compress: Create a unified extraction function

[people/ms/pakfire.git] / src / libpakfire / archive.c

/*#############################################################################
#                                                                             #
# Pakfire - The IPFire package management system                              #
# Copyright (C) 2014 Pakfire development team                                 #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
#############################################################################*/

#include <ctype.h>
#include <fcntl.h>
#include <gpgme.h>
#include <stdlib.h>
#include <string.h>
#include <sys/queue.h>
#include <sys/types.h>
#include <sys/sendfile.h>
#include <sys/stat.h>

// libarchive
#include <archive.h>
#include <archive_entry.h>

// JSON-C
#include <json.h>

// openssl
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/evp.h>

#include <pakfire/archive.h>
#include <pakfire/compress.h>
#include <pakfire/file.h>
#include <pakfire/filelist.h>
#include <pakfire/i18n.h>
#include <pakfire/key.h>
#include <pakfire/logging.h>
#include <pakfire/package.h>
#include <pakfire/pakfire.h>
#include <pakfire/parser.h>
#include <pakfire/private.h>
#include <pakfire/progressbar.h>
#include <pakfire/pwd.h>
#include <pakfire/repo.h>
#include <pakfire/scriptlet.h>
#include <pakfire/util.h>

enum pakfire_archive_verify_flags {
	PAKFIRE_ARCHIVE_VERIFY_ALL,
	PAKFIRE_ARCHIVE_VERIFY_BEST,
};

static const char* pakfire_archive_files_without_chksums[] = {
	"pakfire-format",
	"chksums",
	NULL,
};

struct pakfire_archive_chksum {
	STAILQ_ENTRY(pakfire_archive_chksum) nodes;

	char path[PATH_MAX];

	unsigned char digest_sha512[64];
	unsigned char digest_sha256[32];
};

struct pakfire_archive {
	struct pakfire* pakfire;
	int nrefs;

	char path[PATH_MAX];
	FILE* f;
	struct pakfire_package* package;

	// metadata
	unsigned int format;
	struct json_object* metadata;
	struct pakfire_parser* parser;

	struct pakfire_filelist* filelist;

	// Checksums
	STAILQ_HEAD(chksums, pakfire_archive_chksum) chksums;

	// Scriptlets
	struct pakfire_scriptlet** scriptlets;
	int scriptlets_loaded;

	// Verify Status
	int verify;
};

static const char* pakfire_archive_legacy_filename(
		struct pakfire_archive* archive, const char* filename) {
	// Do nothing for new package formats
	if (archive->format >= 6)
		return filename;

	const struct files {
		const char* file;
		const char* legacy;
	} filenames[] = {
		{ "CHKSUMS",  "chksums" },
		{ "DATA",     "data.img" },
		{ "FILELIST", "filelist"},
		{ "PKGINFO",  "info" },
		{ NULL, NULL },
	};

	for (const struct files* f = filenames; f->file; f++) {
		if (strcmp(f->file, filename) == 0)
			return f->legacy;
	}

	// Nothing found
	return filename;
}

/*
	A helper function to close the archive and reset our data structures
*/
static void close_archive(struct pakfire_archive* archive, struct archive* a) {
	if (a)
		archive_read_free(a);

	// Rewind the file descriptor
	rewind(archive->f);
}

/*
	A helper function that opens the archive for reading
*/
static int open_archive(struct pakfire_archive* archive, struct archive** a) {
	*a = archive_read_new();
	if (!*a)
		return ENOMEM;

	// All packages must be uncompressed tar balls
	archive_read_support_format_tar(*a);

	// Try opening the archive file
	int r = archive_read_open_FILE(*a, archive->f);
	if (r) {
		ERROR(archive->pakfire, "Could not open archive %s: %s\n",
			archive->path, archive_error_string(*a));
		goto ERROR;
	}

	// Success
	return 0;

ERROR:
	close_archive(archive, *a);
	*a = NULL;

	return r;
}

static int pakfire_archive_walk_entries(struct pakfire_archive* archive, struct archive* a,
		int (*callback)(struct pakfire_archive* archive, struct archive* a,
			struct archive_entry* e, int flags, void* data),
		int flags, void* data, off_t* offset) {
	struct archive_entry* e = NULL;

	// Walk through the archive
	while (1) {
		int r = archive_read_next_header(a, &e);

		// Return OK when we reached the end of the archive
		if (r == ARCHIVE_EOF) {
			if (offset)
				*offset = archive_read_header_position(a);

			return ARCHIVE_OK;
		}

		// Raise any other errors
		else if (r)
			return r;

		// Run callback
		if (callback) {
			r = callback(archive, a, e, flags, data);
			if (r)
				return r;
		}
	}

	return 0;
}

static int pakfire_archive_walk(struct pakfire_archive* archive,
		int (*callback)(struct pakfire_archive* archive, struct archive* a,
			struct archive_entry* e, int flags, void* data),
		int flags, void* data, off_t* offset) {
	struct archive* a;

	// Open the archive file
	int r = open_archive(archive, &a);
	if (r)
		return r;

	// Walk through the archive
	r = pakfire_archive_walk_entries(archive, a, callback, flags, data, offset);

	// Close the archive
	close_archive(archive, a);

	return r;
}

static int find_archive_entry(struct pakfire_archive* archive, struct archive_entry** entry,
		struct archive* a, const char* filename) {
	while (1) {
		int r = archive_read_next_header(a, entry);

		// Nothing found
		if (r == ARCHIVE_EOF) {
			break;

		// Some error has occured
		} else if (r)
			return r;

		// Compare the name
		const char* entry_name = archive_entry_pathname(*entry);

		// Match?
		if (strcmp(entry_name, filename) == 0)
			return 0;
	}

	DEBUG(archive->pakfire, "Could not find an entry named '%s'\n", filename);
	errno = ENOENT;

	// Nothing found
	*entry = NULL;
	return 1;
}

/*
	A helper function that opens the archive and finds a certain file in it
*/
static int open_archive_and_find(struct pakfire_archive* archive, struct archive** a,
		struct archive_entry** entry, const char* filename) {
	int r = open_archive(archive, a);
	if (r)
		return r;

