mirror of
https://github.com/garethgeorge/backrest.git
synced 2025-12-13 17:25:38 +00:00
236 lines
7.1 KiB
Go
236 lines
7.1 KiB
Go
package resticinstaller
|
|
|
|
import (
|
|
"archive/zip"
|
|
"bytes"
|
|
"compress/bzip2"
|
|
"context"
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"os"
|
|
"path"
|
|
"runtime"
|
|
"strings"
|
|
"sync"
|
|
|
|
"github.com/garethgeorge/backrest/internal/config"
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
var (
|
|
ErrResticNotFound = errors.New("no restic binary")
|
|
)
|
|
|
|
var (
|
|
RequiredResticVersion = "0.16.3"
|
|
|
|
findResticMu sync.Mutex
|
|
didTryInstall bool
|
|
)
|
|
|
|
func resticDownloadURL(version string) string {
|
|
if runtime.GOOS == "windows" {
|
|
return fmt.Sprintf("https://github.com/restic/restic/releases/download/v%v/restic_%v_windows_%v.zip", version, version, runtime.GOARCH)
|
|
}
|
|
return fmt.Sprintf("https://github.com/restic/restic/releases/download/v%v/restic_%v_%v_%v.bz2", version, version, runtime.GOOS, runtime.GOARCH)
|
|
}
|
|
|
|
func hashDownloadURL(version string) string {
|
|
return fmt.Sprintf("https://github.com/restic/restic/releases/download/v%v/SHA256SUMS", version)
|
|
}
|
|
|
|
func sigDownloadURL(version string) string {
|
|
return fmt.Sprintf("https://github.com/restic/restic/releases/download/v%v/SHA256SUMS.asc", version)
|
|
}
|
|
|
|
// getURL downloads the given url and returns the response body as a string.
|
|
func getURL(url string) ([]byte, error) {
|
|
resp, err := http.Get(url)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("http GET %v: %w", url, err)
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
var body bytes.Buffer
|
|
_, err = io.Copy(&body, resp.Body)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("copy response body to buffer: %w", err)
|
|
}
|
|
return body.Bytes(), nil
|
|
}
|
|
|
|
func verify(sha256 string) error {
|
|
sha256sums, err := getURL(hashDownloadURL(RequiredResticVersion))
|
|
if err != nil {
|
|
return fmt.Errorf("get sha256sums: %w", err)
|
|
}
|
|
|
|
signature, err := getURL(sigDownloadURL(RequiredResticVersion))
|
|
if err != nil {
|
|
return fmt.Errorf("get signature: %w", err)
|
|
}
|
|
|
|
if ok, err := gpgVerify(sha256sums, signature); !ok || err != nil {
|
|
return fmt.Errorf("gpg verification failed: ok=%v err=%v", ok, err)
|
|
}
|
|
|
|
if !strings.Contains(string(sha256sums), sha256) {
|
|
fmt.Fprintf(os.Stderr, "sha256sums:\n%v\n", string(sha256sums))
|
|
return fmt.Errorf("sha256sums do not contain %v", sha256)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// downloadFile downloads a file from the given url and saves it to the given path. The sha256 checksum of the file is returned on success.
|
|
func downloadFile(url string, downloadPath string) (string, error) {
|
|
// Download ur as a file and save it to path
|
|
req, err := http.NewRequestWithContext(context.Background(), http.MethodGet, url, nil)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
req.Header.Set("Accept", "application/octet-stream")
|
|
resp, err := http.DefaultClient.Do(req)
|
|
if err != nil {
|
|
return "", fmt.Errorf("http GET %v: %w", url, err)
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
if resp.StatusCode != http.StatusOK {
|
|
return "", fmt.Errorf("http GET %v: %v", url, resp.Status)
|
|
}
|
|
|
|
body, err := io.ReadAll(resp.Body)
|
|
if err != nil {
|
|
return "", fmt.Errorf("read response body: %w", err)
|
|
}
|
|
hash := sha256.Sum256(body)
|
|
|
|
if strings.HasSuffix(url, ".bz2") {
|
|
zap.S().Infof("Decompressing bz2 archive (size=%v)...", len(body))
|
|
body, err = io.ReadAll(bzip2.NewReader(bytes.NewReader(body)))
|
|
if err != nil {
|
|
return "", fmt.Errorf("bz2 decompress body: %w", err)
|
|
}
|
|
} else if strings.HasSuffix(url, ".zip") {
|
|
zap.S().Infof("Decompressing zip archive (size=%v)...", len(body))
|
|
|
|
archive, err := zip.NewReader(bytes.NewReader(body), int64(len(body)))
|
|
if err != nil {
|
|
return "", fmt.Errorf("open zip archive: %w", err)
|
|
}
|
|
|
|
if len(archive.File) != 1 {
|
|
return "", fmt.Errorf("expected zip archive to contain exactly one file, got %v", len(archive.File))
|
|
}
|
|
f, err := archive.File[0].Open()
|
|
if err != nil {
|
|
return "", fmt.Errorf("open zip archive file %v: %w", archive.File[0].Name, err)
|
|
}
|
|
|
|
body, err = io.ReadAll(f)
|
|
if err != nil {
|
|
return "", fmt.Errorf("read zip archive file %v: %w", archive.File[0].Name, err)
|
|
}
|
|
}
|
|
|
|
out, err := os.Create(downloadPath)
|
|
if err != nil {
|
|
return "", fmt.Errorf("create file %v: %w", downloadPath, err)
|
|
}
|
|
defer out.Close()
|
|
if err != nil {
|
|
return "", fmt.Errorf("create file %v: %w", downloadPath, err)
|
|
}
|
|
_, err = io.Copy(out, bytes.NewReader(body))
|
|
if err != nil {
|
|
return "", fmt.Errorf("copy response body to file %v: %w", downloadPath, err)
|
|
}
|
|
|
|
return hex.EncodeToString(hash[:]), nil
|
|
}
|
|
|
|
func installResticIfNotExists(resticInstallPath string) error {
|
|
// withFlock is used to ensure tests pass; when running on CI multiple tests may try to install restic at the same time.
