dasharo/systemd
0
0
Fork 0
mirror of https://github.com/Dasharo/systemd.git synced 2026-03-06 15:02:31 -08:00
Code Issues Packages Projects Releases Wiki Activity

import: introduce new mini-daemon systemd-importd, and make machinectl a client to it

Browse Source 
The old "systemd-import" binary is now an internal tool. We still use it
as asynchronous backend for systemd-importd. Since the import tool might
require some IO and CPU resources (due to qcow2 explosion, and
decompression), and because we might want to run it with more minimal
priviliges we still keep it around as the worker binary to execute as
child process of importd.

machinectl now has verbs for pulling down images, cancelling them and
listing them.
This commit is contained in:
Lennart Poettering
2015-01-22 03:57:15 +01:00
parent f4c135bf2f
commit 3d7415f43f
27 changed files with 2016 additions and 282 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -83,6 +83,7 @@
/systemd-hostnamed
/systemd-hwdb
/systemd-import
/systemd-importd
/systemd-inhibit
/systemd-initctl
/systemd-journal-gatewayd

62
Makefile.am
View File

@@ -902,7 +902,9 @@ libsystemd_shared_la_SOURCES = \
src/shared/verbs.h \
src/shared/sigbus.c \
src/shared/sigbus.h \
src/shared/build.h
src/shared/build.h \
src/shared/import-util.c \
src/shared/import-util.h
if HAVE_UTMP
libsystemd_shared_la_SOURCES += \
@@ -5253,15 +5255,35 @@ libnss_mymachines_la_LIBADD = \
lib_LTLIBRARIES += \
libnss_mymachines.la
endif
# ------------------------------------------------------------------------------
if ENABLE_IMPORTD
if HAVE_LIBCURL
if HAVE_XZ
if HAVE_ZLIB
if HAVE_BZIP2
if HAVE_GCRYPT
bin_PROGRAMS += \
rootlibexec_PROGRAMS += \
systemd-importd \
systemd-import
systemd_importd_SOURCES = \
src/import/importd.c \
src/import/importd.h
systemd_importd_CFLAGS = \
$(AM_CFLAGS) \
-D SYSTEMD_IMPORT_PATH=\"$(rootlibexecdir)/systemd-import\" \
-D VENDOR_KEYRING_PATH=\"$(rootlibexecdir)/import-pubring.gpg\" \
-D USER_KEYRING_PATH=\"$(pkgsysconfdir)/import-pubring.gpg\"
systemd_importd_LDADD = \
libsystemd-internal.la \
libsystemd-shared.la
systemd_import_SOURCES = \
src/import/import.c \
src/import/import-raw.c \
@@ -5272,8 +5294,8 @@ systemd_import_SOURCES = \
src/import/import-dkr.h \
src/import/import-job.c \
src/import/import-job.h \
src/import/import-util.c \
src/import/import-util.h \
src/import/import-common.c \
src/import/import-common.h \
src/import/curl-util.c \
src/import/curl-util.h \
src/import/aufs-util.c \
@@ -5300,6 +5322,36 @@ systemd_import_LDADD = \
-lbz2 \
$(GCRYPT_LIBS)
dist_rootlibexec_DATA = \
src/import/import-pubring.gpg
nodist_systemunit_DATA += \
units/systemd-importd.service
EXTRA_DIST += \
units/systemd-importd.service.in
dist_systemunit_DATA_busnames += \
units/org.freedesktop.import1.busname
BUSNAMES_TARGET_WANTS += \
org.freedesktop.import1.busname
SYSTEM_UNIT_ALIASES += \
systemd-importd.service dbus-org.freedesktop.import1.service
dist_dbussystemservice_DATA += \
src/import/org.freedesktop.import1.service
dist_dbuspolicy_DATA += \
src/import/org.freedesktop.import1.conf
polkitpolicy_files += \
src/import/org.freedesktop.import1.policy
polkitpolicy_in_files += \
src/import/org.freedesktop.import1.policy.in
manual_tests += \
test-qcow2
@@ -5318,8 +5370,6 @@ test_qcow2_LDADD = \
libsystemd-shared.la \
$(ZLIB_LIBS)
dist_rootlibexec_DATA = \
src/import/import-pubring.gpg
endif
endif
endif

