Date: Sat, 4 Jul 2020 10:13:45 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: pkg@freebsd.org Cc: dev@hardenedbsd.org Subject: Filesystem extended attributes support Message-ID: <20200704141345.xwdf2ckxak2hfpkh@mutt-hbsd>
next in thread | raw e-mail | index | archive | help
--mmsvrmd4pasf3ghv Content-Type: multipart/mixed; boundary="bbelxb2uxmln7nal" Content-Disposition: inline --bbelxb2uxmln7nal Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hey FreeBSD pkg(8) developers, Attached is a patch that implements filesystem extended attributes support. Only the system namespace is supported. In case the patch gets scrubbed from this email, I've posted it here: https://gist.github.com/d0b4653bc5942dbcdcd1db877d37c2dc Anyone who wants to write unit tests is welcomed to do so. This patch to pkg does depend on a separate patch to libarchive: https://github.com/libarchive/libarchive/pull/1409 HardenedBSD has a separate patch to tmpfs that enables incredibly basic extended attribute support. The tmpfs patch is only needed for those who use tmpfs with poudriere. And finally, another patch to the jails subsystem that allows a privileged user within a jail to set system namespace filesystem extended attributes (disabled by default) is needed for poudriere users. The patch to tmpfs and jails is not included here as they are tangential. Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Sha= wn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --bbelxb2uxmln7nal Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="pkg.patch.txt" Content-Transfer-Encoding: quoted-printable diff --git a/libpkg/Makefile.autosetup b/libpkg/Makefile.autosetup index ae722976..77854f16 100644 --- a/libpkg/Makefile.autosetup +++ b/libpkg/Makefile.autosetup @@ -42,7 +42,8 @@ SRCS=3D backup.c \ pkg_repo_create.c \ pkg_version.c \ rcscripts.c \ - flags.c + flags.c \ + extattr.c =20 LOCAL_CFLAGS=3D -I$(top_srcdir)/compat \ -I$(top_srcdir)/external/blake2 \ diff --git a/libpkg/extattr.c b/libpkg/extattr.c new file mode 100644 index 00000000..00618787 --- /dev/null +++ b/libpkg/extattr.c @@ -0,0 +1,119 @@ +/*- + * Copyright (c) 2020 Shawn Webb <shawn.webb@hardenedbsd.org> + *=20 + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer + * in this position and unchanged. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + *=20 + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTI= ES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF US= E, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + + +#include <archive.h> +#include <archive_entry.h> +#include <assert.h> +#include <fcntl.h> +#include <fts.h> +#include <string.h> +#include <pwd.h> +#include <grp.h> +#include <errno.h> + +#include <sys/types.h> +#include <sys/extattr.h> + +#include "pkg.h" +#include "private/event.h" +#include "private/pkg.h" + +int +pkg_archive_extattrs(int fd, struct archive_entry *entry) +{ + const char *nameprefix =3D "system."; + char *endp, *name, *names, *namep; + ssize_t datasize, listsize; + int err, namespace; + uint8_t namesize; + void *attrdata; + + err =3D EPKG_OK; + attrdata =3D NULL; + names =3D NULL; + + namespace =3D EXTATTR_NAMESPACE_SYSTEM; + + listsize =3D extattr_list_fd(fd, namespace, NULL, 0); + if (listsize < 0) { + return (EPKG_OK); + } + + if (listsize =3D=3D 0) { + return (EPKG_OK); + } + + names =3D calloc(listsize, 1); + if (names =3D=3D NULL) { + return (EPKG_OK); + } + + if (extattr_list_fd(fd, namespace, names, listsize) !=3D + listsize) { + goto end; + } + endp =3D names + (size_t)listsize; + for (namep =3D names; namep < endp; namep +=3D namesize) { + namesize =3D *((uint8_t *)(namep)); + name =3D calloc(strlen(nameprefix) + namesize+1, 1); + if (name =3D=3D NULL) { + goto end; + } + namep +=3D sizeof(uint8_t); + strcpy(name, nameprefix); + strncat(name, namep, namesize); + + datasize =3D extattr_get_fd(fd, namespace, name+strlen(nameprefix), NULL= , 0); + if (datasize < 0) { + free(name); + continue; + } + + attrdata =3D calloc(1, (size_t)datasize); + if (attrdata =3D=3D NULL) { + free(name); + goto end; + } + + if (extattr_get_fd(fd, namespace, name+strlen(nameprefix), attrdata, + datasize) !