int main(int argc, char *argv[])
{
if (!argv[1])
return 1;
/* Seen from busybox.net's Apache:
* HTTP/1.1 200 OK
* Date: Thu, 10 Sep 2009 18:23:28 GMT
* Server: Apache
* Accept-Ranges: bytes
* Connection: close
* Content-Type: text/html
*/
fputs(
/* "Date: Thu, 10 Sep 2009 18:23:28 GMT\r\n" */
/* "Server: Apache\r\n" */
/* "Accept-Ranges: bytes\r\n" - do we really accept bytes?! */
"Connection: close\r\n"
"Content-Type: text/html\r\n"
"\r\n",
stdout
);
process_includes(argv[1]);
return 0;
}
static void process_includes(const char *filename)
{
int curdir_fd;
char *end;
FILE *fp = fopen(filename, "r");
if (!fp)
exit(1);
/* Ensure that nested includes are relative:
* if we include a/1.htm and it includes b/2.htm,
* we need to include a/b/2.htm, not b/2.htm
*/
curdir_fd = -1;
end = strrchr(filename, '/');
if (end) {
curdir_fd = open(".", O_RDONLY);
/* *end = '\0' would mishandle "/file.htm" */
end[1] = '\0';
chdir(filename);
}
#define INCLUDE "<!--#include"
while (fgets(line, sizeof(line), fp)) {
unsigned preceding_len;
char *include_directive;
include_directive = strstr(line, INCLUDE);
if (!include_directive) {
fputs(line, stdout);
continue;
}
preceding_len = include_directive - line;
if (memchr(line, '\"', preceding_len)
|| memchr(line, '\'', preceding_len)
) {
/* INCLUDE string may be inside "str" or 'str',
* ignore it */
fputs(line, stdout);
continue;
}
/* Small bug: we accept #includefile="file" too */
include_directive = skip_whitespace(include_directive + sizeof(INCLUDE)-1);
if (strncmp(include_directive, "file=\"", 6) != 0) {
/* "<!--#include virtual=..."? - not supported */
fputs(line, stdout);
continue;
}
include_directive += 6; /* now it points to file name */
end = strchr(include_directive, '\"');
if (!end) {
fputs(line, stdout);
continue;
}
/* We checked that this is a valid include directive */
/* Print everything before directive */
if (preceding_len) {
line[preceding_len] = '\0';
fputs(line, stdout);
}
/* Save everything after directive */
*end++ = '\0';
end = strchr(end, '>');
if (end)
end = strdup(end + 1);
/* FIXME:
* (1) are relative paths with /../ etc ok?
* (2) what to do with absolute paths?
* are they relative to doc root or to real root?
*/
process_includes(include_directive);
/* Print everything after directive */
if (end) {
fputs(end, stdout);
free(end);
}
}
if (curdir_fd >= 0)
fchdir(curdir_fd);
fclose(fp);
}
int
rpmostree_compose_builtin_tree (int argc,
char **argv,
GCancellable *cancellable,
GError **error)
{
int exit_status = EXIT_FAILURE;
GError *temp_error = NULL;
GOptionContext *context = g_option_context_new ("TREEFILE - Run yum and commit the result to an OSTree repository");
RpmOstreeTreeComposeContext selfdata = { NULL, };
RpmOstreeTreeComposeContext *self = &selfdata;
JsonNode *treefile_rootval = NULL;
JsonObject *treefile = NULL;
g_autofree char *cachekey = NULL;
g_autofree char *new_inputhash = NULL;
g_autoptr(GFile) previous_root = NULL;
g_autofree char *previous_checksum = NULL;
g_autoptr(GFile) yumroot = NULL;
g_autoptr(GFile) yumroot_varcache = NULL;
glnx_fd_close int rootfs_fd = -1;
glnx_unref_object OstreeRepo *repo = NULL;
g_autoptr(GPtrArray) bootstrap_packages = NULL;
g_autoptr(GPtrArray) packages = NULL;
g_autoptr(GFile) treefile_path = NULL;
g_autoptr(GFile) treefile_dirpath = NULL;
g_autoptr(GFile) repo_path = NULL;
glnx_unref_object JsonParser *treefile_parser = NULL;
gs_unref_variant_builder GVariantBuilder *metadata_builder =
g_variant_builder_new (G_VARIANT_TYPE ("a{sv}"));
g_autoptr(RpmOstreeContext) corectx = NULL;
g_autoptr(GHashTable) varsubsts = NULL;
gboolean workdir_is_tmp = FALSE;
g_autofree char *next_version = NULL;
self->treefile_context_dirs = g_ptr_array_new_with_free_func ((GDestroyNotify)g_object_unref);
if (!rpmostree_option_context_parse (context,
option_entries,
&argc, &argv,
RPM_OSTREE_BUILTIN_FLAG_LOCAL_CMD,
cancellable,
NULL,
error))
goto out;
if (argc < 2)
{
rpmostree_usage_error (context, "TREEFILE must be specified", error);
goto out;
}
if (!opt_repo)
{
rpmostree_usage_error (context, "--repo must be specified", error);
goto out;
}
if (getuid () != 0)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"compose tree must presently be run as uid 0 (root)");
goto out;
}
/* Test whether or not bwrap is going to work - we will fail inside e.g. a Docker
* container without --privileged or userns exposed.
