[thirdparty/systemd.git] / src / dissect / dissect.c

/* SPDX-License-Identifier: LGPL-2.1+ */

#include <fcntl.h>
#include <getopt.h>
#include <linux/loop.h>
#include <stdio.h>

#include "architecture.h"
#include "copy.h"
#include "dissect-image.h"
#include "fd-util.h"
#include "fs-util.h"
#include "hexdecoct.h"
#include "log.h"
#include "loop-util.h"
#include "main-func.h"
#include "mkdir.h"
#include "mount-util.h"
#include "namespace-util.h"
#include "parse-util.h"
#include "path-util.h"
#include "pretty-print.h"
#include "stat-util.h"
#include "string-util.h"
#include "strv.h"
#include "terminal-util.h"
#include "tmpfile-util.h"
#include "user-util.h"
#include "util.h"

static enum {
        ACTION_DISSECT,
        ACTION_MOUNT,
        ACTION_COPY_FROM,
        ACTION_COPY_TO,
} arg_action = ACTION_DISSECT;
static const char *arg_image = NULL;
static const char *arg_path = NULL;
static const char *arg_source = NULL;
static const char *arg_target = NULL;
static DissectImageFlags arg_flags = DISSECT_IMAGE_REQUIRE_ROOT|DISSECT_IMAGE_DISCARD_ON_LOOP|DISSECT_IMAGE_RELAX_VAR_CHECK|DISSECT_IMAGE_FSCK;
static void *arg_root_hash = NULL;
static char *arg_verity_data = NULL;
static size_t arg_root_hash_size = 0;
static char *arg_root_hash_sig_path = NULL;
static void *arg_root_hash_sig = NULL;
static size_t arg_root_hash_sig_size = 0;

STATIC_DESTRUCTOR_REGISTER(arg_root_hash, freep);
STATIC_DESTRUCTOR_REGISTER(arg_verity_data, freep);
STATIC_DESTRUCTOR_REGISTER(arg_root_hash_sig_path, freep);
STATIC_DESTRUCTOR_REGISTER(arg_root_hash_sig, freep);

static int help(void) {
        _cleanup_free_ char *link = NULL;
        int r;

        r = terminal_urlify_man("systemd-dissect", "1", &link);
        if (r < 0)
                return log_oom();

        printf("%1$s [OPTIONS...] IMAGE\n"
               "%1$s [OPTIONS...] --mount IMAGE PATH\n"
               "%1$s [OPTIONS...] --copy-from IMAGE PATH [TARGET]\n"
               "%1$s [OPTIONS...] --copy-to IMAGE [SOURCE] PATH\n\n"
               "%5$sDissect a file system OS image.%6$s\n\n"
               "%3$sOptions:%4$s\n"
               "  -r --read-only          Mount read-only\n"
               "     --fsck=BOOL          Run fsck before mounting\n"
               "     --mkdir              Make mount directory before mounting, if missing\n"
               "     --discard=MODE       Choose 'discard' mode (disabled, loop, all, crypto)\n"
               "     --root-hash=HASH     Specify root hash for verity\n"
               "     --root-hash-sig=SIG  Specify pkcs7 signature of root hash for verity\n"
               "                          as a DER encoded PKCS7, either as a path to a file\n"
               "                          or as an ASCII base64 encoded string prefixed by\n"
               "                          'base64:'\n"
               "     --verity-data=PATH   Specify data file with hash tree for verity if it is\n"
               "                          not embedded in IMAGE\n"
               "\n%3$sCommands:%4$s\n"
               "  -h --help               Show this help\n"
               "     --version            Show package version\n"
               "  -m --mount              Mount the image to the specified directory\n"
               "  -M                      Shortcut for --mount --mkdir\n"
               "  -x --copy-from          Copy files from image to host\n"
               "  -a --copy-to            Copy files from host to image\n"
               "\nSee the %2$s for details.\n"
               , program_invocation_short_name
               , link
               , ansi_underline(), ansi_normal()
               , ansi_highlight(), ansi_normal());

        return 0;
}

static int parse_argv(int argc, char *argv[]) {

        enum {
                ARG_VERSION = 0x100,
                ARG_DISCARD,
                ARG_ROOT_HASH,
                ARG_FSCK,
                ARG_VERITY_DATA,
                ARG_ROOT_HASH_SIG,
                ARG_MKDIR,
        };

        static const struct option options[] = {
                { "help",          no_argument,       NULL, 'h'               },
                { "version",       no_argument,       NULL, ARG_VERSION       },
                { "mount",         no_argument,       NULL, 'm'               },
                { "read-only",     no_argument,       NULL, 'r'               },
                { "discard",       required_argument, NULL, ARG_DISCARD       },
                { "root-hash",     required_argument, NULL, ARG_ROOT_HASH     },
                { "fsck",          required_argument, NULL, ARG_FSCK          },
                { "verity-data",   required_argument, NULL, ARG_VERITY_DATA   },
                { "root-hash-sig", required_argument, NULL, ARG_ROOT_HASH_SIG },
                { "mkdir",         no_argument,       NULL, ARG_MKDIR         },
                { "copy-from",     no_argument,       NULL, 'x'               },
                { "copy-to",       no_argument,       NULL, 'a'               },
                {}
        };

        int c, r;

        assert(argc >= 0);
        assert(argv);

        while ((c = getopt_long(argc, argv, "hmrMxa", options, NULL)) >= 0) {

                switch (c) {

                case 'h':
                        return help();

                case ARG_VERSION:
                        return version();

                case 'm':
                        arg_action = ACTION_MOUNT;
                        break;

                case ARG_MKDIR:
                        arg_flags |= DISSECT_IMAGE_MKDIR;
                        break;

                case 'M':
                        /* Shortcut combination of the above two */
                        arg_action = ACTION_MOUNT;
                        arg_flags |= DISSECT_IMAGE_MKDIR;
                        break;

                case 'x':
                        arg_action = ACTION_COPY_FROM;
                        arg_flags |= DISSECT_IMAGE_READ_ONLY;
                        break;

                case 'a':
                        arg_action = ACTION_COPY_TO;
                        break;

                case 'r':
                        arg_flags |= DISSECT_IMAGE_READ_ONLY;
                        break;

                case ARG_DISCARD: {
                        DissectImageFlags flags;

