1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 2012, 2013 SRI International
5 * Copyright (c) 1987, 1993
6 * The Regents of the University of California. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the University nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 #ifndef lint
34 static const char copyright[] =
35 "@(#) Copyright (c) 1987, 1993\n\
36 The Regents of the University of California. All rights reserved.\n";
37 #endif /* not lint */
38
39 #if 0
40 #ifndef lint
41 static char sccsid[] = "@(#)xinstall.c 8.1 (Berkeley) 7/21/93";
42 #endif /* not lint */
43 #endif
44
45 #include <sys/cdefs.h>
46 __FBSDID("$FreeBSD$");
47
48 #include <sys/param.h>
49 #include <sys/mman.h>
50 #include <sys/mount.h>
51 #include <sys/stat.h>
52 #include <sys/time.h>
53 #include <sys/wait.h>
54
55 #include <err.h>
56 #include <errno.h>
57 #include <fcntl.h>
58 #include <grp.h>
59 #include <libgen.h>
60 #include <md5.h>
61 #include <paths.h>
62 #include <pwd.h>
63 #include <ripemd.h>
64 #include <sha.h>
65 #include <sha256.h>
66 #include <sha512.h>
67 #include <spawn.h>
68 #include <stdint.h>
69 #include <stdio.h>
70 #include <stdlib.h>
71 #include <string.h>
72 #include <sysexits.h>
73 #include <unistd.h>
74 #include <vis.h>
75
76 #include "mtree.h"
77
78 /*
79 * We need to build xinstall during the bootstrap stage when building on a
80 * non-FreeBSD system. Linux does not have the st_flags and st_birthtime
81 * members in struct stat so we need to omit support for changing those fields.
82 */
83 #ifdef UF_SETTABLE
84 #define HAVE_STRUCT_STAT_ST_FLAGS 1
85 #else
86 #define HAVE_STRUCT_STAT_ST_FLAGS 0
87 #endif
88
89 #define MAX_CMP_SIZE (16 * 1024 * 1024)
90
91 #define LN_ABSOLUTE 0x01
92 #define LN_RELATIVE 0x02
93 #define LN_HARD 0x04
94 #define LN_SYMBOLIC 0x08
95 #define LN_MIXED 0x10
96
97 #define DIRECTORY 0x01 /* Tell install it's a directory. */
98 #define SETFLAGS 0x02 /* Tell install to set flags. */
99 #define NOCHANGEBITS (UF_IMMUTABLE | UF_APPEND | SF_IMMUTABLE | SF_APPEND)
100 #define BACKUP_SUFFIX ".old"
101
102 typedef union {
103 MD5_CTX MD5;
104 RIPEMD160_CTX RIPEMD160;
105 SHA1_CTX SHA1;
106 SHA256_CTX SHA256;
107 SHA512_CTX SHA512;
108 } DIGEST_CTX;
109
110 static enum {
111 DIGEST_NONE = 0,
112 DIGEST_MD5,
113 DIGEST_RIPEMD160,
114 DIGEST_SHA1,
115 DIGEST_SHA256,
116 DIGEST_SHA512,
117 } digesttype = DIGEST_NONE;
118
119 extern char **environ;
120
121 static gid_t gid;
122 static uid_t uid;
123 static int dobackup, docompare, dodir, dolink, dopreserve, dostrip, dounpriv,
124 safecopy, verbose;
125 static int haveopt_f, haveopt_g, haveopt_m, haveopt_o;
126 static mode_t mode = S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH;
127 static FILE *metafp;
128 static const char *group, *owner;
129 static const char *suffix = BACKUP_SUFFIX;
130 static char *destdir, *digest, *fflags, *metafile, *tags;
131
132 static int compare(int, const char *, size_t, int, const char *, size_t,
133 char **);
134 static char *copy(int, const char *, int, const char *, off_t);
135 static int create_newfile(const char *, int, struct stat *);
136 static int create_tempfile(const char *, char *, size_t);
137 static char *quiet_mktemp(char *template);
138 static char *digest_file(const char *);
139 static void digest_init(DIGEST_CTX *);
140 static void digest_update(DIGEST_CTX *, const char *, size_t);
141 static char *digest_end(DIGEST_CTX *, char *);
142 static int do_link(const char *, const char *, const struct stat *);
143 static void do_symlink(const char *, const char *, const struct stat *);
144 static void makelink(const char *, const char *, const struct stat *);
145 static void install(const char *, const char *, u_long, u_int);
146 static void install_dir(char *);
147 static void metadata_log(const char *, const char *, struct timespec *,
148 const char *, const char *, off_t);
149 static int parseid(const char *, id_t *);
150 static int strip(const char *, int, const char *, char **);
151 static int trymmap(size_t);
152 static void usage(void);
153
154 int
main(int argc,char * argv[])155 main(int argc, char *argv[])
156 {
157 struct stat from_sb, to_sb;
158 mode_t *set;
159 u_long fset;
160 int ch, no_target;
161 u_int iflags;
162 char *p;
163 const char *to_name;
164
165 fset = 0;
166 iflags = 0;
167 group = owner = NULL;
168 while ((ch = getopt(argc, argv, "B:bCcD:df:g:h:l:M:m:N:o:pSsT:Uv")) !=
169 -1)
170 switch((char)ch) {
171 case 'B':
172 suffix = optarg;
173 /* FALLTHROUGH */
174 case 'b':
175 dobackup = 1;
176 break;
177 case 'C':
178 docompare = 1;
179 break;
180 case 'c':
181 /* For backwards compatibility. */
182 break;
183 case 'D':
184 destdir = optarg;
185 break;
186 case 'd':
187 dodir = 1;
188 break;
189 case 'f':
190 haveopt_f = 1;
191 fflags = optarg;
192 break;
193 case 'g':
194 haveopt_g = 1;
195 group = optarg;
196 break;
197 case 'h':
198 digest = optarg;
199 break;
200 case 'l':
201 for (p = optarg; *p != '\0'; p++)
202 switch (*p) {
203 case 's':
204 dolink &= ~(LN_HARD|LN_MIXED);
205 dolink |= LN_SYMBOLIC;
206 break;
207 case 'h':
208 dolink &= ~(LN_SYMBOLIC|LN_MIXED);
209 dolink |= LN_HARD;
210 break;
211 case 'm':
212 dolink &= ~(LN_SYMBOLIC|LN_HARD);
213 dolink |= LN_MIXED;
214 break;
215 case 'a':
216 dolink &= ~LN_RELATIVE;
217 dolink |= LN_ABSOLUTE;
218 break;
219 case 'r':
220 dolink &= ~LN_ABSOLUTE;
221 dolink |= LN_RELATIVE;
222 break;
223 default:
224 errx(1, "%c: invalid link type", *p);
225 /* NOTREACHED */
226 }
227 break;
228 case 'M':
229 metafile = optarg;
230 break;
231 case 'm':
232 haveopt_m = 1;
233 if (!(set = setmode(optarg)))
234 errx(EX_USAGE, "invalid file mode: %s",
235 optarg);
236 mode = getmode(set, 0);
237 free(set);
238 break;
239 case 'N':
240 if (!setup_getid(optarg))
241 err(EX_OSERR, "Unable to use user and group "
242 "databases in `%s'", optarg);
243 break;
244 case 'o':
245 haveopt_o = 1;
246 owner = optarg;
247 break;
248 case 'p':
249 docompare = dopreserve = 1;
250 break;
251 case 'S':
252 safecopy = 1;
253 break;
254 case 's':
255 dostrip = 1;
256 break;
257 case 'T':
258 tags = optarg;