	// Fix filename
	filename = pakfire_archive_legacy_filename(archive, filename);

	r = find_archive_entry(archive, entry, *a, filename);

	// Close archive on error
	if (r)
		close_archive(archive, *a);

	return r;
}

static int open_archive_and_read(struct pakfire_archive* archive, const char* filename,
		char** data, size_t* size) {
	struct archive* a = NULL;
	struct archive_entry* e = NULL;

	// Open the archive and find the right file
	int r = open_archive_and_find(archive, &a, &e, filename);
	if (r)
		return r;

	// Read the file into memory
	r = pakfire_archive_copy_data_to_buffer(archive->pakfire, a, e, data, size);

	// Close the archive
	close_archive(archive, a);

	return r;
}

/*
	This function finds the end of the archive so that we can append more files
*/
static off_t pakfire_archive_find_end(struct pakfire_archive* archive, off_t* offset) {
	return pakfire_archive_walk(archive, NULL, 0, NULL, offset);
}

static la_ssize_t pakfire_archive_read_callback(struct archive* a,
		void* client_data, const void** buffer) {
	struct archive* archive = (struct archive*)client_data;

	size_t len = 0;
	off_t offset = 0;

	// Try reading the next block (without copying it)
	int r = archive_read_data_block(archive, buffer, &len, &offset);

	switch (r) {
		case ARCHIVE_OK:
			return len;

		// Return zero to signal that everything was read
		case ARCHIVE_EOF:
			return 0;

		// Return -1 on any other errors
		default:
			return -1;
	}
}

static struct archive* pakfire_archive_open_payload(struct pakfire_archive* archive,
		struct archive** a, size_t* size) {
	struct archive_entry* entry = NULL;
	struct archive* payload = NULL;

	// Find the payload
	int r = open_archive_and_find(archive, a, &entry, "DATA");
	if (r)
		goto ERROR;

	// Store size
	if (size)
		*size = archive_entry_size(entry);

	// Allocate a new archive object
	payload = archive_read_new();
	if (!payload)
		goto ERROR;

	// All of our packages are tar balls
	archive_read_support_format_tar(payload);

	// They are compressed using XZ or ZSTD
	if (archive->format >= 6)
		archive_read_support_filter_zstd(payload);
	else
		archive_read_support_filter_xz(payload);

	// Try opening the payload archive
	r = archive_read_open2(payload, *a, NULL, pakfire_archive_read_callback, NULL, NULL);
	if (r) {
		ERROR(archive->pakfire, "Could not open payload archive: %s\n",
			archive_error_string(payload));
		goto ERROR;
	}

	return payload;

ERROR:
	if (payload)
		archive_read_free(payload);

	return NULL;
}

// Checksum Stuff

static int pakfire_archive_add_chksum(struct pakfire_archive* archive, const char* path,
		const unsigned char* digest_sha512, const unsigned char* digest_sha256) {
	int r = 1;

	// Path must be set
	if (!path) {
		errno = EINVAL;
		return 1;
	}

	// At least one of the digests must be set
	if (!digest_sha512 && !digest_sha256) {
		errno = EINVAL;
		return 1;
	}

	// Allocate a new chksum object
	struct pakfire_archive_chksum* chksum = calloc(1, sizeof(*chksum));
	if (!chksum)
		return ENOMEM;

	// Store path
	r = pakfire_string_set(chksum->path, path);
	if (r < 0)
		goto ERROR;

	// SHA512
	if (digest_sha512)
		memcpy(chksum->digest_sha512, digest_sha512, sizeof(chksum->digest_sha512));

	// SHA256
	if (digest_sha256)
		memcpy(chksum->digest_sha256, digest_sha256, sizeof(chksum->digest_sha256));

	// Append it
	STAILQ_INSERT_TAIL(&archive->chksums, chksum, nodes);

	DEBUG(archive->pakfire, "Added checksum for %s\n", path);

	return 0;

ERROR:
	free(chksum);

	return r;
}

static struct pakfire_archive_chksum* pakfire_archive_find_chksum(
		struct pakfire_archive* archive, const char* path) {
	struct pakfire_archive_chksum* chksum = NULL;

	STAILQ_FOREACH(chksum, &archive->chksums, nodes) {
		if (strcmp(chksum->path, path) == 0)
			return chksum;
	}

	// Nothing found
	return NULL;
}

static int __pakfire_archive_chksum_has_digest(const unsigned char* digest, const size_t length) {
	for (unsigned int i = 0; i < length; i++) {
		if (digest[i])
			return 1;
	}

	return 0;
}

#define pakfire_archive_chksum_has_digest(digest) \
	__pakfire_archive_chksum_has_digest(digest, sizeof(digest))

static void pakfire_archive_free_chksums(struct pakfire_archive* archive) {
	struct pakfire_archive_chksum* chksum;

	while ((chksum = STAILQ_FIRST(&archive->chksums))) {
		STAILQ_REMOVE_HEAD(&archive->chksums, nodes);

		free(chksum);
	}
}

static void pakfire_archive_free(struct pakfire_archive* archive) {
	// Close the file
	if (archive->f)
		fclose(archive->f);

	// Free all checksums
	pakfire_archive_free_chksums(archive);

	// Free scriptlets
	if (archive->scriptlets) {
		for (struct pakfire_scriptlet** scriptlet = archive->scriptlets; *scriptlet; scriptlet++)
			pakfire_scriptlet_unref(*scriptlet);
		free(archive->scriptlets);
	}

	if (archive->filelist)
		pakfire_filelist_unref(archive->filelist);
	if (archive->package)
		pakfire_package_unref(archive->package);
	if (archive->metadata)
		json_object_put(archive->metadata);
	if (archive->parser)
		pakfire_parser_unref(archive->parser);
	pakfire_unref(archive->pakfire);
	free(archive);
}

static int pakfire_archive_create(struct pakfire_archive** archive, struct pakfire* pakfire) {
	struct pakfire_archive* a = calloc(1, sizeof(*a));
	if (!a)
		return ENOMEM;

	a->pakfire = pakfire_ref(pakfire);
	a->nrefs = 1;