10
configure.ac
View File

@@ -1005,6 +1005,15 @@ fi
AM_CONDITIONAL(ENABLE_MACHINED, [test "$have_machined" = "yes"])
AS_IF([test "$have_machined" = "yes"], [ AC_DEFINE(HAVE_MACHINED, [1], [Machined support available]) ])
# ------------------------------------------------------------------------------
have_importd=no
AC_ARG_ENABLE(importd, AS_HELP_STRING([--disable-importd], [disable import daemon]))
if test "x$enable_importd" != "xno"; then
have_importd=yes
fi
AM_CONDITIONAL(ENABLE_IMPORTD, [test "$have_importd" = "yes"])
AS_IF([test "$have_importd" = "yes"], [ AC_DEFINE(HAVE_IMPORTD, [1], [Importd support available]) ])
# ------------------------------------------------------------------------------
have_hostnamed=no
AC_ARG_ENABLE(hostnamed, AS_HELP_STRING([--disable-hostnamed], [disable hostname daemon]))
@@ -1459,6 +1468,7 @@ AC_MSG_RESULT([
rfkill: ${have_rfkill}
logind: ${have_logind}
machined: ${have_machined}
importd: ${have_importd}
hostnamed: ${have_hostnamed}
timedated: ${have_timedated}
timesyncd: ${have_timesyncd}

1
src/import/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
/org.freedesktop.import1.policy

76
src/import/import-util.c → src/import/import-common.c
View File

@@ -26,20 +26,10 @@
#include "copy.h"
#include "btrfs-util.h"
#include "import-job.h"
#include "import-util.h"
#include "import-common.h"
#define FILENAME_ESCAPE "/.#\"\'"
bool http_etag_is_valid(const char *etag) {
if (!endswith(etag, "\""))
return false;
if (!startswith(etag, "\"") && !startswith(etag, "W/\""))
return false;
return true;
}
int import_find_old_etags(const char *url, const char *image_root, int dt, const char *prefix, const char *suffix, char ***etags) {
_cleanup_free_ char *escaped_url = NULL;
_cleanup_closedir_ DIR *d = NULL;
@@ -222,66 +212,6 @@ int import_make_path(const char *url, const char *etag, const char *image_root,
return 0;
}
int import_url_last_component(const char *url, char **ret) {
const char *e, *p;
char *s;
e = strchrnul(url, '?');
while (e > url && e[-1] == '/')
e--;
p = e;
while (p > url && p[-1] != '/')
p--;
if (e <= p)
return -EINVAL;
s = strndup(p, e - p);
if (!s)
return -ENOMEM;
*ret = s;
return 0;
}
int import_url_change_last_component(const char *url, const char *suffix, char **ret) {
const char *e;
char *s;
assert(url);
assert(ret);
e = strchrnul(url, '?');
while (e > url && e[-1] == '/')
e--;
while (e > url && e[-1] != '/')
e--;
if (e <= url)
return -EINVAL;
s = new(char, (e - url) + strlen(suffix) + 1);
if (!s)
return -ENOMEM;
strcpy(mempcpy(s, url, e - url), suffix);
*ret = s;
return 0;
}
static const char* const import_verify_table[_IMPORT_VERIFY_MAX] = {
[IMPORT_VERIFY_NO] = "no",
[IMPORT_VERIFY_SUM] = "sum",
[IMPORT_VERIFY_SIGNATURE] = "signature",
};
DEFINE_STRING_TABLE_LOOKUP(import_verify, ImportVerify);
int import_make_verification_jobs(
ImportJob **ret_checksum_job,
ImportJob **ret_signature_job,
@@ -479,6 +409,10 @@ int import_verify(
cmd[k++] = "-";
cmd[k++] = NULL;
fd_cloexec(STDIN_FILENO, false);
fd_cloexec(STDOUT_FILENO, false);
fd_cloexec(STDERR_FILENO, false);
execvp("gpg", (char * const *) cmd);
log_error_errno(errno, "Failed to execute gpg: %m");
_exit(EXIT_FAILURE);

