diff options
Diffstat (limited to 'src/import')
| -rw-r--r-- | src/import/export-tar.c | 6 | ||||
| -rw-r--r-- | src/import/export.c | 15 | ||||
| -rw-r--r-- | src/import/import-common.c | 5 | ||||
| -rw-r--r-- | src/import/import-raw.c | 4 | ||||
| -rw-r--r-- | src/import/import-tar.c | 4 | ||||
| -rw-r--r-- | src/import/import.c | 17 | ||||
| -rw-r--r-- | src/import/importd.c | 17 | ||||
| -rw-r--r-- | src/import/pull-common.c | 97 | ||||
| -rw-r--r-- | src/import/pull-common.h | 4 | ||||
| -rw-r--r-- | src/import/pull-dkr.c | 16 | ||||
| -rw-r--r-- | src/import/pull-job.h | 2 | ||||
| -rw-r--r-- | src/import/pull-raw.c | 161 | ||||
| -rw-r--r-- | src/import/pull-raw.h | 2 | ||||
| -rw-r--r-- | src/import/pull-tar.c | 165 | ||||
| -rw-r--r-- | src/import/pull-tar.h | 2 | ||||
| -rw-r--r-- | src/import/pull.c | 39 |
16 files changed, 457 insertions, 99 deletions
diff --git a/src/import/export-tar.c b/src/import/export-tar.c index 5adc748c50..43fa9d1b03 100644 --- a/src/import/export-tar.c +++ b/src/import/export-tar.c @@ -287,8 +287,7 @@ int tar_export_start(TarExport *e, const char *path, int fd, ImportCompressType if (r >= 0) e->quota_referenced = q.referenced; - free(e->temp_path); - e->temp_path = NULL; + e->temp_path = mfree(e->temp_path); r = tempfn_random(path, NULL, &e->temp_path); if (r < 0) @@ -298,8 +297,7 @@ int tar_export_start(TarExport *e, const char *path, int fd, ImportCompressType r = btrfs_subvol_snapshot_fd(sfd, e->temp_path, BTRFS_SNAPSHOT_READ_ONLY|BTRFS_SNAPSHOT_RECURSIVE); if (r < 0) { log_debug_errno(r, "Couldn't create snapshot %s of %s, not exporting atomically: %m", e->temp_path, path); - free(e->temp_path); - e->temp_path = NULL; + e->temp_path = mfree(e->temp_path); } } diff --git a/src/import/export.c b/src/import/export.c index ec7dbe210a..d34105e4ca 100644 --- a/src/import/export.c +++ b/src/import/export.c @@ -22,14 +22,15 @@ #include <getopt.h> #include "sd-event.h" + #include "event-util.h" +#include "export-raw.h" +#include "export-tar.h" +#include "hostname-util.h" +#include "import-util.h" +#include "machine-image.h" #include "signal-util.h" #include "verbs.h" -#include "build.h" -#include "machine-image.h" -#include "import-util.h" -#include "export-tar.h" -#include "export-raw.h" static ImportCompressType arg_compress = IMPORT_COMPRESS_UNKNOWN; @@ -259,9 +260,7 @@ static int parse_argv(int argc, char *argv[]) { return help(0, NULL, NULL); case ARG_VERSION: - puts(PACKAGE_STRING); - puts(SYSTEMD_FEATURES); - return 0; + return version(); case ARG_FORMAT: if (streq(optarg, "uncompressed")) diff --git a/src/import/import-common.c b/src/import/import-common.c index 950c7b4acd..9b86dbfa79 100644 --- a/src/import/import-common.c +++ b/src/import/import-common.c @@ -19,14 +19,15 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>. ***/ +#include <sched.h> #include <sys/prctl.h> #include <sys/stat.h> #include <unistd.h> -#include "util.h" #include "btrfs-util.h" #include "capability.h" #include "signal-util.h" +#include "util.h" #include "import-common.h" int import_make_read_only_fd(int fd) { @@ -210,7 +211,7 @@ int import_fork_tar_c(const char *path, pid_t *ret) { if (r < 0) log_error_errno(r, "Failed to drop capabilities, ignoring: %m"); - execlp("tar", "tar", "--sparse", "-C", path, "-c", ".", NULL); + execlp("tar", "tar", "-C", path, "-c", ".", NULL); log_error_errno(errno, "Failed to execute tar: %m"); _exit(EXIT_FAILURE); } diff --git a/src/import/import-raw.c b/src/import/import-raw.c index 43cd413042..5f7d25d063 100644 --- a/src/import/import-raw.c +++ b/src/import/import-raw.c @@ -26,6 +26,7 @@ #include "util.h" #include "path-util.h" #include "btrfs-util.h" +#include "hostname-util.h" #include "copy.h" #include "mkdir.h" #include "rm-rf.h" @@ -248,8 +249,7 @@ static int raw_import_finish(RawImport *i) { if (r < 0) return log_error_errno(r, "Failed to move image into place: %m"); - free(i->temp_path); - i->temp_path = NULL; + i->temp_path = mfree(i->temp_path); return 0; } diff --git a/src/import/import-tar.c b/src/import/import-tar.c index 2bf0b0680c..d2bfb30238 100644 --- a/src/import/import-tar.c +++ b/src/import/import-tar.c @@ -26,6 +26,7 @@ #include "util.h" #include "path-util.h" #include "btrfs-util.h" +#include "hostname-util.h" #include "copy.h" #include "mkdir.h" #include "rm-rf.h" @@ -204,8 +205,7 @@ static int tar_import_finish(TarImport *i) { if (r < 0) return log_error_errno(r, "Failed to move image into place: %m"); - free(i->temp_path); - i->temp_path = NULL; + i->temp_path = mfree(i->temp_path); return 