]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/import/pull-tar.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
import: ignore non-successful HTTP codes for collecing image metadata
[thirdparty/systemd.git] / src / import / pull-tar.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <curl/curl.h>
4 #include <sys/prctl.h>
5
6 #include "sd-daemon.h"
7
8 #include "alloc-util.h"
9 #include "btrfs-util.h"
10 #include "copy.h"
11 #include "curl-util.h"
12 #include "fd-util.h"
13 #include "fs-util.h"
14 #include "hostname-util.h"
15 #include "import-common.h"
16 #include "import-util.h"
17 #include "macro.h"
18 #include "mkdir.h"
19 #include "path-util.h"
20 #include "process-util.h"
21 #include "pull-common.h"
22 #include "pull-job.h"
23 #include "pull-tar.h"
24 #include "rm-rf.h"
25 #include "string-util.h"
26 #include "strv.h"
27 #include "tmpfile-util.h"
28 #include "utf8.h"
29 #include "util.h"
30 #include "web-util.h"
31
32 typedef enum TarProgress {
33 TAR_DOWNLOADING,
34 TAR_VERIFYING,
35 TAR_FINALIZING,
36 TAR_COPYING,
37 } TarProgress;
38
39 struct TarPull {
40 sd_event *event;
41 CurlGlue *glue;
42
43 char *image_root;
44
45 PullJob *tar_job;
46 PullJob *settings_job;
47 PullJob *checksum_job;
48 PullJob *signature_job;
49
50 TarPullFinished on_finished;
51 void *userdata;
52
53 char *local;
54 bool force_local;
55 bool settings;
56
57 pid_t tar_pid;
58
59 char *final_path;
60 char *temp_path;
61
62 char *settings_path;
63 char *settings_temp_path;
64
65 ImportVerify verify;
66 };
67
68 TarPull* tar_pull_unref(TarPull *i) {
69 if (!i)
70 return NULL;
71
72 if (i->tar_pid > 1) {
73 (void) kill_and_sigcont(i->tar_pid, SIGKILL);
74 (void) wait_for_terminate(i->tar_pid, NULL);
75 }
76
77 pull_job_unref(i->tar_job);
78 pull_job_unref(i->settings_job);
79 pull_job_unref(i->checksum_job);
80 pull_job_unref(i->signature_job);
81
82 curl_glue_unref(i->glue);
83 sd_event_unref(i->event);
84
85 if (i->temp_path) {
86 (void) rm_rf(i->temp_path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
87 free(i->temp_path);
88 }
89
90 if (i->settings_temp_path) {
91 (void) unlink(i->settings_temp_path);
92 free(i->settings_temp_path);
93 }
94
95 free(i->final_path);
96 free(i->settings_path);
97 free(i->image_root);
98 free(i->local);
99
100 return mfree(i);
101 }
102
103 int tar_pull_new(
104 TarPull **ret,
105 sd_event *event,
106 const char *image_root,
107 TarPullFinished on_finished,
108 void *userdata) {
109
110 _cleanup_(curl_glue_unrefp) CurlGlue *g = NULL;
111 _cleanup_(sd_event_unrefp) sd_event *e = NULL;
112 _cleanup_(tar_pull_unrefp) TarPull *i = NULL;
113 _cleanup_free_ char *root = NULL;
114 int r;
115
116 assert(ret);
117
118 root = strdup(image_root ?: "/var/lib/machines");
119 if (!root)
120 return -ENOMEM;
121
122 if (event)
123 e = sd_event_ref(event);
124 else {
125 r = sd_event_default(&e);
126 if (r < 0)
127 return r;
128 }
129
130 r = curl_glue_new(&g, e);
131 if (r < 0)
132 return r;
133
134 i = new(TarPull, 1);
135 if (!i)
136 return -ENOMEM;
137
138 *i = (TarPull) {
139 .on_finished = on_finished,
140 .userdata = userdata,
141 .image_root = TAKE_PTR(root),
142 .event = TAKE_PTR(e),
143 .glue = TAKE_PTR(g),
144 };
145
146 i->glue->on_finished = pull_job_curl_on_finished;
147 i->glue->userdata = i;
148
149 *ret = TAKE_PTR(i);
150
151 return 0;
152 }
153
154 static void tar_pull_report_progress(TarPull *i, TarProgress p) {
155 unsigned percent;
156
157 assert(i);
158
159 switch (p) {
160
161 case TAR_DOWNLOADING: {
162 unsigned remain = 85;
163
164 percent = 0;
165
166 if (i->settings_job) {