259 break;
260 case 'U':
261 dounpriv = 1;
262 break;
263 case 'v':
264 verbose = 1;
265 break;
266 case '?':
267 default:
268 usage();
269 }
270 argc -= optind;
271 argv += optind;
272
273 /* some options make no sense when creating directories */
274 if (dostrip && dodir) {
275 warnx("-d and -s may not be specified together");
276 usage();
277 }
278
279 if (getenv("DONTSTRIP") != NULL) {
280 warnx("DONTSTRIP set - will not strip installed binaries");
281 dostrip = 0;
282 }
283
284 /* must have at least two arguments, except when creating directories */
285 if (argc == 0 || (argc == 1 && !dodir))
286 usage();
287
288 if (digest != NULL) {
289 if (strcmp(digest, "none") == 0) {
290 digesttype = DIGEST_NONE;
291 } else if (strcmp(digest, "md5") == 0) {
292 digesttype = DIGEST_MD5;
293 } else if (strcmp(digest, "rmd160") == 0) {
294 digesttype = DIGEST_RIPEMD160;
295 } else if (strcmp(digest, "sha1") == 0) {
296 digesttype = DIGEST_SHA1;
297 } else if (strcmp(digest, "sha256") == 0) {
298 digesttype = DIGEST_SHA256;
299 } else if (strcmp(digest, "sha512") == 0) {
300 digesttype = DIGEST_SHA512;
301 } else {
302 warnx("unknown digest `%s'", digest);
303 usage();
304 }
305 }
306
307 /* need to make a temp copy so we can compare stripped version */
308 if (docompare && dostrip)
309 safecopy = 1;
310
311 /* get group and owner id's */
312 if (group != NULL && !dounpriv) {
313 if (gid_from_group(group, &gid) == -1) {
314 id_t id;
315 if (!parseid(group, &id))
316 errx(1, "unknown group %s", group);
317 gid = id;
318 }
319 } else
320 gid = (gid_t)-1;
321
322 if (owner != NULL && !dounpriv) {
323 if (uid_from_user(owner, &uid) == -1) {
324 id_t id;
325 if (!parseid(owner, &id))
326 errx(1, "unknown user %s", owner);
327 uid = id;
328 }
329 } else
330 uid = (uid_t)-1;
331
332 if (fflags != NULL && !dounpriv) {
333 if (strtofflags(&fflags, &fset, NULL))
334 errx(EX_USAGE, "%s: invalid flag", fflags);
335 iflags |= SETFLAGS;
336 }
337
338 if (metafile != NULL) {
339 if ((metafp = fopen(metafile, "a")) == NULL)
340 warn("open %s", metafile);
341 } else
342 digesttype = DIGEST_NONE;
343
344 if (dodir) {
345 for (; *argv != NULL; ++argv)
346 install_dir(*argv);
347 exit(EX_OK);
348 /* NOTREACHED */
349 }
350
351 to_name = argv[argc - 1];
352 no_target = stat(to_name, &to_sb);
353 if (!no_target && S_ISDIR(to_sb.st_mode)) {
354 if (dolink & LN_SYMBOLIC) {
355 if (lstat(to_name, &to_sb) != 0)
356 err(EX_OSERR, "%s vanished", to_name);
357 if (S_ISLNK(to_sb.st_mode)) {
358 if (argc != 2) {
359 errno = ENOTDIR;
360 err(EX_USAGE, "%s", to_name);
361 }
362 install(*argv, to_name, fset, iflags);
363 exit(EX_OK);
364 }
365 }
366 for (; *argv != to_name; ++argv)
367 install(*argv, to_name, fset, iflags | DIRECTORY);
368 exit(EX_OK);
369 /* NOTREACHED */
370 }
371
372 /* can't do file1 file2 directory/file */
373 if (argc != 2) {
374 if (no_target)
375 warnx("target directory `%s' does not exist",
376 argv[argc - 1]);
377 else
378 warnx("target `%s' is not a directory",
379 argv[argc - 1]);
380 usage();
381 }
382
383 if (!no_target && !dolink) {
384 if (stat(*argv, &from_sb))
385 err(EX_OSERR, "%s", *argv);
386 if (!S_ISREG(to_sb.st_mode)) {
387 errno = EFTYPE;
388 err(EX_OSERR, "%s", to_name);
389 }
390 if (to_sb.st_dev == from_sb.st_dev &&
391 to_sb.st_ino == from_sb.st_ino)
392 errx(EX_USAGE,
393 "%s and %s are the same file", *argv, to_name);
394 }
395 install(*argv, to_name, fset, iflags);
396 exit(EX_OK);
397 /* NOTREACHED */
398 }
399
400 static char *
digest_file(const char * name)401 digest_file(const char *name)
402 {
403
404 switch (digesttype) {
405 case DIGEST_MD5:
406 return (MD5File(name, NULL));
407 case DIGEST_RIPEMD160:
408 return (RIPEMD160_File(name, NULL));
409 case DIGEST_SHA1:
410 return (SHA1_File(name, NULL));
411 case DIGEST_SHA256:
412 return (SHA256_File(name, NULL));
413 case DIGEST_SHA512:
414 return (SHA512_File(name, NULL));
415 default:
416 return (NULL);
417 }
418 }
419
420 static void
digest_init(DIGEST_CTX * c)421 digest_init(DIGEST_CTX *c)
422 {
423
424 switch (digesttype) {
425 case DIGEST_NONE:
426 break;
427 case DIGEST_MD5:
428 MD5Init(&(c->MD5));
429 break;
430 case DIGEST_RIPEMD160:
431 RIPEMD160_Init(&(c->RIPEMD160));
432 break;
433 case DIGEST_SHA1:
434 SHA1_Init(&(c->SHA1));
435 break;
436 case DIGEST_SHA256:
437 SHA256_Init(&(c->SHA256));
438 break;
439 case DIGEST_SHA512:
440 SHA512_Init(&(c->SHA512));
441 break;
442 }
443 }
444
445 static void
digest_update(DIGEST_CTX * c,const char * data,size_t len)446 digest_update(DIGEST_CTX *c, const char *data, size_t len)
447 {
448
449 switch (digesttype) {
450 case DIGEST_NONE:
451 break;
452 case DIGEST_MD5:
453 MD5Update(&(c->MD5), data, len);
454 break;
455 case DIGEST_RIPEMD160:
456 RIPEMD160_Update(&(c->RIPEMD160), data, len);
457 break;
458 case DIGEST_SHA1:
459 SHA1_Update(&(c->SHA1), data, len);
460 break;
461 case DIGEST_SHA256:
462 SHA256_Update(&(c->SHA256), data, len);
463 break;
464 case DIGEST_SHA512:
465 SHA512_Update(&(c->SHA512), data, len);
466 break;
467 }
468 }
469
470 static char *
digest_end(DIGEST_CTX * c,char * buf)471 digest_end(DIGEST_CTX *c, char *buf)
472 {
473
474 switch (digesttype) {
475 case DIGEST_MD5:
476 return (MD5End(&(c->MD5), buf));
477 case DIGEST_RIPEMD160:
478 return (RIPEMD160_End(&(c->RIPEMD160), buf));
479 case DIGEST_SHA1:
480 return (SHA1_End(&(c->SHA1), buf));
481 case DIGEST_SHA256:
482 return (SHA256_End(&(c->SHA256), buf));
483 case DIGEST_SHA512:
484 return (SHA512_End(&(c->SHA512), buf));
485 default:
486 return (NULL);
487 }
488 }
489
490 /*
491 * parseid --
492 * parse uid or gid from arg into id, returning non-zero if successful
493 */
494 static int
parseid(const char * name,id_t * id)495 parseid(const char *name, id_t *id)
496 {
497 char *ep;
498 errno = 0;
499 *id = (id_t)strtoul(name, &ep, 10);
500 if (errno || *ep != '\0')
501 return (0);
502 return (1);
503 }
504
505 /*
506 * quiet_mktemp --
507 * mktemp implementation used mkstemp to avoid mktemp warnings. We
508 * really do need mktemp semantics here as we will be creating a link.
