1 /* 2 * Copyright (c) 2012, 2013 SRI International 3 * Copyright (c) 1987, 1993 4 * The Regents of the University of California. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. Neither the name of the University nor the names of its contributors 15 * may be used to endorse or promote products derived from this software 16 * without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 */ 30 31 #ifndef lint 32 static const char copyright[] = 33 "@(#) Copyright (c) 1987, 1993\n\ 34 The Regents of the University of California. All rights reserved.\n"; 35 #endif /* not lint */ 36 37 #if 0 38 #ifndef lint 39 static char sccsid[] = "@(#)xinstall.c 8.1 (Berkeley) 7/21/93"; 40 #endif /* not lint */ 41 #endif 42 43 #include <sys/cdefs.h> 44 __FBSDID("$FreeBSD$"); 45 46 #include <sys/param.h> 47 #include <sys/mman.h> 48 #include <sys/mount.h> 49 #include <sys/stat.h> 50 #include <sys/time.h> 51 #include <sys/wait.h> 52 53 #include <err.h> 54 #include <errno.h> 55 #include <fcntl.h> 56 #include <grp.h> 57 #include <libgen.h> 58 #include <md5.h> 59 #include <paths.h> 60 #include <pwd.h> 61 #include <ripemd.h> 62 #include <sha.h> 63 #include <sha256.h> 64 #include <sha512.h> 65 #include <spawn.h> 66 #include <stdint.h> 67 #include <stdio.h> 68 #include <stdlib.h> 69 #include <string.h> 70 #include <sysexits.h> 71 #include <unistd.h> 72 #include <vis.h> 73 74 #include "mtree.h" 75 76 #define MAX_CMP_SIZE (16 * 1024 * 1024) 77 78 #define LN_ABSOLUTE 0x01 79 #define LN_RELATIVE 0x02 80 #define LN_HARD 0x04 81 #define LN_SYMBOLIC 0x08 82 #define LN_MIXED 0x10 83 84 #define DIRECTORY 0x01 /* Tell install it's a directory. */ 85 #define SETFLAGS 0x02 /* Tell install to set flags. */ 86 #define NOCHANGEBITS (UF_IMMUTABLE | UF_APPEND | SF_IMMUTABLE | SF_APPEND) 87 #define BACKUP_SUFFIX ".old" 88 89 typedef union { 90 MD5_CTX MD5; 91 RIPEMD160_CTX RIPEMD160; 92 SHA1_CTX SHA1; 93 SHA256_CTX SHA256; 94 SHA512_CTX SHA512; 95 } DIGEST_CTX; 96 97 static enum { 98 DIGEST_NONE = 0, 99 DIGEST_MD5, 100 DIGEST_RIPEMD160, 101 DIGEST_SHA1, 102 DIGEST_SHA256, 103 DIGEST_SHA512, 104 } digesttype = DIGEST_NONE; 105 106 extern char **environ; 107 108 static gid_t gid; 109 static uid_t uid; 110 static int dobackup, docompare, dodir, dolink, dopreserve, dostrip, dounpriv, 111 safecopy, verbose; 112 static int haveopt_f, haveopt_g, haveopt_m, haveopt_o; 113 static mode_t mode = S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH; 114 static FILE *metafp; 115 static const char *group, *owner; 116 static const char *suffix = BACKUP_SUFFIX; 117 static char *destdir, *digest, *fflags, *metafile, *tags; 118 119 static int compare(int, const char *, size_t, int, const char *, size_t, 120 char **); 121 static char *copy(int, const char *, int, const char *, off_t); 122 static int create_newfile(const char *, int, struct stat *); 123 static int create_tempfile(const char *, char *, size_t); 124 static char *quiet_mktemp(char *template); 125 static char *digest_file(const char *); 126 static void digest_init(DIGEST_CTX *); 127 static void digest_update(DIGEST_CTX *, const char *, size_t); 128 static char *digest_end(DIGEST_CTX *, char *); 129 static int do_link(const char *, const char *, const struct stat *); 130 static void do_symlink(const char *, const char *, const struct stat *); 131 static void makelink(const char *, const char *, const struct stat *); 132 static void install(const char *, const char *, u_long, u_int); 133 static void install_dir(char *); 134 static void metadata_log(const char *, const char *, struct timespec *, 135 const char *, const char *, off_t); 136 static int parseid(const char *, id_t *); 137 static void strip(const char *); 138 static int trymmap(int); 139 static void usage(void); 140 141 int 142 main(int argc, char *argv[]) 143 { 144 struct stat from_sb, to_sb; 145 mode_t *set; 146 u_long fset; 147 int ch, no_target; 148 u_int iflags; 149 char *p; 150 const char *to_name; 151 152 iflags = 0; 153 group = owner = NULL; 154 while ((ch = getopt(argc, argv, "B:bCcD:df:g:h:l:M:m:N:o:pSsT:Uv")) != 155 -1) 156 switch((char)ch) { 157 case 'B': 158 suffix = optarg; 159 /* FALLTHROUGH */ 160 case 'b': 161 dobackup = 1; 162 break; 163 case 'C': 164 docompare = 1; 165 break; 166 case 'c': 167 /* For backwards compatibility. */ 168 break; 169 case 'D': 170 destdir = optarg; 171 break; 172 case 'd': 173 dodir = 1; 174 break; 175 case 'f': 176 haveopt_f = 1; 177 fflags = optarg; 178 break; 179 case 'g': 180 haveopt_g = 1; 181 group = optarg; 182 break; 183 case 'h': 184 digest = optarg; 185 break; 186 case 'l': 187 for (p = optarg; *p != '\0'; p++) 188 switch (*p) { 189 case 's': 190 dolink &= ~(LN_HARD|LN_MIXED); 191 dolink |= LN_SYMBOLIC; 192 break; 193 case 'h': 194 dolink &= ~(LN_SYMBOLIC|LN_MIXED); 195 dolink |= LN_HARD; 196 break; 197 case 'm': 198 dolink &= ~(LN_SYMBOLIC|LN_HARD); 199 dolink |= LN_MIXED; 200 break; 201 case 'a': 202 dolink &= ~LN_RELATIVE; 203 dolink |= LN_ABSOLUTE; 204 break; 205 case 'r': 206 dolink &= ~LN_ABSOLUTE; 207 dolink |= LN_RELATIVE; 208 break; 209 default: 210 errx(1, "%c: invalid link type", *p); 211 /* NOTREACHED */ 212 } 213 break; 214 case 'M': 215 metafile = optarg; 216 break; 217 case 'm': 218 haveopt_m = 1; 219 if (!