	STAILQ_INIT(&a->chksums);

	*archive = a;

	return 0;
}

PAKFIRE_EXPORT struct pakfire_archive* pakfire_archive_ref(struct pakfire_archive* archive) {
	++archive->nrefs;

	return archive;
}

PAKFIRE_EXPORT struct pakfire_archive* pakfire_archive_unref(struct pakfire_archive* archive) {
	if (--archive->nrefs > 0)
		return archive;

	pakfire_archive_free(archive);

	return NULL;
}

static struct pakfire_package* pakfire_archive_get_package(struct pakfire_archive* archive) {
	if (!archive->package) {
		int r = pakfire_archive_make_package(archive, NULL, &archive->package);
		if (r)
			return NULL;
	}

	return pakfire_package_ref(archive->package);
}

// Metadata

static int pakfire_archive_parse_json_metadata(struct pakfire_archive* archive) {
	char* data = NULL;
	size_t size = 0;

	// Do nothing if metadata has already been loaded
	if (archive->metadata)
		return 0;

	// Read the metadata file
	int r = open_archive_and_read(archive, "PKGINFO", &data, &size);
	if (r)
		return r;

	// Create tokener
	struct json_tokener* tokener = json_tokener_new();
	if (!tokener) {
		ERROR(archive->pakfire, "Could not allocate JSON tokener: %m\n");
		goto ERROR;
	}

	// Parse JSON from buffer
	archive->metadata = json_tokener_parse_ex(tokener, data, size);
	if (!archive->metadata) {
		enum json_tokener_error error = json_tokener_get_error(tokener);

		ERROR(archive->pakfire, "JSON parsing error: %s\n",
			json_tokener_error_desc(error));
		goto ERROR;
	}

	DEBUG(archive->pakfire, "Successfully parsed package metadata:\n%s\n",
		json_object_to_json_string_ext(archive->metadata,
			JSON_C_TO_STRING_PRETTY|JSON_C_TO_STRING_PRETTY_TAB));

ERROR:
	if (tokener)
		json_tokener_free(tokener);

	return r;
}

static int pakfire_archive_parse_legacy_metadata(struct pakfire_archive* archive) {
	char* data = NULL;
	size_t size;

	// Do nothing if this has already been loaded
	if (archive->parser)
		return 0;

	// Read the metadata file
	int r = open_archive_and_read(archive, "PKGINFO", &data, &size);
	if (r)
		return r;

	// Allocate a new parser
	archive->parser = pakfire_parser_create(archive->pakfire, NULL, NULL, 0);
	if (!archive->parser)
		goto ERROR;

	// Parse the metadata
	r = pakfire_parser_parse_data(archive->parser, data, size, NULL);
	if (r) {
		ERROR(archive->pakfire, "Error parsing metadata\n");
		goto ERROR;
	}

	// Success
	r = 0;
	goto CLEANUP;

ERROR:
	if (archive->parser) {
		pakfire_parser_unref(archive->parser);
		archive->parser = NULL;
	}

CLEANUP:
	if (data)
		free(data);

	return r;
}

static int pakfire_archive_parse_metadata(struct pakfire_archive* archive) {
	// Parse JSON for newer formats
	if (archive->format >= 6)
		return pakfire_archive_parse_json_metadata(archive);

	// Use legacy parser for others
	return pakfire_archive_parse_legacy_metadata(archive);
}

/*
	This function tries (very easily) to find out whether something is a valid
	archive or not.
*/
static int pakfire_archive_read_format(struct pakfire_archive* archive, struct archive* a) {
	struct archive_entry* entry = NULL;
	char* data = NULL;
	size_t size;

	// Read the first header
	int r = archive_read_next_header(a, &entry);
	if (r) {
		ERROR(archive->pakfire, "Could not read first tar header: %s\n",
			archive_error_string(a));
		goto ERROR;
	}

	const char* entry_name = archive_entry_pathname(entry);

	// Check for filename (must be "pakfire-format")
	if (strcmp(entry_name, "pakfire-format") != 0) {
		DEBUG(archive->pakfire, "First file is not named \"pakfire-format\"");
		r = 1;
		goto ERROR;
	}

	// The file cannot be larger than a couple of bytes
	size = archive_entry_size(entry);
	if (size == 0 || size >= 128) {
		DEBUG(archive->pakfire, "pakfire-format is of an invalid size: %zu bytes\n", size);
		r = 1;
		goto ERROR;
	}

	// Read the entire payload
	r = pakfire_archive_copy_data_to_buffer(archive->pakfire, a, entry, &data, &size);
	if (r) {
		ERROR(archive->pakfire, "Could not read data of first file: %s\n",
			archive_error_string(a));
		goto ERROR;
	}

	// Parse the format
	archive->format = strtoul(data, NULL, 10);

	DEBUG(archive->pakfire, "Archive format is %d\n", archive->format);

	// XXX check if this version is supported

ERROR:
	if (data)
		free(data);

	return r;
}

static int pakfire_archive_try_open(struct pakfire_archive* archive, const char* path) {
	struct archive* a = NULL;

	if (!path)
		return EINVAL;

	DEBUG(archive->pakfire, "Opening archive %s\n", path);

	// Store path
	pakfire_string_set(archive->path, path);

	// Open the file (and keep the file descriptor open)
	archive->f = fopen(archive->path, "r+");
	if (!archive->f)
		return 1;

	// Open the archive file for reading.
	int r = open_archive(archive, &a);
	if (r)
		goto ERROR;

	// Read the format of this archive
	r = pakfire_archive_read_format(archive, a);
	if (r)
		goto ERROR;

	// Success
	r = 0;

	// Reset errno
	errno = 0;

