Class: Aspera::Ascp::Installation

Inherits:

Object

• Object
• Aspera::Ascp::Installation

Includes:

Singleton

Defined in:

lib/aspera/ascp/installation.rb

Overview

Singleton that tells where to find ascp and other local resources (keys..) , using the “path(:name)” method. It is used by object : AgentDirect to find necessary resources By default it takes the first Aspera product found The user can specify ‘ascp` location by calling: `sdk_folder=` method

Constant Summary

CLIENT_SSH_KEY_OPTIONS =

options for SSH client private key

%i{dsa_rsa rsa per_client}.freeze

USE_PRODUCT_PREFIX =

prefix

'product:'

FIRST_FOUND =

policy for product selection

'FIRST'

Instance Attribute Summary

• #transferd_urls ⇒ Object

  Returns the value of attribute transferd_urls.

Instance Method Summary

• #ascp_info ⇒ Object

  information for ‘ascp info`.

• #ascp_info_from_file ⇒ Object

  Extract some stings from ascp binary Openssl information.

• #ascp_info_from_log ⇒ Object

  Extract some stings from ascp logs Folder, PVCL, version, license information.

• #aspera_token_ssh_key_paths(types) ⇒ Object

  get paths of SSH keys to use for ascp client.

• #check_or_create_sdk_file(filename, force: false, &block) ⇒ Object

  TODO: if using another product than SDK, should use files from there.

• #extract_archive_files(sdk_archive_path) ⇒ Object
• #file_paths ⇒ Hash

  With key = file name (String), and value = path to file.

• #get_ascp_version(exe_path) ⇒ Object

  use in plugin ‘config`.

• #get_exe_version(exe_path, vers_arg) ⇒ Object

  Check that specified path is ascp and get version.

• #install_sdk(folder:, url: nil, version: nil, backup: true) ⇒ Array

  Retrieves ascp binary for current system architecture from URL or file.

• #installed_products ⇒ Object

  The list of installed products in format of product_locations_on_current_os.

• #path(k) ⇒ String^?

  Get path of one resource file of currently activated product keys and certs are generated locally…

• #retrieve_sdk(url: nil, version: nil) ⇒ Object

  Retrieve SDK either from specified URL, or specified version from standard location, or latest version.

• #sdk_folder ⇒ Object
• #sdk_folder=(ascp_location) ⇒ Object

  Set ‘ascp` executable “location” It can be: - Full path to folder where `ascp` executable is located - “product:PRODUCT_NAME” to use ascp from named product - “product:FIRST” to use ascp from first found product.

• #sdk_locations ⇒ Hash

  Loads YAML from cloud with locations of SDK archives for all platforms.

• #sdk_url_for_platform(platform: nil, version: nil) ⇒ Object

  The url for download of SDK archive for the given platform and version.

• #ssh_cert_uuid ⇒ String

  default bypass key phrase.

Instance Attribute Details

#transferd_urls ⇒ Object

Returns the value of attribute transferd_urls.

# File 'lib/aspera/ascp/installation.rb', line 398

def transferd_urls
  @transferd_urls
end

Instance Method Details

#ascp_info ⇒ Object

information for ‘ascp info`

# File 'lib/aspera/ascp/installation.rb', line 226

def ascp_info
  ascp_data = file_paths
  ascp_data.merge!(ascp_info_from_log)
  ascp_data.merge!(ascp_info_from_file)
  return ascp_data
end

#ascp_info_from_file ⇒ Object

Extract some stings from ascp binary Openssl information

# File 'lib/aspera/ascp/installation.rb', line 213

def ascp_info_from_file
  data = {}
  File.binread(path(:ascp)).scan(/[\x20-\x7E]{10,}/) do |bin_string|
    if (m = bin_string.match(/OPENSSLDIR.*"(.*)"/))
      data['ascp_openssl_dir'] = m[1]
    elsif (m = bin_string.match(/OpenSSL (\d[^ -]+)/))
      data['ascp_openssl_version'] = m[1]
    end
  end if File.file?(path(:ascp))
  return data
end

