Merge pull request systemd#24883 from bluca/extrel_force

portable: allow caller to override extension-release name check

Author: bluca

man/org.freedesktop.portable1.xml

@@ -307,13 +307,16 @@ node /org/freedesktop/portable1 {
       <para>The <function>AttachImageWithExtensions()</function>,
       <function>DetachImageWithExtensions()</function> and
       <function>ReattachImageWithExtensions()</function> methods take in options as flags instead of
-      booleans to allow for extendability. <varname>SD_SYSTEMD_PORTABLE_FORCE</varname> will cause
+      booleans to allow for extendability. <varname>SD_SYSTEMD_PORTABLE_FORCE_ATTACH</varname> will cause
       safety checks that ensure the units are not running while the new image is attached or detached
-      to be skipped. They are defined as follows:</para>
+      to be skipped. <varname>SD_SYSTEMD_PORTABLE_FORCE_SYSEXT</varname> will cause the check that the
+      <filename>extension-release.<replaceable>NAME</replaceable></filename> file in the extension image
+      matches the image name to be skipped. They are defined as follows:</para>
 
       <programlisting>
-#define SD_SYSTEMD_PORTABLE_RUNTIME  (UINT64_C(1) &lt;&lt; 0)
-#define SD_SYSTEMD_PORTABLE_FORCE    (UINT64_C(1) &lt;&lt; 1)
+#define SD_SYSTEMD_PORTABLE_RUNTIME         (UINT64_C(1) &lt;&lt; 0)
+#define SD_SYSTEMD_PORTABLE_FORCE_ATTACH    (UINT64_C(1) &lt;&lt; 1)
+#define SD_SYSTEMD_PORTABLE_FORCE_SYSEXT    (UINT64_C(1) &lt;&lt; 2)
       </programlisting>
     </refsect2>
 

man/portablectl.xml

@@ -378,7 +378,9 @@
         <term><option>--force</option></term>
 
         <listitem><para>Skip safety checks and attach or detach images (with extensions) without first ensuring
-        that the units are not running.</para></listitem>
+        that the units are not running, and do not insist that the
+        <filename>extension-release.<replaceable>NAME</replaceable></filename> file in the extension image has
+        to match the image filename.</para></listitem>
       </varlistentry>
 
       <xi:include href="user-system-options.xml" xpointer="host" />

man/systemd.exec.xml

@@ -441,7 +441,9 @@
         <para>Each image must carry a <filename>/usr/lib/extension-release.d/extension-release.IMAGE</filename>
         file, with the appropriate metadata which matches <varname>RootImage=</varname>/<varname>RootDirectory=</varname>
         or the host. See:
-        <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+        <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+        To disable the safety check that the extension-release file name matches the image file name, the
+        <varname>x-systemd.relax-extension-release-check</varname> mount option may be appended.</para>
 
         <para>When <varname>DevicePolicy=</varname> is set to <literal>closed</literal> or
         <literal>strict</literal>, or set to <literal>auto</literal> and <varname>DeviceAllow=</varname> is

src/basic/os-util.c

@@ -36,7 +36,7 @@ bool image_name_is_valid(const char *s) {
         return true;
 }
 
-int path_is_extension_tree(const char *path, const char *extension) {
+int path_is_extension_tree(const char *path, const char *extension, bool relax_extension_release_check) {
         int r;
 
         assert(path);
@@ -49,7 +49,7 @@ int path_is_extension_tree(const char *path, const char *extension) {
 
         /* We use /usr/lib/extension-release.d/extension-release[.NAME] as flag for something being a system extension,
          * and {/etc|/usr/lib}/os-release as a flag for something being an OS (when not an extension). */
-        r = open_extension_release(path, extension, NULL, NULL);
+        r = open_extension_release(path, extension, relax_extension_release_check, NULL, NULL);
         if (r == -ENOENT) /* We got nothing */
                 return 0;
         if (r < 0)
@@ -58,7 +58,45 @@ int path_is_extension_tree(const char *path, const char *extension) {
         return 1;
 }
 
