42 private $defaultAlgo =
'sha384';
45 private $hasErrors =
false;
48 private $registryFile;
54 private $tmpParentDir;
69 private $errorPrinter;
74 private $verbosePrinter;
93 callable $infoPrinter =
null,
94 callable $errorPrinter =
null,
95 callable $verbosePrinter =
null
97 $this->registryFile = $registryFile;
98 $this->libDir = $libDir;
99 $this->infoPrinter = $infoPrinter ??
static function ( $_ ) {
101 $this->errorPrinter = $errorPrinter ?? $this->infoPrinter;
102 $this->verbosePrinter = $verbosePrinter ??
static function ( $_ ) {
107 if ( ( $cacheHome = getenv(
'XDG_CACHE_HOME' ) ) !==
false ) {
108 $this->cacheDir = realpath( $cacheHome ) .
'/mw-foreign';
110 $this->cacheDir =
"$cacheConf/ForeignResourceManager";
112 $this->cacheDir =
"{$this->libDir}/.foreign/cache";
122 public function run( $action, $module ) {
123 $actions = [
'update',
'verify',
'make-sri' ];
124 if ( !in_array( $action, $actions ) ) {
125 $this->error(
"Invalid action.\n\nMust be one of " . implode(
', ', $actions ) .
'.' );
128 $this->action = $action;
129 $this->setupTempDir( $action );
131 $this->registry = Yaml::parseFile( $this->registryFile );
132 if ( $module ===
'all' ) {
133 $modules = $this->registry;
134 } elseif ( isset( $this->registry[$module] ) ) {
135 $modules = [ $module => $this->registry[$module] ];
137 $this->error(
"Unknown module name.\n\nMust be one of:\n" .
138 wordwrap( implode(
', ', array_keys( $this->registry ) ), 80 ) .
144 foreach ( $modules as $moduleName => $info ) {
145 $this->verbose(
"\n### {$moduleName}\n\n" );
147 if ( $this->action ===
'update' ) {
148 $this->output(
"... updating '{$moduleName}'\n" );
149 } elseif ( $this->action ===
'verify' ) {
150 $this->output(
"... verifying '{$moduleName}'\n" );
152 $this->output(
"... checking '{$moduleName}'\n" );
159 if ( !isset( $info[
'type'] ) ) {
160 throw new LogicException(
"Module '$moduleName' must have a 'type' key." );
163 $this->validateLicense( $moduleName, $info );
165 if ( $info[
'type'] ===
'doc-only' ) {
166 $this->output(
"... {$moduleName} is documentation-only, skipping integrity checks.\n" );
170 $destDir =
"{$this->libDir}/$moduleName";
172 if ( $this->action ===
'update' ) {
173 $this->verbose(
"... emptying directory for $moduleName\n" );
177 $this->verbose(
"... preparing {$this->tmpParentDir}\n" );
180 throw new LogicException(
"Unable to create {$this->tmpParentDir}" );
183 switch ( $info[
'type'] ) {
186 $this->handleTypeTar( $moduleName, $destDir, $info, $info[
'type'] );
189 $this->handleTypeFile( $moduleName, $destDir, $info );
192 $this->handleTypeMultiFile( $moduleName, $destDir, $info );
195 throw new LogicException(
"Unknown type '{$info['type']}' for '$moduleName'" );
200 if ( $this->hasErrors ) {
216 private function setupTempDir( $action ) {
217 if ( $action ===
'verify' ) {
218 $this->tmpParentDir =
wfTempDir() .
'/ForeignResourceManager';
223 $this->tmpParentDir =
"{$this->libDir}/.foreign/tmp";
233 private function cacheKey( $src, $integrity, $moduleName ) {
235 .
'_' . hash(
'fnv132', $integrity )
236 .
'_' . hash(
'fnv132', $src )
238 .
'_' . basename( $src );
239 $key = preg_replace(
'/[.\/+?=_-]+/',
'_', $key );
240 return rtrim( $key,
'_' );
247 private function cacheGet( $key ) {
249 return @file_get_contents(
"{$this->cacheDir}/$key.data" );
256 private function cacheSet( $key, $data ) {
258 @mkdir( $this->cacheDir, 0777,
true );
259 file_put_contents(
"{$this->cacheDir}/$key.data", $data, LOCK_EX );
268 private function fetch(
string $src, $integrity,
string $moduleName ) {
269 if ( $integrity !==
null ) {
270 $key = $this->cacheKey( $src, $integrity, $moduleName );
271 $data = $this->cacheGet( $key );
278 ->create( $src, [
'method' =>
'GET',
'followRedirects' =>
false ], __METHOD__ );
279 if ( !$req->execute()->isOK() ) {
280 throw new LogicException(
"Failed to download resource at {$src}" );
282 if ( $req->getStatus() !== 200 ) {
283 throw new LogicException(
"Unexpected HTTP {$req->getStatus()} response from {$src}" );
285 $data = $req->getContent();
286 $algo = $integrity ===
null ? $this->defaultAlgo : explode(
'-', $integrity )[0];
287 $actualIntegrity = $algo .
'-' . base64_encode( hash( $algo, $data,
true ) );
288 if ( $integrity === $actualIntegrity ) {
289 $this->verbose(
"... passed integrity check for {$src}\n" );
290 $key = $this->cacheKey( $src, $actualIntegrity, $moduleName );
291 $this->cacheSet( $key, $data );
292 } elseif ( $this->action ===
'make-sri' ) {
293 $this->output(
"Integrity for {$src}\n\tintegrity: {$actualIntegrity}\n" );
295 $expectedIntegrity = $integrity ??
'null';
296 throw new LogicException(
"Integrity check failed for {$src}\n" .
