machine: introduce io.systemd.MachineImage.Clone method

4 files changed, 107 insertions, 2 deletions

diff --git a/src/machine/image-varlink.c b/src/machine/image-varlink.c
index 2909e2a750..f2f745e655 100644
--- a/src/machine/image-varlink.c
+++ b/src/machine/image-varlink.c
@@ -4,10 +4,22 @@
 #include "sd-varlink.h"
 
 #include "bus-polkit.h"
+#include "fd-util.h"
 #include "image-varlink.h"
 #include "machine.h"
 #include "string-util.h"
 
+typedef struct ImageUpdateParameters {
+        const char *name;
+        const char *new_name;
+        int read_only;
+} ImageUpdateParameters;
+
+#define IMAGE_UPDATE_PARAMETERS_NULL \
+        (ImageUpdateParameters) {    \
+                .read_only = -1,     \
+        }
+
 int vl_method_update_image(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) {
         struct params {
                 const char *image_name;
@@ -86,3 +98,76 @@ int vl_method_update_image(sd_varlink *link, sd_json_variant *parameters, sd_var
 
         return sd_varlink_reply(link, NULL);
 }
+
+int vl_method_clone_image(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) {
+        static const sd_json_dispatch_field dispatch_table[] = {
+                { "name",     SD_JSON_VARIANT_STRING,  sd_json_dispatch_const_string, offsetof(ImageUpdateParameters, name),      SD_JSON_MANDATORY },
+                { "newName",  SD_JSON_VARIANT_STRING,  sd_json_dispatch_const_string, offsetof(ImageUpdateParameters, new_name),  SD_JSON_MANDATORY },
+                { "readOnly", SD_JSON_VARIANT_BOOLEAN, sd_json_dispatch_tristate,     offsetof(ImageUpdateParameters, read_only), 0                 },
+                VARLINK_DISPATCH_POLKIT_FIELD,
+                {}
+        };
+
+        Manager *manager = ASSERT_PTR(userdata);
+        _cleanup_close_pair_ int errno_pipe_fd[2] = EBADF_PAIR;
+        ImageUpdateParameters p = IMAGE_UPDATE_PARAMETERS_NULL;
+        Image *image;
+        pid_t child;
+        int r;
+
+        assert(link);
+        assert(parameters);
+
+        if (manager->n_operations >= OPERATIONS_MAX)
+                return sd_varlink_error(link, "io.systemd.MachineImage.TooManyOperations", NULL);
+
+        r = sd_varlink_dispatch(link, parameters, dispatch_table, &p);
+        if (r != 0)
+                return r;
+
+        if (!image_name_is_valid(p.name))
+                return sd_varlink_error_invalid_parameter_name(link, "name");
+
+        if (!image_name_is_valid(p.new_name))
+                return sd_varlink_error_invalid_parameter_name(link, "newName");
+
+        r = manager_acquire_image(manager, p.name, &image);
+        if (r == -ENOENT)
+                return sd_varlink_error(link, "io.systemd.MachineImage.NoSuchImage", NULL);
+        if (r < 0)
+                return r;
+
+        r = varlink_verify_polkit_async(
+                        link,
+                        manager->bus,
+                        "org.freedesktop.machine1.manage-images",
+                        (const char**) STRV_MAKE("image", image->name,
+                                                 "verb", "clone",
+                                                 "new_name", p.new_name),
+                        &manager->polkit_registry);
+        if (r <= 0)
+                return r;
+
+        if (pipe2(errno_pipe_fd, O_CLOEXEC|O_NONBLOCK) < 0)
+                return log_debug_errno(errno, "Failed to open pipe: %m");
+
+        r = safe_fork("(sd-imgclone)", FORK_RESET_SIGNALS, &child);
+        if (r < 0)
+                return log_debug_errno(r, "Failed to fork: %m");
+        if (r == 0) {
+                errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);
+                r = image_clone(image, p.new_name, p.read_only > 0);
+                report_errno_and_exit(errno_pipe_fd[1], r);
+        }
+
+        errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
+
+        r = operation_new_with_varlink_reply(manager, /* machine= */ NULL, child, link, errno_pipe_fd[0], /* ret= */ NULL);
+        if (r < 0) {
+                sigkill_wait(child);
+                return r;
+        }
+
+        TAKE_FD(errno_pipe_fd[0]);
+        return 1;
+}
diff --git a/src/machine/image-varlink.h b/src/machine/image-varlink.h
index 72028239de..e5532fa887 100644
--- a/src/machine/image-varlink.h
+++ b/src/machine/image-varlink.h
@@ -4,3 +4,4 @@
 #include "sd-varlink.h"
 
