1 /* 2 * Copyright (c) 2012, 2013 SRI International 3 * Copyright (c) 1987, 1993 4 * The Regents of the University of California. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 4. Neither the name of the University nor the names of its contributors 15 * may be used to endorse or promote products derived from this software 16 * without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 */ 30 31 #ifndef lint 32 static const char copyright[] = 33 "@(#) Copyright (c) 1987, 1993\n\ 34 The Regents of the University of California. All rights reserved.\n"; 35 #endif /* not lint */ 36 37 #if 0 38 #ifndef lint 39 static char sccsid[] = "@(#)xinstall.c 8.1 (Berkeley) 7/21/93"; 40 #endif /* not lint */ 41 #endif 42 43 #include <sys/cdefs.h> 44 __FBSDID("$FreeBSD$"); 45 46 #include <sys/param.h> 47 #include <sys/mman.h> 48 #include <sys/mount.h> 49 #include <sys/stat.h> 50 #include <sys/time.h> 51 #include <sys/wait.h> 52 53 #include <err.h> 54 #include <errno.h> 55 #include <fcntl.h> 56 #include <grp.h> 57 #include <libgen.h> 58 #include <md5.h> 59 #include <paths.h> 60 #include <pwd.h> 61 #include <ripemd.h> 62 #include <sha.h> 63 #include <sha256.h> 64 #include <sha512.h> 65 #include <spawn.h> 66 #include <stdint.h> 67 #include <stdio.h> 68 #include <stdlib.h> 69 #include <string.h> 70 #include <sysexits.h> 71 #include <unistd.h> 72 #include <vis.h> 73 74 #include "mtree.h" 75 76 #define MAX_CMP_SIZE (16 * 1024 * 1024) 77 78 #define LN_ABSOLUTE 0x01 79 #define LN_RELATIVE 0x02 80 #define LN_HARD 0x04 81 #define LN_SYMBOLIC 0x08 82 #define LN_MIXED 0x10 83 84 #define DIRECTORY 0x01 /* Tell install it's a directory. */ 85 #define SETFLAGS 0x02 /* Tell install to set flags. */ 86 #define NOCHANGEBITS (UF_IMMUTABLE | UF_APPEND | SF_IMMUTABLE | SF_APPEND) 87 #define BACKUP_SUFFIX ".old" 88 89 typedef union { 90 MD5_CTX MD5; 91 RIPEMD160_CTX RIPEMD160; 92 SHA1_CTX SHA1; 93 SHA256_CTX SHA256; 94 SHA512_CTX SHA512; 95 } DIGEST_CTX; 96 97 static enum { 98 DIGEST_NONE = 0, 99 DIGEST_MD5, 100 DIGEST_RIPEMD160, 101 DIGEST_SHA1, 102 DIGEST_SHA256, 103 DIGEST_SHA512, 104 } digesttype = DIGEST_NONE; 105 106 extern char **environ; 107 108 static gid_t gid; 109 static uid_t uid; 110 static int dobackup, docompare, dodir, dolink, dopreserve, dostrip, dounpriv, 111 safecopy, verbose; 112 static int haveopt_f, haveopt_g, haveopt_m, haveopt_o; 113 static mode_t mode = S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH; 114 static FILE *metafp; 115 static const char *group, *owner; 116 static const char *suffix = BACKUP_SUFFIX; 117 static char *destdir, *digest, *fflags, *metafile, *tags; 118 119 static int compare(int, const char *, size_t, int, const char *, size_t, 120 char **); 121 static char *copy(int, const char *, int, const char *, off_t); 122 static int create_newfile(const char *, int, struct stat *); 123 static int create_tempfile(const char *, char *, size_t); 124 static char *quiet_mktemp(char *template); 125 static char *digest_file(const char *); 126 static void digest_init(DIGEST_CTX *); 127 static void digest_update(DIGEST_CTX *, const char *, size_t); 128 static char *digest_end(DIGEST_CTX *, char *); 129 static int do_link(const char *, const char *, const struct stat *); 130 static void do_symlink(const char *, const char *, const struct stat *); 131 static void makelink(const char *, const char *, const struct stat *); 132 static void install(const char *, const char *, u_long, u_int); 133 static void install_dir(char *); 134 static void metadata_log(const char *, const char *, struct timeval *, 135 const char *, const char *, off_t); 136 static int parseid(const char *, id_t *); 137 static void strip(const char *); 138 static int trymmap(int); 139 static void usage(void); 140 141 int 142 main(int argc, char *argv[]) 143 { 144 struct stat from_sb, to_sb; 145 mode_t *set; 146 u_long fset; 147 int ch, no_target; 148 u_int iflags; 149 char *p; 150 const char *to_name; 151 152 iflags = 0; 153 group = owner = NULL; 154 while ((ch = getopt(argc, argv, "B:bCcD:df:g:h:l:M:m:N:o:pSsT:Uv")) != 155 -1) 156 switch((char)ch) { 157 case 'B': 158 suffix = optarg; 159 /* FALLTHROUGH */ 160 case 'b': 161 dobackup = 1; 162 break; 163 case 'C': 164 docompare = 1; 165 break; 166 case 'c': 167 /* For backwards compatibility. */ 168 break; 169 case 'D': 170 destdir = optarg; 171 break; 172 case 'd': 173 dodir = 1; 174 break; 175 case 'f': 176 haveopt_f = 1; 177 fflags = optarg; 178 break; 179 case 'g': 180 haveopt_g = 1; 181 group = optarg; 182 break; 183 case 'h': 184 digest = optarg; 185 break; 186 case 'l': 187 for (p = optarg; *p != '\0'; p++) 188 switch (*p) { 189 case 's': 190 dolink &= ~(LN_HARD|LN_MIXED); 191 dolink |= LN_SYMBOLIC; 192 break; 193 case 'h': 194 dolink &= ~(LN_SYMBOLIC|LN_MIXED); 195 dolink |= LN_HARD; 196 break; 197 case 'm': 198 dolink &= ~(LN_SYMBOLIC|LN_HARD); 199 dolink |= LN_MIXED; 200 break; 201 case 'a': 202 dolink &= ~LN_RELATIVE; 203 dolink |= LN_ABSOLUTE; 204 break; 205 case 'r': 206 dolink &= ~LN_ABSOLUTE; 207 dolink |= LN_RELATIVE; 208 break; 209 default: 210 errx(1, "%c: invalid link type", *p); 211 /* NOTREACHED */ 212 } 213 break; 214 case 'M': 215 metafile = optarg; 216 break; 217 case 'm': 218 haveopt_m = 1; 219 if (!