[thirdparty/systemd.git] / src / import / pull-tar.c

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright 2015 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <sys/prctl.h>
#include <curl/curl.h>

#include "sd-daemon.h"
#include "utf8.h"
#include "strv.h"
#include "copy.h"
#include "btrfs-util.h"
#include "util.h"
#include "macro.h"
#include "mkdir.h"
#include "rm-rf.h"
#include "path-util.h"
#include "process-util.h"
#include "hostname-util.h"
#include "import-util.h"
#include "import-common.h"
#include "curl-util.h"
#include "pull-job.h"
#include "pull-common.h"
#include "pull-tar.h"

typedef enum TarProgress {
        TAR_DOWNLOADING,
        TAR_VERIFYING,
        TAR_FINALIZING,
        TAR_COPYING,
} TarProgress;

struct TarPull {
        sd_event *event;
        CurlGlue *glue;

        char *image_root;

        PullJob *tar_job;
        PullJob *settings_job;
        PullJob *checksum_job;
        PullJob *signature_job;

        TarPullFinished on_finished;
        void *userdata;

        char *local;
        bool force_local;
        bool grow_machine_directory;
        bool settings;

        pid_t tar_pid;

        char *final_path;
        char *temp_path;

        char *settings_path;
        char *settings_temp_path;

        ImportVerify verify;
};

TarPull* tar_pull_unref(TarPull *i) {
        if (!i)
                return NULL;

        if (i->tar_pid > 1) {
                (void) kill_and_sigcont(i->tar_pid, SIGKILL);
                (void) wait_for_terminate(i->tar_pid, NULL);
        }

        pull_job_unref(i->tar_job);
        pull_job_unref(i->settings_job);
        pull_job_unref(i->checksum_job);
        pull_job_unref(i->signature_job);

        curl_glue_unref(i->glue);
        sd_event_unref(i->event);

        if (i->temp_path) {
                (void) rm_rf(i->temp_path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
                free(i->temp_path);
        }

        if (i->settings_temp_path) {
                (void) unlink(i->settings_temp_path);
                free(i->settings_temp_path);
        }

        free(i->final_path);
        free(i->settings_path);
        free(i->image_root);
        free(i->local);
        free(i);

        return NULL;
}

int tar_pull_new(
                TarPull **ret,
                sd_event *event,
                const char *image_root,
                TarPullFinished on_finished,
                void *userdata) {

        _cleanup_(tar_pull_unrefp) TarPull *i = NULL;
        int r;

        assert(ret);

        i = new0(TarPull, 1);
        if (!i)
                return -ENOMEM;

        i->on_finished = on_finished;
        i->userdata = userdata;

        i->image_root = strdup(image_root ?: "/var/lib/machines");
        if (!i->image_root)
                return -ENOMEM;

        i->grow_machine_directory = path_startswith(i->image_root, "/var/lib/machines");

        if (event)
                i->event = sd_event_ref(event);
        else {
                r = sd_event_default(&i->event);
                if (r < 0)
                        return r;
        }

        r = curl_glue_new(&i->glue, i->event);
        if (r < 0)
                return r;

        i->glue->on_finished = pull_job_curl_on_finished;
        i->glue->userdata = i;

        *ret = i;
        i = NULL;

        return 0;
}

static void tar_pull_report_progress(TarPull *i, TarProgress p) {
        unsigned percent;

        assert(i);

        switch (p) {

        case TAR_DOWNLOADING: {
                unsigned remain = 85;

                percent = 0;

                if (i->settings_job) {
                        percent += i->settings_job->progress_percent * 5 / 100;
                        remain -= 5;
                }

                if (i->checksum_job) {
                        percent += i->checksum_job->progress_percent * 5 / 100;
                        remain -= 5;
                }

                if (i->signature_job) {
                        percent += i->signature_job->progress_percent * 5 / 100;
                        remain -= 5;
                }

                if (i->tar_job)
                        percent += i->tar_job->progress_percent * remain / 100;
                break;
        }

        case TAR_VERIFYING:
                percent = 85;
                break;

        case TAR_FINALIZING:
                percent = 90;
                break;

        case TAR_COPYING:
                percent = 95;
                break;

        default:
                assert_not_reached("Unknown progress state");
        }

        sd_notifyf(false, "X_IMPORT_PROGRESS=%u", percent);
        log_debug("Combined progress %u%%", percent);
}

static int tar_pull_make_local_copy(TarPull *i) {
        int r;

        assert(i);
        assert(i->tar_job);

        if (!i->local)
                return 0;

