Merge pull request #171 from lbr38/devel

4.2.0

.github/workflows/phpcs.yml

@@ -16,7 +16,7 @@ jobs:
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
         with:
-          php-version: '8.1'
+          php-version: '8.3'
           coverage: none
           tools: composer, cs2pr
 

Todolist

@@ -4,21 +4,23 @@
 
     - Update documentation
 
-[ BUGS ]
+    [ REPOS ]
 
-    [ REPOS ]
+    - Add a way to sync Redhat repositories #169
 
-    - (KO) Mirror a debian repo with translations => translations are not included by reprepro
-    - (KO) Mirror a debian repo with multiple archs and translations => translations are not included by reprepro
+
+[ BUGS ]
 
 
 [ IMPROVEMENTS / FEATURES ]
 
     [ GENERAL ]
 
     - (JS) Refactor and mutualize the ajax functions
-    - Rename PLANS_* constants to TASK_*
+    - Rename PLANS_REMINDERS_ENABLED constants to SCHEDULED_TASK_REMINDERS_ENABLED
     - Log catched fatal errors (catch (Error $e)) in FATAL_ERRORS_LOG dedicated file (Error class: https://www.php.net/manual/fr/class.error.php)
+    - Add more verbosity to urlReachable function (return http error)
+    - Add a stop task button in the tasks tab #170
 
 
     [ REPOS ]

docker/Dockerfile

@@ -24,14 +24,14 @@ RUN apt-get install findutils iputils-ping git gnupg2 rpm librpmsign9 createrepo
 # Install postfix
 RUN apt-get install postfix -y
 
-# Add nginx and PHP 8.1 repositories
+# Add nginx and PHP 8.3 repositories
 RUN curl -sS https://packages.bespin.ovh/repo/gpgkeys/packages.bespin.ovh.pub | gpg --dearmor > /etc/apt/trusted.gpg.d/packages.bespin.ovh.gpg
 RUN echo "deb https://packages.bespin.ovh/repo/repomanager-nginx/bookworm/nginx_prod bookworm nginx" > /etc/apt/sources.list.d/nginx.list
 RUN echo "deb https://packages.bespin.ovh/repo/repomanager-php/bookworm/main_prod bookworm main" > /etc/apt/sources.list.d/php.list
 RUN apt-get update -y
 
-# Install nginx and PHP 8.1
-RUN apt-get install nginx php8.1-fpm php8.1-cli php8.1-sqlite3 php8.1-xml php8.1-curl sqlite3 -y
+# Install nginx and PHP 8.3
+RUN apt-get install nginx php8.3-fpm php8.3-cli php8.3-sqlite3 php8.3-xml php8.3-curl sqlite3 -y
 
 # Clone project in the container
 RUN git clone https://github.com/lbr38/repomanager.git /tmp/repomanager
@@ -50,9 +50,9 @@ RUN sed -i "s/__MAX_UPLOAD_SIZE__/$max_upload_size/g" /etc/nginx/sites-enabled/r
 RUN rm -rf /etc/nginx/sites-enabled/default /var/www/html
 
 # Configure PHP
-RUN cp /tmp/repomanager/docker/config/php/www.conf /etc/php/8.1/fpm/pool.d/www.conf
-RUN sed -i "s/^upload_max_filesize.*$/upload_max_filesize = $max_upload_size/g" /etc/php/8.1/fpm/php.ini
-RUN sed -i "s/^post_max_size.*$/post_max_size = $max_upload_size/g" /etc/php/8.1/fpm/php.ini
+RUN cp /tmp/repomanager/docker/config/php/www.conf /etc/php/8.3/fpm/pool.d/www.conf
+RUN sed -i "s/^upload_max_filesize.*$/upload_max_filesize = $max_upload_size/g" /etc/php/8.3/fpm/php.ini
+RUN sed -i "s/^post_max_size.*$/post_max_size = $max_upload_size/g" /etc/php/8.3/fpm/php.ini
 
 # Configure SQLite
 RUN echo ".headers on" > /root/.sqliterc

docker/config/nginx/repomanager.conf

@@ -8,7 +8,7 @@ map $request_uri $loggable {
 
 # Path to unix socket
 upstream php-handler {
-    server unix:/run/php/php8.1-fpm.sock;
+    server unix:/run/php/php8.3-fpm.sock;
 }
 
 server {

docker/config/php/www.conf

@@ -33,7 +33,7 @@ group = www-data
 ;                            (IPv6 and IPv4-mapped) on a specific port;
 ;   '/path/to/unix/socket' - to listen on a unix socket.
 ; Note: This value is mandatory.
-listen = /run/php/php8.1-fpm.sock
+listen = /run/php/php8.3-fpm.sock
 
