 | case 'a': | |
384 | arg_action = ACTION_COPY_TO; | |
385 | break; | |
386 | ||
a2ea3b2f | 387 | case 'r': |
18b5886e LP |
388 | arg_flags |= DISSECT_IMAGE_READ_ONLY; |
389 | break; | |
390 | ||
971e2ef0 ZJS |
391 | case ARG_DISCARD: { |
392 | DissectImageFlags flags; | |
393 | ||
18b5886e | 394 | if (streq(optarg, "disabled")) |
971e2ef0 | 395 | flags = 0; |
18b5886e | 396 | else if (streq(optarg, "loop")) |
971e2ef0 | 397 | flags = DISSECT_IMAGE_DISCARD_ON_LOOP; |
18b5886e | 398 | else if (streq(optarg, "all")) |
971e2ef0 | 399 | flags = DISSECT_IMAGE_DISCARD_ON_LOOP | DISSECT_IMAGE_DISCARD; |
18b5886e | 400 | else if (streq(optarg, "crypt")) |
971e2ef0 | 401 | flags = DISSECT_IMAGE_DISCARD_ANY; |
140788f7 LP |
402 | else if (streq(optarg, "list")) { |
403 | puts("disabled\n" | |
404 | "all\n" | |
405 | "crypt\n" | |
406 | "loop"); | |
407 | return 0; | |
408 | } else | |
baaa35ad ZJS |
409 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), |
410 | "Unknown --discard= parameter: %s", | |
411 | optarg); | |
971e2ef0 | 412 | arg_flags = (arg_flags & ~DISSECT_IMAGE_DISCARD_ANY) | flags; |
18b5886e | 413 | |
a2ea3b2f | 414 | break; |
971e2ef0 | 415 | } |
a2ea3b2f | 416 | |
6c07d570 LP |
417 | case ARG_IN_MEMORY: |
418 | arg_in_memory = true; | |
419 | break; | |
420 | ||
4623e8e6 | 421 | case ARG_ROOT_HASH: { |
89e62e0b | 422 | _cleanup_free_ void *p = NULL; |
4623e8e6 LP |
423 | size_t l; |
424 | ||
425 | r = unhexmem(optarg, strlen(optarg), &p, &l); | |
426 | if (r < 0) | |
63cf2d75 | 427 | return log_error_errno(r, "Failed to parse root hash '%s': %m", optarg); |
89e62e0b LP |
428 | if (l < sizeof(sd_id128_t)) |
429 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
da890466 | 430 | "Root hash must be at least 128-bit long: %s", optarg); |
4623e8e6 | 431 | |
89e62e0b LP |
432 | free_and_replace(arg_verity_settings.root_hash, p); |
433 | arg_verity_settings.root_hash_size = l; | |
4623e8e6 LP |
434 | break; |
435 | } | |
436 | ||
c2923fdc LB |
437 | case ARG_ROOT_HASH_SIG: { |
438 | char *value; | |
89e62e0b LP |
439 | size_t l; |
440 | void *p; | |
c2923fdc LB |
441 | |
442 | if ((value = startswith(optarg, "base64:"))) { | |
c2923fdc LB |
443 | r = unbase64mem(value, strlen(value), &p, &l); |
444 | if (r < 0) | |
445 | return log_error_errno(r, "Failed to parse root hash signature '%s': %m", optarg); | |
c2923fdc | 446 | } else { |
89e62e0b | 447 | r = read_full_file(optarg, (char**) &p, &l); |
c2923fdc | 448 | if (r < 0) |
89e62e0b | 449 | return log_error_errno(r, "Failed to read root hash signature file '%s': %m", optarg); |
c2923fdc LB |
450 | } |
451 | ||
89e62e0b LP |
452 | free_and_replace(arg_verity_settings.root_hash_sig, p); |
453 | arg_verity_settings.root_hash_sig_size = l; | |
c2923fdc LB |
454 | break; |
455 | } | |
456 | ||
89e62e0b | 457 | case ARG_VERITY_DATA: |
614b022c | 458 | r = parse_path_argument(optarg, false, &arg_verity_settings.data_path); |
89e62e0b LP |
459 | if (r < 0) |
460 | return r; | |
461 | break; | |
462 | ||
e475f729 LP |
463 | case ARG_FSCK: |
464 | r = parse_boolean(optarg); | |
465 | if (r < 0) | |
466 | return log_error_errno(r, "Failed to parse --fsck= parameter: %s", optarg); | |
467 | ||
468 | SET_FLAG(arg_flags, DISSECT_IMAGE_FSCK, r); | |
469 | break; | |
470 | ||
74a54bae LP |
471 | case ARG_GROWFS: |
472 | r = parse_boolean(optarg); | |
473 | if (r < 0) | |
474 | return log_error_errno(r, "Failed to parse --growfs= parameter: %s", optarg); | |
475 | ||
476 | SET_FLAG(arg_flags, DISSECT_IMAGE_GROWFS, r); | |
477 | break; | |
478 | ||
de8231b0 | 479 | case ARG_JSON: |
b1e8f46c | 480 | r = parse_json_argument(optarg, &arg_json_format_flags); |
6a01ea4a LP |
481 | if (r <= 0) |
482 | return r; | |
de8231b0 LP |
483 | |
484 | break; | |
485 | ||
0305cf6e LP |
486 | case ARG_DISCOVER: |
487 | arg_action = ACTION_DISCOVER; | |
488 | break; | |
489 | ||
236d1fa2 LP |
490 | case ARG_LOOP_REF: |
491 | if (isempty(optarg)) { | |
492 | arg_loop_ref = mfree(arg_loop_ref); | |
493 | break; | |
494 | } | |
495 | ||
496 | if (strlen(optarg) >= sizeof_field(struct loop_info64, lo_file_name)) | |
497 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Loop device ref string '%s' is too long.", optarg); | |
498 | ||
499 | r = free_and_strdup_warn(&arg_loop_ref, optarg); | |
500 | if (r < 0) | |
501 | return r; | |
502 | break; | |
503 | ||
06e78680 YW |
504 | case ARG_IMAGE_POLICY: |
505 | r = parse_image_policy_argument(optarg, &arg_image_policy); | |
84be0c71 | 506 | if (r < 0) |
06e78680 | 507 | return r; |
84be0c71 | 508 | break; |
84be0c71 | 509 | |
dee4a623 LP |
510 | case ARG_VALIDATE: |
511 | arg_action = ACTION_VALIDATE; | |
512 | break; | |
513 | ||
12d58b6c DDM |
514 | case ARG_MTREE_HASH: |
515 | r = parse_boolean_argument("--mtree-hash=", optarg, &arg_mtree_hash); | |
516 | if (r < 0) | |
517 | return r; | |
518 | break; | |
519 | ||
a2ea3b2f LP |
520 | case '?': |
521 | return -EINVAL; | |
522 | ||
523 | default: | |
04499a70 | 524 | assert_not_reached(); |
a2ea3b2f | 525 | } |
a2ea3b2f LP |
526 | } |
527 | ||
528 | switch (arg_action) { | |
529 | ||
530 | case ACTION_DISSECT: | |
baaa35ad ZJS |
531 | if (optind + 1 != argc) |
532 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
33973b84 | 533 | "Expected an image file path as only argument."); |
a2ea3b2f | 534 | |
2292fa1e | 535 | r = parse_image_path_argument(argv[optind], NULL, &arg_image); |
a3c3386e LP |
536 | if (r < 0) |
537 | return r; | |
538 | ||
598fd4da LP |
539 | /* when dumping image info be even more liberal than otherwise, do not even require a single valid partition */ |
540 | arg_flags |= DISSECT_IMAGE_READ_ONLY|DISSECT_IMAGE_ALLOW_EMPTY; | |
a2ea3b2f LP |
541 | break; |
542 | ||
543 | case ACTION_MOUNT: | |
baaa35ad ZJS |
544 | if (optind + 2 != argc) |
545 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
33973b84 | 546 | "Expected an image file path and mount point path as only arguments."); |
a2ea3b2f | 547 | |
2292fa1e | 548 | r = parse_image_path_argument(argv[optind], NULL, &arg_image); |
a3c3386e LP |
549 | if (r < 0) |
550 | return r; | |
551 | ||
552 | r = parse_path_argument(argv[optind+1], /* suppress_root= */ false, &arg_path); | |
553 | if (r < 0) | |
554 | return r; | |
555 | ||
166ff731 | 556 | arg_flags |= DISSECT_IMAGE_REQUIRE_ROOT; |
a2ea3b2f LP |
557 | break; |
558 | ||
ac1f1adf DDM |
559 | case ACTION_UMOUNT: |
560 | if (optind + 1 != argc) | |
561 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
562 | "Expected a mount point path as only argument."); | |
563 | ||
a3c3386e LP |
564 | r = parse_path_argument(argv[optind], /* suppress_root= */ false, &arg_path); |
565 | if (r < 0) | |
566 | return r; | |
ac1f1adf DDM |
567 | break; |
568 | ||
07d6072e LP |
569 | case ACTION_ATTACH: |
570 | if (optind + 1 != argc) | |
571 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
572 | "Expected an image file path as only argument."); | |
573 | ||
2292fa1e | 574 | r = parse_image_path_argument(argv[optind], NULL, &arg_image); |
a3c3386e LP |
575 | if (r < 0) |
576 | return r; | |
07d6072e LP |
577 | break; |
578 | ||
579 | case ACTION_DETACH: | |
580 | if (optind + 1 != argc) | |
581 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
582 | "Expected an image file path or loopback device as only argument."); | |
583 | ||
2292fa1e | 584 | r = parse_image_path_argument(argv[optind], NULL, &arg_image); |
a3c3386e LP |
585 | if (r < 0) |
586 | return r; | |
07d6072e LP |
587 | break; |
588 | ||
0cf16924 | 589 | case ACTION_LIST: |
db02190e | 590 | case ACTION_MTREE: |
0cf16924 AAF |
591 | if (optind + 1 != argc) |
592 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
2292fa1e | 593 | "Expected an image file or directory path as only argument."); |
0cf16924 | 594 | |
2292fa1e | 595 | r = parse_image_path_argument(argv[optind], &arg_root, &arg_image); |
a3c3386e LP |
596 | if (r < 0) |
597 | return r; | |
598 | ||
0cf16924 AAF |
599 | arg_flags |= DISSECT_IMAGE_READ_ONLY | DISSECT_IMAGE_REQUIRE_ROOT; |
600 | break; | |
601 | ||
33973b84 LP |
