X-Git-Url: https://git.librecmc.org/?p=oweals%2Fopkg-lede.git;a=blobdiff_plain;f=libopkg%2Fopkg_download.c;h=3f86462b9a7729b8d00c9bea38d5d633dac2a3ad;hp=be3ae2a76b61218ff714816e25df75c59f334a4e;hb=a79c1af5c0d3908a3ad30806530c754b42cf80e2;hpb=4b982619a3a275e7ee9d607c7e3eb9a348f8fe6b diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c index be3ae2a..3f86462 100644 --- a/libopkg/opkg_download.c +++ b/libopkg/opkg_download.c @@ -16,8 +16,23 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. */ + #include "config.h" +#include +#include +#include +#include + +#include "opkg_download.h" +#include "opkg_message.h" + +#include "sprintf_alloc.h" +#include "xsystem.h" +#include "file_util.h" +#include "opkg_defines.h" +#include "libbb/libbb.h" + #ifdef HAVE_CURL #include #endif @@ -39,17 +54,6 @@ #include #endif -#include "includes.h" -#include "opkg_download.h" -#include "opkg_message.h" - -#include "sprintf_alloc.h" -#include "xsystem.h" -#include "file_util.h" -#include "str_util.h" -#include "opkg_defines.h" -#include "libbb/libbb.h" - #ifdef HAVE_PATHFINDER #include "opkg_pathfinder.h" #endif @@ -59,7 +63,7 @@ static void openssl_init(void); #endif #ifdef HAVE_OPENSSL -static X509_STORE *setup_verify(opkg_conf_t *conf, char *CAfile, char *CApath); +static X509_STORE *setup_verify(char *CAfile, char *CApath); #endif #ifdef HAVE_CURL @@ -68,11 +72,18 @@ static X509_STORE *setup_verify(opkg_conf_t *conf, char *CAfile, char *CApath); * each time */ static CURL *curl = NULL; -static CURL *opkg_curl_init(opkg_conf_t *conf, curl_progress_func cb, void *data); +static CURL *opkg_curl_init(curl_progress_func cb, void *data); #endif -int opkg_download(opkg_conf_t *conf, const char *src, - const char *dest_file_name, curl_progress_func cb, void *data) +static int +str_starts_with(const char *str, const char *prefix) +{ + return (strncmp(str, prefix, strlen(prefix)) == 0); +} + +int +opkg_download(const char *src, const char *dest_file_name, + curl_progress_func cb, void *data, const short hide_error) { int err = 0; @@ -80,38 +91,39 @@ int opkg_download(opkg_conf_t *conf, const char *src, char *src_base = basename(src_basec); char *tmp_file_location; - opkg_message(conf,OPKG_NOTICE,"Downloading %s\n", src); - + opkg_msg(NOTICE,"Downloading %s\n", src); + if (str_starts_with(src, "file:")) { - int ret; const char *file_src = src + 5; - opkg_message(conf,OPKG_INFO,"Copying %s to %s...", file_src, dest_file_name); - ret = file_copy(src + 5, dest_file_name); - opkg_message(conf,OPKG_INFO,"Done\n"); + opkg_msg(INFO, "Copying %s to %s...", file_src, dest_file_name); + err = file_copy(file_src, dest_file_name); + opkg_msg(INFO, "Done.\n"); free(src_basec); - return ret; + return err; } sprintf_alloc(&tmp_file_location, "%s/%s", conf->tmp_dir, src_base); + free(src_basec); err = unlink(tmp_file_location); if (err && errno != ENOENT) { - opkg_message(conf,OPKG_ERROR, "%s: ERROR: failed to unlink %s: %s\n", - __FUNCTION__, tmp_file_location, strerror(errno)); + opkg_perror(ERROR, "Failed to unlink %s", tmp_file_location); free(tmp_file_location); - free(src_basec); - return errno; + return -1; } if (conf->http_proxy) { - opkg_message(conf,OPKG_DEBUG,"Setting environment variable: http_proxy = %s\n", conf->http_proxy); + opkg_msg(DEBUG, "Setting environment variable: http_proxy = %s.\n", + conf->http_proxy); setenv("http_proxy", conf->http_proxy, 1); } if (conf->ftp_proxy) { - opkg_message(conf,OPKG_DEBUG,"Setting environment variable: ftp_proxy = %s\n", conf->ftp_proxy); + opkg_msg(DEBUG, "Setting environment variable: ftp_proxy = %s.