1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2012, 2013 SRI International 5 * Copyright (c) 1987, 1993 6 * The Regents of the University of California. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the University nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include <sys/param.h> 34 #include <sys/mman.h> 35 #include <sys/mount.h> 36 #include <sys/stat.h> 37 #include <sys/time.h> 38 #include <sys/wait.h> 39 40 #include <err.h> 41 #include <errno.h> 42 #include <fcntl.h> 43 #include <grp.h> 44 #include <libgen.h> 45 #ifdef WITH_MD5 46 #include <md5.h> 47 #endif 48 #include <paths.h> 49 #include <pwd.h> 50 #ifdef WITH_RIPEMD160 51 #include <ripemd.h> 52 #endif 53 #include <sha.h> 54 #include <sha256.h> 55 #include <sha512.h> 56 #include <spawn.h> 57 #include <stdint.h> 58 #include <stdio.h> 59 #include <stdlib.h> 60 #include <string.h> 61 #include <sysexits.h> 62 #include <unistd.h> 63 #include <vis.h> 64 65 #include "mtree.h" 66 67 /* 68 * Memory strategy threshold, in pages: if physmem is larger than this, use a 69 * large buffer. 70 */ 71 #define PHYSPAGES_THRESHOLD (32*1024) 72 73 /* Maximum buffer size in bytes - do not allow it to grow larger than this. */ 74 #define BUFSIZE_MAX (2*1024*1024) 75 76 /* 77 * Small (default) buffer size in bytes. It's inefficient for this to be 78 * smaller than MAXPHYS. 79 */ 80 #define BUFSIZE_SMALL (MAXPHYS) 81 82 /* 83 * We need to build xinstall during the bootstrap stage when building on a 84 * non-FreeBSD system. Linux does not have the st_flags and st_birthtime 85 * members in struct stat so we need to omit support for changing those fields. 86 */ 87 #ifdef UF_SETTABLE 88 #define HAVE_STRUCT_STAT_ST_FLAGS 1 89 #else 90 #define HAVE_STRUCT_STAT_ST_FLAGS 0 91 #endif 92 93 #define MAX_CMP_SIZE (16 * 1024 * 1024) 94 95 #define LN_ABSOLUTE 0x01 96 #define LN_RELATIVE 0x02 97 #define LN_HARD 0x04 98 #define LN_SYMBOLIC 0x08 99 #define LN_MIXED 0x10 100 101 #define DIRECTORY 0x01 /* Tell install it's a directory. */ 102 #define SETFLAGS 0x02 /* Tell install to set flags. */ 103 #define NOCHANGEBITS (UF_IMMUTABLE | UF_APPEND | SF_IMMUTABLE | SF_APPEND) 104 #define BACKUP_SUFFIX ".old" 105 106 typedef union { 107 #ifdef WITH_MD5 108 MD5_CTX MD5; 109 #endif 110 #ifdef WITH_RIPEMD160 111 RIPEMD160_CTX RIPEMD160; 112 #endif 113 SHA1_CTX SHA1; 114 SHA256_CTX SHA256; 115 SHA512_CTX SHA512; 116 } DIGEST_CTX; 117 118 static enum { 119 DIGEST_NONE = 0, 120 #ifdef WITH_MD5 121 DIGEST_MD5, 122 #endif 123 #ifdef WITH_RIPEMD160 124 DIGEST_RIPEMD160, 125 #endif 126 DIGEST_SHA1, 127 DIGEST_SHA256, 128 DIGEST_SHA512, 129 } digesttype = DIGEST_NONE; 130 131 extern char **environ; 132 133 static gid_t gid; 134 static uid_t uid; 135 static int dobackup, docompare, dodir, dolink, dopreserve, dostrip, dounpriv, 136 safecopy, verbose; 137 static int haveopt_f, haveopt_g, haveopt_m, haveopt_o; 138 static mode_t mode = S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH; 139 static FILE *metafp; 140 static const char *group, *owner; 141 static const char *suffix = BACKUP_SUFFIX; 142 static char *destdir, *digest, *fflags, *metafile, *tags; 143 144 static int compare(int, const char *, size_t, int, const char *, size_t, 145 char **); 146 static char *copy(int, const char *, int, const char *, off_t); 147 static int create_tempfile(const char *, char *, size_t); 148 static char *quiet_mktemp(char *template); 149 static char *digest_file(const char *); 150 static void digest_init(DIGEST_CTX *); 151 static void digest_update(DIGEST_CTX *, const char *, size_t); 152 static char *digest_end(DIGEST_CTX *, char *); 153 static int do_link(const char *, const char *, const struct stat *); 154 static void do_symlink(const char *, const char *, const struct stat *); 155 static void makelink(const char *, const char *, const struct stat *); 156 static void install(const char *, const char *, u_long, u_int); 157 static void install_dir(char *); 158 static void metadata_log(const char *, const char *, struct timespec *, 159 const char *, const char *, off_t); 160 static int parseid(const char *, id_t *); 161 static int strip(const char *, int, const char *, char **); 162 static int trymmap(size_t); 163 static void usage(void); 164 165 int 166 main(int argc, char *argv[]) 167 { 168 struct stat from_sb, to_sb; 169 mode_t *set; 170 u_long fset; 171 int ch, no_target; 172 u_int iflags; 173 char *p; 174 const char *to_name; 175 176 fset = 0; 177 iflags = 0; 178 set = NULL; 179 group = owner = NULL; 180 while ((ch = getopt(argc, argv, "B:bCcD:df:g:h:l:M:m:N:o:pSsT:Uv")) != 181 -1) 182 switch((char)ch) { 183 case 'B': 184 suffix = optarg; 185 /* FALLTHROUGH */ 186 case 'b': 187 dobackup = 1; 188 break; 189 case 'C': 190 docompare = 1; 191 break; 192 case 'c': 193 /* For backwards compatibility. */ 194 break; 195 case 'D': 196 destdir = optarg; 197 break; 198 case 'd': 199 dodir = 1; 200 break; 201 case 'f': 202 haveopt_f = 1; 203 fflags = optarg; 204 break; 205 case 'g': 206 haveopt_g = 1; 207 group = optarg; 208 break; 209 case 'h': 210 digest = optarg; 211 break; 212 case 'l': 213 for (p = optarg; *p != '\0'; p++) 214 switch (*p) { 215 case 's': 216 dolink &= ~(LN_HARD|LN_MIXED); 217 dolink |= LN_SYMBOLIC; 218 break; 219 case 'h': 220 dolink &= ~(LN_SYMBOLIC|LN_MIXED); 221 dolink |= LN_HARD; 222 break; 223 case 'm': 224 dolink &= ~(LN_SYMBOLIC|LN_HARD); 225 dolink |= LN_MIXED; 226 break; 227 case 'a': 228 dolink &= ~LN_RELATIVE; 229 dolink |= LN_ABSOLUTE; 230 break; 231 case 'r': 232 dolink &= ~LN_ABSOLUTE; 233 dolink |= LN_RELATIVE; 234 break; 235 default: 236 errx(1, "%c: invalid link type", *p); 237 /* NOTREACHED */ 238 } 239 break; 240 case 'M': 241 metafile = optarg; 242 break; 243 case 'm': 244 haveopt_m = 1; 245 free(set); 246 if (!