2023-01-22 18:11:10 +00:00
|
|
|
# Copyright 2023 Oliver Smith
|
2020-02-20 20:07:28 +00:00
|
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
2017-05-26 20:08:45 +00:00
|
|
|
import os
|
|
|
|
|
import logging
|
|
|
|
|
import shutil
|
|
|
|
|
import tarfile
|
|
|
|
|
import tempfile
|
|
|
|
|
import stat
|
|
|
|
|
|
2020-11-27 19:45:22 +00:00
|
|
|
import pmb.helpers.apk
|
2017-05-26 20:08:45 +00:00
|
|
|
import pmb.helpers.run
|
|
|
|
|
import pmb.config
|
|
|
|
|
import pmb.config.load
|
|
|
|
|
import pmb.parse.apkindex
|
|
|
|
|
import pmb.helpers.http
|
2017-08-12 14:03:40 +00:00
|
|
|
import pmb.parse.version
|
2017-05-26 20:08:45 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def read_signature_info(tar):
|
|
|
|
|
"""
|
2021-09-26 15:50:11 +00:00
|
|
|
Find various information about the signature that was used to sign
|
2017-05-26 20:08:45 +00:00
|
|
|
/sbin/apk.static inside the archive (not to be confused with the normal apk
|
|
|
|
|
archive signature!)
|
|
|
|
|
|
|
|
|
|
:returns: (sigfilename, sigkey_path)
|
|
|
|
|
"""
|
|
|
|
|
# Get signature filename and key
|
|
|
|
|
prefix = "sbin/apk.static.SIGN.RSA."
|
|
|
|
|
sigfilename = None
|
|
|
|
|
for filename in tar.getnames():
|
|
|
|
|
if filename.startswith(prefix):
|
|
|
|
|
sigfilename = filename
|
|
|
|
|
break
|
|
|
|
|
if not sigfilename:
|
2021-03-21 21:19:12 +00:00
|
|
|
raise RuntimeError("Could not find signature filename in apk."
|
2021-09-26 15:50:11 +00:00
|
|
|
" This means that your apk file is damaged."
|
2021-03-21 21:19:12 +00:00
|
|
|
" Delete it and try again."
|
|
|
|
|
" If the problem persists, fill out a bug report.")
|
2017-05-26 20:08:45 +00:00
|
|
|
sigkey = sigfilename[len(prefix):]
|
2021-03-21 21:19:12 +00:00
|
|
|
logging.debug(f"sigfilename: {sigfilename}")
|
|
|
|
|
logging.debug(f"sigkey: {sigkey}")
|
2017-05-26 20:08:45 +00:00
|
|
|
|
|
|
|
|
# Get path to keyfile on disk
|
2021-03-21 21:19:12 +00:00
|
|
|
sigkey_path = f"{pmb.config.apk_keys_path}/{sigkey}"
|
2017-05-26 20:08:45 +00:00
|
|
|
if "/" in sigkey or not os.path.exists(sigkey_path):
|
2021-03-21 21:19:12 +00:00
|
|
|
logging.debug(f"sigkey_path: {sigkey_path}")
|
|
|
|
|
raise RuntimeError(f"Invalid signature key: {sigkey}")
|
2017-05-26 20:08:45 +00:00
|
|
|
|
|
|
|
|
return (sigfilename, sigkey_path)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def extract_temp(tar, sigfilename):
|
|
|
|
|
"""
|
|
|
|
|
Extract apk.static and signature as temporary files.
|
|
|
|
|
"""
|
|
|
|
|
ret = {
|
|
|
|
|
"apk": {
|
|
|
|
|
"filename": "sbin/apk.static",
|
|
|
|
|
"temp_path": None
|
|
|
|
|
},
|
|
|
|
|
"sig": {
|
|
|
|
|
"filename": sigfilename,
|
|
|
|
|
"temp_path": None
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
for ftype in ret.keys():
|
|
|
|
|
member = tar.getmember(ret[ftype]["filename"])
|
|
|
|
|
|
|
|
|
|
handle, path = tempfile.mkstemp(ftype, "pmbootstrap")
|
|
|
|
|
handle = open(handle, "wb")
|
|
|
|
|
ret[ftype]["temp_path"] = path
|
|
|
|
|
shutil.copyfileobj(tar.extractfile(member), handle)
|
|
|
|
|
|
2021-03-21 21:19:12 +00:00
|
|
|
logging.debug(f"extracted: {path}")
|
2017-05-26 20:08:45 +00:00
|
|
|
handle.close()
|
|
|
|
|
return ret
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def verify_signature(args, files, sigkey_path):
|
|
|
|
|
"""
|
|
|
|
|
Verify the signature with openssl.
