From 68b394523d6df8f39d5bf78420951a097d46cc07 Mon Sep 17 00:00:00 2001 From: roboogg133 Date: Sat, 20 Sep 2025 21:55:34 -0300 Subject: [PATCH] Add ed25519 public key and enhance package installation error handling - Embed ed25519 public key for signature verification when doing sync prcess with servidordomal.fun - Improve error handling in AddToInstalledDB to rollback on failure - Update InstallPackage function to accept io.Reader instead of *os.File --- cmd/packets/ed25519public_key.pem | 1 + cmd/packets/main.go | 161 +++++++++++++++++++++++++++--- internal/utils/utils.go | 15 +++ pkg/main.go | 4 +- 4 files changed, 166 insertions(+), 15 deletions(-) create mode 100644 cmd/packets/ed25519public_key.pem diff --git a/cmd/packets/ed25519public_key.pem b/cmd/packets/ed25519public_key.pem new file mode 100644 index 0000000..1da7da0 --- /dev/null +++ b/cmd/packets/ed25519public_key.pem @@ -0,0 +1 @@ +رֿ[2tc^F\2q \ No newline at end of file diff --git a/cmd/packets/main.go b/cmd/packets/main.go index 3096ff8..59c33bd 100644 --- a/cmd/packets/main.go +++ b/cmd/packets/main.go @@ -2,13 +2,17 @@ package main import ( "bufio" + "bytes" + "crypto/ed25519" "database/sql" + _ "embed" "fmt" "log" "os" "packets/configs" "packets/internal/consts" "packets/internal/utils" + packets "packets/pkg" "path/filepath" "github.com/pelletier/go-toml/v2" @@ -16,6 +20,9 @@ import ( _ "modernc.org/sqlite" ) +//go:embed ed25519public_key.pem +var publicKey []byte + // init is doing some verifications func init() { @@ -37,7 +44,10 @@ func init() { if err != nil { if os.IsNotExist(err) { - fmt.Println("index.db does not exist, try to use \"packets sync\"") + if len(os.Args) > 1 && os.Args[0] != "sync" { + } else { + fmt.Println("index.db does not exist, try to use \"packets sync\"") + } } else { log.Fatal(err) } @@ -51,7 +61,7 @@ func init() { log.Fatal(db) } defer db.Close() - db.Exec("CREATE TABLE IF NOT EXISTS packages (query_name TEXT NOT NULL,name TEXT NOT NULL UNIQUE PRIMARY KEY, version TEXT NOT NULL, dependencies TEXT NOT NULL DEFAULT '', description TEXT NOT NULL, family TEXT NOT NULL, serial INTEGER NOT NULL UNIQUE, package_d TEXT NOT NULL, filename TEXT NOT NULL, os TEXT NOT NULL, arch TEXT NOT NULL, in_cache INTEGER NOT NULL DEFAULT 1, serial INTEGER NOT NULL, image_url TEXT NOT NULL)") + db.Exec("CREATE TABLE IF NOT EXISTS packages (query_name TEXT NOT NULL,name TEXT NOT NULL UNIQUE PRIMARY KEY, version TEXT NOT NULL, dependencies TEXT NOT NULL DEFAULT '', description TEXT NOT NULL, family TEXT NOT NULL, package_d TEXT NOT NULL, filename TEXT NOT NULL, os TEXT NOT NULL, arch TEXT NOT NULL, in_cache INTEGER NOT NULL DEFAULT 1, serial INTEGER NOT NULL)") } else { log.Fatal(err) } @@ -87,10 +97,19 @@ var syncCmd = &cobra.Command{ Args: cobra.MaximumNArgs(1), Short: "Syncronizes with an remote index.db, and check if the data dir is changed", Run: func(cmd *cobra.Command, args []string) { - if os.Getuid() != 0 { - fmt.Println("please, run as root") - return + + _, err := os.Stat(consts.IndexDB) + if err != nil { + if !os.IsNotExist(err) { + log.Fatal("index.db does not exist, try to use \"packets sync\"") + } } + f, err := os.OpenFile(consts.IndexDB, os.O_WRONLY, 0) + if err != nil { + log.Fatalf("can't open [ %s ]. Are you running packets as root?\n", consts.IndexDB) + } + f.Close() + syncUrl := consts.DefaultSyncUrl if len(args) > 0 { syncUrl = args[0] @@ -100,12 +119,27 @@ var syncCmd = &cobra.Command{ if err != nil { log.Fatal(err) } + databaseSig, err := utils.GetFileHTTP(syncUrl + ".sig") + if err != nil { + log.Fatal(err) + } + if syncUrl == consts.DefaultSyncUrl { + if !ed25519.Verify(publicKey, DBB, databaseSig) { + log.Printf("Signature verification failed for the **MAIN** respository [ %s ], the index.db file may be compromised, do wish to continue? (y/N)\n", syncUrl) + fmt.Print(">> ") + var a string + fmt.Scanf("%s", &a) + if a != "y" && a != "Y" { + log.Fatalf("aborting, try googling to know about [ %s ]\n", syncUrl) + } + } + } if err := os.WriteFile(consts.IndexDB, DBB, 0774); err != nil { log.Fatal(err) } - fmt.Println("Sucessifully sync!") + fmt.Printf(":: Sucessifully syncronized index.db with [ %s ]\n", syncUrl) os.Exit(0) }, } @@ -121,6 +155,19 @@ var installCmd = &cobra.Command{ Short: "Install a package", Args: cobra.MinimumNArgs(1), Run: func(cmd *cobra.Command, args []string) { + + _, err := os.Stat(consts.IndexDB) + if err != nil { + if !os.IsNotExist(err) { + log.Fatal("index.db does not exist, try to use \"packets sync\"") + } + } + f, err := os.OpenFile(consts.IndexDB, os.O_WRONLY, 0) + if err != nil { + log.Fatalf("can't open [ %s ]. Are you running packets as root?