602 | case ACTION_COPY_FROM: |
603 | if (argc < optind + 2 || argc > optind + 3) | |
604 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
2292fa1e | 605 | "Expected an image file or directory path, a source path and an optional destination path as only arguments."); |
33973b84 | 606 | |
2292fa1e | 607 | r = parse_image_path_argument(argv[optind], &arg_root, &arg_image); |
a3c3386e LP |
608 | if (r < 0) |
609 | return r; | |
33973b84 LP |
610 | arg_source = argv[optind + 1]; |
611 | arg_target = argc > optind + 2 ? argv[optind + 2] : "-" /* this means stdout */ ; | |
612 | ||
166ff731 | 613 | arg_flags |= DISSECT_IMAGE_READ_ONLY | DISSECT_IMAGE_REQUIRE_ROOT; |
33973b84 LP |
614 | break; |
615 | ||
616 | case ACTION_COPY_TO: | |
617 | if (argc < optind + 2 || argc > optind + 3) | |
618 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
2292fa1e | 619 | "Expected an image file or directory path, an optional source path and a destination path as only arguments."); |
33973b84 | 620 | |
2292fa1e | 621 | r = parse_image_path_argument(argv[optind], &arg_root, &arg_image); |
a3c3386e LP |
622 | if (r < 0) |
623 | return r; | |
33973b84 LP |
624 | |
625 | if (argc > optind + 2) { | |
626 | arg_source = argv[optind + 1]; | |
627 | arg_target = argv[optind + 2]; | |
628 | } else { | |
629 | arg_source = "-"; /* this means stdin */ | |
630 | arg_target = argv[optind + 1]; | |
631 | } | |
632 | ||
166ff731 | 633 | arg_flags |= DISSECT_IMAGE_REQUIRE_ROOT; |
33973b84 LP |
634 | break; |
635 | ||
06186c4c LP |
636 | case ACTION_WITH: |
637 | if (optind >= argc) | |
638 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
639 | "Expected an image file path and an optional command line."); | |
640 | ||
2292fa1e | 641 | r = parse_image_path_argument(argv[optind], NULL, &arg_image); |
a3c3386e LP |
642 | if (r < 0) |
643 | return r; | |
644 | ||
06186c4c LP |
645 | if (argc > optind + 1) { |
646 | arg_argv = strv_copy(argv + optind + 1); | |
647 | if (!arg_argv) | |
648 | return log_oom(); | |
649 | } | |
650 | ||
651 | break; | |
652 | ||
0305cf6e LP |
653 | case ACTION_DISCOVER: |
654 | if (optind != argc) | |
655 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
656 | "Expected no argument."); | |
dee4a623 LP |
657 | break; |
658 | ||
659 | case ACTION_VALIDATE: | |
660 | if (optind + 1 != argc) | |
661 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
662 | "Expected an image file path as only argument."); | |
0305cf6e | 663 | |
2292fa1e | 664 | r = parse_image_path_argument(argv[optind], NULL, &arg_image); |
dee4a623 LP |
665 | if (r < 0) |
666 | return r; | |
667 | ||
668 | arg_flags |= DISSECT_IMAGE_READ_ONLY; | |
669 | arg_flags &= ~(DISSECT_IMAGE_PIN_PARTITION_DEVICES|DISSECT_IMAGE_ADD_PARTITION_DEVICES); | |
0305cf6e LP |
670 | break; |
671 | ||
a2ea3b2f | 672 | default: |
04499a70 | 673 | assert_not_reached(); |
a2ea3b2f LP |
674 | } |
675 | ||
676 | return 1; | |
677 | } | |
678 | ||
a164d9d5 LP |
679 | static int parse_argv_as_mount_helper(int argc, char *argv[]) { |
680 | const char *options = NULL; | |
681 | bool fake = false; | |
682 | int c, r; | |
683 | ||
684 | /* Implements util-linux "external helper" command line interface, as per mount(8) man page. */ | |
685 | ||
686 | while ((c = getopt(argc, argv, "sfnvN:o:t:")) >= 0) { | |
687 | switch(c) { | |
688 | ||
689 | case 'f': | |
690 | fake = true; | |
691 | break; | |
692 | ||
693 | case 'o': | |
694 | options = optarg; | |
695 | break; | |
696 | ||
697 | case 't': | |
698 | if (!streq(optarg, "ddi")) | |
699 | log_debug("Unexpected file system type '%s', ignoring.", optarg); | |
700 | break; | |
701 | ||
702 | case 's': /* sloppy mount options */ | |
703 | case 'n': /* aka --no-mtab */ | |
704 | case 'v': /* aka --verbose */ | |
705 | log_debug("Ignoring option -%c, not implemented.", c); | |
706 | break; | |
707 | ||
708 | case 'N': /* aka --namespace= */ | |
709 | return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Option -%c is not implemented, refusing.", c); | |
710 | ||
711 | case '?': | |
712 | return -EINVAL; | |
713 | } | |
714 | } | |
715 | ||
716 | if (optind + 2 != argc) | |
717 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
718 | "Expected an image file path and target directory as only argument."); | |
719 | ||
720 | for (const char *p = options;;) { | |
721 | _cleanup_free_ char *word = NULL; | |
722 | ||
723 | r = extract_first_word(&p, &word, ",", EXTRACT_KEEP_QUOTE); | |
724 | if (r < 0) | |
725 | return log_error_errno(r, "Failed to extract mount option: %m"); | |
726 | if (r == 0) | |
727 | break; | |
728 | ||
729 | if (streq(word, "ro")) | |
730 | SET_FLAG(arg_flags, DISSECT_IMAGE_READ_ONLY, true); | |
731 | else if (streq(word, "rw")) | |
732 | SET_FLAG(arg_flags, DISSECT_IMAGE_READ_ONLY, false); | |
733 | else if (streq(word, "discard")) | |
734 | SET_FLAG(arg_flags, DISSECT_IMAGE_DISCARD_ANY, true); | |
735 | else if (streq(word, "nodiscard")) | |
736 | SET_FLAG(arg_flags, DISSECT_IMAGE_DISCARD_ANY, false); | |
737 | else | |
738 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
739 | "Unknown mount option '%s'.", word); | |
740 | } | |
741 | ||
742 | if (fake) | |
743 | return 0; | |
744 | ||
a3c3386e LP |
745 | r = parse_path_argument(argv[optind], /* suppress_root= */ false, &arg_image); |
746 | if (r < 0) | |
747 | return r; | |
748 | ||
749 | r = parse_path_argument(argv[optind+1], /* suppress_root= */ false, &arg_path); | |
750 | if (r < 0) | |
751 | return r; | |
a164d9d5 LP |
752 | |
753 | arg_flags |= DISSECT_IMAGE_REQUIRE_ROOT; | |
754 | arg_action = ACTION_MOUNT; | |
755 | return 1; | |
756 | } | |
757 | ||
8570b98b | 758 | static void strv_pair_print(char **l, const char *prefix) { |
8570b98b LP |
759 | assert(prefix); |
760 | ||
7f5b2615 | 761 | STRV_FOREACH_PAIR(p, q, l) |
8570b98b LP |
762 | if (p == l) |
763 | printf("%s %s=%s\n", prefix, *p, *q); | |
764 | else | |
765 | printf("%*s %s=%s\n", (int) strlen(prefix), "", *p, *q); | |
8570b98b LP |
766 | } |
767 | ||
a81fe93e | 768 | static int get_extension_scopes(DissectedImage *m, ImageClass class, char ***ret_scopes) { |
994c9c70 | 769 | _cleanup_strv_free_ char **l = NULL; |
a81fe93e LP |
770 | const char *e, *field_name; |
771 | char **release_data; | |
994c9c70 LP |
772 | |
773 | assert(m); | |
774 | assert(ret_scopes); | |
775 | ||
a81fe93e LP |
776 | switch (class) { |
777 | ||
778 | case IMAGE_SYSEXT: | |
779 | release_data = m->sysext_release; | |
780 | field_name = "SYSEXT_SCOPE"; | |
781 | break; | |
782 | ||
783 | case IMAGE_CONFEXT: | |
784 | release_data = m->confext_release; | |
785 | field_name = "CONFEXT_SCOPE"; | |
786 | break; | |
787 | ||
788 | default: | |
789 | return -EINVAL; | |
790 | } | |
791 | ||
484d26da MG |
792 | /* If there's no extension-release file its not a system extension. Otherwise the SYSEXT_SCOPE |
793 | * field for sysext images and the CONFEXT_SCOPE field for confext images indicates which scope | |
794 | * it is for — and it defaults to "system" + "portable" if unset. */ | |
a81fe93e LP |
795 | |
796 | if (!release_data) { | |
994c9c70 LP |
797 | *ret_scopes = NULL; |
798 | return 0; | |
799 | } | |
800 | ||
a81fe93e | 801 | e = strv_env_pairs_get(release_data, field_name); |
994c9c70 LP |
802 | if (e) |
803 | l = strv_split(e, WHITESPACE); | |
804 | else | |
805 | l = strv_new("system", "portable"); | |
806 | if (!l) | |
807 | return -ENOMEM; | |
808 | ||
809 | *ret_scopes = TAKE_PTR(l); | |
810 | return 1; | |
811 | } | |
812 | ||
37e44c3f | 813 | static int action_dissect(DissectedImage *m, LoopDevice *d) { |
de8231b0 | 814 | _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; |
37e44c3f | 815 | _cleanup_(table_unrefp) Table *t = NULL; |
cfb623b6 | 816 | _cleanup_free_ char *bn = NULL; |
de8231b0 | 817 | uint64_t size = UINT64_MAX; |
a2ea3b2f LP |
818 | int r; |
819 | ||
37e44c3f LP |
820 | assert(m); |
821 | assert(d); | |
a2ea3b2f | 822 | |
cfb623b6 LP |
823 | r = path_extract_filename(arg_image, &bn); |
824 | if (r < 0) | |
