Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 1 | # Copyright (C) 2020 Savoir-Faire Linux |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame] | 2 | # |
| 3 | # SPDX-License-Identifier: GPL-2.0-only |
| 4 | # |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 5 | """ |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 6 | BitBake 'Fetch' npm implementation |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 7 | |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 8 | npm fetcher support the SRC_URI with format of: |
| 9 | SRC_URI = "npm://some.registry.url;OptionA=xxx;OptionB=xxx;..." |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 10 | |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 11 | Supported SRC_URI options are: |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 12 | |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 13 | - package |
| 14 | The npm package name. This is a mandatory parameter. |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 15 | |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 16 | - version |
| 17 | The npm package version. This is a mandatory parameter. |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 18 | |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 19 | - downloadfilename |
| 20 | Specifies the filename used when storing the downloaded file. |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 21 | |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 22 | - destsuffix |
| 23 | Specifies the directory to use to unpack the package (default: npm). |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 24 | """ |
| 25 | |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 26 | import base64 |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 27 | import json |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 28 | import os |
| 29 | import re |
| 30 | import shlex |
| 31 | import tempfile |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 32 | import bb |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 33 | from bb.fetch2 import Fetch |
| 34 | from bb.fetch2 import FetchError |
| 35 | from bb.fetch2 import FetchMethod |
| 36 | from bb.fetch2 import MissingParameterError |
| 37 | from bb.fetch2 import ParameterError |
| 38 | from bb.fetch2 import URI |
| 39 | from bb.fetch2 import check_network_access |
| 40 | from bb.fetch2 import runfetchcmd |
| 41 | from bb.utils import is_semver |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 42 | |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 43 | def npm_package(package): |
| 44 | """Convert the npm package name to remove unsupported character""" |
| 45 | # Scoped package names (with the @) use the same naming convention |
| 46 | # as the 'npm pack' command. |
| 47 | if package.startswith("@"): |
| 48 | return re.sub("/", "-", package[1:]) |
| 49 | return package |
| 50 | |
| 51 | def npm_filename(package, version): |
| 52 | """Get the filename of a npm package""" |
| 53 | return npm_package(package) + "-" + version + ".tgz" |
| 54 | |
| 55 | def npm_localfile(package, version): |
| 56 | """Get the local filename of a npm package""" |
| 57 | return os.path.join("npm2", npm_filename(package, version)) |
| 58 | |
| 59 | def npm_integrity(integrity): |
| 60 | """ |
| 61 | Get the checksum name and expected value from the subresource integrity |
| 62 | https://www.w3.org/TR/SRI/ |
| 63 | """ |
| 64 | algo, value = integrity.split("-", maxsplit=1) |
| 65 | return "%ssum" % algo, base64.b64decode(value).hex() |
| 66 | |
| 67 | def npm_unpack(tarball, destdir, d): |
| 68 | """Unpack a npm tarball""" |
| 69 | bb.utils.mkdirhier(destdir) |
| 70 | cmd = "tar --extract --gzip --file=%s" % shlex.quote(tarball) |
| 71 | cmd += " --no-same-owner" |
Andrew Geissler | eff2747 | 2021-10-29 15:35:00 -0500 | [diff] [blame] | 72 | cmd += " --delay-directory-restore" |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 73 | cmd += " --strip-components=1" |
