[thirdparty/systemd.git] / src / boot / bless-boot.c

/* SPDX-License-Identifier: LGPL-2.1+ */

#include <getopt.h>
#include <stdlib.h>

#include "alloc-util.h"
#include "bootspec.h"
#include "efivars.h"
#include "fd-util.h"
#include "fs-util.h"
#include "log.h"
#include "main-func.h"
#include "parse-util.h"
#include "path-util.h"
#include "util.h"
#include "verbs.h"
#include "virt.h"

static char *arg_path = NULL;

static int help(int argc, char *argv[], void *userdata) {

        printf("%s [COMMAND] [OPTIONS...]\n"
               "\n"
               "Mark the boot process as good or bad.\n\n"
               "  -h --help          Show this help\n"
               "     --version       Print version\n"
               "     --path=PATH     Path to the EFI System Partition (ESP)\n"
               "\n"
               "Commands:\n"
               "     good            Mark this boot as good\n"
               "     bad             Mark this boot as bad\n"
               "     indeterminate   Undo any marking as good or bad\n",
               program_invocation_short_name);

        return 0;
}

static int parse_argv(int argc, char *argv[]) {
        enum {
                ARG_PATH = 0x100,
                ARG_VERSION,
        };

        static const struct option options[] = {
                { "help",         no_argument,       NULL, 'h'              },
                { "version",      no_argument,       NULL, ARG_VERSION      },
                { "path",         required_argument, NULL, ARG_PATH         },
                {}
        };

        int c, r;

        assert(argc >= 0);
        assert(argv);

        while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
                switch (c) {

                case 'h':
                        help(0, NULL, NULL);
                        return 0;

                case ARG_VERSION:
                        return version();

                case ARG_PATH:
                        r = free_and_strdup(&arg_path, optarg);
                        if (r < 0)
                                return log_oom();
                        break;

                case '?':
                        return -EINVAL;

                default:
                        assert_not_reached("Unknown option");
                }

        return 1;
}

static int acquire_esp(void) {
        _cleanup_free_ char *np = NULL;
        int r;

        r = find_esp_and_warn(arg_path, false, &np, NULL, NULL, NULL, NULL);
        if (r == -ENOKEY) /* find_esp_and_warn() doesn't warn in this one error case, but in all others */
                return log_error_errno(r,
                                       "Couldn't find EFI system partition. It is recommended to mount it to /boot or /efi.\n"
                                       "Alternatively, use --path= to specify path to mount point.");
        if (r < 0)
                return r;

        free_and_replace(arg_path, np);
        log_debug("Using EFI System Partition at %s.", arg_path);

        return 0;
}

static int parse_counter(
                const char *path,
                const char **p,
                uint64_t *ret_left,
                uint64_t *ret_done) {

        uint64_t left, done;
        const char *z, *e;
        size_t k;
        int r;

        assert(path);
        assert(p);

        e = *p;
        assert(e);
        assert(*e == '+');

        e++;

        k = strspn(e, DIGITS);
        if (k == 0) {
                log_error("Can't parse empty 'tries left' counter from LoaderBootCountPath: %s", path);
                return -EINVAL;
        }

        z = strndupa(e, k);
        r = safe_atou64(z, &left);
        if (r < 0)
                return log_error_errno(r, "Failed to parse 'tries left' counter from LoaderBootCountPath: %s", path);

        e += k;

        if (*e == '-') {
                e++;

                k = strspn(e, DIGITS);
                if (k == 0) { /* If there's a "-" there also needs to be at least one digit */
                        log_error("Can't parse empty 'tries done' counter from LoaderBootCountPath: %s", path);
                        return -EINVAL;
                }

                z = strndupa(e, k);
                r = safe_atou64(z, &done);
                if (r < 0)
                        return log_error_errno(r, "Failed to parse 'tries done' counter from LoaderBootCountPath: %s", path);

                e += k;
        } else
                done = 0;

        if (done == 0)
                log_warning("The 'tries done' counter is currently at zero. This can't really be, after all we are running, and this boot must hence count as one. Proceeding anyway.");

        *p = e;

        if (ret_left)
                *ret_left = left;

        if (ret_done)
                *ret_done = done;

        return 0;
}

static int acquire_boot_count_path(
                char **ret_path,
                char **ret_prefix,
                uint64_t *ret_left,
                uint64_t *ret_done,
                char **ret_suffix) {

