diff --git a/lib/libbe/be.c b/lib/libbe/be.c index 613235d5e908..4a7c2e43b2c1 100644 --- a/lib/libbe/be.c +++ b/lib/libbe/be.c @@ -1,1345 +1,1357 @@ /* * Copyright (c) 2017 Kyle J. Kneitinger * * SPDX-License-Identifier: BSD-2-Clause */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "be.h" #include "be_impl.h" struct promote_entry { char name[BE_MAXPATHLEN]; SLIST_ENTRY(promote_entry) link; }; struct be_destroy_data { libbe_handle_t *lbh; char target_name[BE_MAXPATHLEN]; char *snapname; SLIST_HEAD(, promote_entry) promotelist; }; #if SOON static int be_create_child_noent(libbe_handle_t *lbh, const char *active, const char *child_path); static int be_create_child_cloned(libbe_handle_t *lbh, const char *active); #endif /* Arbitrary... should tune */ #define BE_SNAP_SERIAL_MAX 1024 /* * Iterator function for locating the rootfs amongst the children of the * zfs_be_root set by loader(8). data is expected to be a libbe_handle_t *. */ static int be_locate_rootfs(libbe_handle_t *lbh) { struct statfs sfs; struct mnttab entry; zfs_handle_t *zfs; /* * Check first if root is ZFS; if not, we'll bail on rootfs capture. * Unfortunately needed because zfs_path_to_zhandle will emit to * stderr if / isn't actually a ZFS filesystem, which we'd like * to avoid. */ if (statfs("/", &sfs) == 0) { statfs2mnttab(&sfs, &entry); if (strcmp(entry.mnt_fstype, MNTTYPE_ZFS) != 0) return (1); } else return (1); zfs = zfs_path_to_zhandle(lbh->lzh, "/", ZFS_TYPE_FILESYSTEM); if (zfs == NULL) return (1); strlcpy(lbh->rootfs, zfs_get_name(zfs), sizeof(lbh->rootfs)); zfs_close(zfs); return (0); } /* * Initializes the libbe context to operate in the root boot environment * dataset, for example, zroot/ROOT. */ libbe_handle_t * libbe_init(const char *root) { char altroot[MAXPATHLEN]; libbe_handle_t *lbh; char *poolname, *pos; int pnamelen; lbh = NULL; poolname = pos = NULL; /* * If the zfs kmod's not loaded then the later libzfs_init() will load * the module for us, but that's not desirable for a couple reasons. If * the module's not loaded, there's no pool imported and we're going to * fail anyways. We also don't really want libbe consumers to have that * kind of side-effect (module loading) in the general case. */ if (modfind("zfs") < 0) goto err; if ((lbh = calloc(1, sizeof(libbe_handle_t))) == NULL) goto err; if ((lbh->lzh = libzfs_init()) == NULL) goto err; /* * Grab rootfs, we'll work backwards from there if an optional BE root * has not been passed in. */ if (be_locate_rootfs(lbh) != 0) { if (root == NULL) goto err; *lbh->rootfs = '\0'; } if (root == NULL) { /* Strip off the final slash from rootfs to get the be root */ strlcpy(lbh->root, lbh->rootfs, sizeof(lbh->root)); pos = strrchr(lbh->root, '/'); if (pos == NULL) goto err; *pos = '\0'; } else strlcpy(lbh->root, root, sizeof(lbh->root)); if ((pos = strchr(lbh->root, '/')) == NULL) goto err; pnamelen = pos - lbh->root; poolname = malloc(pnamelen + 1); if (poolname == NULL) goto err; strlcpy(poolname, lbh->root, pnamelen + 1); if ((lbh->active_phandle = zpool_open(lbh->lzh, poolname)) == NULL) goto err; free(poolname); poolname = NULL; if (zpool_get_prop(lbh->active_phandle, ZPOOL_PROP_BOOTFS, lbh->bootfs, sizeof(lbh->bootfs), NULL, true) != 0) goto err; if (zpool_get_prop(lbh->active_phandle, ZPOOL_PROP_ALTROOT, altroot, sizeof(altroot), NULL, true) == 0 && strcmp(altroot, "-") != 0) lbh->altroot_len = strlen(altroot); (void) lzbe_get_boot_device(zpool_get_name(lbh->active_phandle), &lbh->bootonce); return (lbh); err: if (lbh != NULL) { if (lbh->active_phandle != NULL) zpool_close(lbh->active_phandle); if (lbh->lzh != NULL) libzfs_fini(lbh->lzh); free(lbh); } free(poolname); return (NULL); } /* * Free memory allocated by libbe_init() */ void libbe_close(libbe_handle_t *lbh) { if (lbh->active_phandle != NULL) zpool_close(lbh->active_phandle); libzfs_fini(lbh->lzh); free(lbh->bootonce); free(lbh); } /* * Proxy through to libzfs for the moment. */ void be_nicenum(uint64_t num, char *buf, size_t buflen) { zfs_nicenum(num, buf, buflen); } static bool be_should_promote_clones(zfs_handle_t *zfs_hdl, struct be_destroy_data *bdd) { char *atpos; if (zfs_get_type(zfs_hdl) != ZFS_TYPE_SNAPSHOT) return (false); /* * If we're deleting a snapshot, we need to make sure we only promote * clones that are derived from one of the snapshots we're deleting, * rather than that of a snapshot we're not touching. This keeps stuff * in a consistent state, making sure that we don't error out unless * we really need to. */ if (bdd->snapname == NULL) return (true); atpos = strchr(zfs_get_name(zfs_hdl), '@'); return (strcmp(atpos + 1, bdd->snapname) == 0); } /* * This is executed from be_promote_dependent_clones via zfs_iter_dependents, * It checks if the dependent type is a snapshot then attempts to find any * clones associated with it. Any clones not related to the destroy target are * added to the promote list. */ static int be_dependent_clone_cb(zfs_handle_t *zfs_hdl, void *data) { int err; bool found; const char *name; struct nvlist *nvl; struct nvpair *nvp; struct be_destroy_data *bdd; struct promote_entry *entry, *newentry; nvp = NULL; err = 0; bdd = (struct be_destroy_data *)data; if (be_should_promote_clones(zfs_hdl, bdd) && (nvl = zfs_get_clones_nvl(zfs_hdl)) != NULL) { while ((nvp = nvlist_next_nvpair(nvl, nvp)) != NULL) { name = nvpair_name(nvp); /* * Skip if the clone is equal to, or a child of, the * destroy target. */ if (strncmp(name, bdd->target_name, strlen(bdd->target_name)) == 0 || strstr(name, bdd->target_name) == name) { continue; } found = false; SLIST_FOREACH(entry, &bdd->promotelist, link) { if (strcmp(entry->name, name) == 0) { found = true; break; } } if (found) continue; newentry = malloc(sizeof(struct promote_entry)); if (newentry == NULL) { err = ENOMEM; break; } #define BE_COPY_NAME(entry, src) \ strlcpy((entry)->name, (src), sizeof((entry)->name)) if (BE_COPY_NAME(newentry, name) >= sizeof(newentry->name)) { /* Shouldn't happen. */ free(newentry); err = ENAMETOOLONG; break; } #undef BE_COPY_NAME /* * We're building up a SLIST here to make sure both that * we get the order right and so that we don't * inadvertently observe the wrong state by promoting * datasets while we're still walking the tree. The * latter can lead to situations where we promote a BE * then effectively demote it again. */ SLIST_INSERT_HEAD(&bdd->promotelist, newentry, link); } nvlist_free(nvl); } zfs_close(zfs_hdl); return (err); } /* * This is called before a destroy, so that any datasets(environments) that are * dependent on this one get promoted before destroying the target. */ static int be_promote_dependent_clones(zfs_handle_t *zfs_hdl, struct be_destroy_data *bdd) { int err; zfs_handle_t *clone; struct promote_entry *entry; snprintf(bdd->target_name, BE_MAXPATHLEN, "%s/", zfs_get_name(zfs_hdl)); err = zfs_iter_dependents(zfs_hdl, true, be_dependent_clone_cb, bdd); /* * Drain the list and walk away from it if we're only deleting a * snapshot. */ if (bdd->snapname != NULL && !SLIST_EMPTY(&bdd->promotelist)) err = BE_ERR_HASCLONES; while (!SLIST_EMPTY(&bdd->promotelist)) { entry = SLIST_FIRST(&bdd->promotelist); SLIST_REMOVE_HEAD(&bdd->promotelist, link); #define ZFS_GRAB_CLONE() \ zfs_open(bdd->lbh->lzh, entry->name, ZFS_TYPE_FILESYSTEM) /* * Just skip this part on error, we still want to clean up the * promotion list after the first error. We'll then preserve it * all the way back. */ if (err == 0 && (clone = ZFS_GRAB_CLONE()) != NULL) { err = zfs_promote(clone); if (err != 0) err = BE_ERR_DESTROYMNT; zfs_close(clone); } #undef ZFS_GRAB_CLONE free(entry); } return (err); } static int be_destroy_cb(zfs_handle_t *zfs_hdl, void *data) { char path[BE_MAXPATHLEN]; struct be_destroy_data *bdd; zfs_handle_t *snap; int err; bdd = (struct be_destroy_data *)data; if (bdd->snapname == NULL) { err = zfs_iter_children(zfs_hdl, be_destroy_cb, data); if (err != 0) return (err); return (zfs_destroy(zfs_hdl, false)); } /* If we're dealing with snapshots instead, delete