(set = setmode(optarg))) 220 errx(EX_USAGE, "invalid file mode: %s", 221 optarg); 222 mode = getmode(set, 0); 223 free(set); 224 break; 225 case 'N': 226 if (!setup_getid(optarg)) 227 err(EX_OSERR, "Unable to use user and group " 228 "databases in `%s'", optarg); 229 break; 230 case 'o': 231 haveopt_o = 1; 232 owner = optarg; 233 break; 234 case 'p': 235 docompare = dopreserve = 1; 236 break; 237 case 'S': 238 safecopy = 1; 239 break; 240 case 's': 241 dostrip = 1; 242 break; 243 case 'T': 244 tags = optarg; 245 break; 246 case 'U': 247 dounpriv = 1; 248 break; 249 case 'v': 250 verbose = 1; 251 break; 252 case '?': 253 default: 254 usage(); 255 } 256 argc -= optind; 257 argv += optind; 258 259 /* some options make no sense when creating directories */ 260 if (dostrip && dodir) { 261 warnx("-d and -s may not be specified together"); 262 usage(); 263 } 264 265 if (getenv("DONTSTRIP") != NULL) { 266 warnx("DONTSTRIP set - will not strip installed binaries"); 267 dostrip = 0; 268 } 269 270 /* must have at least two arguments, except when creating directories */ 271 if (argc == 0 || (argc == 1 && !dodir)) 272 usage(); 273 274 if (digest != NULL) { 275 if (strcmp(digest, "none") == 0) { 276 digesttype = DIGEST_NONE; 277 } else if (strcmp(digest, "md5") == 0) { 278 digesttype = DIGEST_MD5; 279 } else if (strcmp(digest, "rmd160") == 0) { 280 digesttype = DIGEST_RIPEMD160; 281 } else if (strcmp(digest, "sha1") == 0) { 282 digesttype = DIGEST_SHA1; 283 } else if (strcmp(digest, "sha256") == 0) { 284 digesttype = DIGEST_SHA256; 285 } else if (strcmp(digest, "sha512") == 0) { 286 digesttype = DIGEST_SHA512; 287 } else { 288 warnx("unknown digest `%s'", digest); 289 usage(); 290 } 291 } 292 293 /* need to make a temp copy so we can compare stripped version */ 294 if (docompare && dostrip) 295 safecopy = 1; 296 297 /* get group and owner id's */ 298 if (group != NULL && !dounpriv) { 299 if (gid_from_group(group, &gid) == -1) { 300 id_t id; 301 if (!parseid(group, &id)) 302 errx(1, "unknown group %s", group); 303 gid = id; 304 } 305 } else 306 gid = (gid_t)-1; 307 308 if (owner != NULL && !dounpriv) { 309 if (uid_from_user(owner, &uid) == -1) { 310 id_t id; 311 if (!parseid(owner, &id)) 312 errx(1, "unknown user %s", owner); 313 uid = id; 314 } 315 } else 316 uid = (uid_t)-1; 317 318 if (fflags != NULL && !dounpriv) { 319 if (strtofflags(&fflags, &fset, NULL)) 320 errx(EX_USAGE, "%s: invalid flag", fflags); 321 iflags |= SETFLAGS; 322 } 323 324 if (metafile != NULL) { 325 if ((metafp = fopen(metafile, "a")) == NULL) 326 warn("open %s", metafile); 327 } else 328 digesttype = DIGEST_NONE; 329 330 if (dodir) { 331 for (; *argv != NULL; ++argv) 332 install_dir(*argv); 333 exit(EX_OK); 334 /* NOTREACHED */ 335 } 336 337 to_name = argv[argc - 1]; 338 no_target = stat(to_name, &to_sb); 339 if (!no_target && S_ISDIR(to_sb.st_mode)) { 340 if (dolink & LN_SYMBOLIC) { 341 if (lstat(to_name, &to_sb) != 0) 342 err(EX_OSERR, "%s vanished", to_name); 343 if (S_ISLNK(to_sb.st_mode)) { 344 if (argc != 2) { 345 errno = ENOTDIR; 346 err(EX_USAGE, "%s", to_name); 347 } 348 install(*argv, to_name, fset, iflags); 349 exit(EX_OK); 350 } 351 } 352 for (; *argv != to_name; ++argv) 353 install(*argv, to_name, fset, iflags | DIRECTORY); 354 exit(EX_OK); 355 /* NOTREACHED */ 356 } 357 358 /* can't do file1 file2 directory/file */ 359 if (argc != 2) { 360 if (no_target) 361 warnx("target directory `%s' does not exist", 362 argv[argc - 1]); 363 else 364 warnx("target `%s' is not a directory", 365 argv[argc - 1]); 366 usage(); 367 } 368 369 if (!no_target && !dolink) { 370 if (stat(*argv, &from_sb)) 371 err(EX_OSERR, "%s", *argv); 372 if (!S_ISREG(to_sb.st_mode)) { 373 errno = EFTYPE; 374 err(EX_OSERR, "%s", to_name); 375 } 376 if (to_sb.st_dev == from_sb.st_dev && 377 to_sb.st_ino == from_sb.st_ino) 378 errx(EX_USAGE, 379 "%s and %s are the same file", *argv, to_name); 380 } 