(set = setmode(optarg))) 220 errx(EX_USAGE, "invalid file mode: %s", 221 optarg); 222 mode = getmode(set, 0); 223 free(set); 224 break; 225 case 'N': 226 if (!setup_getid(optarg)) 227 err(EX_OSERR, "Unable to use user and group " 228 "databases in `%s'", optarg); 229 break; 230 case 'o': 231 haveopt_o = 1; 232 owner = optarg; 233 break; 234 case 'p': 235 docompare = dopreserve = 1; 236 break; 237 case 'S': 238 safecopy = 1; 239 break; 240 case 's': 241 dostrip = 1; 242 break; 243 case 'T': 244 tags = optarg; 245 break; 246 case 'U': 247 dounpriv = 1; 248 break; 249 case 'v': 250 verbose = 1; 251 break; 252 case '?': 253 default: 254 usage(); 255 } 256 argc -= optind; 257 argv += optind; 258 259 /* some options make no sense when creating directories */ 260 if (dostrip && dodir) { 261 warnx("-d and -s may not be specified together"); 262 usage(); 263 } 264 265 if (getenv("DONTSTRIP") != NULL) { 266 warnx("DONTSTRIP set - will not strip installed binaries"); 267 dostrip = 0; 268 } 269 270 /* must have at least two arguments, except when creating directories */ 271 if (argc == 0 || (argc == 1 && !dodir)) 272 usage(); 273 274 if (digest != NULL) { 275 if (strcmp(digest, "none") == 0) { 276 digesttype = DIGEST_NONE; 277 } else if (strcmp(digest, "md5") == 0) { 278 digesttype = DIGEST_MD5; 279 } else if (strcmp(digest, "rmd160") == 0) { 280 digesttype = DIGEST_RIPEMD160; 281 } else if (strcmp(digest, "sha1") == 0) { 282 digesttype = DIGEST_SHA1; 283 } else if (strcmp(digest, "sha256") == 0) { 284 digesttype = DIGEST_SHA256; 285 } else if (strcmp(digest, "sha512") == 0) { 286 digesttype = DIGEST_SHA512; 287 } else { 288 warnx("unknown digest `%s'", digest); 289 usage(); 290 } 291 } 292 293 /* need to make a temp copy so we can compare stripped version */ 294 if (docompare && dostrip) 295 safecopy = 1; 296 297 /* get group and owner id's */ 298 if (group != NULL && !dounpriv) { 299 if (gid_from_group(group, &gid) == -1) { 300 id_t id; 301 if (!parseid(group, &id)) 302 errx(1, "unknown group %s", group); 303 gid = id; 304 } 305 } else 306 gid = (gid_t)-1; 307 308 if (owner != NULL && !dounpriv) { 309 if (uid_from_user(owner, &uid) == -1) { 310 id_t id; 311 if (!parseid(owner, &id)) 312 errx(1, "unknown user %s", owner); 313 uid = id; 314 } 315 } else 316 uid = (uid_t)-1; 317 318 if (fflags != NULL && !dounpriv) { 319 if (strtofflags(&fflags, &fset, NULL)) 320 errx(EX_USAGE, "%s: invalid flag", fflags); 321 iflags |= SETFLAGS; 322 } 323 324 if (metafile != NULL) { 325 if ((metafp = fopen(metafile, "a")) == NULL) 326 warn("open %s", metafile); 327 } else 328 digesttype = DIGEST_NONE; 329 330 if (dodir) { 331 for (; *argv != NULL; ++argv) 332 install_dir(*argv); 333 exit(EX_OK); 334 /* NOTREACHED */ 335 } 336 337 to_name = argv[argc - 1]; 338 no_target = stat(to_name, &to_sb); 339 if (!no_target && S_ISDIR(to_sb.st_mode)) { 340 if (dolink & LN_SYMBOLIC) { 341 if (lstat(to_name, &to_sb) != 0) 342 err(EX_OSERR, "%s vanished", to_name); 343 if (S_ISLNK(to_sb.st_mode)) { 344 if (argc != 2) { 345 errno = ENOTDIR; 346 err(EX_USAGE, "%s", to_name); 347 } 348 install(*argv, to_name, fset, iflags); 349 exit(EX_OK); 350 } 351 } 352 for (; *argv != to_name; ++argv) 353 install(*argv, to_name, fset, iflags | DIRECTORY); 354 exit(EX_OK); 355 /* NOTREACHED */ 356 } 357 358 /* can't do file1 file2 directory/file */ 359 if (argc != 2) { 360 if (no_target) 361 warnx("target directory `%s' does not exist", 362 argv[argc - 1]); 363 else 364 warnx("target `%s' is not a directory", 365 argv[argc - 1]); 366 usage(); 367 } 368 369 if (!no_target && !dolink) { 370 if (stat(*argv, &from_sb)) 371 err(EX_OSERR, "%s", *argv); 372 if (!S_ISREG(to_sb.st_mode)) { 373 errno = EFTYPE; 374 err(EX_OSERR, "%s", to_name); 375 } 376 if (to_sb.st_dev == from_sb.st_dev && 377 to_sb.st_ino == from_sb.st_ino) 378 errx(EX_USAGE, 379 "%s and %s are the same file", *argv, to_name); 380 } 381 install(*argv, to_name, fset, iflags); 