github.com/Racer159/jackal@v0.32.7-0.20240401174413-0bd2339e4f2e/src/pkg/packager/sources/url.go

github.com/Racer159/jackal@v0.32.7-0.20240401174413-0bd2339e4f2e/src/pkg/packager/sources/url.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // SPDX-FileCopyrightText: 2021-Present The Jackal Authors
     3  
     4  // Package sources contains core implementations of the PackageSource interface.
     5  package sources
     6  
     7  import (
     8  	"fmt"
     9  	"os"
    10  	"path/filepath"
    11  	"strings"
    12  
    13  	"github.com/Racer159/jackal/src/config"
    14  	"github.com/Racer159/jackal/src/pkg/layout"
    15  	"github.com/Racer159/jackal/src/pkg/packager/filters"
    16  	"github.com/Racer159/jackal/src/pkg/utils"
    17  	"github.com/Racer159/jackal/src/types"
    18  	"github.com/defenseunicorns/pkg/helpers"
    19  )
    20  
    21  var (
    22  	// verify that URLSource implements PackageSource
    23  	_ PackageSource = (*URLSource)(nil)
    24  )
    25  
    26  // URLSource is a package source for http, https and sget URLs.
    27  type URLSource struct {
    28  	*types.JackalPackageOptions
    29  }
    30  
    31  // Collect downloads a package from the source URL.
    32  func (s *URLSource) Collect(dir string) (string, error) {
    33  	if !config.CommonOptions.Insecure && s.Shasum == "" && !strings.HasPrefix(s.PackageSource, helpers.SGETURLPrefix) {
    34  		return "", fmt.Errorf("remote package provided without a shasum, use --insecure to ignore, or provide one w/ --shasum")
    35  	}
    36  	var packageURL string
    37  	if s.Shasum != "" {
    38  		packageURL = fmt.Sprintf("%s@%s", s.PackageSource, s.Shasum)
    39  	} else {
    40  		packageURL = s.PackageSource
    41  	}
    42  
    43  	dstTarball := filepath.Join(dir, "jackal-package-url-unknown")
    44  
    45  	if err := utils.DownloadToFile(packageURL, dstTarball, s.SGetKeyPath); err != nil {
    46  		return "", err
    47  	}
    48  
    49  	return RenameFromMetadata(dstTarball)
    50  }
    51  
    52  // LoadPackage loads a package from an http, https or sget URL.
    53  func (s *URLSource) LoadPackage(dst *layout.PackagePaths, filter filters.ComponentFilterStrategy, unarchiveAll bool) (pkg types.JackalPackage, warnings []string, err error) {
    54  	tmp, err := utils.MakeTempDir(config.CommonOptions.TempDirectory)
    55  	if err != nil {
    56  		return pkg, nil, err
    57  	}
    58  	defer os.Remove(tmp)
    59  
    60  	dstTarball, err := s.Collect(tmp)
    61  	if err != nil {
    62  		return pkg, nil, err
    63  	}
    64  
    65  	s.PackageSource = dstTarball
    66  	// Clear the shasum so that it doesn't get used again
    67  	s.Shasum = ""
    68  
    69  	ts := &TarballSource{
    70  		s.JackalPackageOptions,
    71  	}
    72  
    73  	return ts.LoadPackage(dst, filter, unarchiveAll)
    74  }
    75  
    76  // LoadPackageMetadata loads a package's metadata from an http, https or sget URL.
    77  func (s *URLSource) LoadPackageMetadata(dst *layout.PackagePaths, wantSBOM bool, skipValidation bool) (pkg types.JackalPackage, warnings []string, err error) {
    78  	tmp, err := utils.MakeTempDir(config.CommonOptions.TempDirectory)
    79  	if err != nil {
    80  		return pkg, nil, err
    81  	}
    82  	defer os.Remove(tmp)
    83  
    84  	dstTarball, err := s.Collect(tmp)
    85  	if err != nil {
    86  		return pkg, nil, err
    87  	}
    88  
    89  	s.PackageSource = dstTarball
    90  
    91  	ts := &TarballSource{
    92  		s.JackalPackageOptions,
    93  	}
    94  
    95  	return ts.LoadPackageMetadata(dst, wantSBOM, skipValidation)
    96  }