                        if (streq(optarg, "disabled"))
                                flags = 0;
                        else if (streq(optarg, "loop"))
                                flags = DISSECT_IMAGE_DISCARD_ON_LOOP;
                        else if (streq(optarg, "all"))
                                flags = DISSECT_IMAGE_DISCARD_ON_LOOP | DISSECT_IMAGE_DISCARD;
                        else if (streq(optarg, "crypt"))
                                flags = DISSECT_IMAGE_DISCARD_ANY;
                        else if (streq(optarg, "list")) {
                                puts("disabled\n"
                                     "all\n"
                                     "crypt\n"
                                     "loop");
                                return 0;
                        } else
                                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                                       "Unknown --discard= parameter: %s",
                                                       optarg);
                        arg_flags = (arg_flags & ~DISSECT_IMAGE_DISCARD_ANY) | flags;

                        break;
                }

                case ARG_ROOT_HASH: {
                        void *p;
                        size_t l;

                        r = unhexmem(optarg, strlen(optarg), &p, &l);
                        if (r < 0)
                                return log_error_errno(r, "Failed to parse root hash '%s': %m", optarg);
                        if (l < sizeof(sd_id128_t)) {
                                log_error("Root hash must be at least 128bit long: %s", optarg);
                                free(p);
                                return -EINVAL;
                        }

                        free(arg_root_hash);
                        arg_root_hash = p;
                        arg_root_hash_size = l;
                        break;
                }

                case ARG_VERITY_DATA:
                        r = parse_path_argument_and_warn(optarg, false, &arg_verity_data);
                        if (r < 0)
                                return r;
                        break;

                case ARG_ROOT_HASH_SIG: {
                        char *value;

                        if ((value = startswith(optarg, "base64:"))) {
                                void *p;
                                size_t l;

                                r = unbase64mem(value, strlen(value), &p, &l);
                                if (r < 0)
                                        return log_error_errno(r, "Failed to parse root hash signature '%s': %m", optarg);

                                free_and_replace(arg_root_hash_sig, p);
                                arg_root_hash_sig_size = l;
                                arg_root_hash_sig_path = mfree(arg_root_hash_sig_path);
                        } else {
                                r = parse_path_argument_and_warn(optarg, false, &arg_root_hash_sig_path);
                                if (r < 0)
                                        return r;
                                arg_root_hash_sig = mfree(arg_root_hash_sig);
                                arg_root_hash_sig_size = 0;
                        }

                        break;
                }

                case ARG_FSCK:
                        r = parse_boolean(optarg);
                        if (r < 0)
                                return log_error_errno(r, "Failed to parse --fsck= parameter: %s", optarg);

                        SET_FLAG(arg_flags, DISSECT_IMAGE_FSCK, r);
                        break;

                case '?':
                        return -EINVAL;

                default:
                        assert_not_reached("Unhandled option");
                }

        }

        switch (arg_action) {

        case ACTION_DISSECT:
                if (optind + 1 != argc)
                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                               "Expected an image file path as only argument.");

                arg_image = argv[optind];
                arg_flags |= DISSECT_IMAGE_READ_ONLY;
                break;

        case ACTION_MOUNT:
                if (optind + 2 != argc)
                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                               "Expected an image file path and mount point path as only arguments.");

                arg_image = argv[optind];
                arg_path = argv[optind + 1];
                break;

        case ACTION_COPY_FROM:
                if (argc < optind + 2 || argc > optind + 3)
                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                               "Expected an image file path, a source path and an optional destination path as only arguments.");

                arg_image = argv[optind];
                arg_source = argv[optind + 1];
                arg_target = argc > optind + 2 ? argv[optind + 2] : "-" /* this means stdout */ ;

                arg_flags |= DISSECT_IMAGE_READ_ONLY;
                break;

        case ACTION_COPY_TO:
                if (argc < optind + 2 || argc > optind + 3)
                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                               "Expected an image file path, an optional source path and a destination path as only arguments.");

                arg_image = argv[optind];

                if (argc > optind + 2) {
                        arg_source = argv[optind + 1];
                        arg_target = argv[optind + 2];
                } else {
                        arg_source = "-"; /* this means stdin */
                        arg_target = argv[optind + 1];
                }

                break;

        default:
                assert_not_reached("Unknown action.");
        }

        return 1;
}

static int run(int argc, char *argv[]) {
        _cleanup_(loop_device_unrefp) LoopDevice *d = NULL;
        _cleanup_(decrypted_image_unrefp) DecryptedImage *di = NULL;
        _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL;
        int r;

        log_parse_environment();
        log_open();

        r = parse_argv(argc, argv);
        if (r <= 0)
                return r;

        r = loop_device_make_by_path(arg_image, (arg_flags & DISSECT_IMAGE_READ_ONLY) ? O_RDONLY : O_RDWR, LO_FLAGS_PARTSCAN, &d);
        if (r < 0)
                return log_error_errno(r, "Failed to set up loopback device: %m");

        r = verity_metadata_load(arg_image, NULL, arg_root_hash ? NULL : &arg_root_hash, &arg_root_hash_size,
                           arg_verity_data ? NULL : &arg_verity_data,
                           arg_root_hash_sig_path || arg_root_hash_sig ? NULL : &arg_root_hash_sig_path);
        if (r < 0)
                return log_error_errno(r, "Failed to read verity artefacts for %s: %m", arg_image);
        arg_flags |= arg_verity_data ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0;

        r = dissect_image_and_warn(d->fd, arg_image, arg_root_hash, arg_root_hash_size, arg_verity_data, NULL, arg_flags, &m);
        if (r < 0)
                return r;

        switch (arg_action) {

        case ACTION_DISSECT: {
                unsigned i;

                for (i = 0; i < _PARTITION_DESIGNATOR_MAX; i++) {
                        DissectedPartition *p = m->partitions + i;

                        if (!p->found)
                                continue;

                        printf("Found %s '%s' partition",
                               p->rw ? "writable" : "read-only",
                               partition_designator_to_string(i));

                        if (!sd_id128_is_null(p->uuid))
                                printf(" (UUID " SD_ID128_FORMAT_STR ")", SD_ID128_FORMAT_VAL(p->uuid));

                        if (p->fstype)
                                printf(" of type %s", p->fstype);

                        if (p->architecture != _ARCHITECTURE_INVALID)
                                printf(" for %s", architecture_to_string(p->architecture));