        if (!i->final_path) {
                r = pull_make_path(i->tar_job->url, i->tar_job->etag, i->image_root, ".tar-", NULL, &i->final_path);
                if (r < 0)
                        return log_oom();
        }

        r = pull_make_local_copy(i->final_path, i->image_root, i->local, i->force_local);
        if (r < 0)
                return r;

        if (i->settings) {
                const char *local_settings;
                assert(i->settings_job);

                if (!i->settings_path) {
                        r = pull_make_path(i->settings_job->url, i->settings_job->etag, i->image_root, ".settings-", NULL, &i->settings_path);
                        if (r < 0)
                                return log_oom();
                }

                local_settings = strjoina(i->image_root, "/", i->local, ".nspawn");

                r = copy_file_atomic(i->settings_path, local_settings, 0664, i->force_local, 0);
                if (r == -EEXIST)
                        log_warning_errno(r, "Settings file %s already exists, not replacing.", local_settings);
                else if (r < 0 && r != -ENOENT)
                        log_warning_errno(r, "Failed to copy settings files %s: %m", local_settings);

                log_info("Create new settings file '%s.nspawn'", i->local);
        }

        return 0;
}

static bool tar_pull_is_done(TarPull *i) {
        assert(i);
        assert(i->tar_job);

        if (!PULL_JOB_IS_COMPLETE(i->tar_job))
                return false;
        if (i->settings_job && !PULL_JOB_IS_COMPLETE(i->settings_job))
                return false;
        if (i->checksum_job && !PULL_JOB_IS_COMPLETE(i->checksum_job))
                return false;
        if (i->signature_job && !PULL_JOB_IS_COMPLETE(i->signature_job))
                return false;

        return true;
}

static void tar_pull_job_on_finished(PullJob *j) {
        TarPull *i;
        int r;

        assert(j);
        assert(j->userdata);

        i = j->userdata;

        if (j == i->settings_job) {
                if (j->error != 0)
                        log_info_errno(j->error, "Settings file could not be retrieved, proceeding without.");
        } else if (j->error != 0) {
                if (j == i->checksum_job)
                        log_error_errno(j->error, "Failed to retrieve SHA256 checksum, cannot verify. (Try --verify=no?)");
                else if (j == i->signature_job)
                        log_error_errno(j->error, "Failed to retrieve signature file, cannot verify. (Try --verify=no?)");
                else
                        log_error_errno(j->error, "Failed to retrieve image file. (Wrong URL?)");

                r = j->error;
                goto finish;
        }

        /* This is invoked if either the download completed
         * successfully, or the download was skipped because we
         * already have the etag. */

        if (!tar_pull_is_done(i))
                return;

        i->tar_job->disk_fd = safe_close(i->tar_job->disk_fd);
        if (i->settings_job)
                i->settings_job->disk_fd = safe_close(i->settings_job->disk_fd);

        if (i->tar_pid > 0) {
                r = wait_for_terminate_and_warn("tar", i->tar_pid, true);
                i->tar_pid = 0;
                if (r < 0)
                        goto finish;
                if (r > 0) {
                        r = -EIO;
                        goto finish;
                }
        }

        if (!i->tar_job->etag_exists) {
                /* This is a new download, verify it, and move it into place */

                tar_pull_report_progress(i, TAR_VERIFYING);

                r = pull_verify(i->tar_job, i->settings_job, i->checksum_job, i->signature_job);
                if (r < 0)
                        goto finish;

                tar_pull_report_progress(i, TAR_FINALIZING);

                r = import_make_read_only(i->temp_path);
                if (r < 0)
                        goto finish;

                r = rename_noreplace(AT_FDCWD, i->temp_path, AT_FDCWD, i->final_path);
                if (r < 0) {
                        log_error_errno(r, "Failed to rename to final image name: %m");
                        goto finish;
                }

                i->temp_path = mfree(i->temp_path);

                if (i->settings_job &&
                    i->settings_job->error == 0 &&
                    !i->settings_job->etag_exists) {

                        assert(i->settings_temp_path);
                        assert(i->settings_path);

                        /* Also move the settings file into place, if
                         * it exist. Note that we do so only if we
                         * also moved the tar file in place, to keep
                         * things strictly in sync. */

                        r = import_make_read_only(i->settings_temp_path);
                        if (r < 0)
                                goto finish;

                        r = rename_noreplace(AT_FDCWD, i->settings_temp_path, AT_FDCWD, i->settings_path);
                        if (r < 0) {
                                log_error_errno(r, "Failed to rename settings file: %m");
                                goto finish;
                        }

