]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
a2ea3b2f LP |
2 | |
3 | #include <fcntl.h> | |
a2ea3b2f | 4 | #include <getopt.h> |
e08f94ac LP |
5 | #include <linux/loop.h> |
6 | #include <stdio.h> | |
19df770f | 7 | #include <sys/file.h> |
16b74592 LP |
8 | #include <sys/ioctl.h> |
9 | #include <sys/mount.h> | |
a2ea3b2f | 10 | |
ac1f1adf DDM |
11 | #include "sd-device.h" |
12 | ||
a2ea3b2f | 13 | #include "architecture.h" |
ac1f1adf | 14 | #include "blockdev-util.h" |
d6b4d1c7 | 15 | #include "build.h" |
f461a28d | 16 | #include "chase.h" |
33973b84 | 17 | #include "copy.h" |
ca822829 YW |
18 | #include "device-util.h" |
19 | #include "devnum-util.h" | |
0305cf6e | 20 | #include "discover-image.h" |
a2ea3b2f | 21 | #include "dissect-image.h" |
994c9c70 | 22 | #include "env-util.h" |
db02190e | 23 | #include "escape.h" |
33973b84 | 24 | #include "fd-util.h" |
89e62e0b | 25 | #include "fileio.h" |
89d00f2e | 26 | #include "format-table.h" |
16b74592 | 27 | #include "format-util.h" |
33973b84 | 28 | #include "fs-util.h" |
4623e8e6 | 29 | #include "hexdecoct.h" |
a2ea3b2f LP |
30 | #include "log.h" |
31 | #include "loop-util.h" | |
149afb45 | 32 | #include "main-func.h" |
33973b84 LP |
33 | #include "mkdir.h" |
34 | #include "mount-util.h" | |
ac1f1adf | 35 | #include "mountpoint-util.h" |
33973b84 | 36 | #include "namespace-util.h" |
614b022c | 37 | #include "parse-argument.h" |
e475f729 | 38 | #include "parse-util.h" |
e7cbe5cb | 39 | #include "path-util.h" |
5c05f062 | 40 | #include "pretty-print.h" |
06186c4c | 41 | #include "process-util.h" |
0cf16924 | 42 | #include "recurse-dir.h" |
db02190e | 43 | #include "sha256.h" |
33973b84 | 44 | #include "stat-util.h" |
a2ea3b2f | 45 | #include "string-util.h" |
a1edd22e | 46 | #include "strv.h" |
5c05f062 | 47 | #include "terminal-util.h" |
33973b84 | 48 | #include "tmpfile-util.h" |
12c0f4ff | 49 | #include "uid-alloc-range.h" |
2d3a5a73 | 50 | #include "user-util.h" |
d7688568 | 51 | #include "vpick.h" |
a2ea3b2f LP |
52 | |
53 | static enum { | |
54 | ACTION_DISSECT, | |
55 | ACTION_MOUNT, | |
ac1f1adf | 56 | ACTION_UMOUNT, |
07d6072e LP |
57 | ACTION_ATTACH, |
58 | ACTION_DETACH, | |
0cf16924 | 59 | ACTION_LIST, |
db02190e | 60 | ACTION_MTREE, |
06186c4c | 61 | ACTION_WITH, |
33973b84 LP |
62 | ACTION_COPY_FROM, |
63 | ACTION_COPY_TO, | |
0305cf6e | 64 | ACTION_DISCOVER, |
dee4a623 | 65 | ACTION_VALIDATE, |
a2ea3b2f | 66 | } arg_action = ACTION_DISSECT; |
a3c3386e | 67 | static char *arg_image = NULL; |
2292fa1e | 68 | static char *arg_root = NULL; |
a3c3386e | 69 | static char *arg_path = NULL; |
33973b84 LP |
70 | static const char *arg_source = NULL; |
71 | static const char *arg_target = NULL; | |
4b5de5dd LP |
72 | static DissectImageFlags arg_flags = |
73 | DISSECT_IMAGE_GENERIC_ROOT | | |
4b5de5dd LP |
74 | DISSECT_IMAGE_DISCARD_ON_LOOP | |
75 | DISSECT_IMAGE_RELAX_VAR_CHECK | | |
76 | DISSECT_IMAGE_FSCK | | |
74a54bae | 77 | DISSECT_IMAGE_USR_NO_ROOT | |
73d88b80 LP |
78 | DISSECT_IMAGE_GROWFS | |
79 | DISSECT_IMAGE_PIN_PARTITION_DEVICES | | |
80 | DISSECT_IMAGE_ADD_PARTITION_DEVICES; | |
aee36b4e | 81 | static VeritySettings arg_verity_settings = VERITY_SETTINGS_DEFAULT; |
6a01ea4a | 82 | static JsonFormatFlags arg_json_format_flags = JSON_FORMAT_OFF; |
17547fb5 LP |
83 | static PagerFlags arg_pager_flags = 0; |
84 | static bool arg_legend = true; | |
ac1f1adf | 85 | static bool arg_rmdir = false; |
6c07d570 | 86 | static bool arg_in_memory = false; |
06186c4c | 87 | static char **arg_argv = NULL; |
236d1fa2 | 88 | static char *arg_loop_ref = NULL; |
84be0c71 | 89 | static ImagePolicy* arg_image_policy = NULL; |
12d58b6c | 90 | static bool arg_mtree_hash = true; |
a2ea3b2f | 91 | |
a3c3386e | 92 | STATIC_DESTRUCTOR_REGISTER(arg_image, freep); |
2292fa1e | 93 | STATIC_DESTRUCTOR_REGISTER(arg_root, freep); |
a3c3386e | 94 | STATIC_DESTRUCTOR_REGISTER(arg_path, freep); |
89e62e0b | 95 | STATIC_DESTRUCTOR_REGISTER(arg_verity_settings, verity_settings_done); |
06186c4c | 96 | STATIC_DESTRUCTOR_REGISTER(arg_argv, strv_freep); |
236d1fa2 | 97 | STATIC_DESTRUCTOR_REGISTER(arg_loop_ref, freep); |
149afb45 | 98 | |
5c05f062 LP |
99 | static int help(void) { |
100 | _cleanup_free_ char *link = NULL; | |
101 | int r; | |
102 | ||
5fdec397 ZJS |
103 | pager_open(arg_pager_flags); |
104 | ||
5c05f062 LP |
105 | r = terminal_urlify_man("systemd-dissect", "1", &link); |
106 | if (r < 0) | |
107 | return log_oom(); | |
108 | ||
109 | printf("%1$s [OPTIONS...] IMAGE\n" | |
33973b84 | 110 | "%1$s [OPTIONS...] --mount IMAGE PATH\n" |
1b967529 | 111 | "%1$s [OPTIONS...] --umount PATH\n" |
07d6072e LP |
112 | "%1$s [OPTIONS...] --attach IMAGE\n" |
113 | "%1$s [OPTIONS...] --detach PATH\n" | |
0cf16924 | 114 | "%1$s [OPTIONS...] --list IMAGE\n" |
db02190e | 115 | "%1$s [OPTIONS...] --mtree IMAGE\n" |
06186c4c | 116 | "%1$s [OPTIONS...] --with IMAGE [COMMAND…]\n" |
33973b84 | 117 | "%1$s [OPTIONS...] --copy-from IMAGE PATH [TARGET]\n" |
d8def0f3 LP |
118 | "%1$s [OPTIONS...] --copy-to IMAGE [SOURCE] PATH\n" |
119 | "%1$s [OPTIONS...] --discover\n" | |
120 | "%1$s [OPTIONS...] --validate IMAGE\n" | |
121 | "\n%5$sDissect a Discoverable Disk Image (DDI).%6$s\n\n" | |
5c05f062 | 122 | "%3$sOptions:%4$s\n" |
17547fb5 LP |
123 | " --no-pager Do not pipe output into a pager\n" |
124 | " --no-legend Do not show the headers and footers\n" | |
e7cbe5cb LB |
125 | " -r --read-only Mount read-only\n" |
126 | " --fsck=BOOL Run fsck before mounting\n" | |
74a54bae | 127 | " --growfs=BOOL Grow file system to partition size, if marked\n" |
5c05f062 | 128 | " --mkdir Make mount directory before mounting, if missing\n" |
ac1f1adf | 129 | " --rmdir Remove mount directory after unmounting\n" |
e7cbe5cb | 130 | " --discard=MODE Choose 'discard' mode (disabled, loop, all, crypto)\n" |
6c07d570 | 131 | " --in-memory Copy image into memory\n" |
e7cbe5cb | 132 | " --root-hash=HASH Specify root hash for verity\n" |
c2923fdc LB |
133 | " --root-hash-sig=SIG Specify pkcs7 signature of root hash for verity\n" |
134 | " as a DER encoded PKCS7, either as a path to a file\n" | |
135 | " or as an ASCII base64 encoded string prefixed by\n" | |
136 | " 'base64:'\n" | |
e7cbe5cb | 137 | " --verity-data=PATH Specify data file with hash tree for verity if it is\n" |
5c05f062 | 138 | " not embedded in IMAGE\n" |
84be0c71 LP |
139 | " --image-policy=POLICY\n" |
140 | " Specify image dissection policy\n" | |
de8231b0 LP |
141 | " --json=pretty|short|off\n" |
142 | " Generate JSON output\n" | |
236d1fa2 | 143 | " --loop-ref=NAME Set reference string for loopback device\n" |
12d58b6c | 144 | " --mtree-hash=BOOL Whether to include SHA256 hash in the mtree output\n" |
5c05f062 LP |
145 | "\n%3$sCommands:%4$s\n" |
146 | " -h --help Show this help\n" | |
147 | " --version Show package version\n" | |
148 | " -m --mount Mount the image to the specified directory\n" | |
149 | " -M Shortcut for --mount --mkdir\n" | |
ac1f1adf DDM |
150 | " -u --umount Unmount the image from the specified directory\n" |
151 | " -U Shortcut for --umount --rmdir\n" | |
07d6072e LP |
152 | " --attach Attach the disk image to a loopback block device\n" |
153 | " --detach Detach a loopback block device gain\n" | |
0cf16924 AAF |
154 | " -l --list List all the files and directories of the specified\n" |
155 | " OS image\n" | |
db02190e | 156 | " --mtree Show BSD mtree manifest of OS image\n" |
06186c4c | 157 | " --with Mount, run command, unmount\n" |
33973b84 LP |
158 | " -x --copy-from Copy files from image to host\n" |
159 | " -a --copy-to Copy files from host to image\n" | |
0305cf6e | 160 | " --discover Discover DDIs in well known directories\n" |
dee4a623 | 161 | " --validate Validate image and image policy\n" |
bc556335 DDM |
162 | "\nSee the %2$s for details.\n", |
163 | program_invocation_short_name, | |
164 | link, | |
165 | ansi_underline(), | |
166 | ansi_normal(), | |
167 | ansi_highlight(), | |
168 | ansi_normal()); | |
5c05f062 LP |
169 | |
170 | return 0; | |
a2ea3b2f LP |
171 | } |
172 | ||
06186c4c LP |
173 | static int patch_argv(int *argc, char ***argv, char ***buf) { |
174 | _cleanup_free_ char **l = NULL; | |
175 | char **e; | |
176 | ||
177 | assert(argc); | |
178 | assert(*argc >= 0); | |
179 | assert(argv); | |
180 | assert(*argv); | |
181 | assert(buf); | |
182 | ||
183 | /* Ugly hack: if --with is included in command line, also insert "--" immediately after it, to make | |
184 | * getopt_long() stop processing switches */ | |
185 | ||
186 | for (e = *argv + 1; e < *argv + *argc; e++) { | |
187 | assert(*e); | |
188 | ||
189 | if (streq(*e, "--with")) | |
190 | break; | |
191 | } | |
192 | ||
193 | if (e >= *argv + *argc || streq_ptr(e[1], "--")) { | |
194 | /* No --with used? Or already followed by "--"? Then don't do anything */ | |
195 | *buf = NULL; | |
196 | return 0; | |
197 | } | |
198 | ||
199 | /* Insert the extra "--" right after the --with */ | |
200 | l = new(char*, *argc + 2); | |
201 | if (!l) | |
202 | return log_oom(); | |
203 | ||
204 | size_t idx = e - *argv + 1; | |
205 | memcpy(l, *argv, sizeof(char*) * idx); /* copy everything up to and including the --with */ | |
206 | l[idx] = (char*) "--"; /* insert "--" */ | |
207 | memcpy(l + idx + 1, e + 1, sizeof(char*) * (*argc - idx + 1)); /* copy the rest, including trailing NULL entry */ | |
208 | ||
209 | (*argc)++; | |
210 | (*argv) = l; | |
211 | ||
212 | *buf = TAKE_PTR(l); | |
213 | return 1; | |
214 | } | |
215 | ||
2292fa1e DDM |
216 | static int parse_image_path_argument(const char *path, char **ret_root, char **ret_image) { |
217 | _cleanup_free_ char *p = NULL; | |
218 | struct stat st; | |
219 | int r; | |
220 | ||
221 | assert(ret_image); | |
222 | ||
223 | r = parse_path_argument(path, /* suppress_root= */ false, &p); | |
224 | if (r < 0) | |
225 | return r; | |
226 | ||
227 | if (stat(p, &st) < 0) | |
228 | return log_error_errno(errno, "Failed to stat %s: %m", p); | |
229 | ||
230 | if (S_ISDIR(st.st_mode)) { | |
