1 /*
2 * libdpkg - Debian packaging suite library routines
3 * dbmodify.c - routines for managing dpkg database updates
4 *
5 * Copyright © 1994,1995 Ian Jackson <ijackson@chiark.greenend.org.uk>
6 * Copyright © 2001 Wichert Akkerman <wichert@debian.org>
7 * Copyright © 2006-2014 Guillem Jover <guillem@debian.org>
8 *
9 * This is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program. If not, see <https://www.gnu.org/licenses/>.
21 */
22
23 #include <config.h>
24 #include <compat.h>
25
26 #include <sys/stat.h>
27 #include <sys/types.h>
28 #include <sys/wait.h>
29
30 #include <errno.h>
31 #include <limits.h>
32 #include <string.h>
33 #include <time.h>
34 #include <fcntl.h>
35 #include <dirent.h>
36 #include <unistd.h>
37 #include <stdbool.h>
38 #include <stdlib.h>
39 #include <stdio.h>
40
41 #include <dpkg/i18n.h>
42 #include <dpkg/c-ctype.h>
43 #include <dpkg/dpkg.h>
44 #include <dpkg/dpkg-db.h>
45 #include <dpkg/file.h>
46 #include <dpkg/dir.h>
47 #include <dpkg/triglib.h>
48
49 static bool db_initialized;
50
51 static enum modstatdb_rw cstatus=-1, cflags=0;
52 static char *lockfile;
53 static char *frontendlockfile;
54 static char *statusfile, *availablefile;
55 static char *importanttmpfile=NULL;
56 static FILE *importanttmp;
57 static int nextupdate;
58 static char *updatesdir;
59 static int updateslength;
60 static char *updatefnbuf, *updatefnrest;
61 static struct varbuf uvb;
62
ulist_select(const struct dirent * de)63 static int ulist_select(const struct dirent *de) {
64 const char *p;
65 int l;
66 for (p= de->d_name, l=0; *p; p++, l++)
67 if (!c_isdigit(*p))
68 return 0;
69 if (l > IMPORTANTMAXLEN)
70 ohshit(_("updates directory contains file '%.250s' whose name is too long "
71 "(length=%d, max=%d)"), de->d_name, l, IMPORTANTMAXLEN);
72 if (updateslength == -1) updateslength= l;
73 else if (l != updateslength)
74 ohshit(_("updates directory contains files with different length names "
75 "(both %d and %d)"), l, updateslength);
76 return 1;
77 }
78
cleanupdates(void)79 static void cleanupdates(void) {
80 struct dirent **cdlist;
81 int cdn, i;
82
83 parsedb(statusfile, pdb_parse_status, NULL);
84
85 *updatefnrest = '\0';
86 updateslength= -1;
87 cdn= scandir(updatefnbuf, &cdlist, &ulist_select, alphasort);
88 if (cdn == -1)
89 ohshite(_("cannot scan updates directory '%.255s'"), updatefnbuf);
90
91 if (cdn) {
92 for (i=0; i<cdn; i++) {
93 strcpy(updatefnrest, cdlist[i]->d_name);
94 parsedb(updatefnbuf, pdb_parse_update, NULL);
95 }
96
97 if (cstatus >= msdbrw_write) {
98 writedb(statusfile, wdb_must_sync);
99
100 for (i=0; i<cdn; i++) {
101 strcpy(updatefnrest, cdlist[i]->d_name);
102 if (unlink(updatefnbuf))
103 ohshite(_("failed to remove incorporated update file %.255s"),updatefnbuf);
104 }
105
106 dir_sync_path(updatesdir);
107 }
108
109 for (i = 0; i < cdn; i++)
110 free(cdlist[i]);
111 }
112 free(cdlist);
113
114 nextupdate= 0;
115 }
116
createimptmp(void)117 static void createimptmp(void) {
118 int i;
119
120 onerr_abort++;
121
122 importanttmp= fopen(importanttmpfile,"w");
123 if (!importanttmp)
124 ohshite(_("unable to create '%.255s'"), importanttmpfile);
125 setcloexec(fileno(importanttmp),importanttmpfile);
126 for (i=0; i<512; i++) fputs("#padding\n",importanttmp);
127 if (ferror(importanttmp))
128 ohshite(_("unable to fill %.250s with padding"),importanttmpfile);