                        i->settings_temp_path = mfree(i->settings_temp_path);
                }
        }

        tar_pull_report_progress(i, TAR_COPYING);

        r = tar_pull_make_local_copy(i);
        if (r < 0)
                goto finish;

        r = 0;

finish:
        if (i->on_finished)
                i->on_finished(i, r, i->userdata);
        else
                sd_event_exit(i->event, r);
}

static int tar_pull_job_on_open_disk_tar(PullJob *j) {
        TarPull *i;
        int r;

        assert(j);
        assert(j->userdata);

        i = j->userdata;
        assert(i->tar_job == j);
        assert(!i->final_path);
        assert(!i->temp_path);
        assert(i->tar_pid <= 0);

        r = pull_make_path(j->url, j->etag, i->image_root, ".tar-", NULL, &i->final_path);
        if (r < 0)
                return log_oom();

        r = tempfn_random(i->final_path, NULL, &i->temp_path);
        if (r < 0)
                return log_oom();

        mkdir_parents_label(i->temp_path, 0700);

        r = btrfs_subvol_make(i->temp_path);
        if (r == -ENOTTY) {
                if (mkdir(i->temp_path, 0755) < 0)
                        return log_error_errno(errno, "Failed to create directory %s: %m", i->temp_path);
        } else if (r < 0)
                return log_error_errno(errno, "Failed to create subvolume %s: %m", i->temp_path);

        j->disk_fd = import_fork_tar_x(i->temp_path, &i->tar_pid);
        if (j->disk_fd < 0)
                return j->disk_fd;

        return 0;
}

static int tar_pull_job_on_open_disk_settings(PullJob *j) {
        TarPull *i;
        int r;

        assert(j);
        assert(j->userdata);

        i = j->userdata;
        assert(i->settings_job == j);
        assert(!i->settings_path);
        assert(!i->settings_temp_path);

        r = pull_make_path(j->url, j->etag, i->image_root, ".settings-", NULL, &i->settings_path);
        if (r < 0)
                return log_oom();

        r = tempfn_random(i->settings_path, NULL, &i->settings_temp_path);
        if (r < 0)
                return log_oom();

        mkdir_parents_label(i->settings_temp_path, 0700);

        j->disk_fd = open(i->settings_temp_path, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0664);
        if (j->disk_fd < 0)
                return log_error_errno(errno, "Failed to create %s: %m", i->settings_temp_path);

        return 0;
}

static void tar_pull_job_on_progress(PullJob *j) {
        TarPull *i;

        assert(j);
        assert(j->userdata);

        i = j->userdata;

        tar_pull_report_progress(i, TAR_DOWNLOADING);
}

int tar_pull_start(
                TarPull *i,
                const char *url,
                const char *local,
                bool force_local,
                ImportVerify verify,
                bool settings) {

        int r;

        assert(i);
        assert(verify < _IMPORT_VERIFY_MAX);
        assert(verify >= 0);

        if (!http_url_is_valid(url))
                return -EINVAL;

        if (local && !machine_name_is_valid(local))
                return -EINVAL;

        if (i->tar_job)
                return -EBUSY;

        r = free_and_strdup(&i->local, local);
        if (r < 0)
                return r;

        i->force_local = force_local;
        i->verify = verify;
        i->settings = settings;

        /* Set up download job for TAR file */
        r = pull_job_new(&i->tar_job, url, i->glue, i);
        if (r < 0)
                return r;

        i->tar_job->on_finished = tar_pull_job_on_finished;
        i->tar_job->on_open_disk = tar_pull_job_on_open_disk_tar;
        i->tar_job->on_progress = tar_pull_job_on_progress;
        i->tar_job->calc_checksum = verify != IMPORT_VERIFY_NO;
        i->tar_job->grow_machine_directory = i->grow_machine_directory;

        r = pull_find_old_etags(url, i->image_root, DT_DIR, ".tar-", NULL, &i->tar_job->old_etags);
        if (r < 0)
                return r;

        /* Set up download job for the settings file (.nspawn) */
        if (settings) {
                r = pull_make_settings_job(&i->settings_job, url, i->glue, tar_pull_job_on_finished, i);
                if (r < 0)
                        return r;

                i->settings_job->on_open_disk = tar_pull_job_on_open_disk_settings;
                i->settings_job->on_progress = tar_pull_job_on_progress;
                i->settings_job->calc_checksum = verify != IMPORT_VERIFY_NO;

                r = pull_find_old_etags(i->settings_job->url, i->image_root, DT_REG, ".settings-", NULL, &i->settings_job->old_etags);
                if (r < 0)
                        return r;
        }