825 | return log_error_errno(r, "Failed to extract file name from image path '%s': %m", arg_image); | |
826 | ||
17547fb5 | 827 | if (arg_json_format_flags & (JSON_FORMAT_OFF|JSON_FORMAT_PRETTY|JSON_FORMAT_PRETTY_AUTO)) |
384c2c32 | 828 | pager_open(arg_pager_flags); |
17547fb5 | 829 | |
6a01ea4a | 830 | if (arg_json_format_flags & JSON_FORMAT_OFF) |
5db8b0bc | 831 | printf(" Name: %s%s%s\n", ansi_highlight(), bn, ansi_normal()); |
a2ea3b2f | 832 | |
37e44c3f LP |
833 | if (ioctl(d->fd, BLKGETSIZE64, &size) < 0) |
834 | log_debug_errno(errno, "Failed to query size of loopback device: %m"); | |
2b59bf51 ZJS |
835 | else if (arg_json_format_flags & JSON_FORMAT_OFF) |
836 | printf(" Size: %s\n", FORMAT_BYTES(size)); | |
a2ea3b2f | 837 | |
66cd3537 LP |
838 | if (arg_json_format_flags & JSON_FORMAT_OFF) { |
839 | printf(" Sec. Size: %" PRIu32 "\n", m->sector_size); | |
1d93c003 | 840 | |
66cd3537 LP |
841 | printf(" Arch.: %s\n", |
842 | strna(architecture_to_string(dissected_image_architecture(m)))); | |
2348043f | 843 | |
de8231b0 | 844 | putc('\n', stdout); |
66cd3537 LP |
845 | fflush(stdout); |
846 | } | |
1d93c003 | 847 | |
22847508 | 848 | r = dissected_image_acquire_metadata(m, 0); |
af8219d5 LP |
849 | if (r == -ENXIO) |
850 | return log_error_errno(r, "No root partition discovered."); | |
af8219d5 LP |
851 | if (r == -EUCLEAN) |
852 | return log_error_errno(r, "File system check of image failed."); | |
4f309abb LP |
853 | if (r == -EMEDIUMTYPE) |
854 | log_warning_errno(r, "Not a valid OS image, no os-release file included. Proceeding anyway."); | |
855 | else if (r == -EUNATCH) | |
af8219d5 LP |
856 | log_warning_errno(r, "OS image is encrypted, proceeding without showing OS image metadata."); |
857 | else if (r == -EBUSY) | |
858 | log_warning_errno(r, "OS image is currently in use, proceeding without showing OS image metadata."); | |
859 | else if (r < 0) | |
860 | return log_error_errno(r, "Failed to acquire image metadata: %m"); | |
6a01ea4a | 861 | else if (arg_json_format_flags & JSON_FORMAT_OFF) { |
994c9c70 | 862 | |
b387778c LP |
863 | if (!sd_id128_is_null(m->image_uuid)) |
864 | printf("Image UUID: %s\n", SD_ID128_TO_UUID_STRING(m->image_uuid)); | |
865 | ||
af8219d5 LP |
866 | if (m->hostname) |
867 | printf(" Hostname: %s\n", m->hostname); | |
a2ea3b2f | 868 | |
af8219d5 LP |
869 | if (!sd_id128_is_null(m->machine_id)) |
870 | printf("Machine ID: " SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(m->machine_id)); | |
a1edd22e | 871 | |
8570b98b LP |
872 | strv_pair_print(m->machine_info, |
873 | "Mach. Info:"); | |
874 | strv_pair_print(m->os_release, | |
875 | "OS Release:"); | |
fab22946 LP |
876 | strv_pair_print(m->initrd_release, |
877 | "initrd R.:"); | |
a81fe93e LP |
878 | strv_pair_print(m->sysext_release, |
879 | " sysext R.:"); | |
880 | strv_pair_print(m->confext_release, | |
881 | "confext R.:"); | |
7718ac97 | 882 | |
4f309abb LP |
883 | if (m->hostname || |
884 | !sd_id128_is_null(m->machine_id) || | |
885 | !strv_isempty(m->machine_info) || | |
8570b98b | 886 | !strv_isempty(m->os_release) || |
fab22946 | 887 | !strv_isempty(m->initrd_release) || |
a81fe93e LP |
888 | !strv_isempty(m->sysext_release) || |
889 | !strv_isempty(m->confext_release)) | |
4f309abb | 890 | putc('\n', stdout); |
994c9c70 | 891 | |
b2466e05 LP |
892 | printf(" Use As: %s bootable system for UEFI\n", |
893 | COLOR_MARK_BOOL(dissected_image_is_bootable_uefi(m))); | |
894 | printf(" %s bootable system for container\n", | |
895 | COLOR_MARK_BOOL(dissected_image_is_bootable_os(m))); | |
994c9c70 | 896 | printf(" %s portable service\n", |
b2466e05 | 897 | COLOR_MARK_BOOL(dissected_image_is_portable(m))); |
fab22946 | 898 | printf(" %s initrd\n", |
b2466e05 | 899 | COLOR_MARK_BOOL(dissected_image_is_initrd(m))); |
994c9c70 | 900 | |
a81fe93e LP |
901 | for (ImageClass c = _IMAGE_CLASS_EXTENSION_FIRST; c <= _IMAGE_CLASS_EXTENSION_LAST; c++) { |
902 | const char *string_class = image_class_to_string(c); | |
903 | _cleanup_strv_free_ char **extension_scopes = NULL; | |
994c9c70 | 904 | |
a81fe93e LP |
905 | r = get_extension_scopes(m, c, &extension_scopes); |
906 | if (r < 0) | |
907 | return log_error_errno(r, "Failed to parse scopes: %m"); | |
908 | ||
909 | printf(" %s %s for system\n", | |
910 | COLOR_MARK_BOOL(strv_contains(extension_scopes, "system")), string_class); | |
911 | printf(" %s %s for portable service\n", | |
912 | COLOR_MARK_BOOL(strv_contains(extension_scopes, "portable")), string_class); | |
913 | printf(" %s %s for initrd\n", | |
914 | COLOR_MARK_BOOL(strv_contains(extension_scopes, "initrd")), string_class); | |
915 | } | |
994c9c70 LP |
916 | |
917 | putc('\n', stdout); | |
4f309abb | 918 | } else { |
a81fe93e LP |
919 | _cleanup_strv_free_ char **sysext_scopes = NULL, **confext_scopes = NULL; |
920 | ||
921 | r = get_extension_scopes(m, IMAGE_SYSEXT, &sysext_scopes); | |
922 | if (r < 0) | |
923 | return log_error_errno(r, "Failed to parse sysext scopes: %m"); | |
de8231b0 | 924 | |
a81fe93e | 925 | r = get_extension_scopes(m, IMAGE_CONFEXT, &confext_scopes); |
994c9c70 | 926 | if (r < 0) |
a81fe93e | 927 | return log_error_errno(r, "Failed to parse confext scopes: %m"); |
994c9c70 | 928 | |
6e0b5cd3 LP |
929 | Architecture a = dissected_image_architecture(m); |
930 | ||
de8231b0 | 931 | r = json_build(&v, JSON_BUILD_OBJECT( |
cfb623b6 | 932 | JSON_BUILD_PAIR("name", JSON_BUILD_STRING(bn)), |
1c5cc6c5 | 933 | JSON_BUILD_PAIR_CONDITION(size != UINT64_MAX, "size", JSON_BUILD_INTEGER(size)), |
1d93c003 | 934 | JSON_BUILD_PAIR("sectorSize", JSON_BUILD_INTEGER(m->sector_size)), |
6e0b5cd3 | 935 | JSON_BUILD_PAIR_CONDITION(a >= 0, "architecture", JSON_BUILD_STRING(architecture_to_string(a))), |
1c5cc6c5 | 936 | JSON_BUILD_PAIR_CONDITION(!sd_id128_is_null(m->image_uuid), "imageUuid", JSON_BUILD_UUID(m->image_uuid)), |
de8231b0 LP |
937 | JSON_BUILD_PAIR_CONDITION(m->hostname, "hostname", JSON_BUILD_STRING(m->hostname)), |
938 | JSON_BUILD_PAIR_CONDITION(!sd_id128_is_null(m->machine_id), "machineId", JSON_BUILD_ID128(m->machine_id)), | |
e83d902b LP |
939 | JSON_BUILD_PAIR_CONDITION(!strv_isempty(m->machine_info), "machineInfo", JSON_BUILD_STRV_ENV_PAIR(m->machine_info)), |
940 | JSON_BUILD_PAIR_CONDITION(!strv_isempty(m->os_release), "osRelease", JSON_BUILD_STRV_ENV_PAIR(m->os_release)), | |
941 | JSON_BUILD_PAIR_CONDITION(!strv_isempty(m->initrd_release), "initrdRelease", JSON_BUILD_STRV_ENV_PAIR(m->initrd_release)), | |
a81fe93e LP |
942 | JSON_BUILD_PAIR_CONDITION(!strv_isempty(m->sysext_release), "sysextRelease", JSON_BUILD_STRV_ENV_PAIR(m->sysext_release)), |
943 | JSON_BUILD_PAIR_CONDITION(!strv_isempty(m->confext_release), "confextRelease", JSON_BUILD_STRV_ENV_PAIR(m->confext_release)), | |
b2466e05 LP |
944 | JSON_BUILD_PAIR("useBootableUefi", JSON_BUILD_BOOLEAN(dissected_image_is_bootable_uefi(m))), |
945 | JSON_BUILD_PAIR("useBootableContainer", JSON_BUILD_BOOLEAN(dissected_image_is_bootable_os(m))), | |
946 | JSON_BUILD_PAIR("useInitrd", JSON_BUILD_BOOLEAN(dissected_image_is_initrd(m))), | |
947 | JSON_BUILD_PAIR("usePortableService", JSON_BUILD_BOOLEAN(dissected_image_is_portable(m))), | |
a81fe93e LP |
948 | JSON_BUILD_PAIR("useSystemExtension", JSON_BUILD_BOOLEAN(strv_contains(sysext_scopes, "system"))), |
949 | JSON_BUILD_PAIR("useInitRDSystemExtension", JSON_BUILD_BOOLEAN(strv_contains(sysext_scopes, "initrd"))), | |
950 | JSON_BUILD_PAIR("usePortableSystemExtension", JSON_BUILD_BOOLEAN(strv_contains(sysext_scopes, "portable"))), | |
951 | JSON_BUILD_PAIR("useConfigurationExtension", JSON_BUILD_BOOLEAN(strv_contains(confext_scopes, "system"))), | |
952 | JSON_BUILD_PAIR("useInitRDConfigurationExtension", JSON_BUILD_BOOLEAN(strv_contains(confext_scopes, "initrd"))), | |
953 | JSON_BUILD_PAIR("usePortableConfigurationExtension", JSON_BUILD_BOOLEAN(strv_contains(confext_scopes, "portable"))))); | |
de8231b0 LP |
954 | if (r < 0) |
955 | return log_oom(); | |
956 | } | |
957 | ||
ee8e497d | 958 | t = table_new("rw", "designator", "partition uuid", "partition label", "fstype", "architecture", "verity", "growfs", "node", "partno"); |
