From 3826ec70bdecb04944b58dd6c09e2c4adc10488b Mon Sep 17 00:00:00 2001 From: Callan Barrett Date: Sun, 8 Jun 2008 19:08:11 +0800 Subject: [PATCH] Use bash script to parse pkgbuilds Test using a bash script to parse pkgbuilds instead of PHP --- web/html/packages.php | 4 - web/html/pkgsubmit.php | 318 ++++++++++------------------------------------ web/lib/parsepkgbuild.sh | 44 +++++++ 3 files changed, 113 insertions(+), 253 deletions(-) create mode 100755 web/lib/parsepkgbuild.sh diff --git a/web/html/packages.php b/web/html/packages.php index 80ddf20..68e1d00 100644 --- a/web/html/packages.php +++ b/web/html/packages.php @@ -232,10 +232,6 @@ if ($_POST['action'] == "do_Flag" || isset($_POST['do_Flag'])) { $q = "DELETE FROM PackageVotes WHERE PackageID = " . $id; $result = db_query($q, $dbh); - # 2) delete from PackageContents - $q = "DELETE FROM PackageContents WHERE PackageID = " . $id; - $result = db_query($q, $dbh); - # 3) delete from PackageDepends $q = "DELETE FROM PackageDepends WHERE PackageID = " . $id; $result = db_query($q, $dbh); diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php index ae5b93a..fc9622e 100644 --- a/web/html/pkgsubmit.php +++ b/web/html/pkgsubmit.php @@ -62,6 +62,7 @@ if ($_COOKIE["AURSID"]) { if ($file == "PKGBUILD") { $pkgbuild = UPLOAD_DIR . $tempdir . "/PKGBUILD"; $pkg_dir = UPLOAD_DIR . $tempdir; + chdir($pkg_dir); break; } else if (is_dir($file)) { # we'll assume the first directory we find is the one with @@ -83,6 +84,7 @@ if ($_COOKIE["AURSID"]) { # oh my $pkgbuild = UPLOAD_DIR . $tempdir . "/" . $deepdir ."/PKGBUILD"; $pkg_dir = UPLOAD_DIR . $tempdir . "/" . $deepdir; + chdir($pkg_dir); break; } } @@ -94,187 +96,42 @@ if ($_COOKIE["AURSID"]) { # we know where our pkgbuild is now, woot woot } - # if no error, get list of directory contents and process PKGBUILD - # if (!$error) { - # get list of files - # - $d = dir($pkg_dir); - $pkg_contents = array(); - while ($f = $d->read()) { - if ($f != "." && $f != "..") { - $pkg_contents[$f] = filesize($pkg_dir . "/" . $f); - if (preg_match("/^(.*\.pkg\.tar\.gz|filelist)$/", $f)) { - $error = __("Binary packages and filelists are not allowed for upload."); - } - } - } - $d->close(); - - # process PKGBIULD - remove line concatenation - # - $pkgbuild = array(); - $fp = fopen($pkg_dir."/PKGBUILD", "r"); - $line_no = 0; - $lines = array(); - $continuation_line = 0; - $current_line = ""; - while (!feof($fp)) { - $line = trim(fgets($fp)); - $char_counts = count_chars($line, 0); - if (substr($line, strlen($line)-1) == "\\") { - # continue appending onto existing line_no - # - $current_line .= substr($line, 0, strlen($line)-1); - $continuation_line = 1; - } elseif ($char_counts[ord('(')] > $char_counts[ord(')')]) { - # assumed continuation - # continue appending onto existing line_no - # - $current_line .= $line . " "; - $continuation_line = 1; - } else { - # maybe the last line in a continuation, or a standalone line? - # - if ($continuation_line) { - # append onto existing line_no - # - $current_line .= $line; - $lines[$line_no] = $current_line; - $current_line = ""; - } else { - # it's own line_no - # - $lines[$line_no] = $line; - } - $continuation_line = 0; - $line_no++; - } - } - fclose($fp); - - # Now process the lines and put any var=val lines into the - # 'pkgbuild' array. Also check to make sure it has the build() - # function. - # - $seen_build_function = 0; - while (list($k, $line) = each($lines)) { - $lparts = explode("=", $line, 2); - if (count($lparts) == 2) { - # this is a variable/value pair, strip out - # array parens and any quoting, except