1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2012, 2013 SRI International 5 * Copyright (c) 1987, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include <sys/param.h> 34 #include <sys/mman.h> 35 #include <sys/mount.h> 36 #include <sys/stat.h> 37 #include <sys/time.h> 38 #include <sys/wait.h> 39 40 #include <err.h> 41 #include <errno.h> 42 #include <fcntl.h> 43 #include <grp.h> 44 #include <libgen.h> 45 #ifdef WITH_MD5 46 #include <md5.h> 47 #endif 48 #include <paths.h> 49 #include <pwd.h> 50 #ifdef WITH_RIPEMD160 51 #include <ripemd.h> 52 #endif 53 #include <sha.h> 54 #include <sha256.h> 55 #include <sha512.h> 56 #include <spawn.h> 57 #include <stdint.h> 58 #include <stdio.h> 59 #include <stdlib.h> 60 #include <string.h> 61 #include <sysexits.h> 62 #include <unistd.h> 63 #include <vis.h> 64 65 #include "mtree.h" 66 67 /* 68 * Memory strategy threshold, in pages: if physmem is larger than this, use a 69 * large buffer. 70 */ 71 #define PHYSPAGES_THRESHOLD (32*1024) 72 73 /* Maximum buffer size in bytes - do not allow it to grow larger than this. */ 74 #define BUFSIZE_MAX (2*1024*1024) 75 76 /* 77 * Small (default) buffer size in bytes. It's inefficient for this to be 78 * smaller than MAXPHYS. 79 */ 80 #define BUFSIZE_SMALL (MAXPHYS) 81 82 /* 83 * We need to build xinstall during the bootstrap stage when building on a 84 * non-FreeBSD system. Linux does not have the st_flags and st_birthtime 85 * members in struct stat so we need to omit support for changing those fields. 86 */ 87 #ifdef UF_SETTABLE 88 #define HAVE_STRUCT_STAT_ST_FLAGS 1 89 #else 90 #define HAVE_STRUCT_STAT_ST_FLAGS 0 91 #endif 92 93 #define MAX_CMP_SIZE (16 * 1024 * 1024) 94 95 #define LN_ABSOLUTE 0x01 96 #define LN_RELATIVE 0x02 97 #define LN_HARD 0x04 98 #define LN_SYMBOLIC 0x08 99 #define LN_MIXED 0x10 100 101 #define DIRECTORY 0x01 /* Tell install it's a directory. */ 102 #define SETFLAGS 0x02 /* Tell install to set flags. */ 103 #define NOCHANGEBITS (UF_IMMUTABLE | UF_APPEND | SF_IMMUTABLE | SF_APPEND) 104 #define BACKUP_SUFFIX ".old" 105 106 typedef union { 107 #ifdef WITH_MD5 108 MD5_CTX MD5; 109 #endif 110 #ifdef WITH_RIPEMD160 111 RIPEMD160_CTX RIPEMD160; 112 #endif 113 SHA1_CTX SHA1; 114 SHA256_CTX SHA256; 115 SHA512_CTX SHA512; 116 } DIGEST_CTX; 117 118 static enum { 119 DIGEST_NONE = 0, 120 #ifdef WITH_MD5 121 DIGEST_MD5, 122 #endif 123 #ifdef WITH_RIPEMD160 124 DIGEST_RIPEMD160, 125 #endif 126 DIGEST_SHA1, 127 DIGEST_SHA256, 128 DIGEST_SHA512, 129 } digesttype = DIGEST_NONE; 130 131 extern char **environ; 132 133 static gid_t gid; 134 static uid_t uid; 135 static int dobackup, docompare, dodir, dolink, dopreserve, dostrip, dounpriv, 136 safecopy, verbose; 137 static int haveopt_f, haveopt_g, haveopt_m, haveopt_o; 138 static mode_t mode = S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH; 139 static FILE *metafp; 140 static const char *group, *owner; 141 static const char *suffix = BACKUP_SUFFIX; 142 static char *destdir, *digest, *fflags, *metafile, *tags; 143 144 static int compare(int, const char *, size_t, int, const char *, size_t, 145 char **); 146 static char *copy(int, const char *, int, const char *, off_t); 147 static int create_newfile(const char *, int, struct stat *); 148 static int create_tempfile(const char *, char *, size_t); 149 static char *quiet_mktemp(char *template); 150 static char *digest_file(const char *); 151 static void digest_init(DIGEST_CTX *); 152 static void digest_update(DIGEST_CTX *, const char *, size_t); 153 static char *digest_end(DIGEST_CTX *, char *); 154 static int do_link(const char *, const char *, const struct stat *); 155 static void do_symlink(const char *, const char *, const struct stat *); 156 static void makelink(const char *, const char *, const struct stat *); 157 static void install(const char *, const char *, u_long, u_int); 158 static void install_dir(char *); 159 static void metadata_log(const char *, const char *, struct timespec *, 160 const char *, const char *, off_t); 161 static int parseid(const char *, id_t *); 162 static int strip(const char *, int, const char *, char **); 163 static int trymmap(size_t); 164 static void usage(void); 165 166 int 167 main(int argc, char *argv[]) 168 { 169 struct stat from_sb, to_sb; 170 mode_t *set; 171 u_long fset; 172 int ch, no_target; 173 u_int iflags; 174 char *p; 175 const char *to_name; 176 177 fset = 0; 178 iflags = 0; 179 set = NULL; 180 group = owner = NULL; 181 while ((ch = getopt(argc, argv, "B:bCcD:df:g:h:l:M:m:N:o:pSsT:Uv")) != 182 -1) 183 switch((char)ch) { 184 case 'B': 185 suffix = optarg; 186 /* FALLTHROUGH */ 187 case 'b': 188 dobackup = 1; 189 break; 190 case 'C': 191 docompare = 1; 192 break; 193 case 'c': 194 /* For backwards compatibility. */ 195 break; 196 case 'D': 197 destdir = optarg; 198 break; 199 case 'd': 200 dodir = 1; 201 break; 202 case 'f': 203 haveopt_f = 1; 204 fflags = optarg; 205 break; 206 case 'g': 207 haveopt_g = 1; 208 group = optarg; 209 break; 210 case 'h': 211 digest = optarg; 212 break; 213 case 'l': 214 for (p = optarg; *p != '\0'; p++) 215 switch (*p) { 216 case 's': 217 dolink &= ~(LN_HARD|LN_MIXED); 218 dolink |= LN_SYMBOLIC; 219 break; 220 case 'h': 221 dolink &= ~(LN_SYMBOLIC|LN_MIXED); 222 dolink |= LN_HARD; 223 break; 224 case 'm': 225 dolink &= ~(LN_SYMBOLIC|LN_HARD); 226 dolink |= LN_MIXED; 227 break; 228 case 'a': 229 dolink &= ~LN_RELATIVE; 230 dolink |= LN_ABSOLUTE; 231 break; 232 case 'r': 233 dolink &= ~LN_ABSOLUTE; 234 dolink |= LN_RELATIVE; 235 break; 236 default: 237 errx(1, "%c: invalid link type", *p); 238 /* NOTREACHED */ 239 } 240 break; 241 case 'M': 242 metafile = optarg; 243 break; 244 case 'm': 245 haveopt_m = 1; 246 free(set); 247 if (!