381 install(*argv, to_name, fset, iflags); 382 exit(EX_OK); 383 /* NOTREACHED */ 384 } 385 386 static char * 387 digest_file(const char *name) 388 { 389 390 switch (digesttype) { 391 case DIGEST_MD5: 392 return (MD5File(name, NULL)); 393 case DIGEST_RIPEMD160: 394 return (RIPEMD160_File(name, NULL)); 395 case DIGEST_SHA1: 396 return (SHA1_File(name, NULL)); 397 case DIGEST_SHA256: 398 return (SHA256_File(name, NULL)); 399 case DIGEST_SHA512: 400 return (SHA512_File(name, NULL)); 401 default: 402 return (NULL); 403 } 404 } 405 406 static void 407 digest_init(DIGEST_CTX *c) 408 { 409 410 switch (digesttype) { 411 case DIGEST_NONE: 412 break; 413 case DIGEST_MD5: 414 MD5Init(&(c->MD5)); 415 break; 416 case DIGEST_RIPEMD160: 417 RIPEMD160_Init(&(c->RIPEMD160)); 418 break; 419 case DIGEST_SHA1: 420 SHA1_Init(&(c->SHA1)); 421 break; 422 case DIGEST_SHA256: 423 SHA256_Init(&(c->SHA256)); 424 break; 425 case DIGEST_SHA512: 426 SHA512_Init(&(c->SHA512)); 427 break; 428 } 429 } 430 431 static void 432 digest_update(DIGEST_CTX *c, const char *data, size_t len) 433 { 434 435 switch (digesttype) { 436 case DIGEST_NONE: 437 break; 438 case DIGEST_MD5: 439 MD5Update(&(c->MD5), data, len); 440 break; 441 case DIGEST_RIPEMD160: 442 RIPEMD160_Update(&(c->RIPEMD160), data, len); 443 break; 444 case DIGEST_SHA1: 445 SHA1_Update(&(c->SHA1), data, len); 446 break; 447 case DIGEST_SHA256: 448 SHA256_Update(&(c->SHA256), data, len); 449 break; 450 case DIGEST_SHA512: 451 SHA512_Update(&(c->SHA512), data, len); 452 break; 453 } 454 } 455 456 static char * 457 digest_end(DIGEST_CTX *c, char *buf) 458 { 459 460 switch (digesttype) { 461 case DIGEST_MD5: 462 return (MD5End(&(c->MD5), buf)); 463 case DIGEST_RIPEMD160: 464 return (RIPEMD160_End(&(c->RIPEMD160), buf)); 465 case DIGEST_SHA1: 466 return (SHA1_End(&(c->SHA1), buf)); 467 case DIGEST_SHA256: 468 return (SHA256_End(&(c->SHA256), buf)); 469 case DIGEST_SHA512: 470 return (SHA512_End(&(c->SHA512), buf)); 471 default: 472 return (NULL); 473 } 474 } 475 476 /* 477 * parseid -- 478 * parse uid or gid from arg into id, returning non-zero if successful 479 */ 480 static int 481 parseid(const char *name, id_t *id) 482 { 483 char *ep; 484 errno = 0; 485 *id = (id_t)strtoul(name, &ep, 10); 486 if (errno || *ep != '\0') 487 return (0); 488 return (1); 489 } 490 491 /* 492 * quiet_mktemp -- 493 * mktemp implementation used mkstemp to avoid mktemp warnings. We 494 * really do need mktemp semantics here as we will be creating a link. 495 */ 496 static char * 497 quiet_mktemp(char *template) 498 { 499 int fd; 500 501 if ((fd = mkstemp(template)) == -1) 502 return (NULL); 503 close (fd); 504 if (unlink(template) == -1) 505 err(EX_OSERR, "unlink %s", template); 506 return (template); 507 } 508 509 /* 510 * do_link -- 511 * make a hard link, obeying dorename if set 512 * return -1 on failure 513 */ 514 static int 515 do_link(const char *from_name, const char *to_name, 516 const struct stat *target_sb) 517 { 518 char tmpl[MAXPATHLEN]; 519 int ret; 520 521 if (safecopy && target_sb != NULL) { 522 (void)snprintf(tmpl, sizeof(tmpl), "%s.inst.XXXXXX", to_name); 523 /* This usage is safe. */ 524 if (quiet_mktemp(tmpl) == NULL) 525 err(EX_OSERR, "%s: mktemp", tmpl); 526 ret = link(from_name, tmpl); 527 if (ret == 0) { 528 if (target_sb->st_mode & S_IFDIR && rmdir(to_name) == 529 -1) { 530 unlink(tmpl); 531 err(EX_OSERR, "%s", to_name); 532 } 533 if (target_sb->st_flags & NOCHANGEBITS) 534 (void)chflags(to_name, target_sb->st_flags & 535 ~NOCHANGEBITS); 536 unlink(to_name); 537 ret = rename(tmpl, to_name); 538 /* 539 * If rename has posix semantics, then the temporary 540 * file may still exist when from_name and to_name point 541 * to the same file, so unlink it unconditionally. 542 */ 543 (void)unlink(tmpl); 544 } 545 return (ret); 546 } else 547 return (link(from_name, to_name)); 548 } 549 550 /* 551 * do_symlink -- 552 * Make a symbolic link, obeying dorename if set. Exit on failure. 