X-Git-Url: https://git.librecmc.org/?p=oweals%2Fopkg-lede.git;a=blobdiff_plain;f=libopkg%2Fopkg_download.c;h=7dc965b3ac97c8c319ea7904e0c68073ac7b7f16;hp=ebbde51d3e8fbe9196e2135f08470929689c0f2f;hb=e5cfa6dc4794e0a5bca36cabcd12a877454478db;hpb=3523443344809d2f357a5008931c9f79e91a3de3 diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c index ebbde51..7dc965b 100644 --- a/libopkg/opkg_download.c +++ b/libopkg/opkg_download.c @@ -17,9 +17,20 @@ General Public License for more details. */ #include "config.h" +#ifdef HAVE_CURL #include -#ifdef HAVE_GPGME +#endif +#if defined(HAVE_GPGME) #include +#elif defined(HAVE_OPENSSL) +#include +#include +#include +#include +#include +#include +#include + #endif #include "includes.h" @@ -33,52 +44,14 @@ #include "str_util.h" #include "opkg_defines.h" -opkg_download_progress_callback opkg_cb_download_progress = NULL; - -int -curl_progress_func (char* url, - double t, /* dltotal */ - double d, /* dlnow */ - double ultotal, - double ulnow) -{ - int i; - int p = (t) ? d*100/t : 0; - - if (opkg_cb_download_progress) - { - static int prev = -1; - /* don't report the same percentage multiple times - * (this can occur due to rounding) */ - if (prev == p) - return 0; - prev = p; - - opkg_cb_download_progress (p, url); - return 0; - } - - /* skip progress bar if we haven't done started yet - * this prevents drawing the progress bar if we receive an error such as - * file not found */ - if (t == 0) - return 0; - - printf ("\r%3d%% |", p); - for (i = 1; i < 73; i++) - { - if (i <= p * 0.73) - printf ("="); - else - printf ("-"); - } - printf ("|"); - fflush(stdout); - return 0; -} +#ifdef HAVE_OPENSSL +static X509_STORE *setup_verify(opkg_conf_t *conf, char *CAfile, char *CApath); +static void init_openssl(void); +#endif -int opkg_download(opkg_conf_t *conf, const char *src, const char *dest_file_name) +int opkg_download(opkg_conf_t *conf, const char *src, + const char *dest_file_name, curl_progress_func cb, void *data) { int err = 0; @@ -88,14 +61,13 @@ int opkg_download(opkg_conf_t *conf, const char *src, const char *dest_file_name opkg_message(conf,OPKG_NOTICE,"Downloading %s\n", src); - fflush(stdout); - if (str_starts_with(src, "file:")) { int ret; const char *file_src = src + 5; opkg_message(conf,OPKG_INFO,"Copying %s to %s...", file_src, dest_file_name); ret = file_copy(src + 5, dest_file_name); opkg_message(conf,OPKG_INFO,"Done\n"); + free(src_basec); return ret; } @@ -105,6 +77,7 @@ int opkg_download(opkg_conf_t *conf, const char *src, const char *dest_file_name opkg_message(conf,OPKG_ERROR, "%s: ERROR: failed to unlink %s: %s\n", __FUNCTION__, tmp_file_location, strerror(errno)); free(tmp_file_location); + free(src_basec); return errno; } @@ -121,6 +94,7 @@ int opkg_download(opkg_conf_t *conf, const char *src, const char *dest_file_name setenv("no_proxy", conf->no_proxy, 1); } +#ifdef HAVE_CURL CURL *curl; CURLcode res; FILE * file = fopen (tmp_file_location, "w"); @@ -130,9 +104,13 @@ int opkg_download(opkg_conf_t *conf, const char *src, const char *dest_file_name { curl_easy_setopt (curl, CURLOPT_URL, src); curl_easy_setopt (curl, CURLOPT_WRITEDATA, file); - curl_easy_setopt (curl, CURLOPT_NOPROGRESS, 0); - curl_easy_setopt (curl, CURLOPT_PROGRESSDATA, src); - curl_easy_setopt (curl, CURLOPT_PROGRESSFUNCTION, curl_progress_func); + curl_easy_setopt (curl, CURLOPT_NOPROGRESS, (cb == NULL)); + if (cb) + { + curl_easy_setopt (curl, CURLOPT_PROGRESSDATA, data); + curl_easy_setopt (curl, CURLOPT_PROGRESSFUNCTION, cb); + } + curl_easy_setopt (curl, CURLOPT_FOLLOWLOCATION, 1); curl_easy_setopt (curl, CURLOPT_FAILONERROR, 1); if (conf->http_proxy || conf->ftp_proxy) { @@ -143,23 +121,47 @@ int opkg_download(opkg_conf_t *conf, const char *src, const char *dest_file_name free (userpwd); } res = curl_easy_perform (curl); - curl_easy_cleanup (curl); fclose (file); if (res) { long error_code; curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &error_code); - opkg_message(conf, OPKG_ERROR, "Failed to download %s, error %d\n", src, error_code); + opkg_message(conf, OPKG_ERROR, "Failed to download %s. \nerror detail: %s\n", src, curl_easy_strerror(res)); + free(tmp_file_location); + free(src_basec); + curl_easy_cleanup (curl); return res; } + curl_easy_cleanup (curl); } else + { + free(tmp_file_location); + free(src_basec); return -1; - - /* if no custom progress handler was set, we need to clear the default progress bar */ - if (!opkg_cb_download_progress) - printf ("\n"); + } +#else + { + int res; + char *wgetcmd; + char *wgetopts; + wgetopts = getenv("OPKG_WGETOPTS"); + sprintf_alloc(&wgetcmd, "wget -q %s%s -O \"%s\" \"%s\"", + (conf->http_proxy || conf->ftp_proxy) ? "-Y on " : "", + (wgetopts!