~/.cargo/config.toml):
cargo.install = To install the package using Cargo, run the following command:
cargo.documentation = For more information on the Cargo registry, see the documentation.
diff --git a/public/img/svg/gitea-arch.svg b/public/img/svg/gitea-arch.svg
new file mode 100644
index 0000000000..ac50ffdf26
--- /dev/null
+++ b/public/img/svg/gitea-arch.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go
index fa7f66f3ab..bbc6ce2782 100644
--- a/routers/api/packages/api.go
+++ b/routers/api/packages/api.go
@@ -15,6 +15,7 @@ import (
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/web"
"code.gitea.io/gitea/routers/api/packages/alpine"
+ "code.gitea.io/gitea/routers/api/packages/arch"
"code.gitea.io/gitea/routers/api/packages/cargo"
"code.gitea.io/gitea/routers/api/packages/chef"
"code.gitea.io/gitea/routers/api/packages/composer"
@@ -752,3 +753,16 @@ func ContainerRoutes() *web.Route {
return r
}
+
+// Routes for arch packages.
+func ArchRoutes() *web.Route {
+ r := web.NewRoute()
+
+ r.Use(context.PackageContexter())
+
+ r.Put("/push", arch.Push)
+ r.Get("/{distro}/{arch}/{owner}/{file}", arch.Get)
+ r.Get("/{distro}/{arch}/{file}", arch.Get)
+
+ return r
+}
diff --git a/routers/api/packages/arch/arch.go b/routers/api/packages/arch/arch.go
new file mode 100644
index 0000000000..1948bbee07
--- /dev/null
+++ b/routers/api/packages/arch/arch.go
@@ -0,0 +1,416 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package arch
+
+import (
+ "bytes"
+ "encoding/hex"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "os"
+ "path"
+ "strings"
+
+ "code.gitea.io/gitea/models/db"
+ packages_model "code.gitea.io/gitea/models/packages"
+ repo_model "code.gitea.io/gitea/models/repo"
+ "code.gitea.io/gitea/modules/context"
+ "code.gitea.io/gitea/modules/json"
+ packages_module "code.gitea.io/gitea/modules/packages"
+ arch_module "code.gitea.io/gitea/modules/packages/arch"
+ "code.gitea.io/gitea/modules/setting"
+ "code.gitea.io/gitea/modules/timeutil"
+ "code.gitea.io/gitea/routers/api/packages/helper"
+ packages_service "code.gitea.io/gitea/services/packages"
+
+ "github.com/ProtonMail/gopenpgp/v2/crypto"
+ "github.com/google/uuid"
+)
+
+// Push new package to arch package registry.
+func Push(ctx *context.Context) {
+ // Creating connector that will help with keys/blobs.
+ connector := Connector{ctx: ctx}
+
+ // Getting some information related to package from headers.
+ filename := ctx.Req.Header.Get("filename")
+ email := ctx.Req.Header.Get("email")
+ sign := ctx.Req.Header.Get("sign")
+ owner := ctx.Req.Header.Get("owner")
+ distro := ctx.Req.Header.Get("distro")
+
+ // Decoding package signature.
+ sigdata, err := hex.DecodeString(sign)
+ if err != nil {
+ apiError(ctx, http.StatusBadRequest, err)
+ return
+ }
+ pgpsig := crypto.NewPGPSignature(sigdata)
+
+ // Validating that user is allowed to push to specified namespace.
+ err = connector.ValidateNamespace(owner, email)
+ if err != nil {
+ apiError(ctx, http.StatusBadRequest, err)
+ return
+ }
+
+ // Getting GPG keys related to specific user. After keys have been recieved,
+ // this function will find one key related to email provided in request.
