/**
* Test the verify file method
*
* @depends testImportShort
*/
public function testVerifyFile(){
$gpg = new \Core\GPG\GPG();
/** @var \Core\GPG\Signature $sig */
$sig = $gpg->verifyFileSignature($this->verifyFile);
$this->assertInstanceOf('Core\\GPG\\Signature', $sig);
$this->assertTrue($sig->isValid);
$this->assertEquals('Wed 18 Nov 2015 01:22:49 PM EST', $sig->dateTime);
$this->assertEquals('4E7330EB2A84D7479B719FF33F20C906B04EFAD6', $sig->fingerprint);
$this->assertEquals('B04EFAD6', $sig->keyID);
$this->assertEquals('RSA', $sig->encType);
$this->assertEquals('*****@*****.**', $sig->signingEmail);
$this->assertEquals('Core Plus Test Key', $sig->signingName);
// It should break if invalid data is provided
$this->setExpectedException('Exception');
$gpg->verifyFileSignature($this->notGPGFile);
}
/**
* Get the repository XML as a string that can be returned to the browser or cached for future use.
*
* @return string
*/
private function _getRepoXML()
{
$repo = new RepoXML();
$repo->setDescription(ConfigHandler::Get('/package_repository/description'));
$dir = Factory::Directory(\ConfigHandler::Get('/package_repository/base_directory'));
$coredir = $dir->getPath() . 'core/';
$componentdir = $dir->getPath() . 'components/';
$themedir = $dir->getPath() . 'themes/';
$tmpdir = Factory::Directory('tmp/exports/');
$gpg = new Core\GPG\GPG();
$keysfound = [];
$private = ConfigHandler::Get('/package_repository/is_private') || strpos($dir->getPath(), ROOT_PDIR) !== 0;
$addedpackages = 0;
$failedpackages = 0;
$iterator = new \Core\Filestore\DirectoryIterator($dir);
// Only find signed packages.
$iterator->findExtensions = ['asc'];
// Recurse into sub directories
$iterator->recursive = true;
// No directories
$iterator->findDirectories = false;
// Just files
$iterator->findFiles = true;
// And sort them by their filename to make things easy.
$iterator->sortBy('filename');
// Ensure that the necessary temp directory exists.
$tmpdir->mkdir();
foreach ($iterator as $file) {
/** @var \Core\Filestore\File $file */
$fullpath = $file->getFilename();
// Used in the XML file.
if ($private) {
$relpath = \Core\resolve_link('/packagerepository/download?file=' . substr($file->getFilename(), strlen($dir->getPath())));
} else {
$relpath = $file->getFilename(ROOT_PDIR);
}
// Drop the .asc extension.
$basename = $file->getBasename(true);
// Tarball of the temporary package
$tgz = Factory::File($tmpdir->getPath() . $basename);
$output = [];
// I need to 1) retrieve and 2) verify the key for this package.
try {
$signature = $gpg->verifyFileSignature($fullpath);
if (!in_array($signature->keyID, $keysfound)) {
$repo->addKey($signature->keyID, null, null);
$keysfound[] = $signature->keyID;
}
} catch (\Exception $e) {
trigger_error($fullpath . ' was not able to be verified as authentic, (probably because the GPG public key was not available)');
$failedpackages++;
continue;
}
// decode and untar it in a temp directory to get the package.xml file.
exec('gpg --homedir "' . GPG_HOMEDIR . '" -q -d "' . $fullpath . '" > "' . $tgz->getFilename() . '" 2>/dev/null', $output, $ret);
if ($ret) {
trigger_error('Decryption of file ' . $fullpath . ' failed!');
$failedpackages++;
continue;
}
exec('tar -xzf "' . $tgz->getFilename() . '" -C "' . $tmpdir->getPath() . '" ./package.xml', $output, $ret);
if ($ret) {
trigger_error('Unable to extract package.xml from' . $tgz->getFilename());
unlink($tmpdir->getPath() . $basename);
$failedpackages++;
continue;
}
// Read in that package file and append it to the repo xml.
$package = new PackageXML($tmpdir->getPath() . 'package.xml');
$package->getRootDOM()->setAttribute('key', $signature->keyID);
$package->setFileLocation($relpath);
$repo->addPackage($package);
$addedpackages++;
// But I can still cleanup!
unlink($tmpdir->getPath() . 'package.xml');
$tgz->delete();
}
return $repo->asPrettyXML();
}
public static function RebuildPackages()
{
$dir = \Core\Filestore\Factory::Directory(\ConfigHandler::Get('/package_repository/base_directory'));
$coredir = $dir->getPath() . 'core/';
$componentdir = $dir->getPath() . 'components/';
$themedir = $dir->getPath() . 'themes/';
$tmpdir = \Core\Filestore\Factory::Directory('tmp/exports/');
$gpg = new Core\GPG\GPG();
$keysfound = [];
$addedpackages = 0;
$failedpackages = 0;
$skippedpackages = 0;
$ls = $dir->ls('asc', true);
\Core\CLI\CLI::PrintProgressBar(0);
$totalPackages = sizeof($ls);
$percentEach = 100 / $totalPackages;
$currentPercent = 0;
// Ensure that the necessary temp directory exists.
$tmpdir->mkdir();
foreach ($ls as $file) {
/** @var \Core\Filestore\File $file */
$fullpath = $file->getFilename();
$relpath = substr($file->getFilename(), strlen($dir->getPath()));
$tmpdirpath = $tmpdir->getPath();
// Drop the .asc extension.
