From e663d4d8f1ea3d5b4015a0dbc531810fa70bed0d Mon Sep 17 00:00:00 2001 From: HuijingHei Date: Wed, 19 Jun 2024 18:51:27 +0800 Subject: [PATCH] efi: update the ESP by creating a tmpdir and RENAME_EXCHANGE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit See Timothée's comment https://github.com/coreos/bootupd/issues/454#issuecomment-2178227050 logic is like this: - `cp -a fedora fedora.tmp` - We start with a copy to make sure to keep all other files that we do not explicitly track in bootupd - Update the content of `fedora.tmp` with the new binaries - Exchange `fedora.tmp` -> `fedora` - Remove now "old" `fedora.tmp` If we have a file not in a directory in `EFI`, then we can copy it to `foo.tmp` and then act on it and finally rename it. No need to copy the entire `EFI`. Fixes https://github.com/coreos/bootupd/issues/454 --- Cargo.lock | 7 ++ Cargo.toml | 1 + src/filetree.rs | 220 ++++++++++++++++++++++++++++++++++++++++++------ 3 files changed, 201 insertions(+), 27 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 550e23cd..0de5ea47 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -74,6 +74,7 @@ version = "0.2.19" dependencies = [ "anyhow", "bincode", + "camino", "chrono", "clap", "env_logger", @@ -101,6 +102,12 @@ version = "3.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" +[[package]] +name = "camino" +version = "1.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e0ec6b951b160caa93cc0c7b209e5a3bff7aae9062213451ac99493cd844c239" + [[package]] name = "cc" version = "1.0.83" diff --git a/Cargo.toml b/Cargo.toml index 47f9eb08..1f7c9eac 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -21,6 +21,7 @@ path = "src/main.rs" [dependencies] anyhow = "1.0" bincode = "1.3.2" +camino = "1.1.7" chrono = { version = "0.4.38", features = ["serde"] } clap = { version = "3.2", default-features = false, features = ["cargo", "derive", "std", "suggestions"] } env_logger = "0.10" diff --git a/src/filetree.rs b/src/filetree.rs index 1fff67ae..42c64d24 100644 --- a/src/filetree.rs +++ b/src/filetree.rs @@ -7,17 +7,20 @@ #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] use anyhow::{bail, Context, Result}; #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] +use camino::{Utf8Path, Utf8PathBuf}; +#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] use openat_ext::OpenatDirExt; #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] use openssl::hash::{Hasher, MessageDigest}; +use rustix::fd::BorrowedFd; use serde::{Deserialize, Serialize}; #[allow(unused_imports)] use std::collections::{BTreeMap, HashMap, HashSet}; use std::fmt::Display; #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] use std::os::unix::io::AsRawFd; -#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] -use std::path::Path; +use std::os::unix::process::CommandExt; +use std::process::Command; /// The prefix we apply to our temporary files. #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] @@ -272,7 +275,6 @@ pub(crate) struct ApplyUpdateOptions { // Let's just fork off a helper process for now. #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] pub(crate) fn syncfs(d: &openat::Dir) -> Result<()> { - use rustix::fd::BorrowedFd; use rustix::fs::{Mode, OFlags}; let d = unsafe { BorrowedFd::borrow_raw(d.as_raw_fd()) }; let oflags = OFlags::RDONLY | OFlags::CLOEXEC | OFlags::DIRECTORY; @@ -280,12 +282,38 @@ pub(crate) fn syncfs(d: &openat::Dir) -> Result<()> { rustix::fs::syncfs(d).map_err(Into::into) } +/// Copy from src to dst at root dir #[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] -fn tmpname_for_path>(path: P) -> std::path::PathBuf { - let path = path.as_ref(); - let mut buf = path.file_name().expect("filename").to_os_string(); - buf.push(TMP_PREFIX); - path.with_file_name(buf) +fn copy_dir(root: &openat::Dir, src: &str, dst: &str) -> Result<()> { + let rootfd = unsafe { BorrowedFd::borrow_raw(root.as_raw_fd()) }; + let r = unsafe { + Command::new("cp") + .args(["-a"]) + .arg(src) + .arg(dst) + .pre_exec(move || rustix::process::fchdir(rootfd).map_err(Into::into)) + .status()? + }; + if !r.success() { + anyhow::bail!