17
src/import/import-util.h → src/import/import-common.h
View File

@@ -24,16 +24,7 @@
#include <stdbool.h>
#include "import-job.h"
typedef enum ImportVerify {
IMPORT_VERIFY_NO,
IMPORT_VERIFY_SUM,
IMPORT_VERIFY_SIGNATURE,
_IMPORT_VERIFY_MAX,
_IMPORT_VERIFY_INVALID = -1,
} ImportVerify;
bool http_etag_is_valid(const char *etag);
#include "import-util.h"
int import_make_local_copy(const char *final, const char *root, const char *local, bool force_local);
@@ -44,11 +35,5 @@ int import_make_read_only(const char *path);
int import_make_path(const char *url, const char *etag, const char *image_root, const char *prefix, const char *suffix, char **ret);
int import_url_last_component(const char *url, char **ret);
int import_url_change_last_component(const char *url, const char *suffix, char **ret);
const char* import_verify_to_string(ImportVerify v) _const_;
ImportVerify import_verify_from_string(const char *s) _pure_;
int import_make_verification_jobs(ImportJob **ret_checksum_job, ImportJob **ret_signature_job, ImportVerify verify, const char *url, CurlGlue *glue, ImportJobFinished on_finished, void *userdata);
int import_verify(ImportJob *main_job, ImportJob *checksum_job, ImportJob *signature_job);

34
src/import/import-dkr.c
View File

@@ -28,10 +28,11 @@
#include "btrfs-util.h"
#include "utf8.h"
#include "mkdir.h"
#include "import-util.h"
#include "curl-util.h"
#include "aufs-util.h"
#include "import-util.h"
#include "import-job.h"
#include "import-common.h"
#include "import-dkr.h"
struct DkrImport {
@@ -854,34 +855,3 @@ int dkr_import_pull(DkrImport *i, const char *name, const char *tag, const char
return import_job_begin(i->images_job);
}
bool dkr_name_is_valid(const char *name) {
const char *slash, *p;
if (isempty(name))
return false;
slash = strchr(name, '/');
if (!slash)
return false;
if (!filename_is_valid(slash + 1))
return false;
p = strndupa(name, slash - name);
if (!filename_is_valid(p))
return false;
return true;
}
bool dkr_id_is_valid(const char *id) {
if (!filename_is_valid(id))
return false;
if (!in_charset(id, "0123456789abcdef"))
return false;
return true;
}

4
src/import/import-dkr.h
View File

@@ -32,7 +32,3 @@ DkrImport* dkr_import_unref(DkrImport *import);
DEFINE_TRIVIAL_CLEANUP_FUNC(DkrImport*, dkr_import_unref);
int dkr_import_pull(DkrImport *import, const char *name, const char *tag, const char *local, bool force_local);
bool dkr_name_is_valid(const char *name);
bool dkr_id_is_valid(const char *id);
#define dkr_tag_is_valid(tag) filename_is_valid(tag)

3
src/import/import-raw.c
View File

@@ -30,10 +30,11 @@
#include "util.h"
#include "macro.h"
#include "mkdir.h"
#include "import-util.h"
#include "curl-util.h"
#include "qcow2-util.h"
#include "import-job.h"
#include "import-util.h"
#include "import-common.h"
#include "import-raw.h"
typedef struct RawImportFile RawImportFile;

3
src/import/import-tar.c
View File

@@ -29,9 +29,10 @@
#include "util.h"
#include "macro.h"
#include "mkdir.h"
#include "import-util.h"
#include "curl-util.h"
#include "import-job.h"
#include "import-util.h"
#include "import-common.h"
#include "import-tar.h"
struct TarImport {

