[proxmox-offline-mirror.git] / src / mirror.rs

use std::{
    cmp::max,
    collections::HashMap,
    io::Read,
    path::{Path, PathBuf},
};

use anyhow::{bail, format_err, Error};
use flate2::bufread::GzDecoder;
use nix::libc;
use proxmox_http::{client::sync::Client, HttpClient, HttpOptions};
use proxmox_sys::fs::file_get_contents;

use crate::{
    config::{MirrorConfig, SubscriptionKey},
    convert_repo_line,
    pool::Pool,
    types::{Snapshot, SNAPSHOT_REGEX},
    FetchResult, Progress,
};
use proxmox_apt::{
    deb822::{
        CheckSums, CompressionType, FileReference, FileReferenceType, PackagesFile, ReleaseFile,
    },
    repositories::{APTRepository, APTRepositoryPackageType},
};

use crate::helpers;

fn mirror_dir(config: &MirrorConfig) -> String {
    format!("{}/{}", config.base_dir, config.id)
}

pub(crate) fn pool(config: &MirrorConfig) -> Result<Pool, Error> {
    let pool_dir = format!("{}/.pool", config.base_dir);
    Pool::open(Path::new(&mirror_dir(config)), Path::new(&pool_dir))
}

/// `MirrorConfig`, but some fields converted/parsed into usable types.
struct ParsedMirrorConfig {
    pub repository: APTRepository,
    pub architectures: Vec<String>,
    pub pool: Pool,
    pub key: Vec<u8>,
    pub verify: bool,
    pub sync: bool,
    pub auth: Option<String>,
    pub client: Client,
}

impl TryInto<ParsedMirrorConfig> for MirrorConfig {
    type Error = anyhow::Error;

    fn try_into(self) -> Result<ParsedMirrorConfig, Self::Error> {
        let pool = pool(&self)?;

        let repository = convert_repo_line(self.repository.clone())?;

        let key = file_get_contents(Path::new(&self.key_path))?;

        let options = HttpOptions {
            user_agent: Some("proxmox-offline-mirror 0.1".to_string()),
            ..Default::default()
        }; // TODO actually read version ;)

        let client = Client::new(options);

        Ok(ParsedMirrorConfig {
            repository,
            architectures: self.architectures,
            pool,
            key,
            verify: self.verify,
            sync: self.sync,
            auth: None,
            client,
        })
    }
}

// Helper to get absolute URL for dist-specific relative `path`.
fn get_dist_url(repo: &APTRepository, path: &str) -> String {
    let dist_root = format!("{}/dists/{}", repo.uris[0], repo.suites[0]);

    format!("{}/{}", dist_root, path)
}

// Helper to get dist-specific path given a `prefix` (snapshot dir) and relative `path`.
fn get_dist_path(repo: &APTRepository, prefix: &Path, path: &str) -> PathBuf {
    let mut base = PathBuf::from(prefix);
    base.push("dists");
    base.push(&repo.suites[0]);
    base.push(path);
    base
}

// Helper to get generic URL given a `repo` and `path`.
fn get_repo_url(repo: &APTRepository, path: &str) -> String {
    format!("{}/{}", repo.uris[0], path)
}

/// Helper to fetch file from URI and optionally verify the responses checksum.
///
/// Only fetches and returns data, doesn't store anything anywhere.
fn fetch_repo_file(
    client: &Client,
    uri: &str,
    max_size: usize,
    checksums: Option<&CheckSums>,
    auth: Option<&str>,
) -> Result<FetchResult, Error> {
    println!("-> GET '{}'..", uri);

    let headers = if let Some(auth) = auth {
        let mut map = HashMap::new();
        map.insert("Authorization".to_string(), auth.to_string());
        Some(map)
    } else {
        None
    };

    let response = client.get(uri, headers.as_ref())?;

    let reader: Box<dyn Read> = response.into_body();
    let mut reader = reader.take(max_size as u64);
    let mut data = Vec::new();
    reader.read_to_end(&mut data)?;

    if let Some(checksums) = checksums {
        checksums.verify(&data)?;
    }

    Ok(FetchResult {
        fetched: data.len(),
        data,
    })
}

/// Helper to fetch InRelease (`detached` == false) or Release/Release.gpg (`detached` == true) files from repository.
///
/// Verifies the contained/detached signature, stores all fetched files under `prefix`, and returns the verified raw release file data.
fn fetch_release(
    config: &ParsedMirrorConfig,
    prefix: &Path,
    detached: bool,
) -> Result<FetchResult, Error> {
    let (name, fetched, sig) = if detached {
        println!("Fetching Release/Release.gpg files");
        let sig = fetch_repo_file(
            &config.client,
            &get_dist_url(&config.repository, "Release.gpg"),
            1024 * 1024,
            None,
            config.auth.as_deref(),
        )?;
        let mut fetched = fetch_repo_file(
            &config.client,
            &get_dist_url(&config.repository, "Release"),
            256 * 1024 * 1024,
            None,
            config.auth.as_deref(),
        )?;
        fetched.fetched += sig.fetched;
        ("Release(.gpg)", fetched, Some(sig.data()))
    } else {
        println!("Fetching InRelease file");
        let fetched = fetch_repo_file(
            &config.client,
            &get_dist_url(&config.repository, "InRelease"),
            256 * 1024 * 1024,
            None,
            config.auth.as_deref(),
        )?;
        ("InRelease", fetched, None)
    };

