libzypp/HEAD/Downloader_8cc_source.html

/*---------------------------------------------------------------------\

|                          ____ _   __ __ ___                          |

|                         |__  / \ / / . \ . \                         |

|                           / / \ V /|  _/  _/                         |

|                          / /__ | | | | | |                           |

|                         /_____||_| |_| |_|                           |

|                                                                      |

\---------------------------------------------------------------------*/


#include <fstream>

#include <zypp/base/String.h>

#include <zypp/base/Logger.h>

#include <zypp/base/Gettext.h>


#include "Downloader.h"

#include <zypp/KeyContext.h>

#include <zypp/ZConfig.h>

#include <zypp/ZYppFactory.h>

#include <zypp/ZYppCallbacks.h>


#include <zypp/parser/yum/RepomdFileReader.h>


using std::endl;


namespace zypp

{

namespace repo

{

  class ExtraSignatureFileChecker : public SignatureFileChecker

  {

  public:

    typedef function<void( const Pathname & file_r )> PreCheckCB;


    ExtraSignatureFileChecker()

    {}


    ExtraSignatureFileChecker( Pathname signature_r )

    : SignatureFileChecker( std::move(signature_r) )

    {}


    void preCheckCB( PreCheckCB cb_r )

    { _preCheckCB = std::move(cb_r); }


    void operator()( const Pathname & file_r ) const

    {

      if ( _preCheckCB )

        _preCheckCB( file_r );

      SignatureFileChecker::operator()( file_r );

    }


  private:

    PreCheckCB _preCheckCB;

  };


  // bsc#1184326: Check and handle extra gpg keys delivered with trusted signed master index.

  void checkExtraKeysInRepomd( MediaSetAccess & media_r, const Pathname & destdir_r, const Pathname & repomd_r, SignatureFileChecker & sigchecker_r )

  {

    std::vector<std::pair<std::string,std::string>> keyhints { zypp::parser::yum::RepomdFileReader(repomd_r).keyhints() };

    if ( keyhints.empty() )

      return;

    DBG << "Check keyhints: " << keyhints.size() << endl;


    auto keyRing { getZYpp()->keyRing() };

    for ( const auto & p : keyhints ) try {

      const std::string & file  { p.first };

      const std::string & keyid { p.second };


      if ( keyRing->trustedPublicKeyData( keyid ) ) {

        DBG << "Keyhint is already trusted: " << keyid << " (" << file << ")" << endl;

        continue;       // already a trusted key

      }


      DBG << "Keyhint search key " << keyid << " (" << file << ")" << endl;

      PublicKeyData keyData = keyRing->publicKeyData( keyid );

      if ( not keyData ) {

        // try to get it from cache or download it...


        // TODO: Enhance the key caching in general...

        const ZConfig & conf = ZConfig::instance();

        Pathname cacheFile = conf.repoManagerRoot() / conf.pubkeyCachePath() / file;


        PublicKey key { PublicKey::noThrow( cacheFile ) };

        if ( not key.fileProvidesKey( keyid ) ) {


          key = PublicKey::noThrow( media_r.provideOptionalFile( file ) );

          if ( not key.fileProvidesKey( keyid ) ) {


            WAR << "Keyhint " << file << " does not contain a key with id " << keyid << ". Skipping it." << endl;

            continue;

          }

          // Try to cache it...

          filesystem::hardlinkCopy( key.path(), cacheFile );

        }


        keyRing->importKey( key, false );               // store in general keyring (not trusted!)

        keyData = keyRing->publicKeyData( keyid );      // fetch back from keyring in case it was a hidden key

      }


      if ( not PublicKey::isSafeKeyId( keyid ) ) {

        WAR << "Keyhint " << keyid << " for " << keyData << " is not strong enough for auto import. Just caching it." << endl;

        continue;

      }


      DBG << "Keyhint remember buddy " << keyData << endl;

      sigchecker_r.addBuddyKey( keyid );

    }

    catch ( const Exception & exp )

    { ZYPP_CAUGHT(exp); }

    catch ( const std::exception & exp )

    { ZYPP_CAUGHT(exp); }

    catch (...)

