From: Ivan Kruglov <mail@ikruglov.com>
Date: Tue, 8 Oct 2024 15:00:11 +0000 (+0200)
Subject: machine: introduce io.systemd.MachineImage.Update varlink method
X-Git-Tag: v257-rc1~238^2~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7809bd3ba78bd9c7b8a5272ca16edc1e8082c1ac;p=thirdparty%2Fsystemd.git

machine: introduce io.systemd.MachineImage.Update varlink method

io.systemd.MachineImage.Update implements the following dbus org.freedesktop.machine1.Manager interfaces:

- RenameImage
- MarkImageReadOnly
- SetImageLimit
---

diff --git a/src/machine/image-varlink.c b/src/machine/image-varlink.c
new file mode 100644
index 00000000000..3177a938477
--- /dev/null
+++ b/src/machine/image-varlink.c
@@ -0,0 +1,88 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include "sd-json.h"
+#include "sd-varlink.h"
+
+#include "bus-polkit.h"
+#include "image-varlink.h"
+#include "machine.h"
+#include "string-util.h"
+
+int vl_method_update_image(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) {
+        struct params {
+                const char *image_name;
+                const char *new_name;
+                int read_only;
+                uint64_t limit;
+        };
+
+        static const sd_json_dispatch_field dispatch_table[] = {
+                { "name",     SD_JSON_VARIANT_STRING,        sd_json_dispatch_const_string, offsetof(struct params, image_name), SD_JSON_MANDATORY },
+                { "newName",  SD_JSON_VARIANT_STRING,        sd_json_dispatch_const_string, offsetof(struct params, new_name),   0 },
+                { "readOnly", SD_JSON_VARIANT_BOOLEAN,       sd_json_dispatch_tristate,     offsetof(struct params, read_only),  0 },
+                { "limit",    _SD_JSON_VARIANT_TYPE_INVALID, sd_json_dispatch_uint64,       offsetof(struct params, limit),      0 },
+                VARLINK_DISPATCH_POLKIT_FIELD,
+                {}
+        };
+
+        Manager *manager = ASSERT_PTR(userdata);
+        struct params p = {
+                .read_only = -1,
+                .limit = UINT64_MAX,
+        };
+        Image *image;
+        int r, ret = 0;
+
+        assert(link);
+        assert(parameters);
+
+        r = sd_varlink_dispatch(link, parameters, dispatch_table, &p);
+        if (r != 0)
+                return r;
+
+        if (!image_name_is_valid(p.image_name))
+                return sd_varlink_error_invalid_parameter_name(link, "name");
+
+        if (p.new_name && !image_name_is_valid(p.new_name))
+                return sd_varlink_error_invalid_parameter_name(link, "newName");
+
+        r = manager_acquire_image(manager, p.image_name, &image);
+        if (r == -ENOENT)
+                return sd_varlink_error(link, "io.systemd.MachineImage.NoSuchImage", NULL);
+        if (r < 0)
+                return r;
+
+        r = varlink_verify_polkit_async(
+                        link,
+                        manager->bus,
+                        "org.freedesktop.machine1.manage-images",
+                        (const char**) STRV_MAKE("image", image->name,
+                                                 "verb", "update_image"),
+                        &manager->polkit_registry);
+        if (r <= 0)
+                return r;
+
+        if (p.new_name) {
+                r = rename_image_and_update_cache(manager, image, p.new_name);
+                if (r < 0)
+                        return log_debug_errno(r, "Failed to rename image: %m");
+        }
+
+        if (p.read_only >= 0) {
+                r = image_read_only(image, p.read_only);
+                if (r < 0)
+                        RET_GATHER(ret, log_debug_errno(r, "Failed to toggle image read only, ignoring: %m"));
+        }
+
+        if (p.limit != UINT64_MAX) {
+                r = image_set_limit(image, p.limit);
+                if (r < 0)
+                        RET_GATHER(ret, log_debug_errno(r, "Failed to set image limit, ignoring: %m"));
+        }
+
+        /* We intentionally swallowed errors from image_read_only() and image_set_limit(). Here we return first one to the user if any */
+        if (ret < 0)
+                return ret;
+
+        return sd_varlink_reply(link, NULL);
+}
diff --git a/src/machine/image-varlink.h b/src/machine/image-varlink.h
new file mode 100644
index 00000000000..72028239de1
--- /dev/null
+++ b/src/machine/image-varlink.h
@@ -0,0 +1,6 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include "sd-varlink.h"
+
+int vl_method_update_image(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata);
diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c
index 4329f74886a..9d039fadd62 100644
--- a/src/machine/machined-varlink.c
+++ b/src/machine/machined-varlink.c
@@ -6,6 +6,7 @@
 #include "discover-image.h"
 #include "format-util.h"
 #include "hostname-util.h"
+#include "image-varlink.h"
 #include "json-util.h"
 #include "machine-varlink.h"
 #include "machined-varlink.h"
@@ -689,7 +690,8 @@ static int manager_varlink_init_machine(Manager *m) {
                         "io.systemd.Machine.Unregister",  vl_method_unregister,
                         "io.systemd.Machine.Terminate",   vl_method_terminate,
                         "io.systemd.Machine.Kill",        vl_method_kill,
-                        "io.systemd.MachineImage.List",   vl_method_list_images);
+                        "io.systemd.MachineImage.List",   vl_method_list_images,
+                        "io.systemd.MachineImage.Update", vl_method_update_image);
         if (r < 0)
                 return log_error_errno(r, "Failed to register varlink methods: %m");
 
