XBPS Library API 20260501
The X Binary Package System
transaction_internalize.c
1/*-
2 * Copyright (c) 2021 Duncan Overbruck <mail@duncano.de>
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25#include <errno.h>
26#include <fcntl.h>
27#include <limits.h>
28#include <stdlib.h>
29#include <string.h>
30
31#include <archive.h>
32#include <archive_entry.h>
33
34#include "xbps_api_impl.h"
35
36static int
37internalize_script(xbps_dictionary_t pkg_repod, const char *script,
38 struct archive *ar, struct archive_entry *entry)
39{
40 char buffer[BUFSIZ];
41 xbps_data_t data = NULL;
42 char *buf = NULL;
43 int64_t entry_size = archive_entry_size(entry);
44
45 if (entry_size == 0)
46 return 0;
47 if (entry_size < 0)
48 return -EINVAL;
49
50 if ((size_t)entry_size > sizeof buffer) {
51 buf = malloc(entry_size);
52 if (buf == NULL)
53 return -errno;
54 }
55
56 if (archive_read_data(ar, buf != NULL ? buf : buffer, entry_size) != entry_size) {
57 free(buf);
58 return -errno;
59 }
60
61 data = xbps_data_create_data(buf != NULL ? buf : buffer, entry_size);
62 if (data == NULL) {
63 free(buf);
64 return -errno;
65 }
66
67 free(buf);
68 xbps_dictionary_set(pkg_repod, script, data);
69 xbps_object_release(data);
70 return 0;
71}
72
73static int
74internalize_binpkg(struct xbps_handle *xhp, xbps_dictionary_t pkg_repod)
75{
76 char pkgfile[PATH_MAX];
77 xbps_dictionary_t filesd = NULL, propsd = NULL;
78 struct stat st;
79 struct archive *ar = NULL;
80 struct archive_entry *entry;
81 const char *pkgver, *pkgname, *binpkg_pkgver;
82 ssize_t l;
83 int pkg_fd = -1;
84 int rv = 0;
85
86 xbps_dictionary_get_cstring_nocopy(pkg_repod, "pkgver", &pkgver);
87 assert(pkgver);
88 xbps_dictionary_get_cstring_nocopy(pkg_repod, "pkgname", &pkgname);
89 assert(pkgname);
90
91 l = xbps_pkg_path(xhp, pkgfile, sizeof(pkgfile), pkg_repod);
92 if (l < 0)
93 return l;
94
95 if ((ar = archive_read_new()) == NULL)
96 return -errno;
97
98 /*
99 * Enable support for tar format and gzip/bzip2/lzma compression methods.
100 */
101 archive_read_support_filter_gzip(ar);
102 archive_read_support_filter_bzip2(ar);
103 archive_read_support_filter_xz(ar);
104 archive_read_support_filter_lz4(ar);
105 archive_read_support_filter_zstd(ar);
106 archive_read_support_format_tar(ar);
107
108 pkg_fd = open(pkgfile, O_RDONLY|O_CLOEXEC);
109 if (pkg_fd == -1) {
110 rv = -errno;
111 xbps_set_cb_state(xhp, XBPS_STATE_FILES_FAIL,
112 -rv, pkgver,
113 "%s: failed to open binary package `%s': %s",
114 pkgver, pkgfile, strerror(rv));
115 goto out;
116 }
117 if (fstat(pkg_fd, &st) == -1) {
118 rv = -errno;
119 xbps_set_cb_state(xhp, XBPS_STATE_FILES_FAIL,
120 -rv, pkgver,
121 "%s: failed to fstat binary package `%s': %s",
122 pkgver, pkgfile, strerror(rv));
123 goto out;
124 }
125 if (archive_read_open_fd(ar, pkg_fd, st.st_blksize) == ARCHIVE_FATAL) {
126 rv = xbps_archive_errno(ar);
127 xbps_set_cb_state(xhp, XBPS_STATE_FILES_FAIL,
128 -rv, pkgver,
129 "%s: failed to read binary package `%s': %s",
130 pkgver, pkgfile, strerror(rv));
131 goto out;
132 }
133
134 for (uint8_t i = 0; i < 4; i++) {
135 const char *entry_pname;