=NULL) ? wgetopts : "", + tmp_file_location, src); + opkg_message(conf, OPKG_INFO, "Executing: %s\n", wgetcmd); + res = xsystem(wgetcmd); + free(wgetcmd); + if (res) { + opkg_message(conf, OPKG_ERROR, "Failed to download %s, error %d\n", src, res); + free(tmp_file_location); + free(src_basec); + return res; + } + } +#endif err = file_move(tmp_file_location, dest_file_name); @@ -173,6 +175,43 @@ int opkg_download(opkg_conf_t *conf, const char *src, const char *dest_file_name return 0; } +static int opkg_download_cache(opkg_conf_t *conf, const char *src, + const char *dest_file_name, curl_progress_func cb, void *data) +{ + char *cache_name = strdup(src); + char *cache_location, *p; + int err = 0; + + if (!conf->cache || str_starts_with(src, "file:")) { + err = opkg_download(conf, src, dest_file_name, cb, data); + goto out1; + } + + for (p = cache_name; *p; p++) + if (*p == '/') + *p = ','; /* looks nicer than | or # */ + + sprintf_alloc(&cache_location, "%s/%s", conf->cache, cache_name); + if (file_exists(cache_location)) + opkg_message(conf, OPKG_NOTICE, "Copying %s\n", cache_location); + else { + err = opkg_download(conf, src, cache_location, cb, data); + if (err) { + (void) unlink(cache_location); + goto out2; + } + } + + err = file_copy(cache_location, dest_file_name); + + +out2: + free(cache_location); +out1: + free(cache_name); + return err; +} + int opkg_download_pkg(opkg_conf_t *conf, pkg_t *pkg, const char *dir) { int err; @@ -185,6 +224,10 @@ int opkg_download_pkg(opkg_conf_t *conf, pkg_t *pkg, const char *dir) pkg->name, pkg->parent->name); return -1; } + if (pkg->filename == NULL) { + opkg_message(conf,OPKG_ERROR, "ERROR: Package %s (parent %s) does not have a valid filename field.\n",pkg->name, pkg->parent->name); + return -1; + } sprintf_alloc (&pkgid, "%s;%s;%s;", pkg->name, pkg->version, pkg->architecture); opkg_set_current_state (conf, OPKG_STATE_DOWNLOADING_PKG, pkgid); @@ -193,7 +236,7 @@ int opkg_download_pkg(opkg_conf_t *conf, pkg_t *pkg, const char *dir) sprintf_alloc(&url, "%s/%s", pkg->src->value, pkg->filename); /* XXX: BUG: The pkg->filename might be something like - "../../foo.ipk". While this is correct, and exactly what we + "../../foo.opk". While this is correct, and exactly what we want to use to construct url above, here we actually need to use just the filename part, without any directory. */ @@ -203,7 +246,7 @@ int opkg_download_pkg(opkg_conf_t *conf, pkg_t *pkg, const char *dir) sprintf_alloc(&pkg->local_filename, "%s/%s", dir, stripped_filename); - err = opkg_download(conf, url, pkg->local_filename); + err = opkg_download_cache(conf, url, pkg->local_filename, NULL, NULL); free(url); opkg_set_current_state (conf, OPKG_STATE_NONE, NULL); @@ -228,7 +271,7 @@ int opkg_prepare_url_for_install(opkg_conf_t *conf, const char *url, char **name char *file_base = basename(file_basec); sprintf_alloc(&tmp_file, "%s/%s", conf->tmp_dir, file_base); - err = opkg_download(conf, url, tmp_file); + err = opkg_download(conf, url, tmp_file, NULL, NULL); if (err) return err; @@ -241,6 +284,7 @@ int opkg_prepare_url_for_install(opkg_conf_t *conf, const char *url, char **name free(file_basec); } else if (strcmp(&url[strlen(url) - 4], OPKG_PKG_EXTENSION) == 0 + || strcmp(&url[strlen(url) - 4], IPKG_PKG_EXTENSION) == 0 || strcmp(&url[strlen(url) - 4], DPKG_PKG_EXTENSION) == 0) { err = pkg_init_from_file(pkg, url); @@ -278,30 +322,57 @@ int opkg_prepare_url_for_install(opkg_conf_t *conf, const char *url, char **name int opkg_verify_file (opkg_conf_t *conf, char *text_file, char *sig_file) { -#ifdef HAVE_GPGME +#if defined HAVE_GPGME + if (conf->check_signature == 0 ) + return 0; int status = -1; gpgme_ctx_t ctx; - gpgme_data_t sig, text; + gpgme_data_t sig, text, key; gpgme_error_t err = -1; gpgme_verify_result_t result; gpgme_signature_t s; + char *trusted_path = NULL; err = gpgme_new (&ctx); if (err) return -1; + sprintf_alloc(&trusted_path, "%s/%s", conf->offline_root, "/etc/opkg/trusted.gpg"); + err = gpgme_data_new_from_file (&key, trusted_path, 1); + free (trusted_path); + if (err) + { + return -1; + } + err = gpgme_op_import (ctx, key); + if (err) + { + gpgme_data_release (key); + return -1; + } + gpgme_data_release (key); + err = gpgme_data_new_from_file (&sig, sig_file, 1); if (err) + { + gpgme_release (ctx); return -1; + } err = gpgme_data_new_from_file (&text, text_file, 1); if (err) + { + gpgme_data_release (sig); + gpgme_release (ctx); return -1; + } err = gpgme_op_verify (ctx, sig, text, NULL); result = gpgme_op_verify_result (ctx); + if (!result) + return -1; /* see if any of the signitures matched */ s = result->signatures; @@ -313,13 +384,140 @@ opkg_verify_file (opkg_conf_t *conf, char *text_file, char *sig_file) s = s->next; } + gpgme_data_release (sig); gpgme_data_release (text); gpgme_release (ctx); + return status; +#elif defined HAVE_OPENSSL + X509_STORE *store = NULL; + PKCS7 *p7 = NULL; + BIO *in = NULL, *indata = NULL; + + // Sig check failed by default ! + int status = -1; + + init_openssl(); + + // Set-up the key store + if(!(store = setup_verify(conf, conf->signature_ca_file, conf->signature_ca_path))){ + opkg_message(conf, OPKG_ERROR, + "Can't open CA certificates\n"); + goto verify_file_end; + } + + // Open a BIO to read the sig file + if (!(in = BIO_new_file(sig_file, "rb"))){ + opkg_message(conf, OPKG_ERROR, + "Can't open signature file %s\n", sig_file); + goto verify_file_end; + } + + // Read the PKCS7 block contained in the sig file + p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); + if(!p7){ + opkg_message(conf, OPKG_ERROR, + "Can't read signature file (Corrupted ?)\n"); + goto verify_file_end; + } + + // Open the Package file to authenticate + if (!(indata = BIO_new_file(text_file, "rb"))){ + opkg_message(conf, OPKG_ERROR, + "Can't open file %s\n", text_file); + goto verify_file_end; + } + + // Let's verify the autenticity ! + if (PKCS7_verify(p7, NULL, store, indata, NULL, PKCS7_BINARY) != 1){ + // Get Off My Lawn! + opkg_message(conf, OPKG_ERROR, + "Verification failure\n"); + }else{ + // Victory ! + status = 0; + } + +verify_file_end: + BIO_free(in); + BIO_free(indata); + PKCS7_free(p7); + X509_STORE_free(store); + return status; #else - opkg_message (conf, OPKG_NOTICE, "Signature check for %s was skipped because GPG support was not enabled in this build\n"); + /* mute `unused variable' warnings. */ + (void) sig_file; + (void) text_file; + (void) conf; return 0; #endif } + + +#if defined HAVE_OPENSSL +static X509_STORE *setup_verify(opkg_conf_t *conf, char *CAfile, char *CApath){ + X509_STORE *store = NULL; + X509_LOOKUP *lookup = NULL; + + if(!(store = X509_STORE_new())){ + // Something bad is happening... + goto end; + } + + // adds the X509 file lookup method + lookup = X509_STORE_add_lookup(store,X509_LOOKUP_file()); + if (lookup == NULL){ + goto end; + } + + // Autenticating against one CA file + if (CAfile) { + if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) { + // Invalid CA => Bye bye + opkg_message(conf, OPKG_ERROR, + "Error loading file %s\n", CAfile); + goto end; + } + } else { + X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); + } + + // Now look into CApath directory if supplied + lookup = X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir()); + if (lookup == NULL){ + goto end; + } + + if (CApath) { + if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) { + opkg_message(conf, OPKG_ERROR, + "Error loading directory %s\n", CApath); + goto end; + } + } else { + X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); + } + + // All right ! + ERR_clear_error(); + return store; + +end: + + X509_STORE_free(store); + return NULL; + +} + +static void init_openssl(void){ + static int init = 0; + + if(!init){ + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + init = 1; + } +} +#endif