        /* Set up download of checksum/signature files */
        r = pull_make_verification_jobs(&i->checksum_job, &i->signature_job, verify, url, i->glue, tar_pull_job_on_finished, i);
        if (r < 0)
                return r;

        r = pull_job_begin(i->tar_job);
        if (r < 0)
                return r;

        if (i->settings_job) {
                r = pull_job_begin(i->settings_job);
                if (r < 0)
                        return r;
        }

        if (i->checksum_job) {
                i->checksum_job->on_progress = tar_pull_job_on_progress;

                r = pull_job_begin(i->checksum_job);
                if (r < 0)
                        return r;
        }

        if (i->signature_job) {
                i->signature_job->on_progress = tar_pull_job_on_progress;

                r = pull_job_begin(i->signature_job);
                if (r < 0)
                        return r;
        }

        return 0;
}
Commit	Line	Data
56ebfaf1 LP	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2015 Lennart Poettering
	7
	8	systemd is free software; you can redistribute it and/or modify it
	9	under the terms of the GNU Lesser General Public License as published by
	10	the Free Software Foundation; either version 2.1 of the License, or
	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	Lesser General Public License for more details.
	17
	18	You should have received a copy of the GNU Lesser General Public License
	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
	22	#include <sys/prctl.h>
	23	#include <curl/curl.h>
	24
7079cfef	25	#include "sd-daemon.h"
56ebfaf1 LP	26	#include "utf8.h"
	27	#include "strv.h"
	28	#include "copy.h"
	29	#include "btrfs-util.h"
	30	#include "util.h"
	31	#include "macro.h"
	32	#include "mkdir.h"
c6878637	33	#include "rm-rf.h"
26166c88	34	#include "path-util.h"
25300b5a LP	35	#include "process-util.h"
25300b5a LP	36	#include "hostname-util.h"
3d7415f4	37	#include "import-util.h"
b6e676ce	38	#include "import-common.h"
56ebfaf1	39	#include "curl-util.h"
dc2c282b LP	40	#include "pull-job.h"
	41	#include "pull-common.h"
	42	#include "pull-tar.h"
56ebfaf1	43
7079cfef LP	44	typedef enum TarProgress {
	45	TAR_DOWNLOADING,
	46	TAR_VERIFYING,
	47	TAR_FINALIZING,
	48	TAR_COPYING,
	49	} TarProgress;
	50
dc2c282b	51	struct TarPull {
56ebfaf1 LP	52	sd_event *event;
	53	CurlGlue *glue;
	54
	55	char *image_root;
	56
dc2c282b	57	PullJob *tar_job;
9854730b	58	PullJob *settings_job;
dc2c282b LP	59	PullJob *checksum_job;
dc2c282b LP	60	PullJob *signature_job;
56ebfaf1	61
dc2c282b	62	TarPullFinished on_finished;
56ebfaf1 LP	63	void *userdata;
56ebfaf1 LP	64
56ebfaf1 LP	65	char *local;
56ebfaf1 LP	66	bool force_local;
26166c88	67	bool grow_machine_directory;
9854730b	68	bool settings;
56ebfaf1 LP	69
	70	pid_t tar_pid;
	71
56ebfaf1	72	char *final_path;
9854730b LP	73	char *temp_path;
	74
	75	char *settings_path;
	76	char *settings_temp_path;
0100b6e1 LP	77
0100b6e1 LP	78	ImportVerify verify;
56ebfaf1 LP	79	};
56ebfaf1 LP	80
dc2c282b	81	TarPull* tar_pull_unref(TarPull *i) {
56ebfaf1 LP	82	if (!i)
	83	return NULL;
	84
0100b6e1	85	if (i->tar_pid > 1) {
8b71fce8	86	(void) kill_and_sigcont(i->tar_pid, SIGKILL);
0100b6e1	87	(void) wait_for_terminate(i->tar_pid, NULL);
56ebfaf1 LP	88	}
56ebfaf1 LP	89
dc2c282b	90	pull_job_unref(i->tar_job);
9854730b	91	pull_job_unref(i->settings_job);
