src/dissect/dissect.c

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2
   3 #include <fcntl.h>
   4 #include <getopt.h>
   5 #include <linux/loop.h>
   6 #include <stdio.h>
   7
   8 #include "architecture.h"
   9 #include "dissect-image.h"
  10 #include "hexdecoct.h"
  11 #include "log.h"
  12 #include "loop-util.h"
  13 #include "main-func.h"
  14 #include "parse-util.h"
  15 #include "path-util.h"
  16 #include "string-util.h"
  17 #include "strv.h"
  18 #include "user-util.h"
  19 #include "util.h"
  20
  21 static enum {
  22         ACTION_DISSECT,
  23         ACTION_MOUNT,
  24 } arg_action = ACTION_DISSECT;
  25 static const char *arg_image = NULL;
  26 static const char *arg_path = NULL;
  27 static DissectImageFlags arg_flags = DISSECT_IMAGE_REQUIRE_ROOT|DISSECT_IMAGE_DISCARD_ON_LOOP|DISSECT_IMAGE_RELAX_VAR_CHECK|DISSECT_IMAGE_FSCK;
  28 static void *arg_root_hash = NULL;
  29 static char *arg_verity_data = NULL;
  30 static size_t arg_root_hash_size = 0;
  31
  32 STATIC_DESTRUCTOR_REGISTER(arg_root_hash, freep);
  33 STATIC_DESTRUCTOR_REGISTER(arg_verity_data, freep);
  34
  35 static void help(void) {
  36         printf("%s [OPTIONS...] IMAGE\n"
  37                "%s [OPTIONS...] --mount IMAGE PATH\n"
  38                "Dissect a file system OS image.\n\n"
  39                "  -h --help               Show this help\n"
  40                "     --version            Show package version\n"
  41                "  -m --mount              Mount the image to the specified directory\n"
  42                "  -r --read-only          Mount read-only\n"
  43                "     --fsck=BOOL          Run fsck before mounting\n"
  44                "     --discard=MODE       Choose 'discard' mode (disabled, loop, all, crypto)\n"
  45                "     --root-hash=HASH     Specify root hash for verity\n"
  46                "     --verity-data=PATH   Specify data file with hash tree for verity if it is\n"
  47                "                          not embedded in IMAGE\n",
  48                program_invocation_short_name,
  49                program_invocation_short_name);
  50 }
  51
  52 static int parse_argv(int argc, char *argv[]) {
  53
  54         enum {
  55                 ARG_VERSION = 0x100,
  56                 ARG_DISCARD,
  57                 ARG_ROOT_HASH,
  58                 ARG_FSCK,
  59                 ARG_VERITY_DATA,
  60         };
  61
  62         static const struct option options[] = {
  63                 { "help",          no_argument,       NULL, 'h'              },
  64                 { "version",       no_argument,       NULL, ARG_VERSION      },
  65                 { "mount",         no_argument,       NULL, 'm'              },
  66                 { "read-only",     no_argument,       NULL, 'r'              },
  67                 { "discard",       required_argument, NULL, ARG_DISCARD      },
  68                 { "root-hash",     required_argument, NULL, ARG_ROOT_HASH    },
  69                 { "fsck",          required_argument, NULL, ARG_FSCK         },
  70                 { "verity-data",   required_argument, NULL, ARG_VERITY_DATA  },
  71                 {}
  72         };
  73
  74         int c, r;
  75
  76         assert(argc >= 0);
  77         assert(argv);
  78
  79         while ((c = getopt_long(argc, argv, "hmr", options, NULL)) >= 0) {
  80
  81                 switch (c) {
  82
  83                 case 'h':
  84                         help();
  85                         return 0;
  86
  87                 case ARG_VERSION:
  88                         return version();
  89
  90                 case 'm':
  91                         arg_action = ACTION_MOUNT;
  92                         break;
  93
  94                 case 'r':
  95                         arg_flags |= DISSECT_IMAGE_READ_ONLY;
  96                         break;
  97
  98                 case ARG_DISCARD: {
  99                         DissectImageFlags flags;
 100
 101                         if (streq(optarg, "disabled"))
 102                                 flags = 0;
 103                         else if (streq(optarg, "loop"))
 104                                 flags = DISSECT_IMAGE_DISCARD_ON_LOOP;
 105                         else if (streq(optarg, "all"))