382 exit(EX_OK); 383 /* NOTREACHED */ 384 } 385 386 static char * 387 digest_file(const char *name) 388 { 389 390 switch (digesttype) { 391 case DIGEST_MD5: 392 return (MD5File(name, NULL)); 393 case DIGEST_RIPEMD160: 394 return (RIPEMD160_File(name, NULL)); 395 case DIGEST_SHA1: 396 return (SHA1_File(name, NULL)); 397 case DIGEST_SHA256: 398 return (SHA256_File(name, NULL)); 399 case DIGEST_SHA512: 400 return (SHA512_File(name, NULL)); 401 default: 402 return (NULL); 403 } 404 } 405 406 static void 407 digest_init(DIGEST_CTX *c) 408 { 409 410 switch (digesttype) { 411 case DIGEST_NONE: 412 break; 413 case DIGEST_MD5: 414 MD5Init(&(c->MD5)); 415 break; 416 case DIGEST_RIPEMD160: 417 RIPEMD160_Init(&(c->RIPEMD160)); 418 break; 419 case DIGEST_SHA1: 420 SHA1_Init(&(c->SHA1)); 421 break; 422 case DIGEST_SHA256: 423 SHA256_Init(&(c->SHA256)); 424 break; 425 case DIGEST_SHA512: 426 SHA512_Init(&(c->SHA512)); 427 break; 428 } 429 } 430 431 static void 432 digest_update(DIGEST_CTX *c, const char *data, size_t len) 433 { 434 435 switch (digesttype) { 436 case DIGEST_NONE: 437 break; 438 case DIGEST_MD5: 439 MD5Update(&(c->MD5), data, len); 440 break; 441 case DIGEST_RIPEMD160: 442 RIPEMD160_Update(&(c->RIPEMD160), data, len); 443 break; 444 case DIGEST_SHA1: 445 SHA1_Update(&(c->SHA1), data, len); 446 break; 447 case DIGEST_SHA256: 448 SHA256_Update(&(c->SHA256), data, len); 449 break; 450 case DIGEST_SHA512: 451 SHA512_Update(&(c->SHA512), data, len); 452 break; 453 } 454 } 455 456 static char * 457 digest_end(DIGEST_CTX *c, char *buf) 458 { 459 460 switch (digesttype) { 461 case DIGEST_MD5: 462 return (MD5End(&(c->MD5), buf)); 463 case DIGEST_RIPEMD160: 464 return (RIPEMD160_End(&(c->RIPEMD160), buf)); 465 case DIGEST_SHA1: 466 return (SHA1_End(&(c->SHA1), buf)); 467 case DIGEST_SHA256: 468 return (SHA256_End(&(c->SHA256), buf)); 469 case DIGEST_SHA512: 470 return (SHA512_End(&(c->SHA512), buf)); 471 default: 472 return (NULL); 473 } 474 } 475 476 /* 477 * parseid -- 478 * parse uid or gid from arg into id, returning non-zero if successful 479 */ 480 static int 481 parseid(const char *name, id_t *id) 482 { 483 char *ep; 484 errno = 0; 485 *id = (id_t)strtoul(name, &ep, 10); 486 if (errno || *ep != '\0') 487 return (0); 488 return (1); 489 } 490 491 /* 492 * quiet_mktemp -- 493 * mktemp implementation used mkstemp to avoid mktemp warnings. We 494 * really do need mktemp semantics here as we will be creating a link. 495 */ 496 static char * 497 quiet_mktemp(char *template) 498 { 499 int fd; 500 501 if ((fd = mkstemp(template)) == -1) 502 return (NULL); 503 close (fd); 504 if (unlink(template) == -1) 505 err(EX_OSERR, "unlink %s", template); 506 return (template); 507 } 508 509 /* 510 * do_link -- 511 * make a hard link, obeying dorename if set 512 * return -1 on failure 513 */ 514 static int 515 do_link(const char *from_name, const char *to_name, 516 const struct stat *target_sb) 517 { 518 char tmpl[MAXPATHLEN]; 519 int ret; 520 521 if (safecopy && target_sb != NULL) { 522 (void)snprintf(tmpl, sizeof(tmpl), "%s.inst.XXXXXX", to_name); 523 /* This usage is safe. */ 524 if (quiet_mktemp(tmpl) == NULL) 525 err(EX_OSERR, "%s: mktemp", tmpl); 526 ret = link(from_name, tmpl); 527 if (ret == 0) { 528 if (target_sb->st_mode & S_IFDIR && rmdir(to_name) == 529 -1) { 530 unlink(tmpl); 531 err(EX_OSERR, "%s", to_name); 532 } 533 if (target_sb->st_flags & NOCHANGEBITS) 534 (void)chflags(to_name, target_sb->st_flags & 535 ~NOCHANGEBITS); 536 unlink(to_name); 537 ret = rename(tmpl, to_name); 538 /* 539 * If rename has posix semantics, then the temporary 540 * file may still exist when from_name and to_name point 541 * to the same file, so unlink it unconditionally. 542 */ 543 (void)unlink(tmpl); 544 } 545 return (ret); 546 } else 547 return (link(from_name, to_name)); 548 } 549 550 /* 551 * do_symlink -- 552 * Make a symbolic link, obeying dorename if set. Exit on failure. 