167 percent += i->settings_job->progress_percent * 5 / 100;
168 remain -= 5;
169 }
170
171 if (i->checksum_job) {
172 percent += i->checksum_job->progress_percent * 5 / 100;
173 remain -= 5;
174 }
175
176 if (i->signature_job) {
177 percent += i->signature_job->progress_percent * 5 / 100;
178 remain -= 5;
179 }
180
181 if (i->tar_job)
182 percent += i->tar_job->progress_percent * remain / 100;
183 break;
184 }
185
186 case TAR_VERIFYING:
187 percent = 85;
188 break;
189
190 case TAR_FINALIZING:
191 percent = 90;
192 break;
193
194 case TAR_COPYING:
195 percent = 95;
196 break;
197
198 default:
199 assert_not_reached("Unknown progress state");
200 }
201
202 sd_notifyf(false, "X_IMPORT_PROGRESS=%u", percent);
203 log_debug("Combined progress %u%%", percent);
204 }
205
206 static int tar_pull_determine_path(TarPull *i, const char *suffix, char **field) {
207 int r;
208
209 assert(i);
210 assert(field);
211
212 if (*field)
213 return 0;
214
215 assert(i->tar_job);
216
217 r = pull_make_path(i->tar_job->url, i->tar_job->etag, i->image_root, ".tar-", suffix, field);
218 if (r < 0)
219 return log_oom();
220
221 return 1;
222 }
223
224 static int tar_pull_make_local_copy(TarPull *i) {
225 int r;
226
227 assert(i);
228 assert(i->tar_job);
229
230 if (!i->local)
231 return 0;
232
233 r = pull_make_local_copy(i->final_path, i->image_root, i->local, i->force_local);
234 if (r < 0)
235 return r;
236
237 if (i->settings) {
238 const char *local_settings;
239 assert(i->settings_job);
240
241 r = tar_pull_determine_path(i, ".nspawn", &i->settings_path);
242 if (r < 0)
243 return r;
244
245 local_settings = strjoina(i->image_root, "/", i->local, ".nspawn");
246
247 r = copy_file_atomic(i->settings_path, local_settings, 0664, 0, 0, COPY_REFLINK | (i->force_local ? COPY_REPLACE : 0));
248 if (r == -EEXIST)
249 log_warning_errno(r, "Settings file %s already exists, not replacing.", local_settings);
250 else if (r == -ENOENT)
251 log_debug_errno(r, "Skipping creation of settings file, since none was found.");
252 else if (r < 0)
253 log_warning_errno(r, "Failed to copy settings files %s, ignoring: %m", local_settings);
254 else
255 log_info("Created new settings file %s.", local_settings);
256 }
257
258 return 0;
259 }
260
261 static bool tar_pull_is_done(TarPull *i) {
262 assert(i);
263 assert(i->tar_job);
264
265 if (!PULL_JOB_IS_COMPLETE(i->tar_job))
266 return false;
267 if (i->settings_job && !PULL_JOB_IS_COMPLETE(i->settings_job))
268 return false;
269 if (i->checksum_job && !PULL_JOB_IS_COMPLETE(i->checksum_job))
270 return false;
271 if (i->signature_job && !PULL_JOB_IS_COMPLETE(i->signature_job))
272 return false;
273
274 return true;
275 }
276
277 static void tar_pull_job_on_finished(PullJob *j) {
278 TarPull *i;
279 int r;
280
281 assert(j);
282 assert(j->userdata);
283
284 i = j->userdata;
285
286 if (j == i->settings_job) {
287 if (j->error != 0)
288 log_info_errno(j->error, "Settings file could not be retrieved, proceeding without.");
289 } else if (j->error != 0 && j != i->signature_job) {
290 if (j == i->checksum_job)
291 log_error_errno(j->error, "Failed to retrieve SHA256 checksum, cannot verify. (Try --verify=no?)");
292 else
293 log_error_errno(j->error, "Failed to retrieve image file. (Wrong URL?)");
294
295 r = j->error;
296 goto finish;
297 }
298
299 /* This is invoked if either the download completed successfully, or the download was skipped because
300 * we already have the etag. */
301
302 if (!tar_pull_is_done(i))
303 return;
304
305 if (i->signature_job && i->signature_job->error != 0) {
306 VerificationStyle style;
