| 70 | | # sync the MacPorts sources |
| 71 | | ui_msg "$macports::ui_prefix Updating MacPorts base sources using rsync" |
| 72 | | try -pass_signal { |
| 73 | | system "$rsync_path $rsync_options rsync://${rsync_server}/$rsync_dir $mp_source_path" |
| 74 | | } catch {{*} eCode eMessage} { |
| 75 | | return -code error "Error synchronizing MacPorts sources: $eMessage" |
| | 71 | # expect "version 1" in first file |
| | 72 | set firstline [lindex $data 0] |
| | 73 | if {$firstline ne "version 1"} { |
| | 74 | ui_debug "Expected \"version 1\", got \"$firstline\"" |
| | 75 | ui_msg "\n\nPlease download latest version from http://www.macports.org\n\n" |
| | 76 | return -code error "Format of latest version file unsupported!" |
| 78 | | if {$is_tarball} { |
| 79 | | # verify signature for tarball |
| 80 | | global macports::archivefetch_pubkeys |
| 81 | | try -pass_signal { |
| 82 | | system "$rsync_path $rsync_options rsync://${rsync_server}/${rsync_dir}.rmd160 $mp_source_path" |
| 83 | | } catch {{*} eCode eMessage} { |
| 84 | | return -code error "Error synchronizing MacPorts source signature: $eMessage" |
| 85 | | } |
| 86 | | set openssl [macports::findBinary openssl $macports::autoconf::openssl_path] |
| 87 | | set tarball ${mp_source_path}/[file tail $rsync_dir] |
| 88 | | set signature ${tarball}.rmd160 |
| 89 | | set verified 0 |
| 90 | | foreach pubkey $macports::archivefetch_pubkeys { |
| 91 | | try -pass_signal { |
| 92 | | exec $openssl dgst -ripemd160 -verify $pubkey -signature $signature $tarball |
| 93 | | set verified 1 |
| 94 | | ui_debug "successful verification with key $pubkey" |
| 95 | | break |
| 96 | | } catch {{*} eCode eMessage} { |
| 97 | | ui_debug "failed verification with key $pubkey" |
| 98 | | ui_debug "openssl output: $eMessage" |
| 99 | | } |
| 100 | | } |
| 101 | | if {!$verified} { |
| 102 | | return -code error "Failed to verify signature for MacPorts source!" |
| 103 | | } |
| | 79 | # check if update is required |
| | 80 | set latest_version [lindex $data 1] |
| | 81 | set tarball_url [lindex $data 2] |
| 132 | | # Choose what version file to use: old, floating point format or new, real version number format |
| 133 | | set version_file [file join $mp_source_path config macports_version] |
| 134 | | if {[file exists $version_file]} { |
| 135 | | set fd [open $version_file r] |
| 136 | | gets $fd macports_version_new |
| 137 | | close $fd |
| 138 | | # echo downloaded MacPorts version |
| 139 | | ui_msg "MacPorts base version $macports_version_new downloaded." |
| 140 | | } else { |
| 141 | | ui_warn "No version file found, please rerun selfupdate." |
| 142 | | set macports_version_new 0 |
| 143 | | } |
| 144 | | |
| | 107 | # get parameters from given URL |
| | 108 | set srclist [split $tarball_url ://] |
| | 109 | set tarball_fetchpath [file join $portdbpath sources [lrange $srclist 3 end-1] /] |
| | 110 | |
| | 111 | set tarball_filename [file tail $tarball_url] |
| | 112 | set tarball_fullpath [file join $tarball_fetchpath $tarball_filename] |
| | 113 | if {![regexp {^(.*)(\.tar\.(.*))$} $tarball_filename -> tarball_rootname tarball_extension]} { |
| | 114 | return -code error "Error parsing tarball filename" |
| | 115 | } |
| | 116 | set tarball_extractpath [file join $tarball_fetchpath $tarball_rootname] |
| | 117 | set signature_url "{$tarball_url}.rmd160" |
| | 118 | set signature_fullpath [file join $tarball_fullpath ".rmd160"] |
| | 119 | |
| | 120 | # create the path for the to be downloaded sources if it doesn't exist |
| | 121 | if {![file exists $tarball_fetchpath]} { |
| | 122 | file mkdir $tarball_fetchpath |
| | 123 | } |
| | 124 | ui_debug "Downloading to directory: $tarball_fetchpath" |
| | 125 | |
| | 126 | # determine curl flags |
| | 127 | set progressflag {} |
| | 128 | if {$macports::portverbose} { |
| | 129 | set progressflag "--progress builtin" |