129 if (fflush(importanttmp))
130 ohshite(_("unable to flush %.250s after padding"), importanttmpfile);
131 if (fseek(importanttmp,0,SEEK_SET))
132 ohshite(_("unable to seek to start of %.250s after padding"),
133 importanttmpfile);
134
135 onerr_abort--;
136 }
137
138 static const struct fni {
139 const char *suffix;
140 char **store;
141 } fnis[] = {
142 { LOCKFILE, &lockfile },
143 { FRONTENDLOCKFILE, &frontendlockfile },
144 { STATUSFILE, &statusfile },
145 { AVAILFILE, &availablefile },
146 { UPDATESDIR, &updatesdir },
147 { UPDATESDIR IMPORTANTTMP, &importanttmpfile },
148 { NULL, NULL }
149 };
150
151 void
modstatdb_init(void)152 modstatdb_init(void)
153 {
154 const struct fni *fnip;
155
156 if (db_initialized)
157 return;
158
159 for (fnip = fnis; fnip->suffix; fnip++) {
160 free(*fnip->store);
161 *fnip->store = dpkg_db_get_path(fnip->suffix);
162 }
163
164 updatefnbuf = m_malloc(strlen(updatesdir) + IMPORTANTMAXLEN + 5);
165 strcpy(updatefnbuf, updatesdir);
166 updatefnrest = updatefnbuf + strlen(updatefnbuf);
167
168 db_initialized = true;
169 }
170
171 void
modstatdb_done(void)172 modstatdb_done(void)
173 {
174 const struct fni *fnip;
175
176 if (!db_initialized)
177 return;
178
179 for (fnip = fnis; fnip->suffix; fnip++) {
180 free(*fnip->store);
181 *fnip->store = NULL;
182 }
183 free(updatefnbuf);
184
185 db_initialized = false;
186 }
187
188 static int dblockfd = -1;
189 static int frontendlockfd = -1;
190
191 bool
modstatdb_is_locked(void)192 modstatdb_is_locked(void)
193 {
194 int lockfd;
195 bool locked;
196
197 if (dblockfd == -1) {
198 lockfd = open(lockfile, O_RDONLY);
199 if (lockfd == -1)
200 ohshite(_("unable to check lock file for dpkg database directory %s"),
201 dpkg_db_get_dir());
202 } else {
203 lockfd = dblockfd;
204 }
205
206 locked = file_is_locked(lockfd, lockfile);
207
208 /* We only close the file if there was no lock open, otherwise we would
209 * release the existing lock on close. */
210 if (dblockfd == -1)
211 close(lockfd);
212
213 return locked;
214 }
215
216 bool
modstatdb_can_lock(void)217 modstatdb_can_lock(void)
218 {
219 if (dblockfd >= 0)
220 return true;
221
222 if (getenv("DPKG_FRONTEND_LOCKED") == NULL) {
223 frontendlockfd = open(frontendlockfile, O_RDWR | O_CREAT | O_TRUNC, 0660);
224 if (frontendlockfd == -1) {
225 if (errno == EACCES || errno == EPERM)
226 return false;
227 else
228 ohshite(_("unable to open/create dpkg frontend lock for directory %s"),
229 dpkg_db_get_dir());
230 }
231 } else {
232 frontendlockfd = -1;
233 }
234
235 dblockfd = open(lockfile, O_RDWR | O_CREAT | O_TRUNC, 0660);
236 if (dblockfd == -1) {
237 if (errno == EACCES || errno == EPERM)
238 return false;
239 else
240 ohshite(_("unable to open/create dpkg database lock file for directory %s"),
241 dpkg_db_get_dir());
242 }
243
244 return true;
245 }
246
247 void
modstatdb_lock(void)248 modstatdb_lock(void)
249 {
250 if (!modstatdb_can_lock())
251 ohshit(_("you do not have permission to lock the dpkg database directory %s"),
252 dpkg_db_get_dir());
253
254 if (frontendlockfd != -1)
255 file_lock(&frontendlockfd, FILE_LOCK_NOWAIT, frontendlockfile,
256 _("dpkg frontend lock"));
257 file_lock(&dblockfd, FILE_LOCK_NOWAIT, lockfile,
258 _("dpkg database lock"));
259 }
260
261 void
modstatdb_unlock(void)262 modstatdb_unlock(void)