37e44c3f LP |
959 | if (!t) |
960 | return log_oom(); | |
a1edd22e | 961 | |
c8b62cf6 | 962 | table_set_ersatz_string(t, TABLE_ERSATZ_DASH); |
37e44c3f | 963 | (void) table_set_align_percent(t, table_get_cell(t, 0, 7), 100); |
a2ea3b2f | 964 | |
569a0e42 | 965 | for (PartitionDesignator i = 0; i < _PARTITION_DESIGNATOR_MAX; i++) { |
37e44c3f | 966 | DissectedPartition *p = m->partitions + i; |
89d00f2e | 967 | |
37e44c3f LP |
968 | if (!p->found) |
969 | continue; | |
89d00f2e | 970 | |
37e44c3f LP |
971 | r = table_add_many( |
972 | t, | |
973 | TABLE_STRING, p->rw ? "rw" : "ro", | |
974 | TABLE_STRING, partition_designator_to_string(i)); | |
975 | if (r < 0) | |
976 | return table_log_add_error(r); | |
89d00f2e | 977 | |
37e44c3f LP |
978 | if (sd_id128_is_null(p->uuid)) |
979 | r = table_add_cell(t, NULL, TABLE_EMPTY, NULL); | |
980 | else | |
981 | r = table_add_cell(t, NULL, TABLE_UUID, &p->uuid); | |
982 | if (r < 0) | |
983 | return table_log_add_error(r); | |
89d00f2e | 984 | |
37e44c3f LP |
985 | r = table_add_many( |
986 | t, | |
1474d7ac | 987 | TABLE_STRING, p->label, |
37e44c3f LP |
988 | TABLE_STRING, p->fstype, |
989 | TABLE_STRING, architecture_to_string(p->architecture)); | |
990 | if (r < 0) | |
991 | return table_log_add_error(r); | |
992 | ||
89e62e0b | 993 | if (arg_verity_settings.data_path) |
37e44c3f | 994 | r = table_add_cell(t, NULL, TABLE_STRING, "external"); |
49536766 | 995 | else if (dissected_image_verity_candidate(m, i)) |
8ee9615e LP |
996 | r = table_add_cell(t, NULL, TABLE_STRING, |
997 | dissected_image_verity_sig_ready(m, i) ? "signed" : | |
998 | yes_no(dissected_image_verity_ready(m, i))); | |
37e44c3f LP |
999 | else |
1000 | r = table_add_cell(t, NULL, TABLE_EMPTY, NULL); | |
1001 | if (r < 0) | |
1002 | return table_log_add_error(r); | |
89d00f2e | 1003 | |
ee8e497d LP |
1004 | r = table_add_many(t, TABLE_BOOLEAN, (int) p->growfs); |
1005 | if (r < 0) | |
1006 | return table_log_add_error(r); | |
1007 | ||
37e44c3f | 1008 | if (p->partno < 0) /* no partition table, naked file system */ { |
a3c3386e | 1009 | r = table_add_cell(t, NULL, TABLE_PATH_BASENAME, arg_image); |
89d00f2e LP |
1010 | if (r < 0) |
1011 | return table_log_add_error(r); | |
1012 | ||
37e44c3f LP |
1013 | r = table_add_cell(t, NULL, TABLE_EMPTY, NULL); |
1014 | } else { | |
1015 | r = table_add_cell(t, NULL, TABLE_STRING, p->node); | |
89d00f2e LP |
1016 | if (r < 0) |
1017 | return table_log_add_error(r); | |
1018 | ||
37e44c3f LP |
1019 | r = table_add_cell(t, NULL, TABLE_INT, &p->partno); |
1020 | } | |
1021 | if (r < 0) | |
1022 | return table_log_add_error(r); | |
1023 | } | |
89d00f2e | 1024 | |
6a01ea4a | 1025 | if (arg_json_format_flags & JSON_FORMAT_OFF) { |
17547fb5 LP |
1026 | (void) table_set_header(t, arg_legend); |
1027 | ||
1028 | r = table_print(t, NULL); | |
6a01ea4a LP |
1029 | if (r < 0) |
1030 | return table_log_print_error(r); | |
1031 | } else { | |
de8231b0 LP |
1032 | _cleanup_(json_variant_unrefp) JsonVariant *jt = NULL; |
1033 | ||
1034 | r = table_to_json(t, &jt); | |
1035 | if (r < 0) | |
1036 | return log_error_errno(r, "Failed to convert table to JSON: %m"); | |
1037 | ||
1038 | r = json_variant_set_field(&v, "mounts", jt); | |
1039 | if (r < 0) | |
1040 | return log_oom(); | |
1041 | ||
1042 | json_variant_dump(v, arg_json_format_flags, stdout, NULL); | |
de8231b0 | 1043 | } |
89d00f2e | 1044 | |
37e44c3f LP |
1045 | return 0; |
1046 | } | |
89d00f2e | 1047 | |
37e44c3f | 1048 | static int action_mount(DissectedImage *m, LoopDevice *d) { |
37e44c3f | 1049 | int r; |
89d00f2e | 1050 | |
37e44c3f LP |
1051 | assert(m); |
1052 | assert(d); | |
94abea2a | 1053 | assert(arg_action == ACTION_MOUNT); |
89d00f2e | 1054 | |
8d9a1d59 LP |
1055 | r = dissected_image_mount_and_warn( |
1056 | m, | |
1057 | arg_path, | |
1058 | /* uid_shift= */ UID_INVALID, | |
1059 | /* uid_range= */ UID_INVALID, | |
1060 | /* userns_fd= */ -EBADF, | |
1061 | arg_flags); | |
37e44c3f | 1062 | if (r < 0) |
af187ab2 | 1063 | return r; |
89d00f2e | 1064 | |
41bc4849 LP |
1065 | r = loop_device_flock(d, LOCK_UN); |
1066 | if (r < 0) | |
1067 | return log_error_errno(r, "Failed to unlock loopback block device: %m"); | |
1068 | ||
3044d343 YW |
1069 | r = dissected_image_relinquish(m); |
1070 | if (r < 0) | |
1071 | return log_error_errno(r, "Failed to relinquish DM and loopback block devices: %m"); | |
a2ea3b2f | 1072 | |
37e44c3f LP |
1073 | return 0; |
1074 | } | |
18b5886e | 1075 | |
0cf16924 AAF |
1076 | static int list_print_item( |
1077 | RecurseDirEvent event, | |
1078 | const char *path, | |
1079 | int dir_fd, | |
1080 | int inode_fd, | |
1081 | const struct dirent *de, | |
1082 | const struct statx *sx, | |
1083 | void *userdata) { | |
1084 | ||
167f2c1a | 1085 | assert(path); |
0cf16924 AAF |
1086 | |
1087 | if (event == RECURSE_DIR_ENTER) | |
bb69ec95 | 1088 | printf("%s%s/%s\n", path, ansi_grey(), ansi_normal()); |
0cf16924 AAF |
1089 | else if (event == RECURSE_DIR_ENTRY) |
1090 | printf("%s\n", path); | |
1091 | ||
1092 | return RECURSE_DIR_CONTINUE; | |
1093 | } | |
1094 | ||
db02190e | 1095 | static int get_file_sha256(int inode_fd, uint8_t ret[static SHA256_DIGEST_SIZE]) { |
254d1313 | 1096 | _cleanup_close_ int fd = -EBADF; |
db02190e LP |
1097 | struct sha256_ctx ctx; |
1098 | ||
1099 | /* convert O_PATH fd into a regular one */ | |
1100 | fd = fd_reopen(inode_fd, O_RDONLY|O_CLOEXEC); | |
1101 | if (fd < 0) | |
1102 | return fd; | |
1103 | ||
1104 | /* Calculating the SHA sum might be slow, hence let's flush STDOUT first, to give user an idea where we are slow. */ | |
1105 | fflush(stdout); | |
1106 | ||
1107 | sha256_init_ctx(&ctx); | |
1108 | ||
1109 | for (;;) { | |
1110 | uint8_t buffer[64 * 1024]; | |
1111 | ssize_t n; | |
1112 | ||
1113 | n = read(fd, buffer, sizeof(buffer)); | |
1114 | if (n < 0) | |
1115 | return -errno; | |
1116 | if (n == 0) | |
1117 | break; | |
1118 | ||
1119 | sha256_process_bytes(buffer, n, &ctx); | |
1120 | } | |
1121 | ||
1122 | sha256_finish_ctx(&ctx, ret); | |
1123 | return 0; | |
1124 | } | |
1125 | ||
12c0f4ff LP |
1126 | static const char *pick_color_for_uid_gid(uid_t uid) { |
1127 | if (uid == UID_NOBODY) | |
1128 | return ansi_highlight_yellow4(); /* files should never be owned by 'nobody' (but might happen due to userns mapping) */ | |
1129 | if (uid_is_system(uid)) | |
1130 | return ansi_normal(); /* files in disk images are typically owned by root and other system users, no issue there */ | |
1131 | if (uid_is_dynamic(uid)) | |
94d82b59 | 1132 | return ansi_highlight_red(); /* files should never be owned persistently by dynamic users, and there are just no excuses */ |
12c0f4ff LP |
1133 | if (uid_is_container(uid)) |
1134 | return ansi_highlight_cyan(); | |
1135 | ||
1136 | return ansi_highlight(); | |
1137 | } | |
1138 | ||
db02190e LP |
1139 | static int mtree_print_item( |
1140 | RecurseDirEvent event, | |
1141 | const char *path, | |
1142 | int dir_fd, | |
1143 | int inode_fd, | |
1144 | const struct dirent *de, | |
1145 | const struct statx *sx, | |
1146 | void *userdata) { | |
1147 | ||
01a33cf7 | 1148 | _cleanup_free_ char *escaped = NULL; |
db02190e LP |
1149 | int r; |
1150 | ||
167f2c1a | 1151 | assert(path); |
db02190e | 1152 | |
01a33cf7 YW |
1153 | if (!IN_SET(event, RECURSE_DIR_ENTER, RECURSE_DIR_ENTRY)) |
1154 | return RECURSE_DIR_CONTINUE; | |
db02190e | 1155 | |
01a33cf7 | 1156 | assert(sx); |
5ffa6a0a | 1157 | |
01a33cf7 YW |
1158 | if (isempty(path)) |
1159 | path = "."; | |
1160 | else { | |
1161 | /* BSD mtree uses either C or octal escaping, and covers whitespace, comments and glob characters. We use C style escaping and follow suit */ | |
1162 | path = escaped = xescape(path, WHITESPACE COMMENTS GLOB_CHARS); | |
1163 | if (!escaped) | |
1164 | return log_oom(); | |
1165 | } | |
db02190e | 1166 | |
01a33cf7 YW |
1167 | printf("%s", isempty(path) ? "." : path); |
1168 | ||
1169 | if (FLAGS_SET(sx->stx_mask, STATX_TYPE)) { | |
1170 | if (S_ISDIR(sx->stx_mode)) | |