in pkgdesc - # for pkgdesc, only remove start/end pairs of " or ' - if ($lparts[0]=="pkgdesc") { - if ($lparts[1]{0} == '"' && - $lparts[1]{strlen($lparts[1])-1} == '"') { - $pkgbuild[$lparts[0]] = substr($lparts[1], 1, -1); - } - elseif - ($lparts[1]{0} == "'" && - $lparts[1]{strlen($lparts[1])-1} == "'") { - $pkgbuild[$lparts[0]] = substr($lparts[1], 1, -1); - } else { - $pkgbuild[$lparts[0]] = $lparts[1]; - } - } else { - $pkgbuild[$lparts[0]] = str_replace(array("(",")","\"","'"), "", - $lparts[1]); - } - } else { - # either a comment, blank line, continued line, or build function - # - if (substr($lparts[0], 0, 5) == "build") { - $seen_build_function = 1; - } - } - # XXX: closes bug #2280? Might as well let the loop complete rather - # than break after the build() function. - # - #if ($seen_build_function) {break;} - } - + $lines = array(); + exec('bash ' . $_SERVER['DOCUMENT_ROOT'] . '/../lib/parsepkgbuild.sh PKGBUILD', $lines); + + $pkgbuild = array(); + foreach ($lines as $line) { + eval($line); + } + # some error checking on PKGBUILD contents - just make sure each # variable has a value. This does not do any validity checking # on the values, or attempts to fix line continuation/wrapping. # - if (!$seen_build_function) { - $error = __("Missing build function in PKGBUILD."); - } - if (!array_key_exists("md5sums", $pkgbuild)) { - $error = __("Missing md5sums variable in PKGBUILD."); - } - if (!array_key_exists("source", $pkgbuild)) { - $error = __("Missing source variable in PKGBUILD."); - } - if (!array_key_exists("url", $pkgbuild)) { + if (empty($pkgbuild['url'])) { $error = __("Missing url variable in PKGBUILD."); } - if (!array_key_exists("pkgdesc", $pkgbuild)) { + if (empty($pkgbuild['pkgdesc'])) { $error = __("Missing pkgdesc variable in PKGBUILD."); } - if (!array_key_exists("license", $pkgbuild)) { + if (!count($pkgbuild['license'])) { $error = __("Missing license variable in PKGBUILD."); } - if (!array_key_exists("pkgrel", $pkgbuild)) { + if (empty($pkgbuild['pkgrel'])) { $error = __("Missing pkgrel variable in PKGBUILD."); } - if (!array_key_exists("pkgver", $pkgbuild)) { + if (empty($pkgbuild['pkgver'])) { $error = __("Missing pkgver variable in PKGBUILD."); } - if (!array_key_exists("arch", $pkgbuild)) { - $error = __("Missing arch variable in PKGBUILD."); - } - if (!array_key_exists("pkgname", $pkgbuild)) { + if (empty($pkgbuild['pkgname'])) { $error = __("Missing pkgname variable in PKGBUILD."); } } - # TODO This is where other additional error checking can be - # performed. Examples: #md5sums == #sources?, md5sums of any - # included files match?, install scriptlet file exists? - # - - # Check for http:// or other protocol in url - # - if (!$error) { - $parsed_url = parse_url($pkgbuild['url']); - if (!$parsed_url['scheme']) { - $error = __("Package URL is missing a protocol (ie. http:// ,ftp://)"); - } - } - - # Now, run through the pkgbuild array and do any $pkgname/$pkgver - # substituions. - # - #TODO: run through and do ALL substitutions, to cover custom vars - if (!$error) { - $pkgname_var = $pkgbuild["pkgname"]; - $pkgver_var = $pkgbuild["pkgver"]; - $new_pkgbuild = array(); - while (list($k, $v) = each($pkgbuild)) { - $v = str_replace("\$pkgname", $pkgname_var, $v); - $v = str_replace("\${pkgname}", $pkgname_var, $v); - $v = str_replace("\$pkgver", $pkgver_var, $v); - $v = str_replace("\${pkgver}", $pkgver_var, $v); - $new_pkgbuild[$k] = $v; - } - } - - # now we've parsed the pkgbuild, let's move it to where it belongs - # if (!