                        if (dissected_image_can_do_verity(m, i))
                                printf(" %s verity", dissected_image_has_verity(m, i) ? "with" : "without");

                        if (p->partno >= 0)
                                printf(" on partition #%i", p->partno);

                        if (p->node)
                                printf(" (%s)", p->node);

                        putchar('\n');
                }

                r = dissected_image_acquire_metadata(m);
                if (r < 0)
                        return log_error_errno(r, "Failed to acquire image metadata: %m");

                if (m->hostname)
                        printf("  Hostname: %s\n", m->hostname);

                if (!sd_id128_is_null(m->machine_id))
                        printf("Machine ID: " SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(m->machine_id));

                if (!strv_isempty(m->machine_info)) {
                        char **p, **q;

                        STRV_FOREACH_PAIR(p, q, m->machine_info)
                                printf("%s %s=%s\n",
                                       p == m->machine_info ? "Mach. Info:" : "           ",
                                       *p, *q);
                }

                if (!strv_isempty(m->os_release)) {
                        char **p, **q;

                        STRV_FOREACH_PAIR(p, q, m->os_release)
                                printf("%s %s=%s\n",
                                       p == m->os_release ? "OS Release:" : "           ",
                                       *p, *q);
                }

                break;
        }

        case ACTION_MOUNT:
                r = dissected_image_decrypt_interactively(
                                m, NULL,
                                arg_root_hash, arg_root_hash_size,
                                arg_verity_data,
                                arg_root_hash_sig_path, arg_root_hash_sig, arg_root_hash_sig_size,
                                arg_flags,
                                &di);
                if (r < 0)
                        return r;

                r = dissected_image_mount(m, arg_path, UID_INVALID, arg_flags);
                if (r == -EUCLEAN)
                        return log_error_errno(r, "File system check on image failed: %m");
                if (r < 0)
                        return log_error_errno(r, "Failed to mount image: %m");

                if (di) {
                        r = decrypted_image_relinquish(di);
                        if (r < 0)
                                return log_error_errno(r, "Failed to relinquish DM devices: %m");
                }

                loop_device_relinquish(d);
                break;

        case ACTION_COPY_FROM:
        case ACTION_COPY_TO: {
                _cleanup_(umount_and_rmdir_and_freep) char *mounted_dir = NULL;
                _cleanup_(rmdir_and_freep) char *created_dir = NULL;
                _cleanup_free_ char *temp = NULL;

                r = dissected_image_decrypt_interactively(
                                m, NULL,
                                arg_root_hash, arg_root_hash_size,
                                arg_verity_data,
                                arg_root_hash_sig_path, arg_root_hash_sig, arg_root_hash_sig_size,
                                arg_flags,
                                &di);
                if (r < 0)
                        return r;

                r = detach_mount_namespace();
                if (r < 0)
                        return log_error_errno(r, "Failed to detach mount namespace: %m");

                r = tempfn_random_child(NULL, program_invocation_short_name, &temp);
                if (r < 0)
                        return log_error_errno(r, "Failed to generate temporary mount directory: %m");

                r = mkdir_p(temp, 0700);
                if (r < 0)
                        return log_error_errno(r, "Failed to create mount point: %m");

                created_dir = TAKE_PTR(temp);

                r = dissected_image_mount(m, created_dir, UID_INVALID, arg_flags);
                if (r == -EUCLEAN)
                        return log_error_errno(r, "File system check on image failed: %m");
                if (r < 0)
                        return log_error_errno(r, "Failed to mount image: %m");

                mounted_dir = TAKE_PTR(created_dir);

                if (di) {
                        r = decrypted_image_relinquish(di);
                        if (r < 0)
                                return log_error_errno(r, "Failed to relinquish DM devices: %m");
                }

                loop_device_relinquish(d);

                if (arg_action == ACTION_COPY_FROM) {
                        _cleanup_close_ int source_fd = -1, target_fd = -1;

                        source_fd = chase_symlinks_and_open(arg_source, mounted_dir, CHASE_PREFIX_ROOT|CHASE_WARN, O_RDONLY|O_CLOEXEC|O_NOCTTY, NULL);
                        if (source_fd < 0)
                                return log_error_errno(source_fd, "Failed to open source path '%s' in image '%s': %m", arg_source, arg_image);

                        /* Copying to stdout? */
                        if (streq(arg_target, "-")) {
                                r = copy_bytes(source_fd, STDOUT_FILENO, (uint64_t) -1, COPY_REFLINK);
                                if (r < 0)
                                        return log_error_errno(r, "Failed to copy bytes from %s in mage '%s' to stdout: %m", arg_source, arg_image);

                                /* When we copy to stdou we don't copy any attributes (i.e. no access mode, no ownership, no xattr, no times) */
                                break;
                        }

                        /* Try to copy as directory? */
                        r = copy_directory_fd(source_fd, arg_target, COPY_REFLINK|COPY_MERGE_EMPTY|COPY_SIGINT);
                        if (r >= 0)
                                break;
                        if (r != -ENOTDIR)
                                return log_error_errno(r, "Failed to copy %s in image '%s' to '%s': %m", arg_source, arg_image, arg_target);

                        r = fd_verify_regular(source_fd);
                        if (r == -EISDIR)
                                return log_error_errno(r, "Target '%s' exists already and is not a directory.", arg_target);
                        if (r < 0)
                                return log_error_errno(r, "Source path %s in image '%s' is neither regular file nor directory, refusing: %m", arg_source, arg_image);

                        /* Nah, it's a plain file! */
                        target_fd = open(arg_target, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0600);
                        if (target_fd < 0)
                                return log_error_errno(errno, "Failed to create regular file at target path '%s': %m", arg_target);

                        r = copy_bytes(source_fd, target_fd, (uint64_t) -1, COPY_REFLINK);
                        if (r < 0)
                                return log_error_errno(r, "Failed to copy bytes from %s in mage '%s' to '%s': %m", arg_source, arg_image, arg_target);

                        (void) copy_xattr(source_fd, target_fd);
                        (void) copy_access(source_fd, target_fd);
                        (void) copy_times(source_fd, target_fd, 0);

                        /* When this is a regular file we don't copy ownership! */

                } else {
                        _cleanup_close_ int source_fd = -1, target_fd = -1;
                        _cleanup_close_ int dfd = -1;
                        _cleanup_free_ char *dn = NULL;