        _cleanup_free_ char *path = NULL, *prefix = NULL, *suffix = NULL;
        const char *last, *e;
        uint64_t left, done;
        int r;

        r = efi_get_variable_string(EFI_VENDOR_LOADER, "LoaderBootCountPath", &path);
        if (r == -ENOENT)
                return -EUNATCH; /* in this case, let the caller print a message */
        if (r < 0)
                return log_error_errno(r, "Failed to read LoaderBootCountPath EFI variable: %m");

        efi_tilt_backslashes(path);

        if (!path_is_normalized(path)) {
                log_error("Path read from LoaderBootCountPath is not normalized, refusing: %s", path);
                return -EINVAL;
        }

        if (!path_is_absolute(path)) {
                log_error("Path read from LoaderBootCountPath is not absolute, refusing: %s", path);
                return -EINVAL;
        }

        last = last_path_component(path);
        e = strrchr(last, '+');
        if (!e) {
                log_error("Path read from LoaderBootCountPath does not contain a counter, refusing: %s", path);
                return -EINVAL;
        }

        if (ret_prefix) {
                prefix = strndup(path, e - path);
                if (!prefix)
                        return log_oom();
        }

        r = parse_counter(path, &e, &left, &done);
        if (r < 0)
                return r;

        if (ret_suffix) {
                suffix = strdup(e);
                if (!suffix)
                        return log_oom();

                *ret_suffix = TAKE_PTR(suffix);
        }

        if (ret_path)
                *ret_path = TAKE_PTR(path);
        if (ret_prefix)
                *ret_prefix = TAKE_PTR(prefix);
        if (ret_left)
                *ret_left = left;
        if (ret_done)
                *ret_done = done;

        return 0;
}

static int make_good(const char *prefix, const char *suffix, char **ret) {
        _cleanup_free_ char *good = NULL;

        assert(prefix);
        assert(suffix);
        assert(ret);

        /* Generate the path we'd use on good boots. This one is easy. If we are successful, we simple drop the counter
         * pair entirely from the name. After all, we know all is good, and the logs will contain information about the
         * tries we needed to come here, hence it's safe to drop the counters from the name. */

        good = strjoin(prefix, suffix);
        if (!good)
                return -ENOMEM;

        *ret = TAKE_PTR(good);
        return 0;
}

static int make_bad(const char *prefix, uint64_t done, const char *suffix, char **ret) {
        _cleanup_free_ char *bad = NULL;

        assert(prefix);
        assert(suffix);
        assert(ret);

        /* Generate the path we'd use on bad boots. Let's simply set the 'left' counter to zero, and keep the 'done'
         * counter. The information might be interesting to boot loaders, after all. */

        if (done == 0) {
                bad = strjoin(prefix, "+0", suffix);
                if (!bad)
                        return -ENOMEM;
        } else {
                if (asprintf(&bad, "%s+0-%" PRIu64 "%s", prefix, done, suffix) < 0)
                        return -ENOMEM;
        }

        *ret = TAKE_PTR(bad);
        return 0;
}

static const char *skip_slash(const char *path) {
        assert(path);
        assert(path[0] == '/');

        return path + 1;
}

static int verb_status(int argc, char *argv[], void *userdata) {

        _cleanup_free_ char *path = NULL, *prefix = NULL, *suffix = NULL, *good = NULL, *bad = NULL;
        _cleanup_close_ int fd = -1;
        uint64_t left, done;
        int r;

        r = acquire_boot_count_path(&path, &prefix, &left, &done, &suffix);
        if (r == -EUNATCH) { /* No boot count in place, then let's consider this a "clean" boot, as "good", "bad" or "indeterminate" don't apply. */
                puts("clean");
                return 0;
        }
        if (r < 0)
                return r;

        r = acquire_esp();
        if (r < 0)
                return r;

        r = make_good(prefix, suffix, &good);
        if (r < 0)
                return log_oom();

        r = make_bad(prefix, done, suffix, &bad);
        if (r < 0)
                return log_oom();

        log_debug("Booted file: %s%s\n"
                  "The same modified for 'good': %s%s\n"
                  "The same modified for 'bad':  %s%s\n",
                  arg_path, path,
                  arg_path, good,
                  arg_path, bad);

