]> git.proxmox.com Git - pve-common.git/blob - src/PVE/Tools.pm
projects / pve-common.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
download file from url: fix indentation
[pve-common.git] / src / PVE / Tools.pm
1 package PVE::Tools;
2
3 use strict;
4 use warnings;
5
6 use Date::Format qw(time2str);
7 use Digest::MD5;
8 use Digest::SHA;
9 use Encode;
10 use Fcntl qw(:DEFAULT :flock);
11 use File::Basename;
12 use File::Path qw(make_path);
13 use Filesys::Df (); # don't overwrite our df()
14 use IO::Dir;
15 use IO::File;
16 use IO::Handle;
17 use IO::Pipe;
18 use IO::Select;
19 use IO::Socket::IP;
20 use IPC::Open3;
21 use JSON;
22 use POSIX qw(EINTR EEXIST EOPNOTSUPP);
23 use Scalar::Util 'weaken';
24 use Socket qw(AF_INET AF_INET6 AI_ALL AI_V4MAPPED AI_CANONNAME SOCK_DGRAM IPPROTO_TCP);
25 use String::ShellQuote;
26 use Text::ParseWords;
27 use Time::HiRes qw(usleep gettimeofday tv_interval alarm);
28 use URI::Escape;
29 use base 'Exporter';
30
31 use PVE::Syscall;
32
33 # avoid warning when parsing long hex values with hex()
34 no warnings 'portable'; # Support for 64-bit ints required
35
36 our @EXPORT_OK = qw(
37 $IPV6RE
38 $IPV4RE
39 lock_file
40 lock_file_full
41 run_command
42 file_set_contents
43 file_get_contents
44 file_read_firstline
45 dir_glob_regex
46 dir_glob_foreach
47 split_list
48 template_replace
49 safe_print
50 trim
51 extract_param
52 extract_sensitive_params
53 file_copy
54 get_host_arch
55 O_PATH
56 O_TMPFILE
57 AT_EMPTY_PATH
58 AT_FDCWD
59 CLONE_NEWNS
60 CLONE_NEWUTS
61 CLONE_NEWIPC
62 CLONE_NEWUSER
63 CLONE_NEWPID
64 CLONE_NEWNET
65 );
66
67 my $pvelogdir = "/var/log/pve";
68 my $pvetaskdir = "$pvelogdir/tasks";
69
70 mkdir $pvelogdir;
71 mkdir $pvetaskdir;
72
73 my $IPV4OCTET = "(?:25[0-5]|(?:2[0-4]|1[0-9]|[1-9])?[0-9])";
74 our $IPV4RE = "(?:(?:$IPV4OCTET\\.){3}$IPV4OCTET)";
75 my $IPV6H16 = "(?:[0-9a-fA-F]{1,4})";
76 my $IPV6LS32 = "(?:(?:$IPV4RE|$IPV6H16:$IPV6H16))";
77
78 our $IPV6RE = "(?:" .
79 "(?:(?:" . "(?:$IPV6H16:){6})$IPV6LS32)|" .
80 "(?:(?:" . "::(?:$IPV6H16:){5})$IPV6LS32)|" .
81 "(?:(?:(?:" . "$IPV6H16)?::(?:$IPV6H16:){4})$IPV6LS32)|" .
82 "(?:(?:(?:(?:$IPV6H16:){0,1}$IPV6H16)?::(?:$IPV6H16:){3})$IPV6LS32)|" .
83 "(?:(?:(?:(?:$IPV6H16:){0,2}$IPV6H16)?::(?:$IPV6H16:){2})$IPV6LS32)|" .
84 "(?:(?:(?:(?:$IPV6H16:){0,3}$IPV6H16)?::(?:$IPV6H16:){1})$IPV6LS32)|" .
85 "(?:(?:(?:(?:$IPV6H16:){0,4}$IPV6H16)?::" . ")$IPV6LS32)|" .
86 "(?:(?:(?:(?:$IPV6H16:){0,5}$IPV6H16)?::" . ")$IPV6H16)|" .
87 "(?:(?:(?:(?:$IPV6H16:){0,6}$IPV6H16)?::" . ")))";
88
89 our $IPRE = "(?:$IPV4RE|$IPV6RE)";
90
91 our $EMAIL_USER_RE = qr/[\w\+\-\~]+(\.[\w\+\-\~]+)*/;
92 our $EMAIL_RE = qr/$EMAIL_USER_RE@[a-zA-Z0-9\-]+(\.[a-zA-Z0-9\-]+)*/;
93
94 use constant {CLONE_NEWNS => 0x00020000,
95 CLONE_NEWUTS => 0x04000000,
96 CLONE_NEWIPC => 0x08000000,
97 CLONE_NEWUSER => 0x10000000,
98 CLONE_NEWPID => 0x20000000,
99 CLONE_NEWNET => 0x40000000};
100
101 use constant {O_PATH => 0x00200000,
102 O_CLOEXEC => 0x00080000,
103 O_TMPFILE => 0x00400000 | O_DIRECTORY};
104
105 use constant {AT_EMPTY_PATH => 0x1000,
106 AT_FDCWD => -100};
107
108 # from <linux/fs.h>
109 use constant {RENAME_NOREPLACE => (1 << 0),
110 RENAME_EXCHANGE => (1 << 1),
111 RENAME_WHITEOUT => (1 << 2)};
112
113 sub run_with_timeout {
114 my ($timeout, $code, @param) = @_;
115
116 die "got timeout\n" if $timeout <= 0;
117
118 my $prev_alarm = alarm 0; # suspend outer alarm early
119
120 my $sigcount = 0;
121 my $got_timeout = 0;
122
123 my $res;
124
125 eval {
126 local $SIG{ALRM} = sub { $sigcount++; $got_timeout = 1; die "got timeout\n"; };
127 local $SIG{PIPE} = sub { $sigcount++; die "broken pipe\n" };
128 local $SIG{__DIE__}; # see SA bug 4631
129
130 alarm($timeout);
131
132 eval { $res = &$code(@param); };
133
134 alarm(0); # avoid race conditions
135
136 die $@ if $@;
137 };
138
139 my $err = $@;
140
141 alarm $prev_alarm;
142
143 # this shouldn't happen anymore?
144 die "unknown error" if $sigcount && !$err; # seems to happen sometimes
145
146 die $err if $err && !wantarray; # assume that user handles timeout err if called in list context
147
148 return wantarray ? ($res, $got_timeout) : $res;
149 }
150
151 # flock: we use one file handle per process, so lock file
152 # can be nested multiple times and succeeds for the same process.
153 #
154 # Since this is the only way we lock now and we don't have the old
155 # 'lock(); code(); unlock();' pattern anymore we do not actually need to
156 # count how deep we're nesting. Therefore this hash now stores a weak reference
157 # to a boolean telling us whether we already have a lock.
158
159 my $lock_handles = {};
160
161 sub lock_file_full {
162 my ($filename, $timeout, $shared, $code, @param) = @_;
163
164 $timeout = 10 if !$timeout;
165
166 my $mode = $shared ? LOCK_SH : LOCK_EX;
167
168 my $lockhash = ($lock_handles->{$$} //= {});
169
170 # Returns a locked file handle.
171 my $get_locked_file = sub {
172 my $fh = IO::File->new(">>$filename")
173 or die "can't open file - $!\n";
174
175 if (!flock($fh, $mode|LOCK_NB)) {
176 print STDERR "trying to acquire lock...\n";
177 my $success;
178 while(1) {
179 $success = flock($fh, $mode);
180 # try again on EINTR (see bug #273)
181 if ($success || ($! != EINTR)) {
182 last;
183 }
184 }
185 if (!$success) {
186 print STDERR " failed\n";
187 die "can't acquire lock '$filename' - $!\n";
188 }
189 print STDERR " OK\n";
190 }
191
192 return $fh;
193 };
194
195 my $res;
196 my $checkptr = $lockhash->{$filename};
197 my $check = 0; # This must not go out of scope before running the code.
198 my $local_fh; # This must stay local
199 if (!$checkptr || !$$checkptr) {
200 # We cannot create a weak reference in a single atomic step, so we first
201 # create a false-value, then create a reference to it, then weaken it,
202 # and after successfully locking the file we change the boolean value.
203 #
204 # The reason for this is that if an outer SIGALRM throws an exception
205 # between creating the reference and weakening it, a subsequent call to
206 # lock_file_full() will see a leftover full reference to a valid
207 # variable. This variable must be 0 in order for said call to attempt to
208 # lock the file anew.
209 #
210 # An externally triggered exception elsewhere in the code will cause the
211 # weak reference to become 'undef', and since the file handle is only
212 # stored in the local scope in $local_fh, the file will be closed by
213 # perl's cleanup routines as well.
214 #
215 # This still assumes that an IO::File handle can properly deal with such
216 # exceptions thrown during its own destruction, but that's up to perls
217 # guts now.
