mirror of
https://github.com/systemd/systemd
synced 2024-07-21 10:17:21 +00:00
Merge pull request #1210 from poettering/import-fixes
cgroup fix, nspawn fix, plus change to download .nspawn files in importd
This commit is contained in:
commit
94766ad2ba
|
@ -2211,7 +2211,7 @@ static const char *cgroup_controller_table[_CGROUP_CONTROLLER_MAX] = {
|
|||
[CGROUP_CONTROLLER_CPUACCT] = "cpuacct",
|
||||
[CGROUP_CONTROLLER_BLKIO] = "blkio",
|
||||
[CGROUP_CONTROLLER_MEMORY] = "memory",
|
||||
[CGROUP_CONTROLLER_DEVICE] = "devices",
|
||||
[CGROUP_CONTROLLER_DEVICES] = "devices",
|
||||
};
|
||||
|
||||
DEFINE_STRING_TABLE_LOOKUP(cgroup_controller, CGroupController);
|
||||
|
|
|
@ -34,7 +34,7 @@ typedef enum CGroupController {
|
|||
CGROUP_CONTROLLER_CPUACCT,
|
||||
CGROUP_CONTROLLER_BLKIO,
|
||||
CGROUP_CONTROLLER_MEMORY,
|
||||
CGROUP_CONTROLLER_DEVICE,
|
||||
CGROUP_CONTROLLER_DEVICES,
|
||||
_CGROUP_CONTROLLER_MAX,
|
||||
_CGROUP_CONTROLLER_INVALID = -1,
|
||||
} CGroupController;
|
||||
|
@ -47,7 +47,7 @@ typedef enum CGroupMask {
|
|||
CGROUP_MASK_CPUACCT = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUACCT),
|
||||
CGROUP_MASK_BLKIO = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BLKIO),
|
||||
CGROUP_MASK_MEMORY = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_MEMORY),
|
||||
CGROUP_MASK_DEVICE = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_DEVICE),
|
||||
CGROUP_MASK_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_DEVICES),
|
||||
_CGROUP_MASK_ALL = CGROUP_CONTROLLER_TO_MASK(_CGROUP_CONTROLLER_MAX) - 1
|
||||
} CGroupMask;
|
||||
|
||||
|
|
|
@ -404,7 +404,7 @@ void cgroup_context_apply(CGroupContext *c, CGroupMask mask, const char *path, M
|
|||
"Failed to set memory.limit_in_bytes/memory.max on %s: %m", path);
|
||||
}
|
||||
|
||||
if ((mask & CGROUP_MASK_DEVICE) && !is_root) {
|
||||
if ((mask & CGROUP_MASK_DEVICES) && !is_root) {
|
||||
CGroupDeviceAllow *a;
|
||||
|
||||
/* Changing the devices list of a populated cgroup
|
||||
|
@ -492,7 +492,7 @@ CGroupMask cgroup_context_get_mask(CGroupContext *c) {
|
|||
|
||||
if (c->device_allow ||
|
||||
c->device_policy != CGROUP_AUTO)
|
||||
mask |= CGROUP_MASK_DEVICE;
|
||||
mask |= CGROUP_MASK_DEVICES;
|
||||
|
||||
return mask;
|
||||
}
|
||||
|
|
|
@ -572,7 +572,7 @@ int bus_cgroup_set_property(
|
|||
char *buf;
|
||||
|
||||
c->device_policy = p;
|
||||
u->cgroup_realized_mask &= ~CGROUP_MASK_DEVICE;
|
||||
u->cgroup_realized_mask &= ~CGROUP_MASK_DEVICES;
|
||||
|
||||
buf = strjoina("DevicePolicy=", policy);
|
||||
unit_write_drop_in_private(u, mode, name, buf);
|
||||
|
@ -651,7 +651,7 @@ int bus_cgroup_set_property(
|
|||
cgroup_context_free_device_allow(c, c->device_allow);
|
||||
}
|
||||
|
||||
u->cgroup_realized_mask &= ~CGROUP_MASK_DEVICE;
|
||||
u->cgroup_realized_mask &= ~CGROUP_MASK_DEVICES;
|
||||
|
||||
f = open_memstream(&buf, &size);
|
||||
if (!f)
|
||||
|
|
|
@ -34,7 +34,14 @@
|
|||
|
||||
#define FILENAME_ESCAPE "/.#\"\'"
|
||||
|
||||
int pull_find_old_etags(const char *url, const char *image_root, int dt, const char *prefix, const char *suffix, char ***etags) {
|
||||
int pull_find_old_etags(
|
||||
const char *url,
|
||||
const char *image_root,
|
||||
int dt,
|
||||
const char *prefix,
|
||||
const char *suffix,
|
||||
char ***etags) {
|
||||
|
||||
_cleanup_free_ char *escaped_url = NULL;
|
||||
_cleanup_closedir_ DIR *d = NULL;
|
||||
_cleanup_strv_free_ char **l = NULL;
|
||||
|
@ -173,6 +180,49 @@ int pull_make_path(const char *url, const char *etag, const char *image_root, co
|
|||
return 0;
|
||||
}
|
||||
|
||||
int pull_make_settings_job(
|
||||
PullJob **ret,
|
||||
const char *url,
|
||||
CurlGlue *glue,
|
||||
PullJobFinished on_finished,
|
||||
void *userdata) {
|
||||
|
||||
_cleanup_free_ char *last_component = NULL, *ll = NULL, *settings_url = NULL;
|
||||
_cleanup_(pull_job_unrefp) PullJob *job = NULL;
|
||||
const char *q;
|
||||
int r;
|
||||
|
||||
assert(ret);
|
||||
assert(url);
|
||||
assert(glue);
|
||||
|
||||
r = import_url_last_component(url, &last_component);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = tar_strip_suffixes(last_component, &ll);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