231 | if (!ret_root) | |
232 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "%s is not an image file.", p); | |
233 | ||
234 | *ret_root = TAKE_PTR(p); | |
235 | } else | |
236 | *ret_image = TAKE_PTR(p); | |
237 | ||
238 | return 0; | |
239 | } | |
240 | ||
a2ea3b2f LP |
241 | static int parse_argv(int argc, char *argv[]) { |
242 | ||
243 | enum { | |
244 | ARG_VERSION = 0x100, | |
17547fb5 LP |
245 | ARG_NO_PAGER, |
246 | ARG_NO_LEGEND, | |
06186c4c | 247 | ARG_WITH, |
18b5886e | 248 | ARG_DISCARD, |
e475f729 | 249 | ARG_FSCK, |
74a54bae | 250 | ARG_GROWFS, |
89e62e0b | 251 | ARG_ROOT_HASH, |
c2923fdc | 252 | ARG_ROOT_HASH_SIG, |
89e62e0b | 253 | ARG_VERITY_DATA, |
5c05f062 | 254 | ARG_MKDIR, |
ac1f1adf | 255 | ARG_RMDIR, |
6c07d570 | 256 | ARG_IN_MEMORY, |
de8231b0 | 257 | ARG_JSON, |
db02190e | 258 | ARG_MTREE, |
0305cf6e | 259 | ARG_DISCOVER, |
07d6072e LP |
260 | ARG_ATTACH, |
261 | ARG_DETACH, | |
236d1fa2 | 262 | ARG_LOOP_REF, |
84be0c71 | 263 | ARG_IMAGE_POLICY, |
dee4a623 | 264 | ARG_VALIDATE, |
12d58b6c | 265 | ARG_MTREE_HASH, |
a2ea3b2f LP |
266 | }; |
267 | ||
268 | static const struct option options[] = { | |
c2923fdc LB |
269 | { "help", no_argument, NULL, 'h' }, |
270 | { "version", no_argument, NULL, ARG_VERSION }, | |
17547fb5 LP |
271 | { "no-pager", no_argument, NULL, ARG_NO_PAGER }, |
272 | { "no-legend", no_argument, NULL, ARG_NO_LEGEND }, | |
c2923fdc | 273 | { "mount", no_argument, NULL, 'm' }, |
ac1f1adf | 274 | { "umount", no_argument, NULL, 'u' }, |
07d6072e LP |
275 | { "attach", no_argument, NULL, ARG_ATTACH }, |
276 | { "detach", no_argument, NULL, ARG_DETACH }, | |
06186c4c | 277 | { "with", no_argument, NULL, ARG_WITH }, |
c2923fdc LB |
278 | { "read-only", no_argument, NULL, 'r' }, |
279 | { "discard", required_argument, NULL, ARG_DISCARD }, | |
c2923fdc | 280 | { "fsck", required_argument, NULL, ARG_FSCK }, |
74a54bae | 281 | { "growfs", required_argument, NULL, ARG_GROWFS }, |
89e62e0b | 282 | { "root-hash", required_argument, NULL, ARG_ROOT_HASH }, |
c2923fdc | 283 | { "root-hash-sig", required_argument, NULL, ARG_ROOT_HASH_SIG }, |
89e62e0b | 284 | { "verity-data", required_argument, NULL, ARG_VERITY_DATA }, |
5c05f062 | 285 | { "mkdir", no_argument, NULL, ARG_MKDIR }, |
ac1f1adf | 286 | { "rmdir", no_argument, NULL, ARG_RMDIR }, |
6c07d570 | 287 | { "in-memory", no_argument, NULL, ARG_IN_MEMORY }, |
0cf16924 | 288 | { "list", no_argument, NULL, 'l' }, |
db02190e | 289 | { "mtree", no_argument, NULL, ARG_MTREE }, |
33973b84 LP |
290 | { "copy-from", no_argument, NULL, 'x' }, |
291 | { "copy-to", no_argument, NULL, 'a' }, | |
de8231b0 | 292 | { "json", required_argument, NULL, ARG_JSON }, |
0305cf6e | 293 | { "discover", no_argument, NULL, ARG_DISCOVER }, |
236d1fa2 | 294 | { "loop-ref", required_argument, NULL, ARG_LOOP_REF }, |
84be0c71 | 295 | { "image-policy", required_argument, NULL, ARG_IMAGE_POLICY }, |
dee4a623 | 296 | { "validate", no_argument, NULL, ARG_VALIDATE }, |
12d58b6c | 297 | { "mtree-hash", required_argument, NULL, ARG_MTREE_HASH }, |
a2ea3b2f LP |
298 | {} |
299 | }; | |
300 | ||
06186c4c | 301 | _cleanup_free_ char **buf = NULL; /* we use free(), not strv_free() here, as we don't copy the strings here */ |
4623e8e6 | 302 | int c, r; |
a2ea3b2f LP |
303 | |
304 | assert(argc >= 0); | |
305 | assert(argv); | |
306 | ||
06186c4c LP |
307 | r = patch_argv(&argc, &argv, &buf); |
308 | if (r < 0) | |
309 | return r; | |
310 | ||
0cf16924 | 311 | while ((c = getopt_long(argc, argv, "hmurMUlxa", options, NULL)) >= 0) { |
a2ea3b2f LP |
312 | |
313 | switch (c) { | |
314 | ||
315 | case 'h': | |
5c05f062 | 316 | return help(); |
a2ea3b2f LP |
317 | |
318 | case ARG_VERSION: | |
319 | return version(); | |
320 | ||
17547fb5 LP |
321 | case ARG_NO_PAGER: |
322 | arg_pager_flags |= PAGER_DISABLE; | |
323 | break; | |
324 | ||
325 | case ARG_NO_LEGEND: | |
326 | arg_legend = false; | |
327 | break; | |
328 | ||
a2ea3b2f LP |
329 | case 'm': |
330 | arg_action = ACTION_MOUNT; | |
331 | break; | |
332 | ||
5c05f062 LP |
333 | case ARG_MKDIR: |
334 | arg_flags |= DISSECT_IMAGE_MKDIR; | |
335 | break; | |
336 | ||
337 | case 'M': | |
338 | /* Shortcut combination of the above two */ | |
339 | arg_action = ACTION_MOUNT; | |
340 | arg_flags |= DISSECT_IMAGE_MKDIR; | |
341 | break; | |
342 | ||
ac1f1adf DDM |
343 | case 'u': |
344 | arg_action = ACTION_UMOUNT; | |
345 | break; | |
346 | ||
347 | case ARG_RMDIR: | |
348 | arg_rmdir = true; | |
349 | break; | |
350 | ||
351 | case 'U': | |
352 | /* Shortcut combination of the above two */ | |
353 | arg_action = ACTION_UMOUNT; | |
354 | arg_rmdir = true; | |
355 | break; | |
356 | ||
07d6072e LP |
357 | case ARG_ATTACH: |
358 | arg_action = ACTION_ATTACH; | |
359 | break; | |
360 | ||
361 | case ARG_DETACH: | |
362 | arg_action = ACTION_DETACH; | |
363 | break; | |
364 | ||
0cf16924 AAF |
365 | case 'l': |
366 | arg_action = ACTION_LIST; | |
367 | arg_flags |= DISSECT_IMAGE_READ_ONLY; | |
368 | break; | |
369 | ||
db02190e LP |
370 | case ARG_MTREE: |
371 | arg_action = ACTION_MTREE; | |
372 | arg_flags |= DISSECT_IMAGE_READ_ONLY; | |
373 | break; | |
374 | ||
06186c4c LP |
375 | case ARG_WITH: |
376 | arg_action = ACTION_WITH; | |
377 | break; | |
378 | ||
33973b84 LP |
379 | case 'x': |
380 | arg_action = ACTION_COPY_FROM; | |
381 | arg_flags |= DISSECT_IMAGE_READ_ONLY; | |
382 | break; | |
383 | ||
384 | case 'a': | |
385 | arg_action = ACTION_COPY_TO; | |
386 | break; | |
387 | ||
a2ea3b2f | 388 | case 'r': |
18b5886e LP |
389 | arg_flags |= DISSECT_IMAGE_READ_ONLY; |
390 | break; | |
391 | ||
971e2ef0 ZJS |
392 | case ARG_DISCARD: { |
393 | DissectImageFlags flags; | |
394 | ||
18b5886e | 395 | if (streq(optarg, "disabled")) |
971e2ef0 | 396 | flags = 0; |
18b5886e | 397 | else if (streq(optarg, "loop")) |
971e2ef0 | 398 | flags = DISSECT_IMAGE_DISCARD_ON_LOOP; |
18b5886e | 399 | else if (streq(optarg, "all")) |
971e2ef0 | 400 | flags = DISSECT_IMAGE_DISCARD_ON_LOOP | DISSECT_IMAGE_DISCARD; |
18b5886e | 401 | else if (streq(optarg, "crypt")) |
971e2ef0 | 402 | flags = DISSECT_IMAGE_DISCARD_ANY; |
140788f7 LP |
403 | else if (streq(optarg, "list")) { |
404 | puts("disabled\n" | |
405 | "all\n" | |
406 | "crypt\n" | |
407 | "loop"); | |
408 | return 0; | |
409 | } else | |
baaa35ad ZJS |
410 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), |
411 | "Unknown --discard= parameter: %s", | |
412 | optarg); | |
971e2ef0 | 413 | arg_flags = (arg_flags & ~DISSECT_IMAGE_DISCARD_ANY) | flags; |
18b5886e | 414 | |
a2ea3b2f | 415 | break; |
971e2ef0 | 416 | } |
a2ea3b2f | 417 | |
6c07d570 LP |
418 | case ARG_IN_MEMORY: |
419 | arg_in_memory = true; | |
420 | break; | |
421 | ||
4623e8e6 | 422 | case ARG_ROOT_HASH: { |
89e62e0b | 423 | _cleanup_free_ void *p = NULL; |
4623e8e6 LP |
424 | size_t l; |
425 | ||
bdd2036e | 426 | r = unhexmem(optarg, &p, &l); |
4623e8e6 | 427 | if (r < 0) |
63cf2d75 | 428 | return log_error_errno(r, "Failed to parse root hash '%s': %m", optarg); |
89e62e0b LP |
429 | if (l < sizeof(sd_id128_t)) |
430 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
da890466 | 431 | "Root hash must be at least 128-bit long: %s", optarg); |
4623e8e6 | 432 | |
89e62e0b LP |
433 | free_and_replace(arg_verity_settings.root_hash, p); |
434 | arg_verity_settings.root_hash_size = l; | |
4623e8e6 LP |
435 | break; |
436 | } | |
437 | ||
c2923fdc LB |
438 | case ARG_ROOT_HASH_SIG: { |
439 | char *value; | |
89e62e0b LP |
440 | size_t l; |
441 | void *p; | |
c2923fdc LB |
442 | |
443 | if ((value = startswith(optarg, "base64:"))) { | |
bdd2036e | 444 | r = unbase64mem(value, &p, &l); |
c2923fdc LB |
445 | if (r < 0) |
446 | return log_error_errno(r, "Failed to parse root hash signature '%s': %m", optarg); | |
c2923fdc | 447 | } else { |
89e62e0b | 448 | r = read_full_file(optarg, (char**) &p, &l); |
c2923fdc | 449 | if (r < 0) |
89e62e0b | 450 | return log_error_errno(r, "Failed to read root hash signature file '%s': %m", optarg); |
c2923fdc LB |
451 | } |
452 | ||
89e62e0b LP |
453 | free_and_replace(arg_verity_settings.root_hash_sig, p); |
454 | arg_verity_settings.root_hash_sig_size = l; | |
c2923fdc LB |
455 | break; |
456 | } | |
457 | ||
89e62e0b | 458 | case ARG_VERITY_DATA: |
614b022c | 459 | r = parse_path_argument(optarg, false, &arg_verity_settings.data_path); |
89e62e0b LP |
460 | if (r < 0) |
461 | return r; | |
462 | break; | |
463 | ||
e475f729 LP |
464 | case ARG_FSCK: |
465 | r = parse_boolean(optarg); | |
466 | if (r < 0) | |
467 | return log_error_errno(r, "Failed to parse --fsck= parameter: %s", optarg); | |
468 | ||
469 | SET_FLAG(arg_flags, DISSECT_IMAGE_FSCK, r); | |
470 | break; | |
471 | ||
74a54bae LP |
472 | case ARG_GROWFS: |
473 | r = parse_boolean(optarg); | |
474 | if (r < 0) | |
475 | return log_error_errno(r, "Failed to parse --growfs= parameter: %s", optarg); | |
476 | ||
477 | SET_FLAG(arg_flags, DISSECT_IMAGE_GROWFS, r); | |
478 | break; | |
479 | ||
de8231b0 | 480 | case ARG_JSON: |
b1e8f46c | 481 | r = parse_json_argument(optarg, &arg_json_format_flags); |
6a01ea4a LP |
482 | if (r <= 0) |
483 | return r; | |
de8231b0 LP |
484 | |
485 | break; | |
486 | ||
0305cf6e LP |
487 | case ARG_DISCOVER: |
488 | arg_action = ACTION_DISCOVER; | |
489 | break; | |
490 | ||
236d1fa2 LP |
491 | case ARG_LOOP_REF: |
492 | if (isempty(optarg)) { | |
493 | arg_loop_ref = mfree(arg_loop_ref); | |
494 | break; | |
495 | } | |
496 | ||
497 | if (strlen(optarg) >= sizeof_field(struct loop_info64, lo_file_name)) | |
498 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Loop device ref string '%s' is too long.", optarg); | |
499 | ||
500 | r = free_and_strdup_warn(&arg_loop_ref, optarg); | |
501 | if (r < 0) | |
502 | return r; | |
503 | break; | |
504 | ||
06e78680 YW |
505 | case ARG_IMAGE_POLICY: |
506 | r = parse_image_policy_argument(optarg, &arg_image_policy); | |
84be0c71 | 507 | if (r < 0) |
06e78680 | 508 | return r; |
84be0c71 | 509 | break; |
84be0c71 | 510 | |
dee4a623 LP |