        log_debug("Tries left: %" PRIu64"\n"
                  "Tries done: %" PRIu64"\n",
                  left, done);

        fd = open(arg_path, O_DIRECTORY|O_CLOEXEC|O_RDONLY);
        if (fd < 0)
                return log_error_errno(errno, "Failed to open ESP '%s': %m", arg_path);

        if (faccessat(fd, skip_slash(path), F_OK, 0) >= 0) {
                puts("indeterminate");
                return 0;
        }
        if (errno != ENOENT)
                return log_error_errno(errno, "Failed to check if '%s' exists: %m", path);

        if (faccessat(fd, skip_slash(good), F_OK, 0) >= 0) {
                puts("good");
                return 0;
        }
        if (errno != ENOENT)
                return log_error_errno(errno, "Failed to check if '%s' exists: %m", good);

        if (faccessat(fd, skip_slash(bad), F_OK, 0) >= 0) {
                puts("bad");
                return 0;
        }
        if (errno != ENOENT)
                return log_error_errno(errno, "Failed to check if '%s' exists: %m", bad);

        return log_error_errno(errno, "Couldn't determine boot state: %m");
}

static int verb_set(int argc, char *argv[], void *userdata) {
        _cleanup_free_ char *path = NULL, *prefix = NULL, *suffix = NULL, *good = NULL, *bad = NULL, *parent = NULL;
        const char *target, *source1, *source2;
        _cleanup_close_ int fd = -1;
        uint64_t done;
        int r;

        r = acquire_boot_count_path(&path, &prefix, NULL, &done, &suffix);
        if (r == -EUNATCH) /* acquire_boot_count_path() won't log on its own for this specific error */
                return log_error_errno(r, "Not booted with boot counting in effect.");
        if (r < 0)
                return r;

        r = acquire_esp();
        if (r < 0)
                return r;

        r = make_good(prefix, suffix, &good);
        if (r < 0)
                return log_oom();

        r = make_bad(prefix, done, suffix, &bad);
        if (r < 0)
                return log_oom();

        fd = open(arg_path, O_DIRECTORY|O_CLOEXEC|O_RDONLY);
        if (fd < 0)
                return log_error_errno(errno, "Failed to open ESP '%s': %m", arg_path);

        /* Figure out what rename to what */
        if (streq(argv[0], "good")) {
                target = good;
                source1 = path;
                source2 = bad;      /* Maybe this boot was previously marked as 'bad'? */
        } else if (streq(argv[0], "bad")) {
                target = bad;
                source1 = path;
                source2 = good;     /* Maybe this boot was previously marked as 'good'? */
        } else {
                assert(streq(argv[0], "indeterminate"));
                target = path;
                source1 = good;
                source2 = bad;
        }

        r = rename_noreplace(fd, skip_slash(source1), fd, skip_slash(target));
        if (r == -EEXIST)
                goto exists;
        else if (r == -ENOENT) {

                r = rename_noreplace(fd, skip_slash(source2), fd, skip_slash(target));
                if (r == -EEXIST)
                        goto exists;
                else if (r == -ENOENT) {

                        if (access(target, F_OK) >= 0) /* Hmm, if we can't find either source file, maybe the destination already exists? */
                                goto exists;

                        return log_error_errno(r, "Can't find boot counter source file for '%s': %m", target);
                } else if (r < 0)
                        return log_error_errno(r, "Failed to rename '%s' to '%s': %m", source2, target);
                else
                        log_debug("Successfully renamed '%s' to '%s'.", source2, target);

        } else if (r < 0)
                return log_error_errno(r, "Failed to rename '%s' to '%s': %m", source1, target);
        else
                log_debug("Successfully renamed '%s' to '%s'.", source1, target);

        /* First, fsync() the directory these files are located in */
        parent = dirname_malloc(path);
        if (!parent)
                return log_oom();

        r = fsync_path_at(fd, skip_slash(parent));
        if (r < 0)
                log_debug_errno(errno, "Failed to synchronize image directory, ignoring: %m");