218 $lockhash->{$filename} = \$check;
219 weaken $lockhash->{$filename};
220 $local_fh = eval { run_with_timeout($timeout, $get_locked_file) };
221 if ($@) {
222 $@ = "can't lock file '$filename' - $@";
223 return undef;
224 }
225 $check = 1;
226 }
227 $res = eval { &$code(@param); };
228 return undef if $@;
229 return $res;
230 }
231
232
233 sub lock_file {
234 my ($filename, $timeout, $code, @param) = @_;
235
236 return lock_file_full($filename, $timeout, 0, $code, @param);
237 }
238
239 sub file_set_contents {
240 my ($filename, $data, $perm) = @_;
241
242 $perm = 0644 if !defined($perm);
243
244 my $tmpname = "$filename.tmp.$$";
245
246 eval {
247 my ($fh, $tries) = (undef, 0);
248 while (!$fh && $tries++ < 3) {
249 $fh = IO::File->new($tmpname, O_WRONLY|O_CREAT|O_EXCL, $perm);
250 if (!$fh && $! == EEXIST) {
251 unlink($tmpname) or die "unable to delete old temp file: $!\n";
252 }
253 }
254 die "unable to open file '$tmpname' - $!\n" if !$fh;
255 die "unable to write '$tmpname' - $!\n" unless print $fh $data;
256 die "closing file '$tmpname' failed - $!\n" unless close $fh;
257 };
258 my $err = $@;
259
260 if ($err) {
261 unlink $tmpname;
262 die $err;
263 }
264
265 if (!rename($tmpname, $filename)) {
266 my $msg = "close (rename) atomic file '$filename' failed: $!\n";
267 unlink $tmpname;
268 die $msg;
269 }
270 }
271
272 sub file_get_contents {
273 my ($filename, $max) = @_;
274
275 my $fh = IO::File->new($filename, "r") ||
276 die "can't open '$filename' - $!\n";
277
278 my $content = safe_read_from($fh, $max, 0, $filename);
279
280 close $fh;
281
282 return $content;
283 }
284
285 sub file_copy {
286 my ($filename, $dst, $max, $perm) = @_;
287
288 file_set_contents ($dst, file_get_contents($filename, $max), $perm);
289 }
290
291 sub file_read_firstline {
292 my ($filename) = @_;
293
294 my $fh = IO::File->new ($filename, "r");
295 if (!$fh) {
296 return undef if $! == POSIX::ENOENT;
297 die "file '$filename' exists but open for reading failed - $!\n";
298 }
299 my $res = <$fh>;
300 chomp $res if $res;
301 $fh->close;
302 return $res;
303 }
304
305 sub safe_read_from {
306 my ($fh, $max, $oneline, $filename) = @_;
307
308 # pmxcfs file size limit
309 $max = 1024 * 1024 if !$max;
310
311 my $subject = defined($filename) ? "file '$filename'" : 'input';
312
313 my $br = 0;
314 my $input = '';
315 my $count;
316 while ($count = sysread($fh, $input, 8192, $br)) {
317 $br += $count;
318 die "$subject too long - aborting\n" if $br > $max;
319 if ($oneline && $input =~ m/^(.*)\n/) {
320 $input = $1;
321 last;
322 }
323 }
324 die "unable to read $subject - $!\n" if !defined($count);
325
326 return $input;
327 }
328
329 # The $cmd parameter can be:
330 # -) a string
331 # This is generally executed by passing it to the shell with the -c option.
332 # However, it can be executed in one of two ways, depending on whether
333 # there's a pipe involved:
334 # *) with pipe: passed explicitly to bash -c, prefixed with:
335 # set -o pipefail &&
336 # *) without a pipe: passed to perl's open3 which uses 'sh -c'
337 # (Note that this may result in two different syntax requirements!)
338 # FIXME?
339 # -) an array of arguments (strings)
340 # Will be executed without interference from a shell. (Parameters are passed
341 # as is, no escape sequences of strings will be touched.)
342 # -) an array of arrays
343 # Each array represents a command, and each command's output is piped into
344 # the following command's standard input.
345 # For this a shell command string is created with pipe symbols between each
346 # command.
347 # Each command is a list of strings meant to end up in the final command
348 # unchanged. In order to achieve this, every argument is shell-quoted.
349 # Quoting can be disabled for a particular argument by turning it into a
350 # reference, this allows inserting arbitrary shell options.
351 # For instance: the $cmd [ [ 'echo', 'hello', \'>/dev/null' ] ] will not
352 # produce any output, while the $cmd [ [ 'echo', 'hello', '>/dev/null' ] ]
353 # will literally print: hello >/dev/null
354 sub run_command {
355 my ($cmd, %param) = @_;
356
357 my $old_umask;
358 my $cmdstr;
359
360 if (my $ref = ref($cmd)) {
361 if (ref($cmd->[0])) {
362 $cmdstr = 'set -o pipefail && ';
363 my $pipe = '';
364 foreach my $command (@$cmd) {
365 # concatenate quoted parameters
366 # strings which are passed by reference are NOT shell quoted
367 $cmdstr .= $pipe . join(' ', map { ref($_) ? $$_ : shellquote($_) } @$command);
368 $pipe = ' | ';
369 }
370 $cmd = [ '/bin/bash', '-c', "$cmdstr" ];
371 } else {
372 $cmdstr = cmd2string($cmd);
373 }
374 } else {
375 $cmdstr = $cmd;
376 if ($cmd =~ m/\|/) {
377 # see 'man bash' for option pipefail
378 $cmd = [ '/bin/bash', '-c', "set -o pipefail && $cmd" ];
379 } else {
380 $cmd = [ $cmd ];
381 }
382 }
383
384 my $errmsg;
385 my $laststderr;
386 my $timeout;
387 my $oldtimeout;
388 my $pid;
389 my $exitcode = -1;
390
391 my $outfunc;
392 my $errfunc;
393 my $logfunc;
394 my $input;
395 my $output;
396 my $afterfork;
397 my $noerr;
398 my $keeplocale;
399 my $quiet;
400
401 eval {
402
403 foreach my $p (keys %param) {
404 if ($p eq 'timeout') {
405 $timeout = $param{$p};
406 } elsif ($p eq 'umask') {
407 $old_umask = umask($param{$p});
408 } elsif ($p eq 'errmsg') {
409 $errmsg = $param{$p};
410 } elsif ($p eq 'input') {
411 $input = $param{$p};
412 } elsif ($p eq 'output') {
413 $output = $param{$p};
414 } elsif ($p eq 'outfunc') {
415 $outfunc = $param{$p};
416 } elsif ($p eq 'errfunc') {
417 $errfunc = $param{$p};
418 } elsif ($p eq 'logfunc') {
419 $logfunc = $param{$p};
420 } elsif ($p eq 'afterfork') {
421 $afterfork = $param{$p};
422 } elsif ($p eq 'noerr') {
423 $noerr = $param{$p};
424 } elsif ($p eq 'keeplocale') {
425 $keeplocale = $param{$p};
426 } elsif ($p eq 'quiet') {
427 $quiet = $param{$p};
428 } else {
429 die "got unknown parameter '$p' for run_command\n";
430 }
431 }
432
433 if ($errmsg) {
434 my $origerrfunc = $errfunc;
435 $errfunc = sub {
436 if ($laststderr) {
437 if ($origerrfunc) {
438 &$origerrfunc("$laststderr\n");
439 } else {
440 print STDERR "$laststderr\n" if $laststderr;
441 }
442 }
443 $laststderr = shift;
444 };
445 }
446
447 my $reader = $output && $output =~ m/^>&/ ? $output : IO::File->new();
448 my $writer = $input && $input =~ m/^<&/ ? $input : IO::File->new();
449 my $error = IO::File->new();
450
451 my $orig_pid = $$;
452
453 eval {
454 local $ENV{LC_ALL} = 'C' if !$keeplocale;
455
456 # suppress LVM warnings like: "File descriptor 3 left open";
457 local $ENV{LVM_SUPPRESS_FD_WARNINGS} = "1";
458
459 $pid = open3($writer, $reader, $error, @$cmd) || die $!;
460
461 # if we pipe fron STDIN, open3 closes STDIN, so we get a perl warning like
462 # "Filehandle STDIN reopened as GENXYZ .. " as soon as we open a new file.
463 # to avoid that we open /dev/null
464 if (!ref($writer) && !defined(fileno(STDIN))) {
465 POSIX::close(0);
466 open(STDIN, '<', '/dev/null');
467 }
468 };
469
470 my $err = $@;
471
472 # catch exec errors
473 if ($orig_pid != $$) {
474 warn "ERROR: $err";
475 POSIX::_exit (1);
476 kill ('KILL', $$);
477 }
478
479 die $err if $err;
480
481 local $SIG{ALRM} = sub { die "got timeout\n"; } if $timeout;
482 $oldtimeout = alarm($timeout) if $timeout;
483
484 &$afterfork() if $afterfork;
485
486 if (ref($writer)) {
487 print $writer $input if defined $input;
488 close $writer;
489 }
490
491 my $select = IO::Select->new();
492 $select->add($reader) if ref($reader);
493 $select->add($error);
494
495 my $outlog = '';
496 my $errlog = '';
497
498 my $starttime = time();
499
500 while ($select->count) {
501 my @handles = $select->can_read(1);
502
503 foreach my $h (@handles) {
504 my $buf = '';
505 my $count = sysread ($h, $buf, 4096);
506 if (!defined ($count)) {
507 my $err = $!;
508 kill (9, $pid);
509 waitpid ($pid, 0);
510 die $err;
511 }
512 $select->remove ($h) if !$count;
513 if ($h eq $reader) {
514 if ($outfunc || $logfunc) {
515 eval {
516 while ($buf =~ s/^([^\010\r\n]*)(?:\n|(?:\010)+|\r\n?)//) {
517 my $line = $outlog . $1;
518 $outlog = '';
519 &$outfunc($line) if $outfunc;
520 &$logfunc($line) if $logfunc;
521 }
522 $outlog .= $buf;
523 };
524 my $err = $@;
525 if ($err) {
526 kill (9, $pid);
527 waitpid ($pid, 0);
528 die $err;
529 }
530 } elsif (!$quiet) {
531 print $buf;
532 *STDOUT->flush();
533 }
534 } elsif ($h eq $error) {
535 if ($errfunc || $logfunc) {
536 eval {
537 while ($buf =~ s/^([^\010\r\n]*)(?:\n|(?:\010)+|\r\n?)//) {
538 my $line = $errlog . $1;
539 $errlog = '';
540 &$errfunc($line) if $errfunc;
541 &$logfunc($line) if $logfunc;
542 }
543 $errlog .= $buf;
544 };
545 my $err = $@;
546 if ($err) {
547 kill (9, $pid);
548 waitpid ($pid, 0);
549 die $err;
550 }
551 } elsif (!$quiet) {
552 print STDERR $buf;
553 *STDERR->flush();
554 }
555 }
556 }
557 }
558
559 &$outfunc($outlog) if $outfunc && $outlog;
560 &$logfunc($outlog) if $logfunc && $outlog;
561
562 &$errfunc($errlog) if $errfunc && $errlog;
563 &$logfunc($errlog) if $logfunc && $errlog;
564
565 waitpid ($pid, 0);
566
567 if ($? == -1) {
568 die "failed to execute\n";
569 } elsif (my $sig = ($? & 127)) {
570 die "got signal $sig\n";
571 } elsif ($exitcode = ($? >> 8)) {
572 if (!($exitcode == 24 && ($cmdstr =~ m|^(\S+/)?rsync\s|))) {
573 if ($errmsg && $laststderr) {
574 my $lerr = $laststderr;
575 $laststderr = undef;
576 die "$lerr\n";
577 }
578 die "exit code $exitcode\n";
579 }
580 }
581
582 alarm(0);
583 };
584
585 my $err = $@;
586
587 alarm(0);
588
589 if ($errmsg && $laststderr) {
590 &$errfunc(undef); # flush laststderr
591 }
592
593 umask ($old_umask) if defined($old_umask);
594
595 alarm($oldtimeout) if $oldtimeout;
596
597 if ($err) {
598 if ($pid && ($err eq "got timeout\n")) {
599 kill (9, $pid);
600 waitpid ($pid, 0);
601 die "command '$cmdstr' failed: $err";
602 }
603
604 if ($errmsg) {
605 $err =~ s/^usermod:\s*// if $cmdstr =~ m|^(\S+/)?usermod\s|;
606 die "$errmsg: $err";
607 } elsif(!$noerr) {
608 die "command '$cmdstr' failed: $err";
609 }
610 }
611
612 return $exitcode;
613 }
614
615 # Run a command with a tcp socket as standard input.
