Rev 652 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
647 | daniel-mar | 1 | #!/usr/bin/env php |
2 | <?php |
||
3 | |||
4 | /* |
||
5 | * OIDplus 2.0 |
||
6 | * Copyright 2019 - 2021 Daniel Marschall, ViaThinkSoft |
||
7 | * |
||
8 | * Licensed under the Apache License, Version 2.0 (the "License"); |
||
9 | * you may not use this file except in compliance with the License. |
||
10 | * You may obtain a copy of the License at |
||
11 | * |
||
12 | * http://www.apache.org/licenses/LICENSE-2.0 |
||
13 | * |
||
14 | * Unless required by applicable law or agreed to in writing, software |
||
15 | * distributed under the License is distributed on an "AS IS" BASIS, |
||
16 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||
17 | * See the License for the specific language governing permissions and |
||
18 | * limitations under the License. |
||
19 | */ |
||
20 | |||
21 | // This script will be called at the ViaThinkSoft server side |
||
22 | |||
651 | daniel-mar | 23 | // Generate keypair with: |
24 | // openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:8192 |
||
25 | // openssl rsa -pubout -in private.pem -out public.pem |
||
26 | |||
647 | daniel-mar | 27 | $argc = $_SERVER['argc']; // to please Eclipse for PHP |
28 | $argv = $_SERVER['argv']; // to please Eclipse for PHP |
||
29 | |||
30 | if (PHP_SAPI != 'cli') { |
||
31 | die("This file can only be invoked in CLI mode.\n"); |
||
32 | } |
||
33 | |||
651 | daniel-mar | 34 | if ($argc != 4) { |
35 | echo "Usage: ".$argv[0]." <targetpath> <privkey> <force(1|0)>\n"; |
||
647 | daniel-mar | 36 | exit(2); |
37 | } |
||
38 | |||
39 | $output_dir = $argv[1]; |
||
651 | daniel-mar | 40 | $priv_key = $argv[2]; |
41 | $force = $argv[3]; |
||
647 | daniel-mar | 42 | |
43 | if (!is_dir($output_dir)) { |
||
44 | echo "Path $output_dir does not exist!\n"; |
||
45 | exit(1); |
||
46 | } |
||
47 | |||
651 | daniel-mar | 48 | if (!file_exists($priv_key)) { |
49 | echo "Private key file $priv_key does not exist!\n"; |
||
50 | exit(1); |
||
51 | } |
||
52 | |||
53 | if (($force != '1') && ($force != '0')) { |
||
54 | echo "Argument 'force' must be 0 or 1\n"; |
||
55 | exit(1); |
||
56 | } |
||
57 | |||
647 | daniel-mar | 58 | $outscript = ''; |
59 | |||
60 | function getDirContents_del($dir_old, $dir_new, $basepath_old=null, $basepath_new=null) { |
||
61 | global $outscript; |
||
62 | |||
63 | if (is_null($basepath_old)) $basepath_old = $dir_old; |
||
64 | $basepath_old = realpath($basepath_old) . DIRECTORY_SEPARATOR; |
||
65 | if ($basepath_old == '/') die('ARG'); |
||
66 | |||
67 | $dir_old = realpath($dir_old) . DIRECTORY_SEPARATOR; |
||
68 | $dir_new = realpath($dir_new) . DIRECTORY_SEPARATOR; |
||
69 | $files_old = scandir($dir_old); |
||
70 | $files_new = scandir($dir_new); |
||
71 | |||
72 | foreach ($files_old as $file_old) { |
||
73 | if ($file_old === '.') continue; |
||
74 | if ($file_old === '..') continue; |
||
75 | if ($file_old === '.svn') continue; |
||
76 | if ($file_old === '.git') continue; |
||
77 | |||
78 | $path_old = realpath($dir_old . DIRECTORY_SEPARATOR . $file_old); |
||
79 | $path_new = realpath($dir_new . DIRECTORY_SEPARATOR . $file_old); |
||
80 | |||
81 | $xpath_old = substr($path_old, strlen($basepath_old)); |
||
82 | |||
83 | if (is_dir($path_old)) { |
||
84 | getDirContents_del($path_old, $path_new, $basepath_old, $basepath_new); |
||
85 | } |
||
86 | |||
87 | if (is_dir($path_old) && !is_dir($path_new)) { |
||
88 | $outscript .= "// Dir deleted: $xpath_old\n"; |
||