-int open_extension_release(const char *root, const char *extension, char **ret_path, int *ret_fd) {
+static int extension_release_strict_xattr_value(int extension_release_fd, const char *extension_release_dir_path, const char *filename) {
+        int r;
+
+        assert(extension_release_fd >= 0);
+        assert(extension_release_dir_path);
+        assert(filename);
+
+        /* No xattr or cannot parse it? Then skip this. */
+        _cleanup_free_ char *extension_release_xattr = NULL;
+        r = fgetxattr_malloc(extension_release_fd, "user.extension-release.strict", &extension_release_xattr);
+        if (r < 0) {
+                if (!ERRNO_IS_XATTR_ABSENT(r))
+                        return log_debug_errno(r,
+                                               "%s/%s: Failed to read 'user.extension-release.strict' extended attribute from file, ignoring: %m",
+                                               extension_release_dir_path, filename);
+
+                return log_debug_errno(r, "%s/%s does not have user.extension-release.strict xattr, ignoring.", extension_release_dir_path, filename);
+        }
+
+        /* Explicitly set to request strict matching? Skip it. */
+        r = parse_boolean(extension_release_xattr);
+        if (r < 0)
+                return log_debug_errno(r,
+                                       "%s/%s: Failed to parse 'user.extension-release.strict' extended attribute from file, ignoring: %m",
+                                       extension_release_dir_path, filename);
+        if (r > 0) {
+                log_debug("%s/%s: 'user.extension-release.strict' attribute is true, ignoring file.",
+                          extension_release_dir_path, filename);
+                return true;
+        }
+
+        log_debug("%s/%s: 'user.extension-release.strict' attribute is false%s",
+                  extension_release_dir_path, filename,
+                  special_glyph(SPECIAL_GLYPH_ELLIPSIS));
+
+        return false;
+}
+
+int open_extension_release(const char *root, const char *extension, bool relax_extension_release_check, char **ret_path, int *ret_fd) {
         _cleanup_free_ char *q = NULL;
         int r, fd;
 
@@ -123,34 +161,14 @@ int open_extension_release(const char *root, const char *extension, char **ret_p
                                         continue;
                                 }
 
-                                /* No xattr or cannot parse it? Then skip this. */
-                                _cleanup_free_ char *extension_release_xattr = NULL;
-                                k = fgetxattr_malloc(extension_release_fd, "user.extension-release.strict", &extension_release_xattr);
-                                if (k < 0 && !ERRNO_IS_XATTR_ABSENT(k))
-                                        log_debug_errno(k,
-                                                        "%s/%s: Failed to read 'user.extension-release.strict' extended attribute from file: %m",
-                                                        extension_release_dir_path, de->d_name);
-                                if (k < 0) {
-                                        log_debug("%s/%s does not have user.extension-release.strict xattr, ignoring.", extension_release_dir_path, de->d_name);
-                                        continue;
+                                if (!relax_extension_release_check) {
+                                        k = extension_release_strict_xattr_value(extension_release_fd,
+                                                                                 extension_release_dir_path,
+                                                                                 de->d_name);
+                                        if (k != 0)
+                                                continue;
                                 }
 
-                                /* Explicitly set to request strict matching? Skip it. */
-                                k = parse_boolean(extension_release_xattr);
-                                if (k < 0)
-                                        log_debug_errno(k,
-                                                        "%s/%s: Failed to parse 'user.extension-release.strict' extended attribute from file: %m",
-                                                        extension_release_dir_path, de->d_name);
-                                else if (k > 0)
-                                        log_debug("%s/%s: 'user.extension-release.strict' attribute is true, ignoring file.",
-                                                  extension_release_dir_path, de->d_name);
-                                if (k != 0)
-                                        continue;
-
-                                log_debug("%s/%s: 'user.extension-release.strict' attribute is false%s",
-                                          extension_release_dir_path, de->d_name,
-                                          special_glyph(SPECIAL_GLYPH_ELLIPSIS));
-
                                 /* We already found what we were looking for, but there's another candidate?
                                  * We treat this as an error, as we want to enforce that there are no ambiguities
                                  * in case we are in the fallback path.*/
@@ -207,16 +225,16 @@ int open_extension_release(const char *root, const char *extension, char **ret_p
         return 0;
 }
 
-int fopen_extension_release(const char *root, const char *extension, char **ret_path, FILE **ret_file) {
+int fopen_extension_release(const char *root, const char *extension, bool relax_extension_release_check, char **ret_path, FILE **ret_file) {
         _cleanup_free_ char *p = NULL;
         _cleanup_close_ int fd = -1;
         FILE *f;
         int r;
 
         if (!ret_file)
-                return open_extension_release(root, extension, ret_path, NULL);
+                return open_extension_release(root, extension, relax_extension_release_check, ret_path, NULL);
 
-        r = open_extension_release(root, extension, ret_path ? &p : NULL, &fd);
+        r = open_extension_release(root, extension, relax_extension_release_check, ret_path ? &p : NULL, &fd);
         if (r < 0)
                 return r;
 
@@ -231,24 +249,24 @@ int fopen_extension_release(const char *root, const char *extension, char **ret_
         return 0;
 }
 
-static int parse_release_internal(const char *root, const char *extension, va_list ap) {
+static int parse_release_internal(const char *root, bool relax_extension_release_check, const char *extension, va_list ap) {
         _cleanup_fclose_ FILE *f = NULL;
         _cleanup_free_ char *p = NULL;
         int r;
 
