diff options
Diffstat (limited to 'src/analyze/analyze-verify-util.c')
-rw-r--r-- | src/analyze/analyze-verify-util.c | 376 |
1 files changed, 376 insertions, 0 deletions
diff --git a/src/analyze/analyze-verify-util.c b/src/analyze/analyze-verify-util.c new file mode 100644 index 0000000..6fbd6fa --- /dev/null +++ b/src/analyze/analyze-verify-util.c @@ -0,0 +1,376 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#include <stdlib.h> + +#include "all-units.h" +#include "alloc-util.h" +#include "analyze-verify-util.h" +#include "bus-error.h" +#include "bus-util.h" +#include "log.h" +#include "manager.h" +#include "pager.h" +#include "path-util.h" +#include "string-table.h" +#include "strv.h" +#include "unit-name.h" +#include "unit-serialize.h" + +static void log_syntax_callback(const char *unit, int level, void *userdata) { + Set **s = ASSERT_PTR(userdata); + int r; + + assert(unit); + + if (level > LOG_WARNING) + return; + + if (*s == POINTER_MAX) + return; + + r = set_put_strdup(s, unit); + if (r < 0) { + set_free_free(*s); + *s = POINTER_MAX; + } +} + +int verify_prepare_filename(const char *filename, char **ret) { + _cleanup_free_ char *abspath = NULL, *name = NULL, *dir = NULL, *with_instance = NULL; + char *c; + int r; + + assert(filename); + assert(ret); + + r = path_make_absolute_cwd(filename, &abspath); + if (r < 0) + return r; + + r = path_extract_filename(abspath, &name); + if (r < 0) + return r; + + if (!unit_name_is_valid(name, UNIT_NAME_ANY)) + return -EINVAL; + + if (unit_name_is_valid(name, UNIT_NAME_TEMPLATE)) { + r = unit_name_replace_instance(name, "i", &with_instance); + if (r < 0) + return r; + } + + r = path_extract_directory(abspath, &dir); + if (r < 0) + return r; + + c = path_join(dir, with_instance ?: name); + if (!c) + return -ENOMEM; + + *ret = c; + return 0; +} + +static int find_unit_directory(const char *p, char **ret) { + _cleanup_free_ char *a = NULL, *u = NULL, *t = NULL, *d = NULL; + int r; + + assert(p); + assert(ret); + + r = path_make_absolute_cwd(p, &a); + if (r < 0) + return r; + + if (access(a, F_OK) >= 0) { + r = path_extract_directory(a, &d); + if (r < 0) + return r; + + *ret = TAKE_PTR(d); + return 0; + } + + r = path_extract_filename(a, &u); + if (r < 0) + return r; + + if (!unit_name_is_valid(u, UNIT_NAME_INSTANCE)) + return -ENOENT; + + /* If the specified unit is an instance of a template unit, then let's try to find the template unit. */ + r = unit_name_template(u, &t); + if (r < 0) + return r; + + r = path_extract_directory(a, &d); + if (r < 0) + return r; + + free(a); + a = path_join(d, t); + if (!a) + return -ENOMEM; + + if (access(a, F_OK) < 0) + return -errno; + + *ret = TAKE_PTR(d); + return 0; +} + +int verify_set_unit_path(char **filenames) { + _cleanup_strv_free_ char **ans = NULL; + _cleanup_free_ char *joined = NULL; + const char *old; + int r; + + STRV_FOREACH(filename, filenames) { + _cleanup_free_ char *t = NULL; + + r = find_unit_directory(*filename, &t); + if (r == -ENOMEM) + return r; + if (r < 0) + continue; + + r = strv_consume(&ans, TAKE_PTR(t)); + if (r < 0) + return r; + } + + if (strv_isempty(ans)) + return 0; + + joined = strv_join(strv_uniq(ans), ":"); + if (!joined) + return -ENOMEM; + + /* First, prepend our directories. Second, if some path was specified, use that, and + * otherwise use the defaults. Any duplicates will be filtered out in path-lookup.c. + * Treat explicit empty path to mean that nothing should be appended. */ + old = getenv("SYSTEMD_UNIT_PATH"); + if (!streq_ptr(old, "") && + !strextend_with_separator(&joined, ":", old ?: "")) + return -ENOMEM; + + assert_se(set_unit_path(joined) >= 0); + return 0; +} + +static int verify_socket(Unit *u) { + Unit *service; + int r; + + assert(u); + + if (u->type != UNIT_SOCKET) + return 0; + + r = socket_load_service_unit(SOCKET(u), -1, &service); + if (r < 0) + return log_unit_error_errno(u, r, "service unit for the socket cannot be loaded: %m"); + + if (service->load_state != UNIT_LOADED) + return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOENT), + "service %s not loaded, socket cannot be started.", service->id); + + log_unit_debug(u, "using service unit %s.", service->id); + return 0; +} + +int verify_executable(Unit *u, const ExecCommand *exec, const char *root) { + int r; + + if (!exec) + return 0; + + if (exec->flags & EXEC_COMMAND_IGNORE_FAILURE) + return 0; + + r = find_executable_full(exec->path, root, NULL, false, NULL, NULL); + if (r < 0) + return log_unit_error_errno(u, r, "Command %s is not executable: %m", exec->path); + + return 0; +} + +static int verify_executables(Unit *u, const char *root) { + int r = 0; + + assert(u); + + ExecCommand *exec = + u->type == UNIT_SOCKET ? SOCKET(u)->control_command : + u->type == UNIT_MOUNT ? MOUNT(u)->control_command : + u->type == UNIT_SWAP ? SWAP(u)->control_command : NULL; + RET_GATHER(r, verify_executable(u, exec, root)); + + if (u->type == UNIT_SERVICE) + FOREACH_ARRAY(i, SERVICE(u)->exec_command, ELEMENTSOF(SERVICE(u)->exec_command)) + RET_GATHER(r, verify_executable(u, *i, root)); + + if (u->type == UNIT_SOCKET) + FOREACH_ARRAY(i, SOCKET(u)->exec_command, ELEMENTSOF(SOCKET(u)->exec_command)) + RET_GATHER(r, verify_executable(u, *i, root)); + + return r; +} + +static int verify_documentation(Unit *u, bool check_man) { + int r = 0, k; + + STRV_FOREACH(p, u->documentation) { + log_unit_debug(u, "Found documentation item: %s", *p); + + if (check_man && startswith(*p, "man:")) { + k = show_man_page(*p + 4, true); + if (k != 0) { + if (k < 0) + log_unit_error_errno(u, k, "Can't show %s: %m", *p + 4); + else { + log_unit_error(u, "Command 'man %s' failed with code %d", *p + 4, k); + k = -ENOEXEC; + } + if (r == 0) + r = k; + } + } + } + + /* Check remote URLs? */ + + return r; +} + +static int verify_unit(Unit *u, bool check_man, const char *root) { + _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; + int r; + + assert(u); + + if (DEBUG_LOGGING) + unit_dump(u, stdout, "\t"); + + log_unit_debug(u, "Creating %s/start job", u->id); + r = manager_add_job(u->manager, JOB_START, u, JOB_REPLACE, NULL, &error, NULL); + if (r < 0) + log_unit_error_errno(u, r, "Failed to create %s/start: %s", u->id, bus_error_message(&error, r)); + + RET_GATHER(r, verify_socket(u)); + RET_GATHER(r, verify_executables(u, root)); + RET_GATHER(r, verify_documentation(u, check_man)); + + return r; +} + +static void set_destroy_ignore_pointer_max(Set **s) { + if (*s == POINTER_MAX) + return; + set_free_free(*s); +} + +int verify_units( + char **filenames, + RuntimeScope scope, + bool check_man, + bool run_generators, + RecursiveErrors recursive_errors, + const char *root) { + + const ManagerTestRunFlags flags = + MANAGER_TEST_RUN_MINIMAL | + MANAGER_TEST_RUN_ENV_GENERATORS | + MANAGER_TEST_DONT_OPEN_EXECUTOR | + (recursive_errors == RECURSIVE_ERRORS_NO) * MANAGER_TEST_RUN_IGNORE_DEPENDENCIES | + run_generators * MANAGER_TEST_RUN_GENERATORS; + + _cleanup_(manager_freep) Manager *m = NULL; + _cleanup_(set_destroy_ignore_pointer_max) Set *s = NULL; + _unused_ _cleanup_(clear_log_syntax_callback) dummy_t dummy; + Unit *units[strv_length(filenames)]; + int r, k, count = 0; + + if (strv_isempty(filenames)) + return 0; + + /* Allow systemd-analyze to hook in a callback function so that it can get + * all the required log data from the function itself without having to rely + * on a global set variable for the same */ + set_log_syntax_callback(log_syntax_callback, &s); + + /* set the path */ + r = verify_set_unit_path(filenames); + if (r < 0) + return log_error_errno(r, "Failed to set unit load path: %m"); + + r = manager_new(scope, flags, &m); + if (r < 0) + return log_error_errno(r, "Failed to initialize manager: %m"); + + log_debug("Starting manager..."); + + r = manager_startup(m, /* serialization= */ NULL, /* fds= */ NULL, root); + if (r < 0) + return r; + + manager_clear_jobs(m); + + log_debug("Loading remaining units from the command line..."); + + STRV_FOREACH(filename, filenames) { + _cleanup_free_ char *prepared = NULL; + + log_debug("Handling %s...", *filename); + + k = verify_prepare_filename(*filename, &prepared); + if (k < 0) { + log_error_errno(k, "Failed to prepare filename %s: %m", *filename); + RET_GATHER(r, k); + continue; + } + + k = manager_load_startable_unit_or_warn(m, NULL, prepared, &units[count]); + if (k < 0) { + RET_GATHER(r, k); + continue; + } + + count++; + } + + FOREACH_ARRAY(i, units, count) + RET_GATHER(r, verify_unit(*i, check_man, root)); + + if (s == POINTER_MAX) + return log_oom(); + + if (set_isempty(s) || r != 0) + return r; + + /* If all previous verifications succeeded, then either the recursive parsing of all the + * associated dependencies with RECURSIVE_ERRORS_YES or the parsing of the specified unit file + * with RECURSIVE_ERRORS_NO must have yielded a syntax warning and hence, a non-empty set. */ + if (IN_SET(recursive_errors, RECURSIVE_ERRORS_YES, RECURSIVE_ERRORS_NO)) + return -ENOTRECOVERABLE; + + /* If all previous verifications succeeded, then the non-empty set could have resulted from + * a syntax warning encountered during the recursive parsing of the specified unit file and + * its direct dependencies. Hence, search for any of the filenames in the set and if found, + * return a non-zero process exit status. */ + if (recursive_errors == RECURSIVE_ERRORS_ONE) + STRV_FOREACH(filename, filenames) + if (set_contains(s, basename(*filename))) + return -ENOTRECOVERABLE; + + return 0; +} + +static const char* const recursive_errors_table[_RECURSIVE_ERRORS_MAX] = { + [RECURSIVE_ERRORS_NO] = "no", + [RECURSIVE_ERRORS_YES] = "yes", + [RECURSIVE_ERRORS_ONE] = "one", +}; + +DEFINE_STRING_TABLE_LOOKUP(recursive_errors, RecursiveErrors); |