XBPS Library API 20240111
The X Binary Package System
transaction_fetch.c
1/*-
2 * Copyright (c) 2009-2015 Juan Romero Pardines.
3 * Copyright (c) 2019 Duncan Overbruck <mail@duncano.de>.
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27#include <errno.h>
28#include <limits.h>
29#include <stdlib.h>
30#include <string.h>
31#include <unistd.h>
32
33#include "xbps_api_impl.h"
34#include "fetch.h"
35
36static int
37verify_binpkg(struct xbps_handle *xhp, xbps_dictionary_t pkgd)
38{
39 char binfile[PATH_MAX];
40 struct xbps_repo *repo;
41 const char *pkgver, *repoloc, *sha256;
42 ssize_t l;
43 int rv = 0;
44
45 xbps_dictionary_get_cstring_nocopy(pkgd, "repository", &repoloc);
46 xbps_dictionary_get_cstring_nocopy(pkgd, "pkgver", &pkgver);
47
48 l = xbps_pkg_path(xhp, binfile, sizeof(binfile), pkgd);
49 if (l < 0)
50 return -l;
51
52 /*
53 * For pkgs in local repos check the sha256 hash.
54 * For pkgs in remote repos check the RSA signature.
55 */
56 if ((repo = xbps_rpool_get_repo(repoloc)) == NULL) {
57 rv = errno;
58 xbps_dbg_printf("%s: failed to get repository "
59 "%s: %s\n", pkgver, repoloc, strerror(errno));
60 return rv;
61 }
62 if (repo->is_remote) {
63 /* remote repo */
64 xbps_set_cb_state(xhp, XBPS_STATE_VERIFY, 0, pkgver,
65 "%s: verifying RSA signature...", pkgver);
66
67 if (!xbps_verify_file_signature(repo, binfile)) {
68 rv = EPERM;
69 xbps_set_cb_state(xhp, XBPS_STATE_VERIFY_FAIL, rv, pkgver,
70 "%s: the RSA signature is not valid!", pkgver);
71 xbps_set_cb_state(xhp, XBPS_STATE_VERIFY_FAIL, rv, pkgver,
72 "%s: removed pkg archive and its signature.", pkgver);
73 (void)remove(binfile);
74 if (xbps_strlcat(binfile, ".sig2", sizeof(binfile)) < sizeof(binfile))
75 (void)remove(binfile);
76 return rv;
77 }
78 } else {
79 /* local repo */
80 xbps_set_cb_state(xhp, XBPS_STATE_VERIFY, 0, pkgver,
81 "%s: verifying SHA256 hash...", pkgver);
82 xbps_dictionary_get_cstring_nocopy(pkgd, "filename-sha256", &sha256);
83 if ((rv = xbps_file_sha256_check(binfile, sha256)) != 0) {
84 xbps_set_cb_state(xhp, XBPS_STATE_VERIFY_FAIL, rv, pkgver,
85 "%s: SHA256 hash is not valid: %s", pkgver, strerror(rv));
86 return rv;
87 }
88
89 }
90
91 return 0;
92}
93
94static int
95download_binpkg(struct xbps_handle *xhp, xbps_dictionary_t repo_pkgd)
96{
97 struct xbps_repo *repo;
98 char buf[PATH_MAX];
99 char *sigsuffix;
100 const char *pkgver, *arch, *fetchstr, *repoloc;
101 unsigned char digest[XBPS_SHA256_DIGEST_SIZE] = {0};
102 int rv = 0;
103
104 xbps_dictionary_get_cstring_nocopy(repo_pkgd, "repository", &repoloc);
105 if (!xbps_repository_is_remote(repoloc))
106 return ENOTSUP;
107
108 xbps_dictionary_get_cstring_nocopy(repo_pkgd, "pkgver", &pkgver);
109 xbps_dictionary_get_cstring_nocopy(repo_pkgd, "architecture", &arch);
110
111 snprintf(buf, sizeof buf, "%s/%s.%s.xbps.sig2", repoloc, pkgver, arch);
112 sigsuffix = buf+(strlen(buf)-sizeof (".sig2")+1);
113
114 xbps_set_cb_state(xhp, XBPS_STATE_DOWNLOAD, 0, pkgver,
115 "Downloading `%s' signature (from `%s')...", pkgver, repoloc);
116
117 if ((rv = xbps_fetch_file(xhp, buf, NULL)) == -1) {
118 rv = fetchLastErrCode ? fetchLastErrCode : errno;
