afan
/
gitea
Obserwuj 1
Gwiazdka 0
Forkuj 0
Kod Problemy 0 Pull Requests 0 Wydania 0 Wiki Aktywność
gitea源码
3 Commity
2 Gałęzie
Gałąź: master
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z 'master'
${ noResults }
gitea/services/packages/arch/repository.go

repository.go 12KB
Bezpośredni odnośnik Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418 
  1. // Copyright 2024 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package arch

  5. 

  6. import (

  7. 	"archive/tar"

  8. 	"bytes"

  9. 	"compress/gzip"

  10. 	"context"

  11. 	"encoding/base64"

  12. 	"errors"

  13. 	"fmt"

  14. 	"io"

  15. 	"os"

  16. 	"strconv"

  17. 	"strings"

  18. 

  19. 	packages_model "code.gitea.io/gitea/models/packages"

  20. 	arch_model "code.gitea.io/gitea/models/packages/arch"

  21. 	user_model "code.gitea.io/gitea/models/user"

  22. 	"code.gitea.io/gitea/modules/container"

  23. 	"code.gitea.io/gitea/modules/globallock"

  24. 	"code.gitea.io/gitea/modules/json"

  25. 	packages_module "code.gitea.io/gitea/modules/packages"

  26. 	arch_module "code.gitea.io/gitea/modules/packages/arch"

  27. 	"code.gitea.io/gitea/modules/util"

  28. 	packages_service "code.gitea.io/gitea/services/packages"

  29. 

  30. 	"github.com/ProtonMail/go-crypto/openpgp"

  31. 	"github.com/ProtonMail/go-crypto/openpgp/armor"

  32. 	"github.com/ProtonMail/go-crypto/openpgp/packet"

  33. )

  34. 

  35. const (

  36. 	IndexArchiveFilename = "packages.db"

  37. )

  38. 

  39. func AquireRegistryLock(ctx context.Context, ownerID int64) (globallock.ReleaseFunc, error) {

  40. 	return globallock.Lock(ctx, fmt.Sprintf("packages_arch_%d", ownerID))

  41. }

  42. 

  43. // GetOrCreateRepositoryVersion gets or creates the internal repository package

  44. // The Arch registry needs multiple index files which are stored in this package.

  45. func GetOrCreateRepositoryVersion(ctx context.Context, ownerID int64) (*packages_model.PackageVersion, error) {

  46. 	return packages_service.GetOrCreateInternalPackageVersion(ctx, ownerID, packages_model.TypeArch, arch_module.RepositoryPackage, arch_module.RepositoryVersion)

  47. }

  48. 

  49. // GetOrCreateKeyPair gets or creates the PGP keys used to sign repository files

  50. func GetOrCreateKeyPair(ctx context.Context, ownerID int64) (string, string, error) {

  51. 	priv, err := user_model.GetSetting(ctx, ownerID, arch_module.SettingKeyPrivate)

  52. 	if err != nil && !errors.Is(err, util.ErrNotExist) {

  53. 		return "", "", err

  54. 	}

  55. 

  56. 	pub, err := user_model.GetSetting(ctx, ownerID, arch_module.SettingKeyPublic)

  57. 	if err != nil && !errors.Is(err, util.ErrNotExist) {

  58. 		return "", "", err

  59. 	}

  60. 

  61. 	if priv == "" || pub == "" {

  62. 		priv, pub, err = generateKeypair()

  63. 		if err != nil {

  64. 			return "", "", err

  65. 		}

  66. 

  67. 		if err := user_model.SetUserSetting(ctx, ownerID, arch_module.SettingKeyPrivate, priv); err != nil {

  68. 			return "", "", err

  69. 		}

  70. 

  71. 		if err := user_model.SetUserSetting(ctx, ownerID, arch_module.SettingKeyPublic, pub); err != nil {

  72. 			return "", "", err

  73. 		}

  74. 	}

  75. 

  76. 	return priv, pub, nil

  77. }

  78. 

  79. func generateKeypair() (string, string, error) {

  80. 	e, err := openpgp.NewEntity("", "Arch Registry", "", nil)

  81. 	if err != nil {

  82. 		return "", "", err

  83. 	}

  84. 

  85. 	var priv strings.Builder

  86. 	var pub strings.Builder

  87. 

  88. 	w, err := armor.Encode(&priv, openpgp.PrivateKeyType, nil)

  89. 	if err != nil {

  90. 		return "", "", err

  91. 	}

  92. 	if err := e.SerializePrivate(w, nil); err != nil {

  93. 		return "", "", err

  94. 	}

  95. 	w.Close()

  96. 

  97. 	w, err = armor.Encode(&pub, openpgp.PublicKeyType, nil)

  98. 	if err != nil {

  99. 		return "", "", err

  100. 	}

  101. 	if err := e.Serialize(w); err != nil {

  102. 		return "", "", err

  103. 	}

  104. 	w.Close()

  105. 