0; } diff --git a/src/import/import.c b/src/import/import.c index b7772390e9..1c92312585 100644 --- a/src/import/import.c +++ b/src/import/import.c @@ -22,14 +22,15 @@ #include <getopt.h> #include "sd-event.h" + #include "event-util.h" -#include "verbs.h" -#include "build.h" -#include "signal-util.h" -#include "machine-image.h" -#include "import-util.h" -#include "import-tar.h" +#include "hostname-util.h" #include "import-raw.h" +#include "import-tar.h" +#include "import-util.h" +#include "machine-image.h" +#include "signal-util.h" +#include "verbs.h" static bool arg_force = false; static bool arg_read_only = false; @@ -279,9 +280,7 @@ static int parse_argv(int argc, char *argv[]) { return help(0, NULL, NULL); case ARG_VERSION: - puts(PACKAGE_STRING); - puts(SYSTEMD_FEATURES); - return 0; + return version(); case ARG_FORCE: arg_force = true; diff --git a/src/import/importd.c b/src/import/importd.c index dd314f5b00..a29e9d4bd5 100644 --- a/src/import/importd.c +++ b/src/import/importd.c @@ -35,6 +35,7 @@ #include "import-util.h" #include "process-util.h" #include "signal-util.h" +#include "hostname-util.h" typedef struct Transfer Transfer; typedef struct Manager Manager; @@ -166,6 +167,7 @@ static int transfer_new(Manager *m, Transfer **ret) { t->type = _TRANSFER_TYPE_INVALID; t->log_fd = -1; t->stdin_fd = -1; + t->stdout_fd = -1; t->verify = _IMPORT_VERIFY_INVALID; id = m->current_transfer_id + 1; @@ -598,14 +600,11 @@ static int manager_on_notify(sd_event_source *s, int fd, uint32_t revents, void cmsg_close_all(&msghdr); - CMSG_FOREACH(cmsg, &msghdr) { + CMSG_FOREACH(cmsg, &msghdr) if (cmsg->cmsg_level == SOL_SOCKET && - cmsg->cmsg_type == SCM_CREDENTIALS && - cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) { - + cmsg->cmsg_type == SCM_CREDENTIALS && + cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) ucred = (struct ucred*) CMSG_DATA(cmsg); - } - } if (msghdr.msg_flags & MSG_TRUNC) { log_warning("Got overly long notification datagram, ignoring."); @@ -734,6 +733,7 @@ static int method_import_tar_or_raw(sd_bus_message *msg, void *userdata, sd_bus_ msg, CAP_SYS_ADMIN, "org.freedesktop.import1.import", + NULL, false, UID_INVALID, &m->polkit_registry, @@ -798,6 +798,7 @@ static int method_export_tar_or_raw(sd_bus_message *msg, void *userdata, sd_bus_ msg, CAP_SYS_ADMIN, "org.freedesktop.import1.export", + NULL, false, UID_INVALID, &m->polkit_registry, @@ -863,6 +864,7 @@ static int method_pull_tar_or_raw(sd_bus_message *msg, void *userdata, sd_bus_er msg, CAP_SYS_ADMIN, "org.freedesktop.import1.pull", + NULL, false, UID_INVALID, &m->polkit_registry, @@ -944,6 +946,7 @@ static int method_pull_dkr(sd_bus_message *msg, void *userdata, sd_bus_error *er msg, CAP_SYS_ADMIN, "org.freedesktop.import1.pull", + NULL, false, UID_INVALID, &m->polkit_registry, @@ -1078,6 +1081,7 @@ static int method_cancel(sd_bus_message *msg, void *userdata, sd_bus_error *erro msg, CAP_SYS_ADMIN, "org.freedesktop.import1.pull", + NULL, false, UID_INVALID, &t->manager->polkit_registry, @@ -1107,6 +1111,7 @@ static int method_cancel_transfer(sd_bus_message *msg, void *userdata, sd_bus_er msg, CAP_SYS_ADMIN, "org.freedesktop.import1.pull", + NULL, false, UID_INVALID, &m->polkit_registry, diff --git a/src/import/pull-common.c b/src/import/pull-common.c index 652277e4be..38201e46e1 100644 --- a/src/import/pull-common.c +++ b/src/import/pull-common.c @@ -34,7 +34,14 @@ #define FILENAME_ESCAPE "/.#\"\'" -int pull_find_old_etags(const char *url, const char *image_root, int dt, const char *prefix, const char *suffix, char ***etags) { +int pull_find_old_etags( + const char *url, + const char *image_root, + int dt, + const char *prefix, + const char *suffix, + char ***etags) { + _cleanup_free_ char *escaped_url = NULL; _cleanup_closedir_ DIR *d = NULL; _cleanup_strv_free_ char **l = NULL; @@ -173,6 +180,49 @@ int pull_make_path(const char *url, const char *etag, const char *image_root, co return 0; } +int pull_make_settings_job( + PullJob **ret, + const char *url, + CurlGlue *glue, + PullJobFinished on_finished, + void *userdata) { + + _cleanup_free_ char *last_component = NULL, *ll = NULL, *settings_url = NULL; + _cleanup_(pull_job_unrefp) PullJob *job = NULL; + const char *q; + int r; + + assert(ret); + assert(url); + assert(glue); + + r = import_url_last_component(url, &last_component); + if (r < 0) + return r; + + r = tar_strip_suffixes(last_component, &ll); + if (r < 0) + return r; + + q = strjoina(ll, ".nspawn"); + + r = import_url_change_last_component(url, q, &settings_url); + if (r < 0) + return r; + + r = pull_job_new(&job, settings_url, glue, userdata); + if (r < 0) + return r; + + job->on_finished = on_finished; + job->compressed_max = job->uncompressed_max = 1ULL * 1024ULL * 1024ULL; + + *ret = job; + job = NULL; + + return 0; +} + int pull_make_verification_jobs( PullJob **ret_checksum_job, PullJob **ret_signature_job, @@ -232,8 +282,8 @@ int pull_make_verification_jobs( return 0; } -int pull_verify( - PullJob *main_job, +int pull_verify(PullJob *main_job, + PullJob *settings_job, PullJob *checksum_job, PullJob *signature_job) { @@ -278,12 +328,47 @@ int pull_verify( strlen(line)); if (!p || (p != (char*) checksum_job->payload && p[-1] != '\n')) { - log_error("Checksum did not check out, payload has been tempered with."); + log_error("DOWNLOAD INVALID: Checksum did not check out, payload has been tampered with."); return -EBADMSG; } log_info("SHA256 checksum of %s is valid.", main_job->url); + assert(!settings_job || settings_job->state == PULL_JOB_DONE); + + if (settings_job && + settings_job->error == 0 && + !settings_job->etag_exists) { + + _cleanup_free_ char *settings_fn = NULL; + + assert(settings_job->calc_checksum); + assert(settings_job->checksum); + + r = import_url_last_component(settings_job->url, &settings_fn); + if (r < 0) + return log_oom(); + + if (!filename_is_valid(settings_fn)) { + log_error("Cannot verify checksum, could not determine server-side settings file name."); + return -EBADMSG; + } + + line = strjoina(settings_job->checksum, " *", settings_fn, "\n"); + + p = memmem(checksum_job->payload, + checksum_job->payload_size, + line, + strlen(line)); + + if (!p || (p != (char*) checksum_job->payload && p[-1] != '\n')) { + log_error("DOWNLOAD INVALID: Checksum of settings file did not checkout, settings file has been tampered with."); + return -EBADMSG; + } + + log_info("SHA256 checksum of %s is valid.", settings_job->url); + } + if (!signature_job) return 0; @@ -407,7 +492,7 @@ int pull_verify( if (r < 0) goto finish; if (r > 0) { - log_error("Signature verification failed."); + log_error("DOWNLOAD INVALID: Signature verification failed."); r = -EBADMSG; } else { log_info("Signature verification succeeded."); @@ -416,7 +501,7 @@ int pull_verify( finish: if (sig_file >= 0) - unlink(sig_file_path); + (void) unlink(sig_file_path); if (gpg_home_created) (void) rm_rf(gpg_home, REMOVE_ROOT|REMOVE_PHYSICAL); diff --git a/src/import/pull-common.h b/src/import/pull-common.h index bb9cf3efc1..7e6db1862c 100644 --- a/src/import/pull-common.h +++ b/src/import/pull-common.h @@ -32,5 +32,7 @@ int pull_find_old_etags(const char *url, const char *root, int dt, const char *p int pull_make_path(const char *url, const char *etag, const char *image_root, const char *prefix, const char *suffix, char **ret); +int pull_make_settings_job(PullJob **ret, const char *url, CurlGlue *glue, PullJobFinished on_finished, void *userdata); int pull_make_verification_jobs(PullJob **ret_checksum_job, PullJob **ret_signature_job, ImportVerify verify, const char *url, CurlGlue *glue, PullJobFinished on_finished, void *userdata); -int pull_verify(PullJob *main_job, PullJob *checksum_job, PullJob *signature_job); + +int pull_verify(PullJob *main_job, PullJob *settings_job, PullJob *checksum_job, PullJob *signature_job); diff --git a/src/import/pull-dkr.c b/src/import/pull-dkr.c index 78e3184c42..0dab184af1 100644 --- a/src/import/pull-dkr.c +++ b/src/import/pull-dkr.c @@ -592,8 +592,7 @@ static int dkr_pull_pull_layer_v2(DkrPull *i) { i->current_ancestry++; - free(path); - path = NULL; + path = mfree(path); } log_info("Pulling layer %s...", layer); @@ -652,8 +651,7 @@ static int dkr_pull_pull_layer(DkrPull *i) { i->current_ancestry++; - free(path); - path = NULL; + path = mfree(path); } log_info("Pulling layer %s...", layer); @@ -721,7 +719,7 @@ static int dkr_pull_job_on_header(PullJob *j, const char *header, size_t sz) { return log_oom(); STRV_FOREACH(k, l) { - if (!hostname_is_valid(*k)) { + if (!hostname_is_valid(*k, false)) { log_error("Registry hostname is not valid."); strv_free(l); return -EBADMSG; @@ -793,7 +791,7 @@ static void dkr_pull_job_on_finished_v2(PullJob *j) { } else if (i->tags_job == j) { const char *url; - _cleanup_free_ const char *buf; + _cleanup_free_ char *buf; _cleanup_json_variant_unref_ JsonVariant *doc = NULL; JsonVariant *e = NULL; @@ -1213,10 +1211,8 @@ static void dkr_pull_job_on_finished(PullJob *j) { log_info("Completed writing to layer %s.", i->final_path); i->layer_job = pull_job_unref(i->layer_job); - free(i->temp_path); - i->temp_path = NULL; - free(i->final_path); - i->final_path = NULL; + i->temp_path = mfree(i->temp_path); + i->final_path = mfree(i->final_path); i->current_ancestry ++; r = dkr_pull_pull_layer(i); diff --git a/src/import/pull-job.h b/src/import/pull-job.h index 3239aeac20..1777bf1c33 100644 --- a/src/import/pull-job.h +++ b/src/import/pull-job.h @@ -44,7 +44,7 @@ typedef enum PullJobState { _PULL_JOB_STATE_INVALID = -1, } PullJobState; -#define PULL_JOB_STATE_IS_COMPLETE(j) (IN_SET((j)->state, PULL_JOB_DONE, PULL_JOB_FAILED)) +#define PULL_JOB_IS_COMPLETE(j) (IN_SET((j)->state, PULL_JOB_DONE, PULL_JOB_FAILED)) typedef enum PullJobCompression { PULL_JOB_UNCOMPRESSED, diff --git a/src/import/pull-raw.c b/src/import/pull-raw.c index 5bfaf012c0..0e77197e34 100644 --- a/src/import/pull-raw.c +++ b/src/import/pull-raw.c @@ -33,6 +33,7 @@ #include "mkdir.h" #include "rm-rf.h" #include "path-util.h" +#include "hostname-util.h" #include "import-util.h" #include "import-common.h" #include "curl-util.h" @@ -56,6 +57,7 @@ struct RawPull { char *image_root; PullJob *raw_job; + PullJob *settings_job; PullJob *checksum_job; PullJob *signature_job; @@ -65,9 +67,13 @@ struct RawPull { char *local; bool force_local; bool grow_machine_directory; + bool settings; - char *temp_path; char *final_path; + char *temp_path; + + char *settings_path; + char *settings_temp_path; ImportVerify verify; }; @@ -77,6 +83,7 @@ RawPull* raw_pull_unref(RawPull *i) { return NULL; pull_job_unref(i->raw_job); + pull_job_unref(i->settings_job); pull_job_unref(i->checksum_job); pull_job_unref(i->signature_job); @@ -88,7 +95,13 @@ RawPull* raw_pull_unref(RawPull *i) { free(i->temp_path); } + if (i->settings_temp_path) { + (void) unlink(i->settings_temp_path); + free(i->settings_temp_path); + } + free(i->final_path); + free(i->settings_path); free(i->image_root); free(i->local); free(i); @@ -154,6 +167,11 @@ static void raw_pull_report_progress(RawPull *i, RawProgress p) { percent = 0; + if (i->settings_job) { + percent += i->settings_job->progress_percent * 5 / 100; + remain -= 5; + } + if (i->checksum_job) { percent += i->checksum_job->progress_percent * 5 / 100; remain -= 5; @@ -252,17 +270,17 @@ static int raw_pull_make_local_copy(RawPull *i) { if (!i->local) return 0; + if (!i->final_path) { + r = pull_make_path(i->raw_job->url, i->raw_job->etag, i->image_root, ".raw-", ".raw", &i->final_path); + if (r < 0) + return log_oom(); + } + if (i->raw_job->etag_exists) { /* We have downloaded this one previously, reopen it */ assert(i->raw_job->disk_fd < 0); - if (!i->final_path) { - r = pull_make_path(i->raw_job->url, i->raw_job->etag, i->image_root, ".raw-", ".raw", &i->final_path); - if (r < 0) - return log_oom(); - } - i->raw_job->disk_fd = open(i->final_path, O_RDONLY|O_NOCTTY|O_CLOEXEC); if (i->raw_job->disk_fd < 0) return log_error_errno(errno, "Failed to open vendor image: %m"); @@ -296,7 +314,7 @@ static int raw_pull_make_local_copy(RawPull *i) { if (r < 0) log_warning_errno(errno, "Failed to set file attributes on %s: %m", tp); - r = copy_bytes(i->raw_job->disk_fd, dfd, (off_t) -1, true); + r = copy_bytes(i->raw_job->disk_fd, dfd, (uint64_t) -1, true); if (r < 0) { unlink(tp); return log_error_errno(r, "Failed to make writable copy of image: %m"); @@ -314,6 +332,28 @@ static int raw_pull_make_local_copy(RawPull *i) { } log_info("Created new local image '%s'.", i->local); + + if (i->settings) { + const char *local_settings; + assert(i->settings_job); + + if (!i->settings_path) { + r = pull_make_path(i->settings_job->url, i->settings_job->etag, i->image_root, ".settings-", NULL, &i->settings_path); + if (r < 0) + return log_oom(); + } + + local_settings = strjoina(i->image_root, "/", i->local, ".nspawn"); + + r = copy_file_atomic(i->settings_path, local_settings, 0644, i->force_local, 0); + if (r == -EEXIST) + log_warning_errno(r, "Settings file %s already exists, not replacing.", local_settings); + else if (r < 0 && r != -ENOENT) + log_warning_errno(r, "Failed to copy settings files %s: %m", local_settings); + + log_info("Create new settings file '%s.nspawn'", i->local); + } + return 0; } @@ -321,11 +361,13 @@ static bool raw_pull_is_done(RawPull *i) { assert(i); assert(i->raw_job); - if (i->raw_job->state != PULL_JOB_DONE) + if (!PULL_JOB_IS_COMPLETE(i->raw_job)) return false; - if (i->checksum_job && i->checksum_job->state != PULL_JOB_DONE) + if (i->settings_job && !PULL_JOB_IS_COMPLETE(i->settings_job)) return false; - if (i->signature_job && i->signature_job->state != PULL_JOB_DONE) + if (i->checksum_job && !PULL_JOB_IS_COMPLETE(i->checksum_job)) + return false; + if (i->signature_job && !PULL_JOB_IS_COMPLETE(i->signature_job)) return false; return true; @@ -339,7 +381,10 @@ static void raw_pull_job_on_finished(PullJob *j) { assert(j->userdata); i = j->userdata; - if (j->error != 0) { + if (j == i->settings_job) { + if (j->error != 0) + log_info_errno(j->error, "Settings file could not be retrieved, proceeding without."); + } else if (j->error != 0) { if (j == i->checksum_job) log_error_errno(j->error, "Failed to retrieve SHA256 checksum, cannot verify. (Try --verify=no?)"); else if (j == i->signature_job) @@ -361,13 +406,16 @@ static void raw_pull_job_on_finished(PullJob *j) { if (!raw_pull_is_done(i)) return; + if (i->settings_job) + i->settings_job->disk_fd = safe_close(i->settings_job->disk_fd); + if (!i->raw_job->etag_exists) { /* This is a new download, verify it, and move it into place */ assert(i->raw_job->disk_fd >= 0); raw_pull_report_progress(i, RAW_VERIFYING); - r = pull_verify(i->raw_job, i->checksum_job, i->signature_job); + r = pull_verify(i->raw_job, i->settings_job, i->checksum_job, i->signature_job); if (r < 0) goto finish; @@ -389,8 +437,27 @@ static void raw_pull_job_on_finished(PullJob *j) { goto finish; } - free(i->temp_path); - i->temp_path = NULL; + i->temp_path = mfree(i->temp_path); + + if (i->settings_job && + i->settings_job->error == 0 && + !i->settings_job->etag_exists) { + + assert(i->settings_temp_path); + assert(i->settings_path); + + r = import_make_read_only(i->settings_temp_path); + if (r < 0) + goto finish; + + r = rename_noreplace(AT_FDCWD, i->settings_temp_path, AT_FDCWD, i->settings_path); + if (r < 0) { + log_error_errno(r, "Failed to rename settings file: %m"); + goto finish; + } + + i->settings_temp_path = mfree(i->settings_temp_path); + } } raw_pull_report_progress(i, RAW_COPYING); @@ -408,7 +475,7 @@ finish: sd_event_exit(i->event, r); } -static int raw_pull_job_on_open_disk(PullJob *j) { +static int raw_pull_job_on_open_disk_raw(PullJob *j) { RawPull *i; int r; @@ -441,6 +508,35 @@ static int raw_pull_job_on_open_disk(PullJob *j) { return 0; } +static int raw_pull_job_on_open_disk_settings(PullJob *j) { + RawPull *i; + int r; + + assert(j); + assert(j->userdata); + + i = j->userdata; + assert(i->settings_job == j); + assert(!i->settings_path); + assert(!i->settings_temp_path); + + r = pull_make_path(j->url, j->etag, i->image_root, ".settings-", NULL, &i->settings_path); + if (r < 0) + return log_oom(); + + r = tempfn_random(i->settings_path, NULL, &i->settings_temp_path); + if (r < 0) + return log_oom(); + + mkdir_parents_label(i->settings_temp_path, 0700); + + j->disk_fd = open(i->settings_temp_path, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0664); + if (j->disk_fd < 0) + return log_error_errno(errno, "Failed to create %s: %m", i->settings_temp_path); + + return 0; +} + static void raw_pull_job_on_progress(PullJob *j) { RawPull *i; @@ -452,7 +548,14 @@ static void raw_pull_job_on_progress(PullJob *j) { raw_pull_report_progress(i, RAW_DOWNLOADING); } -int raw_pull_start(RawPull *i, const char *url, const char *local, bool force_local, ImportVerify verify) { +int raw_pull_start( + RawPull *i, + const char *url, + const char *local, + bool force_local, + ImportVerify verify, + bool settings) { + int r; assert(i); @@ -471,8 +574,10 @@ int raw_pull_start(RawPull *i, const char *url, const char *local, bool force_lo r = free_and_strdup(&i->local, local); if (r < 0) return r; + i->force_local = force_local; i->verify = verify; + i->settings = settings; /* Queue job for the image itself */ r = pull_job_new(&i->raw_job, url, i->glue, i); @@ -480,7 +585,7 @@ int raw_pull_start(RawPull *i, const char *url, const char *local, bool force_lo return r; i->raw_job->on_finished = raw_pull_job_on_finished; - i->raw_job->on_open_disk = raw_pull_job_on_open_disk; + i->raw_job->on_open_disk = raw_pull_job_on_open_disk_raw; i->raw_job->on_progress = raw_pull_job_on_progress; i->raw_job->calc_checksum = verify != IMPORT_VERIFY_NO; i->raw_job->grow_machine_directory = i->grow_machine_directory; @@ -489,6 +594,20 @@ int raw_pull_start(RawPull *i, const char *url, const char *local, bool force_lo if (r < 0) return r; + if (settings) { + r = pull_make_settings_job(&i->settings_job, url, i->glue, raw_pull_job_on_finished, i); + if (r < 0) + return r; + + i->settings_job->on_open_disk = raw_pull_job_on_open_disk_settings; + i->settings_job->on_progress = raw_pull_job_on_progress; + i->settings_job->calc_checksum = verify != IMPORT_VERIFY_NO; + + r = pull_find_old_etags(i->settings_job->url, i->image_root, DT_REG, ".settings-", NULL, &i->settings_job->old_etags); + if (r < 0) + return r; + } + r = pull_make_verification_jobs(&i->checksum_job, &i->signature_job, verify, url, i->glue, raw_pull_job_on_finished, i); if (r < 0) return r; @@ -497,6 +616,12 @@ int raw_pull_start(RawPull *i, const char *url, const char *local, bool force_lo if (r < 0) return r; + if (i->settings_job) { + r = pull_job_begin(i->settings_job); + if (r < 0) + return r; + } + if (i->checksum_job) { i->checksum_job->on_progress = raw_pull_job_on_progress; diff --git a/src/import/pull-raw.h b/src/import/pull-raw.h index 808f7be818..b03b4f5c92 100644 --- a/src/import/pull-raw.h +++ b/src/import/pull-raw.h @@ -34,4 +34,4 @@ RawPull* raw_pull_unref(RawPull *pull); DEFINE_TRIVIAL_CLEANUP_FUNC(RawPull*, raw_pull_unref); -int raw_pull_start(RawPull *pull, const char *url, const char *local, bool force_local, ImportVerify verify); +int raw_pull_start(RawPull *pull, const char *url, const char *local, bool force_local, ImportVerify verify, bool settings); diff --git a/src/import/pull-tar.c b/src/import/pull-tar.c index a6605d248f..563765d83d 100644 --- a/src/import/pull-tar.c +++ b/src/import/pull-tar.c @@ -32,13 +32,14 @@ #include "mkdir.h" #include "rm-rf.h" #include "path-util.h" +#include "process-util.h" +#include "hostname-util.h" #include "import-util.h" #include "import-common.h" #include "curl-util.h" #include "pull-job.h" #include "pull-common.h" #include "pull-tar.h" -#include "process-util.h" typedef enum TarProgress { TAR_DOWNLOADING, @@ -54,6 +55,7 @@ struct TarPull { char *image_root; PullJob *tar_job; + PullJob *settings_job; PullJob *checksum_job; PullJob *signature_job; @@ -63,11 +65,15 @@ struct TarPull { char *local; bool force_local; bool grow_machine_directory; + bool settings; pid_t tar_pid; - char *temp_path; char *final_path; + char *temp_path; + + char *settings_path; + char *settings_temp_path; ImportVerify verify; }; @@ -82,6 +88,7 @@ TarPull* tar_pull_unref(TarPull *i) { } pull_job_unref(i->tar_job); + pull_job_unref(i->settings_job); pull_job_unref(i->checksum_job); pull_job_unref(i->signature_job); @@ -93,7 +100,13 @@ TarPull* tar_pull_unref(TarPull *i) { free(i->temp_path); } + if (i->settings_temp_path) { + (void) unlink(i->settings_temp_path); + free(i->settings_temp_path); + } + free(i->final_path); + free(i->settings_path); free(i->image_root); free(i->local); free(i); @@ -112,7 +125,6 @@ int tar_pull_new( int r; assert(ret); - assert(event); i = new0(TarPull, 1); if (!i) @@ -160,6 +172,11 @@ static void tar_pull_report_progress(TarPull *i, TarProgress p) { percent = 0; + if (i->settings_job) { + percent += i->settings_job->progress_percent * 5 / 100; + remain -= 5; + } + if (i->checksum_job) { percent += i->checksum_job->progress_percent * 5 / 100; remain -= 5; @@ -214,6 +231,27 @@ static int tar_pull_make_local_copy(TarPull *i) { if (r < 0) return r; + if (i->settings) { + const char *local_settings; + assert(i->settings_job); + + if (!i->settings_path) { + r = pull_make_path(i->settings_job->url, i->settings_job->etag, i->image_root, ".settings-", NULL, &i->settings_path); + if (r < 0) + return log_oom(); + } + + local_settings = strjoina(i->image_root, "/", i->local, ".nspawn"); + + r = copy_file_atomic(i->settings_path, local_settings, 0664, i->force_local, 0); + if (r == -EEXIST) + log_warning_errno(r, "Settings file %s already exists, not replacing.", local_settings); + else if (r < 0 && r != -ENOENT) + log_warning_errno(r, "Failed to copy settings files %s: %m", local_settings); + + log_info("Create new settings file '%s.nspawn'", i->local); + } + return 0; } @@ -221,11 +259,13 @@ static bool tar_pull_is_done(TarPull *i) { assert(i); assert(i->tar_job); - if (i->tar_job->state != PULL_JOB_DONE) + if (!PULL_JOB_IS_COMPLETE(i->tar_job)) + return false; + if (i->settings_job && !PULL_JOB_IS_COMPLETE(i->settings_job)) return false; - if (i->checksum_job && i->checksum_job->state != PULL_JOB_DONE) + if (i->checksum_job && !PULL_JOB_IS_COMPLETE(i->checksum_job)) return false; - if (i->signature_job && i->signature_job->state != PULL_JOB_DONE) + if (i->signature_job && !PULL_JOB_IS_COMPLETE(i->signature_job)) return false; return true; @@ -239,7 +279,11 @@ static void tar_pull_job_on_finished(PullJob *j) { assert(j->userdata); i = j->userdata; - if (j->error != 0) { + + if (j == i->settings_job) { + if (j->error != 