119 fetchstr = xbps_fetch_error_string();
120 xbps_set_cb_state(xhp, XBPS_STATE_DOWNLOAD_FAIL, rv,
121 pkgver, "[trans] failed to download `%s' signature from `%s': %s",
122 pkgver, repoloc, fetchstr ? fetchstr : strerror(rv));
123 return rv;
124 }
125 rv = 0;
126
127 *sigsuffix = '\0';
128
129 xbps_set_cb_state(xhp, XBPS_STATE_DOWNLOAD, 0, pkgver,
130 "Downloading `%s' package (from `%s')...", pkgver, repoloc);
131
132 if ((rv = xbps_fetch_file_sha256(xhp, buf, NULL, digest,
133 sizeof digest)) == -1) {
134 rv = fetchLastErrCode ? fetchLastErrCode : errno;
135 fetchstr = xbps_fetch_error_string();
136 xbps_set_cb_state(xhp, XBPS_STATE_DOWNLOAD_FAIL, rv,
137 pkgver, "[trans] failed to download `%s' package from `%s': %s",
138 pkgver, repoloc, fetchstr ? fetchstr : strerror(rv));
139 return rv;
140 }
141 rv = 0;
142
143 xbps_set_cb_state(xhp, XBPS_STATE_VERIFY, 0, pkgver,
144 "%s: verifying RSA signature...", pkgver);
145
146 snprintf(buf, sizeof buf, "%s/%s.%s.xbps.sig2", xhp->cachedir, pkgver, arch);
147 sigsuffix = buf+(strlen(buf)-sizeof (".sig2")+1);
148
149 if ((repo = xbps_rpool_get_repo(repoloc)) == NULL) {
150 rv = errno;
151 xbps_dbg_printf("%s: failed to get repository "
152 "%s: %s\n", pkgver, repoloc, strerror(errno));
153 return rv;
154 }
155
156 /*
157 * If digest is not set, binary package was not downloaded,
158 * i.e. 304 not modified, verify by file instead.
159 */
160 if (fetchLastErrCode == FETCH_UNCHANGED) {
161 *sigsuffix = '\0';
162 if (!xbps_verify_file_signature(repo, buf)) {
163 rv = EPERM;
164 /* remove binpkg */
165 (void)remove(buf);
166 /* remove signature */
167 *sigsuffix = '.';
168 (void)remove(buf);
169 }
170 } else {
171 if (!xbps_verify_signature(repo, buf, digest)) {
172 rv = EPERM;
173 /* remove signature */
174 (void)remove(buf);
175 /* remove binpkg */
176 *sigsuffix = '\0';
177 (void)remove(buf);
178 }
179 }
180
181 if (rv == EPERM) {
182 xbps_set_cb_state(xhp, XBPS_STATE_VERIFY_FAIL, rv, pkgver,
183 "%s: the RSA signature is not valid!", pkgver);
184 xbps_set_cb_state(xhp, XBPS_STATE_VERIFY_FAIL, rv, pkgver,
185 "%s: removed pkg archive and its signature.", pkgver);
186 }
187
188 return rv;
189}
190
191int
192xbps_transaction_fetch(struct xbps_handle *xhp, xbps_object_iterator_t iter)
193{
194 xbps_array_t fetch = NULL, verify = NULL;
195 xbps_object_t obj;
196 xbps_trans_type_t ttype;
197 const char *repoloc;
198 int rv = 0;
199 unsigned int i, n;
200
201 xbps_object_iterator_reset(iter);
202
203 while ((obj = xbps_object_iterator_next(iter)) != NULL) {
204 ttype = xbps_transaction_pkg_type(obj);
205 if (ttype == XBPS_TRANS_REMOVE || ttype == XBPS_TRANS_HOLD ||
206 ttype == XBPS_TRANS_CONFIGURE) {
207 continue;
208 }
209 xbps_dictionary_get_cstring_nocopy(obj, "repository", &repoloc);
210
211 /*
212 * Download binary package and signature if either one
213 * of them don't exist.
214 */
215 if (xbps_repository_is_remote(repoloc) &&
216 !xbps_remote_binpkg_exists(xhp, obj)) {
217 if (!fetch && !(fetch = xbps_array_create())) {
218 rv = errno;
219 goto out;
220 }
221 xbps_array_add(fetch, obj);
222 continue;
223 }
224
225 /*
226 * Verify binary package from local repository or cache.