| 74 | runfetchcmd(cmd, d, workdir=destdir) |
Andrew Geissler | 595f630 | 2022-01-24 19:11:47 +0000 | [diff] [blame^] | 75 | runfetchcmd("chmod -R +X '%s'" % (destdir), d, quiet=True, workdir=destdir) |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 76 | |
| 77 | class NpmEnvironment(object): |
| 78 | """ |
| 79 | Using a npm config file seems more reliable than using cli arguments. |
| 80 | This class allows to create a controlled environment for npm commands. |
| 81 | """ |
Stefan Herbrechtsmeier | 3d983ec | 2021-12-13 12:13:53 +0100 | [diff] [blame] | 82 | def __init__(self, d, configs=[], npmrc=None): |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 83 | self.d = d |
Andrew Geissler | eff2747 | 2021-10-29 15:35:00 -0500 | [diff] [blame] | 84 | |
Stefan Herbrechtsmeier | 3d983ec | 2021-12-13 12:13:53 +0100 | [diff] [blame] | 85 | self.user_config = tempfile.NamedTemporaryFile(mode="w", buffering=1) |
| 86 | for key, value in configs: |
| 87 | self.user_config.write("%s=%s\n" % (key, value)) |
Andrew Geissler | eff2747 | 2021-10-29 15:35:00 -0500 | [diff] [blame] | 88 | |
| 89 | if npmrc: |
| 90 | self.global_config_name = npmrc |
| 91 | else: |
| 92 | self.global_config_name = "/dev/null" |
| 93 | |
| 94 | def __del__(self): |
| 95 | if self.user_config: |
| 96 | self.user_config.close() |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 97 | |
| 98 | def run(self, cmd, args=None, configs=None, workdir=None): |
| 99 | """Run npm command in a controlled environment""" |
| 100 | with tempfile.TemporaryDirectory() as tmpdir: |
| 101 | d = bb.data.createCopy(self.d) |
| 102 | d.setVar("HOME", tmpdir) |
| 103 | |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 104 | if not workdir: |
| 105 | workdir = tmpdir |
| 106 | |
| 107 | def _run(cmd): |
Stefan Herbrechtsmeier | 3d983ec | 2021-12-13 12:13:53 +0100 | [diff] [blame] | 108 | cmd = "NPM_CONFIG_USERCONFIG=%s " % (self.user_config.name) + cmd |
Andrew Geissler | eff2747 | 2021-10-29 15:35:00 -0500 | [diff] [blame] | 109 | cmd = "NPM_CONFIG_GLOBALCONFIG=%s " % (self.global_config_name) + cmd |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 110 | return runfetchcmd(cmd, d, workdir=workdir) |
| 111 | |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 112 | if configs: |
Andrew Geissler | eff2747 | 2021-10-29 15:35:00 -0500 | [diff] [blame] | 113 | bb.warn("Use of configs argument of NpmEnvironment.run() function" |
| 114 | " is deprecated. Please use args argument instead.") |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 115 | for key, value in configs: |
Andrew Geissler | eff2747 | 2021-10-29 15:35:00 -0500 | [diff] [blame] | 116 | cmd += " --%s=%s" % (key, shlex.quote(value)) |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 117 | |
| 118 | if args: |
| 119 | for key, value in args: |
| 120 | cmd += " --%s=%s" % (key, shlex.quote(value)) |
| 121 | |
| 122 | return _run(cmd) |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 123 | |
| 124 | class Npm(FetchMethod): |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 125 | """Class to fetch a package from a npm registry""" |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 126 | |
| 127 | def supports(self, ud, d): |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 128 | """Check if a given url can be fetched with npm""" |
| 129 | return ud.type in ["npm"] |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 130 | |
| 131 | def urldata_init(self, ud, d): |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 132 | """Init npm specific variables within url data""" |
| 133 | ud.package = None |
| 134 | ud.version = None |
| 135 | ud.registry = None |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 136 | |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 137 | # Get the 'package' parameter |
| 138 | if "package" in ud.parm: |