89 | $outscript .= "@rmdir('$xpath_old');\n"; |
||
90 | $outscript .= "if (is_dir('$xpath_old'))\n\twarn('Directory could not be deleted (was not empty?): $xpath_old');\n\n"; |
||
91 | |||
92 | } else if (file_exists($path_old) && !file_exists($path_new)) { |
||
93 | $outscript .= "// File deleted: $xpath_old\n"; |
||
94 | $outscript .= "@unlink('$xpath_old');\n"; |
||
95 | $outscript .= "if (file_exists('$xpath_old'))\n\twarn('File could not be deleted: $xpath_old');\n\n"; |
||
96 | } |
||
97 | } |
||
98 | } |
||
99 | |||
100 | function getDirContents_diff($dir_old, $dir_new, $basepath_old=null, $basepath_new=null) { |
||
101 | global $outscript; |
||
102 | |||
103 | if (is_null($basepath_old)) $basepath_old = $dir_old; |
||
104 | $basepath_old = realpath($basepath_old) . DIRECTORY_SEPARATOR; |
||
105 | if ($basepath_old == '/') die('ARG'); |
||
106 | |||
107 | $dir_old = realpath($dir_old) . DIRECTORY_SEPARATOR; |
||
108 | $dir_new = realpath($dir_new) . DIRECTORY_SEPARATOR; |
||
109 | $files_old = scandir($dir_old); |
||
110 | $files_new = scandir($dir_new); |
||
111 | |||
112 | foreach ($files_old as $file_old) { |
||
113 | if ($file_old === '.') continue; |
||
114 | if ($file_old === '..') continue; |
||
115 | if ($file_old === '.svn') continue; |
||
116 | if ($file_old === '.git') continue; |
||
117 | |||
118 | $path_old = realpath($dir_old . DIRECTORY_SEPARATOR . $file_old); |
||
119 | $path_new = realpath($dir_new . DIRECTORY_SEPARATOR . $file_old); |
||
120 | |||
121 | $xpath_old = substr($path_old, strlen($basepath_old)); |
||
122 | |||
123 | if (file_exists($path_old) && file_exists($path_new)) { |
||
124 | if (file_get_contents($path_old) != file_get_contents($path_new)) { |
||
125 | $outscript .= "// Files different: $xpath_old\n"; |
||
126 | $outscript .= "if (@sha1_file('$xpath_old') !== '".sha1_file($path_old)."')\n\twarn('File was probably modified. Will overwrite the changes now: $xpath_old');\n"; |
||
127 | $outscript .= "@file_put_contents('$xpath_old', base64_decode('".base64_encode(file_get_contents($path_new))."'));\n"; |
||
128 | $outscript .= "if (@sha1_file('$xpath_old') !== '".sha1_file($path_new)."')\n\twarn('File cannot be written (checksum mismatch): $xpath_old');\n\n"; |
||
129 | } |
||
130 | if ((fileperms($path_old) & 0777) != (fileperms($path_new) & 0777)) { |
||
131 | $outscript .= "// Different file chmod: $xpath_old\n"; |
||
132 | $outscript .= "if ((DIRECTORY_SEPARATOR === '/') && !@chmod('$xpath_old', 0".sprintf('%o', fileperms($path_new) & 0777)."))\n\twarn('Could not change file permissions of ".$xpath_old."');\n\n"; |
||
133 | } |
||
134 | } else if (is_dir($path_old) && is_dir($path_new)) { |
||
135 | if ((fileperms($path_old) & 0777) != (fileperms($path_new) & 0777)) { |
||
136 | $outscript .= "// Different dir chmod: $xpath_old\n"; |
||
137 | $outscript .= "if ((DIRECTORY_SEPARATOR === '/') && !@chmod('$xpath_old', 0".sprintf('%o', fileperms($path_new) & 0777)."))\n\twarn('Could not change dir permissions of ".$xpath_old."');\n\n"; |
||
138 | } |
||
139 | } |
||
140 | |||
141 | if (is_dir($path_old)) { |
||
142 | getDirContents_diff($path_old, $path_new, $basepath_old, $basepath_new); |
||
143 | } |
||
144 | } |
||
145 | } |
||
146 | |||
147 | function getDirContents_add($dir_old, $dir_new, $basepath_old=null, $basepath_new=null) { |
||
148 | global $outscript; |
||
149 | |||
150 | if (is_null($basepath_new)) $basepath_new = $dir_new; |
||
151 | $basepath_new = realpath($basepath_new) . DIRECTORY_SEPARATOR; |
||
152 | if ($basepath_new == '/') die('ARG'); |