\n", consts.IndexDB) + } + f.Close() + db, err := sql.Open("sqlite", consts.IndexDB) if err != nil { fmt.Println(err) @@ -137,13 +184,44 @@ var installCmd = &cobra.Command{ } } if exist { + fmt.Printf(":: Downloading (%s) \n", inputName) + p, err := packets.GetPackage(inputName) + if err != nil { + log.Fatal(err) + } + + cfg, err := configs.GetConfigTOML() + if err != nil { + log.Fatal(err) + } + + reader := bytes.NewReader(p.PackageF) + fmt.Printf(":: Installing (%s) \n", inputName) + packets.InstallPackage(reader) + + if cfg.Config.StorePackages { + pkgPath, err := p.Write() + if err != nil { + log.Fatal(err) + } + err = p.AddToInstalledDB(1, pkgPath) + if err != nil { + log.Fatal(err) + } + } else { + err := p.AddToInstalledDB(0, "") + if err != nil { + log.Fatal(err) + } + } + + continue } - rows, err := db.Query("SELECT name, version, descriptionFROM packages WHERE query_name = ?", inputName) + rows, err := db.Query("SELECT name, version, description FROM packages WHERE query_name = ?", inputName) if err != nil { log.Fatal(err) - } defer rows.Close() @@ -163,8 +241,37 @@ var installCmd = &cobra.Command{ case 1: fmt.Printf(":: Founded 1 package for %s \n", inputName) - fmt.Printf("Downloading %s \n", pkgs[0].Name) - goto install + fmt.Printf(":: Downloading %s \n", pkgs[0].Name) + p, err := packets.GetPackage(inputName) + if err != nil { + log.Fatal(err) + } + + cfg, err := configs.GetConfigTOML() + if err != nil { + log.Fatal(err) + } + + reader := bytes.NewReader(p.PackageF) + fmt.Printf(":: Installing (%s) \n", pkgs[0].Name) + packets.InstallPackage(reader) + + if cfg.Config.StorePackages { + pkgPath, err := p.Write() + if err != nil { + log.Fatal(err) + } + err = p.AddToInstalledDB(1, pkgPath) + if err != nil { + log.Fatal(err) + } + } else { + err := p.AddToInstalledDB(0, "") + if err != nil { + log.Fatal(err) + } + } + continue default: @@ -181,10 +288,38 @@ var installCmd = &cobra.Command{ goto optionagain } - return - } + fmt.Printf(":: Downloading %s \n", pkgs[choice].Name) + p, err := packets.GetPackage(pkgs[choice].Name) + if err != nil { + log.Fatal(err) + } - install: + cfg, err := configs.GetConfigTOML() + if err != nil { + log.Fatal(err) + } + + reader := bytes.NewReader(p.PackageF) + fmt.Printf(":: Installing (%s) \n", pkgs[choice].Name) + packets.InstallPackage(reader) + + if cfg.Config.StorePackages { + pkgPath, err := p.Write() + if err != nil { + log.Fatal(err) + } + err = p.AddToInstalledDB(1, pkgPath) + if err != nil { + log.Fatal(err) + } + } else { + err := p.AddToInstalledDB(0, "") + if err != nil { + log.Fatal(err) + } + } + continue + } } }, diff --git a/internal/utils/utils.go b/internal/utils/utils.go index 36a45cd..da28e97 100644 --- a/internal/utils/utils.go +++ b/internal/utils/utils.go @@ -204,6 +204,17 @@ func (p *Package) AddToInstalledDB(inCache int, packagePath string) error { } defer db.Close() + var success bool + + defer func() { + if !success { + _, err := db.Exec("DELETE FROM packages WHERE name = ?", p.Manifest.Info.Name) + if err != nil { + log.Println("Failed to rollback package addition:", err) + } + } + }() + _, err = db.Exec(` INSERT INTO packages ( query_name, name, version, dependencies, description, @@ -222,5 +233,9 @@ func (p *Package) AddToInstalledDB(inCache int, packagePath string) error { p.Arch, inCache, ) + if err != nil { + return err + } + success = true return err } diff --git a/pkg/main.go b/pkg/main.go index b158f0d..01de101 100644 --- a/pkg/main.go +++ b/pkg/main.go @@ -1,4 +1,4 @@ -package pkg +package packets import ( "archive/tar" @@ -23,7 +23,7 @@ import ( ) // Install exctract and fully install from a package file ( tar.zst ) -func InstallPackage(file *os.File) error { +func InstallPackage(file io.Reader) error { manifest, err := utils.ReadManifest(file) if err != nil {