-        r = fopen_extension_release(root, extension, &p, &f);
+        r = fopen_extension_release(root, extension, relax_extension_release_check, &p, &f);
         if (r < 0)
                 return r;
 
         return parse_env_filev(f, p, ap);
 }
 
-int _parse_extension_release(const char *root, const char *extension, ...) {
+int _parse_extension_release(const char *root, bool relax_extension_release_check, const char *extension, ...) {
         va_list ap;
         int r;
 
         va_start(ap, extension);
-        r = parse_release_internal(root, extension, ap);
+        r = parse_release_internal(root, relax_extension_release_check, extension, ap);
         va_end(ap);
 
         return r;
@@ -259,7 +277,7 @@ int _parse_os_release(const char *root, ...) {
         int r;
 
         va_start(ap, root);
-        r = parse_release_internal(root, NULL, ap);
+        r = parse_release_internal(root, /* relax_extension_release_check= */ false, NULL, ap);
         va_end(ap);
 
         return r;
@@ -306,12 +324,12 @@ int load_os_release_pairs_with_prefix(const char *root, const char *prefix, char
         return 0;
 }
 
-int load_extension_release_pairs(const char *root, const char *extension, char ***ret) {
+int load_extension_release_pairs(const char *root, const char *extension, bool relax_extension_release_check, char ***ret) {
         _cleanup_fclose_ FILE *f = NULL;
         _cleanup_free_ char *p = NULL;
         int r;
 
-        r = fopen_extension_release(root, extension, &p, &f);
+        r = fopen_extension_release(root, extension, relax_extension_release_check, &p, &f);
         if (r < 0)
                 return r;
 

src/basic/os-util.h

@@ -8,27 +8,27 @@
 
 bool image_name_is_valid(const char *s) _pure_;
 
-int path_is_extension_tree(const char *path, const char *extension);
+int path_is_extension_tree(const char *path, const char *extension, bool relax_extension_release_check);
 static inline int path_is_os_tree(const char *path) {
-        return path_is_extension_tree(path, NULL);
+        return path_is_extension_tree(path, NULL, false);
 }
 
-int open_extension_release(const char *root, const char *extension, char **ret_path, int *ret_fd);
+int open_extension_release(const char *root, const char *extension, bool relax_extension_release_check, char **ret_path, int *ret_fd);
 static inline int open_os_release(const char *root, char **ret_path, int *ret_fd) {
-        return open_extension_release(root, NULL, ret_path, ret_fd);
+        return open_extension_release(root, NULL, false, ret_path, ret_fd);
 }
 
-int fopen_extension_release(const char *root, const char *extension, char **ret_path, FILE **ret_file);
+int fopen_extension_release(const char *root, const char *extension, bool relax_extension_release_check, char **ret_path, FILE **ret_file);
 static inline int fopen_os_release(const char *root, char **ret_path, FILE **ret_file) {
-        return fopen_extension_release(root, NULL, ret_path, ret_file);
+        return fopen_extension_release(root, NULL, false, ret_path, ret_file);
 }
 
-int _parse_extension_release(const char *root, const char *extension, ...) _sentinel_;
+int _parse_extension_release(const char *root, bool relax_extension_release_check, const char *extension, ...) _sentinel_;
 int _parse_os_release(const char *root, ...) _sentinel_;
-#define parse_extension_release(root, extension, ...) _parse_extension_release(root, extension, __VA_ARGS__, NULL)
+#define parse_extension_release(root, relax_extension_release_check, extension, ...) _parse_extension_release(root, relax_extension_release_check, extension, __VA_ARGS__, NULL)
 #define parse_os_release(root, ...) _parse_os_release(root, __VA_ARGS__, NULL)
 
-int load_extension_release_pairs(const char *root, const char *extension, char ***ret);
+int load_extension_release_pairs(const char *root, const char *extension, bool relax_extension_release_check, char ***ret);
 int load_os_release_pairs(const char *root, char ***ret);
 int load_os_release_pairs_with_prefix(const char *root, const char *prefix, char ***ret);
 

src/core/namespace.c

@@ -1382,7 +1382,7 @@ static int apply_one_mount(
                 if (isempty(host_os_release_id))
                         return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "'ID' field not found or empty in 'os-release' data of OS tree '%s': %m", empty_to_root(root_directory));
 
-                r = load_extension_release_pairs(mount_entry_source(m), extension_name, &extension_release);
+                r = load_extension_release_pairs(mount_entry_source(m), extension_name, /* relax_extension_release_check= */ false, &extension_release);
                 if (r == -ENOENT && m->ignore)
                         return 0;
                 if (r < 0)