136 int ar_rv = archive_read_next_header(ar, &entry);
137 if (ar_rv == ARCHIVE_EOF || ar_rv == ARCHIVE_FATAL)
138 break;
139 else if (ar_rv == ARCHIVE_RETRY)
140 continue;
141
142 entry_pname = archive_entry_pathname(entry);
143 if (!entry_pname)
144 xbps_unreachable();
145
146 if (strcmp("./INSTALL", entry_pname) == 0) {
147 rv = internalize_script(pkg_repod, "install-script", ar, entry);
148 if (rv < 0)
149 goto out;
150 } else if (strcmp("./REMOVE", entry_pname) == 0) {
151 rv = internalize_script(pkg_repod, "remove-script", ar, entry);
152 if (rv < 0)
153 goto out;
154 } else if ((strcmp("./files.plist", entry_pname)) == 0) {
155 filesd = xbps_archive_get_dictionary(ar, entry);
156 if (filesd == NULL) {
157 rv = -EINVAL;
158 goto out;
159 }
160 } else if (strcmp("./props.plist", entry_pname) == 0) {
161 propsd = xbps_archive_get_dictionary(ar, entry);
162 if (propsd == NULL) {
163 rv = -EINVAL;
164 goto out;
165 }
166 } else {
167 break;
168 }
169 }
170
171 /*
172 * Bail out if required metadata files are not in archive.
173 */
174 if (propsd == NULL || filesd == NULL) {
175 rv = -ENODEV;
176 xbps_set_cb_state(xhp, XBPS_STATE_FILES_FAIL, -rv, pkgver,
177 "%s: [files] invalid binary package `%s'.", pkgver, pkgfile);
178 goto out;
179 }
180
181 /*
182 * Bail out if repo pkgver does not match binpkg pkgver, i.e. downgrade attack
183 * by advertising a old signed package with a new version.
184 */
185 xbps_dictionary_get_cstring_nocopy(propsd, "pkgver", &binpkg_pkgver);
186 if (strcmp(pkgver, binpkg_pkgver) != 0) {
187 rv = -EINVAL;
188 xbps_set_cb_state(xhp, XBPS_STATE_FILES_FAIL, -rv, pkgver,
189 "%s: [files] pkgver mismatch repodata: `%s' binpkg: `%s'.",
190 pkgfile, pkgver, binpkg_pkgver);
191 goto out;
192 }
193
194out:
195 xbps_object_release(propsd);
196 xbps_object_release(filesd);
197 if (pkg_fd != -1)
198 close(pkg_fd);
199 if (ar != NULL)
200 archive_read_free(ar);
201 return rv;
202}
203
204int
205xbps_transaction_internalize(struct xbps_handle *xhp, xbps_object_iterator_t iter)
206{
207 xbps_object_t obj;
208
209 assert(xhp);
210 assert(iter);
211
212 while ((obj = xbps_object_iterator_next(iter)) != NULL) {
213 xbps_trans_type_t ttype;
214 int rv;
215
216 ttype = xbps_transaction_pkg_type(obj);
217 switch (ttype) {
218 case XBPS_TRANS_INSTALL:
219 case XBPS_TRANS_UPDATE:
220 case XBPS_TRANS_REINSTALL:
221 break;
222 default:
223 continue;
224 }
225 rv = internalize_binpkg(xhp, obj);
226 if (rv < 0)
227 return rv;
228 }
229 xbps_object_iterator_reset(iter);
230
231 return 0;
232}
xbps_handle
Generic XBPS structure handler for initialization.
Definition xbps.h:560
xbps_unreachable
#define xbps_unreachable()
Log and abort for code that should be unreachable.
Definition xbps.h:783
xbps_transaction_pkg_type
xbps_trans_type_t xbps_transaction_pkg_type(xbps_dictionary_t pkg_repod)
Definition transaction_ops.c:559
xbps_trans_type_t
xbps_trans_type_t
Definition xbps.h:1400
xbps_pkg_path
ssize_t xbps_pkg_path(struct xbps_handle *xhp, char *dst, size_t dstsz, xbps_dictionary_t pkgd)
Definition util.c:321
Generated on for XBPS Library API by doxygen 1.14.0