(set = setmode(optarg))) 247 errx(EX_USAGE, "invalid file mode: %s", 248 optarg); 249 break; 250 case 'N': 251 if (!setup_getid(optarg)) 252 err(EX_OSERR, "Unable to use user and group " 253 "databases in `%s'", optarg); 254 break; 255 case 'o': 256 haveopt_o = 1; 257 owner = optarg; 258 break; 259 case 'p': 260 docompare = dopreserve = 1; 261 break; 262 case 'S': 263 safecopy = 1; 264 break; 265 case 's': 266 dostrip = 1; 267 break; 268 case 'T': 269 tags = optarg; 270 break; 271 case 'U': 272 dounpriv = 1; 273 break; 274 case 'v': 275 verbose = 1; 276 break; 277 case '?': 278 default: 279 usage(); 280 } 281 argc -= optind; 282 argv += optind; 283 284 /* some options make no sense when creating directories */ 285 if (dostrip && dodir) { 286 warnx("-d and -s may not be specified together"); 287 usage(); 288 } 289 290 /* 291 * Default permissions based on whether we're a directory or not, since 292 * an +X may mean that we need to set the execute bit. 293 */ 294 if (set != NULL) 295 mode = getmode(set, dodir ? S_IFDIR : 0) & ~S_IFDIR; 296 free(set); 297 298 if (getenv("DONTSTRIP") != NULL) { 299 warnx("DONTSTRIP set - will not strip installed binaries"); 300 dostrip = 0; 301 } 302 303 /* must have at least two arguments, except when creating directories */ 304 if (argc == 0 || (argc == 1 && !dodir)) 305 usage(); 306 307 if (digest != NULL) { 308 if (strcmp(digest, "none") == 0) { 309 digesttype = DIGEST_NONE; 310 #ifdef WITH_MD5 311 } else if (strcmp(digest, "md5") == 0) { 312 digesttype = DIGEST_MD5; 313 #endif 314 #ifdef WITH_RIPEMD160 315 } else if (strcmp(digest, "rmd160") == 0) { 316 digesttype = DIGEST_RIPEMD160; 317 #endif 318 } else if (strcmp(digest, "sha1") == 0) { 319 digesttype = DIGEST_SHA1; 320 } else if (strcmp(digest, "sha256") == 0) { 321 digesttype = DIGEST_SHA256; 322 } else if (strcmp(digest, "sha512") == 0) { 323 digesttype = DIGEST_SHA512; 324 } else { 325 warnx("unknown digest `%s'", digest); 326 usage(); 327 } 328 } 329 330 /* get group and owner id's */ 331 if (group != NULL && !dounpriv) { 332 if (gid_from_group(group, &gid) == -1) { 333 id_t id; 334 if (!parseid(group, &id)) 335 errx(1, "unknown group %s", group); 336 gid = id; 337 } 338 } else 339 gid = (gid_t)-1; 340 341 if (owner != NULL && !dounpriv) { 342 if (uid_from_user(owner, &uid) == -1) { 343 id_t id; 344 if (!parseid(owner, &id)) 345 errx(1, "unknown user %s", owner); 346 uid = id; 347 } 348 } else 349 uid = (uid_t)-1; 350 351 if (fflags != NULL && !dounpriv) { 352 if (strtofflags(&fflags, &fset, NULL)) 353 errx(EX_USAGE, "%s: invalid flag", fflags); 354 iflags |= SETFLAGS; 355 } 356 357 if (metafile != NULL) { 358 if ((metafp = fopen(metafile, "a")) == NULL) 359 warn("open %s", metafile); 360 } else 361 digesttype = DIGEST_NONE; 362 363 if (dodir) { 364 for (; *argv != NULL; ++argv) 365 install_dir(*argv); 366 exit(EX_OK); 367 /* NOTREACHED */ 368 } 369 370 to_name = argv[argc - 1]; 371 no_target = stat(to_name, &to_sb); 372 if (!no_target && S_ISDIR(to_sb.st_mode)) { 373 if (dolink & LN_SYMBOLIC) { 374 if (lstat(to_name, &to_sb) != 0) 375 err(EX_OSERR, "%s vanished", to_name); 376 if (S_ISLNK(to_sb.st_mode)) { 377 if (argc != 2) { 378 errno = ENOTDIR; 379 err(EX_USAGE, "%s", to_name); 380 } 381 install(*argv, to_name, fset, iflags); 382 exit(EX_OK); 383 } 384 } 385 for (; *argv != to_name; ++argv) 386 install(*argv, to_name, fset, iflags | DIRECTORY); 387 exit(EX_OK); 388 /* NOTREACHED */ 389 } 390 391 /* can't do file1 file2 directory/file */ 392 if (argc != 2) { 393 if (no_target) 394 warnx("target directory `%s' does not exist", 395 argv[argc - 1]); 396 else 397 warnx("target `%s' is not a directory", 398 argv[argc - 1]); 399 usage(); 400 } 401 402 if (!no_target && !dolink) { 403 if (stat(*argv, &from_sb)) 404 err(EX_OSERR, "%s", *argv); 405 if (!S_ISREG(to_sb.st_mode)) { 406 errno = EFTYPE; 407 err(EX_OSERR, "%s", to_name); 408 } 409 if (to_sb.st_dev == from_sb.st_dev && 410 to_sb.st_ino == from_sb.st_ino) 411 errx(EX_USAGE, 412 "%s and %s are the same file", *argv, to_name); 413 } 414 install(*argv, to_name, fset, iflags); 415 exit(EX_OK); 416 /* NOTREACHED */ 417 } 418 419 static char * 420 digest_file(const char *name) 421 { 422 423 switch (digesttype) { 424 #ifdef WITH_MD5 425 case DIGEST_MD5: 426 return (MD5File(name, NULL)); 427 #endif 428 #ifdef WITH_RIPEMD160 429 case DIGEST_RIPEMD160: 430 return (RIPEMD160_File(name, NULL)); 431 #endif 432 case DIGEST_SHA1: 433 return (SHA1_File(name, NULL)); 434 case DIGEST_SHA256: 435 return (SHA256_File(name, NULL)); 436 case DIGEST_SHA512: 437 return (SHA512_File(name, NULL)); 