Fix some RPM registry flaws (#28782)

Related #26984 (https://github.com/go-gitea/gitea/pull/26984#issuecomment-1889588912) Fix admin cleanup message. Fix models `Get` not respecting default values. Rebuild RPM repository files after cleanup. Do not add RPM group to package version name. Force stable sorting of Alpine/Debian/RPM repository data. Fix missing deferred `Close`. Add tests for multiple RPM groups. Removed non-cached `ReplaceAllStringRegex`. If there are multiple groups available, it's stated in the package installation screen: ![grafik](8f132760-882c-4ab8-9678-77e47dfc4415)
2024-01-19 12:37:10 +01:00 · 2024-01-19 12:37:10 +01:00 · 461d8b53c2
commit 461d8b53c2
parent 075c4c89ee
18 changed files with 634 additions and 478 deletions
--- a/routers/api/packages/api.go
+++ b/routers/api/packages/api.go
@ -512,7 +512,77 @@ func CommonRoutes() *web.Route {
 			r.Get("/files/{id}/{version}/{filename}", pypi.DownloadPackageFile)
 			r.Get("/simple/{id}", pypi.PackageMetadata)
 		}, reqPackageAccess(perm.AccessModeRead))
-		r.Group("/rpm", RpmRoutes(r), reqPackageAccess(perm.AccessModeRead))
+		r.Group("/rpm", func() {
+			r.Group("/repository.key", func() {
+				r.Head("", rpm.GetRepositoryKey)
+				r.Get("", rpm.GetRepositoryKey)
+			})
+
+			var (
+				repoPattern     = regexp.MustCompile(`\A(.*?)\.repo\z`)
+				uploadPattern   = regexp.MustCompile(`\A(.*?)/upload\z`)
+				filePattern     = regexp.MustCompile(`\A(.*?)/package/([^/]+)/([^/]+)/([^/]+)(?:/([^/]+\.rpm)|)\z`)
+				repoFilePattern = regexp.MustCompile(`\A(.*?)/repodata/([^/]+)\z`)
+			)
+
+			r.Methods("HEAD,GET,PUT,DELETE", "*", func(ctx *context.Context) {
+				path := ctx.Params("*")
+				isHead := ctx.Req.Method == "HEAD"
+				isGetHead := ctx.Req.Method == "HEAD" || ctx.Req.Method == "GET"
+				isPut := ctx.Req.Method == "PUT"
+				isDelete := ctx.Req.Method == "DELETE"
+
+				m := repoPattern.FindStringSubmatch(path)
+				if len(m) == 2 && isGetHead {
+					ctx.SetParams("group", strings.Trim(m[1], "/"))
+					rpm.GetRepositoryConfig(ctx)
+					return
+				}
+
+				m = repoFilePattern.FindStringSubmatch(path)
+				if len(m) == 3 && isGetHead {
+					ctx.SetParams("group", strings.Trim(m[1], "/"))
+					ctx.SetParams("filename", m[2])
+					if isHead {
+						rpm.CheckRepositoryFileExistence(ctx)
+					} else {
+						rpm.GetRepositoryFile(ctx)
+					}
+					return
+				}
+
+				m = uploadPattern.FindStringSubmatch(path)
+				if len(m) == 2 && isPut {
+					reqPackageAccess(perm.AccessModeWrite)(ctx)
+					if ctx.Written() {
+						return
+					}
+					ctx.SetParams("group", strings.Trim(m[1], "/"))
+					rpm.UploadPackageFile(ctx)
+					return
+				}
+
+				m = filePattern.FindStringSubmatch(path)
+				if len(m) == 6 && (isGetHead || isDelete) {
+					ctx.SetParams("group", strings.Trim(m[1], "/"))
+					ctx.SetParams("name", m[2])
+					ctx.SetParams("version", m[3])
+					ctx.SetParams("architecture", m[4])
+					if isGetHead {
+						rpm.DownloadPackageFile(ctx)
+					} else {
+						reqPackageAccess(perm.AccessModeWrite)(ctx)
+						if ctx.Written() {
+							return
+						}
+						rpm.DeletePackageFile(ctx)
+					}
+					return
+				}
+
+				ctx.Status(http.StatusNotFound)
+			})
+		}, reqPackageAccess(perm.AccessModeRead))
 		r.Group("/rubygems", func() {
 			r.Get("/specs.4.8.gz", rubygems.EnumeratePackages)
 			r.Get("/latest_specs.4.8.gz", rubygems.EnumeratePackagesLatest)
@ -577,82 +647,6 @@ func CommonRoutes() *web.Route {
 	return r
 }

