diff options
Diffstat (limited to 'src/libostree/ostree-bootloader-zipl.c')
| -rw-r--r-- | src/libostree/ostree-bootloader-zipl.c | 240 |
1 files changed, 116 insertions, 124 deletions
diff --git a/src/libostree/ostree-bootloader-zipl.c b/src/libostree/ostree-bootloader-zipl.c index c9ca4219..4ff093ff 100644 --- a/src/libostree/ostree-bootloader-zipl.c +++ b/src/libostree/ostree-bootloader-zipl.c @@ -17,24 +17,24 @@ #include "config.h" -#include "ostree-sysroot-private.h" #include "ostree-bootloader-zipl.h" #include "ostree-deployment-private.h" #include "ostree-libarchive-private.h" +#include "ostree-sysroot-private.h" #include "otutil.h" +#include <string.h> #include <sys/mount.h> #include <sys/stat.h> -#include <string.h> -#define SECURE_EXECUTION_SYSFS_FLAG "/sys/firmware/uv/prot_virt_guest" -#define SECURE_EXECUTION_PARTITION "/dev/disk/by-label/se" -#define SECURE_EXECUTION_MOUNTPOINT "/sysroot/se" -#define SECURE_EXECUTION_BOOT_IMAGE SECURE_EXECUTION_MOUNTPOINT "/sdboot" -#define SECURE_EXECUTION_HOSTKEY_PATH "/etc/se-hostkeys/" +#define SECURE_EXECUTION_SYSFS_FLAG "/sys/firmware/uv/prot_virt_guest" +#define SECURE_EXECUTION_PARTITION "/dev/disk/by-label/se" +#define SECURE_EXECUTION_MOUNTPOINT "/sysroot/se" +#define SECURE_EXECUTION_BOOT_IMAGE SECURE_EXECUTION_MOUNTPOINT "/sdboot" +#define SECURE_EXECUTION_HOSTKEY_PATH "/etc/se-hostkeys/" #define SECURE_EXECUTION_HOSTKEY_PREFIX "ibm-z-hostkey" -#define SECURE_EXECUTION_LUKS_ROOT_KEY "/etc/luks/root" -#define SECURE_EXECUTION_LUKS_BOOT_KEY "/etc/luks/boot" -#define SECURE_EXECUTION_LUKS_CONFIG "/etc/crypttab" +#define SECURE_EXECUTION_LUKS_ROOT_KEY "/etc/luks/root" +#define SECURE_EXECUTION_LUKS_BOOT_KEY "/etc/luks/boot" +#define SECURE_EXECUTION_LUKS_CONFIG "/etc/crypttab" #if !(defined HAVE_LIBARCHIVE) && defined(__s390x__) #error libarchive is required for s390x @@ -47,22 +47,21 @@ static const char zipl_requires_execute_path[] = "boot/ostree-bootloader-update. struct _OstreeBootloaderZipl { - GObject parent_instance; + GObject parent_instance; - OstreeSysroot *sysroot; + OstreeSysroot *sysroot; }; typedef GObjectClass OstreeBootloaderZiplClass; static void _ostree_bootloader_zipl_bootloader_iface_init (OstreeBootloaderInterface *iface); G_DEFINE_TYPE_WITH_CODE (OstreeBootloaderZipl, _ostree_bootloader_zipl, G_TYPE_OBJECT, - G_IMPLEMENT_INTERFACE (OSTREE_TYPE_BOOTLOADER, _ostree_bootloader_zipl_bootloader_iface_init)); + G_IMPLEMENT_INTERFACE (OSTREE_TYPE_BOOTLOADER, + _ostree_bootloader_zipl_bootloader_iface_init)); static gboolean -_ostree_bootloader_zipl_query (OstreeBootloader *bootloader, - gboolean *out_is_active, - GCancellable *cancellable, - GError **error) +_ostree_bootloader_zipl_query (OstreeBootloader *bootloader, gboolean *out_is_active, + GCancellable *cancellable, GError **error) { /* We don't auto-detect this one; should be explicitly chosen right now. * see also https://github.com/coreos/coreos-assembler/pull/849 @@ -78,18 +77,18 @@ _ostree_bootloader_zipl_get_name (OstreeBootloader *bootloader) } static gboolean -_ostree_secure_execution_mount(GError **error) +_ostree_secure_execution_mount (GError **error) { const char *device = realpath (SECURE_EXECUTION_PARTITION, NULL); if (device == NULL) - return glnx_throw_errno_prefix(error, "s390x SE: resolving %s", SECURE_EXECUTION_PARTITION); + return