438 default: 439 return (NULL); 440 } 441 } 442 443 static void 444 digest_init(DIGEST_CTX *c) 445 { 446 447 switch (digesttype) { 448 case DIGEST_NONE: 449 break; 450 #ifdef WITH_MD5 451 case DIGEST_MD5: 452 MD5Init(&(c->MD5)); 453 break; 454 #endif 455 #ifdef WITH_RIPEMD160 456 case DIGEST_RIPEMD160: 457 RIPEMD160_Init(&(c->RIPEMD160)); 458 break; 459 #endif 460 case DIGEST_SHA1: 461 SHA1_Init(&(c->SHA1)); 462 break; 463 case DIGEST_SHA256: 464 SHA256_Init(&(c->SHA256)); 465 break; 466 case DIGEST_SHA512: 467 SHA512_Init(&(c->SHA512)); 468 break; 469 } 470 } 471 472 static void 473 digest_update(DIGEST_CTX *c, const char *data, size_t len) 474 { 475 476 switch (digesttype) { 477 case DIGEST_NONE: 478 break; 479 #ifdef WITH_MD5 480 case DIGEST_MD5: 481 MD5Update(&(c->MD5), data, len); 482 break; 483 #endif 484 #ifdef WITH_RIPEMD160 485 case DIGEST_RIPEMD160: 486 RIPEMD160_Update(&(c->RIPEMD160), data, len); 487 break; 488 #endif 489 case DIGEST_SHA1: 490 SHA1_Update(&(c->SHA1), data, len); 491 break; 492 case DIGEST_SHA256: 493 SHA256_Update(&(c->SHA256), data, len); 494 break; 495 case DIGEST_SHA512: 496 SHA512_Update(&(c->SHA512), data, len); 497 break; 498 } 499 } 500 501 static char * 502 digest_end(DIGEST_CTX *c, char *buf) 503 { 504 505 switch (digesttype) { 506 #ifdef WITH_MD5 507 case DIGEST_MD5: 508 return (MD5End(&(c->MD5), buf)); 509 #endif 510 #ifdef WITH_RIPEMD160 511 case DIGEST_RIPEMD160: 512 return (RIPEMD160_End(&(c->RIPEMD160), buf)); 513 #endif 514 case DIGEST_SHA1: 515 return (SHA1_End(&(c->SHA1), buf)); 516 case DIGEST_SHA256: 517 return (SHA256_End(&(c->SHA256), buf)); 518 case DIGEST_SHA512: 519 return (SHA512_End(&(c->SHA512), buf)); 520 default: 521 return (NULL); 522 } 523 } 524 525 /* 526 * parseid -- 527 * parse uid or gid from arg into id, returning non-zero if successful 528 */ 529 static int 530 parseid(const char *name, id_t *id) 531 { 532 char *ep; 533 errno = 0; 534 *id = (id_t)strtoul(name, &ep, 10); 535 if (errno || *ep != '\0') 536 return (0); 537 return (1); 538 } 539 540 /* 541 * quiet_mktemp -- 542 * mktemp implementation used mkstemp to avoid mktemp warnings. We 543 * really do need mktemp semantics here as we will be creating a link. 544 */ 545 static char * 546 quiet_mktemp(char *template) 547 { 548 int fd; 549 550 if ((fd = mkstemp(template)) == -1) 551 return (NULL); 552 close (fd); 553 if (unlink(template) == -1) 554 err(EX_OSERR, "unlink %s", template); 555 return (template); 556 } 557 558 /* 559 * do_link -- 560 * make a hard link, obeying dorename if set 561 * return -1 on failure 562 */ 563 static int 564 do_link(const char *from_name, const char *to_name, 565 const struct stat *target_sb) 566 { 567 char tmpl[MAXPATHLEN]; 568 int ret; 569 570 if (target_sb != NULL) { 571 (void)snprintf(tmpl, sizeof(tmpl), "%s.inst.XXXXXX", to_name); 572 /* This usage is safe. */ 573 if (quiet_mktemp(tmpl) == NULL) 574 err(EX_OSERR, "%s: mktemp", tmpl); 575 ret = link(from_name, tmpl); 576 if (ret == 0) { 577 if (target_sb->st_mode & S_IFDIR && rmdir(to_name) == 578 -1) { 579 unlink(tmpl); 580 err(EX_OSERR, "%s", to_name); 581 } 582 #if HAVE_STRUCT_STAT_ST_FLAGS 583 if (target_sb->st_flags & NOCHANGEBITS) 584 (void)chflags(to_name, target_sb->st_flags & 585 ~NOCHANGEBITS); 586 #endif 587 if (verbose) 588 printf("install: link %s -> %s\n", 589 from_name, to_name); 590 ret = rename(tmpl, to_name); 591 /* 592 * If rename has posix semantics, then the temporary 593 * file may still exist when from_name and to_name point 594 * to the same file, so unlink it unconditionally. 595 */ 596 (void)unlink(tmpl); 597 } 598 return (ret); 599 } else { 600 if (verbose) 601 printf("install: link %s -> %s\n", 602 from_name, to_name); 603 return (link(from_name, to_name)); 604 } 605 } 606 607 /* 608 * do_symlink -- 609 * Make a symbolic link, obeying dorename if set. Exit on failure. 610 */ 611 static void 612 do_symlink(const char *from_name, const char *to_name, 613 const struct stat *target_sb) 614 { 615 char tmpl[MAXPATHLEN]; 616 617 if (target_sb != NULL) { 618 (void)snprintf(tmpl, sizeof(tmpl), "%s.inst.XXXXXX", to_name); 619 /* This usage is safe. */ 620 if (quiet_mktemp(tmpl) == NULL) 621 err(EX_OSERR, "%s: mktemp", tmpl); 622 623 if (symlink(from_name, tmpl) == -1) 624 err(EX_OSERR, "symlink %s -> %s", from_name, tmpl); 625 626 if (target_sb->st_mode & S_IFDIR && rmdir(to_name) == -1) { 627 (void)unlink(tmpl); 628 err(EX_OSERR, "%s", to_name); 629 } 630 #if HAVE_STRUCT_STAT_ST_FLAGS 631 if (target_sb->st_flags & NOCHANGEBITS) 632 (void)chflags(to_name, target_sb->st_flags & 633 ~NOCHANGEBITS); 634 #endif 635 if (verbose) 636 printf("install: symlink %s -> %s\n", 637 from_name, to_name); 638 if (rename(tmpl, to_name) == -1) { 639 /* Remove temporary link before exiting. */ 640 (void)unlink(tmpl); 641 err(EX_OSERR, "%s: rename", to_name); 642 } 643 } else { 644 if (verbose) 645 printf("install: symlink %s -> %s\n", 646 from_name, to_name); 647 if (symlink(from_name, to_name) == -1) 648 err(EX_OSERR, "symlink %s -> %s", from_name, to_name); 649 } 650 } 651 652 /* 653 * makelink -- 654 * make a link from source to destination 655 */ 656 static void 657 makelink(const char *from_name, const char *to_name, 658 const struct stat *target_sb) 659 { 660 char src[MAXPATHLEN], dst[MAXPATHLEN], lnk[MAXPATHLEN]; 661 char *to_name_copy, *d, *ld, *ls, *s; 662 const char *base, *dir; 663 struct stat to_sb; 664 665 /* Try hard links first. */ 666 if (dolink & (LN_HARD|LN_MIXED)) { 667 if (do_link(from_name, to_name, target_sb) == -1) { 668 if ((dolink & LN_HARD) || errno != EXDEV) 669 err(EX_OSERR, "link %s -> %s", from_name, to_name); 670 } else { 671 if (stat(to_name, &to_sb)) 672 err(EX_OSERR, "%s: stat", to_name); 673 if (S_ISREG(to_sb.st_mode)) { 674 /* 675 * XXX: hard links to anything other than 676 * plain files are not metalogged 677 */ 678 int omode; 679 const char *oowner, *ogroup; 680 char *offlags; 681 char *dres; 682 683 /* 684 * XXX: use underlying perms, unless 685 * overridden on command line. 686 */ 687 omode = mode; 688 if (!haveopt_m) 689 mode = (to_sb.st_mode & 0777); 690 oowner = owner; 691 if (!haveopt_o) 692 owner = NULL; 693 ogroup = group; 694 if (!haveopt_g) 695 group = NULL; 696 offlags = fflags; 697 if (!haveopt_f) 698 fflags = NULL; 699 dres = digest_file(from_name); 700 metadata_log(to_name, "file", NULL, NULL, 701 dres, to_sb.st_size); 702 free(dres); 703 mode = omode; 704 owner = oowner; 705 group = ogroup; 706 fflags = offlags; 707 } 708 return; 709 } 710 } 711 712 /* Symbolic links. */ 713 if (dolink & LN_ABSOLUTE) { 714 /* Convert source path to absolute. */ 715 if (realpath(from_name, src) == NULL) 716 err(EX_OSERR, "%s: realpath", from_name); 717 do_symlink(src, to_name, target_sb); 718 /* XXX: src may point outside of destdir */ 719 metadata_log(to_name, "link", NULL, src, NULL, 0); 720 return; 721 } 722 723 if (dolink & LN_RELATIVE) { 724 if (*from_name != '/') { 725 /* this is already a relative link */ 726 do_symlink(from_name, to_name, target_sb); 727 /* XXX: from_name may point outside of destdir. */ 728 metadata_log(to_name, "link", NULL, from_name, NULL, 0); 729 return; 730 } 731 732 /* Resolve pathnames. */ 733 if (realpath(from_name, src) == NULL) 734 err(EX_OSERR, "%s: realpath", from_name); 735 736 /* 737 * The last component of to_name may be a symlink, 738 * so use realpath to resolve only the directory. 739 */ 740 to_name_copy = strdup(to_name); 741 if (to_name_copy == NULL) 742 err(EX_OSERR, "%s: strdup", to_name); 743 base = basename(to_name_copy); 744 if (base == to_name_copy) { 745 /* destination is a file in cwd */ 746 (void)strlcpy(dst, "./", sizeof(dst)); 747 } else if (base == to_name_copy + 1) { 748 /* destination is a file in the root */ 749 (void)strlcpy(dst, "/", sizeof(dst)); 750 } else { 751 /* all other cases: safe to call dirname() */ 752 dir = dirname(to_name_copy); 753 if (realpath(dir, dst) == NULL) 754 err(EX_OSERR, "%s: realpath", dir); 755 if (strcmp(dst, "/") != 0 && 756 strlcat(dst, "/", sizeof(dst)) > sizeof(dst)) 757 errx(1, "resolved pathname too long"); 758 } 759 if (strlcat(dst, base, sizeof(dst)) > sizeof(dst)) 760 errx(1, "resolved pathname too long"); 761 free(to_name_copy); 762 763 /* Trim common path components. */ 764 ls = ld = NULL; 765 for (s = src, d = dst; *s == *d; ls = s, ld = d, s++, d++) 766 continue; 767 /* 768 * If we didn't end after a directory separator, then we've 769 * falsely matched the last component. For example, if one 770 * invoked install -lrs /lib/foo.so /libexec/ then the source 771 * would terminate just after the separator while the 772 * destination would terminate in the middle of 'libexec', 773 * leading to a full directory getting falsely eaten. 774 */ 775 if ((ls != NULL && *ls != '/') || (ld != NULL && *ld != '/')) 776 s--, d--; 777 while (*s != '/') 778 s--, d--; 779 780 /* Count the number of directories we need to backtrack. */ 781 for (++d, lnk[0] = '\0'; *d; d++) 782 if (*d == '/') 783 (void)strlcat(lnk, "../", sizeof(lnk)); 784 785 (void)strlcat(lnk, ++s, sizeof(lnk)); 786 787 do_symlink(lnk, to_name, target_sb); 788 /* XXX: Link may point outside of destdir. */ 789 metadata_log(to_name, "link", NULL, lnk, NULL, 0); 790 return; 791 } 792 793 /* 794 * If absolute or relative was not specified, try the names the 795 * user provided. 796 */ 797 do_symlink(from_name, to_name, target_sb); 798 /* XXX: from_name may point outside of destdir. */ 799 metadata_log(to_name, "link", NULL, from_name, NULL, 0); 800 } 801 802 /* 803 * install -- 804 * build a path name and install the file 805 */ 806 static void 807 install(const char *from_name, const char *to_name, u_long fset, u_int flags) 808 { 809 struct stat from_sb, temp_sb, to_sb; 810 struct timespec tsb[2]; 811 int devnull, files_match, from_fd, serrno, stripped, target; 812 int temp_fd, to_fd; 813 char backup[MAXPATHLEN], *p, pathbuf[MAXPATHLEN], tempfile[MAXPATHLEN]; 814 char *digestresult; 815 816 digestresult = NULL; 817 files_match = stripped = 0; 818 from_fd = -1; 819 to_fd = -1; 820 821 /* If try to install NULL file to a directory, fails. */ 822 if (flags & DIRECTORY || strcmp(from_name, _PATH_DEVNULL)) { 823 if (!dolink) { 824 if (stat(from_name, &from_sb)) 825 err(EX_OSERR, "%s", from_name); 826 if (!S_ISREG(from_sb.st_mode)) { 827 errno = EFTYPE; 828 err(EX_OSERR, "%s", from_name); 829 } 