("Failed to copy {src} to {dst}"); + } + log::debug!("Copy {src} to {dst}"); + Ok(()) +} + +/// Get first sub dir and tmp sub dir for the path +/// "fedora/foo/bar" -> ("fedora", "fedora.tmp") +/// "foo" -> ("foo", "foo.tmp") +#[cfg(any(target_arch = "x86_64", target_arch = "aarch64"))] +fn get_subdir(path: &Utf8Path) -> Result<(String, String)> { + let buf = if let Some(p) = path.parent().filter(|&v| !v.as_os_str().is_empty()) { + p.iter().next().unwrap().to_owned() + } else { + path.to_string() + }; + let mut buf_tmp = buf.clone(); + buf_tmp.push_str(".tmp"); + Ok((buf, buf_tmp)) } /// Given two directories, apply a diff generated from srcdir to destdir @@ -302,34 +330,85 @@ pub(crate) fn apply_diff( let opts = opts.unwrap_or(&default_opts); cleanup_tmp(destdir).context("cleaning up temporary files")?; - // Write new and changed files - for pathstr in diff.additions.iter().chain(diff.changes.iter()) { - let path = Path::new(pathstr); - if let Some(parent) = path.parent() { - destdir.ensure_dir_all(parent, DEFAULT_FILE_MODE)?; + let mut updates = HashMap::new(); + // Handle removals in temp dir + if !opts.skip_removals { + for pathstr in diff.removals.iter() { + let path = Utf8Path::new(pathstr); + let (subdir, subdir_tmp) = get_subdir(path)?; + let path_tmp; + if subdir != *pathstr { + if !destdir.exists(&subdir_tmp)? { + copy_dir(destdir, &subdir, &subdir_tmp)?; + updates.insert(subdir.clone(), subdir_tmp.clone()); + } + path_tmp = Utf8Path::new(&subdir_tmp).join(path.strip_prefix(&subdir)?); + } else { + // remove the file directly that is not in dir + path_tmp = path.to_path_buf(); + } + destdir + .remove_file(path_tmp.as_std_path()) + .with_context(|| format!("removing {:?}", path_tmp))?; } - let destp = tmpname_for_path(path); - srcdir - .copy_file_at(path, destdir, destp.as_path()) - .with_context(|| format!("writing {}", &pathstr))?; } // Ensure all of the new files are written persistently to disk if !opts.skip_sync { syncfs(destdir)?; } - // Now move them all into place (TODO track interruption) - for path in diff.additions.iter().chain(diff.changes.iter()) { - let pathtmp = tmpname_for_path(path); - destdir - .local_rename(&pathtmp, path) - .with_context(|| format!("renaming {path}"))?; + + // Write new files to temp dir if exists, else write directly in dest + for pathstr in diff.additions.iter() { + let path = Utf8Path::new(pathstr); + let (subdir, subdir_tmp) = get_subdir(path)?; + let path_tmp; + if destdir.exists(&subdir_tmp)? { + path_tmp = Utf8Path::new(&subdir_tmp).join(path.strip_prefix(&subdir)?); + } else { + path_tmp = path.to_path_buf(); + } + // ensure new additions dir exists + if let Some(parent) = path_tmp.parent().filter(|&v| !v.as_os_str().is_empty()) { + destdir.ensure_dir_all(parent.as_std_path(), DEFAULT_FILE_MODE)?; + } + srcdir + .copy_file_at(path.as_std_path(), destdir, path_tmp.as_std_path()) + .with_context(|| format!("copying {:?} to {:?}", path, path_tmp))?; } - if !opts.skip_removals { - for path in diff.removals.iter() { + + // Write changed files to temp dir and rename finally + for pathstr in diff.changes.iter() { + let path = Utf8Path::new(pathstr); + let (subdir, subdir_tmp) = get_subdir(path)?; + let path_tmp; + if subdir != *pathstr { + if !destdir.exists(&subdir_tmp)? { + copy_dir(destdir, &subdir, &subdir_tmp)?; + updates.insert(subdir.clone(), subdir_tmp.clone()); + } + path_tmp = Utf8Path::new(&subdir_tmp).join(path.strip_prefix(&subdir)?); destdir - .remove_file_optional(path) - .with_context(|| format!