(set = setmode(optarg))) 248 errx(EX_USAGE, "invalid file mode: %s", 249 optarg); 250 break; 251 case 'N': 252 if (!setup_getid(optarg)) 253 err(EX_OSERR, "Unable to use user and group " 254 "databases in `%s'", optarg); 255 break; 256 case 'o': 257 haveopt_o = 1; 258 owner = optarg; 259 break; 260 case 'p': 261 docompare = dopreserve = 1; 262 break; 263 case 'S': 264 safecopy = 1; 265 break; 266 case 's': 267 dostrip = 1; 268 break; 269 case 'T': 270 tags = optarg; 271 break; 272 case 'U': 273 dounpriv = 1; 274 break; 275 case 'v': 276 verbose = 1; 277 break; 278 case '?': 279 default: 280 usage(); 281 } 282 argc -= optind; 283 argv += optind; 284 285 /* some options make no sense when creating directories */ 286 if (dostrip && dodir) { 287 warnx("-d and -s may not be specified together"); 288 usage(); 289 } 290 291 /* 292 * Default permissions based on whether we're a directory or not, since 293 * an +X may mean that we need to set the execute bit. 294 */ 295 if (set != NULL) 296 mode = getmode(set, dodir ? S_IFDIR : 0) & ~S_IFDIR; 297 free(set); 298 299 if (getenv("DONTSTRIP") != NULL) { 300 warnx("DONTSTRIP set - will not strip installed binaries"); 301 dostrip = 0; 302 } 303 304 /* must have at least two arguments, except when creating directories */ 305 if (argc == 0 || (argc == 1 && !dodir)) 306 usage(); 307 308 if (digest != NULL) { 309 if (strcmp(digest, "none") == 0) { 310 digesttype = DIGEST_NONE; 311 #ifdef WITH_MD5 312 } else if (strcmp(digest, "md5") == 0) { 313 digesttype = DIGEST_MD5; 314 #endif 315 #ifdef WITH_RIPEMD160 316 } else if (strcmp(digest, "rmd160") == 0) { 317 digesttype = DIGEST_RIPEMD160; 318 #endif 319 } else if (strcmp(digest, "sha1") == 0) { 320 digesttype = DIGEST_SHA1; 321 } else if (strcmp(digest, "sha256") == 0) { 322 digesttype = DIGEST_SHA256; 323 } else if (strcmp(digest, "sha512") == 0) { 324 digesttype = DIGEST_SHA512; 325 } else { 326 warnx("unknown digest `%s'", digest); 327 usage(); 328 } 329 } 330 331 /* need to make a temp copy so we can compare stripped version */ 332 if (docompare && dostrip) 333 safecopy = 1; 334 335 /* get group and owner id's */ 336 if (group != NULL && !dounpriv) { 337 if (gid_from_group(group, &gid) == -1) { 338 id_t id; 339 if (!parseid(group, &id)) 340 errx(1, "unknown group %s", group); 341 gid = id; 342 } 343 } else 344 gid = (gid_t)-1; 345 346 if (owner != NULL && !dounpriv) { 347 if (uid_from_user(owner, &uid) == -1) { 348 id_t id; 349 if (!parseid(owner, &id)) 350 errx(1, "unknown user %s", owner); 351 uid = id; 352 } 353 } else 354 uid = (uid_t)-1; 355 356 if (fflags != NULL && !dounpriv) { 357 if (strtofflags(&fflags, &fset, NULL)) 358 errx(EX_USAGE, "%s: invalid flag", fflags); 359 iflags |= SETFLAGS; 360 } 361 362 if (metafile != NULL) { 363 if ((metafp = fopen(metafile, "a")) == NULL) 364 warn("open %s", metafile); 365 } else 366 digesttype = DIGEST_NONE; 367 368 if (dodir) { 369 for (; *argv != NULL; ++argv) 370 install_dir(*argv); 371 exit(EX_OK); 372 /* NOTREACHED */ 373 } 374 375 to_name = argv[argc - 1]; 376 no_target = stat(to_name, &to_sb); 377 if (!no_target && S_ISDIR(to_sb.st_mode)) { 378 if (dolink & LN_SYMBOLIC) { 379 if (lstat(to_name, &to_sb) != 0) 380 err(EX_OSERR, "%s vanished", to_name); 381 if (S_ISLNK(to_sb.st_mode)) { 382 if (argc != 2) { 383 errno = ENOTDIR; 384 err(EX_USAGE, "%s", to_name); 385 } 386 install(*argv, to_name, fset, iflags); 387 exit(EX_OK); 388 } 389 } 390 for (; *argv != to_name; ++argv) 391 install(*argv, to_name, fset, iflags | DIRECTORY); 392 exit(EX_OK); 393 /* NOTREACHED */ 394 } 395 396 /* can't do file1 file2 directory/file */ 397 if (argc != 2) { 398 if (no_target) 399 warnx("target directory `%s' does not exist", 400 argv[argc - 1]); 401 else 402 warnx("target `%s' is not a directory", 403 argv[argc - 1]); 404 usage(); 405 } 406 407 if (!no_target && !dolink) { 408 if (stat(*argv, &from_sb)) 409 err(EX_OSERR, "%s", *argv); 410 if (!S_ISREG(to_sb.st_mode)) { 411 errno = EFTYPE; 412 err(EX_OSERR, "%s", to_name); 413 } 414 if (to_sb.st_dev == from_sb.st_dev && 415 to_sb.st_ino == from_sb.st_ino) 416 errx(EX_USAGE, 417 "%s and %s are the same file", *argv, to_name); 418 } 419 install(*argv, to_name, fset, iflags); 420 exit(EX_OK); 421 /* NOTREACHED */ 422 } 423 424 static char * 425 digest_file(const char *name) 426 { 427 428 switch (digesttype) { 429 #ifdef WITH_MD5 430 case DIGEST_MD5: 431 return (MD5File(name, NULL)); 432 #endif 433 #ifdef WITH_RIPEMD160 434 case DIGEST_RIPEMD160: 435 return (RIPEMD160_File(name, NULL)); 436 #endif 437 case DIGEST_SHA1: 438 return (SHA1_File(name, NULL)); 439 case DIGEST_SHA256: 440 return (SHA256_File(name, NULL)); 441 case DIGEST_SHA512: 442 return (SHA512_File(name, NULL)); 443 default: 444 return (NULL); 445 } 446 } 447 448 static void 449 digest_init(DIGEST_CTX *c) 450 { 451 452 switch (digesttype) { 453 case DIGEST_NONE: 454 break; 455 #ifdef WITH_MD5 456 case DIGEST_MD5: 457 MD5Init(&(c->MD5)); 458 break; 459 #endif 460 #ifdef WITH_RIPEMD160 461 case DIGEST_RIPEMD160: 462 RIPEMD160_Init(&(c->RIPEMD160)); 463 break; 464 #endif 465 case DIGEST_SHA1: 466 SHA1_Init(&(c->SHA1)); 467 break; 468 case DIGEST_SHA256: 469 SHA256_Init(&(c->SHA256)); 470 