that one alone */ err = zfs_iter_filesystems(zfs_hdl, be_destroy_cb, data); if (err != 0) return (err); /* * This part is intentionally glossing over any potential errors, * because there's a lot less potential for errors when we're cleaning * up snapshots rather than a full deep BE. The primary error case * here being if the snapshot doesn't exist in the first place, which * the caller will likely deem insignificant as long as it doesn't * exist after the call. Thus, such a missing snapshot shouldn't jam * up the destruction. */ snprintf(path, sizeof(path), "%s@%s", zfs_get_name(zfs_hdl), bdd->snapname); if (!zfs_dataset_exists(bdd->lbh->lzh, path, ZFS_TYPE_SNAPSHOT)) return (0); snap = zfs_open(bdd->lbh->lzh, path, ZFS_TYPE_SNAPSHOT); if (snap != NULL) zfs_destroy(snap, false); return (0); } #define BE_DESTROY_WANTORIGIN (BE_DESTROY_ORIGIN | BE_DESTROY_AUTOORIGIN) /* * Destroy the boot environment or snapshot specified by the name * parameter. Options are or'd together with the possible values: * BE_DESTROY_FORCE : forces operation on mounted datasets * BE_DESTROY_ORIGIN: destroy the origin snapshot as well */ static int be_destroy_internal(libbe_handle_t *lbh, const char *name, int options, bool odestroyer) { struct be_destroy_data bdd; char origin[BE_MAXPATHLEN], path[BE_MAXPATHLEN]; zfs_handle_t *fs; char *snapdelim; int err, force, mounted; size_t rootlen; bdd.lbh = lbh; bdd.snapname = NULL; SLIST_INIT(&bdd.promotelist); force = options & BE_DESTROY_FORCE; *origin = '\0'; be_root_concat(lbh, name, path); if ((snapdelim = strchr(path, '@')) == NULL) { if (!zfs_dataset_exists(lbh->lzh, path, ZFS_TYPE_FILESYSTEM)) return (set_error(lbh, BE_ERR_NOENT)); if (strcmp(path, lbh->rootfs) == 0 || strcmp(path, lbh->bootfs) == 0) return (set_error(lbh, BE_ERR_DESTROYACT)); fs = zfs_open(lbh->lzh, path, ZFS_TYPE_FILESYSTEM); if (fs == NULL) return (set_error(lbh, BE_ERR_ZFSOPEN)); /* Don't destroy a mounted dataset unless force is specified */ if ((mounted = zfs_is_mounted(fs, NULL)) != 0) { if (force) { zfs_unmount(fs, NULL, 0); } else { free(bdd.snapname); return (set_error(lbh, BE_ERR_DESTROYMNT)); } } /* Handle destroying bootonce */ if (lbh->bootonce != NULL && strcmp(path, lbh->bootonce) == 0) (void) lzbe_set_boot_device( zpool_get_name(lbh->active_phandle), lzbe_add, NULL); } else { /* * If we're initially destroying a snapshot, origin options do * not make sense. If we're destroying the origin snapshot of * a BE, we want to maintain the options in case we need to * fake success after failing to promote. */ if (!odestroyer) options &= ~BE_DESTROY_WANTORIGIN; if (!zfs_dataset_exists(lbh->lzh, path, ZFS_TYPE_SNAPSHOT)) return (set_error(lbh, BE_ERR_NOENT)); bdd.snapname = strdup(snapdelim + 1); if (bdd.snapname == NULL) return (set_error(lbh, BE_ERR_NOMEM)); *snapdelim = '\0'; fs = zfs_open(lbh->lzh, path, ZFS_TYPE_DATASET); if (fs == NULL) { free(bdd.snapname); return (set_error(lbh, BE_ERR_ZFSOPEN)); } } /* * Whether we're destroying a BE or a single snapshot, we need to walk * the tree of what we're going to destroy and promote everything in our * path so that we can make it happen. */ if ((err = be_promote_dependent_clones(fs, &bdd)) != 0) { free(bdd.snapname); /* * If we're just destroying the origin of some other dataset * we were invoked to destroy, then we just ignore * BE_ERR_HASCLONES and return success unless the caller wanted * to force the issue. */ if (odestroyer && err == BE_ERR_HASCLONES && (options & BE_DESTROY_AUTOORIGIN) != 0) return (0); return (set_error(lbh, err)); } /* * This was deferred until after we promote all of the derivatives so * that we grab the new origin after everything's settled down. */ if ((options & BE_DESTROY_WANTORIGIN) != 0 && zfs_prop_get(fs, ZFS_PROP_ORIGIN, origin, sizeof(origin), NULL, NULL, 0, 1) != 0 && (options & BE_DESTROY_ORIGIN) != 0) return (set_error(lbh, BE_ERR_NOORIGIN)); /* * If the caller wants auto-origin destruction and the origin * name matches one of our automatically created snapshot names * (i.e. strftime("%F-%T") with a serial at the end), then * we'll set the DESTROY_ORIGIN flag and nuke it * be_is_auto_snapshot_name is exported from libbe(3) so that * the caller can determine if it needs to warn about the origin * not being destroyed or not. */ if ((options & BE_DESTROY_AUTOORIGIN) != 0 && *origin != '\0' && be_is_auto_snapshot_name(lbh, origin)) options |= BE_DESTROY_ORIGIN; err = be_destroy_cb(fs, &bdd); zfs_close(fs); free(bdd.snapname); if (err != 0) { /* Children are still present or the mount is referenced */ if (err == EBUSY) return (set_error(lbh, BE_ERR_DESTROYMNT)); return (set_error(lbh, BE_ERR_UNKNOWN)); } if ((options & BE_DESTROY_ORIGIN) == 0) return (0); /* The origin can't possibly be shorter than the BE root */ rootlen = strlen(lbh->root); if (*origin == '\0' || strlen(origin) <= rootlen + 1) return (set_error(lbh, BE_ERR_INVORIGIN)); /* * We'll be chopping off the BE root and running this back through * be_destroy, so that we properly handle the origin snapshot whether * it be that of a deep BE or not. */ if (strncmp(origin, lbh->root, rootlen) != 0 || origin[rootlen] != '/') return (0); return (be_destroy_internal(lbh, origin + rootlen + 1, options & ~BE_DESTROY_ORIGIN, true)); } int be_destroy(libbe_handle_t *lbh, const char *name, int options) { /* * The consumer must not set both BE_DESTROY_AUTOORIGIN and * BE_DESTROY_ORIGIN. Internally, we'll set the latter from the former. * The latter should imply that we must succeed at destroying the * origin, or complain otherwise. */ if ((options & BE_DESTROY_WANTORIGIN) == BE_DESTROY_WANTORIGIN) return (set_error(lbh, BE_ERR_UNKNOWN)); return (be_destroy_internal(lbh, name, options, false)); } static void be_setup_snapshot_name(libbe_handle_t *lbh, char *buf, size_t buflen) { time_t rawtime; int len, serial; time(&rawtime); len = strlen(buf); len += strftime(buf + len, buflen - len, "@%F-%T", localtime(&rawtime)); /* No room for serial... caller will do its best */ if (buflen - len < 2) return; for (serial = 0; serial < BE_SNAP_SERIAL_MAX; ++serial) { snprintf(buf + len, buflen - len, "-%d", serial); if (!zfs_dataset_exists(lbh->lzh, buf, ZFS_TYPE_SNAPSHOT)) return; } } bool be_is_auto_snapshot_name(libbe_handle_t *lbh __unused, const char *name) { const char *snap; int day, hour, minute, month, second, serial, year; if ((snap = strchr(name, '@')) == NULL) return (false); ++snap; /* We'll grab the individual components and do some light validation. */ if (sscanf(snap, "%d-%d-%d-%d:%d:%d-%d", &year, &month, &day, &hour, &minute, &second, &serial) != 7) return (false); return (year >= 1970) && (month >= 1 && month <= 12) && (day >= 1 && day <= 31) && (hour >= 0 && hour <= 23) && (minute >= 0 && minute <= 59) && (second >= 0 && second <= 60) && serial >= 0; } int be_snapshot(libbe_handle_t *lbh, const char *source, const char *snap_name, bool recursive, char *result) { char buf[BE_MAXPATHLEN]; int err; be_root_concat(lbh, source, buf); if ((err = be_exists(lbh, buf)) != 0) return (set_error(lbh, err)); if (snap_name != NULL) { if (strlcat(buf, "@", sizeof(buf)) >= sizeof(buf)) return (set_error(lbh, BE_ERR_INVALIDNAME)); if (strlcat(buf, snap_name, sizeof(buf)) >= sizeof(buf)) return (set_error(lbh, BE_ERR_INVALIDNAME)); if (result != NULL) snprintf(result, BE_MAXPATHLEN, "%s@%s", source, snap_name); } else { be_setup_snapshot_name(lbh, buf, sizeof(buf)); if (result != NULL && strlcpy(result, strrchr(buf, '/') + 1, sizeof(buf)) >= sizeof(buf)) return (set_error(lbh, BE_ERR_INVALIDNAME)); } if ((err = zfs_snapshot(lbh->lzh, buf, recursive, NULL)) != 0) { switch (err) { case EZFS_INVALIDNAME: return (set_error(lbh, BE_ERR_INVALIDNAME)); default: /* * The other errors that zfs_ioc_snapshot might return * shouldn't happen if we've set things up properly, so * we'll gloss over them and call it UNKNOWN as it will * require further triage. */ if (errno == ENOTSUP) return (set_error(lbh, BE_ERR_NOPOOL)); return (set_error(lbh, BE_ERR_UNKNOWN)); } } return (BE_ERR_SUCCESS); } /* * Create the boot environment specified by the name parameter */ int be_create(libbe_handle_t *lbh, const char *name) { int err; err = be_create_from_existing(lbh, name, be_active_path(lbh)); return (set_error(lbh, err)); } static int be_deep_clone_prop(int prop, void *cb) { int err; struct libbe_dccb *dccb; zprop_source_t src; char pval[BE_MAXPATHLEN]; char source[BE_MAXPATHLEN]; char *val; dccb = cb; /* Skip some properties we don't want to touch */ switch (prop) { /* * libzfs insists on these being naturally inherited in the * cloning process. */ case ZFS_PROP_KEYFORMAT: case ZFS_PROP_KEYLOCATION: case ZFS_PROP_ENCRYPTION: case ZFS_PROP_PBKDF2_ITERS: /* FALLTHROUGH */ case ZFS_PROP_CANMOUNT: /* Forced by libbe */ return (ZPROP_CONT); } /* Don't copy readonly properties */ if (zfs_prop_readonly(prop)) return (ZPROP_CONT); if ((err = zfs_prop_get(dccb->zhp, prop, (char *)&pval, sizeof(pval), &src, (char *)&source, sizeof(source), false))) /* Just continue if we fail to read a property */ return (ZPROP_CONT); /* * Only copy locally defined or received properties. This continues * to avoid temporary/default/local properties intentionally without * breaking received datasets. */ if (src != ZPROP_SRC_LOCAL && src != ZPROP_SRC_RECEIVED) return (ZPROP_CONT); /* Augment mountpoint with altroot, if needed */ val = pval; if (prop == ZFS_PROP_MOUNTPOINT) val = be_mountpoint_augmented(dccb->lbh, val); nvlist_add_string(dccb->props, zfs_prop_to_name(prop), val); return (ZPROP_CONT); } /* * Return the corresponding boot environment path for a given * dataset path, the constructed path is placed in 'result'. * * example: say our new boot environment name is 'bootenv' and * the dataset path is 'zroot/ROOT/default/data/set'. * * result should produce: 'zroot/ROOT/bootenv/data/set' */ static int be_get_path(struct libbe_deep_clone *ldc, const char *dspath, char *result, int result_size) { char *pos; char *child_dataset; /* match the root path for the boot environments */ pos = strstr(dspath, ldc->lbh->root); /* no match, different pools? */ if (pos == NULL) return (BE_ERR_BADPATH); /* root path of the new boot environment */ snprintf(result, result_size, "%s/%s", ldc->lbh->root, ldc->bename); /* gets us to the parent dataset, the +1 consumes a trailing slash */ pos += strlen(ldc->lbh->root) + 1; /* skip the parent dataset */ if ((child_dataset = strchr(pos, '/')) != NULL) strlcat(result, child_dataset, result_size); return (BE_ERR_SUCCESS); } static int be_clone_cb(zfs_handle_t *ds, void *data) { int err; char be_path[BE_MAXPATHLEN]; char snap_path[BE_MAXPATHLEN]; const char *dspath; zfs_handle_t *snap_hdl; nvlist_t *props; struct libbe_deep_clone *ldc; struct libbe_dccb dccb; ldc = (struct libbe_deep_clone *)data; dspath = zfs_get_name(ds); snprintf(snap_path, sizeof(snap_path), "%s@%s", dspath, ldc->snapname); /* construct the boot environment path from the dataset we're cloning */ if (be_get_path(ldc, dspath, be_path, sizeof(be_path)) != BE_ERR_SUCCESS) return (BE_ERR_UNKNOWN); /* the dataset to be created (i.e. the boot environment) already exists */ if (zfs_dataset_exists(ldc->lbh->lzh, be_path, ZFS_TYPE_DATASET)) return (BE_ERR_EXISTS); /* no snapshot found for this dataset, silently skip it */ if (!zfs_dataset_exists(ldc->lbh->lzh, snap_path, ZFS_TYPE_SNAPSHOT)) return (0); if ((snap_hdl = zfs_open(ldc->lbh->lzh, snap_path, ZFS_TYPE_SNAPSHOT)) == NULL) return (BE_ERR_ZFSOPEN); nvlist_alloc(&props, NV_UNIQUE_NAME, KM_SLEEP); nvlist_add_string(props, "canmount", "noauto"); dccb.lbh = ldc->lbh; dccb.zhp = ds; dccb.props = props; if (zprop_iter(be_deep_clone_prop, &dccb, B_FALSE, B_FALSE, ZFS_TYPE_FILESYSTEM) == ZPROP_INVAL) return (-1); if ((err = zfs_clone(snap_hdl, be_path, props)) != 0) return (BE_ERR_ZFSCLONE); nvlist_free(props); zfs_close(snap_hdl); if (ldc->depth_limit == -1 || ldc->depth < ldc->depth_limit) { ldc->depth++; err = zfs_iter_filesystems(ds, be_clone_cb, ldc); ldc->depth--; } return (err); } /* * Create a boot environment with a given name from a given snapshot. * Snapshots can be in the format 'zroot/ROOT/default@snapshot' or * 'default@snapshot'. In the latter case, 'default@snapshot' will be prepended * with the root path that libbe was initailized with. */ static int be_clone(libbe_handle_t *lbh, const char *bename, const char *snapshot, int depth) { int err; char snap_path[BE_MAXPATHLEN]; char *parentname, *snapname; zfs_handle_t *parent_hdl; struct libbe_deep_clone ldc; /* ensure the boot environment name is valid */ if ((err = be_validate_name(lbh, bename)) != 0) return (set_error(lbh, err)); /* * prepend the boot environment root path if we're * given a partial snapshot name. */ if ((err = be_root_concat(lbh, snapshot, snap_path)) != 0) return (set_error(lbh, err)); /* ensure the snapshot exists */ if ((err = be_validate_snap(lbh, snap_path)) != 0) return (set_error(lbh, err)); /* get a copy of the snapshot path so we can disect it */ if ((parentname = strdup(snap_path)) == NULL) return (set_error(lbh, BE_ERR_UNKNOWN)); /* split dataset name from snapshot name */ snapname = strchr(parentname, '@'); if (snapname == NULL) { free(parentname); return (set_error(lbh, BE_ERR_UNKNOWN)); } *snapname = '\0'; snapname++; /* set-up the boot environment */ ldc.lbh = lbh; ldc.bename = bename; ldc.snapname = snapname; ldc.depth = 0; ldc.depth_limit = depth; /* the boot environment will be cloned from this dataset */ parent_hdl = zfs_open(lbh->lzh, parentname, ZFS_TYPE_DATASET); /* create the boot environment */ err = be_clone_cb(parent_hdl, &ldc); free(parentname); return (set_error(lbh, err)); } /* * Create a boot environment from pre-existing snapshot, specifying a depth. */ int be_create_depth(libbe_handle_t *lbh, const char *bename, const char *snap, int depth) { return (be_clone(lbh, bename, snap, depth)); } /* * Create the boot environment from pre-existing snapshot */ int be_create_from_existing_snap(libbe_handle_t *lbh, const char *bename, const char *snap) { return (be_clone(lbh, bename, snap, -1)); } /* * Create a boot environment from an existing boot environment */ int be_create_from_existing(libbe_handle_t *lbh, const char *bename, const char *old) { int err; char snap[BE_MAXPATHLEN]; if ((err = be_snapshot(lbh, old, NULL, true, snap)) != 0) return (set_error(lbh, err)); err = be_clone(lbh, bename, snap, -1); return (set_error(lbh, err)); } /* * Verifies that a snapshot has a valid name, exists, and has a mountpoint of * '/'. Returns BE_ERR_SUCCESS (0), upon success, or the relevant BE_ERR_* upon * failure. Does not set the internal library error state. */ int be_validate_snap(libbe_handle_t *lbh, const char *snap_name) { if (strlen(snap_name) >= BE_MAXPATHLEN) return (BE_ERR_PATHLEN); if (!zfs_name_valid(snap_name, ZFS_TYPE_SNAPSHOT)) return (BE_ERR_INVALIDNAME); if (!zfs_dataset_exists(lbh->lzh, snap_name, ZFS_TYPE_SNAPSHOT)) return (BE_ERR_NOENT); return (BE_ERR_SUCCESS); } /* * Idempotently appends the name argument to the root boot environment path * and copies the resulting string into the result buffer (which is assumed * to be at least BE_MAXPATHLEN characters long. Returns BE_ERR_SUCCESS upon * success, BE_ERR_PATHLEN if the resulting path is longer than BE_MAXPATHLEN, * or BE_ERR_INVALIDNAME if the name is a path that does not begin with * zfs_be_root. Does not set internal library error state. */ int be_root_concat(libbe_handle_t *lbh, const char *name, char *result) { size_t name_len, root_len; name_len = strlen(name); root_len = strlen(lbh->root); /* Act idempotently; return be name if it is already a full path */ if (strrchr(name, '/') != NULL) { if (strstr(name, lbh->root) != name) return (BE_ERR_INVALIDNAME); if (name_len >= BE_MAXPATHLEN) return (BE_ERR_PATHLEN); strlcpy(result, name, BE_MAXPATHLEN); return (BE_ERR_SUCCESS); } else if (name_len + root_len + 1 < BE_MAXPATHLEN) { snprintf(result, BE_MAXPATHLEN, "%s/%s", lbh->root, name); return (BE_ERR_SUCCESS); } return (BE_ERR_PATHLEN); } /* * Verifies the validity of a boot environment name (A-Za-z0-9-_.). Returns * BE_ERR_SUCCESS (0) if name is valid, otherwise returns BE_ERR_INVALIDNAME * or BE_ERR_PATHLEN. * Does not set internal library error state. */ int be_validate_name(libbe_handle_t *lbh, const char *name) { /* * Impose the additional restriction that the entire dataset name must * not exceed the maximum length of a dataset, i.e. MAXNAMELEN. */ if (strlen(lbh->root) + 1 + strlen(name) > MAXNAMELEN) return (BE_ERR_PATHLEN); if (!zfs_name_valid(name, ZFS_TYPE_DATASET)) return (BE_ERR_INVALIDNAME); /* * ZFS allows spaces in boot environment names, but the kernel can't * handle booting from such a dataset right now. vfs.root.mountfrom * is defined to be a space-separated list, and there's no protocol for * escaping whitespace in the path component of a dev:path spec. So * while loader can handle this situation alright, it can't safely pass * it on to mountroot. */ if (strchr(name, ' ') != NULL) return (BE_ERR_INVALIDNAME); return (BE_ERR_SUCCESS); } /* * usage */ int be_rename(libbe_handle_t *lbh, const char *old, const char *new) { char full_old[BE_MAXPATHLEN]; char full_new[BE_MAXPATHLEN]; zfs_handle_t *zfs_hdl; int err; /* * be_validate_name is documented not to set error state, so we should * do so here. */ if ((err = be_validate_name(lbh, new)) != 0) return (set_error(lbh, err)); if ((err = be_root_concat(lbh, old, full_old)) != 0) return (set_error(lbh, err)); if ((err = be_root_concat(lbh, new, full_new)) != 0) return (set_error(lbh, err)); if (!zfs_dataset_exists(lbh->lzh, full_old, ZFS_TYPE_DATASET)) return (set_error(lbh, BE_ERR_NOENT)); if (zfs_dataset_exists(lbh->lzh, full_new, ZFS_TYPE_DATASET)) return (set_error(lbh, BE_ERR_EXISTS)); if ((zfs_hdl = zfs_open(lbh->lzh, full_old, ZFS_TYPE_FILESYSTEM)) == NULL) return (set_error(lbh, BE_ERR_ZFSOPEN)); /* recurse, nounmount, forceunmount */ struct renameflags flags = { .nounmount = 1, }; err = zfs_rename(zfs_hdl, full_new, flags); if (err != 0) goto error; /* handle renaming bootonce */ if (lbh->bootonce != NULL && strcmp(full_old, lbh->bootonce) == 0) err = be_activate(lbh, new, true); error: zfs_close(zfs_hdl); return (set_error(lbh, err)); } int be_export(libbe_handle_t *lbh, const char *bootenv, int fd) { char snap_name[BE_MAXPATHLEN]; char buf[BE_MAXPATHLEN]; zfs_handle_t *zfs; sendflags_t flags = { 0 }; int err; if ((err = be_snapshot(lbh, bootenv, NULL, true, snap_name)) != 0) /* Use the error set by be_snapshot */ return (err); be_root_concat(lbh, snap_name, buf); if ((zfs = zfs_open(lbh->lzh, buf, ZFS_TYPE_DATASET)) == NULL) return (set_error(lbh, BE_ERR_ZFSOPEN)); err = zfs_send_one(zfs, NULL, fd, &flags, /* redactbook */ NULL); zfs_close(zfs); return (err); } int be_import(libbe_handle_t *lbh, const char *bootenv, int fd) { char buf[BE_MAXPATHLEN]; nvlist_t *props; zfs_handle_t *zfs; recvflags_t flags = { .nomount = 1 }; int err; be_root_concat(lbh, bootenv, buf); if ((err = zfs_receive(lbh->lzh, buf, NULL, &flags, fd, NULL)) != 0) { switch (err) { case EINVAL: return (set_error(lbh, BE_ERR_NOORIGIN)); case ENOENT: return (set_error(lbh, BE_ERR_NOENT)); case EIO: return (set_error(lbh, BE_ERR_IO)); default: return (set_error(lbh, BE_ERR_UNKNOWN)); } } if ((zfs = zfs_open(lbh->lzh, buf, ZFS_TYPE_FILESYSTEM)) == NULL) return (set_error(lbh, BE_ERR_ZFSOPEN)); nvlist_alloc(&props, NV_UNIQUE_NAME, KM_SLEEP); nvlist_add_string(props, "canmount", "noauto"); nvlist_add_string(props, "mountpoint", "none"); err = zfs_prop_set_list(zfs, props); nvlist_free(props); zfs_close(zfs); if (err != 0) return (set_error(lbh, BE_ERR_UNKNOWN)); return (0); } #if SOON static int be_create_child_noent(libbe_handle_t *lbh, const char *active, const char *child_path) { nvlist_t *props; zfs_handle_t *zfs; int err; nvlist_alloc(&props, NV_UNIQUE_NAME, KM_SLEEP); nvlist_add_string(props, "canmount", "noauto"); nvlist_add_string(props, "mountpoint", child_path); /* Create */ if ((err = zfs_create(lbh->lzh, active, ZFS_TYPE_DATASET, props)) != 0) { switch (err) { case EZFS_EXISTS: return (set_error(lbh, BE_ERR_EXISTS)); case EZFS_NOENT: return (set_error(lbh, BE_ERR_NOENT)); case EZFS_BADTYPE: case EZFS_BADVERSION: return (set_error(lbh, BE_ERR_NOPOOL)); case EZFS_BADPROP: default: /* We set something up wrong, probably... */ return (set_error(lbh, BE_ERR_UNKNOWN)); } } nvlist_free(props); if ((zfs = zfs_open(lbh->lzh, active, ZFS_TYPE_DATASET)) == NULL) return (set_error(lbh, BE_ERR_ZFSOPEN)); /* Set props */ if ((err = zfs_prop_set(zfs, "canmount", "noauto")) != 0) { zfs_close(zfs); /* * Similar to other cases, this shouldn't fail unless we've * done something wrong. This is a new dataset that shouldn't * have been mounted anywhere between creation and now. */ if (err == EZFS_NOMEM) return (set_error(lbh, BE_ERR_NOMEM)); return (set_error(lbh, BE_ERR_UNKNOWN)); } zfs_close(zfs); return (BE_ERR_SUCCESS); } static int be_create_child_cloned(libbe_handle_t *lbh, const char *active) { char buf[BE_MAXPATHLEN], tmp[BE_MAXPATHLEN]; zfs_handle_t *zfs; int err; /* XXX TODO ? */ /* * Establish if the existing path is a zfs dataset or just * the subdirectory of one */ strlcpy(tmp, "tmp/be_snap.XXXXX", sizeof(tmp)); if (mktemp(tmp) == NULL) return (set_error(lbh, BE_ERR_UNKNOWN)); be_root_concat(lbh, tmp, buf); printf("Here %s?\n", buf); if ((err = zfs_snapshot(lbh->lzh, buf, false, NULL)) != 0) { switch (err) { case EZFS_INVALIDNAME: return (set_error(lbh, BE_ERR_INVALIDNAME)); default: /* * The other errors that zfs_ioc_snapshot might return * shouldn't happen if we've set things up properly, so * we'll gloss over them and call it UNKNOWN as it will * require further triage. */ if (errno == ENOTSUP) return (set_error(lbh, BE_ERR_NOPOOL)); return (set_error(lbh, BE_ERR_UNKNOWN)); } } /* Clone */ if ((zfs = zfs_open(lbh->lzh, buf, ZFS_TYPE_SNAPSHOT)) == NULL) return (BE_ERR_ZFSOPEN); if ((err = zfs_clone(zfs, active, NULL)) != 0) /* XXX TODO correct error */ return (set_error(lbh, BE_ERR_UNKNOWN)); /* set props */ zfs_close(zfs); return (BE_ERR_SUCCESS); } int be_add_child(libbe_handle_t *lbh, const char *child_path, bool cp_if_exists) { struct stat sb; char active[BE_MAXPATHLEN], buf[BE_MAXPATHLEN]; nvlist_t *props; const char *s; /* Require absolute paths */ if (*child_path != '/') return (set_error(lbh, BE_ERR_BADPATH)); strlcpy(active, be_active_path(lbh), BE_MAXPATHLEN); strcpy(buf, active); /* Create non-mountable parent dataset(s) */ s = child_path; for (char *p; (p = strchr(s+1, '/')) != NULL; s = p) { size_t len = p - s; strncat(buf, s, len); nvlist_alloc(&props, NV_UNIQUE_NAME, KM_SLEEP); nvlist_add_string(props, "canmount", "off"); nvlist_add_string(props, "mountpoint", "none"); zfs_create(lbh->lzh, buf, ZFS_TYPE_DATASET, props); nvlist_free(props); } /* Path does not exist as a descendent of / yet */ if (strlcat(active, child_path, BE_MAXPATHLEN) >= BE_MAXPATHLEN) return (set_error(lbh, BE_ERR_PATHLEN)); if (stat(child_path, &sb) != 0) { /* Verify that error is ENOENT */ if (errno != ENOENT) return (set_error(lbh, BE_ERR_UNKNOWN)); return (be_create_child_noent(lbh, active, child_path)); } else if (cp_if_exists) /* Path is already a descendent of / and should be copied */ return (be_create_child_cloned(lbh, active)); return (set_error(lbh, BE_ERR_EXISTS)); } #endif /* SOON */ /* * Deactivate old BE dataset; currently just sets canmount=noauto or * resets boot once configuration. */ int be_deactivate(libbe_handle_t *lbh, const char *ds, bool temporary) { zfs_handle_t *zfs; if (temporary) { return (lzbe_set_boot_device( zpool_get_name(lbh->active_phandle), lzbe_add, NULL)); } if ((zfs = zfs_open(lbh->lzh, ds, ZFS_TYPE_DATASET)) == NULL) return (1); if (zfs_prop_set(zfs, "canmount", "noauto") != 0) return (1); zfs_close(zfs); return (0); } static int be_zfs_promote_cb(zfs_handle_t *zhp, void *data) { char origin[BE_MAXPATHLEN]; bool *found_origin = (bool *)data; int err; if (zfs_prop_get(zhp, ZFS_PROP_ORIGIN, origin, sizeof(origin), NULL, NULL, 