X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=libopkg%2Fopkg_download.c;h=77dc8e48bd0a2e3755c5ad6695bd3565850f3993;hb=af66c658642635a3c951bb0ee130e40e7f084fd9;hp=e31c49c478354dd804faf56c2697befa8163b36d;hpb=587f690ff0ba0ec6b91bd4b83fa39305120e8e93;p=oweals%2Fopkg-lede.git

diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c
index e31c49c..77dc8e4 100644
--- a/libopkg/opkg_download.c
+++ b/libopkg/opkg_download.c
@@ -17,37 +17,54 @@
    General Public License for more details.
 */
 #include "config.h"
+
 #ifdef HAVE_CURL
 #include <curl/curl.h>
 #endif
+
+#if defined(HAVE_SSLCURL) || defined(HAVE_OPENSSL)
+#include <openssl/conf.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#endif
+
 #if defined(HAVE_GPGME)
 #include <gpgme.h>
 #elif defined(HAVE_OPENSSL)
 #include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/hmac.h>
-
 #endif
 
 #include "includes.h"
 #include "opkg_download.h"
 #include "opkg_message.h"
-#include "opkg_state.h"
 
 #include "sprintf_alloc.h"
 #include "xsystem.h"
 #include "file_util.h"
 #include "str_util.h"
 #include "opkg_defines.h"
+#include "libbb/libbb.h"
 
+#if defined(HAVE_OPENSSL) || defined(HAVE_SSLCURL)
+static void openssl_init(void);
+#endif
 
 #ifdef HAVE_OPENSSL
 static X509_STORE *setup_verify(opkg_conf_t *conf, char *CAfile, char *CApath);
-static void init_openssl(void);
+#endif
+
+#ifdef HAVE_CURL
+/*
+ * Make curl an instance variable so we don't have to instanciate it
+ * each time
+ */
+static CURL *curl = NULL;
+static void opkg_curl_cleanup(void);
+static CURL *opkg_curl_init(opkg_conf_t *conf, curl_progress_func cb, void *data);
 #endif
 
 int opkg_download(opkg_conf_t *conf, const char *src,
@@ -55,7 +72,7 @@ int opkg_download(opkg_conf_t *conf, const char *src,
 {
     int err = 0;
 
-    char *src_basec = strdup(src);
+    char *src_basec = xstrdup(src);
     char *src_base = basename(src_basec);
     char *tmp_file_location;
 
@@ -99,27 +116,12 @@ int opkg_download(opkg_conf_t *conf, const char *src,
     CURLcode res;
     FILE * file = fopen (tmp_file_location, "w");
 
-    curl = curl_easy_init ();
+    curl = opkg_curl_init (conf, cb, data);
     if (curl)
     {
 	curl_easy_setopt (curl, CURLOPT_URL, src);
 	curl_easy_setopt (curl, CURLOPT_WRITEDATA, file);
-	curl_easy_setopt (curl, CURLOPT_NOPROGRESS, (cb == NULL));
-	if (cb)
-	{
-		curl_easy_setopt (curl, CURLOPT_PROGRESSDATA, data);
-		curl_easy_setopt (curl, CURLOPT_PROGRESSFUNCTION, cb);
-	}
-	curl_easy_setopt (curl, CURLOPT_FOLLOWLOCATION, 1);
-	curl_easy_setopt (curl, CURLOPT_FAILONERROR, 1);
-	if (conf->http_proxy || conf->ftp_proxy)
-	{
-	    char *userpwd;
-	    sprintf_alloc (&userpwd, "%s:%s", conf->proxy_user,
-		    conf->proxy_passwd);
-	    curl_easy_setopt(curl, CURLOPT_PROXYUSERPWD, userpwd);
-	    free (userpwd);
-	}
+
 	res = curl_easy_perform (curl);
 	fclose (file);
 	if (res)
@@ -129,10 +131,8 @@ int opkg_download(opkg_conf_t *conf, const char *src,
 	    opkg_message(conf, OPKG_ERROR, "Failed to download %s. \nerror detail: %s\n", src, curl_easy_strerror(res));
 	    free(tmp_file_location);
             free(src_basec);
-	    curl_easy_cleanup (curl);
 	    return res;
 	}
-	curl_easy_cleanup (curl);
 
