libzypp/html/PluginRepoverification_8cc_source.html

/*---------------------------------------------------------------------\

|                          ____ _   __ __ ___                          |

|                         |__  / \ / / . \ . \                         |

|                           / / \ V /|  _/  _/                         |

|                          / /__ | | | | | |                           |

|                         /_____||_| |_| |_|                           |

|                                                                      |

\---------------------------------------------------------------------*/

#include <iostream>

#include <sstream>


#include "PluginRepoverification.h"


#include <zypp/Globals.h>

#include <zypp/PathInfo.h>

#include <zypp/ZYppCallbacks.h>

#include <zypp/ExternalProgram.h>

#include <zypp/base/LogTools.h>

#include <zypp/base/WatchFile.h>

using std::endl;


namespace zypp_private

{

  using namespace zypp;


  namespace repo

  {


    struct Monitor

    {

      using Callback = std::function<bool(std::optional<std::string>)>;


      Monitor( io::timeout_type timeout_r = io::no_timeout )

      : _timeout { timeout_r }

      {}


      int operator()( ExternalProgram & prog_r, Callback cb_r = Callback() )

      {

        std::string line;

        bool goOn = true;

        prog_r.setBlocking( false );

        FILE * inputfile = prog_r.inputFile();

        do {

          const auto &readResult = io::receiveUpto( inputfile, '\n', _timeout );

          line += readResult.second; // we always may have received a partial line

          goOn = true;

          switch ( readResult.first ) {


            case io::ReceiveUpToResult::Success:

              goOn = reportLine( line, cb_r );

              line.clear(); // in case the CB did not move it out

              break;


            case io::ReceiveUpToResult::Timeout:

              goOn = reportTimeout( cb_r );

              break;


            case io::ReceiveUpToResult::Error:

            case io::ReceiveUpToResult::EndOfFile:

              reportFinalLineUnlessEmpty( line, cb_r );

              line.clear(); // in case the CB did not move it out

              goOn = false;

              break;

          }

        } while ( goOn );


        if ( prog_r.running() ) {

          WAR << "ABORT by callback: pid " << prog_r.getpid() << endl;

          prog_r.kill();

        }

        return prog_r.close();

      }


    private:


      bool reportLine( std::string & line_r, Callback & cb_r )

      {

        if ( cb_r ) {

          if ( not line_r.empty() && line_r.back() == '\n' )

            line_r.pop_back();

          return cb_r( std::move(line_r) );

        }

        return true;

      }


      bool reportTimeout( Callback & cb_r )

      {

        return cb_r ? cb_r( std::nullopt ) : true;

      }


      bool reportFinalLineUnlessEmpty( std::string & line_r, Callback & cb_r )

      {

        if ( cb_r && not line_r.empty() ) // implies an incomplete line (no NL)

          cb_r( std::move(line_r) );

        return false;

      }


    private:

      io::timeout_type _timeout = io::no_timeout;

    };


    class PluginRepoverification::Checker::Impl

    {

    public:


      Impl( RW_pointer<PluginRepoverification::Impl> parent_r,

            Pathname sigpathLocal_r, Pathname keypathLocal_r, const RepoInfo & repo_r )

      : _parent { parent_r }

      , _sigpathLocal { std::move(sigpathLocal_r) }

      , _keypathLocal { std::move(keypathLocal_r) }

      , _repoinfo { repo_r }

      {}


      RW_pointer<PluginRepoverification::Impl> _parent;

      Pathname _sigpathLocal;

      Pathname _keypathLocal;

      RepoInfo _repoinfo;

    };


    class PluginRepoverification::Impl

    {

      friend std::ostream & operator<<( std::ostream & str, const Impl & obj );

      friend std::ostream & dumpOn( std::ostream & str, const Impl & obj );


    public:


      Impl()

      {}


      Impl( Pathname plugindir_r, Pathname chroot_r )

      : _watchPlugindir { std::move(plugindir_r), WatchFile::NO_INIT }

      , _chroot { std::move(chroot_r) }

      {}


      ~Impl()

      {}


      bool isNeeded() const

      { return _isNeeded; }


      bool checkIfNeeded()