616 sub pipe_socket_to_command {
617 my ($cmd, $ip, $port) = @_;
618
619 my $params = {
620 Listen => 1,
621 ReuseAddr => 1,
622 Proto => &Socket::IPPROTO_TCP,
623 GetAddrInfoFlags => 0,
624 LocalAddr => $ip,
625 LocalPort => $port,
626 };
627 my $socket = IO::Socket::IP->new(%$params) or die "failed to open socket: $!\n";
628
629 print "$ip\n$port\n"; # tell remote where to connect
630 *STDOUT->flush();
631
632 alarm 0;
633 local $SIG{ALRM} = sub { die "timed out waiting for client\n" };
634 alarm 30;
635 my $client = $socket->accept; # Wait for a client
636 alarm 0;
637 close($socket);
638
639 # We want that the command talks over the TCP socket and takes
640 # ownership of it, so that when it closes it the connection is
641 # terminated, so we need to be able to close the socket. So we
642 # can't really use PVE::Tools::run_command().
643 my $pid = fork() // die "fork failed: $!\n";
644 if (!$pid) {
645 POSIX::dup2(fileno($client), 0);
646 POSIX::dup2(fileno($client), 1);
647 close($client);
648 exec {$cmd->[0]} @$cmd or do {
649 warn "exec failed: $!\n";
650 POSIX::_exit(1);
651 };
652 }
653
654 close($client);
655 if (waitpid($pid, 0) != $pid) {
656 kill(15 => $pid); # if we got interrupted terminate the child
657 my $count = 0;
658 while (waitpid($pid, POSIX::WNOHANG) != $pid) {
659 usleep(100000);
660 $count++;
661 kill(9 => $pid), last if $count > 300; # 30 second timeout
662 }
663 }
664 if (my $sig = ($? & 127)) {
665 die "got signal $sig\n";
666 } elsif (my $exitcode = ($? >> 8)) {
667 die "exit code $exitcode\n";
668 }
669
670 return undef;
671 }
672
673 sub split_list {
674 my $listtxt = shift // '';
675
676 return split (/\0/, $listtxt) if $listtxt =~ m/\0/;
677
678 $listtxt =~ s/[,;]/ /g;
679 $listtxt =~ s/^\s+//;
680
681 my @data = split (/\s+/, $listtxt);
682
683 return @data;
684 }
685
686 sub trim {
687 my $txt = shift;
688
689 return $txt if !defined($txt);
690
691 $txt =~ s/^\s+//;
692 $txt =~ s/\s+$//;
693
694 return $txt;
695 }
696
697 # simple uri templates like "/vms/{vmid}"
698 sub template_replace {
699 my ($tmpl, $data) = @_;
700
701 return $tmpl if !$tmpl;
702
703 my $res = '';
704 while ($tmpl =~ m/([^{]+)?(\{([^}]+)\})?/g) {
705 $res .= $1 if $1;
706 $res .= ($data->{$3} || '-') if $2;
707 }
708 return $res;
709 }
710
711 sub safe_print {
712 my ($filename, $fh, $data) = @_;
713
714 return if !$data;
715
716 my $res = print $fh $data;
717
718 die "write to '$filename' failed\n" if !$res;
719 }
720
721 sub debmirrors {
722
723 return {
724 'at' => 'ftp.at.debian.org',
725 'au' => 'ftp.au.debian.org',
726 'be' => 'ftp.be.debian.org',
727 'bg' => 'ftp.bg.debian.org',
728 'br' => 'ftp.br.debian.org',
729 'ca' => 'ftp.ca.debian.org',
730 'ch' => 'ftp.ch.debian.org',
731 'cl' => 'ftp.cl.debian.org',
732 'cz' => 'ftp.cz.debian.org',
733 'de' => 'ftp.de.debian.org',
734 'dk' => 'ftp.dk.debian.org',
735 'ee' => 'ftp.ee.debian.org',
736 'es' => 'ftp.es.debian.org',
737 'fi' => 'ftp.fi.debian.org',
738 'fr' => 'ftp.fr.debian.org',
739 'gr' => 'ftp.gr.debian.org',
740 'hk' => 'ftp.hk.debian.org',
741 'hr' => 'ftp.hr.debian.org',
742 'hu' => 'ftp.hu.debian.org',
743 'ie' => 'ftp.ie.debian.org',
744 'is' => 'ftp.is.debian.org',
745 'it' => 'ftp.it.debian.org',
746 'jp' => 'ftp.jp.debian.org',
747 'kr' => 'ftp.kr.debian.org',
748 'mx' => 'ftp.mx.debian.org',
749 'nl' => 'ftp.nl.debian.org',
750 'no' => 'ftp.no.debian.org',
751 'nz' => 'ftp.nz.debian.org',
752 'pl' => 'ftp.pl.debian.org',
753 'pt' => 'ftp.pt.debian.org',
754 'ro' => 'ftp.ro.debian.org',
755 'ru' => 'ftp.ru.debian.org',
756 'se' => 'ftp.se.debian.org',
757 'si' => 'ftp.si.debian.org',
758 'sk' => 'ftp.sk.debian.org',
759 'tr' => 'ftp.tr.debian.org',
760 'tw' => 'ftp.tw.debian.org',
761 'gb' => 'ftp.uk.debian.org',
762 'us' => 'ftp.us.debian.org',
763 };
764 }
765
766 my $keymaphash = {
767 'dk' => ['Danish', 'da', 'qwerty/dk-latin1.kmap.gz', 'dk', 'nodeadkeys'],
768 'de' => ['German', 'de', 'qwertz/de-latin1-nodeadkeys.kmap.gz', 'de', 'nodeadkeys' ],
769 'de-ch' => ['Swiss-German', 'de-ch', 'qwertz/sg-latin1.kmap.gz', 'ch', 'de_nodeadkeys' ],
770 'en-gb' => ['United Kingdom', 'en-gb', 'qwerty/uk.kmap.gz' , 'gb', undef],
771 'en-us' => ['U.S. English', 'en-us', 'qwerty/us-latin1.kmap.gz', 'us', undef ],
772 'es' => ['Spanish', 'es', 'qwerty/es.kmap.gz', 'es', 'nodeadkeys'],
773 #'et' => [], # Ethopia or Estonia ??
774 'fi' => ['Finnish', 'fi', 'qwerty/fi-latin1.kmap.gz', 'fi', 'nodeadkeys'],
775 #'fo' => ['Faroe Islands', 'fo', ???, 'fo', 'nodeadkeys'],
776 'fr' => ['French', 'fr', 'azerty/fr-latin1.kmap.gz', 'fr', 'nodeadkeys'],
777 'fr-be' => ['Belgium-French', 'fr-be', 'azerty/be2-latin1.kmap.gz', 'be', 'nodeadkeys'],
778 'fr-ca' => ['Canada-French', 'fr-ca', 'qwerty/cf.kmap.gz', 'ca', 'fr-legacy'],
779 'fr-ch' => ['Swiss-French', 'fr-ch', 'qwertz/fr_CH-latin1.kmap.gz', 'ch', 'fr_nodeadkeys'],
780 #'hr' => ['Croatia', 'hr', 'qwertz/croat.kmap.gz', 'hr', ??], # latin2?