1171 | printf("%s/%s", ansi_grey(), ansi_normal()); | |
1172 | ||
1173 | printf(" %stype=%s%s%s%s", | |
1174 | ansi_grey(), | |
1175 | ansi_normal(), | |
1176 | S_ISDIR(sx->stx_mode) ? ansi_highlight_blue() : | |
1177 | S_ISLNK(sx->stx_mode) ? ansi_highlight_cyan() : | |
1178 | (S_ISFIFO(sx->stx_mode) || S_ISCHR(sx->stx_mode) || S_ISBLK(sx->stx_mode)) ? ansi_highlight_yellow4() : | |
1179 | S_ISSOCK(sx->stx_mode) ? ansi_highlight_magenta() : "", | |
1180 | ASSERT_PTR(S_ISDIR(sx->stx_mode) ? "dir" : | |
1181 | S_ISREG(sx->stx_mode) ? "file" : | |
1182 | S_ISLNK(sx->stx_mode) ? "link" : | |
1183 | S_ISFIFO(sx->stx_mode) ? "fifo" : | |
1184 | S_ISBLK(sx->stx_mode) ? "block" : | |
1185 | S_ISCHR(sx->stx_mode) ? "char" : | |
1186 | S_ISSOCK(sx->stx_mode) ? "socket" : NULL), | |
1187 | ansi_normal()); | |
1188 | } | |
db02190e | 1189 | |
01a33cf7 YW |
1190 | if (FLAGS_SET(sx->stx_mask, STATX_MODE) && (!FLAGS_SET(sx->stx_mask, STATX_TYPE) || !S_ISLNK(sx->stx_mode))) |
1191 | printf(" %smode=%s%04o", | |
1192 | ansi_grey(), | |
1193 | ansi_normal(), | |
1194 | (unsigned) (sx->stx_mode & 0777)); | |
1195 | ||
1196 | if (FLAGS_SET(sx->stx_mask, STATX_UID)) | |
12c0f4ff | 1197 | printf(" %suid=%s" UID_FMT "%s", |
01a33cf7 | 1198 | ansi_grey(), |
12c0f4ff LP |
1199 | pick_color_for_uid_gid(sx->stx_uid), |
1200 | sx->stx_uid, | |
1201 | ansi_normal()); | |
01a33cf7 YW |
1202 | |
1203 | if (FLAGS_SET(sx->stx_mask, STATX_GID)) | |
12c0f4ff | 1204 | printf(" %sgid=%s" GID_FMT "%s", |
01a33cf7 | 1205 | ansi_grey(), |
12c0f4ff LP |
1206 | pick_color_for_uid_gid(sx->stx_gid), |
1207 | sx->stx_gid, | |
1208 | ansi_normal()); | |
01a33cf7 YW |
1209 | |
1210 | if (FLAGS_SET(sx->stx_mask, STATX_TYPE|STATX_SIZE) && S_ISREG(sx->stx_mode)) { | |
1211 | printf(" %ssize=%s%" PRIu64, | |
1212 | ansi_grey(), | |
1213 | ansi_normal(), | |
1214 | (uint64_t) sx->stx_size); | |
1215 | ||
12d58b6c | 1216 | if (arg_mtree_hash && inode_fd >= 0 && sx->stx_size > 0) { |
01a33cf7 YW |
1217 | uint8_t hash[SHA256_DIGEST_SIZE]; |
1218 | ||
1219 | r = get_file_sha256(inode_fd, hash); | |
db02190e | 1220 | if (r < 0) |
01a33cf7 | 1221 | log_warning_errno(r, "Failed to calculate file SHA256 sum for '%s', ignoring: %m", path); |
db02190e | 1222 | else { |
01a33cf7 | 1223 | _cleanup_free_ char *h = NULL; |
db02190e | 1224 | |
01a33cf7 YW |
1225 | h = hexmem(hash, sizeof(hash)); |
1226 | if (!h) | |
db02190e LP |
1227 | return log_oom(); |
1228 | ||
01a33cf7 | 1229 | printf(" %ssha256sum=%s%s", |
db02190e LP |
1230 | ansi_grey(), |
1231 | ansi_normal(), | |
01a33cf7 | 1232 | h); |
db02190e LP |
1233 | } |
1234 | } | |
01a33cf7 | 1235 | } |
db02190e | 1236 | |
01a33cf7 YW |
1237 | if (FLAGS_SET(sx->stx_mask, STATX_TYPE) && S_ISLNK(sx->stx_mode) && inode_fd >= 0) { |
1238 | _cleanup_free_ char *target = NULL; | |
1239 | ||
1240 | r = readlinkat_malloc(inode_fd, "", &target); | |
1241 | if (r < 0) | |
1242 | log_warning_errno(r, "Failed to read symlink '%s', ignoring: %m", path); | |
1243 | else { | |
1244 | _cleanup_free_ char *target_escaped = NULL; | |
1245 | ||
1246 | target_escaped = xescape(target, WHITESPACE COMMENTS GLOB_CHARS); | |
1247 | if (!target_escaped) | |
1248 | return log_oom(); | |
1249 | ||
1250 | printf(" %slink=%s%s", | |
db02190e LP |
1251 | ansi_grey(), |
1252 | ansi_normal(), | |
01a33cf7 YW |
1253 | target_escaped); |
1254 | } | |
db02190e LP |
1255 | } |
1256 | ||
01a33cf7 YW |
1257 | if (FLAGS_SET(sx->stx_mask, STATX_TYPE) && (S_ISBLK(sx->stx_mode) || S_ISCHR(sx->stx_mode))) |
1258 | printf(" %sdevice=%slinux,%" PRIu64 ",%" PRIu64, | |
1259 | ansi_grey(), | |
1260 | ansi_normal(), | |
1261 | (uint64_t) sx->stx_rdev_major, | |
1262 | (uint64_t) sx->stx_rdev_minor); | |
1263 | ||
1264 | printf("\n"); | |
1265 | ||
db02190e LP |
1266 | return RECURSE_DIR_CONTINUE; |
1267 | } | |
1268 | ||
1269 | static int action_list_or_mtree_or_copy(DissectedImage *m, LoopDevice *d) { | |
37e44c3f | 1270 | _cleanup_(umount_and_rmdir_and_freep) char *mounted_dir = NULL; |
37e44c3f LP |
1271 | _cleanup_(rmdir_and_freep) char *created_dir = NULL; |
1272 | _cleanup_free_ char *temp = NULL; | |
2292fa1e | 1273 | const char *root; |
37e44c3f | 1274 | int r; |
a2ea3b2f | 1275 | |
94abea2a | 1276 | assert(IN_SET(arg_action, ACTION_LIST, ACTION_MTREE, ACTION_COPY_FROM, ACTION_COPY_TO)); |
a2ea3b2f | 1277 | |
2292fa1e DDM |
1278 | if (arg_image) { |
1279 | assert(m); | |
1280 | assert(d); | |
33973b84 | 1281 | |
2292fa1e DDM |
1282 | r = detach_mount_namespace(); |
1283 | if (r < 0) | |
1284 | return log_error_errno(r, "Failed to detach mount namespace: %m"); | |
33973b84 | 1285 | |
2292fa1e DDM |
1286 | r = tempfn_random_child(NULL, program_invocation_short_name, &temp); |
1287 | if (r < 0) | |
1288 | return log_error_errno(r, "Failed to generate temporary mount directory: %m"); | |
33973b84 | 1289 | |
2292fa1e DDM |
1290 | r = mkdir_p(temp, 0700); |
1291 | if (r < 0) | |
1292 | return log_error_errno(r, "Failed to create mount point: %m"); | |
37e44c3f | 1293 | |
2292fa1e | 1294 | created_dir = TAKE_PTR(temp); |
33973b84 | 1295 | |
8d9a1d59 LP |
1296 | r = dissected_image_mount_and_warn( |
1297 | m, | |
1298 | created_dir, | |
1299 | /* uid_shift= */ UID_INVALID, | |
1300 | /* uid_range= */ UID_INVALID, | |
1301 | /* userns_fd= */ -EBADF, | |
1302 | arg_flags); | |
2292fa1e DDM |
1303 | if (r < 0) |
1304 | return r; | |
33973b84 | 1305 | |
2292fa1e | 1306 | mounted_dir = TAKE_PTR(created_dir); |
41bc4849 | 1307 | |
2292fa1e DDM |
1308 | r = loop_device_flock(d, LOCK_UN); |
1309 | if (r < 0) | |
1310 | return log_error_errno(r, "Failed to unlock loopback block device: %m"); | |
1311 | ||
1312 | r = dissected_image_relinquish(m); | |
1313 | if (r < 0) | |
1314 | return log_error_errno(r, "Failed to relinquish DM and loopback block devices: %m"); | |
1315 | } | |
1316 | ||
1317 | root = mounted_dir ?: arg_root; | |
33973b84 | 1318 | |
b7df8622 LP |
1319 | switch (arg_action) { |
1320 | ||
1321 | case ACTION_COPY_FROM: { | |
254d1313 | 1322 | _cleanup_close_ int source_fd = -EBADF, target_fd = -EBADF; |
33973b84 | 1323 | |
2292fa1e | 1324 | source_fd = chase_and_open(arg_source, root, CHASE_PREFIX_ROOT|CHASE_WARN, O_RDONLY|O_CLOEXEC|O_NOCTTY, NULL); |
37e44c3f LP |
1325 | if (source_fd < 0) |
1326 | return log_error_errno(source_fd, "Failed to open source path '%s' in image '%s': %m", arg_source, arg_image); | |
1327 | ||
1328 | /* Copying to stdout? */ | |
1329 | if (streq(arg_target, "-")) { | |
f5fbe71d | 1330 | r = copy_bytes(source_fd, STDOUT_FILENO, UINT64_MAX, COPY_REFLINK); |
33973b84 | 1331 | if (r < 0) |
37e44c3f LP |
1332 | return log_error_errno(r, "Failed to copy bytes from %s in mage '%s' to stdout: %m", arg_source, arg_image); |
1333 | ||
38db55ab | 1334 | /* When we copy to stdout we don't copy any attributes (i.e. no access mode, no ownership, no xattr, no times) */ |
37e44c3f | 1335 | return 0; |
33973b84 LP |
1336 | } |
1337 | ||
37e44c3f | 1338 | /* Try to copy as directory? */ |
f9f70e06 | 1339 | r = copy_directory_at(source_fd, NULL, AT_FDCWD, arg_target, COPY_REFLINK|COPY_MERGE_EMPTY|COPY_SIGINT|COPY_HARDLINKS); |
37e44c3f LP |
1340 | if (r >= 0) |
1341 | return 0; | |
1342 | if (r != -ENOTDIR) | |
1343 | return log_error_errno(r, "Failed to copy %s in image '%s' to '%s': %m", arg_source, arg_image, arg_target); | |
1344 | ||
1345 | r = fd_verify_regular(source_fd); | |
1346 | if (r == -EISDIR) | |
1347 | return log_error_errno(r, "Target '%s' exists already and is not a directory.", arg_target); | |
1348 | if (r < 0) | |
1349 | return log_error_errno(r, "Source path %s in image '%s' is neither regular file nor directory, refusing: %m", arg_source, arg_image); | |
33973b84 | 1350 | |
37e44c3f LP |
1351 | /* Nah, it's a plain file! */ |
1352 | target_fd = open(arg_target, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0600); | |
1353 | if (target_fd < 0) | |
1354 | return log_error_errno(errno, "Failed to create regular file at target path '%s': %m", arg_target); | |
33973b84 | 1355 | |
