/*
GoCheese -- Python private package repository and caching proxy
-Copyright (C) 2019-2021 Sergey Matveev <stargrave@stargrave.org>
+Copyright (C) 2019-2023 Sergey Matveev <stargrave@stargrave.org>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
"errors"
"hash"
"io"
- "io/ioutil"
"log"
"net/http"
"net/url"
HashAlgoBLAKE2b256 = "blake2_256"
HashAlgoSHA512 = "sha512"
HashAlgoMD5 = "md5"
- GPGSigExt = ".asc"
InternalFlag = ".internal"
)
w http.ResponseWriter,
r *http.Request,
pkgName, filenameGet string,
- gpgUpdate bool,
) bool {
if _, err := os.Stat(filepath.Join(Root, pkgName, InternalFlag)); err == nil {
return true
http.Error(w, "PyPI has non 200 status code", http.StatusBadGateway)
return false
}
- body, err := ioutil.ReadAll(resp.Body)
+ body, err := io.ReadAll(resp.Body)
+ if err != nil {
+ resp.Body.Close()
+ log.Println("error", r.RemoteAddr, "refresh-json", pkgName, err)
+ http.Error(w, "can not read body", http.StatusBadGateway)
+ return false
+ }
resp.Body.Close()
var buf bytes.Buffer
var description string
return false
}
path := filepath.Join(dirPath, MDFile)
- existing, err := ioutil.ReadFile(path)
- if err != nil || bytes.Compare(existing, buf.Bytes()) != 0 {
+ existing, err := os.ReadFile(path)
+ if err != nil || !bytes.Equal(existing, buf.Bytes()) {
if err = WriteFileSync(dirPath, path, buf.Bytes(), now); err != nil {
log.Println("error", r.RemoteAddr, "refresh-json", path, err)
http.Error(w, err.Error(), http.StatusInternalServerError)
http.Error(w, "PyPI has non 200 status code", http.StatusBadGateway)
return false
}
- body, err := ioutil.ReadAll(resp.Body)
+ body, err := io.ReadAll(resp.Body)
resp.Body.Close()
if err != nil {
log.Println("error", r.RemoteAddr, "refresh", pkgName, err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return false
}
- if bytes.Compare(hasher.Sum(nil), digest) != 0 {
+ if !bytes.Equal(hasher.Sum(nil), digest) {
log.Println(r.RemoteAddr, "pypi", filename, "digest mismatch")
os.Remove(dst.Name())
dst.Close()
http.Error(w, "digest mismatch", http.StatusBadGateway)
return false
}
- if digestStored, err := ioutil.ReadFile(path + "." + hashAlgo); err == nil &&
- bytes.Compare(digest, digestStored) != 0 {
+ if digestStored, err := os.ReadFile(path + "." + hashAlgo); err == nil &&
+ !bytes.Equal(digest, digestStored) {
err = errors.New("stored digest mismatch")
log.Println("error", r.RemoteAddr, "pypi", filename, err)
os.Remove(dst.Name())
}
}
- if filename == filenameGet || gpgUpdate {
- if _, err = os.Stat(path); err != nil {
- goto GPGSigSkip
- }
- resp, err := c.Do(agentedReq(uri + GPGSigExt))
- if err != nil {
- goto GPGSigSkip
- }
- if resp.StatusCode != http.StatusOK {
- resp.Body.Close()
- goto GPGSigSkip
- }
- sig, err := ioutil.ReadAll(resp.Body)
- resp.Body.Close()
- if err != nil {
- goto GPGSigSkip
- }
- if !bytes.HasPrefix(sig, []byte("-----BEGIN PGP SIGNATURE-----")) {
- log.Println(r.RemoteAddr, "pypi", filename+GPGSigExt, "non PGP")
- goto GPGSigSkip
- }
- if err = WriteFileSync(dirPath, path+GPGSigExt, sig, mtime); err != nil {
- log.Println("error", r.RemoteAddr, "pypi", filename+GPGSigExt, err)
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return false
- }
- log.Println(r.RemoteAddr, "pypi", filename+GPGSigExt, "downloaded")
- }
- if mtimeExists {
- stat, err := os.Stat(path + GPGSigExt)
- if err == nil && !stat.ModTime().Truncate(time.Second).Equal(mtime) {
- log.Println(r.RemoteAddr, "pypi", filename+GPGSigExt, "touch")
- if err = os.Chtimes(path+GPGSigExt, mtime, mtime); err != nil {
- log.Println("error", r.RemoteAddr, "pypi", filename, err)
- http.Error(w, err.Error(), http.StatusInternalServerError)
- }
- }
- }
-
- GPGSigSkip:
if digest == nil {
continue
}