781 'hu' => ['Hungarian', 'hu', 'qwertz/hu.kmap.gz', 'hu', undef],
782 'is' => ['Icelandic', 'is', 'qwerty/is-latin1.kmap.gz', 'is', 'nodeadkeys'],
783 'it' => ['Italian', 'it', 'qwerty/it2.kmap.gz', 'it', 'nodeadkeys'],
784 'jp' => ['Japanese', 'ja', 'qwerty/jp106.kmap.gz', 'jp', undef],
785 'lt' => ['Lithuanian', 'lt', 'qwerty/lt.kmap.gz', 'lt', 'std'],
786 #'lv' => ['Latvian', 'lv', 'qwerty/lv-latin4.kmap.gz', 'lv', ??], # latin4 or latin7?
787 'mk' => ['Macedonian', 'mk', 'qwerty/mk.kmap.gz', 'mk', 'nodeadkeys'],
788 'nl' => ['Dutch', 'nl', 'qwerty/nl.kmap.gz', 'nl', undef],
789 #'nl-be' => ['Belgium-Dutch', 'nl-be', ?, ?, ?],
790 'no' => ['Norwegian', 'no', 'qwerty/no-latin1.kmap.gz', 'no', 'nodeadkeys'],
791 'pl' => ['Polish', 'pl', 'qwerty/pl.kmap.gz', 'pl', undef],
792 'pt' => ['Portuguese', 'pt', 'qwerty/pt-latin1.kmap.gz', 'pt', 'nodeadkeys'],
793 'pt-br' => ['Brazil-Portuguese', 'pt-br', 'qwerty/br-latin1.kmap.gz', 'br', 'nodeadkeys'],
794 #'ru' => ['Russian', 'ru', 'qwerty/ru.kmap.gz', 'ru', undef], # don't know?
795 'si' => ['Slovenian', 'sl', 'qwertz/slovene.kmap.gz', 'si', undef],
796 'se' => ['Swedish', 'sv', 'qwerty/se-latin1.kmap.gz', 'se', 'nodeadkeys'],
797 #'th' => [],
798 'tr' => ['Turkish', 'tr', 'qwerty/trq.kmap.gz', 'tr', undef],
799 };
800
801 my $kvmkeymaparray = [];
802 foreach my $lc (sort keys %$keymaphash) {
803 push @$kvmkeymaparray, $keymaphash->{$lc}->[1];
804 }
805
806 sub kvmkeymaps {
807 return $keymaphash;
808 }
809
810 sub kvmkeymaplist {
811 return $kvmkeymaparray;
812 }
813
814 sub extract_param {
815 my ($param, $key) = @_;
816
817 my $res = $param->{$key};
818 delete $param->{$key};
819
820 return $res;
821 }
822
823 # For extracting sensitive keys (e.g. password), to avoid writing them to www-data owned configs
824 sub extract_sensitive_params :prototype($$$) {
825 my ($param, $sensitive_list, $delete_list) = @_;
826
827 my %delete = map { $_ => 1 } ($delete_list || [])->@*;
828
829 my $sensitive = {};
830 for my $opt (@$sensitive_list) {
831 # handle deletions as explicitly setting `undef`, so subs which only have $param but not
832 # $delete_list available can recognize them. Afterwards new values may override.
833 if (exists($delete{$opt})) {
834 $sensitive->{$opt} = undef;
835 }
836
837 if (defined(my $value = extract_param($param, $opt))) {
838 $sensitive->{$opt} = $value;
839 }
840 }
841
842 return $sensitive;
843 }
844
845 # Note: we use this to wait until vncterm/spiceterm is ready
846 sub wait_for_vnc_port {
847 my ($port, $family, $timeout) = @_;
848
849 $timeout = 5 if !$timeout;
850 my $sleeptime = 0;
851 my $starttime = [gettimeofday];
852 my $elapsed;
853
854 my $cmd = ['/bin/ss', '-Htln', "sport = :$port"];
855 push @$cmd, $family == AF_INET6 ? '-6' : '-4' if defined($family);
856
857 my $found;
858 while (($elapsed = tv_interval($starttime)) < $timeout) {
859 # -Htln = don't print header, tcp, listening sockets only, numeric ports
860 run_command($cmd, outfunc => sub {
861 my $line = shift;
862 if ($line =~ m/^LISTEN\s+\d+\s+\d+\s+\S+:(\d+)\s/) {
863 $found = 1 if ($port == $1);
864 }
865 });
866 return 1 if $found;
867 $sleeptime += 100000 if $sleeptime < 1000000;
868 usleep($sleeptime);
869 }
870
871 die "Timeout while waiting for port '$port' to get ready!\n";
872 }
873
874 sub next_unused_port {
875 my ($range_start, $range_end, $family, $address) = @_;
876
877 # We use a file to register allocated ports.
878 # Those registrations expires after $expiretime.
879 # We use this to avoid race conditions between
880 # allocation and use of ports.
881
882 my $filename = "/var/tmp/pve-reserved-ports";
883
884 my $code = sub {
885
886 my $expiretime = 5;
887 my $ctime = time();
888
889 my $ports = {};
890
891 if (my $fh = IO::File->new ($filename, "r")) {
892 while (my $line = <$fh>) {
893 if ($line =~ m/^(\d+)\s(\d+)$/) {
894 my ($port, $timestamp) = ($1, $2);
895 if (($timestamp + $expiretime) > $ctime) {
896 $ports->{$port} = $timestamp; # not expired
897 }
898 }
899 }
900 }
901
902 my $newport;
903 my %sockargs = (Listen => 5,
904 ReuseAddr => 1,
905 Family => $family,
906 Proto => IPPROTO_TCP,
907 GetAddrInfoFlags => 0);
908 $sockargs{LocalAddr} = $address if defined($address);
909
910 for (my $p = $range_start; $p < $range_end; $p++) {
911 next if $ports->{$p}; # reserved
912
913 $sockargs{LocalPort} = $p;
914 my $sock = IO::Socket::IP->new(%sockargs);
915
916 if ($sock) {
917 close($sock);
918 $newport = $p;
919 $ports->{$p} = $ctime;
920 last;
921 }
922 }
923
924 my $data = "";
925 foreach my $p (keys %$ports) {
926 $data .= "$p $ports->{$p}\n";
927 }
928
929 file_set_contents($filename, $data);
930
931 return $newport;
932 };
933
934 my $p = lock_file('/var/lock/pve-ports.lck', 10, $code);
935 die $@ if $@;
936
937 die "unable to find free port (${range_start}-${range_end})\n" if !$p;
938
939 return $p;
940 }
941
942 sub next_migrate_port {
943 my ($family, $address) = @_;
944 return next_unused_port(60000, 60050, $family, $address);
945 }
946
947 sub next_vnc_port {
948 my ($family, $address) = @_;
949 return next_unused_port(5900, 6000, $family, $address);
950 }
951
952 sub spice_port_range {
953 return (61000, 61999);
954 }
955
956 sub next_spice_port {
957 my ($family, $address) = @_;
958 return next_unused_port(spice_port_range(), $family, $address);
959 }
960
961 sub must_stringify {
962 my ($value) = @_;
963 eval { $value = "$value" };
964 return "error turning value into a string: $@" if $@;
965 return $value;
966 }
967
968 # sigkill after $timeout a $sub running in a fork if it can't write a pipe
969 # the $sub has to return a single scalar
970 sub run_fork_with_timeout {
971 my ($timeout, $sub) = @_;
972
973 my $res;
974 my $error;
975 my $pipe_out = IO::Pipe->new();
976
977 # disable pending alarms, save their remaining time
978 my $prev_alarm = alarm 0;
979
980 # avoid leaving a zombie if the parent gets interrupted
981 my $sig_received;
982
983 my $child = fork();
984 if (!defined($child)) {
985 die "fork failed: $!\n";
986 return $res;
987 }
988
989 if (!$child) {
990 $pipe_out->writer();
991
992 eval {
993 $res = $sub->();
994 print {$pipe_out} encode_json({ result => $res });
995 $pipe_out->flush();
996 };
997 if (my $err = $@) {
998 print {$pipe_out} encode_json({ error => must_stringify($err) });
999 $pipe_out->flush();
1000 POSIX::_exit(1);
1001 }
1002 POSIX::_exit(0);
1003 }
1004
1005 local $SIG{INT} = sub { $sig_received++; };
1006 local $SIG{TERM} = sub {
1007 $error //= "interrupted by unexpected signal\n";
1008 kill('TERM', $child);
1009 };
1010
1011 $pipe_out->reader();
1012
1013 my $readvalues = sub {
1014 local $/ = undef;
1015 my $child_res = decode_json(readline_nointr($pipe_out));
1016 $res = $child_res->{result};
1017 $error = $child_res->{error};
1018 };
1019 my $got_timeout = 0;
1020 eval {
1021 if (defined($timeout)) {
1022 (undef, $got_timeout) = run_with_timeout($timeout, $readvalues);
1023 } else {
1024 $readvalues->();
1025 }
1026 };
1027 warn $@ if $@;
1028 $pipe_out->close();
1029 kill('KILL', $child);
1030 # FIXME: hangs if $child doesn't exits?! (D state)
1031 waitpid($child, 0);
1032
1033 alarm $prev_alarm;
1034 die "interrupted by unexpected signal\n" if $sig_received;
1035
1036 die $error if $error;
1037 return wantarray ? ($res, $got_timeout) : $res;
1038 }
1039
1040 sub run_fork {
1041 my ($code) = @_;
1042 return run_fork_with_timeout(undef, $code);
1043 }
1044
1045 # NOTE: NFS syscall can't be interrupted, so alarm does
1046 # not work to provide timeouts.
