/**
* Get the repository XML as a string that can be returned to the browser or cached for future use.
*
* @param string|null $serverid The server ID making the request, or null for anonymous.
* @param string|null $limitPackager Limit the packager returned to at least version X.Y.
*
* @return RepoXML
*/
public static function GetAsRepoXML($serverid, $limitPackager)
{
$repo = new RepoXML();
$repo->setDescription(ConfigHandler::Get('/package_repository/description'));
$gpg = new Core\GPG\GPG();
$keysfound = [];
$where = [];
if ($limitPackager) {
$where[] = 'packager LIKE ' . $limitPackager . '%';
}
$packages = PackageRepositoryPackageModel::Find($where, null, 'type DESC, key ASC, version');
foreach ($packages as $pkg) {
/** @var PackageRepositoryPackageModel $pkg */
$package = new PackageXML(null);
$package->setType($pkg->get('type'));
$package->setName($pkg->get('name'));
$package->setVersion($pkg->get('version'));
$package->setPackager($pkg->get('packager'));
$package->setDescription($pkg->get('description'));
$package->setKey($pkg->get('gpg_key'));
if (!in_array($pkg->get('gpg_key'), $keysfound)) {
$keysfound[] = $pkg->get('gpg_key');
}
$package->setFileLocation(\Core\resolve_link('/packagerepository/download?file=' . $pkg->get('file')));
$upgrades = $pkg->get('requires');
foreach ($upgrades as $dat) {
$package->setRequire($dat['type'], $dat['name'], $dat['version'], $dat['operation']);
}
$upgrades = $pkg->get('provides');
foreach ($upgrades as $dat) {
$package->setProvide($dat['type'], $dat['name'], $dat['version']);
}
$upgrades = $pkg->get('upgrades');
foreach ($upgrades as $dat) {
$package->setUpgrade($dat['from'], $dat['to']);
}
$screens = $pkg->get('screenshots');
foreach ($screens as $dat) {
$f = \Core\Filestore\Factory::File($dat);
$package->setScreenshot($f->getURL());
}
$package->setChangelog($pkg->get('changelog'));
$repo->addPackage($package);
}
return $repo;
}
/**
* Get the repository XML as a string that can be returned to the browser or cached for future use.
*
* @return string
*/
private function _getRepoXML()
{
$repo = new RepoXML();
$repo->setDescription(ConfigHandler::Get('/package_repository/description'));
$dir = Factory::Directory(\ConfigHandler::Get('/package_repository/base_directory'));
$coredir = $dir->getPath() . 'core/';
$componentdir = $dir->getPath() . 'components/';
$themedir = $dir->getPath() . 'themes/';
$tmpdir = Factory::Directory('tmp/exports/');
$gpg = new Core\GPG\GPG();
$keysfound = [];
$private = ConfigHandler::Get('/package_repository/is_private') || strpos($dir->getPath(), ROOT_PDIR) !== 0;
$addedpackages = 0;
$failedpackages = 0;
$iterator = new \Core\Filestore\DirectoryIterator($dir);
// Only find signed packages.
$iterator->findExtensions = ['asc'];
// Recurse into sub directories
$iterator->recursive = true;
// No directories
$iterator->findDirectories = false;
// Just files
$iterator->findFiles = true;
// And sort them by their filename to make things easy.
$iterator->sortBy('filename');
// Ensure that the necessary temp directory exists.
$tmpdir->mkdir();
foreach ($iterator as $file) {
/** @var \Core\Filestore\File $file */
$fullpath = $file->getFilename();
// Used in the XML file.
if ($private) {
$relpath = \Core\resolve_link('/packagerepository/download?file=' . substr($file->getFilename(), strlen($dir->getPath())));
} else {
$relpath = $file->getFilename(ROOT_PDIR);
}
// Drop the .asc extension.
$basename = $file->getBasename(true);
// Tarball of the temporary package
$tgz = Factory::File($tmpdir->getPath() . $basename);
$output = [];
// I need to 1) retrieve and 2) verify the key for this package.
try {
$signature = $gpg->verifyFileSignature($fullpath);
if (!in_array($signature->keyID, $keysfound)) {
$repo->addKey($signature->keyID, null, null);
$keysfound[] = $signature->keyID;
}
} catch (\Exception $e) {
trigger_error($fullpath . ' was not able to be verified as authentic, (probably because the GPG public key was not available)');
$failedpackages++;
continue;
}
// decode and untar it in a temp directory to get the package.xml file.
exec('gpg --homedir "' . GPG_HOMEDIR . '" -q -d "' . $fullpath . '" > "' . $tgz->getFilename() . '" 2>/dev/null', $output, $ret);
if ($ret) {
trigger_error('Decryption of file ' . $fullpath . ' failed!');
$failedpackages++;
continue;
}
exec('tar -xzf "' . $tgz->getFilename() . '" -C "' . $tmpdir->getPath() . '" ./package.xml', $output, $ret);
if ($ret) {
trigger_error('Unable to extract package.xml from' . $tgz->getFilename());
unlink($tmpdir->getPath() . $basename);
$failedpackages++;
continue;
}
// Read in that package file and append it to the repo xml.
$package = new PackageXML($tmpdir->getPath() . 'package.xml');
$package->getRootDOM()->setAttribute('key', $signature->keyID);
$package->setFileLocation($relpath);
$repo->addPackage($package);
$addedpackages++;
// But I can still cleanup!
unlink($tmpdir->getPath() . 'package.xml');
$tgz->delete();
}
return $repo->asPrettyXML();
}
echo 'FAILED!' . NL . 'Unable to extract package.xml from the tarball!' . NL;
unlink($tmpdir . $basename);
$failedpackages++;
continue;
}
$output = array();
// I also need the GPG key for this specific package.
exec('gpg --verify "' . $fullpath . '" 2>&1 | grep "key ID" | sed \'s:.*key ID \([A-Z0-9]*\)$:\1:\'', $output, $result);
$key = $output[0];
// Read in that package file and append it to the repo xml.
$package = new PackageXML($tmpdir . 'package.xml');
$package->getRootDOM()->setAttribute('key', $key);
$package->setFileLocation($relpath);
$repo->addPackage($package);
$addedpackages++;
// But I can still cleanup!
unlink($tmpdir . 'package.xml');
unlink($tmpdir . $basename);
echo "OK!" . NL;
}
}
else{
echo '!!WARNING!! - Unable to open ' . $dir['directory'] . ' for scanning!' . NL;
}
}