        /* Secondly, syncfs() the whole file system these files are located in */
        if (syncfs(fd) < 0)
                log_debug_errno(errno, "Failed to synchronize ESP, ignoring: %m");

        log_info("Marked boot as '%s'. (Boot attempt counter is at %" PRIu64".)", argv[0], done);

        return 1;

exists:
        log_debug("Operation already executed before, not doing anything.");
        return 0;
}

int main(int argc, char *argv[]) {

        static const Verb verbs[] = {
                { "help",          VERB_ANY, VERB_ANY, 0,                 help        },
                { "status",        VERB_ANY, 1,        VERB_DEFAULT,      verb_status },
                { "good",          VERB_ANY, 1,        VERB_MUST_BE_ROOT, verb_set    },
                { "bad",           VERB_ANY, 1,        VERB_MUST_BE_ROOT, verb_set    },
                { "indeterminate", VERB_ANY, 1,        VERB_MUST_BE_ROOT, verb_set    },
                {}
        };

        int r;

        log_parse_environment();
        log_open();

        r = parse_argv(argc, argv);
        if (r <= 0)
                goto finish;

        if (detect_container() > 0) {
                log_error("Marking a boot is not supported in containers.");
                r = -EOPNOTSUPP;
                goto finish;
        }

        if (!is_efi_boot()) {
                log_error("Marking a boot is only supported on EFI systems.");
                r = -EOPNOTSUPP;
                goto finish;
        }

        r = dispatch_verb(argc, argv, verbs, NULL);

finish:
        free(arg_path);

