xref: /freebsd/usr.bin/xinstall/xinstall.c (revision 2710751bc309af25c6dea1171781678258e83840)
1 /*
2  * Copyright (c) 2012, 2013 SRI International
3  * Copyright (c) 1987, 1993
4  *	The Regents of the University of California.  All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  * 4. Neither the name of the University nor the names of its contributors
15  *    may be used to endorse or promote products derived from this software
16  *    without specific prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
19  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28  * SUCH DAMAGE.
29  */
30 
31 #ifndef lint
32 static const char copyright[] =
33 "@(#) Copyright (c) 1987, 1993\n\
34 	The Regents of the University of California.  All rights reserved.\n";
35 #endif /* not lint */
36 
37 #if 0
38 #ifndef lint
39 static char sccsid[] = "@(#)xinstall.c	8.1 (Berkeley) 7/21/93";
40 #endif /* not lint */
41 #endif
42 
43 #include <sys/cdefs.h>
44 __FBSDID("$FreeBSD$");
45 
46 #include <sys/param.h>
47 #include <sys/mman.h>
48 #include <sys/mount.h>
49 #include <sys/stat.h>
50 #include <sys/time.h>
51 #include <sys/wait.h>
52 
53 #include <err.h>
54 #include <errno.h>
55 #include <fcntl.h>
56 #include <grp.h>
57 #include <libgen.h>
58 #include <md5.h>
59 #include <paths.h>
60 #include <pwd.h>
61 #include <ripemd.h>
62 #include <sha.h>
63 #include <sha256.h>
64 #include <sha512.h>
65 #include <stdint.h>
66 #include <stdio.h>
67 #include <stdlib.h>
68 #include <string.h>
69 #include <sysexits.h>
70 #include <unistd.h>
71 #include <vis.h>
72 
73 #include "mtree.h"
74 
75 /* Bootstrap aid - this doesn't exist in most older releases */
76 #ifndef MAP_FAILED
77 #define MAP_FAILED ((void *)-1)	/* from <sys/mman.h> */
78 #endif
79 
80 #define MAX_CMP_SIZE	(16 * 1024 * 1024)
81 
82 #define	LN_ABSOLUTE	0x01
83 #define	LN_RELATIVE	0x02
84 #define	LN_HARD		0x04
85 #define	LN_SYMBOLIC	0x08
86 #define	LN_MIXED	0x10
87 
88 #define	DIRECTORY	0x01		/* Tell install it's a directory. */
89 #define	SETFLAGS	0x02		/* Tell install to set flags. */
90 #define	NOCHANGEBITS	(UF_IMMUTABLE | UF_APPEND | SF_IMMUTABLE | SF_APPEND)
91 #define	BACKUP_SUFFIX	".old"
92 
93 typedef union {
94 	MD5_CTX		MD5;
95 	RIPEMD160_CTX	RIPEMD160;
96 	SHA1_CTX	SHA1;
97 	SHA256_CTX	SHA256;
98 	SHA512_CTX	SHA512;
99 }	DIGEST_CTX;
100 
101 static enum {
102 	DIGEST_NONE = 0,
103 	DIGEST_MD5,
104 	DIGEST_RIPEMD160,
105 	DIGEST_SHA1,
106 	DIGEST_SHA256,
107 	DIGEST_SHA512,
108 } digesttype = DIGEST_NONE;
109 
110 static gid_t gid;
111 static uid_t uid;
112 static int dobackup, docompare, dodir, dolink, dopreserve, dostrip, dounpriv,
113     safecopy, verbose;
114 static int haveopt_f, haveopt_g, haveopt_m, haveopt_o;
115 static mode_t mode = S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH;
116 static FILE *metafp;
117 static const char *group, *owner;
118 static const char *suffix = BACKUP_SUFFIX;
119 static char *destdir, *digest, *fflags, *metafile, *tags;
120 
121 static int	compare(int, const char *, size_t, int, const char *, size_t,
122 		    char **);
123 static char	*copy(int, const char *, int, const char *, off_t);
124 static int	create_newfile(const char *, int, struct stat *);
125 static int	create_tempfile(const char *, char *, size_t);
126 static char	*quiet_mktemp(char *template);
127 static char	*digest_file(const char *);
128 static void	digest_init(DIGEST_CTX *);
129 static void	digest_update(DIGEST_CTX *, const unsigned char *, size_t);
130 static char	*digest_end(DIGEST_CTX *, char *);
131 static int	do_link(const char *, const char *, const struct stat *);
132 static void	do_symlink(const char *, const char *, const struct stat *);
133 static void	makelink(const char *, const char *, const struct stat *);
134 static void	install(const char *, const char *, u_long, u_int);
135 static void	install_dir(char *);
136 static void	metadata_log(const char *, const char *, struct timeval *,
137 		    const char *, const char *, off_t);
138 static int	parseid(const char *, id_t *);
139 static void	strip(const char *);
140 static int	trymmap(int);
141 static void	usage(void);
142 
143 int
144 main(int argc, char *argv[])
145 {
146 	struct stat from_sb, to_sb;
147 	mode_t *set;
148 	u_long fset;
149 	int ch, no_target;
150 	u_int iflags;
151 	char *p;
152 	const char *to_name;
153 
154 	iflags = 0;
155 	group = owner = NULL;
156 	while ((ch = getopt(argc, argv, "B:bCcD:df:g:h:l:M:m:N:o:pSsT:Uv")) !=
157 	     -1)
158 		switch((char)ch) {
159 		case 'B':
160 			suffix = optarg;
161 			/* FALLTHROUGH */
162 		case 'b':
163 			dobackup = 1;
164 			break;
165 		case 'C':
166 			docompare = 1;
167 			break;
168 		case 'c':
169 			/* For backwards compatibility. */
170 			break;
171 		case 'D':
172 			destdir = optarg;
173 			break;