    println!("Verifying '{name}' signature using provided repository key..");
    let content = fetched.data_ref();
    let verified = helpers::verify_signature(content, &config.key, sig.as_deref())?;
    println!("Success");

    let sha512 = Some(openssl::sha::sha512(content));
    let csums = CheckSums {
        sha512,
        ..Default::default()
    };

    let locked = &config.pool.lock()?;

    if !locked.contains(&csums) {
        locked.add_file(content, &csums, config.sync)?;
    }

    if detached {
        locked.link_file(
            &csums,
            Path::new(&get_dist_path(&config.repository, prefix, "Release")),
        )?;
        let sig = sig.unwrap();
        let sha512 = Some(openssl::sha::sha512(&sig));
        let csums = CheckSums {
            sha512,
            ..Default::default()
        };
        if !locked.contains(&csums) {
            locked.add_file(&sig, &csums, config.sync)?;
        }
        locked.link_file(
            &csums,
            Path::new(&get_dist_path(&config.repository, prefix, "Release.gpg")),
        )?;
    } else {
        locked.link_file(
            &csums,
            Path::new(&get_dist_path(&config.repository, prefix, "InRelease")),
        )?;
    }

    Ok(FetchResult {
        data: verified,
        fetched: fetched.fetched,
    })
}

/// Helper to fetch an index file referenced by a `ReleaseFile`.
///
/// Since these usually come in compressed and uncompressed form, with the latter often not actually existing in the source repository as file, this fetches and if necessary decompresses to obtain a copy of the uncompressed data.
/// Will skip fetching if both references are already available with the expected checksum in the pool, in which case they will just be re-linked under the new path.
///
/// Returns the uncompressed data.
fn fetch_index_file(
    config: &ParsedMirrorConfig,
    prefix: &Path,
    reference: &FileReference,
    uncompressed: &FileReference,
) -> Result<FetchResult, Error> {
    let url = get_dist_url(&config.repository, &reference.path);
    let path = get_dist_path(&config.repository, prefix, &reference.path);
    let uncompressed_path = get_dist_path(&config.repository, prefix, &uncompressed.path);

    if config.pool.contains(&reference.checksums) && config.pool.contains(&uncompressed.checksums) {
        let data = config
            .pool
            .get_contents(&uncompressed.checksums, config.verify)?;

        // Ensure they're linked at current path
        config.pool.lock()?.link_file(&reference.checksums, &path)?;
        config
            .pool
            .lock()?
            .link_file(&uncompressed.checksums, &uncompressed_path)?;
        return Ok(FetchResult { data, fetched: 0 });
    }

    let res = fetch_plain_file(
        config,
        &url,
        &path,
        reference.size,
        &reference.checksums,
        true,
    )?;

    let mut buf = Vec::new();
    let raw = res.data_ref();

    let decompressed = match reference.file_type.compression() {
        None => raw,
        Some(CompressionType::Gzip) => {
            let mut gz = GzDecoder::new(raw);
            gz.read_to_end(&mut buf)?;
            &buf[..]
        }
        Some(CompressionType::Bzip2) => {
            let mut bz = bzip2::read::BzDecoder::new(raw);
            bz.read_to_end(&mut buf)?;
            &buf[..]
        }
        Some(CompressionType::Lzma) | Some(CompressionType::Xz) => {
            let mut xz = xz2::read::XzDecoder::new(raw);
            xz.read_to_end(&mut buf)?;
            &buf[..]
        }
    };

    let locked = &config.pool.lock()?;
    if !locked.contains(&uncompressed.checksums) {
        locked.add_file(decompressed, &uncompressed.checksums, config.sync)?;
    }

    // Ensure it's linked at current path
    locked.link_file(&uncompressed.checksums, &uncompressed_path)?;

    Ok(FetchResult {
        data: decompressed.to_owned(),
        fetched: res.fetched,
    })
}

/// Helper to fetch arbitrary files like binary packages.
///
/// Will skip fetching if matching file already exists locally, in which case it will just be re-linked under the new path.
///
/// If need_data is false and the mirror config is set to skip verification, reading the file's content will be skipped as well if fetching was skipped.
fn fetch_plain_file(
    config: &ParsedMirrorConfig,
    url: &str,
    file: &Path,
    max_size: usize,
    checksums: &CheckSums,
    need_data: bool,
) -> Result<FetchResult, Error> {
    let locked = &config.pool.lock()?;
    let res = if locked.contains(checksums) {
        if need_data || config.verify {
            locked
                .get_contents(checksums, config.verify)
                .map(|data| FetchResult { data, fetched: 0 })?
        } else {
            // performance optimization for .deb files if verify is false
            // we never need the file contents and they make up the bulk of a repo
            FetchResult {
                data: vec![],
                fetched: 0,
            }
        }
    } else {
        let fetched = fetch_repo_file(
            &config.client,
            url,
            max_size,
            Some(checksums),
            config.auth.as_deref(),
        )?;
        locked.add_file(fetched.data_ref(), checksums, config.verify)?;
        fetched
    };

    // Ensure it's linked at current path
    locked.link_file(checksums, file)?;

    Ok(res)
}

/// Initialize a new mirror (by creating the corresponding pool).
pub fn init(config: &MirrorConfig) -> Result<(), Error> {
    let pool_dir = format!("{}/.pool", config.base_dir);

    let dir = format!("{}/{}", config.base_dir, config.id);

    Pool::create(Path::new(&dir), Path::new(&pool_dir))?;
    Ok(())
}

/// Destroy a mirror (by destroying the corresponding pool's link dir followed by GC).
pub fn destroy(config: &MirrorConfig) -> Result<(), Error> {
    let pool: Pool = pool(config)?;
    pool.lock()?.destroy()?;