      {

        if ( _watchPlugindir.hasChanged() ) {

          _isNeeded = false;

          // check for at least one executable plugin inside..

          filesystem::dirForEach( plugindir(),

                                  [this]( const Pathname & dir_r, const char *const name_r ) -> bool {

                                    PathInfo pi ( dir_r/name_r );

                                    if ( pi.isFile() && pi.userMayRX() ) {

                                      this->_isNeeded = true;

                                      return false;

                                    }

                                    return true;

                                  } );

        }

        return _isNeeded;

      }


      void verifyWorkflow( const Pathname & file_r, RW_pointer<PluginRepoverification::Checker::Impl> datap_r ) const

      {

        // Execute the plugins. They will throw if something is wrong...

        filesystem::dirForEach( plugindir(),

                                [&,this]( const Pathname & dir_r, const char *const name_r ) -> bool {

                                  PathInfo pi ( dir_r/name_r );

                                  if ( pi.isFile() && pi.userMayRX() )

                                    this->pluginVerify( name_r, file_r, *datap_r );

                                  return true;

                                } );

      }


    private:


      void pluginVerify( std::string plugin_r, const Pathname & file_r, const PluginRepoverification::Checker::Impl & data_r ) const

      {

        Pathname pluginPath { plugindir()/plugin_r };

        if ( not _chroot.emptyOrRoot() ) {

          pluginPath = Pathname::stripprefix( _chroot, pluginPath );

          // we need to make sure the files are available inside the chroot

          INT << "chroot PluginRepoverification does not yet work." << endl;

          return;

        }


        ExternalProgram::Arguments args;

        args.push_back( pluginPath.asString() );

        args.push_back( "--file" );

        args.push_back( file_r.asString() );

        args.push_back( "--fsig" );

        args.push_back( data_r._sigpathLocal.asString() );

        args.push_back( "--fkey" );

        args.push_back( data_r._keypathLocal.asString() );

        args.push_back( "--ralias" );

        args.push_back( data_r._repoinfo.alias() );

        ExternalProgram cmd { args, ExternalProgram::Stderr_To_Stdout, false, -1, false, _chroot };


        // draft: maybe integrate jobReport into Monitor

        Monitor monitor( 800 );

        UserDataJobReport jobReport { "cmdout", "monitor" };

        jobReport.set( "CmdId",   unsigned(cmd.getpid()) );

        jobReport.set( "CmdTag",  str::numstring( cmd.getpid() ) );

        jobReport.set( "CmdName", "Repoverification plugin "+plugin_r );

        jobReport.set( "RepoInfo", data_r._repoinfo );


        std::optional<std::ostringstream> buffer; // Send output in exception is no one is listening

        jobReport.debug( "?" ); // someone listening?

        if ( not jobReport.haskey( "!" ) ) // no

          buffer = std::ostringstream();


        int ret = monitor( cmd, [&jobReport,&buffer,&cmd]( std::optional<std::string> line_r )->bool {

          if ( line_r ) {

            DBG << "["<<cmd.getpid()<<"> " << *line_r << endl;

            if ( buffer ) (*buffer) << *line_r << endl;

            return jobReport.data( *line_r );

          }

          else {

            return jobReport.debug( "ping" );

          }

          return true;

        } );


        if ( ret ) {

          const std::string & msg { str::Format( "Metadata rejected by '%1%' plugin (returned %2%)" ) % plugin_r % ret };


          ExceptionType excp { msg };

          if ( buffer ) excp.addHistory( buffer->str() );

          excp.addHistory( str::Format( "%1%%2% returned %3%" ) % (_chroot.emptyOrRoot()?"":"("+_chroot.asString()+")") % pluginPath % ret );


          ZYPP_THROW( std::move(excp) );

        }

      }


      const Pathname & plugindir() const

      { return _watchPlugindir.path(); }


    private:

      WatchFile _watchPlugindir;

      Pathname  _chroot;

      bool _isNeeded = false;

    };


    inline std::ostream & operator<<( std::ostream & str, const PluginRepoverification::Impl & obj )

    { return str << "PluginRepoverification::Impl"; }


    inline std::ostream & dumpOn( std::ostream & str, const PluginRepoverification::Impl & obj )