  106. 	return priv.String(), pub.String(), nil

  107. }

  108. 

  109. func SignData(ctx context.Context, ownerID int64, r io.Reader) ([]byte, error) {

  110. 	priv, _, err := GetOrCreateKeyPair(ctx, ownerID)

  111. 	if err != nil {

  112. 		return nil, err

  113. 	}

  114. 

  115. 	block, err := armor.Decode(strings.NewReader(priv))

  116. 	if err != nil {

  117. 		return nil, err

  118. 	}

  119. 

  120. 	e, err := openpgp.ReadEntity(packet.NewReader(block.Body))

  121. 	if err != nil {

  122. 		return nil, err

  123. 	}

  124. 

  125. 	buf := &bytes.Buffer{}

  126. 	if err := openpgp.DetachSign(buf, e, r, nil); err != nil {

  127. 		return nil, err

  128. 	}

  129. 

  130. 	return buf.Bytes(), nil

  131. }

  132. 

  133. // BuildAllRepositoryFiles (re)builds all repository files for every available repositories and architectures

  134. func BuildAllRepositoryFiles(ctx context.Context, ownerID int64) error {

  135. 	pv, err := GetOrCreateRepositoryVersion(ctx, ownerID)

  136. 	if err != nil {

  137. 		return err

  138. 	}

  139. 

  140. 	// 1. Delete all existing repository files

  141. 	pfs, err := packages_model.GetFilesByVersionID(ctx, pv.ID)

  142. 	if err != nil {

  143. 		return err

  144. 	}

  145. 

  146. 	for _, pf := range pfs {

  147. 		if err := packages_service.DeletePackageFile(ctx, pf); err != nil {

  148. 			return err

  149. 		}

  150. 	}

  151. 

  152. 	// 2. (Re)Build repository files for existing packages

  153. 	repositories, err := arch_model.GetRepositories(ctx, ownerID)

  154. 	if err != nil {

  155. 		return err

  156. 	}

  157. 	for _, repository := range repositories {

  158. 		architectures, err := arch_model.GetArchitectures(ctx, ownerID, repository)

  159. 		if err != nil {

  160. 			return err

  161. 		}

  162. 		for _, architecture := range architectures {

  163. 			if err := buildPackagesIndex(ctx, ownerID, pv, repository, architecture); err != nil {

  164. 				return fmt.Errorf("failed to build repository files [%s/%s]: %w", repository, architecture, err)

  165. 			}

  166. 		}

  167. 	}

  168. 

  169. 	return nil

  170. }

  171. 

  172. // BuildSpecificRepositoryFiles builds index files for the repository

  173. func BuildSpecificRepositoryFiles(ctx context.Context, ownerID int64, repository, architecture string) error {

  174. 	pv, err := GetOrCreateRepositoryVersion(ctx, ownerID)

  175. 	if err != nil {

  176. 		return err

  177. 	}

  178. 

  179. 	architectures := container.SetOf(architecture)

  180. 	if architecture == arch_module.AnyArch {

  181. 		// Update all other architectures too when updating the any index

  182. 		additionalArchitectures, err := arch_model.GetArchitectures(ctx, ownerID, repository)

  183. 		if err != nil {

  184. 			return err

  185. 		}

  186. 		architectures.AddMultiple(additionalArchitectures...)

  187. 	}

  188. 

  189. 	for architecture := range architectures {

  190. 		if err := buildPackagesIndex(ctx, ownerID, pv, repository, architecture); err != nil {

  191. 			return err

  192. 		}

  193. 	}

  194. 	return nil

  195. }

  196. 

  197. func searchPackageFiles(ctx context.Context, ownerID int64, repository, architecture string) ([]*packages_model.PackageFile, error) {

  198. 	pfs, _, err := packages_model.SearchFiles(ctx, &packages_model.PackageFileSearchOptions{

  199. 		OwnerID:     ownerID,

  200. 		PackageType: packages_model.TypeArch,

  201. 		Query:       "%.pkg.tar.%",

  202. 		Properties: map[string]string{

  203. 			arch_module.PropertyRepository:   repository,

  204. 			arch_module.PropertyArchitecture: architecture,

  205. 		},

  206. 	})

  207. 	if err != nil {

  208. 		return nil, err

  209. 	}

  210. 	return pfs, nil

  211. }

  212. 

  213. func buildPackagesIndex(ctx context.Context, ownerID int64, repoVersion *packages_model.PackageVersion, repository, architecture string) error {

  214. 	pfs, err := searchPackageFiles(ctx, ownerID, repository, architecture)

  215. 	if err != nil {

  216. 		return err

  217. 	}

  218. 	if architecture != arch_module.AnyArch {

  219. 		// Add all any packages too

  220. 		anyarchFiles, err := searchPackageFiles(ctx, ownerID, repository, arch_module.AnyArch)

  221. 		if err != nil {

  222. 			return err

  223. 		}

  224. 		pfs = append(pfs, anyarchFiles...)

