libopkg/opkg_download.c

   1 /* vi: set noexpandtab sw=4 sts=4: */
   2 /* opkg_download.c - the opkg package management system
   3
   4    Carl D. Worth
   5
   6    Copyright (C) 2001 University of Southern California
   7    Copyright (C) 2008 OpenMoko Inc
   8
   9    This program is free software; you can redistribute it and/or
  10    modify it under the terms of the GNU General Public License as
  11    published by the Free Software Foundation; either version 2, or (at
  12    your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful, but
  15    WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17    General Public License for more details.
  18 */
  19
  20 #include <sys/wait.h>
  21 #include <stdio.h>
  22 #include <unistd.h>
  23 #include <libgen.h>
  24
  25 #include "opkg_download.h"
  26 #include "opkg_message.h"
  27
  28 #include "sprintf_alloc.h"
  29 #include "xsystem.h"
  30 #include "file_util.h"
  31 #include "opkg_defines.h"
  32 #include "libbb/libbb.h"
  33
  34 #if defined(HAVE_OPENSSL)
  35 #include <openssl/conf.h>
  36 #include <openssl/evp.h>
  37 #include <openssl/err.h>
  38 #include <openssl/ssl.h>
  39 #endif
  40
  41 #if defined(HAVE_OPENSSL)
  42 #include <openssl/bio.h>
  43 #include <openssl/objects.h>
  44 #include <openssl/x509.h>
  45 #include <openssl/pem.h>
  46 #include <openssl/hmac.h>
  47 #endif
  48
  49 #if defined(HAVE_OPENSSL)
  50 static void openssl_init(void);
  51 #endif
  52
  53 #ifdef HAVE_OPENSSL
  54 static X509_STORE *setup_verify(char *CAfile, char *CApath);
  55 #endif
  56
  57 static int str_starts_with(const char *str, const char *prefix)
  58 {
  59         return (strncmp(str, prefix, strlen(prefix)) == 0);
  60 }
  61
  62 int
  63 opkg_download(const char *src, const char *dest_file_name,
  64               curl_progress_func cb, void *data, const short hide_error)
  65 {
  66         int err = 0;
  67
  68         char *src_basec = xstrdup(src);
  69         char *src_base = basename(src_basec);
  70         char *tmp_file_location;
  71
  72         opkg_msg(NOTICE, "Downloading %s\n", src);
  73
  74         if (str_starts_with(src, "file:")) {
  75                 const char *file_src = src + 5;
  76                 opkg_msg(INFO, "Copying %s to %s...", file_src, dest_file_name);
  77                 err = file_copy(file_src, dest_file_name);
  78                 opkg_msg(INFO, "Done.\n");
  79                 free(src_basec);
  80                 return err;
  81         }
  82
  83         sprintf_alloc(&tmp_file_location, "%s/%s", conf->tmp_dir, src_base);
  84         free(src_basec);
  85         err = unlink(tmp_file_location);
  86         if (err && errno != ENOENT) {
  87                 opkg_perror(ERROR, "Failed to unlink %s", tmp_file_location);
  88                 free(tmp_file_location);
  89                 return -1;
  90         }
  91
  92         if (conf->http_proxy) {
  93                 opkg_msg(DEBUG,
  94                          "Setting environment variable: http_proxy = %s.\n",
  95                          conf->http_proxy);
  96                 setenv("http_proxy", conf->http_proxy, 1);
  97         }
  98         if (conf->ftp_proxy) {
  99                 opkg_msg(DEBUG,
 100                          "Setting environment variable: ftp_proxy = %s.\n",
 101                          conf->ftp_proxy);
 102                 setenv("ftp_proxy", conf->ftp_proxy, 1);
 103         }
 104         if (conf->no_proxy) {
 105                 opkg_msg(DEBUG,
 106                          "Setting environment variable: no_proxy = %s.\n",
 107                          conf->no_proxy);
 108                 setenv("no_proxy", conf->no_proxy, 1);
 109         }
 110
 111         {
 112                 int res;
 113                 const char *argv[8];
 114                 int i = 0;
 115
 116                 argv[i++] = "wget";
 117                 argv[i++] = "-q";
 118                 if (conf->http_proxy || conf->ftp_proxy) {
 119                         argv[i++] = "-Y";
 120                         argv[i++] = "on";
 121                 }
 122                 argv[i++] = "-O";
 123                 argv[i++] = tmp_file_location;
 124                 argv[i++] = src;
 125                 argv[i++] = NULL;
 126                 res = xsystem(argv);
 127
 128                 if (res) {
 129                         opkg_msg(ERROR,
 130                                  "Failed to download %s, wget returned %d.\n",