104
src/import/import.c
View File

@@ -36,6 +36,12 @@ static const char *arg_image_root = "/var/lib/machines";
static ImportVerify arg_verify = IMPORT_VERIFY_SIGNATURE;
static const char* arg_dkr_index_url = DEFAULT_DKR_INDEX_URL;
static int interrupt_signal_handler(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
log_notice("Transfer aborted.");
sd_event_exit(sd_event_source_get_event(s), EINTR);
return 0;
}
static void on_tar_finished(TarImport *import, int error, void *userdata) {
sd_event *event = userdata;
assert(import);
@@ -43,34 +49,7 @@ static void on_tar_finished(TarImport *import, int error, void *userdata) {
if (error == 0)
log_info("Operation completed successfully.");
sd_event_exit(event, EXIT_FAILURE);
}
static int strip_tar_suffixes(const char *name, char **ret) {
const char *e;
char *s;
e = endswith(name, ".tar");
if (!e)
e = endswith(name, ".tar.xz");
if (!e)
e = endswith(name, ".tar.gz");
if (!e)
e = endswith(name, ".tar.bz2");
if (!e)
e = endswith(name, ".tgz");
if (!e)
e = strchr(name, 0);
if (e <= name)
return -EINVAL;
s = strndup(name, e - name);
if (!s)
return -ENOMEM;
*ret = s;
return 0;
sd_event_exit(event, abs(error));
}
static int pull_tar(int argc, char *argv[], void *userdata) {
@@ -100,7 +79,7 @@ static int pull_tar(int argc, char *argv[], void *userdata) {
local = NULL;
if (local) {
r = strip_tar_suffixes(local, &ll);
r = tar_strip_suffixes(local, &ll);
if (r < 0)
return log_oom();
@@ -130,8 +109,8 @@ static int pull_tar(int argc, char *argv[], void *userdata) {
return log_error_errno(r, "Failed to allocate event loop: %m");
assert_se(sigprocmask_many(SIG_BLOCK, SIGTERM, SIGINT, -1) == 0);
sd_event_add_signal(event, NULL, SIGTERM, NULL, NULL);
sd_event_add_signal(event, NULL, SIGINT, NULL, NULL);
sd_event_add_signal(event, NULL, SIGTERM, interrupt_signal_handler, NULL);
sd_event_add_signal(event, NULL, SIGINT, interrupt_signal_handler, NULL);
r = tar_import_new(&import, event, arg_image_root, on_tar_finished, event);
if (r < 0)
@@ -146,8 +125,7 @@ static int pull_tar(int argc, char *argv[], void *userdata) {
return log_error_errno(r, "Failed to run event loop: %m");
log_info("Exiting.");
return r;
return -r;
}
static void on_raw_finished(RawImport *import, int error, void *userdata) {
@@ -157,47 +135,7 @@ static void on_raw_finished(RawImport *import, int error, void *userdata) {
if (error == 0)
log_info("Operation completed successfully.");
sd_event_exit(event, EXIT_FAILURE);
}
static int strip_raw_suffixes(const char *p, char **ret) {
static const char suffixes[] =
".xz\0"
".gz\0"
".bz2\0"
".raw\0"
".qcow2\0"
".img\0"
".bin\0";
_cleanup_free_ char *q = NULL;
q = strdup(p);
if (!q)
return -ENOMEM;
for (;;) {
const char *sfx;
bool changed = false;
NULSTR_FOREACH(sfx, suffixes) {
char *e;
e = endswith(q, sfx);
if (e) {
*e = 0;
changed = true;
}
}
if (!changed)
break;
}
*ret = q;
q = NULL;
return 0;
sd_event_exit(event, abs(error));
}
static int pull_raw(int argc, char *argv[], void *userdata) {
@@ -227,7 +165,7 @@ static int pull_raw(int argc, char *argv[], void *userdata) {
local = NULL;
if (local) {
r = strip_raw_suffixes(local, &ll);
r = raw_strip_suffixes(local, &ll);
if (r < 0)
return log_oom();
@@ -257,8 +195,8 @@ static int pull_raw(int argc, char *argv[], void *userdata) {
return log_error_errno(r, "Failed to allocate event loop: %m");
assert_se(sigprocmask_many(SIG_BLOCK, SIGTERM, SIGINT, -1) == 0);
sd_event_add_signal(event, NULL, SIGTERM, NULL, NULL);
sd_event_add_signal(event, NULL, SIGINT, NULL, NULL);
sd_event_add_signal(event, NULL, SIGTERM, interrupt_signal_handler, NULL);
sd_event_add_signal(event, NULL, SIGINT, interrupt_signal_handler, NULL);
r = raw_import_new(&import, event, arg_image_root, on_raw_finished, event);
if (r < 0)
@@ -273,8 +211,7 @@ static int pull_raw(int argc, char *argv[], void *userdata) {
return log_error_errno(r, "Failed to run event loop: %m");
log_info("Exiting.");
return r;
return -r;
}
static void on_dkr_finished(DkrImport *import, int error, void *userdata) {
@@ -284,7 +221,7 @@ static void on_dkr_finished(DkrImport *import, int error, void *userdata) {
if (error == 0)
log_info("Operation completed successfully.");
sd_event_exit(event, EXIT_FAILURE);
sd_event_exit(event, abs(error));
}
static int pull_dkr(int argc, char *argv[], void *userdata) {
@@ -360,8 +297,8 @@ static int pull_dkr(int argc, char *argv[], void *userdata) {
return log_error_errno(r, "Failed to allocate event loop: %m");
assert_se(sigprocmask_many(SIG_BLOCK, SIGTERM, SIGINT, -1) == 0);
sd_event_add_signal(event, NULL, SIGTERM, NULL, NULL);
sd_event_add_signal(event, NULL, SIGINT, NULL, NULL);
sd_event_add_signal(event, NULL, SIGTERM, interrupt_signal_handler, NULL);
sd_event_add_signal(event, NULL, SIGINT, interrupt_signal_handler, NULL);
r = dkr_import_new(&import, event, arg_dkr_index_url, arg_image_root, on_dkr_finished, event);
if (r < 0)
@@ -376,8 +313,7 @@ static int pull_dkr(int argc, char *argv[], void *userdata) {
return log_error_errno(r, "Failed to run event loop: %m");
log_info("Exiting.");
return 0;
return -r;
}
static int help(int argc, char *argv[], void *userdata) {