q = strjoina(ll, ".nspawn");
|
||||
|
||||
r = import_url_change_last_component(url, q, &settings_url);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = pull_job_new(&job, settings_url, glue, userdata);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
job->on_finished = on_finished;
|
||||
job->compressed_max = job->uncompressed_max = 1ULL * 1024ULL * 1024ULL;
|
||||
|
||||
*ret = job;
|
||||
job = NULL;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int pull_make_verification_jobs(
|
||||
PullJob **ret_checksum_job,
|
||||
PullJob **ret_signature_job,
|
||||
|
@ -232,8 +282,8 @@ int pull_make_verification_jobs(
|
|||
return 0;
|
||||
}
|
||||
|
||||
int pull_verify(
|
||||
PullJob *main_job,
|
||||
int pull_verify(PullJob *main_job,
|
||||
PullJob *settings_job,
|
||||
PullJob *checksum_job,
|
||||
PullJob *signature_job) {
|
||||
|
||||
|
@ -278,12 +328,47 @@ int pull_verify(
|
|||
strlen(line));
|
||||
|
||||
if (!p || (p != (char*) checksum_job->payload && p[-1] != '\n')) {
|
||||
log_error("Checksum did not check out, payload has been tempered with.");
|
||||
log_error("DOWNLOAD INVALID: Checksum did not check out, payload has been tempered with.");
|
||||
return -EBADMSG;
|
||||
}
|
||||
|
||||
log_info("SHA256 checksum of %s is valid.", main_job->url);
|
||||
|
||||
assert(!settings_job || settings_job->state == PULL_JOB_DONE);
|
||||
|
||||
if (settings_job &&
|
||||
settings_job->error == 0 &&
|
||||
!settings_job->etag_exists) {
|
||||
|
||||
_cleanup_free_ char *settings_fn = NULL;
|
||||
|
||||
assert(settings_job->calc_checksum);
|
||||
assert(settings_job->checksum);
|
||||
|
||||
r = import_url_last_component(settings_job->url, &settings_fn);
|
||||
if (r < 0)
|
||||
return log_oom();
|
||||
|
||||
if (!filename_is_valid(settings_fn)) {
|
||||
log_error("Cannot verify checksum, could not determine server-side settings file name.");
|
||||
return -EBADMSG;
|
||||
}
|
||||
|
||||
line = strjoina(settings_job->checksum, " *", settings_fn, "\n");
|
||||
|
||||
p = memmem(checksum_job->payload,
|
||||
checksum_job->payload_size,
|
||||
line,
|
||||
strlen(line));
|
||||
|
||||
if (!p || (p != (char*) checksum_job->payload && p[-1] != '\n')) {
|
||||
log_error("DOWNLOAD INVALID: Checksum of settings file did not checkout, settings file has been tempered with.");
|
||||
return -EBADMSG;
|
||||
}
|
||||
|
||||
log_info("SHA256 checksum of %s is valid.", settings_job->url);
|
||||
}
|
||||
|
||||
if (!signature_job)
|
||||
return 0;
|
||||
|
||||
|
@ -407,7 +492,7 @@ int pull_verify(
|
|||
if (r < 0)
|
||||
goto finish;
|
||||
if (r > 0) {
|
||||
log_error("Signature verification failed.");
|
||||
log_error("DOWNLOAD INVALID: Signature verification failed.");
|
||||
r = -EBADMSG;
|
||||
} else {
|
||||
log_info("Signature verification succeeded.");
|
||||
|
@ -416,7 +501,7 @@ int pull_verify(
|
|||
|
||||
finish:
|
||||
if (sig_file >= 0)
|
||||
unlink(sig_file_path);
|
||||
(void) unlink(sig_file_path);
|
||||
|
||||
if (gpg_home_created)
|
||||
(void) rm_rf(gpg_home, REMOVE_ROOT|REMOVE_PHYSICAL);
|
||||
|
|
|
@ -32,5 +32,7 @@ int pull_find_old_etags(const char *url, const char *root, int dt, const char *p
|
|||
|
||||
int pull_make_path(const char *url, const char *etag, const char *image_root, const char *prefix, const char *suffix, char **ret);
|
||||
|
||||
int pull_make_settings_job(PullJob **ret, const char *url, CurlGlue *glue, PullJobFinished on_finished, void *userdata);
|
||||
int pull_make_verification_jobs(PullJob **ret_checksum_job, PullJob **ret_signature_job, ImportVerify verify, const char *url, CurlGlue *glue, PullJobFinished on_finished, void *userdata);
|
||||
int pull_verify(PullJob *main_job, PullJob *checksum_job, PullJob *signature_job);
|
||||
|
||||
int pull_verify(PullJob *main_job, PullJob *settings_job, PullJob *checksum_job, PullJob *signature_job);
|
||||
|
|
|
@ -44,7 +44,7 @@ typedef enum PullJobState {
|
|||
_PULL_JOB_STATE_INVALID = -1,
|
||||
} PullJobState;
|
||||
|
||||
#define PULL_JOB_STATE_IS_COMPLETE(j) (IN_SET((j)->state, PULL_JOB_DONE, PULL_JOB_FAILED))
|
||||
