#include <sys/prctl.h>
#include <curl/curl.h>
+#include "sd-daemon.h"
#include "utf8.h"
#include "strv.h"
#include "copy.h"
#include "util.h"
#include "macro.h"
#include "mkdir.h"
+#include "import-util.h"
#include "curl-util.h"
#include "import-job.h"
-#include "import-util.h"
+#include "import-common.h"
#include "import-tar.h"
+typedef enum TarProgress {
+ TAR_DOWNLOADING,
+ TAR_VERIFYING,
+ TAR_FINALIZING,
+ TAR_COPYING,
+} TarProgress;
+
struct TarImport {
sd_event *event;
CurlGlue *glue;
char *image_root;
ImportJob *tar_job;
+ ImportJob *checksum_job;
+ ImportJob *signature_job;
TarImportFinished on_finished;
void *userdata;
char *temp_path;
char *final_path;
+
+ ImportVerify verify;
};
TarImport* tar_import_unref(TarImport *i) {
if (!i)
return NULL;
- if (i->tar_pid > 0) {
- kill(i->tar_pid, SIGKILL);
- wait_for_terminate(i->tar_pid, NULL);
+ if (i->tar_pid > 1) {
+ (void) kill_and_sigcont(i->tar_pid, SIGKILL);
+ (void) wait_for_terminate(i->tar_pid, NULL);
}
import_job_unref(i->tar_job);
+ import_job_unref(i->checksum_job);
+ import_job_unref(i->signature_job);
curl_glue_unref(i->glue);
sd_event_unref(i->event);
free(i->final_path);
free(i->image_root);
free(i->local);
-
free(i);
return NULL;
}
-int tar_import_new(TarImport **ret, sd_event *event, const char *image_root, TarImportFinished on_finished, void *userdata) {
+int tar_import_new(
+ TarImport **ret,
+ sd_event *event,
+ const char *image_root,
+ TarImportFinished on_finished,
+ void *userdata) {
+
_cleanup_(tar_import_unrefp) TarImport *i = NULL;
int r;
return 0;
}
+static void tar_import_report_progress(TarImport *i, TarProgress p) {
+ unsigned percent;
+
+ assert(i);
+
+ switch (p) {
+
+ case TAR_DOWNLOADING: {
+ unsigned remain = 85;
+
+ percent = 0;
+
+ if (i->checksum_job) {
+ percent += i->checksum_job->progress_percent * 5 / 100;
+ remain -= 5;
+ }
+
+ if (i->signature_job) {
+ percent += i->signature_job->progress_percent * 5 / 100;
+ remain -= 5;
+ }
+
+ if (i->tar_job)
+ percent += i->tar_job->progress_percent * remain / 100;
+ break;
+ }
+
+ case TAR_VERIFYING:
+ percent = 85;
+ break;
+
+ case TAR_FINALIZING:
+ percent = 90;
+ break;
+
+ case TAR_COPYING:
+ percent = 95;
+ break;
+
+ default:
+ assert_not_reached("Unknown progress state");
+ }
+
+ sd_notifyf(false, "X_IMPORT_PROGRESS=%u", percent);
+ log_debug("Combined progress %u%%", percent);
+}
+
static int tar_import_make_local_copy(TarImport *i) {
int r;
r = import_make_path(i->tar_job->url, i->tar_job->etag, i->image_root, ".tar-", NULL, &i->final_path);
if (r < 0)
return log_oom();
-
- r = import_make_local_copy(i->final_path, i->image_root, i->local, i->force_local);
- if (r < 0)
- return r;
}
+ r = import_make_local_copy(i->final_path, i->image_root, i->local, i->force_local);
+ if (r < 0)
+ return r;
+
return 0;
}
+static bool tar_import_is_done(TarImport *i) {
+ assert(i);
+ assert(i->tar_job);
+
+ if (i->tar_job->state != IMPORT_JOB_DONE)
+ return false;
+ if (i->checksum_job && i->checksum_job->state != IMPORT_JOB_DONE)
+ return false;
+ if (i->signature_job && i->signature_job->state != IMPORT_JOB_DONE)
+ return false;
+
+ return true;
+}
+
static void tar_import_job_on_finished(ImportJob *j) {
TarImport *i;
int r;
i = j->userdata;
if (j->error != 0) {
+ if (j == i->checksum_job)
+ log_error_errno(j->error, "Failed to retrieve SHA256 checksum, cannot verify. (Try --verify=no?)");
+ else if (j == i->signature_job)
+ log_error_errno(j->error, "Failed to retrieve signature file, cannot verify. (Try --verify=no?)");
+ else
+ log_error_errno(j->error, "Failed to retrieve image file. (Wrong URL?)");
+
r = j->error;
goto finish;
}
* successfully, or the download was skipped because we
* already have the etag. */
- j->disk_fd = safe_close(j->disk_fd);
+ if (!tar_import_is_done(i))
+ return;
+
+ j->disk_fd = safe_close(i->tar_job->disk_fd);
if (i->tar_pid > 0) {