break; 471 case DIGEST_SHA512: 472 SHA512_Init(&(c->SHA512)); 473 break; 474 } 475 } 476 477 static void 478 digest_update(DIGEST_CTX *c, const char *data, size_t len) 479 { 480 481 switch (digesttype) { 482 case DIGEST_NONE: 483 break; 484 #ifdef WITH_MD5 485 case DIGEST_MD5: 486 MD5Update(&(c->MD5), data, len); 487 break; 488 #endif 489 #ifdef WITH_RIPEMD160 490 case DIGEST_RIPEMD160: 491 RIPEMD160_Update(&(c->RIPEMD160), data, len); 492 break; 493 #endif 494 case DIGEST_SHA1: 495 SHA1_Update(&(c->SHA1), data, len); 496 break; 497 case DIGEST_SHA256: 498 SHA256_Update(&(c->SHA256), data, len); 499 break; 500 case DIGEST_SHA512: 501 SHA512_Update(&(c->SHA512), data, len); 502 break; 503 } 504 } 505 506 static char * 507 digest_end(DIGEST_CTX *c, char *buf) 508 { 509 510 switch (digesttype) { 511 #ifdef WITH_MD5 512 case DIGEST_MD5: 513 return (MD5End(&(c->MD5), buf)); 514 #endif 515 #ifdef WITH_RIPEMD160 516 case DIGEST_RIPEMD160: 517 return (RIPEMD160_End(&(c->RIPEMD160), buf)); 518 #endif 519 case DIGEST_SHA1: 520 return (SHA1_End(&(c->SHA1), buf)); 521 case DIGEST_SHA256: 522 return (SHA256_End(&(c->SHA256), buf)); 523 case DIGEST_SHA512: 524 return (SHA512_End(&(c->SHA512), buf)); 525 default: 526 return (NULL); 527 } 528 } 529 530 /* 531 * parseid -- 532 * parse uid or gid from arg into id, returning non-zero if successful 533 */ 534 static int 535 parseid(const char *name, id_t *id) 536 { 537 char *ep; 538 errno = 0; 539 *id = (id_t)strtoul(name, &ep, 10); 540 if (errno || *ep != '\0') 541 return (0); 542 return (1); 543 } 544 545 /* 546 * quiet_mktemp -- 547 * mktemp implementation used mkstemp to avoid mktemp warnings. We 548 * really do need mktemp semantics here as we will be creating a link. 549 */ 550 static char * 551 quiet_mktemp(char *template) 552 { 553 int fd; 554 555 if ((fd = mkstemp(template)) == -1) 556 return (NULL); 557 close (fd); 558 if (unlink(template) == -1) 559 err(EX_OSERR, "unlink %s", template); 560 return (template); 561 } 562 563 /* 564 * do_link -- 565 * make a hard link, obeying dorename if set 566 * return -1 on failure 567 */ 568 static int 569 do_link(const char *from_name, const char *to_name, 570 const struct stat *target_sb) 571 { 572 char tmpl[MAXPATHLEN]; 573 int ret; 574 575 if (safecopy && target_sb != NULL) { 576 (void)snprintf(tmpl, sizeof(tmpl), "%s.inst.XXXXXX", to_name); 577 /* This usage is safe. */ 578 if (quiet_mktemp(tmpl) == NULL) 579 err(EX_OSERR, "%s: mktemp", tmpl); 580 ret = link(from_name, tmpl); 581 if (ret == 0) { 582 if (target_sb->st_mode & S_IFDIR && rmdir(to_name) == 583 -1) { 584 unlink(tmpl); 585 err(EX_OSERR, "%s", to_name); 586 } 587 #if HAVE_STRUCT_STAT_ST_FLAGS 588 if (target_sb->st_flags & NOCHANGEBITS) 589 (void)chflags(to_name, target_sb->st_flags & 590 ~NOCHANGEBITS); 591 #endif 592 if (verbose) 593 printf("install: link %s -> %s\n", 594 from_name, to_name); 595 ret = rename(tmpl, to_name); 596 /* 597 * If rename has posix semantics, then the temporary 598 * file may still exist when from_name and to_name point 599 * to the same file, so unlink it unconditionally. 600 */ 601 (void)unlink(tmpl); 602 } 603 return (ret); 604 } else { 605 if (verbose) 606 printf("install: link %s -> %s\n", 607 from_name, to_name); 608 return (link(from_name, to_name)); 609 } 610 } 611 612 /* 613 * do_symlink -- 614 * Make a symbolic link, obeying dorename if set. Exit on failure. 615 */ 616 static void 617 do_symlink(const char *from_name, const char *to_name, 618 const struct stat *target_sb) 619 { 620 char tmpl[MAXPATHLEN]; 621 622 if (safecopy && target_sb != NULL) { 623 (void)snprintf(tmpl, sizeof(tmpl), "%s.inst.XXXXXX", to_name); 624 /* This usage is safe. */ 625 if (quiet_mktemp(tmpl) == NULL) 626 err(EX_OSERR, "%s: mktemp", tmpl); 627 628 if (symlink(from_name, tmpl) == -1) 629 err(EX_OSERR, "symlink %s -> %s", from_name, tmpl); 630 631 if (target_sb->st_mode & S_IFDIR && rmdir(to_name) == -1) { 632 (void)unlink(tmpl); 633 err(EX_OSERR, "%s", to_name); 634 } 635 #if HAVE_STRUCT_STAT_ST_FLAGS 636 if (target_sb->st_flags & NOCHANGEBITS) 637 (void)chflags(to_name, target_sb->st_flags & 638 ~NOCHANGEBITS); 639 #endif 640 if (verbose) 641 printf("install: symlink %s -> %s\n", 642 from_name, to_name); 643 if (rename(tmpl, to_name) == -1) { 644 /* Remove temporary link before exiting. */ 645 (void)unlink(tmpl); 646 err(EX_OSERR, "%s: rename", to_name); 647 } 648 } else { 649 if (verbose) 650 printf("install: symlink %s -> %s\n", 651 from_name, to_name); 652 if (symlink(from_name, to_name) == -1) 653 err(EX_OSERR, "symlink %s -> %s", from_name, to_name); 654 } 655 } 656 657 /* 658 * makelink -- 659 * make a link from source to destination 660 */ 661 static void 662 makelink(const char *from_name, const char *to_name, 663 const struct stat *target_sb) 664 { 665 char src[MAXPATHLEN], dst[MAXPATHLEN], lnk[MAXPATHLEN]; 666 struct stat to_sb; 667 668 /* Try hard links first. */ 669 if (dolink & (LN_HARD|LN_MIXED)) { 670 if (do_link(from_name, to_name, target_sb) == -1) { 671 if ((dolink & LN_HARD) || errno != EXDEV) 672 err(EX_OSERR, "link %s -> %s", from_name, to_name); 673 } else { 674 if (stat(to_name, &to_sb)) 675 err(EX_OSERR, "%s: stat", to_name); 676 if (S_ISREG(to_sb.st_mode)) { 677 /* 678 * XXX: hard links to anything other than 679 * plain files are not metalogged 680 */ 681 int omode; 682 const char *oowner, *ogroup; 683 char *offlags; 684 char *dres; 685 686 /* 687 * XXX: use underlying perms, unless 