\n", + conf->ftp_proxy); setenv("ftp_proxy", conf->ftp_proxy, 1); } if (conf->no_proxy) { - opkg_message(conf,OPKG_DEBUG,"Setting environment variable: no_proxy = %s\n", conf->no_proxy); + opkg_msg(DEBUG,"Setting environment variable: no_proxy = %s.\n", + conf->no_proxy); setenv("no_proxy", conf->no_proxy, 1); } @@ -119,7 +131,7 @@ int opkg_download(opkg_conf_t *conf, const char *src, CURLcode res; FILE * file = fopen (tmp_file_location, "w"); - curl = opkg_curl_init (conf, cb, data); + curl = opkg_curl_init (cb, data); if (curl) { curl_easy_setopt (curl, CURLOPT_URL, src); @@ -131,37 +143,42 @@ int opkg_download(opkg_conf_t *conf, const char *src, { long error_code; curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &error_code); - opkg_message(conf, OPKG_ERROR, "Failed to download %s. \nerror detail: %s\n", src, curl_easy_strerror(res)); + opkg_msg(hide_error?DEBUG2:ERROR, "Failed to download %s: %s.\n", + src, curl_easy_strerror(res)); free(tmp_file_location); - free(src_basec); - return res; + return -1; } } else { free(tmp_file_location); - free(src_basec); return -1; } #else { int res; - char *wgetcmd; - char *wgetopts; - wgetopts = getenv("OPKG_WGETOPTS"); - sprintf_alloc(&wgetcmd, "wget -q %s%s -O \"%s\" \"%s\"", - (conf->http_proxy || conf->ftp_proxy) ? "-Y on " : "", - (wgetopts!=NULL) ? wgetopts : "", - tmp_file_location, src); - opkg_message(conf, OPKG_INFO, "Executing: %s\n", wgetcmd); - res = xsystem(wgetcmd); - free(wgetcmd); + const char *argv[8]; + int i = 0; + + argv[i++] = "wget"; + argv[i++] = "-q"; + if (conf->http_proxy || conf->ftp_proxy) { + argv[i++] = "-Y"; + argv[i++] = "on"; + } + argv[i++] = "-O"; + argv[i++] = tmp_file_location; + argv[i++] = src; + argv[i++] = NULL; + res = xsystem(argv); + if (res) { - opkg_message(conf, OPKG_ERROR, "Failed to download %s, error %d\n", src, res); + opkg_msg(ERROR, "Failed to download %s, wget returned %d.\n", src, res); + if (res == 4) + opkg_msg(ERROR, "Check your network settings and connectivity.\n\n"); free(tmp_file_location); - free(src_basec); - return res; + return -1; } } #endif @@ -169,39 +186,55 @@ int opkg_download(opkg_conf_t *conf, const char *src, err = file_move(tmp_file_location, dest_file_name); free(tmp_file_location); - free(src_basec); - - if (err) { - return err; - } - return 0; + return err; } -static int opkg_download_cache(opkg_conf_t *conf, const char *src, - const char *dest_file_name, curl_progress_func cb, void *data) +static int +opkg_download_cache(const char *src, const char *dest_file_name, + curl_progress_func cb, void *data) { char *cache_name = xstrdup(src); char *cache_location, *p; int err = 0; if (!conf->cache || str_starts_with(src, "file:")) { - err = opkg_download(conf, src, dest_file_name, cb, data); + err = opkg_download(src, dest_file_name, cb, data, 0); goto out1; } + if(!file_is_dir(conf->cache)){ + opkg_msg(ERROR, "%s is not a directory.\n", + conf->cache); + err = 1; + goto out1; + } + for (p = cache_name; *p; p++) if (*p == '/') *p = ','; /* looks nicer than | or # */ sprintf_alloc(&cache_location, "%s/%s", conf->cache, cache_name); if (file_exists(cache_location)) - opkg_message(conf, OPKG_NOTICE, "Copying %s\n", cache_location); + opkg_msg(NOTICE, "Copying %s.