||
153 | |||
154 | $dir_old = realpath($dir_old) . DIRECTORY_SEPARATOR; |
||
155 | $dir_new = realpath($dir_new) . DIRECTORY_SEPARATOR; |
||
156 | $files_old = scandir($dir_old); |
||
157 | $files_new = scandir($dir_new); |
||
158 | |||
159 | foreach ($files_new as $file_new) { |
||
160 | if ($file_new === '.') continue; |
||
161 | if ($file_new === '..') continue; |
||
162 | if ($file_new === '.svn') continue; |
||
163 | if ($file_new === '.git') continue; |
||
164 | |||
165 | $path_old = realpath($dir_old . DIRECTORY_SEPARATOR . $file_new); |
||
166 | $path_new = realpath($dir_new . DIRECTORY_SEPARATOR . $file_new); |
||
167 | |||
168 | $xpath_new = substr($path_new, strlen($basepath_new)); |
||
169 | |||
170 | if (is_dir($path_new) && !is_dir($path_old)) { |
||
171 | $outscript .= "// Dir added: $xpath_new\n"; |
||
172 | $outscript .= "@mkdir('$xpath_new');\n"; |
||
173 | $outscript .= "if (!is_dir('$xpath_new'))\n\twarn('Directory could not be created: $xpath_new');\n"; |
||
174 | $outscript .= "else if ((DIRECTORY_SEPARATOR === '/') && !@chmod('$xpath_new', 0".sprintf('%o', fileperms($path_new) & 0777)."))\n\twarn('Could not change directory permissions of ".$xpath_new."');\n\n"; |
||
175 | } else if (file_exists($path_new) && !file_exists($path_old)) { |
||
176 | $outscript .= "// File added: $xpath_new\n"; |
||
177 | $outscript .= "@file_put_contents('$xpath_new', base64_decode('".base64_encode(file_get_contents($path_new))."'));\n"; |
||
178 | $outscript .= "if (!file_exists('$xpath_new'))\n\twarn('File cannot be created (not existing): $xpath_new');\n"; |
||
179 | $outscript .= "else if (sha1_file('$xpath_new') != '".sha1_file($path_new)."')\n\twarn('File cannot be created (checksum mismatch): $xpath_new');\n"; |
||
180 | $outscript .= "else if ((DIRECTORY_SEPARATOR === '/') && !@chmod('$xpath_new', 0".sprintf('%o', fileperms($path_new) & 0777)."))\n\twarn('Could not change file permissions of ".$xpath_new."');\n\n"; |
||
181 | } |
||
182 | |||
183 | if (is_dir($path_new)) { |
||
184 | getDirContents_add($path_old, $path_new, $basepath_old, $basepath_new); |
||
185 | } |
||
186 | } |
||
187 | } |
||
188 | |||
189 | function getDirContents($dir_old, $dir_new) { |
||
190 | getDirContents_add($dir_old, $dir_new); |
||
191 | getDirContents_diff($dir_old, $dir_new); |
||
652 | daniel-mar | 192 | getDirContents_del($dir_old, $dir_new); |
647 | daniel-mar | 193 | } |
194 | |||
195 | |||
196 | $out = array(); |
||
197 | $ec = -1; |
||
198 | exec('svn info https://svn.viathinksoft.com/svn/oidplus/trunk/ | grep "Revision:" | cut -d " " -f 2', $out, $ec); |
||
199 | $max_svn = implode("", $out); |
||
200 | |||
201 | |||
202 | for ($i=2; $i<=$max_svn; $i++) { |
||
203 | echo "SVN revision $i / $max_svn\r"; |
||
204 | |||
205 | $outfile = $output_dir."/update_".($i-1)."_to_$i.txt"; |
||
651 | daniel-mar | 206 | if (!$force && file_exists($outfile)) continue; |
647 | daniel-mar | 207 | |
208 | $outdir_old = "/tmp/oidplus_svntmp2_".($i-1)."/"; |
||
209 | if (is_dir($outdir_old)) exec("rm -rf $outdir_old", $out, $ec); |
||
210 | exec("svn co https://svn.viathinksoft.com/svn/oidplus/trunk/@".($i-1)." $outdir_old", $out, $ec); |
||
211 | |||
212 | $outdir_new = "/tmp/oidplus_svntmp2_$i/"; |
||
213 | if (is_dir($outdir_new)) exec("rm -rf $outdir_new", $out, $ec); |
||
214 | exec("svn co https://svn.viathinksoft.com/svn/oidplus/trunk/@$i $outdir_new", $out, $ec); |
||
215 | |||
216 | $outscript = "<?php\n"; |
||
217 | $outscript .= "\n"; |
||
218 | $outscript .= "/*\n"; |