509 */
510 static char *
quiet_mktemp(char * template)511 quiet_mktemp(char *template)
512 {
513 int fd;
514
515 if ((fd = mkstemp(template)) == -1)
516 return (NULL);
517 close (fd);
518 if (unlink(template) == -1)
519 err(EX_OSERR, "unlink %s", template);
520 return (template);
521 }
522
523 /*
524 * do_link --
525 * make a hard link, obeying dorename if set
526 * return -1 on failure
527 */
528 static int
do_link(const char * from_name,const char * to_name,const struct stat * target_sb)529 do_link(const char *from_name, const char *to_name,
530 const struct stat *target_sb)
531 {
532 char tmpl[MAXPATHLEN];
533 int ret;
534
535 if (safecopy && target_sb != NULL) {
536 (void)snprintf(tmpl, sizeof(tmpl), "%s.inst.XXXXXX", to_name);
537 /* This usage is safe. */
538 if (quiet_mktemp(tmpl) == NULL)
539 err(EX_OSERR, "%s: mktemp", tmpl);
540 ret = link(from_name, tmpl);
541 if (ret == 0) {
542 if (target_sb->st_mode & S_IFDIR && rmdir(to_name) ==
543 -1) {
544 unlink(tmpl);
545 err(EX_OSERR, "%s", to_name);
546 }
547 #if HAVE_STRUCT_STAT_ST_FLAGS
548 if (target_sb->st_flags & NOCHANGEBITS)
549 (void)chflags(to_name, target_sb->st_flags &
550 ~NOCHANGEBITS);
551 #endif
552 if (verbose)
553 printf("install: link %s -> %s\n",
554 from_name, to_name);
555 ret = rename(tmpl, to_name);
556 /*
557 * If rename has posix semantics, then the temporary
558 * file may still exist when from_name and to_name point
559 * to the same file, so unlink it unconditionally.
560 */
561 (void)unlink(tmpl);
562 }
563 return (ret);
564 } else {
565 if (verbose)
566 printf("install: link %s -> %s\n",
567 from_name, to_name);
568 return (link(from_name, to_name));
569 }
570 }
571
572 /*
573 * do_symlink --
574 * Make a symbolic link, obeying dorename if set. Exit on failure.
575 */
576 static void
do_symlink(const char * from_name,const char * to_name,const struct stat * target_sb)577 do_symlink(const char *from_name, const char *to_name,
578 const struct stat *target_sb)
579 {
580 char tmpl[MAXPATHLEN];
581
582 if (safecopy && target_sb != NULL) {
583 (void)snprintf(tmpl, sizeof(tmpl), "%s.inst.XXXXXX", to_name);
584 /* This usage is safe. */
585 if (quiet_mktemp(tmpl) == NULL)
586 err(EX_OSERR, "%s: mktemp", tmpl);
587
588 if (symlink(from_name, tmpl) == -1)
589 err(EX_OSERR, "symlink %s -> %s", from_name, tmpl);
590
591 if (target_sb->st_mode & S_IFDIR && rmdir(to_name) == -1) {
592 (void)unlink(tmpl);
593 err(EX_OSERR, "%s", to_name);
594 }
595 #if HAVE_STRUCT_STAT_ST_FLAGS
596 if (target_sb->st_flags & NOCHANGEBITS)
597 (void)chflags(to_name, target_sb->st_flags &
598 ~NOCHANGEBITS);
599 #endif
600 if (verbose)
601 printf("install: symlink %s -> %s\n",
602 from_name, to_name);
603 if (rename(tmpl, to_name) == -1) {
604 /* Remove temporary link before exiting. */
605 (void)unlink(tmpl);
606 err(EX_OSERR, "%s: rename", to_name);
607 }
608 } else {
609 if (verbose)
610 printf("install: symlink %s -> %s\n",
611 from_name, to_name);
612 if (symlink(from_name, to_name) == -1)
613 err(EX_OSERR, "symlink %s -> %s", from_name, to_name);
614 }
615 }
616
617 /*
618 * makelink --
619 * make a link from source to destination
620 */
621 static void
makelink(const char * from_name,const char * to_name,const struct stat * target_sb)622 makelink(const char *from_name, const char *to_name,
623 const struct stat *target_sb)
624 {
625 char src[MAXPATHLEN], dst[MAXPATHLEN], lnk[MAXPATHLEN];
626 struct stat to_sb;
627
628 /* Try hard links first. */
629 if (dolink & (LN_HARD|LN_MIXED)) {
630 if (do_link(from_name, to_name, target_sb) == -1) {
631 if ((dolink & LN_HARD) || errno != EXDEV)
632 err(EX_OSERR, "link %s -> %s", from_name, to_name);
633 } else {
634 if (stat(to_name, &to_sb))
635 err(EX_OSERR, "%s: stat", to_name);
636 if (S_ISREG(to_sb.st_mode)) {
637 /*
638 * XXX: hard links to anything other than
639 * plain files are not metalogged
640 */
641 int omode;
642 const char *oowner, *ogroup;
643 char *offlags;
644 char *dres;
645
646 /*
647 * XXX: use underlying perms, unless
648 * overridden on command line.