\n", cache_location); else { - err = opkg_download(conf, src, cache_location, cb, data); - if (err) { - (void) unlink(cache_location); - goto out2; + /* cache file with funky name not found, try simple name */ + free(cache_name); + char *filename = strrchr(dest_file_name,'/'); + if (filename) + cache_name = xstrdup(filename+1); // strip leading '/' + else + cache_name = xstrdup(dest_file_name); + free(cache_location); + sprintf_alloc(&cache_location, "%s/%s", conf->cache, cache_name); + if (file_exists(cache_location)) + opkg_msg(NOTICE, "Copying %s.\n", cache_location); + else { + err = opkg_download(src, cache_location, cb, data, 0); + if (err) { + (void) unlink(cache_location); + goto out2; + } } } @@ -215,25 +248,27 @@ out1: return err; } -int opkg_download_pkg(opkg_conf_t *conf, pkg_t *pkg, const char *dir) +int +opkg_download_pkg(pkg_t *pkg, const char *dir) { int err; char *url; char *stripped_filename; if (pkg->src == NULL) { - opkg_message(conf,OPKG_ERROR, "ERROR: Package %s (parent %s) is not available from any configured src.\n", - pkg->name, pkg->parent->name); + opkg_msg(ERROR, "Package %s is not available from any configured src.\n", + pkg->name); return -1; } if (pkg->filename == NULL) { - opkg_message(conf,OPKG_ERROR, "ERROR: Package %s (parent %s) does not have a valid filename field.\n",pkg->name, pkg->parent->name); + opkg_msg(ERROR, "Package %s does not have a valid filename field.\n", + pkg->name); return -1; } sprintf_alloc(&url, "%s/%s", pkg->src->value, pkg->filename); - /* XXX: BUG: The pkg->filename might be something like + /* The pkg->filename might be something like "../../foo.opk". While this is correct, and exactly what we want to use to construct url above, here we actually need to use just the filename part, without any directory. */ @@ -244,16 +279,17 @@ int opkg_download_pkg(opkg_conf_t *conf, pkg_t *pkg, const char *dir) sprintf_alloc(&pkg->local_filename, "%s/%s", dir, stripped_filename); - err = opkg_download_cache(conf, url, pkg->local_filename, NULL, NULL); + err = opkg_download_cache(url, pkg->local_filename, NULL, NULL); free(url); return err; } /* - * Downloads file from url, installs in package database, return package name. + * Downloads file from url, installs in package database, return package name. */ -int opkg_prepare_url_for_install(opkg_conf_t *conf, const char *url, char **namep) +int +opkg_prepare_url_for_install(const char *url, char **namep) { int err = 0; pkg_t *pkg; @@ -267,7 +303,7 @@ int opkg_prepare_url_for_install(opkg_conf_t *conf, const char *url, char **name char *file_base = basename(file_basec); sprintf_alloc(&tmp_file, "%s/%s", conf->tmp_dir, file_base); - err = opkg_download(conf, url, tmp_file, NULL, NULL); + err = opkg_download(url, tmp_file, NULL, NULL, 0); if (err) return err; @@ -285,7 +321,8 @@ int opkg_prepare_url_for_install(opkg_conf_t *conf, const char *url, char **name err = pkg_init_from_file(pkg, url); if (err) return err; - opkg_message(conf, OPKG_DEBUG2, "Package %s provided by hand (%s).\n", pkg->name,pkg->local_filename); + opkg_msg(DEBUG2, "Package %s provided by hand (%s).\n", + pkg->name, pkg->local_filename); pkg->provided_by_hand = 1; } else { @@ -294,43 +331,61 @@ int opkg_prepare_url_for_install(opkg_conf_t *conf, const char *url, char **name return 0; } - if (!pkg->architecture) { - opkg_message(conf, OPKG_ERROR, "Package %s has no Architecture defined.