[pve-manager.git] / PVE / APLInfo.pm

package PVE::APLInfo;

use strict;
use IO::File;
use PVE::SafeSyslog;
use LWP::UserAgent;
use POSIX qw(strftime);

my $logfile = "/var/log/pveam.log";
my $aplinfodir = "/var/lib/pve-manager/apl-info";

# Default list of GPG keys allowed to sign aplinfo
#
#pub   1024D/5CAC72FE 2004-06-24
#      Key fingerprint = 9ABD 7E02 AD24 3AD3 C2FB  BCCC B0C1 CC22 5CAC 72FE
#uid                  Proxmox Support Team <support@proxmox.com>
#pub   2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
#      Key fingerprint = 694C FF26 795A 29BA E07B  4EB5 85C2 5E95 A16E B94D
#uid                  Turnkey Linux Release Key <release@turnkeylinux.com>

my $valid_keys = {
    '9ABD7E02AD243AD3C2FBBCCCB0C1CC225CAC72FE' => 1, # fingerprint support@proxmox.com
    '25CAC72FE' => 1,                                # keyid support@proxmox.com
    '694CFF26795A29BAE07B4EB585C25E95A16EB94D' => 1, # fingerprint release@turnkeylinux.com
    'A16EB94D' => 1,                                 # keyid release@turnkeylinux.com
};

sub import_gpg_keys {

    my @keyfiles = ('support@proxmox.com.pubkey', 'release@turnkeylinux.com.pubkey');

    foreach my $key (@keyfiles) {
	my $fn = "/usr/share/doc/pve-manager/$key";
	system ("/usr/bin/gpg --batch --no-tty --status-fd=1 -q " .
		"--logger-fd=1 --import $fn >>$logfile");
    }
}

sub logmsg {
    my ($logfd, $msg) = @_;

    chomp $msg;

    my $tstr = strftime ("%b %d %H:%M:%S", localtime);

    foreach my $line (split (/\n/, $msg)) {
	print $logfd "$tstr $line\n";
    }
}

sub read_aplinfo_from_fh {
    my ($fh, $list, $source, $update) = @_;

    local $/ = "";

    while (my $rec = <$fh>) {
	chomp $rec;
	
	my $res = {};

	while ($rec) {

	    if ($rec =~ s/^Description:\s*([^\n]*)(\n\s+.*)*$//si) {
		$res->{headline} = $1;
		my $long = $2;
		$long =~ s/\n\s+/ /g;
		$long =~ s/^\s+//g;
		$long =~ s/\s+$//g;
		$res->{description} = $long;
	    } elsif ($rec =~ s/^Version:\s*(.*\S)\s*\n//i) {
		my $version = $1;
		if ($version =~ m/^(\d[a-zA-Z0-9\.\+\-\:\~]*)-(\d+)$/) {
		    $res->{version} = $version;
		} else {
		    my $msg = "unable to parse appliance record: version = '$version'\n";
		    $update ? die $msg : warn $msg;
		}
	    } elsif ($rec =~ s/^Type:\s*(.*\S)\s*\n//i) {
		my $type = $1;
		if ($type =~ m/^(openvz|lxc)$/) {
		    $res->{type} = $type;
		} else {
		    my $msg = "unable to parse appliance record: unknown type '$type'\n";
		    $update ? die $msg : warn $msg;
		}
	    } elsif ($rec =~ s/^([^:]+):\s*(.*\S)\s*\n//) {
		$res->{lc $1} = $2;
	    } else {
		my $msg = "unable to parse appliance record: $rec\n";
		$update ? die $msg : warn $msg;		
		$res = {};
		last;
	    }
	}
	
	if ($res->{'package'} eq 'pve-web-news' && $res->{description}) {
	    $list->{'all'}->{$res->{'package'}} = $res;	    
	    next;
	}

	$res->{section} = 'unknown' if !$res->{section};
	
	if ($res->{'package'} && $res->{type} && $res->{os} && $res->{version} &&
	    $res->{infopage}) {
	    my $template;
	    if ($res->{location}) {
		$template = $res->{location};
		$template =~ s|.*/([^/]+.tar.gz)|$1|;
	    } else {
		$template = "$res->{os}-$res->{package}_$res->{version}_i386.tar.gz";
		$template =~ s/$res->{os}-$res->{os}-/$res->{os}-/;
	    }
	    $res->{source} = $source;
	    $res->{template} = $template;
	    $list->{$res->{section}}->{$template} = $res;
	    $list->{'all'}->{$template} = $res;
	} else {
	    my $msg = "found incomplete appliance records\n";
	    $update ? die $msg : warn $msg;		
	}
    }
}