830 } 831 /* Build the target path. */ 832 if (flags & DIRECTORY) { 833 (void)snprintf(pathbuf, sizeof(pathbuf), "%s%s%s", 834 to_name, 835 to_name[strlen(to_name) - 1] == '/' ? "" : "/", 836 (p = strrchr(from_name, '/')) ? ++p : from_name); 837 to_name = pathbuf; 838 } 839 devnull = 0; 840 } else { 841 devnull = 1; 842 } 843 if (*to_name == '\0') 844 errx(EX_USAGE, "destination cannot be an empty string"); 845 846 target = (lstat(to_name, &to_sb) == 0); 847 848 if (dolink) { 849 makelink(from_name, to_name, target ? &to_sb : NULL); 850 return; 851 } 852 853 if (target && !S_ISREG(to_sb.st_mode) && !S_ISLNK(to_sb.st_mode)) { 854 errno = EFTYPE; 855 warn("%s", to_name); 856 return; 857 } 858 859 if (!devnull && (from_fd = open(from_name, O_RDONLY, 0)) < 0) 860 err(EX_OSERR, "%s", from_name); 861 862 /* If we don't strip, we can compare first. */ 863 if (docompare && !dostrip && target && S_ISREG(to_sb.st_mode)) { 864 if ((to_fd = open(to_name, O_RDONLY, 0)) < 0) 865 err(EX_OSERR, "%s", to_name); 866 if (devnull) 867 files_match = to_sb.st_size == 0; 868 else 869 files_match = !(compare(from_fd, from_name, 870 (size_t)from_sb.st_size, to_fd, 871 to_name, (size_t)to_sb.st_size, &digestresult)); 872 873 /* Close "to" file unless we match. */ 874 if (!files_match) 875 (void)close(to_fd); 876 } 877 878 if (!files_match) { 879 to_fd = create_tempfile(to_name, tempfile, 880 sizeof(tempfile)); 881 if (to_fd < 0) 882 err(EX_OSERR, "%s", tempfile); 883 if (!devnull) { 884 if (dostrip) { 885 stripped = strip(tempfile, to_fd, from_name, 886 &digestresult); 887 } 888 if (!stripped) { 889 digestresult = copy(from_fd, from_name, to_fd, 890 tempfile, from_sb.st_size); 891 } 892 } 893 } 894 895 if (dostrip) { 896 if (!stripped) 897 (void)strip(tempfile, to_fd, NULL, &digestresult); 898 899 /* 900 * Re-open our fd on the target, in case 901 * we did not strip in-place. 902 */ 903 close(to_fd); 904 to_fd = open(tempfile, O_RDONLY, 0); 905 if (to_fd < 0) 906 err(EX_OSERR, "stripping %s", to_name); 907 } 908 909 /* 910 * Compare the stripped temp file with the target. 911 */ 912 if (docompare && dostrip && target && S_ISREG(to_sb.st_mode)) { 913 temp_fd = to_fd; 914 915 /* Re-open to_fd using the real target name. */ 916 if ((to_fd = open(to_name, O_RDONLY, 0)) < 0) 917 err(EX_OSERR, "%s", to_name); 918 919 if (fstat(temp_fd, &temp_sb)) { 920 serrno = errno; 921 (void)unlink(tempfile); 922 errno = serrno; 923 err(EX_OSERR, "%s", tempfile); 924 } 925 926 if (compare(temp_fd, tempfile, (size_t)temp_sb.st_size, to_fd, 927 to_name, (size_t)to_sb.st_size, &digestresult) 928 == 0) { 929 /* 930 * If target has more than one link we need to 931 * replace it in order to snap the extra links. 932 * Need to preserve target file times, though. 933 */ 934 if (to_sb.st_nlink != 1) { 935 tsb[0] = to_sb.st_atim; 936 tsb[1] = to_sb.st_mtim; 937 (void)utimensat(AT_FDCWD, tempfile, tsb, 0); 938 } else { 939 files_match = 1; 940 (void)unlink(tempfile); 941 } 942 (void) close(temp_fd); 943 } 944 } else if (dostrip) 945 digestresult = digest_file(tempfile); 946 947 /* 948 * Move the new file into place if the files are different (or 949 * just not compared). 950 */ 951 if (!files_match) { 952 #if HAVE_STRUCT_STAT_ST_FLAGS 953 /* Try to turn off the immutable bits. */ 954 if (to_sb.st_flags & NOCHANGEBITS) 955 (void)chflags(to_name, to_sb.st_flags & ~NOCHANGEBITS); 956 #endif 957 if (target && dobackup) { 958 if ((size_t)snprintf(backup, MAXPATHLEN, "%s%s", to_name, 959 suffix) != strlen(to_name) + strlen(suffix)) { 960 unlink(tempfile); 961 errx(EX_OSERR, "%s: backup filename too long", 962 to_name); 963 } 964 if (verbose) 965 (void)printf("install: %s -> %s\n", to_name, backup); 966 if (unlink(backup) < 0 && errno != ENOENT) { 967 serrno = errno; 968 #if HAVE_STRUCT_STAT_ST_FLAGS 969 if (to_sb.st_flags & NOCHANGEBITS) 970 (void)chflags(to_name, to_sb.st_flags); 971 #endif 972 unlink(tempfile); 973 errno = serrno; 974 err(EX_OSERR, "unlink: %s", backup); 975 } 976 if (link(to_name, backup) < 0) { 977 serrno = errno; 978 unlink(tempfile); 979 #if HAVE_STRUCT_STAT_ST_FLAGS 980 if (to_sb.st_flags & NOCHANGEBITS) 981 (void)chflags(to_name, to_sb.st_flags); 982 #endif 983 errno = serrno; 984 err(EX_OSERR, "link: %s to %s", to_name, 985 backup); 986 } 987 } 988 if (verbose) 989 (void)printf("install: %s -> %s\n", from_name, to_name); 990 if (rename(tempfile, to_name) < 0) { 991 serrno = errno; 992 unlink(tempfile); 993 errno = serrno; 994 err(EX_OSERR, "rename: %s to %s", 995 tempfile, to_name); 996 } 997 998 /* Re-open to_fd so we aren't hosed by the rename(2). */ 999 (void) close(to_fd); 1000 if ((to_fd = open(to_name, O_RDONLY, 0)) < 0) 1001 err(EX_OSERR, "%s", to_name); 1002 } 1003 1004 /* 1005 * Preserve the timestamp of the source file if necessary. 