1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2012, 2013 SRI International 5 * Copyright (c) 1987, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #ifndef lint 34 static const char copyright[] = 35 "@(#) Copyright (c) 1987, 1993\n\ 36 The Regents of the University of California. All rights reserved.\n"; 37 #endif /* not lint */ 38 39 #if 0 40 #ifndef lint 41 static char sccsid[] = "@(#)xinstall.c 8.1 (Berkeley) 7/21/93"; 42 #endif /* not lint */ 43 #endif 44 45 #include <sys/cdefs.h> 46 __FBSDID("$FreeBSD$"); 47 48 #include <sys/param.h> 49 #include <sys/mman.h> 50 #include <sys/mount.h> 51 #include <sys/stat.h> 52 #include <sys/time.h> 53 #include <sys/wait.h> 54 55 #include <err.h> 56 #include <errno.h> 57 #include <fcntl.h> 58 #include <grp.h> 59 #include <libgen.h> 60 #ifdef WITH_MD5 61 #include <md5.h> 62 #endif 63 #include <paths.h> 64 #include <pwd.h> 65 #ifdef WITH_RIPEMD160 66 #include <ripemd.h> 67 #endif 68 #include <sha.h> 69 #include <sha256.h> 70 #include <sha512.h> 71 #include <spawn.h> 72 #include <stdint.h> 73 #include <stdio.h> 74 #include <stdlib.h> 75 #include <string.h> 76 #include <sysexits.h> 77 #include <unistd.h> 78 #include <vis.h> 79 80 #include "mtree.h" 81 82 /* 83 * Memory strategy threshold, in pages: if physmem is larger then this, use a 84 * large buffer. 85 */ 86 #define PHYSPAGES_THRESHOLD (32*1024) 87 88 /* Maximum buffer size in bytes - do not allow it to grow larger than this. */ 89 #define BUFSIZE_MAX (2*1024*1024) 90 91 /* 92 * Small (default) buffer size in bytes. It's inefficient for this to be 93 * smaller than MAXPHYS. 94 */ 95 #define BUFSIZE_SMALL (MAXPHYS) 96 97 /* 98 * We need to build xinstall during the bootstrap stage when building on a 99 * non-FreeBSD system. Linux does not have the st_flags and st_birthtime 100 * members in struct stat so we need to omit support for changing those fields. 101 */ 102 #ifdef UF_SETTABLE 103 #define HAVE_STRUCT_STAT_ST_FLAGS 1 104 #else 105 #define HAVE_STRUCT_STAT_ST_FLAGS 0 106 #endif 107 108 #define MAX_CMP_SIZE (16 * 1024 * 1024) 109 110 #define LN_ABSOLUTE 0x01 111 #define LN_RELATIVE 0x02 112 #define LN_HARD 0x04 113 #define LN_SYMBOLIC 0x08 114 #define LN_MIXED 0x10 115 116 #define DIRECTORY 0x01 /* Tell install it's a directory. */ 117 #define SETFLAGS 0x02 /* Tell install to set flags. */ 118 #define NOCHANGEBITS (UF_IMMUTABLE | UF_APPEND | SF_IMMUTABLE | SF_APPEND) 119 #define BACKUP_SUFFIX ".old" 120 121 typedef union { 122 #ifdef WITH_MD5 123 MD5_CTX MD5; 124 #endif 125 #ifdef WITH_RIPEMD160 126 RIPEMD160_CTX RIPEMD160; 127 #endif 128 SHA1_CTX SHA1; 129 SHA256_CTX SHA256; 130 SHA512_CTX SHA512; 131 } DIGEST_CTX; 132 133 static enum { 134 DIGEST_NONE = 0, 135 #ifdef WITH_MD5 136 DIGEST_MD5, 137 #endif 138 #ifdef WITH_RIPEMD160 139 DIGEST_RIPEMD160, 140 #endif 141 DIGEST_SHA1, 142 DIGEST_SHA256, 143 DIGEST_SHA512, 144 } digesttype = DIGEST_NONE; 145 146 extern char **environ; 147 148 static gid_t gid; 149 static uid_t uid; 150 static int dobackup, docompare, dodir, dolink, dopreserve, dostrip, dounpriv, 151 safecopy, verbose; 152 static int haveopt_f, haveopt_g, haveopt_m, haveopt_o; 153 static mode_t mode = S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH; 154 static FILE *metafp; 155 static const char *group, *owner; 156 static const char *suffix = BACKUP_SUFFIX; 157 static char *destdir, *digest, *fflags, *metafile, *tags; 158 159 static int compare(int, const char *, size_t, int, const char *, size_t, 160 char **); 161 static char *copy(int, const char *, int, const char *, off_t); 162 static int create_newfile(const char *, int, struct stat *); 163 static int create_tempfile(const char *, char *, size_t); 164 static char *quiet_mktemp(char *template); 165 static char *digest_file(const char *); 166 static void digest_init(DIGEST_CTX *); 167 static void digest_update(DIGEST_CTX *, const char *, size_t); 168 static char *digest_end(DIGEST_CTX *, char *); 169 static int do_link(const char *, const char *, const struct stat *); 170 static void do_symlink(const char *, const char *, const struct stat *); 171 static void makelink(const char *, const char *, const struct stat *); 172 static void install(const char *, const char *, u_long, u_int); 173 static void install_dir(char *); 174 static void metadata_log(const char *, const char *, struct timespec *, 175 const char *, const char *, off_t); 176 static int parseid(const char *, id_t *); 177 static int strip(const char *, int, const char *, char **); 178 static int trymmap(size_t); 179 static void usage(void); 180 181 int 182 main(int argc, char *argv[]) 183 { 184 struct stat from_sb, to_sb; 185 mode_t *set; 186 u_long fset; 187 int ch, no_target; 188 u_int iflags; 189 char *p; 190 const char *to_name; 191 192 fset = 0; 193 iflags = 0; 194 group = owner = NULL; 195 while ((ch = getopt(argc, argv, "B:bCcD:df:g:h:l:M:m:N:o:pSsT:Uv")) != 196 -1) 197 switch((char)ch) { 198 case 'B': 199 suffix = optarg; 200 /* FALLTHROUGH */ 201 case 'b': 202 dobackup = 1; 203 break; 204 case 'C': 205 docompare = 1; 206 break; 207 case 'c': 208 /* For backwards compatibility. */ 209 break; 210 case 'D': 211 destdir = optarg; 212 break; 213 case 'd': 214 dodir = 1; 215 break; 216 case 'f': 217 haveopt_f = 1; 218 fflags = optarg; 219 break; 220 case 'g': 221 haveopt_g = 1; 222 group = optarg; 223 break; 224 case 'h': 225 digest = optarg; 226 break; 227 case 'l': 228 for (p = optarg; *p != '\0'; p++) 229 switch (*p) { 230 case 's': 231 dolink &= ~(LN_HARD|LN_MIXED); 232 dolink |= LN_SYMBOLIC; 233 break; 234 case 'h': 235 dolink &= ~(LN_SYMBOLIC|LN_MIXED); 236 dolink |= LN_HARD; 237 break; 238 case 'm': 239 dolink &= ~(LN_SYMBOLIC|LN_HARD); 240 dolink |= LN_MIXED; 241 break; 242 case 'a': 243 dolink &= ~LN_RELATIVE; 244 dolink |= LN_ABSOLUTE; 245 break; 246 case 'r': 247 dolink &= ~LN_ABSOLUTE; 248 dolink |= LN_RELATIVE; 249 break; 250 default: 251 errx(1, "%c: invalid link type", *p); 252 /* NOTREACHED */ 253 } 254 break; 255 case 'M': 256 metafile = optarg; 257 break; 258 case 'm': 259 haveopt_m = 1; 260 if (!