                        assert(arg_action == ACTION_COPY_TO);

                        dn = dirname_malloc(arg_target);
                        if (!dn)
                                return log_oom();

                        r = chase_symlinks(dn, mounted_dir, CHASE_PREFIX_ROOT|CHASE_WARN, NULL, &dfd);
                        if (r < 0)
                                return log_error_errno(r, "Failed to open '%s': %m", dn);

                        /* Are we reading from stdin? */
                        if (streq(arg_source, "-")) {
                                target_fd = openat(dfd, basename(arg_target), O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_EXCL, 0644);
                                if (target_fd < 0)
                                        return log_error_errno(errno, "Failed to open target file '%s': %m", arg_target);

                                r = copy_bytes(STDIN_FILENO, target_fd, (uint64_t) -1, COPY_REFLINK);
                                if (r < 0)
                                        return log_error_errno(r, "Failed to copy bytes from stdin to '%s' in image '%s': %m", arg_target, arg_image);

                                /* When we copy from stdin we don't copy any attributes (i.e. no access mode, no ownership, no xattr, no times) */
                                break;
                        }

                        source_fd = open(arg_source, O_RDONLY|O_CLOEXEC|O_NOCTTY);
                        if (source_fd < 0)
                                return log_error_errno(source_fd, "Failed to open source path '%s': %m", arg_source);

                        r = fd_verify_regular(source_fd);
                        if (r < 0) {
                                if (r != -EISDIR)
                                        return log_error_errno(r, "Source '%s' is neither regular file nor directory: %m", arg_source);

                                /* We are looking at a directory. */

                                target_fd = openat(dfd, basename(arg_target), O_RDONLY|O_DIRECTORY|O_CLOEXEC);
                                if (target_fd < 0) {
                                        if (errno != ENOENT)
                                                return log_error_errno(errno, "Failed to open destination '%s': %m", arg_target);

                                        r = copy_tree_at(source_fd, ".", dfd, basename(arg_target), UID_INVALID, GID_INVALID, COPY_REFLINK|COPY_REPLACE|COPY_SIGINT);
                                } else
                                        r = copy_tree_at(source_fd, ".", target_fd, ".", UID_INVALID, GID_INVALID, COPY_REFLINK|COPY_REPLACE|COPY_SIGINT);
                                if (r < 0)
                                        return log_error_errno(r, "Failed to copy '%s' to '%s' in image '%s': %m", arg_source, arg_target, arg_image);

                                break;
                        }

                        /* We area looking at a regular file */
                        target_fd = openat(dfd, basename(arg_target), O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_EXCL, 0600);
                        if (target_fd < 0)
                                return log_error_errno(errno, "Failed to open target file '%s': %m", arg_target);

                        r = copy_bytes(source_fd, target_fd, (uint64_t) -1, COPY_REFLINK);
                        if (r < 0)
                                return log_error_errno(r, "Failed to copy bytes from '%s' to '%s' in image '%s': %m", arg_source, arg_target, arg_image);

                        (void) copy_xattr(source_fd, target_fd);
                        (void) copy_access(source_fd, target_fd);
                        (void) copy_times(source_fd, target_fd, 0);