307
308 r = verification_style_from_url(i->checksum_job->url, &style);
309 if (r < 0) {
310 log_error_errno(r, "Failed to determine verification style from checksum URL: %m");
311 goto finish;
312 }
313
314 if (style == VERIFICATION_PER_DIRECTORY) { /* A failed signature file download only matters
315 * in per-directory verification mode, since only
316 * then the signature is detached, and thus a file
317 * of its own. */
318 log_error_errno(j->error, "Failed to retrieve signature file, cannot verify. (Try --verify=no?)");
319 r = i->signature_job->error;
320 goto finish;
321 }
322 }
323
324 i->tar_job->disk_fd = safe_close(i->tar_job->disk_fd);
325 if (i->settings_job)
326 i->settings_job->disk_fd = safe_close(i->settings_job->disk_fd);
327
328 r = tar_pull_determine_path(i, NULL, &i->final_path);
329 if (r < 0)
330 goto finish;
331
332 if (i->tar_pid > 0) {
333 r = wait_for_terminate_and_check("tar", i->tar_pid, WAIT_LOG);
334 i->tar_pid = 0;
335 if (r < 0)
336 goto finish;
337 if (r != EXIT_SUCCESS) {
338 r = -EIO;
339 goto finish;
340 }
341 }
342
343 if (!i->tar_job->etag_exists) {
344 /* This is a new download, verify it, and move it into place */
345
346 tar_pull_report_progress(i, TAR_VERIFYING);
347
348 r = pull_verify(i->tar_job, NULL, i->settings_job, i->checksum_job, i->signature_job);
349 if (r < 0)
350 goto finish;
351
352 tar_pull_report_progress(i, TAR_FINALIZING);
353
354 r = import_mangle_os_tree(i->temp_path);
355 if (r < 0)
356 goto finish;
357
358 r = import_make_read_only(i->temp_path);
359 if (r < 0)
360 goto finish;
361
362 r = rename_noreplace(AT_FDCWD, i->temp_path, AT_FDCWD, i->final_path);
363 if (r < 0) {
364 log_error_errno(r, "Failed to rename to final image name to %s: %m", i->final_path);
365 goto finish;
366 }
367
368 i->temp_path = mfree(i->temp_path);
369
370 if (i->settings_job &&
371 i->settings_job->error == 0) {
372
373 /* Also move the settings file into place, if it exists. Note that we do so only if we also
374 * moved the tar file in place, to keep things strictly in sync. */
375 assert(i->settings_temp_path);
376
377 /* Regenerate final name for this auxiliary file, we might know the etag of the file now, and
378 * we should incorporate it in the file name if we can */
379 i->settings_path = mfree(i->settings_path);
380
381 r = tar_pull_determine_path(i, ".nspawn", &i->settings_path);
382 if (r < 0)
383 goto finish;
384
385 r = import_make_read_only(i->settings_temp_path);
386 if (r < 0)
387 goto finish;
388
389 r = rename_noreplace(AT_FDCWD, i->settings_temp_path, AT_FDCWD, i->settings_path);
390 if (r < 0) {
391 log_error_errno(r, "Failed to rename settings file to %s: %m", i->settings_path);
392 goto finish;
393 }
394
395 i->settings_temp_path = mfree(i->settings_temp_path);
396 }
397 }
398
399 tar_pull_report_progress(i, TAR_COPYING);
400
401 r = tar_pull_make_local_copy(i);
402 if (r < 0)
403 goto finish;
404
405 r = 0;
406
407 finish:
408 if (i->on_finished)
409 i->on_finished(i, r, i->userdata);
410 else
411 sd_event_exit(i->event, r);
412 }
413
414 static int tar_pull_job_on_open_disk_tar(PullJob *j) {
415 TarPull *i;
416 int r;
417
418 assert(j);
419 assert(j->userdata);
420
421 i = j->userdata;
422 assert(i->tar_job == j);
423 assert(i->tar_pid <= 0);
424
425 if (!i->temp_path) {
426 r = tempfn_random_child(i->image_root, "tar", &i->temp_path);
427 if (r < 0)
428 return log_oom();
429 }
430
431 mkdir_parents_label(i->temp_path, 0700);
432
433 r = btrfs_subvol_make_fallback(i->temp_path, 0755);
434 if (r < 0)
435 return log_error_errno(r, "Failed to create directory/subvolume %s: %m", i->temp_path);
