1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
|
#!/usr/bin/luajit
-- version 0.7
-- https://aur.archlinux.org/packages/check-pacman-mtree/
--require "strict"
local ffi = require "ffi"
local C = ffi.C
local libcrypto = ffi.load("crypto")
local libz = ffi.load("z")
local function hex_from_ffi_str(s,n)
return string.format(string.rep('%02x',n), string.byte(ffi.string(s,n),1,n))
end
local function C_error(str)
return string.format(str .. ': %s', ffi.string(C.strerror(ffi.errno())))
end
ffi.cdef[[
static const int LINE_SIZE = 1024;
static const int BUFFER_SIZE = 32768;
//libc start
static const int O_RDONLY = 0;
static const int SEEK_SET = 0;
static const int SEEK_END = 2;
static const int ENOENT = 2;
char *strerror(int);
int open (const char *, int, ...);
int read(int , void *, int);
int close(int);
int lseek(int , int , int );
int readlink(const char *, char *,int);
//libc stop
//openssl start
static const int EVP_MAX_MD_SIZE = 64;
void *EVP_md5(void);
void *EVP_sha256(void);
void *EVP_MD_CTX_create(void);
int EVP_DigestInit(void *, void *);
int EVP_DigestUpdate(void *,const void *,int);
int EVP_DigestFinal_ex(void *,unsigned char *,unsigned int *);
void EVP_MD_CTX_destroy(void *);
void EVP_cleanup(void);
//openssl stop
//zlib start
void * gzopen (const char *, const char *);
int gzclose (void * );
char * gzgets (void * , char *, int );
//zlib stop
]]
local function printf_(...)
return io.write(string.format(...),"\n")
end
-- if size matches we will not do md5/sha256
-- set size to -1 to force MD
local function get_size_md5_sha256(file,size)
local fh,mdctx_md5,mdctx_sha256
local fs_size,ret_2,ret_3
do
fh = C.open(file,C.O_RDONLY)
if fh == -1 then return nil,C_error("open " .. file),ffi.errno() end
fs_size = C.lseek(fh,0,C.SEEK_END)
if size ~= -1 and fs_size ~= size then goto clean_up_short end
--goto clean_up_short
C.lseek(fh,0,C.SEEK_SET)
mdctx_md5 = libcrypto.EVP_MD_CTX_create()
mdctx_sha256 = libcrypto.EVP_MD_CTX_create()
if mdctx_md5 == nil or mdctx_sha256 == nil then
ret_2 = "libcrypto.EVP_MD_CTX_create md5/sha256 failed " .. file
goto clean_up
end
local md_value_md5 = ffi.new("char[?]",C.EVP_MAX_MD_SIZE)
local md_value_sha256 = ffi.new("char[?]",C.EVP_MAX_MD_SIZE)
local md_len_md5 = ffi.new("int[1]")
local md_len_sha256 = ffi.new("int[1]")
local buffer = ffi.new("char[?]",C.BUFFER_SIZE)
if md_value_md5 == nil or md_value_sha256 == nil or md_len_md5 == nil or
md_len_sha256 == nil or buffer == nil then
ret_2 = "ffi.new failed " ..file
goto clean_up
end
if libcrypto.EVP_DigestInit(mdctx_md5, libcrypto.EVP_md5()) ~= 1 or
libcrypto.EVP_DigestInit(mdctx_sha256, libcrypto.EVP_sha256()) ~= 1 then
ret_2 = "libcrypto.EVP_DigestInit md5/sha256 failed " .. file
goto clean_up
end
while (1) do
local n = C.read(fh,buffer, C.BUFFER_SIZE)
--we should make something better for read ret < 0
if n <= 0 then break end
if libcrypto.EVP_DigestUpdate(mdctx_md5,buffer,n) ~= 1 or
libcrypto.EVP_DigestUpdate(mdctx_sha256,buffer,n) ~= 1 then
ret_2 = "libcrypto.EVP_DigestUpdate md5/sha256 failed " .. file