glnx_throw_errno_prefix (error, "s390x SE: resolving %s", SECURE_EXECUTION_PARTITION); if (mount (device, SECURE_EXECUTION_MOUNTPOINT, "ext4", 0, NULL) < 0) return glnx_throw_errno_prefix (error, "s390x SE: Mounting %s", device); return TRUE; } static gboolean -_ostree_secure_execution_umount(GError **error) +_ostree_secure_execution_umount (GError **error) { if (umount (SECURE_EXECUTION_MOUNTPOINT) < 0) return glnx_throw_errno_prefix (error, "s390x SE: Unmounting %s", SECURE_EXECUTION_MOUNTPOINT); @@ -97,33 +96,31 @@ _ostree_secure_execution_umount(GError **error) } static gboolean -_ostree_bootloader_zipl_write_config (OstreeBootloader *bootloader, - int bootversion, - GPtrArray *new_deployments, - GCancellable *cancellable, - GError **error) +_ostree_bootloader_zipl_write_config (OstreeBootloader *bootloader, int bootversion, + GPtrArray *new_deployments, GCancellable *cancellable, + GError **error) { OstreeBootloaderZipl *self = OSTREE_BOOTLOADER_ZIPL (bootloader); /* Write our stamp file */ if (!glnx_file_replace_contents_at (self->sysroot->sysroot_fd, zipl_requires_execute_path, - (guint8*)"", 0, GLNX_FILE_REPLACE_NODATASYNC, - cancellable, error)) + (guint8 *)"", 0, GLNX_FILE_REPLACE_NODATASYNC, cancellable, + error)) return FALSE; return TRUE; } -static gboolean _ostree_secure_execution_is_enabled (gboolean *out_enabled, - GCancellable *cancellable, - GError **error) +static gboolean +_ostree_secure_execution_is_enabled (gboolean *out_enabled, GCancellable *cancellable, + GError **error) { *out_enabled = FALSE; glnx_autofd int fd = -1; if (!ot_openat_ignore_enoent (AT_FDCWD, SECURE_EXECUTION_SYSFS_FLAG, &fd, error)) return FALSE; if (fd == -1) - return TRUE; //ENOENT --> SecureExecution is disabled + return TRUE; // ENOENT --> SecureExecution is disabled g_autofree char *data = glnx_fd_readall_utf8 (fd, NULL, cancellable, error); if (!data) return FALSE; @@ -132,15 +129,15 @@ static gboolean _ostree_secure_execution_is_enabled (gboolean *out_enabled, } static gboolean -_ostree_secure_execution_get_keys (GPtrArray **keys, - GCancellable *cancellable, - GError **error) +_ostree_secure_execution_get_keys (GPtrArray **keys, GCancellable *cancellable, GError **error) { - g_auto (GLnxDirFdIterator) it = { 0,}; - if ( !glnx_dirfd_iterator_init_at (-1, SECURE_EXECUTION_HOSTKEY_PATH, TRUE, &it, error)) + g_auto (GLnxDirFdIterator) it = { + 0, + }; + if (!glnx_dirfd_iterator_init_at (-1, SECURE_EXECUTION_HOSTKEY_PATH, TRUE, &it, error)) return glnx_prefix_error (error, "s390x SE: looking for SE keys"); - g_autoptr(GPtrArray) ret_keys = g_ptr_array_new_with_free_func (g_free); + g_autoptr (GPtrArray) ret_keys = g_ptr_array_new_with_free_func (g_free); while (TRUE) { struct dirent *dent = NULL; @@ -151,7 +148,8 @@ _ostree_secure_execution_get_keys (GPtrArray **keys, break; if (g_str_has_prefix (dent->d_name, SECURE_EXECUTION_HOSTKEY_PREFIX)) - g_ptr_array_add (ret_keys, g_build_filename (SECURE_EXECUTION_HOSTKEY_PATH, dent->d_name, NULL)); + g_ptr_array_add (ret_keys, + g_build_filename (SECURE_EXECUTION_HOSTKEY_PATH, dent->d_name, NULL)); } *keys = g_steal_pointer (&ret_keys); @@ -159,22 +157,19 @@ _ostree_secure_execution_get_keys (GPtrArray **keys, } static gboolean -_ostree_secure_execution_get_bls_config (OstreeBootloaderZipl *self, - int bootversion, - gchar **vmlinuz, - gchar **initramfs, - gchar **options, - GCancellable *cancellable, - GError **error) +_ostree_secure_execution_get_bls_config (OstreeBootloaderZipl *self, int bootversion, + gchar **vmlinuz, gchar **initramfs, gchar **options, + GCancellable *cancellable, GError **error) { g_autoptr (GPtrArray) configs = NULL; - if ( !