 ; Set listen(2) backlog.
 ; Default Value: 511 (-1 on FreeBSD and OpenBSD)
@@ -238,7 +238,7 @@ pm.max_spare_servers = 3
 ;   last request memory:  0
 ;
 ; Note: There is a real-time FPM status monitoring sample web page available
-;       It's available in: /usr/share/php/8.1/fpm/status.html
+;       It's available in: /usr/share/php/8.3/fpm/status.html
 ;
 ; Note: The value must start with a leading slash (/). The value can be
 ;       anything, but it may not be a good idea to use the .php extension or it

docker/entrypoint.sh

@@ -23,15 +23,15 @@ if [ ! -z "$MAX_UPLOAD_SIZE" ];then
     # Nginx configuration
     sed -i "s/client_max_body_size.*$/client_max_body_size ${MAX_UPLOAD_SIZE};/g" /etc/nginx/sites-enabled/repomanager.conf
     # PHP configuration
-    sed -i "s/^upload_max_filesize.*$/upload_max_filesize = ${MAX_UPLOAD_SIZE}/g" /etc/php/8.1/fpm/php.ini
-    sed -i "s/^post_max_size.*$/post_max_size = ${MAX_UPLOAD_SIZE}/g" /etc/php/8.1/fpm/php.ini
+    sed -i "s/^upload_max_filesize.*$/upload_max_filesize = ${MAX_UPLOAD_SIZE}/g" /etc/php/8.3/fpm/php.ini
+    sed -i "s/^post_max_size.*$/post_max_size = ${MAX_UPLOAD_SIZE}/g" /etc/php/8.3/fpm/php.ini
 fi
 
 # Start services
 if [ -f "/etc/init.d/syslog-ng" ];then
     /usr/sbin/service syslog-ng start
 fi
-/usr/sbin/service php8.1-fpm start
+/usr/sbin/service php8.3-fpm start
 /usr/sbin/service nginx start
 /usr/sbin/service postfix start
 

www/controllers/Api/Host/Host.php

@@ -331,7 +331,7 @@ public function execute()
                     if (!empty($this->data->status) and ($this->action == 'packages-update' or $this->action == 'general-status-update' or $this->action == 'packages-status-update' or $this->action == 'full-history-update') and $this->method == 'PUT') {
                         try {
                             $myhost->acknowledgeRequest($this->action, $this->data->status);
-                            return array('message' => 'Acknowledge has been taken into account.');
+                            return array('message' => array('Acknowledge has been taken into account.'));
                         } catch (Exception $e) {
                             throw new Exception($e->getMessage());
                         }

www/controllers/Common.php

@@ -569,7 +569,7 @@ public static function xzUncompress(string $filename, string $outputFilename = n
      *  Return true if distant URL is reachable
      *  The target URL can be a file or a directory
      */
-    public static function urlReachable(string $url, string $sslCertificatePath = null, string $sslPrivateKeyPath = null)
+    public static function urlReachable(string $url, string $sslCertificatePath = null, string $sslPrivateKeyPath = null, string $sslCustomCaCertificate = null)
     {
         $ch = curl_init($url);
 
@@ -584,14 +584,17 @@ public static function urlReachable(string $url, string $sslCertificatePath = nu
         }
 
         /**
-         *  If a custom SSL certificate and key have been specified
+         *  If a custom SSL certificate / private key / ca certificate have been specified
          */
         if (!empty($sslCertificatePath)) {
             curl_setopt($ch, CURLOPT_SSLCERT, $sslCertificatePath);
         }
         if (!empty($sslPrivateKeyPath)) {
             curl_setopt($ch, CURLOPT_SSLKEY, $sslPrivateKeyPath);
         }
+        if (!empty($sslCustomCaCertificate)) {
+            curl_setopt($ch, CURLOPT_CAINFO, $sslCustomCaCertificate);
+        }
 
         if (curl_exec($ch) === false) {
             return false;

www/controllers/Process.php

@@ -4,7 +4,7 @@
 
 class Process
 {
-    private $workingDir = ROOT . '/.temp'; // Working dir for php
+    private $workingDir = ROOT; // Working dir for php
     private $command;
     private $env = array('HOME' => ROOT, 'PATH' => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin');
     private $process;