dc2c282b LP	92	pull_job_unref(i->checksum_job);
dc2c282b LP	93	pull_job_unref(i->signature_job);
56ebfaf1 LP	94
	95	curl_glue_unref(i->glue);
	96	sd_event_unref(i->event);
	97
	98	if (i->temp_path) {
d9e2daaf	99	(void) rm_rf(i->temp_path, REMOVE_ROOT\|REMOVE_PHYSICAL\|REMOVE_SUBVOLUME);
0d6e763b	100	free(i->temp_path);
56ebfaf1 LP	101	}
56ebfaf1 LP	102
9854730b LP	103	if (i->settings_temp_path) {
	104	(void) unlink(i->settings_temp_path);
	105	free(i->settings_temp_path);
	106	}
	107
56ebfaf1	108	free(i->final_path);
9854730b	109	free(i->settings_path);
56ebfaf1 LP	110	free(i->image_root);
56ebfaf1 LP	111	free(i->local);
56ebfaf1 LP	112	free(i);
	113
	114	return NULL;
	115	}
	116
dc2c282b LP	117	int tar_pull_new(
dc2c282b LP	118	TarPull **ret,
8b71fce8 LP	119	sd_event *event,
8b71fce8 LP	120	const char *image_root,
dc2c282b	121	TarPullFinished on_finished,
8b71fce8 LP	122	void *userdata) {
8b71fce8 LP	123
dc2c282b	124	_cleanup_(tar_pull_unrefp) TarPull *i = NULL;
56ebfaf1 LP	125	int r;
	126
	127	assert(ret);
56ebfaf1	128
dc2c282b	129	i = new0(TarPull, 1);
56ebfaf1 LP	130	if (!i)
	131	return -ENOMEM;
	132
	133	i->on_finished = on_finished;
	134	i->userdata = userdata;
	135
	136	i->image_root = strdup(image_root ?: "/var/lib/machines");
	137	if (!i->image_root)
	138	return -ENOMEM;
	139
26166c88 LP	140	i->grow_machine_directory = path_startswith(i->image_root, "/var/lib/machines");
26166c88 LP	141
9854730b LP	142	if (event)
	143	i->event = sd_event_ref(event);
	144	else {
	145	r = sd_event_default(&i->event);
	146	if (r < 0)
	147	return r;
	148	}
56ebfaf1 LP	149
	150	r = curl_glue_new(&i->glue, i->event);
	151	if (r < 0)
	152	return r;
	153
dc2c282b	154	i->glue->on_finished = pull_job_curl_on_finished;
56ebfaf1 LP	155	i->glue->userdata = i;
	156
	157	*ret = i;
	158	i = NULL;
	159
	160	return 0;
	161	}
	162
dc2c282b	163	static void tar_pull_report_progress(TarPull *i, TarProgress p) {
7079cfef LP	164	unsigned percent;
	165
	166	assert(i);
	167
	168	switch (p) {
	169
	170	case TAR_DOWNLOADING: {
	171	unsigned remain = 85;
	172
	173	percent = 0;
	174
9854730b LP	175	if (i->settings_job) {
	176	percent += i->settings_job->progress_percent * 5 / 100;
	177	remain -= 5;
	178	}
	179
7079cfef LP	180	if (i->checksum_job) {
	181	percent += i->checksum_job->progress_percent * 5 / 100;
	182	remain -= 5;
	183	}
	184
	185	if (i->signature_job) {
	186	percent += i->signature_job->progress_percent * 5 / 100;
	187	remain -= 5;
	188	}
	189
	190	if (i->tar_job)
	191	percent += i->tar_job->progress_percent * remain / 100;
	192	break;
	193	}
	194
	195	case TAR_VERIFYING:
	196	percent = 85;
	197	break;
	198
	199	case TAR_FINALIZING:
	200	percent = 90;
	201	break;
	202
	203	case TAR_COPYING:
	204	percent = 95;
	205	break;
	206
	207	default:
	208	assert_not_reached("Unknown progress state");
	209	}
	210
	211	sd_notifyf(false, "X_IMPORT_PROGRESS=%u", percent);
	212	log_debug("Combined progress %u%%", percent);
	213	}
	214
dc2c282b	215	static int tar_pull_make_local_copy(TarPull *i) {
0d6e763b LP	216	int r;
	217
	218	assert(i);
	219	assert(i->tar_job);
	220
	221	if (!i->local)
	222	return 0;
	223
	224	if (!i->final_path) {
dc2c282b	225	r = pull_make_path(i->tar_job->url, i->tar_job->etag, i->image_root, ".tar-", NULL, &i->final_path);
0d6e763b LP	226	if (r < 0)
0d6e763b LP	227	return log_oom();
0d6e763b LP	228	}
0d6e763b LP	229
