mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16496 Commits
17 Branches
Tree: fc7d3f7315
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fc7d3f7315'
${ noResults }
gitea/services/packages/alpine/repository.go

repository.go 9.3KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329 
  1. // Copyright 2023 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package alpine

  5. 

  6. import (

  7. 	"archive/tar"

  8. 	"bytes"

  9. 	"compress/gzip"

  10. 	"context"

  11. 	"crypto"

  12. 	"crypto/rand"

  13. 	"crypto/rsa"

  14. 	"crypto/sha1"

  15. 	"crypto/x509"

  16. 	"encoding/hex"

  17. 	"encoding/pem"

  18. 	"errors"

  19. 	"fmt"

  20. 	"io"

  21. 	"strings"

  22. 

  23. 	packages_model "code.gitea.io/gitea/models/packages"

  24. 	alpine_model "code.gitea.io/gitea/models/packages/alpine"

  25. 	user_model "code.gitea.io/gitea/models/user"

  26. 	"code.gitea.io/gitea/modules/json"

  27. 	packages_module "code.gitea.io/gitea/modules/packages"

  28. 	alpine_module "code.gitea.io/gitea/modules/packages/alpine"

  29. 	"code.gitea.io/gitea/modules/util"

  30. 	packages_service "code.gitea.io/gitea/services/packages"

  31. )

  32. 

  33. const IndexFilename = "APKINDEX.tar.gz"

  34. 

  35. // GetOrCreateRepositoryVersion gets or creates the internal repository package

  36. // The Alpine registry needs multiple index files which are stored in this package.

  37. func GetOrCreateRepositoryVersion(ctx context.Context, ownerID int64) (*packages_model.PackageVersion, error) {

  38. 	return packages_service.GetOrCreateInternalPackageVersion(ctx, ownerID, packages_model.TypeAlpine, alpine_module.RepositoryPackage, alpine_module.RepositoryVersion)

  39. }

  40. 

  41. // GetOrCreateKeyPair gets or creates the RSA keys used to sign repository files

  42. func GetOrCreateKeyPair(ctx context.Context, ownerID int64) (string, string, error) {

  43. 	priv, err := user_model.GetSetting(ctx, ownerID, alpine_module.SettingKeyPrivate)

  44. 	if err != nil && !errors.Is(err, util.ErrNotExist) {

  45. 		return "", "", err

  46. 	}

  47. 

  48. 	pub, err := user_model.GetSetting(ctx, ownerID, alpine_module.SettingKeyPublic)

  49. 	if err != nil && !errors.Is(err, util.ErrNotExist) {

  50. 		return "", "", err

  51. 	}

  52. 

  53. 	if priv == "" || pub == "" {

  54. 		priv, pub, err = util.GenerateKeyPair(4096)

  55. 		if err != nil {

  56. 			return "", "", err

  57. 		}

  58. 

  59. 		if err := user_model.SetUserSetting(ctx, ownerID, alpine_module.SettingKeyPrivate, priv); err != nil {

  60. 			return "", "", err

  61. 		}

  62. 

  63. 		if err := user_model.SetUserSetting(ctx, ownerID, alpine_module.SettingKeyPublic, pub); err != nil {

  64. 			return "", "", err

  65. 		}

  66. 	}

  67. 

  68. 	return priv, pub, nil

  69. }

  70. 

  71. // BuildAllRepositoryFiles (re)builds all repository files for every available distributions, components and architectures

  72. func BuildAllRepositoryFiles(ctx context.Context, ownerID int64) error {

  73. 	pv, err := GetOrCreateRepositoryVersion(ctx, ownerID)

  74. 	if err != nil {

  75. 		return err

  76. 	}

  77. 

  78. 	// 1. Delete all existing repository files

  79. 	pfs, err := packages_model.GetFilesByVersionID(ctx, pv.ID)

  80. 	if err != nil {

  81. 		return err

  82. 	}

  83. 

  84. 	for _, pf := range pfs {

  85. 		if err := packages_model.DeleteAllProperties(ctx, packages_model.PropertyTypeFile, pf.ID); err != nil {

  86. 			return err

  87. 		}

  88. 		if err := packages_model.DeleteFileByID(ctx, pf.ID); err != nil {

  89. 			return err

  90. 		}

  91. 	}

  92. 

  93. 	// 2. (Re)Build repository files for existing packages

  94. 	branches, err := alpine_model.GetBranches(ctx, ownerID)

  95. 	if err != nil {

  96. 		return err

  97. 	}

  98. 	for _, branch := range branches {

  99. 		repositories, err := alpine_model.GetRepositories(ctx, ownerID, branch)

  100. 		if err != nil {

  101. 			return err

  102. 		}

  103. 		for _, repository := range repositories {

  104. 			architectures, err := alpine_model.GetArchitectures(ctx, ownerID, repository)

  105. 			if err != nil {

  106. 				return err

  107. 			}

  108. 			for _, architecture := range architectures {

  109. 				if err := buildPackagesIndex(ctx, ownerID, pv, branch, repository, architecture); err != nil {

  110. 					return fmt.Errorf("failed to build repository files [%s/%s/%s]: %w", branch, repository, architecture, err)

  111. 				}

  112. 			}

  113. 		}

  114. 	}

  115. 