ERROR:
	if (a)
		close_archive(archive, a);

	return r;
}

PAKFIRE_EXPORT int pakfire_archive_open(struct pakfire_archive** archive, struct pakfire* pakfire, const char* path) {
	int r = pakfire_archive_create(archive, pakfire);
	if (r)
		return r;

	r = pakfire_archive_try_open(*archive, path);
	if (r)
		goto ERROR;

	return 0;

ERROR:
	pakfire_archive_unref(*archive);
	*archive = NULL;

	return r;
}

static struct json_object* pakfire_archive_metadata_get_object(
		struct pakfire_archive* archive, const char* key1, const char* key2) {
	int r = pakfire_archive_parse_metadata(archive);
	if (r)
		return NULL;

	struct json_object* object = archive->metadata;

	const char* keys[] = {
		key1,
		key2,
		NULL,
	};

	// Walk through all keys
	for (const char** key = keys; *key; key++) {
		// Try finding a matching JSON object
		r = json_object_object_get_ex(object, *key, &object);
		if (!r) {
			DEBUG(archive->pakfire, "Could not find JSON object at '%s': %m\n", *key);
			break;
		}
	}

	return object;
}

static const char* pakfire_archive_metadata_get(
		struct pakfire_archive* archive, const char* key1, const char* key2) {
	// Try finding an object
	struct json_object* object = pakfire_archive_metadata_get_object(archive, key1, key2);
	if (!object)
		return NULL;

	// Return the object as string
	return json_object_get_string(object);
}

static int64_t pakfire_archive_metadata_get_int64(
		struct pakfire_archive* archive, const char* key1, const char* key2) {
	// Try finding an object
	struct json_object* object = pakfire_archive_metadata_get_object(archive, key1, key2);
	if (!object)
		return 0;

	// Return the object as integer
	return json_object_get_int64(object);
}

PAKFIRE_EXPORT char* pakfire_archive_get(struct pakfire_archive* archive, const char* namespace, const char* key) {
	int r = pakfire_archive_parse_metadata(archive);
	if (r)
		return NULL;

	return pakfire_parser_get(archive->parser, namespace, key);
}

PAKFIRE_EXPORT int pakfire_archive_read(struct pakfire_archive* archive, const char* filename,
		char** data, size_t* size) {
	struct archive* a = NULL;
	struct archive_entry* entry = NULL;
	int r = 0;

	if (!filename || !data || !size) {
		errno = EINVAL;
		return 1;
	}

	// Strip leading / from filenames, because the payload does
	// not have leading slashes.
	while (*filename == '/')
		filename++;

	struct archive* payload = pakfire_archive_open_payload(archive, &a, NULL);
	if (!payload)
		goto ERROR;

	r = find_archive_entry(archive, &entry, payload, filename);
	if (r)
		goto ERROR;

	r = pakfire_archive_copy_data_to_buffer(archive->pakfire, payload, entry,
		data, size);

ERROR:
	if (payload)
		archive_read_free(payload);
	close_archive(archive, a);

	return r;
}

int pakfire_archive_copy(struct pakfire_archive* archive, const char* path) {
	if (!path) {
		errno = EINVAL;
		return 1;
	}

	// Determine the file size
	ssize_t size = pakfire_archive_get_size(archive);
	if (size < 0)
		return 1;

	DEBUG(archive->pakfire, "Copying %s to %s...\n", archive->path, path);

	// Open destination file
	FILE* f = fopen(path, "w");
	if (!f)
		return 1;

	int r = 1;

	// Copy everything
	ssize_t bytes_written = sendfile(fileno(f), fileno(archive->f), NULL, size);
	if (bytes_written != size)
		goto ERROR;

	// Success
	r = 0;

ERROR:
	fclose(f);

	// Delete the file on error
	if (r)
		unlink(path);

	rewind(archive->f);

	return r;
}

PAKFIRE_EXPORT int pakfire_archive_extract(struct pakfire_archive* archive) {
	struct pakfire_package* pkg = NULL;
	const char* prefix = NULL;
	struct archive* a = NULL;
	struct archive* payload = NULL;
	size_t size = 0;
	int r = 1;

	// Fetch package
	pkg = pakfire_archive_get_package(archive);
	if (!pkg)
		goto ERROR;

	// Fetch NEVRA
	const char* nevra = pakfire_package_get_nevra(pkg);

	DEBUG(archive->pakfire, "Extracting %s\n", archive->path);

	// Set prefix for source packages
	if (pakfire_package_is_source(pkg))
		prefix = "/usr/src/packages";

	// Open payload
	payload = pakfire_archive_open_payload(archive, &a, &size);
	if (!payload)
		goto ERROR;

	// Extract
	r = pakfire_extract(archive->pakfire, payload, size, prefix, nevra, 0);
	if (r)
		goto ERROR;

ERROR:
	if (pkg)
		pakfire_package_unref(pkg);
	if (payload)
		archive_read_free(payload);
	if (a)
		close_archive(archive, a);

	return r;
}

PAKFIRE_EXPORT const char* pakfire_archive_get_path(struct pakfire_archive* archive) {
	return archive->path;
}

PAKFIRE_EXPORT unsigned int pakfire_archive_get_format(struct pakfire_archive* archive) {
	return archive->format;
}

static int pakfire_archive_load_filelist_mtree(struct pakfire_archive* archive) {
	struct archive* a;
	struct archive_entry* entry;
	int r;

	// Find filelist
	r = open_archive_and_find(archive, &a, &entry, "FILELIST");
	if (r) {
		// Ignore if filelist doesn't exist
		if (errno == ENOENT)
			return 0;

		return r;
	}

	// Allocate a new archive reader
	struct archive* mtree = archive_read_new();
	if (!mtree) {
		ERROR(archive->pakfire, "Could not allocate mtree reader\n");
		goto ERROR;
	}

	// Enable reading the mtree format
	r = archive_read_support_format_mtree(mtree);
	if (r) {
		ERROR(archive->pakfire, "Could not enable mtree format: %s\n",
			archive_error_string(mtree));
		goto ERROR;
	}

	// Filelists can be Zstandard-compressed
	r = archive_read_support_filter_zstd(mtree);
	if (r)
		goto ERROR;

