]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/dissect/dissect.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
service: add new RootImageOptions feature
[thirdparty/systemd.git] / src / dissect / dissect.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #include <fcntl.h>
4 #include <getopt.h>
5 #include <linux/loop.h>
6 #include <stdio.h>
7
8 #include "architecture.h"
9 #include "dissect-image.h"
10 #include "hexdecoct.h"
11 #include "log.h"
12 #include "loop-util.h"
13 #include "main-func.h"
14 #include "parse-util.h"
15 #include "path-util.h"
16 #include "string-util.h"
17 #include "strv.h"
18 #include "user-util.h"
19 #include "util.h"
20
21 static enum {
22 ACTION_DISSECT,
23 ACTION_MOUNT,
24 } arg_action = ACTION_DISSECT;
25 static const char *arg_image = NULL;
26 static const char *arg_path = NULL;
27 static DissectImageFlags arg_flags = DISSECT_IMAGE_REQUIRE_ROOT|DISSECT_IMAGE_DISCARD_ON_LOOP|DISSECT_IMAGE_RELAX_VAR_CHECK|DISSECT_IMAGE_FSCK;
28 static void *arg_root_hash = NULL;
29 static char *arg_verity_data = NULL;
30 static size_t arg_root_hash_size = 0;
31 static char *arg_root_hash_sig_path = NULL;
32 static void *arg_root_hash_sig = NULL;
33 static size_t arg_root_hash_sig_size = 0;
34
35 STATIC_DESTRUCTOR_REGISTER(arg_root_hash, freep);
36 STATIC_DESTRUCTOR_REGISTER(arg_verity_data, freep);
37 STATIC_DESTRUCTOR_REGISTER(arg_root_hash_sig_path, freep);
38 STATIC_DESTRUCTOR_REGISTER(arg_root_hash_sig, freep);
39
40 static void help(void) {
41 printf("%s [OPTIONS...] IMAGE\n"
42 "%s [OPTIONS...] --mount IMAGE PATH\n"
43 "Dissect a file system OS image.\n\n"
44 " -h --help Show this help\n"
45 " --version Show package version\n"
46 " -m --mount Mount the image to the specified directory\n"
47 " -r --read-only Mount read-only\n"
48 " --fsck=BOOL Run fsck before mounting\n"
49 " --discard=MODE Choose 'discard' mode (disabled, loop, all, crypto)\n"
50 " --root-hash=HASH Specify root hash for verity\n"
51 " --root-hash-sig=SIG Specify pkcs7 signature of root hash for verity\n"
52 " as a DER encoded PKCS7, either as a path to a file\n"
53 " or as an ASCII base64 encoded string prefixed by\n"
54 " 'base64:'\n"
55 " --verity-data=PATH Specify data file with hash tree for verity if it is\n"
56 " not embedded in IMAGE\n",
57 program_invocation_short_name,
58 program_invocation_short_name);
59 }
60
61 static int parse_argv(int argc, char *argv[]) {
62
63 enum {
64 ARG_VERSION = 0x100,
65 ARG_DISCARD,
66 ARG_ROOT_HASH,
67 ARG_FSCK,
68 ARG_VERITY_DATA,
69 ARG_ROOT_HASH_SIG,
70 };
71
72 static const struct option options[] = {
73 { "help", no_argument, NULL, 'h' },
74 { "version", no_argument, NULL, ARG_VERSION },
75 { "mount", no_argument, NULL, 'm' },
76 { "read-only", no_argument, NULL, 'r' },
77 { "discard", required_argument, NULL, ARG_DISCARD },
78 { "root-hash", required_argument, NULL, ARG_ROOT_HASH },
79 { "fsck", required_argument, NULL, ARG_FSCK },
80 { "verity-data", required_argument, NULL, ARG_VERITY_DATA },
81 { "root-hash-sig", required_argument, NULL, ARG_ROOT_HASH_SIG },
82 {}
83 };
84
85 int c, r;
86
87 assert(argc >= 0);
88 assert(argv);
89
90 while ((c = getopt_long(argc, argv, "hmr", options, NULL)) >= 0) {
91
92 switch (c) {
93
94 case 'h':
95 help();
96 return 0;
97
98 case ARG_VERSION:
99 return version();