1006 */ 1007 if (dopreserve && !files_match && !devnull) { 1008 tsb[0] = from_sb.st_atim; 1009 tsb[1] = from_sb.st_mtim; 1010 (void)utimensat(AT_FDCWD, to_name, tsb, 0); 1011 } 1012 1013 if (fstat(to_fd, &to_sb) == -1) { 1014 serrno = errno; 1015 (void)unlink(to_name); 1016 errno = serrno; 1017 err(EX_OSERR, "%s", to_name); 1018 } 1019 1020 /* 1021 * Set owner, group, mode for target; do the chown first, 1022 * chown may lose the setuid bits. 1023 */ 1024 if (!dounpriv && ((gid != (gid_t)-1 && gid != to_sb.st_gid) || 1025 (uid != (uid_t)-1 && uid != to_sb.st_uid) || 1026 (mode != (to_sb.st_mode & ALLPERMS)))) { 1027 #if HAVE_STRUCT_STAT_ST_FLAGS 1028 /* Try to turn off the immutable bits. */ 1029 if (to_sb.st_flags & NOCHANGEBITS) 1030 (void)fchflags(to_fd, to_sb.st_flags & ~NOCHANGEBITS); 1031 #endif 1032 } 1033 1034 if (!dounpriv && ((gid != (gid_t)-1 && gid != to_sb.st_gid) || 1035 (uid != (uid_t)-1 && uid != to_sb.st_uid))) { 1036 if (fchown(to_fd, uid, gid) == -1) { 1037 serrno = errno; 1038 (void)unlink(to_name); 1039 errno = serrno; 1040 err(EX_OSERR,"%s: chown/chgrp", to_name); 1041 } 1042 } 1043 if (mode != (to_sb.st_mode & ALLPERMS)) { 1044 if (fchmod(to_fd, 1045 dounpriv ? mode & (S_IRWXU|S_IRWXG|S_IRWXO) : mode)) { 1046 serrno = errno; 1047 (void)unlink(to_name); 1048 errno = serrno; 1049 err(EX_OSERR, "%s: chmod", to_name); 1050 } 1051 } 1052 #if HAVE_STRUCT_STAT_ST_FLAGS 1053 /* 1054 * If provided a set of flags, set them, otherwise, preserve the 1055 * flags, except for the dump flag. 1056 * NFS does not support flags. Ignore EOPNOTSUPP flags if we're just 1057 * trying to turn off UF_NODUMP. If we're trying to set real flags, 1058 * then warn if the fs doesn't support it, otherwise fail. 1059 */ 1060 if (!dounpriv && !devnull && (flags & SETFLAGS || 1061 (from_sb.st_flags & ~UF_NODUMP) != to_sb.st_flags) && 1062 fchflags(to_fd, 1063 flags & SETFLAGS ? fset : from_sb.st_flags & ~UF_NODUMP)) { 1064 if (flags & SETFLAGS) { 1065 if (errno == EOPNOTSUPP) 1066 warn("%s: chflags", to_name); 1067 else { 1068 serrno = errno; 1069 (void)unlink(to_name); 1070 errno = serrno; 1071 err(EX_OSERR, "%s: chflags", to_name); 1072 } 1073 } 1074 } 1075 #endif 1076 1077 (void)close(to_fd); 1078 if (!devnull) 1079 (void)close(from_fd); 1080 1081 metadata_log(to_name, "file", tsb, NULL, digestresult, to_sb.st_size); 1082 free(digestresult); 1083 } 1084 1085 /* 1086 * compare -- 1087 * Compare two files; non-zero means files differ. 1088 * Compute digest and return its address in *dresp 1089 * unless it points to pre-computed digest. 1090 */ 1091 static int 1092 compare(int from_fd, const char *from_name __unused, size_t from_len, 1093 int to_fd, const char *to_name __unused, size_t to_len, 1094 char **dresp) 1095 { 1096 char *p, *q; 1097 int rv; 1098 int do_digest, done_compare; 1099 DIGEST_CTX ctx; 1100 1101 rv = 0; 1102 if (from_len != to_len) 1103 return 1; 1104 1105 do_digest = (digesttype != DIGEST_NONE && dresp != NULL && 1106 *dresp == NULL); 1107 if (from_len <= MAX_CMP_SIZE) { 1108 if (do_digest) 1109 digest_init(&ctx); 1110 done_compare = 0; 1111 if (trymmap(from_len) && trymmap(to_len)) { 1112 p = mmap(NULL, from_len, PROT_READ, MAP_SHARED, 1113 from_fd, (off_t)0); 1114 if (p == MAP_FAILED) 1115 goto out; 1116 q = mmap(NULL, from_len, PROT_READ, MAP_SHARED, 1117 to_fd, (off_t)0); 1118 if (q == MAP_FAILED) { 1119 munmap(p, from_len); 1120 goto out; 1121 } 1122 1123 rv = memcmp(p, q, from_len); 1124 if (do_digest) 1125 digest_update(&ctx, p, from_len); 1126 munmap(p, from_len); 1127 munmap(q, from_len); 1128 done_compare = 1; 1129 } 1130 out: 1131 if (!done_compare) { 1132 static char *buf, *buf1, *buf2; 1133 static size_t bufsize; 1134 int n1, n2; 1135 1136 if (buf == NULL) { 1137 /* 1138 * Note that buf and bufsize are static. If 1139 * malloc() fails, it will fail at the start 1140 * and not copy only some files. 1141 */ 1142 if (sysconf(_SC_PHYS_PAGES) > 1143 PHYSPAGES_THRESHOLD) 1144 bufsize = MIN(BUFSIZE_MAX, MAXPHYS * 8); 1145 else 1146 bufsize = BUFSIZE_SMALL; 1147 buf = malloc(bufsize * 2); 1148 if (buf == NULL) 1149 err(1, "Not enough memory"); 1150 buf1 = buf; 1151 buf2 = buf + bufsize; 1152 } 1153 rv = 0; 1154 lseek(from_fd, 0, SEEK_SET); 1155 lseek(to_fd, 0, SEEK_SET); 1156 while (rv == 0) { 1157 n1 = read(from_fd, buf1, bufsize); 1158 if (n1 == 0) 1159 break; /* EOF */ 1160 else if (n1 > 0) { 1161 n2 = read(to_fd, buf2, n1); 1162 if (n2 == n1) 1163 rv = memcmp(buf1, buf2, n1); 1164 else 1165 rv = 1; /* out of sync */ 1166 } else 1167 rv = 1; /* read failure */ 1168 if (do_digest) 1169 digest_update(&ctx, buf1, n1); 1170 } 1171 lseek(from_fd, 0, SEEK_SET); 1172 lseek(to_fd, 0, SEEK_SET); 1173 } 1174 } else 1175 rv = 1; /* don't bother in this case */ 1176 1177 if (do_digest) { 1178 if (rv == 0) 1179 *dresp = digest_end(&ctx, NULL); 1180 else 1181 (void)digest_end(&ctx, NULL); 1182 } 1183 1184 return rv; 1185 } 1186 1187 /* 1188 * create_tempfile -- 1189 * create a temporary file based on path and open it 1190 */ 1191 static int 1192 create_tempfile(const char *path, char *temp, size_t tsize) 1193 { 1194 char *p; 1195 1196 (void)strncpy(temp, path, tsize); 1197 temp[tsize - 1] = '\0'; 1198 if ((p = strrchr(temp, '/')) != NULL) 1199 p++; 1200 else 1201 p = temp; 1202 (void)strncpy(p, "INS@XXXXXX", &temp[tsize - 1] - p); 1203 temp[tsize - 1] = '\0'; 1204 return (mkstemp(temp)); 1205 } 1206 1207 /* 1208 * copy -- 1209 * copy from one file to another 1210 */ 1211 static char * 1212 copy(int from_fd, const char *from_name, int to_fd, const char *to_name, 1213 