#define PULL_JOB_IS_COMPLETE(j) (IN_SET((j)->state, PULL_JOB_DONE, PULL_JOB_FAILED))
|
||||
|
||||
typedef enum PullJobCompression {
|
||||
PULL_JOB_UNCOMPRESSED,
|
||||
|
|
|
@ -57,6 +57,7 @@ struct RawPull {
|
|||
char *image_root;
|
||||
|
||||
PullJob *raw_job;
|
||||
PullJob *settings_job;
|
||||
PullJob *checksum_job;
|
||||
PullJob *signature_job;
|
||||
|
||||
|
@ -66,9 +67,13 @@ struct RawPull {
|
|||
char *local;
|
||||
bool force_local;
|
||||
bool grow_machine_directory;
|
||||
bool settings;
|
||||
|
||||
char *temp_path;
|
||||
char *final_path;
|
||||
char *temp_path;
|
||||
|
||||
char *settings_path;
|
||||
char *settings_temp_path;
|
||||
|
||||
ImportVerify verify;
|
||||
};
|
||||
|
@ -78,6 +83,7 @@ RawPull* raw_pull_unref(RawPull *i) {
|
|||
return NULL;
|
||||
|
||||
pull_job_unref(i->raw_job);
|
||||
pull_job_unref(i->settings_job);
|
||||
pull_job_unref(i->checksum_job);
|
||||
pull_job_unref(i->signature_job);
|
||||
|
||||
|
@ -89,7 +95,13 @@ RawPull* raw_pull_unref(RawPull *i) {
|
|||
free(i->temp_path);
|
||||
}
|
||||
|
||||
if (i->settings_temp_path) {
|
||||
(void) unlink(i->settings_temp_path);
|
||||
free(i->settings_temp_path);
|
||||
}
|
||||
|
||||
free(i->final_path);
|
||||
free(i->settings_path);
|
||||
free(i->image_root);
|
||||
free(i->local);
|
||||
free(i);
|
||||
|
@ -155,6 +167,11 @@ static void raw_pull_report_progress(RawPull *i, RawProgress p) {
|
|||
|
||||
percent = 0;
|
||||
|
||||
if (i->settings_job) {
|
||||
percent += i->settings_job->progress_percent * 5 / 100;
|
||||
remain -= 5;
|
||||
}
|
||||
|
||||
if (i->checksum_job) {
|
||||
percent += i->checksum_job->progress_percent * 5 / 100;
|
||||
remain -= 5;
|
||||
|
@ -253,17 +270,17 @@ static int raw_pull_make_local_copy(RawPull *i) {
|
|||
if (!i->local)
|
||||
return 0;
|
||||
|
||||
if (!i->final_path) {
|
||||
r = pull_make_path(i->raw_job->url, i->raw_job->etag, i->image_root, ".raw-", ".raw", &i->final_path);
|
||||
if (r < 0)
|
||||
return log_oom();
|
||||
}
|
||||
|
||||
if (i->raw_job->etag_exists) {
|
||||
/* We have downloaded this one previously, reopen it */
|
||||
|
||||
assert(i->raw_job->disk_fd < 0);
|
||||
|
||||
if (!i->final_path) {
|
||||
r = pull_make_path(i->raw_job->url, i->raw_job->etag, i->image_root, ".raw-", ".raw", &i->final_path);
|
||||
if (r < 0)
|
||||
return log_oom();
|
||||
}
|
||||
|
||||
i->raw_job->disk_fd = open(i->final_path, O_RDONLY|O_NOCTTY|O_CLOEXEC);
|
||||
if (i->raw_job->disk_fd < 0)
|
||||
return log_error_errno(errno, "Failed to open vendor image: %m");
|
||||
|
@ -315,6 +332,28 @@ static int raw_pull_make_local_copy(RawPull *i) {
|
|||
}
|
||||
|
||||
log_info("Created new local image '%s'.", i->local);
|
||||
|
||||
if (i->settings) {
|
||||
const char *local_settings;
|
||||
assert(i->settings_job);
|
||||
|
||||
if (!i->settings_path) {
|
||||
r = pull_make_path(i->settings_job->url, i->settings_job->etag, i->image_root, ".settings-", NULL, &i->settings_path);
|
||||
if (r < 0)
|
||||
return log_oom();
|
||||
}
|
||||
|
||||
local_settings = strjoina(i->image_root, "/", i->local, ".nspawn");
|
||||
|
||||
r = copy_file_atomic(i->settings_path, local_settings, 0644, i->force_local, 0);
|
||||
if (r == -EEXIST)
|
||||
log_warning_errno(r, "Settings file %s already exists, not replacing.", local_settings);
|
||||
else if (r < 0 && r != -ENOENT)
|
||||
log_warning_errno(r, "Failed to copy settings files %s: %m", local_settings);
|
||||
|
||||
log_info("Create new settings file '%s.nspawn'", i->local);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -322,11 +361,13 @@ static bool raw_pull_is_done(RawPull *i) {
|
|||
assert(i);
|
||||
assert(i->raw_job);
|
||||
|
||||
if (i->raw_job->state != PULL_JOB_DONE)
|
||||
if (!PULL_JOB_IS_COMPLETE(i->raw_job))
|
||||
return false;
|
||||
if (i->checksum_job && i->checksum_job->state != PULL_JOB_DONE)
|
||||
if (i->settings_job && !PULL_JOB_IS_COMPLETE(i->settings_job))
|
||||
return false;
|
||||
if (i->signature_job && i->signature_job->state != PULL_JOB_DONE)
|
||||
if (i->checksum_job && !PULL_JOB_IS_COMPLETE(i->checksum_job))
|
||||
return false;
|
||||
if (i->signature_job && !PULL_JOB_IS_COMPLETE(i->signature_job))
|
||||
return false;
