summaryrefslogtreecommitdiffstats
path: root/src/dissect (follow)
Commit message (Collapse)AuthorAgeFilesLines
* sd-json,tree-wide: add sd_json_format_enabled() and use it everwhereZbigniew Jędrzejewski-Szmek2024-10-281-5/+5
| | | | | | | | | | | | | | | | | | | We often used a pattern like if (!FLAGS_SET(flags, SD_JSON_FORMAT_OFF)), which is rather verbose and also contains a double negative, which we try to avoid. Add a little helper to avoid an explicit bit check. This change clarifies an aditional thing: in some cases we treated SD_JSON_FORMAT_OFF as a flag (flags & SD_JSON_FORMAT_OFF), while in other cases we treated it as an independent enum value (flags == SD_JSON_FORMAT_OFF). In the first form, flags like SD_JSON_FORMAT_SSE do _not_ turn the json output on, while in the second form they do. Let's use the first form everywhere. No functional change intended. Initially I wasn't sure if this helper should be made public or just internal, but it seems such a common pattern that if we expose the flags, we might just as well expose it too, to make life easier for any consumers.
* tree-wide: use isatty_safe() moreLennart Poettering2024-08-201-4/+4
|
* tree-wide: port over to new builder apisLennart Poettering2024-06-191-23/+24
|
* libsystemd: turn json.[ch] into a public APILennart Poettering2024-06-121-34/+35
| | | | | | | | | | | | | | | This is preparation for making our Varlink API a public API. Since our Varlink API is built on top of our JSON API we need to make that public first (it's a nice API, but JSON APIs there are already enough, this is purely about the Varlink angle). I made most of the json.h APIs public, and just placed them in sd-json.h. Sometimes I wasn't so sure however, since the underlying data structures would have to be made public too. If in doubt I didn#t risk it, and moved the relevant API to src/libsystemd/sd-json/json-util.h instead (without any sd_* symbol prefixes). This is mostly a giant search/replace patch.
* dissect-tool: allow systemd-dissect to talk to mountfsdLennart Poettering2024-04-061-63/+135
|
* dissect-image: make dissected_image_acquire_metadata() operate within a ↵Lennart Poettering2024-04-061-1/+1
| | | | | | | | userns if possible This opens the door for making the call work without privileges: if we pass in a userns fd and DissectedImage that has mount fds then we can acquire all information without privs.
* dissect: fix memory leakAntonio Alvarez Feijoo2024-03-261-1/+2
|
* dissect-image: add flag for explicitly enabling userspace verity signature ↵Lennart Poettering2024-02-281-1/+2
| | | | | | | | | | checking let's make userspace verity signature checking optional. This adds a dissection flag to enable the logic and patches through all our users to enable it by default, thus effectively not changing anything from the status quo ante. However, know we have a knob to turn this off in certain scenarios.
* basic: Add some sha256 helper functionsAdrian Vovk2024-02-131-18/+1
| | | | | | Adds a util function to sha256 an open fd (moved from dissect). Also adds functions to check if a string contains a valid sha256 hash, and parse it into a sha256 array.
* dissect: add --make-archive option to convert DDI to tarballLennart Poettering2024-01-251-3/+197
|
* dissect: show image name separately from filenameLennart Poettering2024-01-231-1/+4
| | | | | | | | If the image name is different from the filename then show it in the output, since it's relevant for finding sysext/confext release files. (Image name is typically the filename without the ".raw" suffix and similar).
* dissect: fix typoAntonio Alvarez Feijoo2024-01-191-1/+1
|
* dissect-image: introduce new get_common_dissect_directory() helperLennart Poettering2024-01-181-12/+5
| | | | | | | | | | | | | So far, if some component mounts a DDI in some local mount namespace we created a temporary mountpoint in /tmp/ for that. Let's instead use the same directory inode in /run/ instead. This is safe, since if everything runs in a local mount namespace (with propagation on /run/ off) then they shouldn't fight for the inode. And it relieves us from having to clean up the directory after use. Morever, it allows us to run without /tmp/ mounted. This only moves dissect-image.c and the dissec tool over. More stuff is moved over later.