    Ok(())
}

/// List snapshots
pub fn list_snapshots(config: &MirrorConfig) -> Result<Vec<Snapshot>, Error> {
    let _pool: Pool = pool(config)?;

    let mut list: Vec<Snapshot> = vec![];

    let dir = mirror_dir(config);

    let path = Path::new(&dir);

    proxmox_sys::fs::scandir(
        libc::AT_FDCWD,
        path,
        &SNAPSHOT_REGEX,
        |_l2_fd, snapshot, file_type| {
            if file_type != nix::dir::Type::Directory {
                return Ok(());
            }

            list.push(snapshot.parse()?);

            Ok(())
        },
    )?;

    list.sort_unstable();

    Ok(list)
}

/// Create a new snapshot of the remote repository, fetching and storing files as needed.
///
/// Operates in three phases:
/// - Fetch and verify release files
/// - Fetch referenced indices according to config
/// - Fetch binary packages referenced by package indices
///
/// Files will be linked in a temporary directory and only renamed to the final, valid snapshot directory at the end. In case of error, leftover `XXX.tmp` directories at the top level of `base_dir` can be safely removed once the next snapshot was successfully created, as they only contain hardlinks.
pub fn create_snapshot(
    config: MirrorConfig,
    snapshot: &Snapshot,
    subscription: Option<SubscriptionKey>,
) -> Result<(), Error> {
    let auth = if let Some(product) = &config.use_subscription {
        match subscription {
            None => {
                bail!(
                    "Mirror {} requires a subscription key, but none given.",
                    config.id
                );
            }
            Some(key) if key.product() == *product => {
                let base64 = base64::encode(format!("{}:{}", key.key, key.server_id));
                Some(format!("basic {base64}"))
            }
            Some(key) => {
                bail!(
                    "Repository product type '{}' and key product type '{}' don't match.",
                    product,
                    key.product()
                );
            }
        }
    } else {
        None
    };

    let mut config: ParsedMirrorConfig = config.try_into()?;
    config.auth = auth;

    let prefix = format!("{snapshot}.tmp");
    let prefix = Path::new(&prefix);

    let mut total_progress = Progress::new();

    let parse_release = |res: FetchResult, name: &str| -> Result<ReleaseFile, Error> {
        println!("Parsing {name}..");
        let parsed: ReleaseFile = res.data[..].try_into()?;
        println!(
            "'{name}' file has {} referenced files..",
            parsed.files.len()
        );
        Ok(parsed)
    };

    // we want both on-disk for compat reasons
    let res = fetch_release(&config, prefix, true)?;
    total_progress.update(&res);
    let _release = parse_release(res, "Release")?;

    let res = fetch_release(&config, prefix, false)?;
    total_progress.update(&res);
    let release = parse_release(res, "InRelease")?;

    let mut per_component = HashMap::new();
    let mut others = Vec::new();
    let binary = &config
        .repository
        .types
        .contains(&APTRepositoryPackageType::Deb);
    let source = &config
        .repository
        .types
        .contains(&APTRepositoryPackageType::DebSrc);

    for (basename, references) in &release.files {
        let reference = references.first();
        let reference = if let Some(reference) = reference {
            reference.clone()
        } else {
            continue;
        };
        let skip_components = !&config.repository.components.contains(&reference.component);

        let skip = skip_components
            || match &reference.file_type {
                FileReferenceType::Ignored => true,
                FileReferenceType::PDiff => true, // would require fetching the patches as well
                FileReferenceType::Contents(arch, _)
                | FileReferenceType::ContentsUdeb(arch, _)
                | FileReferenceType::Packages(arch, _)
                | FileReferenceType::PseudoRelease(Some(arch)) => {
                    !binary || !config.architectures.contains(arch)
                }
                FileReferenceType::Sources(_) => !source,
                _ => false,
            };
        if skip {
            println!("Skipping {}", reference.path);
            others.push(reference);
        } else {
            let list = per_component
                .entry(reference.component)
                .or_insert_with(Vec::new);
            list.push(basename);
        }
    }
    println!();

    let mut indices_size = 0_usize;
    let mut total_count = 0;

    for (component, references) in &per_component {
        println!("Component '{component}'");

        let mut component_indices_size = 0;

        for basename in references {
            for reference in release.files.get(*basename).unwrap() {
                println!("\t{:?}: {:?}", reference.path, reference.file_type);
                component_indices_size += reference.size;
            }
        }
        indices_size += component_indices_size;

        let component_count = references.len();
        total_count += component_count;

        println!("Component references count: {component_count}");
        println!("Component indices size: {component_indices_size}");
        if references.is_empty() {
            println!("\tNo references found..");
        }
    }
    println!("Total indices count: {total_count}");
    println!("Total indices size: {indices_size}");

    if !others.is_empty() {
        println!("Skipped {} references", others.len());
    }
    println!();

    let mut packages_size = 0_usize;
    let mut packages_indices = HashMap::new();
    for (component, references) in per_component {
        println!("\nFetching indices for component '{component}'");
        let mut component_deb_size = 0;
        let mut fetch_progress = Progress::new();

        for basename in references {
            println!("\tFetching '{basename}'..");
            let files = release.files.get(basename).unwrap();
            let uncompressed_ref = files
                .iter()
                .find(|reference| reference.path == *basename)
                .ok_or_else(|| format_err!("Found derived reference without base reference."))?;
            let mut package_index_data = None;

            for reference in files {
                // if both compressed and uncompressed are referenced, the uncompressed file may not exist on the server
                if reference == uncompressed_ref && files.len() > 1 {
                    continue;
                }