511 | case ARG_VALIDATE: |
512 | arg_action = ACTION_VALIDATE; | |
513 | break; | |
514 | ||
12d58b6c DDM |
515 | case ARG_MTREE_HASH: |
516 | r = parse_boolean_argument("--mtree-hash=", optarg, &arg_mtree_hash); | |
517 | if (r < 0) | |
518 | return r; | |
519 | break; | |
520 | ||
a2ea3b2f LP |
521 | case '?': |
522 | return -EINVAL; | |
523 | ||
524 | default: | |
04499a70 | 525 | assert_not_reached(); |
a2ea3b2f | 526 | } |
a2ea3b2f LP |
527 | } |
528 | ||
529 | switch (arg_action) { | |
530 | ||
531 | case ACTION_DISSECT: | |
baaa35ad ZJS |
532 | if (optind + 1 != argc) |
533 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
33973b84 | 534 | "Expected an image file path as only argument."); |
a2ea3b2f | 535 | |
2292fa1e | 536 | r = parse_image_path_argument(argv[optind], NULL, &arg_image); |
a3c3386e LP |
537 | if (r < 0) |
538 | return r; | |
539 | ||
598fd4da LP |
540 | /* when dumping image info be even more liberal than otherwise, do not even require a single valid partition */ |
541 | arg_flags |= DISSECT_IMAGE_READ_ONLY|DISSECT_IMAGE_ALLOW_EMPTY; | |
a2ea3b2f LP |
542 | break; |
543 | ||
544 | case ACTION_MOUNT: | |
baaa35ad ZJS |
545 | if (optind + 2 != argc) |
546 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
33973b84 | 547 | "Expected an image file path and mount point path as only arguments."); |
a2ea3b2f | 548 | |
2292fa1e | 549 | r = parse_image_path_argument(argv[optind], NULL, &arg_image); |
a3c3386e LP |
550 | if (r < 0) |
551 | return r; | |
552 | ||
553 | r = parse_path_argument(argv[optind+1], /* suppress_root= */ false, &arg_path); | |
554 | if (r < 0) | |
555 | return r; | |
556 | ||
166ff731 | 557 | arg_flags |= DISSECT_IMAGE_REQUIRE_ROOT; |
a2ea3b2f LP |
558 | break; |
559 | ||
ac1f1adf DDM |
560 | case ACTION_UMOUNT: |
561 | if (optind + 1 != argc) | |
562 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
563 | "Expected a mount point path as only argument."); | |
564 | ||
a3c3386e LP |
565 | r = parse_path_argument(argv[optind], /* suppress_root= */ false, &arg_path); |
566 | if (r < 0) | |
567 | return r; | |
ac1f1adf DDM |
568 | break; |
569 | ||
07d6072e LP |
570 | case ACTION_ATTACH: |
571 | if (optind + 1 != argc) | |
572 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
573 | "Expected an image file path as only argument."); | |
574 | ||
2292fa1e | 575 | r = parse_image_path_argument(argv[optind], NULL, &arg_image); |
a3c3386e LP |
576 | if (r < 0) |
577 | return r; | |
07d6072e LP |
578 | break; |
579 | ||
580 | case ACTION_DETACH: | |
581 | if (optind + 1 != argc) | |
582 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
583 | "Expected an image file path or loopback device as only argument."); | |
584 | ||
2292fa1e | 585 | r = parse_image_path_argument(argv[optind], NULL, &arg_image); |
a3c3386e LP |
586 | if (r < 0) |
587 | return r; | |
07d6072e LP |
588 | break; |
589 | ||
0cf16924 | 590 | case ACTION_LIST: |
db02190e | 591 | case ACTION_MTREE: |
0cf16924 AAF |
592 | if (optind + 1 != argc) |
593 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
2292fa1e | 594 | "Expected an image file or directory path as only argument."); |
0cf16924 | 595 | |
2292fa1e | 596 | r = parse_image_path_argument(argv[optind], &arg_root, &arg_image); |
a3c3386e LP |
597 | if (r < 0) |
598 | return r; | |
599 | ||
0cf16924 AAF |
600 | arg_flags |= DISSECT_IMAGE_READ_ONLY | DISSECT_IMAGE_REQUIRE_ROOT; |
601 | break; | |
602 | ||
33973b84 LP |
603 | case ACTION_COPY_FROM: |
604 | if (argc < optind + 2 || argc > optind + 3) | |
605 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
2292fa1e | 606 | "Expected an image file or directory path, a source path and an optional destination path as only arguments."); |
33973b84 | 607 | |
2292fa1e | 608 | r = parse_image_path_argument(argv[optind], &arg_root, &arg_image); |
a3c3386e LP |
609 | if (r < 0) |
610 | return r; | |
33973b84 LP |
611 | arg_source = argv[optind + 1]; |
612 | arg_target = argc > optind + 2 ? argv[optind + 2] : "-" /* this means stdout */ ; | |
613 | ||
166ff731 | 614 | arg_flags |= DISSECT_IMAGE_READ_ONLY | DISSECT_IMAGE_REQUIRE_ROOT; |
33973b84 LP |
615 | break; |
616 | ||
617 | case ACTION_COPY_TO: | |
618 | if (argc < optind + 2 || argc > optind + 3) | |
619 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
2292fa1e | 620 | "Expected an image file or directory path, an optional source path and a destination path as only arguments."); |
33973b84 | 621 | |
2292fa1e | 622 | r = parse_image_path_argument(argv[optind], &arg_root, &arg_image); |
a3c3386e LP |
623 | if (r < 0) |
624 | return r; | |
33973b84 LP |
625 | |
626 | if (argc > optind + 2) { | |
627 | arg_source = argv[optind + 1]; | |
628 | arg_target = argv[optind + 2]; | |
629 | } else { | |
630 | arg_source = "-"; /* this means stdin */ | |
631 | arg_target = argv[optind + 1]; | |
632 | } | |
633 | ||
166ff731 | 634 | arg_flags |= DISSECT_IMAGE_REQUIRE_ROOT; |
33973b84 LP |
635 | break; |
636 | ||
06186c4c LP |
637 | case ACTION_WITH: |
638 | if (optind >= argc) | |
639 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
640 | "Expected an image file path and an optional command line."); | |
641 | ||
2292fa1e | 642 | r = parse_image_path_argument(argv[optind], NULL, &arg_image); |
a3c3386e LP |
643 | if (r < 0) |
644 | return r; | |
645 | ||
06186c4c LP |
646 | if (argc > optind + 1) { |
647 | arg_argv = strv_copy(argv + optind + 1); | |
648 | if (!arg_argv) | |
649 | return log_oom(); | |
650 | } | |
651 | ||
652 | break; | |
653 | ||
0305cf6e LP |
654 | case ACTION_DISCOVER: |
655 | if (optind != argc) | |
656 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
657 | "Expected no argument."); | |
dee4a623 LP |
658 | break; |
659 | ||
660 | case ACTION_VALIDATE: | |
661 | if (optind + 1 != argc) | |
662 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
663 | "Expected an image file path as only argument."); | |
0305cf6e | 664 | |
2292fa1e | 665 | r = parse_image_path_argument(argv[optind], NULL, &arg_image); |
dee4a623 LP |
666 | if (r < 0) |
667 | return r; | |
668 | ||
669 | arg_flags |= DISSECT_IMAGE_READ_ONLY; | |
670 | arg_flags &= ~(DISSECT_IMAGE_PIN_PARTITION_DEVICES|DISSECT_IMAGE_ADD_PARTITION_DEVICES); | |
0305cf6e LP |
671 | break; |
672 | ||
a2ea3b2f | 673 | default: |
04499a70 | 674 | assert_not_reached(); |
a2ea3b2f LP |
675 | } |
676 | ||
677 | return 1; | |
678 | } | |
679 | ||
a164d9d5 LP |
680 | static int parse_argv_as_mount_helper(int argc, char *argv[]) { |
681 | const char *options = NULL; | |
682 | bool fake = false; | |
683 | int c, r; | |
684 | ||
685 | /* Implements util-linux "external helper" command line interface, as per mount(8) man page. */ | |
686 | ||
687 | while ((c = getopt(argc, argv, "sfnvN:o:t:")) >= 0) { | |
1d03d970 | 688 | switch (c) { |
a164d9d5 LP |
689 | |
690 | case 'f': | |
691 | fake = true; | |
692 | break; | |
693 | ||
694 | case 'o': | |
695 | options = optarg; | |
696 | break; | |
697 | ||
698 | case 't': | |
699 | if (!streq(optarg, "ddi")) | |
700 | log_debug("Unexpected file system type '%s', ignoring.", optarg); | |
701 | break; | |
702 | ||
703 | case 's': /* sloppy mount options */ | |
704 | case 'n': /* aka --no-mtab */ | |
705 | case 'v': /* aka --verbose */ | |
706 | log_debug("Ignoring option -%c, not implemented.", c); | |
707 | break; | |
708 | ||
709 | case 'N': /* aka --namespace= */ | |
710 | return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Option -%c is not implemented, refusing.", c); | |
711 | ||
712 | case '?': | |
713 | return -EINVAL; | |
714 | } | |
715 | } | |
716 | ||
717 | if (optind + 2 != argc) | |
718 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
719 | "Expected an image file path and target directory as only argument."); | |
720 | ||
721 | for (const char *p = options;;) { | |
722 | _cleanup_free_ char *word = NULL; | |
723 | ||
724 | r = extract_first_word(&p, &word, ",", EXTRACT_KEEP_QUOTE); | |
725 | if (r < 0) | |
726 | return log_error_errno(r, "Failed to extract mount option: %m"); | |
727 | if (r == 0) | |
728 | break; | |
729 | ||
730 | if (streq(word, "ro")) | |
731 | SET_FLAG(arg_flags, DISSECT_IMAGE_READ_ONLY, true); | |
732 | else if (streq(word, "rw")) | |
733 | SET_FLAG(arg_flags, DISSECT_IMAGE_READ_ONLY, false); | |
734 | else if (streq(word, "discard")) | |
735 | SET_FLAG(arg_flags, DISSECT_IMAGE_DISCARD_ANY, true); | |
736 | else if (streq(word, "nodiscard")) | |
737 | SET_FLAG(arg_flags, DISSECT_IMAGE_DISCARD_ANY, false); | |
738 | else | |
739 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), | |
740 | "Unknown mount option '%s'.", word); | |
741 | } | |
742 | ||
743 | if (fake) | |
744 | return 0; | |
745 | ||
a3c3386e LP |
746 | r = parse_path_argument(argv[optind], /* suppress_root= */ false, &arg_image); |
747 | if (r < 0) | |
748 | return r; | |
749 | ||
750 | r = parse_path_argument(argv[optind+1], /* suppress_root= */ false, &arg_path); | |
751 | if (r < 0) | |
752 | return r; | |
a164d9d5 LP |
753 | |
754 | arg_flags |= DISSECT_IMAGE_REQUIRE_ROOT; | |
755 | arg_action = ACTION_MOUNT; | |
756 | return 1; | |
757 | } | |
758 | ||
8570b98b | 759 | static void strv_pair_print(char **l, const char *prefix) { |
8570b98b LP |
760 | assert(prefix); |
761 | ||
7f5b2615 | 762 | STRV_FOREACH_PAIR(p, q, l) |
8570b98b LP |
763 | if (p == l) |
764 | printf("%s %s=%s\n", prefix, *p, *q); | |
765 | else | |
766 | printf("%*s %s=%s\n", (int) strlen(prefix), "", *p, *q); | |
8570b98b LP |
767 | } |
768 | ||
a81fe93e | 769 | static int get_extension_scopes(DissectedImage *m, ImageClass class, char ***ret_scopes) { |
994c9c70 | 770 | _cleanup_strv_free_ char **l = NULL; |
a81fe93e LP |
771 | const char *e, *field_name; |
772 | char **release_data; | |
994c9c70 LP |
773 | |
774 | assert(m); | |
775 | assert(ret_scopes); | |
776 | ||
a81fe93e LP |
777 | switch (class) { |
778 | ||
779 | case IMAGE_SYSEXT: | |
780 | release_data = m->sysext_release; | |
781 | field_name = "SYSEXT_SCOPE"; | |
782 | break; | |