174 		case 'd':
175 			dodir = 1;
176 			break;
177 		case 'f':
178 			haveopt_f = 1;
179 			fflags = optarg;
180 			break;
181 		case 'g':
182 			haveopt_g = 1;
183 			group = optarg;
184 			break;
185 		case 'h':
186 			digest = optarg;
187 			break;
188 		case 'l':
189 			for (p = optarg; *p != '\0'; p++)
190 				switch (*p) {
191 				case 's':
192 					dolink &= ~(LN_HARD|LN_MIXED);
193 					dolink |= LN_SYMBOLIC;
194 					break;
195 				case 'h':
196 					dolink &= ~(LN_SYMBOLIC|LN_MIXED);
197 					dolink |= LN_HARD;
198 					break;
199 				case 'm':
200 					dolink &= ~(LN_SYMBOLIC|LN_HARD);
201 					dolink |= LN_MIXED;
202 					break;
203 				case 'a':
204 					dolink &= ~LN_RELATIVE;
205 					dolink |= LN_ABSOLUTE;
206 					break;
207 				case 'r':
208 					dolink &= ~LN_ABSOLUTE;
209 					dolink |= LN_RELATIVE;
210 					break;
211 				default:
212 					errx(1, "%c: invalid link type", *p);
213 					/* NOTREACHED */
214 				}
215 			break;
216 		case 'M':
217 			metafile = optarg;
218 			break;
219 		case 'm':
220 			haveopt_m = 1;
221 			if (!(set = setmode(optarg)))
222 				errx(EX_USAGE, "invalid file mode: %s",
223 				     optarg);
224 			mode = getmode(set, 0);
225 			free(set);
226 			break;
227 		case 'N':
228 			if (!setup_getid(optarg))
229 				err(EX_OSERR, "Unable to use user and group "
230 				    "databases in `%s'", optarg);
231 			break;
232 		case 'o':
233 			haveopt_o = 1;
234 			owner = optarg;
235 			break;
236 		case 'p':
237 			docompare = dopreserve = 1;
238 			break;
239 		case 'S':
240 			safecopy = 1;
241 			break;
242 		case 's':
243 			dostrip = 1;
244 			break;
245 		case 'T':
246 			tags = optarg;
247 			break;
248 		case 'U':
249 			dounpriv = 1;
250 			break;
251 		case 'v':
252 			verbose = 1;
253 			break;
254 		case '?':
255 		default:
256 			usage();
257 		}
258 	argc -= optind;
259 	argv += optind;
260 
261 	/* some options make no sense when creating directories */
262 	if (dostrip && dodir) {
263 		warnx("-d and -s may not be specified together");
264 		usage();
265 	}
266 
267 	if (getenv("DONTSTRIP") != NULL) {
268 		warnx("DONTSTRIP set - will not strip installed binaries");
269 		dostrip = 0;
270 	}
271 
272 	/* must have at least two arguments, except when creating directories */
273 	if (argc == 0 || (argc == 1 && !dodir))
274 		usage();
275 
276 	if (digest != NULL) {
277 		if (strcmp(digest, "none") == 0) {
278 			digesttype = DIGEST_NONE;
279 		} else if (strcmp(digest, "md5") == 0) {
280 		       digesttype = DIGEST_MD5;
281 		} else if (strcmp(digest, "rmd160") == 0) {
282 			digesttype = DIGEST_RIPEMD160;
283 		} else if (strcmp(digest, "sha1") == 0) {
284 			digesttype = DIGEST_SHA1;
285 		} else if (strcmp(digest, "sha256") == 0) {
286 			digesttype = DIGEST_SHA256;
287 		} else if (strcmp(digest, "sha512") == 0) {
288 			digesttype = DIGEST_SHA512;
289 		} else {
290 			warnx("unknown digest `%s'", digest);
291 			usage();
292 		}
293 	}
294 
295 	/* need to make a temp copy so we can compare stripped version */
296 	if (docompare && dostrip)
297 		safecopy = 1;
298 
299 	/* get group and owner id's */
300 	if (group != NULL && !dounpriv) {
301 		if (gid_from_group(group, &gid) == -1) {
302 			id_t id;
303 			if (!parseid(group, &id))
304 				errx(1, "unknown group %s", group);
305 			gid = id;
306 		}
307 	} else
308 		gid = (gid_t)-1;
309 
310 	if (owner != NULL && !dounpriv) {
311 		if (uid_from_user(owner, &uid) == -1) {
312 			id_t id;
313 			if (!parseid(owner, &id))
314 				errx(1, "unknown user %s", owner);
315 			uid = id;
316 		}
317 	} else
318 		uid = (uid_t)-1;
319 
320 	if (fflags != NULL && !dounpriv) {
321 		if (strtofflags(&fflags, &fset, NULL))
322 			errx(EX_USAGE, "%s: invalid flag", fflags);
323 		iflags |= SETFLAGS;
324 	}
325 
326 	if (metafile != NULL) {
327 		if ((metafp = fopen(metafile, "a")) == NULL)
328 			warn("open %s", metafile);
329 	} else
330 		digesttype = DIGEST_NONE;
331 
332 	if (dodir) {
333 		for (; *argv != NULL; ++argv)
334 			install_dir(*argv);
335 		exit(EX_OK);
336 		/* NOTREACHED */
337 	}
338 
339 	to_name = argv[argc - 1];
340 	no_target = stat(to_name, &to_sb);
341 	if (!no_target && S_ISDIR(to_sb.st_mode)) {
342 		if (dolink & LN_SYMBOLIC) {
343 			if (lstat(to_name, &to_sb) != 0)
344 				err(EX_OSERR, "%s vanished", to_name);
345 			if (S_ISLNK(to_sb.st_mode)) {
346 				if (argc != 2) {
347 					errno = ENOTDIR;
348 					err(EX_USAGE, "%s", to_name);
349 				}
350 				install(*argv, to_name, fset, iflags);
351 				exit(EX_OK);
352 			}
353 		}
354 		for (; *argv != to_name; ++argv)
355 			install(*argv, to_name, fset, iflags | DIRECTORY);
356 		exit(EX_OK);
357 		/* NOTREACHED */
358 	}
359 
360 	/* can't do file1 file2 directory/file */
361 	if (argc != 2) {
362 		if (no_target)