	// Try opening the mtree
	r = archive_read_open2(mtree, a, NULL, pakfire_archive_read_callback, NULL, NULL);
	if (r) {
		ERROR(archive->pakfire, "Could not open filelist mtree in %s: %s\n",
			archive->path, archive_error_string(mtree));
		goto ERROR;
	}

	// Read filelist
	r = pakfire_filelist_create(&archive->filelist, archive->pakfire);
	if (r)
		goto ERROR;

	for (;;) {
		struct pakfire_file* file;

		r = archive_read_next_header(mtree, &entry);
		if (r == ARCHIVE_EOF) {
			r = 0;
			break;
		} else if (r)
			goto ERROR;

		// Create a new file object
		r = pakfire_file_create_from_archive_entry(&file, archive->pakfire, entry);
		if (r)
			goto ERROR;

		// Append to filelist
		r = pakfire_filelist_append(archive->filelist, file);
		pakfire_file_unref(file);
		if (r)
			goto ERROR;
	}

ERROR:
	// Destroy the filelist on error
	if (r && archive->filelist) {
		pakfire_filelist_unref(archive->filelist);
		archive->filelist = NULL;
	}

	if (mtree)
		archive_read_free(mtree);
	close_archive(archive, a);

	return r;
}

static int pakfire_archive_load_filelist_legacy(struct pakfire_archive* archive) {
	char* data = NULL;
	size_t size;

	// Read filelist
	int r = open_archive_and_read(archive, "FILELIST", &data, &size);
	if (r) {
		if (errno == ENOENT)
			return 0;

		return r;
	}

	DEBUG(archive->pakfire, "Read filelist:\n%.*s\n", (int)size, data);

	r = pakfire_filelist_create_from_file(&archive->filelist,
		archive->pakfire, data, archive->format);
	if (r)
		ERROR(archive->pakfire, "Could not parse filelist: %m\n");

	if (data)
		free(data);

	// Destroy the filelist on error
	if (r && archive->filelist) {
		pakfire_filelist_unref(archive->filelist);
		archive->filelist = NULL;
	}

	return r;
}

static int pakfire_archive_load_filelist(struct pakfire_archive* archive) {
	if (archive->format >= 6)
		return pakfire_archive_load_filelist_mtree(archive);
	else
		return pakfire_archive_load_filelist_legacy(archive);
}

PAKFIRE_EXPORT struct pakfire_filelist* pakfire_archive_get_filelist(struct pakfire_archive* archive) {
	if (!archive->filelist) {
		int r = pakfire_archive_load_filelist(archive);
		if (r)
			return NULL;
	}

	if (!archive->filelist)
		return NULL;

	return pakfire_filelist_ref(archive->filelist);
}

static int pakfire_archive_load_checksums_mtree(struct pakfire_archive* archive) {
	struct archive* a = NULL;
	struct archive_entry* entry = NULL;
	int r;

	// Find chksums
	r = open_archive_and_find(archive, &a, &entry, "FILELIST");
	if (r)
		return r;

	// Allocate a new archive reader
	struct archive* mtree = archive_read_new();
	if (!mtree) {
		ERROR(archive->pakfire, "Could not allocate mtree reader\n");
		goto ERROR;
	}

	// Enable reading the mtree format
	r = archive_read_support_format_mtree(mtree);
	if (r) {
		ERROR(archive->pakfire, "Could not enable mtree format: %s\n",
			archive_error_string(mtree));
		goto ERROR;
	}

	// Filelists can be Zstandard-compressed
	r = archive_read_support_filter_zstd(mtree);
	if (r)
		goto ERROR;

	// Try opening the mtree
	r = archive_read_open2(mtree, a, NULL, pakfire_archive_read_callback, NULL, NULL);
	if (r) {
		ERROR(archive->pakfire, "Could not open checksum mtree in %s: %s\n",
			archive->path, archive_error_string(mtree));
		goto ERROR;
	}

	for (;;) {
		// Read next entry
		r = archive_read_next_header(mtree, &entry);

		// We have reached the end of the list
		if (r == ARCHIVE_EOF)
			break;

		// An unexpected error has occurred
		else if (r) {
			ERROR(archive->pakfire, "Could not read mtree entry: %s\n",
				archive_error_string(mtree));
			goto ERROR;
		}

		// Fetch pathname
		const char* path = archive_entry_pathname(entry);

		// Fetch all supported digests
		const unsigned char* digest_sha512 = archive_entry_digest(
			entry, ARCHIVE_ENTRY_DIGEST_SHA512);
		const unsigned char* digest_sha256 = archive_entry_digest(
			entry, ARCHIVE_ENTRY_DIGEST_SHA256);

		// Add the checksum to the internal list
		r =  pakfire_archive_add_chksum(archive, path + 2, digest_sha512, digest_sha256);
		if (r)
			goto ERROR;
	}

	// Success
	r = 0;

ERROR:
	if (mtree)
		archive_read_free(mtree);
	close_archive(archive, a);

	return r;
}

static int pakfire_archive_load_checksums_legacy_line(
		struct pakfire_archive* archive, char* line) {
	char path[PATH_MAX] = "";
	char hexdigest[LINE_MAX] = "";
	char* tok = NULL;

	unsigned int i = 0;
	int r = 1;

	char* word = strtok_r(line, " ", &tok);
	while (word) {
		switch (i) {
			// path
			case 0:
				r = pakfire_string_set(path, word);
				if (r < 0)
					return r;
				break;

			// hexdigest
			case 1:
				r = pakfire_string_set(hexdigest, word);
				if (r < 0)
					return r;
				break;

			default:
				ERROR(archive->pakfire, "Invalid line in checksums:\n%s\n", line);
				r = 1;
				return r;
		}

		word = strtok_r(NULL, " ", &tok);
		i++;
	}

	// Check if we have input for path and hexdigest
	if (!*path || !*hexdigest) {
		errno = EINVAL;
		return r;
	}

	unsigned char digest[EVP_MAX_MD_SIZE];

	// Convert hexdigest to digest
	r = pakfire_unhexlify(digest, hexdigest);
	if (r)
		return r;

