summaryrefslogtreecommitdiffstats
path: root/src/sysupdate
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/sysupdate/sysupdate-partition.c2
-rw-r--r--src/sysupdate/sysupdate-partition.h6
-rw-r--r--src/sysupdate/sysupdate-pattern.c2
-rw-r--r--src/sysupdate/sysupdate-resource.c9
-rw-r--r--src/sysupdate/sysupdate-transfer.c91
-rw-r--r--src/sysupdate/sysupdate.c18
-rw-r--r--src/sysupdate/sysupdate.h12
7 files changed, 55 insertions, 85 deletions
diff --git a/src/sysupdate/sysupdate-partition.c b/src/sysupdate/sysupdate-partition.c
index 6f8e072..f7fc17f 100644
--- a/src/sysupdate/sysupdate-partition.c
+++ b/src/sysupdate/sysupdate-partition.c
@@ -40,7 +40,7 @@ int read_partition_info(
p = fdisk_table_get_partition(t, i);
if (!p)
- return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to read partition metadata: %m");
+ return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to read partition metadata.");
if (fdisk_partition_is_used(p) <= 0) {
*ret = (PartitionInfo) PARTITION_INFO_NULL;
diff --git a/src/sysupdate/sysupdate-partition.h b/src/sysupdate/sysupdate-partition.h
index 672eb93..094d8e0 100644
--- a/src/sysupdate/sysupdate-partition.h
+++ b/src/sysupdate/sysupdate-partition.h
@@ -29,9 +29,9 @@ struct PartitionInfo {
sd_id128_t type, uuid;
char *label;
char *device; /* Note that this might point to some non-existing path in case we operate on a loopback file */
- bool no_auto:1;
- bool read_only:1;
- bool growfs:1;
+ bool no_auto;
+ bool read_only;
+ bool growfs;
};
#define PARTITION_INFO_NULL \
diff --git a/src/sysupdate/sysupdate-pattern.c b/src/sysupdate/sysupdate-pattern.c
index ff018d8..f5dc7cd 100644
--- a/src/sysupdate/sysupdate-pattern.c
+++ b/src/sysupdate/sysupdate-pattern.c
@@ -404,7 +404,7 @@ int pattern_match(const char *pattern, const char *s, InstanceMetadata *ret) {
if (strlen(t) != sizeof(found.sha256sum) * 2)
goto nope;
- r = unhexmem(t, sizeof(found.sha256sum) * 2, &d, &l);
+ r = unhexmem_full(t, sizeof(found.sha256sum) * 2, /* secure = */ false, &d, &l);
if (r == -ENOMEM)
return r;
if (r < 0)
diff --git a/src/sysupdate/sysupdate-resource.c b/src/sysupdate/sysupdate-resource.c
index e4bdd88..5b7aee2 100644
--- a/src/sysupdate/sysupdate-resource.c
+++ b/src/sysupdate/sysupdate-resource.c
@@ -6,6 +6,7 @@
#include "alloc-util.h"
#include "blockdev-util.h"
+#include "build-path.h"
#include "chase.h"
#include "device-util.h"
#include "devnum-util.h"
@@ -300,7 +301,7 @@ static int download_manifest(
/* Child */
const char *cmdline[] = {
- "systemd-pull",
+ SYSTEMD_PULL_PATH,
"raw",
"--direct", /* just download the specified URL, don't download anything else */
"--verify", verify_signature ? "signature" : "no", /* verify the manifest file */
@@ -309,8 +310,8 @@ static int download_manifest(
NULL
};
- execv(pull_binary_path(), (char *const*) cmdline);
- log_error_errno(errno, "Failed to execute %s tool: %m", pull_binary_path());
+ r = invoke_callout_binary(SYSTEMD_PULL_PATH, (char *const*) cmdline);
+ log_error_errno(r, "Failed to execute %s tool: %m", SYSTEMD_PULL_PATH);
_exit(EXIT_FAILURE);
};
@@ -398,7 +399,7 @@ static int resource_load_from_web(
if (p[0] == '\\')
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "File names with escapes not supported in manifest at line %zu, refusing.", line_nr);
- r = unhexmem(p, 64, &h, &hlen);
+ r = unhexmem_full(p, 64, /* secure = */ false, &h, &hlen);
if (r < 0)
return log_error_errno(r, "Failed to parse digest at manifest line %zu, refusing.", line_nr);
diff --git a/src/sysupdate/sysupdate-transfer.c b/src/sysupdate/sysupdate-transfer.c
index f8f4a15..435c380 100644
--- a/src/sysupdate/sysupdate-transfer.c
+++ b/src/sysupdate/sysupdate-transfer.c
@@ -4,6 +4,7 @@
#include "alloc-util.h"
