More convenient trusted-host

[gocheese.git] / integrity.go

/*
GoCheese -- Python private package repository and caching proxy
Copyright (C) 2019-2022 Sergey Matveev <stargrave@stargrave.org>

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, version 3 of the License.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

package main

import (
        "bufio"
        "bytes"
        "crypto/sha256"
        "fmt"
        "hash"
        "io"
        "log"
        "os"
        "path/filepath"
        "strings"

        "golang.org/x/crypto/blake2b"
)

func checkFile(
        pkgName, fn, fnHash, hasherName string,
        hasher hash.Hash, digest []byte,
) bool {
        expected, err := os.ReadFile(fnHash)
        if err != nil {
                log.Fatal(err)
        }
        fd, err := os.Open(fn)
        if err != nil {
                if os.IsNotExist(err) {
                        return true
                }
                log.Fatal(err)
        }
        _, err = io.Copy(hasher, bufio.NewReader(fd))
        fd.Close()
        if err != nil {
                log.Fatal(err)
        }
        isEqual := bytes.Compare(hasher.Sum(digest[:0]), expected) == 0
        hasher.Reset()
        if isEqual {
                fmt.Println("GOOD", hasherName, pkgName)
                return true
        }
        fmt.Println("BAD", hasherName, pkgName)
        return false
}

func goodIntegrity() bool {
        dirs, err := os.ReadDir(Root)
        if err != nil {
                log.Fatal(err)
        }
        hasherSHA256 := sha256.New()
        hasherBLAKE2b256 := blake2b256New()
        digestSHA256 := make([]byte, sha256.Size)
        digestBLAKE2b256 := make([]byte, blake2b.Size256)
        isGood := true
        var pkgName string
        for _, dir := range dirs {
                files, err := os.ReadDir(filepath.Join(Root, dir.Name()))
                if err != nil {
                        log.Fatal(err)
                }
                for _, file := range files {
                        if strings.HasSuffix(file.Name(), "."+HashAlgoSHA256) {
                                pkgName = strings.TrimSuffix(file.Name(), "."+HashAlgoSHA256)
                                if !checkFile(
                                        pkgName,
                                        filepath.Join(Root, dir.Name(), pkgName),
                                        filepath.Join(Root, dir.Name(), file.Name()),
                                        "SHA256", hasherSHA256, digestSHA256,
                                ) {
                                        isGood = false
                                }
                                continue
                        }
                        if strings.HasSuffix(file.Name(), "."+HashAlgoBLAKE2b256) {
                                pkgName = strings.TrimSuffix(file.Name(), "."+HashAlgoBLAKE2b256)
                                if !checkFile(
                                        pkgName,
                                        filepath.Join(Root, dir.Name(), pkgName),
                                        filepath.Join(Root, dir.Name(), file.Name()),
                                        "BLAKE2b-256", hasherBLAKE2b256, digestBLAKE2b256,
                                ) {
                                        isGood = false
                                }
                        }
                }
        }
        return isGood
}