    { INT << "Oops!" << endl; }

    MIL << "Check keyhints done. Buddy keys: " << sigchecker_r.buddyKeys().size() << endl;

  }


Downloader::Downloader()

{

}

Downloader::Downloader(const RepoInfo & repoinfo) : _repoinfo(repoinfo)

{

}

Downloader::~Downloader()

{

}


RepoStatus Downloader::status( MediaSetAccess &media )

{

  WAR << "Non implemented" << endl;

  return RepoStatus();

}


void Downloader::download( MediaSetAccess &media,

                           const Pathname &dest_dir,

                           const ProgressData::ReceiverFnc & progress )

{

  WAR << "Non implemented" << endl;

}


void Downloader::defaultDownloadMasterIndex( MediaSetAccess & media_r, const Pathname & destdir_r, const Pathname & masterIndex_r )

{

  // always download them, even if repoGpgCheck is disabled

  Pathname sigpath = masterIndex_r.extend( ".asc" );

  Pathname keypath = masterIndex_r.extend( ".key" );


  //enable precache for next start() call

  setMediaSetAccess( media_r );

  enqueue( OnMediaLocation( sigpath, 1 ).setOptional( true ).setDownloadSize( ByteCount( 20, ByteCount::MB ) ) );

  enqueue( OnMediaLocation( keypath, 1 ).setOptional( true ).setDownloadSize( ByteCount( 20, ByteCount::MB ) ) );

  start( destdir_r );

  reset();


  // The local files are in destdir_r, if they were present on the server

  Pathname sigpathLocal { destdir_r/sigpath };

  Pathname keypathLocal { destdir_r/keypath };


  CompositeFileChecker checkers;


  if ( _pluginRepoverification && _pluginRepoverification->isNeeded() )

    checkers.add( _pluginRepoverification->getChecker( sigpathLocal, keypathLocal, repoInfo() ) );


  ExtraSignatureFileChecker sigchecker;

  bool isSigned = PathInfo(sigpathLocal).isExist();

  if ( repoInfo().repoGpgCheck() )

  {

    if ( isSigned || repoInfo().repoGpgCheckIsMandatory() )

    {

      // only add the signature if it exists

      if ( isSigned )

        sigchecker.signature( sigpathLocal );


      // only add the key if it exists

      if ( PathInfo(keypathLocal).isExist() )

        sigchecker.addPublicKey( keypathLocal );


      // set the checker context even if the key is not known

      // (unsigned repo, key file missing; bnc #495977)

      sigchecker.keyContext( repoInfo() );


      // bsc#1184326: Check and handle extra gpg keys delivered with trusted signed master index.

      if ( masterIndex_r.basename() == "repomd.xml" ) {

        sigchecker.preCheckCB( [&]( const Pathname & file_r )->void {

          // Take care no exception escapes! Main job is the signature verification.

          try {

            checkExtraKeysInRepomd( media_r, destdir_r, file_r, sigchecker );

          }

          catch ( const Exception & exp )

          { ZYPP_CAUGHT(exp); }

          catch ( const std::exception & exp )

          { ZYPP_CAUGHT(exp); }

          catch (...)

          { INT << "Oops!" << endl; }

        });

      }

      checkers.add( std::ref(sigchecker) );     // ref() to the local sigchecker is important as we want back fileValidated!

    }

    else

    {

      WAR << "Accept unsigned repository because repoGpgCheck is not mandatory for " << repoInfo().alias() << endl;

    }

  }

  else

  {

    WAR << "Signature checking disabled in config of repository " << repoInfo().alias() << endl;

  }


  enqueue( OnMediaLocation( masterIndex_r, 1 ).setDownloadSize( ByteCount( 20, ByteCount::MB ) ), checkers );

  start( destdir_r, media_r );

  reset();


  // Accepted!

  _repoinfo.setMetadataPath( destdir_r );

  if ( isSigned )

    _repoinfo.setValidRepoSignature( sigchecker.fileValidated() );

  else

    _repoinfo.setValidRepoSignature( indeterminate );

}


}// ns repo

} // ns zypp

KeyContext.h

RepomdFileReader.h
Interface of repomd.xml file reader.