	// Add a chksum object
	r = pakfire_archive_add_chksum(archive, path, digest, NULL);
	if (r)
		return r;

	// Success
	return 0;
}

static int pakfire_archive_load_checksums_legacy(struct pakfire_archive* archive) {
	char* buffer = NULL;
	size_t length = 0;

	// Find chksums
	int r = open_archive_and_read(archive, "CHKSUMS", &buffer, &length);
	if (r)
		return r;

	// Empty file
	if (!length) {
		ERROR(archive->pakfire, "Checksums file was unexpectedly empty\n");
		return 1;
	}

	char line[LINE_MAX];
	char* l = line;

	// Split the input into lines and call pakfire_archive_load_checksums_legacy_line
	for (char* p = buffer; (size_t)(p - buffer) < length; p++) {
		if (*p == '\n' || p == (buffer + length)) {
			// Terminate line
			*l = '\0';

			// Process the line
			r = pakfire_archive_load_checksums_legacy_line(archive, line);
			if (r)
				goto ERROR;

			// Reset line pointer
			l = line;

			continue;
		}

		// Copy character to line
		*l++ = *p;

		// Check if line has enough space
		if ((size_t)(l - line) >= sizeof(line)) {
			errno = ENOBUFS;
			goto ERROR;
		}
	}

ERROR:
	if (buffer)
		free(buffer);
	return r;
}

static int pakfire_archive_load_checksums(struct pakfire_archive* archive) {
	// Do nothing if the list has already been loaded
	if (!STAILQ_EMPTY(&archive->chksums))
		return 0;

	DEBUG(archive->pakfire, "Loading checksums from archive %p\n", archive);

	if (archive->format >= 6)
		return pakfire_archive_load_checksums_mtree(archive);
	else
		return pakfire_archive_load_checksums_legacy(archive);
}

struct pakfire_archive_validator {
	EVP_MD_CTX* ctx;
	const unsigned char* digest;
};

static int pakfire_archive_verify_add_validator(struct pakfire_archive_validator*** list,
		struct pakfire* pakfire, const EVP_MD* md, const unsigned char* digest,
		enum pakfire_archive_verify_flags flags) {

	switch (flags) {
		// Fall through and add the validator
		case PAKFIRE_ARCHIVE_VERIFY_ALL:
			break;

		// We only accept one validator, so this function becomes a no-op when list
		// has any validators already
		case PAKFIRE_ARCHIVE_VERIFY_BEST:
			if (*list)
				return 0;
			break;

		default:
			errno = EINVAL;
			return 1;
	}

	// Allocate validator
	struct pakfire_archive_validator* v = calloc(1, sizeof(*v));
	if (!v)
		return 1;

	int r = 1;

	// Allocate an EVP context
	v->ctx = EVP_MD_CTX_new();
	if (!v->ctx) {
		ERROR(pakfire, "Could not allocate an EVP context\n");
		goto ERROR;
	}

	// Initialise the hash algorithm
	r = EVP_DigestInit_ex(v->ctx, md, NULL);
	if (r != 1) {
		ERROR(pakfire, "Could not initialize hash algorithm: %s\n",
			ERR_error_string(ERR_get_error(), NULL));
		r = 1;
		goto ERROR;
	}

	// Store digest
	v->digest = digest;

	unsigned int counter = 0;

	// Calculate list size
	if (*list) {
		for (struct pakfire_archive_validator** l = *list; *l; l++)
			counter++;
	}

	// Grow list
	*list = reallocarray(*list, counter + 2, sizeof(**list));
	if (!*list) {
		r = 1;
		goto ERROR;
	}

	// Append validator
	(*list)[counter] = v;

	// Terminate list
	(*list)[counter + 1] = NULL;

	// Success
	return 0;

ERROR:
	if (v->ctx)
		EVP_MD_CTX_free(v->ctx);
	free(v);

	return r;
}

static int pakfire_archive_verify_file(struct pakfire_archive* archive,
		struct archive* a, struct archive_entry* entry, int flags, void* data) {
	const char* path = archive_entry_pathname(entry);

	// Signatures do not have checksums
	if (pakfire_string_startswith(path, "signatures/"))
		return 0;

	// Some files do not have checksums
	for (const char** file = pakfire_archive_files_without_chksums; *file; file++) {
		if (strcmp(*file, path) == 0)
			return 0;
	}

	// Fetch the checksum
	struct pakfire_archive_chksum* chksum = pakfire_archive_find_chksum(archive, path);
	if (!chksum) {
		ERROR(archive->pakfire, "No checksum found for %s\n", path);
		return 1;
	}

	struct pakfire_archive_validator** validators = NULL;
	int r;

	// SHA512
	if (pakfire_archive_chksum_has_digest(chksum->digest_sha512)) {
		r = pakfire_archive_verify_add_validator(&validators, archive->pakfire,
			EVP_sha512(), chksum->digest_sha512, flags);
		if (r)
			return r;
	}

	// SHA256
	if (pakfire_archive_chksum_has_digest(chksum->digest_sha256)) {
		r = pakfire_archive_verify_add_validator(&validators, archive->pakfire,
			EVP_sha256(), chksum->digest_sha256, flags);
		if (r)
			return r;
	}

	// Check if anything was selected (this should not happen)
	if (!validators) {
		ERROR(archive->pakfire, "No validators selected\n");
		return 1;
	}

	DEBUG(archive->pakfire, "Verifying %s\n", path);

	const void* buffer = NULL;
	size_t size = 0;
	off_t offset = 0;

	// Read the payload of the file and feed it into the validators
	for (;;) {
		r = archive_read_data_block(a, &buffer, &size, &offset);
		if (r == ARCHIVE_EOF)
			break;

		// End on any errors
		if (r) {
			r = 1;
			goto ERROR;
		}

		// Update all hash digests
		for (struct pakfire_archive_validator** v = validators; *v; v++) {
			r = EVP_DigestUpdate((*v)->ctx, buffer, size);
			if (r != 1) {
				ERROR(archive->pakfire, "%s\n", ERR_error_string(ERR_get_error(), NULL));
				r = 1;
				goto ERROR;
			}
		}
	}

	unsigned char digest[EVP_MAX_MD_SIZE];