#include "blockdev-util.h"
+#include "build-path.h"
#include "chase.h"
#include "conf-parser.h"
#include "dirent-util.h"
@@ -531,6 +532,7 @@ int transfer_read_definition(Transfer *t, const char *path) {
"Target path is not a normalized, absolute path: %s", t->target.path);
if (strv_isempty(t->target.patterns)) {
+ log_syntax(NULL, LOG_INFO, path, 1, 0, "Target specification lacks MatchPattern= expression. Assuming same value as in source specification.");
strv_free(t->target.patterns);
t->target.patterns = strv_copy(t->source.patterns);
if (!t->target.patterns)
@@ -782,25 +784,23 @@ static void compile_pattern_fields(
memcpy(ret->sha256sum, i->metadata.sha256sum, sizeof(ret->sha256sum));
}
-static int run_helper(
+static int run_callout(
const char *name,
- const char *path,
- const char * const cmdline[]) {
+ char *cmdline[]) {
int r;
assert(name);
- assert(path);
assert(cmdline);
+ assert(cmdline[0]);
r = safe_fork(name, FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL);
if (r < 0)
return r;
if (r == 0) {
/* Child */
-
- execv(path, (char *const*) cmdline);
- log_error_errno(errno, "Failed to execute %s tool: %m", path);
+ r = invoke_callout_binary(cmdline[0], (char *const*) cmdline);
+ log_error_errno(r, "Failed to execute %s tool: %m", cmdline[0]);
_exit(EXIT_FAILURE);
}
@@ -907,36 +907,30 @@ int transfer_acquire_instance(Transfer *t, Instance *i) {
* importer has some tricks up its sleeve, such as sparse file generation, which we
* want to take benefit of, too.) */
- r = run_helper("(sd-import-raw)",
- import_binary_path(),
- (const char* const[]) {
- "systemd-import",
+ r = run_callout("(sd-import-raw)",
+ STRV_MAKE(
+ SYSTEMD_IMPORT_PATH,
"raw",
"--direct", /* just copy/unpack the specified file, don't do anything else */
arg_sync ? "--sync=yes" : "--sync=no",
i->path,
- t->temporary_path,
- NULL
- });
+ t->temporary_path));
break;
case RESOURCE_PARTITION:
/* regular file → partition */
- r = run_helper("(sd-import-raw)",
- import_binary_path(),
- (const char* const[]) {
- "systemd-import",
+ r = run_callout("(sd-import-raw)",
+ STRV_MAKE(
+ SYSTEMD_IMPORT_PATH,
"raw",
"--direct", /* just copy/unpack the specified file, don't do anything else */
"--offset", offset,
"--size-max", max_size,
arg_sync ? "--sync=yes" : "--sync=no",
i->path,
- t->target.path,
- NULL
- });
+ t->target.path));
break;
default:
@@ -951,18 +945,15 @@ int transfer_acquire_instance(Transfer *t, Instance *i) {
/* directory/subvolume → directory/subvolume */
- r = run_helper("(sd-import-fs)",
- import_fs_binary_path(),
- (const char* const[]) {
- "systemd-import-fs",
+ r = run_callout("(sd-import-fs)",
+ STRV_MAKE(
+ SYSTEMD_IMPORT_FS_PATH,
"run",
"--direct", /* just untar the specified file, don't do anything else */
arg_sync ? "--sync=yes" : "--sync=no",
t->target.type == RESOURCE_SUBVOLUME ? "--btrfs-subvol=yes" : "--btrfs-subvol=no",
i->path,
- t->temporary_path,
- NULL
- });
+ t->temporary_path));
break;
case RESOURCE_TAR:
@@ -970,18 +961,15 @@ int transfer_acquire_instance(Transfer *t, Instance *i) {
/* tar → directory/subvolume */
- r = run_helper("(sd-import-tar)",
- import_binary_path(),
- (const char* const[]) {
- "systemd-import",
+ r = run_callout("(sd-import-tar)",
+ STRV_MAKE(
+ SYSTEMD_IMPORT_PATH,
"tar",
"--direct", /* just untar the specified file, don't do anything else */
arg_sync ? "--sync=yes" : "--sync=no",
t->target.type == RESOURCE_SUBVOLUME ? "--btrfs-subvol=yes" : "--btrfs-subvol=no",
i->path,
- t->temporary_path,
- NULL
- });
+ t->temporary_path));
break;
case RESOURCE_URL_FILE:
@@ -992,28 +980,24 @@ int transfer_acquire_instance(Transfer *t, Instance *i) {
/* url file → regular file */
- r = run_helper("(sd-pull-raw)",
