[PATCH fstools] libfstools: support custom executable validating overlay

[Rafał Miłecki]

From: Rafał Miłecki <rafal at milecki.pl>

This results in calling /usr/libexec/overlay_verify which may either
modify overlay (e.g. wipe it) or refuse it. It's needed by targets that
need to validate that "rootfs_data" doesn't come from a previous
firmware. They may provide a script that will wipe such /outdated/
overlays.

Signed-off-by: Rafał Miłecki <rafal at milecki.pl>
---
 libfstools/overlay.c | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/libfstools/overlay.c b/libfstools/overlay.c
index 6790337..281626d 100644
--- a/libfstools/overlay.c
+++ b/libfstools/overlay.c
@@ -14,6 +14,7 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/mount.h>
+#include <sys/wait.h>
 
 #include <asm/byteorder.h>
 
@@ -36,6 +37,7 @@
 
 #define SWITCH_JFFS2 "/tmp/.switch_jffs2"
 #define OVERLAYDIR "/rom/overlay"
+#define OVERLAY_VERIFY "/usr/libexec/overlay_verify"
 
 static bool keep_sysupgrade;
 
@@ -412,6 +414,33 @@ int fs_state_set(const char *dir, enum fs_state state)
 	return symlink(valstr, path);
 }
 
+/*
+ * Call user custom script (if present) that may perform some extra overlay
+ * validation.
+ */
+static int overlay_verify(const char *overlay_mp)
+{
+	struct stat s;
+	pid_t pid;
+
+	if (stat(OVERLAY_VERIFY, &s))
+		return 0;
+
+	pid = fork();
+	if (!pid) {
+		execl(OVERLAY_VERIFY, OVERLAY_VERIFY, overlay_mp, NULL);
+		exit(EXIT_FAILURE);
+	} else if (pid > 0) {
+		int wstatus;
+
+		waitpid(pid, &wstatus, 0);
+
+		if (WIFEXITED(wstatus))
+			return WEXITSTATUS(wstatus);
+	}
+
+	return -1;
+}
 
 int mount_overlay(struct volume *v)
 {
@@ -432,6 +461,12 @@ int mount_overlay(struct volume *v)
 	if (err)
 		return err;
 
+	err = overlay_verify(overlay_mp);
+	if (err) {
+		ULOG_ERR("failed to verify overlay: %d\n", err);
+		return err;
+	}
+
 	/*
 	 * Check for extroot config in overlay (rootfs_data) and if present then
 	 * prefer it over rootfs_data.
-- 
2.31.1