dc2c282b	230	r = pull_make_local_copy(i->final_path, i->image_root, i->local, i->force_local);
0100b6e1 LP	231	if (r < 0)
	232	return r;
	233
9854730b LP	234	if (i->settings) {
	235	const char *local_settings;
	236	assert(i->settings_job);
	237
	238	if (!i->settings_path) {
	239	r = pull_make_path(i->settings_job->url, i->settings_job->etag, i->image_root, ".settings-", NULL, &i->settings_path);
	240	if (r < 0)
	241	return log_oom();
	242	}
	243
	244	local_settings = strjoina(i->image_root, "/", i->local, ".nspawn");
	245
	246	r = copy_file_atomic(i->settings_path, local_settings, 0664, i->force_local, 0);
	247	if (r == -EEXIST)
	248	log_warning_errno(r, "Settings file %s already exists, not replacing.", local_settings);
	249	else if (r < 0 && r != -ENOENT)
	250	log_warning_errno(r, "Failed to copy settings files %s: %m", local_settings);
	251
	252	log_info("Create new settings file '%s.nspawn'", i->local);
	253	}
	254
0d6e763b LP	255	return 0;
	256	}
	257
dc2c282b	258	static bool tar_pull_is_done(TarPull *i) {
8b71fce8 LP	259	assert(i);
	260	assert(i->tar_job);
	261
9854730b	262	if (!PULL_JOB_IS_COMPLETE(i->tar_job))
8b71fce8	263	return false;
9854730b	264	if (i->settings_job && !PULL_JOB_IS_COMPLETE(i->settings_job))
8b71fce8	265	return false;
9854730b LP	266	if (i->checksum_job && !PULL_JOB_IS_COMPLETE(i->checksum_job))
	267	return false;
	268	if (i->signature_job && !PULL_JOB_IS_COMPLETE(i->signature_job))
8b71fce8 LP	269	return false;
	270
	271	return true;
	272	}
	273
dc2c282b LP	274	static void tar_pull_job_on_finished(PullJob *j) {
dc2c282b LP	275	TarPull *i;
56ebfaf1 LP	276	int r;
	277
	278	assert(j);
	279	assert(j->userdata);
	280
	281	i = j->userdata;
9854730b LP	282
	283	if (j == i->settings_job) {
	284	if (j->error != 0)
	285	log_info_errno(j->error, "Settings file could not be retrieved, proceeding without.");
	286	} else if (j->error != 0) {
0100b6e1 LP	287	if (j == i->checksum_job)
	288	log_error_errno(j->error, "Failed to retrieve SHA256 checksum, cannot verify. (Try --verify=no?)");
	289	else if (j == i->signature_job)
	290	log_error_errno(j->error, "Failed to retrieve signature file, cannot verify. (Try --verify=no?)");
	291	else
	292	log_error_errno(j->error, "Failed to retrieve image file. (Wrong URL?)");
	293
56ebfaf1 LP	294	r = j->error;
	295	goto finish;
	296	}
	297
	298	/* This is invoked if either the download completed
	299	* successfully, or the download was skipped because we
	300	* already have the etag. */
	301
dc2c282b	302	if (!tar_pull_is_done(i))
0100b6e1 LP	303	return;
0100b6e1 LP	304
9854730b LP	305	i->tar_job->disk_fd = safe_close(i->tar_job->disk_fd);
	306	if (i->settings_job)
	307	i->settings_job->disk_fd = safe_close(i->settings_job->disk_fd);
56ebfaf1 LP	308
	309	if (i->tar_pid > 0) {
	310	r = wait_for_terminate_and_warn("tar", i->tar_pid, true);
	311	i->tar_pid = 0;
	312	if (r < 0)
	313	goto finish;
9854730b LP	314	if (r > 0) {
	315	r = -EIO;
	316	goto finish;
	317	}
56ebfaf1 LP	318	}
56ebfaf1 LP	319
0100b6e1 LP	320	if (!i->tar_job->etag_exists) {
	321	/* This is a new download, verify it, and move it into place */
	322
dc2c282b	323	tar_pull_report_progress(i, TAR_VERIFYING);
7079cfef	324
9854730b	325	r = pull_verify(i->tar_job, i->settings_job, i->checksum_job, i->signature_job);
0100b6e1 LP	326	if (r < 0)
	327	goto finish;
	328
dc2c282b	329	tar_pull_report_progress(i, TAR_FINALIZING);