553 */ 554 static void 555 do_symlink(const char *from_name, const char *to_name, 556 const struct stat *target_sb) 557 { 558 char tmpl[MAXPATHLEN]; 559 560 if (safecopy && target_sb != NULL) { 561 (void)snprintf(tmpl, sizeof(tmpl), "%s.inst.XXXXXX", to_name); 562 /* This usage is safe. */ 563 if (quiet_mktemp(tmpl) == NULL) 564 err(EX_OSERR, "%s: mktemp", tmpl); 565 566 if (symlink(from_name, tmpl) == -1) 567 err(EX_OSERR, "symlink %s -> %s", from_name, tmpl); 568 569 if (target_sb->st_mode & S_IFDIR && rmdir(to_name) == -1) { 570 (void)unlink(tmpl); 571 err(EX_OSERR, "%s", to_name); 572 } 573 if (target_sb->st_flags & NOCHANGEBITS) 574 (void)chflags(to_name, target_sb->st_flags & 575 ~NOCHANGEBITS); 576 unlink(to_name); 577 578 if (rename(tmpl, to_name) == -1) { 579 /* Remove temporary link before exiting. */ 580 (void)unlink(tmpl); 581 err(EX_OSERR, "%s: rename", to_name); 582 } 583 } else { 584 if (symlink(from_name, to_name) == -1) 585 err(EX_OSERR, "symlink %s -> %s", from_name, to_name); 586 } 587 } 588 589 /* 590 * makelink -- 591 * make a link from source to destination 592 */ 593 static void 594 makelink(const char *from_name, const char *to_name, 595 const struct stat *target_sb) 596 { 597 char src[MAXPATHLEN], dst[MAXPATHLEN], lnk[MAXPATHLEN]; 598 struct stat to_sb; 599 600 /* Try hard links first. */ 601 if (dolink & (LN_HARD|LN_MIXED)) { 602 if (do_link(from_name, to_name, target_sb) == -1) { 603 if ((dolink & LN_HARD) || errno != EXDEV) 604 err(EX_OSERR, "link %s -> %s", from_name, to_name); 605 } else { 606 if (stat(to_name, &to_sb)) 607 err(EX_OSERR, "%s: stat", to_name); 608 if (S_ISREG(to_sb.st_mode)) { 609 /* 610 * XXX: hard links to anything other than 611 * plain files are not metalogged 612 */ 613 int omode; 614 const char *oowner, *ogroup; 615 char *offlags; 616 char *dres; 617 618 /* 619 * XXX: use underlying perms, unless 620 * overridden on command line. 621 */ 622 omode = mode; 623 if (!haveopt_m) 624 mode = (to_sb.st_mode & 0777); 625 oowner = owner; 626 if (!haveopt_o) 627 owner = NULL; 628 ogroup = group; 629 if (!haveopt_g) 630 group = NULL; 631 offlags = fflags; 632 if (!haveopt_f) 633 fflags = NULL; 634 dres = digest_file(from_name); 635 metadata_log(to_name, "file", NULL, NULL, 636 dres, to_sb.st_size); 637 free(dres); 638 mode = omode; 639 owner = oowner; 640 group = ogroup; 641 fflags = offlags; 642 } 643 return; 644 } 645 } 646 647 /* Symbolic links. */ 648 if (dolink & LN_ABSOLUTE) { 649 /* Convert source path to absolute. */ 650 if (realpath(from_name, src) == NULL) 651 err(EX_OSERR, "%s: realpath", from_name); 652 do_symlink(src, to_name, target_sb); 653 /* XXX: src may point outside of destdir */ 654 metadata_log(to_name, "link", NULL, src, NULL, 0); 655 return; 656 } 657 658 if (dolink & LN_RELATIVE) { 659 char *cp, *d, *s; 660 661 if (*from_name != '/') { 662 /* this is already a relative link */ 663 do_symlink(from_name, to_name, target_sb); 664 /* XXX: from_name may point outside of destdir. */ 665 metadata_log(to_name, "link", NULL, from_name, NULL, 0); 666 return; 667 } 668 669 /* Resolve pathnames. */ 670 if (realpath(from_name, src) == NULL) 671 err(EX_OSERR, "%s: realpath", from_name); 672 673 /* 674 * The last component of to_name may be a symlink, 675 * so use realpath to resolve only the directory. 676 */ 677 cp = dirname(to_name); 678 if (realpath(cp, dst) == NULL) 679 err(EX_OSERR, "%s: realpath", cp); 680 /* .. and add the last component. */ 681 if (strcmp(dst, "/") != 0) { 682 if (strlcat(dst, "/", sizeof(dst)) > sizeof(dst)) 683 errx(1, "resolved pathname too long"); 684 } 685 cp = basename(to_name); 686 if (strlcat(dst, cp, sizeof(dst)) > sizeof(dst)) 687 errx(1, "resolved pathname too long"); 688 689 /* Trim common path components. */ 690 for (s = src, d = dst; *s == *d; s++, d++) 691 continue; 692 while (*s != '/') 693 s--, d--; 694 695 /* Count the number of directories we need to backtrack. */ 696 for (++d, lnk[0] = '\0'; *d; d++) 697 if (*d == '/') 698 (void)strlcat(lnk, "../", sizeof(lnk)); 699 700 (void)strlcat(lnk, ++s, sizeof(lnk)); 701 702 do_symlink(lnk, to_name, target_sb); 703 /* XXX: Link may point outside of destdir. */ 704 metadata_log(to_name, "link", NULL, lnk, NULL, 0); 705 return; 706 } 707 708 /* 709 * If absolute or relative was not specified, try the names the 710 * user provided. 711 */ 712 do_symlink(from_name, to_name, target_sb); 713 /* XXX: from_name may point outside of destdir. */ 714 metadata_log(to_name, "link", NULL, from_name, NULL, 0); 715 } 716 717 /* 718 * install -- 719 * build a path name and install the file 720 */ 721 static void 722 install(const char *from_name, const char *to_name, u_long fset, u_int flags) 723 { 724 struct stat from_sb, temp_sb, to_sb; 725 struct timespec tsb[2]; 726 int devnull, files_match, from_fd, serrno, target; 727 int tempcopy, temp_fd, to_fd; 728 char backup[MAXPATHLEN], *p, pathbuf[MAXPATHLEN], tempfile[MAXPATHLEN]; 729 char *digestresult; 730 731 files_match = 0; 732 from_fd = -1; 733 to_fd = -1; 734 735 /* If try to install NULL file to a directory, fails. */ 736 if (flags & DIRECTORY || strcmp(from_name, _PATH_DEVNULL)) { 737 if (!dolink) { 738 if (stat(from_name, &from_sb)) 739 err(EX_OSERR, "%s", from_name); 740 if (!S_ISREG(from_sb.st_mode)) { 