goto clean_up
end
end
if libcrypto.EVP_DigestFinal_ex(mdctx_md5, md_value_md5, md_len_md5) ~= 1 or
libcrypto.EVP_DigestFinal_ex(mdctx_sha256, md_value_sha256, md_len_sha256) ~= 1 then
ret_2 = "libcrypto.EVP_DigestFinal_ex md5/sha256 failed " .. file
goto clean_up
end
ret_2,ret_3 = hex_from_ffi_str(md_value_md5,md_len_md5[0]),hex_from_ffi_str(md_value_sha256,md_len_sha256[0])
end
::clean_up::
if mdctx_md5 ~= nil then libcrypto.EVP_MD_CTX_destroy(mdctx_md5) end
if mdctx_sha256 ~= nil then libcrypto.EVP_MD_CTX_destroy(mdctx_sha256) end
::clean_up_short::
if fh >= 0 then C.close(fh) end
return fs_size,ret_2,ret_3
end
local function get_symlink(file)
local line = ffi.new("char[?]",C.LINE_SIZE)
if line == nil then return nil,"ffi.new failed " ..file end
local size = C.readlink(file,line,C.LINE_SIZE-1)
if size == -1 then return nil,C_error("readlink " .. file),ffi.errno() end
return ffi.string(line,size)
end
local function check_1_mtree_file(pkg,fs_root,verbose,file)
local line = ffi.new("char[?]",C.LINE_SIZE)
if line == nil then return nil,"ffi.new failed " ..file end
local gz_fh = libz.gzopen(file,"r")
if gz_fh == nil then return nil,C_error("gzopen " .. file) end
--libz.gzbuffer(gz_fh,65536)
local file,root_file,size,md5,sha256
local fs_size,symlink_linkto,link_fs
local status,msg,aaa,bbb
local l_line
while(1) do
if libz.gzgets(gz_fh,line,C.LINE_SIZE) == nil then break end
l_line = ffi.string(line)
file,size,md5,sha256 = string.match(l_line, "^(%S+) .* size=(%S+) md5digest=(%S+) sha256digest=(%S+)")
if file and size and md5 and sha256 then
if size then size=tonumber(size) end
else
file,symlink_linkto = string.match(l_line,"^(%S+) .* type=link link=(.*)%s$")
if file and symlink_linkto then
--printf_("symlink_name=%s symlink_linkto=%s",file,symlink_linkto)
symlink_linkto = string.gsub(symlink_linkto,"\\%d%d%d",
function(str) return string.char(tonumber(string.sub(str,2,-1),8)) end
)
else goto continue
end
end
--print (file,size,md5,sha256)
file = string.gsub(file,"^%./","",1)
if file == '.PKGINFO' or file == '.INSTALL' or file == '.CHANGELOG' then
goto continue
end
file = string.gsub(file,"\\%d%d%d",
function(str) return string.char(tonumber(string.sub(str,2,-1),8)) end
)
--print (file,size,md5,sha256)
root_file = fs_root .. file
if not size then
--goto continue
-- we are here so this is not a file, so maybe symlink or other type
link_fs,aaa,bbb = get_symlink(root_file)
-- status is nil so in aaa we have str_err and in bbb we have C.errno
if link_fs == nil then
if(bbb == C.ENOENT) then
--if(string.match(msg,"No such file")) then
if verbose > 0 then
printf_("EXTRA_MTREE pkg=%s symlink=%s link=%s",pkg,file,symlink_linkto)
else
printf_("EXTRA_MTREE pkg=%s symlink=%s",pkg,file)
end
else
printf_("FAIL check_symlink %s",aaa)
end
else
if link_fs ~= symlink_linkto then
if verbose > 0 then
printf_("DIFF pkg=%s symlink=%s link_mtree=%s link_fs=%s",pkg,file,symlink_linkto,link_fs)
else
printf_("DIFF pkg=%s symlink=%s",pkg,file)
end
end
end
goto continue
end
-- here we are in type=file case
-- goto continue