958
src/import/importd.c Normal file
View File

File diff suppressed because it is too large Load Diff

62
src/import/org.freedesktop.import1.conf Normal file
View File

@@ -0,0 +1,62 @@
<?xml version="1.0"?> <!--*-nxml-*-->
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<!--
This file is part of systemd.
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
-->
<busconfig>
<policy user="root">
<allow own="org.freedesktop.import1"/>
<allow send_destination="org.freedesktop.import1"/>
<allow receive_sender="org.freedesktop.import1"/>
</policy>
<policy context="default">
<deny send_destination="org.freedesktop.import1"/>
<allow send_destination="org.freedesktop.import1"
send_interface="org.freedesktop.DBus.Introspectable"/>
<allow send_destination="org.freedesktop.import1"
send_interface="org.freedesktop.DBus.Peer"/>
<allow send_destination="org.freedesktop.import1"
send_interface="org.freedesktop.DBus.Properties"
send_member="Get"/>
<allow send_destination="org.freedesktop.import1"
send_interface="org.freedesktop.DBus.Properties"
send_member="GetAll"/>
<allow send_destination="org.freedesktop.import1"
send_interface="org.freedesktop.import1.Manager"
send_member="ListTransmissions"/>
<allow send_destination="org.freedesktop.import1"
send_interface="org.freedesktop.import1.Manager"
send_member="PullTar"/>
<allow send_destination="org.freedesktop.import1"
send_interface="org.freedesktop.import1.Manager"
send_member="PullRaw"/>
<allow send_destination="org.freedesktop.import1"
send_interface="org.freedesktop.import1.Manager"
send_member="PullDkr"/>
<allow send_destination="org.freedesktop.import1"
send_interface="org.freedesktop.import1.Transfer"
send_member="Cancel"/>
<allow receive_sender="org.freedesktop.import1"/>
</policy>
</busconfig>