-// Support for uploading rpm packages with arbitrary depth paths
-func RpmRoutes(r *web.Route) func() {
-	var (
-		groupRepoInfo = regexp.MustCompile(`\A((?:/(?:[^/]+))*|)\.repo\z`)
-		groupUpload   = regexp.MustCompile(`\A((?:/(?:[^/]+))*|)/upload\z`)
-		groupRpm      = regexp.MustCompile(`\A((?:/(?:[^/]+))*|)/package/([^/]+)/([^/]+)/([^/]+)(?:/([^/]+\.rpm)|)\z`)
-		groupMetadata = regexp.MustCompile(`\A((?:/(?:[^/]+))*|)/repodata/([^/]+)\z`)
-	)
-
-	return func() {
-		r.Methods("HEAD,GET,POST,PUT,PATCH,DELETE", "*", func(ctx *context.Context) {
-			path := ctx.Params("*")
-			isHead := ctx.Req.Method == "HEAD"
-			isGetHead := ctx.Req.Method == "HEAD" || ctx.Req.Method == "GET"
-			isPut := ctx.Req.Method == "PUT"
-			isDelete := ctx.Req.Method == "DELETE"
-
-			if path == "/repository.key" && isGetHead {
-				rpm.GetRepositoryKey(ctx)
-				return
-			}
-
-			// get repo
-			m := groupRepoInfo.FindStringSubmatch(path)
-			if len(m) == 2 && isGetHead {
-				ctx.SetParams("group", strings.Trim(m[1], "/"))
-				rpm.GetRepositoryConfig(ctx)
-				return
-			}
-			// get meta
-			m = groupMetadata.FindStringSubmatch(path)
-			if len(m) == 3 && isGetHead {
-				ctx.SetParams("group", strings.Trim(m[1], "/"))
-				ctx.SetParams("filename", m[2])
-				if isHead {
-					rpm.CheckRepositoryFileExistence(ctx)
-				} else {
-					rpm.GetRepositoryFile(ctx)
-				}
-				return
-			}
-			// upload
-			m = groupUpload.FindStringSubmatch(path)
-			if len(m) == 2 && isPut {
-				reqPackageAccess(perm.AccessModeWrite)(ctx)
-				if ctx.Written() {
-					return
-				}
-				ctx.SetParams("group", strings.Trim(m[1], "/"))
-				rpm.UploadPackageFile(ctx)
-				return
-			}
-			// rpm down/delete
-			m = groupRpm.FindStringSubmatch(path)
-			if len(m) == 6 {
-				ctx.SetParams("group", strings.Trim(m[1], "/"))
-				ctx.SetParams("name", m[2])
-				ctx.SetParams("version", m[3])
-				ctx.SetParams("architecture", m[4])
-				if isGetHead {
-					rpm.DownloadPackageFile(ctx)
-					return
-				} else if isDelete {
-					reqPackageAccess(perm.AccessModeWrite)(ctx)
-					if ctx.Written() {
-						return
-					}
-					rpm.DeletePackageFile(ctx)
-				}
-			}
-			// default
-			ctx.Status(http.StatusNotFound)
-		})
-	}
-}
-
 // ContainerRoutes provides endpoints that implement the OCI API to serve containers
 // These have to be mounted on `/v2/...` to comply with the OCI spec:
 // https://github.com/opencontainers/distribution-spec/blob/main/spec.md
--- a/routers/api/packages/rpm/rpm.go
+++ b/routers/api/packages/rpm/rpm.go
@ -34,13 +34,17 @@ func apiError(ctx *context.Context, status int, obj any) {
 // https://dnf.readthedocs.io/en/latest/conf_ref.html
 func GetRepositoryConfig(ctx *context.Context) {
 	group := ctx.Params("group")
+
+	var groupParts []string
 	if group != "" {
-		group = fmt.Sprintf("/%s", group)
+		groupParts = strings.Split(group, "/")
 	}
+
 	url := fmt.Sprintf("%sapi/packages/%s/rpm", setting.AppURL, ctx.Package.Owner.Name)
-	ctx.PlainText(http.StatusOK, `[gitea-`+ctx.Package.Owner.LowerName+strings.ReplaceAll(group, "/", "-")+`]
-name=`+ctx.Package.Owner.Name+` - `+setting.AppName+strings.ReplaceAll(group, "/", " - ")+`
-baseurl=`+url+group+`/
+
+	ctx.PlainText(http.StatusOK, `[gitea-`+strings.Join(append([]string{ctx.Package.Owner.LowerName}, groupParts...), "-")+`]
+name=`+strings.Join(append([]string{ctx.Package.Owner.Name, setting.AppName}, groupParts...), " - ")+`
+baseurl=`+strings.Join(append([]string{url}, groupParts...), "/")+`
 enabled=1
 gpgcheck=1
 gpgkey=`+url+`/repository.key`)
@ -157,7 +161,7 @@ func UploadPackageFile(ctx *context.Context) {
 				Owner:       ctx.Package.Owner,
 				PackageType: packages_model.TypeRpm,
 				Name:        pck.Name,
-				Version:     strings.Trim(fmt.Sprintf("%s/%s", group, pck.Version), "/"),
+				Version:     pck.Version,
 			},
 			Creator:  ctx.Doer,
 			Metadata: pck.VersionMetadata,
@ -171,7 +175,9 @@ func UploadPackageFile(ctx *context.Context) {
 			Data:    buf,
 			IsLead:  true,
 			Properties: map[string]string{
-				rpm_module.PropertyMetadata: string(fileMetadataRaw),
+				rpm_module.PropertyGroup:        group,
+				rpm_module.PropertyArchitecture: pck.FileMetadata.Architecture,
+				rpm_module.PropertyMetadata:     string(fileMetadataRaw),
 			},
 		},
 	)
@ -187,7 +193,7 @@ func UploadPackageFile(ctx *context.Context) {
 		return
 	}