||
219 | $outscript .= " * OIDplus 2.0\n"; |
||
220 | $outscript .= " * Copyright 2019 - ".date('Y')." Daniel Marschall, ViaThinkSoft\n"; |
||
221 | $outscript .= " *\n"; |
||
222 | $outscript .= " * Licensed under the Apache License, Version 2.0 (the \"License\");\n"; |
||
223 | $outscript .= " * you may not use this file except in compliance with the License.\n"; |
||
224 | $outscript .= " * You may obtain a copy of the License at\n"; |
||
225 | $outscript .= " *\n"; |
||
226 | $outscript .= " * http://www.apache.org/licenses/LICENSE-2.0\n"; |
||
227 | $outscript .= " *\n"; |
||
228 | $outscript .= " * Unless required by applicable law or agreed to in writing, software\n"; |
||
229 | $outscript .= " * distributed under the License is distributed on an \"AS IS\" BASIS,\n"; |
||
230 | $outscript .= " * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n"; |
||
231 | $outscript .= " * See the License for the specific language governing permissions and\n"; |
||
232 | $outscript .= " * limitations under the License.\n"; |
||
233 | $outscript .= " */\n"; |
||
234 | $outscript .= "\n"; |
||
235 | $outscript .= "function info(\$str) { echo \"INFO: \$str\\n\"; }\n"; |
||
236 | $outscript .= "function warn(\$str) { echo \"WARNING: \$str\\n\"; }\n"; |
||
237 | $outscript .= "function err(\$str) { die(\"FATAL ERROR: \$str\\n\"); }\n"; |
||
238 | $outscript .= "\n"; |
||
652 | daniel-mar | 239 | $outscript .= "@set_time_limit(0);\n"; |
240 | $outscript .= "\n"; |
||
241 | $outscript .= "@header('Content-Type: text/plain');\n"; |
||
242 | $outscript .= "\n"; |
||
647 | daniel-mar | 243 | $outscript .= "chdir(__DIR__);\n"; |
661 | daniel-mar | 244 | if ($i >= 662) { |
245 | $outscript .= "if (trim(@file_get_contents('.version.php')) !== '<?php // Revision ".($i-1)."')\n\terr('This update can only be applied to OIDplus SVN Rev ".($i-1)."!');\n"; |
||
246 | } else { |
||
247 | $outscript .= "if (trim(@file_get_contents('oidplus_version.txt')) !== 'Revision ".($i-1)."')\n\terr('This update can only be applied to OIDplus SVN Rev ".($i-1)."!');\n"; |
||
248 | } |
||
647 | daniel-mar | 249 | $outscript .= "\n"; |
649 | daniel-mar | 250 | /* |
251 | if ($i >= 99999) { |
||
252 | ... once we require PHP 7.1, we add the requirement here |
||
253 | ... also if we require fancy new PHP modules, we must add it here |
||
254 | ... the checks avoid that someone breaks their OIDplus installation if they update |
||
255 | } else |
||
256 | */if ($i >= 2) { |
||
257 | // Rev 2+ requires PHP 7.0.0 |
||
258 | $outscript .= "if (version_compare(PHP_VERSION, '7.0.0') < 0)\n\terr('You need PHP Version 7.0 to update to this version');\n"; |
||
259 | } |
||
260 | $outscript .= "\n"; |
||
647 | daniel-mar | 261 | $outscript .= "info('Update to SVN Rev $i...');\n"; |
262 | $outscript .= "\n"; |
||
263 | getDirContents($outdir_old, $outdir_new); |
||
264 | $outscript .= "\n"; |
||
661 | daniel-mar | 265 | if ($i >= 661) { |
266 | $outscript .= "file_put_contents('.version.php', \"<?php // Revision $i\\n\");\n"; |
||
267 | $outscript .= "if (trim(@file_get_contents('.version.php')) !== '<?php // Revision $i') err('Could not write to .version.php!');\n"; |
||
268 | if ($i == 661) { |
||
269 | $outscript .= "@unlink('oidplus_version.txt');\n"; |
||
270 | $outscript .= "if (file_exists('oidplus_version.txt')) err('Could not delete oidplus_version.txt! Please delete it manually');\n"; |
||
271 | } |
||
272 | } else { |
||
273 | $outscript .= "file_put_contents('oidplus_version.txt', \"Revision $i\\n\");\n"; |