    { return str << obj; }


    //

    //  CLASS NAME : PluginRepoverification

    //


    PluginRepoverification::PluginRepoverification()

    : _pimpl( new Impl )

    {}


    PluginRepoverification::PluginRepoverification( Pathname plugindir_r, Pathname chroot_r )

    : _pimpl( new Impl( std::move(plugindir_r), std::move(chroot_r) ) )

    {}


    PluginRepoverification::~PluginRepoverification()

    {}


    bool PluginRepoverification::isNeeded() const

    { return _pimpl->isNeeded(); }


    bool PluginRepoverification::checkIfNeeded()

    { return _pimpl->checkIfNeeded(); }


    PluginRepoverification::Checker PluginRepoverification::getChecker( const Pathname & sigpathLocal_r, const Pathname & keypathLocal_r,

                                                                        const RepoInfo & repo_r ) const

    { return Checker( new Checker::Impl( _pimpl, sigpathLocal_r, keypathLocal_r, repo_r ) ); }


    std::ostream & operator<<( std::ostream & str, const PluginRepoverification & obj )

    { return str << *obj._pimpl; }


    std::ostream & dumpOn( std::ostream & str, const PluginRepoverification & obj )

    { return dumpOn( str, *obj._pimpl ); }


    bool operator==( const PluginRepoverification & lhs, const PluginRepoverification & rhs )

    { return lhs._pimpl == rhs._pimpl; }


    //

    //  CLASS NAME : PluginRepoverification::Checker

    //


    PluginRepoverification::Checker::Checker( Impl* pimpl_r )

    : _pimpl { pimpl_r }

    {}


    PluginRepoverification::Checker::~Checker()

    {}


    void PluginRepoverification::Checker::operator()( const Pathname & file_r ) const

    { _pimpl->_parent->verifyWorkflow( file_r, _pimpl ); }


  } // namespace repo


} // namespace zypp


PluginRepoverification.h

WatchFile.h

ZYppCallbacks.h

bool

zypp::AutoDispose
Reference counted access to a Tp object calling a custom Dispose function when the last AutoDispose h...
Definition AutoDispose.h:94

zypp::AutoDispose::_pimpl
shared_ptr< Impl > _pimpl
Definition AutoDispose.h:208

zypp::ExternalProgram
Execute a program and give access to its io An object of this class encapsulates the execution of an ...
Definition ExternalProgram.h:64

zypp::ExternalProgram::Arguments
std::vector< std::string > Arguments
Definition ExternalProgram.h:68

zypp::ExternalProgram::Stderr_To_Stdout
@ Stderr_To_Stdout
Definition ExternalProgram.h:77

zypp::RepoInfo
What is known about a repository.
Definition RepoInfo.h:72

zypp::WatchFile
Remember a files attributes to detect content changes.
Definition watchfile.h:50

zypp::WatchFile::hasChanged
bool hasChanged()
Definition watchfile.h:80

zypp::WatchFile::path
const Pathname & path() const
Definition watchfile.h:65

zypp::filesystem::PathInfo
Wrapper class for stat/lstat.
Definition PathInfo.h:221

zypp::filesystem::Pathname
Pathname.
Definition Pathname.h:45

zypp::filesystem::Pathname::stripprefix
static Pathname stripprefix(const Pathname &root_r, const Pathname &path_r)
Return path_r with any root_r dir prefix striped.
Definition Pathname.cc:281

zypp::filesystem::Pathname::emptyOrRoot
bool emptyOrRoot() const
Test for "" or "/".
Definition Pathname.h:121

zypp::filesystem::Pathname::asString
const std::string & asString() const
String representation.
Definition Pathname.h:91

zypp_private::repo::PluginRepoverificationCheckException
Exceptiontype thrown if a plugins verification fails.
Definition PluginRepoverification.h:33

zypp_private::repo::PluginRepoverification::Checker::Impl
PluginRepoverification::Checker data storage.
Definition PluginRepoverification.cc:107

zypp_private::repo::PluginRepoverification::Checker::Impl::Impl
Impl(RW_pointer< PluginRepoverification::Impl > parent_r, Pathname sigpathLocal_r, Pathname keypathLocal_r, const RepoInfo &repo_r)
Definition PluginRepoverification.cc:109