363 			warnx("target directory `%s' does not exist",
364 			    argv[argc - 1]);
365 		else
366 			warnx("target `%s' is not a directory",
367 			    argv[argc - 1]);
368 		usage();
369 	}
370 
371 	if (!no_target && !dolink) {
372 		if (stat(*argv, &from_sb))
373 			err(EX_OSERR, "%s", *argv);
374 		if (!S_ISREG(to_sb.st_mode)) {
375 			errno = EFTYPE;
376 			err(EX_OSERR, "%s", to_name);
377 		}
378 		if (to_sb.st_dev == from_sb.st_dev &&
379 		    to_sb.st_ino == from_sb.st_ino)
380 			errx(EX_USAGE,
381 			    "%s and %s are the same file", *argv, to_name);
382 	}
383 	install(*argv, to_name, fset, iflags);
384 	exit(EX_OK);
385 	/* NOTREACHED */
386 }
387 
388 static char *
389 digest_file(const char *name)
390 {
391 
392 	switch (digesttype) {
393 	case DIGEST_MD5:
394 		return (MD5File(name, NULL));
395 	case DIGEST_RIPEMD160:
396 		return (RIPEMD160_File(name, NULL));
397 	case DIGEST_SHA1:
398 		return (SHA1_File(name, NULL));
399 	case DIGEST_SHA256:
400 		return (SHA256_File(name, NULL));
401 	case DIGEST_SHA512:
402 		return (SHA512_File(name, NULL));
403 	default:
404 		return (NULL);
405 	}
406 }
407 
408 static void
409 digest_init(DIGEST_CTX *c)
410 {
411 
412 	switch (digesttype) {
413 	case DIGEST_NONE:
414 		break;
415 	case DIGEST_MD5:
416 		MD5Init(&(c->MD5));
417 		break;
418 	case DIGEST_RIPEMD160:
419 		RIPEMD160_Init(&(c->RIPEMD160));
420 		break;
421 	case DIGEST_SHA1:
422 		SHA1_Init(&(c->SHA1));
423 		break;
424 	case DIGEST_SHA256:
425 		SHA256_Init(&(c->SHA256));
426 		break;
427 	case DIGEST_SHA512:
428 		SHA512_Init(&(c->SHA512));
429 		break;
430 	}
431 }
432 
433 static void
434 digest_update(DIGEST_CTX *c, const unsigned char *data, size_t len)
435 {
436 
437 	switch (digesttype) {
438 	case DIGEST_NONE:
439 		break;
440 	case DIGEST_MD5:
441 		MD5Update(&(c->MD5), data, len);
442 		break;
443 	case DIGEST_RIPEMD160:
444 		RIPEMD160_Update(&(c->RIPEMD160), data, len);
445 		break;
446 	case DIGEST_SHA1:
447 		SHA1_Update(&(c->SHA1), data, len);
448 		break;
449 	case DIGEST_SHA256:
450 		SHA256_Update(&(c->SHA256), data, len);
451 		break;
452 	case DIGEST_SHA512:
453 		SHA512_Update(&(c->SHA512), data, len);
454 		break;
455 	}
456 }
457 
458 static char *
459 digest_end(DIGEST_CTX *c, char *buf)
460 {
461 
462 	switch (digesttype) {
463 	case DIGEST_MD5:
464 		return (MD5End(&(c->MD5), buf));
465 	case DIGEST_RIPEMD160:
466 		return (RIPEMD160_End(&(c->RIPEMD160), buf));
467 	case DIGEST_SHA1:
468 		return (SHA1_End(&(c->SHA1), buf));
469 	case DIGEST_SHA256:
470 		return (SHA256_End(&(c->SHA256), buf));
471 	case DIGEST_SHA512:
472 		return (SHA512_End(&(c->SHA512), buf));
473 	default:
474 		return (NULL);
475 	}
476 }
477 
478 /*
479  * parseid --
480  *	parse uid or gid from arg into id, returning non-zero if successful
481  */
482 static int
483 parseid(const char *name, id_t *id)
484 {
485 	char	*ep;
486 	errno = 0;
487 	*id = (id_t)strtoul(name, &ep, 10);
488 	if (errno || *ep != '\0')
489 		return (0);
490 	return (1);
491 }
492 
493 /*
494  * quiet_mktemp --
495  *	mktemp implementation used mkstemp to avoid mktemp warnings.  We
496  *	really do need mktemp semantics here as we will be creating a link.
497  */
498 static char *
499 quiet_mktemp(char *template)
500 {
501 	int fd;
502 
503 	if ((fd = mkstemp(template)) == -1)
504 		return (NULL);
505 	close (fd);
506 	if (unlink(template) == -1)
507 		err(EX_OSERR, "unlink %s", template);
508 	return (template);
509 }
510 
511 /*
512  * do_link --
513  *	make a hard link, obeying dorename if set
514  *	return -1 on failure
515  */
516 static int
517 do_link(const char *from_name, const char *to_name,
518     const struct stat *target_sb)
519 {
520 	char tmpl[MAXPATHLEN];
521 	int ret;
522 
523 	if (safecopy && target_sb != NULL) {
524 		(void)snprintf(tmpl, sizeof(tmpl), "%s.inst.XXXXXX", to_name);
525 		/* This usage is safe. */
526 		if (quiet_mktemp(tmpl) == NULL)
527 			err(EX_OSERR, "%s: mktemp", tmpl);
528 		ret = link(from_name, tmpl);
529 		if (ret == 0) {
530 			if (target_sb->st_mode & S_IFDIR && rmdir(to_name) ==
531 			    -1) {
532 				unlink(tmpl);
533 				err(EX_OSERR, "%s", to_name);
534 			}
535 			if (target_sb->st_flags & NOCHANGEBITS)
536 				(void)chflags(to_name, target_sb->st_flags &
537 				     ~NOCHANGEBITS);
538 			unlink(to_name);
539 			ret = rename(tmpl, to_name);
540 			/*
541 			 * If rename has posix semantics, then the temporary
542 			 * file may still exist when from_name and to_name point
543 			 * to the same file, so unlink it unconditionally.
544 			 */
545 			(void)unlink(tmpl);
546 		}
547 		return (ret);
548 	} else
549 		return (link(from_name, to_name));
550 }
551 
552 /*
553  * do_symlink --
554  *	Make a symbolic link, obeying dorename if set. Exit on failure.