#ascp_info_from_log ⇒ Object

Extract some stings from ascp logs Folder, PVCL, version, license information

# File 'lib/aspera/ascp/installation.rb', line 180

def ascp_info_from_log
  data = {}
  _, stderr, status = Environment.secure_execute(path(:ascp), '-DDL-', mode: :capture, exception: false)
  # read PATHs from ascp directly, and pvcl modules as well
  last_line = ''
  stderr.lines do |line|
    line.chomp!
    # Skip lines that may have accents
    next unless line.valid_encoding?
    last_line = line
    case line
    when /^DBG Path ([^ ]+) (dir|file) +: (.*)$/
      data[Regexp.last_match(1)] = Regexp.last_match(3)
    when /^DBG Added module group:"(?<module>[^"]+)" name:"(?<scheme>[^"]+)", version:"(?<version>[^"]+)" interface:"(?<interface>[^"]+)"$/
      c = Regexp.last_match.named_captures.symbolize_keys
      data[c[:interface]] ||= {}
      data[c[:interface]][c[:module]] ||= []
      data[c[:interface]][c[:module]].push("#{c[:scheme]} v#{c[:version]}")
    when %r{^DBG License result \(/license/(\S+)\): (.+)$}
      data[Regexp.last_match(1)] = Regexp.last_match(2)
    when /^LOG (.+) version ([0-9.]+)$/
      data['product_name'] = Regexp.last_match(1)
      data['product_version'] = Regexp.last_match(2)
    when /^LOG Initializing FASP version ([^,]+),/
      data['ascp_version'] = Regexp.last_match(1)
    end
  end
  raise last_line if !status.exitstatus.eql?(1) && !data.key?('root')
  return data
end

#aspera_token_ssh_key_paths(types) ⇒ Object

get paths of SSH keys to use for ascp client

Parameters:

• types (Symbol) —

  types to use

# File 'lib/aspera/ascp/installation.rb', line 149

def aspera_token_ssh_key_paths(types)
  Aspera.assert_values(types, CLIENT_SSH_KEY_OPTIONS)
  return case types
         when :dsa_rsa, :rsa
           types.to_s.split('_').map{ |i| Installation.instance.path("ssh_private_#{i}".to_sym)}
         when :per_client
           Aspera.error_not_implemented
         end
end

#check_or_create_sdk_file(filename, force: false, &block) ⇒ Object

TODO: if using another product than SDK, should use files from there

# File 'lib/aspera/ascp/installation.rb', line 98

def check_or_create_sdk_file(filename, force: false, &block)
  FileUtils.mkdir_p(Products::Transferd.sdk_directory)
  return Environment.write_file_restricted(File.join(Products::Transferd.sdk_directory, filename), force: force, mode: 0o644, &block)
end

#extract_archive_files(sdk_archive_path) ⇒ Object

Parameters:

• sdk_archive_path (String) —

  path to SDK archive

• &block —

  called with: file path, data stream, link target if link?

# File 'lib/aspera/ascp/installation.rb', line 247

def extract_archive_files(sdk_archive_path)
  Aspera.assert(block_given?){'missing block'}
  case sdk_archive_path
  # Windows and Mac use zip
  when /\.zip$/
    require 'zip'
    # extract files from archive
    Zip::File.open(sdk_archive_path) do |zip_file|
      zip_file.each do |entry|
        next if entry.name.end_with?('/')
        entry.get_input_stream do |io|
          yield(entry.name, io, nil)
        end
      end
    end
  # Other Unixes use tar.gz
  when /\.tar\.gz/
    require 'zlib'
    require 'rubygems/package'
    Zlib::GzipReader.open(sdk_archive_path) do |gzip|
      Gem::Package::TarReader.new(gzip) do |tar|
        tar.each do |entry|
          next if entry.directory?
          yield(entry.full_name, entry, entry.symlink? ? entry.header.linkname : nil)
        end
      end
    end
  else
    raise "unknown archive extension: #{sdk_archive_path}"
  end
end

#file_paths ⇒ Hash

Returns with key = file name (String), and value = path to file.