                // this will ensure the uncompressed file will be written locally
                let res = fetch_index_file(&config, prefix, reference, uncompressed_ref)?;
                fetch_progress.update(&res);

                if package_index_data.is_none() && reference.file_type.is_package_index() {
                    package_index_data = Some(res.data());
                }
            }
            if let Some(data) = package_index_data {
                let packages: PackagesFile = data[..].try_into()?;
                let size: usize = packages.files.iter().map(|p| p.size).sum();
                println!("\t{} packages totalling {size}", packages.files.len());
                component_deb_size += size;

                packages_indices.entry(basename).or_insert(packages);
            }
            println!("Progress: {fetch_progress}");
        }
        println!("Total deb size for component: {component_deb_size}");
        packages_size += component_deb_size;
        total_progress += fetch_progress;
    }
    println!("Total deb size: {packages_size}");

    println!("\nFetching packages..");
    for (basename, references) in packages_indices {
        let total_files = references.files.len();
        if total_files == 0 {
            println!("\n{basename} - no files, skipping.");
            continue;
        } else {
            println!("\n{basename} - {total_files} total file(s)");
        }

        let mut fetch_progress = Progress::new();
        for package in references.files {
            let mut full_path = PathBuf::from(prefix);
            full_path.push(&package.file);
            let res = fetch_plain_file(
                &config,
                &get_repo_url(&config.repository, &package.file),
                &full_path,
                package.size,
                &package.checksums,
                false,
            )?;
            fetch_progress.update(&res);
            if fetch_progress.file_count() % (max(total_files / 100, 1)) == 0 {
                println!("\tProgress: {fetch_progress}");
            }
        }
        println!("\tProgress: {fetch_progress}");
        total_progress += fetch_progress;
    }

    println!("\nStats: {total_progress}");

    println!("Rotating temp. snapshot in-place: {prefix:?} -> \"{snapshot}\"");
    let locked = config.pool.lock()?;
    locked.rename(prefix, Path::new(&format!("{snapshot}")))?;

    Ok(())
}

/// Remove a snapshot by removing the corresponding snapshot directory. To actually free up space, a garbage collection needs to be run afterwards.
pub fn remove_snapshot(config: &MirrorConfig, snapshot: &Snapshot) -> Result<(), Error> {
    let pool: Pool = pool(config)?;
    let path = pool.get_path(Path::new(&snapshot.to_string()))?;

    pool.lock()?.remove_dir(&path)
}

/// Run a garbage collection on the underlying pool.
pub fn gc(config: &MirrorConfig) -> Result<(usize, u64), Error> {
    let pool: Pool = pool(config)?;