*/
if (!rpmostree_bwrap_selftest (error))
goto out;
repo_path = g_file_new_for_path (opt_repo);
repo = self->repo = ostree_repo_new (repo_path);
if (!ostree_repo_open (repo, cancellable, error))
goto out;
treefile_path = g_file_new_for_path (argv[1]);
if (opt_workdir)
{
self->workdir = g_file_new_for_path (opt_workdir);
}
else
{
g_autofree char *tmpd = NULL;
if (!rpmostree_mkdtemp ("/var/tmp/rpm-ostree.XXXXXX", &tmpd, NULL, error))
goto out;
self->workdir = g_file_new_for_path (tmpd);
workdir_is_tmp = TRUE;
if (opt_workdir_tmpfs)
{
if (mount ("tmpfs", tmpd, "tmpfs", 0, (const void*)"mode=755") != 0)
{
_rpmostree_set_prefix_error_from_errno (error, errno,
"mount(tmpfs): ");
goto out;
}
}
}
if (!glnx_opendirat (AT_FDCWD, gs_file_get_path_cached (self->workdir),
FALSE, &self->workdir_dfd, error))
goto out;
if (opt_cachedir)
{
if (!glnx_opendirat (AT_FDCWD, opt_cachedir, TRUE, &self->cachedir_dfd, error))
{
g_prefix_error (error, "Opening cachedir '%s': ", opt_cachedir);
goto out;
}
}
else
{
self->cachedir_dfd = fcntl (self->workdir_dfd, F_DUPFD_CLOEXEC, 3);
if (self->cachedir_dfd < 0)
{
glnx_set_error_from_errno (error);
goto out;
}
}
if (opt_metadata_strings)
{
if (!parse_keyvalue_strings (opt_metadata_strings,
metadata_builder, error))
goto out;
}
if (fchdir (self->workdir_dfd) != 0)
{
glnx_set_error_from_errno (error);
goto out;
}
corectx = rpmostree_context_new_compose (self->cachedir_dfd, cancellable, error);
if (!corectx)
goto out;
varsubsts = rpmostree_context_get_varsubsts (corectx);
treefile_parser = json_parser_new ();
if (!json_parser_load_from_file (treefile_parser,
gs_file_get_path_cached (treefile_path),
error))
goto out;
treefile_rootval = json_parser_get_root (treefile_parser);
if (!JSON_NODE_HOLDS_OBJECT (treefile_rootval))
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Treefile root is not an object");
goto out;
}
treefile = json_node_get_object (treefile_rootval);
if (!process_includes (self, treefile_path, 0, treefile,
cancellable, error))
goto out;
if (opt_print_only)
{
glnx_unref_object JsonGenerator *generator = json_generator_new ();
g_autoptr(GOutputStream) stdout = g_unix_output_stream_new (1, FALSE);
json_generator_set_pretty (generator, TRUE);
json_generator_set_root (generator, treefile_rootval);
(void) json_generator_to_stream (generator, stdout, NULL, NULL);
exit_status = EXIT_SUCCESS;
goto out;
}
{ const char *input_ref = _rpmostree_jsonutil_object_require_string_member (treefile, "ref", error);
if (!input_ref)
goto out;
self->ref = _rpmostree_varsubst_string (input_ref, varsubsts, error);
if (!self->ref)
goto out;
}
if (!ostree_repo_read_commit (repo, self->ref, &previous_root, &previous_checksum,
cancellable, &temp_error))
{
if (g_error_matches (temp_error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND))
{
g_clear_error (&temp_error);
g_print ("No previous commit for %s\n", self->ref);
}
else
{
g_propagate_error (error, temp_error);
goto out;
}
}
else
g_print ("Previous commit: %s\n", previous_checksum);
self->previous_checksum = previous_checksum;
yumroot = g_file_get_child (self->workdir, "rootfs.tmp");
if (!glnx_shutil_rm_rf_at (self->workdir_dfd, "rootfs.tmp", cancellable, error))
goto out;
if (json_object_has_member (treefile, "automatic_version_prefix") &&
!compose_strv_contains_prefix (opt_metadata_strings, "version="))
{
g_autoptr(GVariant) variant = NULL;
g_autofree char *last_version = NULL;
const char *ver_prefix;
ver_prefix = _rpmostree_jsonutil_object_require_string_member (treefile,
"automatic_version_prefix",
error);
if (!ver_prefix)
goto out;
if (previous_checksum)
{
if (!ostree_repo_load_variant (repo, OSTREE_OBJECT_TYPE_COMMIT,
previous_checksum, &variant, error))
goto out;
last_version = checksum_version (variant);
}
next_version = _rpmostree_util_next_version (ver_prefix, last_version);
g_variant_builder_add (metadata_builder, "{sv}", "version",
g_variant_new_string (next_version));
}
bootstrap_packages = g_ptr_array_new ();