| | 130 | } elseif {[info exists macports::ui_options(progress_download)]} { |
| | 131 | set progressflag "--progress ${macports::ui_options(progress_download)}" |
| | 132 | } |
| | 133 | |
| | 134 | # fetch tarball and detached signature |
| | 135 | if {[catch {curl fetch {*}$progressflag $tarball_url $tarball_fullpath} result]} { |
| | 136 | return -code error "Error downloading MacPorts source tarball: $result" |
| | 137 | } |
| | 138 | if {[catch {curl fetch {*}$progressflag $signature_url $signature_fullpath} result]} { |
| | 139 | return -code error "Error downloading MacPorts source tarball: $result" |
| | 140 | } |
| | 141 | |
| | 142 | # verify signature for tarball |
| | 143 | global macports::archivefetch_pubkeys |
| | 144 | set openssl [macports::findBinary openssl $macports::autoconf::openssl_path] |
| | 145 | set verified 0 |
| | 146 | foreach pubkey $macports::archivefetch_pubkeys { |
| | 147 | try -pass_signal { |
| | 148 | exec $openssl dgst -ripemd160 -verify $pubkey -signature $signature_fullpath $tarball_fullpath |
| | 149 | set verified 1 |
| | 150 | ui_debug "successful verification with key $pubkey" |
| | 151 | break |
| | 152 | } catch {{*} eCode eMessage} { |
| | 153 | ui_debug "failed verification with key $pubkey" |
| | 154 | ui_debug "openssl output: $eMessage" |
| | 155 | } |
| | 156 | } |
| | 157 | if {!$verified} { |
| | 158 | return -code error "Failed to verify signature for MacPorts source" |
| | 159 | } |
| | 160 | |
| | 161 | # set the MacPorts sources to the right owner |
| | 162 | set sources_owner [file attributes [file join $portdbpath sources/] -owner] |
| | 163 | ui_debug "Setting MacPorts sources ownership to $sources_owner" |
| | 164 | try -pass_signal { |
| | 165 | exec [macports::findBinary chown $macports::autoconf::chown_path] -R $sources_owner [file join $portdbpath $tarball_fetchpath] |
| | 166 | } catch {{*} eCode eMessage} { |
| | 167 | return -code error "Could not change owner to $sources_owner for $tarball_fetchpath: $eMessage" |
| | 168 | } |
| | 169 | |
| | 170 | # extract tarball and move into place |
| | 171 | set tar [macports::findBinary tar $macports::autoconf::tar_path] |
| | 172 | set tmppath [file join $tarball_fetchpath _tmp] |
| | 173 | file delete -force $tmppath |
| | 174 | file mkdir $tmppath |
| | 175 | set tar_cmd "$tar -C $tmppath -xof $tarball_fullpath" |
| | 176 | try -pass_signal { |
| | 177 | system $tar_cmd |
| | 178 | } catch {*} { |
| | 179 | file delete -force $tmppath |
| | 180 | return -code error "Failed to extract MacPorts sources from tarball" |
| | 181 | } |
| | 182 | file delete -force $tarball_extractpath |
| | 183 | file rename ${tmppath} ${tarball_extractpath} |
| | 184 | file delete -force $tmppath |
| | 185 | |
| 213 | | # set the MacPorts sources to the right owner |
| 214 | | set sources_owner [file attributes [file join $portdbpath sources/] -owner] |
| 215 | | ui_debug "Setting MacPorts sources ownership to $sources_owner" |
| 216 | | try { |
| 217 | | exec [macports::findBinary chown $macports::autoconf::chown_path] -R $sources_owner [file join $portdbpath sources/] |
| 218 | | } catch {{*} eCode eMessage} { |
| 219 | | return -code error "Couldn't change permissions of the MacPorts sources at $mp_source_path to ${sources_owner}: $eMessage" |
| | 232 | return 0 |
| | 233 | |
| | 234 | # syncing ports tree. |
| | 235 | if {![info exists options(ports_selfupdate_nosync)] || !$options(ports_selfupdate_nosync)} { |
| | 236 | if {$comp > 0} { |
| | 237 | # updated portfiles potentially need new base to parse - tell sync to try to |
| | 238 | # use prefabricated PortIndex files and signal if it couldn't |
| | 239 | lappend optionslist no_reindex 1 needed_portindex_var needed_portindex |
| | 240 | } |
| | 241 | try { |
| | 242 | mportsync $optionslist |
| | 243 | } catch {{*} eCode eMessage} { |
| | 244 | return -code error "Couldn't sync the ports tree: $eMessage" |
| | 245 | } |