off_t size) 1214 { 1215 static char *buf = NULL; 1216 static size_t bufsize; 1217 int nr, nw; 1218 int serrno; 1219 #ifndef BOOTSTRAP_XINSTALL 1220 ssize_t ret; 1221 #endif 1222 char *p; 1223 int done_copy; 1224 DIGEST_CTX ctx; 1225 1226 /* Rewind file descriptors. */ 1227 if (lseek(from_fd, (off_t)0, SEEK_SET) == (off_t)-1) 1228 err(EX_OSERR, "lseek: %s", from_name); 1229 if (lseek(to_fd, (off_t)0, SEEK_SET) == (off_t)-1) 1230 err(EX_OSERR, "lseek: %s", to_name); 1231 1232 #ifndef BOOTSTRAP_XINSTALL 1233 /* Try copy_file_range() if no digest is requested */ 1234 if (digesttype == DIGEST_NONE) { 1235 do { 1236 ret = copy_file_range(from_fd, NULL, to_fd, NULL, 1237 SSIZE_MAX, 0); 1238 } while (ret > 0); 1239 if (ret == 0) 1240 goto done; 1241 if (errno != EINVAL) { 1242 serrno = errno; 1243 (void)unlink(to_name); 1244 errno = serrno; 1245 err(EX_OSERR, "%s", to_name); 1246 } 1247 /* Fall back */ 1248 } 1249 1250 #endif 1251 digest_init(&ctx); 1252 1253 done_copy = 0; 1254 if (trymmap((size_t)size) && 1255 (p = mmap(NULL, (size_t)size, PROT_READ, MAP_SHARED, 1256 from_fd, (off_t)0)) != MAP_FAILED) { 1257 nw = write(to_fd, p, size); 1258 if (nw != size) { 1259 serrno = errno; 1260 (void)unlink(to_name); 1261 if (nw >= 0) { 1262 errx(EX_OSERR, 1263 "short write to %s: %jd bytes written, %jd bytes asked to write", 1264 to_name, (uintmax_t)nw, (uintmax_t)size); 1265 } else { 1266 errno = serrno; 1267 err(EX_OSERR, "%s", to_name); 1268 } 1269 } 1270 digest_update(&ctx, p, size); 1271 (void)munmap(p, size); 1272 done_copy = 1; 1273 } 1274 if (!done_copy) { 1275 if (buf == NULL) { 1276 /* 1277 * Note that buf and bufsize are static. If 1278 * malloc() fails, it will fail at the start 1279 * and not copy only some files. 1280 */ 1281 if (sysconf(_SC_PHYS_PAGES) > 1282 PHYSPAGES_THRESHOLD) 1283 bufsize = MIN(BUFSIZE_MAX, MAXPHYS * 8); 1284 else 1285 bufsize = BUFSIZE_SMALL; 1286 buf = malloc(bufsize); 1287 if (buf == NULL) 1288 err(1, "Not enough memory"); 1289 } 1290 while ((nr = read(from_fd, buf, bufsize)) > 0) { 1291 if ((nw = write(to_fd, buf, nr)) != nr) { 1292 serrno = errno; 1293 (void)unlink(to_name); 1294 if (nw >= 0) { 1295 errx(EX_OSERR, 1296 "short write to %s: %jd bytes written, %jd bytes asked to write", 1297 to_name, (uintmax_t)nw, 1298 (uintmax_t)size); 1299 } else { 1300 errno = serrno; 1301 err(EX_OSERR, "%s", to_name); 1302 } 1303 } 1304 digest_update(&ctx, buf, nr); 1305 } 1306 if (nr != 0) { 1307 serrno = errno; 1308 (void)unlink(to_name); 1309 errno = serrno; 1310 err(EX_OSERR, "%s", from_name); 1311 } 1312 } 1313 done: 1314 if (safecopy && fsync(to_fd) == -1) { 1315 serrno = errno; 1316 (void)unlink(to_name); 1317 errno = serrno; 1318 err(EX_OSERR, "fsync failed for %s", to_name); 1319 } 1320 return (digest_end(&ctx, NULL)); 1321 } 1322 1323 /* 1324 * strip -- 1325 * Use strip(1) to strip the target file. 1326 * Just invoke strip(1) on to_name if from_name is NULL, else try 1327 * to run "strip -o to_name from_name" and return 0 on failure. 1328 * Return 1 on success and assign result of digest_file(to_name) 1329 * to *dresp. 1330 */ 1331 static int 1332 strip(const char *to_name, int to_fd, const char *from_name, char **dresp) 1333 { 1334 const char *stripbin; 1335 const char *args[5]; 1336 char *prefixed_from_name; 1337 pid_t pid; 1338 int error, serrno, status; 1339 1340 prefixed_from_name = NULL; 1341 stripbin = getenv("STRIPBIN"); 1342 if (stripbin == NULL) 1343 stripbin = "strip"; 1344 args[0] = stripbin; 1345 if (from_name == NULL) { 1346 args[1] = to_name; 1347 args[2] = NULL; 1348 } else { 1349 args[1] = "-o"; 1350 args[2] = to_name; 1351 1352 /* Prepend './' if from_name begins with '-' */ 1353 if (from_name[0] == '-') { 1354 if (asprintf(&prefixed_from_name, "./%s", from_name) == -1) 1355 return (0); 1356 args[3] = prefixed_from_name; 1357 } else { 1358 args[3] = from_name; 1359 } 1360 args[4] = NULL; 1361 } 1362 error = posix_spawnp(&pid, stripbin, NULL, NULL, 1363 __DECONST(char **, args), environ); 1364 if (error != 0) { 1365 (void)unlink(to_name); 1366 errc(error == EAGAIN || error == EPROCLIM || error == ENOMEM ? 1367 EX_TEMPFAIL : EX_OSERR, error, "spawn %s", stripbin); 1368 } 1369 free(prefixed_from_name); 1370 if (waitpid(pid, &status, 0) == -1) { 1371 error = errno; 1372 (void)unlink(to_name); 1373 errc(EX_SOFTWARE, error, "wait"); 1374 /* NOTREACHED */ 1375 } 1376 if (status != 0) { 1377 if (from_name != NULL) 1378 return (0); 1379 (void)unlink(to_name); 1380 errx(EX_SOFTWARE, "strip command %s failed on %s", 1381 stripbin, to_name); 1382 } 1383 if (from_name != NULL && safecopy && fsync(to_fd) == -1) { 1384 serrno = errno; 1385 (void)unlink(to_name); 1386 errno = serrno; 1387 err(EX_OSERR, "fsync failed for %s", to_name); 1388 } 1389 if (dresp != NULL) 1390 *dresp = digest_file(to_name); 1391 return (1); 1392 } 1393 1394 /* 1395 * install_dir -- 1396 * build directory hierarchy 1397 */ 1398 static void 1399 install_dir(char *path) 1400 { 1401 char *p; 1402 struct stat sb; 1403 int ch, tried_mkdir; 1404 1405 for (p = path;; ++p) 1406 if (!