ZConfig.h

ZYppCallbacks.h

ZYppFactory.h

zypp::ByteCount
Store and operate with byte count.
Definition: ByteCount.h:31

zypp::ByteCount::MB
static const Unit MB
1000^2 Byte
Definition: ByteCount.h:60

zypp::CompositeFileChecker
Checker composed of more checkers.
Definition: FileChecker.h:130

zypp::CompositeFileChecker::add
void add(const FileChecker &checker)
Definition: FileChecker.cc:108

zypp::Exception
Base class for Exception.
Definition: Exception.h:146

zypp::Fetcher::start
void start(const Pathname &dest_dir, const ProgressData::ReceiverFnc &progress=ProgressData::ReceiverFnc())
start the transfer to a destination directory dest_dir The media has to be provides with setMediaSetA...
Definition: Fetcher.cc:908

zypp::Fetcher::reset
void reset()
Reset the transfer (jobs) list.
Definition: Fetcher.cc:898

zypp::Fetcher::enqueue
void enqueue(const OnMediaLocation &resource, const FileChecker &checker=FileChecker())
Enqueue a object for transferal, they will not be transferred until start() is called.
Definition: Fetcher.cc:887

zypp::Fetcher::setMediaSetAccess
void setMediaSetAccess(MediaSetAccess &media)
Sets the media set access that will be used to precache and to download the files when start is calle...
Definition: Fetcher.cc:903

zypp::MediaSetAccess
Media access layer responsible for handling files distributed on a set of media with media change and...
Definition: MediaSetAccess.h:81

zypp::MediaSetAccess::provideOptionalFile
Pathname provideOptionalFile(const Pathname &file, unsigned media_nr=1)
Provides an optional file from media media_nr.
Definition: MediaSetAccess.cc:182

zypp::OnMediaLocation
Describes a resource file located on a medium.
Definition: onmedialocation.h:37

zypp::ProgressData::ReceiverFnc
function< bool(const ProgressData &)> ReceiverFnc
Most simple version of progress reporting The percentage in most cases.
Definition: progressdata.h:140

zypp::PublicKeyData
Class representing one GPG Public Keys data.
Definition: PublicKey.h:207

zypp::PublicKey
Class representing one GPG Public Key (PublicKeyData + ASCII armored in a tempfile).
Definition: PublicKey.h:359

zypp::PublicKey::isSafeKeyId
static bool isSafeKeyId(const std::string &id_r)
!<
Definition: PublicKey.h:426

zypp::PublicKey::noThrow
static PublicKey noThrow(const Pathname &keyFile_r)
Static ctor returning an empty PublicKey rather than throwing.
Definition: PublicKey.cc:639

zypp::RepoInfo
What is known about a repository.
Definition: RepoInfo.h:72

zypp::RepoInfo::setValidRepoSignature
void setValidRepoSignature(TriBool value_r)
Set the value for validRepoSignature (or indeterminate if unsigned).
Definition: RepoInfo.cc:454

zypp::RepoInfo::setMetadataPath
void setMetadataPath(const Pathname &path)
Set the path where the local metadata is stored.
Definition: RepoInfo.cc:662

zypp::RepoStatus
Track changing files or directories.
Definition: RepoStatus.h:41

zypp::SignatureFileChecker
Checks for the validity of a signature.
Definition: FileChecker.h:71

zypp::SignatureFileChecker::operator()
void operator()(const Pathname &file_r) const
Call KeyRing::verifyFileSignatureWorkflow to verify the file.
Definition: FileChecker.cc:124

zypp::SignatureFileChecker::addPublicKey
void addPublicKey(const PublicKey &publickey_r)
Add a public key to the list of known keys.
Definition: FileChecker.cc:121

zypp::ZConfig
Interim helper class to collect global options and settings.
Definition: ZConfig.h:64

zypp::ZConfig::repoManagerRoot
Pathname repoManagerRoot() const
The RepoManager root directory.
Definition: ZConfig.cc:953

zypp::ZConfig::instance
static ZConfig & instance()
Singleton ctor.
Definition: ZConfig.cc:922

zypp::ZConfig::pubkeyCachePath
Pathname pubkeyCachePath() const
Path where the pubkey caches.
Definition: ZConfig.cc:1045

zypp::filesystem::PathInfo
Wrapper class for stat/lstat.
Definition: PathInfo.h:221

zypp::filesystem::PathInfo::isExist
bool isExist() const
Return whether valid stat info exists.
Definition: PathInfo.h:281

zypp::filesystem::Pathname
Pathname.
Definition: Pathname.h:45

zypp::filesystem::Pathname::extend
Pathname extend(const std::string &r) const
Append string r to the last component of the path.
Definition: Pathname.h:173

zypp::filesystem::Pathname::basename
std::string basename() const
Return the last component of this path.
Definition: Pathname.h:128

zypp::keyring::VerifyFileContext::fileValidated
bool fileValidated() const
Whether the signature was actually successfully verified.
Definition: KeyRingContexts.cc:113

zypp::keyring::VerifyFileContext::keyContext
const KeyContext & keyContext() const
KeyContext passed to callbacks
Definition: KeyRingContexts.cc:91