|
||||
|
||||
return true;
|
||||
|
@ -340,7 +381,10 @@ static void raw_pull_job_on_finished(PullJob *j) {
|
|||
assert(j->userdata);
|
||||
|
||||
i = j->userdata;
|
||||
if (j->error != 0) {
|
||||
if (j == i->settings_job) {
|
||||
if (j->error != 0)
|
||||
log_info_errno(j->error, "Settings file could not be retrieved, proceeding without.");
|
||||
} else if (j->error != 0) {
|
||||
if (j == i->checksum_job)
|
||||
log_error_errno(j->error, "Failed to retrieve SHA256 checksum, cannot verify. (Try --verify=no?)");
|
||||
else if (j == i->signature_job)
|
||||
|
@ -362,13 +406,16 @@ static void raw_pull_job_on_finished(PullJob *j) {
|
|||
if (!raw_pull_is_done(i))
|
||||
return;
|
||||
|
||||
if (i->settings_job)
|
||||
i->settings_job->disk_fd = safe_close(i->settings_job->disk_fd);
|
||||
|
||||
if (!i->raw_job->etag_exists) {
|
||||
/* This is a new download, verify it, and move it into place */
|
||||
assert(i->raw_job->disk_fd >= 0);
|
||||
|
||||
raw_pull_report_progress(i, RAW_VERIFYING);
|
||||
|
||||
r = pull_verify(i->raw_job, i->checksum_job, i->signature_job);
|
||||
r = pull_verify(i->raw_job, i->settings_job, i->checksum_job, i->signature_job);
|
||||
if (r < 0)
|
||||
goto finish;
|
||||
|
||||
|
@ -390,8 +437,27 @@ static void raw_pull_job_on_finished(PullJob *j) {
|
|||
goto finish;
|
||||
}
|
||||
|
||||
free(i->temp_path);
|
||||
i->temp_path = NULL;
|
||||
i->temp_path = mfree(i->temp_path);
|
||||
|
||||
if (i->settings_job &&
|
||||
i->settings_job->error == 0 &&
|
||||
!i->settings_job->etag_exists) {
|
||||
|
||||
assert(i->settings_temp_path);
|
||||
assert(i->settings_path);
|
||||
|
||||
r = import_make_read_only(i->settings_temp_path);
|
||||
if (r < 0)
|
||||
goto finish;
|
||||
|
||||
r = rename_noreplace(AT_FDCWD, i->settings_temp_path, AT_FDCWD, i->settings_path);
|
||||
if (r < 0) {
|
||||
log_error_errno(r, "Failed to rename settings file: %m");
|
||||
goto finish;
|
||||
}
|
||||
|
||||
i->settings_temp_path = mfree(i->settings_temp_path);
|
||||
}
|
||||
}
|
||||
|
||||
raw_pull_report_progress(i, RAW_COPYING);
|
||||
|
@ -409,7 +475,7 @@ finish:
|
|||
sd_event_exit(i->event, r);
|
||||
}
|
||||
|
||||
static int raw_pull_job_on_open_disk(PullJob *j) {
|
||||
static int raw_pull_job_on_open_disk_raw(PullJob *j) {
|
||||
RawPull *i;
|
||||
int r;
|
||||
|
||||
|
@ -442,6 +508,35 @@ static int raw_pull_job_on_open_disk(PullJob *j) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int raw_pull_job_on_open_disk_settings(PullJob *j) {
|
||||
RawPull *i;
|
||||
int r;
|
||||
|
||||
assert(j);
|
||||
assert(j->userdata);
|
||||
|
||||
i = j->userdata;
|
||||
assert(i->settings_job == j);
|
||||
assert(!i->settings_path);
|
||||
assert(!i->settings_temp_path);
|
||||
|
||||
r = pull_make_path(j->url, j->etag, i->image_root, ".settings-", NULL, &i->settings_path);
|
||||
if (r < 0)
|
||||
return log_oom();
|
||||
|
||||
r = tempfn_random(i->settings_path, NULL, &i->settings_temp_path);
|
||||
if (r < 0)
|
||||
return log_oom();
|
||||
|
||||
mkdir_parents_label(i->settings_temp_path, 0700);
|
||||
|
||||
j->disk_fd = open(i->settings_temp_path, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0664);
|
||||
if (j->disk_fd < 0)
|
||||
return log_error_errno(errno, "Failed to create %s: %m", i->settings_temp_path);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void raw_pull_job_on_progress(PullJob *j) {
|
||||
RawPull *i;
|
||||
|
||||
|
@ -453,7 +548,14 @@ static void raw_pull_job_on_progress(PullJob *j) {
|
|||
raw_pull_report_progress(i, RAW_DOWNLOADING);
|
||||
}
|
||||
|
||||
int raw_pull_start(RawPull *i, const char *url, const char *local, bool force_local, ImportVerify verify) {
|
||||
int raw_pull_start(
|
||||
RawPull *i,
|
||||
const char *url,
|
||||
const char *local,
|
||||
bool force_local,
|
||||
ImportVerify verify,
|
||||
bool settings) {
|
||||
|
||||
int r;
|
||||
|
||||
assert(i);
|
||||
|
@ -472,8 +574,10 @@ int raw_pull_start(RawPull *i, const char *url, const char *local, bool force_lo
|
|||
r = free_and_strdup(&i->local, local);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
i->force_local = force_local;
|
||||
i->verify = verify;
|
