summaryrefslogtreecommitdiffstats
path: root/services/packages/arch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel@debian.org>2024-10-18 20:33:49 +0200
committerDaniel Baumann <daniel@debian.org>2024-12-12 23:57:56 +0100
commite68b9d00a6e05b3a941f63ffb696f91e554ac5ec (patch)
tree97775d6c13b0f416af55314eb6a89ef792474615 /services/packages/arch
parentInitial commit. (diff)
downloadforgejo-e68b9d00a6e05b3a941f63ffb696f91e554ac5ec.tar.xz
forgejo-e68b9d00a6e05b3a941f63ffb696f91e554ac5ec.zip
Adding upstream version 9.0.3.
Signed-off-by: Daniel Baumann <daniel@debian.org>
Diffstat (limited to '')
-rw-r--r--services/packages/arch/repository.go368
1 files changed, 368 insertions, 0 deletions
diff --git a/services/packages/arch/repository.go b/services/packages/arch/repository.go
new file mode 100644
index 0000000..763a0a2
--- /dev/null
+++ b/services/packages/arch/repository.go
@@ -0,0 +1,368 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package arch
+
+import (
+ "archive/tar"
+ "compress/gzip"
+ "context"
+ "errors"
+ "fmt"
+ "io"
+ "net/url"
+ "os"
+ "path/filepath"
+ "sort"
+ "strings"
+
+ packages_model "code.gitea.io/gitea/models/packages"
+ user_model "code.gitea.io/gitea/models/user"
+ packages_module "code.gitea.io/gitea/modules/packages"
+ arch_module "code.gitea.io/gitea/modules/packages/arch"
+ "code.gitea.io/gitea/modules/setting"
+ "code.gitea.io/gitea/modules/sync"
+ "code.gitea.io/gitea/modules/util"
+ packages_service "code.gitea.io/gitea/services/packages"
+
+ "github.com/ProtonMail/go-crypto/openpgp"
+ "github.com/ProtonMail/go-crypto/openpgp/armor"
+ "github.com/ProtonMail/go-crypto/openpgp/packet"
+)
+
+var locker = sync.NewExclusivePool()
+
+func GetOrCreateRepositoryVersion(ctx context.Context, ownerID int64) (*packages_model.PackageVersion, error) {
+ return packages_service.GetOrCreateInternalPackageVersion(ctx, ownerID, packages_model.TypeArch, arch_module.RepositoryPackage, arch_module.RepositoryVersion)
+}
+
+func BuildAllRepositoryFiles(ctx context.Context, ownerID int64) error {
+ pv, err := GetOrCreateRepositoryVersion(ctx, ownerID)
+ if err != nil {
+ return err
+ }
+ // remove old db files
+ pfs, err := packages_model.GetFilesByVersionID(ctx, pv.ID)
+ if err != nil {
+ return err
+ }
+ for _, pf := range pfs {
+ if strings.HasSuffix(pf.Name, ".db") {
+ arch := strings.TrimSuffix(pf.Name, ".db")
+ if err := BuildPacmanDB(ctx, ownerID, pf.CompositeKey, arch); err != nil {
+ return err
+ }
+ }
+ }
+ return nil
+}
+
+func BuildCustomRepositoryFiles(ctx context.Context, ownerID int64, disco string) error {
+ pv, err := GetOrCreateRepositoryVersion(ctx, ownerID)
+ if err != nil {
+ return err
+ }
+ // remove old db files
+ pfs, err := packages_model.GetFilesByVersionID(ctx, pv.ID)
+ if err != nil {
+ return err
+ }
+ for _, pf := range pfs {
+ if strings.HasSuffix(pf.Name, ".db") && pf.CompositeKey == disco {
+ arch := strings.TrimSuffix(strings.TrimPrefix(pf.Name, fmt.Sprintf("%s-", pf.CompositeKey)), ".db")
+ if err := BuildPacmanDB(ctx, ownerID, pf.CompositeKey, arch); err != nil {
+ return err
+ }
+ }
+ }
+ return nil
+}
+
+func NewFileSign(ctx context.Context, ownerID int64, input io.Reader) (*packages_module.HashedBuffer, error) {
+ // If no signature is specified, it will be generated by Gitea.