                        /* When this is a regular file we don't copy ownership! */
                }

                break;
        }

        default:
                assert_not_reached("Unknown action.");
        }

        return 0;
}

DEFINE_MAIN_FUNCTION(run);
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
a2ea3b2f LP	2
a2ea3b2f LP	3	#include <fcntl.h>
a2ea3b2f	4	#include <getopt.h>
e08f94ac LP	5	#include <linux/loop.h>
e08f94ac LP	6	#include <stdio.h>
a2ea3b2f LP	7
a2ea3b2f LP	8	#include "architecture.h"
33973b84	9	#include "copy.h"
a2ea3b2f	10	#include "dissect-image.h"
33973b84 LP	11	#include "fd-util.h"
33973b84 LP	12	#include "fs-util.h"
4623e8e6	13	#include "hexdecoct.h"
a2ea3b2f LP	14	#include "log.h"
a2ea3b2f LP	15	#include "loop-util.h"
149afb45	16	#include "main-func.h"
33973b84 LP	17	#include "mkdir.h"
	18	#include "mount-util.h"
	19	#include "namespace-util.h"
e475f729	20	#include "parse-util.h"
e7cbe5cb	21	#include "path-util.h"
5c05f062	22	#include "pretty-print.h"
33973b84	23	#include "stat-util.h"
a2ea3b2f	24	#include "string-util.h"
a1edd22e	25	#include "strv.h"
5c05f062	26	#include "terminal-util.h"
33973b84	27	#include "tmpfile-util.h"
2d3a5a73	28	#include "user-util.h"
a2ea3b2f LP	29	#include "util.h"
	30
	31	static enum {
	32	ACTION_DISSECT,
	33	ACTION_MOUNT,
33973b84 LP	34	ACTION_COPY_FROM,
33973b84 LP	35	ACTION_COPY_TO,
a2ea3b2f LP	36	} arg_action = ACTION_DISSECT;
	37	static const char *arg_image = NULL;
	38	static const char *arg_path = NULL;
33973b84 LP	39	static const char *arg_source = NULL;
33973b84 LP	40	static const char *arg_target = NULL;
e475f729	41	static DissectImageFlags arg_flags = DISSECT_IMAGE_REQUIRE_ROOT\|DISSECT_IMAGE_DISCARD_ON_LOOP\|DISSECT_IMAGE_RELAX_VAR_CHECK\|DISSECT_IMAGE_FSCK;
4623e8e6	42	static void *arg_root_hash = NULL;
e7cbe5cb	43	static char *arg_verity_data = NULL;
4623e8e6	44	static size_t arg_root_hash_size = 0;
c2923fdc LB	45	static char *arg_root_hash_sig_path = NULL;
	46	static void *arg_root_hash_sig = NULL;
	47	static size_t arg_root_hash_sig_size = 0;
a2ea3b2f	48
149afb45	49	STATIC_DESTRUCTOR_REGISTER(arg_root_hash, freep);
e7cbe5cb	50	STATIC_DESTRUCTOR_REGISTER(arg_verity_data, freep);
c2923fdc LB	51	STATIC_DESTRUCTOR_REGISTER(arg_root_hash_sig_path, freep);
c2923fdc LB	52	STATIC_DESTRUCTOR_REGISTER(arg_root_hash_sig, freep);
149afb45	53
5c05f062 LP	54	static int help(void) {
	55	_cleanup_free_ char *link = NULL;
	56	int r;
	57
	58	r = terminal_urlify_man("systemd-dissect", "1", &link);
	59	if (r < 0)
	60	return log_oom();
	61
	62	printf("%1$s [OPTIONS...] IMAGE\n"
33973b84 LP	63	"%1$s [OPTIONS...] --mount IMAGE PATH\n"
	64	"%1$s [OPTIONS...] --copy-from IMAGE PATH [TARGET]\n"
	65	"%1$s [OPTIONS...] --copy-to IMAGE [SOURCE] PATH\n\n"
5c05f062 LP	66	"%5$sDissect a file system OS image.%6$s\n\n"
5c05f062 LP	67	"%3$sOptions:%4$s\n"
e7cbe5cb LB	68	" -r --read-only Mount read-only\n"
e7cbe5cb LB	69	" --fsck=BOOL Run fsck before mounting\n"
5c05f062	70	" --mkdir Make mount directory before mounting, if missing\n"
e7cbe5cb LB	71	" --discard=MODE Choose 'discard' mode (disabled, loop, all, crypto)\n"
e7cbe5cb LB	72	" --root-hash=HASH Specify root hash for verity\n"
c2923fdc LB	73	" --root-hash-sig=SIG Specify pkcs7 signature of root hash for verity\n"
	74	" as a DER encoded PKCS7, either as a path to a file\n"
	75	" or as an ASCII base64 encoded string prefixed by\n"
	76	" 'base64:'\n"
e7cbe5cb	77	" --verity-data=PATH Specify data file with hash tree for verity if it is\n"
5c05f062 LP	78	" not embedded in IMAGE\n"
	79	"\n%3$sCommands:%4$s\n"
	80	" -h --help Show this help\n"
	81	" --version Show package version\n"
	82	" -m --mount Mount the image to the specified directory\n"
	83	" -M Shortcut for --mount --mkdir\n"
33973b84 LP	84	" -x --copy-from Copy files from image to host\n"
33973b84 LP	85	" -a --copy-to Copy files from host to image\n"
5c05f062 LP	86	"\nSee the %2$s for details.\n"
	87	, program_invocation_short_name
	88	, link
	89	, ansi_underline(), ansi_normal()
	90	, ansi_highlight(), ansi_normal());
	91
	92	return 0;
a2ea3b2f LP	93	}
	94
	95	static int parse_argv(int argc, char *argv[]) {
	96
	97	enum {
	98	ARG_VERSION = 0x100,
18b5886e	99	ARG_DISCARD,
4623e8e6	100	ARG_ROOT_HASH,
e475f729	101	ARG_FSCK,
e7cbe5cb	102	ARG_VERITY_DATA,
c2923fdc	103	ARG_ROOT_HASH_SIG,
5c05f062	104	ARG_MKDIR,
a2ea3b2f LP	105	};
	106
	107	static const struct option options[] = {
c2923fdc LB	108	{ "help", no_argument, NULL, 'h' },
	109	{ "version", no_argument, NULL, ARG_VERSION },
	110	{ "mount", no_argument, NULL, 'm' },
	111	{ "read-only", no_argument, NULL, 'r' },
	112	{ "discard", required_argument, NULL, ARG_DISCARD },
	113	{ "root-hash", required_argument, NULL, ARG_ROOT_HASH },
	114	{ "fsck", required_argument, NULL, ARG_FSCK },
	115	{ "verity-data", required_argument, NULL, ARG_VERITY_DATA },
	116	{ "root-hash-sig", required_argument, NULL, ARG_ROOT_HASH_SIG },
5c05f062	117	{ "mkdir", no_argument, NULL, ARG_MKDIR },
33973b84 LP	118	{ "copy-from", no_argument, NULL, 'x' },
33973b84 LP	119	{ "copy-to", no_argument, NULL, 'a' },
a2ea3b2f LP	120	{}
	121	};
	122
4623e8e6	123	int c, r;
a2ea3b2f LP	124
	125	assert(argc >= 0);
	126	assert(argv);
	127
33973b84	128	while ((c = getopt_long(argc, argv, "hmrMxa", options, NULL)) >= 0) {