 106                                 flags = DISSECT_IMAGE_DISCARD_ON_LOOP | DISSECT_IMAGE_DISCARD;
 107                         else if (streq(optarg, "crypt"))
 108                                 flags = DISSECT_IMAGE_DISCARD_ANY;
 109                         else
 110                                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
 111                                                        "Unknown --discard= parameter: %s",
 112                                                        optarg);
 113                         arg_flags = (arg_flags & ~DISSECT_IMAGE_DISCARD_ANY) | flags;
 114
 115                         break;
 116                 }
 117
 118                 case ARG_ROOT_HASH: {
 119                         void *p;
 120                         size_t l;
 121
 122                         r = unhexmem(optarg, strlen(optarg), &p, &l);
 123                         if (r < 0)
 124                                 return log_error_errno(r, "Failed to parse root hash '%s': %m", optarg);
 125                         if (l < sizeof(sd_id128_t)) {
 126                                 log_error("Root hash must be at least 128bit long: %s", optarg);
 127                                 free(p);
 128                                 return -EINVAL;
 129                         }
 130
 131                         free(arg_root_hash);
 132                         arg_root_hash = p;
 133                         arg_root_hash_size = l;
 134                         break;
 135                 }
 136
 137                 case ARG_VERITY_DATA:
 138                         r = parse_path_argument_and_warn(optarg, false, &arg_verity_data);
 139                         if (r < 0)
 140                                 return r;
 141                         break;
 142
 143                 case ARG_FSCK:
 144                         r = parse_boolean(optarg);
 145                         if (r < 0)
 146                                 return log_error_errno(r, "Failed to parse --fsck= parameter: %s", optarg);
 147
 148                         SET_FLAG(arg_flags, DISSECT_IMAGE_FSCK, r);
 149                         break;
 150
 151                 case '?':
 152                         return -EINVAL;
 153
 154                 default:
 155                         assert_not_reached("Unhandled option");
 156                 }
 157
 158         }
 159
 160         switch (arg_action) {
 161
 162         case ACTION_DISSECT:
 163                 if (optind + 1 != argc)
 164                         return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
 165                                                "Expected a file path as only argument.");
 166
 167                 arg_image = argv[optind];
 168                 arg_flags |= DISSECT_IMAGE_READ_ONLY;
 169                 break;
 170
 171         case ACTION_MOUNT:
 172                 if (optind + 2 != argc)
 173                         return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
 174                                                "Expected a file path and mount point path as only arguments.");
 175
 176                 arg_image = argv[optind];
 177                 arg_path = argv[optind + 1];
 178                 break;
 179
 180         default:
 181                 assert_not_reached("Unknown action.");
 182         }
 183
 184         return 1;
 185 }
 186
 187 static int run(int argc, char *argv[]) {
 188         _cleanup_(loop_device_unrefp) LoopDevice *d = NULL;
 189         _cleanup_(decrypted_image_unrefp) DecryptedImage *di = NULL;
 190         _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL;
 191         int r;
 192
 193         log_parse_environment();
 194         log_open();
 195
 196         r = parse_argv(argc, argv);
 197         if (r <= 0)
 198                 return r;
 199
 200         r = loop_device_make_by_path(arg_image, (arg_flags & DISSECT_IMAGE_READ_ONLY) ? O_RDONLY : O_RDWR, LO_FLAGS_PARTSCAN, &d);
 201         if (r < 0)
 202                 return log_error_errno(r, "Failed to set up loopback device: %m");
 203
 204         r = verity_metadata_load(arg_image, NULL, arg_root_hash ? NULL : &arg_root_hash, &arg_root_hash_size,
 205                            arg_verity_data ? NULL : &arg_verity_data);
 206         if (r < 0)
 207                 return log_error_errno(r, "Failed to read verity artefacts for %s: %m", arg_image);
