#!/v/openpkg/sw/bin/perl
##
## Copyright (c) 2000-2006 OpenPKG Foundation e.V.
## Copyright (c) 2000-2006 Ralf S. Engelschall
##
## Permission to use, copy, modify, and distribute this software for
## any purpose with or without fee is hereby granted, provided that
## the above copyright notice and this permission notice appear in all
## copies.
##
## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
## SUCH DAMAGE.
##
## browser.cgi -- OpenPKG Tool Chain, Package Browser, CGI User Interface
##
# requirements
require 5;
use DBI;
use DBD::SQLite;
use DBIx::Simple;
use CGI;
use CGI::Cookie;
use CGI::GuruMeditation (-name => "OpenPKG browser", -debug => 1);
use String::Divert;
use IO::File;
use Date::Format;
use HTML::Entities;
use URI::Escape;
use strict;
use warnings;
# program information
my $progname = "browser";
my $progvers = "0.9.0";
my $database = "browser.db";
# establish CGI query object
my $cgi = new CGI;
# establish Database query object
my $db = DBIx::Simple->connect(
"dbi:SQLite:dbname=$database", "", "",
{ RaiseError => 0, AutoCommit => 0 }
) or die "unable to open database";
# establish HTML output object
my $html = new String::Divert;
$html->folder('{#%s#}', '\{#([a-zA-Z_][a-zA-Z0-9_-]*)#\}');
$html->overload(1);
my $io = new IO::File ");
$io->close();
$canvas =~ s//$html->folder("head")/sie;
$canvas =~ s//$html->folder("side")/sie;
$canvas =~ s//$html->folder("body")/sie;
$html->append($canvas);
# provide inner HTML canvas
$html->divert("head");
$html .= "\n";
$html->undivert();
$html->divert("body");
$html .= "
\n";
$html .= " "; $html->fold();
$html .= "
\n";
$html->divert();
# determine OpenPKG Registry login
my $cookies = fetch CGI::Cookie;
my $registry_login = (exists $cookies->{"registry_login"} ? $cookies->{"registry_login"}->value || "" : "");
# provide a general hint on the sidebar
$html->divert("side");
$html .= "Hint: The information provided on these pages are directly derived from the XML/RDF indices at the OpenPKG FTP service.";
$html .= "The information is updated twice per day.";
$html .= "";
$html->undivert();
# helper function for translating a package class into an icon
sub class2icon {
my ($class) = @_;
my $icon = {
CORE => '♥',
BASE => '√',
PLUS => '⊗',
EVAL => 'ø',
JUNK => '×',
}->{$class};
return "$icon";
}
# determine runtime parameters
my $submit = $cgi->param("submit") || "";
my $group = $cgi->param("group") || "/";
my $package = $cgi->param("package") || "";
# escaping helper
sub escape {
my ($fmt, $str) = @_;
if ($fmt eq 'url') {
$str = uri_escape($str);
}
elsif ($fmt eq 'html') {
$str = encode_entities($str);
}
elsif ($fmt eq 'sql') {
$str =~ s/['']/''/sg;
}
return $str;
}
# dispatch commands
if ($submit) {
##
## SEARCHING
##
my $form = $cgi->param("form") || die;
if ($form eq 'search-keyword') {
my @keywords = split(/\s+/, $cgi->param("search") || "");
my @rec;
if (@keywords > 0) {
my $query = '';
foreach my $keyword (@keywords) {
my $negate = "";
if ($keyword =~ m/^([+-])(.+)$/) {
$negate = ($1 eq '-' ? " NOT " : "");
$keyword = $2;
}
$keyword = escape("sql", uc($keyword));
$query .= " AND " if ($query);
$query .= $negate;
$query .= "(upper(package) = '$keyword'";
$query .= " OR upper(url) LIKE '\%$keyword\%'";
$query .= " OR upper(vendor) LIKE '\%$keyword\%'";
$query .= " OR upper(xgroup) LIKE '\%$keyword\%'";
$query .= " OR upper(summary) LIKE '\%$keyword\%'";
$query .= " OR upper(description) LIKE '\%$keyword\%')";
}
@rec = $db->query(qq{
SELECT package, summary
FROM package
WHERE $query
})->hashes();
}
else {
@rec = $db->query(qq{
SELECT package, summary
FROM package
})->hashes();
}
$html .= "
\n";
my @SA = $db->query(q{
SELECT *
FROM security_advisory
WHERE package = ?;
}, $package)->hashes();
my $list = "";
my %sah = (); map { $sah{$_->{"advisory"}} = 1 } @SA;
foreach my $sa (reverse sort keys %sah) {
$list .= ", " if ($list ne '');
$list .= sprintf("%s", $sa, $sa);
}
$list = "none" if ($list eq '');
$html .= "
\n";
$html .= "
Security Advisories
\n";
$html .= "
$list
\n";
$html .= "
\n";
$html .= "
\n";
$html .= "
Package Sources
\n";
$html .= "The following are deep links into the OpenPKG CVS Repository to all " .