 int vl_method_update_image(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata);
+int vl_method_clone_image(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata);
diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c
index 151d06e5f4..691248e674 100644
--- a/src/machine/machined-varlink.c
+++ b/src/machine/machined-varlink.c
@@ -774,7 +774,8 @@ static int manager_varlink_init_machine(Manager *m) {
                         "io.systemd.Machine.Terminate",   vl_method_terminate,
                         "io.systemd.Machine.Kill",        vl_method_kill,
                         "io.systemd.MachineImage.List",   vl_method_list_images,
-                        "io.systemd.MachineImage.Update", vl_method_update_image);
+                        "io.systemd.MachineImage.Update", vl_method_update_image,
+                        "io.systemd.MachineImage.Clone",  vl_method_clone_image);
         if (r < 0)
                 return log_error_errno(r, "Failed to register varlink methods: %m");
 
diff --git a/src/shared/varlink-io.systemd.MachineImage.c b/src/shared/varlink-io.systemd.MachineImage.c
index 5d3b3fd32f..68ea5cf279 100644
--- a/src/shared/varlink-io.systemd.MachineImage.c
+++ b/src/shared/varlink-io.systemd.MachineImage.c
@@ -53,6 +53,11 @@ static SD_VARLINK_DEFINE_METHOD_FULL(
                 SD_VARLINK_FIELD_COMMENT("OS release information of an image. It contains an array of key value pairs read from the os-release(5) file in the image."),
                 SD_VARLINK_DEFINE_OUTPUT(OSRelease, SD_VARLINK_STRING, SD_VARLINK_NULLABLE|SD_VARLINK_ARRAY));
 
+#define VARLINK_DEFINE_IMAGE_LOOKUP_AND_POLKIT_FIELDS           \
+        SD_VARLINK_FIELD_COMMENT("The name of an image"),       \
+        SD_VARLINK_DEFINE_INPUT(name, SD_VARLINK_STRING, 0),    \
+        VARLINK_DEFINE_POLKIT_INPUT
+
 static SD_VARLINK_DEFINE_METHOD(
                 Update,
                 SD_VARLINK_FIELD_COMMENT("The name of a image to update."),
@@ -65,7 +70,16 @@ static SD_VARLINK_DEFINE_METHOD(
                 SD_VARLINK_DEFINE_INPUT(limit, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
                 VARLINK_DEFINE_POLKIT_INPUT);
 
+static SD_VARLINK_DEFINE_METHOD(
+                Clone,
+                VARLINK_DEFINE_IMAGE_LOOKUP_AND_POLKIT_FIELDS,
+                SD_VARLINK_FIELD_COMMENT("The new name of the image"),
+                SD_VARLINK_DEFINE_INPUT(newName, SD_VARLINK_STRING, 0),
+                SD_VARLINK_FIELD_COMMENT("If non-null value of the read-only flag of the image"),
+                SD_VARLINK_DEFINE_INPUT(readOnly, SD_VARLINK_BOOL, SD_VARLINK_NULLABLE));
+
 static SD_VARLINK_DEFINE_ERROR(NoSuchImage);
+static SD_VARLINK_DEFINE_ERROR(TooManyOperations);
 
 SD_VARLINK_DEFINE_INTERFACE(
                 io_systemd_MachineImage,
@@ -76,5 +90,9 @@ SD_VARLINK_DEFINE_INTERFACE(
                 &vl_method_List,
                 SD_VARLINK_SYMBOL_COMMENT("Update image allowing to rename or toggle read-only flag"),
                 &vl_method_Update,
+                SD_VARLINK_SYMBOL_COMMENT("Clone image"),
+                &vl_method_Clone,
                 SD_VARLINK_SYMBOL_COMMENT("No matching image exists"),
-                &vl_error_NoSuchImage);
+                &vl_error_NoSuchImage,
+                SD_VARLINK_SYMBOL_COMMENT("Too many ongoing background operations"),
+                &vl_error_TooManyOperations);