0) + log_info_errno(j->error, "Settings file could not be retrieved, proceeding without."); + } else if (j->error != 0) { if (j == i->checksum_job) log_error_errno(j->error, "Failed to retrieve SHA256 checksum, cannot verify. (Try --verify=no?)"); else if (j == i->signature_job) @@ -258,13 +302,19 @@ static void tar_pull_job_on_finished(PullJob *j) { if (!tar_pull_is_done(i)) return; - j->disk_fd = safe_close(i->tar_job->disk_fd); + i->tar_job->disk_fd = safe_close(i->tar_job->disk_fd); + if (i->settings_job) + i->settings_job->disk_fd = safe_close(i->settings_job->disk_fd); if (i->tar_pid > 0) { r = wait_for_terminate_and_warn("tar", i->tar_pid, true); i->tar_pid = 0; if (r < 0) goto finish; + if (r > 0) { + r = -EIO; + goto finish; + } } if (!i->tar_job->etag_exists) { @@ -272,7 +322,7 @@ static void tar_pull_job_on_finished(PullJob *j) { tar_pull_report_progress(i, TAR_VERIFYING); - r = pull_verify(i->tar_job, i->checksum_job, i->signature_job); + r = pull_verify(i->tar_job, i->settings_job, i->checksum_job, i->signature_job); if (r < 0) goto finish; @@ -288,8 +338,32 @@ static void tar_pull_job_on_finished(PullJob *j) { goto finish; } - free(i->temp_path); - i->temp_path = NULL; + i->temp_path = mfree(i->temp_path); + + if (i->settings_job && + i->settings_job->error == 0 && + !i->settings_job->etag_exists) { + + assert(i->settings_temp_path); + assert(i->settings_path); + + /* Also move the settings file into place, if + * it exist. Note that we do so only if we + * also moved the tar file in place, to keep + * things strictly in sync. */ + + r = import_make_read_only(i->settings_temp_path); + if (r < 0) + goto finish; + + r = rename_noreplace(AT_FDCWD, i->settings_temp_path, AT_FDCWD, i->settings_path); + if (r < 0) { + log_error_errno(r, "Failed to rename settings file: %m"); + goto finish; + } + + i->settings_temp_path = mfree(i->settings_temp_path); + } } tar_pull_report_progress(i, TAR_COPYING); @@ -307,7 +381,7 @@ finish: sd_event_exit(i->event, r); } -static int tar_pull_job_on_open_disk(PullJob *j) { +static int tar_pull_job_on_open_disk_tar(PullJob *j) { TarPull *i; int r; @@ -344,6 +418,35 @@ static int tar_pull_job_on_open_disk(PullJob *j) { return 0; } +static int tar_pull_job_on_open_disk_settings(PullJob *j) { + TarPull *i; + int r; + + assert(j); + assert(j->userdata); + + i = j->userdata; + assert(i->settings_job == j); + assert(!i->settings_path); + assert(!i->settings_temp_path); + + r = pull_make_path(j->url, j->etag, i->image_root, ".settings-", NULL, &i->settings_path); + if (r < 0) + return log_oom(); + + r = tempfn_random(i->settings_path, NULL, &i->settings_temp_path); + if (r < 0) + return log_oom(); + + mkdir_parents_label(i->settings_temp_path, 0700); + + j->disk_fd = open(i->settings_temp_path, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0664); + if (j->disk_fd < 0) + return log_error_errno(errno, "Failed to create %s: %m", i->settings_temp_path); + + return 0; +} + static void tar_pull_job_on_progress(PullJob *j) { TarPull *i; @@ -355,10 +458,19 @@ static void tar_pull_job_on_progress(PullJob *j) { tar_pull_report_progress(i, TAR_DOWNLOADING); } -int tar_pull_start(TarPull *i, const char *url, const char *local, bool force_local, ImportVerify verify) { +int tar_pull_start( + TarPull *i, + const char *url, + const char *local, + bool force_local, + ImportVerify verify, + bool settings) { + int r; assert(i); + assert(verify < _IMPORT_VERIFY_MAX); + assert(verify >= 0); if (!http_url_is_valid(url)) return -EINVAL; @@ -372,15 +484,18 @@ int tar_pull_start(TarPull *i, const char *url, const char *local, bool force_lo r = free_and_strdup(&i->local, local); if (r < 0) return r; + i->force_local = force_local; i->verify = verify; + i->settings = settings; + /* Set up download job for TAR file */ r = pull_job_new(&i->tar_job, url, i->glue, i); if (r < 0) return r; i->tar_job->on_finished = tar_pull_job_on_finished; - i->tar_job->on_open_disk = tar_pull_job_on_open_disk; + i->tar_job->on_open_disk = tar_pull_job_on_open_disk_tar; i->tar_job->on_progress = tar_pull_job_on_progress; i->tar_job->calc_checksum = verify != IMPORT_VERIFY_NO; i->tar_job->grow_machine_directory = i->grow_machine_directory; @@ -389,6 +504,22 @@ int tar_pull_start(TarPull *i, const char *url, const char *local, bool force_lo if (r < 0) return r; + /* Set up download job for the settings file (.nspawn) */ + if (settings) { + r = pull_make_settings_job(&i->settings_job, url, i->glue, tar_pull_job_on_finished, i); + if (r < 0) + return r; + + i->settings_job->on_open_disk = tar_pull_job_on_open_disk_settings; + i->settings_job->on_progress = tar_pull_job_on_progress; + i->settings_job->calc_checksum = verify != IMPORT_VERIFY_NO; + + r = pull_find_old_etags(i->settings_job->url, i->image_root, DT_REG, ".settings-", NULL, &i->settings_job->old_etags); + if (r < 0) + return r; + } + + /* Set up download of checksum/signature files */ r = pull_make_verification_jobs(&i->checksum_job, &i->signature_job, verify, url, i->glue, tar_pull_job_on_finished, i); if (r < 0) return r; @@ -397,6 +528,12 @@ int tar_pull_start(TarPull *i, const char *url, const char *local, bool force_lo if (r < 0) return r; + if (i->settings_job) { + r = pull_job_begin(i->settings_job); + if (r < 0) + return r; + } + if (i->checksum_job) { i->checksum_job->on_progress = tar_pull_job_on_progress; diff --git a/src/import/pull-tar.h b/src/import/pull-tar.h index 0ed507748c..420845ae50 100644 --- a/src/import/pull-tar.h +++ b/src/import/pull-tar.h @@ -34,4 +34,4 @@ TarPull* tar_pull_unref(TarPull *pull); DEFINE_TRIVIAL_CLEANUP_FUNC(TarPull*, tar_pull_unref); -int tar_pull_start(TarPull *pull, const char *url, const char *local, bool force_local, ImportVerify verify); +int tar_pull_start(TarPull *pull, const char *url, const char *local, bool force_local, ImportVerify verify, bool settings); diff --git a/src/import/pull.c b/src/import/pull.c index ca7be6be85..29e9424b52 100644 --- a/src/import/pull.c +++ b/src/import/pull.c @@ -22,20 +22,22 @@ #include <getopt.h> #include "sd-event.h" + #include "event-util.h" -#include "verbs.h" -#include "build.h" -#include "signal-util.h" -#include "machine-image.h" +#include "hostname-util.h" #include "import-util.h" -#include "pull-tar.h" -#include "pull-raw.h" +#include "machine-image.h" #include "pull-dkr.h" +#include "pull-raw.h" +#include "pull-tar.h" +#include "signal-util.h" +#include "verbs.h" static bool arg_force = false; static const char *arg_image_root = "/var/lib/machines"; static ImportVerify arg_verify = IMPORT_VERIFY_SIGNATURE; static const char* arg_dkr_index_url = DEFAULT_DKR_INDEX_URL; +static bool arg_settings = true; static int interrupt_signal_handler(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) { log_notice("Transfer aborted."); @@ -117,7 +119,7 @@ static int pull_tar(int argc, char *argv[], void *userdata) { if (r < 0) return log_error_errno(r, "Failed to allocate puller: %m"); - r = tar_pull_start(pull, url, local, arg_force, arg_verify); + r = tar_pull_start(pull, url, local, arg_force, arg_verify, arg_settings); if (r < 0) return log_error_errno(r, "Failed to pull image: %m"); @@ -203,7 +205,7 @@ static int pull_raw(int argc, char *argv[], void *userdata) { if (r < 0) return log_error_errno(r, "Failed to allocate puller: %m"); - r = raw_pull_start(pull, url, local, arg_force, arg_verify); + r = raw_pull_start(pull, url, local, arg_force, arg_verify, arg_settings); if (r < 0) return log_error_errno(r, "Failed to pull image: %m"); @@ -330,8 +332,9 @@ static int help(int argc, char *argv[], void *userdata) { " -h --help Show this help\n" " --version Show package version\n" " --force Force creation of image\n" - " --verify= Verify downloaded image, one of: 'no',\n" - " 'checksum', 'signature'.\n" + " --verify=MODE Verify downloaded image, one of: 'no',\n" + " 'checksum', 'signature'\n" + " --settings=BOOL Download settings file with image\n" " --image-root=PATH Image root directory\n" " --dkr-index-url=URL Specify index URL to use for downloads\n\n" "Commands:\n" @@ -351,6 +354,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_DKR_INDEX_URL, ARG_IMAGE_ROOT, ARG_VERIFY, + ARG_SETTINGS, }; static const struct option options[] = { @@ -360,10 +364,11 @@ static int parse_argv(int argc, char *argv[]) { { "dkr-index-url", required_argument, NULL, ARG_DKR_INDEX_URL }, { "image-root", required_argument, NULL, ARG_IMAGE_ROOT }, { "verify", required_argument, NULL, ARG_VERIFY }, + { "settings", required_argument, NULL, ARG_SETTINGS }, {} }; - int c; + int c, r; assert(argc >= 0); assert(argv); @@ -376,9 +381,7 @@ static int parse_argv(int argc, char *argv[]) { return help(0, NULL, NULL); case ARG_VERSION: - puts(PACKAGE_STRING); - puts(SYSTEMD_FEATURES); - return 0; + return version(); case ARG_FORCE: arg_force = true; @@ -406,6 +409,14 @@ static int parse_argv(int argc, char *argv[]) { break; + case ARG_SETTINGS: + r = parse_boolean(optarg); + if (r < 0) + return log_error_errno(r, "Failed to parse --settings= parameter '%s'", optarg); + + arg_settings = r; + break; + case '?': return -EINVAL; |