www/controllers/Repo/Mirror/Deb.php

@@ -19,7 +19,7 @@ private function getReleaseFile()
         $releasePossibleNames = array('InRelease', 'Release', 'Release.gpg');
 
         foreach ($releasePossibleNames as $releaseFile) {
-            if (\Controllers\Common::urlReachable($this->url . '/dists/' . $this->dist . '/' . $releaseFile, $this->sslCustomCertificate, $this->sslCustomPrivateKey)) {
+            if (\Controllers\Common::urlReachable($this->url . '/dists/' . $this->dist . '/' . $releaseFile, $this->sslCustomCertificate, $this->sslCustomPrivateKey, $this->sslCustomCaCertificate)) {
                 $this->download($this->url . '/dists/' . $this->dist . '/' . $releaseFile, $this->workingDir . '/' . $releaseFile);
             }
         }
@@ -98,7 +98,7 @@ private function parseReleaseFile()
                         /**
                          *  Include this Packages.xx/Sources.xx file only if it does really exist on the remote server (sometimes it can be declared in Release but not exists...)
                          */
-                        if (\Controllers\Common::urlReachable($this->url . '/dists/' . $this->dist . '/' . $location, $this->sslCustomCertificate, $this->sslCustomPrivateKey)) {
+                        if (\Controllers\Common::urlReachable($this->url . '/dists/' . $this->dist . '/' . $location, $this->sslCustomCertificate, $this->sslCustomPrivateKey, $this->sslCustomCaCertificate)) {
                             if ($arch == 'src') {
                                 $this->sourcesIndicesLocation[] = array('location' => $location, 'checksum' => $checksum);
                             }

www/controllers/Repo/Mirror/Mirror.php

@@ -27,6 +27,7 @@ class Mirror
     protected $outputFile;
     protected $sslCustomCertificate;
     protected $sslCustomPrivateKey;
+    protected $sslCustomCaCertificate;
     protected $curlHandle;
 
     public function setUrl(string $url)
@@ -84,6 +85,11 @@ public function setSslCustomPrivateKey(string $path)
         $this->sslCustomPrivateKey = $path;
     }
 
+    public function setSslCustomCaCertificate(string $path)
+    {
+        $this->sslCustomCaCertificate = $path;
+    }
+
     /**
      *  Initialize mirroring task
      */
@@ -132,14 +138,17 @@ public function download(string $url, string $savePath)
         }
 
         /**
-         *  If a custom ssl certificate and private key must be used
+         *  If a custom ssl certificate / private key /ca certificate must be used
          */
         if (!empty($this->sslCustomCertificate)) {
             curl_setopt($this->curlHandle, CURLOPT_SSLCERT, $this->sslCustomCertificate);
         }
         if (!empty($this->sslCustomPrivateKey)) {
             curl_setopt($this->curlHandle, CURLOPT_SSLKEY, $this->sslCustomPrivateKey);
         }
+        if (!empty($this->sslCustomCaCertificate)) {
+            curl_setopt($this->curlHandle, CURLOPT_CAINFO, $this->sslCustomCaCertificate);
+        }
 
         /**
          *  Execute curl

www/controllers/Repo/Mirror/Rpm.php

@@ -656,7 +656,7 @@ public function mirror()
          */
 
         foreach ($this->archUrls as $url) {
-            if (!\Controllers\Common::urlReachable($url . '/repodata/repomd.xml', $this->sslCustomCertificate, $this->sslCustomPrivateKey)) {
+            if (!\Controllers\Common::urlReachable($url . '/repodata/repomd.xml', $this->sslCustomCertificate, $this->sslCustomPrivateKey, $this->sslCustomCaCertificate)) {
                 /**
                  *  Remove unreachable URL from array
                  */

www/controllers/Source.php

@@ -101,7 +101,7 @@ public function new(string $type, string $name, string $url, string $gpgKeyURL =
     /**
      *  Edit a source repo
      */
-    public function edit(int $id, string $name, string $url, string $gpgKeyURL = null, string $sslCertificatePath = null, string $sslPrivateKeyPath = null)
+    public function edit(int $id, string $name, string $url, string $gpgKeyURL = null, string $sslCertificatePath = null, string $sslPrivateKeyPath = null, string $sslCaCertificatePath = null)
     {
         /**
          *  Check that source repo exists
@@ -192,7 +192,19 @@ public function edit(int $id, string $name, string $url, string $gpgKeyURL = nul
             }
         }
 