|
|
|
|
|
|
|
|
|
|
:param files: return value from extract_temp()
|
|
|
|
|
:raises RuntimeError: when verification failed and removes temp files
|
|
|
|
|
"""
|
2021-03-21 21:19:12 +00:00
|
|
|
logging.debug(f"Verify apk.static signature with {sigkey_path}")
|
2017-05-26 20:08:45 +00:00
|
|
|
try:
|
|
|
|
|
pmb.helpers.run.user(args, ["openssl", "dgst", "-sha1", "-verify",
|
|
|
|
|
sigkey_path, "-signature", files[
|
|
|
|
|
"sig"]["temp_path"],
|
2018-07-14 01:13:28 +00:00
|
|
|
files["apk"]["temp_path"]])
|
2017-07-14 05:00:07 +00:00
|
|
|
except BaseException:
|
2017-05-26 20:08:45 +00:00
|
|
|
os.unlink(files["sig"]["temp_path"])
|
|
|
|
|
os.unlink(files["apk"]["temp_path"])
|
|
|
|
|
raise RuntimeError("Failed to validate signature of apk.static."
|
2018-01-23 01:03:31 +00:00
|
|
|
" Either openssl is not installed, or the"
|
|
|
|
|
" download failed. Run 'pmbootstrap zap -hc' to"
|
|
|
|
|
" delete the download and try again.")
|
2017-05-26 20:08:45 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def extract(args, version, apk_path):
|
|
|
|
|
"""
|
|
|
|
|
Extract everything to temporary locations, verify signatures and reported
|
|
|
|
|
versions. When everything is right, move the extracted apk.static to the
|
|
|
|
|
final location.
|
|
|
|
|
"""
|
|
|
|
|
# Extract to a temporary path
|
|
|
|
|
with tarfile.open(apk_path, "r:gz") as tar:
|
|
|
|
|
sigfilename, sigkey_path = read_signature_info(tar)
|
|
|
|
|
files = extract_temp(tar, sigfilename)
|
|
|
|
|
|
|
|
|
|
# Verify signature
|
|
|
|
|
verify_signature(args, files, sigkey_path)
|
|
|
|
|
os.unlink(files["sig"]["temp_path"])
|
|
|
|
|
temp_path = files["apk"]["temp_path"]
|
|
|
|
|
|
2021-09-26 15:50:11 +00:00
|
|
|
# Verify the version that the extracted binary reports
|
2021-03-21 21:19:12 +00:00
|
|
|
logging.debug("Verify the version reported by the apk.static binary"
|
|
|
|
|
f" (must match the package version {version})")
|
2017-05-26 20:08:45 +00:00
|
|
|
os.chmod(temp_path, os.stat(temp_path).st_mode | stat.S_IEXEC)
|
|
|
|
|
version_bin = pmb.helpers.run.user(args, [temp_path, "--version"],
|
2018-07-14 01:13:28 +00:00
|
|
|
output_return=True)
|
2017-05-26 20:08:45 +00:00
|
|
|
version_bin = version_bin.split(" ")[1].split(",")[0]
|
2021-03-21 21:19:12 +00:00
|
|
|
if not version.startswith(f"{version_bin}-r"):
|
2017-05-26 20:08:45 +00:00
|
|
|
os.unlink(temp_path)
|
2021-03-21 21:19:12 +00:00
|
|
|
raise RuntimeError(f"Downloaded apk-tools-static-{version}.apk,"
|
|
|
|
|
" but the apk binary inside that package reports"
|
|
|
|
|
f" to be version: {version_bin}!"