        return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}
Commit	Line	Data
36695e88 LP	1	/* SPDX-License-Identifier: LGPL-2.1+ */
	2
	3	#include <getopt.h>
	4	#include <stdlib.h>
	5
	6	#include "alloc-util.h"
	7	#include "bootspec.h"
	8	#include "efivars.h"
	9	#include "fd-util.h"
	10	#include "fs-util.h"
	11	#include "log.h"
5e332028	12	#include "main-func.h"
36695e88 LP	13	#include "parse-util.h"
	14	#include "path-util.h"
	15	#include "util.h"
	16	#include "verbs.h"
	17	#include "virt.h"
	18
	19	static char *arg_path = NULL;
	20
	21	static int help(int argc, char argv[], void userdata) {
	22
	23	printf("%s [COMMAND] [OPTIONS...]\n"
	24	"\n"
	25	"Mark the boot process as good or bad.\n\n"
	26	" -h --help Show this help\n"
	27	" --version Print version\n"
	28	" --path=PATH Path to the EFI System Partition (ESP)\n"
	29	"\n"
	30	"Commands:\n"
	31	" good Mark this boot as good\n"
	32	" bad Mark this boot as bad\n"
	33	" indeterminate Undo any marking as good or bad\n",
	34	program_invocation_short_name);
	35
	36	return 0;
	37	}
	38
	39	static int parse_argv(int argc, char *argv[]) {
	40	enum {
	41	ARG_PATH = 0x100,
	42	ARG_VERSION,
	43	};
	44
	45	static const struct option options[] = {
	46	{ "help", no_argument, NULL, 'h' },
	47	{ "version", no_argument, NULL, ARG_VERSION },
	48	{ "path", required_argument, NULL, ARG_PATH },
	49	{}
	50	};
	51
	52	int c, r;
	53
	54	assert(argc >= 0);
	55	assert(argv);
	56
	57	while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
	58	switch (c) {
	59
	60	case 'h':
	61	help(0, NULL, NULL);
	62	return 0;
	63
	64	case ARG_VERSION:
	65	return version();
	66
	67	case ARG_PATH:
	68	r = free_and_strdup(&arg_path, optarg);
	69	if (r < 0)
	70	return log_oom();
	71	break;
	72
	73	case '?':
	74	return -EINVAL;
	75
	76	default:
77	assert_not_reached("Unknown option");
78	}
79
80	return 1;
81	}
82
83	static int acquire_esp(void) {
84	_cleanup_free_ char *np = NULL;
85	int r;
86
87	r = find_esp_and_warn(arg_path, false, &np, NULL, NULL, NULL, NULL);
88	if (r == -ENOKEY) /* find_esp_and_warn() doesn't warn in this one error case, but in all others */
89	return log_error_errno(r,
90	"Couldn't find EFI system partition. It is recommended to mount it to /boot or /efi.\n"
91	"Alternatively, use --path= to specify path to mount point.");
92	if (r < 0)
93	return r;
94
95	free_and_replace(arg_path, np);
96	log_debug("Using EFI System Partition at %s.", arg_path);
97
98	return 0;
99	}
100
101	static int parse_counter(
102	const char *path,
103	const char **p,
104	uint64_t *ret_left,
105	uint64_t *ret_done) {
106
107	uint64_t left, done;
108	const char z, e;
109	size_t k;
110	int r;
111
112	assert(path);
113	assert(p);
114
115	e = *p;
116	assert(e);
117	assert(*e == '+');
118
119	e++;
120
121	k = strspn(e, DIGITS);
122	if (k == 0) {
123	log_error("Can't parse empty 'tries left' counter from LoaderBootCountPath: %s", path);
124	return -EINVAL;
125	}
126
127	z = strndupa(e, k);
128	r = safe_atou64(z, &left);
129	if (r < 0)
130	return log_error_errno(r, "Failed to parse 'tries left' counter from LoaderBootCountPath: %s", path);
131
132	e += k;
133
134	if (*e == '-') {
135	e++;
136
137	k = strspn(e, DIGITS);
138	if (k == 0) { /* If there's a "-" there also needs to be at least one digit */
139	log_error("Can't parse empty 'tries done' counter from LoaderBootCountPath: %s", path);
140	return -EINVAL;
141	}
142
143	z = strndupa(e, k);
144	r = safe_atou64(z, &done);
145	if (r < 0)
146	return log_error_errno(r, "Failed to parse 'tries done' counter from LoaderBootCountPath: %s", path);
147
148	e += k;
149	} else
150	done = 0;
151
152	if (done == 0)
153	log_warning("The 'tries done' counter is currently at zero. This can't really be, after all we are running, and this boot must hence count as one. Proceeding anyway.");
154
155	*p = e;
156
157	if (ret_left)
158	*ret_left = left;
159
160	if (ret_done)
161	*ret_done = done;
162
163	return 0;
164	}
165
166	static int acquire_boot_count_path(
167	char **ret_path,
168	char **ret_prefix,
169	uint64_t *ret_left,
170	uint64_t *ret_done,
171	char **ret_suffix) {
172
173	_cleanup_free_ char path = NULL, prefix = NULL, *suffix = NULL;
174	const char last, e;
175	uint64_t left, done;
176	int r;
177
178	r = efi_get_variable_string(EFI_VENDOR_LOADER, "LoaderBootCountPath", &path);
