You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

187 lines
4.1 KiB

  1. #!/bin/sh
  2. . /usr/share/debconf/confmodule
  3. log() {
  4. logger -t net-retriever "$@"
  5. }
  6. error() {
  7. log "error: $@"
  8. exit 1
  9. }
  10. db_get mirror/protocol
  11. protocol="$RET"
  12. db_get mirror/$protocol/hostname
  13. hostname="$RET"
  14. db_get mirror/$protocol/directory
  15. directory="$RET"
  16. keyring=/usr/share/keyrings/archive.gpg
  17. fetch() {
  18. fetch-url -c "${protocol}://${hostname}${directory}/$1" "$2"
  19. }
  20. # Note: callers are expected to check for non-empty strings in return,
  21. # which could indicate an unknown checksum type, or a missing foosum
  22. # binary.
  23. get_checksum() {
  24. type="$1"
  25. file="$2"
  26. case "$type" in
  27. SHA256) sha256sum "$file" | cut -d' ' -f1 ;;
  28. *) error "Unknown checksum type $type for $file"
  29. esac
  30. }
  31. checkmatch() {
  32. Release="$1"
  33. Packages="$2"
  34. pkgfile="$3"
  35. pkgsize="$(wc -c < "$Packages" | tr -d ' ')"
  36. # Note: When checksum types are modified by the FTP team, make
  37. # sure to update both the list below and the case statement in
  38. # get_checksum().
  39. for checksumtype in SHA256; do
  40. pkgchecksum=$(get_checksum "$checksumtype" "$Packages")
  41. if [ -z "$pkgchecksum" ]; then
  42. error "Please report a bug: get_checksum() returned nothing"
  43. fi
  44. set -e
  45. sed -n "/^$checksumtype:\$/ b LOOP; b; : PRINT; /:\$/q; p; : LOOP; n; b PRINT" \
  46. "$Release" | (
  47. found=0
  48. while read checksum size file; do
  49. if [ "$file" = "$pkgfile" ]; then
  50. if [ "$checksum" != "$pkgchecksum" ]; then
  51. error "$checksumtype mismatch for $pkgfile ($checksum != $pkgchecksum)."
  52. fi
  53. if [ "$size" != "$pkgsize" ]; then
  54. error "Size mismatch for $pkgfile ($size != $pkgsize)."
  55. fi
  56. found=1
  57. fi
  58. done
  59. if [ "$found" != 1 ]; then
  60. error "$pkgfile not found in $Release (for $checksumtype checksum)."
  61. fi
  62. )
  63. set +e
  64. done
  65. }
  66. read_gpg_status() {
  67. while read prefix keyword rest; do
  68. [ "$prefix" = '[GNUPG:]' ] || continue
  69. if [ "$keyword" = VALIDSIG ]; then
  70. exit 0
  71. fi
  72. done
  73. exit 1
  74. }
  75. cmd="$1"
  76. shift
  77. case "$cmd" in
  78. retrieve)
  79. fetch "$@"
  80. exit $?
  81. ;;
  82. packages)
  83. rm -f "$1"
  84. touch "$1"
  85. # Setting codename to a suite is not very nice, but can do no harm
  86. if ! db_get mirror/udeb/suite || [ -z "$RET" ]; then
  87. if [ -f /etc/udebs-source ]; then
  88. RET=$(cat /etc/udebs-source)
  89. else
  90. db_get mirror/codename
  91. fi
  92. fi
  93. codename="$RET"
  94. Release="/tmp/net-retriever-$$-Release"
  95. fetch "dists/$codename/Release" "$Release" || exit $?
  96. # If gpgv and a keyring are installed, authentication is
  97. # mandatory by default.
  98. if type gpgv >/dev/null && [ -f "$keyring" ]; then
  99. if db_get debian-installer/allow_unauthenticated && [ "$RET" = true ]; then
  100. log "Not verifying Release signature: unauthenticated mode enabled"
  101. else
  102. if ! fetch "dists/$codename/Release.gpg" "$Release.gpg"; then
  103. error "dists/$codename/Release is unsigned."
  104. fi
  105. if ! log-output -t net-retriever --pass-stdout \
  106. gpgv --status-fd 1 --keyring "$keyring" \
  107. --ignore-time-conflict \
  108. "$Release.gpg" "$Release" | read_gpg_status; then
  109. error "Bad signature on $Release."
  110. fi
  111. fi
  112. else
  113. log "Not verifying Release signature: gpgv not available"
  114. fi
  115. ARCH=`udpkg --print-architecture`
  116. components="`grep ^Components: $Release | cut -d' ' -f2-`"
  117. ret=1
  118. if [ -z "$components" ]; then
  119. error "No components listed in $Release."
  120. fi
  121. for comp in $components; do
  122. for ext in '.xz' '.gz' ''; do
  123. pkgfile="$comp/debian-installer/binary-$ARCH/Packages$ext"
  124. line=`grep $pkgfile\$ $Release 2>/dev/null`
  125. if [ $? != 0 ]; then
  126. continue
  127. fi
  128. Packages="/tmp/net-retriever-$$-Packages"
  129. rm -f "$Packages"
  130. fetch "dists/$codename/$pkgfile" "$Packages" || continue
  131. checkmatch "$Release" "$Packages" "$pkgfile"
  132. if [ "$ext" = '' ]; then
  133. cat "$Packages" >> "$1"
  134. elif [ "$ext" = .gz ]; then
  135. zcat "$Packages" >> "$1"
  136. elif [ "$ext" = .xz ]; then
  137. xzcat "$Packages" >> "$1"
  138. fi
  139. ret=0
  140. break
  141. done
  142. done
  143. exit $ret
  144. ;;
  145. error)
  146. T="retriever/net/error"
  147. db_set "$T" "Retry"
  148. db_input critical "$T" || true
  149. if ! db_go; then
  150. exit 2
  151. fi
  152. db_get "$T"
  153. if [ "$RET" = "Retry" ]; then
  154. exit 0
  155. elif [ "$RET" = "Change mirror" ]; then
  156. choose-mirror || true
  157. exit 0
  158. elif [ "$RET" = Cancel ]; then
  159. exit 2
  160. fi
  161. ;;
  162. *)
  163. # unknown or missing command
  164. exit 1
  165. ;;
  166. esac