|
|
|
|
|
" Looks like a downgrade attack"
|
|
|
|
|
" from a malicious server! Switch the server (-m)"
|
|
|
|
|
" and try again.")
|
2017-05-26 20:08:45 +00:00
|
|
|
|
|
|
|
|
# Move it to the right path
|
2021-03-21 21:19:12 +00:00
|
|
|
target_path = f"{args.work}/apk.static"
|
2017-05-26 20:08:45 +00:00
|
|
|
shutil.move(temp_path, target_path)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def download(args, file):
|
|
|
|
|
"""
|
|
|
|
|
Download a single file from an Alpine mirror.
|
|
|
|
|
"""
|
2020-08-05 08:00:04 +00:00
|
|
|
channel_cfg = pmb.config.pmaports.read_config_channel(args)
|
|
|
|
|
mirrordir = channel_cfg["mirrordir_alpine"]
|
2021-10-16 16:33:27 +00:00
|
|
|
base_url = f"{args.mirror_alpine}{mirrordir}/main/{pmb.config.arch_native}"
|
2021-03-21 21:19:12 +00:00
|
|
|
return pmb.helpers.http.download(args, f"{base_url}/{file}", file)
|
2017-05-26 20:08:45 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def init(args):
|
|
|
|
|
"""
|
|
|
|
|
Download, verify, extract $WORK/apk.static.
|
|
|
|
|
"""
|
aportgen: Gracefully handle old aports_upstream (#1291)
In order to get cross-compilers, we generate a few aports (e.g.
binutils-armhf, gcc-armhf) automatically from Alpine's aports.
pmbootstrap was already able to perform a git checkout of Alpine's
aports repository. But it needed to be manually updated. Otherwise
the `pmbootstrap aportgen` command could actually downgrade the aport
instead of updating it to the current version.
After thinking about adding a dedicated pmbootstrap command for
updating git repositories, I thought it would be better to not open
that can of worms (pmbootstrap as general git wrapper? no thanks).
The solution implemented here compares the upstream aport version of
the git checkout of a certain package (e.g. gcc for gcc-armhf) with the
version in Alpine's binary package APKINDEX. When the aport version is
lower than the binary package version, it shows the user how to update
the git repository with just one command:
pmbootstrap chroot --add=git --user -- \
git -C /mnt/pmbootstrap-git/aports_upstream pull
Changes:
* `pmb.aportgen.core.get_upstream_aport()`: new function, that returns
the absolute path to the upstream aport on disk, after checking the
version of the aport against the binary package.
* Use that new function in pmb.aportgen.gcc and pmb.aportgen.binutils
* New function `pmb.helpers.repo.alpine_apkindex_path()`: updates the
APKINDEX if necessary and returns the absolute path to the APKINDEX.
This code was basically present already, but not as function, so now
we have a bit less overhead there.
* `pmbootstrap chroot`: new `--user` argument
* `pmb.parse.apkbuild`: make pkgname check optional, as it fails with
the official gcc APKBUILD before we modify it (the current APKBUILD
parser is not meant to be perfect, as this would require a full shell
parsing implementation).
* Extended `test_aportgen.py` and enabled it by default in
`testcases_fast.sh`. Previously it was disabled due to traffic
concerns (cloning the aports repo, but then again we do a full KDE
plasma mobile installation in Travis now, so that shouldn't matter
too much).
* `testcases_fast.sh`: With "test_aport_in_sync_with_git" removed
from the disabled-by-default list (left over from timestamp based
rebuilds), there were no more test cases disabled by default. I've
changed it, so now the qemu_running_processes test case is disabled,
and added an `--all` parameter to the script to disable no test
cases. Travis runs with the `--all` parameter while it's useful to
do a quick local test without `--all` in roughly 2 minutes instead of
10.
* `aports/cross/binutils-*`: Fix `_mirror` variable to point to current
default Alpine mirror (so the aportgen testcase runs through).