553 */ 554 static void 555 do_symlink(const char *from_name, const char *to_name, 556 const struct stat *target_sb) 557 { 558 char tmpl[MAXPATHLEN]; 559 560 if (safecopy && target_sb != NULL) { 561 (void)snprintf(tmpl, sizeof(tmpl), "%s.inst.XXXXXX", to_name); 562 /* This usage is safe. */ 563 if (quiet_mktemp(tmpl) == NULL) 564 err(EX_OSERR, "%s: mktemp", tmpl); 565 566 if (symlink(from_name, tmpl) == -1) 567 err(EX_OSERR, "symlink %s -> %s", from_name, tmpl); 568 569 if (target_sb->st_mode & S_IFDIR && rmdir(to_name) == -1) { 570 (void)unlink(tmpl); 571 err(EX_OSERR, "%s", to_name); 572 } 573 if (target_sb->st_flags & NOCHANGEBITS) 574 (void)chflags(to_name, target_sb->st_flags & 575 ~NOCHANGEBITS); 576 unlink(to_name); 577 578 if (rename(tmpl, to_name) == -1) { 579 /* Remove temporary link before exiting. */ 580 (void)unlink(tmpl); 581 err(EX_OSERR, "%s: rename", to_name); 582 } 583 } else { 584 if (symlink(from_name, to_name) == -1) 585 err(EX_OSERR, "symlink %s -> %s", from_name, to_name); 586 } 587 } 588 589 /* 590 * makelink -- 591 * make a link from source to destination 592 */ 593 static void 594 makelink(const char *from_name, const char *to_name, 595 const struct stat *target_sb) 596 { 597 char src[MAXPATHLEN], dst[MAXPATHLEN], lnk[MAXPATHLEN]; 598 struct stat to_sb; 599 600 /* Try hard links first. */ 601 if (dolink & (LN_HARD|LN_MIXED)) { 602 if (do_link(from_name, to_name, target_sb) == -1) { 603 if ((dolink & LN_HARD) || errno != EXDEV) 604 err(EX_OSERR, "link %s -> %s", from_name, to_name); 605 } else { 606 if (stat(to_name, &to_sb)) 607 err(EX_OSERR, "%s: stat", to_name); 608 if (S_ISREG(to_sb.st_mode)) { 609 /* 610 * XXX: hard links to anything other than 611 * plain files are not metalogged 612 */ 613 int omode; 614 const char *oowner, *ogroup; 615 char *offlags; 616 char *dres; 617 618 /* 619 * XXX: use underlying perms, unless 620 * overridden on command line. 621 */ 622 omode = mode; 623 if (!haveopt_m) 624 mode = (to_sb.st_mode & 0777); 625 oowner = owner; 626 if (!haveopt_o) 627 owner = NULL; 628 ogroup = group; 629 if (!haveopt_g) 630 group = NULL; 631 offlags = fflags; 632 if (!haveopt_f) 633 fflags = NULL; 634 dres = digest_file(from_name); 635 metadata_log(to_name, "file", NULL, NULL, 636 dres, to_sb.st_size); 637 free(dres); 638 mode = omode; 639 owner = oowner; 640 group = ogroup; 641 fflags = offlags; 642 } 643 return; 644 } 645 } 646 647 /* Symbolic links. */ 648 if (dolink & LN_ABSOLUTE) { 649 /* Convert source path to absolute. */ 650 if (realpath(from_name, src) == NULL) 651 err(EX_OSERR, "%s: realpath", from_name); 652 do_symlink(src, to_name, target_sb); 653 /* XXX: src may point outside of destdir */ 654 metadata_log(to_name, "link", NULL, src, NULL, 0); 655 return; 656 } 657 658 if (dolink & LN_RELATIVE) { 659 char *cp, *d, *s; 660 661 /* Resolve pathnames. */ 662 if (realpath(from_name, src) == NULL) 663 err(EX_OSERR, "%s: realpath", from_name); 664 665 /* 666 * The last component of to_name may be a symlink, 667 * so use realpath to resolve only the directory. 668 */ 669 cp = dirname(to_name); 670 if (realpath(cp, dst) == NULL) 671 err(EX_OSERR, "%s: realpath", cp); 672 /* .. and add the last component. */ 673 if (strcmp(dst, "/") != 0) { 674 if (strlcat(dst, "/", sizeof(dst)) > sizeof(dst)) 675 errx(1, "resolved pathname too long"); 676 } 677 cp = basename(to_name); 678 if (strlcat(dst, cp, sizeof(dst)) > sizeof(dst)) 679 errx(1, "resolved pathname too long"); 680 681 /* Trim common path components. */ 682 for (s = src, d = dst; *s == *d; s++, d++) 683 continue; 684 while (*s != '/') 685 s--, d--; 686 687 /* Count the number of directories we need to backtrack. */ 688 for (++d, lnk[0] = '\0'; *d; d++) 689 if (*d == '/') 690 (void)strlcat(lnk, "../", sizeof(lnk)); 691 692 (void)strlcat(lnk, ++s, sizeof(lnk)); 693 694 do_symlink(lnk, to_name, target_sb); 695 /* XXX: Link may point outside of destdir. */ 696 metadata_log(to_name, "link", NULL, lnk, NULL, 0); 697 return; 698 } 699 700 /* 701 * If absolute or relative was not specified, try the names the 702 * user provided. 703 */ 704 do_symlink(from_name, to_name, target_sb); 705 /* XXX: from_name may point outside of destdir. */ 706 metadata_log(to_name, "link", NULL, from_name, NULL, 0); 707 } 708 709 /* 710 * install -- 711 * build a path name and install the file 712 */ 713 static void 714 install(const char *from_name, const char *to_name, u_long fset, u_int flags) 715 { 716 struct stat from_sb, temp_sb, to_sb; 717 struct timeval tvb[2]; 718 int devnull, files_match, from_fd, serrno, target; 719 int tempcopy, temp_fd, to_fd; 720 char backup[MAXPATHLEN], *p, pathbuf[MAXPATHLEN], tempfile[MAXPATHLEN]; 721 char *digestresult; 722 723 files_match = 0; 724 from_fd = -1; 725 to_fd = -1; 726 727 /* If try to install NULL file to a directory, fails. */ 728 if (flags & DIRECTORY || strcmp(from_name, _PATH_DEVNULL)) { 729 if (!dolink) { 730 if (stat(from_name, &from_sb)) 731 err(EX_OSERR, "%s", from_name); 732 if (!S_ISREG(from_sb.st_mode)) { 733 errno = EFTYPE; 734 err(EX_OSERR, "%s", from_name); 735 } 736 } 737 /* Build the target path. */ 738 if (flags & DIRECTORY) { 739 (void)snprintf(pathbuf, sizeof(pathbuf), "%s/%s", 740 to_name, 741 (p = strrchr(from_name, '/')) ? ++p : from_name); 742 to_name = pathbuf; 743 } 744 devnull = 0; 745 } else { 746 devnull = 1; 747 } 748 749 if (!dolink) 750 target = (stat(to_name, &to_sb) == 0); 751 else 752 target = (lstat(to_name, &to_sb) == 0); 753 754 if (dolink) { 755 if (target && !safecopy) { 756 if (to_sb.st_mode & S_IFDIR && rmdir(to_name) == -1) 757 err(EX_OSERR, "%s", to_name); 758 if (to_sb.st_flags & NOCHANGEBITS) 759 (void)chflags(to_name, 760 to_sb.st_flags & ~NOCHANGEBITS); 761 unlink(to_name); 762 } 763 makelink(from_name, to_name, target ? &to_sb : NULL); 764 return; 765 } 766 767 /* Only install to regular files. */ 768 if (target && !S_ISREG(to_sb.st_mode)) { 769 errno = EFTYPE; 770 warn("%s", to_name); 771 return; 772 } 773 774 /* Only copy safe if the target exists. */ 775 tempcopy = safecopy && target; 776 777 if (!devnull && (from_fd = open(from_name, O_RDONLY, 0)) < 0) 778 err(EX_OSERR, "%s", from_name); 779 780 /* If we don't strip, we can compare first. */ 781 if (docompare && !dostrip && target) { 782 if ((to_fd = open(to_name, O_RDONLY, 0)) < 0) 783 err(EX_OSERR, "%s", to_name); 784 if (devnull) 785 files_match = to_sb.st_size == 0; 786 else 787 files_match = !(compare(from_fd, from_name, 788 (size_t)from_sb.st_size, to_fd, 789 to_name, (size_t)to_sb.st_size, &digestresult)); 790 791 /* Close "to" file unless we match. */ 792 if (!files_match) 793 (void)close(to_fd); 794 } 795 796 if (!files_match) { 797 if (tempcopy) { 798 to_fd = create_tempfile(to_name, tempfile, 799 sizeof(tempfile)); 800 if (to_fd < 0) 801 err(EX_OSERR, "%s", tempfile); 802 } else { 803 if ((to_fd = create_newfile(to_name, target, 804 &to_sb)) < 0) 805 err(EX_OSERR, "%s", to_name); 806 if (verbose) 807 (void)printf("install: %s -> %s\n", 808 from_name, to_name); 809 } 810 if (!devnull) 811 digestresult = copy(from_fd, from_name, to_fd, 812 tempcopy ? tempfile : to_name, from_sb.st_size); 813 else 814 digestresult = NULL; 815 } 816 817 if (dostrip) { 818 strip(tempcopy ? tempfile : to_name); 819 820 /* 821 * Re-open our fd on the target, in case we used a strip 822 * that does not work in-place -- like GNU binutils strip. 823 */ 824 close(to_fd); 825 to_fd = open(tempcopy ? tempfile : to_name, O_RDONLY, 0); 826 if (to_fd < 0) 827 err(EX_OSERR, "stripping %s", to_name); 828 } 829 830 /* 831 * Compare the stripped temp file with the target. 832 */ 833 if (docompare && dostrip && target) { 834 temp_fd = to_fd; 835 836 /* Re-open to_fd using the real target name. */ 837 if ((to_fd = open(to_name, O_RDONLY, 0)) < 0) 838 err(EX_OSERR, "%s", to_name); 839 840 if (fstat(temp_fd, &temp_sb)) { 841 serrno = errno; 842 (void)unlink(tempfile); 843 errno = serrno; 844 err(EX_OSERR, "%s", tempfile); 845 } 846 847 if (compare(temp_fd, tempfile, (size_t)temp_sb.st_size, to_fd, 848 to_name, (size_t)to_sb.st_size, &digestresult) 849 == 0) { 850 /* 851 * If target has more than one link we need to 852 * replace it in order to snap the extra links. 853 * Need to preserve target file times, though. 854 */ 855 if (to_sb.st_nlink != 1) { 856 tvb[0].tv_sec = to_sb.st_atime; 857 tvb[0].tv_usec = 0; 858 tvb[1].tv_sec = to_sb.st_mtime; 859 tvb[1].tv_usec = 0; 860 (void)utimes(tempfile, tvb); 861 } else { 862 files_match = 1; 863 (void)unlink(tempfile); 864 } 865 (void) close(temp_fd); 866 } 867 } 868 869 if (dostrip && (!docompare || !target)) 870 digestresult = digest_file(tempfile); 871 872 /* 873 * Move the new file into place if doing a safe copy 874 * and the files are different (or just not compared). 875 */ 876 if (tempcopy && !files_match) { 877 /* Try to turn off the immutable bits. */ 878 if (to_sb.st_flags & NOCHANGEBITS) 879 (void)chflags(to_name, to_sb.st_flags & ~NOCHANGEBITS); 880 if (dobackup) { 881 if ((size_t)snprintf(backup, MAXPATHLEN, "%s%s", to_name, 882 suffix) != strlen(to_name) + strlen(suffix)) { 883 unlink(tempfile); 884 errx(EX_OSERR, "%s: backup filename too long", 885 to_name); 886 } 887 if (verbose) 888 (void)printf("install: %s -> %s\n", to_name, backup); 889 if (rename(to_name, backup) < 0) { 890 serrno = errno; 891 unlink(tempfile); 892 errno = serrno; 893 err(EX_OSERR, "rename: %s to %s", to_name, 894 backup); 895 } 896 } 897 if (verbose) 898 (void)printf("install: %s -> %s\n", from_name, to_name); 899 if (rename(tempfile, to_name) < 0) { 900 serrno = errno; 901 unlink(tempfile); 902 errno = serrno; 903 err(EX_OSERR, "rename: %s to %s", 904 tempfile, to_name); 905 } 906 907 /* Re-open to_fd so we aren't hosed by the rename(2). */ 908 (void) close(to_fd); 909 if ((to_fd = open(to_name, O_RDONLY, 0)) < 0) 910 err(EX_OSERR, "%s", to_name); 911 } 912 913 /* 914 * Preserve the timestamp of the source file if necessary. 