0, true) == 0) { *found_origin = true; err = zfs_promote(zhp); if (err) return (err); } return (zfs_iter_filesystems(zhp, be_zfs_promote_cb, data)); } static int be_zfs_promote(zfs_handle_t *zhp, bool *found_origin) { *found_origin = false; return (be_zfs_promote_cb(zhp, (void *)found_origin)); } int be_activate(libbe_handle_t *lbh, const char *bootenv, bool temporary) { char be_path[BE_MAXPATHLEN]; zfs_handle_t *zhp; int err; bool found_origin; be_root_concat(lbh, bootenv, be_path); /* Note: be_exists fails if mountpoint is not / */ if ((err = be_exists(lbh, be_path)) != 0) return (set_error(lbh, err)); if (temporary) { return (lzbe_set_boot_device( zpool_get_name(lbh->active_phandle), lzbe_add, be_path)); } else { if (strncmp(lbh->bootfs, "-", 1) != 0 && be_deactivate(lbh, lbh->bootfs, false) != 0) return (-1); /* Obtain bootenv zpool */ err = zpool_set_prop(lbh->active_phandle, "bootfs", be_path); if (err) return (-1); for (;;) { zhp = zfs_open(lbh->lzh, be_path, ZFS_TYPE_FILESYSTEM); if (zhp == NULL) return (-1); err = be_zfs_promote(zhp, &found_origin); zfs_close(zhp); if (!found_origin) break; if (err) return (err); } if (err) return (-1); } return (BE_ERR_SUCCESS); } + +int +be_log_history(libbe_handle_t *lbh, const char *message) +{ + int err; + + err = zpool_log_history(lbh->lzh, message); + if (err) + return (set_error(lbh, BE_ERR_UNKNOWN)); + + return (BE_ERR_SUCCESS); +} diff --git a/lib/libbe/be.h b/lib/libbe/be.h index 01ee94fd03ca..d3f47c0604fe 100644 --- a/lib/libbe/be.h +++ b/lib/libbe/be.h @@ -1,115 +1,117 @@ /* * Copyright (c) 2017 Kyle J. Kneitinger * * SPDX-License-Identifier: BSD-2-Clause */ #ifndef _LIBBE_H #define _LIBBE_H #include #include #define BE_MAXPATHLEN 512 typedef struct libbe_handle libbe_handle_t; typedef enum be_error { BE_ERR_SUCCESS = 0, /* No error */ BE_ERR_INVALIDNAME, /* invalid boot env name */ BE_ERR_EXISTS, /* boot env name already taken */ BE_ERR_NOENT, /* boot env doesn't exist */ BE_ERR_PERMS, /* insufficient permissions */ BE_ERR_DESTROYACT, /* cannot destroy active boot env */ BE_ERR_DESTROYMNT, /* destroying a mounted be requires force */ BE_ERR_BADPATH, /* path not suitable for operation */ BE_ERR_PATHBUSY, /* requested path is busy */ BE_ERR_PATHLEN, /* provided name exceeds maximum length limit */ BE_ERR_BADMOUNT, /* mountpoint is not '/' */ BE_ERR_NOORIGIN, /* could not open snapshot's origin */ BE_ERR_MOUNTED, /* boot environment is already mounted */ BE_ERR_NOMOUNT, /* boot environment is not mounted */ BE_ERR_ZFSOPEN, /* calling zfs_open() failed */ BE_ERR_ZFSCLONE, /* error when calling zfs_clone to create be */ BE_ERR_IO, /* error when doing some I/O operation */ BE_ERR_NOPOOL, /* operation not supported on this pool */ BE_ERR_NOMEM, /* insufficient memory */ BE_ERR_UNKNOWN, /* unknown error */ BE_ERR_INVORIGIN, /* invalid origin */ BE_ERR_HASCLONES, /* snapshot has clones */ } be_error_t; /* Library handling functions: be.c */ libbe_handle_t *libbe_init(const char *root); void libbe_close(libbe_handle_t *); /* Bootenv information functions: be_info.c */ const char *be_active_name(libbe_handle_t *); const char *be_active_path(libbe_handle_t *); const char *be_nextboot_name(libbe_handle_t *); const char *be_nextboot_path(libbe_handle_t *); const char *be_root_path(libbe_handle_t *); int be_get_bootenv_props(libbe_handle_t *, nvlist_t *); int be_get_dataset_props(libbe_handle_t *, const char *, nvlist_t *); int be_get_dataset_snapshots(libbe_handle_t *, const char *, nvlist_t *); int be_prop_list_alloc(nvlist_t **be_list); void be_prop_list_free(nvlist_t *be_list); int be_activate(libbe_handle_t *, const char *, bool); int be_deactivate(libbe_handle_t *, const char *, bool); bool be_is_auto_snapshot_name(libbe_handle_t *, const char *); /* Bootenv creation functions */ int be_create(libbe_handle_t *, const char *); int be_create_depth(libbe_handle_t *, const char *, const char *, int); int be_create_from_existing(libbe_handle_t *, const char *, const char *); int be_create_from_existing_snap(libbe_handle_t *, const char *, const char *); int be_snapshot(libbe_handle_t *, const char *, const char *, bool, char *); /* Bootenv manipulation functions */ int be_rename(libbe_handle_t *, const char *, const char *); /* Bootenv removal functions */ typedef enum { BE_DESTROY_FORCE = 1 << 0, BE_DESTROY_ORIGIN = 1 << 1, BE_DESTROY_AUTOORIGIN = 1 << 2, } be_destroy_opt_t; int be_destroy(libbe_handle_t *, const char *, int); /* Bootenv mounting functions: be_access.c */ typedef enum { BE_MNT_FORCE = 1 << 0, BE_MNT_DEEP = 1 << 1, } be_mount_opt_t; int be_mount(libbe_handle_t *, const char *, const char *, int, char *); int be_unmount(libbe_handle_t *, const char *, int); int be_mounted_at(libbe_handle_t *, const char *path, nvlist_t *); /* Error related functions: be_error.c */ int libbe_errno(libbe_handle_t *); const char *libbe_error_description(libbe_handle_t *); void libbe_print_on_error(libbe_handle_t *, bool); /* Utility Functions */ int be_root_concat(libbe_handle_t *, const char *, char *); int be_validate_name(libbe_handle_t * __unused, const char *); int be_validate_snap(libbe_handle_t *, const char *); int be_exists(libbe_handle_t *, const char *); int be_export(libbe_handle_t *, const char *, int fd); int be_import(libbe_handle_t *, const char *, int fd); +int be_log_history(libbe_handle_t *, const char *); + #if SOON int be_add_child(libbe_handle_t *, const char *, bool); #endif void be_nicenum(uint64_t num, char *buf, size_t buflen); #endif /* _LIBBE_H */ diff --git a/lib/libbe/libbe.3 b/lib/libbe/libbe.3 index 3b10711dd0f9..4331713e9227 100644 --- a/lib/libbe/libbe.3 +++ b/lib/libbe/libbe.3 @@ -1,600 +1,612 @@ .\" .\" SPDX-License-Identifier: BSD-2-Clause .\" .\" Copyright (c) 2017 Kyle Kneitinger .\" Copyright (c) 2018 Kyle Evans .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd April 20, 2025 +.Dd December 11, 2025 .Dt LIBBE 3 .Os .Sh NAME .Nm libbe .Nd library for creating, destroying and modifying ZFS boot environments .Sh LIBRARY .Lb libbe .Sh SYNOPSIS .In be.h .Ft "libbe_handle_t *hdl" Ns .Fn libbe_init "const char *be_root" .Pp .Ft void .Fn libbe_close "libbe_handle_t *hdl" .Pp .Ft const char * Ns .Fn be_active_name "libbe_handle_t *hdl" .Pp .Ft const char * Ns .Fn be_active_path "libbe_handle_t *hdl" .Pp .Ft const char * Ns .Fn be_nextboot_name "libbe_handle_t *hdl" .Pp .Ft const char * Ns .Fn be_nextboot_path "libbe_handle_t *hdl" .Pp .Ft const char * Ns .Fn be_root_path "libbe_handle_t *hdl" .Pp .Ft int Ns .Fn be_snapshot "libbe_handle_t *hdl" "const char *be_name" "const char *snap_name" "bool recursive" "char *result" .Pp .Ft bool Ns .Fn be_is_auto_snapshot_name "libbe_handle_t *hdl" "const char *snap" .Pp .Ft int .Fn be_create "libbe_handle_t *hdl" "const char *be_name" .Pp .Ft int .Fn be_create_depth "libbe_handle_t *hdl" "const char *be_name" "const char *snap" "int depth" .Pp .Ft int .Fn be_create_from_existing "libbe_handle_t *hdl" "const char *be_name" "const char *be_origin" .Pp .Ft int .Fn be_create_from_existing_snap "libbe_handle_t *hdl" "const char *be_name" "const char *snap" .Pp .Ft int .Fn be_rename "libbe_handle_t *hdl" "const char *be_old" "const char *be_new" .Pp .Ft int .Fn be_activate "libbe_handle_t *hdl" "const char *be_name" "bool temporary" .Pp .Ft int .Fn be_deactivate "libbe_handle_t *hdl" "const char *be_name" "bool temporary" .Pp .Ft int .Fn be_destroy "libbe_handle_t *hdl" "const char *be_name" "int options" .Pp .Ft void .Fn be_nicenum "uint64_t num" "char *buf" "size_t bufsz" .Pp .\" TODO: Write up of mount options .\" typedef enum { .\" BE_MNT_FORCE = 1 << 0, .\" BE_MNT_DEEP = 1 << 1, .