783 | ||
784 | case IMAGE_CONFEXT: | |
785 | release_data = m->confext_release; | |
786 | field_name = "CONFEXT_SCOPE"; | |
787 | break; | |
788 | ||
789 | default: | |
790 | return -EINVAL; | |
791 | } | |
792 | ||
484d26da MG |
793 | /* If there's no extension-release file its not a system extension. Otherwise the SYSEXT_SCOPE |
794 | * field for sysext images and the CONFEXT_SCOPE field for confext images indicates which scope | |
795 | * it is for — and it defaults to "system" + "portable" if unset. */ | |
a81fe93e LP |
796 | |
797 | if (!release_data) { | |
994c9c70 LP |
798 | *ret_scopes = NULL; |
799 | return 0; | |
800 | } | |
801 | ||
a81fe93e | 802 | e = strv_env_pairs_get(release_data, field_name); |
994c9c70 LP |
803 | if (e) |
804 | l = strv_split(e, WHITESPACE); | |
805 | else | |
806 | l = strv_new("system", "portable"); | |
807 | if (!l) | |
808 | return -ENOMEM; | |
809 | ||
810 | *ret_scopes = TAKE_PTR(l); | |
811 | return 1; | |
812 | } | |
813 | ||
37e44c3f | 814 | static int action_dissect(DissectedImage *m, LoopDevice *d) { |
de8231b0 | 815 | _cleanup_(json_variant_unrefp) JsonVariant *v = NULL; |
37e44c3f | 816 | _cleanup_(table_unrefp) Table *t = NULL; |
cfb623b6 | 817 | _cleanup_free_ char *bn = NULL; |
de8231b0 | 818 | uint64_t size = UINT64_MAX; |
a2ea3b2f LP |
819 | int r; |
820 | ||
37e44c3f LP |
821 | assert(m); |
822 | assert(d); | |
a2ea3b2f | 823 | |
cfb623b6 LP |
824 | r = path_extract_filename(arg_image, &bn); |
825 | if (r < 0) | |
826 | return log_error_errno(r, "Failed to extract file name from image path '%s': %m", arg_image); | |
827 | ||
17547fb5 | 828 | if (arg_json_format_flags & (JSON_FORMAT_OFF|JSON_FORMAT_PRETTY|JSON_FORMAT_PRETTY_AUTO)) |
384c2c32 | 829 | pager_open(arg_pager_flags); |
17547fb5 | 830 | |
5b1b37c8 LP |
831 | if (arg_json_format_flags & JSON_FORMAT_OFF) { |
832 | printf(" Name: %s%s%s\n", | |
833 | ansi_highlight(), bn, ansi_normal()); | |
a2ea3b2f | 834 | |
5b1b37c8 LP |
835 | printf(" Size: %s\n", |
836 | FORMAT_BYTES(m->image_size)); | |
a2ea3b2f | 837 | |
5b1b37c8 LP |
838 | printf(" Sec. Size: %" PRIu32 "\n", |
839 | m->sector_size); | |
1d93c003 | 840 | |
66cd3537 LP |
841 | printf(" Arch.: %s\n", |
842 | strna(architecture_to_string(dissected_image_architecture(m)))); | |
2348043f | 843 | |
de8231b0 | 844 | putc('\n', stdout); |
66cd3537 LP |
845 | fflush(stdout); |
846 | } | |
1d93c003 | 847 | |
22847508 | 848 | r = dissected_image_acquire_metadata(m, 0); |
af8219d5 LP |
849 | if (r == -ENXIO) |
850 | return log_error_errno(r, "No root partition discovered."); | |
af8219d5 LP |
851 | if (r == -EUCLEAN) |
852 | return log_error_errno(r, "File system check of image failed."); | |
4f309abb LP |
853 | if (r == -EMEDIUMTYPE) |
854 | log_warning_errno(r, "Not a valid OS image, no os-release file included. Proceeding anyway."); | |
855 | else if (r == -EUNATCH) | |
af8219d5 LP |
856 | log_warning_errno(r, "OS image is encrypted, proceeding without showing OS image metadata."); |
857 | else if (r == -EBUSY) | |
858 | log_warning_errno(r, "OS image is currently in use, proceeding without showing OS image metadata."); | |
859 | else if (r < 0) | |
860 | return log_error_errno(r, "Failed to acquire image metadata: %m"); | |
6a01ea4a | 861 | else if (arg_json_format_flags & JSON_FORMAT_OFF) { |
994c9c70 | 862 | |
b387778c LP |
863 | if (!sd_id128_is_null(m->image_uuid)) |
864 | printf("Image UUID: %s\n", SD_ID128_TO_UUID_STRING(m->image_uuid)); | |
865 | ||
af8219d5 LP |
866 | if (m->hostname) |
867 | printf(" Hostname: %s\n", m->hostname); | |
a2ea3b2f | 868 | |
af8219d5 LP |
869 | if (!sd_id128_is_null(m->machine_id)) |
870 | printf("Machine ID: " SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(m->machine_id)); | |
a1edd22e | 871 | |
8570b98b LP |
872 | strv_pair_print(m->machine_info, |
873 | "Mach. Info:"); | |
874 | strv_pair_print(m->os_release, | |
875 | "OS Release:"); | |
fab22946 LP |
876 | strv_pair_print(m->initrd_release, |
877 | "initrd R.:"); | |
a81fe93e LP |
878 | strv_pair_print(m->sysext_release, |
879 | " sysext R.:"); | |
880 | strv_pair_print(m->confext_release, | |
881 | "confext R.:"); | |
7718ac97 | 882 | |
4f309abb LP |
883 | if (m->hostname || |
884 | !sd_id128_is_null(m->machine_id) || | |
885 | !strv_isempty(m->machine_info) || | |
8570b98b | 886 | !strv_isempty(m->os_release) || |
fab22946 | 887 | !strv_isempty(m->initrd_release) || |
a81fe93e LP |
888 | !strv_isempty(m->sysext_release) || |
889 | !strv_isempty(m->confext_release)) | |
4f309abb | 890 | putc('\n', stdout); |
994c9c70 | 891 | |
b2466e05 LP |
892 | printf(" Use As: %s bootable system for UEFI\n", |
893 | COLOR_MARK_BOOL(dissected_image_is_bootable_uefi(m))); | |
894 | printf(" %s bootable system for container\n", | |
895 | COLOR_MARK_BOOL(dissected_image_is_bootable_os(m))); | |
994c9c70 | 896 | printf(" %s portable service\n", |
b2466e05 | 897 | COLOR_MARK_BOOL(dissected_image_is_portable(m))); |
fab22946 | 898 | printf(" %s initrd\n", |
b2466e05 | 899 | COLOR_MARK_BOOL(dissected_image_is_initrd(m))); |
994c9c70 | 900 | |
a81fe93e LP |
901 | for (ImageClass c = _IMAGE_CLASS_EXTENSION_FIRST; c <= _IMAGE_CLASS_EXTENSION_LAST; c++) { |
902 | const char *string_class = image_class_to_string(c); | |
903 | _cleanup_strv_free_ char **extension_scopes = NULL; | |
994c9c70 | 904 | |
a81fe93e LP |
905 | r = get_extension_scopes(m, c, &extension_scopes); |
906 | if (r < 0) | |
907 | return log_error_errno(r, "Failed to parse scopes: %m"); | |
908 | ||
909 | printf(" %s %s for system\n", | |
910 | COLOR_MARK_BOOL(strv_contains(extension_scopes, "system")), string_class); | |
911 | printf(" %s %s for portable service\n", | |
912 | COLOR_MARK_BOOL(strv_contains(extension_scopes, "portable")), string_class); | |
913 | printf(" %s %s for initrd\n", | |
914 | COLOR_MARK_BOOL(strv_contains(extension_scopes, "initrd")), string_class); | |
915 | } | |
994c9c70 LP |
916 | |
917 | putc('\n', stdout); | |
4f309abb | 918 | } else { |
a81fe93e LP |
919 | _cleanup_strv_free_ char **sysext_scopes = NULL, **confext_scopes = NULL; |
920 | ||
921 | r = get_extension_scopes(m, IMAGE_SYSEXT, &sysext_scopes); | |
922 | if (r < 0) | |
923 | return log_error_errno(r, "Failed to parse sysext scopes: %m"); | |
de8231b0 | 924 | |
a81fe93e | 925 | r = get_extension_scopes(m, IMAGE_CONFEXT, &confext_scopes); |
994c9c70 | 926 | if (r < 0) |
a81fe93e | 927 | return log_error_errno(r, "Failed to parse confext scopes: %m"); |
994c9c70 | 928 | |
6e0b5cd3 LP |
929 | Architecture a = dissected_image_architecture(m); |
930 | ||
de8231b0 | 931 | r = json_build(&v, JSON_BUILD_OBJECT( |
cfb623b6 | 932 | JSON_BUILD_PAIR("name", JSON_BUILD_STRING(bn)), |
1c5cc6c5 | 933 | JSON_BUILD_PAIR_CONDITION(size != UINT64_MAX, "size", JSON_BUILD_INTEGER(size)), |
1d93c003 | 934 | JSON_BUILD_PAIR("sectorSize", JSON_BUILD_INTEGER(m->sector_size)), |
6e0b5cd3 | 935 | JSON_BUILD_PAIR_CONDITION(a >= 0, "architecture", JSON_BUILD_STRING(architecture_to_string(a))), |
1c5cc6c5 | 936 | JSON_BUILD_PAIR_CONDITION(!sd_id128_is_null(m->image_uuid), "imageUuid", JSON_BUILD_UUID(m->image_uuid)), |
de8231b0 LP |
937 | JSON_BUILD_PAIR_CONDITION(m->hostname, "hostname", JSON_BUILD_STRING(m->hostname)), |
938 | JSON_BUILD_PAIR_CONDITION(!sd_id128_is_null(m->machine_id), "machineId", JSON_BUILD_ID128(m->machine_id)), | |
e83d902b LP |
939 | JSON_BUILD_PAIR_CONDITION(!strv_isempty(m->machine_info), "machineInfo", JSON_BUILD_STRV_ENV_PAIR(m->machine_info)), |
940 | JSON_BUILD_PAIR_CONDITION(!strv_isempty(m->os_release), "osRelease", JSON_BUILD_STRV_ENV_PAIR(m->os_release)), | |
941 | JSON_BUILD_PAIR_CONDITION(!strv_isempty(m->initrd_release), "initrdRelease", JSON_BUILD_STRV_ENV_PAIR(m->initrd_release)), | |
a81fe93e LP |
942 | JSON_BUILD_PAIR_CONDITION(!strv_isempty(m->sysext_release), "sysextRelease", JSON_BUILD_STRV_ENV_PAIR(m->sysext_release)), |
943 | JSON_BUILD_PAIR_CONDITION(!strv_isempty(m->confext_release), "confextRelease", JSON_BUILD_STRV_ENV_PAIR(m->confext_release)), | |
b2466e05 LP |
944 | JSON_BUILD_PAIR("useBootableUefi", JSON_BUILD_BOOLEAN(dissected_image_is_bootable_uefi(m))), |
945 | JSON_BUILD_PAIR("useBootableContainer", JSON_BUILD_BOOLEAN(dissected_image_is_bootable_os(m))), | |
946 | JSON_BUILD_PAIR("useInitrd", JSON_BUILD_BOOLEAN(dissected_image_is_initrd(m))), | |
947 | JSON_BUILD_PAIR("usePortableService", JSON_BUILD_BOOLEAN(dissected_image_is_portable(m))), | |
a81fe93e LP |
948 | JSON_BUILD_PAIR("useSystemExtension", JSON_BUILD_BOOLEAN(strv_contains(sysext_scopes, "system"))), |
949 | JSON_BUILD_PAIR("useInitRDSystemExtension", JSON_BUILD_BOOLEAN(strv_contains(sysext_scopes, "initrd"))), | |
950 | JSON_BUILD_PAIR("usePortableSystemExtension", JSON_BUILD_BOOLEAN(strv_contains(sysext_scopes, "portable"))), | |
951 | JSON_BUILD_PAIR("useConfigurationExtension", JSON_BUILD_BOOLEAN(strv_contains(confext_scopes, "system"))), | |
952 | JSON_BUILD_PAIR("useInitRDConfigurationExtension", JSON_BUILD_BOOLEAN(strv_contains(confext_scopes, "initrd"))), | |
953 | JSON_BUILD_PAIR("usePortableConfigurationExtension", JSON_BUILD_BOOLEAN(strv_contains(confext_scopes, "portable"))))); | |
de8231b0 LP |
954 | if (r < 0) |
955 | return log_oom(); | |
956 | } | |
957 | ||
ee8e497d | 958 | t = table_new("rw", "designator", "partition uuid", "partition label", "fstype", "architecture", "verity", "growfs", "node", "partno"); |
37e44c3f LP |
959 | if (!t) |
960 | return log_oom(); | |
a1edd22e | 961 | |
c8b62cf6 | 962 | table_set_ersatz_string(t, TABLE_ERSATZ_DASH); |
748e87a7 | 963 | (void) table_set_align_percent(t, table_get_cell(t, 0, 9), 100); |
a2ea3b2f | 964 | |
64cd3d13 LP |
965 | /* Hide the device path if this is a loopback device that is not relinquished, since that means the |
966 | * device node is not going to be useful the instant our command exits */ | |
967 | if ((!d || d->created) && (arg_json_format_flags & JSON_FORMAT_OFF)) | |
968 | table_hide_column_from_display(t, 8); | |
969 | ||