+ armoredKeys, err := connector.GetValidKeys(email)
+ if err != nil {
+ apiError(ctx, http.StatusBadRequest, err)
+ return
+ }
+ var matchedKeyring *crypto.KeyRing
+ for _, armor := range armoredKeys {
+ pgpkey, err := crypto.NewKeyFromArmored(armor)
+ if err != nil {
+ apiError(ctx, http.StatusBadRequest, err)
+ return
+ }
+ keyring, err := crypto.NewKeyRing(pgpkey)
+ if err != nil {
+ apiError(ctx, http.StatusBadRequest, err)
+ return
+ }
+ for _, idnt := range keyring.GetIdentities() {
+ if idnt.Email == email {
+ matchedKeyring = keyring
+ break
+ }
+ }
+ if matchedKeyring != nil {
+ break
+ }
+ }
+ if matchedKeyring == nil {
+ msg := "GPG key related to " + email + " not found"
+ apiError(ctx, http.StatusBadRequest, msg)
+ return
+ }
+
+ // Read package to memory and create plain GPG message to validate signature.
+ pkgdata, err := io.ReadAll(ctx.Req.Body)
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+ defer ctx.Req.Body.Close()
+
+ pgpmes := crypto.NewPlainMessage(pkgdata)
+
+ // Validate package signature with user's GPG key related to his email.
+ err = matchedKeyring.VerifyDetached(pgpmes, pgpsig, crypto.GetUnixTime())
+ if err != nil {
+ apiError(ctx, http.StatusUnauthorized, "unable to validate package signature")
+ return
+ }
+
+ // Create temporary directory for arch database operations.
+ tmpdir := path.Join(setting.Repository.Upload.TempPath, uuid.New().String())
+ err = os.MkdirAll(tmpdir, os.ModePerm)
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, "unable to create tmp path")
+ return
+ }
+ defer os.RemoveAll(tmpdir)
+
+ // Parse metadata contained in arch package archive.
+ md, err := arch_module.EjectMetadata(filename, setting.Domain, pkgdata)
+ if err != nil {
+ apiError(ctx, http.StatusBadRequest, err)
+ return
+ }
+
+ // Arch database related filenames, pathes and folders.
+ dbname := Join(owner, distro, setting.Domain, "db.tar.gz")
+ dbpath := path.Join(tmpdir, dbname)
+ dbfolder := path.Join(tmpdir, dbname) + ".folder"
+ dbsymlink := strings.TrimSuffix(dbname, ".tar.gz")
+ dbsymlinkpath := path.Join(tmpdir, dbsymlink)
+
+ // Get existing arch package database, related to specific userspace from
+ // file storage, and save it on disk, then unpack it's contents to related
+ // folder. If database is not found in storage, create empty directory to
+ // store package related information.
+ dbdata, err := connector.Get(dbname)
+ if err == nil {
+ err = os.WriteFile(dbpath, dbdata, os.ModePerm)
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+ err = arch_module.UnpackDb(dbpath, dbfolder)
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+ }
+ if err != nil {
+ err = os.MkdirAll(dbfolder, os.ModePerm)
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+ }
+
+ // Update database folder with metadata for new package.
+ err = md.PutToDb(dbfolder, os.ModePerm)
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+
+ // Create database archive and related symlink.
+ err = arch_module.PackDb(dbfolder, dbpath)
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+
+ // Save namespace related arch repository database.
+ f, err := os.Open(dbpath)
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+ defer f.Close()
+ dbfi, err := f.Stat()
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+ err = connector.Save(dbname, f, dbfi.Size())
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+
+ // Save namespace related arch repository db archive.
+ f, err = os.Open(dbsymlinkpath)
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+ defer f.Close()
+ dbarchivefi, err := f.Stat()
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+ err = connector.Save(dbsymlink, f, dbarchivefi.Size())
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+
+ // Create package in database.