436 if (r > 0) /* actually btrfs subvol */
437 (void) import_assign_pool_quota_and_warn(i->temp_path);
438
439 j->disk_fd = import_fork_tar_x(i->temp_path, &i->tar_pid);
440 if (j->disk_fd < 0)
441 return j->disk_fd;
442
443 return 0;
444 }
445
446 static int tar_pull_job_on_open_disk_settings(PullJob *j) {
447 TarPull *i;
448 int r;
449
450 assert(j);
451 assert(j->userdata);
452
453 i = j->userdata;
454 assert(i->settings_job == j);
455
456 if (!i->settings_temp_path) {
457 r = tempfn_random_child(i->image_root, "settings", &i->settings_temp_path);
458 if (r < 0)
459 return log_oom();
460 }
461
462 mkdir_parents_label(i->settings_temp_path, 0700);
463
464 j->disk_fd = open(i->settings_temp_path, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0664);
465 if (j->disk_fd < 0)
466 return log_error_errno(errno, "Failed to create %s: %m", i->settings_temp_path);
467
468 return 0;
469 }
470
471 static void tar_pull_job_on_progress(PullJob *j) {
472 TarPull *i;
473
474 assert(j);
475 assert(j->userdata);
476
477 i = j->userdata;
478
479 tar_pull_report_progress(i, TAR_DOWNLOADING);
480 }
481
482 int tar_pull_start(
483 TarPull *i,
484 const char *url,
485 const char *local,
486 bool force_local,
487 ImportVerify verify,
488 bool settings) {
489
490 int r;
491
492 assert(i);
493 assert(verify < _IMPORT_VERIFY_MAX);
494 assert(verify >= 0);
495
496 if (!http_url_is_valid(url))
497 return -EINVAL;
498
499 if (local && !hostname_is_valid(local, 0))
500 return -EINVAL;
501
502 if (i->tar_job)
503 return -EBUSY;
504
505 r = free_and_strdup(&i->local, local);
506 if (r < 0)
507 return r;
508
509 i->force_local = force_local;
510 i->verify = verify;
511 i->settings = settings;
512
513 /* Set up download job for TAR file */
514 r = pull_job_new(&i->tar_job, url, i->glue, i);
515 if (r < 0)
516 return r;
517
518 i->tar_job->on_finished = tar_pull_job_on_finished;
519 i->tar_job->on_open_disk = tar_pull_job_on_open_disk_tar;
520 i->tar_job->on_progress = tar_pull_job_on_progress;
521 i->tar_job->calc_checksum = verify != IMPORT_VERIFY_NO;
522
523 r = pull_find_old_etags(url, i->image_root, DT_DIR, ".tar-", NULL, &i->tar_job->old_etags);
524 if (r < 0)
525 return r;
526
527 /* Set up download job for the settings file (.nspawn) */
528 if (settings) {
529 r = pull_make_auxiliary_job(&i->settings_job, url, tar_strip_suffixes, ".nspawn", i->glue, tar_pull_job_on_finished, i);
530 if (r < 0)
531 return r;
532
533 i->settings_job->on_open_disk = tar_pull_job_on_open_disk_settings;
534 i->settings_job->on_progress = tar_pull_job_on_progress;
535 i->settings_job->calc_checksum = verify != IMPORT_VERIFY_NO;
536 }
537
538 /* Set up download of checksum/signature files */
539 r = pull_make_verification_jobs(&i->checksum_job, &i->signature_job, verify, url, i->glue, tar_pull_job_on_finished, i);
540 if (r < 0)
541 return r;
542
543 r = pull_job_begin(i->tar_job);
544 if (r < 0)
545 return r;
546
547 if (i->settings_job) {
548 r = pull_job_begin(i->settings_job);
549 if (r < 0)
550 return r;
551 }
552
553 if (i->checksum_job) {
554 i->checksum_job->on_progress = tar_pull_job_on_progress;
555 i->checksum_job->on_not_found = pull_job_restart_with_sha256sum;
556
557 r = pull_job_begin(i->checksum_job);
558 if (r < 0)
559 return r;
560 }
561
562 if (i->signature_job) {
563 i->signature_job->on_progress = tar_pull_job_on_progress;
564
565 r = pull_job_begin(i->signature_job);
566 if (r < 0)
567 return r;
568 }
569
570 return 0;
571 }
Unnamed repository; edit this file 'description' to name the repository.