| 139 | ud.package = ud.parm.get("package") |
| 140 | |
| 141 | if not ud.package: |
| 142 | raise MissingParameterError("Parameter 'package' required", ud.url) |
| 143 | |
| 144 | # Get the 'version' parameter |
| 145 | if "version" in ud.parm: |
| 146 | ud.version = ud.parm.get("version") |
| 147 | |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 148 | if not ud.version: |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 149 | raise MissingParameterError("Parameter 'version' required", ud.url) |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 150 | |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 151 | if not is_semver(ud.version) and not ud.version == "latest": |
| 152 | raise ParameterError("Invalid 'version' parameter", ud.url) |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 153 | |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 154 | # Extract the 'registry' part of the url |
| 155 | ud.registry = re.sub(r"^npm://", "http://", ud.url.split(";")[0]) |
| 156 | |
| 157 | # Using the 'downloadfilename' parameter as local filename |
| 158 | # or the npm package name. |
| 159 | if "downloadfilename" in ud.parm: |
| 160 | ud.localfile = d.expand(ud.parm["downloadfilename"]) |
| 161 | else: |
| 162 | ud.localfile = npm_localfile(ud.package, ud.version) |
| 163 | |
| 164 | # Get the base 'npm' command |
| 165 | ud.basecmd = d.getVar("FETCHCMD_npm") or "npm" |
| 166 | |
| 167 | # This fetcher resolves a URI from a npm package name and version and |
| 168 | # then forwards it to a proxy fetcher. A resolve file containing the |
| 169 | # resolved URI is created to avoid unwanted network access (if the file |
| 170 | # already exists). The management of the donestamp file, the lockfile |
| 171 | # and the checksums are forwarded to the proxy fetcher. |
| 172 | ud.proxy = None |
| 173 | ud.needdonestamp = False |
| 174 | ud.resolvefile = self.localpath(ud, d) + ".resolved" |
| 175 | |
| 176 | def _resolve_proxy_url(self, ud, d): |
| 177 | def _npm_view(): |
Andrew Geissler | eff2747 | 2021-10-29 15:35:00 -0500 | [diff] [blame] | 178 | args = [] |
| 179 | args.append(("json", "true")) |
| 180 | args.append(("registry", ud.registry)) |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 181 | pkgver = shlex.quote(ud.package + "@" + ud.version) |
| 182 | cmd = ud.basecmd + " view %s" % pkgver |
| 183 | env = NpmEnvironment(d) |
| 184 | check_network_access(d, cmd, ud.registry) |
Andrew Geissler | eff2747 | 2021-10-29 15:35:00 -0500 | [diff] [blame] | 185 | view_string = env.run(cmd, args=args) |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 186 | |
| 187 | if not view_string: |
| 188 | raise FetchError("Unavailable package %s" % pkgver, ud.url) |
| 189 | |
| 190 | try: |
| 191 | view = json.loads(view_string) |
| 192 | |
| 193 | error = view.get("error") |
| 194 | if error is not None: |
| 195 | raise FetchError(error.get("summary"), ud.url) |
| 196 | |
| 197 | if ud.version == "latest": |
| 198 | bb.warn("The npm package %s is using the latest " \ |
| 199 | "version available. This could lead to " \ |
| 200 | "non-reproducible builds." % pkgver) |
| 201 | elif ud.version != view.get("version"): |
| 202 | raise ParameterError("Invalid 'version' parameter", ud.url) |
| 203 | |
| 204 | return view |
| 205 | |
| 206 | except Exception as e: |
| 207 | raise FetchError("Invalid view from npm: %s" % str(e), ud.url) |
| 208 | |
| 209 | def _get_url(view): |
| 210 | tarball_url = view.get("dist", {}).get("tarball") |
| 211 | |
| 212 | if tarball_url is None: |
| 213 | raise FetchError("Invalid 'dist.tarball' in view", ud.url) |
| 214 | |
| 215 | uri = URI(tarball_url) |
| 216 | uri.params["downloadfilename"] = ud.localfile |
| 217 | |
| 218 | integrity = view.get("dist", {}).get("integrity") |
| 219 | shasum = view.get("dist", {}).get("shasum") |
| 220 | |
| 221 | if integrity is not None: |