688 * overridden on command line. 689 */ 690 omode = mode; 691 if (!haveopt_m) 692 mode = (to_sb.st_mode & 0777); 693 oowner = owner; 694 if (!haveopt_o) 695 owner = NULL; 696 ogroup = group; 697 if (!haveopt_g) 698 group = NULL; 699 offlags = fflags; 700 if (!haveopt_f) 701 fflags = NULL; 702 dres = digest_file(from_name); 703 metadata_log(to_name, "file", NULL, NULL, 704 dres, to_sb.st_size); 705 free(dres); 706 mode = omode; 707 owner = oowner; 708 group = ogroup; 709 fflags = offlags; 710 } 711 return; 712 } 713 } 714 715 /* Symbolic links. */ 716 if (dolink & LN_ABSOLUTE) { 717 /* Convert source path to absolute. */ 718 if (realpath(from_name, src) == NULL) 719 err(EX_OSERR, "%s: realpath", from_name); 720 do_symlink(src, to_name, target_sb); 721 /* XXX: src may point outside of destdir */ 722 metadata_log(to_name, "link", NULL, src, NULL, 0); 723 return; 724 } 725 726 if (dolink & LN_RELATIVE) { 727 char *to_name_copy, *cp, *d, *ld, *ls, *s; 728 729 if (*from_name != '/') { 730 /* this is already a relative link */ 731 do_symlink(from_name, to_name, target_sb); 732 /* XXX: from_name may point outside of destdir. */ 733 metadata_log(to_name, "link", NULL, from_name, NULL, 0); 734 return; 735 } 736 737 /* Resolve pathnames. */ 738 if (realpath(from_name, src) == NULL) 739 err(EX_OSERR, "%s: realpath", from_name); 740 741 /* 742 * The last component of to_name may be a symlink, 743 * so use realpath to resolve only the directory. 744 */ 745 to_name_copy = strdup(to_name); 746 if (to_name_copy == NULL) 747 err(EX_OSERR, "%s: strdup", to_name); 748 cp = dirname(to_name_copy); 749 if (realpath(cp, dst) == NULL) 750 err(EX_OSERR, "%s: realpath", cp); 751 /* .. and add the last component. */ 752 if (strcmp(dst, "/") != 0) { 753 if (strlcat(dst, "/", sizeof(dst)) > sizeof(dst)) 754 errx(1, "resolved pathname too long"); 755 } 756 strcpy(to_name_copy, to_name); 757 cp = basename(to_name_copy); 758 if (strlcat(dst, cp, sizeof(dst)) > sizeof(dst)) 759 errx(1, "resolved pathname too long"); 760 free(to_name_copy); 761 762 /* Trim common path components. */ 763 ls = ld = NULL; 764 for (s = src, d = dst; *s == *d; ls = s, ld = d, s++, d++) 765 continue; 766 /* 767 * If we didn't end after a directory separator, then we've 768 * falsely matched the last component. For example, if one 769 * invoked install -lrs /lib/foo.so /libexec/ then the source 770 * would terminate just after the separator while the 771 * destination would terminate in the middle of 'libexec', 772 * leading to a full directory getting falsely eaten. 773 */ 774 if ((ls != NULL && *ls != '/') || (ld != NULL && *ld != '/')) 775 s--, d--; 776 while (*s != '/') 777 s--, d--; 778 779 /* Count the number of directories we need to backtrack. */ 780 for (++d, lnk[0] = '\0'; *d; d++) 781 if (*d == '/') 782 (void)strlcat(lnk, "../", sizeof(lnk)); 783 784 (void)strlcat(lnk, ++s, sizeof(lnk)); 785 786 do_symlink(lnk, to_name, target_sb); 787 /* XXX: Link may point outside of destdir. */ 788 metadata_log(to_name, "link", NULL, lnk, NULL, 0); 789 return; 790 } 791 792 /* 793 * If absolute or relative was not specified, try the names the 794 * user provided. 795 */ 796 do_symlink(from_name, to_name, target_sb); 797 /* XXX: from_name may point outside of destdir. */ 798 metadata_log(to_name, "link", NULL, from_name, NULL, 0); 799 } 800 801 /* 802 * install -- 803 * build a path name and install the file 804 */ 805 static void 806 install(const char *from_name, const char *to_name, u_long fset, u_int flags) 807 { 808 struct stat from_sb, temp_sb, to_sb; 809 struct timespec tsb[2]; 810 int devnull, files_match, from_fd, serrno, stripped, target; 811 int tempcopy, temp_fd, to_fd; 812 char backup[MAXPATHLEN], *p, pathbuf[MAXPATHLEN], tempfile[MAXPATHLEN]; 813 char *digestresult; 814 815 digestresult = NULL; 816 files_match = stripped = 0; 817 from_fd = -1; 818 to_fd = -1; 819 820 /* If try to install NULL file to a directory, fails. */ 821 if (flags & DIRECTORY || strcmp(from_name, _PATH_DEVNULL)) { 822 if (!dolink) { 823 if (stat(from_name, &from_sb)) 824 err(EX_OSERR, "%s", from_name); 825 if (!S_ISREG(from_sb.st_mode)) { 826 errno = EFTYPE; 827 err(EX_OSERR, "%s", from_name); 828 } 829 } 830 /* Build the target path. */ 831 if (flags & DIRECTORY) { 832 (void)snprintf(pathbuf, sizeof(pathbuf), "%s%s%s", 833 to_name, 834 to_name[strlen(to_name) - 1] == '/' ? "" : "/", 835 (p = strrchr(from_name, '/')) ? ++p : from_name); 836 to_name = pathbuf; 837 } 838 devnull = 0; 839 } else { 840 devnull = 1; 841 } 842 843 target = (lstat(to_name, &to_sb) == 0); 844 845 if (dolink) { 846 if (target && !safecopy) { 847 if (to_sb.st_mode & S_IFDIR && rmdir(to_name) == -1) 848 err(EX_OSERR, "%s", to_name); 849 #if HAVE_STRUCT_STAT_ST_FLAGS 850 if (to_sb.st_flags & NOCHANGEBITS) 851 (void)chflags(to_name, 852 to_sb.st_flags & ~NOCHANGEBITS); 853 #endif 854 unlink(to_name); 855 } 856 makelink(from_name, to_name, target ? &to_sb : NULL); 857 return; 858 } 859 860 if (target && !S_ISREG(to_sb.st_mode) && !S_ISLNK(to_sb.st_mode)) { 861 errno = EFTYPE; 862 warn("%s", to_name); 863 return; 864 } 865 866 /* Only copy safe if the target exists. */ 867 tempcopy = safecopy && target; 868 869 if (!devnull && (from_fd = open(from_name, O_RDONLY, 0)) < 0) 870 err(EX_OSERR, "%s", from_name); 871 872 /* If we don't strip, we can compare first. */ 873 if (docompare && !dostrip && target && S_ISREG(to_sb.st_mode)) { 874 if ((to_fd = open(to_name, O_RDONLY, 0)) < 0) 875 err(EX_OSERR, "%s", to_name); 876 if (devnull) 877 files_match = to_sb.st_size == 0; 878 else 879 files_match = !