555  */
556 static void
557 do_symlink(const char *from_name, const char *to_name,
558     const struct stat *target_sb)
559 {
560 	char tmpl[MAXPATHLEN];
561 
562 	if (safecopy && target_sb != NULL) {
563 		(void)snprintf(tmpl, sizeof(tmpl), "%s.inst.XXXXXX", to_name);
564 		/* This usage is safe. */
565 		if (quiet_mktemp(tmpl) == NULL)
566 			err(EX_OSERR, "%s: mktemp", tmpl);
567 
568 		if (symlink(from_name, tmpl) == -1)
569 			err(EX_OSERR, "symlink %s -> %s", from_name, tmpl);
570 
571 		if (target_sb->st_mode & S_IFDIR && rmdir(to_name) == -1) {
572 			(void)unlink(tmpl);
573 			err(EX_OSERR, "%s", to_name);
574 		}
575 		if (target_sb->st_flags & NOCHANGEBITS)
576 			(void)chflags(to_name, target_sb->st_flags &
577 			     ~NOCHANGEBITS);
578 		unlink(to_name);
579 
580 		if (rename(tmpl, to_name) == -1) {
581 			/* Remove temporary link before exiting. */
582 			(void)unlink(tmpl);
583 			err(EX_OSERR, "%s: rename", to_name);
584 		}
585 	} else {
586 		if (symlink(from_name, to_name) == -1)
587 			err(EX_OSERR, "symlink %s -> %s", from_name, to_name);
588 	}
589 }
590 
591 /*
592  * makelink --
593  *	make a link from source to destination
594  */
595 static void
596 makelink(const char *from_name, const char *to_name,
597     const struct stat *target_sb)
598 {
599 	char	src[MAXPATHLEN], dst[MAXPATHLEN], lnk[MAXPATHLEN];
600 	struct stat	to_sb;
601 
602 	/* Try hard links first. */
603 	if (dolink & (LN_HARD|LN_MIXED)) {
604 		if (do_link(from_name, to_name, target_sb) == -1) {
605 			if ((dolink & LN_HARD) || errno != EXDEV)
606 				err(EX_OSERR, "link %s -> %s", from_name, to_name);
607 		} else {
608 			if (stat(to_name, &to_sb))
609 				err(EX_OSERR, "%s: stat", to_name);
610 			if (S_ISREG(to_sb.st_mode)) {
611 				/*
612 				 * XXX: hard links to anything other than
613 				 * plain files are not metalogged
614 				 */
615 				int omode;
616 				const char *oowner, *ogroup;
617 				char *offlags;
618 				char *dres;
619 
620 				/*
621 				 * XXX: use underlying perms, unless
622 				 * overridden on command line.
623 				 */
624 				omode = mode;
625 				if (!haveopt_m)
626 					mode = (to_sb.st_mode & 0777);
627 				oowner = owner;
628 				if (!haveopt_o)
629 					owner = NULL;
630 				ogroup = group;
631 				if (!haveopt_g)
632 					group = NULL;
633 				offlags = fflags;
634 				if (!haveopt_f)
635 					fflags = NULL;
636 				dres = digest_file(from_name);
637 				metadata_log(to_name, "file", NULL, NULL,
638 				    dres, to_sb.st_size);
639 				free(dres);
640 				mode = omode;
641 				owner = oowner;
642 				group = ogroup;
643 				fflags = offlags;
644 			}
645 			return;
646 		}
647 	}
648 
649 	/* Symbolic links. */
650 	if (dolink & LN_ABSOLUTE) {
651 		/* Convert source path to absolute. */
652 		if (realpath(from_name, src) == NULL)
653 			err(EX_OSERR, "%s: realpath", from_name);
654 		do_symlink(src, to_name, target_sb);
655 		/* XXX: src may point outside of destdir */
656 		metadata_log(to_name, "link", NULL, src, NULL, 0);
657 		return;
658 	}
659 
660 	if (dolink & LN_RELATIVE) {
661 		char *cp, *d, *s;
662 
663 		/* Resolve pathnames. */
664 		if (realpath(from_name, src) == NULL)
665 			err(EX_OSERR, "%s: realpath", from_name);
666 
667 		/*
668 		 * The last component of to_name may be a symlink,
669 		 * so use realpath to resolve only the directory.
670 		 */
671 		cp = dirname(to_name);
672 		if (realpath(cp, dst) == NULL)
673 			err(EX_OSERR, "%s: realpath", cp);
674 		/* .. and add the last component. */
675 		if (strcmp(dst, "/") != 0) {
676 			if (strlcat(dst, "/", sizeof(dst)) > sizeof(dst))
677 				errx(1, "resolved pathname too long");
678 		}
679 		cp = basename(to_name);
680 		if (strlcat(dst, cp, sizeof(dst)) > sizeof(dst))
681 			errx(1, "resolved pathname too long");
682 
683 		/* Trim common path components. */
684 		for (s = src, d = dst; *s == *d; s++, d++)
685 			continue;
686 		while (*s != '/')
687 			s--, d--;
688 
689 		/* Count the number of directories we need to backtrack. */
690 		for (++d, lnk[0] = '\0'; *d; d++)
691 			if (*d == '/')
692 				(void)strlcat(lnk, "../", sizeof(lnk));
693 
694 		(void)strlcat(lnk, ++s, sizeof(lnk));
695 
696 		do_symlink(lnk, to_name, target_sb);
697 		/* XXX: Link may point outside of destdir. */
698 		metadata_log(to_name, "link", NULL, lnk, NULL, 0);
699 		return;
700 	}
701 
702 	/*
703 	 * If absolute or relative was not specified, try the names the
704 	 * user provided.