|
|
return withFlock(path.Join(config.DataDir(), "install.lock"), func() error {
|
|
if _, err := os.Stat(resticInstallPath); err == nil {
|
|
// file is now installed, probably by another process. We can return.
|
|
return nil
|
|
}
|
|
|
|
if err := os.MkdirAll(path.Dir(resticInstallPath), 0755); err != nil {
|
|
return fmt.Errorf("create restic install directory %v: %w", path.Dir(resticInstallPath), err)
|
|
}
|
|
|
|
hash, err := downloadFile(resticDownloadURL(RequiredResticVersion), resticInstallPath+".tmp")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := verify(hash); err != nil {
|
|
os.Remove(resticInstallPath) // try to remove the bad binary.
|
|
return fmt.Errorf("failed to verify the authenticity of the downloaded restic binary: %v", err)
|
|
}
|
|
|
|
if err := os.Chmod(resticInstallPath+".tmp", 0755); err != nil {
|
|
return fmt.Errorf("chmod executable %v: %w", resticInstallPath, err)
|
|
}
|
|
|
|
if err := os.Rename(resticInstallPath+".tmp", resticInstallPath); err != nil {
|
|
return fmt.Errorf("rename %v.tmp to %v: %w", resticInstallPath, resticInstallPath, err)
|
|
}
|
|
|
|
return nil
|
|
})
|
|
}
|
|
|
|
// FindOrInstallResticBinary first tries to find the restic binary if provided as an environment variable. Otherwise it downloads restic if not already installed.
|
|
func FindOrInstallResticBinary() (string, error) {
|
|
findResticMu.Lock()
|
|
defer findResticMu.Unlock()
|
|
|
|
// Check if restic is provided.
|
|
resticBin := config.ResticBinPath()
|
|
if resticBin != "" {
|
|
if _, err := os.Stat(resticBin); err != nil {
|
|
if !errors.Is(err, os.ErrNotExist) {
|
|
return "", fmt.Errorf("stat(%v): %w", resticBin, err)
|
|
}
|
|
return "", fmt.Errorf("no binary found at path %v: %w", resticBin, ErrResticNotFound)
|
|
}
|
|
return resticBin, nil
|
|
}
|
|
|
|
// Check for restic installation in data directory.
|
|
resticInstallPath := path.Join(config.DataDir(), fmt.Sprintf("restic-%v", RequiredResticVersion))
|
|
if runtime.GOOS == "windows" {
|
|
programFiles := os.Getenv("programfiles(x86)")
|
|
if programFiles == "" {
|
|
programFiles = os.Getenv("programfiles")
|
|
}
|
|
resticInstallPath = path.Join(programFiles, "restic", fmt.Sprintf("restic-%v.exe", RequiredResticVersion))
|
|
}
|
|
if _, err := os.Stat(resticInstallPath); err != nil {
|
|
if !errors.Is(err, os.ErrNotExist) {
|
|
return "", fmt.Errorf("could not stat restic binary at %v: %w", resticBin, err)
|
|
}
|
|
|
|
if didTryInstall {
|
|
return "", fmt.Errorf("already tried to install: %w", ErrResticNotFound)
|
|
}
|
|
didTryInstall = true
|
|
|
|
zap.S().Infof("Installing restic %v to %v...", resticInstallPath, RequiredResticVersion)
|
|
if err := installResticIfNotExists(resticInstallPath); err != nil {
|
|
return "", fmt.Errorf("install restic: %w", err)
|
|
}
|
|
zap.S().Infof("Installed restic %v", RequiredResticVersion)
|
|
}
|
|
|
|
return resticInstallPath, nil
|
|
}
|