if verbose > 0 then fs_size,aaa,bbb = get_size_md5_sha256(root_file,-1)
else fs_size,aaa,bbb = get_size_md5_sha256(root_file,size)
end
if not fs_size then
-- fs_size is nil so in aaa we have str_err and in bbb we have C.errno
if(bbb == C.ENOENT) then
--if(string.match(msg,"No such file")) then
if verbose > 0 then
printf_("EXTRA_MTREE pkg=%s file=%s size_mtree=%s md5_mtree=%s sha256_mtree=%s",pkg,file,size,md5,sha256)
else
printf_("EXTRA_MTREE pkg=%s file=%s",pkg,file)
end
else
printf_("FAIL get_size_md5_sha256 %s",aaa)
end
goto continue
end
--print(file,type(size),size,type(fs_size),fs_size,aaa,bbb)
if fs_size ~= size or aaa ~= md5 or bbb ~= sha256 then
if verbose > 0 then
printf_("DIFF pkg=%s file=%s size_mtree=%d size_fs=%d md5_mtree=%s md5_fs=%s sha256_mtree=%s sha256_fs=%s",pkg,file,size,fs_size,md5,aaa,sha256,bbb)
else
printf_("DIFF pkg=%s file=%s",pkg,file)
end
goto continue
end
--printf_("MATCH pkg=%s file=%s",pkg,file)
--C.printf("LINE %s",line)
::continue::
end
libz.gzclose(ffi.gc(gz_fh,nil))
return true
end
local function main(arg)
local mtree_root = "/var/lib/pacman/local"
local fs_root = "/"
local pacman_list_pkg = "pacman -Q"
local msg
local check_all_pkgs = false
local verbose = 0
if not arg[1] then
print("usage: " .. arg[0] .. " [ -a | pkg1 pkg2...] [-v | -vv] )")
print("-a = all pkgs")
print("-v = verbose(include size/md5/sha256)")
print("-vv = even more verbose(show PKG= lines)")
--printf_("%c%c%c@%04x.%c%c%c",99,103,109,255,110,101,116)
return -1
end
for i,v in pairs(arg) do
if i < 1 then goto continue end
if v == '-v' then
verbose = verbose + 1
arg[i] = nil
elseif v == '-vv' then
verbose = verbose + 2
arg[i] = nil
elseif v == '-a' then
check_all_pkgs = true
elseif v == '-av' then
check_all_pkgs = true
verbose = verbose + 1
elseif v == '-avv' then
check_all_pkgs = true
verbose = verbose + 2
end
::continue::
end
--local file = io.stdin
--if arg[1] and arg[1] ~= '-' then
-- file,msg = io.open (arg[1])
-- assert(file,msg)
--end
local fh_cmd,msg = io.popen(pacman_list_pkg,"r")
if not fh_cmd then
printf_("pacman cmd error %s",msg)
return
end
for pkg in fh_cmd:lines() do
--for pkg in io.stdin:lines() do
--for pkg in lfs.dir(mtree_root) do
if pkg == "." or pkg == ".." then goto continue end
if not check_all_pkgs then
local match = false
for i,k in pairs(arg) do
if i >= 1 and string.match(pkg,k) then
match = true
break
end
end
if not match then goto continue end
end
pkg = string.gsub(pkg," ","-")
--local pkg,ver = string.match(line, "^(%S+) (%S+)")
if verbose > 1 then printf_("PKG=%s",pkg) end
local ret,msg = check_1_mtree_file(pkg,fs_root,verbose,string.format("%s/%s/mtree",mtree_root,pkg))
if not ret then printf_("FAIL mtree_file pkg=%s %s",pkg,msg) end
::continue::
end
fh_cmd:close()
--if file ~= io.stdin then file:close() end
libcrypto.EVP_cleanup()
end
-----------------------------------------------------------
-----------------------------------------------------------
--print(check_symlink(arg[1],arg[2]))
--print(get_openssl_evp_md5_sha256_for_file(arg[1]))
return main(arg)
|