569a0e42 | 970 | for (PartitionDesignator i = 0; i < _PARTITION_DESIGNATOR_MAX; i++) { |
37e44c3f | 971 | DissectedPartition *p = m->partitions + i; |
89d00f2e | 972 | |
37e44c3f LP |
973 | if (!p->found) |
974 | continue; | |
89d00f2e | 975 | |
37e44c3f LP |
976 | r = table_add_many( |
977 | t, | |
978 | TABLE_STRING, p->rw ? "rw" : "ro", | |
979 | TABLE_STRING, partition_designator_to_string(i)); | |
980 | if (r < 0) | |
981 | return table_log_add_error(r); | |
89d00f2e | 982 | |
37e44c3f LP |
983 | if (sd_id128_is_null(p->uuid)) |
984 | r = table_add_cell(t, NULL, TABLE_EMPTY, NULL); | |
985 | else | |
986 | r = table_add_cell(t, NULL, TABLE_UUID, &p->uuid); | |
987 | if (r < 0) | |
988 | return table_log_add_error(r); | |
89d00f2e | 989 | |
37e44c3f LP |
990 | r = table_add_many( |
991 | t, | |
1474d7ac | 992 | TABLE_STRING, p->label, |
37e44c3f LP |
993 | TABLE_STRING, p->fstype, |
994 | TABLE_STRING, architecture_to_string(p->architecture)); | |
995 | if (r < 0) | |
996 | return table_log_add_error(r); | |
997 | ||
89e62e0b | 998 | if (arg_verity_settings.data_path) |
37e44c3f | 999 | r = table_add_cell(t, NULL, TABLE_STRING, "external"); |
49536766 | 1000 | else if (dissected_image_verity_candidate(m, i)) |
8ee9615e LP |
1001 | r = table_add_cell(t, NULL, TABLE_STRING, |
1002 | dissected_image_verity_sig_ready(m, i) ? "signed" : | |
1003 | yes_no(dissected_image_verity_ready(m, i))); | |
37e44c3f LP |
1004 | else |
1005 | r = table_add_cell(t, NULL, TABLE_EMPTY, NULL); | |
1006 | if (r < 0) | |
1007 | return table_log_add_error(r); | |
89d00f2e | 1008 | |
ee8e497d LP |
1009 | r = table_add_many(t, TABLE_BOOLEAN, (int) p->growfs); |
1010 | if (r < 0) | |
1011 | return table_log_add_error(r); | |
1012 | ||
37e44c3f | 1013 | if (p->partno < 0) /* no partition table, naked file system */ { |
a3c3386e | 1014 | r = table_add_cell(t, NULL, TABLE_PATH_BASENAME, arg_image); |
89d00f2e LP |
1015 | if (r < 0) |
1016 | return table_log_add_error(r); | |
1017 | ||
37e44c3f LP |
1018 | r = table_add_cell(t, NULL, TABLE_EMPTY, NULL); |
1019 | } else { | |
1020 | r = table_add_cell(t, NULL, TABLE_STRING, p->node); | |
89d00f2e LP |
1021 | if (r < 0) |
1022 | return table_log_add_error(r); | |
1023 | ||
37e44c3f LP |
1024 | r = table_add_cell(t, NULL, TABLE_INT, &p->partno); |
1025 | } | |
1026 | if (r < 0) | |
1027 | return table_log_add_error(r); | |
1028 | } | |
89d00f2e | 1029 | |
6a01ea4a | 1030 | if (arg_json_format_flags & JSON_FORMAT_OFF) { |
17547fb5 LP |
1031 | (void) table_set_header(t, arg_legend); |
1032 | ||
1033 | r = table_print(t, NULL); | |
6a01ea4a LP |
1034 | if (r < 0) |
1035 | return table_log_print_error(r); | |
1036 | } else { | |
de8231b0 LP |
1037 | _cleanup_(json_variant_unrefp) JsonVariant *jt = NULL; |
1038 | ||
1039 | r = table_to_json(t, &jt); | |
1040 | if (r < 0) | |
1041 | return log_error_errno(r, "Failed to convert table to JSON: %m"); | |
1042 | ||
1043 | r = json_variant_set_field(&v, "mounts", jt); | |
1044 | if (r < 0) | |
1045 | return log_oom(); | |
1046 | ||
1047 | json_variant_dump(v, arg_json_format_flags, stdout, NULL); | |
de8231b0 | 1048 | } |
89d00f2e | 1049 | |
37e44c3f LP |
1050 | return 0; |
1051 | } | |
89d00f2e | 1052 | |
37e44c3f | 1053 | static int action_mount(DissectedImage *m, LoopDevice *d) { |
37e44c3f | 1054 | int r; |
89d00f2e | 1055 | |
37e44c3f LP |
1056 | assert(m); |
1057 | assert(d); | |
94abea2a | 1058 | assert(arg_action == ACTION_MOUNT); |
89d00f2e | 1059 | |
8d9a1d59 LP |
1060 | r = dissected_image_mount_and_warn( |
1061 | m, | |
1062 | arg_path, | |
1063 | /* uid_shift= */ UID_INVALID, | |
1064 | /* uid_range= */ UID_INVALID, | |
1065 | /* userns_fd= */ -EBADF, | |
1066 | arg_flags); | |
37e44c3f | 1067 | if (r < 0) |
af187ab2 | 1068 | return r; |
89d00f2e | 1069 | |
41bc4849 LP |
1070 | r = loop_device_flock(d, LOCK_UN); |
1071 | if (r < 0) | |
1072 | return log_error_errno(r, "Failed to unlock loopback block device: %m"); | |
1073 | ||
3044d343 YW |
1074 | r = dissected_image_relinquish(m); |
1075 | if (r < 0) | |
1076 | return log_error_errno(r, "Failed to relinquish DM and loopback block devices: %m"); | |
a2ea3b2f | 1077 | |
37e44c3f LP |
1078 | return 0; |
1079 | } | |
18b5886e | 1080 | |
0cf16924 AAF |
1081 | static int list_print_item( |
1082 | RecurseDirEvent event, | |
1083 | const char *path, | |
1084 | int dir_fd, | |
1085 | int inode_fd, | |
1086 | const struct dirent *de, | |
1087 | const struct statx *sx, | |
1088 | void *userdata) { | |
1089 | ||
167f2c1a | 1090 | assert(path); |
0cf16924 AAF |
1091 | |
1092 | if (event == RECURSE_DIR_ENTER) | |
bb69ec95 | 1093 | printf("%s%s/%s\n", path, ansi_grey(), ansi_normal()); |
0cf16924 AAF |
1094 | else if (event == RECURSE_DIR_ENTRY) |
1095 | printf("%s\n", path); | |
1096 | ||
1097 | return RECURSE_DIR_CONTINUE; | |
1098 | } | |
1099 | ||
db02190e | 1100 | static int get_file_sha256(int inode_fd, uint8_t ret[static SHA256_DIGEST_SIZE]) { |
254d1313 | 1101 | _cleanup_close_ int fd = -EBADF; |
db02190e LP |
1102 | struct sha256_ctx ctx; |
1103 | ||
1104 | /* convert O_PATH fd into a regular one */ | |
1105 | fd = fd_reopen(inode_fd, O_RDONLY|O_CLOEXEC); | |
1106 | if (fd < 0) | |
1107 | return fd; | |
1108 | ||
1109 | /* Calculating the SHA sum might be slow, hence let's flush STDOUT first, to give user an idea where we are slow. */ | |
1110 | fflush(stdout); | |
1111 | ||
1112 | sha256_init_ctx(&ctx); | |
1113 | ||
1114 | for (;;) { | |
1115 | uint8_t buffer[64 * 1024]; | |
1116 | ssize_t n; | |
1117 | ||
1118 | n = read(fd, buffer, sizeof(buffer)); | |
1119 | if (n < 0) | |
1120 | return -errno; | |
1121 | if (n == 0) | |
1122 | break; | |
1123 | ||
1124 | sha256_process_bytes(buffer, n, &ctx); | |
1125 | } | |
1126 | ||
1127 | sha256_finish_ctx(&ctx, ret); | |
1128 | return 0; | |
1129 | } | |
1130 | ||
12c0f4ff LP |
1131 | static const char *pick_color_for_uid_gid(uid_t uid) { |
1132 | if (uid == UID_NOBODY) | |
1133 | return ansi_highlight_yellow4(); /* files should never be owned by 'nobody' (but might happen due to userns mapping) */ | |
1134 | if (uid_is_system(uid)) | |
1135 | return ansi_normal(); /* files in disk images are typically owned by root and other system users, no issue there */ | |
1136 | if (uid_is_dynamic(uid)) | |
94d82b59 | 1137 | return ansi_highlight_red(); /* files should never be owned persistently by dynamic users, and there are just no excuses */ |
12c0f4ff LP |
1138 | if (uid_is_container(uid)) |
1139 | return ansi_highlight_cyan(); | |
1140 | ||
1141 | return ansi_highlight(); | |
1142 | } | |
1143 | ||
db02190e LP |
1144 | static int mtree_print_item( |
1145 | RecurseDirEvent event, | |
1146 | const char *path, | |
1147 | int dir_fd, | |
1148 | int inode_fd, | |
1149 | const struct dirent *de, | |
1150 | const struct statx *sx, | |
1151 | void *userdata) { | |
1152 | ||
01a33cf7 | 1153 | _cleanup_free_ char *escaped = NULL; |
db02190e LP |
1154 | int r; |
1155 | ||
167f2c1a | 1156 | assert(path); |
db02190e | 1157 | |
01a33cf7 YW |
1158 | if (!IN_SET(event, RECURSE_DIR_ENTER, RECURSE_DIR_ENTRY)) |
1159 | return RECURSE_DIR_CONTINUE; | |
db02190e | 1160 | |
01a33cf7 | 1161 | assert(sx); |
5ffa6a0a | 1162 | |
01a33cf7 YW |
1163 | if (isempty(path)) |
1164 | path = "."; | |
1165 | else { | |
1166 | /* BSD mtree uses either C or octal escaping, and covers whitespace, comments and glob characters. We use C style escaping and follow suit */ | |
1167 | path = escaped = xescape(path, WHITESPACE COMMENTS GLOB_CHARS); | |
1168 | if (!escaped) | |
1169 | return log_oom(); | |
1170 | } | |
db02190e | 1171 | |
01a33cf7 YW |
1172 | printf("%s", isempty(path) ? "." : path); |
1173 | ||
1174 | if (FLAGS_SET(sx->stx_mask, STATX_TYPE)) { | |
1175 | if (S_ISDIR(sx->stx_mode)) | |
1176 | printf("%s/%s", ansi_grey(), ansi_normal()); | |
1177 | ||
1178 | printf(" %stype=%s%s%s%s", | |
1179 | ansi_grey(), | |
1180 | ansi_normal(), | |
1181 | S_ISDIR(sx->stx_mode) ? ansi_highlight_blue() : | |
1182 | S_ISLNK(sx->stx_mode) ? ansi_highlight_cyan() : | |
1183 | (S_ISFIFO(sx->stx_mode) || S_ISCHR(sx->stx_mode) || S_ISBLK(sx->stx_mode)) ? ansi_highlight_yellow4() : | |
1184 | S_ISSOCK(sx->stx_mode) ? ansi_highlight_magenta() : "", | |
1185 | ASSERT_PTR(S_ISDIR(sx->stx_mode) ? "dir" : | |
1186 | S_ISREG(sx->stx_mode) ? "file" : | |
1187 | S_ISLNK(sx->stx_mode) ? "link" : | |
1188 | S_ISFIFO(sx->stx_mode) ? "fifo" : | |
1189 | S_ISBLK(sx->stx_mode) ? "block" : | |
1190 | S_ISCHR(sx->stx_mode) ? "char" : | |
1191 | S_ISSOCK(sx->stx_mode) ? "socket" : NULL), | |
1192 | ansi_normal()); | |
1193 | } | |
db02190e | 1194 | |
01a33cf7 YW |
1195 | if (FLAGS_SET(sx->stx_mask, STATX_MODE) && (!FLAGS_SET(sx->stx_mask, STATX_TYPE) || !S_ISLNK(sx->stx_mode))) |
1196 | printf(" %smode=%s%04o", | |
1197 | ansi_grey(), | |
1198 | ansi_normal(), | |
1199 | (unsigned) (sx->stx_mode & 0777)); | |
1200 | ||
1201 | if (FLAGS_SET(sx->stx_mask, STATX_UID)) | |
12c0f4ff | 1202 | printf(" %suid=%s" UID_FMT "%s", |
01a33cf7 | 1203 | ansi_grey(), |
12c0f4ff LP |
1204 | pick_color_for_uid_gid(sx->stx_uid), |
1205 | sx->stx_uid, | |
1206 | ansi_normal()); | |
01a33cf7 YW |
1207 | |
1208 | if (FLAGS_SET(sx->stx_mask, STATX_GID)) | |
12c0f4ff | 1209 | printf(" %sgid=%s" GID_FMT "%s", |
01a33cf7 | 1210 | ansi_grey(), |
12c0f4ff LP |
1211 | pick_color_for_uid_gid(sx->stx_gid), |
1212 | sx->stx_gid, | |
1213 | ansi_normal()); | |
01a33cf7 YW |
1214 | |
1215 | if (FLAGS_SET(sx->stx_mask, STATX_TYPE|STATX_SIZE) && S_ISREG(sx->stx_mode)) { | |
1216 | printf(" %ssize=%s%" PRIu64, | |
1217 | ansi_grey(), | |
1218 | ansi_normal(), | |
1219 | (uint64_t) sx->stx_size); | |
1220 | ||
12d58b6c | 1221 | if (arg_mtree_hash && inode_fd >= 0 && sx->stx_size > 0) { |
01a33cf7 YW |
1222 | uint8_t hash[SHA256_DIGEST_SIZE]; |
1223 | ||
1224 | r = get_file_sha256(inode_fd, hash); | |
db02190e | 1225 | if (r < 0) |
01a33cf7 | 1226 | log_warning_errno(r, "Failed to calculate file SHA256 sum for '%s', ignoring: %m", path); |