741 errno = EFTYPE; 742 err(EX_OSERR, "%s", from_name); 743 } 744 } 745 /* Build the target path. */ 746 if (flags & DIRECTORY) { 747 (void)snprintf(pathbuf, sizeof(pathbuf), "%s/%s", 748 to_name, 749 (p = strrchr(from_name, '/')) ? ++p : from_name); 750 to_name = pathbuf; 751 } 752 devnull = 0; 753 } else { 754 devnull = 1; 755 } 756 757 target = (lstat(to_name, &to_sb) == 0); 758 759 if (dolink) { 760 if (target && !safecopy) { 761 if (to_sb.st_mode & S_IFDIR && rmdir(to_name) == -1) 762 err(EX_OSERR, "%s", to_name); 763 if (to_sb.st_flags & NOCHANGEBITS) 764 (void)chflags(to_name, 765 to_sb.st_flags & ~NOCHANGEBITS); 766 unlink(to_name); 767 } 768 makelink(from_name, to_name, target ? &to_sb : NULL); 769 return; 770 } 771 772 if (target && !S_ISREG(to_sb.st_mode) && !S_ISLNK(to_sb.st_mode)) { 773 errno = EFTYPE; 774 warn("%s", to_name); 775 return; 776 } 777 778 /* Only copy safe if the target exists. */ 779 tempcopy = safecopy && target; 780 781 if (!devnull && (from_fd = open(from_name, O_RDONLY, 0)) < 0) 782 err(EX_OSERR, "%s", from_name); 783 784 /* If we don't strip, we can compare first. */ 785 if (docompare && !dostrip && target && S_ISREG(to_sb.st_mode)) { 786 if ((to_fd = open(to_name, O_RDONLY, 0)) < 0) 787 err(EX_OSERR, "%s", to_name); 788 if (devnull) 789 files_match = to_sb.st_size == 0; 790 else 791 files_match = !(compare(from_fd, from_name, 792 (size_t)from_sb.st_size, to_fd, 793 to_name, (size_t)to_sb.st_size, &digestresult)); 794 795 /* Close "to" file unless we match. */ 796 if (!files_match) 797 (void)close(to_fd); 798 } 799 800 if (!files_match) { 801 if (tempcopy) { 802 to_fd = create_tempfile(to_name, tempfile, 803 sizeof(tempfile)); 804 if (to_fd < 0) 805 err(EX_OSERR, "%s", tempfile); 806 } else { 807 if ((to_fd = create_newfile(to_name, target, 808 &to_sb)) < 0) 809 err(EX_OSERR, "%s", to_name); 810 if (verbose) 811 (void)printf("install: %s -> %s\n", 812 from_name, to_name); 813 } 814 if (!devnull) 815 digestresult = copy(from_fd, from_name, to_fd, 816 tempcopy ? tempfile : to_name, from_sb.st_size); 817 else 818 digestresult = NULL; 819 } 820 821 if (dostrip) { 822 strip(tempcopy ? tempfile : to_name); 823 824 /* 825 * Re-open our fd on the target, in case we used a strip 826 * that does not work in-place -- like GNU binutils strip. 827 */ 828 close(to_fd); 829 to_fd = open(tempcopy ? tempfile : to_name, O_RDONLY, 0); 830 if (to_fd < 0) 831 err(EX_OSERR, "stripping %s", to_name); 832 } 833 834 /* 835 * Compare the stripped temp file with the target. 836 */ 837 if (docompare && dostrip && target && S_ISREG(to_sb.st_mode)) { 838 temp_fd = to_fd; 839 840 /* Re-open to_fd using the real target name. */ 841 if ((to_fd = open(to_name, O_RDONLY, 0)) < 0) 842 err(EX_OSERR, "%s", to_name); 843 844 if (fstat(temp_fd, &temp_sb)) { 845 serrno = errno; 846 (void)unlink(tempfile); 847 errno = serrno; 848 err(EX_OSERR, "%s", tempfile); 849 } 850 851 if (compare(temp_fd, tempfile, (size_t)temp_sb.st_size, to_fd, 852 to_name, (size_t)to_sb.st_size, &digestresult) 853 == 0) { 854 /* 855 * If target has more than one link we need to 856 * replace it in order to snap the extra links. 857 * Need to preserve target file times, though. 858 */ 859 if (to_sb.st_nlink != 1) { 860 tsb[0] = to_sb.st_atim; 861 tsb[1] = to_sb.st_mtim; 862 (void)utimensat(AT_FDCWD, tempfile, tsb, 0); 863 } else { 864 files_match = 1; 865 (void)unlink(tempfile); 866 } 867 (void) close(temp_fd); 868 } 869 } else if (dostrip) 870 digestresult = digest_file(tempfile); 871 872 /* 873 * Move the new file into place if doing a safe copy 874 * and the files are different (or just not compared). 875 */ 876 if (tempcopy && !files_match) { 877 /* Try to turn off the immutable bits. */ 878 if (to_sb.st_flags & NOCHANGEBITS) 879 (void)chflags(to_name, to_sb.st_flags & ~NOCHANGEBITS); 880 if (dobackup) { 881 if ((size_t)snprintf(backup, MAXPATHLEN, "%s%s", to_name, 882 suffix) != strlen(to_name) + strlen(suffix)) { 883 unlink(tempfile); 884 errx(EX_OSERR, "%s: backup filename too long", 885 to_name); 886 } 887 if (verbose) 888 (void)printf("install: %s -> %s\n", to_name, backup); 889 if (rename(to_name, backup) < 0) { 890 serrno = errno; 891 unlink(tempfile); 892 errno = serrno; 893 err(EX_OSERR, "rename: %s to %s", to_name, 894 backup); 895 } 896 } 897 if (verbose) 898 (void)printf("install: %s -> %s\n", from_name, to_name); 899 if (rename(tempfile, to_name) < 0) { 900 serrno = errno; 901 unlink(tempfile); 902 errno = serrno; 903 err(EX_OSERR, "rename: %s to %s", 904 tempfile, to_name); 905 } 906 907 /* Re-open to_fd so we aren't hosed by the rename(2). */ 908 (void) close(to_fd); 909 if ((to_fd = open(to_name, O_RDONLY, 0)) < 0) 910 err(EX_OSERR, "%s", to_name); 911 } 912 913 /* 914 * Preserve the timestamp of the source file if necessary. 