* src/basic: rename uid-alloc-range.[ch] to uid-classification.[ch]Zbigniew Jędrzejewski-Szmek2024-01-091-1/+1
| | | | | | | | | We had both uid-range.h and uid-alloc-range.h. The latter now contains helpers like {uid,gid}_is_{system,dynamic,container}(), uid_for_system_journal(), so the existing name is outdated. I think the uid-range.[ch] should stay separate because it has a bunch of helpers for parsing and printing of uid ranges. So let's rename as in $subject to better reflect the contents of the file and make the two sets of files harder to confuse.
* hexdecoct: make unbase64mem and unhexmem always use SIZE_MAXMike Yuan2024-01-081-2/+2
|
* dissect: add assert to guide static analysisLuca Boccassi2024-01-041-0/+2
| | | | CID#1533112
* dissect: port to vpick for selecting imageLennart Poettering2024-01-031-0/+11
|
* Merge pull request #30591 from yuwata/device-utilLuca Boccassi2024-01-011-15/+2
|\ | | | | device-util: introduce device_in_subsystem() and device_is_devtype() helper functions
| * tree-wide: use device_in_subsystem() and device_is_devtype()Yu Watanabe2023-12-221-15/+2
| |
* | tree-wide: insert space after for and switchYu Watanabe2023-12-241-1/+1
|/
* dissect-tool: hide device column if it's a short-lived loopback deviceLennart Poettering2023-12-131-0/+5
| | | | | | | | | It's pointless showing info that isn#t going to survive the current invocation, hence hide it. The "partition number" column is more useful since it kinda shows the same information, but without the device node name prefixed that is local to the currentl invocation.
* dissect-tool: show sector/image size from DissectedImage objectLennart Poettering2023-12-131-8/+7
| | | | | The information is provided to us already in the structure now, hence use it.
* dissect-tool: right-align the partition numberLennart Poettering2023-12-131-1/+1
| | | | | | | The right-alignment was applied to the wrong column, because neither ee8e497d249ab2e2df92aa024274f5b817270114 nor 1474d7ac2d308204e599a2502a8b5625bca76bcc updated the column count as they should have.
* dissect: set dash as ersatz stringLennart Poettering2023-11-151-0/+1
|
* dissect: right-align size column in --discover tableLennart Poettering2023-11-151-0/+2
|
* dissect: move helpers for categorizing DDIs into generic codeLennart Poettering2023-10-111-11/+10
| | | | | | These tests are already done at two places, let's unify them in one place, and tweak them slightly (specifically: require for considering a DDI bootable in UEFI we also need need an init system inside).
* dissect: allow confext/sysext to be in the same imageLennart Poettering2023-10-111-29/+57
| | | | | | | | | | | | | | | | | This reworks the image discovery logic, and conceptually allows DDIs that are both confext and sysext to exist. Previously we'd only extract one type of exension data from a DDI, with this we allow to extract both if both exist. This doesn't add support for true "multi-modal" DDIs, that qualify as various things at once, it just lays some ground work that ensures we at least can dissect such images. This reworks 484d26dac1e8e543fc9e300e3c1fa36be0769f7d quite a bit. This changes systemd-dissect's JSON output, but given the version with the fields it changes/dops has never been released (as the above patch was merged post-v254) this shouldn't be an issue.
* dissect: image size can be unset, suppres in JSON output thenLennart Poettering2023-10-111-2/+2
| | | | | | | | The ioctl() failure we handle gracefully, hence also reflect that in the JSON output. (While we are at it, bring JSON output into same order as textual output, i.e. move uuid down a bit.)
* dissect: show architecture in JSON output tooLennart Poettering2023-10-111-0/+3
| | | | | We show it in the human readable output, and we should include the same data in the JSON output too.
* dissect: port to new JSON_BUILD_STRV_ENV_PAIR()Lennart Poettering2023-10-111-45/+4
|
* dissect: don't show non-JSON arch + sector size in JSON modeLennart Poettering2023-10-101-6/+6
|
* dissect-image: optionally allow mounting via new kernel mount API in two stepsLennart Poettering2023-10-021-3/+21
| | | | | | | | | This adds support for the new fsmount() logic of the kernel: we'll first create an unattached fsmount fd, and then in a second step attach this to some real file system inode – as opposed to attaching file system directly. The benefit of this is that we can pass the open fsmount fds over some sockets if need be, to isolate the mounting code from the attaching code.