||||
i->settings = settings;
|
||||
|
||||
/* Queue job for the image itself */
|
||||
r = pull_job_new(&i->raw_job, url, i->glue, i);
|
||||
|
@ -481,7 +585,7 @@ int raw_pull_start(RawPull *i, const char *url, const char *local, bool force_lo
|
|||
return r;
|
||||
|
||||
i->raw_job->on_finished = raw_pull_job_on_finished;
|
||||
i->raw_job->on_open_disk = raw_pull_job_on_open_disk;
|
||||
i->raw_job->on_open_disk = raw_pull_job_on_open_disk_raw;
|
||||
i->raw_job->on_progress = raw_pull_job_on_progress;
|
||||
i->raw_job->calc_checksum = verify != IMPORT_VERIFY_NO;
|
||||
i->raw_job->grow_machine_directory = i->grow_machine_directory;
|
||||
|
@ -490,6 +594,20 @@ int raw_pull_start(RawPull *i, const char *url, const char *local, bool force_lo
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (settings) {
|
||||
r = pull_make_settings_job(&i->settings_job, url, i->glue, raw_pull_job_on_finished, i);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
i->settings_job->on_open_disk = raw_pull_job_on_open_disk_settings;
|
||||
i->settings_job->on_progress = raw_pull_job_on_progress;
|
||||
i->settings_job->calc_checksum = verify != IMPORT_VERIFY_NO;
|
||||
|
||||
r = pull_find_old_etags(i->settings_job->url, i->image_root, DT_REG, ".settings-", NULL, &i->settings_job->old_etags);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
r = pull_make_verification_jobs(&i->checksum_job, &i->signature_job, verify, url, i->glue, raw_pull_job_on_finished, i);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
@ -498,6 +616,12 @@ int raw_pull_start(RawPull *i, const char *url, const char *local, bool force_lo
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (i->settings_job) {
|
||||
r = pull_job_begin(i->settings_job);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
if (i->checksum_job) {
|
||||
i->checksum_job->on_progress = raw_pull_job_on_progress;
|
||||
|
||||
|
|
|
@ -34,4 +34,4 @@ RawPull* raw_pull_unref(RawPull *pull);
|
|||
|
||||
DEFINE_TRIVIAL_CLEANUP_FUNC(RawPull*, raw_pull_unref);
|
||||
|
||||
int raw_pull_start(RawPull *pull, const char *url, const char *local, bool force_local, ImportVerify verify);
|
||||
int raw_pull_start(RawPull *pull, const char *url, const char *local, bool force_local, ImportVerify verify, bool settings);
|
||||
|
|
|
@ -55,6 +55,7 @@ struct TarPull {
|
|||
char *image_root;
|
||||
|
||||
PullJob *tar_job;
|
||||
PullJob *settings_job;
|
||||
PullJob *checksum_job;
|
||||
PullJob *signature_job;
|
||||
|
||||
|
@ -64,11 +65,15 @@ struct TarPull {
|
|||
char *local;
|
||||
bool force_local;
|
||||
bool grow_machine_directory;
|
||||
bool settings;
|
||||
|
||||
pid_t tar_pid;
|
||||
|
||||
char *temp_path;
|
||||
char *final_path;
|
||||
char *temp_path;
|
||||
|
||||
char *settings_path;
|
||||
char *settings_temp_path;
|
||||
|
||||
ImportVerify verify;
|
||||
};
|
||||
|
@ -83,6 +88,7 @@ TarPull* tar_pull_unref(TarPull *i) {
|
|||
}
|
||||
|
||||
pull_job_unref(i->tar_job);
|
||||
pull_job_unref(i->settings_job);
|
||||
pull_job_unref(i->checksum_job);
|
||||
pull_job_unref(i->signature_job);
|
||||
|
||||
|
@ -94,7 +100,13 @@ TarPull* tar_pull_unref(TarPull *i) {
|
|||
free(i->temp_path);
|
||||
}
|
||||
|
||||
if (i->settings_temp_path) {
|
||||
(void) unlink(i->settings_temp_path);
|
||||
free(i->settings_temp_path);
|
||||
}
|
||||
|
||||
free(i->final_path);
|
||||
free(i->settings_path);
|
||||
free(i->image_root);
|
||||
free(i->local);
|
||||
free(i);
|
||||
|
@ -113,7 +125,6 @@ int tar_pull_new(
|
|||
int r;
|
||||
|
||||
assert(ret);
|
||||
assert(event);
|
||||
|
||||
i = new0(TarPull, 1);
|
||||
if (!i)
|
||||
|
@ -128,7 +139,13 @@ int tar_pull_new(
|
|||
|
||||
i->grow_machine_directory = path_startswith(i->image_root, "/var/lib/machines");
|
||||
|
||||
i->event = sd_event_ref(event);
|
||||
if (event)
|
||||
i->event = sd_event_ref(event);
|
||||
else {
|
||||
r = sd_event_default(&i->event);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
r = curl_glue_new(&i->glue, i->event);
|
||||
if (r < 0)
|
||||
|
@ -155,6 +172,11 @@ static void tar_pull_report_progress(TarPull *i, TarProgress p) {
|
|||
|
||||
percent = 0;
|
||||
|
||||