915 */ 916 if (dopreserve && !files_match && !devnull) { 917 tsb[0] = from_sb.st_atim; 918 tsb[1] = from_sb.st_mtim; 919 (void)utimensat(AT_FDCWD, to_name, tsb, 0); 920 } 921 922 if (fstat(to_fd, &to_sb) == -1) { 923 serrno = errno; 924 (void)unlink(to_name); 925 errno = serrno; 926 err(EX_OSERR, "%s", to_name); 927 } 928 929 /* 930 * Set owner, group, mode for target; do the chown first, 931 * chown may lose the setuid bits. 932 */ 933 if (!dounpriv && ((gid != (gid_t)-1 && gid != to_sb.st_gid) || 934 (uid != (uid_t)-1 && uid != to_sb.st_uid) || 935 (mode != (to_sb.st_mode & ALLPERMS)))) { 936 /* Try to turn off the immutable bits. */ 937 if (to_sb.st_flags & NOCHANGEBITS) 938 (void)fchflags(to_fd, to_sb.st_flags & ~NOCHANGEBITS); 939 } 940 941 if (!dounpriv & 942 (gid != (gid_t)-1 && gid != to_sb.st_gid) || 943 (uid != (uid_t)-1 && uid != to_sb.st_uid)) 944 if (fchown(to_fd, uid, gid) == -1) { 945 serrno = errno; 946 (void)unlink(to_name); 947 errno = serrno; 948 err(EX_OSERR,"%s: chown/chgrp", to_name); 949 } 950 951 if (mode != (to_sb.st_mode & ALLPERMS)) { 952 if (fchmod(to_fd, 953 dounpriv ? mode & (S_IRWXU|S_IRWXG|S_IRWXO) : mode)) { 954 serrno = errno; 955 (void)unlink(to_name); 956 errno = serrno; 957 err(EX_OSERR, "%s: chmod", to_name); 958 } 959 } 960 961 /* 962 * If provided a set of flags, set them, otherwise, preserve the 963 * flags, except for the dump flag. 964 * NFS does not support flags. Ignore EOPNOTSUPP flags if we're just 965 * trying to turn off UF_NODUMP. If we're trying to set real flags, 966 * then warn if the fs doesn't support it, otherwise fail. 967 */ 968 if (!dounpriv & !devnull && (flags & SETFLAGS || 969 (from_sb.st_flags & ~UF_NODUMP) != to_sb.st_flags) && 970 fchflags(to_fd, 971 flags & SETFLAGS ? fset : from_sb.st_flags & ~UF_NODUMP)) { 972 if (flags & SETFLAGS) { 973 if (errno == EOPNOTSUPP) 974 warn("%s: chflags", to_name); 975 else { 976 serrno = errno; 977 (void)unlink(to_name); 978 errno = serrno; 979 err(EX_OSERR, "%s: chflags", to_name); 980 } 981 } 982 } 983 984 (void)close(to_fd); 985 if (!devnull) 986 (void)close(from_fd); 987 988 metadata_log(to_name, "file", tsb, NULL, digestresult, to_sb.st_size); 989 free(digestresult); 990 } 991 992 /* 993 * compare -- 994 * compare two files; non-zero means files differ 995 */ 996 static int 997 compare(int from_fd, const char *from_name __unused, size_t from_len, 998 int to_fd, const char *to_name __unused, size_t to_len, 999 char **dresp) 1000 { 1001 char *p, *q; 1002 int rv; 1003 int done_compare; 1004 DIGEST_CTX ctx; 1005 1006 rv = 0; 1007 if (from_len != to_len) 1008 return 1; 1009 1010 if (from_len <= MAX_CMP_SIZE) { 1011 if (dresp != NULL) 1012 digest_init(&ctx); 1013 done_compare = 0; 1014 if (trymmap(from_fd) && trymmap(to_fd)) { 1015 p = mmap(NULL, from_len, PROT_READ, MAP_SHARED, 1016 from_fd, (off_t)0); 1017 if (p == MAP_FAILED) 1018 goto out; 1019 q = mmap(NULL, from_len, PROT_READ, MAP_SHARED, 1020 to_fd, (off_t)0); 1021 if (q == MAP_FAILED) { 1022 munmap(p, from_len); 1023 goto out; 1024 } 1025 1026 rv = memcmp(p, q, from_len); 1027 if (dresp != NULL) 1028 digest_update(&ctx, p, from_len); 1029 munmap(p, from_len); 1030 munmap(q, from_len); 1031 done_compare = 1; 1032 } 1033 out: 1034 if (!done_compare) { 1035 char buf1[MAXBSIZE]; 1036 char buf2[MAXBSIZE]; 1037 int n1, n2; 1038 1039 rv = 0; 1040 lseek(from_fd, 0, SEEK_SET); 1041 lseek(to_fd, 0, SEEK_SET); 1042 while (rv == 0) { 1043 n1 = read(from_fd, buf1, sizeof(buf1)); 1044 if (n1 == 0) 1045 break; /* EOF */ 1046 else if (n1 > 0) { 1047 n2 = read(to_fd, buf2, n1); 1048 if (n2 == n1) 1049 rv = memcmp(buf1, buf2, n1); 1050 else 1051 rv = 1; /* out of sync */ 1052 } else 1053 rv = 1; /* read failure */ 1054 digest_update(&ctx, buf1, n1); 1055 } 1056 lseek(from_fd, 0, SEEK_SET); 1057 lseek(to_fd, 0, SEEK_SET); 1058 } 1059 } else 1060 rv = 1; /* don't bother in this case */ 1061 1062 if (dresp != NULL) { 1063 if (rv == 0) 1064 *dresp = digest_end(&ctx, NULL); 1065 else 1066 (void)digest_end(&ctx, NULL); 1067 } 1068 1069 return rv; 1070 } 1071 1072 /* 1073 * create_tempfile -- 1074 * create a temporary file based on path and open it 1075 */ 1076 static int 1077 create_tempfile(const char *path, char *temp, size_t tsize) 1078 { 1079 char *p; 1080 1081 (void)strncpy(temp, path, tsize); 1082 temp[tsize - 1] = '\0'; 1083 if ((p = strrchr(temp, '/')) != NULL) 