-        $this->model->edit($id, $name, $url, $gpgKeyURL, $sslCertificatePath, $sslPrivateKeyPath);
+        /**
+         *  SSL CA certificate file must be a file that exists and is readable
+         */
+        if (!empty($sslCaCertificatePath)) {
+            if (!file_exists($sslCaCertificatePath)) {
+                throw new Exception('Specified CA certificate file does not exist');
+            }
+            if (!is_readable($sslCaCertificatePath)) {
+                throw new Exception('Specified CA certificate file is not readable');
+            }
+        }
+
+        $this->model->edit($id, $name, $url, $gpgKeyURL, $sslCertificatePath, $sslPrivateKeyPath, $sslCaCertificatePath);
     }
 
     /**

www/controllers/Task/Form/Param/Schedule.php

@@ -39,6 +39,13 @@ public static function check(array $scheduleParams) : void
              *  Check that schedule time is set and valid
              */
             self::checkTime($scheduleParams['schedule-time']);
+
+            /**
+             *  Check that date and time are not in the past
+             */
+            if (strtotime($scheduleParams['schedule-date'] . ' ' . $scheduleParams['schedule-time']) < strtotime(date('Y-m-d H:i'))) {
+                throw new Exception('You cannot schedule a task in the past');
+            }
         }
 
         /**

www/controllers/Task/Repo/Package/Sync.php

@@ -220,12 +220,19 @@ private function syncPackage()
                 if (!empty($sourceDetails['Gpgkey'])) {
                     $mymirror->setGpgKeyUrl($sourceDetails['Gpgkey']);
                 }
+
+                /**
+                 *  If the source repo has a custom SSL certificate, private key or CA certificate, then they will be used
+                 */
                 if (!empty($sourceDetails['Ssl_certificate_path'])) {
                     $mymirror->setSslCustomCertificate($sourceDetails['Ssl_certificate_path']);
                 }
                 if (!empty($sourceDetails['Ssl_private_key_path'])) {
                     $mymirror->setSslCustomPrivateKey($sourceDetails['Ssl_private_key_path']);
                 }
+                if (!empty($sourceDetails['Ssl_ca_certificate_path'])) {
+                    $mymirror->setSslCustomCaCertificate($sourceDetails['Ssl_ca_certificate_path']);
+                }
                 $mymirror->mirror();
 
                 unset($mymirror);

www/controllers/ajax/source.php

@@ -25,11 +25,11 @@
 /**
  *  Edit a source repo
  */
-if ($_POST['action'] == 'edit' and !empty($_POST['id']) and !empty($_POST['name']) and !empty($_POST['url']) and isset($_POST['gpgkey']) and isset($_POST['sslCertificatePath']) and isset($_POST['sslPrivateKeyPath'])) {
+if ($_POST['action'] == 'edit' and !empty($_POST['id']) and !empty($_POST['name']) and !empty($_POST['url']) and isset($_POST['gpgkey']) and isset($_POST['sslCertificatePath']) and isset($_POST['sslPrivateKeyPath']) and isset($_POST['sslCaCertificatePath'])) {
     $mysource = new \Controllers\Source();
 
     try {
-        $mysource->edit($_POST['id'], $_POST['name'], $_POST['url'], $_POST['gpgkey'], $_POST['sslCertificatePath'], $_POST['sslPrivateKeyPath']);
+        $mysource->edit($_POST['id'], $_POST['name'], $_POST['url'], $_POST['gpgkey'], $_POST['sslCertificatePath'], $_POST['sslPrivateKeyPath'], $_POST['sslCaCertificatePath']);
     } catch (\Exception $e) {
         response(HTTP_BAD_REQUEST, $e->getMessage());
     }

www/models/Connection.php

@@ -305,7 +305,8 @@ private function generateMainTables()
         Url VARCHAR(255) NOT NULL,
         Gpgkey VARCHAR(255),
         Ssl_certificate_path VARCHAR(255),
-        Ssl_private_key_path VARCHAR(255))");
+        Ssl_private_key_path VARCHAR(255),
+        Ssl_ca_certificate_path VARCHAR(255))");
 
