/* * private-json-hooks.cc - 2nd generation, JSON-RPC, hooks for APT * * Copyright (c) 2018 Canonical Ltd * * SPDX-License-Identifier: GPL-2.0+ */ #include <apt-pkg/debsystem.h> #include <apt-pkg/fileutl.h> #include <apt-pkg/macros.h> #include <apt-pkg/strutl.h> #include <apt-private/private-json-hooks.h> #include <ostream> #include <sstream> #include <stack> #include <signal.h> #include <sys/socket.h> #include <sys/types.h> /** * @brief Simple JSON writer * * This performs no error checking, or string escaping, be careful. */ class APT_HIDDEN JsonWriter { std::ostream &os; std::locale old_locale; enum write_state { empty, in_array_first_element, in_array, in_object_first_key, in_object_key, in_object_val } state = empty; std::stack<write_state> old_states; void maybeComma() { switch (state) { case empty: break; case in_object_val: state = in_object_key; break; case in_object_key: state = in_object_val; os << ','; break; case in_array: os << ','; break; case in_array_first_element: state = in_array; break; case in_object_first_key: state = in_object_val; break; default: abort(); } } void pushState(write_state state) { old_states.push(this->state); this->state = state; } void popState() { this->state = old_states.top(); } public: explicit JsonWriter(std::ostream &os) : os(os), old_locale{os.imbue(std::locale::classic())} {} ~JsonWriter() { os.imbue(old_locale); } JsonWriter &beginArray() { maybeComma(); pushState(in_array_first_element); os << '['; return *this; } JsonWriter &endArray() { popState(); os << ']'; return *this; } JsonWriter &beginObject() { maybeComma(); pushState(in_object_first_key); os << '{'; return *this; } JsonWriter &endObject() { popState(); os << '}'; return *this; } JsonWriter &name(std::string const &name) { maybeComma(); os << '"' << name << '"' << ':'; return *this; } JsonWriter &value(std::string const &value) { maybeComma(); os << '"' << value << '"'; return *this; } JsonWriter &value(const char *value) { maybeComma(); os << '"' << value << '"'; return *this; } JsonWriter &value(int value) { maybeComma(); os << value; return *this; } JsonWriter &value(long value) { maybeComma(); os << value; return *this; } JsonWriter &value(long long value) { maybeComma(); os << value; return *this; } JsonWriter &value(unsigned long long value) { maybeComma(); os << value; return *this; } JsonWriter &value(unsigned long value) { maybeComma(); os << value; return *this; } JsonWriter &value(unsigned int value) { maybeComma(); os << value; return *this; } JsonWriter &value(bool value) { maybeComma(); os << (value ? "true" : "false"); return *this; } JsonWriter &value(double value) { maybeComma(); os << value; return *this; } }; /** * @brief Write a VerIterator to a JsonWriter */ static void verIterToJson(JsonWriter &writer, CacheFile &Cache, pkgCache::VerIterator const &Ver) { writer.beginObject(); writer.name("id").value(Ver->ID); writer.name("version").value(Ver.VerStr()); writer.name("architecture").value(Ver.Arch()); writer.name("pin").value(Cache->GetPolicy().GetPriority(Ver)); writer.endObject(); } /** * @brief Copy of debSystem::DpkgChrootDirectory() * @todo Remove */ static void DpkgChrootDirectory() { std::string const chrootDir = _config->FindDir("DPkg::Chroot-Directory"); if (chrootDir == "/") return; std::cerr << "Chrooting into " << chrootDir << std::endl; if (chroot(chrootDir.c_str()) != 0) _exit(100); if (chdir("/") != 0) _exit(100); } /** * @brief Send a notification to the hook's stream */ static void NotifyHook(std::ostream &os, std::string const &method, const char **FileList, CacheFile &Cache, std::set<std::string> const &UnknownPackages) { SortedPackageUniverse Universe(Cache); JsonWriter jsonWriter{os}; jsonWriter.beginObject(); jsonWriter.name("jsonrpc").value("2.0"); jsonWriter.name("method").value(method); /* Build params */ jsonWriter.name("params").beginObject(); jsonWriter.name("command").value(FileList[0]); jsonWriter.name("search-terms").beginArray(); for (int i = 1; FileList[i] != NULL; i++) jsonWriter.value(FileList[i]); jsonWriter.endArray(); jsonWriter.name("unknown-packages").beginArray(); for (auto const &PkgName : UnknownPackages) jsonWriter.value(PkgName); jsonWriter.endArray(); jsonWriter.name("packages").beginArray(); for (auto const &Pkg : Universe) { switch (Cache[Pkg].Mode) { case pkgDepCache::ModeInstall: case pkgDepCache::ModeDelete: break; default: continue; } jsonWriter.beginObject(); jsonWriter.name("id").value(Pkg->ID); jsonWriter.name("name").value(Pkg.Name()); jsonWriter.name("architecture").value(Pkg.Arch()); switch (Cache[Pkg].Mode) { case pkgDepCache::ModeInstall: jsonWriter.name("mode").value("install"); break; case pkgDepCache::ModeDelete: jsonWriter.name("mode").value(Cache[Pkg].Purge() ? "purge" : "deinstall"); break; default: continue; } jsonWriter.name("automatic").value(bool(Cache[Pkg].Flags & pkgCache::Flag::Auto)); jsonWriter.name("versions").beginObject(); if (Cache[Pkg].CandidateVer != nullptr) verIterToJson(jsonWriter.name("candidate"), Cache, Cache[Pkg].CandidateVerIter(Cache)); if (Cache[Pkg].InstallVer != nullptr) verIterToJson(jsonWriter.name("install"), Cache, Cache[Pkg].InstVerIter(Cache)); if (Pkg->CurrentVer != 0) verIterToJson(jsonWriter.name("current"), Cache, Pkg.CurrentVer()); jsonWriter.endObject(); jsonWriter.endObject(); } jsonWriter.endArray(); // packages jsonWriter.endObject(); // params jsonWriter.endObject(); // main } /// @brief Build the hello handshake message for 0.1 protocol static std::string BuildHelloMessage() { std::stringstream Hello; JsonWriter(Hello).beginObject().name("jsonrpc").value("2.0").name("method").value("org.debian.apt.hooks.hello").name("id").value(0).name("params").beginObject().name("versions").beginArray().value("0.1").endArray().endObject().endObject(); return Hello.str(); } /// @brief Build the bye notification for 0.1 protocol static std::string BuildByeMessage() { std::stringstream Bye; JsonWriter(Bye).beginObject().name("jsonrpc").value("2.0").name("method").value("org.debian.apt.hooks.bye").name("params").beginObject().endObject().endObject(); return Bye.str(); } /// @brief Run the Json hook processes in the given option. bool RunJsonHook(std::string const &option, std::string const &method, const char **FileList, CacheFile &Cache, std::set<std::string> const &UnknownPackages) { std::stringstream ss; NotifyHook(ss, method, FileList, Cache, UnknownPackages); std::string TheData = ss.str(); std::string HelloData = BuildHelloMessage(); std::string ByeData = BuildByeMessage(); bool result = true; Configuration::Item const *Opts = _config->Tree(option.c_str()); if (Opts == 0 || Opts->Child == 0) return true; Opts = Opts->Child; sighandler_t old_sigpipe = signal(SIGPIPE, SIG_IGN); sighandler_t old_sigint = signal(SIGINT, SIG_IGN); sighandler_t old_sigquit = signal(SIGQUIT, SIG_IGN); unsigned int Count = 1; for (; Opts != 0; Opts = Opts->Next, Count++) { if (Opts->Value.empty() == true) continue; if (_config->FindB("Debug::RunScripts", false) == true) std::clog << "Running external script with list of all .deb file: '" << Opts->Value << "'" << std::endl; // Create the pipes std::set<int> KeepFDs; MergeKeepFdsFromConfiguration(KeepFDs); int Pipes[2]; if (socketpair(AF_UNIX, SOCK_STREAM, 0, Pipes) != 0) { result = _error->Errno("pipe", "Failed to create IPC pipe to subprocess"); break; } int InfoFD = 3; if (InfoFD != Pipes[0]) SetCloseExec(Pipes[0], true); else KeepFDs.insert(Pipes[0]); SetCloseExec(Pipes[1], true); // Purified Fork for running the script pid_t Process = ExecFork(KeepFDs); if (Process == 0) { // Setup the FDs dup2(Pipes[0], InfoFD); SetCloseExec(STDOUT_FILENO, false); SetCloseExec(STDIN_FILENO, false); SetCloseExec(STDERR_FILENO, false); std::string hookfd; strprintf(hookfd, "%d", InfoFD); setenv("APT_HOOK_SOCKET", hookfd.c_str(), 1); DpkgChrootDirectory(); const char *Args[4]; Args[0] = "/bin/sh"; Args[1] = "-c"; Args[2] = Opts->Value.c_str(); Args[3] = 0; execv(Args[0], (char **)Args); _exit(100); } close(Pipes[0]); FILE *F = fdopen(Pipes[1], "w+"); if (F == 0) { result = _error->Errno("fdopen", "Failed to open new FD"); break; } fwrite(HelloData.data(), HelloData.size(), 1, F); fwrite("\n\n", 2, 1, F); fflush(F); char *line = nullptr; size_t linesize = 0; ssize_t size = getline(&line, &linesize, F); if (size < 0) { if (errno != ECONNRESET && errno != EPIPE) _error->Error("Could not read response to hello message from hook %s: %s", Opts->Value.c_str(), strerror(errno)); goto out; } else if (strstr(line, "error") != nullptr) { _error->Error("Hook %s reported an error during hello: %s", Opts->Value.c_str(), line); goto out; } size = getline(&line, &linesize, F); if (size < 0) { _error->Error("Could not read message separator line after handshake from %s: %s", Opts->Value.c_str(), feof(F) ? "end of file" : strerror(errno)); goto out; } else if (size == 0 || line[0] != '\n') { _error->Error("Expected empty line after handshake from %s, received %s", Opts->Value.c_str(), line); goto out; } fwrite(TheData.data(), TheData.size(), 1, F); fwrite("\n\n", 2, 1, F); fwrite(ByeData.data(), ByeData.size(), 1, F); fwrite("\n\n", 2, 1, F); out: fclose(F); // Clean up the sub process if (ExecWait(Process, Opts->Value.c_str()) == false) { result = _error->Error("Failure running hook %s", Opts->Value.c_str()); break; } } signal(SIGINT, old_sigint); signal(SIGPIPE, old_sigpipe); signal(SIGQUIT, old_sigquit); return result; }