packages = g_ptr_array_new ();
if (json_object_has_member (treefile, "bootstrap_packages"))
{
if (!_rpmostree_jsonutil_append_string_array_to (treefile, "bootstrap_packages", packages, error))
goto out;
}
if (!_rpmostree_jsonutil_append_string_array_to (treefile, "packages", packages, error))
goto out;
{ g_autofree char *thisarch_packages = g_strconcat ("packages-", dnf_context_get_base_arch (rpmostree_context_get_hif (corectx)), NULL);
if (json_object_has_member (treefile, thisarch_packages))
{
if (!_rpmostree_jsonutil_append_string_array_to (treefile, thisarch_packages, packages, error))
goto out;
}
}
g_ptr_array_add (packages, NULL);
{ glnx_unref_object JsonGenerator *generator = json_generator_new ();
char *treefile_buf = NULL;
gsize len;
json_generator_set_root (generator, treefile_rootval);
json_generator_set_pretty (generator, TRUE);
treefile_buf = json_generator_to_data (generator, &len);
self->serialized_treefile = g_bytes_new_take (treefile_buf, len);
}
treefile_dirpath = g_file_get_parent (treefile_path);
if (TRUE)
{
gboolean generate_from_previous = TRUE;
if (!_rpmostree_jsonutil_object_get_optional_boolean_member (treefile,
"preserve-passwd",
&generate_from_previous,
error))
goto out;
if (generate_from_previous)
{
if (!rpmostree_generate_passwd_from_previous (repo, yumroot,
treefile_dirpath,
previous_root, treefile,
cancellable, error))
goto out;
}
}
{ gboolean unmodified = FALSE;
if (!install_packages_in_root (self, corectx, treefile, yumroot,
(char**)packages->pdata,
opt_force_nocache ? NULL : &unmodified,
&new_inputhash,
cancellable, error))
goto out;
if (unmodified)
{
g_print ("No apparent changes since previous commit; use --force-nocache to override\n");
exit_status = EXIT_SUCCESS;
goto out;
}
else if (opt_dry_run)
{
g_print ("--dry-run complete, exiting\n");
exit_status = EXIT_SUCCESS;
goto out;
}
}
if (g_strcmp0 (g_getenv ("RPM_OSTREE_BREAK"), "post-yum") == 0)
goto out;
if (!glnx_opendirat (AT_FDCWD, gs_file_get_path_cached (yumroot), TRUE,
&rootfs_fd, error))
goto out;
if (!rpmostree_treefile_postprocessing (rootfs_fd, self->treefile_context_dirs->pdata[0],
self->serialized_treefile, treefile,
next_version, cancellable, error))
goto out;
if (!rpmostree_prepare_rootfs_for_commit (yumroot, treefile, cancellable, error))
goto out;
/* Reopen since the prepare renamed */
(void) close (rootfs_fd);
if (!glnx_opendirat (AT_FDCWD, gs_file_get_path_cached (yumroot), TRUE,
&rootfs_fd, error))
goto out;
if (!rpmostree_copy_additional_files (yumroot, self->treefile_context_dirs->pdata[0], treefile, cancellable, error))
goto out;
if (!rpmostree_check_passwd (repo, yumroot, treefile_dirpath, treefile,
previous_checksum,
cancellable, error))
goto out;
if (!rpmostree_check_groups (repo, yumroot, treefile_dirpath, treefile,
previous_checksum,
cancellable, error))
goto out;
{
const char *gpgkey;
gboolean selinux = TRUE;
g_autoptr(GVariant) metadata = NULL;
g_variant_builder_add (metadata_builder, "{sv}",
"rpmostree.inputhash",
g_variant_new_string (new_inputhash));
metadata = g_variant_ref_sink (g_variant_builder_end (metadata_builder));
if (!_rpmostree_jsonutil_object_get_optional_string_member (treefile, "gpg_key", &gpgkey, error))
goto out;
if (!_rpmostree_jsonutil_object_get_optional_boolean_member (treefile,
"selinux",
&selinux,
error))
goto out;
{ g_autofree char *new_revision = NULL;
if (!rpmostree_commit (rootfs_fd, repo, self->ref, metadata, gpgkey, selinux, NULL,
&new_revision,
cancellable, error))
goto out;
g_print ("%s => %s\n", self->ref, new_revision);
}
}
if (opt_touch_if_changed)
{
gs_fd_close int fd = open (opt_touch_if_changed, O_CREAT|O_WRONLY|O_NOCTTY, 0644);
if (fd == -1)
{
gs_set_error_from_errno (error, errno);
g_prefix_error (error, "Updating '%s': ", opt_touch_if_changed);
goto out;
}
if (futimens (fd, NULL) == -1)
{
gs_set_error_from_errno (error, errno);
goto out;
}
}
exit_status = EXIT_SUCCESS;
out:
/* Explicitly close this one now as it may have references to files
* we delete below.