    pool.lock()?.gc()
}
Commit	Line	Data
9ecde319 FG	1	use std::{
	2	cmp::max,
	3	collections::HashMap,
	4	io::Read,
	5	path::{Path, PathBuf},
	6	};
	7
8b267808	8	use anyhow::{bail, format_err, Error};
9ecde319	9	use flate2::bufread::GzDecoder;
d035ecb5	10	use nix::libc;
49997188	11	use proxmox_http::{client::sync::Client, HttpClient, HttpOptions};
d035ecb5 FG	12	use proxmox_sys::fs::file_get_contents;
	13
	14	use crate::{
8b267808	15	config::{MirrorConfig, SubscriptionKey},
d035ecb5 FG	16	convert_repo_line,
	17	pool::Pool,
	18	types::{Snapshot, SNAPSHOT_REGEX},
	19	FetchResult, Progress,
	20	};
9ecde319 FG	21	use proxmox_apt::{
	22	deb822::{
	23	CheckSums, CompressionType, FileReference, FileReferenceType, PackagesFile, ReleaseFile,
	24	},
	25	repositories::{APTRepository, APTRepositoryPackageType},
	26	};
	27
	28	use crate::helpers;
	29
c598cb15 FG	30	fn mirror_dir(config: &MirrorConfig) -> String {
	31	format!("{}/{}", config.base_dir, config.id)
	32	}
	33
d035ecb5	34	pub(crate) fn pool(config: &MirrorConfig) -> Result<Pool, Error> {
c598cb15 FG	35	let pool_dir = format!("{}/.pool", config.base_dir);
c598cb15 FG	36	Pool::open(Path::new(&mirror_dir(config)), Path::new(&pool_dir))
d035ecb5 FG	37	}
d035ecb5 FG	38
2d13dcfc	39	/// `MirrorConfig`, but some fields converted/parsed into usable types.
d035ecb5 FG	40	struct ParsedMirrorConfig {
	41	pub repository: APTRepository,
	42	pub architectures: Vec<String>,
	43	pub pool: Pool,
	44	pub key: Vec<u8>,
	45	pub verify: bool,
	46	pub sync: bool,
8b267808	47	pub auth: Option<String>,
49997188	48	pub client: Client,
d035ecb5 FG	49	}
	50
	51	impl TryInto<ParsedMirrorConfig> for MirrorConfig {
	52	type Error = anyhow::Error;
	53
	54	fn try_into(self) -> Result<ParsedMirrorConfig, Self::Error> {
	55	let pool = pool(&self)?;
	56
	57	let repository = convert_repo_line(self.repository.clone())?;
	58
	59	let key = file_get_contents(Path::new(&self.key_path))?;
	60
49997188 FG	61	let options = HttpOptions {
	62	user_agent: Some("proxmox-offline-mirror 0.1".to_string()),
	63	..Default::default()
	64	}; // TODO actually read version ;)
	65
	66	let client = Client::new(options);
8b267808	67
d035ecb5 FG	68	Ok(ParsedMirrorConfig {
	69	repository,
	70	architectures: self.architectures,
	71	pool,
	72	key,
	73	verify: self.verify,
	74	sync: self.sync,
8b267808	75	auth: None,
49997188	76	client,
d035ecb5 FG	77	})
	78	}
	79	}
	80
2d13dcfc	81	// Helper to get absolute URL for dist-specific relative `path`.
9ecde319 FG	82	fn get_dist_url(repo: &APTRepository, path: &str) -> String {
	83	let dist_root = format!("{}/dists/{}", repo.uris[0], repo.suites[0]);
	84
	85	format!("{}/{}", dist_root, path)
	86	}
	87
2d13dcfc	88	// Helper to get dist-specific path given a `prefix` (snapshot dir) and relative `path`.
9ecde319 FG	89	fn get_dist_path(repo: &APTRepository, prefix: &Path, path: &str) -> PathBuf {
	90	let mut base = PathBuf::from(prefix);
	91	base.push("dists");
	92	base.push(&repo.suites[0]);
	93	base.push(path);
	94	base
	95	}
	96
2d13dcfc	97	// Helper to get generic URL given a `repo` and `path`.
9ecde319 FG	98	fn get_repo_url(repo: &APTRepository, path: &str) -> String {
	99	format!("{}/{}", repo.uris[0], path)
	100	}
	101
2d13dcfc FG	102	/// Helper to fetch file from URI and optionally verify the responses checksum.
	103	///
	104	/// Only fetches and returns data, doesn't store anything anywhere.
9ecde319	105	fn fetch_repo_file(
49997188	106	client: &Client,
9ecde319	107	uri: &str,
d7e210ac	108	max_size: usize,
9ecde319	109	checksums: Option<&CheckSums>,
8b267808	110	auth: Option<&str>,
9ecde319 FG	111	) -> Result<FetchResult, Error> {
	112	println!("-> GET '{}'..", uri);
	113
49997188 FG	114	let headers = if let Some(auth) = auth {
	115	let mut map = HashMap::new();
	116	map.insert("Authorization".to_string(), auth.to_string());
	117	Some(map)
8b267808	118	} else {
49997188	119	None
8b267808 FG	120	};
8b267808 FG	121
49997188	122	let response = client.get(uri, headers.as_ref())?;
9ecde319	123
49997188	124	let reader: Box<dyn Read> = response.into_body();
d7e210ac	125	let mut reader = reader.take(max_size as u64);
9ecde319	126	let mut data = Vec::new();
49997188	127	reader.read_to_end(&mut data)?;
9ecde319 FG	128
	129	if let Some(checksums) = checksums {
	130	checksums.verify(&data)?;
	131	}
	132
	133	Ok(FetchResult {
49997188	134	fetched: data.len(),
9ecde319	135	data,
9ecde319 FG	136	})
	137	}
	138
2d13dcfc FG	139	/// Helper to fetch InRelease (`detached` == false) or Release/Release.gpg (`detached` == true) files from repository.
	140	///
	141	/// Verifies the contained/detached signature, stores all fetched files under `prefix`, and returns the verified raw release file data.
9ecde319 FG	142	fn fetch_release(
	143	config: &ParsedMirrorConfig,
	144	prefix: &Path,
	145	detached: bool,
	146	) -> Result<FetchResult, Error> {
	147	let (name, fetched, sig) = if detached {
	148	println!("Fetching Release/Release.gpg files");
8b267808	149	let sig = fetch_repo_file(
49997188	150	&config.client,
8b267808	151	&get_dist_url(&config.repository, "Release.gpg"),
d7e210ac	152	1024 * 1024,
8b267808 FG	153	None,
	154	config.auth.as_deref(),
	155	)?;
9ecde319	156	let mut fetched = fetch_repo_file(