100
101 case 'm':
102 arg_action = ACTION_MOUNT;
103 break;
104
105 case 'r':
106 arg_flags |= DISSECT_IMAGE_READ_ONLY;
107 break;
108
109 case ARG_DISCARD: {
110 DissectImageFlags flags;
111
112 if (streq(optarg, "disabled"))
113 flags = 0;
114 else if (streq(optarg, "loop"))
115 flags = DISSECT_IMAGE_DISCARD_ON_LOOP;
116 else if (streq(optarg, "all"))
117 flags = DISSECT_IMAGE_DISCARD_ON_LOOP | DISSECT_IMAGE_DISCARD;
118 else if (streq(optarg, "crypt"))
119 flags = DISSECT_IMAGE_DISCARD_ANY;
120 else
121 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
122 "Unknown --discard= parameter: %s",
123 optarg);
124 arg_flags = (arg_flags & ~DISSECT_IMAGE_DISCARD_ANY) | flags;
125
126 break;
127 }
128
129 case ARG_ROOT_HASH: {
130 void *p;
131 size_t l;
132
133 r = unhexmem(optarg, strlen(optarg), &p, &l);
134 if (r < 0)
135 return log_error_errno(r, "Failed to parse root hash '%s': %m", optarg);
136 if (l < sizeof(sd_id128_t)) {
137 log_error("Root hash must be at least 128bit long: %s", optarg);
138 free(p);
139 return -EINVAL;
140 }
141
142 free(arg_root_hash);
143 arg_root_hash = p;
144 arg_root_hash_size = l;
145 break;
146 }
147
148 case ARG_VERITY_DATA:
149 r = parse_path_argument_and_warn(optarg, false, &arg_verity_data);
150 if (r < 0)
151 return r;
152 break;
153
154 case ARG_ROOT_HASH_SIG: {
155 char *value;
156
157 if ((value = startswith(optarg, "base64:"))) {
158 void *p;
159 size_t l;
160
161 r = unbase64mem(value, strlen(value), &p, &l);
162 if (r < 0)
163 return log_error_errno(r, "Failed to parse root hash signature '%s': %m", optarg);
164
165 free_and_replace(arg_root_hash_sig, p);
166 arg_root_hash_sig_size = l;
167 arg_root_hash_sig_path = mfree(arg_root_hash_sig_path);
168 } else {
169 r = parse_path_argument_and_warn(optarg, false, &arg_root_hash_sig_path);
170 if (r < 0)
171 return r;
172 arg_root_hash_sig = mfree(arg_root_hash_sig);
173 arg_root_hash_sig_size = 0;
174 }
175
176 break;
177 }
178
179 case ARG_FSCK:
180 r = parse_boolean(optarg);
181 if (r < 0)
182 return log_error_errno(r, "Failed to parse --fsck= parameter: %s", optarg);
183
184 SET_FLAG(arg_flags, DISSECT_IMAGE_FSCK, r);
185 break;
186
187 case '?':
188 return -EINVAL;
189
190 default:
191 assert_not_reached("Unhandled option");
192 }
193
194 }
195
196 switch (arg_action) {
197
198 case ACTION_DISSECT:
199 if (optind + 1 != argc)
200 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
201 "Expected a file path as only argument.");
202
203 arg_image = argv[optind];
204 arg_flags |= DISSECT_IMAGE_READ_ONLY;
205 break;
206
207 case ACTION_MOUNT:
208 if (optind + 2 != argc)
209 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
210 "Expected a file path and mount point path as only arguments.");
211
212 arg_image = argv[optind];
213 arg_path = argv[optind + 1];
214 break;
215
216 default:
217 assert_not_reached("Unknown action.");
218 }
219
220 return 1;
221 }
222
223 static int run(int argc, char *argv[]) {
224 _cleanup_(loop_device_unrefp) LoopDevice *d = NULL;
225 _cleanup_(decrypted_image_unrefp) DecryptedImage *di = NULL;
226 _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL;
227 int r;
228
229 log_parse_environment();
230 log_open();
231
232 r = parse_argv(argc, argv);
233 if (r <= 0)
234 return r;
235