f5fbe71d | 1356 | r = copy_bytes(source_fd, target_fd, UINT64_MAX, COPY_REFLINK); |
37e44c3f LP |
1357 | if (r < 0) |
1358 | return log_error_errno(r, "Failed to copy bytes from %s in mage '%s' to '%s': %m", arg_source, arg_image, arg_target); | |
33973b84 | 1359 | |
c17cfe6e | 1360 | (void) copy_xattr(source_fd, NULL, target_fd, NULL, 0); |
37e44c3f LP |
1361 | (void) copy_access(source_fd, target_fd); |
1362 | (void) copy_times(source_fd, target_fd, 0); | |
33973b84 | 1363 | |
37e44c3f | 1364 | /* When this is a regular file we don't copy ownership! */ |
b7df8622 LP |
1365 | return 0; |
1366 | } | |
33973b84 | 1367 | |
b7df8622 | 1368 | case ACTION_COPY_TO: { |
254d1313 | 1369 | _cleanup_close_ int source_fd = -EBADF, target_fd = -EBADF, dfd = -EBADF; |
cfb623b6 | 1370 | _cleanup_free_ char *dn = NULL, *bn = NULL; |
83802e9a | 1371 | bool is_dir; |
33973b84 | 1372 | |
45519d13 LP |
1373 | r = path_extract_directory(arg_target, &dn); |
1374 | if (r < 0) | |
cfb623b6 LP |
1375 | return log_error_errno(r, "Failed to extract directory from target path '%s': %m", arg_target); |
1376 | r = path_extract_filename(arg_target, &bn); | |
1377 | if (r < 0) | |
1378 | return log_error_errno(r, "Failed to extract filename from target path '%s': %m", arg_target); | |
83802e9a | 1379 | is_dir = r == O_DIRECTORY; |
37e44c3f | 1380 | |
2292fa1e | 1381 | r = chase(dn, root, CHASE_PREFIX_ROOT|CHASE_WARN, NULL, &dfd); |
37e44c3f LP |
1382 | if (r < 0) |
1383 | return log_error_errno(r, "Failed to open '%s': %m", dn); | |
33973b84 | 1384 | |
37e44c3f LP |
1385 | /* Are we reading from stdin? */ |
1386 | if (streq(arg_source, "-")) { | |
83802e9a LP |
1387 | if (is_dir) |
1388 | return log_error_errno(SYNTHETIC_ERRNO(EISDIR), "Cannot copy STDIN to a directory, refusing."); | |
1389 | ||
cfb623b6 | 1390 | target_fd = openat(dfd, bn, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_EXCL, 0644); |
33973b84 | 1391 | if (target_fd < 0) |
37e44c3f | 1392 | return log_error_errno(errno, "Failed to open target file '%s': %m", arg_target); |
33973b84 | 1393 | |
f5fbe71d | 1394 | r = copy_bytes(STDIN_FILENO, target_fd, UINT64_MAX, COPY_REFLINK); |
33973b84 | 1395 | if (r < 0) |
37e44c3f | 1396 | return log_error_errno(r, "Failed to copy bytes from stdin to '%s' in image '%s': %m", arg_target, arg_image); |
33973b84 | 1397 | |
37e44c3f LP |
1398 | /* When we copy from stdin we don't copy any attributes (i.e. no access mode, no ownership, no xattr, no times) */ |
1399 | return 0; | |
1400 | } | |
33973b84 | 1401 | |
37e44c3f LP |
1402 | source_fd = open(arg_source, O_RDONLY|O_CLOEXEC|O_NOCTTY); |
1403 | if (source_fd < 0) | |
1404 | return log_error_errno(source_fd, "Failed to open source path '%s': %m", arg_source); | |
33973b84 | 1405 | |
37e44c3f LP |
1406 | r = fd_verify_regular(source_fd); |
1407 | if (r < 0) { | |
1408 | if (r != -EISDIR) | |
1409 | return log_error_errno(r, "Source '%s' is neither regular file nor directory: %m", arg_source); | |
33973b84 | 1410 | |
37e44c3f | 1411 | /* We are looking at a directory. */ |
33973b84 | 1412 | |
cfb623b6 | 1413 | target_fd = openat(dfd, bn, O_RDONLY|O_DIRECTORY|O_CLOEXEC); |
37e44c3f LP |
1414 | if (target_fd < 0) { |
1415 | if (errno != ENOENT) | |
1416 | return log_error_errno(errno, "Failed to open destination '%s': %m", arg_target); | |
33973b84 | 1417 | |
ad6fae7f | 1418 | r = copy_tree_at(source_fd, ".", dfd, bn, UID_INVALID, GID_INVALID, COPY_REFLINK|COPY_REPLACE|COPY_SIGINT|COPY_HARDLINKS, NULL, NULL); |
37e44c3f | 1419 | } else |
ad6fae7f | 1420 | r = copy_tree_at(source_fd, ".", target_fd, ".", UID_INVALID, GID_INVALID, COPY_REFLINK|COPY_REPLACE|COPY_SIGINT|COPY_HARDLINKS, NULL, NULL); |
33973b84 | 1421 | if (r < 0) |
37e44c3f | 1422 | return log_error_errno(r, "Failed to copy '%s' to '%s' in image '%s': %m", arg_source, arg_target, arg_image); |
33973b84 | 1423 | |
37e44c3f LP |
1424 | return 0; |
1425 | } | |
33973b84 | 1426 | |
83802e9a LP |
1427 | if (is_dir) |
1428 | return log_error_errno(SYNTHETIC_ERRNO(EISDIR), "Source is a regular file, but target is not, refusing."); | |
1429 | ||
37e44c3f | 1430 | /* We area looking at a regular file */ |
83802e9a | 1431 | target_fd = openat(dfd, bn, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_EXCL, 0600); |
37e44c3f LP |
1432 | if (target_fd < 0) |
1433 | return log_error_errno(errno, "Failed to open target file '%s': %m", arg_target); | |
33973b84 | 1434 | |
f5fbe71d | 1435 | r = copy_bytes(source_fd, target_fd, UINT64_MAX, COPY_REFLINK); |
37e44c3f LP |
1436 | if (r < 0) |
1437 | return log_error_errno(r, "Failed to copy bytes from '%s' to '%s' in image '%s': %m", arg_source, arg_target, arg_image); | |
33973b84 | 1438 | |
c17cfe6e | 1439 | (void) copy_xattr(source_fd, NULL, target_fd, NULL, 0); |
37e44c3f LP |
1440 | (void) copy_access(source_fd, target_fd); |
1441 | (void) copy_times(source_fd, target_fd, 0); | |
33973b84 | 1442 | |
37e44c3f | 1443 | /* When this is a regular file we don't copy ownership! */ |
b7df8622 LP |
1444 | return 0; |
1445 | } | |
0cf16924 | 1446 | |
b7df8622 LP |
1447 | case ACTION_LIST: |
1448 | case ACTION_MTREE: { | |
254d1313 | 1449 | _cleanup_close_ int dfd = -EBADF; |
0cf16924 | 1450 | |
2292fa1e | 1451 | dfd = open(root, O_DIRECTORY|O_CLOEXEC|O_RDONLY); |
0cf16924 AAF |
1452 | if (dfd < 0) |
1453 | return log_error_errno(errno, "Failed to open mount directory: %m"); | |
1454 | ||
2e1f76f6 LP |
1455 | pager_open(arg_pager_flags); |
1456 | ||
db02190e LP |
1457 | if (arg_action == ACTION_LIST) |
1458 | r = recurse_dir(dfd, NULL, 0, UINT_MAX, RECURSE_DIR_SORT, list_print_item, NULL); | |
1459 | else if (arg_action == ACTION_MTREE) | |
1460 | r = recurse_dir(dfd, ".", STATX_TYPE|STATX_MODE|STATX_UID|STATX_GID|STATX_SIZE, UINT_MAX, RECURSE_DIR_SORT|RECURSE_DIR_INODE_FD|RECURSE_DIR_TOPLEVEL, mtree_print_item, NULL); | |
1461 | else | |
1462 | assert_not_reached(); | |
0cf16924 AAF |
1463 | if (r < 0) |
1464 | return log_error_errno(r, "Failed to list image: %m"); | |
b7df8622 | 1465 | return 0; |
37e44c3f | 1466 | } |
33973b84 | 1467 | |
b7df8622 LP |
1468 | default: |
1469 | assert_not_reached(); | |
1470 | } | |
37e44c3f | 1471 | } |
33973b84 | 1472 | |
ac1f1adf | 1473 | static int action_umount(const char *path) { |
254d1313 | 1474 | _cleanup_close_ int fd = -EBADF; |
040d3439 | 1475 | _cleanup_free_ char *canonical = NULL; |
ac1f1adf | 1476 | _cleanup_(loop_device_unrefp) LoopDevice *d = NULL; |
040d3439 | 1477 | _cleanup_(sd_device_unrefp) sd_device *dev = NULL; |
e8383058 | 1478 | int r; |
ac1f1adf | 1479 | |
f461a28d | 1480 | fd = chase_and_open(path, NULL, 0, O_DIRECTORY, &canonical); |
ac1f1adf DDM |
1481 | if (fd == -ENOTDIR) |
1482 | return log_error_errno(SYNTHETIC_ERRNO(ENOTDIR), "'%s' is not a directory", path); | |
1483 | if (fd < 0) | |
1484 | return log_error_errno(fd, "Failed to resolve path '%s': %m", path); | |
1485 | ||
1486 | r = fd_is_mount_point(fd, NULL, 0); | |
1487 | if (r == 0) | |
1488 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "'%s' is not a mount point", canonical); | |
1489 | if (r < 0) | |
1490 | return log_error_errno(r, "Failed to determine whether '%s' is a mount point: %m", canonical); | |
1491 | ||
040d3439 | 1492 | r = block_device_new_from_fd(fd, BLOCK_DEVICE_LOOKUP_WHOLE_DISK | BLOCK_DEVICE_LOOKUP_BACKING, &dev); |
41a95b18 | 1493 | if (r < 0) { |
254d1313 | 1494 | _cleanup_close_ int usr_fd = -EBADF; |
41a95b18 YW |
1495 | |
1496 | /* The command `systemd-dissect --mount` expects that the image at least has the root or /usr | |
1497 | * partition. If it does not have the root partition, then we mount the /usr partition on a | |
1498 | * tmpfs. Hence, let's try to find the backing block device through the /usr partition. */ | |
1499 | ||
1500 | usr_fd = openat(fd, "usr", O_CLOEXEC | O_DIRECTORY | O_NOFOLLOW); | |
1501 | if (usr_fd < 0) | |
1502 | return log_error_errno(errno, "Failed to open '%s/usr': %m", canonical); | |
1503 | ||
1504 | r = block_device_new_from_fd(usr_fd, BLOCK_DEVICE_LOOKUP_WHOLE_DISK | BLOCK_DEVICE_LOOKUP_BACKING, &dev); | |