(set = setmode(optarg))) 261 errx(EX_USAGE, "invalid file mode: %s", 262 optarg); 263 mode = getmode(set, 0); 264 free(set); 265 break; 266 case 'N': 267 if (!setup_getid(optarg)) 268 err(EX_OSERR, "Unable to use user and group " 269 "databases in `%s'", optarg); 270 break; 271 case 'o': 272 haveopt_o = 1; 273 owner = optarg; 274 break; 275 case 'p': 276 docompare = dopreserve = 1; 277 break; 278 case 'S': 279 safecopy = 1; 280 break; 281 case 's': 282 dostrip = 1; 283 break; 284 case 'T': 285 tags = optarg; 286 break; 287 case 'U': 288 dounpriv = 1; 289 break; 290 case 'v': 291 verbose = 1; 292 break; 293 case '?': 294 default: 295 usage(); 296 } 297 argc -= optind; 298 argv += optind; 299 300 /* some options make no sense when creating directories */ 301 if (dostrip && dodir) { 302 warnx("-d and -s may not be specified together"); 303 usage(); 304 } 305 306 if (getenv("DONTSTRIP") != NULL) { 307 warnx("DONTSTRIP set - will not strip installed binaries"); 308 dostrip = 0; 309 } 310 311 /* must have at least two arguments, except when creating directories */ 312 if (argc == 0 || (argc == 1 && !dodir)) 313 usage(); 314 315 if (digest != NULL) { 316 if (strcmp(digest, "none") == 0) { 317 digesttype = DIGEST_NONE; 318 #ifdef WITH_MD5 319 } else if (strcmp(digest, "md5") == 0) { 320 digesttype = DIGEST_MD5; 321 #endif 322 #ifdef WITH_RIPEMD160 323 } else if (strcmp(digest, "rmd160") == 0) { 324 digesttype = DIGEST_RIPEMD160; 325 #endif 326 } else if (strcmp(digest, "sha1") == 0) { 327 digesttype = DIGEST_SHA1; 328 } else if (strcmp(digest, "sha256") == 0) { 329 digesttype = DIGEST_SHA256; 330 } else if (strcmp(digest, "sha512") == 0) { 331 digesttype = DIGEST_SHA512; 332 } else { 333 warnx("unknown digest `%s'", digest); 334 usage(); 335 } 336 } 337 338 /* need to make a temp copy so we can compare stripped version */ 339 if (docompare && dostrip) 340 safecopy = 1; 341 342 /* get group and owner id's */ 343 if (group != NULL && !dounpriv) { 344 if (gid_from_group(group, &gid) == -1) { 345 id_t id; 346 if (!parseid(group, &id)) 347 errx(1, "unknown group %s", group); 348 gid = id; 349 } 350 } else 351 gid = (gid_t)-1; 352 353 if (owner != NULL && !dounpriv) { 354 if (uid_from_user(owner, &uid) == -1) { 355 id_t id; 356 if (!parseid(owner, &id)) 357 errx(1, "unknown user %s", owner); 358 uid = id; 359 } 360 } else 361 uid = (uid_t)-1; 362 363 if (fflags != NULL && !dounpriv) { 364 if (strtofflags(&fflags, &fset, NULL)) 365 errx(EX_USAGE, "%s: invalid flag", fflags); 366 iflags |= SETFLAGS; 367 } 368 369 if (metafile != NULL) { 370 if ((metafp = fopen(metafile, "a")) == NULL) 371 warn("open %s", metafile); 372 } else 373 digesttype = DIGEST_NONE; 374 375 if (dodir) { 376 for (; *argv != NULL; ++argv) 377 install_dir(*argv); 378 exit(EX_OK); 379 /* NOTREACHED */ 380 } 381 382 to_name = argv[argc - 1]; 383 no_target = stat(to_name, &to_sb); 384 if (!no_target && S_ISDIR(to_sb.st_mode)) { 385 if (dolink & LN_SYMBOLIC) { 386 if (lstat(to_name, &to_sb) != 0) 387 err(EX_OSERR, "%s vanished", to_name); 388 if (S_ISLNK(to_sb.st_mode)) { 389 if (argc != 2) { 390 errno = ENOTDIR; 391 err(EX_USAGE, "%s", to_name); 392 } 393 install(*argv, to_name, fset, iflags); 394 exit(EX_OK); 395 } 396 } 397 for (; *argv != to_name; ++argv) 398 install(*argv, to_name, fset, iflags | DIRECTORY); 399 exit(EX_OK); 400 /* NOTREACHED */ 401 } 402 403 /* can't do file1 file2 directory/file */ 404 if (argc != 2) { 405 if (no_target) 406 warnx("target directory `%s' does not exist", 407 argv[argc - 1]); 408 else 409 warnx("target `%s' is not a directory", 410 argv[argc - 1]); 411 usage(); 412 } 413 414 if (!no_target && !dolink) { 415 if (stat(*argv, &from_sb)) 416 err(EX_OSERR, "%s", *argv); 417 if (!S_ISREG(to_sb.st_mode)) { 418 errno = EFTYPE; 419 err(EX_OSERR, "%s", to_name); 420 } 421 if (to_sb.st_dev == from_sb.st_dev && 422 to_sb.st_ino == from_sb.st_ino) 423 errx(EX_USAGE, 424 "%s and %s are the same file", *argv, to_name); 425 } 426 install(*argv, to_name, fset, iflags); 427 exit(EX_OK); 428 /* NOTREACHED */ 429 } 430 431 static char * 432 digest_file(const char *name) 433 { 434 435 switch (digesttype) { 436 #ifdef WITH_MD5 437 case DIGEST_MD5: 438 return (MD5File(name, NULL)); 439 #endif 440 #ifdef WITH_RIPEMD160 441 case DIGEST_RIPEMD160: 442 return (RIPEMD160_File(name, NULL)); 443 #endif 444 case DIGEST_SHA1: 445 return (SHA1_File(name, NULL)); 446 case DIGEST_SHA256: 447 return (SHA256_File(name, NULL)); 448 case DIGEST_SHA512: 449 return (SHA512_File(name, NULL)); 450 default: 451 return (NULL); 452 } 453 } 454 455 static void 456 digest_init(DIGEST_CTX *c) 457 { 458 459 switch (digesttype) { 460 case DIGEST_NONE: 461 break; 462 #ifdef WITH_MD5 463 case