zypp_private::repo::PluginRepoverification::Checker::Impl::_parent
RW_pointer< PluginRepoverification::Impl > _parent
Definition PluginRepoverification.cc:117

zypp_private::repo::PluginRepoverification::Checker::Impl::_repoinfo
RepoInfo _repoinfo
Definition PluginRepoverification.cc:120

zypp_private::repo::PluginRepoverification::Checker::Impl::_sigpathLocal
Pathname _sigpathLocal
Definition PluginRepoverification.cc:118

zypp_private::repo::PluginRepoverification::Checker::Impl::_keypathLocal
Pathname _keypathLocal
Definition PluginRepoverification.cc:119

zypp_private::repo::PluginRepoverification::Checker
FileChecker checking all repoverification plugins.
Definition PluginRepoverification.h:83

zypp_private::repo::PluginRepoverification::Checker::~Checker
~Checker()
Definition PluginRepoverification.cc:302

zypp_private::repo::PluginRepoverification::Checker::operator()
void operator()(const Pathname &file_r) const
Check the downloaded master index file.
Definition PluginRepoverification.cc:305

zypp_private::repo::PluginRepoverification::Checker::Checker
Checker(Impl *pimpl)
Definition PluginRepoverification.cc:298

zypp_private::repo::PluginRepoverification::Impl
PluginRepoverification implementation.
Definition PluginRepoverification.cc:128

zypp_private::repo::PluginRepoverification::Impl::pluginVerify
void pluginVerify(std::string plugin_r, const Pathname &file_r, const PluginRepoverification::Checker::Impl &data_r) const
Definition PluginRepoverification.cc:178

zypp_private::repo::PluginRepoverification::Impl::checkIfNeeded
bool checkIfNeeded()
Definition PluginRepoverification.cc:147

zypp_private::repo::PluginRepoverification::Impl::isNeeded
bool isNeeded() const
Definition PluginRepoverification.cc:144

zypp_private::repo::PluginRepoverification::Impl::Impl
Impl(Pathname plugindir_r, Pathname chroot_r)
Definition PluginRepoverification.cc:136

zypp_private::repo::PluginRepoverification::Impl::plugindir
const Pathname & plugindir() const
Definition PluginRepoverification.cc:237

zypp_private::repo::PluginRepoverification::Impl::operator<<
friend std::ostream & operator<<(std::ostream &str, const Impl &obj)

zypp_private::repo::PluginRepoverification::Impl::_chroot
Pathname _chroot
Definition PluginRepoverification.cc:242

zypp_private::repo::PluginRepoverification::Impl::_isNeeded
bool _isNeeded
Definition PluginRepoverification.cc:243

zypp_private::repo::PluginRepoverification::Impl::operator<<
std::ostream & operator<<(std::ostream &str, const PluginRepoverification::Impl &obj)
Stream output.
Definition PluginRepoverification.cc:247

zypp_private::repo::PluginRepoverification::Impl::verifyWorkflow
void verifyWorkflow(const Pathname &file_r, RW_pointer< PluginRepoverification::Checker::Impl > datap_r) const
Definition PluginRepoverification.cc:165

zypp_private::repo::PluginRepoverification::Impl::_watchPlugindir
WatchFile _watchPlugindir
Definition PluginRepoverification.cc:241

zypp_private::repo::PluginRepoverification::Impl::dumpOn
friend std::ostream & dumpOn(std::ostream &str, const Impl &obj)

zypp_private::repo::PluginRepoverification::Impl::~Impl
~Impl()
Definition PluginRepoverification.cc:141

zypp_private::repo::PluginRepoverification::Impl::Impl
Impl()
Definition PluginRepoverification.cc:133

zypp_private::repo::PluginRepoverification::Impl::dumpOn
std::ostream & dumpOn(std::ostream &str, const PluginRepoverification::Impl &obj)
Verbose stream output.
Definition PluginRepoverification.cc:251

zypp_private::repo::PluginRepoverification
Repository metadata verification beyond GPG.
Definition PluginRepoverification.h:53

zypp_private::repo::PluginRepoverification::PluginRepoverification
PluginRepoverification()
Default ctor, do nothing.
Definition PluginRepoverification.cc:261