\n", pkg->name); - return -EINVAL; - } - pkg->dest = conf->default_dest; pkg->state_want = SW_INSTALL; pkg->state_flag |= SF_PREFER; - pkg = hash_insert_pkg(&conf->pkg_hash, pkg, 1,conf); + hash_insert_pkg(pkg, 1); if (namep) { - *namep = pkg->name; + *namep = xstrdup(pkg->name); } return 0; } int -opkg_verify_file (opkg_conf_t *conf, char *text_file, char *sig_file) +opkg_verify_file (char *text_file, char *sig_file) { -#if defined HAVE_GPGME +#if defined HAVE_USIGN + int status = -1; + int pid; + + if (conf->check_signature == 0 ) + return 0; + + pid = fork(); + if (pid < 0) + return -1; + + if (!pid) { + execl("/usr/sbin/opkg-key", "opkg-key", "verify", sig_file, text_file, NULL); + exit(255); + } + + waitpid(pid, &status, 0); + if (!WIFEXITED(status) || WEXITSTATUS(status)) + return -1; + + return 0; +#elif defined HAVE_GPGME if (conf->check_signature == 0 ) return 0; int status = -1; gpgme_ctx_t ctx; gpgme_data_t sig, text, key; - gpgme_error_t err = -1; + gpgme_error_t err; gpgme_verify_result_t result; gpgme_signature_t s; char *trusted_path = NULL; - + + gpgme_check_version (NULL); + err = gpgme_new (&ctx); if (err) return -1; sprintf_alloc(&trusted_path, "%s/%s", conf->offline_root, "/etc/opkg/trusted.gpg"); - err = gpgme_data_new_from_file (&key, trusted_path, 1); + err = gpgme_data_new_from_file (&key, trusted_path, 1); free (trusted_path); if (err) { @@ -344,14 +399,14 @@ opkg_verify_file (opkg_conf_t *conf, char *text_file, char *sig_file) } gpgme_data_release (key); - err = gpgme_data_new_from_file (&sig, sig_file, 1); + err = gpgme_data_new_from_file (&sig, sig_file, 1); if (err) { gpgme_release (ctx); return -1; } - err = gpgme_data_new_from_file (&text, text_file, 1); + err = gpgme_data_new_from_file (&text, text_file, 1); if (err) { gpgme_data_release (sig); @@ -392,31 +447,29 @@ opkg_verify_file (opkg_conf_t *conf, char *text_file, char *sig_file) openssl_init(); // Set-up the key store - if(!(store = setup_verify(conf, conf->signature_ca_file, conf->signature_ca_path))){ - opkg_message(conf, OPKG_ERROR, - "Can't open CA certificates\n"); + if(!(store = setup_verify(conf->signature_ca_file, conf->signature_ca_path))){ + opkg_msg(ERROR, "Can't open CA certificates.\n"); goto verify_file_end; } // Open a BIO to read the sig file if (!(in = BIO_new_file(sig_file, "rb"))){ - opkg_message(conf, OPKG_ERROR, - "Can't open signature file %s\n", sig_file); + opkg_msg(ERROR, "Can't open signature file %s.\n", sig_file); goto verify_file_end; } // Read the PKCS7 block contained in the sig file p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); if(!p7){ - opkg_message(conf, OPKG_ERROR, - "Can't read signature file (Corrupted ?)\n"); + opkg_msg(ERROR, "Can't read signature file %s (Corrupted ?).\n", + sig_file); goto verify_file_end; } #if defined(HAVE_PATHFINDER) if(conf->check_x509_path){ if(!pkcs7_pathfinder_verify_signers(p7)){ - opkg_message(conf, OPKG_ERROR, "pkcs7_pathfinder_verify_signers: " - "Path verification failed\n"); + opkg_msg(ERROR, "pkcs7_pathfinder_verify_signers: " + "Path verification failed.\n"); goto verify_file_end; } } @@ -424,16 +477,14 @@ opkg_verify_file (opkg_conf_t *conf, char *text_file, char *sig_file) // Open the Package file to authenticate if (!(indata = BIO_new_file(text_file, "rb"))){ - opkg_message(conf, OPKG_ERROR, - "Can't open file %s\n", text_file); + opkg_msg(ERROR, "Can't open file %s.\n", text_file); goto verify_file_end; } // Let's verify the autenticity ! if (PKCS7_verify(p7, NULL, store, indata, NULL, PKCS7_BINARY) != 1){ // Get Off My Lawn! - opkg_message(conf, OPKG_ERROR, - "Verification failure\n"); + opkg_msg(ERROR, "Verification failure.