         /**
          *  users table
@@ -506,7 +507,6 @@ private function generateMainTables()
         GPG_SIGNING_KEYID VARCHAR(255),
         /* Scheduled tasks settings */
         PLANS_REMINDERS_ENABLED CHAR(5),
-        PLANS_CLEAN_REPOS CHAR(5),
         /* Statistics & metrics settings */
         STATS_ENABLED CHAR(5),
         /* Hosts and profiles settings */
@@ -555,7 +555,6 @@ private function generateMainTables()
                 DEB_INVALID_SIGNATURE,
                 GPG_SIGNING_KEYID,
                 PLANS_REMINDERS_ENABLED,
-                PLANS_CLEAN_REPOS,
                 RETENTION,
                 STATS_ENABLED,
                 MANAGE_HOSTS,
@@ -583,7 +582,6 @@ private function generateMainTables()
                 'error',
                 '$gpgKeyId',
                 'false',
-                'false',
                 '3',
                 'false',
                 'false',

www/models/Source.php

@@ -108,16 +108,17 @@ public function new(string $repoType, string $name, string $url, string $gpgKeyU
     /**
      *  Edit a source repo
      */
-    public function edit(string $id, string $name, string $url, string|null $gpgKeyURL, string|null $sslCertificatePath, string|null $sslPrivateKeyPath)
+    public function edit(string $id, string $name, string $url, string|null $gpgKeyURL, string|null $sslCertificatePath, string|null $sslPrivateKeyPath, string|null $sslCaCertificatePath)
     {
         try {
-            $stmt = $this->db->prepare('UPDATE sources SET Name = :name, Url = :url, Gpgkey = :gpgKeyUrl, Ssl_certificate_path = :sslCertificatePath, Ssl_private_key_path = :sslPrivateKeyPath WHERE Id = :id');
+            $stmt = $this->db->prepare('UPDATE sources SET Name = :name, Url = :url, Gpgkey = :gpgKeyUrl, Ssl_certificate_path = :sslCertificatePath, Ssl_private_key_path = :sslPrivateKeyPath, Ssl_ca_certificate_path = :sslCaCertificatePath WHERE Id = :id');
             $stmt->bindValue(':id', $id);
             $stmt->bindValue(':name', $name);
             $stmt->bindValue(':url', $url);
             $stmt->bindValue(':gpgKeyUrl', $gpgKeyURL);
             $stmt->bindValue(':sslCertificatePath', $sslCertificatePath);
             $stmt->bindValue(':sslPrivateKeyPath', $sslPrivateKeyPath);
+            $stmt->bindValue(':sslCaCertificatePath', $sslCaCertificatePath);
             $stmt->execute();
         } catch (\Exception $e) {
             \Controllers\Common::dbError($e);

www/public/resources/js/source.js

@@ -44,10 +44,11 @@ $(document).on('submit','.source-form',function () {
     var name = $(this).find('.source-input-name').val();
     var url = $(this).find('.source-input-url').val();
     var gpgkey = $(this).find('.source-gpgkey-input').val();
-    var sslCertificatePath = $(this).find('.source-sslcrt-input').val();
-    var sslPrivateKeyPath = $(this).find('.source-sslkey-input').val();
+    var sslCertificatePath = $(this).find('.source-ssl-crt-input').val();
+    var sslPrivateKeyPath = $(this).find('.source-ssl-key-input').val();
+    var sslCaCertificatePath = $(this).find('.source-ssl-cacrt-input').val();
 
-    editSource(id, name, url, gpgkey, sslCertificatePath, sslPrivateKeyPath);
+    editSource(id, name, url, gpgkey, sslCertificatePath, sslPrivateKeyPath, sslCaCertificatePath);
 
     return false;
 });
@@ -141,8 +142,9 @@ function newSource(repoType, name, url, gpgKeyURL, gpgKeyText)
  * @param {*} gpgkey
  * @param {*} sslCertificatePath
  * @param {*} sslPrivateKeyPath
+ * @param {*} sslCaCertificatePath
  */
-function editSource(id, name, url, gpgkey, sslCertificatePath, sslPrivateKeyPath)
+function editSource(id, name, url, gpgkey, sslCertificatePath, sslPrivateKeyPath, sslCaCertificatePath)
 {
     $.ajax({
         type: "POST",
@@ -155,7 +157,8 @@ function editSource(id, name, url, gpgkey, sslCertificatePath, sslPrivateKeyPath
             url: url,
             gpgkey: gpgkey,
             sslCertificatePath: sslCertificatePath,
-            sslPrivateKeyPath: sslPrivateKeyPath
+            sslPrivateKeyPath: sslPrivateKeyPath,
+            sslCaCertificatePath: sslCaCertificatePath
         },
         dataType: "json",
         success: function (data, textStatus, jqXHR) {