db02190e | 1227 | else { |
01a33cf7 | 1228 | _cleanup_free_ char *h = NULL; |
db02190e | 1229 | |
01a33cf7 YW |
1230 | h = hexmem(hash, sizeof(hash)); |
1231 | if (!h) | |
db02190e LP |
1232 | return log_oom(); |
1233 | ||
01a33cf7 | 1234 | printf(" %ssha256sum=%s%s", |
db02190e LP |
1235 | ansi_grey(), |
1236 | ansi_normal(), | |
01a33cf7 | 1237 | h); |
db02190e LP |
1238 | } |
1239 | } | |
01a33cf7 | 1240 | } |
db02190e | 1241 | |
01a33cf7 YW |
1242 | if (FLAGS_SET(sx->stx_mask, STATX_TYPE) && S_ISLNK(sx->stx_mode) && inode_fd >= 0) { |
1243 | _cleanup_free_ char *target = NULL; | |
1244 | ||
1245 | r = readlinkat_malloc(inode_fd, "", &target); | |
1246 | if (r < 0) | |
1247 | log_warning_errno(r, "Failed to read symlink '%s', ignoring: %m", path); | |
1248 | else { | |
1249 | _cleanup_free_ char *target_escaped = NULL; | |
1250 | ||
1251 | target_escaped = xescape(target, WHITESPACE COMMENTS GLOB_CHARS); | |
1252 | if (!target_escaped) | |
1253 | return log_oom(); | |
1254 | ||
1255 | printf(" %slink=%s%s", | |
db02190e LP |
1256 | ansi_grey(), |
1257 | ansi_normal(), | |
01a33cf7 YW |
1258 | target_escaped); |
1259 | } | |
db02190e LP |
1260 | } |
1261 | ||
01a33cf7 YW |
1262 | if (FLAGS_SET(sx->stx_mask, STATX_TYPE) && (S_ISBLK(sx->stx_mode) || S_ISCHR(sx->stx_mode))) |
1263 | printf(" %sdevice=%slinux,%" PRIu64 ",%" PRIu64, | |
1264 | ansi_grey(), | |
1265 | ansi_normal(), | |
1266 | (uint64_t) sx->stx_rdev_major, | |
1267 | (uint64_t) sx->stx_rdev_minor); | |
1268 | ||
1269 | printf("\n"); | |
1270 | ||
db02190e LP |
1271 | return RECURSE_DIR_CONTINUE; |
1272 | } | |
1273 | ||
1274 | static int action_list_or_mtree_or_copy(DissectedImage *m, LoopDevice *d) { | |
37e44c3f | 1275 | _cleanup_(umount_and_rmdir_and_freep) char *mounted_dir = NULL; |
37e44c3f LP |
1276 | _cleanup_(rmdir_and_freep) char *created_dir = NULL; |
1277 | _cleanup_free_ char *temp = NULL; | |
2292fa1e | 1278 | const char *root; |
37e44c3f | 1279 | int r; |
a2ea3b2f | 1280 | |
94abea2a | 1281 | assert(IN_SET(arg_action, ACTION_LIST, ACTION_MTREE, ACTION_COPY_FROM, ACTION_COPY_TO)); |
a2ea3b2f | 1282 | |
2292fa1e DDM |
1283 | if (arg_image) { |
1284 | assert(m); | |
1285 | assert(d); | |
33973b84 | 1286 | |
2292fa1e DDM |
1287 | r = detach_mount_namespace(); |
1288 | if (r < 0) | |
1289 | return log_error_errno(r, "Failed to detach mount namespace: %m"); | |
33973b84 | 1290 | |
2292fa1e DDM |
1291 | r = tempfn_random_child(NULL, program_invocation_short_name, &temp); |
1292 | if (r < 0) | |
1293 | return log_error_errno(r, "Failed to generate temporary mount directory: %m"); | |
33973b84 | 1294 | |
2292fa1e DDM |
1295 | r = mkdir_p(temp, 0700); |
1296 | if (r < 0) | |
1297 | return log_error_errno(r, "Failed to create mount point: %m"); | |
37e44c3f | 1298 | |
2292fa1e | 1299 | created_dir = TAKE_PTR(temp); |
33973b84 | 1300 | |
8d9a1d59 LP |
1301 | r = dissected_image_mount_and_warn( |
1302 | m, | |
1303 | created_dir, | |
1304 | /* uid_shift= */ UID_INVALID, | |
1305 | /* uid_range= */ UID_INVALID, | |
1306 | /* userns_fd= */ -EBADF, | |
1307 | arg_flags); | |
2292fa1e DDM |
1308 | if (r < 0) |
1309 | return r; | |
33973b84 | 1310 | |
2292fa1e | 1311 | mounted_dir = TAKE_PTR(created_dir); |
41bc4849 | 1312 | |
2292fa1e DDM |
1313 | r = loop_device_flock(d, LOCK_UN); |
1314 | if (r < 0) | |
1315 | return log_error_errno(r, "Failed to unlock loopback block device: %m"); | |
1316 | ||
1317 | r = dissected_image_relinquish(m); | |
1318 | if (r < 0) | |
1319 | return log_error_errno(r, "Failed to relinquish DM and loopback block devices: %m"); | |
1320 | } | |
1321 | ||
1322 | root = mounted_dir ?: arg_root; | |
33973b84 | 1323 | |
b7df8622 LP |
1324 | switch (arg_action) { |
1325 | ||
1326 | case ACTION_COPY_FROM: { | |
254d1313 | 1327 | _cleanup_close_ int source_fd = -EBADF, target_fd = -EBADF; |
33973b84 | 1328 | |
2292fa1e | 1329 | source_fd = chase_and_open(arg_source, root, CHASE_PREFIX_ROOT|CHASE_WARN, O_RDONLY|O_CLOEXEC|O_NOCTTY, NULL); |
37e44c3f LP |
1330 | if (source_fd < 0) |
1331 | return log_error_errno(source_fd, "Failed to open source path '%s' in image '%s': %m", arg_source, arg_image); | |
1332 | ||
1333 | /* Copying to stdout? */ | |
1334 | if (streq(arg_target, "-")) { | |
f5fbe71d | 1335 | r = copy_bytes(source_fd, STDOUT_FILENO, UINT64_MAX, COPY_REFLINK); |
33973b84 | 1336 | if (r < 0) |
37e44c3f LP |
1337 | return log_error_errno(r, "Failed to copy bytes from %s in mage '%s' to stdout: %m", arg_source, arg_image); |
1338 | ||
38db55ab | 1339 | /* When we copy to stdout we don't copy any attributes (i.e. no access mode, no ownership, no xattr, no times) */ |
37e44c3f | 1340 | return 0; |
33973b84 LP |
1341 | } |
1342 | ||
37e44c3f | 1343 | /* Try to copy as directory? */ |
f9f70e06 | 1344 | r = copy_directory_at(source_fd, NULL, AT_FDCWD, arg_target, COPY_REFLINK|COPY_MERGE_EMPTY|COPY_SIGINT|COPY_HARDLINKS); |
37e44c3f LP |
1345 | if (r >= 0) |
1346 | return 0; | |
1347 | if (r != -ENOTDIR) | |
1348 | return log_error_errno(r, "Failed to copy %s in image '%s' to '%s': %m", arg_source, arg_image, arg_target); | |
1349 | ||
1350 | r = fd_verify_regular(source_fd); | |
1351 | if (r == -EISDIR) | |
1352 | return log_error_errno(r, "Target '%s' exists already and is not a directory.", arg_target); | |
1353 | if (r < 0) | |
1354 | return log_error_errno(r, "Source path %s in image '%s' is neither regular file nor directory, refusing: %m", arg_source, arg_image); | |
33973b84 | 1355 | |
37e44c3f LP |
1356 | /* Nah, it's a plain file! */ |
1357 | target_fd = open(arg_target, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0600); | |
1358 | if (target_fd < 0) | |
1359 | return log_error_errno(errno, "Failed to create regular file at target path '%s': %m", arg_target); | |
33973b84 | 1360 | |
f5fbe71d | 1361 | r = copy_bytes(source_fd, target_fd, UINT64_MAX, COPY_REFLINK); |
37e44c3f LP |
1362 | if (r < 0) |
1363 | return log_error_errno(r, "Failed to copy bytes from %s in mage '%s' to '%s': %m", arg_source, arg_image, arg_target); | |
33973b84 | 1364 | |
c17cfe6e | 1365 | (void) copy_xattr(source_fd, NULL, target_fd, NULL, 0); |
37e44c3f LP |
1366 | (void) copy_access(source_fd, target_fd); |
1367 | (void) copy_times(source_fd, target_fd, 0); | |
33973b84 | 1368 | |
37e44c3f | 1369 | /* When this is a regular file we don't copy ownership! */ |
b7df8622 LP |
1370 | return 0; |
1371 | } | |
33973b84 | 1372 | |
b7df8622 | 1373 | case ACTION_COPY_TO: { |
254d1313 | 1374 | _cleanup_close_ int source_fd = -EBADF, target_fd = -EBADF, dfd = -EBADF; |
cfb623b6 | 1375 | _cleanup_free_ char *dn = NULL, *bn = NULL; |
83802e9a | 1376 | bool is_dir; |
33973b84 | 1377 | |
45519d13 LP |
1378 | r = path_extract_directory(arg_target, &dn); |
1379 | if (r < 0) | |
cfb623b6 LP |
1380 | return log_error_errno(r, "Failed to extract directory from target path '%s': %m", arg_target); |
1381 | r = path_extract_filename(arg_target, &bn); | |
1382 | if (r < 0) | |
1383 | return log_error_errno(r, "Failed to extract filename from target path '%s': %m", arg_target); | |
83802e9a | 1384 | is_dir = r == O_DIRECTORY; |
37e44c3f | 1385 | |
2292fa1e | 1386 | r = chase(dn, root, CHASE_PREFIX_ROOT|CHASE_WARN, NULL, &dfd); |
37e44c3f LP |
1387 | if (r < 0) |
1388 | return log_error_errno(r, "Failed to open '%s': %m", dn); | |
33973b84 | 1389 | |
37e44c3f LP |
1390 | /* Are we reading from stdin? */ |
1391 | if (streq(arg_source, "-")) { | |
83802e9a LP |
1392 | if (is_dir) |
1393 | return log_error_errno(SYNTHETIC_ERRNO(EISDIR), "Cannot copy STDIN to a directory, refusing."); | |
1394 | ||
cfb623b6 | 1395 | target_fd = openat(dfd, bn, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_EXCL, 0644); |
33973b84 | 1396 | if (target_fd < 0) |
37e44c3f | 1397 | return log_error_errno(errno, "Failed to open target file '%s': %m", arg_target); |
33973b84 | 1398 | |
f5fbe71d | 1399 | r = copy_bytes(STDIN_FILENO, target_fd, UINT64_MAX, COPY_REFLINK); |
33973b84 | 1400 | if (r < 0) |
37e44c3f | 1401 | return log_error_errno(r, "Failed to copy bytes from stdin to '%s' in image '%s': %m", arg_target, arg_image); |
33973b84 | 1402 | |
37e44c3f LP |
1403 | /* When we copy from stdin we don't copy any attributes (i.e. no access mode, no ownership, no xattr, no times) */ |
1404 | return 0; | |
1405 | } | |
33973b84 | 1406 | |
37e44c3f LP |
1407 | source_fd = open(arg_source, O_RDONLY|O_CLOEXEC|O_NOCTTY); |
1408 | if (source_fd < 0) | |
1409 | return log_error_errno(source_fd, "Failed to open source path '%s': %m", arg_source); | |
33973b84 | 1410 | |
37e44c3f LP |
1411 | r = fd_verify_regular(source_fd); |
1412 | if (r < 0) { | |
1413 | if (r != -EISDIR) | |
1414 | return log_error_errno(r, "Source '%s' is neither regular file nor directory: %m", arg_source); | |
33973b84 | 1415 | |
37e44c3f | 1416 | /* We are looking at a directory. */ |
33973b84 | 1417 | |
cfb623b6 | 1418 | target_fd = openat(dfd, bn, O_RDONLY|O_DIRECTORY|O_CLOEXEC); |
37e44c3f LP |
1419 | if (target_fd < 0) { |
1420 | if (errno != ENOENT) | |
1421 | return log_error_errno(errno, "Failed to open destination '%s': %m", arg_target); | |
33973b84 | 1422 | |
ad6fae7f | 1423 | r = copy_tree_at(source_fd, ".", dfd, bn, UID_INVALID, GID_INVALID, COPY_REFLINK|COPY_REPLACE|COPY_SIGINT|COPY_HARDLINKS, NULL, NULL); |
37e44c3f | 1424 | } else |
ad6fae7f | 1425 | r = copy_tree_at(source_fd, ".", target_fd, ".", UID_INVALID, GID_INVALID, COPY_REFLINK|COPY_REPLACE|COPY_SIGINT|COPY_HARDLINKS, NULL, NULL); |
33973b84 | 1426 | if (r < 0) |
37e44c3f | 1427 | return log_error_errno(r, "Failed to copy '%s' to '%s' in image '%s': %m", arg_source, arg_target, arg_image); |
33973b84 | 1428 | |
37e44c3f LP |
1429 | return 0; |
1430 | } | |
33973b84 | 1431 | |
83802e9a LP |
1432 | if (is_dir) |
1433 | return log_error_errno(SYNTHETIC_ERRNO(EISDIR), "Source is a regular file, but target is not, refusing."); | |
1434 | ||
37e44c3f | 1435 | /* We area looking at a regular file */ |