     }
     else
@@ -178,7 +178,7 @@ int opkg_download(opkg_conf_t *conf, const char *src,
 static int opkg_download_cache(opkg_conf_t *conf, const char *src,
   const char *dest_file_name, curl_progress_func cb, void *data)
 {
-    char *cache_name = strdup(src);
+    char *cache_name = xstrdup(src);
     char *cache_location, *p;
     int err = 0;
 
@@ -216,7 +216,6 @@ int opkg_download_pkg(opkg_conf_t *conf, pkg_t *pkg, const char *dir)
 {
     int err;
     char *url;
-    char *pkgid;
     char *stripped_filename;
 
     if (pkg->src == NULL) {
@@ -229,10 +228,6 @@ int opkg_download_pkg(opkg_conf_t *conf, pkg_t *pkg, const char *dir)
 	return -1;
     }
 
-    sprintf_alloc (&pkgid, "%s;%s;%s;", pkg->name, pkg->version, pkg->architecture);
-    opkg_set_current_state (conf, OPKG_STATE_DOWNLOADING_PKG, pkgid);
-    free (pkgid);
-
     sprintf_alloc(&url, "%s/%s", pkg->src->value, pkg->filename);
 
     /* XXX: BUG: The pkg->filename might be something like
@@ -249,7 +244,6 @@ int opkg_download_pkg(opkg_conf_t *conf, pkg_t *pkg, const char *dir)
     err = opkg_download_cache(conf, url, pkg->local_filename, NULL, NULL);
     free(url);
 
-    opkg_set_current_state (conf, OPKG_STATE_NONE, NULL);
     return err;
 }
 
@@ -267,7 +261,7 @@ int opkg_prepare_url_for_install(opkg_conf_t *conf, const char *url, char **name
      if (str_starts_with(url, "http://")
 	 || str_starts_with(url, "ftp://")) {
 	  char *tmp_file;
-	  char *file_basec = strdup(url);
+	  char *file_basec = xstrdup(url);
 	  char *file_base = basename(file_basec);
 
 	  sprintf_alloc(&tmp_file, "%s/%s", conf->tmp_dir, file_base);
@@ -278,7 +272,6 @@ int opkg_prepare_url_for_install(opkg_conf_t *conf, const char *url, char **name
 	  err = pkg_init_from_file(pkg, tmp_file);
 	  if (err)
 	       return err;
-	  pkg->local_filename = strdup(tmp_file);
 
 	  free(tmp_file);
 	  free(file_basec);
@@ -290,7 +283,6 @@ int opkg_prepare_url_for_install(opkg_conf_t *conf, const char *url, char **name
 	  err = pkg_init_from_file(pkg, url);
 	  if (err)
 	       return err;
-	  pkg->local_filename = strdup(url);
 	  opkg_message(conf, OPKG_DEBUG2, "Package %s provided by hand (%s).\n", pkg->name,pkg->local_filename);
           pkg->provided_by_hand = 1;
 
@@ -314,7 +306,7 @@ int opkg_prepare_url_for_install(opkg_conf_t *conf, const char *url, char **name
         return 0;
      }
      if (namep) {
-	  *namep = strdup(pkg->name);
+	  *namep = xstrdup(pkg->name);
      }
      return 0;
 }
@@ -398,7 +390,7 @@ opkg_verify_file (opkg_conf_t *conf, char *text_file, char *sig_file)
     // Sig check failed by default !
     int status = -1;
 
-    init_openssl();
+    openssl_init();
 
     // Set-up the key store
     if(!(store = setup_verify(conf, conf->signature_ca_file, conf->signature_ca_path))){
@@ -447,11 +439,30 @@ verify_file_end:
 
     return status;
 #else
+    /* mute `unused variable' warnings. */
+    (void) sig_file;
+    (void) text_file;
+    (void) conf;
     return 0;
 #endif
 }
 
 
+#if defined(HAVE_OPENSSL) || defined(HAVE_SSLCURL)
+static void openssl_init(void){
+    static int init = 0;
+
+    if(!init){
+	OPENSSL_config(NULL);
+        OpenSSL_add_all_algorithms();
+        ERR_load_crypto_strings();
+        init = 1;
+    }
+}
+
+#endif
+
+
 #if defined HAVE_OPENSSL
 static X509_STORE *setup_verify(opkg_conf_t *conf, char *CAfile, char *CApath){
     X509_STORE *store = NULL;
@@ -507,13 +518,120 @@ end:
 