49997188	157	&config.client,
9ecde319	158	&get_dist_url(&config.repository, "Release"),
d7e210ac	159	256 * 1024 * 1024,
9ecde319	160	None,
8b267808	161	config.auth.as_deref(),
9ecde319 FG	162	)?;
	163	fetched.fetched += sig.fetched;
	164	("Release(.gpg)", fetched, Some(sig.data()))
	165	} else {
	166	println!("Fetching InRelease file");
	167	let fetched = fetch_repo_file(
49997188	168	&config.client,
9ecde319	169	&get_dist_url(&config.repository, "InRelease"),
d7e210ac	170	256 * 1024 * 1024,
9ecde319	171	None,
8b267808	172	config.auth.as_deref(),
9ecde319 FG	173	)?;
	174	("InRelease", fetched, None)
	175	};
	176
	177	println!("Verifying '{name}' signature using provided repository key..");
	178	let content = fetched.data_ref();
	179	let verified = helpers::verify_signature(content, &config.key, sig.as_deref())?;
	180	println!("Success");
	181
	182	let sha512 = Some(openssl::sha::sha512(content));
	183	let csums = CheckSums {
	184	sha512,
	185	..Default::default()
	186	};
	187
	188	let locked = &config.pool.lock()?;
	189
	190	if !locked.contains(&csums) {
d035ecb5	191	locked.add_file(content, &csums, config.sync)?;
9ecde319 FG	192	}
	193
	194	if detached {
	195	locked.link_file(
	196	&csums,
	197	Path::new(&get_dist_path(&config.repository, prefix, "Release")),
	198	)?;
	199	let sig = sig.unwrap();
	200	let sha512 = Some(openssl::sha::sha512(&sig));
	201	let csums = CheckSums {
	202	sha512,
	203	..Default::default()
	204	};
	205	if !locked.contains(&csums) {
d035ecb5	206	locked.add_file(&sig, &csums, config.sync)?;
9ecde319 FG	207	}
	208	locked.link_file(
	209	&csums,
	210	Path::new(&get_dist_path(&config.repository, prefix, "Release.gpg")),
	211	)?;
	212	} else {
	213	locked.link_file(
	214	&csums,
	215	Path::new(&get_dist_path(&config.repository, prefix, "InRelease")),
	216	)?;
	217	}
	218
	219	Ok(FetchResult {
	220	data: verified,
	221	fetched: fetched.fetched,
	222	})
	223	}
	224
2d13dcfc FG	225	/// Helper to fetch an index file referenced by a `ReleaseFile`.
	226	///
	227	/// Since these usually come in compressed and uncompressed form, with the latter often not actually existing in the source repository as file, this fetches and if necessary decompresses to obtain a copy of the uncompressed data.
	228	/// Will skip fetching if both references are already available with the expected checksum in the pool, in which case they will just be re-linked under the new path.
	229	///
	230	/// Returns the uncompressed data.
9ecde319 FG	231	fn fetch_index_file(
	232	config: &ParsedMirrorConfig,
	233	prefix: &Path,
	234	reference: &FileReference,
	235	uncompressed: &FileReference,
	236	) -> Result<FetchResult, Error> {
	237	let url = get_dist_url(&config.repository, &reference.path);
	238	let path = get_dist_path(&config.repository, prefix, &reference.path);
	239	let uncompressed_path = get_dist_path(&config.repository, prefix, &uncompressed.path);
	240
	241	if config.pool.contains(&reference.checksums) && config.pool.contains(&uncompressed.checksums) {
	242	let data = config
	243	.pool
	244	.get_contents(&uncompressed.checksums, config.verify)?;
	245
	246	// Ensure they're linked at current path
	247	config.pool.lock()?.link_file(&reference.checksums, &path)?;
	248	config
	249	.pool
	250	.lock()?
	251	.link_file(&uncompressed.checksums, &uncompressed_path)?;
	252	return Ok(FetchResult { data, fetched: 0 });
	253	}
	254
d7e210ac FG	255	let res = fetch_plain_file(
	256	config,
	257	&url,
	258	&path,
	259	reference.size,
	260	&reference.checksums,
	261	true,
	262	)?;
9ecde319 FG	263
	264	let mut buf = Vec::new();
	265	let raw = res.data_ref();
	266
	267	let decompressed = match reference.file_type.compression() {
	268	None => raw,
	269	Some(CompressionType::Gzip) => {
	270	let mut gz = GzDecoder::new(raw);
	271	gz.read_to_end(&mut buf)?;
	272	&buf[..]
	273	}
	274	Some(CompressionType::Bzip2) => {
	275	let mut bz = bzip2::read::BzDecoder::new(raw);
	276	bz.read_to_end(&mut buf)?;
	277	&buf[..]
	278	}
	279	Some(CompressionType::Lzma) \| Some(CompressionType::Xz) => {
	280	let mut xz = xz2::read::XzDecoder::new(raw);
	281	xz.read_to_end(&mut buf)?;
	282	&buf[..]
	283	}
	284	};
	285
	286	let locked = &config.pool.lock()?;
	287	if !locked.contains(&uncompressed.checksums) {
d035ecb5	288	locked.add_file(decompressed, &uncompressed.checksums, config.sync)?;
9ecde319 FG	289	}
	290
	291	// Ensure it's linked at current path
	292	locked.link_file(&uncompressed.checksums, &uncompressed_path)?;
	293
	294	Ok(FetchResult {
	295	data: decompressed.to_owned(),
	296	fetched: res.fetched,
	297	})
	298	}
	299
2d13dcfc FG	300	/// Helper to fetch arbitrary files like binary packages.
	301	///
	302	/// Will skip fetching if matching file already exists locally, in which case it will just be re-linked under the new path.
	303	///
	304	/// If need_data is false and the mirror config is set to skip verification, reading the file's content will be skipped as well if fetching was skipped.
9ecde319 FG	305	fn fetch_plain_file(
	306	config: &ParsedMirrorConfig,
	307	url: &str,
	308	file: &Path,
d7e210ac	309	max_size: usize,
9ecde319 FG	310	checksums: &CheckSums,
	311	need_data: bool,
	312	) -> Result<FetchResult, Error> {
	313	let locked = &config.pool.lock()?;