| 222 | checksum_name, checksum_expected = npm_integrity(integrity) |
| 223 | uri.params[checksum_name] = checksum_expected |
| 224 | elif shasum is not None: |
| 225 | uri.params["sha1sum"] = shasum |
| 226 | else: |
| 227 | raise FetchError("Invalid 'dist.integrity' in view", ud.url) |
| 228 | |
| 229 | return str(uri) |
| 230 | |
| 231 | url = _get_url(_npm_view()) |
| 232 | |
| 233 | bb.utils.mkdirhier(os.path.dirname(ud.resolvefile)) |
| 234 | with open(ud.resolvefile, "w") as f: |
| 235 | f.write(url) |
| 236 | |
| 237 | def _setup_proxy(self, ud, d): |
| 238 | if ud.proxy is None: |
| 239 | if not os.path.exists(ud.resolvefile): |
| 240 | self._resolve_proxy_url(ud, d) |
| 241 | |
| 242 | with open(ud.resolvefile, "r") as f: |
| 243 | url = f.read() |
| 244 | |
| 245 | # Avoid conflicts between the environment data and: |
| 246 | # - the proxy url checksum |
| 247 | data = bb.data.createCopy(d) |
| 248 | data.delVarFlags("SRC_URI") |
| 249 | ud.proxy = Fetch([url], data) |
| 250 | |
| 251 | def _get_proxy_method(self, ud, d): |
| 252 | self._setup_proxy(ud, d) |
| 253 | proxy_url = ud.proxy.urls[0] |
| 254 | proxy_ud = ud.proxy.ud[proxy_url] |
| 255 | proxy_d = ud.proxy.d |
| 256 | proxy_ud.setup_localpath(proxy_d) |
| 257 | return proxy_ud.method, proxy_ud, proxy_d |
| 258 | |
| 259 | def verify_donestamp(self, ud, d): |
| 260 | """Verify the donestamp file""" |
| 261 | proxy_m, proxy_ud, proxy_d = self._get_proxy_method(ud, d) |
| 262 | return proxy_m.verify_donestamp(proxy_ud, proxy_d) |
| 263 | |
| 264 | def update_donestamp(self, ud, d): |
| 265 | """Update the donestamp file""" |
| 266 | proxy_m, proxy_ud, proxy_d = self._get_proxy_method(ud, d) |
| 267 | proxy_m.update_donestamp(proxy_ud, proxy_d) |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 268 | |
| 269 | def need_update(self, ud, d): |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 270 | """Force a fetch, even if localpath exists ?""" |
| 271 | if not os.path.exists(ud.resolvefile): |
| 272 | return True |
| 273 | if ud.version == "latest": |
| 274 | return True |
| 275 | proxy_m, proxy_ud, proxy_d = self._get_proxy_method(ud, d) |
| 276 | return proxy_m.need_update(proxy_ud, proxy_d) |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 277 | |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 278 | def try_mirrors(self, fetch, ud, d, mirrors): |
| 279 | """Try to use a mirror""" |
| 280 | proxy_m, proxy_ud, proxy_d = self._get_proxy_method(ud, d) |
| 281 | return proxy_m.try_mirrors(fetch, proxy_ud, proxy_d, mirrors) |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 282 | |
| 283 | def download(self, ud, d): |
| 284 | """Fetch url""" |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 285 | self._setup_proxy(ud, d) |
| 286 | ud.proxy.download() |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 287 | |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 288 | def unpack(self, ud, rootdir, d): |
| 289 | """Unpack the downloaded archive""" |
| 290 | destsuffix = ud.parm.get("destsuffix", "npm") |
| 291 | destdir = os.path.join(rootdir, destsuffix) |
| 292 | npm_unpack(ud.localpath, destdir, d) |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 293 | |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 294 | def clean(self, ud, d): |
| 295 | """Clean any existing full or partial download""" |
| 296 | if os.path.exists(ud.resolvefile): |
| 297 | self._setup_proxy(ud, d) |
| 298 | ud.proxy.clean() |
| 299 | bb.utils.remove(ud.resolvefile) |
Patrick Williams | d8c66bc | 2016-06-20 12:57:21 -0500 | [diff] [blame] | 300 | |
Andrew Geissler | 82c905d | 2020-04-13 13:39:40 -0500 | [diff] [blame] | 301 | def done(self, ud, d): |
| 302 | """Is the download done ?""" |
| 303 | if not os.path.exists(ud.resolvefile): |
| 304 | return False |
| 305 | proxy_m, proxy_ud, proxy_d = self._get_proxy_method(ud, d) |
| 306 | return proxy_m.done(proxy_ud, proxy_d) |