297 "\tExpected: {$expectedIntegrity}\n" .
298 "\tActual: {$actualIntegrity}"
309 private function handleTypeFile( $moduleName, $destDir, array $info ) {
310 if ( !isset( $info[
'src'] ) ) {
311 throw new LogicException(
"Module '$moduleName' must have a 'src' key." );
313 $data = $this->fetch( $info[
'src'], $info[
'integrity'] ??
null, $moduleName );
314 $dest = $info[
'dest'] ?? basename( $info[
'src'] );
315 $path =
"$destDir/$dest";
316 if ( $this->action ===
'verify' && sha1_file(
$path ) !== sha1( $data ) ) {
317 $this->error(
"File for '$moduleName' is different.\n" );
319 if ( $this->action ===
'update' ) {
321 file_put_contents(
"$destDir/$dest", $data );
330 private function handleTypeMultiFile( $moduleName, $destDir, array $info ) {
331 if ( !isset( $info[
'files'] ) ) {
332 throw new LogicException(
"Module '$moduleName' must have a 'files' key." );
334 foreach ( $info[
'files'] as $dest => $file ) {
335 if ( !isset( $file[
'src'] ) ) {
336 throw new LogicException(
"Module '$moduleName' file '$dest' must have a 'src' key." );
338 $data = $this->fetch( $file[
'src'], $file[
'integrity'] ??
null, $moduleName );
339 $path =
"$destDir/$dest";
340 if ( $this->action ===
'verify' && sha1_file(
$path ) !== sha1( $data ) ) {
341 $this->error(
"File '$dest' for '$moduleName' is different.\n" );
342 } elseif ( $this->action ===
'update' ) {
344 file_put_contents(
"$destDir/$dest", $data );
355 private function handleTypeTar( $moduleName, $destDir, array $info,
string $fileType ) {
356 $info += [
'src' =>
null,
'integrity' =>
null,
'dest' => null ];
357 if ( $info[
'src'] ===
null ) {
358 throw new LogicException(
"Module '$moduleName' must have a 'src' key." );
361 $data = $this->fetch( $info[
'src'], $info[
'integrity'], $moduleName );
362 $tmpFile =
"{$this->tmpParentDir}/$moduleName." . $fileType;
363 $this->verbose(
"... writing '$moduleName' src to $tmpFile\n" );
364 file_put_contents( $tmpFile, $data );
365 $p =
new PharData( $tmpFile );
366 $tmpDir =
"{$this->tmpParentDir}/$moduleName";
367 $p->extractTo( $tmpDir );
370 if ( $info[
'dest'] ===
null ) {
372 $toCopy = [ $tmpDir => $destDir ];
376 foreach ( $info[
'dest'] as $fromSubPath => $toSubPath ) {
378 $fromPaths = glob(
"{$tmpDir}/{$fromSubPath}", GLOB_BRACE );
380 throw new LogicException(
"Path '$fromSubPath' of '$moduleName' not found." );
382 foreach ( $fromPaths as $fromPath ) {
383 $toCopy[$fromPath] = $toSubPath ===
null
384 ?
"$destDir/" . basename( $fromPath )
385 :
"$destDir/$toSubPath/" . basename( $fromPath );
389 foreach ( $toCopy as $from => $to ) {
390 if ( $this->action ===
'verify' ) {
391 $this->verbose(
"... verifying $to\n" );
392 if ( is_dir( $from ) ) {
393 $rii =
new RecursiveIteratorIterator(
new RecursiveDirectoryIterator(
395 RecursiveDirectoryIterator::SKIP_DOTS
398 foreach ( $rii as $file ) {
399 $remote = $file->getPathname();
400 $local = strtr( $remote, [ $from => $to ] );
401 if ( sha1_file( $remote ) !== sha1_file( $local ) ) {
402 $this->error(
"File '$local' is different.\n" );
405 } elseif ( sha1_file( $from ) !== sha1_file( $to ) ) {
406 $this->error(
"File '$to' is different.\n" );
408 } elseif ( $this->action ===
'update' ) {
409 $this->verbose(
"... moving $from to $to\n" );
411 if ( !rename( $from, $to ) ) {
412 throw new LogicException(
"Could not move $from to $to." );
421 private function verbose( $text ) {
422 ( $this->verbosePrinter )( $text );
428 private function output( $text ) {
429 ( $this->infoPrinter )( $text );
435 private function error( $text ) {
436 $this->hasErrors =
true;
437 ( $this->errorPrinter )( $text );
440 private function cleanUp() {
445 foreach ( $this->registry as $module => $info ) {
446 if ( $info[
'type'] ===
'file' || $info[
'type'] ===
'tar' ) {
447 $knownKeys[] = $this->cacheKey( $info[
'src'], $info[
'integrity'], $module );
448 } elseif ( $info[
'type'] ===
'multi-file' ) {
449 foreach ( $info[
'files'] as $file ) {
450 $knownKeys[] = $this->cacheKey( $file[
'src'], $file[
'integrity'], $module );
454 foreach ( glob(
"{$this->cacheDir}/*" ) as $cacheFile ) {
455 if ( !in_array( basename( $cacheFile,
'.data' ), $knownKeys ) ) {
456 unlink( $cacheFile );
465 private function validateLicense( $moduleName, $info ) {
466 if ( !isset( $info[
'license'] ) || !is_string( $info[
'license'] ) ) {
467 throw new LogicException(
468 "Module '$moduleName' needs a valid SPDX license; no license is currently present"
471 $licenses =
new SpdxLicenses();
472 if ( !$licenses->validate( $info[
'license'] ) ) {
474 "Module '$moduleName' has an invalid SPDX license identifier '{$info['license']}', "
475 .
"see <https://spdx.org/licenses/>.\n"