  116. 	return nil

  117. }

  118. 

  119. // BuildSpecificRepositoryFiles builds index files for the repository

  120. func BuildSpecificRepositoryFiles(ctx context.Context, ownerID int64, branch, repository, architecture string) error {

  121. 	pv, err := GetOrCreateRepositoryVersion(ctx, ownerID)

  122. 	if err != nil {

  123. 		return err

  124. 	}

  125. 

  126. 	return buildPackagesIndex(ctx, ownerID, pv, branch, repository, architecture)

  127. }

  128. 

  129. type packageData struct {

  130. 	Package         *packages_model.Package

  131. 	Version         *packages_model.PackageVersion

  132. 	Blob            *packages_model.PackageBlob

  133. 	VersionMetadata *alpine_module.VersionMetadata

  134. 	FileMetadata    *alpine_module.FileMetadata

  135. }

  136. 

  137. type packageCache = map[*packages_model.PackageFile]*packageData

  138. 

  139. // https://wiki.alpinelinux.org/wiki/Apk_spec#APKINDEX_Format

  140. func buildPackagesIndex(ctx context.Context, ownerID int64, repoVersion *packages_model.PackageVersion, branch, repository, architecture string) error {

  141. 	pfs, _, err := packages_model.SearchFiles(ctx, &packages_model.PackageFileSearchOptions{

  142. 		OwnerID:     ownerID,

  143. 		PackageType: packages_model.TypeAlpine,

  144. 		Query:       "%.apk",

  145. 		Properties: map[string]string{

  146. 			alpine_module.PropertyBranch:       branch,

  147. 			alpine_module.PropertyRepository:   repository,

  148. 			alpine_module.PropertyArchitecture: architecture,

  149. 		},

  150. 	})

  151. 	if err != nil {

  152. 		return err

  153. 	}

  154. 

  155. 	// Delete the package indices if there are no packages

  156. 	if len(pfs) == 0 {

  157. 		pf, err := packages_model.GetFileForVersionByName(ctx, repoVersion.ID, IndexFilename, fmt.Sprintf("%s|%s|%s", branch, repository, architecture))

  158. 		if err != nil && !errors.Is(err, util.ErrNotExist) {

  159. 			return err

  160. 		}

  161. 

  162. 		if err := packages_model.DeleteAllProperties(ctx, packages_model.PropertyTypeFile, pf.ID); err != nil {

  163. 			return err

  164. 		}

  165. 		return packages_model.DeleteFileByID(ctx, pf.ID)

  166. 	}

  167. 

  168. 	// Cache data needed for all repository files

  169. 	cache := make(packageCache)

  170. 	for _, pf := range pfs {

  171. 		pv, err := packages_model.GetVersionByID(ctx, pf.VersionID)

  172. 		if err != nil {

  173. 			return err

  174. 		}

  175. 		p, err := packages_model.GetPackageByID(ctx, pv.PackageID)

  176. 		if err != nil {

  177. 			return err

  178. 		}

  179. 		pb, err := packages_model.GetBlobByID(ctx, pf.BlobID)

  180. 		if err != nil {

  181. 			return err

  182. 		}

  183. 		pps, err := packages_model.GetPropertiesByName(ctx, packages_model.PropertyTypeFile, pf.ID, alpine_module.PropertyMetadata)

  184. 		if err != nil {

  185. 			return err

  186. 		}

  187. 

  188. 		pd := &packageData{

  189. 			Package: p,

  190. 			Version: pv,

  191. 			Blob:    pb,

  192. 		}

  193. 

  194. 		if err := json.Unmarshal([]byte(pv.MetadataJSON), &pd.VersionMetadata); err != nil {

  195. 			return err

  196. 		}

  197. 		if len(pps) > 0 {

  198. 			if err := json.Unmarshal([]byte(pps[0].Value), &pd.FileMetadata); err != nil {

  199. 				return err

  200. 			}

  201. 		}

  202. 

  203. 		cache[pf] = pd

  204. 	}

  205. 

  206. 	var buf bytes.Buffer

  207. 	for _, pf := range pfs {

  208. 		pd := cache[pf]

  209. 