1505 | } | |
ac1f1adf DDM |
1506 | if (r < 0) |
1507 | return log_error_errno(r, "Failed to find backing block device for '%s': %m", canonical); | |
1508 | ||
040d3439 | 1509 | r = loop_device_open(dev, 0, LOCK_EX, &d); |
ac1f1adf | 1510 | if (r < 0) |
040d3439 | 1511 | return log_device_error_errno(dev, r, "Failed to open loopback block device: %m"); |
ac1f1adf | 1512 | |
ac1f1adf DDM |
1513 | /* We've locked the loop device, now we're ready to unmount. To allow the unmount to succeed, we have |
1514 | * to close the O_PATH fd we opened earlier. */ | |
1515 | fd = safe_close(fd); | |
1516 | ||
1517 | r = umount_recursive(canonical, 0); | |
1518 | if (r < 0) | |
1519 | return log_error_errno(r, "Failed to unmount '%s': %m", canonical); | |
1520 | ||
0b75493d | 1521 | /* We managed to lock and unmount successfully? That means we can try to remove the loop device. */ |
ac1f1adf DDM |
1522 | loop_device_unrelinquish(d); |
1523 | ||
1524 | if (arg_rmdir) { | |
e8383058 LP |
1525 | r = RET_NERRNO(rmdir(canonical)); |
1526 | if (r < 0) | |
1527 | return log_error_errno(r, "Failed to remove mount directory '%s': %m", canonical); | |
ac1f1adf | 1528 | } |
ac1f1adf | 1529 | |
e8383058 | 1530 | return 0; |
ac1f1adf DDM |
1531 | } |
1532 | ||
06186c4c LP |
1533 | static int action_with(DissectedImage *m, LoopDevice *d) { |
1534 | _cleanup_(umount_and_rmdir_and_freep) char *mounted_dir = NULL; | |
1535 | _cleanup_(rmdir_and_freep) char *created_dir = NULL; | |
1536 | _cleanup_free_ char *temp = NULL; | |
1537 | int r, rcode; | |
1538 | ||
94abea2a LP |
1539 | assert(m); |
1540 | assert(d); | |
1541 | assert(arg_action == ACTION_WITH); | |
06186c4c LP |
1542 | |
1543 | r = tempfn_random_child(NULL, program_invocation_short_name, &temp); | |
1544 | if (r < 0) | |
1545 | return log_error_errno(r, "Failed to generate temporary mount directory: %m"); | |
1546 | ||
1547 | r = mkdir_p(temp, 0700); | |
1548 | if (r < 0) | |
1549 | return log_error_errno(r, "Failed to create mount point: %m"); | |
1550 | ||
1551 | created_dir = TAKE_PTR(temp); | |
1552 | ||
8d9a1d59 LP |
1553 | r = dissected_image_mount_and_warn( |
1554 | m, | |
1555 | created_dir, | |
1556 | /* uid_shift= */ UID_INVALID, | |
1557 | /* uid_range= */ UID_INVALID, | |
1558 | /* userns_fd= */ -EBADF, | |
1559 | arg_flags); | |
06186c4c LP |
1560 | if (r < 0) |
1561 | return r; | |
1562 | ||
1563 | mounted_dir = TAKE_PTR(created_dir); | |
1564 | ||
1565 | r = dissected_image_relinquish(m); | |
1566 | if (r < 0) | |
1567 | return log_error_errno(r, "Failed to relinquish DM and loopback block devices: %m"); | |
1568 | ||
1569 | r = loop_device_flock(d, LOCK_UN); | |
1570 | if (r < 0) | |
1571 | return log_error_errno(r, "Failed to unlock loopback block device: %m"); | |
1572 | ||
1573 | rcode = safe_fork("(with)", FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_WAIT, NULL); | |
1574 | if (rcode == 0) { | |
1575 | /* Child */ | |
1576 | ||
1577 | if (chdir(mounted_dir) < 0) { | |
1578 | log_error_errno(errno, "Failed to change to '%s' directory: %m", mounted_dir); | |
1579 | _exit(EXIT_FAILURE); | |
1580 | } | |
1581 | ||
1582 | if (setenv("SYSTEMD_DISSECT_ROOT", mounted_dir, /* overwrite= */ true) < 0) { | |
1583 | log_error_errno(errno, "Failed to set $SYSTEMD_DISSECT_ROOT: %m"); | |
1584 | _exit(EXIT_FAILURE); | |
1585 | } | |
1586 | ||
47838b55 DDM |
1587 | if (setenv("SYSTEMD_DISSECT_DEVICE", d->node, /* overwrite= */ true) < 0) { |
1588 | log_error_errno(errno, "Failed to set $SYSTEMD_DISSECT_DEVICE: %m"); | |
1589 | _exit(EXIT_FAILURE); | |
1590 | } | |
1591 | ||
06186c4c LP |
1592 | if (strv_isempty(arg_argv)) { |
1593 | const char *sh; | |
1594 | ||
1595 | sh = secure_getenv("SHELL"); | |
1596 | if (sh) { | |
1597 | execvp(sh, STRV_MAKE(sh)); | |
1598 | log_warning_errno(errno, "Failed to execute $SHELL, falling back to /bin/sh: %m"); | |
1599 | } | |
1600 | ||
1601 | execl("/bin/sh", "sh", NULL); | |
1602 | log_error_errno(errno, "Failed to invoke /bin/sh: %m"); | |
1603 | } else { | |
1604 | execvp(arg_argv[0], arg_argv); | |
1605 | log_error_errno(errno, "Failed to execute '%s': %m", arg_argv[0]); | |
1606 | } | |
1607 | ||
1608 | _exit(EXIT_FAILURE); | |
1609 | } | |
1610 | ||
1611 | /* Let's manually detach everything, to make things synchronous */ | |
1612 | r = loop_device_flock(d, LOCK_SH); | |
1613 | if (r < 0) | |
1614 | log_warning_errno(r, "Failed to lock loopback block device, ignoring: %m"); | |
1615 | ||
1616 | r = umount_recursive(mounted_dir, 0); | |
1617 | if (r < 0) | |
1618 | log_warning_errno(r, "Failed to unmount '%s', ignoring: %m", mounted_dir); | |
1619 | else | |
1620 | loop_device_unrelinquish(d); /* Let's try to destroy the loopback device */ | |
1621 | ||
1622 | created_dir = TAKE_PTR(mounted_dir); | |
1623 | ||
1624 | if (rmdir(created_dir) < 0) | |
1625 | log_warning_errno(r, "Failed to remove directory '%s', ignoring: %m", created_dir); | |
1626 | ||
1627 | temp = TAKE_PTR(created_dir); | |
1628 | ||
1629 | return rcode; | |
1630 | } | |
1631 | ||
0305cf6e | 1632 | static int action_discover(void) { |
5d2a48da | 1633 | _cleanup_hashmap_free_ Hashmap *images = NULL; |
0305cf6e LP |
1634 | _cleanup_(table_unrefp) Table *t = NULL; |
1635 | Image *img; | |
1636 | int r; | |
1637 | ||
1638 | images = hashmap_new(&image_hash_ops); | |
1639 | if (!images) | |
1640 | return log_oom(); | |
1641 | ||
1642 | for (ImageClass cl = 0; cl < _IMAGE_CLASS_MAX; cl++) { | |
1643 | r = image_discover(cl, NULL, images); | |
1644 | if (r < 0) | |
1645 | return log_error_errno(r, "Failed to discover images: %m"); | |
1646 | } | |
1647 | ||
1648 | if ((arg_json_format_flags & JSON_FORMAT_OFF) && hashmap_isempty(images)) { | |
1649 | log_info("No images found."); | |
1650 | return 0; | |
1651 | } | |
1652 | ||
1653 | t = table_new("name", "type", "class", "ro", "path", "time", "usage"); | |
1654 | if (!t) | |
1655 | return log_oom(); | |
1656 | ||
8f488d46 LP |
1657 | table_set_align_percent(t, table_get_cell(t, 0, 6), 100); |
1658 | ||
0305cf6e LP |
1659 | HASHMAP_FOREACH(img, images) { |
1660 | ||
1661 | if (!IN_SET(img->type, IMAGE_RAW, IMAGE_BLOCK)) | |
1662 | continue; | |
1663 | ||
1664 | r = table_add_many( | |
1665 | t, | |
1666 | TABLE_STRING, img->name, | |
1667 | TABLE_STRING, image_type_to_string(img->type), | |
1668 | TABLE_STRING, image_class_to_string(img->class), | |
1669 | TABLE_BOOLEAN, img->read_only, | |
1670 | TABLE_PATH, img->path, | |
1671 | TABLE_TIMESTAMP, img->mtime != 0 ? img->mtime : img->crtime, | |
1672 | TABLE_SIZE, img->usage); | |
1673 | if (r < 0) | |
1674 | return table_log_add_error(r); | |
1675 | } | |
1676 | ||
1677 | (void) table_set_sort(t, (size_t) 0); | |
1678 | ||
1679 | return table_print_with_pager(t, arg_json_format_flags, arg_pager_flags, arg_legend); | |
1680 | } | |
1681 | ||
07d6072e LP |
1682 | static int action_attach(DissectedImage *m, LoopDevice *d) { |
1683 | int r; | |
1684 | ||
1685 | assert(m); | |
1686 | assert(d); | |
1687 | ||
1688 | r = loop_device_set_autoclear(d, false); | |
1689 | if (r < 0) | |
1690 | return log_error_errno(r, "Failed to disable auto-clear logic on loopback device: %m"); | |
1691 | ||
1692 | r = dissected_image_relinquish(m); | |
1693 | if (r < 0) | |
1694 | return log_error_errno(r, "Failed to relinquish DM and loopback block devices: %m"); | |
1695 | ||
1696 | puts(d->node); | |
1697 | return 0; | |
1698 | } | |
1699 | ||
1700 | static int action_detach(const char *path) { | |
1701 | _cleanup_(loop_device_unrefp) LoopDevice *loop = NULL; | |
1702 | _cleanup_close_ int fd = -EBADF; | |
1703 | struct stat st; | |
1704 | int r; | |
1705 | ||
1706 | fd = open(path, O_PATH|O_CLOEXEC); | |
1707 | if (fd < 0) | |
1708 | return log_error_errno(errno, "Failed to open '%s': %m", path); | |
1709 | ||
1710 | if (fstat(fd, &st) < 0) | |
1711 | return log_error_errno(errno, "Failed to stat '%s': %m", path); | |
1712 | ||
1713 | if (S_ISBLK(st.st_mode)) { | |
1714 | r = loop_device_open_from_fd(fd, O_RDONLY, LOCK_EX, &loop); | |