if (i->settings_job) {
|
||||
percent += i->settings_job->progress_percent * 5 / 100;
|
||||
remain -= 5;
|
||||
}
|
||||
|
||||
if (i->checksum_job) {
|
||||
percent += i->checksum_job->progress_percent * 5 / 100;
|
||||
remain -= 5;
|
||||
|
@ -209,6 +231,27 @@ static int tar_pull_make_local_copy(TarPull *i) {
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (i->settings) {
|
||||
const char *local_settings;
|
||||
assert(i->settings_job);
|
||||
|
||||
if (!i->settings_path) {
|
||||
r = pull_make_path(i->settings_job->url, i->settings_job->etag, i->image_root, ".settings-", NULL, &i->settings_path);
|
||||
if (r < 0)
|
||||
return log_oom();
|
||||
}
|
||||
|
||||
local_settings = strjoina(i->image_root, "/", i->local, ".nspawn");
|
||||
|
||||
r = copy_file_atomic(i->settings_path, local_settings, 0664, i->force_local, 0);
|
||||
if (r == -EEXIST)
|
||||
log_warning_errno(r, "Settings file %s already exists, not replacing.", local_settings);
|
||||
else if (r < 0 && r != -ENOENT)
|
||||
log_warning_errno(r, "Failed to copy settings files %s: %m", local_settings);
|
||||
|
||||
log_info("Create new settings file '%s.nspawn'", i->local);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -216,11 +259,13 @@ static bool tar_pull_is_done(TarPull *i) {
|
|||
assert(i);
|
||||
assert(i->tar_job);
|
||||
|
||||
if (i->tar_job->state != PULL_JOB_DONE)
|
||||
if (!PULL_JOB_IS_COMPLETE(i->tar_job))
|
||||
return false;
|
||||
if (i->checksum_job && i->checksum_job->state != PULL_JOB_DONE)
|
||||
if (i->settings_job && !PULL_JOB_IS_COMPLETE(i->settings_job))
|
||||
return false;
|
||||
if (i->signature_job && i->signature_job->state != PULL_JOB_DONE)
|
||||
if (i->checksum_job && !PULL_JOB_IS_COMPLETE(i->checksum_job))
|
||||
return false;
|
||||
if (i->signature_job && !PULL_JOB_IS_COMPLETE(i->signature_job))
|
||||
return false;
|
||||
|
||||
return true;
|
||||
|
@ -234,7 +279,11 @@ static void tar_pull_job_on_finished(PullJob *j) {
|
|||
assert(j->userdata);
|
||||
|
||||
i = j->userdata;
|
||||
if (j->error != 0) {
|
||||
|
||||
if (j == i->settings_job) {
|
||||
if (j->error != 0)
|
||||
log_info_errno(j->error, "Settings file could not be retrieved, proceeding without.");
|
||||
} else if (j->error != 0) {
|
||||
if (j == i->checksum_job)
|
||||
log_error_errno(j->error, "Failed to retrieve SHA256 checksum, cannot verify. (Try --verify=no?)");
|
||||
else if (j == i->signature_job)
|
||||
|
@ -253,13 +302,19 @@ static void tar_pull_job_on_finished(PullJob *j) {
|
|||
if (!tar_pull_is_done(i))
|
||||
return;
|
||||
|
||||
j->disk_fd = safe_close(i->tar_job->disk_fd);
|
||||
i->tar_job->disk_fd = safe_close(i->tar_job->disk_fd);
|
||||
if (i->settings_job)
|
||||
i->settings_job->disk_fd = safe_close(i->settings_job->disk_fd);
|
||||
|
||||
if (i->tar_pid > 0) {
|
||||
r = wait_for_terminate_and_warn("tar", i->tar_pid, true);
|
||||
i->tar_pid = 0;
|
||||
if (r < 0)
|
||||
goto finish;
|
||||
if (r > 0) {
|
||||
r = -EIO;
|
||||
goto finish;
|
||||
}
|
||||
}
|
||||
|
||||
if (!i->tar_job->etag_exists) {
|
||||
|
@ -267,7 +322,7 @@ static void tar_pull_job_on_finished(PullJob *j) {
|
|||
|
||||
tar_pull_report_progress(i, TAR_VERIFYING);
|
||||
|
||||
r = pull_verify(i->tar_job, i->checksum_job, i->signature_job);
|
||||
r = pull_verify(i->tar_job, i->settings_job, i->checksum_job, i->signature_job);
|
||||
if (r < 0)
|
||||
goto finish;
|
||||
|
||||
|
@ -283,8 +338,32 @@ static void tar_pull_job_on_finished(PullJob *j) {
|
|||
goto finish;
|
||||
}
|
||||
|
||||
free(i->temp_path);
|
||||
i->temp_path = NULL;
|
||||
i->temp_path = mfree(i->temp_path);
|
||||
|
||||
if (i->settings_job &&
|
||||
i->settings_job->error == 0 &&
|
||||
!i->settings_job->etag_exists) {
|
||||
|
||||
assert(i->settings_temp_path);
|
||||
assert(i->settings_path);
|
||||
|
||||
/* Also move the settings file into place, if
|
||||
* it exist. Note that we do so only if we
|
||||
* also moved the tar file in place, to keep
|
||||
* things strictly in sync. */
|
||||
|
||||
r = import_make_read_only(i->settings_temp_path);
|
||||
if (r < 0)
|
||||
goto finish;
|
||||
|
||||
r = rename_noreplace(AT_FDCWD, i->settings_temp_path, AT_FDCWD, i->settings_path);