diff --git a/src/machine/meson.build b/src/machine/meson.build
index 3150b33de57..f3358d4b988 100644
--- a/src/machine/meson.build
+++ b/src/machine/meson.build
@@ -2,6 +2,7 @@
 
 libmachine_core_sources = files(
         'image-dbus.c',
+        'image-varlink.c',
         'machine-dbus.c',
         'machine-varlink.c',
         'machine.c',
diff --git a/src/shared/varlink-io.systemd.MachineImage.c b/src/shared/varlink-io.systemd.MachineImage.c
index e79b34063e3..514c5720c6b 100644
--- a/src/shared/varlink-io.systemd.MachineImage.c
+++ b/src/shared/varlink-io.systemd.MachineImage.c
@@ -43,6 +43,18 @@ static SD_VARLINK_DEFINE_METHOD_FULL(
                 SD_VARLINK_FIELD_COMMENT("OS release information of an image. It contains an array of key value pairs read from the os-release(5) file in the image."),
                 SD_VARLINK_DEFINE_OUTPUT(OSRelease, SD_VARLINK_STRING, SD_VARLINK_NULLABLE|SD_VARLINK_ARRAY));
 
+static SD_VARLINK_DEFINE_METHOD(
+                Update,
+                SD_VARLINK_FIELD_COMMENT("The name of a image to update."),
+                SD_VARLINK_DEFINE_INPUT(name, SD_VARLINK_STRING, 0),
+                SD_VARLINK_FIELD_COMMENT("If non-null the new name of the image"),
+                SD_VARLINK_DEFINE_INPUT(newName, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
+                SD_VARLINK_FIELD_COMMENT("If non-null value of the read-only flag of the image"),
+                SD_VARLINK_DEFINE_INPUT(readOnly, SD_VARLINK_BOOL, SD_VARLINK_NULLABLE),
+                SD_VARLINK_FIELD_COMMENT("If non-null value of image quota limit"),
+                SD_VARLINK_DEFINE_INPUT(limit, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
+                VARLINK_DEFINE_POLKIT_INPUT);
+
 static SD_VARLINK_DEFINE_ERROR(NoSuchImage);
 
 SD_VARLINK_DEFINE_INTERFACE(
@@ -50,5 +62,7 @@ SD_VARLINK_DEFINE_INTERFACE(
                 "io.systemd.MachineImage",
                 SD_VARLINK_SYMBOL_COMMENT("List images"),
                 &vl_method_List,
+                SD_VARLINK_SYMBOL_COMMENT("Update image allowing to rename or toggle read-only flag"),
+                &vl_method_Update,
                 SD_VARLINK_SYMBOL_COMMENT("No matching image exists"),
                 &vl_error_NoSuchImage);