diff options
Diffstat (limited to '')
-rw-r--r-- | src/sysupdate/sysupdate-partition.c | 2 | ||||
-rw-r--r-- | src/sysupdate/sysupdate-partition.h | 6 | ||||
-rw-r--r-- | src/sysupdate/sysupdate-pattern.c | 2 | ||||
-rw-r--r-- | src/sysupdate/sysupdate-resource.c | 9 | ||||
-rw-r--r-- | src/sysupdate/sysupdate-transfer.c | 91 | ||||
-rw-r--r-- | src/sysupdate/sysupdate.c | 18 | ||||
-rw-r--r-- | src/sysupdate/sysupdate.h | 12 |
7 files changed, 55 insertions, 85 deletions
diff --git a/src/sysupdate/sysupdate-partition.c b/src/sysupdate/sysupdate-partition.c index 6f8e072..f7fc17f 100644 --- a/src/sysupdate/sysupdate-partition.c +++ b/src/sysupdate/sysupdate-partition.c @@ -40,7 +40,7 @@ int read_partition_info( p = fdisk_table_get_partition(t, i); if (!p) - return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to read partition metadata: %m"); + return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to read partition metadata."); if (fdisk_partition_is_used(p) <= 0) { *ret = (PartitionInfo) PARTITION_INFO_NULL; diff --git a/src/sysupdate/sysupdate-partition.h b/src/sysupdate/sysupdate-partition.h index 672eb93..094d8e0 100644 --- a/src/sysupdate/sysupdate-partition.h +++ b/src/sysupdate/sysupdate-partition.h @@ -29,9 +29,9 @@ struct PartitionInfo { sd_id128_t type, uuid; char *label; char *device; /* Note that this might point to some non-existing path in case we operate on a loopback file */ - bool no_auto:1; - bool read_only:1; - bool growfs:1; + bool no_auto; + bool read_only; + bool growfs; }; #define PARTITION_INFO_NULL \ diff --git a/src/sysupdate/sysupdate-pattern.c b/src/sysupdate/sysupdate-pattern.c index ff018d8..f5dc7cd 100644 --- a/src/sysupdate/sysupdate-pattern.c +++ b/src/sysupdate/sysupdate-pattern.c @@ -404,7 +404,7 @@ int pattern_match(const char *pattern, const char *s, InstanceMetadata *ret) { if (strlen(t) != sizeof(found.sha256sum) * 2) goto nope; - r = unhexmem(t, sizeof(found.sha256sum) * 2, &d, &l); + r = unhexmem_full(t, sizeof(found.sha256sum) * 2, /* secure = */ false, &d, &l); if (r == -ENOMEM) return r; if (r < 0) diff --git a/src/sysupdate/sysupdate-resource.c b/src/sysupdate/sysupdate-resource.c index e4bdd88..5b7aee2 100644 --- a/src/sysupdate/sysupdate-resource.c +++ b/src/sysupdate/sysupdate-resource.c @@ -6,6 +6,7 @@ #include "alloc-util.h" #include "blockdev-util.h" +#include "build-path.h" #include "chase.h" #include "device-util.h" #include "devnum-util.h" @@ -300,7 +301,7 @@ static int download_manifest( /* Child */ const char *cmdline[] = { - "systemd-pull", + SYSTEMD_PULL_PATH, "raw", "--direct", /* just download the specified URL, don't download anything else */ "--verify", verify_signature ? "signature" : "no", /* verify the manifest file */ @@ -309,8 +310,8 @@ static int download_manifest( NULL }; - execv(pull_binary_path(), (char *const*) cmdline); - log_error_errno(errno, "Failed to execute %s tool: %m", pull_binary_path()); + r = invoke_callout_binary(SYSTEMD_PULL_PATH, (char *const*) cmdline); + log_error_errno(r, "Failed to execute %s tool: %m", SYSTEMD_PULL_PATH); _exit(EXIT_FAILURE); }; @@ -398,7 +399,7 @@ static int resource_load_from_web( if (p[0] == '\\') return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "File names with escapes not supported in manifest at line %zu, refusing.", line_nr); - r = unhexmem(p, 64, &h, &hlen); + r = unhexmem_full(p, 64, /* secure = */ false, &h, &hlen); if (r < 0) return log_error_errno(r, "Failed to parse digest at manifest line %zu, refusing.", line_nr); diff --git a/src/sysupdate/sysupdate-transfer.c b/src/sysupdate/sysupdate-transfer.c index f8f4a15..435c380 100644 --- a/src/sysupdate/sysupdate-transfer.c +++ b/src/sysupdate/sysupdate-transfer.c @@ -4,6 +4,7 @@ #include "alloc-util.h" #include "blockdev-util.h" +#include "build-path.h" #include "chase.h" #include "conf-parser.h" #include "dirent-util.h" @@ -531,6 +532,7 @@ int transfer_read_definition(Transfer *t, const char *path) { "Target path is not a normalized, absolute path: %s", t->target.path); if (strv_isempty(t->target.patterns)) { + log_syntax(NULL, LOG_INFO, path, 1, 0, "Target specification lacks MatchPattern= expression. Assuming same value as in source specification."); strv_free(t->target.patterns); t->target.patterns = strv_copy(t->source.patterns); if (!t->target.patterns) @@ -782,25 +784,23 @@ static void compile_pattern_fields( memcpy(ret->sha256sum, i->metadata.sha256sum, sizeof(ret->sha256sum)); } -static int run_helper( +static int run_callout( const char *name, - const char *path, - const char * const cmdline[]) { + char *cmdline[]) { int r; assert(name); - assert(path); assert(cmdline); + assert(cmdline[0]); r = safe_fork(name, FORK_RESET_SIGNALS|FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_WAIT, NULL); if (r < 0) return r; if (r == 0) { /* Child */ - - execv(path, (char *const*) cmdline); - log_error_errno(errno, "Failed to execute %s tool: %m", path); + r = invoke_callout_binary(cmdline[0], (char *const*) cmdline); + log_error_errno(r, "Failed to execute %s tool: %m", cmdline[0]); _exit(EXIT_FAILURE); } @@ -907,36 +907,30 @@ int transfer_acquire_instance(Transfer *t, Instance *i) { * importer has some tricks up its sleeve, such as sparse file generation, which we * want to take benefit of, too.) */ - r = run_helper("(sd-import-raw)", - import_binary_path(), - (const char* const[]) { - "systemd-import", + r = run_callout("(sd-import-raw)", + STRV_MAKE( + SYSTEMD_IMPORT_PATH, "raw", "--direct", /* just copy/unpack the specified file, don't do anything else */ arg_sync ? "--sync=yes" : "--sync=no", i->path, - t->temporary_path, - NULL - }); + t->temporary_path)); break; case RESOURCE_PARTITION: /* regular file → partition */ - r = run_helper("(sd-import-raw)", - import_binary_path(), - (const char* const[]) { - "systemd-import", + r = run_callout("(sd-import-raw)", + STRV_MAKE( + SYSTEMD_IMPORT_PATH, "raw", "--direct", /* just copy/unpack the specified file, don't do anything else */ "--offset", offset, "--size-max", max_size, arg_sync ? "--sync=yes" : "--sync=no", i->path, - t->target.path, - NULL - }); + t->target.path)); break; default: @@ -951,18 +945,15 @@ int transfer_acquire_instance(Transfer *t, Instance *i) { /* directory/subvolume → directory/subvolume */ - r = run_helper("(sd-import-fs)", - import_fs_binary_path(), - (const char* const[]) { - "systemd-import-fs", + r = run_callout("(sd-import-fs)", + STRV_MAKE( + SYSTEMD_IMPORT_FS_PATH, "run", "--direct", /* just untar the specified file, don't do anything else */ arg_sync ? "--sync=yes" : "--sync=no", t->target.type == RESOURCE_SUBVOLUME ? "--btrfs-subvol=yes" : "--btrfs-subvol=no", i->path, - t->temporary_path, - NULL - }); + t->temporary_path)); break; case RESOURCE_TAR: @@ -970,18 +961,15 @@ int transfer_acquire_instance(Transfer *t, Instance *i) { /* tar → directory/subvolume */ - r = run_helper("(sd-import-tar)", - import_binary_path(), - (const char* const[]) { - "systemd-import", + r = run_callout("(sd-import-tar)", + STRV_MAKE( + SYSTEMD_IMPORT_PATH, "tar", "--direct", /* just untar the specified file, don't do anything else */ arg_sync ? "--sync=yes" : "--sync=no", t->target.type == RESOURCE_SUBVOLUME ? "--btrfs-subvol=yes" : "--btrfs-subvol=no", i->path, - t->temporary_path, - NULL - }); + t->temporary_path)); break; case RESOURCE_URL_FILE: @@ -992,28 +980,24 @@ int transfer_acquire_instance(Transfer *t, Instance *i) { /* url file → regular file */ - r = run_helper("(sd-pull-raw)", - pull_binary_path(), - (const char* const[]) { - "systemd-pull", + r = run_callout("(sd-pull-raw)", + STRV_MAKE( + SYSTEMD_PULL_PATH, "raw", "--direct", /* just download the specified URL, don't download anything else */ "--verify", digest, /* validate by explicit SHA256 sum */ arg_sync ? "--sync=yes" : "--sync=no", i->path, - t->temporary_path, - NULL - }); + t->temporary_path)); break; case RESOURCE_PARTITION: /* url file → partition */ - r = run_helper("(sd-pull-raw)", - pull_binary_path(), - (const char* const[]) { - "systemd-pull", + r = run_callout("(sd-pull-raw)", + STRV_MAKE( + SYSTEMD_PULL_PATH, "raw", "--direct", /* just download the specified URL, don't download anything else */ "--verify", digest, /* validate by explicit SHA256 sum */ @@ -1021,9 +1005,7 @@ int transfer_acquire_instance(Transfer *t, Instance *i) { "--size-max", max_size, arg_sync ? "--sync=yes" : "--sync=no", i->path, - t->target.path, - NULL - }); + t->target.path)); break; default: @@ -1035,19 +1017,16 @@ int transfer_acquire_instance(Transfer *t, Instance *i) { case RESOURCE_URL_TAR: assert(IN_SET(t->target.type, RESOURCE_DIRECTORY, RESOURCE_SUBVOLUME)); - r = run_helper("(sd-pull-tar)", - pull_binary_path(), - (const char*const[]) { - "systemd-pull", + r = run_callout("(sd-pull-tar)", + STRV_MAKE( + SYSTEMD_PULL_PATH, "tar", "--direct", /* just download the specified URL, don't download anything else */ "--verify", digest, /* validate by explicit SHA256 sum */ t->target.type == RESOURCE_SUBVOLUME ? "--btrfs-subvol=yes" : "--btrfs-subvol=no", arg_sync ? "--sync=yes" : "--sync=no", i->path, - t->temporary_path, - NULL - }); + t->temporary_path)); break; default: diff --git a/src/sysupdate/sysupdate.c b/src/sysupdate/sysupdate.c index 023eaac..9565b68 100644 --- a/src/sysupdate/sysupdate.c +++ b/src/sysupdate/sysupdate.c @@ -676,7 +676,7 @@ static int context_vacuum( if (space == 0) log_info("Making room%s", special_glyph(SPECIAL_GLYPH_ELLIPSIS)); else - log_info("Making room for %" PRIu64 " updates%s", space,special_glyph(SPECIAL_GLYPH_ELLIPSIS)); + log_info("Making room for %" PRIu64 " updates%s", space, special_glyph(SPECIAL_GLYPH_ELLIPSIS)); for (size_t i = 0; i < c->n_transfers; i++) { r = transfer_vacuum(c->transfers[i], space, extra_protected_version); @@ -882,7 +882,8 @@ static int process_image( DISSECT_IMAGE_RELAX_VAR_CHECK | DISSECT_IMAGE_USR_NO_ROOT | DISSECT_IMAGE_GENERIC_ROOT | - DISSECT_IMAGE_REQUIRE_ROOT, + DISSECT_IMAGE_REQUIRE_ROOT | + DISSECT_IMAGE_ALLOW_USERSPACE_VERITY, &mounted_dir, /* ret_dir_fd= */ NULL, &loop_device); @@ -1220,12 +1221,13 @@ static int verb_help(int argc, char **argv, void *userdata) { " --no-legend Do not show the headers and footers\n" " --json=pretty|short|off\n" " Generate JSON output\n" - "\nSee the %2$s for details.\n" - , program_invocation_short_name - , link - , ansi_underline(), ansi_normal() - , ansi_highlight(), ansi_normal() - ); + "\nSee the %2$s for details.\n", + program_invocation_short_name, + link, + ansi_underline(), + ansi_normal(), + ansi_highlight(), + ansi_normal()); return 0; } diff --git a/src/sysupdate/sysupdate.h b/src/sysupdate/sysupdate.h index 6d387b7..cba9bf4 100644 --- a/src/sysupdate/sysupdate.h +++ b/src/sysupdate/sysupdate.h @@ -7,15 +7,3 @@ extern bool arg_sync; extern uint64_t arg_instances_max; extern char *arg_root; - -static inline const char* import_binary_path(void) { - return secure_getenv("SYSTEMD_IMPORT_PATH") ?: SYSTEMD_IMPORT_PATH; -} - -static inline const char* import_fs_binary_path(void) { - return secure_getenv("SYSTEMD_IMPORT_FS_PATH") ?: SYSTEMD_IMPORT_FS_PATH; -} - -static inline const char *pull_binary_path(void) { - return secure_getenv("SYSTEMD_PULL_PATH") ?: SYSTEMD_PULL_PATH; -} |