  210. 		fmt.Fprintf(&buf, "C:%s\n", pd.FileMetadata.Checksum)

  211. 		fmt.Fprintf(&buf, "P:%s\n", pd.Package.Name)

  212. 		fmt.Fprintf(&buf, "V:%s\n", pd.Version.Version)

  213. 		fmt.Fprintf(&buf, "A:%s\n", pd.FileMetadata.Architecture)

  214. 		if pd.VersionMetadata.Description != "" {

  215. 			fmt.Fprintf(&buf, "T:%s\n", pd.VersionMetadata.Description)

  216. 		}

  217. 		if pd.VersionMetadata.ProjectURL != "" {

  218. 			fmt.Fprintf(&buf, "U:%s\n", pd.VersionMetadata.ProjectURL)

  219. 		}

  220. 		if pd.VersionMetadata.License != "" {

  221. 			fmt.Fprintf(&buf, "L:%s\n", pd.VersionMetadata.License)

  222. 		}

  223. 		fmt.Fprintf(&buf, "S:%d\n", pd.Blob.Size)

  224. 		fmt.Fprintf(&buf, "I:%d\n", pd.FileMetadata.Size)

  225. 		fmt.Fprintf(&buf, "o:%s\n", pd.FileMetadata.Origin)

  226. 		fmt.Fprintf(&buf, "m:%s\n", pd.VersionMetadata.Maintainer)

  227. 		fmt.Fprintf(&buf, "t:%d\n", pd.FileMetadata.BuildDate)

  228. 		if pd.FileMetadata.CommitHash != "" {

  229. 			fmt.Fprintf(&buf, "c:%s\n", pd.FileMetadata.CommitHash)

  230. 		}

  231. 		if len(pd.FileMetadata.Dependencies) > 0 {

  232. 			fmt.Fprintf(&buf, "D:%s\n", strings.Join(pd.FileMetadata.Dependencies, " "))

  233. 		}

  234. 		if len(pd.FileMetadata.Provides) > 0 {

  235. 			fmt.Fprintf(&buf, "p:%s\n", strings.Join(pd.FileMetadata.Provides, " "))

  236. 		}

  237. 		fmt.Fprint(&buf, "\n")

  238. 	}

  239. 

  240. 	unsignedIndexContent, _ := packages_module.NewHashedBuffer()

  241. 	h := sha1.New()

  242. 

  243. 	if err := writeGzipStream(io.MultiWriter(unsignedIndexContent, h), "APKINDEX", buf.Bytes(), true); err != nil {

  244. 		return err

  245. 	}

  246. 

  247. 	priv, _, err := GetOrCreateKeyPair(ctx, ownerID)

  248. 	if err != nil {

  249. 		return err

  250. 	}

  251. 

  252. 	privPem, _ := pem.Decode([]byte(priv))

  253. 	if privPem == nil {

  254. 		return fmt.Errorf("failed to decode private key pem")

  255. 	}

  256. 

  257. 	privKey, err := x509.ParsePKCS1PrivateKey(privPem.Bytes)

  258. 	if err != nil {

  259. 		return err

  260. 	}

  261. 

  262. 	sign, err := rsa.SignPKCS1v15(rand.Reader, privKey, crypto.SHA1, h.Sum(nil))

  263. 	if err != nil {

  264. 		return err

  265. 	}

  266. 

  267. 	owner, err := user_model.GetUserByID(ctx, ownerID)

  268. 	if err != nil {

  269. 		return err

  270. 	}

  271. 

  272. 	fingerprint, err := util.CreatePublicKeyFingerprint(&privKey.PublicKey)

  273. 	if err != nil {

  274. 		return err

  275. 	}

  276. 

  277. 	signedIndexContent, _ := packages_module.NewHashedBuffer()

  278. 

  279. 	if err := writeGzipStream(

  280. 		signedIndexContent,

  281. 		fmt.Sprintf(".SIGN.RSA.%s@%s.rsa.pub", owner.LowerName, hex.EncodeToString(fingerprint)),

  282. 		sign,

  283. 		false,

  284. 	); err != nil {

  285. 		return err

  286. 	}

  287. 

  288. 	if _, err := io.Copy(signedIndexContent, unsignedIndexContent); err != nil {

  289. 		return err

  290. 	}

  291. 

  292. 	_, err = packages_service.AddFileToPackageVersionInternal(

  293. 		ctx,

  294. 		repoVersion,

  295. 		&packages_service.PackageFileCreationInfo{

  296. 			PackageFileInfo: packages_service.PackageFileInfo{

  297. 				Filename:     IndexFilename,

  298. 				CompositeKey: fmt.Sprintf("%s|%s|%s", branch, repository, architecture),

  299. 			},

  300. 			Creator:           user_model.NewGhostUser(),

  301. 			Data:              signedIndexContent,

  302. 			IsLead:            false,

  303. 			OverwriteExisting: true,

  304. 		},

  305. 	)

  306. 	return err

  307. }

  308. 

  309. func writeGzipStream(w io.Writer, filename string, content []byte, addTarEnd bool) error {

  310. 	zw := gzip.NewWriter(w)

  311. 	defer zw.Close()

  312. 

  313. 	tw := tar.NewWriter(zw)

  314. 	if addTarEnd {

  315. 		defer tw.Close()

  316. 	}

  317. 	hdr := &tar.Header{

  318. 		Name: filename,

  319. 		Mode: 0o600,

  320. 		Size: int64(len(content)),

  321. 	}

  322. 	if err := tw.WriteHeader(hdr); err != nil {

  323. 		return err

  324. 	}

  325. 	if _, err := tw.Write(content); err != nil {

  326. 		return err

  327. 	}

  328. 	return nil

  329. }