649 */
650 omode = mode;
651 if (!haveopt_m)
652 mode = (to_sb.st_mode & 0777);
653 oowner = owner;
654 if (!haveopt_o)
655 owner = NULL;
656 ogroup = group;
657 if (!haveopt_g)
658 group = NULL;
659 offlags = fflags;
660 if (!haveopt_f)
661 fflags = NULL;
662 dres = digest_file(from_name);
663 metadata_log(to_name, "file", NULL, NULL,
664 dres, to_sb.st_size);
665 free(dres);
666 mode = omode;
667 owner = oowner;
668 group = ogroup;
669 fflags = offlags;
670 }
671 return;
672 }
673 }
674
675 /* Symbolic links. */
676 if (dolink & LN_ABSOLUTE) {
677 /* Convert source path to absolute. */
678 if (realpath(from_name, src) == NULL)
679 err(EX_OSERR, "%s: realpath", from_name);
680 do_symlink(src, to_name, target_sb);
681 /* XXX: src may point outside of destdir */
682 metadata_log(to_name, "link", NULL, src, NULL, 0);
683 return;
684 }
685
686 if (dolink & LN_RELATIVE) {
687 char *to_name_copy, *cp, *d, *ld, *ls, *s;
688
689 if (*from_name != '/') {
690 /* this is already a relative link */
691 do_symlink(from_name, to_name, target_sb);
692 /* XXX: from_name may point outside of destdir. */
693 metadata_log(to_name, "link", NULL, from_name, NULL, 0);
694 return;
695 }
696
697 /* Resolve pathnames. */
698 if (realpath(from_name, src) == NULL)
699 err(EX_OSERR, "%s: realpath", from_name);
700
701 /*
702 * The last component of to_name may be a symlink,
703 * so use realpath to resolve only the directory.
704 */
705 to_name_copy = strdup(to_name);
706 if (to_name_copy == NULL)
707 err(EX_OSERR, "%s: strdup", to_name);
708 cp = dirname(to_name_copy);
709 if (realpath(cp, dst) == NULL)
710 err(EX_OSERR, "%s: realpath", cp);
711 /* .. and add the last component. */
712 if (strcmp(dst, "/") != 0) {
713 if (strlcat(dst, "/", sizeof(dst)) > sizeof(dst))
714 errx(1, "resolved pathname too long");
715 }
716 strcpy(to_name_copy, to_name);
717 cp = basename(to_name_copy);
718 if (strlcat(dst, cp, sizeof(dst)) > sizeof(dst))
719 errx(1, "resolved pathname too long");
720 free(to_name_copy);
721
722 /* Trim common path components. */
723 ls = ld = NULL;
724 for (s = src, d = dst; *s == *d; ls = s, ld = d, s++, d++)
725 continue;
726 /*
727 * If we didn't end after a directory separator, then we've
728 * falsely matched the last component. For example, if one
729 * invoked install -lrs /lib/foo.so /libexec/ then the source
730 * would terminate just after the separator while the
731 * destination would terminate in the middle of 'libexec',
732 * leading to a full directory getting falsely eaten.
733 */
734 if ((ls != NULL && *ls != '/') || (ld != NULL && *ld != '/'))
735 s--, d--;
736 while (*s != '/')
737 s--, d--;
738
739 /* Count the number of directories we need to backtrack. */
740 for (++d, lnk[0] = '\0'; *d; d++)
741 if (*d == '/')
742 (void)strlcat(lnk, "../", sizeof(lnk));
743
744 (void)strlcat(lnk, ++s, sizeof(lnk));
745
746 do_symlink(lnk, to_name, target_sb);
747 /* XXX: Link may point outside of destdir. */
748 metadata_log(to_name, "link", NULL, lnk, NULL, 0);
749 return;
750 }
751
752 /*
753 * If absolute or relative was not specified, try the names the
754 * user provided.
755 */
756 do_symlink(from_name, to_name, target_sb);
757 /* XXX: from_name may point outside of destdir. */
758 metadata_log(to_name, "link", NULL, from_name, NULL, 0);
759 }
760
761 /*
762 * install --
763 * build a path name and install the file
764 */
765 static void
install(const char * from_name,const char * to_name,u_long fset,u_int flags)766 install(const char *from_name, const char *to_name, u_long fset, u_int flags)
767 {
768 struct stat from_sb, temp_sb, to_sb;
769 struct timespec tsb[2];
770 int devnull, files_match, from_fd, serrno, stripped, target;
771 int tempcopy, temp_fd, to_fd;
772 char backup[MAXPATHLEN], *p, pathbuf[MAXPATHLEN], tempfile[MAXPATHLEN];
773 char *digestresult;
774
775 digestresult = NULL;
776 files_match = stripped = 0;
777 from_fd = -1;
778 to_fd = -1;
779
780 /* If try to install NULL file to a directory, fails. */
781 if (flags & DIRECTORY || strcmp(from_name, _PATH_DEVNULL)) {
782 if (!dolink) {
783 if (stat(from_name, &from_sb))
784 err(EX_OSERR, "%s", from_name);
785 if (!S_ISREG(from_sb.st_mode)) {
786 errno = EFTYPE;
787 err(EX_OSERR, "%s", from_name);
788 }
789 }
790 /* Build the target path. */
791 if (flags & DIRECTORY) {
792 (void)snprintf(pathbuf, sizeof(pathbuf), "%s%s%s",
793 to_name,
794 to_name[strlen(to_name) - 1] == '/' ? "" : "/",
795 (p = strrchr(from_name, '/')) ? ++p : from_name);
796 to_name = pathbuf;
797 }
798 devnull = 0;
799 } else {
800 devnull = 1;
801 }
802
803 target = (lstat(to_name, &to_sb) == 0);
804
805 if (dolink) {
806 if (target && !safecopy) {
807 if (to_sb.st_mode & S_IFDIR && rmdir(to_name) == -1)
808 err(EX_OSERR, "%s", to_name);
809 #if HAVE_STRUCT_STAT_ST_FLAGS
810 if (to_sb.st_flags & NOCHANGEBITS)
811 (void)chflags(to_name,
812 to_sb.st_flags & ~NOCHANGEBITS);
813 #endif
814 unlink(to_name);
815 }
816 makelink(from_name, to_name, target ? &to_sb : NULL);
817 return;
818 }
819
820 if (target && !S_ISREG(to_sb.st_mode) && !S_ISLNK(to_sb.st_mode)) {
821 errno = EFTYPE;
822 warn("%s", to_name);
823 return;
824 }
825
826 /* Only copy safe if the target exists. */
827 tempcopy = safecopy && target;
828
829 if (!devnull && (from_fd = open(from_name, O_RDONLY, 0)) < 0)
830 err(EX_OSERR, "%s", from_name);
831
832 /* If we don't strip, we can compare first. */
833 if (docompare && !dostrip && target && S_ISREG(to_sb.st_mode)) {
834 if ((to_fd = open(to_name, O_RDONLY, 0)) < 0)
835 err(EX_OSERR, "%s", to_name);
836 if (devnull)
837 files_match = to_sb.st_size == 0;
838 else
839 files_match = !(compare(from_fd, from_name,
840 (size_t)from_sb.st_size, to_fd,
841 to_name, (size_t)to_sb.st_size, &digestresult));
842
843 /* Close "to" file unless we match. */
844 if (!files_match)
845 (void)close(to_fd);
846 }
847
848 if (!files_match) {
849 if (tempcopy) {
850 to_fd = create_tempfile(to_name, tempfile,
851 sizeof(tempfile));
852 if (to_fd < 0)
853 err(EX_OSERR, "%s", tempfile);
854 } else {
855 if ((to_fd = create_newfile(to_name, target,
856 &to_sb)) < 0)
857 err(EX_OSERR, "%s", to_name);
858 if (verbose)
859 (void)printf("install: %s -> %s\n",
860 from_name, to_name);
861 }
862 if (!devnull) {
863 if (dostrip)
864 stripped = strip(tempcopy ? tempfile : to_name,
865 to_fd, from_name, &digestresult);
866 if (!stripped)
867 digestresult = copy(from_fd, from_name, to_fd,
868 tempcopy ? tempfile : to_name, from_sb.st_size);
869 }
870 }
871
872 if (dostrip) {
873 if (!stripped)
874 (void)strip(tempcopy ? tempfile : to_name, to_fd,
875 NULL, &digestresult);
876
877 /*
878 * Re-open our fd on the target, in case
879 * we did not strip in-place.