	// Finalize all digests
	for (struct pakfire_archive_validator** v = validators; *v; v++) {
		// Reset digest array size
		unsigned int length = sizeof(digest);

		// Finish computation
		r = EVP_DigestFinal_ex((*v)->ctx, digest, &length);
		if (r != 1) {
			ERROR(archive->pakfire, "%s\n", ERR_error_string(ERR_get_error(), NULL));
			r = 1;
			goto ERROR;
		}

		// Compare digests
		r = CRYPTO_memcmp(digest, (*v)->digest, length);

		// Handle mismatches
		if (r) {
			ERROR(archive->pakfire, "Checksum of %s did not match\n", chksum->path);

			char* hexdigest_expected = pakfire_hexlify((*v)->digest);
			if (hexdigest_expected) {
				ERROR(archive->pakfire, "  Expected: %s\n", hexdigest_expected);
				free(hexdigest_expected);
			}

			char* hexdigest_computed = pakfire_hexlify(digest);
			if (hexdigest_computed) {
				ERROR(archive->pakfire, "  Computed: %s\n", hexdigest_computed);
				free(hexdigest_computed);
			}

			goto ERROR;
		}
	}

	DEBUG(archive->pakfire, "All (checked) checksums of %s matched\n", chksum->path);

	// Success
	r = 0;

ERROR:
	if (validators) {
		for (struct pakfire_archive_validator** v = validators; *v; v++) {
			EVP_MD_CTX_free((*v)->ctx);
			free(*v);
		}
		free(validators);
	}

	return r;
}

static int pakfire_archive_verify_checksums(struct pakfire_archive* archive, int flags) {
	int r;

	// Read checksums from archive
	r = pakfire_archive_load_checksums(archive);
	if (r)
		return r;

	// Iterate over all files and verify them if a checksum is present
	r = pakfire_archive_walk(archive, pakfire_archive_verify_file, flags, NULL, NULL);
	if (r) {
		ERROR(archive->pakfire, "File verification failed\n");
		return r;
	}

	return 0;
}

struct pakfire_archive_signature_check {
	gpgme_data_t checksums;
};

/*
	This function is called to examine whether we have a signature and if so verify it
*/
static int pakfire_archive_verify_signature(struct pakfire_archive* archive, struct archive* a,
		struct archive_entry* e, int flags, void* data) {
	const char* entry_name = archive_entry_pathname(e);

	// This is not a signature
	if (!pakfire_string_startswith(entry_name, "signatures/"))
		return 0;

	// Fetch GPGME context
	gpgme_ctx_t gpgctx = pakfire_get_gpgctx(archive->pakfire);
	if (!gpgctx)
		return 1;

	struct pakfire_archive_signature_check* check = (struct pakfire_archive_signature_check*)data;

	char* buffer = NULL;
	size_t size = 0;

	// Load the signature into memory
	int r = pakfire_archive_copy_data_to_buffer(archive->pakfire, a, e, &buffer, &size);
	if (r)
		return 1;

	gpgme_data_t signature;
	gpgme_error_t error;

	// Make signature readable for GPGME
	error = gpgme_data_new_from_mem(&signature, buffer, size, 0);
	if (error != GPG_ERR_NO_ERROR) {
		r = 1;
		goto ERROR;
	}

	// Perform verification
	error = gpgme_op_verify(gpgctx, signature, check->checksums, NULL);
	if (error != GPG_ERR_NO_ERROR)
		goto ERROR;

	// Run the operation
	gpgme_verify_result_t result = gpgme_op_verify_result(gpgctx);

	// Check if any signatures have been returned
	if (!result || !result->signatures)
		goto ERROR;

	// Walk through all signatures
	for (gpgme_signature_t sig = result->signatures; sig; sig = sig->next) {
		// Log some information about this signature
		DEBUG(archive->pakfire, "Found signature %s\n", sig->fpr);
		DEBUG(archive->pakfire, "  Status    : %s\n", gpgme_strerror(sig->status));
		DEBUG(archive->pakfire, "  Timestamp : %lu\n", sig->timestamp);
		if (sig->exp_timestamp)
			DEBUG(archive->pakfire, "  Expires   : %lu\n", sig->exp_timestamp);
		DEBUG(archive->pakfire, "  Validity  : %s\n", gpgme_strerror(sig->validity_reason));

		switch (gpg_err_code(sig->status)) {
			// All good
			case GPG_ERR_NO_ERROR:
				archive->verify = PAKFIRE_ARCHIVE_VERIFY_OK;
				break;

			// Key has expired (still good)
			case GPG_ERR_KEY_EXPIRED:
				archive->verify = PAKFIRE_ARCHIVE_VERIFY_KEY_EXPIRED;
				break;

			// Signature has expired (bad)
			case GPG_ERR_SIG_EXPIRED:
				archive->verify = PAKFIRE_ARCHIVE_VERIFY_SIG_EXPIRED;
				break;

			// We don't have the key
			case GPG_ERR_NO_PUBKEY:
				archive->verify = PAKFIRE_ARCHIVE_VERIFY_KEY_UNKNOWN;
				break;

			// Bad signature (or any other errors)
			case GPG_ERR_BAD_SIGNATURE:
			default:
				archive->verify = PAKFIRE_ARCHIVE_VERIFY_INVALID;
				break;
		}
	}

ERROR:
	// Free signature
	gpgme_data_release(signature);
	if (buffer)
		free(buffer);

	return r;
}

/*
	This function walks through the archive looking for signatures and verifies them
*/
static int pakfire_archive_verify_signatures(struct pakfire_archive* archive,
		struct pakfire_key*** keys) {
	char* buffer = NULL;
	size_t size = 0;

	// Fetch GPGME context (to initialize GPGME)
	gpgme_ctx_t gpgctx = pakfire_get_gpgctx(archive->pakfire);
	if (!gpgctx)
		return 1;