_ostree_sysroot_read_boot_loader_configs (self->sysroot, bootversion, &configs, cancellable, error)) + if (!_ostree_sysroot_read_boot_loader_configs (self->sysroot, bootversion, &configs, cancellable, + error)) return glnx_prefix_error (error, "s390x SE: loading bls configs"); if (!configs || configs->len == 0) return glnx_throw (error, "s390x SE: no bls config"); - OstreeBootconfigParser *parser = (OstreeBootconfigParser *) g_ptr_array_index (configs, 0); + OstreeBootconfigParser *parser = (OstreeBootconfigParser *)g_ptr_array_index (configs, 0); const gchar *val = NULL; val = ostree_bootconfig_parser_get (parser, "linux"); @@ -190,7 +185,7 @@ _ostree_secure_execution_get_bls_config (OstreeBootloaderZipl *self, val = ostree_bootconfig_parser_get (parser, "options"); if (!val) return glnx_throw (error, "s390x SE: no \"options\" key in bootloader config"); - *options = g_strdup(val); + *options = g_strdup (val); return TRUE; } @@ -198,73 +193,71 @@ _ostree_secure_execution_get_bls_config (OstreeBootloaderZipl *self, static gboolean _ostree_secure_execution_luks_key_exists (void) { - return (access(SECURE_EXECUTION_LUKS_CONFIG, F_OK) == 0 && - access(SECURE_EXECUTION_LUKS_ROOT_KEY, F_OK) == 0 && - access(SECURE_EXECUTION_LUKS_BOOT_KEY, F_OK) == 0); + return (access (SECURE_EXECUTION_LUKS_CONFIG, F_OK) == 0 + && access (SECURE_EXECUTION_LUKS_ROOT_KEY, F_OK) == 0 + && access (SECURE_EXECUTION_LUKS_BOOT_KEY, F_OK) == 0); } static gboolean -_ostree_secure_execution_append_luks_keys (int initrd_fd, - GCancellable *cancellable, - GError **error) +_ostree_secure_execution_append_luks_keys (int initrd_fd, GCancellable *cancellable, GError **error) { #ifdef HAVE_LIBARCHIVE // appending cpio gzip archive with LUKS keys - g_autoptr(OtAutoArchiveWrite) a = archive_write_new (); + g_autoptr (OtAutoArchiveWrite) a = archive_write_new (); g_assert (a != NULL); - if (archive_write_set_format_cpio_newc (a) != 0 || - archive_write_add_filter_gzip (a) != 0 || - archive_write_open_fd(a, initrd_fd) != 0) + if (archive_write_set_format_cpio_newc (a) != 0 || archive_write_add_filter_gzip (a) != 0 + || archive_write_open_fd (a, initrd_fd) != 0) return glnx_prefix_error (error, "s390x SE: initing cpio: %s", archive_error_string (a)); - const char *files[] = {"/etc", "/etc/luks", SECURE_EXECUTION_LUKS_CONFIG, SECURE_EXECUTION_LUKS_BOOT_KEY, SECURE_EXECUTION_LUKS_ROOT_KEY}; + const char *files[] = { "/etc", "/etc/luks", SECURE_EXECUTION_LUKS_CONFIG, + SECURE_EXECUTION_LUKS_BOOT_KEY, SECURE_EXECUTION_LUKS_ROOT_KEY }; for (uint i = 0; i != G_N_ELEMENTS (files); ++i) { const char *path = files[i]; struct stat st; - if (stat(path, &st) != 0) + if (stat (path, &st) != 0) glnx_throw_errno_prefix (error, "s390x SE: stat(%s) failed", path); - g_autoptr(OtArchiveEntry) ae = archive_entry_new (); + g_autoptr (OtArchiveEntry) ae = archive_entry_new (); g_assert (ae != NULL); archive_entry_copy_stat (ae, &st); archive_entry_set_pathname (ae, path); if (archive_write_header (a, ae) != 0) - glnx_prefix_error (error, "s390x SE: writing cpio header: %s", archive_error_string (a)); + glnx_prefix_error (error, "s390x SE: writing cpio header: %s", archive_error_string (a)); if (S_ISREG (st.st_mode)) { - ot_journal_print(LOG_INFO, "s390x SE: appending %s to initrd", path); + ot_journal_print (LOG_INFO, "s390x SE: appending %s to initrd", path); glnx_autofd int fd = -1; if (!glnx_openat_rdonly (AT_FDCWD, path, TRUE, &fd, error)) return glnx_prefix_error (error, "s390x SE: opening %s", path); - g_autoptr(GBytes) data = glnx_fd_readall_bytes (fd, cancellable, error); + g_autoptr (GBytes) data = glnx_fd_readall_bytes (fd, cancellable, error); if (!data) return glnx_prefix_error (error, "s390x SE: reading %s", path); gsize size = 0; - const char *ptr = (const char *) g_bytes_get_data (data, &size); + const char *ptr = (const char *)g_bytes_get_data (data, &size); ssize_t written = archive_write_data (a, ptr, size); if (written == -1) - return glnx_prefix_error (error, "s390x SE: writing cpio entry: %s", archive_error_string (a)); + return glnx_prefix_error (error, "s390x SE: writing cpio entry: %s", + archive_error_string (a)); if (written != size) - return glnx_prefix_error (error, "s390x SE: writing cpio entry %zd != %zu", written, size); + return glnx_prefix_error (error, "s390x SE: writing cpio entry %zd != %zu", written, + size); } } - ot_journal_print(LOG_INFO, "s390x SE: luks keys added to initrd"); + ot_journal_print (LOG_INFO, "s390x SE: luks keys added to initrd"); return TRUE; - #else +#else return glnx_throw (error, "'libarchive' is required for s390x"); - #endif +#endif } static gboolean -_ostree_secure_execution_generate_initrd (const gchar *initrd, - GLnxTmpfile *out_initrd, - GCancellable *cancellable, - GError **error) +_ostree_secure_execution_generate_initrd (const gchar *initrd, GLnxTmpfile *out_initrd, + GCancellable *cancellable, GError **error) { if (!_ostree_secure_execution_luks_key_exists ()) return glnx_throw (error, "s390x SE: missing luks keys and config"); @@ -275,7 +268,7 @@ _ostree_secure_execution_generate_initrd (const gchar *initrd, glnx_autofd int fd = -1; if (!glnx_openat_rdonly (AT_FDCWD, initrd, TRUE, &fd, error)) return glnx_prefix_error (error, "s390x SE: opening initrd"); - if (glnx_regfile_copy_bytes (fd, out_initrd->fd, (off_t) -1) < 0) + if (glnx_regfile_copy_bytes (fd, out_initrd->fd, (off_t)-1) < 0) return glnx_throw_errno_prefix (error, "s390x SE: copying ramdisk"); } @@ -283,22 +276,21 @@ _ostree_secure_execution_generate_initrd (const gchar *initrd, } static gboolean -_ostree_secure_execution_generate_sdboot (gchar *vmlinuz, - gchar *initramfs, - gchar *options, - GPtrArray *keys, - GCancellable *cancellable, +_ostree_secure_execution_generate_sdboot (gchar *vmlinuz, gchar *initramfs, gchar *options, + GPtrArray *keys, GCancellable *cancellable, GError **error) { g_assert (vmlinuz && initramfs && options && keys && keys->len); - ot_journal_print(LOG_INFO, "s390x SE: kernel: %s", vmlinuz); - ot_journal_print(LOG_INFO, "s390x SE: initrd: %s", initramfs); - ot_journal_print(LOG_INFO, "s390x SE: kargs: %s", options); + ot_journal_print (LOG_INFO, "s390x SE: kernel: %s", vmlinuz); + ot_journal_print (LOG_INFO, "s390x SE: initrd: %s", initramfs); + ot_journal_print (LOG_INFO, "s390x