915 */ 916 if (dopreserve && !files_match && !devnull) { 917 tvb[0].tv_sec = from_sb.st_atime; 918 tvb[0].tv_usec = 0; 919 tvb[1].tv_sec = from_sb.st_mtime; 920 tvb[1].tv_usec = 0; 921 (void)utimes(to_name, tvb); 922 } 923 924 if (fstat(to_fd, &to_sb) == -1) { 925 serrno = errno; 926 (void)unlink(to_name); 927 errno = serrno; 928 err(EX_OSERR, "%s", to_name); 929 } 930 931 /* 932 * Set owner, group, mode for target; do the chown first, 933 * chown may lose the setuid bits. 934 */ 935 if (!dounpriv && ((gid != (gid_t)-1 && gid != to_sb.st_gid) || 936 (uid != (uid_t)-1 && uid != to_sb.st_uid) || 937 (mode != (to_sb.st_mode & ALLPERMS)))) { 938 /* Try to turn off the immutable bits. */ 939 if (to_sb.st_flags & NOCHANGEBITS) 940 (void)fchflags(to_fd, to_sb.st_flags & ~NOCHANGEBITS); 941 } 942 943 if (!dounpriv & 944 (gid != (gid_t)-1 && gid != to_sb.st_gid) || 945 (uid != (uid_t)-1 && uid != to_sb.st_uid)) 946 if (fchown(to_fd, uid, gid) == -1) { 947 serrno = errno; 948 (void)unlink(to_name); 949 errno = serrno; 950 err(EX_OSERR,"%s: chown/chgrp", to_name); 951 } 952 953 if (mode != (to_sb.st_mode & ALLPERMS)) { 954 if (fchmod(to_fd, 955 dounpriv ? mode & (S_IRWXU|S_IRWXG|S_IRWXO) : mode)) { 956 serrno = errno; 957 (void)unlink(to_name); 958 errno = serrno; 959 err(EX_OSERR, "%s: chmod", to_name); 960 } 961 } 962 963 /* 964 * If provided a set of flags, set them, otherwise, preserve the 965 * flags, except for the dump flag. 966 * NFS does not support flags. Ignore EOPNOTSUPP flags if we're just 967 * trying to turn off UF_NODUMP. If we're trying to set real flags, 968 * then warn if the fs doesn't support it, otherwise fail. 969 */ 970 if (!dounpriv & !devnull && (flags & SETFLAGS || 971 (from_sb.st_flags & ~UF_NODUMP) != to_sb.st_flags) && 972 fchflags(to_fd, 973 flags & SETFLAGS ? fset : from_sb.st_flags & ~UF_NODUMP)) { 974 if (flags & SETFLAGS) { 975 if (errno == EOPNOTSUPP) 976 warn("%s: chflags", to_name); 977 else { 978 serrno = errno; 979 (void)unlink(to_name); 980 errno = serrno; 981 err(EX_OSERR, "%s: chflags", to_name); 982 } 983 } 984 } 985 986 (void)close(to_fd); 987 if (!devnull) 988 (void)close(from_fd); 989 990 metadata_log(to_name, "file", tvb, NULL, digestresult, to_sb.st_size); 991 free(digestresult); 992 } 993 994 /* 995 * compare -- 996 * compare two files; non-zero means files differ 997 */ 998 static int 999 compare(int from_fd, const char *from_name __unused, size_t from_len, 1000 int to_fd, const char *to_name __unused, size_t to_len, 1001 char **dresp) 1002 { 1003 char *p, *q; 1004 int rv; 1005 int done_compare; 1006 DIGEST_CTX ctx; 1007 1008 rv = 0; 1009 if (from_len != to_len) 1010 return 1; 1011 1012 if (from_len <= MAX_CMP_SIZE) { 1013 if (dresp != NULL) 1014 digest_init(&ctx); 1015 done_compare = 0; 1016 if (trymmap(from_fd) && trymmap(to_fd)) { 1017 p = mmap(NULL, from_len, PROT_READ, MAP_SHARED, 1018 from_fd, (off_t)0); 1019 if (p == MAP_FAILED) 1020 goto out; 1021 q = mmap(NULL, from_len, PROT_READ, MAP_SHARED, 1022 to_fd, (off_t)0); 1023 if (q == MAP_FAILED) { 1024 munmap(p, from_len); 1025 goto out; 1026 } 1027 1028 rv = memcmp(p, q, from_len); 1029 if (dresp != NULL) 1030 digest_update(&ctx, p, from_len); 1031 munmap(p, from_len); 1032 munmap(q, from_len); 1033 done_compare = 1; 1034 } 1035 out: 1036 if (!done_compare) { 1037 char buf1[MAXBSIZE]; 1038 char buf2[MAXBSIZE]; 1039 int n1, n2; 1040 1041 rv = 0; 1042 lseek(from_fd, 0, SEEK_SET); 1043 lseek(to_fd, 0, SEEK_SET); 1044 while (rv == 0) { 1045 n1 = read(from_fd, buf1, sizeof(buf1)); 1046 if (n1 == 0) 1047 break; /* EOF */ 1048 else if (n1 > 0) { 1049 n2 = read(to_fd, buf2, n1); 1050 if (n2 == n1) 1051 rv = memcmp(buf1, buf2, n1); 1052 else 1053 rv = 1; /* out of sync */ 1054 } else 1055 rv = 1; /* read failure */ 1056 digest_update(&ctx, buf1, n1); 1057 } 1058 lseek(from_fd, 0, SEEK_SET); 1059 lseek(to_fd, 0, SEEK_SET); 1060 } 1061 } else 1062 rv = 1; /* don't bother in this case */ 1063 1064 if (dresp != NULL) { 1065 if (rv == 0) 1066 *dresp = digest_end(&ctx, NULL); 1067 else 1068 (void)digest_end(&ctx, NULL); 1069 } 1070 1071 return rv; 1072 } 1073 1074 /* 1075 * create_tempfile -- 1076 * create a temporary file based on path and open it 1077 */ 1078 static int 1079 create_tempfile(const char *path, char *temp, size_t tsize) 1080 { 1081 char *p; 1082 1083 (void)strncpy(temp, path, tsize); 1084 temp[tsize - 1] = '\0'; 