+ priv, _, err := GetOrCreateKeyPair(ctx, ownerID)
+ if err != nil {
+ return nil, err
+ }
+ block, err := armor.Decode(strings.NewReader(priv))
+ if err != nil {
+ return nil, err
+ }
+ e, err := openpgp.ReadEntity(packet.NewReader(block.Body))
+ if err != nil {
+ return nil, err
+ }
+ pkgSig, err := packages_module.NewHashedBuffer()
+ if err != nil {
+ return nil, err
+ }
+ defer pkgSig.Close()
+ if err := openpgp.DetachSign(pkgSig, e, input, nil); err != nil {
+ return nil, err
+ }
+ return pkgSig, nil
+}
+
+// BuildPacmanDB Create db signature cache
+func BuildPacmanDB(ctx context.Context, ownerID int64, group, arch string) error {
+ key := fmt.Sprintf("pkg_%d_arch_db_%s", ownerID, group)
+ locker.CheckIn(key)
+ defer locker.CheckOut(key)
+ pv, err := GetOrCreateRepositoryVersion(ctx, ownerID)
+ if err != nil {
+ return err
+ }
+ // remove old db files
+ pfs, err := packages_model.GetFilesByVersionID(ctx, pv.ID)
+ if err != nil {
+ return err
+ }
+ for _, pf := range pfs {
+ if pf.CompositeKey == group && pf.Name == fmt.Sprintf("%s.db", arch) {
+ // remove group and arch
+ if err := packages_service.DeletePackageFile(ctx, pf); err != nil {
+ return err
+ }
+ }
+ }
+
+ db, err := createDB(ctx, ownerID, group, arch)
+ if errors.Is(err, io.EOF) {
+ return nil
+ } else if err != nil {
+ return err
+ }
+ defer db.Close()
+ // Create db signature cache
+ _, err = db.Seek(0, io.SeekStart)
+ if err != nil {
+ return err
+ }
+ sig, err := NewFileSign(ctx, ownerID, db)
+ if err != nil {
+ return err
+ }
+ defer sig.Close()
+ _, err = db.Seek(0, io.SeekStart)
+ if err != nil {
+ return err
+ }
+ for name, data := range map[string]*packages_module.HashedBuffer{
+ fmt.Sprintf("%s.db", arch): db,
+ fmt.Sprintf("%s.db.sig", arch): sig,
+ } {
+ _, err = packages_service.AddFileToPackageVersionInternal(ctx, pv, &packages_service.PackageFileCreationInfo{
+ PackageFileInfo: packages_service.PackageFileInfo{
+ Filename: name,
+ CompositeKey: group,
+ },
+ Creator: user_model.NewGhostUser(),
+ Data: data,
+ IsLead: false,
+ OverwriteExisting: true,
+ })
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+func createDB(ctx context.Context, ownerID int64, group, arch string) (*packages_module.HashedBuffer, error) {
+ pkgs, err := packages_model.GetPackagesByType(ctx, ownerID, packages_model.TypeArch)
+ if err != nil {
+ return nil, err
+ }
+ if len(pkgs) == 0 {
+ return nil, io.EOF
+ }
+ db, err := packages_module.NewHashedBuffer()
+ if err != nil {
+ return nil, err
+ }
+ defer db.Close()
+ gw := gzip.NewWriter(db)
+ defer gw.Close()
+ tw := tar.NewWriter(gw)
+ defer tw.Close()
+ count := 0
+ for _, pkg := range pkgs {
+ versions, err := packages_model.GetVersionsByPackageName(
+ ctx, ownerID, packages_model.TypeArch, pkg.Name,
+ )
+ if err != nil {
+ return nil, err
+ }
+ sort.Slice(versions, func(i, j int) bool {
+ return versions[i].CreatedUnix > versions[j].CreatedUnix
+ })
+
+ for _, ver := range versions {
+ files, err := packages_model.GetFilesByVersionID(ctx, ver.ID)
+ if err != nil {
+ return nil, err
+ }
+ var pf *packages_model.PackageFile
+ for _, file := range files {
+ ext := filepath.Ext(file.Name)
+ if file.CompositeKey == group && ext != "" && ext != ".db" && ext != ".sig" {
+ if pf == nil && strings.HasSuffix(file.Name, fmt.Sprintf("any.pkg.tar%s", ext)) {
+ pf = file
+ }
+ if strings.HasSuffix(file.Name, fmt.Sprintf("%s.pkg.tar%s", arch, ext)) {
+ pf = file
+ break
+ }
+ }
+ }
+ if pf == nil {
+ // file not exists
+ continue
+ }
+ pps, err := packages_model.GetPropertiesByName(
+ ctx, packages_model.PropertyTypeFile, pf.ID, arch_module.PropertyDescription,
+ )
+ if err != nil {
+ return nil, err
+ }
+ if len(pps) >= 1 {
+ meta := []byte(pps[0].Value)
+ header := &tar.Header{
+ Name: pkg.Name + "-" + ver.Version + "/desc",
+ Size: int64(len(meta)),
+ Mode: int64(os.ModePerm),
+ }
+ if err = tw.WriteHeader(header); err != nil {
+ return nil, err
+ }
+ if _, err := tw.Write(meta); err != nil {
+ return nil, err
+ }
+ count++
+ break
+ }
+ }
+ }
+ if count == 0 {
+ return nil, io.EOF
+ }
+ return db, nil
+}
+
+// GetPackageFile Get data related to provided filename and distribution, for package files
+// update download counter.