$basename = $file->getBasename(true);
// Tarball of the temporary package
$tgz = \Core\Filestore\Factory::File($tmpdirpath . $basename);
$output = [];
// I need to 1) retrieve and 2) verify the key for this package.
try {
$signature = $gpg->verifyFileSignature($fullpath);
} catch (\Exception $e) {
trigger_error($fullpath . ' was not able to be verified as authentic, (probably because the GPG public key was not available)');
$failedpackages++;
continue;
}
// decode and untar it in a temp directory to get the package.xml file.
exec('gpg --homedir "' . GPG_HOMEDIR . '" -q -d "' . $fullpath . '" > "' . $tgz->getFilename() . '" 2>/dev/null', $output, $ret);
if ($ret) {
trigger_error('Decryption of file ' . $fullpath . ' failed!');
$failedpackages++;
continue;
}
// Extract the package.xml metafile, this is critical!
exec('tar -xzf "' . $tgz->getFilename() . '" -C "' . $tmpdirpath . '" ./package.xml', $output, $ret);
if ($ret) {
trigger_error('Unable to extract package.xml from' . $tgz->getFilename());
unlink($tmpdirpath . $basename);
$failedpackages++;
continue;
}
// Read in that package file and append it to the repo xml.
$package = new PackageXML($tmpdirpath . 'package.xml');
$package->getRootDOM()->setAttribute('key', $signature->keyID);
$package->setFileLocation($relpath);
// Core has a few differences than most components.
if ($package->getKeyName() == 'core') {
$pkgName = 'Core Plus';
$chngName = 'Core Plus';
$type = 'core';
$chngDepth = 3;
$chngFile = './data/core/CHANGELOG';
$xmlFile = './data/core/component.xml';
} else {
$pkgName = $package->getName();
$chngName = ($package->getType() == 'theme' ? 'Theme/' : '') . $package->getName();
$type = $package->getType();
$chngDepth = 2;
$chngFile = './data/CHANGELOG';
$xmlFile = './data/' . ($package->getType() == 'theme' ? 'theme.xml' : 'component.xml');
}
// Lookup this package in the database or create if it doesn't exist.
$model = PackageRepositoryPackageModel::Find(['type = ' . $package->getType(), 'key = ' . $package->getKeyName(), 'version = ' . $package->getVersion()], 1);
if (!$model) {
$model = new PackageRepositoryPackageModel();
$model->set('type', $type);
$model->set('key', $package->getKeyName());
$model->set('version', $package->getVersion());
}
// Set the data provided by the package.xml file.
$model->set('name', $pkgName);
$model->set('gpg_key', $package->getKey());
$model->set('packager', $package->getPackager());
$model->set('file', $relpath);
$model->set('description', $package->getDescription());
$model->set('requires', $package->getRequires());
$model->set('provides', $package->getProvides());
$model->set('upgrades', $package->getUpgrades());
unlink($tmpdirpath . 'package.xml');
// Extract out the CHANGELOG file, this is not so critical.
// I need strip-components=2 to drop off the "." and "data" prefixes.
exec('tar -xzf "' . $tgz->getFilename() . '" -C "' . $tmpdirpath . '" --strip-components=' . $chngDepth . ' ' . $chngFile, $output, $ret);
// If there is a CHANGELOG, parse that too!
if (file_exists($tmpdirpath . 'CHANGELOG')) {
try {
$ch = new Core\Utilities\Changelog\Parser($chngName, $tmpdirpath . 'CHANGELOG');
$ch->parse();
// Get the version for this iteration.
$chsec = $ch->getSection($model->get('version'));
$model->set('packager_name', $chsec->getPackagerName());
$model->set('packager_email', $chsec->getPackagerEmail());
$model->set('datetime_released', $chsec->getReleasedDateUTC());
$model->set('changelog', $chsec->fetchAsHTML(null));
} catch (Exception $e) {
// meh, we just won't have a changelog.
} finally {
if (file_exists($tmpdirpath . 'CHANGELOG')) {
// Cleanup
unlink($tmpdirpath . 'CHANGELOG');
}
}
}
// Retrieve out the screenshots from this component.
exec('tar -xzf "' . $tgz->getFilename() . '" -O ' . $xmlFile . ' > "' . $tmpdirpath . 'comp.xml"', $output, $ret);
if (file_exists($tmpdirpath . 'comp.xml')) {
try {
$images = [];
$c = new Component_2_1($tmpdirpath . 'comp.xml');
$screens = $c->getScreenshots();
if (sizeof($screens)) {
foreach ($screens as $s) {
// Extract out this screen and save it to the filesystem.
$archivedFile = dirname($xmlFile) . '/' . $s;
$localFile = \Core\Filestore\Factory::File('public/packagerepo-screens/' . $model->get('type') . '-' . $model->get('key') . '-' . $model->get('version') . '/' . basename($s));
// Write something into the file so that it exists on the filesystem.
$localFile->putContents('');
// And now tar can extract directly to that destination!
exec('tar -xzf "' . $tgz->getFilename() . '" -O ' . $archivedFile . ' > "' . $localFile->getFilename() . '"', $output, $ret);
if (!$ret) {
// Return code should be 0 on a successful write.
$images[] = $localFile->getFilename(false);
}
}
}
$model->set('screenshots', $images);
} catch (Exception $e) {
// meh, we just won't have images..
} finally {
if (file_exists($tmpdirpath . 'comp.xml')) {
// Cleanup
unlink($tmpdirpath . 'comp.xml');
}
}
}
if ($model->changed()) {
$model->save(true);
$addedpackages++;
} else {
$skippedpackages++;
}
// But I can still cleanup!
$tgz->delete();
$currentPercent += $percentEach;
\Core\CLI\CLI::PrintProgressBar($currentPercent);
}
// Commit everything!
PackageRepositoryPackageModel::CommitSaves();
return ['updated' => $addedpackages, 'skipped' => $skippedpackages, 'failed' => $failedpackages];
}