SE: kargs: %s", options); pid_t self = getpid (); // Store kernel options to temp file, so `genprotimg` can later embed it - g_auto(GLnxTmpfile) cmdline = { 0, }; + g_auto (GLnxTmpfile) cmdline = { + 0, + }; if (!glnx_open_anonymous_tmpfile (O_RDWR | O_CLOEXEC, &cmdline, error)) return glnx_prefix_error (error, "s390x SE: opening cmdline file"); if (glnx_loop_write (cmdline.fd, options, strlen (options)) < 0) @@ -306,12 +298,14 @@ _ostree_secure_execution_generate_sdboot (gchar *vmlinuz, g_autofree gchar *cmdline_filename = g_strdup_printf ("/proc/%d/fd/%d", self, cmdline.fd); // Copy initramfs to temp file and embed LUKS keys & config into it - g_auto(GLnxTmpfile) ramdisk = { 0, }; + g_auto (GLnxTmpfile) ramdisk = { + 0, + }; if (!_ostree_secure_execution_generate_initrd (initramfs, &ramdisk, cancellable, error)) return FALSE; g_autofree gchar *ramdisk_filename = g_strdup_printf ("/proc/%d/fd/%d", self, ramdisk.fd); - g_autoptr(GPtrArray) argv = g_ptr_array_new (); + g_autoptr (GPtrArray) argv = g_ptr_array_new (); g_ptr_array_add (argv, "genprotimg"); g_ptr_array_add (argv, "-i"); g_ptr_array_add (argv, vmlinuz); @@ -324,7 +318,7 @@ _ostree_secure_execution_generate_sdboot (gchar *vmlinuz, gchar *key = g_ptr_array_index (keys, i); g_ptr_array_add (argv, "-k"); g_ptr_array_add (argv, key); - ot_journal_print(LOG_INFO, "s390x SE: key[%d]: %s", i + 1, key); + ot_journal_print (LOG_INFO, "s390x SE: key[%d]: %s", i + 1, key); } g_ptr_array_add (argv, "--no-verify"); g_ptr_array_add (argv, "-o"); @@ -332,14 +326,14 @@ _ostree_secure_execution_generate_sdboot (gchar *vmlinuz, g_ptr_array_add (argv, NULL); gint status = 0; - if (!g_spawn_sync (NULL, (char**)argv->pdata, NULL, G_SPAWN_SEARCH_PATH, - NULL, NULL, NULL, NULL, &status, error)) - return glnx_prefix_error(error, "s390x SE: spawning genprotimg"); + if (!g_spawn_sync (NULL, (char **)argv->pdata, NULL, G_SPAWN_SEARCH_PATH, NULL, NULL, NULL, NULL, + &status, error)) + return glnx_prefix_error (error, "s390x SE: spawning genprotimg"); if (!g_spawn_check_exit_status (status, error)) - return glnx_prefix_error(error, "s390x SE: `genprotimg` failed"); + return glnx_prefix_error (error, "s390x SE: `genprotimg` failed"); - ot_journal_print(LOG_INFO, "s390x SE: `%s` generated", SECURE_EXECUTION_BOOT_IMAGE); + ot_journal_print (LOG_INFO, "s390x SE: `%s` generated", SECURE_EXECUTION_BOOT_IMAGE); return TRUE; } @@ -347,45 +341,42 @@ static gboolean _ostree_secure_execution_call_zipl (GError **error) { int status = 0; - const char *const zipl_argv[] = {"zipl", "-V", "-t", SECURE_EXECUTION_MOUNTPOINT, "-i", SECURE_EXECUTION_BOOT_IMAGE, NULL}; - if (!g_spawn_sync (NULL, (char**)zipl_argv, NULL, G_SPAWN_SEARCH_PATH, - NULL, NULL, NULL, NULL, &status, error)) - return glnx_prefix_error(error, "s390x SE: spawning zipl"); + const char *const zipl_argv[] = { + "zipl", "-V", "-t", SECURE_EXECUTION_MOUNTPOINT, "-i", SECURE_EXECUTION_BOOT_IMAGE, NULL + }; + if (!g_spawn_sync (NULL, (char **)zipl_argv, NULL, G_SPAWN_SEARCH_PATH, NULL, NULL, NULL, NULL, + &status, error)) + return glnx_prefix_error (error, "s390x SE: spawning zipl"); if (!g_spawn_check_exit_status (status, error)) - return glnx_prefix_error(error, "s390x SE: `zipl` failed"); + return glnx_prefix_error (error, "s390x SE: `zipl` failed"); - ot_journal_print(LOG_INFO, "s390x