sub read_aplinfo {
    my ($filename, $list, $source, $update) = @_;

    my $fh = IO::File->new("<$filename") ||
	die "unable to open file '$filename' - $!\n";

    eval { read_aplinfo_from_fh($fh, $list, $source, $update); };
    my $err = $@;

    close($fh);

    die $err if $err;
    
    return $list;
}

sub url_get {
    my ($ua, $url, $file, $logfh) = @_;

    my $req = HTTP::Request->new(GET => $url);

    logmsg ($logfh, "start download $url");
    my $res = $ua->request($req, $file);

    if ($res->is_success) {
	logmsg ($logfh, "download finished: " . $res->status_line);
	return 0;
    }

    logmsg ($logfh, "download failed: " . $res->status_line);

    return 1;
}

sub download_aplinfo {
    my ($ua, $aplurl, $host, $logfd) = @_;

    my $aplsrcurl = "$aplurl/aplinfo.dat.gz";
    my $aplsigurl = "$aplurl/aplinfo.dat.asc";

    my $tmp = "$aplinfodir/pveam-${host}.tmp.$$";
    my $tmpgz = "$tmp.gz";
    my $sigfn = "$tmp.asc";

    eval {

	if (url_get($ua, $aplsigurl, $sigfn, $logfd) != 0) {
	    die "update failed - no signature file '$sigfn'\n";
	}

	if (url_get($ua, $aplsrcurl, $tmpgz, $logfd) != 0) {
	    die "update failed - no data file '$aplsrcurl'\n";
	}
 
	if (system("zcat -f $tmpgz >$tmp 2>/dev/null") != 0) {
	    die "update failed: unable to unpack '$tmpgz'\n";
	} 

	# verify signature

	my $cmd = "/usr/bin/gpg --verify --trust-model always --batch --no-tty --status-fd=1 -q " .
	    "--logger-fd=1 $sigfn $tmp";

	open(CMD, "$cmd|") ||
	    die "unable to execute '$cmd': $!\n";

	my $line;
	my $signer = '';
	while (defined($line = <CMD>)) {
	    chomp $line;
	    logmsg($logfd, $line);

	    # code borrowed from SA
	    next if $line !~ /^\Q[GNUPG:]\E (?:VALID|GOOD)SIG (\S{8,40})/;
	    my $key = $1;  

	    # we want either a keyid (8) or a fingerprint (40)
	    if (length $key > 8 && length $key < 40) {
		substr($key, 8) = '';
	    }
	    # use the longest match we can find
	    $signer = $key if (length $key > length $signer) && $valid_keys->{$key};
	}

	close(CMD);

	die "unable to verify signature\n" if !$signer;

	logmsg($logfd, "signature valid: $signer");

	# test syntax
	eval { 
	    my $fh = IO::File->new("<$tmp") ||
		die "unable to open file '$tmp' - $!\n";
	    read_aplinfo($tmp, {}, $aplurl, 1);
	    close($fh);
	};
	die "update failed: $@" if $@;

	if (system("mv $tmp $aplinfodir/$host 2>/dev/null") != 0) { 
	    die "update failed: unable to store data\n";
	}

	logmsg($logfd, "update sucessful");
    };

    my $err = $@;

    unlink $tmp;
    unlink $tmpgz;
    unlink $sigfn;

    die $err if $err;
}

sub get_apl_sources {
 
    my $urls = [];
    push @$urls, "http://download.proxmox.com/appliances";
    push @$urls, "http://releases.turnkeylinux.org/pve";

    return $urls;
}

sub update {
    my ($proxy) = @_;

    my $size;
    if (($size = (-s $logfile) || 0) > (1024*50)) {
	system ("mv $logfile $logfile.0");
    }
    my $logfd = IO::File->new (">>$logfile");
    logmsg($logfd, "starting update");

    import_gpg_keys();

    # this code works for ftp and http
    # always use passive ftp
    local $ENV{FTP_PASSIVE} = 1;
    my $ua = LWP::UserAgent->new;
    $ua->agent("PVE/1.0");

    if ($proxy) {
	$ua->proxy(['http'], $proxy);
    } else {
	$ua->env_proxy;
    }

    my $urls = get_apl_sources();

    mkdir $aplinfodir;

    my @dlerr = ();
    foreach my $aplurl (@$urls) {
	eval { 
	    my $uri = URI->new($aplurl);
	    my $host = $uri->host();
	    download_aplinfo($ua, $aplurl, $host, $logfd); 
	};
	if (my $err = $@) {
	    logmsg ($logfd, $err);
	    push @dlerr, $aplurl; 
	}
    } 