7079cfef	330
b6e676ce	331	r = import_make_read_only(i->temp_path);
56ebfaf1 LP	332	if (r < 0)
	333	goto finish;
	334
f85ef957 AC	335	r = rename_noreplace(AT_FDCWD, i->temp_path, AT_FDCWD, i->final_path);
	336	if (r < 0) {
	337	log_error_errno(r, "Failed to rename to final image name: %m");
56ebfaf1 LP	338	goto finish;
56ebfaf1 LP	339	}
56ebfaf1	340
9854730b LP	341	i->temp_path = mfree(i->temp_path);
	342
	343	if (i->settings_job &&
	344	i->settings_job->error == 0 &&
	345	!i->settings_job->etag_exists) {
	346
	347	assert(i->settings_temp_path);
	348	assert(i->settings_path);
	349
	350	/* Also move the settings file into place, if
	351	* it exist. Note that we do so only if we
	352	* also moved the tar file in place, to keep
	353	* things strictly in sync. */
	354
	355	r = import_make_read_only(i->settings_temp_path);
	356	if (r < 0)
	357	goto finish;
	358
	359	r = rename_noreplace(AT_FDCWD, i->settings_temp_path, AT_FDCWD, i->settings_path);
	360	if (r < 0) {
	361	log_error_errno(r, "Failed to rename settings file: %m");
	362	goto finish;
	363	}
	364
	365	i->settings_temp_path = mfree(i->settings_temp_path);
	366	}
56ebfaf1 LP	367	}
56ebfaf1 LP	368
dc2c282b	369	tar_pull_report_progress(i, TAR_COPYING);
7079cfef	370
dc2c282b	371	r = tar_pull_make_local_copy(i);
0d6e763b LP	372	if (r < 0)
	373	goto finish;
	374
56ebfaf1 LP	375	r = 0;
	376
	377	finish:
56ebfaf1 LP	378	if (i->on_finished)
	379	i->on_finished(i, r, i->userdata);
	380	else
	381	sd_event_exit(i->event, r);
	382	}
	383
9854730b	384	static int tar_pull_job_on_open_disk_tar(PullJob *j) {
dc2c282b	385	TarPull *i;
56ebfaf1 LP	386	int r;
	387
	388	assert(j);
	389	assert(j->userdata);
	390
	391	i = j->userdata;
8b71fce8 LP	392	assert(i->tar_job == j);
	393	assert(!i->final_path);
	394	assert(!i->temp_path);
	395	assert(i->tar_pid <= 0);
56ebfaf1	396
dc2c282b	397	r = pull_make_path(j->url, j->etag, i->image_root, ".tar-", NULL, &i->final_path);
56ebfaf1 LP	398	if (r < 0)
	399	return log_oom();
	400
14bcf25c	401	r = tempfn_random(i->final_path, NULL, &i->temp_path);
56ebfaf1 LP	402	if (r < 0)
	403	return log_oom();
	404
	405	mkdir_parents_label(i->temp_path, 0700);
	406
	407	r = btrfs_subvol_make(i->temp_path);
	408	if (r == -ENOTTY) {
	409	if (mkdir(i->temp_path, 0755) < 0)
	410	return log_error_errno(errno, "Failed to create directory %s: %m", i->temp_path);
	411	} else if (r < 0)
	412	return log_error_errno(errno, "Failed to create subvolume %s: %m", i->temp_path);
	413
587fec42	414	j->disk_fd = import_fork_tar_x(i->temp_path, &i->tar_pid);
2c140ded LP	415	if (j->disk_fd < 0)
2c140ded LP	416	return j->disk_fd;
56ebfaf1 LP	417
	418	return 0;
	419	}
	420
9854730b LP	421	static int tar_pull_job_on_open_disk_settings(PullJob *j) {
	422	TarPull *i;
	423	int r;
	424
	425	assert(j);
	426	assert(j->userdata);
	427
	428	i = j->userdata;
	429	assert(i->settings_job == j);
	430	assert(!i->settings_path);
	431	assert(!i->settings_temp_path);
	432
	433	r = pull_make_path(j->url, j->etag, i->image_root, ".settings-", NULL, &i->settings_path);
	434	if (r < 0)
	435	return log_oom();
	436
	437	r = tempfn_random(i->settings_path, NULL, &i->settings_temp_path);
	438	if (r < 0)
	439	return log_oom();
	440
	441	mkdir_parents_label(i->settings_temp_path, 0700);
	442
	443	j->disk_fd = open(i->settings_temp_path, O_RDWR\|O_CREAT\|O_EXCL\|O_NOCTTY\|O_CLOEXEC, 0664);