1047 # from 'man nfs': "Only SIGKILL can interrupt a pending NFS operation"
1048 # So fork() before using Filesys::Df
1049 sub df {
1050 my ($path, $timeout) = @_;
1051
1052 my $df = sub { return Filesys::Df::df($path, 1) };
1053
1054 my $res = eval { run_fork_with_timeout($timeout, $df) } // {};
1055 warn $@ if $@;
1056
1057 # untaint, but be flexible: PB usage can result in scientific notation
1058 my ($blocks, $used, $bavail) = map { defined($_) ? (/^([\d\.e\-+]+)$/) : 0 }
1059 $res->@{qw(blocks used bavail)};
1060
1061 return {
1062 total => $blocks,
1063 used => $used,
1064 avail => $bavail,
1065 };
1066 }
1067
1068 sub du {
1069 my ($path, $timeout) = @_;
1070
1071 my $size;
1072
1073 $timeout //= 10;
1074
1075 my $parser = sub {
1076 my $line = shift;
1077
1078 if ($line =~ m/^(\d+)\s+total$/) {
1079 $size = $1;
1080 }
1081 };
1082
1083 run_command(['du', '-scb', $path], outfunc => $parser, timeout => $timeout);
1084
1085 return $size;
1086 }
1087
1088 # UPID helper
1089 # We use this to uniquely identify a process.
1090 # An 'Unique Process ID' has the following format:
1091 # "UPID:$node:$pid:$pstart:$startime:$dtype:$id:$user"
1092
1093 sub upid_encode {
1094 my $d = shift;
1095
1096 # Note: pstart can be > 32bit if uptime > 497 days, so this can result in
1097 # more that 8 characters for pstart
1098 return sprintf("UPID:%s:%08X:%08X:%08X:%s:%s:%s:", $d->{node}, $d->{pid},
1099 $d->{pstart}, $d->{starttime}, $d->{type}, $d->{id},
1100 $d->{user});
1101 }
1102
1103 sub upid_decode {
1104 my ($upid, $noerr) = @_;
1105
1106 my $res;
1107 my $filename;
1108
1109 # "UPID:$node:$pid:$pstart:$startime:$dtype:$id:$user"
1110 # Note: allow up to 9 characters for pstart (work until 20 years uptime)
1111 if ($upid =~ m/^UPID:([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?):([0-9A-Fa-f]{8}):([0-9A-Fa-f]{8,9}):([0-9A-Fa-f]{8}):([^:\s]+):([^:\s]*):([^:\s]+):$/) {
1112 $res->{node} = $1;
1113 $res->{pid} = hex($3);
1114 $res->{pstart} = hex($4);
1115 $res->{starttime} = hex($5);
1116 $res->{type} = $6;
1117 $res->{id} = $7;
1118 $res->{user} = $8;
1119
1120 my $subdir = substr($5, 7, 8);
1121 $filename = "$pvetaskdir/$subdir/$upid";
1122
1123 } else {
1124 return undef if $noerr;
1125 die "unable to parse worker upid '$upid'\n";
1126 }
1127
1128 return wantarray ? ($res, $filename) : $res;
1129 }
1130
1131 sub upid_open {
1132 my ($upid) = @_;
1133
1134 my ($task, $filename) = upid_decode($upid);
1135
1136 my $dirname = dirname($filename);
1137 make_path($dirname);
1138
1139 my $wwwid = getpwnam('www-data') ||
1140 die "getpwnam failed";
1141
1142 my $perm = 0640;
1143
1144 my $outfh = IO::File->new ($filename, O_WRONLY|O_CREAT|O_EXCL, $perm) ||
1145 die "unable to create output file '$filename' - $!\n";
1146 chown $wwwid, -1, $outfh;
1147
1148 return $outfh;
1149 };
1150
1151 sub upid_read_status {
1152 my ($upid) = @_;
1153
1154 my ($task, $filename) = upid_decode($upid);
1155 my $fh = IO::File->new($filename, "r");
1156 return "unable to open file - $!" if !$fh;
1157 my $maxlen = 4096;
1158 sysseek($fh, -$maxlen, 2);
1159 my $readbuf = '';
1160 my $br = sysread($fh, $readbuf, $maxlen);
1161 close($fh);
1162 if ($br) {
1163 return "unable to extract last line"
1164 if $readbuf !~ m/\n?(.+)$/;
1165 my $line = $1;
1166 if ($line =~ m/^TASK OK$/) {
1167 return 'OK';
1168 } elsif ($line =~ m/^TASK ERROR: (.+)$/) {
1169 return $1;
1170 } elsif ($line =~ m/^TASK (WARNINGS: \d+)$/) {
1171 return $1;
1172 } else {
1173 return "unexpected status";
1174 }
1175 }
1176 return "unable to read tail (got $br bytes)";
1177 }
1178
1179 # Check if the status returned by upid_read_status is an error status.
1180 # If the status could not be parsed it's also treated as an error.
1181 sub upid_status_is_error {
1182 my ($status) = @_;
1183
1184 return !($status eq 'OK' || $status =~ m/^WARNINGS: \d+$/);
1185 }
1186
1187 # takes the parsed status and returns the type, either ok, warning, error or unknown
1188 sub upid_normalize_status_type {
1189 my ($status) = @_;
1190
1191 if (!$status) {
1192 return 'unknown';
1193 } elsif ($status eq 'OK') {
1194 return 'ok';
1195 } elsif ($status =~ m/^WARNINGS: \d+$/) {
1196 return 'warning';
1197 } elsif ($status eq 'unexpected status') {
1198 return 'unknown';
1199 } else {
1200 return 'error';
1201 }
1202 }
1203
1204 # useful functions to store comments in config files
1205 sub encode_text {
1206 my ($text) = @_;
1207
1208 # all control and hi-bit characters, and ':'
1209 my $unsafe = "^\x20-\x39\x3b-\x7e";
1210 return uri_escape(Encode::encode("utf8", $text), $unsafe);
1211 }
1212
1213 sub decode_text {
1214 my ($data) = @_;
1215
1216 return Encode::decode("utf8", uri_unescape($data));
1217 }
1218
1219 # NOTE: deprecated - do not use! we now decode all parameters by default
1220 sub decode_utf8_parameters {
1221 my ($param) = @_;
1222
1223 foreach my $p (qw(comment description firstname lastname)) {
1224 $param->{$p} = decode('utf8', $param->{$p}) if $param->{$p};
1225 }
1226
1227 return $param;
1228 }
1229
1230 sub random_ether_addr {
1231 my ($prefix) = @_;
1232
1233 my ($seconds, $microseconds) = gettimeofday;
1234
1235 my $rand = Digest::SHA::sha1($$, rand(), $seconds, $microseconds);
1236
1237 # clear multicast, set local id
1238 vec($rand, 0, 8) = (vec($rand, 0, 8) & 0xfe) | 2;
1239
1240 my $addr = sprintf("%02X:%02X:%02X:%02X:%02X:%02X", unpack("C6", $rand));
1241 if (defined($prefix)) {
1242 $addr = uc($prefix) . substr($addr, length($prefix));
1243 }
1244 return $addr;
1245 }
1246
1247 sub shellquote {
1248 my $str = shift;
1249
1250 return String::ShellQuote::shell_quote($str);
1251 }
1252
1253 sub cmd2string {
1254 my ($cmd) = @_;
1255
1256 die "no arguments" if !$cmd;
1257
1258 return $cmd if !ref($cmd);
1259
1260 my @qa = ();
1261 foreach my $arg (@$cmd) { push @qa, shellquote($arg); }
1262
1263 return join (' ', @qa);
1264 }
1265
1266 # split an shell argument string into an array,
1267 sub split_args {
1268 my ($str) = @_;
1269
1270 return $str ? [ Text::ParseWords::shellwords($str) ] : [];
1271 }
1272
1273 sub dump_logfile_by_filehandle {
1274 my ($fh, $filter, $state) = @_;
1275
1276 my $count = ($state->{count} //= 0);
1277 my $lines = ($state->{lines} //= []);
1278 my $start = ($state->{start} //= 0);
1279 my $limit = ($state->{limit} //= 50);
1280 my $final = ($state->{final} //= 1);
1281 my $read_until_end = ($state->{read_until_end} //= $limit == 0);
1282
1283 my $line;
1284 if ($filter) {
1285 # duplicate code, so that we do not slow down normal path
1286 while (defined($line = <$fh>)) {
1287 if (ref($filter) eq 'CODE') {
1288 next if !$filter->($line);
1289 } else {
1290 next if $line !~ m/$filter/;
1291 }
1292 next if $count++ < $start;
1293 if (!$read_until_end) {
1294 next if $limit <= 0;
1295 $limit--;
1296 }
1297 chomp $line;
1298 push @$lines, { n => $count, t => $line};
1299 }
1300 } else {
1301 while (defined($line = <$fh>)) {
1302 next if $count++ < $start;
1303 if (!$read_until_end) {
1304 next if $limit <= 0;
1305 $limit--;
1306 }
1307 chomp $line;
1308 push @$lines, { n => $count, t => $line};
1309 }
1310 }
1311
1312 # HACK: ExtJS store.guaranteeRange() does not like empty array
1313 # so we add a line
1314 if (!$count && $final) {
1315 $count++;
1316 push @$lines, { n => $count, t => "no content"};
1317 }
1318
1319 $state->{count} = $count;
1320 $state->{limit} = $limit;
1321 }
1322
1323 sub dump_logfile {
1324 my ($filename, $start, $limit, $filter) = @_;
1325
1326 my $fh = IO::File->new($filename, "r");
1327 if (!$fh) {
1328 return (1, { n => 1, t => "unable to open file - $!"});
1329 }
1330
1331 my %state = (
1332 'count' => 0,
1333 'lines' => [],
1334 'start' => $start,
1335 'limit' => $limit,
1336 );
1337
1338 dump_logfile_by_filehandle($fh, $filter, \%state);
1339
1340 close($fh);
1341
1342 return ($state{'count'}, $state{'lines'});
1343 }
1344
1345 sub dump_journal {