(compare(from_fd, from_name, 880 (size_t)from_sb.st_size, to_fd, 881 to_name, (size_t)to_sb.st_size, &digestresult)); 882 883 /* Close "to" file unless we match. */ 884 if (!files_match) 885 (void)close(to_fd); 886 } 887 888 if (!files_match) { 889 if (tempcopy) { 890 to_fd = create_tempfile(to_name, tempfile, 891 sizeof(tempfile)); 892 if (to_fd < 0) 893 err(EX_OSERR, "%s", tempfile); 894 } else { 895 if ((to_fd = create_newfile(to_name, target, 896 &to_sb)) < 0) 897 err(EX_OSERR, "%s", to_name); 898 if (verbose) 899 (void)printf("install: %s -> %s\n", 900 from_name, to_name); 901 } 902 if (!devnull) { 903 if (dostrip) 904 stripped = strip(tempcopy ? tempfile : to_name, 905 to_fd, from_name, &digestresult); 906 if (!stripped) 907 digestresult = copy(from_fd, from_name, to_fd, 908 tempcopy ? tempfile : to_name, from_sb.st_size); 909 } 910 } 911 912 if (dostrip) { 913 if (!stripped) 914 (void)strip(tempcopy ? tempfile : to_name, to_fd, 915 NULL, &digestresult); 916 917 /* 918 * Re-open our fd on the target, in case 919 * we did not strip in-place. 920 */ 921 close(to_fd); 922 to_fd = open(tempcopy ? tempfile : to_name, O_RDONLY, 0); 923 if (to_fd < 0) 924 err(EX_OSERR, "stripping %s", to_name); 925 } 926 927 /* 928 * Compare the stripped temp file with the target. 929 */ 930 if (docompare && dostrip && target && S_ISREG(to_sb.st_mode)) { 931 temp_fd = to_fd; 932 933 /* Re-open to_fd using the real target name. */ 934 if ((to_fd = open(to_name, O_RDONLY, 0)) < 0) 935 err(EX_OSERR, "%s", to_name); 936 937 if (fstat(temp_fd, &temp_sb)) { 938 serrno = errno; 939 (void)unlink(tempfile); 940 errno = serrno; 941 err(EX_OSERR, "%s", tempfile); 942 } 943 944 if (compare(temp_fd, tempfile, (size_t)temp_sb.st_size, to_fd, 945 to_name, (size_t)to_sb.st_size, &digestresult) 946 == 0) { 947 /* 948 * If target has more than one link we need to 949 * replace it in order to snap the extra links. 950 * Need to preserve target file times, though. 951 */ 952 if (to_sb.st_nlink != 1) { 953 tsb[0] = to_sb.st_atim; 954 tsb[1] = to_sb.st_mtim; 955 (void)utimensat(AT_FDCWD, tempfile, tsb, 0); 956 } else { 957 files_match = 1; 958 (void)unlink(tempfile); 959 } 960 (void) close(temp_fd); 961 } 962 } else if (dostrip) 963 digestresult = digest_file(tempfile); 964 965 /* 966 * Move the new file into place if doing a safe copy 967 * and the files are different (or just not compared). 968 */ 969 if (tempcopy && !files_match) { 970 #if HAVE_STRUCT_STAT_ST_FLAGS 971 /* Try to turn off the immutable bits. */ 972 if (to_sb.st_flags & NOCHANGEBITS) 973 (void)chflags(to_name, to_sb.st_flags & ~NOCHANGEBITS); 974 #endif 975 if (dobackup) { 976 if ((size_t)snprintf(backup, MAXPATHLEN, "%s%s", to_name, 977 suffix) != strlen(to_name) + strlen(suffix)) { 978 unlink(tempfile); 979 errx(EX_OSERR, "%s: backup filename too long", 980 to_name); 981 } 982 if (verbose) 983 (void)printf("install: %s -> %s\n", to_name, backup); 984 if (unlink(backup) < 0 && errno != ENOENT) { 985 serrno = errno; 986 #if HAVE_STRUCT_STAT_ST_FLAGS 987 if (to_sb.st_flags & NOCHANGEBITS) 988 (void)chflags(to_name, to_sb.st_flags); 989 #endif 990 unlink(tempfile); 991 errno = serrno; 992 err(EX_OSERR, "unlink: %s", backup); 993 } 994 if (link(to_name, backup) < 0) { 995 serrno = errno; 996 unlink(tempfile); 997 #if HAVE_STRUCT_STAT_ST_FLAGS 998 if (to_sb.st_flags & NOCHANGEBITS) 999 (void)chflags(to_name, to_sb.st_flags); 1000 #endif 1001 errno = serrno; 1002 err(EX_OSERR, "link: %s to %s", to_name, 1003 backup); 1004 } 1005 } 1006 if (verbose) 1007 (void)printf("install: %s -> %s\n", from_name, to_name); 1008 if (rename(tempfile, to_name) < 0) { 1009 serrno = errno; 1010 unlink(tempfile); 1011 errno = serrno; 1012 err(EX_OSERR, "rename: %s to %s", 1013 tempfile, to_name); 1014 } 1015 1016 /* Re-open to_fd so we aren't hosed by the rename(2). */ 1017 (void) close(to_fd); 1018 if ((to_fd = open(to_name, O_RDONLY, 0)) < 0) 1019 err(EX_OSERR, "%s", to_name); 1020 } 1021 1022 /* 1023 * Preserve the timestamp of the source file if necessary. 1024 */ 1025 if (dopreserve && !files_match && !devnull) { 1026 tsb[0] = from_sb.st_atim; 1027 tsb[1] = from_sb.st_mtim; 1028 (void)utimensat(AT_FDCWD, to_name, tsb, 0); 1029 } 1030 1031 if (fstat(to_fd, &to_sb) == -1) { 1032 serrno = errno; 1033 (void)unlink(to_name); 1034 errno = serrno; 1035 err(EX_OSERR, "%s", to_name); 1036 } 1037 1038 /* 1039 * Set owner, group, mode for target; do the chown first, 1040 * chown may lose the setuid bits. 1041 */ 1042 if (!dounpriv && ((gid != (gid_t)-1 && gid != to_sb.st_gid) || 1043 (uid != (uid_t)-1 && uid != to_sb.st_uid) || 1044 (mode != (to_sb.st_mode & ALLPERMS)))) { 1045 #if HAVE_STRUCT_STAT_ST_FLAGS 1046 /* Try to turn off the immutable bits. */ 1047 if (to_sb.st_flags & NOCHANGEBITS) 1048 (void)fchflags(to_fd, to_sb.st_flags & ~NOCHANGEBITS); 1049 #endif 1050 } 1051 1052 if (!dounpriv && ((gid != (gid_t)-1 && gid != to_sb.st_gid) || 1053 (uid != (uid_t)-1 && uid != to_sb.st_uid))) { 1054 if (fchown(to_fd, uid, gid) == -1) { 1055 serrno = errno; 1056 (void)unlink(to_name); 1057 errno = serrno; 1058 err(EX_OSERR,"%s: chown/chgrp", to_name); 1059 } 1060 } 1061 if (mode != (to_sb.st_mode & ALLPERMS)) { 1062 if (fchmod(to_fd, 1063 dounpriv ? mode & (S_IRWXU|S_IRWXG|S_IRWXO) : mode)) { 1064 serrno = errno; 1065 (void)unlink(to_name); 1066 errno = serrno; 1067 err(EX_OSERR, "%s: chmod", to_name); 1068 } 1069 } 1070 #if HAVE_STRUCT_STAT_ST_FLAGS 1071 /* 1072 * If provided a set of flags, set them, otherwise, preserve the 1073 * flags, except for the dump flag. 1074 * NFS does not support flags. Ignore EOPNOTSUPP flags if we're just 1075 * trying to turn off UF_NODUMP. If we're trying to set real flags, 1076 * then warn if the fs doesn't support it, otherwise fail. 1077 */ 1078 if (!dounpriv && !devnull && (flags & SETFLAGS || 1079 (from_sb.st_flags & ~UF_NODUMP) != to_sb.st_flags) && 1080 fchflags(to_fd, 1081 flags & SETFLAGS ? fset : from_sb.st_flags & ~UF_NODUMP)) { 1082 if (flags & SETFLAGS) { 1083 if (errno == EOPNOTSUPP) 1084 warn("%s: chflags", to_name); 1085 else { 1086 serrno = errno; 1087 (void)unlink(to_name); 1088 errno = serrno; 1089 err(EX_OSERR, "%s: chflags", to_name); 1090 } 1091 } 1092 } 1093 #endif 1094 1095 (void)close(to_fd); 1096 if (!devnull) 1097 (void)close(from_fd); 1098 1099 metadata_log(to_name, "file", tsb, NULL, digestresult, to_sb.st_size); 1100 free(digestresult); 1101 } 1102 1103 /* 1104 * compare -- 1105 * Compare two files; non-zero means files differ. 1106 * Compute digest and return its address in *dresp 1107 * unless it points to pre-computed digest. 1108 */ 1109 static int 1110 compare(int from_fd, const char *from_name __unused, size_t from_len, 1111 int to_fd, const char *to_name __unused, size_t to_len, 1112 char **dresp) 1113 { 1114 char *p, *q; 1115 int rv; 1116 int do_digest, done_compare; 1117 DIGEST_CTX ctx; 1118 1119 rv = 0; 1120 if (from_len != to_len) 1121 return 1; 1122 1123 do_digest = (digesttype != DIGEST_NONE && dresp != NULL && 1124 *dresp == NULL); 1125 if (from_len <= MAX_CMP_SIZE) { 1126 if (do_digest) 1127 digest_init(&ctx); 1128 done_compare = 0; 1129 if (trymmap(from_len) && trymmap(to_len)) { 1130 p = mmap(NULL, from_len, PROT_READ, MAP_SHARED, 1131 from_fd, (off_t)0); 1132 if (p == MAP_FAILED) 1133 goto out; 1134 q = mmap(NULL, from_len, PROT_READ, MAP_SHARED, 1135 to_fd, (off_t)0); 1136 if (q == MAP_FAILED) { 1137 munmap(p, from_len); 1138 goto out; 1139 } 1140 1141 rv = memcmp(p, q, from_len); 1142 if (do_digest) 1143 digest_update(&ctx, p, from_len); 1144 munmap(p, from_len); 1145 munmap(q, from_len); 1146 done_compare = 1; 1147 } 1148 out: 1149 if (!done_compare) { 1150 static char *buf, *buf1, *buf2; 1151 static size_t bufsize; 1152 int n1, n2; 1153 1154 if (buf == NULL) { 1155 /* 1156 * Note that buf and bufsize are static. If 1157 * malloc() fails, it will fail at the start 1158 * and not copy only some files. 1159 */ 1160 if (sysconf(_SC_PHYS_PAGES) > 1161 PHYSPAGES_THRESHOLD) 1162 bufsize = MIN(BUFSIZE_MAX, MAXPHYS * 8); 1163 else 1164 bufsize = BUFSIZE_SMALL; 1165 buf = malloc(bufsize * 2); 1166 if (buf == NULL) 1167 err(1, "Not enough memory"); 1168 buf1 = buf; 1169 buf2 = buf + bufsize; 1170 } 1171 rv = 0; 1172 lseek(from_fd, 0, SEEK_SET); 1173 lseek(to_fd, 0, SEEK_SET); 1174 while (rv == 0) { 1175 n1 = read(from_fd, buf1, bufsize); 1176 if (n1 == 0) 1177 break; /* EOF */ 1178 else if (n1 > 0) { 1179 n2 = read(to_fd, buf2, n1); 1180 if (n2 == n1) 1181 rv = memcmp(buf1, buf2, n1); 1182 else 1183 rv = 1; /* out of sync */ 1184 } else 1185 rv = 1; /* read failure */ 1186 if (do_digest) 1187 digest_update(&ctx, buf1, n1); 1188 } 1189 lseek(from_fd, 0, SEEK_SET); 1190 lseek(to_fd, 0, SEEK_SET); 1191 } 1192 } else 1193 rv = 1; /* don't bother in this case */ 1194 1195 if (do_digest) { 1196 if (rv == 0) 1197 *dresp = digest_end(&ctx, NULL); 1198 else 1199 (void)digest_end(&ctx, NULL); 1200 } 1201 1202 return rv; 1203 } 1204 1205 /* 1206 * create_tempfile -- 1207 * create a temporary file based on path and open it 1208 */ 1209 static int 1210 create_tempfile(const char *path, char *temp, size_t tsize) 1211 { 1212 char *p; 1213 1214 (void)strncpy(temp, path, tsize); 1215 temp[tsize - 1] = '\0'; 1216 if ((p = strrchr(temp, '/')) != NULL) 1217 p++; 1218 else 1219 p = temp; 1220 (void)strncpy(p, "INS@XXXXXX", &temp[tsize - 1] - p); 1221 temp[tsize - 1] = '\0'; 1222 return (mkstemp(temp)); 1223 } 1224 1225 /* 1226 * create_newfile -- 1227 * create a new file, overwriting an existing one if necessary 1228 */ 1229 static int 1230 create_newfile(const char *path, int target, struct stat *sbp) 1231 { 1232 char backup[MAXPATHLEN]; 1233 int saved_errno = 0; 1234 int newfd; 1235 1236 if (target) { 1237 /* 1238 * Unlink now... avoid ETXTBSY errors later. Try to turn 1239 * off the append/immutable bits -- if we fail, go ahead, 1240 * it might work. 1241 */ 1242 #if HAVE_STRUCT_STAT_ST_FLAGS 1243 if (sbp->st_flags & NOCHANGEBITS) 1244 (void)chflags(path, sbp->st_flags & ~NOCHANGEBITS); 1245 #endif 1246 1247 if (dobackup) { 1248 if ((size_t)snprintf(backup, MAXPATHLEN, "%s%s", 1249 path, suffix) != strlen(path) + strlen(suffix)) { 1250 saved_errno = errno; 1251 #if HAVE_STRUCT_STAT_ST_FLAGS 1252 if (sbp->st_flags & NOCHANGEBITS) 1253 (void)chflags(path, sbp->st_flags); 1254 #endif 1255 errno = saved_errno; 1256 errx(EX_OSERR, "%s: backup filename too long", 1257 path); 1258 } 1259 (void)snprintf(backup, MAXPATHLEN, "%s%s", 1260 path, suffix); 1261 if (verbose) 1262 (void)printf("install: %s -> %s\n", 1263 path, backup); 1264 if (rename(path, backup) < 0) { 1265 saved_errno = errno; 1266 #if HAVE_STRUCT_STAT_ST_FLAGS 1267 if (sbp->st_flags & NOCHANGEBITS) 1268 (void)chflags(path, sbp->st_flags); 1269 #endif 1270 errno = saved_errno; 1271 err(EX_OSERR, "rename: %s to %s", path, backup); 1272 } 1273 } else 1274 if (unlink(path) < 0) 1275 saved_errno = errno; 1276 } 1277 1278 newfd = open(path, O_CREAT | O_RDWR | O_TRUNC, S_IRUSR | S_IWUSR); 1279 if (newfd < 0 && saved_errno != 0) 1280 errno = saved_errno; 1281 return newfd; 1282 } 1283 1284 /* 1285 * copy -- 1286 * copy from one file to another 1287 */ 1288 static char * 1289 copy(int from_fd, const char *from_name, int to_fd, const char *to_name, 1290 off_t size) 1291 { 1292 static char *buf = NULL; 1293 static size_t bufsize; 1294 int nr, nw; 1295 int serrno; 1296 #ifndef BOOTSTRAP_XINSTALL 1297 ssize_t ret; 1298 #endif 1299 char *p; 1300 int done_copy; 1301 DIGEST_CTX ctx; 1302 1303 /* Rewind file descriptors. */ 1304 if (lseek(from_fd, (off_t)0, SEEK_SET) == (off_t)-1) 1305 err(EX_OSERR, "lseek: %s", from_name); 1306 if (lseek(to_fd, (off_t)0, SEEK_SET) == (off_t)-1) 1307 err(EX_OSERR, "lseek: %s", to_name); 1308 1309 #ifndef BOOTSTRAP_XINSTALL 1310 /* Try copy_file_range() if no digest is requested */ 1311 if (digesttype == DIGEST_NONE) { 1312 ret = 1; 1313 while (ret > 0) { 1314 ret = copy_file_range(from_fd, NULL, to_fd, NULL, 1315 SSIZE_MAX, 0); 1316 } 1317 if (ret == 0) { 1318 /* DIGEST_NONE always returns NULL */ 1319 return (NULL); 1320 } 1321 if (errno != EINVAL) { 1322 serrno = errno; 1323 (void)unlink(to_name); 1324 errno = serrno; 1325 err(EX_OSERR, "%s", to_name); 1326 } 1327 /* Fall back */ 1328 } 1329 1330 #endif 1331 digest_init(&ctx); 1332 1333 done_copy = 0; 1334 if (trymmap((size_t)size) && 1335 (p = mmap(NULL, (size_t)size, PROT_READ, MAP_SHARED, 1336 from_fd, (off_t)0)) != MAP_FAILED) { 1337 nw = write(to_fd, p, size); 1338 if (nw != size) { 1339 serrno = errno; 1340 (void)unlink(to_name); 1341 if (nw >= 0) { 1342 errx(EX_OSERR, 1343 "short write to %s: %jd bytes written, %jd bytes asked to write", 1344 to_name, (uintmax_t)nw, (uintmax_t)size); 1345 } else { 1346 errno = serrno; 1347 err(EX_OSERR, "%s", to_name); 1348 } 1349 } 1350 digest_update(&ctx, p, size); 1351 (void)munmap(p, size); 1352 done_copy = 1; 1353 } 1354 if (!done_copy) { 1355 if (buf == NULL) { 1356 /* 1357 * Note that buf and bufsize are static. If 1358 * malloc() fails, it will fail at the start 1359 * and not copy only some files. 1360 */ 1361 if (sysconf(_SC_PHYS_PAGES) > 1362 PHYSPAGES_THRESHOLD) 1363 bufsize = MIN(BUFSIZE_MAX, MAXPHYS * 8); 1364 else 1365 bufsize = BUFSIZE_SMALL; 1366 buf = malloc(bufsize); 1367 if (buf == NULL) 1368 err(1, "Not enough memory"); 1369 } 1370 while ((nr = read(from_fd, buf, bufsize)) > 0) { 1371 if ((nw = write(to_fd, buf, nr)) != nr) { 1372 serrno = errno; 1373 (void)unlink(to_name); 1374 if (nw >= 0) { 1375 errx(EX_OSERR, 1376 "short write to %s: %jd bytes written, %jd bytes asked to write", 1377 to_name, (uintmax_t)nw, 1378 (uintmax_t)size); 1379 } else { 1380 errno = serrno; 1381 err(EX_OSERR, "%s", to_name); 1382 } 1383 } 1384 digest_update(&ctx, buf, nr); 1385 } 1386 if (nr != 0) { 1387 serrno = errno; 1388 (void)unlink(to_name); 1389 errno = serrno; 1390 err(EX_OSERR, "%s", from_name); 1391 } 1392 } 1393 if (safecopy && fsync(to_fd) == -1) { 1394 serrno = errno; 1395 (void)unlink(to_name); 1396 errno = serrno; 1397 err(EX_OSERR, "fsync failed for %s", to_name); 1398 } 1399 return (digest_end(&ctx, NULL)); 1400 } 1401 1402 /* 1403 * strip -- 1404 * Use strip(1) to strip the target file. 1405 * Just invoke strip(1) on to_name if from_name is NULL, else try 1406 * to run "strip -o to_name from_name" and return 0 on failure. 1407 * Return 1 on success and assign result of digest_file(to_name) 1408 * to *dresp. 1409 */ 1410 static int 1411 strip(const char *to_name, int to_fd, const char *from_name, char **dresp) 1412 { 1413 const char *stripbin; 1414 const char *args[5]; 1415 char *prefixed_from_name; 1416 pid_t pid; 1417 int error, serrno, status; 1418 1419 prefixed_from_name = NULL; 1420 stripbin = getenv("STRIPBIN"); 1421 if (stripbin == NULL) 1422 stripbin = "strip"; 1423 args[0] = stripbin; 1424 if (from_name == NULL) { 1425 args[1] = to_name; 1426 args[2] = NULL; 1427 } else { 1428 args[1] = "-o"; 1429 args[2] = to_name; 1430 1431 /* Prepend './' if from_name begins with '-' */ 1432 if (from_name[0] == '-') { 1433 if (asprintf(&prefixed_from_name, "./%s", from_name) == -1) 1434 return (0); 1435 args[3] = prefixed_from_name; 1436 } else { 1437 args[3] = from_name; 1438 } 1439 args[4] = NULL; 1440 } 1441 error = posix_spawnp(&pid, stripbin, NULL, NULL, 1442 __DECONST(char **, args), environ); 1443 if (error != 0) { 1444 (void)unlink(to_name); 1445 errc(error == EAGAIN || error == EPROCLIM || error == ENOMEM ? 1446 EX_TEMPFAIL : EX_OSERR, error, "spawn %s", stripbin); 1447 } 1448 free(prefixed_from_name); 1449 if (waitpid(pid, &status, 0) == -1) { 1450 error = errno; 1451 (void)unlink(to_name); 1452 errc(EX_SOFTWARE, error, "wait"); 1453 /* NOTREACHED */ 1454 } 1455 if (status != 0) { 1456 if (from_name != NULL) 1457 return (0); 1458 (void)unlink(to_name); 1459 errx(EX_SOFTWARE, "strip command %s failed on %s", 1460 stripbin, to_name); 1461 } 1462 if (from_name != NULL && safecopy && fsync(to_fd) == -1) { 1463 serrno = errno; 1464 (void)unlink(to_name); 1465 errno = serrno; 1466 err(EX_OSERR, "fsync failed for %s", to_name); 1467 } 1468 if (dresp != NULL) 1469 *dresp = digest_file(to_name); 1470 return (1); 1471 } 1472 1473 /* 1474 * install_dir -- 1475 * build directory hierarchy 1476 */ 1477 static void 1478 install_dir(char *path) 1479 { 1480 char *p; 1481 struct stat sb; 1482 int ch, tried_mkdir; 1483 1484 for (p = path;; ++p) 1485 if (!