SE: `sdboot` zipled"); + ot_journal_print (LOG_INFO, "s390x SE: `sdboot` zipled"); return TRUE; } static gboolean -_ostree_secure_execution_enable (OstreeBootloaderZipl *self, - int bootversion, - GPtrArray *keys, - GCancellable *cancellable, - GError **error) +_ostree_secure_execution_enable (OstreeBootloaderZipl *self, int bootversion, GPtrArray *keys, + GCancellable *cancellable, GError **error) { - g_autofree gchar* vmlinuz = NULL; - g_autofree gchar* initramfs = NULL; - g_autofree gchar* options = NULL; - - gboolean rc = - _ostree_secure_execution_mount (error) && - _ostree_secure_execution_get_bls_config (self, bootversion, &vmlinuz, &initramfs, &options, cancellable, error) && - _ostree_secure_execution_generate_sdboot (vmlinuz, initramfs, options, keys, cancellable, error) && - _ostree_secure_execution_call_zipl (error) && - _ostree_secure_execution_umount (error); + g_autofree gchar *vmlinuz = NULL; + g_autofree gchar *initramfs = NULL; + g_autofree gchar *options = NULL; + + gboolean rc = _ostree_secure_execution_mount (error) + && _ostree_secure_execution_get_bls_config (self, bootversion, &vmlinuz, &initramfs, + &options, cancellable, error) + && _ostree_secure_execution_generate_sdboot (vmlinuz, initramfs, options, keys, + cancellable, error) + && _ostree_secure_execution_call_zipl (error) + && _ostree_secure_execution_umount (error); return rc; } - static gboolean -_ostree_bootloader_zipl_post_bls_sync (OstreeBootloader *bootloader, - int bootversion, - GCancellable *cancellable, - GError **error) +_ostree_bootloader_zipl_post_bls_sync (OstreeBootloader *bootloader, int bootversion, + GCancellable *cancellable, GError **error) { OstreeBootloaderZipl *self = OSTREE_BOOTLOADER_ZIPL (bootloader); @@ -394,7 +385,8 @@ _ostree_bootloader_zipl_post_bls_sync (OstreeBootloader *bootloader, */ g_assert (self->sysroot->booted_deployment); - if (!glnx_fstatat_allow_noent (self->sysroot->sysroot_fd, zipl_requires_execute_path, NULL, 0, error)) + if (!glnx_fstatat_allow_noent (self->sysroot->sysroot_fd, zipl_requires_execute_path, NULL, 0, + error)) return FALSE; /* If there's no stamp file, nothing to do */ @@ -403,11 +395,11 @@ _ostree_bootloader_zipl_post_bls_sync (OstreeBootloader *bootloader, /* Try with Secure Execution */ gboolean se_enabled = FALSE; - if ( !_ostree_secure_execution_is_enabled (&se_enabled, cancellable, error)) + if (!_ostree_secure_execution_is_enabled (&se_enabled, cancellable, error)) return FALSE; if (se_enabled) { - g_autoptr(GPtrArray) keys = NULL; + g_autoptr (GPtrArray) keys = NULL; if (!_ostree_secure_execution_get_keys (&keys, cancellable, error)) return FALSE; if (!keys || keys->len == 0) @@ -415,10 +407,10 @@ _ostree_bootloader_zipl_post_bls_sync (OstreeBootloader *bootloader, return _ostree_secure_execution_enable (self, bootversion, keys, cancellable, error); } /* Fallback to non-SE setup */ - const char *const zipl_argv[] = {"zipl", NULL}; + const char *const zipl_argv[] = { "zipl", NULL }; int estatus; - if (!g_spawn_sync (NULL, (char**)zipl_argv, NULL, G_SPAWN_SEARCH_PATH, - NULL, NULL, NULL, NULL, &estatus, error)) + if (!g_spawn_sync (NULL, (char **)zipl_argv, NULL, G_SPAWN_SEARCH_PATH, NULL, NULL, NULL, NULL, + &estatus, error)) return FALSE; if (!g_spawn_check_exit_status (estatus, error)) return FALSE; |