+ pkg, err := packages_model.TryInsertPackage(ctx, &packages_model.Package{
+ OwnerID: connector.user.ID,
+ Type: packages_model.TypeArch,
+ Name: md.Name,
+ LowerName: strings.ToLower(md.Name),
+ })
+ if errors.Is(err, packages_model.ErrDuplicatePackage) {
+ pkg, err = packages_model.GetPackageByName(
+ ctx, connector.user.ID,
+ packages_model.TypeArch, md.Name,
+ )
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+ }
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+
+ // Check if repository for package with provided owner exists.
+ repo, err := repo_model.GetRepositoryByOwnerAndName(ctx, owner, md.Name)
+ if err == nil {
+ err = packages_model.SetRepositoryLink(ctx, pkg.ID, repo.ID)
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+ }
+
+ // Create new package version in database.
+ rawjsonmetadata, err := json.Marshal(&md)
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+
+ ver, err := packages_model.GetOrInsertVersion(ctx, &packages_model.PackageVersion{
+ PackageID: pkg.ID,
+ CreatorID: connector.user.ID,
+ Version: md.Version,
+ LowerVersion: strings.ToLower(md.Version),
+ CreatedUnix: timeutil.TimeStampNow(),
+ MetadataJSON: string(rawjsonmetadata),
+ })
+ if err != nil {
+ if errors.Is(err, packages_model.ErrDuplicatePackageVersion) {
+ apiError(ctx, http.StatusConflict, err)
+ return
+ }
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+
+ // Create package blob and db file for package file.
+ pkgreader := bytes.NewReader(pkgdata)
+ fbuf, err := packages_module.CreateHashedBufferFromReader(pkgreader)
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+ defer fbuf.Close()
+
+ filepb, ok, err := packages_model.GetOrInsertBlob(
+ ctx, packages_service.NewPackageBlob(fbuf),
+ )
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, fmt.Errorf("%v %t", err, ok))
+ return
+ }
+ err = connector.Save(filepb.HashSHA256, fbuf, filepb.Size)
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+
+ _, err = packages_model.TryInsertFile(ctx, &packages_model.PackageFile{
+ VersionID: ver.ID,
+ BlobID: filepb.ID,
+ Name: filename,
+ LowerName: strings.ToLower(filename),
+ CompositeKey: distro + "-" + filename,
+ IsLead: true,
+ CreatedUnix: timeutil.TimeStampNow(),
+ })
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+
+ // Create package blob for package signature.
+ sigreader := bytes.NewReader(sigdata)
+ sbuf, err := packages_module.CreateHashedBufferFromReader(sigreader)
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+ defer fbuf.Close()
+
+ sigpb, ok, err := packages_model.GetOrInsertBlob(
+ ctx, packages_service.NewPackageBlob(sbuf),
+ )
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, fmt.Errorf("%v %t", err, ok))
+ return
+ }
+ err = connector.Save(sigpb.HashSHA256, sbuf, sigpb.Size)
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+
+ _, err = packages_model.TryInsertFile(ctx, &packages_model.PackageFile{
+ VersionID: ver.ID,
+ BlobID: sigpb.ID,
+ Name: filename + ".sig",
+ LowerName: strings.ToLower(filename + ".sig"),
+ CompositeKey: distro + "-" + filename + ".sig",
+ IsLead: false,
+ CreatedUnix: timeutil.TimeStampNow(),
+ })
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+
+ ctx.Status(http.StatusOK)
+}
+
+// Get file from arch package registry.