zypp_private::repo::PluginRepoverification::isNeeded
bool isNeeded() const
Whether the last checkIfNeeded found plugins to execute at all.
Definition PluginRepoverification.cc:273

zypp_private::repo::PluginRepoverification::getChecker
Checker getChecker(const Pathname &sigpathLocal_r, const Pathname &keypathLocal_r, const RepoInfo &repo_r) const
FileChecker factory remembering the location of the master index files GPG signature and key.
Definition PluginRepoverification.cc:279

zypp_private::repo::PluginRepoverification::checkIfNeeded
bool checkIfNeeded()
Checks whether there are plugins to execute at all.
Definition PluginRepoverification.cc:276

zypp_private::repo::PluginRepoverification::_pimpl
RW_pointer< Impl > _pimpl
Implementation class.
Definition PluginRepoverification.h:108

zypp_private::repo::PluginRepoverification::~PluginRepoverification
~PluginRepoverification()
Dtor.
Definition PluginRepoverification.cc:269

std
Definition Arch.h:364

str
String related utilities and Regular expression matching.

zypp::filesystem::dirForEach
int dirForEach(const Pathname &dir_r, const StrMatcher &matcher_r, function< bool(const Pathname &, const char *const)> fnc_r)
Definition PathInfo.cc:32

zypp::io::receiveUpto
std::pair< ReceiveUpToResult, std::string > receiveUpto(FILE *file, char c, timeout_type timeout, bool failOnUnblockError)
Definition IOTools.cc:85

zypp::io::no_timeout
static constexpr timeout_type no_timeout
Definition IOTools.h:78

zypp::io::timeout_type
size_t timeout_type
Definition IOTools.h:77

zypp::repo::operator<<
std::ostream & operator<<(std::ostream &str, const DeltaCandidates &obj)
Definition DeltaCandidates.cc:107

zypp::repo::operator==
bool operator==(const RepoType &obj1, const RepoType &obj2)
Definition RepoType.h:61

zypp::str::numstring
std::string numstring(char n, int w=0)
Definition String.h:289

zypp_private
Definition PluginRepoverification.cc:26

zypp
Easy-to use interface to the ZYPP dependency resolver.
Definition CodePitfalls.doc:2

zypp::dumpOn
std::ostream & dumpOn(std::ostream &str, const Capability &obj)
Definition Capability.cc:580

zypp::UserDataJobReport
JobReport convenience sending this instance of UserData with each message.
Definition ZYppCallbacks.h:1052

zypp::str::Format
Convenient building of std::string with boost::format.
Definition String.h:253

zypp_private::repo::Monitor
Definition PluginRepoverification.cc:33

zypp_private::repo::Monitor::reportFinalLineUnlessEmpty
bool reportFinalLineUnlessEmpty(std::string &line_r, Callback &cb_r)
Definition PluginRepoverification.cc:92

zypp_private::repo::Monitor::Monitor
Monitor(io::timeout_type timeout_r=io::no_timeout)
Definition PluginRepoverification.cc:37

zypp_private::repo::Monitor::reportTimeout
bool reportTimeout(Callback &cb_r)
Definition PluginRepoverification.cc:88

zypp_private::repo::Monitor::operator()
int operator()(ExternalProgram &prog_r, Callback cb_r=Callback())
Definition PluginRepoverification.cc:41

zypp_private::repo::Monitor::reportLine
bool reportLine(std::string &line_r, Callback &cb_r)
Definition PluginRepoverification.cc:79

zypp_private::repo::Monitor::_timeout
io::timeout_type _timeout
Definition PluginRepoverification.cc:99

zypp_private::repo::Monitor::Callback
std::function< bool(std::optional< std::string >)> Callback
Report a line of output (without trailing NL) otherwise a life ping on timeout.
Definition PluginRepoverification.cc:35

ZYPP_THROW
#define ZYPP_THROW(EXCPT)
Drops a logline and throws the Exception.
Definition Exception.h:428

DBG
#define DBG
Definition Logger.h:95

WAR
#define WAR
Definition Logger.h:97

INT
#define INT
Definition Logger.h:100