 131                                  src, res);
 132                         if (res == 4)
 133                                 opkg_msg(ERROR,
 134                                          "Check your network settings and connectivity.\n\n");
 135                         free(tmp_file_location);
 136                         return -1;
 137                 }
 138         }
 139
 140         err = file_move(tmp_file_location, dest_file_name);
 141
 142         free(tmp_file_location);
 143
 144         return err;
 145 }
 146
 147 static int
 148 opkg_download_cache(const char *src, const char *dest_file_name,
 149                     curl_progress_func cb, void *data)
 150 {
 151         char *cache_name = xstrdup(src);
 152         char *cache_location, *p;
 153         int err = 0;
 154
 155         if (!conf->cache || str_starts_with(src, "file:")) {
 156                 err = opkg_download(src, dest_file_name, cb, data, 0);
 157                 goto out1;
 158         }
 159
 160         if (!file_is_dir(conf->cache)) {
 161                 opkg_msg(ERROR, "%s is not a directory.\n", conf->cache);
 162                 err = 1;
 163                 goto out1;
 164         }
 165
 166         for (p = cache_name; *p; p++)
 167                 if (*p == '/')
 168                         *p = ',';       /* looks nicer than | or # */
 169
 170         sprintf_alloc(&cache_location, "%s/%s", conf->cache, cache_name);
 171         if (file_exists(cache_location))
 172                 opkg_msg(NOTICE, "Copying %s.\n", cache_location);
 173         else {
 174                 /* cache file with funky name not found, try simple name */
 175                 free(cache_name);
 176                 char *filename = strrchr(dest_file_name, '/');
 177                 if (filename)
 178                         cache_name = xstrdup(filename + 1);     // strip leading '/'
 179                 else
 180                         cache_name = xstrdup(dest_file_name);
 181                 free(cache_location);
 182                 sprintf_alloc(&cache_location, "%s/%s", conf->cache,
 183                               cache_name);
 184                 if (file_exists(cache_location))
 185                         opkg_msg(NOTICE, "Copying %s.\n", cache_location);
 186                 else {
 187                         err = opkg_download(src, cache_location, cb, data, 0);
 188                         if (err) {
 189                                 (void)unlink(cache_location);
 190                                 goto out2;
 191                         }
 192                 }
 193         }
 194
 195         err = file_copy(cache_location, dest_file_name);
 196
 197 out2:
 198         free(cache_location);
 199 out1:
 200         free(cache_name);
 201         return err;
 202 }
 203
 204 int opkg_download_pkg(pkg_t * pkg, const char *dir)
 205 {
 206         int err;
 207         char *url;
 208         char *local_filename;
 209         char *stripped_filename;
 210         char *filename;
 211
 212         if (pkg->src == NULL) {
 213                 opkg_msg(ERROR,
 214                          "Package %s is not available from any configured src.\n",
 215                          pkg->name);
 216                 return -1;
 217         }
 218
 219         filename = pkg_get_string(pkg, PKG_FILENAME);
 220
 221         if (filename == NULL) {
 222                 opkg_msg(ERROR,
 223                          "Package %s does not have a valid filename field.\n",
 224                          pkg->name);
 225                 return -1;
 226         }
 227
 228         sprintf_alloc(&url, "%s/%s", pkg->src->value, filename);
 229
 230         /* The filename might be something like
 231            "../../foo.opk". While this is correct, and exactly what we
 232            want to use to construct url above, here we actually need to
 233            use just the filename part, without any directory. */
 234
 235         stripped_filename = strrchr(filename, '/');
 236         if (!stripped_filename)
 237                 stripped_filename = filename;
 238
 239         sprintf_alloc(&local_filename, "%s/%s", dir, stripped_filename);
 240         pkg_set_string(pkg, PKG_LOCAL_FILENAME, local_filename);
 241
 242         err = opkg_download_cache(url, local_filename, NULL, NULL);
 243         free(url);
 244
 245         return err;
 246 }
 247
 248 /*
 249  * Downloads file from url, installs in package database, return package name.