-	if err := rpm_service.BuildRepositoryFiles(ctx, ctx.Package.Owner.ID, group); err != nil {
+	if err := rpm_service.BuildSpecificRepositoryFiles(ctx, ctx.Package.Owner.ID, group); err != nil {
 		apiError(ctx, http.StatusInternalServerError, err)
 		return
 	}
@ -196,20 +202,20 @@ func UploadPackageFile(ctx *context.Context) {
 }

 func DownloadPackageFile(ctx *context.Context) {
-	group := ctx.Params("group")
 	name := ctx.Params("name")
 	version := ctx.Params("version")
+
 	s, u, pf, err := packages_service.GetFileStreamByPackageNameAndVersion(
 		ctx,
 		&packages_service.PackageInfo{
 			Owner:       ctx.Package.Owner,
 			PackageType: packages_model.TypeRpm,
 			Name:        name,
-			Version:     strings.Trim(fmt.Sprintf("%s/%s", group, version), "/"),
+			Version:     version,
 		},
 		&packages_service.PackageFileInfo{
 			Filename:     fmt.Sprintf("%s-%s.%s.rpm", name, version, ctx.Params("architecture")),
-			CompositeKey: group,
+			CompositeKey: ctx.Params("group"),
 		},
 	)
 	if err != nil {
@ -229,6 +235,7 @@ func DeletePackageFile(webctx *context.Context) {
 	name := webctx.Params("name")
 	version := webctx.Params("version")
 	architecture := webctx.Params("architecture")
+
 	var pd *packages_model.PackageDescriptor