	314	let res = if locked.contains(checksums) {
	315	if need_data \|\| config.verify {
	316	locked
	317	.get_contents(checksums, config.verify)
	318	.map(\|data\| FetchResult { data, fetched: 0 })?
	319	} else {
	320	// performance optimization for .deb files if verify is false
	321	// we never need the file contents and they make up the bulk of a repo
	322	FetchResult {
	323	data: vec![],
	324	fetched: 0,
	325	}
	326	}
	327	} else {
8b267808	328	let fetched = fetch_repo_file(
49997188	329	&config.client,
8b267808	330	url,
d7e210ac	331	max_size,
8b267808 FG	332	Some(checksums),
	333	config.auth.as_deref(),
	334	)?;
9ecde319 FG	335	locked.add_file(fetched.data_ref(), checksums, config.verify)?;
	336	fetched
	337	};
	338
	339	// Ensure it's linked at current path
	340	locked.link_file(checksums, file)?;
	341
	342	Ok(res)
	343	}
	344
2d13dcfc	345	/// Initialize a new mirror (by creating the corresponding pool).
d035ecb5	346	pub fn init(config: &MirrorConfig) -> Result<(), Error> {
c598cb15 FG	347	let pool_dir = format!("{}/.pool", config.base_dir);
	348
	349	let dir = format!("{}/{}", config.base_dir, config.id);
	350
	351	Pool::create(Path::new(&dir), Path::new(&pool_dir))?;
d035ecb5 FG	352	Ok(())
	353	}
	354
c598cb15	355	/// Destroy a mirror (by destroying the corresponding pool's link dir followed by GC).
d035ecb5 FG	356	pub fn destroy(config: &MirrorConfig) -> Result<(), Error> {
	357	let pool: Pool = pool(config)?;
	358	pool.lock()?.destroy()?;
	359
	360	Ok(())
	361	}
	362
2d13dcfc	363	/// List snapshots
d035ecb5 FG	364	pub fn list_snapshots(config: &MirrorConfig) -> Result<Vec<Snapshot>, Error> {
	365	let _pool: Pool = pool(config)?;
	366
	367	let mut list: Vec<Snapshot> = vec![];
	368
c598cb15 FG	369	let dir = mirror_dir(config);
	370
	371	let path = Path::new(&dir);
d035ecb5 FG	372
	373	proxmox_sys::fs::scandir(
	374	libc::AT_FDCWD,
	375	path,
	376	&SNAPSHOT_REGEX,
	377	\|_l2_fd, snapshot, file_type\| {
	378	if file_type != nix::dir::Type::Directory {
	379	return Ok(());
	380	}
	381
	382	list.push(snapshot.parse()?);
	383
	384	Ok(())
	385	},
	386	)?;
	387
45aa8bea FG	388	list.sort_unstable();
45aa8bea FG	389
d035ecb5 FG	390	Ok(list)
	391	}
	392
2d13dcfc FG	393	/// Create a new snapshot of the remote repository, fetching and storing files as needed.
	394	///
	395	/// Operates in three phases:
	396	/// - Fetch and verify release files
	397	/// - Fetch referenced indices according to config
	398	/// - Fetch binary packages referenced by package indices
	399	///
	400	/// Files will be linked in a temporary directory and only renamed to the final, valid snapshot directory at the end. In case of error, leftover `XXX.tmp` directories at the top level of `base_dir` can be safely removed once the next snapshot was successfully created, as they only contain hardlinks.
8b267808 FG	401	pub fn create_snapshot(
	402	config: MirrorConfig,
	403	snapshot: &Snapshot,
	404	subscription: Option<SubscriptionKey>,
	405	) -> Result<(), Error> {
	406	let auth = if let Some(product) = &config.use_subscription {
	407	match subscription {
	408	None => {
	409	bail!(
	410	"Mirror {} requires a subscription key, but none given.",
	411	config.id
	412	);
	413	}
	414	Some(key) if key.product() == *product => {
	415	let base64 = base64::encode(format!("{}:{}", key.key, key.server_id));
	416	Some(format!("basic {base64}"))
	417	}
	418	Some(key) => {
	419	bail!(
	420	"Repository product type '{}' and key product type '{}' don't match.",
	421	product,
	422	key.product()
	423	);
	424	}
	425	}
	426	} else {
	427	None
	428	};
	429
	430	let mut config: ParsedMirrorConfig = config.try_into()?;
	431	config.auth = auth;
9ecde319 FG	432
	433	let prefix = format!("{snapshot}.tmp");
	434	let prefix = Path::new(&prefix);
	435
	436	let mut total_progress = Progress::new();
	437
	438	let parse_release = \|res: FetchResult, name: &str\| -> Result<ReleaseFile, Error> {
	439	println!("Parsing {name}..");
	440	let parsed: ReleaseFile = res.data[..].try_into()?;
	441	println!(
	442	"'{name}' file has {} referenced files..",
	443	parsed.files.len()
	444	);
	445	Ok(parsed)
	446	};
	447
	448	// we want both on-disk for compat reasons
	449	let res = fetch_release(&config, prefix, true)?;
	450	total_progress.update(&res);
	451	let _release = parse_release(res, "Release")?;
	452
	453	let res = fetch_release(&config, prefix, false)?;
	454	total_progress.update(&res);
	455	let release = parse_release(res, "InRelease")?;
	456
	457	let mut per_component = HashMap::new();
	458	let mut others = Vec::new();
	459	let binary = &config
	460	.repository
	461	.types
	462	.contains(&APTRepositoryPackageType::Deb);
	463	let source = &config
	464	.repository
	465	.types
	466	.contains(&APTRepositoryPackageType::DebSrc);
	467
	468	for (basename, references) in &release.files {
	469	let reference = references.first();
	470	let reference = if let Some(reference) = reference {
	471	reference.clone()
	472	} else {
	473	continue;
	474	};
	475	let skip_components = !&config.repository.components.contains(&reference.component);
	476
	477	let skip = skip_components
	478	\|\| match &reference.file_type {
	479	FileReferenceType::Ignored => true,
	480	FileReferenceType::PDiff => true, // would require fetching the patches as well