227 */
228 if (!verify && !(verify = xbps_array_create())) {
229 rv = errno;
230 goto out;
231 }
232 xbps_array_add(verify, obj);
233 }
234 xbps_object_iterator_reset(iter);
235
236 /*
237 * Download binary packages (if they come from a remote repository)
238 * and don't exist already.
239 */
240 n = xbps_array_count(fetch);
241 if (n) {
242 xbps_set_cb_state(xhp, XBPS_STATE_TRANS_DOWNLOAD, 0, NULL, NULL);
243 xbps_dbg_printf("[trans] downloading %d packages.\n", n);
244 }
245 for (i = 0; i < n; i++) {
246 if ((rv = download_binpkg(xhp, xbps_array_get(fetch, i))) != 0) {
247 xbps_dbg_printf("[trans] failed to download binpkgs: "
248 "%s\n", strerror(rv));
249 goto out;
250 }
251 }
252
253 /*
254 * Check binary package integrity.
255 */
256 n = xbps_array_count(verify);
257 if (n) {
258 xbps_set_cb_state(xhp, XBPS_STATE_TRANS_VERIFY, 0, NULL, NULL);
259 xbps_dbg_printf("[trans] verifying %d packages.\n", n);
260 }
261 for (i = 0; i < n; i++) {
262 if ((rv = verify_binpkg(xhp, xbps_array_get(verify, i))) != 0) {
263 xbps_dbg_printf("[trans] failed to check binpkgs: "
264 "%s\n", strerror(rv));
265 goto out;
266 }
267 }
268
269out:
270 if (fetch)
271 xbps_object_release(fetch);
272 if (verify)
273 xbps_object_release(verify);
274 return rv;
275}
xbps_fetch_file_sha256
int xbps_fetch_file_sha256(struct xbps_handle *xhp, const char *uri, const char *flags, unsigned char *digest, size_t digestlen)
Definition download.c:346
xbps_fetch_error_string
const char * xbps_fetch_error_string(void)
Definition download.c:89
xbps_fetch_file
int xbps_fetch_file(struct xbps_handle *xhp, const char *uri, const char *flags)
Definition download.c:362
xbps_handle::cachedir
char cachedir[XBPS_MAXPATH+sizeof(XBPS_CACHE_PATH)]
Definition xbps.h:657
xbps_handle
Generic XBPS structure handler for initialization.
Definition xbps.h:550
xbps_repo::is_remote
bool is_remote
Definition xbps.h:1450
xbps_repo::xhp
struct xbps_handle * xhp
Definition xbps.h:1422
xbps_repo
Repository structure.
Definition xbps.h:1409
xbps_rpool_get_repo
struct xbps_repo * xbps_rpool_get_repo(const char *url)
Definition rpool.c:112
xbps_transaction_pkg_type
xbps_trans_type_t xbps_transaction_pkg_type(xbps_dictionary_t pkg_repod)
Definition transaction_ops.c:551
xbps_trans_type_t
xbps_trans_type_t
Definition xbps.h:1320
xbps_verify_file_signature
bool xbps_verify_file_signature(struct xbps_repo *repo, const char *fname)
Definition verifysig.c:136
xbps_file_sha256_check
int xbps_file_sha256_check(const char *file, const char *sha256)
Definition util_hash.c:201
xbps_verify_signature
bool xbps_verify_signature(struct xbps_repo *repo, const char *sigfile, unsigned char *digest)
Definition verifysig.c:75
xbps_remote_binpkg_exists
bool xbps_remote_binpkg_exists(struct xbps_handle *xhp, xbps_dictionary_t pkgd)
Definition util.c:455
xbps_pkg_path
ssize_t xbps_pkg_path(struct xbps_handle *xhp, char *dst, size_t dstsz, xbps_dictionary_t pkgd)
Definition util.c:325
xbps_repository_is_remote
bool xbps_repository_is_remote(const char *uri)
Definition util.c:66
xbps_strlcat
size_t xbps_strlcat(char *dst, const char *src, size_t dstsize)
Definition util.c:566
Generated on Thu Jan 11 2024 14:37:43 for XBPS Library API by doxygen 1.9.8