    close($logfd);

    return 0 if scalar(@dlerr);

    return 1;
}

sub load_data {

   my $urls = get_apl_sources();

    my $list = {};

    foreach my $aplurl (@$urls) {

	eval { 

	    my $uri = URI->new($aplurl);
	    my $host = $uri->host();
	    read_aplinfo("$aplinfodir/$host", $list, $aplurl);
	};
	warn $@ if $@;
    }

    return $list;
}

1;
Commit	Line	Data
aff192e6 DM	1	package PVE::APLInfo;
	2
	3	use strict;
	4	use IO::File;
	5	use PVE::SafeSyslog;
aff192e6	6	use LWP::UserAgent;
aff192e6 DM	7	use POSIX qw(strftime);
	8
	9	my $logfile = "/var/log/pveam.log";
c9164975	10	my $aplinfodir = "/var/lib/pve-manager/apl-info";
aff192e6 DM	11
	12	# Default list of GPG keys allowed to sign aplinfo
	13	#
	14	#pub 1024D/5CAC72FE 2004-06-24
	15	# Key fingerprint = 9ABD 7E02 AD24 3AD3 C2FB BCCC B0C1 CC22 5CAC 72FE
	16	#uid Proxmox Support Team <support@proxmox.com>
c9164975 DM	17	#pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12]
	18	# Key fingerprint = 694C FF26 795A 29BA E07B 4EB5 85C2 5E95 A16E B94D
	19	#uid Turnkey Linux Release Key <release@turnkeylinux.com>
aff192e6 DM	20
	21	my $valid_keys = {
	22	'9ABD7E02AD243AD3C2FBBCCCB0C1CC225CAC72FE' => 1, # fingerprint support@proxmox.com
	23	'25CAC72FE' => 1, # keyid support@proxmox.com
c9164975 DM	24	'694CFF26795A29BAE07B4EB585C25E95A16EB94D' => 1, # fingerprint release@turnkeylinux.com
c9164975 DM	25	'A16EB94D' => 1, # keyid release@turnkeylinux.com
aff192e6 DM	26	};
	27
	28	sub import_gpg_keys {
	29
c9164975	30	my @keyfiles = ('support@proxmox.com.pubkey', 'release@turnkeylinux.com.pubkey');
aff192e6	31
c9164975 DM	32	foreach my $key (@keyfiles) {
	33	my $fn = "/usr/share/doc/pve-manager/$key";
	34	system ("/usr/bin/gpg --batch --no-tty --status-fd=1 -q " .
	35	"--logger-fd=1 --import $fn >>$logfile");
	36	}
aff192e6 DM	37	}
	38
	39	sub logmsg {
	40	my ($logfd, $msg) = @_;
	41
	42	chomp $msg;
	43
	44	my $tstr = strftime ("%b %d %H:%M:%S", localtime);
	45
	46	foreach my $line (split (/\n/, $msg)) {
	47	print $logfd "$tstr $line\n";
	48	}
	49	}
	50
6de794eb DM	51	sub read_aplinfo_from_fh {
6de794eb DM	52	my ($fh, $list, $source, $update) = @_;
c9164975 DM	53
	54	local $/ = "";
	55
6de794eb DM	56	while (my $rec = <$fh>) {
6de794eb DM	57	chomp $rec;
c9164975	58
6de794eb DM	59	my $res = {};
	60
	61	while ($rec) {
	62
	63	if ($rec =~ s/^Description:\s([^\n])(\n\s+.)$//si) {
	64	$res->{headline} = $1;
	65	my $long = $2;
	66	$long =~ s/\n\s+/ /g;
	67	$long =~ s/^\s+//g;
	68	$long =~ s/\s+$//g;
	69	$res->{description} = $long;
	70	} elsif ($rec =~ s/^Version:\s(.\S)\s*\n//i) {
	71	my $version = $1;
	72	if ($version =~ m/^(\d[a-zA-Z0-9\.\+\-\:\~]*)-(\d+)$/) {
	73	$res->{version} = $version;
c9164975	74	} else {
6de794eb DM	75	my $msg = "unable to parse appliance record: version = '$version'\n";
6de794eb DM	76	$update ? die $msg : warn $msg;
c9164975	77	}
6de794eb DM	78	} elsif ($rec =~ s/^Type:\s(.\S)\s*\n//i) {
	79	my $type = $1;
	80	if ($type =~ m/^(openvz\|lxc)$/) {
	81	$res->{type} = $type;
c9164975	82	} else {
6de794eb DM	83	my $msg = "unable to parse appliance record: unknown type '$type'\n";
6de794eb DM	84	$update ? die $msg : warn $msg;
c9164975	85	}
6de794eb DM	86	} elsif ($rec =~ s/^([^:]+):\s(.\S)\s*\n//) {