  225. 	}

  226. 

  227. 	// Delete the package indices if there are no packages

  228. 	if len(pfs) == 0 {

  229. 		pf, err := packages_model.GetFileForVersionByName(ctx, repoVersion.ID, IndexArchiveFilename, fmt.Sprintf("%s|%s", repository, architecture))

  230. 		if err != nil && !errors.Is(err, util.ErrNotExist) {

  231. 			return err

  232. 		} else if pf == nil {

  233. 			return nil

  234. 		}

  235. 

  236. 		return packages_service.DeletePackageFile(ctx, pf)

  237. 	}

  238. 

  239. 	vpfs := make(map[int64]*entryOptions)

  240. 	for _, pf := range pfs {

  241. 		current := &entryOptions{

  242. 			File: pf,

  243. 		}

  244. 		current.Version, err = packages_model.GetVersionByID(ctx, pf.VersionID)

  245. 		if err != nil {

  246. 			return err

  247. 		}

  248. 

  249. 		// here we compare the versions but not using SearchLatestVersions because we shouldn't allow "downgrading" to a older version by "latest" one.

  250. 		// https://wiki.archlinux.org/title/Downgrading_packages : randomly downgrading can mess up dependencies:

  251. 		// If a downgrade involves a soname change, all dependencies may need downgrading or rebuilding too.

  252. 		if old, ok := vpfs[current.Version.PackageID]; ok {

  253. 			if compareVersions(old.Version.Version, current.Version.Version) == -1 {

  254. 				vpfs[current.Version.PackageID] = current

  255. 			}

  256. 		} else {

  257. 			vpfs[current.Version.PackageID] = current

  258. 		}

  259. 	}

  260. 

  261. 	indexContent, _ := packages_module.NewHashedBuffer()

  262. 	defer indexContent.Close()

  263. 

  264. 	gw := gzip.NewWriter(indexContent)

  265. 	tw := tar.NewWriter(gw)

  266. 

  267. 	cache := make(map[int64]*packages_model.Package)

  268. 

  269. 	for _, opts := range vpfs {

  270. 		if err := json.Unmarshal([]byte(opts.Version.MetadataJSON), &opts.VersionMetadata); err != nil {

  271. 			return err

  272. 		}

  273. 		opts.Package = cache[opts.Version.PackageID]

  274. 		if opts.Package == nil {

  275. 			opts.Package, err = packages_model.GetPackageByID(ctx, opts.Version.PackageID)

  276. 			if err != nil {

  277. 				return err

  278. 			}

  279. 			cache[opts.Package.ID] = opts.Package

  280. 		}

  281. 		opts.Blob, err = packages_model.GetBlobByID(ctx, opts.File.BlobID)

  282. 		if err != nil {

  283. 			return err

  284. 		}

  285. 

  286. 		sig, err := packages_model.GetPropertiesByName(ctx, packages_model.PropertyTypeFile, opts.File.ID, arch_module.PropertySignature)

  287. 		if err != nil {

  288. 			return err

  289. 		}

  290. 		if len(sig) == 0 {

  291. 			return util.ErrNotExist

  292. 		}

  293. 		opts.Signature = sig[0].Value

  294. 

  295. 		meta, err := packages_model.GetPropertiesByName(ctx, packages_model.PropertyTypeFile, opts.File.ID, arch_module.PropertyMetadata)

  296. 		if err != nil {

  297. 			return err

  298. 		}

  299. 		if len(meta) == 0 {

  300. 			return util.ErrNotExist

  301. 		}

  302. 		if err := json.Unmarshal([]byte(meta[0].Value), &opts.FileMetadata); err != nil {

  303. 			return err

  304. 		}

  305. 

  306. 		if err := writeFiles(tw, opts); err != nil {

  307. 			return err

  308. 		}

  309. 		if err := writeDescription(tw, opts); err != nil {

  310. 			return err

  311. 		}

  312. 	}

  313. 

  314. 	tw.Close()

  315. 	gw.Close()

  316. 

  317. 	signature, err := SignData(ctx, ownerID, indexContent)

  318. 	if err != nil {

  319. 		return err

  320. 	}

  321. 

  322. 	if _, err := indexContent.Seek(0, io.SeekStart); err != nil {

  323. 		return err

  324. 	}

  325. 