DIGEST_MD5: 464 MD5Init(&(c->MD5)); 465 break; 466 #endif 467 #ifdef WITH_RIPEMD160 468 case DIGEST_RIPEMD160: 469 RIPEMD160_Init(&(c->RIPEMD160)); 470 break; 471 #endif 472 case DIGEST_SHA1: 473 SHA1_Init(&(c->SHA1)); 474 break; 475 case DIGEST_SHA256: 476 SHA256_Init(&(c->SHA256)); 477 break; 478 case DIGEST_SHA512: 479 SHA512_Init(&(c->SHA512)); 480 break; 481 } 482 } 483 484 static void 485 digest_update(DIGEST_CTX *c, const char *data, size_t len) 486 { 487 488 switch (digesttype) { 489 case DIGEST_NONE: 490 break; 491 #ifdef WITH_MD5 492 case DIGEST_MD5: 493 MD5Update(&(c->MD5), data, len); 494 break; 495 #endif 496 #ifdef WITH_RIPEMD160 497 case DIGEST_RIPEMD160: 498 RIPEMD160_Update(&(c->RIPEMD160), data, len); 499 break; 500 #endif 501 case DIGEST_SHA1: 502 SHA1_Update(&(c->SHA1), data, len); 503 break; 504 case DIGEST_SHA256: 505 SHA256_Update(&(c->SHA256), data, len); 506 break; 507 case DIGEST_SHA512: 508 SHA512_Update(&(c->SHA512), data, len); 509 break; 510 } 511 } 512 513 static char * 514 digest_end(DIGEST_CTX *c, char *buf) 515 { 516 517 switch (digesttype) { 518 #ifdef WITH_MD5 519 case DIGEST_MD5: 520 return (MD5End(&(c->MD5), buf)); 521 #endif 522 #ifdef WITH_RIPEMD160 523 case DIGEST_RIPEMD160: 524 return (RIPEMD160_End(&(c->RIPEMD160), buf)); 525 #endif 526 case DIGEST_SHA1: 527 return (SHA1_End(&(c->SHA1), buf)); 528 case DIGEST_SHA256: 529 return (SHA256_End(&(c->SHA256), buf)); 530 case DIGEST_SHA512: 531 return (SHA512_End(&(c->SHA512), buf)); 532 default: 533 return (NULL); 534 } 535 } 536 537 /* 538 * parseid -- 539 * parse uid or gid from arg into id, returning non-zero if successful 540 */ 541 static int 542 parseid(const char *name, id_t *id) 543 { 544 char *ep; 545 errno = 0; 546 *id = (id_t)strtoul(name, &ep, 10); 547 if (errno || *ep != '\0') 548 return (0); 549 return (1); 550 } 551 552 /* 553 * quiet_mktemp -- 554 * mktemp implementation used mkstemp to avoid mktemp warnings. We 555 * really do need mktemp semantics here as we will be creating a link. 556 */ 557 static char * 558 quiet_mktemp(char *template) 559 { 560 int fd; 561 562 if ((fd = mkstemp(template)) == -1) 563 return (NULL); 564 close (fd); 565 if (unlink(template) == -1) 566 err(EX_OSERR, "unlink %s", template); 567 return (template); 568 } 569 570 /* 571 * do_link -- 572 * make a hard link, obeying dorename if set 573 * return -1 on failure 574 */ 575 static int 576 do_link(const char *from_name, const char *to_name, 577 const struct stat *target_sb) 578 { 579 char tmpl[MAXPATHLEN]; 580 int ret; 581 582 if (safecopy && target_sb != NULL) { 583 (void)snprintf(tmpl, sizeof(tmpl), "%s.inst.XXXXXX", to_name); 584 /* This usage is safe. */ 585 if (quiet_mktemp(tmpl) == NULL) 586 err(EX_OSERR, "%s: mktemp", tmpl); 587 ret = link(from_name, tmpl); 588 if (ret == 0) { 589 if (target_sb->st_mode & S_IFDIR && rmdir(to_name) == 590 -1) { 591 unlink(tmpl); 592 err(EX_OSERR, "%s", to_name); 593 } 594 #if HAVE_STRUCT_STAT_ST_FLAGS 595 if (target_sb->st_flags & NOCHANGEBITS) 596 (void)chflags(to_name, target_sb->st_flags & 597 ~NOCHANGEBITS); 598 #endif 599 if (verbose) 600 printf("install: link %s -> %s\n", 601 from_name, to_name); 602 ret = rename(tmpl, to_name); 603 /* 604 * If rename has posix semantics, then the temporary 605 * file may still exist when from_name and to_name point 606 * to the same file, so unlink it unconditionally. 607 */ 608 (void)unlink(tmpl); 609 } 610 return (ret); 611 } else { 612 if (verbose) 613 printf("install: link %s -> %s\n", 614 from_name, to_name); 615 return (link(from_name, to_name)); 616 } 617 } 618 619 /* 620 * do_symlink -- 621 * Make a symbolic link, obeying dorename if set. Exit on failure. 622 */ 623 static void 624 do_symlink(const char *from_name, const char *to_name, 625 const struct stat *target_sb) 626 { 627 char tmpl[MAXPATHLEN]; 628 629 if (safecopy && target_sb != NULL) { 630 (void)snprintf(tmpl, sizeof(tmpl), "%s.inst.XXXXXX", to_name); 631 /* This usage is safe. */ 632 if (quiet_mktemp(tmpl) == NULL) 633 err(EX_OSERR, "%s: mktemp", tmpl); 634 635 if (symlink(from_name, tmpl) == -1) 636 err(EX_OSERR, "symlink %s -> %s", from_name, tmpl); 637 638 if (target_sb->st_mode & S_IFDIR && rmdir(to_name) == -1) { 639 (void)unlink(tmpl); 640 err(EX_OSERR, "%s", to_name); 641 } 642 #if HAVE_STRUCT_STAT_ST_FLAGS 643 if (target_sb->st_flags & NOCHANGEBITS) 644 (void)chflags(to_name, target_sb->st_flags & 645 ~NOCHANGEBITS); 646 #endif 647 if (verbose) 648 printf("install: symlink %s -> %s\n", 649 from_name, to_name); 650 if (rename(tmpl, to_name) == -1) { 651 /* Remove temporary link before exiting. */ 652 (void)unlink(tmpl); 653 err(EX_OSERR, "%s: rename", to_name); 654 } 655 } else { 656 if (verbose) 657 printf("install: symlink %s -> %s\n", 658 from_name, to_name); 659 if (symlink(from_name, to_name) == -1) 660 err(EX_OSERR, "symlink %s -> %s", from_name, to_name); 661 } 662 } 663 664 /* 665 * makelink -- 666 * make a link from source to destination 667 */ 668 static void 669 makelink(const char *from_name, const char *to_name, 670 const struct stat *target_sb) 671 { 672 char src[MAXPATHLEN], dst[MAXPATHLEN], lnk[MAXPATHLEN]; 673 struct stat to_sb; 674 675 /* Try hard links first. */ 676 if (dolink & (LN_HARD|LN_MIXED)) { 677 if (do_link(from_name, to_name, target_sb) == -1) { 678 if ((dolink & LN_HARD) || errno != EXDEV) 679 err(EX_OSERR, "link %s -> %s", from_name, to_name); 680 } else { 681 if (stat(to_name, &to_sb)) 682 err(EX_OSERR, "%s: stat", to_name); 683 if (S_ISREG(to_sb.st_mode)) { 684 /* 685 * XXX: hard links to anything other than 686 * plain files are not metalogged 687 */ 688 int omode; 689 const char *oowner, *ogroup; 690 char *offlags; 691 char *dres; 692 693 /* 694 * XXX: use underlying perms, unless 695 * overridden on command line. 696 */ 697 omode = mode; 698 if (!haveopt_m) 699 mode = (to_sb.st_mode & 0777); 700 oowner = owner; 701 if (!haveopt_o) 702 owner = NULL; 703 ogroup = group; 704 if (!haveopt_g) 705 group = NULL; 706 offlags = fflags; 707 if (!haveopt_f) 708 fflags = NULL; 709 dres = digest_file(from_name); 710 metadata_log(to_name, "file", NULL, NULL, 711 dres, to_sb.st_size); 712 free(dres); 713 mode = omode; 714 owner = oowner; 715 group = ogroup; 716 fflags = offlags; 717 } 718 return; 719 } 720 } 721 722 /* Symbolic links. */ 723 if (dolink & LN_ABSOLUTE) { 724 /* Convert source path to absolute. */ 725 if (realpath(from_name, src) == NULL) 726 err(EX_OSERR, "%s: realpath", from_name); 727 do_symlink(src, to_name, target_sb); 728 /* XXX: src may point outside of destdir */ 729 metadata_log(to_name, "link", NULL, src, NULL, 0); 730 return; 731 } 732 733 if (dolink & LN_RELATIVE) { 734 char *to_name_copy, *cp, *d, *ld, *ls, *s; 735 736 if (*from_name != '/') { 737 /* this is already a relative link */ 738 do_symlink(from_name, to_name, target_sb); 739 /* XXX: from_name may point outside of destdir. */ 740 metadata_log(to_name, "link", NULL, from_name, NULL, 0); 741 return; 742 } 743 744 /* Resolve pathnames. */ 745 if (realpath(from_name, src) == NULL) 746 err(EX_OSERR, "%s: realpath", from_name); 747 748 /* 749 * The last component of to_name may be a symlink, 750 * so use realpath to resolve only the directory. 751 */ 752 to_name_copy = strdup(to_name); 753 if (to_name_copy == NULL) 754 err(EX_OSERR, "%s: strdup", to_name); 755 cp = dirname(to_name_copy); 756 if (realpath(cp, dst) == NULL) 757 err(EX_OSERR, "%s: realpath", cp); 758 /* .. and add the last component. */ 759 if (strcmp(dst, "/") != 0) { 760 if (strlcat(dst, "/", sizeof(dst)) > sizeof(dst)) 761 errx(1, "resolved pathname too long"); 762 } 763 strcpy(to_name_copy, to_name); 764 cp = basename(to_name_copy); 765 if (strlcat(dst, cp, sizeof(dst)) > sizeof(dst)) 766 errx(1, "resolved pathname too long"); 767 free(to_name_copy); 768 769 /* Trim common path components. */ 770 ls = ld = NULL; 771 for (s = src, d = dst; *s == *d; ls = s, ld = d, s++, d++) 772 continue; 773 /* 774 * If we didn't end after a directory separator, then we've 775 * falsely matched the last component. For example, if one 776 * invoked install -lrs /lib/foo.so /libexec/ then the source 777 * would terminate just after the separator while the 778 * destination would terminate in the middle of 'libexec', 779 * leading to a full directory getting falsely eaten. 780 */ 781 if ((ls != NULL && *ls != '/') || (ld != NULL && *ld != '/')) 782 s--, d--; 783 while (*s != '/') 784 s--, d--; 785 786 /* Count the number of directories we need to backtrack. */ 787 for (++d, lnk[0] = '\0'; *d; d++) 788 if (*d == '/') 789 (void)strlcat(lnk, "../", sizeof(lnk)); 790 791 (void)strlcat(lnk, ++s, sizeof(lnk)); 792 793 do_symlink(lnk, to_name, target_sb); 794 /* XXX: Link may point outside of destdir. */ 795 metadata_log(to_name, "link", NULL, lnk, NULL, 0); 796 return; 797 } 798 799 /* 800 * If absolute or relative was not specified, try the names the 801 * user provided. 802 */ 803 do_symlink(from_name, to_name, target_sb); 804 /* XXX: from_name may point outside of destdir. */ 805 metadata_log(to_name, "link", NULL, from_name, NULL, 0); 806 } 807 808 /* 809 * install -- 810 * build a path name and install the file 811 */ 812 static void 813 install(const char *from_name, const char *to_name, u_long fset, u_int flags) 814 { 815 struct stat from_sb, temp_sb, to_sb; 816 struct timespec tsb[2]; 817 int devnull, files_match, from_fd, serrno, stripped, target; 818 int tempcopy, temp_fd, to_fd; 819 char backup[MAXPATHLEN], *p, pathbuf[MAXPATHLEN], tempfile[MAXPATHLEN]; 820 char *digestresult; 821 822 digestresult = NULL; 823 files_match = stripped = 0; 824 from_fd = -1; 825 to_fd = -1; 826 827 /* If try to install NULL file to a directory, fails. */ 828 if (flags & DIRECTORY || strcmp(from_name, _PATH_DEVNULL)) { 829 if (!dolink) { 830 if (stat(from_name, &from_sb)) 831 err(EX_OSERR, "%s", from_name); 832 if (!S_ISREG(from_sb.st_mode)) { 833 errno = EFTYPE; 834 err(EX_OSERR, "%s", from_name); 835 } 836 } 837 /* Build the target path. */ 838 if (flags & DIRECTORY) { 839 (void)snprintf(pathbuf, sizeof(pathbuf), "%s%s%s", 840 to_name, 841 to_name[strlen(to_name) - 1] == '/' ? "" : "/", 842 (p = strrchr(from_name, '/')) ? ++p : from_name); 843 to_name = pathbuf; 844 } 845 devnull = 0; 846 } else { 847 devnull = 1; 848 } 849 850 target = (lstat(to_name, &to_sb) == 0); 851 852 if (dolink) { 853 if (target && !safecopy) { 854 if (to_sb.st_mode & S_IFDIR && rmdir(to_name) == -1) 855 err(EX_OSERR, "%s", to_name); 856 #if HAVE_STRUCT_STAT_ST_FLAGS 857 if (to_sb.st_flags & NOCHANGEBITS) 858 (void)chflags(to_name, 859 to_sb.st_flags & ~NOCHANGEBITS); 860 #endif 861 unlink(to_name); 862 } 863 makelink(from_name, to_name, target ? &to_sb : NULL); 864 return; 865 } 866 867 if (target && !S_ISREG(to_sb.st_mode) && !S_ISLNK(to_sb.st_mode)) { 868 errno = EFTYPE; 869 warn("%s", to_name); 870 return; 871 } 872 873 /* Only copy safe if the target exists. */ 874 tempcopy = safecopy && target; 875 876 if (!devnull && (from_fd = open(from_name, O_RDONLY, 0)) < 0) 877 err(EX_OSERR, "%s", from_name); 878 879 /* If we don't strip, we can compare first. */ 880 if (docompare && !dostrip && target && S_ISREG(to_sb.st_mode)) { 881 if ((to_fd = open(to_name, O_RDONLY, 0)) < 0) 882 err(EX_OSERR, "%s", to_name); 883 if (devnull) 884 files_match = to_sb.st_size == 0; 885 else 886 files_match = !