880 */
881 close(to_fd);
882 to_fd = open(tempcopy ? tempfile : to_name, O_RDONLY, 0);
883 if (to_fd < 0)
884 err(EX_OSERR, "stripping %s", to_name);
885 }
886
887 /*
888 * Compare the stripped temp file with the target.
889 */
890 if (docompare && dostrip && target && S_ISREG(to_sb.st_mode)) {
891 temp_fd = to_fd;
892
893 /* Re-open to_fd using the real target name. */
894 if ((to_fd = open(to_name, O_RDONLY, 0)) < 0)
895 err(EX_OSERR, "%s", to_name);
896
897 if (fstat(temp_fd, &temp_sb)) {
898 serrno = errno;
899 (void)unlink(tempfile);
900 errno = serrno;
901 err(EX_OSERR, "%s", tempfile);
902 }
903
904 if (compare(temp_fd, tempfile, (size_t)temp_sb.st_size, to_fd,
905 to_name, (size_t)to_sb.st_size, &digestresult)
906 == 0) {
907 /*
908 * If target has more than one link we need to
909 * replace it in order to snap the extra links.
910 * Need to preserve target file times, though.
911 */
912 if (to_sb.st_nlink != 1) {
913 tsb[0] = to_sb.st_atim;
914 tsb[1] = to_sb.st_mtim;
915 (void)utimensat(AT_FDCWD, tempfile, tsb, 0);
916 } else {
917 files_match = 1;
918 (void)unlink(tempfile);
919 }
920 (void) close(temp_fd);
921 }
922 } else if (dostrip)
923 digestresult = digest_file(tempfile);
924
925 /*
926 * Move the new file into place if doing a safe copy
927 * and the files are different (or just not compared).
928 */
929 if (tempcopy && !files_match) {
930 #if HAVE_STRUCT_STAT_ST_FLAGS
931 /* Try to turn off the immutable bits. */
932 if (to_sb.st_flags & NOCHANGEBITS)
933 (void)chflags(to_name, to_sb.st_flags & ~NOCHANGEBITS);
934 #endif
935 if (dobackup) {
936 if ((size_t)snprintf(backup, MAXPATHLEN, "%s%s", to_name,
937 suffix) != strlen(to_name) + strlen(suffix)) {
938 unlink(tempfile);
939 errx(EX_OSERR, "%s: backup filename too long",
940 to_name);
941 }
942 if (verbose)
943 (void)printf("install: %s -> %s\n", to_name, backup);
944 if (unlink(backup) < 0 && errno != ENOENT) {
945 serrno = errno;
946 #if HAVE_STRUCT_STAT_ST_FLAGS
947 if (to_sb.st_flags & NOCHANGEBITS)
948 (void)chflags(to_name, to_sb.st_flags);
949 #endif
950 unlink(tempfile);
951 errno = serrno;
952 err(EX_OSERR, "unlink: %s", backup);
953 }
954 if (link(to_name, backup) < 0) {
955 serrno = errno;
956 unlink(tempfile);
957 #if HAVE_STRUCT_STAT_ST_FLAGS
958 if (to_sb.st_flags & NOCHANGEBITS)
959 (void)chflags(to_name, to_sb.st_flags);
960 #endif
961 errno = serrno;
962 err(EX_OSERR, "link: %s to %s", to_name,
963 backup);
964 }
965 }
966 if (verbose)
967 (void)printf("install: %s -> %s\n", from_name, to_name);
968 if (rename(tempfile, to_name) < 0) {
969 serrno = errno;
970 unlink(tempfile);
971 errno = serrno;
972 err(EX_OSERR, "rename: %s to %s",
973 tempfile, to_name);
974 }
975
976 /* Re-open to_fd so we aren't hosed by the rename(2). */
977 (void) close(to_fd);
978 if ((to_fd = open(to_name, O_RDONLY, 0)) < 0)
979 err(EX_OSERR, "%s", to_name);
980 }
981
982 /*
983 * Preserve the timestamp of the source file if necessary.
984 */
985 if (dopreserve && !files_match && !devnull) {
986 tsb[0] = from_sb.st_atim;
987 tsb[1] = from_sb.st_mtim;
988 (void)utimensat(AT_FDCWD, to_name, tsb, 0);
989 }
990
991 if (fstat(to_fd, &to_sb) == -1) {
992 serrno = errno;
993 (void)unlink(to_name);
994 errno = serrno;
995 err(EX_OSERR, "%s", to_name);
996 }
997
998 /*
999 * Set owner, group, mode for target; do the chown first,
1000 * chown may lose the setuid bits.
