X-Git-Url: https://git.librecmc.org/?p=oweals%2Fopkg-lede.git;a=blobdiff_plain;f=libopkg%2Fopkg_download.c;h=db4c90f2a69b81ca2a1d2fa52187471822ae3443;hp=c52f0584b77641a5d1d4b5280121a55894998913;hb=e450488296dcb20d93dd4f48ffd887f440ce17c8;hpb=04ac0b44dfcf848e30bfa6c29894dbe908007385 diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c index c52f058..db4c90f 100644 --- a/libopkg/opkg_download.c +++ b/libopkg/opkg_download.c @@ -31,42 +31,6 @@ #include "opkg_defines.h" #include "libbb/libbb.h" -#ifdef HAVE_CURL -#include -#endif - -#if defined(HAVE_SSLCURL) || defined(HAVE_OPENSSL) -#include -#include -#include -#include -#endif - -#if defined(HAVE_OPENSSL) -#include -#include -#include -#include -#include -#endif - -#if defined(HAVE_OPENSSL) || defined(HAVE_SSLCURL) -static void openssl_init(void); -#endif - -#ifdef HAVE_OPENSSL -static X509_STORE *setup_verify(char *CAfile, char *CApath); -#endif - -#ifdef HAVE_CURL -/* - * Make curl an instance variable so we don't have to instanciate it - * each time - */ -static CURL *curl = NULL; -static CURL *opkg_curl_init(curl_progress_func cb, void *data); -#endif - static int str_starts_with(const char *str, const char *prefix) { return (strncmp(str, prefix, strlen(prefix)) == 0); @@ -74,7 +38,7 @@ static int str_starts_with(const char *str, const char *prefix) int opkg_download(const char *src, const char *dest_file_name, - curl_progress_func cb, void *data, const short hide_error) + const short hide_error) { int err = 0; @@ -120,33 +84,7 @@ opkg_download(const char *src, const char *dest_file_name, conf->no_proxy); setenv("no_proxy", conf->no_proxy, 1); } -#ifdef HAVE_CURL - CURLcode res; - FILE *file = fopen(tmp_file_location, "w"); - curl = opkg_curl_init(cb, data); - if (curl) { - curl_easy_setopt(curl, CURLOPT_URL, src); - curl_easy_setopt(curl, CURLOPT_WRITEDATA, file); - - res = curl_easy_perform(curl); - fclose(file); - if (res) { - long error_code; - curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, - &error_code); - opkg_msg(hide_error ? DEBUG2 : ERROR, - "Failed to download %s: %s.\n", src, - curl_easy_strerror(res)); - free(tmp_file_location); - return -1; - } - - } else { - free(tmp_file_location); - return -1; - } -#else { int res; const char *argv[8]; @@ -175,7 +113,6 @@ opkg_download(const char *src, const char *dest_file_name, return -1; } } -#endif err = file_move(tmp_file_location, dest_file_name); @@ -185,15 +122,14 @@ opkg_download(const char *src, const char *dest_file_name, } static int -opkg_download_cache(const char *src, const char *dest_file_name, - curl_progress_func cb, void *data) +opkg_download_cache(const char *src, const char *dest_file_name) { char *cache_name = xstrdup(src); char *cache_location, *p; int err = 0; if (!conf->cache || str_starts_with(src, "file:")) { - err = opkg_download(src, dest_file_name, cb, data, 0); + err = opkg_download(src, dest_file_name, 0); goto out1; } @@ -224,7 +160,7 @@ opkg_download_cache(const char *src, const char *dest_file_name, if (file_exists(cache_location)) opkg_msg(NOTICE, "Copying %s.\n", cache_location); else { - err = opkg_download(src, cache_location, cb, data, 0); + err = opkg_download(src, cache_location, 0); if (err) { (void)unlink(cache_location); goto out2; @@ -279,7 +215,7 @@ int opkg_download_pkg(pkg_t * pkg, const char *dir) sprintf_alloc(&local_filename, "%s/%s", dir, stripped_filename); pkg_set_string(pkg, PKG_LOCAL_FILENAME, local_filename); - err = opkg_download_cache(url, local_filename, NULL, NULL); + err = opkg_download_cache(url, local_filename); free(url); return err; @@ -303,7 +239,7 @@ int opkg_prepare_url_for_install(const char *url, char **namep) char *file_base = basename(file_basec); sprintf_alloc(&tmp_file, "%s/%s", conf->tmp_dir, file_base); - err = opkg_download(url, tmp_file, NULL, NULL, 0); + err = opkg_download(url, tmp_file, 0); if (err) return err; @@ -373,57 +309,6 @@ int opkg_verify_file(char *text_file, char *sig_file) return -1; return 0; -#elif defined HAVE_OPENSSL - X509_STORE *store = NULL; - PKCS7 *p7 = NULL; - BIO *in = NULL, *indata = NULL; - - // Sig check failed by default ! - int status = -1; - - openssl_init(); - - // Set-up the key store - if (! - (store = - setup_verify(conf->signature_ca_file, conf->signature_ca_path))) { - opkg_msg(ERROR, "Can't open CA certificates.\n"); - goto verify_file_end; - } - // Open a BIO to read the sig file - if (!(in = BIO_new_file(sig_file, "rb"))) { - opkg_msg(ERROR, "Can't open signature file %s.\n", sig_file); - goto verify_file_end; - } - // Read the PKCS7 block contained in the sig file - p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); - if (!p7) { - opkg_msg(ERROR, "Can't read signature file %s (Corrupted ?).\n", - sig_file); - goto verify_file_end; - } - - // Open the Package file to authenticate - if (!