(compare(from_fd, from_name, 887 (size_t)from_sb.st_size, to_fd, 888 to_name, (size_t)to_sb.st_size, &digestresult)); 889 890 /* Close "to" file unless we match. */ 891 if (!files_match) 892 (void)close(to_fd); 893 } 894 895 if (!files_match) { 896 if (tempcopy) { 897 to_fd = create_tempfile(to_name, tempfile, 898 sizeof(tempfile)); 899 if (to_fd < 0) 900 err(EX_OSERR, "%s", tempfile); 901 } else { 902 if ((to_fd = create_newfile(to_name, target, 903 &to_sb)) < 0) 904 err(EX_OSERR, "%s", to_name); 905 if (verbose) 906 (void)printf("install: %s -> %s\n", 907 from_name, to_name); 908 } 909 if (!devnull) { 910 if (dostrip) 911 stripped = strip(tempcopy ? tempfile : to_name, 912 to_fd, from_name, &digestresult); 913 if (!stripped) 914 digestresult = copy(from_fd, from_name, to_fd, 915 tempcopy ? tempfile : to_name, from_sb.st_size); 916 } 917 } 918 919 if (dostrip) { 920 if (!stripped) 921 (void)strip(tempcopy ? tempfile : to_name, to_fd, 922 NULL, &digestresult); 923 924 /* 925 * Re-open our fd on the target, in case 926 * we did not strip in-place. 927 */ 928 close(to_fd); 929 to_fd = open(tempcopy ? tempfile : to_name, O_RDONLY, 0); 930 if (to_fd < 0) 931 err(EX_OSERR, "stripping %s", to_name); 932 } 933 934 /* 935 * Compare the stripped temp file with the target. 936 */ 937 if (docompare && dostrip && target && S_ISREG(to_sb.st_mode)) { 938 temp_fd = to_fd; 939 940 /* Re-open to_fd using the real target name. */ 941 if ((to_fd = open(to_name, O_RDONLY, 0)) < 0) 942 err(EX_OSERR, "%s", to_name); 943 944 if (fstat(temp_fd, &temp_sb)) { 945 serrno = errno; 946 (void)unlink(tempfile); 947 errno = serrno; 948 err(EX_OSERR, "%s", tempfile); 949 } 950 951 if (compare(temp_fd, tempfile, (size_t)temp_sb.st_size, to_fd, 952 to_name, (size_t)to_sb.st_size, &digestresult) 953 == 0) { 954 /* 955 * If target has more than one link we need to 956 * replace it in order to snap the extra links. 957 * Need to preserve target file times, though. 958 */ 959 if (to_sb.st_nlink != 1) { 960 tsb[0] = to_sb.st_atim; 961 tsb[1] = to_sb.st_mtim; 962 (void)utimensat(AT_FDCWD, tempfile, tsb, 0); 963 } else { 964 files_match = 1; 965 (void)unlink(tempfile); 966 } 967 (void) close(temp_fd); 968 } 969 } else if (dostrip) 970 digestresult = digest_file(tempfile); 971 972 /* 973 * Move the new file into place if doing a safe copy 974 * and the files are different (or just not compared). 975 */ 976 if (tempcopy && !files_match) { 977 #if HAVE_STRUCT_STAT_ST_FLAGS 978 /* Try to turn off the immutable bits. */ 979 if (to_sb.st_flags & NOCHANGEBITS) 980 (void)chflags(to_name, to_sb.st_flags & ~NOCHANGEBITS); 981 #endif 982 if (dobackup) { 983 if ((size_t)snprintf(backup, MAXPATHLEN, "%s%s", to_name, 984 suffix) != strlen(to_name) + strlen(suffix)) { 985 unlink(tempfile); 986 errx(EX_OSERR, "%s: backup filename too long", 987 to_name); 988 } 989 if (verbose) 990 (void)printf("install: %s -> %s\n", to_name, backup); 991 if (unlink(backup) < 0 && errno != ENOENT) { 992 serrno = errno; 993 #if HAVE_STRUCT_STAT_ST_FLAGS 994 if (to_sb.st_flags & NOCHANGEBITS) 995 (void)chflags(to_name, to_sb.st_flags); 996 #endif 997 unlink(tempfile); 998 errno = serrno; 999 err(EX_OSERR, "unlink: %s", backup); 1000 } 1001 if (link(to_name, backup) < 0) { 1002 serrno = errno; 1003 unlink(tempfile); 1004 #if HAVE_STRUCT_STAT_ST_FLAGS 1005 if (to_sb.st_flags & NOCHANGEBITS) 1006 (void)chflags(to_name, to_sb.st_flags); 1007 #endif 1008 errno = serrno; 1009 err(EX_OSERR, "link: %s to %s", to_name, 1010 backup); 1011 } 1012 } 1013 if (verbose) 1014 (void)printf("install: %s -> %s\n", from_name, to_name); 1015 if (rename(tempfile, to_name) < 0) { 1016 serrno = errno; 1017 unlink(tempfile); 1018 errno = serrno; 1019 err(EX_OSERR, "rename: %s to %s", 1020 tempfile, to_name); 1021 } 1022 1023 /* Re-open to_fd so we aren't hosed by the rename(2). */ 1024 (void) close(to_fd); 1025 if ((to_fd = open(to_name, O_RDONLY, 0)) < 0) 1026 err(EX_OSERR, "%s", to_name); 1027 } 1028 1029 /* 1030 * Preserve the timestamp of the source file if necessary. 