1001 */
1002 if (!dounpriv && ((gid != (gid_t)-1 && gid != to_sb.st_gid) ||
1003 (uid != (uid_t)-1 && uid != to_sb.st_uid) ||
1004 (mode != (to_sb.st_mode & ALLPERMS)))) {
1005 #if HAVE_STRUCT_STAT_ST_FLAGS
1006 /* Try to turn off the immutable bits. */
1007 if (to_sb.st_flags & NOCHANGEBITS)
1008 (void)fchflags(to_fd, to_sb.st_flags & ~NOCHANGEBITS);
1009 #endif
1010 }
1011
1012 if (!dounpriv &
1013 (gid != (gid_t)-1 && gid != to_sb.st_gid) ||
1014 (uid != (uid_t)-1 && uid != to_sb.st_uid))
1015 if (fchown(to_fd, uid, gid) == -1) {
1016 serrno = errno;
1017 (void)unlink(to_name);
1018 errno = serrno;
1019 err(EX_OSERR,"%s: chown/chgrp", to_name);
1020 }
1021
1022 if (mode != (to_sb.st_mode & ALLPERMS)) {
1023 if (fchmod(to_fd,
1024 dounpriv ? mode & (S_IRWXU|S_IRWXG|S_IRWXO) : mode)) {
1025 serrno = errno;
1026 (void)unlink(to_name);
1027 errno = serrno;
1028 err(EX_OSERR, "%s: chmod", to_name);
1029 }
1030 }
1031 #if HAVE_STRUCT_STAT_ST_FLAGS
1032 /*
1033 * If provided a set of flags, set them, otherwise, preserve the
1034 * flags, except for the dump flag.
1035 * NFS does not support flags. Ignore EOPNOTSUPP flags if we're just
1036 * trying to turn off UF_NODUMP. If we're trying to set real flags,
1037 * then warn if the fs doesn't support it, otherwise fail.
1038 */
1039 if (!dounpriv & !devnull && (flags & SETFLAGS ||
1040 (from_sb.st_flags & ~UF_NODUMP) != to_sb.st_flags) &&
1041 fchflags(to_fd,
1042 flags & SETFLAGS ? fset : from_sb.st_flags & ~UF_NODUMP)) {
1043 if (flags & SETFLAGS) {
1044 if (errno == EOPNOTSUPP)
1045 warn("%s: chflags", to_name);
1046 else {
1047 serrno = errno;
1048 (void)unlink(to_name);
1049 errno = serrno;
1050 err(EX_OSERR, "%s: chflags", to_name);
1051 }
1052 }
1053 }
1054 #endif
1055
1056 (void)close(to_fd);
1057 if (!devnull)
1058 (void)close(from_fd);
1059
1060 metadata_log(to_name, "file", tsb, NULL, digestresult, to_sb.st_size);
1061 free(digestresult);
1062 }
1063
1064 /*
1065 * compare --
1066 * Compare two files; non-zero means files differ.
1067 * Compute digest and return its address in *dresp
1068 * unless it points to pre-computed digest.
1069 */
1070 static int
compare(int from_fd,const char * from_name __unused,size_t from_len,int to_fd,const char * to_name __unused,size_t to_len,char ** dresp)1071 compare(int from_fd, const char *from_name __unused, size_t from_len,
1072 int to_fd, const char *to_name __unused, size_t to_len,
1073 char **dresp)
1074 {
1075 char *p, *q;
1076 int rv;
1077 int do_digest, done_compare;
1078 DIGEST_CTX ctx;
1079
1080 rv = 0;
1081 if (from_len != to_len)
1082 return 1;
1083
1084 do_digest = (digesttype != DIGEST_NONE && dresp != NULL &&
1085 *dresp == NULL);
1086 if (from_len <= MAX_CMP_SIZE) {
1087 if (do_digest)
1088 digest_init(&ctx);
1089 done_compare = 0;
1090 if (trymmap(from_len) && trymmap(to_len)) {
1091 p = mmap(NULL, from_len, PROT_READ, MAP_SHARED,
1092 from_fd, (off_t)0);
1093 if (p == MAP_FAILED)
1094 goto out;
1095 q = mmap(NULL, from_len, PROT_READ, MAP_SHARED,
1096 to_fd, (off_t)0);
1097 if (q == MAP_FAILED) {
1098 munmap(p, from_len);
1099 goto out;
1100 }
1101
1102 rv = memcmp(p, q, from_len);
1103 if (do_digest)
1104 digest_update(&ctx, p, from_len);
1105 munmap(p, from_len);
1106 munmap(q, from_len);
1107 done_compare = 1;
1108 }
1109 out:
1110 if (!done_compare) {
1111 char buf1[MAXBSIZE];
1112 char buf2[MAXBSIZE];
1113 int n1, n2;
1114
1115 rv = 0;
1116 lseek(from_fd, 0, SEEK_SET);
1117 lseek(to_fd, 0, SEEK_SET);
1118 while (rv == 0) {
1119 n1 = read(from_fd, buf1, sizeof(buf1));
1120 if (n1 == 0)
1121 break; /* EOF */
1122 else if (n1 > 0) {
1123 n2 = read(to_fd, buf2, n1);
1124 if (n2 == n1)
1125 rv = memcmp(buf1, buf2, n1);
1126 else
1127 rv = 1; /* out of sync */
1128 } else
1129 rv = 1; /* read failure */
1130 if (do_digest)
1131 digest_update(&ctx, buf1, n1);
1132 }
1133 lseek(from_fd, 0, SEEK_SET);
1134 lseek(to_fd, 0, SEEK_SET);
1135 }
1136 } else
1137 rv = 1; /* don't bother in this case */
1138
1139 if (do_digest) {
1140 if (rv == 0)
1141 *dresp = digest_end(&ctx, NULL);
1142 else
1143 (void)digest_end(&ctx, NULL);
1144 }
1145
1146 return rv;
1147 }
1148
1149 /*
1150 * create_tempfile --
1151 * create a temporary file based on path and open it
1152 */
1153 static int
create_tempfile(const char * path,char * temp,size_t tsize)1154 create_tempfile(const char *path, char *temp, size_t tsize)
1155 {
1156 char *p;
1157
1158 (void)strncpy(temp, path, tsize);
1159 temp[tsize - 1] = '\0';
1160 if ((p = strrchr(temp, '/')) != NULL)
1161 p++;
1162 else
1163 p = temp;
1164 (void)strncpy(p, "INS@XXXXXX", &temp[tsize - 1] - p);
1165 temp[tsize - 1] = '\0';
1166 return (mkstemp(temp));
1167 }
1168
1169 /*
1170 * create_newfile --
1171 * create a new file, overwriting an existing one if necessary
1172 */
1173 static int
create_newfile(const char * path,int target,struct stat * sbp)1174 create_newfile(const char *path, int target, struct stat *sbp)
1175 {
1176 char backup[MAXPATHLEN];
1177 int saved_errno = 0;
1178 int newfd;
1179
1180 if (target) {
1181 /*
1182 * Unlink now... avoid ETXTBSY errors later. Try to turn
1183 * off the append/immutable bits -- if we fail, go ahead,
1184 * it might work.