29
src/import/org.freedesktop.import1.policy.in Normal file
View File

@@ -0,0 +1,29 @@
<?xml version="1.0" encoding="UTF-8"?> <!--*-nxml-*-->
<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<!--
This file is part of systemd.
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
-->
<policyconfig>
<vendor>The systemd Project</vendor>
<vendor_url>http://www.freedesktop.org/wiki/Software/systemd</vendor_url>
<action id="org.freedesktop.import1.pull">
<_description>Download a VM or container image</_description>
<_message>Authentication is required to download a VM or container image</_message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
</policyconfig>

12
src/import/org.freedesktop.import1.service Normal file
View File

@@ -0,0 +1,12 @@
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
[D-BUS Service]
Name=org.freedesktop.import1
Exec=/bin/false
User=root
SystemdService=dbus-org.freedesktop.import1.service

40
src/journal/journald-syslog.c
View File

@@ -238,46 +238,6 @@ size_t syslog_parse_identifier(const char **buf, char **identifier, char **pid)
return e;
}
void syslog_parse_priority(const char **p, int *priority, bool with_facility) {
int a = 0, b = 0, c = 0;
int k;
assert(p);
assert(*p);
assert(priority);
if ((*p)[0] != '<')
return;
if (!strchr(*p, '>'))
return;
if ((*p)[2] == '>') {
c = undecchar((*p)[1]);
k = 3;
} else if ((*p)[3] == '>') {
b = undecchar((*p)[1]);
c = undecchar((*p)[2]);
k = 4;
} else if ((*p)[4] == '>') {
a = undecchar((*p)[1]);
b = undecchar((*p)[2]);
c = undecchar((*p)[3]);
k = 5;
} else
return;
if (a < 0 || b < 0 || c < 0 ||
(!with_facility && (a || b || c > 7)))
return;
if (with_facility)
*priority = a*100 + b*10 + c;
else
*priority = (*priority & LOG_FACMASK) | c;
*p += k;
}
static void syslog_skip_date(char **buf) {
enum {
LETTER,

1
src/journal/journald-syslog.h
View File

@@ -25,7 +25,6 @@
int syslog_fixup_facility(int priority) _const_;
void syslog_parse_priority(const char **p, int *priority, bool with_facility);
size_t syslog_parse_identifier(const char **buf, char **identifier, char **pid);
void server_forward_syslog(Server *s, int priority, const char *identifier, const char *message, const struct ucred *ucred, const struct timeval *tv);

3
src/libsystemd/sd-bus/bus-common-errors.c
View File

@@ -73,5 +73,8 @@ BUS_ERROR_MAP_ELF_REGISTER const sd_bus_error_map bus_common_errors[] = {
SD_BUS_ERROR_MAP(BUS_ERROR_CNAME_LOOP, EDEADLOCK),
SD_BUS_ERROR_MAP(BUS_ERROR_ABORTED, ECANCELED),
SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_TRANSFER, ENXIO),
SD_BUS_ERROR_MAP(BUS_ERROR_TRANSFER_IN_PROGRESS, EBUSY),
SD_BUS_ERROR_MAP_END
};

3
src/libsystemd/sd-bus/bus-common-errors.h
View File

@@ -72,4 +72,7 @@
#define BUS_ERROR_ABORTED "org.freedesktop.resolve1.Aborted"
#define _BUS_ERROR_DNS "org.freedesktop.resolve1.DnsError."
#define BUS_ERROR_NO_SUCH_TRANSFER "org.freedesktop.import1.NoSuchTransfer"
#define BUS_ERROR_TRANSFER_IN_PROGRESS "org.freedesktop.import1.TransferInProgress"
BUS_ERROR_MAP_ELF_USE(bus_common_errors);

553
src/machine/machinectl.c
View File

File diff suppressed because it is too large Load Diff

Some files were not shown because too many files have changed in this diff Show More