* dissect: Set SYSTEMD_DISSECT_DEVICE to path of loop deviceDaan De Meyer2023-08-171-0/+5
| | | | | | For some use cases we want to operate on the loop device that systemd-dissect has attached the loop device to, so let's make that easily accessible.
* copy: Add support for creating subvolumes to copy_tree_at()Daan De Meyer2023-08-141-2/+2
| | | | | | | The subvolumes set is a set of source inodes similar to how the denylist hashmap contains source inodes as keys. It indicates directories in the source tree that should become subvolumes in the target tree.
* meson: use install_emptydir() and drop meson-make-symlink.shYu Watanabe2023-08-081-3/+4
| | | | | | The script is mostly equivalent to 'mkdir -p' and 'ln -sfr'. Let's replace it with install_emptydir() builtin function and inline meson call.
* meson: move declarations of dissect and friendsYu Watanabe2023-07-311-0/+16
|
* confext: add dissect tool support for confext imagesMaanya Goenka2023-07-141-19/+23
| | | | | Allow image wide systemd tool support for confext images by adding dissect tool support for these images
* device-util: Declare iterator variables inlineDaan De Meyer2023-07-121-1/+0
|
* dissect: add new verbs to brief version of cmline in --helpLennart Poettering2023-07-071-2/+4
|
* dissect: Add --mtree-hash= optionDaan De Meyer2023-07-061-1/+11
| | | | | | Let's make including hashes in the mtree output configurable to allow speeding up the --mtree command in cases where file hashes are not required.
* dissect: Allow a few verbs to operate on directories as well as image filesDaan De Meyer2023-07-061-86/+120
| | | | | | --copy-to, --copy-from, --list and --mtree are useful for image directories as well as image files, so for those verbs, let's check if we were passed a directory and skip all the image file setup if that's the case.
* tree-wide: "<n>bit" → "<n>-bit"Zbigniew Jędrzejewski-Szmek2023-07-021-1/+1
| | | | In some places, "<n> bits" is used when more appropriate.
* copy: Merge copy_directory() and copy_directory_fd() into copy_directory_at()Daan De Meyer2023-06-061-1/+1
| | | | | Let's merge these two into a single function that can handle both variants and more.
* tree-wide: use _cleanup_set_free_ and friendsYu Watanabe2023-05-311-1/+1
| | | | Instead of _cleanup_(set_freep) or so.
* dissect: use pager for --helpZbigniew Jędrzejewski-Szmek2023-05-301-0/+2
| | | | | This output is already too long to fit on an normal terminal, and the interesting parts are towards the top.
* tree-wide: code spelling fixesFrantisek Sumsal2023-04-201-1/+1
| | | | As reported by Fossies.
* image-policy: introduce parse_image_policy_argument() helperYu Watanabe2023-04-131-9/+3
| | | | | | | | | Addresses https://github.com/systemd/systemd/pull/25608/commits/84be0c710d9d562f6d2cf986cc2a8ff4c98a138b#r1060130312, https://github.com/systemd/systemd/pull/25608/commits/84be0c710d9d562f6d2cf986cc2a8ff4c98a138b#r1067927293, and https://github.com/systemd/systemd/pull/25608/commits/84be0c710d9d562f6d2cf986cc2a8ff4c98a138b#r1067926416. Follow-up for 84be0c710d9d562f6d2cf986cc2a8ff4c98a138b.
* dissect: disallow empty partition tablesLennart Poettering2023-04-051-1/+2
| | | | | | | | If we don't find a single useful partition table, refusing dissection. (Except in systemd-dissect, when we are supposed to show DDI information, in that case allow this to run and show general DDI information, i.e. size, UUID and name at least)
* dissect: add new --validate commandLennart Poettering2023-04-051-0/+48
| | | | | | This allows unprivileged validation of DDIs. Only superficial structure, i.e. not mounting or so. This becomes particularly handy in the integration tests, and to validate image policies.
* tree-wide: hook up image dissection policy logic everywhereLennart Poettering2023-04-051-1/+19
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-12 09:38:58 +0100