diff options
author | Lennart Poettering <lennart@poettering.net> | 2022-12-02 15:00:44 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2023-04-05 20:49:06 +0200 |
commit | dee4a6237ab5913a6cac3f2afa5ba6ae1f35080a (patch) | |
tree | 0ef93951777027b33d8f0ab4b426c7de76f63402 /src/dissect | |
parent | dissect: make returning of DissectedImage object optional (diff) | |
download | systemd-dee4a6237ab5913a6cac3f2afa5ba6ae1f35080a.tar.xz systemd-dee4a6237ab5913a6cac3f2afa5ba6ae1f35080a.zip |
dissect: add new --validate command
This allows unprivileged validation of DDIs. Only superficial structure,
i.e. not mounting or so. This becomes particularly handy in the
integration tests, and to validate image policies.
Diffstat (limited to 'src/dissect')
-rw-r--r-- | src/dissect/dissect.c | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/src/dissect/dissect.c b/src/dissect/dissect.c index b3f20e193e..f89a9dff20 100644 --- a/src/dissect/dissect.c +++ b/src/dissect/dissect.c @@ -61,6 +61,7 @@ static enum { ACTION_COPY_FROM, ACTION_COPY_TO, ACTION_DISCOVER, + ACTION_VALIDATE, } arg_action = ACTION_DISSECT; static char *arg_image = NULL; static char *arg_path = NULL; @@ -148,6 +149,7 @@ static int help(void) { " -x --copy-from Copy files from image to host\n" " -a --copy-to Copy files from host to image\n" " --discover Discover DDIs in well known directories\n" + " --validate Validate image and image policy\n" "\nSee the %2$s for details.\n", program_invocation_short_name, link, @@ -225,6 +227,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_DETACH, ARG_LOOP_REF, ARG_IMAGE_POLICY, + ARG_VALIDATE, }; static const struct option options[] = { @@ -255,6 +258,7 @@ static int parse_argv(int argc, char *argv[]) { { "discover", no_argument, NULL, ARG_DISCOVER }, { "loop-ref", required_argument, NULL, ARG_LOOP_REF }, { "image-policy", required_argument, NULL, ARG_IMAGE_POLICY }, + { "validate", no_argument, NULL, ARG_VALIDATE }, {} }; @@ -474,6 +478,10 @@ static int parse_argv(int argc, char *argv[]) { break; } + case ARG_VALIDATE: + arg_action = ACTION_VALIDATE; + break; + case '?': return -EINVAL; @@ -610,7 +618,19 @@ static int parse_argv(int argc, char *argv[]) { if (optind != argc) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Expected no argument."); + break; + + case ACTION_VALIDATE: + if (optind + 1 != argc) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Expected an image file path as only argument."); + r = parse_path_argument(argv[optind], /* suppress_root= */ false, &arg_image); + if (r < 0) + return r; + + arg_flags |= DISSECT_IMAGE_READ_ONLY; + arg_flags &= ~(DISSECT_IMAGE_PIN_PARTITION_DEVICES|DISSECT_IMAGE_ADD_PARTITION_DEVICES); break; default: @@ -1706,6 +1726,31 @@ static int action_detach(const char *path) { return 0; } +static int action_validate(void) { + int r; + + r = dissect_image_file_and_warn( + arg_image, + &arg_verity_settings, + NULL, + arg_image_policy, + arg_flags, + NULL); + if (r < 0) + return r; + + if (isatty(STDOUT_FILENO) && emoji_enabled()) + printf("%s ", special_glyph(SPECIAL_GLYPH_SPARKLES)); + + printf("%sOK%s", ansi_highlight_green(), ansi_normal()); + + if (isatty(STDOUT_FILENO) && emoji_enabled()) + printf(" %s", special_glyph(SPECIAL_GLYPH_SPARKLES)); + + putc('\n', stdout); + return 0; +} + static int run(int argc, char *argv[]) { _cleanup_(dissected_image_unrefp) DissectedImage *m = NULL; _cleanup_(loop_device_unrefp) LoopDevice *d = NULL; @@ -1748,6 +1793,9 @@ static int run(int argc, char *argv[]) { * available we turn off partition table * support */ + if (arg_action == ACTION_VALIDATE) + return action_validate(); + open_flags = FLAGS_SET(arg_flags, DISSECT_IMAGE_DEVICE_READ_ONLY) ? O_RDONLY : O_RDWR; loop_flags = FLAGS_SET(arg_flags, DISSECT_IMAGE_NO_PARTITION_TABLE) ? 0 : LO_FLAGS_PARTSCAN; |