1084 p++; 1085 else 1086 p = temp; 1087 (void)strncpy(p, "INS@XXXX", &temp[tsize - 1] - p); 1088 temp[tsize - 1] = '\0'; 1089 return (mkstemp(temp)); 1090 } 1091 1092 /* 1093 * create_newfile -- 1094 * create a new file, overwriting an existing one if necessary 1095 */ 1096 static int 1097 create_newfile(const char *path, int target, struct stat *sbp) 1098 { 1099 char backup[MAXPATHLEN]; 1100 int saved_errno = 0; 1101 int newfd; 1102 1103 if (target) { 1104 /* 1105 * Unlink now... avoid ETXTBSY errors later. Try to turn 1106 * off the append/immutable bits -- if we fail, go ahead, 1107 * it might work. 1108 */ 1109 if (sbp->st_flags & NOCHANGEBITS) 1110 (void)chflags(path, sbp->st_flags & ~NOCHANGEBITS); 1111 1112 if (dobackup) { 1113 if ((size_t)snprintf(backup, MAXPATHLEN, "%s%s", 1114 path, suffix) != strlen(path) + strlen(suffix)) 1115 errx(EX_OSERR, "%s: backup filename too long", 1116 path); 1117 (void)snprintf(backup, MAXPATHLEN, "%s%s", 1118 path, suffix); 1119 if (verbose) 1120 (void)printf("install: %s -> %s\n", 1121 path, backup); 1122 if (rename(path, backup) < 0) 1123 err(EX_OSERR, "rename: %s to %s", path, backup); 1124 } else 1125 if (unlink(path) < 0) 1126 saved_errno = errno; 1127 } 1128 1129 newfd = open(path, O_CREAT | O_RDWR | O_TRUNC, S_IRUSR | S_IWUSR); 1130 if (newfd < 0 && saved_errno != 0) 1131 errno = saved_errno; 1132 return newfd; 1133 } 1134 1135 /* 1136 * copy -- 1137 * copy from one file to another 1138 */ 1139 static char * 1140 copy(int from_fd, const char *from_name, int to_fd, const char *to_name, 1141 off_t size) 1142 { 1143 int nr, nw; 1144 int serrno; 1145 char *p; 1146 char buf[MAXBSIZE]; 1147 int done_copy; 1148 DIGEST_CTX ctx; 1149 1150 /* Rewind file descriptors. */ 1151 if (lseek(from_fd, (off_t)0, SEEK_SET) == (off_t)-1) 1152 err(EX_OSERR, "lseek: %s", from_name); 1153 if (lseek(to_fd, (off_t)0, SEEK_SET) == (off_t)-1) 1154 err(EX_OSERR, "lseek: %s", to_name); 1155 1156 digest_init(&ctx); 1157 1158 /* 1159 * Mmap and write if less than 8M (the limit is so we don't totally 1160 * trash memory on big files. This is really a minor hack, but it 1161 * wins some CPU back. 1162 */ 1163 done_copy = 0; 1164 if (size <= 8 * 1048576 && trymmap(from_fd) && 1165 (p = mmap(NULL, (size_t)size, PROT_READ, MAP_SHARED, 1166 from_fd, (off_t)0)) != MAP_FAILED) { 1167 nw = write(to_fd, p, size); 1168 if (nw != size) { 1169 serrno = errno; 1170 (void)unlink(to_name); 1171 if (nw >= 0) { 1172 errx(EX_OSERR, 1173 "short write to %s: %jd bytes written, %jd bytes asked to write", 1174 to_name, (uintmax_t)nw, (uintmax_t)size); 1175 } else { 1176 errno = serrno; 1177 err(EX_OSERR, "%s", to_name); 1178 } 1179 } 1180 digest_update(&ctx, p, size); 1181 (void)munmap(p, size); 1182 done_copy = 1; 1183 } 1184 if (!done_copy) { 1185 while ((nr = read(from_fd, buf, sizeof(buf))) > 0) { 1186 if ((nw = write(to_fd, buf, nr)) != nr) { 1187 serrno = errno; 1188 (void)unlink(to_name); 1189 if (nw >= 0) { 1190 errx(EX_OSERR, 1191 "short write to %s: %jd bytes written, %jd bytes asked to write", 1192 to_name, (uintmax_t)nw, 1193 (uintmax_t)size); 1194 } else { 1195 errno = serrno; 1196 err(EX_OSERR, "%s", to_name); 1197 } 1198 } 1199 digest_update(&ctx, buf, nr); 1200 } 1201 if (nr != 0) { 1202 serrno = errno; 1203 (void)unlink(to_name); 1204 errno = serrno; 1205 err(EX_OSERR, "%s", from_name); 1206 } 1207 } 1208 return (digest_end(&ctx, NULL)); 1209 } 1210 1211 /* 1212 * strip -- 1213 * use strip(1) to strip the target file 1214 */ 1215 static void 1216 strip(const char *to_name) 1217 { 1218 const char *stripbin; 1219 const char *args[3]; 1220 pid_t pid; 1221 int error, status; 1222 1223 stripbin = getenv("STRIPBIN"); 1224 if (stripbin == NULL) 1225 stripbin = "strip"; 1226 args[0] = stripbin; 1227 args[1] = to_name; 1228 args[2] = NULL; 1229 error = posix_spawnp(&pid, stripbin, NULL, NULL, 1230 __DECONST(char **, args), environ); 1231 if (error != 0) { 1232 (void)unlink(to_name); 1233 errc(error == EAGAIN || error == EPROCLIM || error == ENOMEM ? 1234 EX_TEMPFAIL : EX_OSERR, error, "spawn %s", stripbin); 1235 } 1236 if (waitpid(pid, &status, 0) == -1) { 1237 error = errno; 1238 (void)unlink(to_name); 1239 errc(EX_SOFTWARE, error, "wait"); 1240 /* NOTREACHED */ 1241 } 1242 if (status != 0) { 1243 (void)unlink(to_name); 1244 errx(EX_SOFTWARE, "strip command %s failed on %s", 1245 stripbin, to_name); 1246 } 1247 } 1248 1249 /* 1250 * install_dir -- 1251 * build directory hierarchy 1252 */ 1253 static void 1254 install_dir(char *path) 1255 { 1256 char *p; 1257 struct stat sb; 1258 int ch; 1259 1260 for (p = path;; ++p) 1261 if (!