83802e9a | 1436 | target_fd = openat(dfd, bn, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_EXCL, 0600); |
37e44c3f LP |
1437 | if (target_fd < 0) |
1438 | return log_error_errno(errno, "Failed to open target file '%s': %m", arg_target); | |
33973b84 | 1439 | |
f5fbe71d | 1440 | r = copy_bytes(source_fd, target_fd, UINT64_MAX, COPY_REFLINK); |
37e44c3f LP |
1441 | if (r < 0) |
1442 | return log_error_errno(r, "Failed to copy bytes from '%s' to '%s' in image '%s': %m", arg_source, arg_target, arg_image); | |
33973b84 | 1443 | |
c17cfe6e | 1444 | (void) copy_xattr(source_fd, NULL, target_fd, NULL, 0); |
37e44c3f LP |
1445 | (void) copy_access(source_fd, target_fd); |
1446 | (void) copy_times(source_fd, target_fd, 0); | |
33973b84 | 1447 | |
37e44c3f | 1448 | /* When this is a regular file we don't copy ownership! */ |
b7df8622 LP |
1449 | return 0; |
1450 | } | |
0cf16924 | 1451 | |
b7df8622 LP |
1452 | case ACTION_LIST: |
1453 | case ACTION_MTREE: { | |
254d1313 | 1454 | _cleanup_close_ int dfd = -EBADF; |
0cf16924 | 1455 | |
2292fa1e | 1456 | dfd = open(root, O_DIRECTORY|O_CLOEXEC|O_RDONLY); |
0cf16924 AAF |
1457 | if (dfd < 0) |
1458 | return log_error_errno(errno, "Failed to open mount directory: %m"); | |
1459 | ||
2e1f76f6 LP |
1460 | pager_open(arg_pager_flags); |
1461 | ||
db02190e LP |
1462 | if (arg_action == ACTION_LIST) |
1463 | r = recurse_dir(dfd, NULL, 0, UINT_MAX, RECURSE_DIR_SORT, list_print_item, NULL); | |
1464 | else if (arg_action == ACTION_MTREE) | |
1465 | r = recurse_dir(dfd, ".", STATX_TYPE|STATX_MODE|STATX_UID|STATX_GID|STATX_SIZE, UINT_MAX, RECURSE_DIR_SORT|RECURSE_DIR_INODE_FD|RECURSE_DIR_TOPLEVEL, mtree_print_item, NULL); | |
1466 | else | |
1467 | assert_not_reached(); | |
0cf16924 AAF |
1468 | if (r < 0) |
1469 | return log_error_errno(r, "Failed to list image: %m"); | |
b7df8622 | 1470 | return 0; |
37e44c3f | 1471 | } |
33973b84 | 1472 | |
b7df8622 LP |
1473 | default: |
1474 | assert_not_reached(); | |
1475 | } | |
37e44c3f | 1476 | } |
33973b84 | 1477 | |
ac1f1adf | 1478 | static int action_umount(const char *path) { |
254d1313 | 1479 | _cleanup_close_ int fd = -EBADF; |
040d3439 | 1480 | _cleanup_free_ char *canonical = NULL; |
ac1f1adf | 1481 | _cleanup_(loop_device_unrefp) LoopDevice *d = NULL; |
040d3439 | 1482 | _cleanup_(sd_device_unrefp) sd_device *dev = NULL; |
e8383058 | 1483 | int r; |
ac1f1adf | 1484 | |
f461a28d | 1485 | fd = chase_and_open(path, NULL, 0, O_DIRECTORY, &canonical); |
ac1f1adf DDM |
1486 | if (fd == -ENOTDIR) |
1487 | return log_error_errno(SYNTHETIC_ERRNO(ENOTDIR), "'%s' is not a directory", path); | |
1488 | if (fd < 0) | |
1489 | return log_error_errno(fd, "Failed to resolve path '%s': %m", path); | |
1490 | ||
1491 | r = fd_is_mount_point(fd, NULL, 0); | |
1492 | if (r == 0) | |
1493 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "'%s' is not a mount point", canonical); | |
1494 | if (r < 0) | |
1495 | return log_error_errno(r, "Failed to determine whether '%s' is a mount point: %m", canonical); | |
1496 | ||
040d3439 | 1497 | r = block_device_new_from_fd(fd, BLOCK_DEVICE_LOOKUP_WHOLE_DISK | BLOCK_DEVICE_LOOKUP_BACKING, &dev); |
41a95b18 | 1498 | if (r < 0) { |
254d1313 | 1499 | _cleanup_close_ int usr_fd = -EBADF; |
41a95b18 YW |
1500 | |
1501 | /* The command `systemd-dissect --mount` expects that the image at least has the root or /usr | |
1502 | * partition. If it does not have the root partition, then we mount the /usr partition on a | |
1503 | * tmpfs. Hence, let's try to find the backing block device through the /usr partition. */ | |
1504 | ||
1505 | usr_fd = openat(fd, "usr", O_CLOEXEC | O_DIRECTORY | O_NOFOLLOW); | |
1506 | if (usr_fd < 0) | |
1507 | return log_error_errno(errno, "Failed to open '%s/usr': %m", canonical); | |
1508 | ||
1509 | r = block_device_new_from_fd(usr_fd, BLOCK_DEVICE_LOOKUP_WHOLE_DISK | BLOCK_DEVICE_LOOKUP_BACKING, &dev); | |
1510 | } | |
ac1f1adf DDM |
1511 | if (r < 0) |
1512 | return log_error_errno(r, "Failed to find backing block device for '%s': %m", canonical); | |
1513 | ||
040d3439 | 1514 | r = loop_device_open(dev, 0, LOCK_EX, &d); |
ac1f1adf | 1515 | if (r < 0) |
040d3439 | 1516 | return log_device_error_errno(dev, r, "Failed to open loopback block device: %m"); |
ac1f1adf | 1517 | |
ac1f1adf DDM |
1518 | /* We've locked the loop device, now we're ready to unmount. To allow the unmount to succeed, we have |
1519 | * to close the O_PATH fd we opened earlier. */ | |
1520 | fd = safe_close(fd); | |
1521 | ||
1522 | r = umount_recursive(canonical, 0); | |
1523 | if (r < 0) | |
1524 | return log_error_errno(r, "Failed to unmount '%s': %m", canonical); | |
1525 | ||
0b75493d | 1526 | /* We managed to lock and unmount successfully? That means we can try to remove the loop device. */ |
ac1f1adf DDM |
1527 | loop_device_unrelinquish(d); |
1528 | ||
1529 | if (arg_rmdir) { | |
e8383058 LP |
1530 | r = RET_NERRNO(rmdir(canonical)); |
1531 | if (r < 0) | |
1532 | return log_error_errno(r, "Failed to remove mount directory '%s': %m", canonical); | |
ac1f1adf | 1533 | } |
ac1f1adf | 1534 | |
e8383058 | 1535 | return 0; |
ac1f1adf DDM |
1536 | } |
1537 | ||
06186c4c LP |
1538 | static int action_with(DissectedImage *m, LoopDevice *d) { |
1539 | _cleanup_(umount_and_rmdir_and_freep) char *mounted_dir = NULL; | |
1540 | _cleanup_(rmdir_and_freep) char *created_dir = NULL; | |
1541 | _cleanup_free_ char *temp = NULL; | |
1542 | int r, rcode; | |
1543 | ||
94abea2a LP |
1544 | assert(m); |
1545 | assert(d); | |
1546 | assert(arg_action == ACTION_WITH); | |
06186c4c LP |
1547 | |
1548 | r = tempfn_random_child(NULL, program_invocation_short_name, &temp); | |
1549 | if (r < 0) | |
1550 | return log_error_errno(r, "Failed to generate temporary mount directory: %m"); | |
1551 | ||
1552 | r = mkdir_p(temp, 0700); | |
1553 | if (r < 0) | |
1554 | return log_error_errno(r, "Failed to create mount point: %m"); | |
1555 | ||
1556 | created_dir = TAKE_PTR(temp); | |
1557 | ||
8d9a1d59 LP |
1558 | r = dissected_image_mount_and_warn( |
1559 | m, | |
1560 | created_dir, | |
1561 | /* uid_shift= */ UID_INVALID, | |
1562 | /* uid_range= */ UID_INVALID, | |
1563 | /* userns_fd= */ -EBADF, | |
1564 | arg_flags); | |
06186c4c LP |
1565 | if (r < 0) |
1566 | return r; | |
1567 | ||
1568 | mounted_dir = TAKE_PTR(created_dir); | |
1569 | ||
1570 | r = dissected_image_relinquish(m); | |
1571 | if (r < 0) | |
1572 | return log_error_errno(r, "Failed to relinquish DM and loopback block devices: %m"); | |
1573 | ||
1574 | r = loop_device_flock(d, LOCK_UN); | |
1575 | if (r < 0) | |
1576 | return log_error_errno(r, "Failed to unlock loopback block device: %m"); | |
1577 | ||
1578 | rcode = safe_fork("(with)", FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_WAIT, NULL); | |
1579 | if (rcode == 0) { | |
1580 | /* Child */ | |
1581 | ||
1582 | if (chdir(mounted_dir) < 0) { | |
1583 | log_error_errno(errno, "Failed to change to '%s' directory: %m", mounted_dir); | |
1584 | _exit(EXIT_FAILURE); | |
1585 | } | |
1586 | ||
1587 | if (setenv("SYSTEMD_DISSECT_ROOT", mounted_dir, /* overwrite= */ true) < 0) { | |
1588 | log_error_errno(errno, "Failed to set $SYSTEMD_DISSECT_ROOT: %m"); | |
1589 | _exit(EXIT_FAILURE); | |
1590 | } | |
1591 | ||
47838b55 DDM |
1592 | if (setenv("SYSTEMD_DISSECT_DEVICE", d->node, /* overwrite= */ true) < 0) { |
1593 | log_error_errno(errno, "Failed to set $SYSTEMD_DISSECT_DEVICE: %m"); | |
1594 | _exit(EXIT_FAILURE); | |
1595 | } | |
1596 | ||
06186c4c LP |
1597 | if (strv_isempty(arg_argv)) { |
1598 | const char *sh; | |
1599 | ||
1600 | sh = secure_getenv("SHELL"); | |
1601 | if (sh) { | |
1602 | execvp(sh, STRV_MAKE(sh)); | |
1603 | log_warning_errno(errno, "Failed to execute $SHELL, falling back to /bin/sh: %m"); | |
1604 | } | |
1605 | ||
1606 | execl("/bin/sh", "sh", NULL); | |
1607 | log_error_errno(errno, "Failed to invoke /bin/sh: %m"); | |
1608 | } else { | |
1609 | execvp(arg_argv[0], arg_argv); | |
1610 | log_error_errno(errno, "Failed to execute '%s': %m", arg_argv[0]); | |
1611 | } | |
1612 | ||
1613 | _exit(EXIT_FAILURE); | |
1614 | } | |
1615 | ||
1616 | /* Let's manually detach everything, to make things synchronous */ | |
1617 | r = loop_device_flock(d, LOCK_SH); | |
1618 | if (r < 0) | |
1619 | log_warning_errno(r, "Failed to lock loopback block device, ignoring: %m"); | |
1620 | ||
1621 | r = umount_recursive(mounted_dir, 0); | |
1622 | if (r < 0) | |
1623 | log_warning_errno(r, "Failed to unmount '%s', ignoring: %m", mounted_dir); | |
1624 | else | |
1625 | loop_device_unrelinquish(d); /* Let's try to destroy the loopback device */ | |
1626 | ||
1627 | created_dir = TAKE_PTR(mounted_dir); | |
1628 | ||
1629 | if (rmdir(created_dir) < 0) | |
1630 | log_warning_errno(r, "Failed to remove directory '%s', ignoring: %m", created_dir); | |
1631 | ||
1632 | temp = TAKE_PTR(created_dir); | |
1633 | ||
1634 | return rcode; | |
1635 | } | |
1636 | ||
0305cf6e | 1637 | static int action_discover(void) { |
5d2a48da | 1638 | _cleanup_hashmap_free_ Hashmap *images = NULL; |
0305cf6e LP |
1639 | _cleanup_(table_unrefp) Table *t = NULL; |
1640 | Image *img; | |
1641 | int r; | |
1642 | ||
1643 | images = hashmap_new(&image_hash_ops); | |
1644 | if (!images) | |
1645 | return log_oom(); | |
1646 | ||
1647 | for (ImageClass cl = 0; cl < _IMAGE_CLASS_MAX; cl++) { | |
1648 | r = image_discover(cl, NULL, images); | |
1649 | if (r < 0) | |
1650 | return log_error_errno(r, "Failed to discover images: %m"); | |
1651 | } | |
1652 | ||
1653 | if ((arg_json_format_flags & JSON_FORMAT_OFF) && hashmap_isempty(images)) { | |
1654 | log_info("No images found."); | |
1655 | return 0; | |
1656 | } | |
1657 | ||
1658 | t = table_new("name", "type", "class", "ro", "path", "time", "usage"); | |
1659 | if (!t) | |
1660 | return log_oom(); | |
1661 | ||
8f488d46 | 1662 | table_set_align_percent(t, table_get_cell(t, 0, 6), 100); |
ba113008 | 1663 | table_set_ersatz_string(t, TABLE_ERSATZ_DASH); |
8f488d46 | 1664 | |
0305cf6e LP |