179	if (r == -ENOENT)
180	return -EUNATCH; /* in this case, let the caller print a message */
181	if (r < 0)
182	return log_error_errno(r, "Failed to read LoaderBootCountPath EFI variable: %m");
183
184	efi_tilt_backslashes(path);
185
186	if (!path_is_normalized(path)) {
187	log_error("Path read from LoaderBootCountPath is not normalized, refusing: %s", path);
188	return -EINVAL;
189	}
190
191	if (!path_is_absolute(path)) {
192	log_error("Path read from LoaderBootCountPath is not absolute, refusing: %s", path);
193	return -EINVAL;
194	}
195
196	last = last_path_component(path);
197	e = strrchr(last, '+');
198	if (!e) {
199	log_error("Path read from LoaderBootCountPath does not contain a counter, refusing: %s", path);
200	return -EINVAL;
201	}
202
203	if (ret_prefix) {
204	prefix = strndup(path, e - path);
205	if (!prefix)
206	return log_oom();
207	}
208
209	r = parse_counter(path, &e, &left, &done);
210	if (r < 0)
211	return r;
212
213	if (ret_suffix) {
214	suffix = strdup(e);
215	if (!suffix)
216	return log_oom();
217
218	*ret_suffix = TAKE_PTR(suffix);
219	}
220
221	if (ret_path)
222	*ret_path = TAKE_PTR(path);
223	if (ret_prefix)
224	*ret_prefix = TAKE_PTR(prefix);
225	if (ret_left)
226	*ret_left = left;
227	if (ret_done)
228	*ret_done = done;
229
230	return 0;
231	}
232
233	static int make_good(const char prefix, const char suffix, char **ret) {
234	_cleanup_free_ char *good = NULL;
235
236	assert(prefix);
237	assert(suffix);
238	assert(ret);
239
240	/* Generate the path we'd use on good boots. This one is easy. If we are successful, we simple drop the counter
241	* pair entirely from the name. After all, we know all is good, and the logs will contain information about the
242	* tries we needed to come here, hence it's safe to drop the counters from the name. */
243
244	good = strjoin(prefix, suffix);
245	if (!good)
246	return -ENOMEM;
247
248	*ret = TAKE_PTR(good);
249	return 0;
250	}
251
252	static int make_bad(const char prefix, uint64_t done, const char suffix, char **ret) {
253	_cleanup_free_ char *bad = NULL;
254
255	assert(prefix);
256	assert(suffix);
257	assert(ret);
258
259	/* Generate the path we'd use on bad boots. Let's simply set the 'left' counter to zero, and keep the 'done'
260	* counter. The information might be interesting to boot loaders, after all. */
261
262	if (done == 0) {
263	bad = strjoin(prefix, "+0", suffix);
264	if (!bad)
265	return -ENOMEM;
266	} else {
267	if (asprintf(&bad, "%s+0-%" PRIu64 "%s", prefix, done, suffix) < 0)
268	return -ENOMEM;
269	}
270
271	*ret = TAKE_PTR(bad);
272	return 0;
273	}
274
275	static const char skip_slash(const char path) {
276	assert(path);
277	assert(path[0] == '/');
278
279	return path + 1;
280	}
281
282	static int verb_status(int argc, char argv[], void userdata) {
283
284	_cleanup_free_ char path = NULL, prefix = NULL, suffix = NULL, good = NULL, *bad = NULL;
285	_cleanup_close_ int fd = -1;
286	uint64_t left, done;
287	int r;
288
289	r = acquire_boot_count_path(&path, &prefix, &left, &done, &suffix);
290	if (r == -EUNATCH) { /* No boot count in place, then let's consider this a "clean" boot, as "good", "bad" or "indeterminate" don't apply. */
291	puts("clean");
292	return 0;
293	}
294	if (r < 0)
295	return r;
296
297	r = acquire_esp();
298	if (r < 0)
299	return r;
300
301	r = make_good(prefix, suffix, &good);
302	if (r < 0)
303	return log_oom();
304
305	r = make_bad(prefix, done, suffix, &bad);
306	if (r < 0)
307	return log_oom();
308
309	log_debug("Booted file: %s%s\n"
310	"The same modified for 'good': %s%s\n"
311	"The same modified for 'bad': %s%s\n",
312	arg_path, path,
313	arg_path, good,
314	arg_path, bad);
315
316	log_debug("Tries left: %" PRIu64"\n"
317	"Tries done: %" PRIu64"\n",
318	left, done);
319
320	fd = open(arg_path, O_DIRECTORY\|O_CLOEXEC\|O_RDONLY);
321	if (fd < 0)
322	return log_error_errno(errno, "Failed to open ESP '%s': %m", arg_path);
323
324	if (faccessat(fd, skip_slash(path), F_OK, 0) >= 0) {
325	puts("indeterminate");
326	return 0;
327	}
328	if (errno != ENOENT)
329	return log_error_errno(errno, "Failed to check if '%s' exists: %m", path);
330
331	if (faccessat(fd, skip_slash(good), F_OK, 0) >= 0) {
332	puts("good");
333	return 0;
334	}
335	if (errno != ENOENT)
336	return log_error_errno(errno, "Failed to check if '%s' exists: %m", good);