705 	 */
706 	do_symlink(from_name, to_name, target_sb);
707 	/* XXX: from_name may point outside of destdir. */
708 	metadata_log(to_name, "link", NULL, from_name, NULL, 0);
709 }
710 
711 /*
712  * install --
713  *	build a path name and install the file
714  */
715 static void
716 install(const char *from_name, const char *to_name, u_long fset, u_int flags)
717 {
718 	struct stat from_sb, temp_sb, to_sb;
719 	struct timeval tvb[2];
720 	int devnull, files_match, from_fd, serrno, target;
721 	int tempcopy, temp_fd, to_fd;
722 	char backup[MAXPATHLEN], *p, pathbuf[MAXPATHLEN], tempfile[MAXPATHLEN];
723 	char *digestresult;
724 
725 	files_match = 0;
726 	from_fd = -1;
727 	to_fd = -1;
728 
729 	/* If try to install NULL file to a directory, fails. */
730 	if (flags & DIRECTORY || strcmp(from_name, _PATH_DEVNULL)) {
731 		if (!dolink) {
732 			if (stat(from_name, &from_sb))
733 				err(EX_OSERR, "%s", from_name);
734 			if (!S_ISREG(from_sb.st_mode)) {
735 				errno = EFTYPE;
736 				err(EX_OSERR, "%s", from_name);
737 			}
738 		}
739 		/* Build the target path. */
740 		if (flags & DIRECTORY) {
741 			(void)snprintf(pathbuf, sizeof(pathbuf), "%s/%s",
742 			    to_name,
743 			    (p = strrchr(from_name, '/')) ? ++p : from_name);
744 			to_name = pathbuf;
745 		}
746 		devnull = 0;
747 	} else {
748 		devnull = 1;
749 	}
750 
751 	if (!dolink)
752 		target = (stat(to_name, &to_sb) == 0);
753 	else
754 		target = (lstat(to_name, &to_sb) == 0);
755 
756 	if (dolink) {
757 		if (target && !safecopy) {
758 			if (to_sb.st_mode & S_IFDIR && rmdir(to_name) == -1)
759 				err(EX_OSERR, "%s", to_name);
760 			if (to_sb.st_flags & NOCHANGEBITS)
761 				(void)chflags(to_name,
762 				    to_sb.st_flags & ~NOCHANGEBITS);
763 			unlink(to_name);
764 		}
765 		makelink(from_name, to_name, target ? &to_sb : NULL);
766 		return;
767 	}
768 
769 	/* Only install to regular files. */
770 	if (target && !S_ISREG(to_sb.st_mode)) {
771 		errno = EFTYPE;
772 		warn("%s", to_name);
773 		return;
774 	}
775 
776 	/* Only copy safe if the target exists. */
777 	tempcopy = safecopy && target;
778 
779 	if (!devnull && (from_fd = open(from_name, O_RDONLY, 0)) < 0)
780 		err(EX_OSERR, "%s", from_name);
781 
782 	/* If we don't strip, we can compare first. */
783 	if (docompare && !dostrip && target) {
784 		if ((to_fd = open(to_name, O_RDONLY, 0)) < 0)
785 			err(EX_OSERR, "%s", to_name);
786 		if (devnull)
787 			files_match = to_sb.st_size == 0;
788 		else
789 			files_match = !(compare(from_fd, from_name,
790 			    (size_t)from_sb.st_size, to_fd,
791 			    to_name, (size_t)to_sb.st_size, &digestresult));
792 
793 		/* Close "to" file unless we match. */
794 		if (!files_match)
795 			(void)close(to_fd);
796 	}
797 
798 	if (!files_match) {
799 		if (tempcopy) {
800 			to_fd = create_tempfile(to_name, tempfile,
801 			    sizeof(tempfile));
802 			if (to_fd < 0)
803 				err(EX_OSERR, "%s", tempfile);
804 		} else {
805 			if ((to_fd = create_newfile(to_name, target,
806 			    &to_sb)) < 0)
807 				err(EX_OSERR, "%s", to_name);
808 			if (verbose)
809 				(void)printf("install: %s -> %s\n",
810 				    from_name, to_name);
811 		}
812 		if (!devnull)
813 			digestresult = copy(from_fd, from_name, to_fd,
814 			     tempcopy ? tempfile : to_name, from_sb.st_size);
815 		else
816 			digestresult = NULL;
817 	}
818 
819 	if (dostrip) {
820 		strip(tempcopy ? tempfile : to_name);
821 
822 		/*
823 		 * Re-open our fd on the target, in case we used a strip
824 		 * that does not work in-place -- like GNU binutils strip.
825 		 */
826 		close(to_fd);
827 		to_fd = open(tempcopy ? tempfile : to_name, O_RDONLY, 0);
828 		if (to_fd < 0)
829 			err(EX_OSERR, "stripping %s", to_name);
830 	}
831 
832 	/*
833 	 * Compare the stripped temp file with the target.
834 	 */
835 	if (docompare && dostrip && target) {
836 		temp_fd = to_fd;
837 
838 		/* Re-open to_fd using the real target name. */
839 		if ((to_fd = open(to_name, O_RDONLY, 0)) < 0)
840 			err(EX_OSERR, "%s", to_name);
841 
842 		if (fstat(temp_fd, &temp_sb)) {
843 			serrno = errno;
844 			(void)unlink(tempfile);
845 			errno = serrno;
846 			err(EX_OSERR, "%s", tempfile);
847 		}
848 
849 		if (compare(temp_fd, tempfile, (size_t)temp_sb.st_size, to_fd,
850 			    to_name, (size_t)to_sb.st_size, &digestresult)
851 			    == 0) {
852 			/*
853 			 * If target has more than one link we need to
854 			 * replace it in order to snap the extra links.
855 			 * Need to preserve target file times, though.
856 			 */
857 			if (to_sb.st_nlink != 1) {
858 				tvb[0].tv_sec = to_sb.st_atime;
859 				tvb[0].tv_usec = 0;
860 				tvb[1].tv_sec = to_sb.st_mtime;
861 				tvb[1].tv_usec = 0;
862 				(void)utimes(tempfile, tvb);
863 			} else {
864 				files_match = 1;
865 				(void)unlink(tempfile);
866 			}
867 			(void) close(temp_fd);
868 		}
869 	}
870 
871 	if (dostrip && (!docompare || !target))
872 		digestresult = digest_file(tempfile);
873 
874 	/*
875 	 * Move the new file into place if doing a safe copy
876 	 * and the files are different (or just not compared).
877 	 */
878 	if (tempcopy && !files_match) {
879 		/* Try to turn off the immutable bits. */
880 		if (to_sb.st_flags & NOCHANGEBITS)
881 			(void)chflags(to_name, to_sb.st_flags & ~NOCHANGEBITS);
882 		if (dobackup) {
883 			if ((size_t)snprintf(backup, MAXPATHLEN, "%s%s", to_name,
884 			    suffix) != strlen(to_name) + strlen(suffix)) {
885 				unlink(tempfile);
886 				errx(EX_OSERR, "%s: backup filename too long",
887 				    to_name);
888 			}
889 			if (verbose)
890 				(void)printf("install: %s -> %s\n", to_name, backup);
891 			if (rename(to_name, backup) < 0) {
892 				serrno = errno;
893 				unlink(tempfile);
894 				errno = serrno;
895 				err(EX_OSERR, "rename: %s to %s", to_name,
896 				     backup);
897 			}
898 		}
899 		if (verbose)
900 			(void)printf("install: %s -> %s\n", from_name, to_name);
901 		if (rename(tempfile, to_name) < 0) {
902 			serrno = errno;
903 			unlink(tempfile);
904 			errno = serrno;
905 			err(EX_OSERR, "rename: %s to %s",
906 			    tempfile, to_name);
907 		}
908 
909 		/* Re-open to_fd so we aren't hosed by the rename(2). */
910 		(void) close(to_fd);
911 		if ((to_fd = open(to_name, O_RDONLY, 0)) < 0)
912 			err(EX_OSERR, "%s", to_name);
913 	}
914 
915 	/*
916 	 * Preserve the timestamp of the source file if necessary.