2018-03-11 14:18:21 +00:00
|
|
|
# Get and parse the APKINDEX
|
|
|
|
|
apkindex = pmb.helpers.repo.alpine_apkindex_path(args, "main")
|
2018-02-20 19:52:28 +00:00
|
|
|
index_data = pmb.parse.apkindex.package(args, "apk-tools-static",
|
|
|
|
|
indexes=[apkindex])
|
2017-05-26 20:08:45 +00:00
|
|
|
version = index_data["version"]
|
aportgen: Gracefully handle old aports_upstream (#1291)
In order to get cross-compilers, we generate a few aports (e.g.
binutils-armhf, gcc-armhf) automatically from Alpine's aports.
pmbootstrap was already able to perform a git checkout of Alpine's
aports repository. But it needed to be manually updated. Otherwise
the `pmbootstrap aportgen` command could actually downgrade the aport
instead of updating it to the current version.
After thinking about adding a dedicated pmbootstrap command for
updating git repositories, I thought it would be better to not open
that can of worms (pmbootstrap as general git wrapper? no thanks).
The solution implemented here compares the upstream aport version of
the git checkout of a certain package (e.g. gcc for gcc-armhf) with the
version in Alpine's binary package APKINDEX. When the aport version is
lower than the binary package version, it shows the user how to update
the git repository with just one command:
pmbootstrap chroot --add=git --user -- \
git -C /mnt/pmbootstrap-git/aports_upstream pull
Changes:
* `pmb.aportgen.core.get_upstream_aport()`: new function, that returns
the absolute path to the upstream aport on disk, after checking the
version of the aport against the binary package.
* Use that new function in pmb.aportgen.gcc and pmb.aportgen.binutils
* New function `pmb.helpers.repo.alpine_apkindex_path()`: updates the
APKINDEX if necessary and returns the absolute path to the APKINDEX.
This code was basically present already, but not as function, so now
we have a bit less overhead there.
* `pmbootstrap chroot`: new `--user` argument
* `pmb.parse.apkbuild`: make pkgname check optional, as it fails with
the official gcc APKBUILD before we modify it (the current APKBUILD
parser is not meant to be perfect, as this would require a full shell
parsing implementation).
* Extended `test_aportgen.py` and enabled it by default in
`testcases_fast.sh`. Previously it was disabled due to traffic
concerns (cloning the aports repo, but then again we do a full KDE
plasma mobile installation in Travis now, so that shouldn't matter
too much).
* `testcases_fast.sh`: With "test_aport_in_sync_with_git" removed
from the disabled-by-default list (left over from timestamp based
rebuilds), there were no more test cases disabled by default. I've
changed it, so now the qemu_running_processes test case is disabled,
and added an `--all` parameter to the script to disable no test
cases. Travis runs with the `--all` parameter while it's useful to
do a quick local test without `--all` in roughly 2 minutes instead of
10.
* `aports/cross/binutils-*`: Fix `_mirror` variable to point to current
default Alpine mirror (so the aportgen testcase runs through).
2018-03-11 14:18:21 +00:00
|
|
|
|
2021-01-27 17:50:33 +00:00
|
|
|
# Verify the apk-tools-static version
|
|
|
|
|
pmb.helpers.apk.check_outdated(
|
|
|
|
|
args, version, "Run 'pmbootstrap update', then try again.")
|
2018-01-23 00:54:48 +00:00
|
|
|
|
|
|
|
|
# Download, extract, verify apk-tools-static
|
2021-03-21 21:19:12 +00:00
|
|
|
apk_name = f"apk-tools-static-{version}.apk"
|
2017-05-26 20:08:45 +00:00
|
|
|
apk_static = download(args, apk_name)
|
|
|
|
|
extract(args, version, apk_static)
|
|
|
|
|
|
|
|
|
|
|
2018-07-14 01:13:28 +00:00
|
|
|
def run(args, parameters):
|
2018-09-30 01:53:55 +00:00
|
|
|
if args.offline:
|
|
|
|
|
parameters = ["--no-network"] + parameters
|
2021-03-21 21:19:12 +00:00
|
|
|
pmb.helpers.apk.apk_with_progress(
|
|
|
|
|
args, [f"{args.work}/apk.static"] + parameters, chroot=False)
|