337
338	if (faccessat(fd, skip_slash(bad), F_OK, 0) >= 0) {
339	puts("bad");
340	return 0;
341	}
342	if (errno != ENOENT)
343	return log_error_errno(errno, "Failed to check if '%s' exists: %m", bad);
344
345	return log_error_errno(errno, "Couldn't determine boot state: %m");
346	}
347
348	static int verb_set(int argc, char argv[], void userdata) {
349	_cleanup_free_ char path = NULL, prefix = NULL, suffix = NULL, good = NULL, bad = NULL, parent = NULL;
350	const char target, source1, *source2;
351	_cleanup_close_ int fd = -1;
352	uint64_t done;
353	int r;
354
355	r = acquire_boot_count_path(&path, &prefix, NULL, &done, &suffix);
356	if (r == -EUNATCH) /* acquire_boot_count_path() won't log on its own for this specific error */
357	return log_error_errno(r, "Not booted with boot counting in effect.");
358	if (r < 0)
359	return r;
360
361	r = acquire_esp();
362	if (r < 0)
363	return r;
364
365	r = make_good(prefix, suffix, &good);
366	if (r < 0)
367	return log_oom();
368
369	r = make_bad(prefix, done, suffix, &bad);
370	if (r < 0)
371	return log_oom();
372
373	fd = open(arg_path, O_DIRECTORY\|O_CLOEXEC\|O_RDONLY);
374	if (fd < 0)
375	return log_error_errno(errno, "Failed to open ESP '%s': %m", arg_path);
376
377	/* Figure out what rename to what */
378	if (streq(argv[0], "good")) {
379	target = good;
380	source1 = path;
381	source2 = bad; /* Maybe this boot was previously marked as 'bad'? */
382	} else if (streq(argv[0], "bad")) {
383	target = bad;
384	source1 = path;
385	source2 = good; /* Maybe this boot was previously marked as 'good'? */
386	} else {
387	assert(streq(argv[0], "indeterminate"));
388	target = path;
389	source1 = good;
390	source2 = bad;
391	}
392
393	r = rename_noreplace(fd, skip_slash(source1), fd, skip_slash(target));
394	if (r == -EEXIST)
395	goto exists;
396	else if (r == -ENOENT) {
397
398	r = rename_noreplace(fd, skip_slash(source2), fd, skip_slash(target));
399	if (r == -EEXIST)
400	goto exists;
401	else if (r == -ENOENT) {
402
403	if (access(target, F_OK) >= 0) /* Hmm, if we can't find either source file, maybe the destination already exists? */
404	goto exists;
405
406	return log_error_errno(r, "Can't find boot counter source file for '%s': %m", target);
407	} else if (r < 0)
408	return log_error_errno(r, "Failed to rename '%s' to '%s': %m", source2, target);
409	else
410	log_debug("Successfully renamed '%s' to '%s'.", source2, target);
411
412	} else if (r < 0)
413	return log_error_errno(r, "Failed to rename '%s' to '%s': %m", source1, target);
414	else
415	log_debug("Successfully renamed '%s' to '%s'.", source1, target);
416
417	/* First, fsync() the directory these files are located in */
418	parent = dirname_malloc(path);
419	if (!parent)
420	return log_oom();
421
422	r = fsync_path_at(fd, skip_slash(parent));
423	if (r < 0)
424	log_debug_errno(errno, "Failed to synchronize image directory, ignoring: %m");
425
426	/* Secondly, syncfs() the whole file system these files are located in */
427	if (syncfs(fd) < 0)
428	log_debug_errno(errno, "Failed to synchronize ESP, ignoring: %m");
429
430	log_info("Marked boot as '%s'. (Boot attempt counter is at %" PRIu64".)", argv[0], done);
431
432	return 1;
433
434	exists:
435	log_debug("Operation already executed before, not doing anything.");
436	return 0;
437	}
438
439	int main(int argc, char *argv[]) {
440
441	static const Verb verbs[] = {
442	{ "help", VERB_ANY, VERB_ANY, 0, help },
443	{ "status", VERB_ANY, 1, VERB_DEFAULT, verb_status },
444	{ "good", VERB_ANY, 1, VERB_MUST_BE_ROOT, verb_set },
445	{ "bad", VERB_ANY, 1, VERB_MUST_BE_ROOT, verb_set },
446	{ "indeterminate", VERB_ANY, 1, VERB_MUST_BE_ROOT, verb_set },
447	{}
448	};
449
450	int r;
451
452	log_parse_environment();
453	log_open();
454
455	r = parse_argv(argc, argv);
456	if (r <= 0)
457	goto finish;
458
459	if (detect_container() > 0) {
460	log_error("Marking a boot is not supported in containers.");
461	r = -EOPNOTSUPP;
462	goto finish;
463	}
464
465	if (!is_efi_boot()) {
466	log_error("Marking a boot is only supported on EFI systems.");
467	r = -EOPNOTSUPP;
468	goto finish;
469	}
470
471	r = dispatch_verb(argc, argv, verbs, NULL);
472
473	finish:
474	free(arg_path);
475
476	return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
477	}