||
274 | $outscript .= "if (trim(@file_get_contents('oidplus_version.txt')) !== 'Revision $i') err('Could not write to oidplus_version.txt!');\n"; |
||
275 | } |
||
647 | daniel-mar | 276 | $outscript .= "\n"; |
277 | $outscript .= "\n"; |
||
278 | $outscript .= "info('Update to SVN Rev $i done!');\n"; |
||
279 | $outscript .= "\n"; |
||
280 | $outscript .= "unlink(__FILE__);\n"; |
||
281 | $outscript .= "\n"; |
||
282 | |||
651 | daniel-mar | 283 | // Now add digital signature |
647 | daniel-mar | 284 | |
651 | daniel-mar | 285 | if (strpos($outscript, '<?php') === false) { |
286 | echo "Not a PHP file\n"; // Should not happen |
||
287 | continue; |
||
288 | } |
||
289 | |||
290 | $naked = preg_replace('@<\?php /\* <ViaThinkSoftSignature>(.+)</ViaThinkSoftSignature> \*/ \?>\n@ismU', '', $outscript); |
||
291 | |||
292 | $hash = hash("sha256", $naked.basename($outfile)); |
||
293 | |||
294 | $pkeyid = openssl_pkey_get_private('file://'.$priv_key); |
||
295 | openssl_sign($hash, $signature, $pkeyid, OPENSSL_ALGO_SHA256); |
||
296 | openssl_free_key($pkeyid); |
||
297 | |||
298 | if (!$signature) { |
||
299 | echo "ERROR: Signature failed\n"; |
||
300 | continue; |
||
301 | } |
||
302 | |||
303 | $sign_line = '<?php /* <ViaThinkSoftSignature>'."\n".split_equal_length(base64_encode($signature),65).'</ViaThinkSoftSignature> */ ?>'; |
||
304 | |||
305 | // We have to put the signature at the beginning, because we don't know if the end of the file lacks a PHP closing tag |
||
306 | if (substr($outscript,0,2) === '#!') { |
||
307 | // Preserve shebang |
||
308 | $shebang_pos = strpos($naked, "\n"); |
||
309 | $shebang = substr($naked, 0, $shebang_pos); |
||
310 | $rest = substr($naked, $shebang_pos+1); |
||
311 | $outscript = $shebang."\n".$sign_line."\n".$rest; |
||
312 | } else { |
||
313 | $outscript = $sign_line."\n".$naked; |
||
314 | } |
||
315 | |||
316 | // Write the file |
||
317 | |||
647 | daniel-mar | 318 | file_put_contents($outfile, $outscript); |
650 | daniel-mar | 319 | file_put_contents($outfile.'.gz', gzencode($outscript)); |
651 | daniel-mar | 320 | |
321 | // Delete temp dirs |
||
322 | |||
323 | exec("rm -rf $outdir_old", $out, $ec); |
||
324 | exec("rm -rf $outdir_new", $out, $ec); |
||
647 | daniel-mar | 325 | } |
326 | echo "\n"; |
||
648 | daniel-mar | 327 | |
328 | |||
649 | daniel-mar | 329 | // Now write the release messages (required by software update and vnag) |
648 | daniel-mar | 330 | |
331 | |||
332 | $out = array(); |
||
333 | $ec = 0; |
||
334 | exec('svn log https://svn.viathinksoft.com/svn/oidplus/trunk --xml', $out, $ec); |
||
335 | if ($ec != 0) die(); |
||
336 | |||
337 | $str = implode("\n",$out); |
||
338 | |||
339 | $xml = simplexml_load_string($str); |
||
340 | |||
341 | $out = array(); |
||
342 | |||
343 | foreach ($xml as $a) { |
||
344 | |||
345 | $out[(int)$a->attributes()->revision] = array( |
||
346 | |||
347 | 'date' => date('Y-m-d H:i:s',strtotime((string)$a->date)), |
||
348 | 'author' => (string)$a->author, |
||
349 | 'msg' => trim((string)$a->msg), |
||
350 | |||
351 | ); |
||
352 | |||
353 | } |
||
354 | |||
355 | ksort($out); |
||
356 | |||
357 | file_put_contents($output_dir.'/releases.ser', serialize($out)); |
||
651 | daniel-mar | 358 | |
359 | # --- |
||
360 | |||
361 | function split_equal_length($data, $width=65) { |
||
362 | $out = ''; |
||
363 | for ($i=0; $i<strlen($data); $i+=$width) { |
||
364 | $out .= substr($data, $i, $width)."\n"; |
||
365 | } |
||
366 | return $out; |
||
661 | daniel-mar | 367 | } |