("removing {path}"))?; + .remove_file_optional(path_tmp.as_std_path()) + .with_context(|| format!("removing {path_tmp}"))?; + } else { + // file that is not in dir, remember the changes to do rename + updates.insert(subdir.clone(), subdir_tmp.clone()); + path_tmp = Utf8PathBuf::from(&subdir_tmp); } + srcdir + .copy_file_at(path.as_std_path(), destdir, path_tmp.as_std_path()) + .with_context(|| format!("copying {:?} to {:?}", path, path_tmp))?; + } + + // do local exchange + for (src, tmp) in updates { + log::trace!("doing local exchange for {} and {}", tmp, src); + destdir + .local_exchange(&tmp, &src) + .with_context(|| format!("exchange for {:?} and {:?}", tmp, src))?; + // finally remove the temp dir + log::trace!("cleanup: {:?}", tmp); + destdir.remove_all(&tmp).context("clean up temp")?; } // A second full filesystem sync to narrow any races rather than // waiting for writeback to kick in. @@ -345,6 +424,7 @@ mod tests { use super::*; use std::fs; use std::io::Write; + use std::path::Path; fn run_diff(a: &openat::Dir, b: &openat::Dir) -> Result { let ta = FileTree::new_from_dir(a)?; @@ -508,4 +588,90 @@ mod tests { assert!(!a.join(relp).join("shim.x64").exists()); Ok(()) } + #[test] + fn test_get_subdir() -> Result<()> { + // test path + let path = Utf8Path::new("foo/subdir/bar"); + let (tp, tp_tmp) = get_subdir(path)?; + assert_eq!(tp.eq("foo"), tp_tmp.eq("foo.tmp")); + // test file + let path = Utf8Path::new("foo"); + let (tp, tp_tmp) = get_subdir(path)?; + assert_eq!(tp.eq("foo"), tp_tmp.eq("foo.tmp")); + Ok(()) + } + #[test] + fn test_apply_with_file() -> Result<()> { + let tmpd = tempfile::tempdir()?; + let p = tmpd.path(); + let pa = p.join("a"); + let pb = p.join("b"); + std::fs::create_dir(&pa)?; + std::fs::create_dir(&pb)?; + let a = openat::Dir::open(&pa)?; + let b = openat::Dir::open(&pb)?; + a.create_dir("foo", 0o755)?; + a.create_dir("bar", 0o755)?; + let foo = Path::new("foo/bar"); + let bar = Path::new("bar/foo"); + let testfile = "testfile"; + { + let mut buf = a.write_file(foo, 0o644)?; + buf.write_all("foocontents".as_bytes())?; + let mut buf = a.write_file(bar, 0o644)?; + buf.write_all("barcontents".as_bytes())?; + let mut buf = a.write_file(testfile, 0o644)?; + buf.write_all("testfilecontents".as_bytes())?; + } + let a_btime_foo = fs::metadata(pa.join(foo))?.created()?; + let diff = run_diff(&a, &b)?; + assert_eq!(diff.count(), 3); + b.create_dir("foo", 0o755)?; + { + let mut buf = b.write_file(foo, 0o644)?; + buf.write_all("foocontents".as_bytes())?; + } + let b_btime_foo = fs::metadata(pb.join(foo))?.created()?; + + { + let diff = run_diff(&b, &a)?; + assert_eq!(diff.count(), 2); + apply_diff(&a, &b, &diff, None).context("test additional files")?; + assert_eq!( + String::from_utf8(std::fs::read(pb.join(testfile))?)?, + "testfilecontents" + ); + assert_eq!( + String::from_utf8(std::fs::read(pb.join(bar))?)?, + "barcontents" + ); + // creation time is not changed for unchanged file + let b_btime_foo_new = fs::metadata(pb.join(foo))?.created()?; + assert_eq!(b_btime_foo_new, b_btime_foo); + } + { + fs::write(pa.join(testfile), "newtestfile")?; + fs::write(pa.join(bar), "newbar")?; + let diff = run_diff(&b, &a)?; + assert_eq!(diff.count(), 2); + apply_diff(&a, &b, &diff, None).context("test changed files")?; + assert_eq!( + String::from_utf8(std::fs::read(pb.join(testfile))?)?, + "newtestfile" + ); + assert_eq!(String::from_utf8(std::fs::read(pb.join(bar))?)?, "newbar"); + } + { + a.remove_file(testfile)?; + a.remove_file(bar)?; + let diff = run_diff(&b, &a)?; + assert_eq!(diff.count(), 2); + apply_diff(&a, &b, &diff, None).context("test removed file")?; + let diff = run_diff(&b, &a)?; + assert_eq!(diff.count(), 0); + assert_eq!(b.exists(testfile)?, false); + } + + Ok(()) + } }