1085 if ((p = strrchr(temp, '/')) != NULL) 1086 p++; 1087 else 1088 p = temp; 1089 (void)strncpy(p, "INS@XXXX", &temp[tsize - 1] - p); 1090 temp[tsize - 1] = '\0'; 1091 return (mkstemp(temp)); 1092 } 1093 1094 /* 1095 * create_newfile -- 1096 * create a new file, overwriting an existing one if necessary 1097 */ 1098 static int 1099 create_newfile(const char *path, int target, struct stat *sbp) 1100 { 1101 char backup[MAXPATHLEN]; 1102 int saved_errno = 0; 1103 int newfd; 1104 1105 if (target) { 1106 /* 1107 * Unlink now... avoid ETXTBSY errors later. Try to turn 1108 * off the append/immutable bits -- if we fail, go ahead, 1109 * it might work. 1110 */ 1111 if (sbp->st_flags & NOCHANGEBITS) 1112 (void)chflags(path, sbp->st_flags & ~NOCHANGEBITS); 1113 1114 if (dobackup) { 1115 if ((size_t)snprintf(backup, MAXPATHLEN, "%s%s", 1116 path, suffix) != strlen(path) + strlen(suffix)) 1117 errx(EX_OSERR, "%s: backup filename too long", 1118 path); 1119 (void)snprintf(backup, MAXPATHLEN, "%s%s", 1120 path, suffix); 1121 if (verbose) 1122 (void)printf("install: %s -> %s\n", 1123 path, backup); 1124 if (rename(path, backup) < 0) 1125 err(EX_OSERR, "rename: %s to %s", path, backup); 1126 } else 1127 if (unlink(path) < 0) 1128 saved_errno = errno; 1129 } 1130 1131 newfd = open(path, O_CREAT | O_RDWR | O_TRUNC, S_IRUSR | S_IWUSR); 1132 if (newfd < 0 && saved_errno != 0) 1133 errno = saved_errno; 1134 return newfd; 1135 } 1136 1137 /* 1138 * copy -- 1139 * copy from one file to another 1140 */ 1141 static char * 1142 copy(int from_fd, const char *from_name, int to_fd, const char *to_name, 1143 off_t size) 1144 { 1145 int nr, nw; 1146 int serrno; 1147 char *p; 1148 char buf[MAXBSIZE]; 1149 int done_copy; 1150 DIGEST_CTX ctx; 1151 1152 /* Rewind file descriptors. */ 1153 if (lseek(from_fd, (off_t)0, SEEK_SET) == (off_t)-1) 1154 err(EX_OSERR, "lseek: %s", from_name); 1155 if (lseek(to_fd, (off_t)0, SEEK_SET) == (off_t)-1) 1156 err(EX_OSERR, "lseek: %s", to_name); 1157 1158 digest_init(&ctx); 1159 1160 /* 1161 * Mmap and write if less than 8M (the limit is so we don't totally 1162 * trash memory on big files. This is really a minor hack, but it 1163 * wins some CPU back. 1164 */ 1165 done_copy = 0; 1166 if (size <= 8 * 1048576 && trymmap(from_fd) && 1167 (p = mmap(NULL, (size_t)size, PROT_READ, MAP_SHARED, 1168 from_fd, (off_t)0)) != MAP_FAILED) { 1169 nw = write(to_fd, p, size); 1170 if (nw != size) { 1171 serrno = errno; 1172 (void)unlink(to_name); 1173 if (nw >= 0) { 1174 errx(EX_OSERR, 1175 "short write to %s: %jd bytes written, %jd bytes asked to write", 1176 to_name, (uintmax_t)nw, (uintmax_t)size); 1177 } else { 1178 errno = serrno; 1179 err(EX_OSERR, "%s", to_name); 1180 } 1181 } 1182 digest_update(&ctx, p, size); 1183 (void)munmap(p, size); 1184 done_copy = 1; 1185 } 1186 if (!done_copy) { 1187 while ((nr = read(from_fd, buf, sizeof(buf))) > 0) { 1188 if ((nw = write(to_fd, buf, nr)) != nr) { 1189 serrno = errno; 1190 (void)unlink(to_name); 1191 if (nw >= 0) { 1192 errx(EX_OSERR, 1193 "short write to %s: %jd bytes written, %jd bytes asked to write", 1194 to_name, (uintmax_t)nw, 1195 (uintmax_t)size); 1196 } else { 1197 errno = serrno; 1198 err(EX_OSERR, "%s", to_name); 1199 } 1200 } 1201 digest_update(&ctx, buf, nr); 1202 } 1203 if (nr != 0) { 1204 serrno = errno; 1205 (void)unlink(to_name); 1206 errno = serrno; 1207 err(EX_OSERR, "%s", from_name); 1208 } 1209 } 1210 return (digest_end(&ctx, NULL)); 1211 } 1212 1213 /* 1214 * strip -- 1215 * use strip(1) to strip the target file 1216 */ 1217 static void 1218 strip(const char *to_name) 1219 { 1220 const char *stripbin; 1221 const char *args[3]; 1222 pid_t pid; 1223 int error, status; 1224 1225 stripbin = getenv("STRIPBIN"); 1226 if (stripbin == NULL) 1227 stripbin = "strip"; 1228 args[0] = stripbin; 1229 args[1] = to_name; 1230 args[2] = NULL; 1231 error = posix_spawnp(&pid, stripbin, NULL, NULL, 1232 __DECONST(char **, args), environ); 1233 if (error != 0) { 1234 (void)unlink(to_name); 1235 errc(error == EAGAIN || error == EPROCLIM || error == ENOMEM ? 1236 EX_TEMPFAIL : EX_OSERR, error, "spawn %s", stripbin); 1237 } 1238 if (waitpid(pid, &status, 0) == -1) { 1239 error = errno; 1240 (void)unlink(to_name); 1241 errc(EX_SOFTWARE, error, "wait"); 1242 /* NOTREACHED */ 1243 } 1244 if (status != 0) { 1245 (void)unlink(to_name); 1246 errx(EX_SOFTWARE, "strip command %s failed on %s", 1247 stripbin, to_name); 1248 } 1249 } 1250 1251 /* 1252 * install_dir -- 1253 * build directory hierarchy 1254 */ 1255 static void 1256 install_dir(char *path) 1257 { 1258 char *p; 1259 struct stat sb; 1260 int ch; 1261 1262 for (p = path;; ++p) 1263 if (!