 208         arg_flags |= arg_verity_data ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0;
 209
 210         r = dissect_image_and_warn(d->fd, arg_image, arg_root_hash, arg_root_hash_size, arg_verity_data, arg_flags, &m);
 211         if (r < 0)
 212                 return r;
 213
 214         switch (arg_action) {
 215
 216         case ACTION_DISSECT: {
 217                 unsigned i;
 218
 219                 for (i = 0; i < _PARTITION_DESIGNATOR_MAX; i++) {
 220                         DissectedPartition *p = m->partitions + i;
 221
 222                         if (!p->found)
 223                                 continue;
 224
 225                         printf("Found %s '%s' partition",
 226                                p->rw ? "writable" : "read-only",
 227                                partition_designator_to_string(i));
 228
 229                         if (!sd_id128_is_null(p->uuid))
 230                                 printf(" (UUID " SD_ID128_FORMAT_STR ")", SD_ID128_FORMAT_VAL(p->uuid));
 231
 232                         if (p->fstype)
 233                                 printf(" of type %s", p->fstype);
 234
 235                         if (p->architecture != _ARCHITECTURE_INVALID)
 236                                 printf(" for %s", architecture_to_string(p->architecture));
 237
 238                         if (dissected_image_can_do_verity(m, i))
 239                                 printf(" %s verity", dissected_image_has_verity(m, i) ? "with" : "without");
 240
 241                         if (p->partno >= 0)
 242                                 printf(" on partition #%i", p->partno);
 243
 244                         if (p->node)
 245                                 printf(" (%s)", p->node);
 246
 247                         putchar('\n');
 248                 }
 249
 250                 r = dissected_image_acquire_metadata(m);
 251                 if (r < 0)
 252                         return log_error_errno(r, "Failed to acquire image metadata: %m");
 253
 254                 if (m->hostname)
 255                         printf("  Hostname: %s\n", m->hostname);
 256
 257                 if (!sd_id128_is_null(m->machine_id))
 258                         printf("Machine ID: " SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(m->machine_id));
 259
 260                 if (!strv_isempty(m->machine_info)) {
 261                         char **p, **q;
 262
 263                         STRV_FOREACH_PAIR(p, q, m->machine_info)
 264                                 printf("%s %s=%s\n",
 265                                        p == m->machine_info ? "Mach. Info:" : "           ",
 266                                        *p, *q);
 267                 }
 268
 269                 if (!strv_isempty(m->os_release)) {
 270                         char **p, **q;
 271
 272                         STRV_FOREACH_PAIR(p, q, m->os_release)
 273                                 printf("%s %s=%s\n",
 274                                        p == m->os_release ? "OS Release:" : "           ",
 275                                        *p, *q);
 276                 }
 277
 278                 break;
 279         }
 280
 281         case ACTION_MOUNT:
 282                 r = dissected_image_decrypt_interactively(m, NULL, arg_root_hash, arg_root_hash_size, arg_verity_data, arg_flags, &di);
 283                 if (r < 0)
 284                         return r;
 285
 286                 r = dissected_image_mount(m, arg_path, UID_INVALID, arg_flags);
 287                 if (r == -EUCLEAN)
 288                         return log_error_errno(r, "File system check on image failed: %m");
 289                 if (r < 0)
 290                         return log_error_errno(r, "Failed to mount image: %m");
 291
 292                 if (di) {
 293                         r = decrypted_image_relinquish(di);
 294                         if (r < 0)
 295                                 return log_error_errno(r, "Failed to relinquish DM devices: %m");
 296                 }
 297
 298                 loop_device_relinquish(d);
 299                 break;
 300
 301         default:
 302                 assert_not_reached("Unknown action.");
 303         }
 304
 305         return 0;
 306 }
 307
 308 DEFINE_MAIN_FUNCTION(run);