=3D datasize) { + perror("extattr_get_fd"); + free(name); + free(attrdata); + goto end; + } + + archive_entry_xattr_add_entry(entry, name, attrdata, + datasize); + + free(name); + free(attrdata); + } + +end: + free(names); + return (EPKG_OK); +} diff --git a/libpkg/packing.c b/libpkg/packing.c index 1e0e35b1..7424aa11 100644 --- a/libpkg/packing.c +++ b/libpkg/packing.c @@ -232,17 +232,21 @@ packing_append_file_attr(struct packing *pack, const = char *filepath, if (sparse_entry !=3D NULL && entry =3D=3D NULL) entry =3D sparse_entry; =20 - archive_write_header(pack->awrite, entry); - - if (archive_entry_size(entry) <=3D 0) - goto cleanup; - if ((fd =3D open(filepath, O_RDONLY)) < 0) { pkg_emit_errno("open", filepath); retcode =3D EPKG_FATAL; goto cleanup; } =20 + pkg_archive_extattrs(fd, entry); + + archive_write_header(pack->awrite, entry); + + if (archive_entry_size(entry) <=3D 0) { + close(fd); + goto cleanup; + } + while ((len =3D read(fd, buf, sizeof(buf))) > 0) { if (archive_write_data(pack->awrite, buf, len) =3D=3D -1) { pkg_emit_errno("archive_write_data", "archive write error"); diff --git a/libpkg/pkg_add.c b/libpkg/pkg_add.c index a2170bdc..dbf04f1e 100644 --- a/libpkg/pkg_add.c +++ b/libpkg/pkg_add.c @@ -43,6 +43,9 @@ #include <time.h> #include <utstring.h> =20 +#include <sys/types.h> +#include <sys/extattr.h> + #include "pkg.h" #include "private/event.h" #include "private/utils.h" @@ -526,6 +529,9 @@ create_regfile(struct pkg *pkg, struct pkg_file *f, str= uct archive *a, bool tried_mkdir =3D false; size_t len; char buf[32768]; + const char *attrname; + void *attrval; + size_t attrsz; =20 pkg_hidden_tempfile(f->temppath, sizeof(f->temppath), f->path); =20 @@ -572,6 +578,25 @@ retry: } } =20 + if (archive_entry_xattr_reset(ae)) { + attrname =3D NULL; + attrval =3D NULL; + attrsz =3D 0; + + while (archive_entry_xattr_next(ae, &attrname, + &attrval, &attrsz) =3D=3D ARCHIVE_OK) { + assert(attrname !=3D NULL); + assert(attrval !=3D NULL); + assert(attrsz > 0); + + if (!strncmp(attrname, "system.", 7)) { + extattr_set_fd(fd, + EXTATTR_NAMESPACE_SYSTEM, + attrname+7, attrval, attrsz); + } + } + } + if (!f->config && archive_read_data_into_fd(a, fd) !=3D ARCHIVE_OK) { pkg_emit_error("Fail to extract %s from package: %s", f->path, archive_error_string(a)); diff --git a/libpkg/private/pkg.h b/libpkg/private/pkg.h index e9021ed8..0826c515 100644 --- a/libpkg/private/pkg.h +++ b/libpkg/private/pkg.h @@ -881,4 +881,7 @@ struct pkg_dep* pkg_adddep_chain(struct pkg_dep *chain, void backup_library(struct pkgdb *, struct pkg *, const char *); int suggest_arch(struct pkg *, bool); =20 +/* Filesystem extended attribute support */ +int pkg_archive_extattrs(int, struct archive_entry *); + #endif --bbelxb2uxmln7nal-- --mmsvrmd4pasf3ghv Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAl8AjpMACgkQ/y5nonf4 4foXtBAApcSQPTsPc9UFKt/OghfIfAgIRjluJ5hwv/kpRthlklnpK99DQbStqiPD 8mhd/3hP9EqMsV7DhW8RY4+aM1fg5qKYr6aIHUjRGyICbj9EHKYjGQVcA5Nm4qEw bsyzwNoY+E/4d6c3WAx1Wqd86gWX0H6hu6R9q2du7Xt8j9fZ91Dw3AKFaw7WpbHH gIPq/P9f71JO/wdOkLcW7D9cCcg5VM+0RWTEAmZvAq1xZ7GhXupBfYMPsaKuyIEa wNVp+WupgTOobtFH2EvAaBFggDTJiQHqbV/sodw8frGRCd4d1GNN032O117tM0h5 PSfw15GH2MQ1jJGq9AfS391CdlZJZOnsEt+jLV4zt6lWX9WzeA/gkV48Ls4Yg+BV U4U16jszrYlNZ+PgkhY0eqWt7IcQX7WUOn8FsJg0K1ajintHJwRqUr9JByscankb Jtd8+7Fjku/vdyp51NLDJ3kXyr5fqHOhtlhAOb3IzdEqMtmaqMgS9pvwyDRiHCAu 0l1/DE9zmjtxWbijG3J8e7XPZ0Hc5XJAlTzetjWP2X6wllQ5EbKbaGfJ6ai4USFD SKReYNQSbtaGNpFroNE990mCd0XKySz7W3NWyktGEi0PNJjUZ/hphF4YeztIClAE R6ZUaHY4tQr+GE+SIumF2WAkDIyH9flV8S4wAP9gtfNIJnu87AA= =G+lu -----END PGP SIGNATURE----- --mmsvrmd4pasf3ghv--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200704141345.xwdf2ckxak2hfpkh>