  326. 	_, err = packages_service.AddFileToPackageVersionInternal(

  327. 		ctx,

  328. 		repoVersion,

  329. 		&packages_service.PackageFileCreationInfo{

  330. 			PackageFileInfo: packages_service.PackageFileInfo{

  331. 				Filename:     IndexArchiveFilename,

  332. 				CompositeKey: fmt.Sprintf("%s|%s", repository, architecture),

  333. 			},

  334. 			Creator:           user_model.NewGhostUser(),

  335. 			Data:              indexContent,

  336. 			IsLead:            false,

  337. 			OverwriteExisting: true,

  338. 			Properties: map[string]string{

  339. 				arch_module.PropertyRepository:   repository,

  340. 				arch_module.PropertyArchitecture: architecture,

  341. 				arch_module.PropertySignature:    base64.StdEncoding.EncodeToString(signature),

  342. 			},

  343. 		},

  344. 	)

  345. 	return err

  346. }

  347. 

  348. type entryOptions struct {

  349. 	Package         *packages_model.Package

  350. 	Version         *packages_model.PackageVersion

  351. 	VersionMetadata *arch_module.VersionMetadata

  352. 	File            *packages_model.PackageFile

  353. 	FileMetadata    *arch_module.FileMetadata

  354. 	Blob            *packages_model.PackageBlob

  355. 	Signature       string

  356. }

  357. 

  358. type keyValue struct {

  359. 	Key   string

  360. 	Value string

  361. }

  362. 

  363. func writeFiles(tw *tar.Writer, opts *entryOptions) error {

  364. 	return writeFields(tw, fmt.Sprintf("%s-%s/files", opts.Package.Name, opts.Version.Version), []keyValue{

  365. 		{"FILES", strings.Join(opts.FileMetadata.Files, "\n")},

  366. 	})

  367. }

  368. 

  369. // https://gitlab.archlinux.org/pacman/pacman/-/blob/master/lib/libalpm/be_sync.c#L562

  370. func writeDescription(tw *tar.Writer, opts *entryOptions) error {

  371. 	return writeFields(tw, fmt.Sprintf("%s-%s/desc", opts.Package.Name, opts.Version.Version), []keyValue{

  372. 		{"FILENAME", opts.File.Name},

  373. 		{"MD5SUM", opts.Blob.HashMD5},

  374. 		{"SHA256SUM", opts.Blob.HashSHA256},

  375. 		{"PGPSIG", opts.Signature},

  376. 		{"CSIZE", strconv.FormatInt(opts.Blob.Size, 10)},

  377. 		{"ISIZE", strconv.FormatInt(opts.FileMetadata.InstalledSize, 10)},

  378. 		{"NAME", opts.Package.Name},

  379. 		{"BASE", opts.FileMetadata.Base},

  380. 		{"ARCH", opts.FileMetadata.Architecture},

  381. 		{"VERSION", opts.Version.Version},

  382. 		{"DESC", opts.VersionMetadata.Description},

  383. 		{"URL", opts.VersionMetadata.ProjectURL},

  384. 		{"LICENSE", strings.Join(opts.VersionMetadata.Licenses, "\n")},

  385. 		{"GROUPS", strings.Join(opts.FileMetadata.Groups, "\n")},

  386. 		{"BUILDDATE", strconv.FormatInt(opts.FileMetadata.BuildDate, 10)},

  387. 		{"PACKAGER", opts.FileMetadata.Packager},

  388. 		{"PROVIDES", strings.Join(opts.FileMetadata.Provides, "\n")},

  389. 		{"REPLACES", strings.Join(opts.FileMetadata.Replaces, "\n")},

  390. 		{"CONFLICTS", strings.Join(opts.FileMetadata.Conflicts, "\n")},

  391. 		{"DEPENDS", strings.Join(opts.FileMetadata.Depends, "\n")},

  392. 		{"OPTDEPENDS", strings.Join(opts.FileMetadata.OptDepends, "\n")},

  393. 		{"MAKEDEPENDS", strings.Join(opts.FileMetadata.MakeDepends, "\n")},

  394. 		{"CHECKDEPENDS", strings.Join(opts.FileMetadata.CheckDepends, "\n")},

  395. 	})

  396. }

  397. 

  398. func writeFields(tw *tar.Writer, filename string, fields []keyValue) error {

  399. 	buf := &bytes.Buffer{}

  400. 	for _, kv := range fields {

  401. 		if kv.Value == "" {

  402. 			continue

  403. 		}

  404. 		fmt.Fprintf(buf, "%%%s%%\n%s\n\n", kv.Key, kv.Value)

  405. 	}

  406. 

  407. 	if err := tw.WriteHeader(&tar.Header{

  408. 		Name: filename,

  409. 		Size: int64(buf.Len()),

  410. 		Mode: int64(os.ModePerm),

  411. 	}); err != nil {

  412. 		return err

  413. 	}

  414. 

  415. 	_, err := io.Copy(tw, buf)

  416. 	return err

  417. }