1346 my ($start, $limit, $since, $until, $service) = @_;
1347
1348 my $lines = [];
1349 my $count = 0;
1350
1351 $start = 0 if !$start;
1352 $limit = 50 if !$limit;
1353
1354 my $parser = sub {
1355 my $line = shift;
1356
1357 return if $count++ < $start;
1358 return if $limit <= 0;
1359 push @$lines, { n => int($count), t => $line};
1360 $limit--;
1361 };
1362
1363 my $cmd = ['journalctl', '-o', 'short', '--no-pager'];
1364
1365 push @$cmd, '--unit', $service if $service;
1366 push @$cmd, '--since', $since if $since;
1367 push @$cmd, '--until', $until if $until;
1368 run_command($cmd, outfunc => $parser);
1369
1370 # HACK: ExtJS store.guaranteeRange() does not like empty array
1371 # so we add a line
1372 if (!$count) {
1373 $count++;
1374 push @$lines, { n => $count, t => "no content"};
1375 }
1376
1377 return ($count, $lines);
1378 }
1379
1380 sub dir_glob_regex {
1381 my ($dir, $regex) = @_;
1382
1383 my $dh = IO::Dir->new ($dir);
1384 return wantarray ? () : undef if !$dh;
1385
1386 while (defined(my $tmp = $dh->read)) {
1387 if (my @res = $tmp =~ m/^($regex)$/) {
1388 $dh->close;
1389 return wantarray ? @res : $tmp;
1390 }
1391 }
1392 $dh->close;
1393
1394 return wantarray ? () : undef;
1395 }
1396
1397 sub dir_glob_foreach {
1398 my ($dir, $regex, $func) = @_;
1399
1400 my $dh = IO::Dir->new ($dir);
1401 if (defined $dh) {
1402 while (defined(my $tmp = $dh->read)) {
1403 if (my @res = $tmp =~ m/^($regex)$/) {
1404 &$func (@res);
1405 }
1406 }
1407 }
1408 }
1409
1410 sub assert_if_modified {
1411 my ($digest1, $digest2) = @_;
1412
1413 if ($digest1 && $digest2 && ($digest1 ne $digest2)) {
1414 die "detected modified configuration - file changed by other user? Try again.\n";
1415 }
1416 }
1417
1418 # Digest for short strings
1419 # like FNV32a, but we only return 31 bits (positive numbers)
1420 sub fnv31a {
1421 my ($string) = @_;
1422
1423 my $hval = 0x811c9dc5;
1424
1425 foreach my $c (unpack('C*', $string)) {
1426 $hval ^= $c;
1427 $hval += (
1428 (($hval << 1) ) +
1429 (($hval << 4) ) +
1430 (($hval << 7) ) +
1431 (($hval << 8) ) +
1432 (($hval << 24) ) );
1433 $hval = $hval & 0xffffffff;
1434 }
1435 return $hval & 0x7fffffff;
1436 }
1437
1438 sub fnv31a_hex { return sprintf("%X", fnv31a(@_)); }
1439
1440 sub unpack_sockaddr_in46 {
1441 my ($sin) = @_;
1442 my $family = Socket::sockaddr_family($sin);
1443 my ($port, $host) = ($family == AF_INET6 ? Socket::unpack_sockaddr_in6($sin)
1444 : Socket::unpack_sockaddr_in($sin));
1445 return ($family, $port, $host);
1446 }
1447
1448 sub getaddrinfo_all {
1449 my ($hostname, @opts) = @_;
1450 my %hints = (
1451 flags => AI_V4MAPPED | AI_ALL,
1452 @opts,
1453 );
1454 my ($err, @res) = Socket::getaddrinfo($hostname, '0', \%hints);
1455 die "failed to get address info for: $hostname: $err\n" if $err;
1456 return @res;
1457 }
1458
1459 sub get_host_address_family {
1460 my ($hostname, $socktype) = @_;
1461 my @res = getaddrinfo_all($hostname, socktype => $socktype);
1462 return $res[0]->{family};
1463 }
1464
1465 # get the fully qualified domain name of a host
1466 # same logic as hostname(1): The FQDN is the name getaddrinfo(3) returns,
1467 # given a nodename as a parameter
1468 sub get_fqdn {
1469 my ($nodename) = @_;
1470
1471 my $hints = {
1472 flags => AI_CANONNAME,
1473 socktype => SOCK_DGRAM
1474 };
1475
1476 my ($err, @addrs) = Socket::getaddrinfo($nodename, undef, $hints);
1477
1478 die "getaddrinfo: $err" if $err;
1479
1480 return $addrs[0]->{canonname};
1481 }
1482
1483 # Parses any sane kind of host, or host+port pair:
1484 # The port is always optional and thus may be undef.
1485 sub parse_host_and_port {
1486 my ($address) = @_;
1487 if ($address =~ /^($IPV4RE|[[:alnum:]\-.]+)(?::(\d+))?$/ || # ipv4 or host with optional ':port'
1488 $address =~ /^\[($IPV6RE|$IPV4RE|[[:alnum:]\-.]+)\](?::(\d+))?$/ || # anything in brackets with optional ':port'
1489 $address =~ /^($IPV6RE)(?:\.(\d+))?$/) # ipv6 with optional port separated by dot
1490 {
1491 return ($1, $2, 1); # end with 1 to support simple if(parse...) tests
1492 }
1493 return; # nothing
1494 }
1495
1496 sub setresuid($$$) {
1497 my ($ruid, $euid, $suid) = @_;
1498 return 0 == syscall(PVE::Syscall::setresuid, int($ruid), int($euid), int($suid));
1499 }
1500
1501 sub unshare($) {
1502 my ($flags) = @_;
1503 return 0 == syscall(PVE::Syscall::unshare, int($flags));
1504 }
1505
1506 sub setns($$) {
1507 my ($fileno, $nstype) = @_;
1508 return 0 == syscall(PVE::Syscall::setns, int($fileno), int($nstype));
1509 }
1510
1511 sub syncfs($) {
1512 my ($fileno) = @_;
1513 return 0 == syscall(PVE::Syscall::syncfs, int($fileno));
1514 }
1515
1516 sub fsync($) {
1517 my ($fileno) = @_;
1518 return 0 == syscall(PVE::Syscall::fsync, int($fileno));
1519 }
1520
1521 sub renameat2($$$$$) {
1522 my ($olddirfd, $oldpath, $newdirfd, $newpath, $flags) = @_;
1523 return 0 == syscall(
1524 PVE::Syscall::renameat2,
1525 int($olddirfd),
1526 $oldpath,
1527 int($newdirfd),
1528 $newpath,
1529 int($flags),
1530 );
1531 }
1532
1533 sub sync_mountpoint {
1534 my ($path) = @_;
1535 sysopen my $fd, $path, O_RDONLY|O_CLOEXEC or die "failed to open $path: $!\n";
1536 my $syncfs_err;
1537 if (!syncfs(fileno($fd))) {
1538 $syncfs_err = "$!";
1539 }
1540 close($fd);
1541 die "syncfs '$path' failed - $syncfs_err\n" if defined $syncfs_err;
1542 }
1543
1544 my sub check_mail_addr {
1545 my ($addr) = @_;
1546 die "'$addr' does not look like a valid email address or username\n"
1547 if $addr !~ /^$EMAIL_RE$/ && $addr !~ /^$EMAIL_USER_RE$/;
1548 }
1549
1550 # support sending multi-part mail messages with a text and or a HTML part
1551 # mailto may be a single email string or an array of receivers
1552 sub sendmail {
1553 my ($mailto, $subject, $text, $html, $mailfrom, $author) = @_;
1554
1555 $mailto = [ $mailto ] if !ref($mailto);
1556
1557 check_mail_addr($_) for $mailto->@*;
1558 my $to_quoted = [ map { shellquote($_) } $mailto->@* ];
1559
1560 $mailfrom = $mailfrom || "root";
1561 check_mail_addr($mailfrom);
1562 my $from_quoted = shellquote($mailfrom);
1563
1564 $author = $author // 'Proxmox VE';
1565
1566 open (my $mail, "|-", "sendmail", "-B", "8BITMIME", "-f", $from_quoted, "--", $to_quoted->@*)
1567 or die "unable to open 'sendmail' - $!";
1568
1569 my $is_multipart = $text && $html;
1570 my $boundary = "----_=_NextPart_001_" . int(time()) . $$; # multipart spec, see rfc 1521
1571
1572 $subject = Encode::encode('MIME-Header', $subject) if $subject =~ /[^[:ascii:]]/;
1573
1574 print $mail "MIME-Version: 1.0\n" if $subject =~ /[^[:ascii:]]/ || $is_multipart;
1575
1576 print $mail "From: $author <$mailfrom>\n";
1577 print $mail "To: " . join(', ', @$mailto) ."\n";
1578 print $mail "Date: " . time2str('%a, %d %b %Y %H:%M:%S %z', time()) . "\n";
1579 print $mail "Subject: $subject\n";
1580
1581 if ($is_multipart) {
1582 print $mail "Content-Type: multipart/alternative;\n";
1583 print $mail "\tboundary=\"$boundary\"\n";
1584 print $mail "\n";
1585 print $mail "This is a multi-part message in MIME format.\n\n";
1586 print $mail "--$boundary\n";
1587 }
1588
1589 if (defined($text)) {
1590 print $mail "Content-Type: text/plain;\n";
1591 print $mail "\tcharset=\"UTF-8\"\n";
1592 print $mail "Content-Transfer-Encoding: 8bit\n";
1593 print $mail "\n";
1594
1595 # avoid 'remove extra line breaks' issue (MS Outlook)
1596 my $fill = ' ';
1597 $text =~ s/^/$fill/gm;
1598
1599 print $mail $text;
1600
1601 print $mail "\n--$boundary\n" if $is_multipart;
1602 }
1603
1604 if (defined($html)) {
1605 print $mail "Content-Type: text/html;\n";
1606 print $mail "\tcharset=\"UTF-8\"\n";
1607 print $mail "Content-Transfer-Encoding: 8bit\n";
1608 print $mail "\n";
1609
1610 print $mail $html;
1611
1612 print $mail "\n--$boundary--\n" if $is_multipart;
1613 }
1614
1615 close($mail);
1616 }
1617
1618 # creates a temporary file that does not shows up on the file system hierarchy.