+func GetPackageFile(ctx context.Context, group, file string, ownerID int64) (io.ReadSeekCloser, *url.URL, *packages_model.PackageFile, error) {
+ fileSplit := strings.Split(file, "-")
+ if len(fileSplit) <= 3 {
+ return nil, nil, nil, errors.New("invalid file format, need <name>-<version>-<release>-<arch>.pkg.<archive>")
+ }
+ var (
+ pkgName = strings.Join(fileSplit[0:len(fileSplit)-3], "-")
+ pkgVer = fileSplit[len(fileSplit)-3] + "-" + fileSplit[len(fileSplit)-2]
+ )
+ version, err := packages_model.GetVersionByNameAndVersion(ctx, ownerID, packages_model.TypeArch, pkgName, pkgVer)
+ if err != nil {
+ return nil, nil, nil, err
+ }
+
+ pkgFile, err := packages_model.GetFileForVersionByName(ctx, version.ID, file, group)
+ if err != nil {
+ return nil, nil, nil, err
+ }
+
+ return packages_service.GetPackageFileStream(ctx, pkgFile)
+}
+
+func GetPackageDBFile(ctx context.Context, ownerID int64, group, arch string, sigFile bool) (io.ReadSeekCloser, *url.URL, *packages_model.PackageFile, error) {
+ pv, err := GetOrCreateRepositoryVersion(ctx, ownerID)
+ if err != nil {
+ return nil, nil, nil, err
+ }
+ fileName := fmt.Sprintf("%s.db", arch)
+ if sigFile {
+ fileName = fmt.Sprintf("%s.db.sig", arch)
+ }
+ file, err := packages_model.GetFileForVersionByName(ctx, pv.ID, fileName, group)
+ // fail back to any db
+ if errors.Is(err, util.ErrNotExist) && arch != "any" {
+ fileName = "any.db"
+ if sigFile {
+ fileName = "any.db.sig"
+ }
+ file, err = packages_model.GetFileForVersionByName(ctx, pv.ID, fileName, group)
+ }
+ if err != nil {
+ return nil, nil, nil, err
+ }
+ return packages_service.GetPackageFileStream(ctx, file)
+}
+
+// GetOrCreateKeyPair gets or creates the PGP keys used to sign repository metadata files
+func GetOrCreateKeyPair(ctx context.Context, ownerID int64) (string, string, error) {
+ priv, err := user_model.GetSetting(ctx, ownerID, arch_module.SettingKeyPrivate)
+ if err != nil && !errors.Is(err, util.ErrNotExist) {
+ return "", "", err
+ }
+
+ pub, err := user_model.GetSetting(ctx, ownerID, arch_module.SettingKeyPublic)
+ if err != nil && !errors.Is(err, util.ErrNotExist) {
+ return "", "", err
+ }
+
+ if priv == "" || pub == "" {
+ user, err := user_model.GetUserByID(ctx, ownerID)
+ if err != nil && !errors.Is(err, util.ErrNotExist) {
+ return "", "", err
+ }
+
+ priv, pub, err = generateKeypair(user.Name)
+ if err != nil {
+ return "", "", err
+ }
+
+ if err := user_model.SetUserSetting(ctx, ownerID, arch_module.SettingKeyPrivate, priv); err != nil {
+ return "", "", err
+ }
+
+ if err := user_model.SetUserSetting(ctx, ownerID, arch_module.SettingKeyPublic, pub); err != nil {
+ return "", "", err
+ }
+ }
+
+ return priv, pub, nil
+}
+
+func generateKeypair(owner string) (string, string, error) {
+ e, err := openpgp.NewEntity(
+ owner,
+ "Arch Package signature only",
+ fmt.Sprintf("%s@noreply.%s", owner, setting.Packages.RegistryHost), &packet.Config{
+ RSABits: 4096,
+ })
+ if err != nil {
+ return "", "", err
+ }
+
+ var priv strings.Builder
+ var pub strings.Builder
+
+ w, err := armor.Encode(&priv, openpgp.PrivateKeyType, nil)
+ if err != nil {
+ return "", "", err
+ }
+ if err := e.SerializePrivate(w, nil); err != nil {
+ return "", "", err
+ }
+ w.Close()
+
+ w, err = armor.Encode(&pub, openpgp.PublicKeyType, nil)
+ if err != nil {
+ return "", "", err
+ }
+ if err := e.Serialize(w); err != nil {
+ return "", "", err
+ }
+ w.Close()
+
+ return priv.String(), pub.String(), nil
+}