*p || (p != path && *p == '/')) { 1407 tried_mkdir = 0; 1408 ch = *p; 1409 *p = '\0'; 1410 again: 1411 if (stat(path, &sb) != 0) { 1412 if (errno != ENOENT || tried_mkdir) 1413 err(EX_OSERR, "stat %s", path); 1414 if (mkdir(path, 0755) < 0) { 1415 tried_mkdir = 1; 1416 if (errno == EEXIST) 1417 goto again; 1418 err(EX_OSERR, "mkdir %s", path); 1419 } 1420 if (verbose) 1421 (void)printf("install: mkdir %s\n", 1422 path); 1423 } else if (!S_ISDIR(sb.st_mode)) 1424 errx(EX_OSERR, "%s exists but is not a directory", path); 1425 if (!(*p = ch)) 1426 break; 1427 } 1428 1429 if (!dounpriv) { 1430 if ((gid != (gid_t)-1 || uid != (uid_t)-1) && 1431 chown(path, uid, gid)) 1432 warn("chown %u:%u %s", uid, gid, path); 1433 /* XXXBED: should we do the chmod in the dounpriv case? */ 1434 if (chmod(path, mode)) 1435 warn("chmod %o %s", mode, path); 1436 } 1437 metadata_log(path, "dir", NULL, NULL, NULL, 0); 1438 } 1439 1440 /* 1441 * metadata_log -- 1442 * if metafp is not NULL, output mtree(8) full path name and settings to 1443 * metafp, to allow permissions to be set correctly by other tools, 1444 * or to allow integrity checks to be performed. 1445 */ 1446 static void 1447 metadata_log(const char *path, const char *type, struct timespec *ts, 1448 const char *slink, const char *digestresult, off_t size) 1449 { 1450 static const char extra[] = { ' ', '\t', '\n', '\\', '#', '\0' }; 1451 const char *p; 1452 char *buf; 1453 size_t buflen, destlen; 1454 struct flock metalog_lock; 1455 1456 if (!metafp) 1457 return; 1458 /* Buffer for strsnvis(3), used for both path and slink. */ 1459 buflen = strlen(path); 1460 if (slink && strlen(slink) > buflen) 1461 buflen = strlen(slink); 1462 buflen = 4 * buflen + 1; 1463 if ((buf = malloc(buflen)) == NULL) { 1464 warn(NULL); 1465 return; 1466 } 1467 1468 /* Lock log file. */ 1469 metalog_lock.l_start = 0; 1470 metalog_lock.l_len = 0; 1471 metalog_lock.l_whence = SEEK_SET; 1472 metalog_lock.l_type = F_WRLCK; 1473 if (fcntl(fileno(metafp), F_SETLKW, &metalog_lock) == -1) { 1474 warn("can't lock %s", metafile); 1475 free(buf); 1476 return; 1477 } 1478 1479 /* Remove destdir. */ 1480 p = path; 1481 if (destdir) { 1482 destlen = strlen(destdir); 1483 if (strncmp(p, destdir, destlen) == 0 && 1484 (p[destlen] == '/' || p[destlen] == '\0')) 1485 p += destlen; 1486 } 1487 while (*p && *p == '/') 1488 p++; 1489 strsnvis(buf, buflen, p, VIS_OCTAL, extra); 1490 p = buf; 1491 /* Print details. */ 1492 fprintf(metafp, ".%s%s type=%s", *p ? "/" : "", p, type); 1493 if (owner) 1494 fprintf(metafp, " uname=%s", owner); 1495 if (group) 1496 fprintf(metafp, " gname=%s", group); 1497 fprintf(metafp, " mode=%#o", mode); 1498 if (slink) { 1499 strsnvis(buf, buflen, slink, VIS_CSTYLE, extra); 1500 fprintf(metafp, " link=%s", buf); 1501 } 1502 if (*type == 'f') /* type=file */ 1503 fprintf(metafp, " size=%lld", (long long)size); 1504 if (ts != NULL && dopreserve) 1505 fprintf(metafp, " time=%lld.%09ld", 1506 (long long)ts[1].tv_sec, ts[1].tv_nsec); 1507 if (digestresult && digest) 1508 fprintf(metafp, " %s=%s", digest, digestresult); 1509 if (fflags) 1510 fprintf(metafp, " flags=%s", fflags); 1511 if (tags) 1512 fprintf(metafp, " tags=%s", tags); 1513 fputc('\n', metafp); 1514 /* Flush line. */ 1515 fflush(metafp); 1516 1517 /* Unlock log file. */ 1518 metalog_lock.l_type = F_UNLCK; 1519 if (fcntl(fileno(metafp), F_SETLKW, &metalog_lock) == -1) 1520 warn("can't unlock %s", metafile); 1521 free(buf); 1522 } 1523 1524 /* 1525 * usage -- 1526 * print a usage message and die 1527 */ 1528 static void 1529 usage(void) 1530 { 1531 (void)fprintf(stderr, 1532 "usage: install [-bCcpSsUv] [-f flags] [-g group] [-m mode] [-o owner]\n" 1533 " [-M log] [-D dest] [-h hash] [-T tags]\n" 1534 " [-B suffix] [-l linkflags] [-N dbdir]\n" 1535 " file1 file2\n" 1536 " install [-bCcpSsUv] [-f flags] [-g group] [-m mode] [-o owner]\n" 1537 " [-M log] [-D dest] [-h hash] [-T tags]\n" 1538 " [-B suffix] [-l linkflags] [-N dbdir]\n" 1539 " file1 ... fileN directory\n" 1540 " install -dU [-vU] [-g group] [-m mode] [-N dbdir] [-o owner]\n" 1541 " [-M log] [-D dest] [-h hash] [-T tags]\n" 1542 " directory ...\n"); 1543 exit(EX_USAGE); 1544 /* NOTREACHED */ 1545 } 1546 1547 /* 1548 * trymmap -- 1549 * return true (1) if mmap should be tried, false (0) if not. 1550 */ 1551 static int 1552 trymmap(size_t filesize) 1553 { 1554 /* 1555 * This function existed to skip mmap() for NFS file systems whereas 1556 * nowadays mmap() should be perfectly safe. Nevertheless, using mmap() 1557 * only reduces the number of system calls if we need multiple read() 1558 * syscalls, i.e. if the file size is > MAXBSIZE. However, mmap() is 1559 * more expensive than read() so set the threshold at 4 fewer syscalls. 1560 * Additionally, for larger file size mmap() can significantly increase 1561 * the number of page faults, so avoid it in that case. 1562 * 1563 * Note: the 8MB limit is not based on any meaningful benchmarking 1564 * results, it is simply reusing the same value that was used before 1565 * and also matches bin/cp. 1566 * 1567 * XXX: Maybe we shouldn't bother with mmap() at all, since we use 1568 * MAXBSIZE the syscall overhead of read() shouldn't be too high? 1569 */ 1570 return (filesize > 4 * MAXBSIZE && filesize < 8 * 1024 * 1024); 1571 } 1572