\n"); }else{ // Victory ! status = 0; @@ -472,7 +523,9 @@ static void openssl_init(void){ #if defined HAVE_OPENSSL -static X509_STORE *setup_verify(opkg_conf_t *conf, char *CAfile, char *CApath){ +static X509_STORE * +setup_verify(char *CAfile, char *CApath) +{ X509_STORE *store = NULL; X509_LOOKUP *lookup = NULL; @@ -491,8 +544,7 @@ static X509_STORE *setup_verify(opkg_conf_t *conf, char *CAfile, char *CApath){ if (CAfile) { if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) { // Invalid CA => Bye bye - opkg_message(conf, OPKG_ERROR, - "Error loading file %s\n", CAfile); + opkg_msg(ERROR, "Error loading file %s.\n", CAfile); goto end; } } else { @@ -507,8 +559,7 @@ static X509_STORE *setup_verify(opkg_conf_t *conf, char *CAfile, char *CApath){ if (CApath) { if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) { - opkg_message(conf, OPKG_ERROR, - "Error loading directory %s\n", CApath); + opkg_msg(ERROR, "Error loading directory %s.\n", CApath); goto end; } } else { @@ -536,7 +587,9 @@ void opkg_curl_cleanup(void){ } } -static CURL *opkg_curl_init(opkg_conf_t *conf, curl_progress_func cb, void *data){ +static CURL * +opkg_curl_init(curl_progress_func cb, void *data) +{ if(curl == NULL){ curl = curl_easy_init(); @@ -548,7 +601,7 @@ static CURL *opkg_curl_init(opkg_conf_t *conf, curl_progress_func cb, void *data /* use crypto engine */ if (curl_easy_setopt(curl, CURLOPT_SSLENGINE, conf->ssl_engine) != CURLE_OK){ - opkg_message(conf, OPKG_ERROR, "can't set crypto engine: '%s'\n", + opkg_msg(ERROR, "Can't set crypto engine '%s'.\n", conf->ssl_engine); opkg_curl_cleanup(); @@ -556,7 +609,8 @@ static CURL *opkg_curl_init(opkg_conf_t *conf, curl_progress_func cb, void *data } /* set the crypto engine as default */ if (curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1L) != CURLE_OK){ - opkg_message(conf, OPKG_ERROR, "can't set crypto engine as default\n"); + opkg_msg(ERROR, "Can't set crypto engine '%s' as default.\n", + conf->ssl_engine); opkg_curl_cleanup(); return NULL; @@ -567,7 +621,7 @@ static CURL *opkg_curl_init(opkg_conf_t *conf, curl_progress_func cb, void *data if(conf->ssl_key_passwd){ if (curl_easy_setopt(curl, CURLOPT_SSLKEYPASSWD, conf->ssl_key_passwd) != CURLE_OK) { - opkg_message(conf, OPKG_DEBUG, "Failed to set key password\n"); + opkg_msg(DEBUG, "Failed to set key password.\n"); } } @@ -575,7 +629,7 @@ static CURL *opkg_curl_init(opkg_conf_t *conf, curl_progress_func cb, void *data if(conf->ssl_cert_type){ if (curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, conf->ssl_cert_type) != CURLE_OK) { - opkg_message(conf, OPKG_DEBUG, "Failed to set certificate format\n"); + opkg_msg(DEBUG, "Failed to set certificate format.\n"); } } /* SSL cert name isn't mandatory */ @@ -587,13 +641,13 @@ static CURL *opkg_curl_init(opkg_conf_t *conf, curl_progress_func cb, void *data if(conf->ssl_key_type){ if (curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, conf->ssl_key_type) != CURLE_OK) { - opkg_message(conf, OPKG_DEBUG, "Failed to set key format\n"); + opkg_msg(DEBUG, "Failed to set key format.\n"); } } if(conf->ssl_key){ if (curl_easy_setopt(curl, CURLOPT_SSLKEY, conf->ssl_key) != CURLE_OK) { - opkg_message(conf, OPKG_DEBUG, "Failed to set key\n"); + opkg_msg(DEBUG, "Failed to set key.\n"); } } @@ -607,7 +661,7 @@ static CURL *opkg_curl_init(opkg_conf_t *conf, curl_progress_func cb, void *data #ifdef HAVE_PATHFINDER if(conf->check_x509_path){ if (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, curl_ssl_ctx_function) != CURLE_OK){ - opkg_message(conf, OPKG_DEBUG, "Failed to set ssl path verification callback\n"); + opkg_msg(DEBUG, "Failed to set ssl path verification callback.\n"); }else{ curl_easy_setopt(curl, CURLOPT_SSL_CTX_DATA, NULL); }