	444	if (j->disk_fd < 0)
	445	return log_error_errno(errno, "Failed to create %s: %m", i->settings_temp_path);
	446
	447	return 0;
	448	}
	449
dc2c282b LP	450	static void tar_pull_job_on_progress(PullJob *j) {
dc2c282b LP	451	TarPull *i;
7079cfef LP	452
	453	assert(j);
	454	assert(j->userdata);
	455
	456	i = j->userdata;
	457
dc2c282b	458	tar_pull_report_progress(i, TAR_DOWNLOADING);
7079cfef LP	459	}
7079cfef LP	460
9854730b LP	461	int tar_pull_start(
	462	TarPull *i,
	463	const char *url,
	464	const char *local,
	465	bool force_local,
	466	ImportVerify verify,
	467	bool settings) {
	468
56ebfaf1 LP	469	int r;
	470
	471	assert(i);
9854730b LP	472	assert(verify < _IMPORT_VERIFY_MAX);
9854730b LP	473	assert(verify >= 0);
56ebfaf1	474
56ebfaf1 LP	475	if (!http_url_is_valid(url))
	476	return -EINVAL;
	477
	478	if (local && !machine_name_is_valid(local))
	479	return -EINVAL;
	480
8b71fce8 LP	481	if (i->tar_job)
	482	return -EBUSY;
	483
56ebfaf1 LP	484	r = free_and_strdup(&i->local, local);
	485	if (r < 0)
	486	return r;
9854730b	487
56ebfaf1	488	i->force_local = force_local;
0100b6e1	489	i->verify = verify;
9854730b	490	i->settings = settings;
56ebfaf1	491
9854730b	492	/* Set up download job for TAR file */
dc2c282b	493	r = pull_job_new(&i->tar_job, url, i->glue, i);
56ebfaf1 LP	494	if (r < 0)
	495	return r;
	496
dc2c282b	497	i->tar_job->on_finished = tar_pull_job_on_finished;
9854730b	498	i->tar_job->on_open_disk = tar_pull_job_on_open_disk_tar;
dc2c282b	499	i->tar_job->on_progress = tar_pull_job_on_progress;
0100b6e1	500	i->tar_job->calc_checksum = verify != IMPORT_VERIFY_NO;
26166c88	501	i->tar_job->grow_machine_directory = i->grow_machine_directory;
56ebfaf1	502
dc2c282b	503	r = pull_find_old_etags(url, i->image_root, DT_DIR, ".tar-", NULL, &i->tar_job->old_etags);
56ebfaf1 LP	504	if (r < 0)
	505	return r;
	506
9854730b LP	507	/* Set up download job for the settings file (.nspawn) */
	508	if (settings) {
	509	r = pull_make_settings_job(&i->settings_job, url, i->glue, tar_pull_job_on_finished, i);
	510	if (r < 0)
	511	return r;
	512
	513	i->settings_job->on_open_disk = tar_pull_job_on_open_disk_settings;
	514	i->settings_job->on_progress = tar_pull_job_on_progress;
	515	i->settings_job->calc_checksum = verify != IMPORT_VERIFY_NO;
	516
	517	r = pull_find_old_etags(i->settings_job->url, i->image_root, DT_REG, ".settings-", NULL, &i->settings_job->old_etags);
	518	if (r < 0)
	519	return r;
	520	}
	521
	522	/* Set up download of checksum/signature files */
dc2c282b	523	r = pull_make_verification_jobs(&i->checksum_job, &i->signature_job, verify, url, i->glue, tar_pull_job_on_finished, i);
0100b6e1 LP	524	if (r < 0)
	525	return r;
	526
dc2c282b	527	r = pull_job_begin(i->tar_job);
0100b6e1 LP	528	if (r < 0)
	529	return r;
	530
9854730b LP	531	if (i->settings_job) {
	532	r = pull_job_begin(i->settings_job);
	533	if (r < 0)
	534	return r;
	535	}
	536
0100b6e1	537	if (i->checksum_job) {
dc2c282b	538	i->checksum_job->on_progress = tar_pull_job_on_progress;
7079cfef	539
dc2c282b	540	r = pull_job_begin(i->checksum_job);
0100b6e1 LP	541	if (r < 0)
	542	return r;
	543	}
	544
	545	if (i->signature_job) {
dc2c282b	546	i->signature_job->on_progress = tar_pull_job_on_progress;
7079cfef	547
dc2c282b	548	r = pull_job_begin(i->signature_job);
0100b6e1 LP	549	if (r < 0)
	550	return r;
	551	}
	552
	553	return 0;
56ebfaf1	554	}