\" } be_mount_opt_t .Ft int .Fn be_mount "libbe_handle_t *hdl" "const char *be_name" "const char *mntpoint" "int flags" "char *result" .Pp .Ft int .Fn be_mounted_at "libbe_handle_t *hdl" "const char *path" "nvlist_t *details" .Pp .Ft int .Fn be_unmount "libbe_handle_t *hdl" "const char *be_name" "int flags" .Pp .Ft int .Fn libbe_errno "libbe_handle_t *hdl" .Pp .Ft const char * Ns .Fn libbe_error_description "libbe_handle_t *hdl" .Pp .Ft void .Fn libbe_print_on_error "libbe_handle_t *hdl" "bool doprint" .Pp .Ft int .Fn be_root_concat "libbe_handle_t *hdl" "const char *be_name" "char *result" .Pp .Ft int .Fn be_validate_name "libbe_handle_t *hdl" "const char *be_name" .Pp .Ft int .Fn be_validate_snap "libbe_handle_t *hdl" "const char *snap" .Pp .Ft int .Fn be_exists "libbe_handle_t *hdl" "const char *be_name" .Pp .Ft int .Fn be_export "libbe_handle_t *hdl" "const char *be_name" "int fd" .Pp .Ft int .Fn be_import "libbe_handle_t *hdl" "const char *be_name" "int fd" .Pp .Ft int .Fn be_prop_list_alloc "nvlist_t **prop_list" .Pp .Ft int .Fn be_get_bootenv_props "libbe_handle_t *hdl" "nvlist_t *be_list" .Pp .Ft int .Fn be_get_dataset_props "libbe_handle_t *hdl" "const char *ds_name" "nvlist_t *props" .Pp .Ft int .Fn be_get_dataset_snapshots "libbe_handle_t *hdl" "const char *ds_name" "nvlist_t *snap_list" .Pp .Ft void .Fn be_prop_list_free "nvlist_t *prop_list" +.Pp +.Ft int +.Fn be_log_history "libbe_handle_t *hdl" "const char *message" .Sh DESCRIPTION .Nm interfaces with libzfs to provide a set of functions for various operations regarding ZFS boot environments, including "deep" boot environments in which a boot environment has child datasets. .Pp A context structure is passed to each function, allowing for a small amount of state to be retained, such as errors from previous operations. .Nm may be configured to print the corresponding error message to .Dv stderr when an error is encountered with .Fn libbe_print_on_error . .Pp All functions returning an .Vt int return 0 on success, or a .Nm errno otherwise as described in .Sx DIAGNOSTICS . .Pp The .Fn libbe_init function takes an optional BE root and initializes .Nm , returning a .Vt "libbe_handle_t *" on success, or .Dv NULL on error. If a BE root is supplied, .Nm will only operate out of that pool and BE root. An error may occur if: .Bl -bullet .It .Pa /boot and .Pa / are not on the same filesystem and device, .It libzfs fails to initialize, .It The system has not been properly booted with a ZFS boot environment, .It .Nm fails to open the zpool the active boot environment resides on, or .It .Nm fails to locate the boot environment that is currently mounted. .El .Pp The .Fn libbe_close function frees all resources previously acquired in .Fn libbe_init , invalidating the handle in the process. .Pp The .Fn be_active_name function returns the name of the currently booted boot environment. This boot environment may not belong to the same BE root as the root libbe is operating on! .Pp The .Fn be_active_path function returns the full path of the currently booted boot environment. This boot environment may not belong to the same BE root as the root libbe is operating on! .Pp The .Fn be_nextboot_name function returns the name of the boot environment that will be active on reboot. .Pp The .Fn be_nextboot_path function returns the full path of the boot environment that will be active on reboot. .Pp The .Fn be_root_path function returns the boot environment root path. .Pp The .Fn be_snapshot function creates a snapshot of .Fa be_name named .Fa snap_name . A value of .Dv NULL may be used, indicating that .Fn be_snaphot should derive the snapshot name from the current date and time. If .Fa recursive is set, then .Fn be_snapshot will recursively snapshot the dataset. If .Fa result is not .Dv NULL , then it will be populated with the final .Dq Fa be_name Ns @ Ns Fa snap_name . .Pp The .Fn be_is_auto_snapshot_name function is used to determine if the given snapshot name matches the format that the .Fn be_snapshot function will use by default if it is not given a snapshot name to use. It returns .Dv true if the name matches the format, and .Dv false if it does not. .Pp The .Fn be_create function creates a boot environment with the given name. The new boot environment will be created from a recursive snapshot of the currently booted boot environment. .Pp The .Fn be_create_depth function creates a boot environment with the given name from an existing snapshot. The depth parameter specifies the depth of recursion that will be cloned from the existing snapshot. A depth of '0' is no recursion and '-1' is unlimited (i.e., a recursive boot environment). .Pp The .Fn be_create_from_existing function creates a boot environment with the given name from the name of an existing boot environment. A recursive snapshot will be made of the origin boot environment, and the new boot environment will be created from that. .Pp The .Fn be_create_from_existing_snap function creates a recursive boot environment with the given name from an existing snapshot. .Pp The .Fn be_rename function renames a boot environment without unmounting it, as if renamed with the .Fl u argument were passed to .Nm zfs .Cm rename .Pp The .Fn be_activate function makes a boot environment active on the next boot. If the .Fa temporary flag is set, then it will be active for the next boot only, as done by .Xr zfsbootcfg 8 . .Pp The .Fn be_deactivate function deactivates a boot environment. If the .Fa temporary flag is set, then it will cause removal of boot once configuration, set by .Fn be_activate function or by .Xr zfsbootcfg 8 . If the .Fa temporary flag is not set, .Fn be_deactivate function will set zfs .Dv canmount property to .Dv noauto . .Pp The .Fn be_destroy function will recursively destroy the given boot environment. It will not destroy a mounted boot environment unless the .Dv BE_DESTROY_FORCE option is set in .Fa options . If the .Dv BE_DESTROY_ORIGIN option is set in .Fa options , the .Fn be_destroy function will destroy the origin snapshot to this boot environment as well. .Pp The .Fn be_nicenum function will format .Fa name in a traditional ZFS humanized format, similar to .Xr humanize_number 3 . This function effectively proxies .Fn zfs_nicenum from libzfs. .Pp The .Fn be_mount function will mount the given boot environment. If .Fa mountpoint is .Dv NULL , a mount point will be generated in .Ev TMPDIR or, if .Ev TMPDIR is not set, .Pa /tmp using .Xr mkdtemp 3 . If .Fa result is not .Dv NULL , it should be large enough to accommodate .Dv BE_MAXPATHLEN including the null terminator. the final mount point will be copied into it. Setting the .Dv BE_MNT_FORCE flag will pass .Dv MNT_FORCE to the underlying .Xr mount 2 call. .Pp The .Fn be_mounted_at function will check if there is a boot environment mounted at the given .Fa path . If .Fa details is not .Dv NULL , it will be populated with a list of the mounted dataset's properties. This list of properties matches the properties collected by .Fn be_get_bootenv_props . .Pp The .Fn be_unmount function will unmount the given boot environment. If the mount point looks like it was created by .Fn be_mount , then .Fn be_unmount will attempt to .Xr rmdir 2 the mountpoint after a successful unmount. Setting the .Dv BE_MNT_FORCE flag will pass .Dv MNT_FORCE to the underlying .Xr mount 2 call. .Pp The .Fn libbe_errno function returns the .Nm errno. .Pp The .Fn libbe_error_description function returns a string description of the currently set .Nm errno. .Pp The .Fn libbe_print_on_error function will change whether or not .Nm prints the description of any encountered error to .Dv stderr , based on .Fa doprint . .Pp The .Fn be_root_concat function will concatenate the boot environment root and the given boot environment name into .Fa result . .Pp The .Fn be_validate_name function will validate the given boot environment name for both length restrictions as well as valid character restrictions. This function does not set the internal library error state. .Pp The .Fn be_validate_snap function will validate the given snapshot name. The snapshot must have a valid name, exist, and have a mountpoint of .Pa / . This function does not set the internal library error state. .Pp The .Fn be_exists function will check whether the given boot environment exists