r = wait_for_terminate_and_warn("tar", i->tar_pid, true);
goto finish;
}
- if (i->temp_path) {
+ if (!i->tar_job->etag_exists) {
+ /* This is a new download, verify it, and move it into place */
+
+ tar_import_report_progress(i, TAR_VERIFYING);
+
+ r = import_verify(i->tar_job, i->checksum_job, i->signature_job);
+ if (r < 0)
+ goto finish;
+
+ tar_import_report_progress(i, TAR_FINALIZING);
+
r = import_make_read_only(i->temp_path);
if (r < 0)
goto finish;
i->temp_path = NULL;
}
+ tar_import_report_progress(i, TAR_COPYING);
+
r = tar_import_make_local_copy(i);
if (r < 0)
goto finish;
assert(j->userdata);
i = j->userdata;
+ assert(i->tar_job == j);
+ assert(!i->final_path);
+ assert(!i->temp_path);
+ assert(i->tar_pid <= 0);
r = import_make_path(j->url, j->etag, i->image_root, ".tar-", NULL, &i->final_path);
if (r < 0)
} else if (r < 0)
return log_error_errno(errno, "Failed to create subvolume %s: %m", i->temp_path);
- if (pipe2(pipefd, O_CLOEXEC) < 0)
- return log_error_errno(errno, "Failed to create pipe for tar: %m");
-
- i->tar_pid = fork();
- if (i->tar_pid < 0)
- return log_error_errno(errno, "Failed to fork off tar: %m");
- if (i->tar_pid == 0) {
- int null_fd;
-
- reset_all_signal_handlers();
- reset_signal_mask();
- assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
-
- pipefd[1] = safe_close(pipefd[1]);
+ j->disk_fd = import_fork_tar(i->temp_path, &i->tar_pid);
+ if (j->disk_fd < 0)
+ return j->disk_fd;
- if (dup2(pipefd[0], STDIN_FILENO) != STDIN_FILENO) {
- log_error_errno(errno, "Failed to dup2() fd: %m");
- _exit(EXIT_FAILURE);
- }
-
- if (pipefd[0] != STDIN_FILENO)
- safe_close(pipefd[0]);
-
- null_fd = open("/dev/null", O_WRONLY|O_NOCTTY);
- if (null_fd < 0) {
- log_error_errno(errno, "Failed to open /dev/null: %m");
- _exit(EXIT_FAILURE);
- }
-
- if (dup2(null_fd, STDOUT_FILENO) != STDOUT_FILENO) {
- log_error_errno(errno, "Failed to dup2() fd: %m");
- _exit(EXIT_FAILURE);
- }
-
- if (null_fd != STDOUT_FILENO)
- safe_close(null_fd);
+ return 0;
+}
- execlp("tar", "tar", "--numeric-owner", "-C", i->temp_path, "-px", NULL);
- _exit(EXIT_FAILURE);
- }
+static void tar_import_job_on_progress(ImportJob *j) {
+ TarImport *i;
- pipefd[0] = safe_close(pipefd[0]);
+ assert(j);
+ assert(j->userdata);
- j->disk_fd = pipefd[1];
- pipefd[1] = -1;
+ i = j->userdata;
- return 0;
+ tar_import_report_progress(i, TAR_DOWNLOADING);
}
-int tar_import_pull(TarImport *i, const char *url, const char *local, bool force_local) {
+int tar_import_pull(TarImport *i, const char *url, const char *local, bool force_local, ImportVerify verify) {
int r;
assert(i);
- if (i->tar_job)
- return -EBUSY;
-
if (!http_url_is_valid(url))
return -EINVAL;
if (local && !machine_name_is_valid(local))
return -EINVAL;
+ if (i->tar_job)
+ return -EBUSY;
+
r = free_and_strdup(&i->local, local);
if (r < 0)
return r;
-
i->force_local = force_local;
+ i->verify = verify;
r = import_job_new(&i->tar_job, url, i->glue, i);
if (r < 0)
i->tar_job->on_finished = tar_import_job_on_finished;
i->tar_job->on_open_disk = tar_import_job_on_open_disk;
+ i->tar_job->on_progress = tar_import_job_on_progress;
+ i->tar_job->calc_checksum = verify != IMPORT_VERIFY_NO;
r = import_find_old_etags(url, i->image_root, DT_DIR, ".tar-", NULL, &i->tar_job->old_etags);
if (r < 0)
return r;
- return import_job_begin(i->tar_job);
+ r = import_make_verification_jobs(&i->checksum_job, &i->signature_job, verify, url, i->glue, tar_import_job_on_finished, i);
+ if (r < 0)
+ return r;
+
+ r = import_job_begin(i->tar_job);
+ if (r < 0)
+ return r;
+
+ if (i->checksum_job) {
+ i->checksum_job->on_progress = tar_import_job_on_progress;
+
+ r = import_job_begin(i->checksum_job);
+ if (r < 0)
+ return r;
+ }
+
+ if (i->signature_job) {
+ i->signature_job->on_progress = tar_import_job_on_progress;
+
+ r = import_job_begin(i->signature_job);
+ if (r < 0)
+ return r;
+ }
+
+ return 0;
}