6de794eb DM	87	$res->{lc $1} = $2;
c9164975	88	} else {
6de794eb	89	my $msg = "unable to parse appliance record: $rec\n";
c9164975	90	$update ? die $msg : warn $msg;
6de794eb DM	91	$res = {};
	92	last;
	93	}
	94	}
	95
	96	if ($res->{'package'} eq 'pve-web-news' && $res->{description}) {
	97	$list->{'all'}->{$res->{'package'}} = $res;
	98	next;
	99	}
	100
	101	$res->{section} = 'unknown' if !$res->{section};
	102
	103	if ($res->{'package'} && $res->{type} && $res->{os} && $res->{version} &&
	104	$res->{infopage}) {
	105	my $template;
	106	if ($res->{location}) {
	107	$template = $res->{location};
	108	$template =~ s\|.*/([^/]+.tar.gz)\|$1\|;
	109	} else {
	110	$template = "$res->{os}-$res->{package}_$res->{version}_i386.tar.gz";
	111	$template =~ s/$res->{os}-$res->{os}-/$res->{os}-/;
c9164975	112	}
6de794eb DM	113	$res->{source} = $source;
	114	$res->{template} = $template;
	115	$list->{$res->{section}}->{$template} = $res;
	116	$list->{'all'}->{$template} = $res;
	117	} else {
	118	my $msg = "found incomplete appliance records\n";
	119	$update ? die $msg : warn $msg;
c9164975	120	}
6de794eb DM	121	}
	122	}
	123
	124	sub read_aplinfo {
	125	my ($filename, $list, $source, $update) = @_;
	126
	127	my $fh = IO::File->new("<$filename") \|\|
	128	die "unable to open file '$filename' - $!\n";
	129
	130	eval { read_aplinfo_from_fh($fh, $list, $source, $update); };
c9164975 DM	131	my $err = $@;
	132
	133	close($fh);
	134
	135	die $err if $err;
	136
	137	return $list;
	138	}
	139
aff192e6 DM	140	sub url_get {
	141	my ($ua, $url, $file, $logfh) = @_;
	142
	143	my $req = HTTP::Request->new(GET => $url);
	144
	145	logmsg ($logfh, "start download $url");
	146	my $res = $ua->request($req, $file);
	147
	148	if ($res->is_success) {
	149	logmsg ($logfh, "download finished: " . $res->status_line);
	150	return 0;
	151	}
	152
	153	logmsg ($logfh, "download failed: " . $res->status_line);
	154
	155	return 1;
	156	}
	157
c9164975 DM	158	sub download_aplinfo {
c9164975 DM	159	my ($ua, $aplurl, $host, $logfd) = @_;
aff192e6	160
aff192e6 DM	161	my $aplsrcurl = "$aplurl/aplinfo.dat.gz";
	162	my $aplsigurl = "$aplurl/aplinfo.dat.asc";
	163
c9164975	164	my $tmp = "$aplinfodir/pveam-${host}.tmp.$$";
aff192e6 DM	165	my $tmpgz = "$tmp.gz";
	166	my $sigfn = "$tmp.asc";
	167
aff192e6	168	eval {
c9164975 DM	169
	170	if (url_get($ua, $aplsigurl, $sigfn, $logfd) != 0) {
	171	die "update failed - no signature file '$sigfn'\n";
aff192e6 DM	172	}
aff192e6 DM	173
c9164975 DM	174	if (url_get($ua, $aplsrcurl, $tmpgz, $logfd) != 0) {
c9164975 DM	175	die "update failed - no data file '$aplsrcurl'\n";
aff192e6 DM	176	}
aff192e6 DM	177
c9164975	178	if (system("zcat -f $tmpgz >$tmp 2>/dev/null") != 0) {
aff192e6 DM	179	die "update failed: unable to unpack '$tmpgz'\n";
	180	}
	181
	182	# verify signature
	183
c9164975	184	my $cmd = "/usr/bin/gpg --verify --trust-model always --batch --no-tty --status-fd=1 -q " .
aff192e6 DM	185	"--logger-fd=1 $sigfn $tmp";
aff192e6 DM	186
c9164975	187	open(CMD, "$cmd\|") \|\|
aff192e6 DM	188	die "unable to execute '$cmd': $!\n";
	189
	190	my $line;
	191	my $signer = '';
c9164975	192	while (defined($line = <CMD>)) {
aff192e6	193	chomp $line;