Returns:

• (Hash) —

  with key = file name (String), and value = path to file

# File 'lib/aspera/ascp/installation.rb', line 85

def file_paths
  return SDK_FILES.to_h do |v|
           [v.to_s, begin
             path(v)
           rescue Errno::ENOENT => e
             e.message.gsub(/.*assertion failed: /, '').gsub(/\): .*/, ')')
           rescue => e
             e.message
           end]
         end
end

#get_ascp_version(exe_path) ⇒ Object

use in plugin ‘config`

# File 'lib/aspera/ascp/installation.rb', line 160

def get_ascp_version(exe_path)
  return get_exe_version(exe_path, '-A')
end

#get_exe_version(exe_path, vers_arg) ⇒ Object

Check that specified path is ascp and get version

# File 'lib/aspera/ascp/installation.rb', line 165

def get_exe_version(exe_path, vers_arg)
  Aspera.assert_type(exe_path, String)
  Aspera.assert_type(vers_arg, String)
  return unless File.exist?(exe_path)
  exe_version = nil
  cmd_out = %x("#{exe_path}" #{vers_arg})
  raise "An error occurred when testing #{exe_path}: #{cmd_out}" unless $CHILD_STATUS == 0
  # get version from ascp, only after full extract, as windows requires DLLs (SSL/TLS/etc...)
  m = cmd_out.match(/ version ([0-9.]+)/)
  exe_version = m[1].gsub(/\.$/, '') unless m.nil?
  return exe_version
end

#install_sdk(folder:, url: nil, version: nil, backup: true) ⇒ Array

Retrieves ascp binary for current system architecture from URL or file

Parameters:

• folder (String) —

  Destination folder path

• url (nil, String) (defaults to: nil) —

  URL to SDK archive, if nil: default url for version

• version (nil, String) (defaults to: nil) —

  Specific version, if nil: latest version

• backup (Boolean) (defaults to: true) —

  If destination folder exists, then rename

• &block (nil, Proc) —

  A lambda that receives a file path from archive and tells destination sub folder(end with /) or file, or nil to not extract

Returns:

• (Array) —

  name, ascp version (from execution), folder

# File 'lib/aspera/ascp/installation.rb', line 286

def install_sdk(folder:, url: nil, version: nil, backup: true)
  url ||= sdk_url_for_platform(version: version)
  # Rename old install
  if backup && Dir.exist?(folder) && !Dir.empty?(folder)
    Log.log.warn('Previous install exists, renaming folder.')
    File.rename(folder, "#{folder}.#{Time.now.strftime('%Y%m%d%H%M%S')}")
    # TODO: cleanup old archives ?
  end
  FileUtils.mkdir_p(folder)
  # Security: Track extracted file paths to detect basename collisions
  extracted_files = {}
  # Security: Get canonical path of installation directory for boundary checks
  install_boundary = File.realpath(folder)
  sdk_archive_path = UriReader.read_as_file(url)
  extract_archive_files(sdk_archive_path) do |entry_name, entry_stream, link_target|
    dest_folder = if block_given?
      yield(entry_name)
    else
      # default files to extract directly to main folder if in selected source folders
      Products::Transferd::RUNTIME_FOLDERS.any?{ |i| entry_name.match?(%r{^[^/]*/#{i}/})} ? '/' : nil
    end
    next if dest_folder.nil?
    dest_folder = File.join(folder, dest_folder)
    if dest_folder.end_with?('/')
      dest_file = File.join(dest_folder, File.basename(entry_name))
    else
      dest_file = dest_folder
      dest_folder = File.dirname(dest_file)
    end
    # Security: Detect basename collisions that could overwrite symlinks
    file_basename = File.basename(dest_file)
    if extracted_files.key?(file_basename)
      Log.log.warn{"Rejecting file with duplicate basename: #{entry_name} (basename: #{file_basename}, previous: #{extracted_files[file_basename]})"}
      next
    end
    extracted_files[file_basename] = entry_name
    FileUtils.mkdir_p(dest_folder)
    if link_target.nil?
      # Security: Check if destination already exists
      if File.exist?(dest_file)
        Log.log.warn{"Rejecting write to existing file or link: #{dest_file}"}
        next
      end
      # Security: Verify the resolved path stays within installation boundary
      begin
        # Create parent directory if needed for realpath check
        FileUtils.mkdir_p(File.dirname(dest_file))
        # Check where the file would resolve to (handles existing symlinks in path)
        resolved_dest = File.realpath(File.dirname(dest_file))
        unless resolved_dest.start_with?(install_boundary)
          Log.log.warn{"Rejecting file outside installation directory: #{dest_file} resolves to #{resolved_dest}"}
          next
        end
      rescue Errno::ENOENT
        # Directory doesn't exist yet, verify the intended path
        unless dest_file.start_with?(folder)
          Log.log.warn{"Rejecting file with path outside installation directory: #{dest_file}"}
          next
        end
      end
      File.open(dest_file, 'wb'){ |output_stream| IO.copy_stream(entry_stream, output_stream)}
    else
      # Security: Validate symlink target stays within installation boundary
      # Resolve the symlink target relative to its location
      link_dir = File.dirname(dest_file)
      resolved_target = if link_target.start_with?('/')
        # Absolute symlink target
        link_target
      else
        # Relative symlink target
        File.expand_path(link_target, link_dir)
      end
      # Check if resolved target would be outside installation directory
      unless resolved_target.start_with?(install_boundary)
        Log.log.warn{"Rejecting symlink pointing outside installation directory: #{entry_name} -> #{link_target} (resolves to #{resolved_target})"}
        next
      end
      File.symlink(link_target, dest_file)
    end
  end
end