917 	 */
918 	if (dopreserve && !files_match && !devnull) {
919 		tvb[0].tv_sec = from_sb.st_atime;
920 		tvb[0].tv_usec = 0;
921 		tvb[1].tv_sec = from_sb.st_mtime;
922 		tvb[1].tv_usec = 0;
923 		(void)utimes(to_name, tvb);
924 	}
925 
926 	if (fstat(to_fd, &to_sb) == -1) {
927 		serrno = errno;
928 		(void)unlink(to_name);
929 		errno = serrno;
930 		err(EX_OSERR, "%s", to_name);
931 	}
932 
933 	/*
934 	 * Set owner, group, mode for target; do the chown first,
935 	 * chown may lose the setuid bits.
936 	 */
937 	if (!dounpriv && ((gid != (gid_t)-1 && gid != to_sb.st_gid) ||
938 	    (uid != (uid_t)-1 && uid != to_sb.st_uid) ||
939 	    (mode != (to_sb.st_mode & ALLPERMS)))) {
940 		/* Try to turn off the immutable bits. */
941 		if (to_sb.st_flags & NOCHANGEBITS)
942 			(void)fchflags(to_fd, to_sb.st_flags & ~NOCHANGEBITS);
943 	}
944 
945 	if (!dounpriv &
946 	    (gid != (gid_t)-1 && gid != to_sb.st_gid) ||
947 	    (uid != (uid_t)-1 && uid != to_sb.st_uid))
948 		if (fchown(to_fd, uid, gid) == -1) {
949 			serrno = errno;
950 			(void)unlink(to_name);
951 			errno = serrno;
952 			err(EX_OSERR,"%s: chown/chgrp", to_name);
953 		}
954 
955 	if (mode != (to_sb.st_mode & ALLPERMS)) {
956 		if (fchmod(to_fd,
957 		     dounpriv ? mode & (S_IRWXU|S_IRWXG|S_IRWXO) : mode)) {
958 			serrno = errno;
959 			(void)unlink(to_name);
960 			errno = serrno;
961 			err(EX_OSERR, "%s: chmod", to_name);
962 		}
963 	}
964 
965 	/*
966 	 * If provided a set of flags, set them, otherwise, preserve the
967 	 * flags, except for the dump flag.
968 	 * NFS does not support flags.  Ignore EOPNOTSUPP flags if we're just
969 	 * trying to turn off UF_NODUMP.  If we're trying to set real flags,
970 	 * then warn if the fs doesn't support it, otherwise fail.
971 	 */
972 	if (!dounpriv & !devnull && (flags & SETFLAGS ||
973 	    (from_sb.st_flags & ~UF_NODUMP) != to_sb.st_flags) &&
974 	    fchflags(to_fd,
975 	    flags & SETFLAGS ? fset : from_sb.st_flags & ~UF_NODUMP)) {
976 		if (flags & SETFLAGS) {
977 			if (errno == EOPNOTSUPP)
978 				warn("%s: chflags", to_name);
979 			else {
980 				serrno = errno;
981 				(void)unlink(to_name);
982 				errno = serrno;
983 				err(EX_OSERR, "%s: chflags", to_name);
984 			}
985 		}
986 	}
987 
988 	(void)close(to_fd);
989 	if (!devnull)
990 		(void)close(from_fd);
991 
992 	metadata_log(to_name, "file", tvb, NULL, digestresult, to_sb.st_size);
993 	free(digestresult);
994 }
995 
996 /*
997  * compare --
998  *	compare two files; non-zero means files differ
999  */
1000 static int
1001 compare(int from_fd, const char *from_name __unused, size_t from_len,
1002 	int to_fd, const char *to_name __unused, size_t to_len,
1003 	char **dresp)
1004 {
1005 	char *p, *q;
1006 	int rv;
1007 	int done_compare;
1008 	DIGEST_CTX ctx;
1009 
1010 	rv = 0;
1011 	if (from_len != to_len)
1012 		return 1;
1013 
1014 	if (from_len <= MAX_CMP_SIZE) {
1015 		if (dresp != NULL)
1016 			digest_init(&ctx);
1017 		done_compare = 0;
1018 		if (trymmap(from_fd) && trymmap(to_fd)) {
1019 			p = mmap(NULL, from_len, PROT_READ, MAP_SHARED,
1020 			    from_fd, (off_t)0);
1021 			if (p == (char *)MAP_FAILED)
1022 				goto out;
1023 			q = mmap(NULL, from_len, PROT_READ, MAP_SHARED,
1024 			    to_fd, (off_t)0);
1025 			if (q == (char *)MAP_FAILED) {
1026 				munmap(p, from_len);
1027 				goto out;
1028 			}
1029 
1030 			rv = memcmp(p, q, from_len);
1031 			if (dresp != NULL)
1032 				digest_update(&ctx, p, from_len);
1033 			munmap(p, from_len);
1034 			munmap(q, from_len);
1035 			done_compare = 1;
1036 		}
1037 	out:
1038 		if (!done_compare) {
1039 			char buf1[MAXBSIZE];
1040 			char buf2[MAXBSIZE];
1041 			int n1, n2;
1042 
1043 			rv = 0;
1044 			lseek(from_fd, 0, SEEK_SET);
1045 			lseek(to_fd, 0, SEEK_SET);
1046 			while (rv == 0) {
1047 				n1 = read(from_fd, buf1, sizeof(buf1));
1048 				if (n1 == 0)
1049 					break;		/* EOF */
1050 				else if (n1 > 0) {
1051 					n2 = read(to_fd, buf2, n1);
1052 					if (n2 == n1)
1053 						rv = memcmp(buf1, buf2, n1);
1054 					else
1055 						rv = 1;	/* out of sync */
1056 				} else
1057 					rv = 1;		/* read failure */
1058 				digest_update(&ctx, buf1, n1);
1059 			}
1060 			lseek(from_fd, 0, SEEK_SET);
1061 			lseek(to_fd, 0, SEEK_SET);
1062 		}
1063 	} else
1064 		rv = 1;	/* don't bother in this case */
1065 
1066 	if (dresp != NULL) {
1067 		if (rv == 0)
1068 			*dresp = digest_end(&ctx, NULL);
1069 		else
1070 			(void)digest_end(&ctx, NULL);
1071 	}
1072 
1073 	return rv;
1074 }
1075 
1076 /*
1077  * create_tempfile --
1078  *	create a temporary file based on path and open it
1079  */
1080 static int
1081 create_tempfile(const char *path, char *temp, size_t tsize)
1082 {
1083 	char *p;
1084 
1085 	(void)strncpy(temp, path, tsize);
1086 	temp[tsize - 1] = '\0';
1087 	if ((p = strrchr(temp, '/')) != NULL)
1088 		p++;
1089 	else
1090 		p = temp;
1091 	(void)strncpy(p, "INS@XXXX", &temp[tsize - 1] - p);
1092 	temp[tsize - 1] = '\0';
1093 	return (mkstemp(temp));
1094 }
1095 
1096 /*
1097  * create_newfile --
1098  *	create a new file, overwriting an existing one if necessary
1099  */
1100 static int
1101 create_newfile(const char *path, int target, struct stat *sbp)
1102 {
1103 	char backup[MAXPATHLEN];
1104 	int saved_errno = 0;
1105 	int newfd;
1106 
1107 	if (target) {
1108 		/*
1109 		 * Unlink now... avoid ETXTBSY errors later.  Try to turn
1110 		 * off the append/immutable bits -- if we fail, go ahead,
1111 		 * it might work.