a2ea3b2f LP	129
	130	switch (c) {
	131
	132	case 'h':
5c05f062	133	return help();
a2ea3b2f LP	134
	135	case ARG_VERSION:
	136	return version();
	137
	138	case 'm':
	139	arg_action = ACTION_MOUNT;
	140	break;
	141
5c05f062 LP	142	case ARG_MKDIR:
	143	arg_flags \|= DISSECT_IMAGE_MKDIR;
	144	break;
	145
	146	case 'M':
	147	/* Shortcut combination of the above two */
	148	arg_action = ACTION_MOUNT;
	149	arg_flags \|= DISSECT_IMAGE_MKDIR;
	150	break;
	151
33973b84 LP	152	case 'x':
	153	arg_action = ACTION_COPY_FROM;
	154	arg_flags \|= DISSECT_IMAGE_READ_ONLY;
	155	break;
	156
	157	case 'a':
	158	arg_action = ACTION_COPY_TO;
	159	break;
	160
a2ea3b2f	161	case 'r':
18b5886e LP	162	arg_flags \|= DISSECT_IMAGE_READ_ONLY;
	163	break;
	164
971e2ef0 ZJS	165	case ARG_DISCARD: {
	166	DissectImageFlags flags;
	167
18b5886e	168	if (streq(optarg, "disabled"))
971e2ef0	169	flags = 0;
18b5886e	170	else if (streq(optarg, "loop"))
971e2ef0	171	flags = DISSECT_IMAGE_DISCARD_ON_LOOP;
18b5886e	172	else if (streq(optarg, "all"))
971e2ef0	173	flags = DISSECT_IMAGE_DISCARD_ON_LOOP \| DISSECT_IMAGE_DISCARD;
18b5886e	174	else if (streq(optarg, "crypt"))
971e2ef0	175	flags = DISSECT_IMAGE_DISCARD_ANY;
140788f7 LP	176	else if (streq(optarg, "list")) {
	177	puts("disabled\n"
	178	"all\n"
	179	"crypt\n"
	180	"loop");
	181	return 0;
	182	} else
baaa35ad ZJS	183	return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
	184	"Unknown --discard= parameter: %s",
	185	optarg);
971e2ef0	186	arg_flags = (arg_flags & ~DISSECT_IMAGE_DISCARD_ANY) \| flags;
18b5886e	187
a2ea3b2f	188	break;
971e2ef0	189	}
a2ea3b2f	190
4623e8e6 LP	191	case ARG_ROOT_HASH: {
	192	void *p;
	193	size_t l;
	194
	195	r = unhexmem(optarg, strlen(optarg), &p, &l);
	196	if (r < 0)
63cf2d75	197	return log_error_errno(r, "Failed to parse root hash '%s': %m", optarg);
4623e8e6 LP	198	if (l < sizeof(sd_id128_t)) {
	199	log_error("Root hash must be at least 128bit long: %s", optarg);
	200	free(p);
	201	return -EINVAL;
	202	}
	203
	204	free(arg_root_hash);
	205	arg_root_hash = p;
	206	arg_root_hash_size = l;
	207	break;
	208	}
	209
e7cbe5cb LB	210	case ARG_VERITY_DATA:
	211	r = parse_path_argument_and_warn(optarg, false, &arg_verity_data);
	212	if (r < 0)
	213	return r;
	214	break;
	215
c2923fdc LB	216	case ARG_ROOT_HASH_SIG: {
	217	char *value;
	218
	219	if ((value = startswith(optarg, "base64:"))) {
	220	void *p;
	221	size_t l;
	222
	223	r = unbase64mem(value, strlen(value), &p, &l);
	224	if (r < 0)
	225	return log_error_errno(r, "Failed to parse root hash signature '%s': %m", optarg);
	226
	227	free_and_replace(arg_root_hash_sig, p);
	228	arg_root_hash_sig_size = l;
	229	arg_root_hash_sig_path = mfree(arg_root_hash_sig_path);
	230	} else {
	231	r = parse_path_argument_and_warn(optarg, false, &arg_root_hash_sig_path);
	232	if (r < 0)
	233	return r;
	234	arg_root_hash_sig = mfree(arg_root_hash_sig);
	235	arg_root_hash_sig_size = 0;
	236	}
	237
	238	break;
	239	}
	240
e475f729 LP	241	case ARG_FSCK:
	242	r = parse_boolean(optarg);
	243	if (r < 0)
	244	return log_error_errno(r, "Failed to parse --fsck= parameter: %s", optarg);
	245
	246	SET_FLAG(arg_flags, DISSECT_IMAGE_FSCK, r);
	247	break;
	248
a2ea3b2f LP	249	case '?':
	250	return -EINVAL;
	251
	252	default:
	253	assert_not_reached("Unhandled option");
	254	}
	255
	256	}
	257
	258	switch (arg_action) {
	259
	260	case ACTION_DISSECT:
baaa35ad ZJS	261	if (optind + 1 != argc)
baaa35ad ZJS	262	return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
33973b84	263	"Expected an image file path as only argument.");
a2ea3b2f LP	264
a2ea3b2f LP	265	arg_image = argv[optind];
18b5886e	266	arg_flags \|= DISSECT_IMAGE_READ_ONLY;
a2ea3b2f LP	267	break;
	268
	269	case ACTION_MOUNT:
baaa35ad ZJS	270	if (optind + 2 != argc)
baaa35ad ZJS	271	return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
33973b84	272	"Expected an image file path and mount point path as only arguments.");
a2ea3b2f LP	273
	274	arg_image = argv[optind];
	275	arg_path = argv[optind + 1];
	276	break;
	277
33973b84 LP	278	case ACTION_COPY_FROM:
	279	if (argc < optind + 2 \|\| argc > optind + 3)
	280	return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
	281	"Expected an image file path, a source path and an optional destination path as only arguments.");
	282
	283	arg_image = argv[optind];
	284	arg_source = argv[optind + 1];
	285	arg_target = argc > optind + 2 ? argv[optind + 2] : "-" /* this means stdout */ ;
	286
	287	arg_flags \|= DISSECT_IMAGE_READ_ONLY;
	288	break;
	289
	290	case ACTION_COPY_TO:
	291	if (argc < optind + 2 \|\| argc > optind + 3)
	292	return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
	293	"Expected an image file path, an optional source path and a destination path as only arguments.");
	294
	295	arg_image = argv[optind];
	296
	297	if (argc > optind + 2) {
	298	arg_source = argv[optind + 1];
	299	arg_target = argv[optind + 2];
	300	} else {
	301	arg_source = "-"; /* this means stdin */
	302	arg_target = argv[optind + 1];
	303	}
	304
	305	break;
	306
a2ea3b2f LP	307	default:
	308	assert_not_reached("Unknown action.");
	309	}
	310
	311	return 1;
	312	}
	313
149afb45	314	static int run(int argc, char *argv[]) {
a2ea3b2f	315	_cleanup_(loop_device_unrefp) LoopDevice *d = NULL;