#installed_products ⇒ Object

Returns the list of installed products in format of product_locations_on_current_os.

Returns:

• the list of installed products in format of product_locations_on_current_os

# File 'lib/aspera/ascp/installation.rb', line 430

def installed_products
  return @found_products unless @found_products.nil?
  # :expected  M app name is taken from the manifest if present, else defaults to this value
  # :app_root  M main folder for the application
  # :log_root  O location of log files (Linux uses syslog)
  # :run_root  O only for Connect Client, location of http port file
  # :sub_bin   O subfolder with executables, default : bin
  scan_locations = Products::Transferd.locations +
    Products::Desktop.locations +
    Products::Connect.locations +
    Products::Other::LOCATION_ON_THIS_OS
  # search installed products: with ascp
  @found_products = Products::Other.find(scan_locations)
end

#path(k) ⇒ String^?

Get path of one resource file of currently activated product keys and certs are generated locally… (they are well known values, arch. independent)

Parameters:

• k (Symbol) —

  key of the resource file

Returns:

• (String, nil) —

  Full path to the resource file or nil if not found

# File 'lib/aspera/ascp/installation.rb', line 107

def path(k)
  file_is_required = true
  case k
  when *EXE_FILES
    file_is_required = k.eql?(:ascp)
    file = Products::Transferd.transferd_path
    file = File.join(File.dirname(file), Environment.instance.exe_file(k.to_s)) unless k.eql?(:transferd)
  when :ssh_private_dsa, :ssh_private_rsa
    # assume last 3 letters are type
    type = k.to_s[-3..-1].to_sym
    file = check_or_create_sdk_file("aspera_bypass_#{type}.pem"){DataRepository.instance.item(type)}
  when :aspera_license
    file = check_or_create_sdk_file('aspera-license'){DataRepository.instance.item(:license)}
  when :aspera_conf
    file = check_or_create_sdk_file('aspera.conf'){DEFAULT_ASPERA_CONF}
  when :fallback_certificate, :fallback_private_key
    file_key = File.join(Products::Transferd.sdk_directory, 'aspera_fallback_cert_private_key.pem')
    file_cert = File.join(Products::Transferd.sdk_directory, 'aspera_fallback_cert.pem')
    if !File.exist?(file_key) || !File.exist?(file_cert)
      require 'openssl'
      # create new self signed certificate for http fallback
      private_key = OpenSSL::PKey::RSA.new(4096)
      cert = WebServerSimple.self_signed_cert(private_key)
      check_or_create_sdk_file('aspera_fallback_cert_private_key.pem', force: true){private_key.to_pem}
      check_or_create_sdk_file('aspera_fallback_cert.pem', force: true){cert.to_pem}
    end
    file = k.eql?(:fallback_certificate) ? file_cert : file_key
  else Aspera.error_unexpected_value(k)
  end
  return unless file_is_required || File.exist?(file)
  Aspera.assert(File.exist?(file), type: Errno::ENOENT){"#{k} not found (#{file})"}
  return file
end

#retrieve_sdk(url: nil, version: nil) ⇒ Object

Retrieve SDK either from specified URL, or specified version from standard location, or latest version

Parameters:

• url (nil, String) (defaults to: nil) —

  URL

• version (nil, String) (defaults to: nil) —

  URL

# File 'lib/aspera/ascp/installation.rb', line 371

def retrieve_sdk(url: nil, version: nil)
  folder = Products::Transferd.sdk_directory
  install_sdk(folder: folder, url: url, version: version)
  # Ensure necessary files are there, or generate them, restrict file access on SDK executables
  SDK_FILES.each do |file_id_sym|
    file_path = path(file_id_sym)
    if file_path && EXE_FILES.include?(file_id_sym)
      Environment.restrict_file_access(file_path, mode: 0o755) if File.exist?(file_path)
    end
  end
  # Generate meta data XML file in SDK if needed, based on actual binaries versions
  meta_data_file = File.join(folder, Products::Other::INFO_META_FILE)
  if File.exist?(meta_data_file)
    # file is there, read values:
    meta_data = File.read(meta_data_file)
    sdk_name = meta_data.scan(%r{<name>(.*?)</name>}).flatten.first || 'unknown'
    sdk_version = meta_data.scan(%r{<version>(.*?)</version>}).flatten.first || 'unknown'
  else
    sdk_ascp_version = get_ascp_version(path(:ascp))
    transferd_version = get_exe_version(path(:transferd), 'version')
    sdk_name = 'IBM Aspera Transfer SDK'
    sdk_version = transferd_version || sdk_ascp_version
    File.write(meta_data_file, "<product><name>#{sdk_name}</name><version>#{sdk_version}</version></product>")
  end
  return sdk_name, sdk_version, folder
end

#sdk_folder ⇒ Object

# File 'lib/aspera/ascp/installation.rb', line 80

def sdk_folder
  path(:ascp)
end

#sdk_folder=(ascp_location) ⇒ Object

Set ‘ascp` executable “location” It can be:

• Full path to folder where ‘ascp` executable is located

• “product:PRODUCT_NAME” to use ascp from named product

• “product:FIRST” to use ascp from first found product

# File 'lib/aspera/ascp/installation.rb', line 58

def sdk_folder=(ascp_location)
  Aspera.assert_type(ascp_location, String){'ascp_location'}
  Aspera.assert(!ascp_location.empty?){'ascp location cannot be empty: check your config file'}
  folder =
    if ascp_location.start_with?(USE_PRODUCT_PREFIX)
      product_name = ascp_location[USE_PRODUCT_PREFIX.length..-1]
      if product_name.eql?(FIRST_FOUND)
        pl = installed_products.first
        raise "No Aspera transfer module or SDK found.\nRefer to the manual or install SDK with command:\nascli conf transferd install" if pl.nil?
      else
        pl = installed_products.find{ |i| i[:name].eql?(product_name)}
        raise "No such product installed: #{product_name}" if pl.nil?
      end
      File.dirname(pl[:ascp_path])
    else
      ascp_location.include?('/ascp') ? File.dirname(ascp_location) : ascp_location
    end
  Log.log.debug{"ascp_folder=#{folder}"}
  Products::Transferd.sdk_directory = folder
  nil
end

#sdk_locations ⇒ Hash

Loads YAML from cloud with locations of SDK archives for all platforms

Returns:

• (Hash) —

  location structure

# File 'lib/aspera/ascp/installation.rb', line 42

def sdk_locations
  location_url = @transferd_urls
  transferd_locations = UriReader.read(location_url)
  Log.log.debug{"Retrieving SDK locations from #{location_url}"}
  begin
    return YAML.load(transferd_locations)
  rescue Psych::SyntaxError
    raise "Error when parsing yaml data from: #{location_url}"
  end
end

#sdk_url_for_platform(platform: nil, version: nil) ⇒ Object

Returns the url for download of SDK archive for the given platform and version.

Returns:

• the url for download of SDK archive for the given platform and version

# File 'lib/aspera/ascp/installation.rb', line 234

def sdk_url_for_platform(platform: nil, version: nil)
  all_locations = sdk_locations
  platform = Environment.instance.architecture if platform.nil?
  locations = all_locations.select{ |l| l['platform'].eql?(platform)}
  raise "No SDK for platform: #{platform}, available: #{all_locations.map{ |i| i['platform']}.uniq}" if locations.empty?
  version = locations.max_by{ |entry| Gem::Version.new(entry['version'])}['version'] if version.nil?
  info = locations.select{ |entry| entry['version'].eql?(version)}
  raise "No such version: #{version} for #{platform}" if info.empty?
  return info.first['url']
end

#ssh_cert_uuid ⇒ String

default bypass key phrase

Returns:

• (String)

# File 'lib/aspera/ascp/installation.rb', line 143

def ssh_cert_uuid
  return DataRepository.instance.item(:uuid)
end