1112 		 */
1113 		if (sbp->st_flags & NOCHANGEBITS)
1114 			(void)chflags(path, sbp->st_flags & ~NOCHANGEBITS);
1115 
1116 		if (dobackup) {
1117 			if ((size_t)snprintf(backup, MAXPATHLEN, "%s%s",
1118 			    path, suffix) != strlen(path) + strlen(suffix))
1119 				errx(EX_OSERR, "%s: backup filename too long",
1120 				    path);
1121 			(void)snprintf(backup, MAXPATHLEN, "%s%s",
1122 			    path, suffix);
1123 			if (verbose)
1124 				(void)printf("install: %s -> %s\n",
1125 				    path, backup);
1126 			if (rename(path, backup) < 0)
1127 				err(EX_OSERR, "rename: %s to %s", path, backup);
1128 		} else
1129 			if (unlink(path) < 0)
1130 				saved_errno = errno;
1131 	}
1132 
1133 	newfd = open(path, O_CREAT | O_RDWR | O_TRUNC, S_IRUSR | S_IWUSR);
1134 	if (newfd < 0 && saved_errno != 0)
1135 		errno = saved_errno;
1136 	return newfd;
1137 }
1138 
1139 /*
1140  * copy --
1141  *	copy from one file to another
1142  */
1143 static char *
1144 copy(int from_fd, const char *from_name, int to_fd, const char *to_name,
1145     off_t size)
1146 {
1147 	int nr, nw;
1148 	int serrno;
1149 	char *p, buf[MAXBSIZE];
1150 	int done_copy;
1151 	DIGEST_CTX ctx;
1152 
1153 	/* Rewind file descriptors. */
1154 	if (lseek(from_fd, (off_t)0, SEEK_SET) == (off_t)-1)
1155 		err(EX_OSERR, "lseek: %s", from_name);
1156 	if (lseek(to_fd, (off_t)0, SEEK_SET) == (off_t)-1)
1157 		err(EX_OSERR, "lseek: %s", to_name);
1158 
1159 	digest_init(&ctx);
1160 
1161 	/*
1162 	 * Mmap and write if less than 8M (the limit is so we don't totally
1163 	 * trash memory on big files.  This is really a minor hack, but it
1164 	 * wins some CPU back.
1165 	 */
1166 	done_copy = 0;
1167 	if (size <= 8 * 1048576 && trymmap(from_fd) &&
1168 	    (p = mmap(NULL, (size_t)size, PROT_READ, MAP_SHARED,
1169 		    from_fd, (off_t)0)) != (char *)MAP_FAILED) {
1170 		nw = write(to_fd, p, size);
1171 		if (nw != size) {
1172 			serrno = errno;
1173 			(void)unlink(to_name);
1174 			if (nw >= 0) {
1175 				errx(EX_OSERR,
1176      "short write to %s: %jd bytes written, %jd bytes asked to write",
1177 				    to_name, (uintmax_t)nw, (uintmax_t)size);
1178 			} else {
1179 				errno = serrno;
1180 				err(EX_OSERR, "%s", to_name);
1181 			}
1182 		}
1183 		digest_update(&ctx, p, size);
1184 		(void)munmap(p, size);
1185 		done_copy = 1;
1186 	}
1187 	if (!done_copy) {
1188 		while ((nr = read(from_fd, buf, sizeof(buf))) > 0) {
1189 			if ((nw = write(to_fd, buf, nr)) != nr) {
1190 				serrno = errno;
1191 				(void)unlink(to_name);
1192 				if (nw >= 0) {
1193 					errx(EX_OSERR,
1194      "short write to %s: %jd bytes written, %jd bytes asked to write",
1195 					    to_name, (uintmax_t)nw,
1196 					    (uintmax_t)size);
1197 				} else {
1198 					errno = serrno;
1199 					err(EX_OSERR, "%s", to_name);
1200 				}
1201 			}
1202 			digest_update(&ctx, buf, nr);
1203 		}
1204 		if (nr != 0) {
1205 			serrno = errno;
1206 			(void)unlink(to_name);
1207 			errno = serrno;
1208 			err(EX_OSERR, "%s", from_name);
1209 		}
1210 	}
1211 	return (digest_end(&ctx, NULL));
1212 }
1213 
1214 /*
1215  * strip --
1216  *	use strip(1) to strip the target file
1217  */
1218 static void
1219 strip(const char *to_name)
1220 {
1221 	const char *stripbin;
1222 	int serrno, status;
1223 
1224 	switch (fork()) {
1225 	case -1:
1226 		serrno = errno;
1227 		(void)unlink(to_name);
1228 		errno = serrno;
1229 		err(EX_TEMPFAIL, "fork");
1230 	case 0:
1231 		stripbin = getenv("STRIPBIN");
1232 		if (stripbin == NULL)
1233 			stripbin = "strip";
1234 		execlp(stripbin, stripbin, to_name, (char *)NULL);
1235 		err(EX_OSERR, "exec(%s)", stripbin);
1236 	default:
1237 		if (wait(&status) == -1 || status) {
1238 			serrno = errno;
1239 			(void)unlink(to_name);
1240 			errc(EX_SOFTWARE, serrno, "wait");
1241 			/* NOTREACHED */
1242 		}
1243 	}
1244 }
1245 
1246 /*
1247  * install_dir --
1248  *	build directory hierarchy
1249  */
1250 static void
1251 install_dir(char *path)
1252 {
1253 	char *p;
1254 	struct stat sb;
1255 	int ch;
1256 
1257 	for (p = path;; ++p)
1258 		if (!*p || (p != path && *p  == '/')) {
1259 			ch = *p;
1260 			*p = '\0';
1261 			if (stat(path, &sb)) {
1262 				if (errno != ENOENT || mkdir(path, 0755) < 0) {
1263 					err(EX_OSERR, "mkdir %s", path);
1264 					/* NOTREACHED */
1265 				} else if (verbose)
1266 					(void)printf("install: mkdir %s\n",
1267 						     path);
1268 			} else if (!S_ISDIR(sb.st_mode))
1269 				errx(EX_OSERR, "%s exists but is not a directory", path);
1270 			if (!(*p = ch))
1271 				break;
1272  		}
1273 
1274 	if (!dounpriv) {
1275 		if ((gid != (gid_t)-1 || uid != (uid_t)-1) &&
1276 		    chown(path, uid, gid))
1277 			warn("chown %u:%u %s", uid, gid, path);
1278 		/* XXXBED: should we do the chmod in the dounpriv case? */
1279 		if (chmod(path, mode))
1280 			warn("chmod %o %s", mode, path);
1281 	}
1282 	metadata_log(path, "dir", NULL, NULL, NULL, 0);
1283 }
1284 
1285 /*
1286  * metadata_log --
1287  *	if metafp is not NULL, output mtree(8) full path name and settings to
1288  *	metafp, to allow permissions to be set correctly by other tools,
1289  *	or to allow integrity checks to be performed.
