systemd-analyze: support discrete images for 'verify' verb

Adding --image parameter for verify verb using the dissect image functionality ----------------------------------------------------------------------------------- Example Run: I created a unit service file testrun.service with an invalid key-value pairing (foo = bar) and a squashfs image run.raw to test the code. maanya-goenka@debian:~/systemd (img-support)$ cat <<EOF>img/usr/lib/systemd/system/testrun.service > [Unit] > foo = bar > > [Service] > ExecStart = /opt/script0.sh > EOF maanya-goenka@debian:~/systemd (img-support)$ mksquashfs img/ run.raw Parallel mksquashfs: Using 4 processors Creating 4.0 filesystem on run.raw, block size 131072. [==============================================================================================================================|] 6/6 100% Exportable Squashfs 4.0 filesystem, gzip compressed, data block size 131072 compressed data, compressed metadata, compressed fragments, compressed xattrs duplicates are removed Filesystem size 0.60 Kbytes (0.00 Mbytes) 52.32% of uncompressed filesystem size (1.14 Kbytes) Inode table size 166 bytes (0.16 Kbytes) 43.01% of uncompressed inode table size (386 bytes) Directory table size 153 bytes (0.15 Kbytes) 58.40% of uncompressed directory table size (262 bytes) Number of duplicate files found 1 Number of inodes 12 Number of files 6 Number of fragments 1 Number of symbolic links 0 Number of device nodes 0 Number of fifo nodes 0 Number of socket nodes 0 Number of directories 6 Number of ids (unique uids + gids) 1 Number of uids 1 maanya-goenka (1000) Number of gids 1 maanya-goenka (1000) maanya-goenka@debian:~/systemd (img-support)$ sudo build/systemd-analyze verify --image=run.raw testrun.service /tmp/.#systemd-analyzec71c7297a936b91c/usr/lib/systemd/system/testrun.service:2: Unknown key name 'foo' in section 'Unit', ignoring. testrun.service: Failed to create testrun.service/start: Unit sysinit.target not found. The 'Unit sysinit.target not found' error that we see here is due to recursive dependency searching during unit loading and has been addressed in a different PR: systemd-analyze: add option to return an error value when unit verification fails #20233
author: Maanya Goenka <t-magoenka@microsoft.com> 2021-06-30 19:02:51 +0200
committer: Maanya Goenka <t-magoenka@microsoft.com> 2021-08-10 11:41:12 +0200
commit: e5ea5c3a17c6b8916c35abb665fd926d2d9ff41b (patch)
tree: 98b5ac2c80ae0651d5adce2fa968bf3ae2dfbf17 /src/analyze
parent: systemd-analyze: add --root option for 'verify' verb and allow path parsing (diff)
download: systemd-e5ea5c3a17c6b8916c35abb665fd926d2d9ff41b.tar.xz
systemd-e5ea5c3a17c6b8916c35abb665fd926d2d9ff41b.zip
1 files changed, 40 insertions, 2 deletions
diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c
index f5ce2c3ad3..8d637ff8de 100644
--- a/src/analyze/analyze.c
+++ b/src/analyze/analyze.c
@@ -34,6 +34,7 @@
 #include "locale-util.h"
 #include "log.h"
 #include "main-func.h"
+#include "mount-util.h"
 #include "nulstr-util.h"
 #include "pager.h"
 #include "parse-argument.h"
@@ -87,12 +88,14 @@ static UnitFileScope arg_scope = UNIT_FILE_SYSTEM;
 static bool arg_man = true;
 static bool arg_generators = false;
 static char *arg_root = NULL;
+static char *arg_image = NULL;
 static unsigned arg_iterations = 1;
 static usec_t arg_base_time = USEC_INFINITY;
 