*p || (p != path && *p == '/')) { 1486 tried_mkdir = 0; 1487 ch = *p; 1488 *p = '\0'; 1489 again: 1490 if (stat(path, &sb) != 0) { 1491 if (errno != ENOENT || tried_mkdir) 1492 err(EX_OSERR, "stat %s", path); 1493 if (mkdir(path, 0755) < 0) { 1494 tried_mkdir = 1; 1495 if (errno == EEXIST) 1496 goto again; 1497 err(EX_OSERR, "mkdir %s", path); 1498 } 1499 if (verbose) 1500 (void)printf("install: mkdir %s\n", 1501 path); 1502 } else if (!S_ISDIR(sb.st_mode)) 1503 errx(EX_OSERR, "%s exists but is not a directory", path); 1504 if (!(*p = ch)) 1505 break; 1506 } 1507 1508 if (!dounpriv) { 1509 if ((gid != (gid_t)-1 || uid != (uid_t)-1) && 1510 chown(path, uid, gid)) 1511 warn("chown %u:%u %s", uid, gid, path); 1512 /* XXXBED: should we do the chmod in the dounpriv case? */ 1513 if (chmod(path, mode)) 1514 warn("chmod %o %s", mode, path); 1515 } 1516 metadata_log(path, "dir", NULL, NULL, NULL, 0); 1517 } 1518 1519 /* 1520 * metadata_log -- 1521 * if metafp is not NULL, output mtree(8) full path name and settings to 1522 * metafp, to allow permissions to be set correctly by other tools, 1523 * or to allow integrity checks to be performed. 1524 */ 1525 static void 1526 metadata_log(const char *path, const char *type, struct timespec *ts, 1527 const char *slink, const char *digestresult, off_t size) 1528 { 1529 static const char extra[] = { ' ', '\t', '\n', '\\', '#', '\0' }; 1530 const char *p; 1531 char *buf; 1532 size_t buflen, destlen; 1533 struct flock metalog_lock; 1534 1535 if (!metafp) 1536 return; 1537 /* Buffer for strsnvis(3), used for both path and slink. */ 1538 buflen = strlen(path); 1539 if (slink && strlen(slink) > buflen) 1540 buflen = strlen(slink); 1541 buflen = 4 * buflen + 1; 1542 if ((buf = malloc(buflen)) == NULL) { 1543 warn(NULL); 1544 return; 1545 } 1546 1547 /* Lock log file. */ 1548 metalog_lock.l_start = 0; 1549 metalog_lock.l_len = 0; 1550 metalog_lock.l_whence = SEEK_SET; 1551 metalog_lock.l_type = F_WRLCK; 1552 if (fcntl(fileno(metafp), F_SETLKW, &metalog_lock) == -1) { 1553 warn("can't lock %s", metafile); 1554 free(buf); 1555 return; 1556 } 1557 1558 /* Remove destdir. */ 1559 p = path; 1560 if (destdir) { 1561 destlen = strlen(destdir); 1562 if (strncmp(p, destdir, destlen) == 0 && 1563 (p[destlen] == '/' || p[destlen] == '\0')) 1564 p += destlen; 1565 } 1566 while (*p && *p == '/') 1567 p++; 1568 strsnvis(buf, buflen, p, VIS_OCTAL, extra); 1569 p = buf; 1570 /* Print details. */ 1571 fprintf(metafp, ".%s%s type=%s", *p ? "/" : "", p, type); 1572 if (owner) 1573 fprintf(metafp, " uname=%s", owner); 1574 if (group) 1575 fprintf(metafp, " gname=%s", group); 1576 fprintf(metafp, " mode=%#o", mode); 1577 if (slink) { 1578 strsnvis(buf, buflen, slink, VIS_CSTYLE, extra); 1579 fprintf(metafp, " link=%s", buf); 1580 } 1581 if (*type == 'f') /* type=file */ 1582 fprintf(metafp, " size=%lld", (long long)size); 1583 if (ts != NULL && dopreserve) 1584 fprintf(metafp, " time=%lld.%09ld", 1585 (long long)ts[1].tv_sec, ts[1].tv_nsec); 1586 if (digestresult && digest) 1587 fprintf(metafp, " %s=%s", digest, digestresult); 1588 if (fflags) 1589 fprintf(metafp, " flags=%s", fflags); 1590 if (tags) 1591 fprintf(metafp, " tags=%s", tags); 1592 fputc('\n', metafp); 1593 /* Flush line. */ 1594 fflush(metafp); 1595 1596 /* Unlock log file. */ 1597 metalog_lock.l_type = F_UNLCK; 1598 if (fcntl(fileno(metafp), F_SETLKW, &metalog_lock) == -1) 1599 warn("can't unlock %s", metafile); 1600 free(buf); 1601 } 1602 1603 /* 1604 * usage -- 1605 * print a usage message and die 1606 */ 1607 static void 1608 usage(void) 1609 { 1610 (void)fprintf(stderr, 1611 "usage: install [-bCcpSsUv] [-f flags] [-g group] [-m mode] [-o owner]\n" 1612 " [-M log] [-D dest] [-h hash] [-T tags]\n" 1613 " [-B suffix] [-l linkflags] [-N dbdir]\n" 1614 " file1 file2\n" 1615 " install [-bCcpSsUv] [-f flags] [-g group] [-m mode] [-o owner]\n" 1616 " [-M log] [-D dest] [-h hash] [-T tags]\n" 1617 " [-B suffix] [-l linkflags] [-N dbdir]\n" 1618 " file1 ... fileN directory\n" 1619 " install -dU [-vU] [-g group] [-m mode] [-N dbdir] [-o owner]\n" 1620 " [-M log] [-D dest] [-h hash] [-T tags]\n" 1621 " directory ...\n"); 1622 exit(EX_USAGE); 1623 /* NOTREACHED */ 1624 } 1625 1626 /* 1627 * trymmap -- 1628 * return true (1) if mmap should be tried, false (0) if not. 1629 */ 1630 static int 1631 trymmap(size_t filesize) 1632 { 1633 /* 1634 * This function existed to skip mmap() for NFS file systems whereas 1635 * nowadays mmap() should be perfectly safe. Nevertheless, using mmap() 1636 * only reduces the number of system calls if we need multiple read() 1637 * syscalls, i.e. if the file size is > MAXBSIZE. However, mmap() is 1638 * more expensive than read() so set the threshold at 4 fewer syscalls. 1639 * Additionally, for larger file size mmap() can significantly increase 1640 * the number of page faults, so avoid it in that case. 1641 * 1642 * Note: the 8MB limit is not based on any meaningful benchmarking 1643 * results, it is simply reusing the same value that was used before 1644 * and also matches bin/cp. 1645 * 1646 * XXX: Maybe we shouldn't bother with mmap() at all, since we use 1647 * MAXBSIZE the syscall overhead of read() shouldn't be too high? 1648 */ 1649 return (filesize > 4 * MAXBSIZE && filesize < 8 * 1024 * 1024); 1650 } 1651