 250  */
 251 int opkg_prepare_url_for_install(const char *url, char **namep)
 252 {
 253         int err = 0;
 254         pkg_t *pkg;
 255         abstract_pkg_t *ab_pkg;
 256
 257         pkg = pkg_new();
 258
 259         if (str_starts_with(url, "http://")
 260             || str_starts_with(url, "ftp://")) {
 261                 char *tmp_file;
 262                 char *file_basec = xstrdup(url);
 263                 char *file_base = basename(file_basec);
 264
 265                 sprintf_alloc(&tmp_file, "%s/%s", conf->tmp_dir, file_base);
 266                 err = opkg_download(url, tmp_file, NULL, NULL, 0);
 267                 if (err)
 268                         return err;
 269
 270                 err = pkg_init_from_file(pkg, tmp_file);
 271                 if (err)
 272                         return err;
 273
 274                 free(tmp_file);
 275                 free(file_basec);
 276
 277         } else if (strcmp(&url[strlen(url) - 4], OPKG_PKG_EXTENSION) == 0
 278                    || strcmp(&url[strlen(url) - 4], IPKG_PKG_EXTENSION) == 0
 279                    || strcmp(&url[strlen(url) - 4], DPKG_PKG_EXTENSION) == 0) {
 280
 281                 err = pkg_init_from_file(pkg, url);
 282                 if (err)
 283                         return err;
 284                 opkg_msg(DEBUG2, "Package %s provided by hand (%s).\n",
 285                          pkg->name, pkg_get_string(pkg, PKG_LOCAL_FILENAME));
 286                 pkg->provided_by_hand = 1;
 287
 288         } else {
 289                 ab_pkg = ensure_abstract_pkg_by_name(url);
 290
 291                 if (!(ab_pkg->state_flag & SF_NEED_DETAIL)) {
 292                         opkg_msg(DEBUG, "applying abpkg flag to %s\n", ab_pkg->name);
 293                         ab_pkg->state_flag |= SF_NEED_DETAIL;
 294                 }
 295
 296                 pkg_deinit(pkg);
 297                 free(pkg);
 298                 return 0;
 299         }
 300
 301         pkg->dest = conf->default_dest;
 302         pkg->state_want = SW_INSTALL;
 303         pkg->state_flag |= SF_PREFER;
 304         hash_insert_pkg(pkg, 1);
 305
 306         if (namep) {
 307                 *namep = xstrdup(pkg->name);
 308         }
 309         return 0;
 310 }
 311
 312 int opkg_verify_file(char *text_file, char *sig_file)
 313 {
 314 #if defined HAVE_USIGN
 315         int status = -1;
 316         int pid;
 317
 318         if (conf->check_signature == 0)
 319                 return 0;
 320
 321         pid = fork();
 322         if (pid < 0)
 323                 return -1;
 324
 325         if (!pid) {
 326                 execl("/usr/sbin/opkg-key", "opkg-key", "verify", sig_file,
 327                       text_file, NULL);
 328                 exit(255);
 329         }
 330
 331         waitpid(pid, &status, 0);
 332         if (!WIFEXITED(status) || WEXITSTATUS(status))
 333                 return -1;
 334
 335         return 0;
 336 #elif defined HAVE_OPENSSL
 337         X509_STORE *store = NULL;
 338         PKCS7 *p7 = NULL;
 339         BIO *in = NULL, *indata = NULL;
 340
 341         // Sig check failed by default !