1185 */
1186 #if HAVE_STRUCT_STAT_ST_FLAGS
1187 if (sbp->st_flags & NOCHANGEBITS)
1188 (void)chflags(path, sbp->st_flags & ~NOCHANGEBITS);
1189 #endif
1190
1191 if (dobackup) {
1192 if ((size_t)snprintf(backup, MAXPATHLEN, "%s%s",
1193 path, suffix) != strlen(path) + strlen(suffix)) {
1194 saved_errno = errno;
1195 #if HAVE_STRUCT_STAT_ST_FLAGS
1196 if (sbp->st_flags & NOCHANGEBITS)
1197 (void)chflags(path, sbp->st_flags);
1198 #endif
1199 errno = saved_errno;
1200 errx(EX_OSERR, "%s: backup filename too long",
1201 path);
1202 }
1203 (void)snprintf(backup, MAXPATHLEN, "%s%s",
1204 path, suffix);
1205 if (verbose)
1206 (void)printf("install: %s -> %s\n",
1207 path, backup);
1208 if (rename(path, backup) < 0) {
1209 saved_errno = errno;
1210 #if HAVE_STRUCT_STAT_ST_FLAGS
1211 if (sbp->st_flags & NOCHANGEBITS)
1212 (void)chflags(path, sbp->st_flags);
1213 #endif
1214 errno = saved_errno;
1215 err(EX_OSERR, "rename: %s to %s", path, backup);
1216 }
1217 } else
1218 if (unlink(path) < 0)
1219 saved_errno = errno;
1220 }
1221
1222 newfd = open(path, O_CREAT | O_RDWR | O_TRUNC, S_IRUSR | S_IWUSR);
1223 if (newfd < 0 && saved_errno != 0)
1224 errno = saved_errno;
1225 return newfd;
1226 }
1227
1228 /*
1229 * copy --
1230 * copy from one file to another
1231 */
1232 static char *
copy(int from_fd,const char * from_name,int to_fd,const char * to_name,off_t size)1233 copy(int from_fd, const char *from_name, int to_fd, const char *to_name,
1234 off_t size)
1235 {
1236 int nr, nw;
1237 int serrno;
1238 char *p;
1239 char buf[MAXBSIZE];
1240 int done_copy;
1241 DIGEST_CTX ctx;
1242
1243 /* Rewind file descriptors. */
1244 if (lseek(from_fd, (off_t)0, SEEK_SET) == (off_t)-1)
1245 err(EX_OSERR, "lseek: %s", from_name);
1246 if (lseek(to_fd, (off_t)0, SEEK_SET) == (off_t)-1)
1247 err(EX_OSERR, "lseek: %s", to_name);
1248
1249 digest_init(&ctx);
1250
1251 done_copy = 0;
1252 if (trymmap((size_t)size) &&
1253 (p = mmap(NULL, (size_t)size, PROT_READ, MAP_SHARED,
1254 from_fd, (off_t)0)) != MAP_FAILED) {
1255 nw = write(to_fd, p, size);
1256 if (nw != size) {
1257 serrno = errno;
1258 (void)unlink(to_name);
1259 if (nw >= 0) {
1260 errx(EX_OSERR,
1261 "short write to %s: %jd bytes written, %jd bytes asked to write",
1262 to_name, (uintmax_t)nw, (uintmax_t)size);
1263 } else {
1264 errno = serrno;
1265 err(EX_OSERR, "%s", to_name);
1266 }
1267 }
1268 digest_update(&ctx, p, size);
1269 (void)munmap(p, size);
1270 done_copy = 1;
1271 }
1272 if (!done_copy) {
1273 while ((nr = read(from_fd, buf, sizeof(buf))) > 0) {
1274 if ((nw = write(to_fd, buf, nr)) != nr) {
1275 serrno = errno;
1276 (void)unlink(to_name);
1277 if (nw >= 0) {
1278 errx(EX_OSERR,
1279 "short write to %s: %jd bytes written, %jd bytes asked to write",
1280 to_name, (uintmax_t)nw,
1281 (uintmax_t)size);
1282 } else {
1283 errno = serrno;
1284 err(EX_OSERR, "%s", to_name);
1285 }
1286 }
1287 digest_update(&ctx, buf, nr);
1288 }
1289 if (nr != 0) {
1290 serrno = errno;
1291 (void)unlink(to_name);
1292 errno = serrno;
1293 err(EX_OSERR, "%s", from_name);
1294 }
1295 }
1296 if (safecopy && fsync(to_fd) == -1) {
1297 serrno = errno;
1298 (void)unlink(to_name);
1299 errno = serrno;
1300 err(EX_OSERR, "fsync failed for %s", to_name);
1301 }
1302 return (digest_end(&ctx, NULL));
1303 }
1304
1305 /*
1306 * strip --
1307 * Use strip(1) to strip the target file.
1308 * Just invoke strip(1) on to_name if from_name is NULL, else try
1309 * to run "strip -o to_name -- from_name" and return 0 on failure.
1310 * Return 1 on success and assign result of digest_file(to_name)
1311 * to *dresp.
1312 */
1313 static int
strip(const char * to_name,int to_fd,const char * from_name,char ** dresp)1314 strip(const char *to_name, int to_fd, const char *from_name, char **dresp)
1315 {
1316 const char *stripbin;
1317 const char *args[6];
1318 pid_t pid;
1319 int error, serrno, status;
1320
1321 stripbin = getenv("STRIPBIN");
1322 if (stripbin == NULL)
1323 stripbin = "strip";
1324 args[0] = stripbin;
1325 if (from_name == NULL) {
1326 args[1] = to_name;
1327 args[2] = NULL;
1328 } else {
1329 args[1] = "-o";
1330 args[2] = to_name;
1331 args[3] = "--";
1332 args[4] = from_name;
1333 args[5] = NULL;
1334 }
1335 error = posix_spawnp(&pid, stripbin, NULL, NULL,
1336 __DECONST(char **, args), environ);
1337 if (error != 0) {
1338 (void)unlink(to_name);
1339 errc(error == EAGAIN || error == EPROCLIM || error == ENOMEM ?