1619 #
1620 # Uses O_TMPFILE if available, which makes it just an anon inode that never shows up in the FS.
1621 # If O_TMPFILE is not available, which unlikely nowadays (added in 3.11 kernel and all FS relevant
1622 # for us support it) back to open-create + immediate unlink while still holding the file handle.
1623 #
1624 # TODO: to avoid FS dependent features we could (transparently) switch to memfd_create as backend
1625 sub tempfile {
1626 my ($perm, %opts) = @_;
1627
1628 # default permissions are stricter than with file_set_contents
1629 $perm = 0600 if !defined($perm);
1630
1631 my $dir = $opts{dir};
1632 if (!$dir) {
1633 if (-d "/run/user/$<") {
1634 $dir = "/run/user/$<";
1635 } elsif ($< == 0) {
1636 $dir = "/run";
1637 } else {
1638 $dir = "/tmp";
1639 }
1640 }
1641 my $mode = $opts{mode} // O_RDWR;
1642 $mode |= O_EXCL if !$opts{allow_links};
1643
1644 my $fh = IO::File->new($dir, $mode | O_TMPFILE, $perm);
1645 if (!$fh && $! == EOPNOTSUPP) {
1646 $dir = '/tmp' if !defined($opts{dir});
1647 $dir .= "/.tmpfile.$$";
1648 $fh = IO::File->new($dir, $mode | O_CREAT | O_EXCL, $perm);
1649 unlink($dir) if $fh;
1650 }
1651 die "failed to create tempfile: $!\n" if !$fh;
1652 return $fh;
1653 }
1654
1655 # create an (ideally) anon file with the $data as content and return its FD-path and FH
1656 sub tempfile_contents {
1657 my ($data, $perm, %opts) = @_;
1658
1659 my $fh = tempfile($perm, %opts);
1660 eval {
1661 die "unable to write to tempfile: $!\n" if !print {$fh} $data;
1662 die "unable to flush to tempfile: $!\n" if !defined($fh->flush());
1663 };
1664 if (my $err = $@) {
1665 close $fh;
1666 die $err;
1667 }
1668
1669 return ("/proc/$$/fd/".$fh->fileno, $fh);
1670 }
1671
1672 sub validate_ssh_public_keys {
1673 my ($raw) = @_;
1674 my @lines = split(/\n/, $raw);
1675
1676 foreach my $line (@lines) {
1677 next if $line =~ m/^\s*$/;
1678 eval {
1679 my ($filename, $handle) = tempfile_contents($line);
1680 run_command(["ssh-keygen", "-l", "-f", $filename],
1681 outfunc => sub {}, errfunc => sub {});
1682 };
1683 die "SSH public key validation error\n" if $@;
1684 }
1685 }
1686
1687 sub openat($$$;$) {
1688 my ($dirfd, $pathname, $flags, $mode) = @_;
1689 $dirfd = int($dirfd);
1690 $flags = int($flags);
1691 $mode = int($mode // 0);
1692
1693 my $fd = syscall(PVE::Syscall::openat, $dirfd, $pathname, $flags, $mode);
1694 return undef if $fd < 0;
1695 # sysopen() doesn't deal with numeric file descriptors apparently
1696 # so we need to convert to a mode string for IO::Handle->new_from_fd
1697 my $flagstr = ($flags & O_RDWR) ? 'rw' : ($flags & O_WRONLY) ? 'w' : 'r';
1698 my $handle = IO::Handle->new_from_fd($fd, $flagstr);
1699 return $handle if $handle;
1700 my $err = $!; # save error before closing the raw fd
1701 syscall(PVE::Syscall::close, $fd); # close
1702 $! = $err;
1703 return undef;
1704 }
1705
1706 sub mkdirat($$$) {
1707 my ($dirfd, $name, $mode) = @_;
1708 return syscall(PVE::Syscall::mkdirat, int($dirfd), $name, int($mode)) == 0;
1709 }
1710
1711 sub fchownat($$$$$) {
1712 my ($dirfd, $pathname, $owner, $group, $flags) = @_;
1713 return syscall(
1714 PVE::Syscall::fchownat,
1715 int($dirfd),
1716 $pathname,
1717 int($owner),
1718 int($group),
1719 int($flags),
1720 ) == 0;
1721 }
1722
1723 my $salt_starter = time();
1724
1725 sub encrypt_pw {
1726 my ($pw) = @_;
1727
1728 $salt_starter++;
1729 my $salt = substr(Digest::SHA::sha1_base64(time() + $salt_starter + $$), 0, 8);
1730
1731 # crypt does not want '+' in salt (see 'man crypt')
1732 $salt =~ s/\+/X/g;
1733
1734 return crypt(encode("utf8", $pw), "\$5\$$salt\$");
1735 }
1736
1737 # intended usage: convert_size($val, "kb" => "gb")
1738 # we round up to the next integer by default
1739 # E.g. `convert_size(1023, "b" => "kb")` returns 1
1740 # use $no_round_up to switch this off, above example would then return 0
1741 # this is also true for converting down e.g. 0.0005 gb to mb returns 1
1742 # (0 if $no_round_up is true)
1743 # allowed formats for value:
1744 # 1234
1745 # 1234.
1746 # 1234.1234
1747 # .1234
1748 sub convert_size {
1749 my ($value, $from, $to, $no_round_up) = @_;
1750
1751 my $units = {
1752 b => 0,
1753 kb => 1,
1754 mb => 2,
1755 gb => 3,
1756 tb => 4,
1757 pb => 5,
1758 };
1759
1760 die "no value given"
1761 if !defined($value) || $value eq "";
1762
1763 $from = lc($from // ''); $to = lc($to // '');
1764 die "unknown 'from' and/or 'to' units ($from => $to)"
1765 if !defined($units->{$from}) || !defined($units->{$to});
1766
1767 die "value '$value' is not a valid, positive number"
1768 if $value !~ m/^(?:[0-9]+\.?[0-9]*|[0-9]*\.[0-9]+)$/;
1769
1770 my $shift_amount = ($units->{$from} - $units->{$to}) * 10;
1771
1772 $value *= 2**$shift_amount;
1773 $value++ if !$no_round_up && ($value - int($value)) > 0.0;
1774
1775 return int($value);
1776 }
1777
1778 # uninterruptible readline
1779 # retries on EINTR
1780 sub readline_nointr {
1781 my ($fh) = @_;
1782 my $line;
1783 while (1) {
1784 $line = <$fh>;
1785 last if defined($line) || ($! != EINTR);
1786 }
1787 return $line;
1788 }
1789
1790 my $host_arch;
1791 sub get_host_arch {
1792 $host_arch = (POSIX::uname())[4] if !$host_arch;
1793 return $host_arch;
1794 }
1795
1796 # Devices are: [ (12 bits minor) (12 bits major) (8 bits minor) ]
1797 sub dev_t_major($) {
1798 my ($dev_t) = @_;
1799 return (int($dev_t) & 0xfff00) >> 8;
1800 }
1801
1802 sub dev_t_minor($) {
1803 my ($dev_t) = @_;
1804 $dev_t = int($dev_t);
1805 return (($dev_t >> 12) & 0xfff00) | ($dev_t & 0xff);
1806 }
1807
1808 # Given an array of array refs [ \[a b c], \[a b b], \[e b a] ]
1809 # Returns the intersection of elements as a single array [a b]
1810 sub array_intersect {
1811 my ($arrays) = @_;
1812
1813 if (!ref($arrays->[0])) {
1814 $arrays = [ grep { ref($_) eq 'ARRAY' } @_ ];
1815 }
1816
1817 return [] if scalar(@$arrays) == 0;
1818 return $arrays->[0] if scalar(@$arrays) == 1;
1819
1820 my $array_unique = sub {
1821 my %seen = ();
1822 return grep { ! $seen{ $_ }++ } @_;
1823 };
1824
1825 # base idea is to get all unique members from the first array, then
1826 # check the common elements with the next (uniquely made) one, only keep
1827 # those. Repeat for every array and at the end we only have those left
1828 # which exist in all arrays
1829 my $return_arr = [ $array_unique->(@{$arrays->[0]}) ];
1830 for my $i (1 .. $#$arrays) {
1831 my %count = ();
1832 # $return_arr is already unique, explicit at before the loop, implicit below.