	481	FileReferenceType::Contents(arch, _)
	482	\| FileReferenceType::ContentsUdeb(arch, _)
	483	\| FileReferenceType::Packages(arch, _)
	484	\| FileReferenceType::PseudoRelease(Some(arch)) => {
	485	!binary \|\| !config.architectures.contains(arch)
	486	}
	487	FileReferenceType::Sources(_) => !source,
	488	_ => false,
	489	};
	490	if skip {
	491	println!("Skipping {}", reference.path);
	492	others.push(reference);
	493	} else {
	494	let list = per_component
	495	.entry(reference.component)
496	.or_insert_with(Vec::new);
497	list.push(basename);
498	}
499	}
500	println!();
501
502	let mut indices_size = 0_usize;
503	let mut total_count = 0;
504
505	for (component, references) in &per_component {
506	println!("Component '{component}'");
507
508	let mut component_indices_size = 0;
509
510	for basename in references {
511	for reference in release.files.get(*basename).unwrap() {
512	println!("\t{:?}: {:?}", reference.path, reference.file_type);
513	component_indices_size += reference.size;
514	}
515	}
516	indices_size += component_indices_size;
517
518	let component_count = references.len();
519	total_count += component_count;
520
521	println!("Component references count: {component_count}");
522	println!("Component indices size: {component_indices_size}");
523	if references.is_empty() {
524	println!("\tNo references found..");
525	}
526	}
527	println!("Total indices count: {total_count}");
528	println!("Total indices size: {indices_size}");
529
530	if !others.is_empty() {
531	println!("Skipped {} references", others.len());
532	}
533	println!();
534
535	let mut packages_size = 0_usize;
536	let mut packages_indices = HashMap::new();
537	for (component, references) in per_component {
538	println!("\nFetching indices for component '{component}'");
539	let mut component_deb_size = 0;
540	let mut fetch_progress = Progress::new();
541
542	for basename in references {
543	println!("\tFetching '{basename}'..");
544	let files = release.files.get(basename).unwrap();
545	let uncompressed_ref = files
546	.iter()
547	.find(\|reference\| reference.path == *basename)
548	.ok_or_else(\|\| format_err!("Found derived reference without base reference."))?;
549	let mut package_index_data = None;
550
551	for reference in files {
552	// if both compressed and uncompressed are referenced, the uncompressed file may not exist on the server
553	if reference == uncompressed_ref && files.len() > 1 {
554	continue;
555	}
556
557	// this will ensure the uncompressed file will be written locally
558	let res = fetch_index_file(&config, prefix, reference, uncompressed_ref)?;
559	fetch_progress.update(&res);
560
561	if package_index_data.is_none() && reference.file_type.is_package_index() {
562	package_index_data = Some(res.data());
563	}
564	}
565	if let Some(data) = package_index_data {
566	let packages: PackagesFile = data[..].try_into()?;
567	let size: usize = packages.files.iter().map(\|p\| p.size).sum();
568	println!("\t{} packages totalling {size}", packages.files.len());
569	component_deb_size += size;
570
571	packages_indices.entry(basename).or_insert(packages);
572	}
573	println!("Progress: {fetch_progress}");
574	}
575	println!("Total deb size for component: {component_deb_size}");
576	packages_size += component_deb_size;
577	total_progress += fetch_progress;
578	}
579	println!("Total deb size: {packages_size}");
580
581	println!("\nFetching packages..");
582	for (basename, references) in packages_indices {
583	let total_files = references.files.len();
584	if total_files == 0 {
585	println!("\n{basename} - no files, skipping.");
586	continue;
587	} else {
588	println!("\n{basename} - {total_files} total file(s)");
589	}
590
591	let mut fetch_progress = Progress::new();
592	for package in references.files {
593	let mut full_path = PathBuf::from(prefix);
594	full_path.push(&package.file);
595	let res = fetch_plain_file(
596	&config,
597	&get_repo_url(&config.repository, &package.file),
598	&full_path,
d7e210ac	599	package.size,
9ecde319 FG	600	&package.checksums,
	601	false,
	602	)?;
	603	fetch_progress.update(&res);
	604	if fetch_progress.file_count() % (max(total_files / 100, 1)) == 0 {
	605	println!("\tProgress: {fetch_progress}");
	606	}
	607	}
	608	println!("\tProgress: {fetch_progress}");
	609	total_progress += fetch_progress;
	610	}
	611
	612	println!("\nStats: {total_progress}");
	613
	614	println!("Rotating temp. snapshot in-place: {prefix:?} -> \"{snapshot}\"");
	615	let locked = config.pool.lock()?;
	616	locked.rename(prefix, Path::new(&format!("{snapshot}")))?;
	617
	618	Ok(())
	619	}
d035ecb5	620
2d13dcfc	621	/// Remove a snapshot by removing the corresponding snapshot directory. To actually free up space, a garbage collection needs to be run afterwards.
d035ecb5 FG	622	pub fn remove_snapshot(config: &MirrorConfig, snapshot: &Snapshot) -> Result<(), Error> {
	623	let pool: Pool = pool(config)?;
	624	let path = pool.get_path(Path::new(&snapshot.to_string()))?;
	625
	626	pool.lock()?.remove_dir(&path)
	627	}
	628
2d13dcfc	629	/// Run a garbage collection on the underlying pool.
d035ecb5 FG	630	pub fn gc(config: &MirrorConfig) -> Result<(usize, u64), Error> {
	631	let pool: Pool = pool(config)?;
	632
	633	pool.lock()?.gc()
	634	}