 STATIC_DESTRUCTOR_REGISTER(arg_dot_from_patterns, strv_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_dot_to_patterns, strv_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_root, freep);
+STATIC_DESTRUCTOR_REGISTER(arg_image, freep);
 
 typedef struct BootTimes {
         usec_t firmware_time;
@@ -2232,6 +2235,7 @@ static int parse_argv(int argc, char *argv[]) {
                 ARG_ORDER,
                 ARG_REQUIRE,
                 ARG_ROOT,
+                ARG_IMAGE,
                 ARG_SYSTEM,
                 ARG_USER,
                 ARG_GLOBAL,
@@ -2251,6 +2255,7 @@ static int parse_argv(int argc, char *argv[]) {
                 { "order",        no_argument,       NULL, ARG_ORDER            },
                 { "require",      no_argument,       NULL, ARG_REQUIRE          },
                 { "root",         required_argument, NULL, ARG_ROOT             },
+                { "image",        required_argument, NULL, ARG_IMAGE            },
                 { "system",       no_argument,       NULL, ARG_SYSTEM           },
                 { "user",         no_argument,       NULL, ARG_USER             },
                 { "global",       no_argument,       NULL, ARG_GLOBAL           },
@@ -2287,6 +2292,12 @@ static int parse_argv(int argc, char *argv[]) {
                                 return r;
                         break;
 
+                case ARG_IMAGE:
+                        r = parse_path_argument(optarg, /* suppress_root= */ false, &arg_image);
+                        if (r < 0)
+                                return r;
+                        break;
+
                 case ARG_SYSTEM:
                         arg_scope = UNIT_FILE_SYSTEM;
                         break;
@@ -2381,14 +2392,21 @@ static int parse_argv(int argc, char *argv[]) {
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                        "Option --user is not supported for cat-config right now.");
 
-        if (arg_root && !STRPTR_IN_SET(argv[optind], "cat-config", "verify"))
+        if ((arg_root || arg_image) && !STRPTR_IN_SET(argv[optind], "cat-config", "verify"))
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                       "Option --root is only supported for cat-config and verify right now.");
+                                       "Options --root= and --image= are only supported for cat-config and verify right now.");
+
+        /* Having both an image and a root is not supported by the code */
+        if (arg_root && arg_image)
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Please specify either --root= or --image=, the combination of both is not supported.");
 
         return 1; /* work to do */
 }
 
 static int run(int argc, char *argv[]) {
+        _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
+        _cleanup_(decrypted_image_unrefp) DecryptedImage *decrypted_image = NULL;
+        _cleanup_(umount_and_rmdir_and_freep) char *unlink_dir = NULL;
 
         static const Verb verbs[] = {
                 { "help",              VERB_ANY, VERB_ANY, 0,            help                   },
@@ -2432,6 +2450,26 @@ static int run(int argc, char *argv[]) {
         if (r <= 0)
                 return r;
 
+        /* Open up and mount the image */
+        if (arg_image) {
+                assert(!arg_root);
+
+                r = mount_image_privately_interactively(
+                                arg_image,
+                                DISSECT_IMAGE_GENERIC_ROOT |
+                                DISSECT_IMAGE_RELAX_VAR_CHECK |
+                                DISSECT_IMAGE_READ_ONLY,
+                                &unlink_dir,
+                                &loop_device,
+                                &decrypted_image);
+                if (r < 0)
+                        return r;
+
+                arg_root = strdup(unlink_dir);
+                if (!arg_root)
+                        return log_oom();
+        }
+
         return dispatch_verb(argc, argv, verbs, NULL);
 }
author	Maanya Goenka <t-magoenka@microsoft.com>	2021-06-30 19:02:51 +0200
committer	Maanya Goenka <t-magoenka@microsoft.com>	2021-08-10 11:41:12 +0200
commit	e5ea5c3a17c6b8916c35abb665fd926d2d9ff41b (patch)
tree	98b5ac2c80ae0651d5adce2fa968bf3ae2dfbf17 /src/analyze
parent	systemd-analyze: add --root option for 'verify' verb and allow path parsing (diff)
download	systemd-e5ea5c3a17c6b8916c35abb665fd926d2d9ff41b.tar.xz systemd-e5ea5c3a17c6b8916c35abb665fd926d2d9ff41b.zip