*/
g_clear_object (&corectx);
/* Move back out of the workding directory to ensure unmount works */
(void )chdir ("/");
if (self->workdir_dfd != -1)
(void) close (self->workdir_dfd);
if (workdir_is_tmp)
{
if (opt_workdir_tmpfs)
if (umount (gs_file_get_path_cached (self->workdir)) != 0)
{
fprintf (stderr, "warning: umount failed: %m\n");
}
(void) gs_shutil_rm_rf (self->workdir, NULL, NULL);
}
if (self)
{
g_clear_object (&self->workdir);
g_clear_pointer (&self->serialized_treefile, g_bytes_unref);
g_ptr_array_unref (self->treefile_context_dirs);
}
return exit_status;
}
static gboolean
process_includes (RpmOstreeTreeComposeContext *self,
GFile *treefile_path,
guint depth,
JsonObject *root,
GCancellable *cancellable,
GError **error)
{
gboolean ret = FALSE;
const char *include_path;
const guint maxdepth = 50;
if (depth > maxdepth)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Exceeded maximum include depth of %u", maxdepth);
goto out;
}
{
g_autoptr(GFile) parent = g_file_get_parent (treefile_path);
gboolean existed = FALSE;
if (self->treefile_context_dirs->len > 0)
{
GFile *prev = self->treefile_context_dirs->pdata[self->treefile_context_dirs->len-1];
if (g_file_equal (parent, prev))
existed = TRUE;
}
if (!existed)
{
g_ptr_array_add (self->treefile_context_dirs, parent);
parent = NULL; /* Transfer ownership */
}
}
if (!_rpmostree_jsonutil_object_get_optional_string_member (root, "include", &include_path, error))
goto out;
if (include_path)
{
g_autoptr(GFile) treefile_dirpath = g_file_get_parent (treefile_path);
g_autoptr(GFile) parent_path = g_file_resolve_relative_path (treefile_dirpath, include_path);
glnx_unref_object JsonParser *parent_parser = json_parser_new ();
JsonNode *parent_rootval;
JsonObject *parent_root;
GList *members;
GList *iter;
if (!json_parser_load_from_file (parent_parser,
gs_file_get_path_cached (parent_path),
error))
goto out;
parent_rootval = json_parser_get_root (parent_parser);
if (!JSON_NODE_HOLDS_OBJECT (parent_rootval))
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Treefile root is not an object");
goto out;
}
parent_root = json_node_get_object (parent_rootval);
if (!process_includes (self, parent_path, depth + 1, parent_root,
cancellable, error))
goto out;
members = json_object_get_members (parent_root);
for (iter = members; iter; iter = iter->next)
{
const char *name = iter->data;
JsonNode *parent_val = json_object_get_member (parent_root, name);
JsonNode *val = json_object_get_member (root, name);
g_assert (parent_val);
if (!val)
json_object_set_member (root, name, json_node_copy (parent_val));
else
{
JsonNodeType parent_type =
json_node_get_node_type (parent_val);
JsonNodeType child_type =
json_node_get_node_type (val);
if (parent_type != child_type)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Conflicting element type of '%s'",
name);
goto out;
}
if (child_type == JSON_NODE_ARRAY)
{
JsonArray *parent_array = json_node_get_array (parent_val);
JsonArray *child_array = json_node_get_array (val);
JsonArray *new_child = json_array_new ();
guint i, len;
len = json_array_get_length (parent_array);
for (i = 0; i < len; i++)
json_array_add_element (new_child, json_node_copy (json_array_get_element (parent_array, i)));
len = json_array_get_length (child_array);
for (i = 0; i < len; i++)
json_array_add_element (new_child, json_node_copy (json_array_get_element (child_array, i)));
json_object_set_array_member (root, name, new_child);
}
}
}
json_object_remove_member (root, "include");
}
ret = TRUE;
out:
return ret;
}