 	err := db.WithTx(webctx, func(ctx stdctx.Context) error {
@ -236,7 +243,7 @@ func DeletePackageFile(webctx *context.Context) {
 			webctx.Package.Owner.ID,
 			packages_model.TypeRpm,
 			name,
-			strings.Trim(fmt.Sprintf("%s/%s", group, version), "/"),
+			version,
 		)
 		if err != nil {
 			return err
@ -286,7 +293,7 @@ func DeletePackageFile(webctx *context.Context) {
 		notify_service.PackageDelete(webctx, webctx.Doer, pd)
 	}

-	if err := rpm_service.BuildRepositoryFiles(webctx, webctx.Package.Owner.ID, group); err != nil {
+	if err := rpm_service.BuildSpecificRepositoryFiles(webctx, webctx.Package.Owner.ID, group); err != nil {
 		apiError(webctx, http.StatusInternalServerError, err)
 		return
 	}
--- a/routers/web/admin/packages.go
+++ b/routers/web/admin/packages.go
@ -108,6 +108,6 @@ func CleanupExpiredData(ctx *context.Context) {
 		return
 	}

-	ctx.Flash.Success(ctx.Tr("packages.cleanup.success"))
+	ctx.Flash.Success(ctx.Tr("admin.packages.cleanup.success"))
 	ctx.Redirect(setting.AppSubURL + "/admin/packages")
 }
--- a/routers/web/user/package.go
+++ b/routers/web/user/package.go
@ -19,6 +19,7 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	alpine_module "code.gitea.io/gitea/modules/packages/alpine"
 	debian_module "code.gitea.io/gitea/modules/packages/debian"
+	rpm_module "code.gitea.io/gitea/modules/packages/rpm"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/modules/web"
@ -195,9 +196,9 @@ func ViewPackageVersion(ctx *context.Context) {
 			}
 		}

-		ctx.Data["Branches"] = branches.Values()
-		ctx.Data["Repositories"] = repositories.Values()
-		ctx.Data["Architectures"] = architectures.Values()
+		ctx.Data["Branches"] = util.Sorted(branches.Values())
+		ctx.Data["Repositories"] = util.Sorted(repositories.Values())
+		ctx.Data["Architectures"] = util.Sorted(architectures.Values())
 	case packages_model.TypeDebian:
 		distributions := make(container.Set[string])
 		components := make(container.Set[string])
@ -216,9 +217,26 @@ func ViewPackageVersion(ctx *context.Context) {
 			}
 		}

-		ctx.Data["Distributions"] = distributions.Values()
-		ctx.Data["Components"] = components.Values()
-		ctx.Data["Architectures"] = architectures.Values()
+		ctx.Data["Distributions"] = util.Sorted(distributions.Values())
+		ctx.Data["Components"] = util.Sorted(components.Values())
+		ctx.Data["Architectures"] = util.Sorted(architectures.Values())
+	case packages_model.TypeRpm:
+		groups := make(container.Set[string])
+		architectures := make(container.Set[string])
+
+		for _, f := range pd.Files {
+			for _, pp := range f.Properties {
+				switch pp.Name {
+				case rpm_module.PropertyGroup:
+					groups.Add(pp.Value)
+				case rpm_module.PropertyArchitecture:
+					architectures.Add(pp.Value)
+				}
+			}
+		}
+
+		ctx.Data["Groups"] = util.Sorted(groups.Values())
+		ctx.Data["Architectures"] = util.Sorted(architectures.Values())
 	}

 	var (