1665 | HASHMAP_FOREACH(img, images) { |
1666 | ||
1667 | if (!IN_SET(img->type, IMAGE_RAW, IMAGE_BLOCK)) | |
1668 | continue; | |
1669 | ||
1670 | r = table_add_many( | |
1671 | t, | |
1672 | TABLE_STRING, img->name, | |
1673 | TABLE_STRING, image_type_to_string(img->type), | |
1674 | TABLE_STRING, image_class_to_string(img->class), | |
1675 | TABLE_BOOLEAN, img->read_only, | |
1676 | TABLE_PATH, img->path, | |
1677 | TABLE_TIMESTAMP, img->mtime != 0 ? img->mtime : img->crtime, | |
1678 | TABLE_SIZE, img->usage); | |
1679 | if (r < 0) | |
1680 | return table_log_add_error(r); | |
1681 | } | |
1682 | ||
1683 | (void) table_set_sort(t, (size_t) 0); | |
1684 | ||
1685 | return table_print_with_pager(t, arg_json_format_flags, arg_pager_flags, arg_legend); | |
1686 | } | |
1687 | ||
07d6072e LP |
1688 | static int action_attach(DissectedImage *m, LoopDevice *d) { |
1689 | int r; | |
1690 | ||
1691 | assert(m); | |
1692 | assert(d); | |
1693 | ||
1694 | r = loop_device_set_autoclear(d, false); | |
1695 | if (r < 0) | |
1696 | return log_error_errno(r, "Failed to disable auto-clear logic on loopback device: %m"); | |
1697 | ||
1698 | r = dissected_image_relinquish(m); | |
1699 | if (r < 0) | |
1700 | return log_error_errno(r, "Failed to relinquish DM and loopback block devices: %m"); | |
1701 | ||
1702 | puts(d->node); | |
1703 | return 0; | |
1704 | } | |
1705 | ||
1706 | static int action_detach(const char *path) { | |
1707 | _cleanup_(loop_device_unrefp) LoopDevice *loop = NULL; | |
1708 | _cleanup_close_ int fd = -EBADF; | |
1709 | struct stat st; | |
1710 | int r; | |
1711 | ||
43108bf8 LB |
1712 | assert(path); |
1713 | ||
07d6072e LP |
1714 | fd = open(path, O_PATH|O_CLOEXEC); |
1715 | if (fd < 0) | |
1716 | return log_error_errno(errno, "Failed to open '%s': %m", path); | |
1717 | ||
1718 | if (fstat(fd, &st) < 0) | |
1719 | return log_error_errno(errno, "Failed to stat '%s': %m", path); | |
1720 | ||
1721 | if (S_ISBLK(st.st_mode)) { | |
1722 | r = loop_device_open_from_fd(fd, O_RDONLY, LOCK_EX, &loop); | |
1723 | if (r < 0) | |
1724 | return log_error_errno(r, "Failed to open '%s' as loopback block device: %m", path); | |
1725 | ||
1726 | } else if (S_ISREG(st.st_mode)) { | |
1727 | _cleanup_(sd_device_enumerator_unrefp) sd_device_enumerator *e = NULL; | |
07d6072e LP |
1728 | |
1729 | /* If a regular file is specified, search for a loopback block device that is backed by it */ | |
1730 | ||
1731 | r = sd_device_enumerator_new(&e); | |
1732 | if (r < 0) | |
1733 | return log_error_errno(r, "Failed to allocate enumerator: %m"); | |
1734 | ||
1735 | r = sd_device_enumerator_add_match_subsystem(e, "block", true); | |
1736 | if (r < 0) | |
1737 | return log_error_errno(r, "Failed to match block devices: %m"); | |
1738 | ||
1739 | r = sd_device_enumerator_add_match_sysname(e, "loop*"); | |
1740 | if (r < 0) | |
1741 | return log_error_errno(r, "Failed to match loopback block devices: %m"); | |
1742 | ||
1743 | (void) sd_device_enumerator_allow_uninitialized(e); | |
1744 | ||
1745 | FOREACH_DEVICE(e, d) { | |
1746 | _cleanup_(loop_device_unrefp) LoopDevice *entry_loop = NULL; | |
07d6072e | 1747 | |
fb53ee0a | 1748 | if (!device_is_devtype(d, "disk")) /* Filter out partition block devices */ |
07d6072e LP |
1749 | continue; |
1750 | ||
1751 | r = loop_device_open(d, O_RDONLY, LOCK_SH, &entry_loop); | |
1752 | if (r < 0) { | |
fb53ee0a | 1753 | log_device_warning_errno(d, r, "Failed to open loopback block device, skipping: %m"); |
07d6072e LP |
1754 | continue; |
1755 | } | |
1756 | ||
1757 | if (entry_loop->backing_devno == st.st_dev && entry_loop->backing_inode == st.st_ino) { | |
1758 | /* Found it! The kernel allows attaching a single file to multiple loopback | |
1759 | * devices. Let's destruct them in reverse order, i.e. find the last matching | |
1760 | * loopback device here, rather than the first. */ | |
1761 | ||
1762 | loop_device_unref(loop); | |
1763 | loop = TAKE_PTR(entry_loop); | |
1764 | } | |
1765 | } | |
1766 | ||
1767 | if (!loop) | |
1768 | return log_error_errno(SYNTHETIC_ERRNO(ENXIO), "No loopback block device backed by '%s' found.", path); | |
1769 | ||
1770 | r = loop_device_flock(loop, LOCK_EX); | |
1771 | if (r < 0) | |
1772 | return log_error_errno(r, "Failed to upgrade device lock: %m"); | |
1773 | } | |
1774 | ||
1775 | r = loop_device_set_autoclear(loop, true); | |
1776 | if (r < 0) | |
1777 | log_warning_errno(r, "Failed to enable autoclear logic on '%s', ignoring: %m", loop->node); | |
1778 | ||
1779 | loop_device_unrelinquish(loop); | |
1780 | return 0; | |
1781 | } | |
1782 | ||
dee4a623 LP |
1783 | static int action_validate(void) { |
1784 | int r; | |
1785 | ||
1786 | r = dissect_image_file_and_warn( | |
1787 | arg_image, | |
1788 | &arg_verity_settings, | |
1789 | NULL, | |
1790 | arg_image_policy, | |
1791 | arg_flags, | |
1792 | NULL); | |
1793 | if (r < 0) | |
1794 | return r; | |
1795 | ||
1796 | if (isatty(STDOUT_FILENO) && emoji_enabled()) | |
1797 | printf("%s ", special_glyph(SPECIAL_GLYPH_SPARKLES)); | |
1798 | ||
1799 | printf("%sOK%s", ansi_highlight_green(), ansi_normal()); | |
1800 | ||
1801 | if (isatty(STDOUT_FILENO) && emoji_enabled()) | |
1802 | printf(" %s", special_glyph(SPECIAL_GLYPH_SPARKLES)); | |
1803 | ||
1804 | putc('\n', stdout); | |
1805 | return 0; | |
1806 | } | |
1807 | ||
37e44c3f LP |
1808 | static int run(int argc, char *argv[]) { |
1809 | _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL; | |
1810 | _cleanup_(loop_device_unrefp) LoopDevice *d = NULL; | |
6c07d570 LP |
1811 | uint32_t loop_flags; |
1812 | int open_flags, r; | |
33973b84 | 1813 | |
5acb31a6 | 1814 | log_setup(); |
33973b84 | 1815 | |
a164d9d5 LP |
1816 | if (invoked_as(argv, "mount.ddi")) |
1817 | r = parse_argv_as_mount_helper(argc, argv); | |
1818 | else | |
1819 | r = parse_argv(argc, argv); | |
37e44c3f LP |
1820 | if (r <= 0) |
1821 | return r; | |
33973b84 | 1822 | |
d7688568 LP |
1823 | if (arg_image) { |
1824 | r = path_pick_update_warn( | |
1825 | &arg_image, | |
1826 | &pick_filter_image_raw, | |
1827 | PICK_ARCHITECTURE|PICK_TRIES, | |
1828 | /* ret_result= */ NULL); | |
1829 | if (r < 0) | |
1830 | return r; | |
1831 | } | |
1832 | ||
b7df8622 LP |
1833 | switch (arg_action) { |
1834 | case ACTION_UMOUNT: | |
ac1f1adf | 1835 | return action_umount(arg_path); |
b7df8622 LP |
1836 | |
1837 | case ACTION_DETACH: | |
07d6072e | 1838 | return action_detach(arg_image); |
b7df8622 LP |
1839 | |
1840 | case ACTION_DISCOVER: | |
0305cf6e | 1841 | return action_discover(); |
ac1f1adf | 1842 | |
b7df8622 LP |
1843 | default: |
1844 | /* All other actions need the image dissected */ | |
1845 | break; | |
1846 | } | |
1847 | ||
2292fa1e DDM |
1848 | if (arg_image) { |
1849 | r = verity_settings_load( | |
89e62e0b LP |
1850 | &arg_verity_settings, |
1851 | arg_image, NULL, NULL); | |
236d1fa2 | 1852 | if (r < 0) |
2292fa1e | 1853 | return log_error_errno(r, "Failed to read verity artifacts for %s: %m", arg_image); |
33973b84 | 1854 | |
2292fa1e DDM |
1855 | if (arg_verity_settings.data_path) |
1856 | arg_flags |= DISSECT_IMAGE_NO_PARTITION_TABLE; /* We only support Verity per file system, | |
1857 | * hence if there's external Verity data | |
1858 | * available we turn off partition table | |
1859 | * support */ | |
1860 | ||
1861 | if (arg_action == ACTION_VALIDATE) | |
1862 | return action_validate(); | |
1863 | ||
1864 | open_flags = FLAGS_SET(arg_flags, DISSECT_IMAGE_DEVICE_READ_ONLY) ? O_RDONLY : O_RDWR; | |
1865 | loop_flags = FLAGS_SET(arg_flags, DISSECT_IMAGE_NO_PARTITION_TABLE) ? 0 : LO_FLAGS_PARTSCAN; | |
1866 | if (arg_in_memory) | |
1867 | r = loop_device_make_by_path_memory(arg_image, open_flags, /* sector_size= */ UINT32_MAX, loop_flags, LOCK_SH, &d); | |
1868 | else | |
1869 | r = loop_device_make_by_path(arg_image, open_flags, /* sector_size= */ UINT32_MAX, loop_flags, LOCK_SH, &d); | |
1870 | if (r < 0) | |
1871 | return log_error_errno(r, "Failed to set up loopback device for %s: %m", arg_image); | |
07d6072e | 1872 | |
2292fa1e DDM |
1873 | if (arg_loop_ref) { |
1874 | r = loop_device_set_filename(d, arg_loop_ref); | |
1875 | if (r < 0) | |
1876 | log_warning_errno(r, "Failed to set loop reference string to '%s', ignoring: %m", arg_loop_ref); | |
1877 | } | |
88b3300f | 1878 | |
2292fa1e DDM |
1879 | r = dissect_loop_device_and_warn( |
1880 | d, | |
94abea2a | 1881 | &arg_verity_settings, |
2292fa1e DDM |
1882 | /* mount_options= */ NULL, |
1883 | arg_image_policy, | |
1884 | arg_flags, | |
1885 | &m); | |
94abea2a LP |
1886 | if (r < 0) |
1887 | return r; | |
2292fa1e DDM |
1888 | |
1889 | if (arg_action == ACTION_ATTACH) | |
1890 | return action_attach(m, d); | |
1891 | ||
1892 | r = dissected_image_load_verity_sig_partition( | |
1893 | m, | |
1894 | d->fd, | |
1895 | &arg_verity_settings); | |
1896 | if (r < 0) | |
1897 | return log_error_errno(r, "Failed to load verity signature partition: %m"); | |
1898 | ||
1899 | if (arg_action != ACTION_DISSECT) { | |
1900 | r = dissected_image_decrypt_interactively( | |
1901 | m, NULL, | |
1902 | &arg_verity_settings, | |
1903 | arg_flags); | |
1904 | if (r < 0) | |
1905 | return r; | |
1906 | } | |
94abea2a LP |
1907 | } |
1908 | ||
37e44c3f | 1909 | switch (arg_action) { |
33973b84 | 1910 | |
37e44c3f | 1911 | case ACTION_DISSECT: |
6f5ef9e4 | 1912 | return action_dissect(m, d); |
37e44c3f LP |
1913 | |
1914 | case ACTION_MOUNT: | |
6f5ef9e4 | 1915 | return action_mount(m, d); |
37e44c3f | 1916 | |
0cf16924 | 1917 | case ACTION_LIST: |
db02190e | 1918 | case ACTION_MTREE: |
37e44c3f LP |
1919 | case ACTION_COPY_FROM: |
1920 | case ACTION_COPY_TO: | |
6f5ef9e4 | 1921 | return action_list_or_mtree_or_copy(m, d); |
33973b84 | 1922 | |
06186c4c | 1923 | case ACTION_WITH: |
6f5ef9e4 | 1924 | return action_with(m, d); |
06186c4c | 1925 | |
a2ea3b2f | 1926 | default: |
04499a70 | 1927 | assert_not_reached(); |
a2ea3b2f | 1928 | } |
a2ea3b2f | 1929 | } |
149afb45 YW |
1930 | |
1931 | DEFINE_MAIN_FUNCTION(run); |