18b5886e	316	_cleanup_(decrypted_image_unrefp) DecryptedImage *di = NULL;
a2ea3b2f LP	317	_cleanup_(dissected_image_unrefp) DissectedImage *m = NULL;
	318	int r;
	319
	320	log_parse_environment();
	321	log_open();
	322
	323	r = parse_argv(argc, argv);
	324	if (r <= 0)
149afb45	325	return r;
a2ea3b2f	326
e08f94ac	327	r = loop_device_make_by_path(arg_image, (arg_flags & DISSECT_IMAGE_READ_ONLY) ? O_RDONLY : O_RDWR, LO_FLAGS_PARTSCAN, &d);
149afb45 YW	328	if (r < 0)
149afb45 YW	329	return log_error_errno(r, "Failed to set up loopback device: %m");
a2ea3b2f	330
0389f4fa	331	r = verity_metadata_load(arg_image, NULL, arg_root_hash ? NULL : &arg_root_hash, &arg_root_hash_size,
c2923fdc LB	332	arg_verity_data ? NULL : &arg_verity_data,
c2923fdc LB	333	arg_root_hash_sig_path \|\| arg_root_hash_sig ? NULL : &arg_root_hash_sig_path);
e7cbe5cb LB	334	if (r < 0)
	335	return log_error_errno(r, "Failed to read verity artefacts for %s: %m", arg_image);
	336	arg_flags \|= arg_verity_data ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0;
78ebe980	337
18d73705	338	r = dissect_image_and_warn(d->fd, arg_image, arg_root_hash, arg_root_hash_size, arg_verity_data, NULL, arg_flags, &m);
4526113f	339	if (r < 0)
149afb45	340	return r;
a2ea3b2f LP	341
	342	switch (arg_action) {
	343
	344	case ACTION_DISSECT: {
	345	unsigned i;
	346
	347	for (i = 0; i < _PARTITION_DESIGNATOR_MAX; i++) {
	348	DissectedPartition *p = m->partitions + i;
	349
	350	if (!p->found)
	351	continue;
	352
	353	printf("Found %s '%s' partition",
	354	p->rw ? "writable" : "read-only",
	355	partition_designator_to_string(i));
	356
be30ad41 LP	357	if (!sd_id128_is_null(p->uuid))
	358	printf(" (UUID " SD_ID128_FORMAT_STR ")", SD_ID128_FORMAT_VAL(p->uuid));
	359
a2ea3b2f LP	360	if (p->fstype)
	361	printf(" of type %s", p->fstype);
	362
	363	if (p->architecture != _ARCHITECTURE_INVALID)
	364	printf(" for %s", architecture_to_string(p->architecture));
	365
e7cbe5cb LB	366	if (dissected_image_can_do_verity(m, i))
e7cbe5cb LB	367	printf(" %s verity", dissected_image_has_verity(m, i) ? "with" : "without");
4623e8e6	368
a2ea3b2f LP	369	if (p->partno >= 0)
	370	printf(" on partition #%i", p->partno);
	371
	372	if (p->node)
	373	printf(" (%s)", p->node);
	374
	375	putchar('\n');
	376	}
a1edd22e LP	377
a1edd22e LP	378	r = dissected_image_acquire_metadata(m);
149afb45 YW	379	if (r < 0)
149afb45 YW	380	return log_error_errno(r, "Failed to acquire image metadata: %m");
a1edd22e LP	381
	382	if (m->hostname)
	383	printf(" Hostname: %s\n", m->hostname);
	384
	385	if (!sd_id128_is_null(m->machine_id))
	386	printf("Machine ID: " SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(m->machine_id));
	387
	388	if (!strv_isempty(m->machine_info)) {
	389	char p, q;
	390
	391	STRV_FOREACH_PAIR(p, q, m->machine_info)
	392	printf("%s %s=%s\n",
	393	p == m->machine_info ? "Mach. Info:" : " ",
	394	p, q);
	395	}
	396
	397	if (!strv_isempty(m->os_release)) {
	398	char p, q;
	399
	400	STRV_FOREACH_PAIR(p, q, m->os_release)
	401	printf("%s %s=%s\n",
	402	p == m->os_release ? "OS Release:" : " ",
	403	p, q);
	404	}
a2ea3b2f LP	405
	406	break;
	407	}
	408
	409	case ACTION_MOUNT:
33973b84 LP	410	r = dissected_image_decrypt_interactively(
	411	m, NULL,
	412	arg_root_hash, arg_root_hash_size,
	413	arg_verity_data,
	414	arg_root_hash_sig_path, arg_root_hash_sig, arg_root_hash_sig_size,
	415	arg_flags,
	416	&di);
18b5886e	417	if (r < 0)
149afb45	418	return r;
18b5886e	419
2d3a5a73	420	r = dissected_image_mount(m, arg_path, UID_INVALID, arg_flags);
e475f729 LP	421	if (r == -EUCLEAN)
e475f729 LP	422	return log_error_errno(r, "File system check on image failed: %m");
149afb45 YW	423	if (r < 0)
149afb45 YW	424	return log_error_errno(r, "Failed to mount image: %m");
a2ea3b2f	425
18b5886e LP	426	if (di) {
18b5886e LP	427	r = decrypted_image_relinquish(di);
149afb45 YW	428	if (r < 0)
149afb45 YW	429	return log_error_errno(r, "Failed to relinquish DM devices: %m");
18b5886e LP	430	}
18b5886e LP	431
a2ea3b2f LP	432	loop_device_relinquish(d);
	433	break;
	434
33973b84 LP	435	case ACTION_COPY_FROM:
	436	case ACTION_COPY_TO: {
	437	_cleanup_(umount_and_rmdir_and_freep) char *mounted_dir = NULL;
	438	_cleanup_(rmdir_and_freep) char *created_dir = NULL;
	439	_cleanup_free_ char *temp = NULL;
	440
	441	r = dissected_image_decrypt_interactively(
	442	m, NULL,
	443	arg_root_hash, arg_root_hash_size,
	444	arg_verity_data,
	445	arg_root_hash_sig_path, arg_root_hash_sig, arg_root_hash_sig_size,
	446	arg_flags,
	447	&di);
	448	if (r < 0)
	449	return r;
	450
	451	r = detach_mount_namespace();
	452	if (r < 0)
	453	return log_error_errno(r, "Failed to detach mount namespace: %m");
	454
	455	r = tempfn_random_child(NULL, program_invocation_short_name, &temp);
	456	if (r < 0)
	457	return log_error_errno(r, "Failed to generate temporary mount directory: %m");
	458
	459	r = mkdir_p(temp, 0700);
	460	if (r < 0)
	461	return log_error_errno(r, "Failed to create mount point: %m");
	462
	463	created_dir = TAKE_PTR(temp);
	464
	465	r = dissected_image_mount(m, created_dir, UID_INVALID, arg_flags);
	466	if (r == -EUCLEAN)
	467	return log_error_errno(r, "File system check on image failed: %m");
	468	if (r < 0)
	469	return log_error_errno(r, "Failed to mount image: %m");
	470
	471	mounted_dir = TAKE_PTR(created_dir);
	472
	473	if (di) {