1715 | if (r < 0) | |
1716 | return log_error_errno(r, "Failed to open '%s' as loopback block device: %m", path); | |
1717 | ||
1718 | } else if (S_ISREG(st.st_mode)) { | |
1719 | _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; | |
07d6072e LP |
1720 | |
1721 | /* If a regular file is specified, search for a loopback block device that is backed by it */ | |
1722 | ||
1723 | r = sd_device_enumerator_new(&e); | |
1724 | if (r < 0) | |
1725 | return log_error_errno(r, "Failed to allocate enumerator: %m"); | |
1726 | ||
1727 | r = sd_device_enumerator_add_match_subsystem(e, "block", true); | |
1728 | if (r < 0) | |
1729 | return log_error_errno(r, "Failed to match block devices: %m"); | |
1730 | ||
1731 | r = sd_device_enumerator_add_match_sysname(e, "loop*"); | |
1732 | if (r < 0) | |
1733 | return log_error_errno(r, "Failed to match loopback block devices: %m"); | |
1734 | ||
1735 | (void) sd_device_enumerator_allow_uninitialized(e); | |
1736 | ||
1737 | FOREACH_DEVICE(e, d) { | |
1738 | _cleanup_(loop_device_unrefp) LoopDevice *entry_loop = NULL; | |
1739 | const char *name, *devtype; | |
1740 | ||
1741 | r = sd_device_get_sysname(d, &name); | |
1742 | if (r < 0) { | |
1743 | log_warning_errno(r, "Failed to get enumerated device's sysname, skipping: %m"); | |
1744 | continue; | |
1745 | } | |
1746 | ||
1747 | r = sd_device_get_devtype(d, &devtype); | |
1748 | if (r < 0) { | |
1749 | log_warning_errno(r, "Failed to get devtype of '%s', skipping: %m", name); | |
1750 | continue; | |
1751 | } | |
1752 | ||
1753 | if (!streq(devtype, "disk")) /* Filter out partition block devices */ | |
1754 | continue; | |
1755 | ||
1756 | r = loop_device_open(d, O_RDONLY, LOCK_SH, &entry_loop); | |
1757 | if (r < 0) { | |
1758 | log_warning_errno(r, "Failed to open loopback block device '%s', skipping: %m", name); | |
1759 | continue; | |
1760 | } | |
1761 | ||
1762 | if (entry_loop->backing_devno == st.st_dev && entry_loop->backing_inode == st.st_ino) { | |
1763 | /* Found it! The kernel allows attaching a single file to multiple loopback | |
1764 | * devices. Let's destruct them in reverse order, i.e. find the last matching | |
1765 | * loopback device here, rather than the first. */ | |
1766 | ||
1767 | loop_device_unref(loop); | |
1768 | loop = TAKE_PTR(entry_loop); | |
1769 | } | |
1770 | } | |
1771 | ||
1772 | if (!loop) | |
1773 | return log_error_errno(SYNTHETIC_ERRNO(ENXIO), "No loopback block device backed by '%s' found.", path); | |
1774 | ||
1775 | r = loop_device_flock(loop, LOCK_EX); | |
1776 | if (r < 0) | |
1777 | return log_error_errno(r, "Failed to upgrade device lock: %m"); | |
1778 | } | |
1779 | ||
1780 | r = loop_device_set_autoclear(loop, true); | |
1781 | if (r < 0) | |
1782 | log_warning_errno(r, "Failed to enable autoclear logic on '%s', ignoring: %m", loop->node); | |
1783 | ||
1784 | loop_device_unrelinquish(loop); | |
1785 | return 0; | |
1786 | } | |
1787 | ||
dee4a623 LP |
1788 | static int action_validate(void) { |
1789 | int r; | |
1790 | ||
1791 | r = dissect_image_file_and_warn( | |
1792 | arg_image, | |
1793 | &arg_verity_settings, | |
1794 | NULL, | |
1795 | arg_image_policy, | |
1796 | arg_flags, | |
1797 | NULL); | |
1798 | if (r < 0) | |
1799 | return r; | |
1800 | ||
1801 | if (isatty(STDOUT_FILENO) && emoji_enabled()) | |
1802 | printf("%s ", special_glyph(SPECIAL_GLYPH_SPARKLES)); | |
1803 | ||
1804 | printf("%sOK%s", ansi_highlight_green(), ansi_normal()); | |
1805 | ||
1806 | if (isatty(STDOUT_FILENO) && emoji_enabled()) | |
1807 | printf(" %s", special_glyph(SPECIAL_GLYPH_SPARKLES)); | |
1808 | ||
1809 | putc('\n', stdout); | |
1810 | return 0; | |
1811 | } | |
1812 | ||
37e44c3f LP |
1813 | static int run(int argc, char *argv[]) { |
1814 | _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL; | |
1815 | _cleanup_(loop_device_unrefp) LoopDevice *d = NULL; | |
6c07d570 LP |
1816 | uint32_t loop_flags; |
1817 | int open_flags, r; | |
33973b84 | 1818 | |
5acb31a6 | 1819 | log_setup(); |
33973b84 | 1820 | |
a164d9d5 LP |
1821 | if (invoked_as(argv, "mount.ddi")) |
1822 | r = parse_argv_as_mount_helper(argc, argv); | |
1823 | else | |
1824 | r = parse_argv(argc, argv); | |
37e44c3f LP |
1825 | if (r <= 0) |
1826 | return r; | |
33973b84 | 1827 | |
b7df8622 LP |
1828 | switch (arg_action) { |
1829 | case ACTION_UMOUNT: | |
ac1f1adf | 1830 | return action_umount(arg_path); |
b7df8622 LP |
1831 | |
1832 | case ACTION_DETACH: | |
07d6072e | 1833 | return action_detach(arg_image); |
b7df8622 LP |
1834 | |
1835 | case ACTION_DISCOVER: | |
0305cf6e | 1836 | return action_discover(); |
ac1f1adf | 1837 | |
b7df8622 LP |
1838 | default: |
1839 | /* All other actions need the image dissected */ | |
1840 | break; | |
1841 | } | |
1842 | ||
2292fa1e DDM |
1843 | if (arg_image) { |
1844 | r = verity_settings_load( | |
89e62e0b LP |
1845 | &arg_verity_settings, |
1846 | arg_image, NULL, NULL); | |
236d1fa2 | 1847 | if (r < 0) |
2292fa1e | 1848 | return log_error_errno(r, "Failed to read verity artifacts for %s: %m", arg_image); |
33973b84 | 1849 | |
2292fa1e DDM |
1850 | if (arg_verity_settings.data_path) |
1851 | arg_flags |= DISSECT_IMAGE_NO_PARTITION_TABLE; /* We only support Verity per file system, | |
1852 | * hence if there's external Verity data | |
1853 | * available we turn off partition table | |
1854 | * support */ | |
1855 | ||
1856 | if (arg_action == ACTION_VALIDATE) | |
1857 | return action_validate(); | |
1858 | ||
1859 | open_flags = FLAGS_SET(arg_flags, DISSECT_IMAGE_DEVICE_READ_ONLY) ? O_RDONLY : O_RDWR; | |
1860 | loop_flags = FLAGS_SET(arg_flags, DISSECT_IMAGE_NO_PARTITION_TABLE) ? 0 : LO_FLAGS_PARTSCAN; | |
1861 | if (arg_in_memory) | |
1862 | r = loop_device_make_by_path_memory(arg_image, open_flags, /* sector_size= */ UINT32_MAX, loop_flags, LOCK_SH, &d); | |
1863 | else | |
1864 | r = loop_device_make_by_path(arg_image, open_flags, /* sector_size= */ UINT32_MAX, loop_flags, LOCK_SH, &d); | |
1865 | if (r < 0) | |
1866 | return log_error_errno(r, "Failed to set up loopback device for %s: %m", arg_image); | |
07d6072e | 1867 | |
2292fa1e DDM |
1868 | if (arg_loop_ref) { |
1869 | r = loop_device_set_filename(d, arg_loop_ref); | |
1870 | if (r < 0) | |
1871 | log_warning_errno(r, "Failed to set loop reference string to '%s', ignoring: %m", arg_loop_ref); | |
1872 | } | |
88b3300f | 1873 | |
2292fa1e DDM |
1874 | r = dissect_loop_device_and_warn( |
1875 | d, | |
94abea2a | 1876 | &arg_verity_settings, |
2292fa1e DDM |
1877 | /* mount_options= */ NULL, |
1878 | arg_image_policy, | |
1879 | arg_flags, | |
1880 | &m); | |
94abea2a LP |
1881 | if (r < 0) |
1882 | return r; | |
2292fa1e DDM |
1883 | |
1884 | if (arg_action == ACTION_ATTACH) | |
1885 | return action_attach(m, d); | |
1886 | ||
1887 | r = dissected_image_load_verity_sig_partition( | |
1888 | m, | |
1889 | d->fd, | |
1890 | &arg_verity_settings); | |
1891 | if (r < 0) | |
1892 | return log_error_errno(r, "Failed to load verity signature partition: %m"); | |
1893 | ||
1894 | if (arg_action != ACTION_DISSECT) { | |
1895 | r = dissected_image_decrypt_interactively( | |
1896 | m, NULL, | |
1897 | &arg_verity_settings, | |
1898 | arg_flags); | |
1899 | if (r < 0) | |
1900 | return r; | |
1901 | } | |
94abea2a LP |
1902 | } |
1903 | ||
37e44c3f | 1904 | switch (arg_action) { |
33973b84 | 1905 | |
37e44c3f | 1906 | case ACTION_DISSECT: |
6f5ef9e4 | 1907 | return action_dissect(m, d); |
37e44c3f LP |
1908 | |
1909 | case ACTION_MOUNT: | |
6f5ef9e4 | 1910 | return action_mount(m, d); |
37e44c3f | 1911 | |
0cf16924 | 1912 | case ACTION_LIST: |
db02190e | 1913 | case ACTION_MTREE: |
37e44c3f LP |
1914 | case ACTION_COPY_FROM: |
1915 | case ACTION_COPY_TO: | |
6f5ef9e4 | 1916 | return action_list_or_mtree_or_copy(m, d); |
33973b84 | 1917 | |
06186c4c | 1918 | case ACTION_WITH: |
6f5ef9e4 | 1919 | return action_with(m, d); |
06186c4c | 1920 | |
a2ea3b2f | 1921 | default: |
04499a70 | 1922 | assert_not_reached(); |
a2ea3b2f | 1923 | } |
a2ea3b2f | 1924 | } |
149afb45 YW |
1925 | |
1926 | DEFINE_MAIN_FUNCTION(run); |