(indata = BIO_new_file(text_file, "rb"))) { - opkg_msg(ERROR, "Can't open file %s.\n", text_file); - goto verify_file_end; - } - // Let's verify the autenticity ! - if (PKCS7_verify(p7, NULL, store, indata, NULL, PKCS7_BINARY) != 1) { - // Get Off My Lawn! - opkg_msg(ERROR, "Verification failure.\n"); - } else { - // Victory ! - status = 0; - } - -verify_file_end: - BIO_free(in); - BIO_free(indata); - PKCS7_free(p7); - X509_STORE_free(store); - - return status; #else /* mute `unused variable' warnings. */ (void)sig_file; @@ -432,196 +317,3 @@ verify_file_end: return 0; #endif } - -#if defined(HAVE_OPENSSL) || defined(HAVE_SSLCURL) -static void openssl_init(void) -{ - static int init = 0; - - if (!init) { - OPENSSL_config(NULL); - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - init = 1; - } -} - -#endif - -#if defined HAVE_OPENSSL -static X509_STORE *setup_verify(char *CAfile, char *CApath) -{ - X509_STORE *store = NULL; - X509_LOOKUP *lookup = NULL; - - if (!(store = X509_STORE_new())) { - // Something bad is happening... - goto end; - } - // adds the X509 file lookup method - lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); - if (lookup == NULL) { - goto end; - } - // Autenticating against one CA file - if (CAfile) { - if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) { - // Invalid CA => Bye bye - opkg_msg(ERROR, "Error loading file %s.\n", CAfile); - goto end; - } - } else { - X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); - } - - // Now look into CApath directory if supplied - lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); - if (lookup == NULL) { - goto end; - } - - if (CApath) { - if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) { - opkg_msg(ERROR, "Error loading directory %s.\n", - CApath); - goto end; - } - } else { - X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); - } - - // All right ! - ERR_clear_error(); - return store; - -end: - - X509_STORE_free(store); - return NULL; - -} - -#endif - -#ifdef HAVE_CURL -void opkg_curl_cleanup(void) -{ - if (curl != NULL) { - curl_easy_cleanup(curl); - curl = NULL; - } -} - -static CURL *opkg_curl_init(curl_progress_func cb, void *data) -{ - - if (curl == NULL) { - curl = curl_easy_init(); - -#ifdef HAVE_SSLCURL - openssl_init(); - - if (conf->ssl_engine) { - - /* use crypto engine */ - if (curl_easy_setopt - (curl, CURLOPT_SSLENGINE, - conf->ssl_engine) != CURLE_OK) { - opkg_msg(ERROR, - "Can't set crypto engine '%s'.\n", - conf->ssl_engine); - - opkg_curl_cleanup(); - return NULL; - } - /* set the crypto engine as default */ - if (curl_easy_setopt - (curl, CURLOPT_SSLENGINE_DEFAULT, 1L) != CURLE_OK) { - opkg_msg(ERROR, - "Can't set crypto engine '%s' as default.\n", - conf->ssl_engine); - - opkg_curl_cleanup(); - return NULL; - } - } - - /* cert & key can only be in PEM case in the same file */ - if (conf->ssl_key_passwd) { - if (curl_easy_setopt - (curl, CURLOPT_SSLKEYPASSWD, - conf->ssl_key_passwd) != CURLE_OK) { - opkg_msg(DEBUG, - "Failed to set key password.\n"); - } - } - - /* sets the client certificate and its type */ - if (conf->ssl_cert_type) { - if (curl_easy_setopt - (curl, CURLOPT_SSLCERTTYPE, - conf->ssl_cert_type) != CURLE_OK) { - opkg_msg(DEBUG, - "Failed to set certificate format.\n"); - } - } - /* SSL cert name isn't mandatory */ - if (conf->ssl_cert) { - curl_easy_setopt(curl, CURLOPT_SSLCERT, conf->ssl_cert); - } - - /* sets the client key and its type */ - if (conf->ssl_key_type) { - if (curl_easy_setopt - (curl, CURLOPT_SSLKEYTYPE, - conf->ssl_key_type) != CURLE_OK) { - opkg_msg(DEBUG, "Failed to set key format.\n"); - } - } - if (conf->ssl_key) { - if (curl_easy_setopt - (curl, CURLOPT_SSLKEY, conf->ssl_key) != CURLE_OK) { - opkg_msg(DEBUG, "Failed to set key.\n"); - } - } - - /* Should we verify the peer certificate ? */ - if (conf->ssl_dont_verify_peer) { - /* - * CURLOPT_SSL_VERIFYPEER default is nonzero (curl => 7.10) - */ - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); - } - - /* certification authority file and/or path */ - if (conf->ssl_ca_file) { - curl_easy_setopt(curl, CURLOPT_CAINFO, - conf->ssl_ca_file); - } - if (conf->ssl_ca_path) { - curl_easy_setopt(curl, CURLOPT_CAPATH, - conf->ssl_ca_path); - } -#endif - - curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1); - curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1); - if (conf->http_proxy || conf->ftp_proxy) { - char *userpwd; - sprintf_alloc(&userpwd, "%s:%s", conf->proxy_user, - conf->proxy_passwd); - curl_easy_setopt(curl, CURLOPT_PROXYUSERPWD, userpwd); - free(userpwd); - } - } - - curl_easy_setopt(curl, CURLOPT_NOPROGRESS, (cb == NULL)); - if (cb) { - curl_easy_setopt(curl, CURLOPT_PROGRESSDATA, data); - curl_easy_setopt(curl, CURLOPT_PROGRESSFUNCTION, cb); - } - - return curl; - -} -#endif