1340 EX_TEMPFAIL : EX_OSERR, error, "spawn %s", stripbin);
1341 }
1342 if (waitpid(pid, &status, 0) == -1) {
1343 error = errno;
1344 (void)unlink(to_name);
1345 errc(EX_SOFTWARE, error, "wait");
1346 /* NOTREACHED */
1347 }
1348 if (status != 0) {
1349 if (from_name != NULL)
1350 return (0);
1351 (void)unlink(to_name);
1352 errx(EX_SOFTWARE, "strip command %s failed on %s",
1353 stripbin, to_name);
1354 }
1355 if (from_name != NULL && safecopy && fsync(to_fd) == -1) {
1356 serrno = errno;
1357 (void)unlink(to_name);
1358 errno = serrno;
1359 err(EX_OSERR, "fsync failed for %s", to_name);
1360 }
1361 if (dresp != NULL)
1362 *dresp = digest_file(to_name);
1363 return (1);
1364 }
1365
1366 /*
1367 * install_dir --
1368 * build directory hierarchy
1369 */
1370 static void
install_dir(char * path)1371 install_dir(char *path)
1372 {
1373 char *p;
1374 struct stat sb;
1375 int ch, tried_mkdir;
1376
1377 for (p = path;; ++p)
1378 if (!*p || (p != path && *p == '/')) {
1379 tried_mkdir = 0;
1380 ch = *p;
1381 *p = '\0';
1382 again:
1383 if (stat(path, &sb) < 0) {
1384 if (errno != ENOENT || tried_mkdir)
1385 err(EX_OSERR, "stat %s", path);
1386 if (mkdir(path, 0755) < 0) {
1387 tried_mkdir = 1;
1388 if (errno == EEXIST)
1389 goto again;
1390 err(EX_OSERR, "mkdir %s", path);
1391 }
1392 if (verbose)
1393 (void)printf("install: mkdir %s\n",
1394 path);
1395 } else if (!S_ISDIR(sb.st_mode))
1396 errx(EX_OSERR, "%s exists but is not a directory", path);
1397 if (!(*p = ch))
1398 break;
1399 }
1400
1401 if (!dounpriv) {
1402 if ((gid != (gid_t)-1 || uid != (uid_t)-1) &&
1403 chown(path, uid, gid))
1404 warn("chown %u:%u %s", uid, gid, path);
1405 /* XXXBED: should we do the chmod in the dounpriv case? */
1406 if (chmod(path, mode))
1407 warn("chmod %o %s", mode, path);
1408 }
1409 metadata_log(path, "dir", NULL, NULL, NULL, 0);
1410 }
1411
1412 /*
1413 * metadata_log --
1414 * if metafp is not NULL, output mtree(8) full path name and settings to
1415 * metafp, to allow permissions to be set correctly by other tools,
1416 * or to allow integrity checks to be performed.
1417 */
1418 static void
metadata_log(const char * path,const char * type,struct timespec * ts,const char * slink,const char * digestresult,off_t size)1419 metadata_log(const char *path, const char *type, struct timespec *ts,
1420 const char *slink, const char *digestresult, off_t size)
1421 {
1422 static const char extra[] = { ' ', '\t', '\n', '\\', '#', '\0' };
1423 const char *p;
1424 char *buf;
1425 size_t destlen;
1426 struct flock metalog_lock;
1427
1428 if (!metafp)
1429 return;
1430 /* Buffer for strsvis(3). */
1431 buf = (char *)malloc(4 * strlen(path) + 1);
1432 if (buf == NULL) {
1433 warnx("%s", strerror(ENOMEM));
1434 return;
1435 }
1436
1437 /* Lock log file. */
1438 metalog_lock.l_start = 0;
1439 metalog_lock.l_len = 0;
1440 metalog_lock.l_whence = SEEK_SET;
1441 metalog_lock.l_type = F_WRLCK;
1442 if (fcntl(fileno(metafp), F_SETLKW, &metalog_lock) == -1) {
1443 warn("can't lock %s", metafile);
1444 free(buf);
1445 return;
1446 }
1447
1448 /* Remove destdir. */
1449 p = path;
1450 if (destdir) {
1451 destlen = strlen(destdir);
1452 if (strncmp(p, destdir, destlen) == 0 &&
1453 (p[destlen] == '/' || p[destlen] == '\0'))
1454 p += destlen;
1455 }
1456 while (*p && *p == '/')
1457 p++;
1458 strsvis(buf, p, VIS_OCTAL, extra);
1459 p = buf;
1460 /* Print details. */
1461 fprintf(metafp, ".%s%s type=%s", *p ? "/" : "", p, type);
1462 if (owner)
1463 fprintf(metafp, " uname=%s", owner);
1464 if (group)
1465 fprintf(metafp, " gname=%s", group);
1466 fprintf(metafp, " mode=%#o", mode);
1467 if (slink) {
1468 strsvis(buf, slink, VIS_CSTYLE, extra); /* encode link */
1469 fprintf(metafp, " link=%s", buf);
1470 }
1471 if (*type == 'f') /* type=file */
1472 fprintf(metafp, " size=%lld", (long long)size);
1473 if (ts != NULL && dopreserve)
1474 fprintf(metafp, " time=%lld.%09ld",
1475 (long long)ts[1].tv_sec, ts[1].tv_nsec);
1476 if (digestresult && digest)
1477 fprintf(metafp, " %s=%s", digest, digestresult);
1478 if (fflags)
1479 fprintf(metafp, " flags=%s", fflags);
1480 if (tags)
1481 fprintf(metafp, " tags=%s", tags);
1482 fputc('\n', metafp);
1483 /* Flush line. */
1484 fflush(metafp);
1485
1486 /* Unlock log file. */
1487 metalog_lock.l_type = F_UNLCK;
1488 if (fcntl(fileno(metafp), F_SETLKW, &metalog_lock) == -1)
1489 warn("can't unlock %s", metafile);
1490 free(buf);
1491 }
1492
1493 /*
1494 * usage --
1495 * print a usage message and die
1496 */
1497 static void
usage(void)1498 usage(void)
1499 {
1500 (void)fprintf(stderr,
1501 "usage: install [-bCcpSsUv] [-f flags] [-g group] [-m mode] [-o owner]\n"
1502 " [-M log] [-D dest] [-h hash] [-T tags]\n"
1503 " [-B suffix] [-l linkflags] [-N dbdir]\n"
1504 " file1 file2\n"
1505 " install [-bCcpSsUv] [-f flags] [-g group] [-m mode] [-o owner]\n"
1506 " [-M log] [-D dest] [-h hash] [-T tags]\n"
1507 " [-B suffix] [-l linkflags] [-N dbdir]\n"
1508 " file1 ... fileN directory\n"
1509 " install -dU [-vU] [-g group] [-m mode] [-N dbdir] [-o owner]\n"
1510 " [-M log] [-D dest] [-h hash] [-T tags]\n"
1511 " directory ...\n");
1512 exit(EX_USAGE);
1513 /* NOTREACHED */
1514 }
1515
1516 /*
1517 * trymmap --
1518 * return true (1) if mmap should be tried, false (0) if not.
1519 */
1520 static int
trymmap(size_t filesize)1521 trymmap(size_t filesize)
1522 {
1523 /*
1524 * This function existed to skip mmap() for NFS file systems whereas
1525 * nowadays mmap() should be perfectly safe. Nevertheless, using mmap()
1526 * only reduces the number of system calls if we need multiple read()
1527 * syscalls, i.e. if the file size is > MAXBSIZE. However, mmap() is
1528 * more expensive than read() so set the threshold at 4 fewer syscalls.
1529 * Additionally, for larger file size mmap() can significantly increase
1530 * the number of page faults, so avoid it in that case.
1531 *
1532 * Note: the 8MB limit is not based on any meaningful benchmarking
1533 * results, it is simply reusing the same value that was used before
1534 * and also matches bin/cp.
1535 *
1536 * XXX: Maybe we shouldn't bother with mmap() at all, since we use
1537 * MAXBSIZE the syscall overhead of read() shouldn't be too high?
1538 */
1539 return (filesize > 4 * MAXBSIZE && filesize < 8 * 1024 * 1024);
1540 }
1541