forked from arduino/arduino-cli
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathindex.go
181 lines (161 loc) · 6.94 KB
/
index.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
// This file is part of arduino-cli.
//
// Copyright 2020 ARDUINO SA (http://www.arduino.cc/)
//
// This software is released under the GNU General Public License version 3,
// which covers the main part of arduino-cli.
// The terms of this license can be found at:
// https://www.gnu.org/licenses/gpl-3.0.en.html
//
// You can be released from the requirements of the above licenses by purchasing
// a commercial license. Buying such a license is mandatory if you want to
// modify or otherwise use the software for commercial activities involving the
// Arduino software without disclosing the source code of your own applications.
// To purchase a commercial license, send an email to [email protected].
package resources
import (
"context"
"errors"
"net/url"
"path"
"strings"
"github.com/arduino/arduino-cli/arduino"
"github.com/arduino/arduino-cli/arduino/httpclient"
"github.com/arduino/arduino-cli/arduino/security"
rpc "github.com/arduino/arduino-cli/rpc/cc/arduino/cli/commands/v1"
"github.com/arduino/go-paths-helper"
"github.com/codeclysm/extract/v3"
"github.com/sirupsen/logrus"
"go.bug.st/downloader/v2"
)
// IndexResource is a reference to an index file URL with an optional signature.
type IndexResource struct {
URL *url.URL
SignatureURL *url.URL
EnforceSignatureVerification bool
}
// IndexFileName returns the index file name as it is saved in data dir (package_xxx_index.json).
func (res *IndexResource) IndexFileName() (string, error) {
filename := path.Base(res.URL.Path) // == package_index.json[.gz] || packacge_index.tar.bz2
if filename == "." || filename == "" {
return "", &arduino.InvalidURLError{}
}
if i := strings.Index(filename, "."); i != -1 {
filename = filename[:i]
}
return filename + ".json", nil
}
// Download will download the index and possibly check the signature using the Arduino's public key.
// If the file is in .gz format it will be unpacked first.
func (res *IndexResource) Download(destDir *paths.Path, downloadCB rpc.DownloadProgressCB) error {
// Create destination directory
if err := destDir.MkdirAll(); err != nil {
return &arduino.PermissionDeniedError{Message: tr("Can't create data directory %s", destDir), Cause: err}
}
// Create a temp dir to stage all downloads
tmp, err := paths.MkTempDir("", "library_index_download")
if err != nil {
return &arduino.TempDirCreationFailedError{Cause: err}
}
defer tmp.RemoveAll()
// Download index file
downloadFileName := path.Base(res.URL.Path) // == package_index.json[.gz] || package_index.tar.bz2
indexFileName, err := res.IndexFileName() // == package_index.json
if err != nil {
return err
}
tmpIndexPath := tmp.Join(downloadFileName)
if err := httpclient.DownloadFile(tmpIndexPath, res.URL.String(), "", tr("Downloading index: %s", downloadFileName), downloadCB, nil, downloader.NoResume); err != nil {
return &arduino.FailedDownloadError{Message: tr("Error downloading index '%s'", res.URL), Cause: err}
}
var signaturePath, tmpSignaturePath *paths.Path
hasSignature := false
// Expand the index if it is compressed
if strings.HasSuffix(downloadFileName, ".tar.bz2") {
signatureFileName := indexFileName + ".sig"
signaturePath = destDir.Join(signatureFileName)
// .tar.bz2 archive may contain both index and signature
// Extract archive in a tmp/archive subdirectory
f, err := tmpIndexPath.Open()
if err != nil {
return &arduino.PermissionDeniedError{Message: tr("Error opening %s", tmpIndexPath), Cause: err}
}
defer f.Close()
tmpArchivePath := tmp.Join("archive")
_ = tmpArchivePath.MkdirAll()
if err := extract.Bz2(context.Background(), f, tmpArchivePath.String(), nil); err != nil {
return &arduino.PermissionDeniedError{Message: tr("Error extracting %s", tmpIndexPath), Cause: err}
}
// Look for index.json
tmpIndexPath = tmpArchivePath.Join(indexFileName)
if !tmpIndexPath.Exist() {
return &arduino.NotFoundError{Message: tr("Invalid archive: file %{1}s not found in archive %{2}s", indexFileName, tmpArchivePath.Base())}
}
// Look for signature
if t := tmpArchivePath.Join(signatureFileName); t.Exist() {
tmpSignaturePath = t
hasSignature = true
} else {
logrus.Infof("No signature %s found in package index archive %s", signatureFileName, tmpArchivePath.Base())
}
} else if strings.HasSuffix(downloadFileName, ".gz") {
tmpUnzippedIndexPath := tmp.Join(indexFileName)
if err := paths.GUnzip(tmpIndexPath, tmpUnzippedIndexPath); err != nil {
return &arduino.PermissionDeniedError{Message: tr("Error extracting %s", indexFileName), Cause: err}
}
tmpIndexPath = tmpUnzippedIndexPath
}
// Check the signature if needed
if res.SignatureURL != nil {
// Compose signature URL
signatureFileName := path.Base(res.SignatureURL.Path)
// Download signature
signaturePath = destDir.Join(signatureFileName)
tmpSignaturePath = tmp.Join(signatureFileName)
if err := httpclient.DownloadFile(tmpSignaturePath, res.SignatureURL.String(), "", tr("Downloading index signature: %s", signatureFileName), downloadCB, nil, downloader.NoResume); err != nil {
return &arduino.FailedDownloadError{Message: tr("Error downloading index signature '%s'", res.SignatureURL), Cause: err}
}
hasSignature = true
}
if hasSignature {
// Check signature...
if valid, _, err := security.VerifyArduinoDetachedSignature(tmpIndexPath, tmpSignaturePath); err != nil {
return &arduino.PermissionDeniedError{Message: tr("Error verifying signature"), Cause: err}
} else if !valid {
return &arduino.SignatureVerificationFailedError{File: res.URL.String()}
}
} else {
if res.EnforceSignatureVerification {
return &arduino.PermissionDeniedError{Message: tr("Error verifying signature"), Cause: errors.New(tr("missing signature"))}
}
}
// TODO: Implement a ResourceValidator
// if !validate(tmpIndexPath) { return error }
// Make a backup copy of old index and signature so the defer function can rollback in case of errors.
indexPath := destDir.Join(indexFileName)
oldIndex := tmp.Join("old_index")
if indexPath.Exist() {
if err := indexPath.CopyTo(oldIndex); err != nil {
return &arduino.PermissionDeniedError{Message: tr("Error saving downloaded index"), Cause: err}
}
defer oldIndex.CopyTo(indexPath) // will silently fail in case of success
}
oldSignature := tmp.Join("old_signature")
if oldSignature.Exist() {
if err := signaturePath.CopyTo(oldSignature); err != nil {
return &arduino.PermissionDeniedError{Message: tr("Error saving downloaded index signature"), Cause: err}
}
defer oldSignature.CopyTo(signaturePath) // will silently fail in case of success
}
if err := tmpIndexPath.CopyTo(indexPath); err != nil {
return &arduino.PermissionDeniedError{Message: tr("Error saving downloaded index"), Cause: err}
}
if hasSignature {
if err := tmpSignaturePath.CopyTo(signaturePath); err != nil {
return &arduino.PermissionDeniedError{Message: tr("Error saving downloaded index signature"), Cause: err}
}
}
_ = oldIndex.Remove()
_ = oldSignature.Remove()
return nil
}