*p || (p != path && *p == '/')) { 1262 ch = *p; 1263 *p = '\0'; 1264 again: 1265 if (stat(path, &sb) < 0) { 1266 if (errno != ENOENT) 1267 err(EX_OSERR, "stat %s", path); 1268 if (mkdir(path, 0755) < 0) { 1269 if (errno == EEXIST) 1270 goto again; 1271 err(EX_OSERR, "mkdir %s", path); 1272 } 1273 if (verbose) 1274 (void)printf("install: mkdir %s\n", 1275 path); 1276 } else if (!S_ISDIR(sb.st_mode)) 1277 errx(EX_OSERR, "%s exists but is not a directory", path); 1278 if (!(*p = ch)) 1279 break; 1280 } 1281 1282 if (!dounpriv) { 1283 if ((gid != (gid_t)-1 || uid != (uid_t)-1) && 1284 chown(path, uid, gid)) 1285 warn("chown %u:%u %s", uid, gid, path); 1286 /* XXXBED: should we do the chmod in the dounpriv case? */ 1287 if (chmod(path, mode)) 1288 warn("chmod %o %s", mode, path); 1289 } 1290 metadata_log(path, "dir", NULL, NULL, NULL, 0); 1291 } 1292 1293 /* 1294 * metadata_log -- 1295 * if metafp is not NULL, output mtree(8) full path name and settings to 1296 * metafp, to allow permissions to be set correctly by other tools, 1297 * or to allow integrity checks to be performed. 1298 */ 1299 static void 1300 metadata_log(const char *path, const char *type, struct timespec *ts, 1301 const char *slink, const char *digestresult, off_t size) 1302 { 1303 static const char extra[] = { ' ', '\t', '\n', '\\', '#', '\0' }; 1304 const char *p; 1305 char *buf; 1306 size_t destlen; 1307 struct flock metalog_lock; 1308 1309 if (!metafp) 1310 return; 1311 /* Buffer for strsvis(3). */ 1312 buf = (char *)malloc(4 * strlen(path) + 1); 1313 if (buf == NULL) { 1314 warnx("%s", strerror(ENOMEM)); 1315 return; 1316 } 1317 1318 /* Lock log file. */ 1319 metalog_lock.l_start = 0; 1320 metalog_lock.l_len = 0; 1321 metalog_lock.l_whence = SEEK_SET; 1322 metalog_lock.l_type = F_WRLCK; 1323 if (fcntl(fileno(metafp), F_SETLKW, &metalog_lock) == -1) { 1324 warn("can't lock %s", metafile); 1325 free(buf); 1326 return; 1327 } 1328 1329 /* Remove destdir. */ 1330 p = path; 1331 if (destdir) { 1332 destlen = strlen(destdir); 1333 if (strncmp(p, destdir, destlen) == 0 && 1334 (p[destlen] == '/' || p[destlen] == '\0')) 1335 p += destlen; 1336 } 1337 while (*p && *p == '/') 1338 p++; 1339 strsvis(buf, p, VIS_OCTAL, extra); 1340 p = buf; 1341 /* Print details. */ 1342 fprintf(metafp, ".%s%s type=%s", *p ? "/" : "", p, type); 1343 if (owner) 1344 fprintf(metafp, " uname=%s", owner); 1345 if (group) 1346 fprintf(metafp, " gname=%s", group); 1347 fprintf(metafp, " mode=%#o", mode); 1348 if (slink) { 1349 strsvis(buf, slink, VIS_CSTYLE, extra); /* encode link */ 1350 fprintf(metafp, " link=%s", buf); 1351 } 1352 if (*type == 'f') /* type=file */ 1353 fprintf(metafp, " size=%lld", (long long)size); 1354 if (ts != NULL && dopreserve) 1355 fprintf(metafp, " time=%lld.%09ld", 1356 (long long)ts[1].tv_sec, ts[1].tv_nsec); 1357 if (digestresult && digest) 1358 fprintf(metafp, " %s=%s", digest, digestresult); 1359 if (fflags) 1360 fprintf(metafp, " flags=%s", fflags); 1361 if (tags) 1362 fprintf(metafp, " tags=%s", tags); 1363 fputc('\n', metafp); 1364 /* Flush line. */ 1365 fflush(metafp); 1366 1367 /* Unlock log file. */ 1368 metalog_lock.l_type = F_UNLCK; 1369 if (fcntl(fileno(metafp), F_SETLKW, &metalog_lock) == -1) 1370 warn("can't unlock %s", metafile); 1371 free(buf); 1372 } 1373 1374 /* 1375 * usage -- 1376 * print a usage message and die 1377 */ 1378 static void 1379 usage(void) 1380 { 1381 (void)fprintf(stderr, 1382 "usage: install [-bCcpSsUv] [-f flags] [-g group] [-m mode] [-o owner]\n" 1383 " [-M log] [-D dest] [-h hash] [-T tags]\n" 1384 " [-B suffix] [-l linkflags] [-N dbdir]\n" 1385 " file1 file2\n" 1386 " install [-bCcpSsUv] [-f flags] [-g group] [-m mode] [-o owner]\n" 1387 " [-M log] [-D dest] [-h hash] [-T tags]\n" 1388 " [-B suffix] [-l linkflags] [-N dbdir]\n" 1389 " file1 ... fileN directory\n" 1390 " install -dU [-vU] [-g group] [-m mode] [-N dbdir] [-o owner]\n" 1391 " [-M log] [-D dest] [-h hash] [-T tags]\n" 1392 " directory ...\n"); 1393 exit(EX_USAGE); 1394 /* NOTREACHED */ 1395 } 1396 1397 /* 1398 * trymmap -- 1399 * return true (1) if mmap should be tried, false (0) if not. 1400 */ 1401 static int 1402 trymmap(int fd) 1403 { 1404 /* 1405 * The ifdef is for bootstrapping - f_fstypename doesn't exist in 1406 * pre-Lite2-merge systems. 1407 */ 1408 #ifdef MFSNAMELEN 1409 struct statfs stfs; 1410 1411 if (fstatfs(fd, &stfs) != 0) 1412 return (0); 1413 if (strcmp(stfs.f_fstypename, "ufs") == 0 || 1414 strcmp(stfs.f_fstypename, "cd9660") == 0) 1415 return (1); 1416 #endif 1417 return (0); 1418 } 1419