From d4975235c2b565423024f2679552d1492e9046a5 Mon Sep 17 00:00:00 2001
From: Norman Feske <norman.feske@genode-labs.com>
Date: Tue, 30 May 2017 14:15:35 +0200
Subject: [PATCH] tool/depot: download archives from web server

This patch replaces the toy downloader (that merely copied files
locally, for testing) with the mechanics needed to download files from a
www server.

It also changes the use of GPG to use detached signatures.

Issue #2339
---
 tool/depot/download                         |  2 +-
 tool/depot/mk/{cp_downloader => downloader} | 47 +++++++++++++++++++--
 tool/depot/publish                          |  8 ++--
 3 files changed, 48 insertions(+), 9 deletions(-)
 rename tool/depot/mk/{cp_downloader => downloader} (56%)

diff --git a/tool/depot/download b/tool/depot/download
index c48665c61..16468ad29 100755
--- a/tool/depot/download
+++ b/tool/depot/download
@@ -26,7 +26,7 @@ include $(GENODE_DIR)/tool/depot/mk/front_end.inc
 ARGS := $(subst ..,__,$(MAKECMDGOALS))
 
 DEPENDENCIES_CMD = $(GENODE_DIR)/tool/depot/dependencies $(ARGS)
-DOWNLOAD_CMD     = $(GENODE_DIR)/tool/depot/mk/cp_downloader VERBOSE=$(VERBOSE)
+DOWNLOAD_CMD     = $(GENODE_DIR)/tool/depot/mk/downloader VERBOSE=$(VERBOSE)
 
 .PHONY: download
 download:
diff --git a/tool/depot/mk/cp_downloader b/tool/depot/mk/downloader
similarity index 56%
rename from tool/depot/mk/cp_downloader
rename to tool/depot/mk/downloader
index ce0e9fdee..d121e2596 100755
--- a/tool/depot/mk/cp_downloader
+++ b/tool/depot/mk/downloader
@@ -39,12 +39,12 @@ ARCHIVES := $(MAKECMDGOALS)
 
 include $(GENODE_DIR)/tool/depot/mk/gpg.inc
 
-$(DEPOT_DIR)/% : $(PUBLIC_DIR)/%.tgz $(PUBLIC_DIR)/%.tgz.gpg
+$(DEPOT_DIR)/% : $(PUBLIC_DIR)/%.tgz $(PUBLIC_DIR)/%.tgz.sig
 	$(VERBOSE)pubkey_file=$(DEPOT_DIR)/$(call archive_user,$*)/pubkey; \
 	          gpg --yes -o $$pubkey_file.dearmored --dearmor $$pubkey_file; \
 	          ( gpg --no-tty --no-default-keyring \
 	                --keyring $$pubkey_file.dearmored \
-	                --verify $(PUBLIC_DIR)/$*.tgz.gpg 2> /dev/null; retval=$$?; \
+	                --verify $(PUBLIC_DIR)/$*.tgz.sig 2> /dev/null; retval=$$?; \
 	            rm -f $$pubkey_file.dearmored; \
 	            exit $$retval \
 	          ) || ( echo -e "Error: could not verify '$*', signature does not match\n" \
@@ -54,7 +54,7 @@ $(DEPOT_DIR)/% : $(PUBLIC_DIR)/%.tgz $(PUBLIC_DIR)/%.tgz.gpg
 	$(VERBOSE)tar xfz $(PUBLIC_DIR)/$*.tgz -C $(dir $@)
 
 DOWNLOADED_FILES := $(addprefix $(PUBLIC_DIR)/,$(MAKECMDGOALS:=.tgz)) \
-                    $(addprefix $(PUBLIC_DIR)/,$(MAKECMDGOALS:=.tgz.gpg))
+                    $(addprefix $(PUBLIC_DIR)/,$(MAKECMDGOALS:=.tgz.sig))
 
 .PRECIOUS: $(DOWNLOADED_FILES)
 
@@ -62,10 +62,49 @@ ifneq ($(MISSING_PUBKEY_FILES),)
 $(DOWNLOADED_FILES): missing_pubkey_files
 endif
 
+
+#
+# Determine download URLs of all origins of the specified archives
+#
+# The 'ORIGINS' variable contains all users found in the arguments. The
+# URL information is obtained from the despective depot/<user>/download
+# file and cached in the 'URL(<user>)' variable. The 'file_url' function
+# assesses the 'URL' variables to return the complete URL for a given
+# relative archive (or signature file) path.
+#
+
+ORIGINS := $(sort $(foreach A,$(ARCHIVES),$(call archive_user,$A)))
+
+quotation_sanitized = $(subst ',,$(strip $1))
+
+$(foreach O,$(ORIGINS),\
+   $(eval URL($O) := \
+      $(call quotation_sanitized,\
+         $(call file_content,$(DEPOT_DIR)/$O/download))))
+
+MISSING_DOWNLOAD_LOCATIONS := $(sort $(foreach O,$(ORIGINS),\
+                                        $(if ${URL($O)},,$(DEPOT_DIR)/$O/download)))
+
+ifneq ($(MISSING_DOWNLOAD_LOCATIONS),)
+$(DOWNLOADED_FILES): missing_download_locations
+endif
+
+missing_download_locations:
+	@echo "Error: missing or invalid download location:";\
+	 for i in $(MISSING_DOWNLOAD_LOCATIONS); do echo "       $$i"; done; false
+
+file_url = '${URL($(call archive_user,$1))}/$1'
+
+
+#
+# Download rule that is invoked per file
+#
+
 $(PUBLIC_DIR)/%:
 	@$(ECHO) "$(DARK_COL)download$(DEFAULT_COL) $*"
 	$(VERBOSE)mkdir -p $(dir $@)
-	$(VERBOSE)cp $(REMOTE_DIR)/$* $@
+	$(VERBOSE)wget --quiet --no-check-certificate $(call file_url,$*) -O $@ ||\
+		(echo "Error: failed to download $(call file_url,$*)"; rm -f $@; false)
 
 $(MAKECMDGOALS): $(TARGETS)
 	@true
diff --git a/tool/depot/publish b/tool/depot/publish
index 6b9d0db24..e73d846e7 100755
--- a/tool/depot/publish
+++ b/tool/depot/publish
@@ -65,13 +65,13 @@ MISSING_PUBKEY_FILES := $(sort \
                               $(if $(call pubkey_path,$A),,\
                                  $(DEPOT_DIR)/$(call pubkey_filename,$A))))
 
-TARGETS := $(addsuffix .tgz.gpg,$(addprefix $(PUBLIC_DIR)/,$(ARCHIVES)))
+TARGETS := $(addsuffix .tgz.sig,$(addprefix $(PUBLIC_DIR)/,$(ARCHIVES)))
 
-$(PUBLIC_DIR)/%.tgz.gpg : $(PUBLIC_DIR)/%.tgz
+$(PUBLIC_DIR)/%.tgz.sig : $(PUBLIC_DIR)/%.tgz
 	$(VERBOSE)rm -f $@;
-	$(VERBOSE)gpg --sign --no-tty --use-agent --local-user $(call pubkey_id,$*) $<
+	$(VERBOSE)gpg --detach-sign --no-tty --use-agent --local-user $(call pubkey_id,$*) $<
 
-.PRECIOUS: $(TARGETS:.tgz.gpg=.tgz)
+.PRECIOUS: $(TARGETS:.tgz.sig=.tgz)
 
 $(PUBLIC_DIR)/%.tgz: $(DEPOT_DIR)/%
 	@$(ECHO) "$(DARK_COL)publish$(DEFAULT_COL) $@"