*p || (p != path && *p == '/')) { 1264 ch = *p; 1265 *p = '\0'; 1266 if (stat(path, &sb)) { 1267 if (errno != ENOENT || mkdir(path, 0755) < 0) { 1268 err(EX_OSERR, "mkdir %s", path); 1269 /* NOTREACHED */ 1270 } else if (verbose) 1271 (void)printf("install: mkdir %s\n", 1272 path); 1273 } else if (!S_ISDIR(sb.st_mode)) 1274 errx(EX_OSERR, "%s exists but is not a directory", path); 1275 if (!(*p = ch)) 1276 break; 1277 } 1278 1279 if (!dounpriv) { 1280 if ((gid != (gid_t)-1 || uid != (uid_t)-1) && 1281 chown(path, uid, gid)) 1282 warn("chown %u:%u %s", uid, gid, path); 1283 /* XXXBED: should we do the chmod in the dounpriv case? */ 1284 if (chmod(path, mode)) 1285 warn("chmod %o %s", mode, path); 1286 } 1287 metadata_log(path, "dir", NULL, NULL, NULL, 0); 1288 } 1289 1290 /* 1291 * metadata_log -- 1292 * if metafp is not NULL, output mtree(8) full path name and settings to 1293 * metafp, to allow permissions to be set correctly by other tools, 1294 * or to allow integrity checks to be performed. 1295 */ 1296 static void 1297 metadata_log(const char *path, const char *type, struct timeval *tv, 1298 const char *slink, const char *digestresult, off_t size) 1299 { 1300 static const char extra[] = { ' ', '\t', '\n', '\\', '#', '\0' }; 1301 const char *p; 1302 char *buf; 1303 size_t destlen; 1304 struct flock metalog_lock; 1305 1306 if (!metafp) 1307 return; 1308 /* Buffer for strsvis(3). */ 1309 buf = (char *)malloc(4 * strlen(path) + 1); 1310 if (buf == NULL) { 1311 warnx("%s", strerror(ENOMEM)); 1312 return; 1313 } 1314 1315 /* Lock log file. */ 1316 metalog_lock.l_start = 0; 1317 metalog_lock.l_len = 0; 1318 metalog_lock.l_whence = SEEK_SET; 1319 metalog_lock.l_type = F_WRLCK; 1320 if (fcntl(fileno(metafp), F_SETLKW, &metalog_lock) == -1) { 1321 warn("can't lock %s", metafile); 1322 free(buf); 1323 return; 1324 } 1325 1326 /* Remove destdir. */ 1327 p = path; 1328 if (destdir) { 1329 destlen = strlen(destdir); 1330 if (strncmp(p, destdir, destlen) == 0 && 1331 (p[destlen] == '/' || p[destlen] == '\0')) 1332 p += destlen; 1333 } 1334 while (*p && *p == '/') 1335 p++; 1336 strsvis(buf, p, VIS_OCTAL, extra); 1337 p = buf; 1338 /* Print details. */ 1339 fprintf(metafp, ".%s%s type=%s", *p ? "/" : "", p, type); 1340 if (owner) 1341 fprintf(metafp, " uname=%s", owner); 1342 if (group) 1343 fprintf(metafp, " gname=%s", group); 1344 fprintf(metafp, " mode=%#o", mode); 1345 if (slink) { 1346 strsvis(buf, slink, VIS_CSTYLE, extra); /* encode link */ 1347 fprintf(metafp, " link=%s", buf); 1348 } 1349 if (*type == 'f') /* type=file */ 1350 fprintf(metafp, " size=%lld", (long long)size); 1351 if (tv != NULL && dopreserve) 1352 fprintf(metafp, " time=%lld.%ld", 1353 (long long)tv[1].tv_sec, (long)tv[1].tv_usec); 1354 if (digestresult && digest) 1355 fprintf(metafp, " %s=%s", digest, digestresult); 1356 if (fflags) 1357 fprintf(metafp, " flags=%s", fflags); 1358 if (tags) 1359 fprintf(metafp, " tags=%s", tags); 1360 fputc('\n', metafp); 1361 /* Flush line. */ 1362 fflush(metafp); 1363 1364 /* Unlock log file. */ 1365 metalog_lock.l_type = F_UNLCK; 1366 if (fcntl(fileno(metafp), F_SETLKW, &metalog_lock) == -1) 1367 warn("can't unlock %s", metafile); 1368 free(buf); 1369 } 1370 1371 /* 1372 * usage -- 1373 * print a usage message and die 1374 */ 1375 static void 1376 usage(void) 1377 { 1378 (void)fprintf(stderr, 1379 "usage: install [-bCcpSsUv] [-f flags] [-g group] [-m mode] [-o owner]\n" 1380 " [-M log] [-D dest] [-h hash] [-T tags]\n" 1381 " [-B suffix] [-l linkflags] [-N dbdir]\n" 1382 " file1 file2\n" 1383 " install [-bCcpSsUv] [-f flags] [-g group] [-m mode] [-o owner]\n" 1384 " [-M log] [-D dest] [-h hash] [-T tags]\n" 1385 " [-B suffix] [-l linkflags] [-N dbdir]\n" 1386 " file1 ... fileN directory\n" 1387 " install -dU [-vU] [-g group] [-m mode] [-N dbdir] [-o owner]\n" 1388 " [-M log] [-D dest] [-h hash] [-T tags]\n" 1389 " directory ...\n"); 1390 exit(EX_USAGE); 1391 /* NOTREACHED */ 1392 } 1393 1394 /* 1395 * trymmap -- 1396 * return true (1) if mmap should be tried, false (0) if not. 1397 */ 1398 static int 1399 trymmap(int fd) 1400 { 1401 /* 1402 * The ifdef is for bootstrapping - f_fstypename doesn't exist in 1403 * pre-Lite2-merge systems. 1404 */ 1405 #ifdef MFSNAMELEN 1406 struct statfs stfs; 1407 1408 if (fstatfs(fd, &stfs) != 0) 1409 return (0); 1410 if (strcmp(stfs.f_fstypename, "ufs") == 0 || 1411 strcmp(stfs.f_fstypename, "cd9660") == 0) 1412 return (1); 1413 #endif 1414 return (0); 1415 } 1416