zypp::keyring::VerifyFileContext::buddyKeys
const BuddyKeys & buddyKeys() const
Definition: KeyRingContexts.cc:97

zypp::keyring::VerifyFileContext::signature
const Pathname & signature() const
Detached signature or empty.
Definition: KeyRingContexts.cc:79

zypp::keyring::VerifyFileContext::addBuddyKey
void addBuddyKey(std::string sid_r)
Definition: KeyRingContexts.cc:100

zypp::parser::yum::RepomdFileReader
Reads through a repomd.xml file and collects type, location, checksum and other data about metadata f...
Definition: RepomdFileReader.h:39

zypp::parser::yum::RepomdFileReader::keyhints
std::vector< std::pair< std::string, std::string > > keyhints() const
gpg key hits shipped in keywords (bsc#1184326)
Definition: RepomdFileReader.cc:209

zypp::repo::Downloader::_repoinfo
RepoInfo _repoinfo
Definition: Downloader.h:77

zypp::repo::Downloader::download
virtual void download(MediaSetAccess &media, const Pathname &dest_dir, const ProgressData::ReceiverFnc &progress=ProgressData::ReceiverFnc())
Download metadata to a local directory.
Definition: Downloader.cc:134

zypp::repo::Downloader::_pluginRepoverification
std::optional< PluginRepoverification > _pluginRepoverification
Definition: Downloader.h:78

zypp::repo::Downloader::repoInfo
const RepoInfo & repoInfo() const
Definition: Downloader.h:63

zypp::repo::Downloader::defaultDownloadMasterIndex
void defaultDownloadMasterIndex(MediaSetAccess &media_r, const Pathname &destdir_r, const Pathname &masterIndex_r)
Common workflow downloading a (signed) master index file.
Definition: Downloader.cc:141

zypp::repo::Downloader::status
virtual RepoStatus status(MediaSetAccess &media)
Status of the remote repository.
Definition: Downloader.cc:128

zypp::repo::Downloader::~Downloader
virtual ~Downloader()
Definition: Downloader.cc:124

zypp::repo::Downloader::Downloader
Downloader()
Constructor.
Definition: Downloader.cc:118

zypp::repo::ExtraSignatureFileChecker
Definition: Downloader.cc:30

zypp::repo::ExtraSignatureFileChecker::_preCheckCB
PreCheckCB _preCheckCB
Definition: Downloader.cc:53

zypp::repo::ExtraSignatureFileChecker::operator()
void operator()(const Pathname &file_r) const
Definition: Downloader.cc:45

zypp::repo::ExtraSignatureFileChecker::PreCheckCB
function< void(const Pathname &file_r)> PreCheckCB
Called after download but before verifying the file.
Definition: Downloader.cc:33

zypp::repo::ExtraSignatureFileChecker::preCheckCB
void preCheckCB(PreCheckCB cb_r)
Definition: Downloader.cc:42

zypp::repo::ExtraSignatureFileChecker::ExtraSignatureFileChecker
ExtraSignatureFileChecker()
Definition: Downloader.cc:35

zypp::repo::ExtraSignatureFileChecker::ExtraSignatureFileChecker
ExtraSignatureFileChecker(Pathname signature_r)
Definition: Downloader.cc:38

zypp::repo::RepoInfoBase::alias
std::string alias() const
unique identifier for this source.
Definition: RepoInfoBase.cc:111

std
Definition: Arch.h:361

zypp::filesystem::hardlinkCopy
int hardlinkCopy(const Pathname &oldpath, const Pathname &newpath)
Create newpath as hardlink or copy of oldpath.
Definition: PathInfo.cc:883

zypp::repo::checkExtraKeysInRepomd
void checkExtraKeysInRepomd(MediaSetAccess &media_r, const Pathname &destdir_r, const Pathname &repomd_r, SignatureFileChecker &sigchecker_r)
Definition: Downloader.cc:57

zypp
Easy-to use interface to the ZYPP dependency resolver.
Definition: CodePitfalls.doc:2

Downloader.h

ZYPP_CAUGHT
#define ZYPP_CAUGHT(EXCPT)
Drops a logline telling the Exception was caught (in order to handle it).
Definition: Exception.h:436

DBG
#define DBG
Definition: Logger.h:95

MIL
#define MIL
Definition: Logger.h:96

WAR
#define WAR
Definition: Logger.h:97

INT
#define INT
Definition: Logger.h:100