"packaging source files " .
"which are related to the \"$package\" package.";
$html .= "\n";
$html .= "\n";
my @src = $db->query(q{
SELECT url_source
FROM package_source
WHERE package = ?;
}, $package)->flat();
$html .= "
Tip: To get a detailed overview on how the " .
"\"$package\" package evolved over time, just visit the ";
$html .= sprintf("%s", $package, $package, "Package History");
$html .= " timeline.
";
$html->undivert();
$html .= "
Package Distribution
\n";
$html .= "The \"$package\" package is part of the following particular OpenPKG distributions.";
$html .= "\n";
my $rpm = {};
foreach my $rec ($db->query(q{
SELECT *
FROM package_distribution
JOIN distribution
ON package_distribution.distribution = distribution.distribution
WHERE package_distribution.package = ?;
}, $package)->hashes()) {
$rpm->{$rec->{'distribution'}} = { -url => '', -rpm => [] }
if (not exists $rpm->{$rec->{'distribution'}});
$rpm->{$rec->{'distribution'}}->{-url} = $rec->{'url_dir'};
push(@{$rpm->{$rec->{'distribution'}}->{-rpm}}, $rec->{'url_rpm'});
}
sub sort_by_tag {
my ($A, $B) = ($a, $b);
$A =~ s/^OpenPKG-//s;
$B =~ s/^OpenPKG-//s;
$A =~ s/-(STABLE|RELEASE)//s;
$B =~ s/-(STABLE|RELEASE)//s;
$A =~ s/CURRENT/99999999/s;
$B =~ s/CURRENT/99999999/s;
$A =~ s/-/\./s;
$B =~ s/-/\./s;
$A =~ s/^(\d)$/$1.99999999/s;
$B =~ s/^(\d)$/$1.99999999/s;
return sort_by_release_internal($A, $B);
}
sub sort_by_release {
my ($a, $b) = @_;
return sort_by_release_internal($a, $b);
}
sub sort_by_release_internal {
my ($a, $b) = @_;
my @a = split(/\./, $a);
my @b = split(/\./, $b);
my ($ax, $bx, $c);
while (@a && @b) {
if ($a[0] =~ /^\d+$/ && $b[0] =~ /^\d+$/) {
$c = $a[0] <=> $b[0];
} elsif ((($a, $ax) = $a[0] =~ /^(\d+)(.*)$/) &&
(($b, $bx) = $b[0] =~ /^(\d+)(.*)$/)) {
$c = $a <=> $b;
$c = $ax cmp $bx unless ($c);
} else {
$c = $a[0] cmp $b[0];
}
return $c if ($c != 0);
shift(@a);
shift(@b);
}
$c = (scalar(@a) <=> scalar(@b));
return $c;
}
$html .= "
\n";
my $i = 0;
(my $login = $registry_login) =~ s/\@/\%40/sg;
my $url_re = qr/^ftp:\/\/ftp\.openpkg\.org/;
my $url_str = "ftp://${login}:xxx\@ftp.openpkg.org";
foreach my $distribution (reverse sort sort_by_tag keys %{$rpm}) {
my @rpms = reverse sort {
my ($A, $B) = ($a, $b);
$A =~ s/^.+?-[^-]+-([^-]+)\.(?:src|[^-]+-[^-]+-[^-]+)\.rpm$/$1/s;
$B =~ s/^.+?-[^-]+-([^-]+)\.(?:src|[^-]+-[^-]+-[^-]+)\.rpm$/$1/s;
sort_by_release_internal($A, $B);
} @{$rpm->{$distribution}->{-rpm}};
$html .= "
\n";
foreach my $r (@rpms) {
my ($name, $version, $release) = ($r =~ m/^(.+?)-([^-]+)-([^-]+)\.(?:src|[^-]+-[^-]+-[^-]+)\.rpm$/s);
my $url = $rpm->{$distribution}->{-url} . $r;
$url =~ s/$url_re/$url_str/s if ($registry_login);
my @sa = grep { $_->{'status'} eq 'affected' and $_->{'version'} eq $version and $_->{'release'} eq $release } @SA;
my $class = (@sa > 0 ? "affected" : "ok");
$html .= sprintf("%s-%s", $class, $url, $version, $release);
foreach my $sa (@sa) {
$html .= sprintf(" → SA",
$sa->{'advisory'},
);
}
$html .= " ";
}
$html .= "
\n";
$html .= "
\n";
$i = ($i + 1) % 2;
}
$html .= "
\n";
if ($registry_login eq '') {
$html->divert("side");
$html .= "
Notice: Most of the direct download URLs to FTP service resources provided under \"Package Distribution\" will NOT work as expected as you have still not " .
"at least once provided your registered Email address on the Download page. Without " .
"proper identification the OpenPKG FTP service resources are still restricted.