$error) { - $pkg_name = str_replace("'", "", $pkgbuild['pkgname']); - $pkg_name = escapeshellarg($pkg_name); - $pkg_name = str_replace("'", "", $pkg_name); # get rid of single quotes - - # Solves the problem when you try to submit PKGBUILD - # that have the name with a period like (gstreamer0.10) - # Added support for packages with + characters like (mysql++). - $presult = preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkg_name); - - if ($presult == FALSE || $presult <= 0) { - # FALSE => error processing regex, 0 => invalid characters - # + $presult = preg_match("/^[a-z0-9][a-z0-9\.+_-]*$/", $pkgbuild['pkgname']); + if (!$presult) { $error = __("Invalid name: only lowercase letters are allowed."); } } @@ -282,38 +139,38 @@ if ($_COOKIE["AURSID"]) { if (!$error) { # first, see if this package already exists, and if it can be overwritten # - $pkg_exists = package_exists($pkg_name); - if (can_submit_pkg($pkg_name, $_COOKIE["AURSID"])) { - if (file_exists(INCOMING_DIR . $pkg_name)) { + $pkg_exists = package_exists($pkgbuild['pkgname']); + if (can_submit_pkg($pkgbuild['pkgname'], $_COOKIE["AURSID"])) { + if (file_exists(INCOMING_DIR . $pkgbuild['pkgname'])) { # blow away the existing file/dir and contents # - rm_rf(INCOMING_DIR . $pkg_name); + rm_rf(INCOMING_DIR . $pkgbuild['pkgname']); } - if (!@mkdir(INCOMING_DIR.$pkg_name)) { + if (!@mkdir(INCOMING_DIR . $pkgbuild['pkgname'])) { $error = __("Could not create directory %s.", - array(INCOMING_DIR.$pkg_name)); + array(INCOMING_DIR . $pkgbuild['pkgname'])); } - $shcmd = "/bin/mv " . $pkg_dir . " " . escapeshellarg(INCOMING_DIR . $pkg_name . "/" . $pkg_name); + $shcmd = "/bin/mv " . $pkg_dir . " " . escapeshellarg(INCOMING_DIR . $pkgbuild['pkgname'] . "/" . $pkgbuild['pkgname']); @exec($shcmd); } else { $error = __("You are not allowed to overwrite the %h%s%h package.", - array("", $pkg_name, "")); + array("", $pkgbuild['pkgname'], "")); } } # Re-tar the package for consistency's sake # if (!$error) { - if (!@chdir(INCOMING_DIR.$pkg_name)) { + if (!@chdir(INCOMING_DIR . $pkgbuild['pkgname'])) { $error = __("Could not change directory to %s.", - array(INCOMING_DIR.$pkg_name)); + array(INCOMING_DIR . $pkgbuild['pkgname'])); } } if (!$error) { - @exec("/bin/sh -c 'tar czf ".$pkg_name.".tar.gz ".$pkg_name."'", $trash, $retval); + @exec("/bin/sh -c 'tar czf ".escapeshellarg($pkgbuild['pkgname']).".tar.gz ".escapeshellarg($pkgbuild['pkgname'])."'", $trash, $retval); if ($retval) { $error = __("Could not re-tar"); } @@ -334,7 +191,7 @@ if ($_COOKIE["AURSID"]) { # purged. # $q = "SELECT * FROM Packages "; - $q.= "WHERE Name = '".mysql_real_escape_string($new_pkgbuild['pkgname'])."'"; + $q.= "WHERE Name = '".mysql_real_escape_string($pkgbuild['pkgname'])."'"; $result = db_query($q, $dbh); $pdata = mysql_fetch_assoc($result); @@ -342,8 +199,6 @@ if ($_COOKIE["AURSID"]) { # flush out old data that will be replaced with new data # - $q = "DELETE FROM PackageContents WHERE PackageID = ".$pdata["ID"]; - db_query($q, $dbh); $q = "DELETE FROM PackageDepends WHERE PackageID = ".$pdata["ID"]; db_query($q, $dbh); $q = "DELETE FROM PackageSources WHERE PackageID = ".$pdata["ID"]; @@ -362,64 +217,47 @@ if ($_COOKIE["AURSID"]) { } else { $q.="ModifiedTS = UNIX_TIMESTAMP(), "; } - $q.="Name='".mysql_real_escape_string($new_pkgbuild['pkgname'])."', "; - $q.="Version='".mysql_real_escape_string($new_pkgbuild['pkgver'])."-". - mysql_real_escape_string($new_pkgbuild['pkgrel'])."',"; + $q.="Name='".mysql_real_escape_string($pkgbuild['pkgname'])."', "; + $q.="Version='".mysql_real_escape_string($pkgbuild['pkgver'])."-".mysql_real_escape_string($pkgbuild['pkgrel'])."', "; if ($_POST['category'] > 1) { - $q.