	474	r = decrypted_image_relinquish(di);
	475	if (r < 0)
	476	return log_error_errno(r, "Failed to relinquish DM devices: %m");
	477	}
	478
	479	loop_device_relinquish(d);
	480
	481	if (arg_action == ACTION_COPY_FROM) {
	482	_cleanup_close_ int source_fd = -1, target_fd = -1;
	483
	484	source_fd = chase_symlinks_and_open(arg_source, mounted_dir, CHASE_PREFIX_ROOT\|CHASE_WARN, O_RDONLY\|O_CLOEXEC\|O_NOCTTY, NULL);
	485	if (source_fd < 0)
	486	return log_error_errno(source_fd, "Failed to open source path '%s' in image '%s': %m", arg_source, arg_image);
	487
	488	/* Copying to stdout? */
	489	if (streq(arg_target, "-")) {
	490	r = copy_bytes(source_fd, STDOUT_FILENO, (uint64_t) -1, COPY_REFLINK);
	491	if (r < 0)
	492	return log_error_errno(r, "Failed to copy bytes from %s in mage '%s' to stdout: %m", arg_source, arg_image);
	493
	494	/* When we copy to stdou we don't copy any attributes (i.e. no access mode, no ownership, no xattr, no times) */
	495	break;
	496	}
	497
	498	/* Try to copy as directory? */
499	r = copy_directory_fd(source_fd, arg_target, COPY_REFLINK\|COPY_MERGE_EMPTY\|COPY_SIGINT);
500	if (r >= 0)
501	break;
502	if (r != -ENOTDIR)
503	return log_error_errno(r, "Failed to copy %s in image '%s' to '%s': %m", arg_source, arg_image, arg_target);
504
505	r = fd_verify_regular(source_fd);
506	if (r == -EISDIR)
507	return log_error_errno(r, "Target '%s' exists already and is not a directory.", arg_target);
508	if (r < 0)
509	return log_error_errno(r, "Source path %s in image '%s' is neither regular file nor directory, refusing: %m", arg_source, arg_image);
510
511	/* Nah, it's a plain file! */
512	target_fd = open(arg_target, O_WRONLY\|O_CREAT\|O_EXCL\|O_CLOEXEC\|O_NOCTTY\|O_NOFOLLOW, 0600);
513	if (target_fd < 0)
514	return log_error_errno(errno, "Failed to create regular file at target path '%s': %m", arg_target);
515
516	r = copy_bytes(source_fd, target_fd, (uint64_t) -1, COPY_REFLINK);
517	if (r < 0)
518	return log_error_errno(r, "Failed to copy bytes from %s in mage '%s' to '%s': %m", arg_source, arg_image, arg_target);
519
520	(void) copy_xattr(source_fd, target_fd);
521	(void) copy_access(source_fd, target_fd);
522	(void) copy_times(source_fd, target_fd, 0);
523
524	/* When this is a regular file we don't copy ownership! */
525
526	} else {
527	_cleanup_close_ int source_fd = -1, target_fd = -1;
528	_cleanup_close_ int dfd = -1;
529	_cleanup_free_ char *dn = NULL;
530
531	assert(arg_action == ACTION_COPY_TO);
532
533	dn = dirname_malloc(arg_target);
534	if (!dn)
535	return log_oom();
536
537	r = chase_symlinks(dn, mounted_dir, CHASE_PREFIX_ROOT\|CHASE_WARN, NULL, &dfd);
538	if (r < 0)
539	return log_error_errno(r, "Failed to open '%s': %m", dn);
540
541	/* Are we reading from stdin? */
542	if (streq(arg_source, "-")) {
543	target_fd = openat(dfd, basename(arg_target), O_WRONLY\|O_CREAT\|O_CLOEXEC\|O_NOCTTY\|O_EXCL, 0644);
544	if (target_fd < 0)
545	return log_error_errno(errno, "Failed to open target file '%s': %m", arg_target);
546
547	r = copy_bytes(STDIN_FILENO, target_fd, (uint64_t) -1, COPY_REFLINK);
548	if (r < 0)
549	return log_error_errno(r, "Failed to copy bytes from stdin to '%s' in image '%s': %m", arg_target, arg_image);
550
551	/* When we copy from stdin we don't copy any attributes (i.e. no access mode, no ownership, no xattr, no times) */
552	break;
553	}
554
555	source_fd = open(arg_source, O_RDONLY\|O_CLOEXEC\|O_NOCTTY);
556	if (source_fd < 0)
557	return log_error_errno(source_fd, "Failed to open source path '%s': %m", arg_source);
558
559	r = fd_verify_regular(source_fd);
560	if (r < 0) {
561	if (r != -EISDIR)
562	return log_error_errno(r, "Source '%s' is neither regular file nor directory: %m", arg_source);
563
564	/* We are looking at a directory. */
565
566	target_fd = openat(dfd, basename(arg_target), O_RDONLY\|O_DIRECTORY\|O_CLOEXEC);
567	if (target_fd < 0) {
568	if (errno != ENOENT)
569	return log_error_errno(errno, "Failed to open destination '%s': %m", arg_target);
570
571	r = copy_tree_at(source_fd, ".", dfd, basename(arg_target), UID_INVALID, GID_INVALID, COPY_REFLINK\|COPY_REPLACE\|COPY_SIGINT);
572	} else
573	r = copy_tree_at(source_fd, ".", target_fd, ".", UID_INVALID, GID_INVALID, COPY_REFLINK\|COPY_REPLACE\|COPY_SIGINT);
574	if (r < 0)
575	return log_error_errno(r, "Failed to copy '%s' to '%s' in image '%s': %m", arg_source, arg_target, arg_image);
576
577	break;
578	}
579
580	/* We area looking at a regular file */
581	target_fd = openat(dfd, basename(arg_target), O_WRONLY\|O_CREAT\|O_CLOEXEC\|O_NOCTTY\|O_EXCL, 0600);
582	if (target_fd < 0)
583	return log_error_errno(errno, "Failed to open target file '%s': %m", arg_target);
584
585	r = copy_bytes(source_fd, target_fd, (uint64_t) -1, COPY_REFLINK);
586	if (r < 0)
587	return log_error_errno(r, "Failed to copy bytes from '%s' to '%s' in image '%s': %m", arg_source, arg_target, arg_image);
588
589	(void) copy_xattr(source_fd, target_fd);
590	(void) copy_access(source_fd, target_fd);
591	(void) copy_times(source_fd, target_fd, 0);
592
593	/* When this is a regular file we don't copy ownership! */
594	}
595
596	break;
597	}
598
a2ea3b2f LP	599	default:
	600	assert_not_reached("Unknown action.");
	601	}
	602
149afb45	603	return 0;
a2ea3b2f	604	}
149afb45 YW	605
149afb45 YW	606	DEFINE_MAIN_FUNCTION(run);