and has a mountpoint of .Pa / . This function does not set the internal library error state, but will return the appropriate error. .Pp The .Fn be_export function will export the given boot environment to the file specified by .Fa fd . A snapshot will be created of the boot environment prior to export. .Pp The .Fn be_import function will import the boot environment in the file specified by .Fa fd , and give it the name .Fa be_name . .Pp The .Fn be_prop_list_alloc function allocates a property list suitable for passing to .Fn be_get_bootenv_props , .Fn be_get_dataset_props , or .Fn be_get_dataset_snapshots . It should be freed later by .Fa be_prop_list_free . .Pp The .Fn be_get_bootenv_props function will populate .Fa be_list with .Vt nvpair_t of boot environment names paired with an .Vt nvlist_t of their properties. The following properties are currently collected as appropriate: .Bl -column "Returned name" .It Sy Returned name Ta Sy Description .It dataset Ta - .It name Ta Boot environment name .It mounted Ta Current mount point .It mountpoint Ta Do mountpoint Dc property .It origin Ta Do origin Dc property .It creation Ta Do creation Dc property .It active Ta Currently booted environment .It used Ta Literal Do used Dc property .It usedds Ta Literal Do usedds Dc property .It usedsnap Ta Literal Do usedrefreserv Dc property .It referenced Ta Literal Do referenced Dc property .It nextboot Ta Active on next boot .El .Pp Only the .Dq dataset , .Dq name , .Dq active , and .Dq nextboot returned values will always be present. All other properties may be omitted if not available. .Pp The .Fn be_get_dataset_props function will get properties of the specified dataset. .Fa props is populated directly with a list of the properties as returned by .Fn be_get_bootenv_props . .Pp The .Fn be_get_dataset_snapshots function will retrieve all snapshots of the given dataset. .Fa snap_list will be populated with a list of .Vt nvpair_t exactly as specified by .Fn be_get_bootenv_props . .Pp The .Fn be_prop_list_free function will free the property list. +.Pp +The +.Fn be_log_history +function will log the given +.Fa message +to the zpool history, which can be later retrieved using the +.Xr zpool-history 8 +command. .Sh DIAGNOSTICS Upon error, one of the following values will be returned: .Bl -bullet -offset indent -compact .It BE_ERR_SUCCESS .It BE_ERR_INVALIDNAME .It BE_ERR_EXISTS .It BE_ERR_NOENT .It BE_ERR_PERMS .It BE_ERR_DESTROYACT .It BE_ERR_DESTROYMNT .It BE_ERR_BADPATH .It BE_ERR_PATHBUSY .It BE_ERR_PATHLEN .It BE_ERR_BADMOUNT .It BE_ERR_NOORIGIN .It BE_ERR_MOUNTED .It BE_ERR_NOMOUNT .It BE_ERR_ZFSOPEN .It BE_ERR_ZFSCLONE .It BE_ERR_IO .It BE_ERR_NOPOOL .It BE_ERR_NOMEM .It BE_ERR_UNKNOWN .It BE_ERR_INVORIGIN .El .Sh SEE ALSO -.Xr bectl 8 +.Xr bectl 8 , +.Xr zpool-history 8 .Sh HISTORY .Xr bectl 8 and .Nm were written by .An Kyle Kneitinger (kneitinger) Aq Mt kyle@kneit.in as a 2017 Google Summer of Code project, with .An Allan Jude (allanjude) Aq Mt allanjude@freebsd.org as mentor. .Sh AUTHORS Kyle Kneitinger, mentored as above. .Pp Post-GSoC changes were written by .An Kyle Evans (kevans) Aq Mt kevans@freebsd.org . diff --git a/sbin/bectl/bectl.c b/sbin/bectl/bectl.c index 95715b34336b..28483dae17b2 100644 --- a/sbin/bectl/bectl.c +++ b/sbin/bectl/bectl.c @@ -1,574 +1,615 @@ /* * Copyright (c) 2017 Kyle J. Kneitinger * * SPDX-License-Identifier: BSD-2-Clause */ #include #include +#include #include #include #include #include #include #include #include #include #include #include #include #include "bectl.h" static int bectl_cmd_activate(int argc, char *argv[]); static int bectl_cmd_check(int argc, char *argv[]); static int bectl_cmd_create(int argc, char *argv[]); static int bectl_cmd_destroy(int argc, char *argv[]); static int bectl_cmd_export(int argc, char *argv[]); static int bectl_cmd_import(int argc, char *argv[]); #if SOON static int bectl_cmd_add(int argc, char *argv[]); #endif static int bectl_cmd_mount(int argc, char *argv[]); static int bectl_cmd_rename(int argc, char *argv[]); static int bectl_cmd_unmount(int argc, char *argv[]); libbe_handle_t *be; int usage(bool explicit) { FILE *fp; fp = explicit ? stdout : stderr; fprintf(fp, "%s", "Usage:\tbectl {-h | subcommand [args...]}\n" #if SOON "\tbectl [-r beroot] add (path)*\n" #endif "\tbectl [-r beroot] activate [-t] beName\n" "\tbectl [-r beroot] activate [-T]\n" "\tbectl [-r beroot] check\n" "\tbectl [-r beroot] create [-r] [-e {nonActiveBe | beName@snapshot}] beName\n" "\tbectl [-r beroot] create [-r] beName@snapshot\n" "\tbectl [-r beroot] destroy [-Fo] {beName | beName@snapshot}\n" "\tbectl [-r beroot] export sourceBe\n" "\tbectl [-r beroot] import targetBe\n" "\tbectl [-r beroot] jail [-bU] [{-o key=value | -u key}]... beName\n" "\t [utility [argument ...]]\n" "\tbectl [-r beroot] list [-aDHs] [{-c property | -C property}]\n" "\tbectl [-r beroot] mount beName [mountpoint]\n" "\tbectl [-r beroot] rename origBeName newBeName\n" "\tbectl [-r beroot] {ujail | unjail} {jailID | jailName | beName}\n" "\tbectl [-r beroot] {umount | unmount} [-f] beName\n"); return (explicit ? 0 : EX_USAGE); } /* * Represents a relationship between the command name and the parser action * that handles it. */ struct command_map_entry { const char *command; int (*fn)(int argc, char *argv[]); /* True if libbe_print_on_error should be disabled */ bool silent; + bool save_history; }; static struct command_map_entry command_map[] = { - { "activate", bectl_cmd_activate,false }, - { "create", bectl_cmd_create, false }, - { "destroy", bectl_cmd_destroy, false }, - { "export", bectl_cmd_export, false }, - { "import", bectl_cmd_import, false }, + { "activate", bectl_cmd_activate,false, true }, + { "create", bectl_cmd_create, false, true }, + { "destroy", bectl_cmd_destroy, false, true }, + { "export", bectl_cmd_export, false, true }, + { "import", bectl_cmd_import, false, true }, #if SOON - { "add", bectl_cmd_add, false }, + { "add", bectl_cmd_add, false, true }, #endif - { "jail", bectl_cmd_jail, false }, - { "list", bectl_cmd_list, false }, - { "mount", bectl_cmd_mount, false }, - { "rename", bectl_cmd_rename, false }, - { "unjail", bectl_cmd_unjail, false }, - { "ujail", bectl_cmd_unjail, false }, - { "unmount", bectl_cmd_unmount, false }, - { "umount", bectl_cmd_unmount, false }, - { "check", bectl_cmd_check, true }, + { "jail", bectl_cmd_jail, false, false }, + { "list", bectl_cmd_list, false, false }, + { "mount", bectl_cmd_mount, false, false }, + { "rename", bectl_cmd_rename, false, true }, + { "unjail", bectl_cmd_unjail, false, false }, + { "ujail", bectl_cmd_unjail, false, false }, + { "unmount", bectl_cmd_unmount, false, false }, + { "umount", bectl_cmd_unmount, false, false }, + { "check", bectl_cmd_check, true, false }, }; static struct command_map_entry * get_cmd_info(const char *cmd) { size_t i; for (i = 0; i < nitems(command_map); ++i) { if (strcmp(cmd, command_map[i].command) == 0) return (&command_map[i]); } return (NULL); } static int bectl_cmd_activate(int argc, char *argv[]) { int err, opt; bool temp, reset; temp = false; reset = false; while ((opt = getopt(argc, argv, "tT")) != -1) { switch (opt) { case 't': if (reset) return (usage(false)); temp = true; break; case 'T': if (temp) return (usage(false)); reset = true; break; default: fprintf(stderr, "bectl activate: unknown option '-%c'\n", optopt); return (usage(false)); } } argc -= optind; argv += optind; if (argc != 1 && (!reset || argc != 0)) { fprintf(stderr, "bectl activate: wrong number of arguments\n"); return (usage(false)); } if (reset) { if ((err = be_deactivate(be, NULL, reset)) == 0) printf("Temporary activation removed\n"); else printf("Failed to remove temporary activation\n"); return (err); } /* activate logic goes here */ if ((err = be_activate(be, argv[0], temp)) != 0) /* XXX TODO: more specific error msg based on err */ printf("Did not successfully activate boot environment %s", argv[0]); else printf("Successfully activated boot environment %s", argv[0]); if (temp) printf(" for next boot"); printf("\n"); return (err); } /* * TODO: when only one arg is given, and it contains an "@" the this should * create that snapshot */ static int bectl_cmd_create(int argc, char *argv[]) { char snapshot[BE_MAXPATHLEN]; char *atpos, *bootenv, *snapname; int err, opt; bool recursive; snapname = NULL; recursive = false; while ((opt = getopt(argc, argv, "e:r")) != -1) { switch (opt) { case 'e': snapname = optarg; break; case 'r': recursive = true; break; default: fprintf(stderr, "bectl create: unknown option '-%c'\n", optopt); return (usage(false)); } } argc -= optind; argv += optind; if (argc != 1) { fprintf(stderr, "bectl create: wrong number of arguments\n"); return (usage(false)); } bootenv = *argv; err = BE_ERR_SUCCESS; if ((atpos = strchr(bootenv, '@')) != NULL) { /* * This is the "create a snapshot variant". No new boot * environment is to be created here. */ *atpos++ = '\0'; err = be_snapshot(be, bootenv, atpos, recursive, NULL); } else { if (snapname == NULL) /* Create from currently booted BE */ err = be_snapshot(be, be_active_path(be), NULL, recursive, snapshot); else if (strchr(snapname, '@') != NULL) /* Create from given snapshot */ strlcpy(snapshot, snapname, sizeof(snapshot)); else /* Create from given BE */ err = be_snapshot(be, snapname, NULL, recursive, snapshot); if (err == BE_ERR_SUCCESS) err = be_create_depth(be, bootenv, snapshot, recursive == true ? -1 : 0); } switch (err) { case BE_ERR_SUCCESS: break; case BE_ERR_INVALIDNAME: fprintf(stderr, "bectl create: boot environment name must not contain spaces\n"); break; default: if (atpos != NULL) fprintf(stderr, "Failed to create a snapshot '%s' of '%s'\n", atpos, bootenv); else if (snapname == NULL) fprintf(stderr, "Failed to create bootenv %s\n", bootenv); else fprintf(stderr, "Failed to create bootenv %s from snapshot %s\n", bootenv, snapname); } return (err); } static int bectl_cmd_export(int argc, char *argv[]) { char *bootenv; if (argc == 1) { fprintf(stderr, "bectl export: missing boot environment name\n"); return (usage(false)); } if (argc > 2) { fprintf(stderr, "bectl export: extra arguments provided\n"); return (usage(false)); } bootenv = argv[1]; if (isatty(STDOUT_FILENO)) { fprintf(stderr, "bectl export: must redirect output\n"); return (EX_USAGE); } be_export(be, bootenv, STDOUT_FILENO); return (0); } static int bectl_cmd_import(int argc, char *argv[]) { char *bootenv; int err; if (argc == 1) { fprintf(stderr, "bectl import: missing boot environment name\n"); return (usage(false)); } if (argc > 2) { fprintf(stderr, "bectl import: extra arguments provided\n"); return (usage(false)); } bootenv = argv[1]; if (isatty(STDIN_FILENO)) { fprintf(stderr, "bectl import: input can not be from terminal\n"); return (EX_USAGE); } err = be_import(be, bootenv, STDIN_FILENO); return (err); } #if SOON static int bectl_cmd_add(int argc, char *argv[]) { if (argc < 2) { fprintf(stderr, "bectl add: must provide at least one path\n"); return (usage(false)); } for (int i = 1; i < argc; ++i) { printf("arg %d: %s\n", i, argv[i]); /* XXX TODO catch err */ be_add_child(be, argv[i], true); } return (0); } #endif static int bectl_cmd_destroy(int argc, char *argv[]) { nvlist_t *props; char *target, targetds[BE_MAXPATHLEN]; const char *origin; int err, flags, opt; flags = 0; while ((opt = getopt(argc, argv, "Fo")) != -1) { switch (opt) { case 'F': flags |= BE_DESTROY_FORCE; break; case 'o': flags |= BE_DESTROY_ORIGIN; break; default: fprintf(stderr, "bectl destroy: unknown option '-%c'\n", optopt); return (usage(false)); } } argc -= optind; argv += optind; if (argc != 1) { fprintf(stderr, "bectl destroy: wrong number of arguments\n"); return (usage(false)); } target = argv[0]; /* We'll emit a notice if there's an origin to be cleaned up */ if ((flags & BE_DESTROY_ORIGIN) == 0 && strchr(target, '@') == NULL) { flags |= BE_DESTROY_AUTOORIGIN; if (be_root_concat(be, target, targetds) != 0) goto destroy; if (be_prop_list_alloc(&props) != 0) goto destroy; if (be_get_dataset_props(be, targetds, props) != 0) { be_prop_list_free(props); goto destroy; } if (nvlist_lookup_string(props, "origin", &origin) == 0 && !be_is_auto_snapshot_name(be, origin)) fprintf(stderr, "bectl destroy: leaving origin '%s' intact\n", origin); be_prop_list_free(props); } destroy: err = be_destroy(be, target, flags); return (err); } static int bectl_cmd_mount(int argc, char *argv[]) { char result_loc[BE_MAXPATHLEN]; char *bootenv, *mountpoint; int err, mntflags; /* XXX TODO: Allow shallow */ mntflags = BE_MNT_DEEP; if (argc < 2) { fprintf(stderr, "bectl mount: missing argument(s)\n"); return (usage(false)); } if (argc > 3) { fprintf(stderr, "bectl mount: too many arguments\n"); return (usage(false)); } bootenv = argv[1]; mountpoint = ((argc == 3) ? argv[2] : NULL); err = be_mount(be, bootenv, mountpoint, mntflags, result_loc); switch (err) { case BE_ERR_SUCCESS: printf("%s\n", result_loc); break; default: fprintf(stderr, (argc == 3) ? "Failed to mount bootenv %s at %s\n" : "Failed to mount bootenv %s at temporary path %s\n", bootenv, mountpoint); } return (err); } static int bectl_cmd_rename(int argc, char *argv[]) { char *dest, *src; int err; if (argc < 3) { fprintf(stderr, "bectl rename: missing argument\n"); return (usage(false)); } if (argc > 3) { fprintf(stderr, "bectl rename: too many arguments\n"); return (usage(false)); } src = argv[1]; dest = argv[2]; err = be_rename(be, src, dest); switch (err) { case BE_ERR_SUCCESS: break; default: fprintf(stderr, "Failed to rename bootenv %s to %s\n", src, dest); } return (err); } static int bectl_cmd_unmount(int argc, char *argv[]) { char *bootenv, *cmd; int err, flags, opt; /* Store alias used */ cmd = argv[0]; flags = 0; while ((opt = getopt(argc, argv, "f")) != -1) { switch (opt) { case 'f': flags |= BE_MNT_FORCE; break; default: fprintf(stderr, "bectl %s: unknown option '-%c'\n", cmd, optopt); return (usage(false)); } } argc -= optind; argv += optind; if (argc != 1) { fprintf(stderr, "bectl %s: wrong number of arguments\n", cmd); return (usage(false)); } bootenv = argv[0]; err = be_unmount(be, bootenv, flags); switch (err) { case BE_ERR_SUCCESS: break; default: fprintf(stderr, "Failed to unmount bootenv %s\n", bootenv); } return (err); } static int bectl_cmd_check(int argc, char *argv[] __unused) { /* The command is left as argv[0] */ if (argc != 1) { fprintf(stderr, "bectl check: wrong number of arguments\n"); return (usage(false)); } return (0); } +static char * +save_cmdline(int argc, char *argv[]) +{ + char *cmdline, *basename, *p; + int len, n, i; + + len = MAXPATHLEN * 2 + 1; /* HIS_MAX_RECORD_LEN from zfs.h */ + cmdline = p = malloc(len); + if (cmdline == NULL) + err(2, "malloc"); + + basename = strrchr(argv[0], '/'); + if (basename == NULL) + basename = argv[0]; + else + basename++; + + n = strlcpy(p, basename, len); + for (i = 1; i < argc; i++) { + if (n >= len) + break; + p += n; + *p++ = ' '; + len -= (n + 1); + n = strlcpy(p, argv[i], len); + } + + return (cmdline); +} + int main(int argc, char *argv[]) { struct command_map_entry *cmd; const char *command; - char *root = NULL; + char *root = NULL, *cmdline = NULL; int opt, rc; while ((opt = getopt(argc, argv, "hr:")) != -1) { switch (opt) { case 'h': exit(usage(true)); case 'r': root = strdup(optarg); break; default: exit(usage(false)); } } argc -= optind; argv += optind; if (argc == 0) exit(usage(false)); command = *argv; optreset = 1; optind = 1; if ((cmd = get_cmd_info(command)) == NULL) { fprintf(stderr, "Unknown command: %s\n", command); return (usage(false)); } if ((be = libbe_init(root)) == NULL) { if (!cmd->silent) fprintf(stderr, "libbe_init(\"%s\") failed.\n", root != NULL ? root : ""); return (-1); } + if (cmd->save_history) + cmdline = save_cmdline(argc+optind, argv-optind); + libbe_print_on_error(be, !cmd->silent); rc = cmd->fn(argc, argv); + if (cmd->save_history) { + if (rc == 0) + be_log_history(be, cmdline); + free(cmdline); + } + libbe_close(be); return (rc); }