="CategoryID=".mysql_real_escape_string($_REQUEST['category']).", "; - } - $q.="License='".mysql_real_escape_string($new_pkgbuild['license'])."', "; - $q.="Description='".mysql_real_escape_string($new_pkgbuild['pkgdesc'])."', "; - $q.="URL='".mysql_real_escape_string($new_pkgbuild['url'])."', "; + $q.="CategoryID=".mysql_real_escape_string($_REQUEST['category']).", "; + } + $q.="License='".mysql_real_escape_string($pkgbuild['license'][0])."', "; + $q.="Description='".mysql_real_escape_string($pkgbuild['pkgdesc'])."', "; + $q.="URL='".mysql_real_escape_string($pkgbuild['url'])."', "; $q.="LocationID=2, "; - $fspath=INCOMING_DIR.$pkg_name."/".$_FILES["pfile"]["name"]; + $fspath=INCOMING_DIR.$pkgbuild['pkgname']."/".$_FILES["pfile"]["name"]; $q.="FSPath='".mysql_real_escape_string($fspath)."', "; - $urlpath=URL_DIR.$pkg_name."/".$_FILES["pfile"]["name"]; + $urlpath=URL_DIR.$pkgbuild['pkgname']."/".$_FILES["pfile"]["name"]; $q.="OutOfDate=0, "; $q.="URLPath='".mysql_real_escape_string($urlpath)."' "; $q.="WHERE ID = " . $pdata["ID"]; $result = db_query($q, $dbh); - # update package contents - # - while (list($k, $v) = each($pkg_contents)) { - $q = "INSERT INTO PackageContents "; - $q.= "(PackageID, FSPath, URLPath, FileSize) VALUES ("; - $q.= $pdata['ID'].", "; - $q.= "'".INCOMING_DIR.$pkg_name."/".$pkg_name."/".$k."', "; - $q.= "'".URL_DIR.$pkg_name."/".$pkg_name."/".$k."', "; - $q.= $v.")"; - db_query($q); - } - # update package depends # - $depends = explode(" ", $new_pkgbuild['depends']); + $depends = $pkgbuild['depends']; - while (list($k, $v) = each($depends)) { + while (list($k, $v) = each($depends)) { $q = "INSERT INTO PackageDepends (PackageID, DepPkgID, DepCondition) VALUES ("; $deppkgname = preg_replace("/[<>]?=.*/", "", $v); - $depcondition = str_replace($deppkgname, "", $v); - - # Solve the problem with comments and deps - # added by: dsa - if ($deppkgname == "#") - break; + $depcondition = str_replace($deppkgname, "", $v); $deppkgid = create_dummy($deppkgname, $_COOKIE['AURSID']); - if(!empty($depcondition)) - $q .= $pdata["ID"].", ".$deppkgid.", '".$depcondition."')"; - else - $q .= $pdata["ID"].", ".$deppkgid.", '')"; + if(!empty($depcondition)) { + $q .= $pdata["ID"].", ".$deppkgid.", '".$depcondition."')"; + } else { + $q .= $pdata["ID"].", ".$deppkgid.", '')"; + } db_query($q, $dbh); } - # Insert sources, if they don't exist don't inser them + # Insert sources, if they don't exist don't insert them # - if ($new_pkgbuild['source'] != "") { - $sources = explode(" ", $new_pkgbuild['source']); + if (!empty($pkgbuild['source'])) { + $sources = $pkgbuild['source']; while (list($k, $v) = each($sources)) { $q = "INSERT INTO PackageSources (PackageID, Source) VALUES ("; $q .= $pdata["ID"].", '".mysql_real_escape_string($v)."')"; @@ -433,59 +271,42 @@ if ($_COOKIE["AURSID"]) { $q.= " (Name, License, Version, CategoryID, Description, URL, LocationID, "; $q.= " SubmittedTS, SubmitterUID, MaintainerUID, FSPath, URLPath) "; $q.= "VALUES ('"; - $q.= mysql_real_escape_string($new_pkgbuild['pkgname'])."', '"; - $q.= mysql_real_escape_string($new_pkgbuild['license'])."', '"; - $q.= mysql_real_escape_string($new_pkgbuild['pkgver'])."-". - mysql_real_escape_string($new_pkgbuild['pkgrel'])."', "; + $q.= mysql_real_escape_string($pkgbuild['pkgname'])."', '"; + $q.= mysql_real_escape_string($pkgbuild['license'][0])."', '"; + $q.= mysql_real_escape_string($pkgbuild['pkgver'])."-".mysql_real_escape_string($pkgbuild['pkgrel'])."', "; $q.= mysql_real_escape_string($_REQUEST['category']).", '"; - $q.