+func Get(ctx *context.Context) {
+ filename := ctx.Params("file")
+ owner := ctx.Params("owner")
+ distro := ctx.Params("distro")
+ // arch := ctx.Params("arch")
+
+ cs := packages_module.NewContentStore()
+
+ if strings.HasSuffix(filename, "tar.zst") ||
+ strings.HasSuffix(filename, "zst.sig") {
+ db := db.GetEngine(ctx)
+
+ pkgfile := &packages_model.PackageFile{
+ CompositeKey: distro + "-" + filename,
+ }
+ ok, err := db.Get(pkgfile)
+ if err != nil || !ok {
+ apiError(
+ ctx, http.StatusInternalServerError,
+ fmt.Errorf("%+v %t", err, ok),
+ )
+ return
+ }
+
+ blob, err := packages_model.GetBlobByID(ctx, pkgfile.BlobID)
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+
+ obj, err := cs.Get(packages_module.BlobHash256Key(blob.HashSHA256))
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+
+ data, err := io.ReadAll(obj)
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+
+ _, err = ctx.Resp.Write(data)
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+ ctx.Resp.WriteHeader(http.StatusOK)
+
+ return
+ }
+ obj, err := cs.Get(packages_module.BlobHash256Key(Join(owner, distro, filename)))
+ if err != nil {
+ apiError(ctx, http.StatusNotFound, err)
+ }
+
+ data, err := io.ReadAll(obj)
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+
+ _, err = ctx.Resp.Write(data)
+ if err != nil {
+ apiError(ctx, http.StatusInternalServerError, err)
+ return
+ }
+ ctx.Resp.WriteHeader(http.StatusOK)
+}
+
+func apiError(ctx *context.Context, status int, obj interface{}) {
+ helper.LogAndProcessError(ctx, status, obj, func(message string) {
+ ctx.PlainText(status, message)
+ })
+}
diff --git a/routers/api/packages/arch/connector.go b/routers/api/packages/arch/connector.go
new file mode 100644
index 0000000000..e19215c5a1
--- /dev/null
+++ b/routers/api/packages/arch/connector.go
@@ -0,0 +1,133 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package arch
+
+import (
+ "errors"
+ "io"
+
+ "code.gitea.io/gitea/models/asymkey"
+ "code.gitea.io/gitea/models/db"
+ organization_model "code.gitea.io/gitea/models/organization"
+ user_model "code.gitea.io/gitea/models/user"
+ "code.gitea.io/gitea/modules/context"
+ "code.gitea.io/gitea/modules/log"
+ packages_module "code.gitea.io/gitea/modules/packages"
+)
+
+// Connector helps to retrieve GPG keys related to package validation and
+// manage blobs related to specific user spaces:
+// 1 - Check if user is allowed to push package to specific namespace.
+// 2 - Retrieving GPG keys related to provided email.
+// 3 - Get/put arch arch package/signature/database files to connected file
+// storage.
+type Connector struct {
+ ctx *context.Context
+ user *user_model.User
+ org *organization_model.Organization
+}
+
+// This function will find user related to provided email adress and check if
+// he is able to push packages to provided namespace (user/organization/or
+// empty namespace allowed for admin users).
+func (c *Connector) ValidateNamespace(namespace, email string) error {
+ var err error
+ c.user, err = user_model.GetUserByEmail(c.ctx, email)
+ if err != nil {
+ log.Error("unable to get user with email: %s %v", email, err)
+ return err
+ }
+
+ if namespace == "" && c.user.IsAdmin {
+ c.org = (*organization_model.Organization)(c.user)
+ return nil
+ }
+
+ if c.user.Name != namespace && c.org == nil {
+ c.org, err = organization_model.GetOrgByName(c.ctx, namespace)
+ if err != nil {
+ log.Error("unable to organization: %s %v", namespace, err)
+ return err
+ }
+ ismember, err := c.org.IsOrgMember(c.user.ID)
+ if err != nil {
+ log.Error(
+ "unable to check if user belongs to organization: %s %s %v",
+ c.user.Name, email, err,
+ )
+ return err
+ }
+ if !ismember {
+ log.Error("user %s is not member of organization: %s", c.user.Name, email)
+ return errors.New("user is not member of organization: " + namespace)
+ }
+ } else {
+ c.org = (*organization_model.Organization)(c.user)
+ }
+ return nil
+}
+
+// This function will try to find user related to specific email. And check
+// that user is allowed to push to 'owner' namespace (package owner, could
+// be empty, user or organization).
