/snapd

Permalink
Switch branches/tags
zyga-demo-caps1 ppa 2.30 2.29.4.2 2.29.4.1 2.29.4 2.29.3.1 2.29.3 2.29.2 2.29.1 2.29 2.28.5 2.28.4 2.28.3 2.28.2 2.28.1 2.28 2.27.6 2.27.5 2.27.4 2.27.3 2.27.2 2.27.1 2.27 2.26.14 2.26.13 2.26.10 2.26.9 2.26.8 2.26.6 2.26.5 2.26.4 2.26.3 2.26.2 2.26.1 2.26 2.25 2.24 2.23.6 2.23.5 2.23.4 2.23.3 2.23.2 2.23.1 2.23 2.22.7 2.22.6 2.22.5 2.22.4 2.22.3 2.22.2 2.22.1 2.22 2.21.14.04.1 2.21 2.20.1.14.04 2.20.1 2.20 2.19 2.18.1 2.18 2.17.1 2.17 2.16 2.15.2 2.15.1 2.15 2.14.2.16.04 2.14.1 2.14 2.13 2.12 2.11 2.0.10 2.0.9 2.0.8.1 2.0.8 2.0.7 2.0.6 2.0.5 2.0.4 2.0.3 2.0.2 2.0.1 2.0 1.9.4.1 1.9.4 1.9.3 1.9.2 1.9.1 1.9 1.7.3+20160310ubuntu1 1.7.3+20160308ubuntu1 1.7.3+20160303ubuntu4 1.7.3+20160303ubuntu3 1.7.3+20160303ubuntu2 1.7.3+20160303ubuntu1 1.7.3+20160225ubuntu1 1.7.2+20160223ubuntu1 1.7.2+20160204ubuntu1
Nothing to show
Find file
snapd/cmd/snap/cmd_auto_import.go
Fetching contributors…
Cannot retrieve contributors at this time
Raw Blame History
301 lines (255 sloc) 7.24 KB
// -*- Mode: Go; indent-tabs-mode: t -*-
/*
* Copyright (C) 2014-2016 Canonical Ltd
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 3 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package main
import (
"bufio"
"crypto"
"encoding/base64"
"fmt"
"io/ioutil"
"os"
"os/exec"
"path/filepath"
"strings"
"syscall"
"github.com/jessevdk/go-flags"
"github.com/snapcore/snapd/client"
"github.com/snapcore/snapd/dirs"
"github.com/snapcore/snapd/i18n"
"github.com/snapcore/snapd/logger"
"github.com/snapcore/snapd/osutil"
"github.com/snapcore/snapd/release"
)
const autoImportsName = "auto-import.assert"
var mountInfoPath = "/proc/self/mountinfo"
func autoImportCandidates() ([]string, error) {
var cands []string
// see https://www.kernel.org/doc/Documentation/filesystems/proc.txt,
// sec. 3.5
f, err := os.Open(mountInfoPath)
if err != nil {
return nil, err
}
defer f.Close()
scanner := bufio.NewScanner(f)
for scanner.Scan() {
l := strings.Fields(scanner.Text())
// Per proc.txt:3.5, /proc/<pid>/mountinfo looks like
//
// 36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue
// (1)(2)(3) (4) (5) (6) (7) (8) (9) (10) (11)
//
// and (7) has zero or more elements, find the "-" separator.
i := 6
for i < len(l) && l[i] != "-" {
i++
}
if i+2 >= len(l) {
continue
}
mountSrc := l[i+2]
// skip everything that is not a device (cgroups, debugfs etc)
if !strings.HasPrefix(mountSrc, "/dev/") {
continue
}
// skip all loop devices (snaps)
if strings.HasPrefix(mountSrc, "/dev/loop") {
continue
}
// skip all ram disks (unless in tests)
if !osutil.GetenvBool("SNAPPY_TESTING") && strings.HasPrefix(mountSrc, "/dev/ram") {
continue
}
mountPoint := l[4]
cand := filepath.Join(mountPoint, autoImportsName)
if osutil.FileExists(cand) {
cands = append(cands, cand)
}
}
return cands, scanner.Err()
}
func queueFile(src string) error {
// refuse huge files, this is for assertions
fi, err := os.Stat(src)
if err != nil {
return err
}
// 640kb ought be to enough for anyone
if fi.Size() > 640*1024 {
msg := fmt.Errorf("cannot queue %s, file size too big: %v", src, fi.Size())
logger.Noticef("error: %v", msg)
return msg
}
// ensure name is predictable, weak hash is ok
hash, _, err := osutil.FileDigest(src, crypto.SHA3_384)
if err != nil {
return err
}
dst := filepath.Join(dirs.SnapAssertsSpoolDir, fmt.Sprintf("%s.assert", base64.URLEncoding.EncodeToString(hash)))
if err := os.MkdirAll(filepath.Dir(dst), 0755); err != nil {
return err
}
return osutil.CopyFile(src, dst, osutil.CopyFlagOverwrite)
}
func autoImportFromSpool() (added int, err error) {
files, err := ioutil.ReadDir(dirs.SnapAssertsSpoolDir)
if os.IsNotExist(err) {
return 0, nil
}
if err != nil {
return 0, err
}
for _, fi := range files {
cand := filepath.Join(dirs.SnapAssertsSpoolDir, fi.Name())
if err := ackFile(cand); err != nil {
logger.Noticef("error: cannot import %s: %s", cand, err)
continue
} else {
logger.Noticef("imported %s", cand)
added++
}
// FIXME: only remove stuff older than N days?