- pull_binary_path(),
- (const char* const[]) {
- "systemd-pull",
+ r = run_callout("(sd-pull-raw)",
+ STRV_MAKE(
+ SYSTEMD_PULL_PATH,
"raw",
"--direct", /* just download the specified URL, don't download anything else */
"--verify", digest, /* validate by explicit SHA256 sum */
arg_sync ? "--sync=yes" : "--sync=no",
i->path,
- t->temporary_path,
- NULL
- });
+ t->temporary_path));
break;
case RESOURCE_PARTITION:
/* url file → partition */
- r = run_helper("(sd-pull-raw)",
- pull_binary_path(),
- (const char* const[]) {
- "systemd-pull",
+ r = run_callout("(sd-pull-raw)",
+ STRV_MAKE(
+ SYSTEMD_PULL_PATH,
"raw",
"--direct", /* just download the specified URL, don't download anything else */
"--verify", digest, /* validate by explicit SHA256 sum */
@@ -1021,9 +1005,7 @@ int transfer_acquire_instance(Transfer *t, Instance *i) {
"--size-max", max_size,
arg_sync ? "--sync=yes" : "--sync=no",
i->path,
- t->target.path,
- NULL
- });
+ t->target.path));
break;
default:
@@ -1035,19 +1017,16 @@ int transfer_acquire_instance(Transfer *t, Instance *i) {
case RESOURCE_URL_TAR:
assert(IN_SET(t->target.type, RESOURCE_DIRECTORY, RESOURCE_SUBVOLUME));
- r = run_helper("(sd-pull-tar)",
- pull_binary_path(),
- (const char*const[]) {
- "systemd-pull",
+ r = run_callout("(sd-pull-tar)",
+ STRV_MAKE(
+ SYSTEMD_PULL_PATH,
"tar",
"--direct", /* just download the specified URL, don't download anything else */
"--verify", digest, /* validate by explicit SHA256 sum */
t->target.type == RESOURCE_SUBVOLUME ? "--btrfs-subvol=yes" : "--btrfs-subvol=no",
arg_sync ? "--sync=yes" : "--sync=no",
i->path,
- t->temporary_path,
- NULL
- });
+ t->temporary_path));
break;
default:
diff --git a/src/sysupdate/sysupdate.c b/src/sysupdate/sysupdate.c
index 023eaac..9565b68 100644
--- a/src/sysupdate/sysupdate.c
+++ b/src/sysupdate/sysupdate.c
@@ -676,7 +676,7 @@ static int context_vacuum(
if (space == 0)
log_info("Making room%s", special_glyph(SPECIAL_GLYPH_ELLIPSIS));
else
- log_info("Making room for %" PRIu64 " updates%s", space,special_glyph(SPECIAL_GLYPH_ELLIPSIS));
+ log_info("Making room for %" PRIu64 " updates%s", space, special_glyph(SPECIAL_GLYPH_ELLIPSIS));
for (size_t i = 0; i < c->n_transfers; i++) {
r = transfer_vacuum(c->transfers[i], space, extra_protected_version);
@@ -882,7 +882,8 @@ static int process_image(
DISSECT_IMAGE_RELAX_VAR_CHECK |
DISSECT_IMAGE_USR_NO_ROOT |
DISSECT_IMAGE_GENERIC_ROOT |
- DISSECT_IMAGE_REQUIRE_ROOT,
+ DISSECT_IMAGE_REQUIRE_ROOT |
+ DISSECT_IMAGE_ALLOW_USERSPACE_VERITY,
&mounted_dir,
/* ret_dir_fd= */ NULL,
&loop_device);
@@ -1220,12 +1221,13 @@ static int verb_help(int argc, char **argv, void *userdata) {
" --no-legend Do not show the headers and footers\n"
" --json=pretty|short|off\n"
" Generate JSON output\n"
- "\nSee the %2$s for details.\n"
- , program_invocation_short_name
- , link
- , ansi_underline(), ansi_normal()
- , ansi_highlight(), ansi_normal()
- );
+ "\nSee the %2$s for details.\n",
+ program_invocation_short_name,
+ link,
+ ansi_underline(),
+ ansi_normal(),
+ ansi_highlight(),
+ ansi_normal());
return 0;
}
diff --git a/src/sysupdate/sysupdate.h b/src/sysupdate/sysupdate.h
index 6d387b7..cba9bf4 100644
--- a/src/sysupdate/sysupdate.h
+++ b/src/sysupdate/sysupdate.h
@@ -7,15 +7,3 @@
extern bool arg_sync;
extern uint64_t arg_instances_max;
extern char *arg_root;
-
-static inline const char* import_binary_path(void) {
- return secure_getenv("SYSTEMD_IMPORT_PATH") ?: SYSTEMD_IMPORT_PATH;
-}
-
-static inline const char* import_fs_binary_path(void) {
- return secure_getenv("SYSTEMD_IMPORT_FS_PATH") ?: SYSTEMD_IMPORT_FS_PATH;
-}
-
-static inline const char *pull_binary_path(void) {
- return secure_getenv("SYSTEMD_PULL_PATH") ?: SYSTEMD_PULL_PATH;
-}