= mysql_real_escape_string($new_pkgbuild['pkgdesc'])."', '"; - $q.= mysql_real_escape_string($new_pkgbuild['url']); + $q.= mysql_real_escape_string($pkgbuild['pkgdesc'])."', '"; + $q.= mysql_real_escape_string($pkgbuild['url']); $q.= "', 2, "; $q.= "UNIX_TIMESTAMP(), "; $q.= uid_from_sid($_COOKIE["AURSID"]).", "; $q.= uid_from_sid($_COOKIE["AURSID"]).", '"; - $fspath=INCOMING_DIR.$pkg_name."/".$_FILES["pfile"]["name"]; + $fspath=INCOMING_DIR.$pkgbuild['pkgname']."/".$_FILES["pfile"]["name"]; $q.= mysql_real_escape_string($fspath)."', '"; - $urlpath=URL_DIR.$pkg_name."/".$_FILES["pfile"]["name"]; + $urlpath=URL_DIR.$pkgbuild['pkgname']."/".$_FILES["pfile"]["name"]; $q.= mysql_real_escape_string($urlpath)."')"; $result = db_query($q, $dbh); -# print $result . "
"; $packageID = mysql_insert_id($dbh); - # update package contents - # - while (list($k, $v) = each($pkg_contents)) { - $q = "INSERT INTO PackageContents "; - $q.= "(PackageID, FSPath, URLPath, FileSize) VALUES ("; - $q.= $packageID.", "; - $q.= "'".INCOMING_DIR.$pkg_name."/".$pkg_name."/".$k."', "; - $q.= "'".URL_DIR.$pkg_name."/".$pkg_name."/".$k."', "; - $q.= $v.")"; - db_query($q); - } - # update package depends # - $depends = explode(" ", $new_pkgbuild['depends']); - while (list($k, $v) = each($depends)) { - $q = "INSERT INTO PackageDepends (PackageID, DepPkgID) VALUES ("; - $deppkgname = preg_replace("/[<>]?=.*/", "", $v); - - # Solve the problem with comments and deps - # added by: dsa - if ($deppkgname == "#") - break; + $depends = $pkgbuild['depends']; + if (!empty($pkgbuild['depends'])) { + while (list($k, $v) = each($depends)) { + $q = "INSERT INTO PackageDepends (PackageID, DepPkgID) VALUES ("; + $deppkgname = preg_replace("/[<>]?=.*/", "", $v); - $deppkgid = create_dummy($deppkgname, $_COOKIE['AURSID']); - $q .= $packageID.", ".$deppkgid.")"; - db_query($q, $dbh); - } + $deppkgid = create_dummy($deppkgname, $_COOKIE['AURSID']); + $q .= $packageID.", ".$deppkgid.")"; + db_query($q, $dbh); + } + } # insert sources # - if ($new_pkgbuild['source'] != "") { - $sources = explode(" ", $new_pkgbuild['source']); + if (!empty($pkgbuild['source'])) { + $sources = $pkgbuild['source']; while (list($k, $v) = each($sources)) { $q = "INSERT INTO PackageSources (PackageID, Source) VALUES ("; $q .= $packageID.", '".mysql_real_escape_string($v)."')"; @@ -495,7 +316,6 @@ if ($_COOKIE["AURSID"]) { } } - # must chdir because include dirs are relative! chdir($_SERVER['DOCUMENT_ROOT']); } diff --git a/web/lib/parsepkgbuild.sh b/web/lib/parsepkgbuild.sh new file mode 100755 index 0000000..af20e79 --- /dev/null +++ b/web/lib/parsepkgbuild.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +if [ -z "$1" ]; then + exit +fi + +export PATH='' +exec /bin/bash --noprofile --norc --restricted << EOF + +source $1 + +print_var() +{ + if [ -n "\$2" ]; then + echo -e "\\\$pkgbuild['\$1'] = '\${2//\'/\\\\\'}';" + else + echo "\\\$pkgbuild['\$1'] = '';" + fi +} + +print_array() +{ + key=\$1; shift + if [ -n "\$1" ]; then + array=( "\$@" ) + echo -n "\\\$pkgbuild['\$key'] = array(" + for i in \${array[@]}; do echo -n "'\${i//\'/\\\\\'}',"; done + echo ");" + else + echo "\\\$pkgbuild['\$key'] = array();" + fi +} + +print_var pkgname "\$pkgname" +print_var pkgver "\$pkgver" +print_var pkgrel "\$pkgrel" +print_var pkgdesc "\$pkgdesc" +print_var url "\$url" +print_array license "\${license[@]}" +print_array md5sums "\${md5sums[@]}" +print_array arch "\${arch[@]}" +print_array depends "\${depends[@]}" +print_array makedepends "\${makedepends[@]}" +print_array source "\${source[@]}" -- 1.5.5.3