if err := os.Remove(cand); err != nil {
return 0, err
}
}
return added, nil
}
func autoImportFromAllMounts() (int, error) {
cands, err := autoImportCandidates()
if err != nil {
return 0, err
}
added := 0
for _, cand := range cands {
err := ackFile(cand)
// the server is not ready yet
if _, ok := err.(client.ConnectionError); ok {
logger.Noticef("queuing for later %s", cand)
if err := queueFile(cand); err != nil {
return 0, err
}
continue
}
if err != nil {
logger.Noticef("error: cannot import %s: %s", cand, err)
continue
} else {
logger.Noticef("imported %s", cand)
}
added++
}
return added, nil
}
func tryMount(deviceName string) (string, error) {
tmpMountTarget, err := ioutil.TempDir("", "snapd-auto-import-mount-")
if err != nil {
err = fmt.Errorf("cannot create temporary mount point: %v", err)
logger.Noticef("error: %v", err)
return "", err
}
// udev does not provide much environment ;)
if os.Getenv("PATH") == "" {
os.Setenv("PATH", "/usr/sbin:/usr/bin:/sbin:/bin")
}
// not using syscall.Mount() because we don't know the fs type in advance
cmd := exec.Command("mount", "-t", "ext4,vfat", "-o", "ro", "--make-private", deviceName, tmpMountTarget)
if output, err := cmd.CombinedOutput(); err != nil {
os.Remove(tmpMountTarget)
err = fmt.Errorf("cannot mount %s: %s", deviceName, osutil.OutputErr(output, err))
logger.Noticef("error: %v", err)
return "", err
}
return tmpMountTarget, nil
}
func doUmount(mp string) error {
if err := syscall.Unmount(mp, 0); err != nil {
return err
}
return os.Remove(mp)
}
type cmdAutoImport struct {
Mount []string `long:"mount" arg-name:"<device path>"`
ForceClassic bool `long:"force-classic"`
}
var shortAutoImportHelp = i18n.G("Inspects devices for actionable information")
var longAutoImportHelp = i18n.G(`
The auto-import command searches available mounted devices looking for
assertions that are signed by trusted authorities, and potentially
performs system changes based on them.
If one or more device paths are provided via --mount, these are temporariy
mounted to be inspected as well. Even in that case the command will still
consider all available mounted devices for inspection.
Imported assertions must be made available in the auto-import.assert file
in the root of the filesystem.
`)
func init() {
cmd := addCommand("auto-import",
shortAutoImportHelp,
longAutoImportHelp,
func() flags.Commander {
return &cmdAutoImport{}
}, map[string]string{
"mount": i18n.G("Temporarily mount device before inspecting"),
"force-classic": i18n.G("Force import on classic systems"),
}, nil)
cmd.hidden = true
}
func autoAddUsers() error {
cmd := cmdCreateUser{
Known: true, Sudoer: true,
}
return cmd.Execute(nil)
}
func (x *cmdAutoImport) Execute(args []string) error {
if len(args) > 0 {
return ErrExtraArgs
}
if release.OnClassic && !x.ForceClassic {
fmt.Fprintf(Stderr, "auto-import is disabled on classic\n")
return nil
}
for _, path := range x.Mount {
// udev adds new /dev/loopX devices on the fly when a
// loop mount happens and there is no loop device left.
//
// We need to ignore these events because otherwise both
// our mount and the "mount -o loop" fight over the same
// device and we get nasty errors
if strings.HasPrefix(path, "/dev/loop") {
continue
}
mp, err := tryMount(path)
if err != nil {
continue // Error was reported. Continue looking.
}
defer doUmount(mp)
}
added1, err := autoImportFromSpool()
if err != nil {
return err
}
added2, err := autoImportFromAllMounts()
if err != nil {
return err
}
if added1+added2 > 0 {
return autoAddUsers()
}
return nil
}