1031 */ 1032 if (dopreserve && !files_match && !devnull) { 1033 tsb[0] = from_sb.st_atim; 1034 tsb[1] = from_sb.st_mtim; 1035 (void)utimensat(AT_FDCWD, to_name, tsb, 0); 1036 } 1037 1038 if (fstat(to_fd, &to_sb) == -1) { 1039 serrno = errno; 1040 (void)unlink(to_name); 1041 errno = serrno; 1042 err(EX_OSERR, "%s", to_name); 1043 } 1044 1045 /* 1046 * Set owner, group, mode for target; do the chown first, 1047 * chown may lose the setuid bits. 1048 */ 1049 if (!dounpriv && ((gid != (gid_t)-1 && gid != to_sb.st_gid) || 1050 (uid != (uid_t)-1 && uid != to_sb.st_uid) || 1051 (mode != (to_sb.st_mode & ALLPERMS)))) { 1052 #if HAVE_STRUCT_STAT_ST_FLAGS 1053 /* Try to turn off the immutable bits. */ 1054 if (to_sb.st_flags & NOCHANGEBITS) 1055 (void)fchflags(to_fd, to_sb.st_flags & ~NOCHANGEBITS); 1056 #endif 1057 } 1058 1059 if (!dounpriv && ((gid != (gid_t)-1 && gid != to_sb.st_gid) || 1060 (uid != (uid_t)-1 && uid != to_sb.st_uid))) { 1061 if (fchown(to_fd, uid, gid) == -1) { 1062 serrno = errno; 1063 (void)unlink(to_name); 1064 errno = serrno; 1065 err(EX_OSERR,"%s: chown/chgrp", to_name); 1066 } 1067 } 1068 if (mode != (to_sb.st_mode & ALLPERMS)) { 1069 if (fchmod(to_fd, 1070 dounpriv ? mode & (S_IRWXU|S_IRWXG|S_IRWXO) : mode)) { 1071 serrno = errno; 1072 (void)unlink(to_name); 1073 errno = serrno; 1074 err(EX_OSERR, "%s: chmod", to_name); 1075 } 1076 } 1077 #if HAVE_STRUCT_STAT_ST_FLAGS 1078 /* 1079 * If provided a set of flags, set them, otherwise, preserve the 1080 * flags, except for the dump flag. 1081 * NFS does not support flags. Ignore EOPNOTSUPP flags if we're just 1082 * trying to turn off UF_NODUMP. If we're trying to set real flags, 1083 * then warn if the fs doesn't support it, otherwise fail. 1084 */ 1085 if (!dounpriv && !devnull && (flags & SETFLAGS || 1086 (from_sb.st_flags & ~UF_NODUMP) != to_sb.st_flags) && 1087 fchflags(to_fd, 1088 flags & SETFLAGS ? fset : from_sb.st_flags & ~UF_NODUMP)) { 1089 if (flags & SETFLAGS) { 1090 if (errno == EOPNOTSUPP) 1091 warn("%s: chflags", to_name); 1092 else { 1093 serrno = errno; 1094 (void)unlink(to_name); 1095 errno = serrno; 1096 err(EX_OSERR, "%s: chflags", to_name); 1097 } 1098 } 1099 } 1100 #endif 1101 1102 (void)close(to_fd); 1103 if (!devnull) 1104 (void)close(from_fd); 1105 1106 metadata_log(to_name, "file", tsb, NULL, digestresult, to_sb.st_size); 1107 free(digestresult); 1108 } 1109 1110 /* 1111 * compare -- 1112 * Compare two files; non-zero means files differ. 1113 * Compute digest and return its address in *dresp 1114 * unless it points to pre-computed digest. 1115 */ 1116 static int 1117 compare(int from_fd, const char *from_name __unused, size_t from_len, 1118 int to_fd, const char *to_name __unused, size_t to_len, 1119 char **dresp) 1120 { 1121 char *p, *q; 1122 int rv; 1123 int do_digest, done_compare; 1124 DIGEST_CTX ctx; 1125 1126 rv = 0; 1127 if (from_len != to_len) 1128 return 1; 1129 1130 do_digest = (digesttype != DIGEST_NONE && dresp != NULL && 1131 *dresp == NULL); 1132 if (from_len <= MAX_CMP_SIZE) { 1133 if (do_digest) 1134 digest_init(&ctx); 1135 done_compare = 0; 1136 if (trymmap(from_len) && trymmap(to_len)) { 1137 p = mmap(NULL, from_len, PROT_READ, MAP_SHARED, 1138 from_fd, (off_t)0); 1139 if (p == MAP_FAILED) 1140 goto out; 1141 q = mmap(NULL, from_len, PROT_READ, MAP_SHARED, 1142 to_fd, (off_t)0); 1143 if (q == MAP_FAILED) { 1144 munmap(p, from_len); 1145 goto out; 1146 } 1147 1148 rv = memcmp(p, q, from_len); 1149 if (do_digest) 1150 digest_update(&ctx, p, from_len); 1151 munmap(p, from_len); 1152 munmap(q, from_len); 1153 done_compare = 1; 1154 } 1155 out: 1156 if (!done_compare) { 1157 static char *buf, *buf1, *buf2; 1158 static size_t bufsize; 1159 int n1, n2; 1160 1161 if (buf == NULL) { 1162 /* 1163 * Note that buf and bufsize are static. If 1164 * malloc() fails, it will fail at the start 1165 * and not copy only some files. 1166 */ 1167 if (sysconf(_SC_PHYS_PAGES) > 1168 PHYSPAGES_THRESHOLD) 1169 bufsize = MIN(BUFSIZE_MAX, MAXPHYS * 8); 1170 else 1171 bufsize = BUFSIZE_SMALL; 1172 buf = malloc(bufsize * 2); 1173 if (buf == NULL) 1174 err(1, "Not enough memory"); 1175 buf1 = buf; 1176 buf2 = buf + bufsize; 1177 } 1178 rv = 0; 1179 lseek(from_fd, 0, SEEK_SET); 1180 lseek(to_fd, 0, SEEK_SET); 1181 while (rv == 0) { 1182 n1 = read(from_fd, buf1, bufsize); 1183 if (n1 == 0) 1184 break; /* EOF */ 1185 else if (n1 > 0) { 1186 n2 = read(to_fd, buf2, n1); 1187 if (n2 == n1) 1188 rv = memcmp(buf1, buf2, n1); 1189 else 1190 rv = 1; /* out of sync */ 1191 } else 1192 rv = 1; /* read failure */ 1193 if (do_digest) 1194 digest_update(&ctx, buf1, n1); 1195 } 1196 lseek(from_fd, 0, SEEK_SET); 1197 lseek(to_fd, 0, SEEK_SET); 1198 } 1199 } else 1200 rv = 1; /* don't bother in this case */ 1201 1202 if (do_digest) { 1203 if (rv == 0) 1204 *dresp = digest_end(&ctx, NULL); 1205 else 1206 (void)digest_end(&ctx, NULL); 1207 } 1208 1209 return rv; 1210 } 1211 1212 /* 1213 * create_tempfile -- 1214 * create a temporary file based on path and open it 1215 */ 1216 static int 1217 create_tempfile(const char *path, char *temp, size_t tsize) 1218 { 1219 char *p; 1220 1221 (void)strncpy(temp, path, tsize); 1222 temp[tsize - 1] = '\0'; 1223 if ((p = strrchr(temp, '/')) != NULL) 1224 p++; 1225 else 1226 p = temp; 1227 (void)strncpy(p, "INS@XXXXXX", &temp[tsize - 1] - p); 1228 temp[tsize - 1] = '\0'; 1229 return (mkstemp(temp)); 1230 } 1231 1232 /* 1233 * create_newfile -- 1234 * create a new file, overwriting an existing one if necessary 1235 */ 1236 static int 1237 create_newfile(const char *path, int target, struct stat *sbp) 1238 { 1239 char backup[MAXPATHLEN]; 1240 int saved_errno = 0; 1241 int newfd; 1242 1243 if (target) { 1244 /* 1245 * Unlink now... avoid ETXTBSY errors later. Try to turn 1246 * off the append/immutable bits -- if we fail, go ahead, 1247 * it might work. 1248 */ 1249 #if HAVE_STRUCT_STAT_ST_FLAGS 1250 if (sbp->st_flags & NOCHANGEBITS) 1251 (void)chflags(path, sbp->st_flags & ~NOCHANGEBITS); 1252 #endif 1253 1254 if (dobackup) { 1255 if ((size_t)snprintf(backup, MAXPATHLEN, "%s%s", 1256 path, suffix) != strlen(path) + strlen(suffix)) { 1257 saved_errno = errno; 1258 #if HAVE_STRUCT_STAT_ST_FLAGS 1259 if (sbp->st_flags & NOCHANGEBITS) 1260 (void)chflags(path, sbp->st_flags); 1261 #endif 1262 errno = saved_errno; 1263 errx(EX_OSERR, "%s: backup filename too long", 1264 path); 1265 } 1266 (void)snprintf(backup, MAXPATHLEN, "%s%s", 1267 path, suffix); 1268 if (verbose) 1269 (void)printf("install: %s -> %s\n", 1270 path, backup); 1271 if (rename(path, backup) < 0) { 1272 saved_errno = errno; 1273 #if HAVE_STRUCT_STAT_ST_FLAGS 1274 if (sbp->st_flags & NOCHANGEBITS) 1275 (void)chflags(path, sbp->st_flags); 1276 #endif 1277 errno = saved_errno; 1278 err(EX_OSERR, "rename: %s to %s", path, backup); 1279 } 1280 } else 1281 if (unlink(path) < 0) 1282 saved_errno = errno; 1283 } 1284 1285 newfd = open(path, O_CREAT | O_RDWR | O_TRUNC, S_IRUSR | S_IWUSR); 1286 if (newfd < 0 && saved_errno != 0) 1287 errno = saved_errno; 1288 return newfd; 1289 } 1290 1291 /* 1292 * copy -- 1293 * copy from one file to another 1294 */ 1295 static char * 1296 copy(int from_fd, const char *from_name, int to_fd, const char *to_name, 1297 off_t size) 1298 { 1299 static char *buf = NULL; 1300 static size_t bufsize; 1301 int nr, nw; 1302 int serrno; 1303 char *p; 1304 int done_copy; 1305 DIGEST_CTX ctx; 1306 1307 /* Rewind file descriptors. */ 1308 if (lseek(from_fd, (off_t)0, SEEK_SET) == (off_t)-1) 1309 err(EX_OSERR, "lseek: %s", from_name); 1310 if (lseek(to_fd, (off_t)0, SEEK_SET) == (off_t)-1) 1311 err(EX_OSERR, "lseek: %s", to_name); 1312 1313 digest_init(&ctx); 1314 1315 done_copy = 0; 1316 if (trymmap((size_t)size) && 1317 (p = mmap(NULL, (size_t)size, PROT_READ, MAP_SHARED, 1318 from_fd, (off_t)0)) != MAP_FAILED) { 1319 nw = write(to_fd, p, size); 1320 if (nw != size) { 1321 serrno = errno; 1322 (void)unlink(to_name); 1323 if (nw >= 0) { 1324 errx(EX_OSERR, 1325 "short write to %s: %jd bytes written, %jd bytes asked to write", 1326 to_name, (uintmax_t)nw, (uintmax_t)size); 1327 } else { 1328 errno = serrno; 1329 err(EX_OSERR, "%s", to_name); 1330 } 1331 } 1332 digest_update(&ctx, p, size); 1333 (void)munmap(p, size); 1334 done_copy = 1; 1335 } 1336 if (!done_copy) { 1337 if (buf == NULL) { 1338 /* 1339 * Note that buf and bufsize are static. If 1340 * malloc() fails, it will fail at the start 1341 * and not copy only some files. 1342 */ 1343 if (sysconf(_SC_PHYS_PAGES) > 1344 PHYSPAGES_THRESHOLD) 1345 bufsize = MIN(BUFSIZE_MAX, MAXPHYS * 8); 1346 else 1347 bufsize = BUFSIZE_SMALL; 1348 buf = malloc(bufsize); 1349 if (buf == NULL) 1350 err(1, "Not enough memory"); 1351 } 1352 while ((nr = read(from_fd, buf, bufsize)) > 0) { 1353 if ((nw = write(to_fd, buf, nr)) != nr) { 1354 serrno = errno; 1355 (void)unlink(to_name); 1356 if (nw >= 0) { 1357 errx(EX_OSERR, 1358 "short write to %s: %jd bytes written, %jd bytes asked to write", 1359 to_name, (uintmax_t)nw, 1360 (uintmax_t)size); 1361 } else { 1362 errno = serrno; 1363 err(EX_OSERR, "%s", to_name); 1364 } 1365 } 1366 digest_update(&ctx, buf, nr); 1367 } 1368 if (nr != 0) { 1369 serrno = errno; 1370 (void)unlink(to_name); 1371 errno = serrno; 1372 err(EX_OSERR, "%s", from_name); 1373 } 1374 } 1375 if (safecopy && fsync(to_fd) == -1) { 1376 serrno = errno; 1377 (void)unlink(to_name); 1378 errno = serrno; 1379 err(EX_OSERR, "fsync failed for %s", to_name); 1380 } 1381 return (digest_end(&ctx, NULL)); 1382 } 1383 1384 /* 1385 * strip -- 1386 * Use strip(1) to strip the target file. 1387 * Just invoke strip(1) on to_name if from_name is NULL, else try 1388 * to run "strip -o to_name from_name" and return 0 on failure. 1389 * Return 1 on success and assign result of digest_file(to_name) 1390 * to *dresp. 1391 */ 1392 static int 1393 strip(const char *to_name, int to_fd, const char *from_name, char **dresp) 1394 { 1395 const char *stripbin; 1396 const char *args[5]; 1397 char *prefixed_from_name; 1398 pid_t pid; 1399 int error, serrno, status; 1400 1401 prefixed_from_name = NULL; 1402 stripbin = getenv("STRIPBIN"); 1403 if (stripbin == NULL) 1404 stripbin = "strip"; 1405 args[0] = stripbin; 1406 if (from_name == NULL) { 1407 args[1] = to_name; 1408 args[2] = NULL; 1409 } else { 1410 args[1] = "-o"; 1411 args[2] = to_name; 1412 1413 /* Prepend './' if from_name begins with '-' */ 1414 if (from_name[0] == '-') { 1415 if (asprintf(&prefixed_from_name, "./%s", from_name) == -1) 1416 return (0); 1417 args[3] = prefixed_from_name; 1418 } else { 1419 args[3] = from_name; 1420 } 1421 args[4] = NULL; 1422 } 1423 error = posix_spawnp(&pid, stripbin, NULL, NULL, 1424 __DECONST(char **, args), environ); 1425 if (error != 0) { 1426 (void)unlink(to_name); 1427 errc(error == EAGAIN || error == EPROCLIM || error == ENOMEM ? 1428 EX_TEMPFAIL : EX_OSERR, error, "spawn %s", stripbin); 1429 } 1430 free(prefixed_from_name); 1431 if (waitpid(pid, &status, 0) == -1) { 1432 error = errno; 1433 (void)unlink(to_name); 1434 errc(EX_SOFTWARE, error, "wait"); 1435 /* NOTREACHED */ 1436 } 1437 if (status != 0) { 1438 if (from_name != NULL) 1439 return (0); 1440 (void)unlink(to_name); 1441 errx(EX_SOFTWARE, "strip command %s failed on %s", 1442 stripbin, to_name); 1443 } 1444 if (from_name != NULL && safecopy && fsync(to_fd) == -1) { 1445 serrno = errno; 1446 (void)unlink(to_name); 1447 errno = serrno; 1448 err(EX_OSERR, "fsync failed for %s", to_name); 1449 } 1450 if (dresp != NULL) 1451 *dresp = digest_file(to_name); 1452 return (1); 1453 } 1454 1455 /* 1456 * install_dir -- 1457 * build directory hierarchy 1458 */ 1459 static void 1460 install_dir(char *path) 1461 { 1462 char *p; 1463 struct stat sb; 1464 int ch, tried_mkdir; 1465 1466 for (p = path;; ++p) 1467 if (!