epm-sh-install

#!/bin/sh
#
# Copyright (C) 2012-2020  Etersoft
# Copyright (C) 2012-2020  Vitaly Lipatov <lav@etersoft.ru>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#

load_helper epm-sh-altlinux
load_helper epm-query

__fast_hack_for_filter_out_installed_rpm()
{
	LANG=C LC_ALL=C xargs -n1 rpm -q 2>&1 | grep 'is not installed' |
		sed -e 's|^.*package \(.*\) is not installed.*|\1|g'
}

# pass only uninstalled packages
filter_out_installed_packages()
{
	[ -z "$skip_installed" ] && cat && return

	case $PMTYPE in
		yum-rpm|dnf-rpm)
			if [ "$($DISTRVENDOR -a)" = "x86_64" ] && [ "$DISTRNAME" != "ROSA" ] ; then
				# shellcheck disable=SC2013
				for i in $(cat) ; do
					is_installed "$(__print_with_arch_suffix $i .x86_64)" && continue
					is_installed "$(__print_with_arch_suffix $i .noarch)" && continue
					echo $i
				done
			else
				__fast_hack_for_filter_out_installed_rpm
			fi
			;;
		*-rpm)
			__fast_hack_for_filter_out_installed_rpm
			;;
		# dpkg -l lists some non ii status (un, etc)
		#"deb")
		#	LANG=C LC_ALL=C xargs -n1 dpkg -l 2>&1 | grep -i 'no packages found matching' |
		#		sed -e 's|\.\+$||g' -e 's|^.*[Nn]o packages found matching \(.*\)|\1|g'
		#	;;
		*)
			# shellcheck disable=SC2013
			for i in $(cat) ; do
				is_installed $i || echo $i
			done
			;;
	esac | sed -e "s|rpm-build-altlinux-compat[^ ]*||g" | filter_strip_spaces
}

get_only_installed_packages()
{
    local installlist="$*"
    estrlist exclude "$(echo "$installlist" | (skip_installed='yes' filter_out_installed_packages))" "$installlist"
}

__convert_pkgallowscripts_to_regexp()
{
    local tmpalf=$(mktemp) || fatal
    # copied from eget's filter_glob
    # check man glob
    # remove commentы and translate glob to regexp
    grep -v "^[[:space:]]*#" "$1" | grep -v "^[[:space:]]*$" | sed -e "s|\*|.*|g" -e "s|?|.|g" -e "s|^|^|" -e "s|$|\$|" >$tmpalf
    echo "$tmpalf"
}

__epm_package_ok_scripts()
{
    local pkg="$1"
    local alf="$CONFIGDIR/pkgallowscripts.list"
    [ -s "$alf" ] || return 1
    local name
    name="$(epm print field Name for "$pkg" 2>/dev/null)"
    [ -n "$name" ] || return 1
    local tmpalf=$(__convert_pkgallowscripts_to_regexp "$alf")
    echo "$name" | grep -q -f $tmpalf
    local res=$?
    rm $tmpalf
    return $res
}

__epm_vendor_ok_scripts()
{
    local vendor="$1"
    local alf="$CONFIGDIR/vendorallowscripts.list"
    [ -s "$alf" ] || return 1
    [ -n "$vendor" ] || return 1
    local tmpalf=$(__convert_pkgallowscripts_to_regexp "$alf")
    echo "$vendor" | grep -q -f $tmpalf
    local res=$?
    rm $tmpalf
    return $res
}

# Args: package names. Set noscripts for outside packages.
__epm_check_vendor()
{
    # don't check vendor if there are forced script options
    [ -n "$scripts$noscripts" ] && return

    # only ALT
    [ "$DISTRNAME" = "ALTLinux" ] || [ "$DISTRNAME" = "ALTServer" ] || return

    local i
    for i in $* ; do
        local vendor rpmversion

        # skip checking if the package is unaccessible
        rpmversion="$(epm print field Version for "$i" 2>/dev/null)"
        [ -n "$rpmversion" ] || continue

        vendor="$(epm print field Vendor for "$i" 2>/dev/null)"

        # TODO: check GPG
        # check separately to be quiet
        [ "$vendor" = "ALT Linux Team" ] && continue

        if __epm_vendor_ok_scripts "$vendor" ; then
            warning "Scripts are ENABLED for package $i from outside vendor '$vendor' (this vendor is listed in $CONFIGDIR/vendorallowscripts.list).  Use --noscripts if you need disable scripts in such packages."
            continue
        fi

        if __epm_package_ok_scripts "$i" ; then
            warning "Scripts are ENABLED for package $i from outside vendor '$vendor' (the package is listed in $CONFIGDIR/pkgallowscripts.list).  Use --noscripts if you need disable scripts in such packages."
            continue
        fi
        warning "Scripts are DISABLED for package $i from outside vendor '$vendor'. Use --scripts if you need run scripts from such packages."
        noscripts="--noscripts"
    done
}