1290  */
1291 static void
1292 metadata_log(const char *path, const char *type, struct timeval *tv,
1293 	const char *slink, const char *digestresult, off_t size)
1294 {
1295 	static const char extra[] = { ' ', '\t', '\n', '\\', '#', '\0' };
1296 	const char *p;
1297 	char *buf;
1298 	size_t destlen;
1299 	struct flock metalog_lock;
1300 
1301 	if (!metafp)
1302 		return;
1303 	/* Buffer for strsvis(3). */
1304 	buf = (char *)malloc(4 * strlen(path) + 1);
1305 	if (buf == NULL) {
1306 		warnx("%s", strerror(ENOMEM));
1307 		return;
1308 	}
1309 
1310 	/* Lock log file. */
1311 	metalog_lock.l_start = 0;
1312 	metalog_lock.l_len = 0;
1313 	metalog_lock.l_whence = SEEK_SET;
1314 	metalog_lock.l_type = F_WRLCK;
1315 	if (fcntl(fileno(metafp), F_SETLKW, &metalog_lock) == -1) {
1316 		warn("can't lock %s", metafile);
1317 		free(buf);
1318 		return;
1319 	}
1320 
1321 	/* Remove destdir. */
1322 	p = path;
1323 	if (destdir) {
1324 		destlen = strlen(destdir);
1325 		if (strncmp(p, destdir, destlen) == 0 &&
1326 		    (p[destlen] == '/' || p[destlen] == '\0'))
1327 			p += destlen;
1328 	}
1329 	while (*p && *p == '/')
1330 		p++;
1331 	strsvis(buf, p, VIS_OCTAL, extra);
1332 	p = buf;
1333 	/* Print details. */
1334 	fprintf(metafp, ".%s%s type=%s", *p ? "/" : "", p, type);
1335 	if (owner)
1336 		fprintf(metafp, " uname=%s", owner);
1337 	if (group)
1338 		fprintf(metafp, " gname=%s", group);
1339 	fprintf(metafp, " mode=%#o", mode);
1340 	if (slink) {
1341 		strsvis(buf, slink, VIS_CSTYLE, extra);	/* encode link */
1342 		fprintf(metafp, " link=%s", buf);
1343 	}
1344 	if (*type == 'f') /* type=file */
1345 		fprintf(metafp, " size=%lld", (long long)size);
1346 	if (tv != NULL && dopreserve)
1347 		fprintf(metafp, " time=%lld.%ld",
1348 			(long long)tv[1].tv_sec, (long)tv[1].tv_usec);
1349 	if (digestresult && digest)
1350 		fprintf(metafp, " %s=%s", digest, digestresult);
1351 	if (fflags)
1352 		fprintf(metafp, " flags=%s", fflags);
1353 	if (tags)
1354 		fprintf(metafp, " tags=%s", tags);
1355 	fputc('\n', metafp);
1356 	/* Flush line. */
1357 	fflush(metafp);
1358 
1359 	/* Unlock log file. */
1360 	metalog_lock.l_type = F_UNLCK;
1361 	if (fcntl(fileno(metafp), F_SETLKW, &metalog_lock) == -1)
1362 		warn("can't unlock %s", metafile);
1363 	free(buf);
1364 }
1365 
1366 /*
1367  * usage --
1368  *	print a usage message and die
1369  */
1370 static void
1371 usage(void)
1372 {
1373 	(void)fprintf(stderr,
1374 "usage: install [-bCcpSsUv] [-f flags] [-g group] [-m mode] [-o owner]\n"
1375 "               [-M log] [-D dest] [-h hash] [-T tags]\n"
1376 "               [-B suffix] [-l linkflags] [-N dbdir]\n"
1377 "               file1 file2\n"
1378 "       install [-bCcpSsUv] [-f flags] [-g group] [-m mode] [-o owner]\n"
1379 "               [-M log] [-D dest] [-h hash] [-T tags]\n"
1380 "               [-B suffix] [-l linkflags] [-N dbdir]\n"
1381 "               file1 ... fileN directory\n"
1382 "       install -dU [-vU] [-g group] [-m mode] [-N dbdir] [-o owner]\n"
1383 "               [-M log] [-D dest] [-h hash] [-T tags]\n"
1384 "               directory ...\n");
1385 	exit(EX_USAGE);
1386 	/* NOTREACHED */
1387 }
1388 
1389 /*
1390  * trymmap --
1391  *	return true (1) if mmap should be tried, false (0) if not.
1392  */
1393 static int
1394 trymmap(int fd)
1395 {
1396 /*
1397  * The ifdef is for bootstrapping - f_fstypename doesn't exist in
1398  * pre-Lite2-merge systems.
1399  */
1400 #ifdef MFSNAMELEN
1401 	struct statfs stfs;
1402 
1403 	if (fstatfs(fd, &stfs) != 0)
1404 		return (0);
1405 	if (strcmp(stfs.f_fstypename, "ufs") == 0 ||
1406 	    strcmp(stfs.f_fstypename, "cd9660") == 0)
1407 		return (1);
1408 #endif
1409 	return (0);
1410 }
1411