1833 foreach my $element (@$return_arr, $array_unique->(@{$arrays->[$i]})) {
1834 $count{$element}++;
1835 }
1836 $return_arr = [];
1837 foreach my $element (keys %count) {
1838 push @$return_arr, $element if $count{$element} > 1;
1839 }
1840 last if scalar(@$return_arr) == 0; # empty intersection, early exit
1841 }
1842
1843 return $return_arr;
1844 }
1845
1846 sub open_tree($$$) {
1847 my ($dfd, $pathname, $flags) = @_;
1848 return PVE::Syscall::file_handle_result(syscall(
1849 &PVE::Syscall::open_tree,
1850 int($dfd),
1851 $pathname,
1852 int($flags),
1853 ));
1854 }
1855
1856 sub move_mount($$$$$) {
1857 my ($from_dirfd, $from_pathname, $to_dirfd, $to_pathname, $flags) = @_;
1858 return 0 == syscall(
1859 &PVE::Syscall::move_mount,
1860 int($from_dirfd),
1861 $from_pathname,
1862 int($to_dirfd),
1863 $to_pathname,
1864 int($flags),
1865 );
1866 }
1867
1868 sub fsopen($$) {
1869 my ($fsname, $flags) = @_;
1870 return PVE::Syscall::file_handle_result(syscall(&PVE::Syscall::fsopen, $fsname, int($flags)));
1871 }
1872
1873 sub fsmount($$$) {
1874 my ($fd, $flags, $mount_attrs) = @_;
1875 return PVE::Syscall::file_handle_result(syscall(
1876 &PVE::Syscall::fsmount,
1877 int($fd),
1878 int($flags),
1879 int($mount_attrs),
1880 ));
1881 }
1882
1883 sub fspick($$$) {
1884 my ($dirfd, $pathname, $flags) = @_;
1885 return PVE::Syscall::file_handle_result(syscall(
1886 &PVE::Syscall::fspick,
1887 int($dirfd),
1888 $pathname,
1889 int($flags),
1890 ));
1891 }
1892
1893 sub fsconfig($$$$$) {
1894 my ($fd, $command, $key, $value, $aux) = @_;
1895 return 0 == syscall(
1896 &PVE::Syscall::fsconfig,
1897 int($fd),
1898 int($command),
1899 $key,
1900 $value,
1901 int($aux),
1902 );
1903 }
1904
1905 # "raw" mount, old api, not for generic use (as it does not invoke any helpers).
1906 # use for lower level stuff such as bind/remount/... or simple tmpfs mounts
1907 sub mount($$$$$) {
1908 my ($source, $target, $filesystemtype, $mountflags, $data) = @_;
1909 return 0 == syscall(
1910 &PVE::Syscall::mount,
1911 $source,
1912 $target,
1913 $filesystemtype,
1914 int($mountflags),
1915 $data,
1916 );
1917 }
1918
1919 # size is optional and defaults to 256, note that xattr limits are FS specific and that xattrs can
1920 # get arbitrary long. pass `0` for $size in array context to get the actual size of a value
1921 sub getxattr($$;$) {
1922 my ($path_or_handle, $name, $size) = @_;
1923 $size //= 256;
1924 my $buf = pack("x${size}");
1925
1926 my $xattr_size = -1; # the actual size of the xattr, can be zero
1927 if (defined(my $fd = fileno($path_or_handle))) {
1928 $xattr_size = syscall(&PVE::Syscall::fgetxattr, $fd, $name, $buf, int($size));
1929 } else {
1930 $xattr_size = syscall(&PVE::Syscall::getxattr, $path_or_handle, $name, $buf, int($size));
1931 }
1932 if ($xattr_size < 0) {
1933 return undef;
1934 }
1935 $buf = substr($buf, 0, $xattr_size);
1936 return wantarray ? ($buf, $xattr_size) : $buf;
1937 }
1938
1939 # NOTE: can take either a path or an open file handle, i.e., its multiplexing setxattr and fsetxattr
1940 sub setxattr($$$;$) {
1941 my ($path_or_handle, $name, $value, $flags) = @_;
1942 my $size = length($value); # NOTE: seems to get correct length also for wide-characters in text..
1943
1944 if (defined(my $fd = fileno($path_or_handle))) {
1945 return 0 == syscall(
1946 &PVE::Syscall::fsetxattr,
1947 $fd,
1948 $name,
1949 $value,
1950 int($size),
1951 int($flags // 0),
1952 );
1953 } else {
1954 return 0 == syscall(
1955 &PVE::Syscall::setxattr,
1956 $path_or_handle,
1957 $name,
1958 $value,
1959 int($size),
1960 int($flags // 0),
1961 );
1962 }
1963 }
1964
1965 sub safe_compare {
1966 my ($left, $right, $cmp) = @_;
1967
1968 return 0 if !defined($left) && !defined($right);
1969 return -1 if !defined($left);
1970 return 1 if !defined($right);
1971 return $cmp->($left, $right);
1972 }
1973
1974
1975 # opts is a hash ref with the following known properties
1976 # allow_overwrite - if 1, overwriting existing files is allowed, use with care. Default to false
1977 # hash_required - if 1, at least one checksum has to be specified otherwise an error will be thrown
1978 # http_proxy
1979 # https_proxy
1980 # verify_certificates - if 0 (false) we tell wget to ignore untrusted TLS certs. Default to true
1981 # md5sum|sha(1|224|256|384|512)sum - the respective expected checksum string
1982 sub download_file_from_url {
1983 my ($dest, $url, $opts) = @_;
1984
1985 my ($checksum_algorithm, $checksum_expected);
1986 for ('sha512', 'sha384', 'sha256', 'sha224', 'sha1', 'md5') {
1987 if (defined($opts->{"${_}sum"})) {
1988 $checksum_algorithm = $_;
1989 $checksum_expected = $opts->{"${_}sum"};
1990 last;
1991 }
1992 }
1993 die "checksum required but not specified\n" if ($opts->{hash_required} && !$checksum_algorithm);
1994
1995 print "downloading $url to $dest\n";
1996
1997 if (-f $dest) {
1998 if ($checksum_algorithm) {
1999 print "calculating checksum of existing file...";
2000 my $checksum_got = get_file_hash($checksum_algorithm, $dest);
2001
2002 if (lc($checksum_got) eq lc($checksum_expected)) {
2003 print "OK, got correct file already, no need to download\n";
2004 return;
2005 } elsif ($opts->{allow_overwrite}) {
2006 print "checksum mismatch: got '$checksum_got' != expect '$checksum_expected', re-download\n";
2007 } else {
2008 print "\n"; # the front end expects the error to reside at the last line without any noise
2009 die "checksum mismatch: got '$checksum_got' != expect '$checksum_expected', aborting\n";
2010 }
2011 } elsif (!$opts->{allow_overwrite}) {
2012 die "refusing to override existing file '$dest'\n";
2013 }
2014 }
2015
2016 my $tmp_download = "$dest.tmp_dwnl.$$";
2017 my $tmp_decomp = "$dest.tmp_dcom.$$";
2018 eval {
2019 local $SIG{INT} = sub {
2020 unlink $tmp_download or warn "could not cleanup temporary file: $!";
2021 unlink $tmp_decomp or warn "could not cleanup temporary file: $!"
2022 if $opts->{decompression_command};
2023 die "got interrupted by signal\n";
2024 };
2025
2026 { # limit the scope of the ENV change
2027 local %ENV;
2028 if ($opts->{http_proxy}) {
2029 $ENV{http_proxy} = $opts->{http_proxy};
2030 }
2031 if ($opts->{https_proxy}) {
2032 $ENV{https_proxy} = $opts->{https_proxy};
2033 }
2034
2035 my $cmd = ['wget', '--progress=dot:giga', '-O', $tmp_download, $url];
2036
2037 if (!($opts->{verify_certificates} // 1)) { # default to true
2038 push @$cmd, '--no-check-certificate';
2039 }
2040
2041 run_command($cmd, errmsg => "download failed");
2042 }
2043
2044 if ($checksum_algorithm) {
2045 print "calculating checksum...";
2046
2047 my $checksum_got = get_file_hash($checksum_algorithm, $tmp_download);
2048
2049 if (lc($checksum_got) eq lc($checksum_expected)) {
2050 print "OK, checksum verified\n";
2051 } else {
2052 print "\n"; # the front end expects the error to reside at the last line without any noise
2053 die "checksum mismatch: got '$checksum_got' != expect '$checksum_expected'\n";
2054 }
2055 }
2056
2057 if (my $cmd = $opts->{decompression_command}) {
2058 push @$cmd, $tmp_download;
2059 my $fh;
2060 if (!open($fh, ">", "$tmp_decomp")) {
2061 die "cant open temporary file $tmp_decomp for decompresson: $!\n";
2062 }
2063 print "decompressing $tmp_download to $tmp_decomp\n";
2064 eval { run_command($cmd, output => '>&'.fileno($fh)); };
2065 my $err = $@;
2066 unlink $tmp_download;
2067 die "$err\n" if $err;
2068 rename($tmp_decomp, $dest) or die "unable to rename temporary file: $!\n";
2069 } else {
2070 rename($tmp_download, $dest) or die "unable to rename temporary file: $!\n";
2071 }
2072 };
2073 if (my $err = $@) {
2074 unlink $tmp_download or warn "could not cleanup temporary file: $!";
2075 unlink $tmp_decomp or warn "could not cleanup temporary file: $!"
2076 if $opts->{decompression_command};
2077 die $err;
2078 }
2079
2080 print "download of '$url' to '$dest' finished\n";
2081 }
2082
2083 sub get_file_hash {
2084 my ($algorithm, $filename) = @_;
2085
2086 my $algorithm_map = {
2087 'md5' => sub { Digest::MD5->new },
2088 'sha1' => sub { Digest::SHA->new(1) },
2089 'sha224' => sub { Digest::SHA->new(224) },
2090 'sha256' => sub { Digest::SHA->new(256) },
2091 'sha384' => sub { Digest::SHA->new(384) },
2092 'sha512' => sub { Digest::SHA->new(512) },
2093 };
2094
2095 my $digester = $algorithm_map->{$algorithm}->() or die "unknown algorithm '$algorithm'\n";
2096
2097 open(my $fh, '<', $filename) or die "unable to open '$filename': $!\n";
2098 binmode($fh);
2099
2100 my $digest = $digester->addfile($fh)->hexdigest;
2101
2102 return lc($digest);
2103 }
2104
2105 1;
Common code