 }
 
-static void init_openssl(void){
-    static int init = 0;
+#endif
+
+#ifdef HAVE_CURL
+static void opkg_curl_cleanup(void){
+    if(curl != NULL){
+	curl_easy_cleanup (curl);
+	curl = NULL;
+    }
+}
+
+static CURL *opkg_curl_init(opkg_conf_t *conf, curl_progress_func cb, void *data){
+
+    if(curl == NULL){
+	curl = curl_easy_init();
+
+#ifdef HAVE_SSLCURL
+	openssl_init();
+
+	if (conf->ssl_engine) {
+
+	    /* use crypto engine */
+	    if (curl_easy_setopt(curl, CURLOPT_SSLENGINE, conf->ssl_engine) != CURLE_OK){
+		opkg_message(conf, OPKG_ERROR, "can't set crypto engine: '%s'\n",
+			conf->ssl_engine);
+
+		opkg_curl_cleanup();
+		return NULL;
+	    }
+	    /* set the crypto engine as default */
+	    if (curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1L) != CURLE_OK){
+		opkg_message(conf, OPKG_ERROR, "can't set crypto engine as default\n");
+
+		opkg_curl_cleanup();
+		return NULL;
+	    }
+	}
+
+	/* cert & key can only be in PEM case in the same file */
+	if(conf->ssl_key_passwd){
+	    if (curl_easy_setopt(curl, CURLOPT_SSLKEYPASSWD, conf->ssl_key_passwd) != CURLE_OK)
+	    {
+	        opkg_message(conf, OPKG_DEBUG, "Failed to set key password\n");
+	    }
+	}
+
+	/* sets the client certificate and its type */
+	if(conf->ssl_cert_type){
+	    if (curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, conf->ssl_cert_type) != CURLE_OK)
+	    {
+	        opkg_message(conf, OPKG_DEBUG, "Failed to set certificate format\n");
+	    }
+	}
+	/* SSL cert name isn't mandatory */
+	if(conf->ssl_cert){
+	        curl_easy_setopt(curl, CURLOPT_SSLCERT, conf->ssl_cert);
+	}
+
+	/* sets the client key and its type */
+	if(conf->ssl_key_type){
+	    if (curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, conf->ssl_key_type) != CURLE_OK)
+	    {
+	        opkg_message(conf, OPKG_DEBUG, "Failed to set key format\n");
+	    }
+	}
+	if(conf->ssl_key){
+	    if (curl_easy_setopt(curl, CURLOPT_SSLKEY, conf->ssl_key) != CURLE_OK)
+	    {
+	        opkg_message(conf, OPKG_DEBUG, "Failed to set key\n");
+	    }
+	}
+
+	/* Should we verify the peer certificate ? */
+	if(conf->ssl_dont_verify_peer){
+	    /*
+	     * CURLOPT_SSL_VERIFYPEER default is nonzero (curl => 7.10)
+	     */
+	    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
+	}
+
+	/* certification authority file and/or path */
+	if(conf->ssl_ca_file){
+	    curl_easy_setopt(curl, CURLOPT_CAINFO, conf->ssl_ca_file);
+	}
+	if(conf->ssl_ca_path){
+	    curl_easy_setopt(curl, CURLOPT_CAPATH, conf->ssl_ca_path);
+	}
+#endif
+
+	curl_easy_setopt (curl, CURLOPT_FOLLOWLOCATION, 1);
+	curl_easy_setopt (curl, CURLOPT_FAILONERROR, 1);
+	if (conf->http_proxy || conf->ftp_proxy)
+	{
+	    char *userpwd;
+	    sprintf_alloc (&userpwd, "%s:%s", conf->proxy_user,
+		    conf->proxy_passwd);
+	    curl_easy_setopt(curl, CURLOPT_PROXYUSERPWD, userpwd);
+	    free (userpwd);
+	}
+
+	/* add curl cleanup callback */
+	if(!atexit(opkg_curl_cleanup)){
+	    opkg_message(conf,OPKG_DEBUG, "Failed to register atexit curl cleanup function\n");
+	}
 
-    if(!init){      
-        OpenSSL_add_all_algorithms();       
-        ERR_load_crypto_strings();
-        init = 1;
     }
+
+    curl_easy_setopt (curl, CURLOPT_NOPROGRESS, (cb == NULL));
+    if (cb)
+    {
+	curl_easy_setopt (curl, CURLOPT_PROGRESSDATA, data);
+	curl_easy_setopt (curl, CURLOPT_PROGRESSFUNCTION, cb);
+    }
+
+    return curl;
+
 }
 #endif