c9164975	194	logmsg($logfd, $line);
aff192e6 DM	195
	196	# code borrowed from SA
	197	next if $line !~ /^\Q[GNUPG:]\E (?:VALID\|GOOD)SIG (\S{8,40})/;
	198	my $key = $1;
	199
	200	# we want either a keyid (8) or a fingerprint (40)
	201	if (length $key > 8 && length $key < 40) {
	202	substr($key, 8) = '';
	203	}
	204	# use the longest match we can find
	205	$signer = $key if (length $key > length $signer) && $valid_keys->{$key};
	206	}
	207
c9164975	208	close(CMD);
aff192e6 DM	209
	210	die "unable to verify signature\n" if !$signer;
	211
c9164975	212	logmsg($logfd, "signature valid: $signer");
aff192e6 DM	213
	214	# test syntax
	215	eval {
c9164975	216	my $fh = IO::File->new("<$tmp") \|\|
aff192e6	217	die "unable to open file '$tmp' - $!\n";
c9164975 DM	218	read_aplinfo($tmp, {}, $aplurl, 1);
c9164975 DM	219	close($fh);
aff192e6 DM	220	};
	221	die "update failed: $@" if $@;
	222
c9164975	223	if (system("mv $tmp $aplinfodir/$host 2>/dev/null") != 0) {
aff192e6 DM	224	die "update failed: unable to store data\n";
	225	}
	226
c9164975	227	logmsg($logfd, "update sucessful");
aff192e6 DM	228	};
	229
	230	my $err = $@;
	231
	232	unlink $tmp;
	233	unlink $tmpgz;
	234	unlink $sigfn;
	235
c9164975	236	die $err if $err;
aff192e6 DM	237	}
aff192e6 DM	238
c9164975 DM	239	sub get_apl_sources {
	240
	241	my $urls = [];
	242	push @$urls, "http://download.proxmox.com/appliances";
	243	push @$urls, "http://releases.turnkeylinux.org/pve";
aff192e6	244
c9164975	245	return $urls;
aff192e6 DM	246	}
aff192e6 DM	247
c9164975 DM	248	sub update {
c9164975 DM	249	my ($proxy) = @_;
aff192e6	250
c9164975 DM	251	my $size;
	252	if (($size = (-s $logfile) \|\| 0) > (1024*50)) {
	253	system ("mv $logfile $logfile.0");
	254	}
	255	my $logfd = IO::File->new (">>$logfile");
	256	logmsg($logfd, "starting update");
aff192e6	257
c9164975	258	import_gpg_keys();
aff192e6	259
c9164975 DM	260	# this code works for ftp and http
	261	# always use passive ftp
	262	local $ENV{FTP_PASSIVE} = 1;
	263	my $ua = LWP::UserAgent->new;
	264	$ua->agent("PVE/1.0");
aff192e6	265
c9164975 DM	266	if ($proxy) {
	267	$ua->proxy(['http'], $proxy);
	268	} else {
	269	$ua->env_proxy;
	270	}
aff192e6	271
c9164975	272	my $urls = get_apl_sources();
aff192e6	273
c9164975	274	mkdir $aplinfodir;
aff192e6	275
c9164975 DM	276	my @dlerr = ();
	277	foreach my $aplurl (@$urls) {
	278	eval {
	279	my $uri = URI->new($aplurl);
	280	my $host = $uri->host();
	281	download_aplinfo($ua, $aplurl, $host, $logfd);
	282	};
	283	if (my $err = $@) {
	284	logmsg ($logfd, $err);
	285	push @dlerr, $aplurl;
	286	}
	287	}
aff192e6	288
c9164975	289	close($logfd);
aff192e6	290
c9164975	291	return 0 if scalar(@dlerr);
aff192e6	292
c9164975	293	return 1;
aff192e6 DM	294	}
aff192e6 DM	295
c9164975	296	sub load_data {
aff192e6	297
75a6a7f5	298	my $urls = get_apl_sources();
aff192e6	299
c9164975	300	my $list = {};
aff192e6	301
c9164975	302	foreach my $aplurl (@$urls) {
aff192e6	303
c9164975	304	eval {
aff192e6	305
c9164975 DM	306	my $uri = URI->new($aplurl);
	307	my $host = $uri->host();
	308	read_aplinfo("$aplinfodir/$host", $list, $aplurl);
	309	};
	310	warn $@ if $@;
	311	}
aff192e6	312
c9164975	313	return $list;
aff192e6 DM	314	}
	315
	316	1;
	317