236 r = loop_device_make_by_path(arg_image, (arg_flags & DISSECT_IMAGE_READ_ONLY) ? O_RDONLY : O_RDWR, LO_FLAGS_PARTSCAN, &d);
237 if (r < 0)
238 return log_error_errno(r, "Failed to set up loopback device: %m");
239
240 r = verity_metadata_load(arg_image, NULL, arg_root_hash ? NULL : &arg_root_hash, &arg_root_hash_size,
241 arg_verity_data ? NULL : &arg_verity_data,
242 arg_root_hash_sig_path || arg_root_hash_sig ? NULL : &arg_root_hash_sig_path);
243 if (r < 0)
244 return log_error_errno(r, "Failed to read verity artefacts for %s: %m", arg_image);
245 arg_flags |= arg_verity_data ? DISSECT_IMAGE_NO_PARTITION_TABLE : 0;
246
247 r = dissect_image_and_warn(d->fd, arg_image, arg_root_hash, arg_root_hash_size, arg_verity_data, NULL, arg_flags, &m);
248 if (r < 0)
249 return r;
250
251 switch (arg_action) {
252
253 case ACTION_DISSECT: {
254 unsigned i;
255
256 for (i = 0; i < _PARTITION_DESIGNATOR_MAX; i++) {
257 DissectedPartition *p = m->partitions + i;
258
259 if (!p->found)
260 continue;
261
262 printf("Found %s '%s' partition",
263 p->rw ? "writable" : "read-only",
264 partition_designator_to_string(i));
265
266 if (!sd_id128_is_null(p->uuid))
267 printf(" (UUID " SD_ID128_FORMAT_STR ")", SD_ID128_FORMAT_VAL(p->uuid));
268
269 if (p->fstype)
270 printf(" of type %s", p->fstype);
271
272 if (p->architecture != _ARCHITECTURE_INVALID)
273 printf(" for %s", architecture_to_string(p->architecture));
274
275 if (dissected_image_can_do_verity(m, i))
276 printf(" %s verity", dissected_image_has_verity(m, i) ? "with" : "without");
277
278 if (p->partno >= 0)
279 printf(" on partition #%i", p->partno);
280
281 if (p->node)
282 printf(" (%s)", p->node);
283
284 putchar('\n');
285 }
286
287 r = dissected_image_acquire_metadata(m);
288 if (r < 0)
289 return log_error_errno(r, "Failed to acquire image metadata: %m");
290
291 if (m->hostname)
292 printf(" Hostname: %s\n", m->hostname);
293
294 if (!sd_id128_is_null(m->machine_id))
295 printf("Machine ID: " SD_ID128_FORMAT_STR "\n", SD_ID128_FORMAT_VAL(m->machine_id));
296
297 if (!strv_isempty(m->machine_info)) {
298 char **p, **q;
299
300 STRV_FOREACH_PAIR(p, q, m->machine_info)
301 printf("%s %s=%s\n",
302 p == m->machine_info ? "Mach. Info:" : " ",
303 *p, *q);
304 }
305
306 if (!strv_isempty(m->os_release)) {
307 char **p, **q;
308
309 STRV_FOREACH_PAIR(p, q, m->os_release)
310 printf("%s %s=%s\n",
311 p == m->os_release ? "OS Release:" : " ",
312 *p, *q);
313 }
314
315 break;
316 }
317
318 case ACTION_MOUNT:
319 r = dissected_image_decrypt_interactively(m, NULL, arg_root_hash, arg_root_hash_size, arg_verity_data, arg_root_hash_sig_path, arg_root_hash_sig, arg_root_hash_sig_size, arg_flags, &di);
320 if (r < 0)
321 return r;
322
323 r = dissected_image_mount(m, arg_path, UID_INVALID, arg_flags);
324 if (r == -EUCLEAN)
325 return log_error_errno(r, "File system check on image failed: %m");
326 if (r < 0)
327 return log_error_errno(r, "Failed to mount image: %m");
328
329 if (di) {
330 r = decrypted_image_relinquish(di);
331 if (r < 0)
332 return log_error_errno(r, "Failed to relinquish DM devices: %m");
333 }
334
335 loop_device_relinquish(d);
336 break;
337
338 default:
339 assert_not_reached("Unknown action.");
340 }
341
342 return 0;
343 }
344
345 DEFINE_MAIN_FUNCTION(run);
Unnamed repository; edit this file 'description' to name the repository.