263 {
264 /* Unlock. */
265 pop_cleanup(ehflag_normaltidy);
266 if (frontendlockfd != -1)
267 pop_cleanup(ehflag_normaltidy);
268
269 dblockfd = -1;
270 frontendlockfd = -1;
271 }
272
273 enum modstatdb_rw
modstatdb_open(enum modstatdb_rw readwritereq)274 modstatdb_open(enum modstatdb_rw readwritereq)
275 {
276 modstatdb_init();
277
278 cflags = readwritereq & msdbrw_available_mask;
279 readwritereq &= ~msdbrw_available_mask;
280
281 switch (readwritereq) {
282 case msdbrw_needsuperuser:
283 case msdbrw_needsuperuserlockonly:
284 if (getuid() || geteuid())
285 ohshit(_("requested operation requires superuser privilege"));
286 /* Fall through. */
287 case msdbrw_write: case msdbrw_writeifposs:
288 if (access(dpkg_db_get_dir(), W_OK)) {
289 if (errno != EACCES)
290 ohshite(_("unable to access the dpkg database directory %s"),
291 dpkg_db_get_dir());
292 else if (readwritereq == msdbrw_write)
293 ohshit(_("required read/write access to the dpkg database directory %s"),
294 dpkg_db_get_dir());
295 cstatus= msdbrw_readonly;
296 } else {
297 modstatdb_lock();
298 cstatus= (readwritereq == msdbrw_needsuperuserlockonly ?
299 msdbrw_needsuperuserlockonly :
300 msdbrw_write);
301 }
302 break;
303 case msdbrw_readonly:
304 cstatus= msdbrw_readonly; break;
305 default:
306 internerr("unknown modstatdb_rw '%d'", readwritereq);
307 }
308
309 dpkg_arch_load_list();
310
311 if (cstatus != msdbrw_needsuperuserlockonly) {
312 cleanupdates();
313 if (cflags >= msdbrw_available_readonly)
314 parsedb(availablefile, pdb_parse_available, NULL);
315 }
316
317 if (cstatus >= msdbrw_write) {
318 createimptmp();
319 varbuf_init(&uvb, 10240);
320 }
321
322 trig_fixup_awaiters(cstatus);
323 trig_incorporate(cstatus);
324
325 return cstatus;
326 }
327
328 enum modstatdb_rw
modstatdb_get_status(void)329 modstatdb_get_status(void)
330 {
331 return cstatus;
332 }
333
modstatdb_checkpoint(void)334 void modstatdb_checkpoint(void) {
335 int i;
336
337 if (cstatus < msdbrw_write)
338 internerr("modstatdb status '%d' is not writable", cstatus);
339
340 writedb(statusfile, wdb_must_sync);
341
342 for (i=0; i<nextupdate; i++) {
343 sprintf(updatefnrest, IMPORTANTFMT, i);
344
345 /* Have we made a real mess? */
346 if (strlen(updatefnrest) > IMPORTANTMAXLEN)
347 internerr("modstatdb update entry name '%s' longer than %d",
348 updatefnrest, IMPORTANTMAXLEN);
349
350 if (unlink(updatefnbuf))
351 ohshite(_("failed to remove my own update file %.255s"),updatefnbuf);
352 }
353
354 dir_sync_path(updatesdir);
355
356 nextupdate= 0;
357 }
358
modstatdb_shutdown(void)359 void modstatdb_shutdown(void) {
360 if (cflags >= msdbrw_available_write)
361 writedb(availablefile, wdb_dump_available);
362
363 switch (cstatus) {
364 case msdbrw_write:
365 modstatdb_checkpoint();
366 /* Tidy up a bit, but don't worry too much about failure. */
367 fclose(importanttmp);
368 (void)unlink(importanttmpfile);
369 varbuf_destroy(&uvb);
370 /* Fall through. */
371 case msdbrw_needsuperuserlockonly:
372 modstatdb_unlock();
373 default:
374 break;
375 }
376
377 pkg_hash_reset();
378
379 modstatdb_done();
380 }
381
382 static void
modstatdb_note_core(struct pkginfo * pkg)383 modstatdb_note_core(struct pkginfo *pkg)
384 {
385 if (cstatus < msdbrw_write)
386 internerr("modstatdb status '%d' is not writable", cstatus);
387