+// After namespace check, this function
+func (c *Connector) GetValidKeys(email string) ([]string, error) {
+ keys, err := asymkey.ListGPGKeys(c.ctx, c.user.ID, db.ListOptions{
+ ListAll: true,
+ })
+ if err != nil {
+ log.Error("unable to get keys related to user: %v", err)
+ return nil, errors.New("unable to get public keys")
+ }
+ if len(keys) == 0 {
+ log.Error("no keys related to user")
+ return nil, errors.New("no keys for user with email: " + email)
+ }
+
+ var keyarmors []string
+ for _, key := range keys {
+ k, err := asymkey.GetGPGImportByKeyID(key.KeyID)
+ if err != nil {
+ log.Error("unable to import GPG key by ID: %v", err)
+ return nil, errors.New("internal error")
+ }
+ keyarmors = append(keyarmors, k.Content)
+ }
+
+ return keyarmors, nil
+}
+
+// Get specific file content from content storage.
+func (c *Connector) Get(key string) ([]byte, error) {
+ cs := packages_module.NewContentStore()
+ obj, err := cs.Get(packages_module.BlobHash256Key(key))
+ if err != nil {
+ return nil, err
+ }
+ return io.ReadAll(obj)
+}
+
+// Save contents related to specific arch package.
+func (c *Connector) Save(key string, content io.Reader, size int64) error {
+ cs := packages_module.NewContentStore()
+ return cs.Save(packages_module.BlobHash256Key(key), content, size)
+}
+
+// Join database or package names to prevent collisions with same packages in
+// different user spaces. Skips empty strings and returns name joined with
+// dots.
+func Join(s ...string) string {
+ rez := ""
+ for i, v := range s {
+ if v == "" {
+ continue
+ }
+ if i+1 == len(s) {
+ rez += v
+ continue
+ }
+ rez += v + "."
+ }
+ return rez
+}
diff --git a/routers/init.go b/routers/init.go
index 54e8d2b8b3..668efdcb85 100644
--- a/routers/init.go
+++ b/routers/init.go
@@ -190,6 +190,8 @@ func NormalRoutes() *web.Route {
r.Mount("/api/packages", packages_router.CommonRoutes())
// This implements the OCI API (Note this is not preceded by /api but is instead /v2)
r.Mount("/v2", packages_router.ContainerRoutes())
+ // Arch package routes
+ r.Mount("/api/packages/arch", packages_router.ArchRoutes())
}
if setting.Actions.Enabled {
diff --git a/templates/package/content/arch.tmpl b/templates/package/content/arch.tmpl
new file mode 100644
index 0000000000..0ecce35509
--- /dev/null
+++ b/templates/package/content/arch.tmpl
@@ -0,0 +1,105 @@
+{{if eq .PackageDescriptor.Package.Type "arch"}}
+ [{{.PackageDescriptor.Owner.LowerName}}.{{.PackageDescriptor.Metadata.BaseDomain}}]
+Server = https://{{.PackageDescriptor.Metadata.BaseDomain}}/api/packages/arch/(distribution)/(architecture)/{{.PackageDescriptor.Owner.LowerName}}pacman -S {{.PackageDescriptor.Package.LowerName}}Description |
+ {{.PackageDescriptor.Metadata.Description}} | +
Compressed size |
+ {{.PackageDescriptor.Metadata.CompressedSizeMib}} | +
Installed size |
+ {{.PackageDescriptor.Metadata.InstalledSizeMib}} | +
Official URL |
+ {{.PackageDescriptor.Metadata.URL}} | +
Build date |
+ {{.PackageDescriptor.Metadata.BuildDateStr}} | +
Packager |
+ {{.PackageDescriptor.Metadata.Packager}} | +
Provides |
+ {{$key}} | +
Architecture |
+ {{$key}} | +
Depends |
+ {{$key}} | +
Optional depends |
+ {{$key}} | +
Make depends |
+ {{$key}} | +
Check depends |
+ {{$key}} | +
Backup file |
+ {{$key}} | +