|
||||
if (r < 0) {
|
||||
log_error_errno(r, "Failed to rename settings file: %m");
|
||||
goto finish;
|
||||
}
|
||||
|
||||
i->settings_temp_path = mfree(i->settings_temp_path);
|
||||
}
|
||||
}
|
||||
|
||||
tar_pull_report_progress(i, TAR_COPYING);
|
||||
|
@ -302,7 +381,7 @@ finish:
|
|||
sd_event_exit(i->event, r);
|
||||
}
|
||||
|
||||
static int tar_pull_job_on_open_disk(PullJob *j) {
|
||||
static int tar_pull_job_on_open_disk_tar(PullJob *j) {
|
||||
TarPull *i;
|
||||
int r;
|
||||
|
||||
|
@ -339,6 +418,35 @@ static int tar_pull_job_on_open_disk(PullJob *j) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int tar_pull_job_on_open_disk_settings(PullJob *j) {
|
||||
TarPull *i;
|
||||
int r;
|
||||
|
||||
assert(j);
|
||||
assert(j->userdata);
|
||||
|
||||
i = j->userdata;
|
||||
assert(i->settings_job == j);
|
||||
assert(!i->settings_path);
|
||||
assert(!i->settings_temp_path);
|
||||
|
||||
r = pull_make_path(j->url, j->etag, i->image_root, ".settings-", NULL, &i->settings_path);
|
||||
if (r < 0)
|
||||
return log_oom();
|
||||
|
||||
r = tempfn_random(i->settings_path, NULL, &i->settings_temp_path);
|
||||
if (r < 0)
|
||||
return log_oom();
|
||||
|
||||
mkdir_parents_label(i->settings_temp_path, 0700);
|
||||
|
||||
j->disk_fd = open(i->settings_temp_path, O_RDWR|O_CREAT|O_EXCL|O_NOCTTY|O_CLOEXEC, 0664);
|
||||
if (j->disk_fd < 0)
|
||||
return log_error_errno(errno, "Failed to create %s: %m", i->settings_temp_path);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void tar_pull_job_on_progress(PullJob *j) {
|
||||
TarPull *i;
|
||||
|
||||
|
@ -350,10 +458,19 @@ static void tar_pull_job_on_progress(PullJob *j) {
|
|||
tar_pull_report_progress(i, TAR_DOWNLOADING);
|
||||
}
|
||||
|
||||
int tar_pull_start(TarPull *i, const char *url, const char *local, bool force_local, ImportVerify verify) {
|
||||
int tar_pull_start(
|
||||
TarPull *i,
|
||||
const char *url,
|
||||
const char *local,
|
||||
bool force_local,
|
||||
ImportVerify verify,
|
||||
bool settings) {
|
||||
|
||||
int r;
|
||||
|
||||
assert(i);
|
||||
assert(verify < _IMPORT_VERIFY_MAX);
|
||||
assert(verify >= 0);
|
||||
|
||||
if (!http_url_is_valid(url))
|
||||
return -EINVAL;
|
||||
|
@ -367,15 +484,18 @@ int tar_pull_start(TarPull *i, const char *url, const char *local, bool force_lo
|
|||
r = free_and_strdup(&i->local, local);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
i->force_local = force_local;
|
||||
i->verify = verify;
|
||||
i->settings = settings;
|
||||
|
||||
/* Set up download job for TAR file */
|
||||
r = pull_job_new(&i->tar_job, url, i->glue, i);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
i->tar_job->on_finished = tar_pull_job_on_finished;
|
||||
i->tar_job->on_open_disk = tar_pull_job_on_open_disk;
|
||||
i->tar_job->on_open_disk = tar_pull_job_on_open_disk_tar;
|
||||
i->tar_job->on_progress = tar_pull_job_on_progress;
|
||||
i->tar_job->calc_checksum = verify != IMPORT_VERIFY_NO;
|
||||
i->tar_job->grow_machine_directory = i->grow_machine_directory;
|
||||
|
@ -384,6 +504,22 @@ int tar_pull_start(TarPull *i, const char *url, const char *local, bool force_lo
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
/* Set up download job for the settings file (.nspawn) */
|
||||
if (settings) {
|
||||
r = pull_make_settings_job(&i->settings_job, url, i->glue, tar_pull_job_on_finished, i);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
i->settings_job->on_open_disk = tar_pull_job_on_open_disk_settings;
|
||||
i->settings_job->on_progress = tar_pull_job_on_progress;
|
||||
i->settings_job->calc_checksum = verify != IMPORT_VERIFY_NO;
|
||||
|
||||
r = pull_find_old_etags(i->settings_job->url, i->image_root, DT_REG, ".settings-", NULL, &i->settings_job->old_etags);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
/* Set up download of checksum/signature files */
|
||||
r = pull_make_verification_jobs(&i->checksum_job, &i->signature_job, verify, url, i->glue, tar_pull_job_on_finished, i);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
@ -392,6 +528,12 @@ int tar_pull_start(TarPull *i, const char *url, const char *local, bool force_lo