388 varbuf_reset(&uvb);
389 varbufrecord(&uvb, pkg, &pkg->installed);
390
391 if (fwrite(uvb.buf, 1, uvb.used, importanttmp) != uvb.used)
392 ohshite(_("unable to write updated status of '%.250s'"),
393 pkg_name(pkg, pnaw_nonambig));
394 if (fflush(importanttmp))
395 ohshite(_("unable to flush updated status of '%.250s'"),
396 pkg_name(pkg, pnaw_nonambig));
397 if (ftruncate(fileno(importanttmp), uvb.used))
398 ohshite(_("unable to truncate for updated status of '%.250s'"),
399 pkg_name(pkg, pnaw_nonambig));
400 if (fsync(fileno(importanttmp)))
401 ohshite(_("unable to fsync updated status of '%.250s'"),
402 pkg_name(pkg, pnaw_nonambig));
403 if (fclose(importanttmp))
404 ohshite(_("unable to close updated status of '%.250s'"),
405 pkg_name(pkg, pnaw_nonambig));
406 sprintf(updatefnrest, IMPORTANTFMT, nextupdate);
407 if (rename(importanttmpfile, updatefnbuf))
408 ohshite(_("unable to install updated status of '%.250s'"),
409 pkg_name(pkg, pnaw_nonambig));
410
411 dir_sync_path(updatesdir);
412
413 /* Have we made a real mess? */
414 if (strlen(updatefnrest) > IMPORTANTMAXLEN)
415 internerr("modstatdb update entry name '%s' longer than %d",
416 updatefnrest, IMPORTANTMAXLEN);
417
418 nextupdate++;
419
420 if (nextupdate > MAXUPDATES) {
421 modstatdb_checkpoint();
422 nextupdate = 0;
423 }
424
425 createimptmp();
426 }
427
428 /*
429 * Note: If anyone wants to set some triggers-pending, they must also
430 * set status appropriately, or we will undo it. That is, it is legal
431 * to call this when pkg->status and pkg->trigpend_head disagree and
432 * in that case pkg->status takes precedence and pkg->trigpend_head
433 * will be adjusted.
434 */
modstatdb_note(struct pkginfo * pkg)435 void modstatdb_note(struct pkginfo *pkg) {
436 struct trigaw *ta;
437
438 onerr_abort++;
439
440 /* Clear pending triggers here so that only code that sets the status
441 * to interesting (for triggers) values has to care about triggers. */
442 if (pkg->status != PKG_STAT_TRIGGERSPENDING &&
443 pkg->status != PKG_STAT_TRIGGERSAWAITED)
444 pkg->trigpend_head = NULL;
445
446 if (pkg->status <= PKG_STAT_CONFIGFILES) {
447 for (ta = pkg->trigaw.head; ta; ta = ta->sameaw.next)
448 ta->aw = NULL;
449 pkg->trigaw.head = pkg->trigaw.tail = NULL;
450 }
451
452 if (pkg->status_dirty) {
453 log_message("status %s %s %s", pkg_status_name(pkg),
454 pkg_name(pkg, pnaw_always),
455 versiondescribe(&pkg->installed.version, vdew_nonambig));
456 statusfd_send("status: %s: %s", pkg_name(pkg, pnaw_nonambig),
457 pkg_status_name(pkg));
458
459 pkg->status_dirty = false;
460 }
461
462 if (cstatus >= msdbrw_write)
463 modstatdb_note_core(pkg);
464
465 if (!pkg->trigpend_head && pkg->othertrigaw_head) {
466 /* Automatically remove us from other packages' Triggers-Awaited.
467 * We do this last because we want to maximize our chances of
468 * successfully recording the status of the package we were
469 * pointed at by our caller, although there is some risk of
470 * leaving us in a slightly odd situation which is cleared up
471 * by the trigger handling logic in deppossi_ok_found. */
472 trig_clear_awaiters(pkg);
473 }
474
475 onerr_abort--;
476 }
477
478 void
modstatdb_note_ifwrite(struct pkginfo * pkg)479 modstatdb_note_ifwrite(struct pkginfo *pkg)
480 {
481 if (cstatus >= msdbrw_write)
482 modstatdb_note(pkg);
483 }
484
485