*p || (p != path && *p == '/')) { 1468 tried_mkdir = 0; 1469 ch = *p; 1470 *p = '\0'; 1471 again: 1472 if (stat(path, &sb) != 0) { 1473 if (errno != ENOENT || tried_mkdir) 1474 err(EX_OSERR, "stat %s", path); 1475 if (mkdir(path, 0755) < 0) { 1476 tried_mkdir = 1; 1477 if (errno == EEXIST) 1478 goto again; 1479 err(EX_OSERR, "mkdir %s", path); 1480 } 1481 if (verbose) 1482 (void)printf("install: mkdir %s\n", 1483 path); 1484 } else if (!S_ISDIR(sb.st_mode)) 1485 errx(EX_OSERR, "%s exists but is not a directory", path); 1486 if (!(*p = ch)) 1487 break; 1488 } 1489 1490 if (!dounpriv) { 1491 if ((gid != (gid_t)-1 || uid != (uid_t)-1) && 1492 chown(path, uid, gid)) 1493 warn("chown %u:%u %s", uid, gid, path); 1494 /* XXXBED: should we do the chmod in the dounpriv case? */ 1495 if (chmod(path, mode)) 1496 warn("chmod %o %s", mode, path); 1497 } 1498 metadata_log(path, "dir", NULL, NULL, NULL, 0); 1499 } 1500 1501 /* 1502 * metadata_log -- 1503 * if metafp is not NULL, output mtree(8) full path name and settings to 1504 * metafp, to allow permissions to be set correctly by other tools, 1505 * or to allow integrity checks to be performed. 1506 */ 1507 static void 1508 metadata_log(const char *path, const char *type, struct timespec *ts, 1509 const char *slink, const char *digestresult, off_t size) 1510 { 1511 static const char extra[] = { ' ', '\t', '\n', '\\', '#', '\0' }; 1512 const char *p; 1513 char *buf; 1514 size_t destlen; 1515 struct flock metalog_lock; 1516 1517 if (!metafp) 1518 return; 1519 /* Buffer for strsvis(3). */ 1520 buf = (char *)malloc(4 * strlen(path) + 1); 1521 if (buf == NULL) { 1522 warnx("%s", strerror(ENOMEM)); 1523 return; 1524 } 1525 1526 /* Lock log file. */ 1527 metalog_lock.l_start = 0; 1528 metalog_lock.l_len = 0; 1529 metalog_lock.l_whence = SEEK_SET; 1530 metalog_lock.l_type = F_WRLCK; 1531 if (fcntl(fileno(metafp), F_SETLKW, &metalog_lock) == -1) { 1532 warn("can't lock %s", metafile); 1533 free(buf); 1534 return; 1535 } 1536 1537 /* Remove destdir. */ 1538 p = path; 1539 if (destdir) { 1540 destlen = strlen(destdir); 1541 if (strncmp(p, destdir, destlen) == 0 && 1542 (p[destlen] == '/' || p[destlen] == '\0')) 1543 p += destlen; 1544 } 1545 while (*p && *p == '/') 1546 p++; 1547 strsvis(buf, p, VIS_OCTAL, extra); 1548 p = buf; 1549 /* Print details. */ 1550 fprintf(metafp, ".%s%s type=%s", *p ? "/" : "", p, type); 1551 if (owner) 1552 fprintf(metafp, " uname=%s", owner); 1553 if (group) 1554 fprintf(metafp, " gname=%s", group); 1555 fprintf(metafp, " mode=%#o", mode); 1556 if (slink) { 1557 strsvis(buf, slink, VIS_CSTYLE, extra); /* encode link */ 1558 fprintf(metafp, " link=%s", buf); 1559 } 1560 if (*type == 'f') /* type=file */ 1561 fprintf(metafp, " size=%lld", (long long)size); 1562 if (ts != NULL && dopreserve) 1563 fprintf(metafp, " time=%lld.%09ld", 1564 (long long)ts[1].tv_sec, ts[1].tv_nsec); 1565 if (digestresult && digest) 1566 fprintf(metafp, " %s=%s", digest, digestresult); 1567 if (fflags) 1568 fprintf(metafp, " flags=%s", fflags); 1569 if (tags) 1570 fprintf(metafp, " tags=%s", tags); 1571 fputc('\n', metafp); 1572 /* Flush line. */ 1573 fflush(metafp); 1574 1575 /* Unlock log file. */ 1576 metalog_lock.l_type = F_UNLCK; 1577 if (fcntl(fileno(metafp), F_SETLKW, &metalog_lock) == -1) 1578 warn("can't unlock %s", metafile); 1579 free(buf); 1580 } 1581 1582 /* 1583 * usage -- 1584 * print a usage message and die 1585 */ 1586 static void 1587 usage(void) 1588 { 1589 (void)fprintf(stderr, 1590 "usage: install [-bCcpSsUv] [-f flags] [-g group] [-m mode] [-o owner]\n" 1591 " [-M log] [-D dest] [-h hash] [-T tags]\n" 1592 " [-B suffix] [-l linkflags] [-N dbdir]\n" 1593 " file1 file2\n" 1594 " install [-bCcpSsUv] [-f flags] [-g group] [-m mode] [-o owner]\n" 1595 " [-M log] [-D dest] [-h hash] [-T tags]\n" 1596 " [-B suffix] [-l linkflags] [-N dbdir]\n" 1597 " file1 ... fileN directory\n" 1598 " install -dU [-vU] [-g group] [-m mode] [-N dbdir] [-o owner]\n" 1599 " [-M log] [-D dest] [-h hash] [-T tags]\n" 1600 " directory ...\n"); 1601 exit(EX_USAGE); 1602 /* NOTREACHED */ 1603 } 1604 1605 /* 1606 * trymmap -- 1607 * return true (1) if mmap should be tried, false (0) if not. 1608 */ 1609 static int 1610 trymmap(size_t filesize) 1611 { 1612 /* 1613 * This function existed to skip mmap() for NFS file systems whereas 1614 * nowadays mmap() should be perfectly safe. Nevertheless, using mmap() 1615 * only reduces the number of system calls if we need multiple read() 1616 * syscalls, i.e. if the file size is > MAXBSIZE. However, mmap() is 1617 * more expensive than read() so set the threshold at 4 fewer syscalls. 1618 * Additionally, for larger file size mmap() can significantly increase 1619 * the number of page faults, so avoid it in that case. 1620 * 1621 * Note: the 8MB limit is not based on any meaningful benchmarking 1622 * results, it is simply reusing the same value that was used before 1623 * and also matches bin/cp. 1624 * 1625 * XXX: Maybe we shouldn't bother with mmap() at all, since we use 1626 * MAXBSIZE the syscall overhead of read() shouldn't be too high? 1627 */ 1628 return (filesize > 4 * MAXBSIZE && filesize < 8 * 1024 * 1024); 1629 } 1630