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (i->settings_job) {
|
||||
r = pull_job_begin(i->settings_job);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
if (i->checksum_job) {
|
||||
i->checksum_job->on_progress = tar_pull_job_on_progress;
|
||||
|
||||
|
|
|
@ -34,4 +34,4 @@ TarPull* tar_pull_unref(TarPull *pull);
|
|||
|
||||
DEFINE_TRIVIAL_CLEANUP_FUNC(TarPull*, tar_pull_unref);
|
||||
|
||||
int tar_pull_start(TarPull *pull, const char *url, const char *local, bool force_local, ImportVerify verify);
|
||||
int tar_pull_start(TarPull *pull, const char *url, const char *local, bool force_local, ImportVerify verify, bool settings);
|
||||
|
|
|
@ -37,6 +37,7 @@ static bool arg_force = false;
|
|||
static const char *arg_image_root = "/var/lib/machines";
|
||||
static ImportVerify arg_verify = IMPORT_VERIFY_SIGNATURE;
|
||||
static const char* arg_dkr_index_url = DEFAULT_DKR_INDEX_URL;
|
||||
static bool arg_settings = true;
|
||||
|
||||
static int interrupt_signal_handler(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
|
||||
log_notice("Transfer aborted.");
|
||||
|
@ -118,7 +119,7 @@ static int pull_tar(int argc, char *argv[], void *userdata) {
|
|||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to allocate puller: %m");
|
||||
|
||||
r = tar_pull_start(pull, url, local, arg_force, arg_verify);
|
||||
r = tar_pull_start(pull, url, local, arg_force, arg_verify, arg_settings);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to pull image: %m");
|
||||
|
||||
|
@ -204,7 +205,7 @@ static int pull_raw(int argc, char *argv[], void *userdata) {
|
|||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to allocate puller: %m");
|
||||
|
||||
r = raw_pull_start(pull, url, local, arg_force, arg_verify);
|
||||
r = raw_pull_start(pull, url, local, arg_force, arg_verify, arg_settings);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to pull image: %m");
|
||||
|
||||
|
@ -331,8 +332,9 @@ static int help(int argc, char *argv[], void *userdata) {
|
|||
" -h --help Show this help\n"
|
||||
" --version Show package version\n"
|
||||
" --force Force creation of image\n"
|
||||
" --verify= Verify downloaded image, one of: 'no',\n"
|
||||
" 'checksum', 'signature'.\n"
|
||||
" --verify=MODE Verify downloaded image, one of: 'no',\n"
|
||||
" 'checksum', 'signature'\n"
|
||||
" --settings=BOOL Download settings file with image\n"
|
||||
" --image-root=PATH Image root directory\n"
|
||||
" --dkr-index-url=URL Specify index URL to use for downloads\n\n"
|
||||
"Commands:\n"
|
||||
|
@ -352,6 +354,7 @@ static int parse_argv(int argc, char *argv[]) {
|
|||
ARG_DKR_INDEX_URL,
|
||||
ARG_IMAGE_ROOT,
|
||||
ARG_VERIFY,
|
||||
ARG_SETTINGS,
|
||||
};
|
||||
|
||||
static const struct option options[] = {
|
||||
|
@ -361,10 +364,11 @@ static int parse_argv(int argc, char *argv[]) {
|
|||
{ "dkr-index-url", required_argument, NULL, ARG_DKR_INDEX_URL },
|
||||
{ "image-root", required_argument, NULL, ARG_IMAGE_ROOT },
|
||||
{ "verify", required_argument, NULL, ARG_VERIFY },
|
||||
{ "settings", required_argument, NULL, ARG_SETTINGS },
|
||||
{}
|
||||
};
|
||||
|
||||
int c;
|
||||
int c, r;
|
||||
|
||||
assert(argc >= 0);
|
||||
assert(argv);
|
||||
|
@ -407,6 +411,14 @@ static int parse_argv(int argc, char *argv[]) {
|
|||
|
||||
break;
|
||||
|
||||
case ARG_SETTINGS:
|
||||
r = parse_boolean(optarg);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to parse --settings= parameter '%s'", optarg);
|
||||
|
||||
arg_settings = r;
|
||||
break;
|
||||
|
||||
case '?':
|
||||
return -EINVAL;
|
||||
|
||||
|
|
|
@ -34,5 +34,5 @@ Network.Interface, config_parse_strv, 0, offsetof(Settings, net
|
|||
Network.MACVLAN, config_parse_strv, 0, offsetof(Settings, network_macvlan)
|
||||
Network.IPVLAN, config_parse_strv, 0, offsetof(Settings, network_ipvlan)
|
||||
Network.VirtualEthernet, config_parse_tristate, 0, offsetof(Settings, network_veth)
|
||||
Network.Bridge config_parse_string, 0, offsetof(Settings, network_bridge)
|
||||
Network.Bridge, config_parse_string, 0, offsetof(Settings, network_bridge)
|
||||
Network.Port, config_parse_expose_port, 0, 0
|
||||
|
|
Loading…
Reference in a new issue