 342         int status = -1;
 343
 344         openssl_init();
 345
 346         // Set-up the key store
 347         if (!
 348             (store =
 349              setup_verify(conf->signature_ca_file, conf->signature_ca_path))) {
 350                 opkg_msg(ERROR, "Can't open CA certificates.\n");
 351                 goto verify_file_end;
 352         }
 353         // Open a BIO to read the sig file
 354         if (!(in = BIO_new_file(sig_file, "rb"))) {
 355                 opkg_msg(ERROR, "Can't open signature file %s.\n", sig_file);
 356                 goto verify_file_end;
 357         }
 358         // Read the PKCS7 block contained in the sig file
 359         p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
 360         if (!p7) {
 361                 opkg_msg(ERROR, "Can't read signature file %s (Corrupted ?).\n",
 362                          sig_file);
 363                 goto verify_file_end;
 364         }
 365
 366         // Open the Package file to authenticate
 367         if (!(indata = BIO_new_file(text_file, "rb"))) {
 368                 opkg_msg(ERROR, "Can't open file %s.\n", text_file);
 369                 goto verify_file_end;
 370         }
 371         // Let's verify the autenticity !
 372         if (PKCS7_verify(p7, NULL, store, indata, NULL, PKCS7_BINARY) != 1) {
 373                 // Get Off My Lawn!
 374                 opkg_msg(ERROR, "Verification failure.\n");
 375         } else {
 376                 // Victory !
 377                 status = 0;
 378         }
 379
 380 verify_file_end:
 381         BIO_free(in);
 382         BIO_free(indata);
 383         PKCS7_free(p7);
 384         X509_STORE_free(store);
 385
 386         return status;
 387 #else
 388         /* mute `unused variable' warnings. */
 389         (void)sig_file;
 390         (void)text_file;
 391         (void)conf;
 392         return 0;
 393 #endif
 394 }
 395
 396 #if defined(HAVE_OPENSSL)
 397 static void openssl_init(void)
 398 {
 399         static int init = 0;
 400
 401         if (!init) {
 402                 OPENSSL_config(NULL);
 403                 OpenSSL_add_all_algorithms();
 404                 ERR_load_crypto_strings();
 405                 init = 1;
 406         }
 407 }
 408
 409 #endif
 410
 411 #if defined HAVE_OPENSSL
 412 static X509_STORE *setup_verify(char *CAfile, char *CApath)
 413 {
 414         X509_STORE *store = NULL;
 415         X509_LOOKUP *lookup = NULL;
 416
 417         if (!(store = X509_STORE_new())) {
 418                 // Something bad is happening...
 419                 goto end;
 420         }
 421         // adds the X509 file lookup method
 422         lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
 423         if (lookup == NULL) {
 424                 goto end;
 425         }
 426         // Autenticating against one CA file
 427         if (CAfile) {
 428                 if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) {
 429                         // Invalid CA => Bye bye
 430                         opkg_msg(ERROR, "Error loading file %s.\n", CAfile);
 431                         goto end;
 432                 }
 433         } else {
 434                 X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
 435         }
 436
 437         // Now look into CApath directory if supplied
 438         lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
 439         if (lookup == NULL) {
 440                 goto end;
 441         }
 442
 443         if (CApath) {
 444                 if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) {
 445                         opkg_msg(ERROR, "Error loading directory %s.\n",
 446                                  CApath);
 447                         goto end;
 448                 }
 449         } else {
 450                 X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
 451         }
 452
 453         // All right !
 454         ERR_clear_error();
 455         return store;
 456
 457 end:
 458
 459         X509_STORE_free(store);
 460         return NULL;
 461
 462 }
 463
 464 #endif