	// Find checksums
	int r = open_archive_and_read(archive, "chksums", &buffer, &size);
	if (r) {
		ERROR(archive->pakfire, "Could not open chksums file: %m\n");
		return r;
	}

	struct pakfire_archive_signature_check check;

	// Convert checksums readable for GPGME
	gpgme_error_t error = gpgme_data_new_from_mem(&check.checksums, buffer, size, 0);
	if (error != GPG_ERR_NO_ERROR) {
		ERROR(archive->pakfire, "Could not initialize chksums: %s\n", gpgme_strerror(error));
		r = 1;
		goto ERROR;
	}

	// No signatures yet (will be reset later, maybe)
	archive->verify = PAKFIRE_ARCHIVE_VERIFY_NOT_SIGNED;

	// Verify all signatures
	r = pakfire_archive_walk(archive, pakfire_archive_verify_signature, 0, &check, NULL);

ERROR:
	gpgme_data_release(check.checksums);
	if (buffer)
		free(buffer);

	return r;
}

PAKFIRE_EXPORT int pakfire_archive_verify(struct pakfire_archive* archive,
		pakfire_archive_verify_status_t* status, struct pakfire_key*** keys) {
	int r;

	DEBUG(archive->pakfire, "Verifying archive %p\n", archive);

	// Return previous result if this has already been called
	if (archive->verify == PAKFIRE_ARCHIVE_VERIFY_UNKNOWN) {
		// Verify all signatures
		r = pakfire_archive_verify_signatures(archive, keys);
		if (r)
			goto ERROR;

		// Verify checksums
		r = pakfire_archive_verify_checksums(archive, PAKFIRE_ARCHIVE_VERIFY_BEST);
		if (r)
			goto ERROR;
	}

	// Store result
	*status = archive->verify;

	// Log error
	ERROR(archive->pakfire, "Archive verification for %s has failed: %s\n",
		archive->path, pakfire_archive_verify_strerror(archive->verify));

	return 0;

ERROR:
	if (keys && *keys) {
		for (struct pakfire_key** key = *keys; *key; key++)
			pakfire_key_unref(*key);
		free(*keys);
	}

	return r;
}

PAKFIRE_EXPORT const char* pakfire_archive_verify_strerror(pakfire_archive_verify_status_t status) {
	switch (status) {
		case PAKFIRE_ARCHIVE_VERIFY_UNKNOWN:
			return _("Unknown");

		case PAKFIRE_ARCHIVE_VERIFY_NOT_SIGNED:
			return _("Not signed");

		case PAKFIRE_ARCHIVE_VERIFY_OK:
			return _("Verify OK");

		case PAKFIRE_ARCHIVE_VERIFY_ERROR:
			return _("Error performing validation");

		case PAKFIRE_ARCHIVE_VERIFY_INVALID:
			return _("Invalid signature");

		case PAKFIRE_ARCHIVE_VERIFY_SIG_EXPIRED:
			return _("Signature expired");

		case PAKFIRE_ARCHIVE_VERIFY_KEY_EXPIRED:
			return _("Key expired");

		case PAKFIRE_ARCHIVE_VERIFY_KEY_UNKNOWN:
			return _("Key unknown");
	}

	return _("Unknown error");
}

static int pakfire_archive_create_signature(struct pakfire_archive* archive,
		struct pakfire_key* key, char** signature, size_t* signature_length, time_t* timestamp) {
	char* buffer = NULL;
	size_t length = 0;

	// Read chksums
	int r = open_archive_and_read(archive, "chksums", &buffer, &length);
	if (r) {
		ERROR(archive->pakfire, "Could not read chksums file: %m\n");
		goto ERROR;
	}

	// Use the key to sign the buffer
	r = pakfire_key_sign(key, buffer, length, signature, signature_length, timestamp);
	if (r)
		goto ERROR;

ERROR:
	if (buffer)
		free(buffer);

	return r;
}

/*
	This function appends a single file to the archive

	Unfortunately libarchive cannot do this, so we have to manually find the end of the
	archive and write another entry...
*/
static int pakfire_archive_append_file(struct pakfire_archive* archive,
		struct archive_entry* entry, const char* buffer, const size_t length) {
	off_t offset = 0;

	// Find the end of the archive (exclusing the tar trailer)
	int r = pakfire_archive_find_end(archive, &offset);
	if (r)
		return r;

	// Create a new archive writer
	struct archive* a = archive_write_new();
	if (!a) {
		ERROR(archive->pakfire, "Could not create an archive writer: %m\n");
		return 1;
	}

	// Use the PAX format
	r = archive_write_set_format_pax(a);
	if (r) {
		ERROR(archive->pakfire, "Could not set format to PAX: %s\n", archive_error_string(a));
		goto ERROR;
	}

	// Seek to the end of the archive
	r = fseek(archive->f, offset, SEEK_SET);
	if (r) {
		ERROR(archive->pakfire, "Could not seek to position %jd in archive: %m\n", offset);
		return r;
	}

	// Write archive to f
	r = archive_write_open_FILE(a, archive->f);
	if (r) {
		ERROR(archive->pakfire, "archive_write_open_FILE() failed: %s\n",
			archive_error_string(a));
		goto ERROR;
	}

	// Write the header
	r = archive_write_header(a, entry);
	if (r) {
		ERROR(archive->pakfire, "Error writing file header: %s\n",
			archive_error_string(a));
		goto ERROR;
	}

	// Write the payload
	ssize_t bytes_written = archive_write_data(a, buffer, length);
	if (bytes_written < 0) {
		ERROR(archive->pakfire, "Error writing data: %s\n",
			archive_error_string(a));
		goto ERROR;
	}

	// Finish writing
	r = archive_write_finish_entry(a);
	if (r) {
		ERROR(archive->pakfire, "Could not finish entry: %s\n",
			archive_error_string(a));
		goto ERROR;
	}

	// Success
	r = 0;

ERROR:
	archive_write_free(a);

	return r;
}

static int pakfire_archive_append_signature(struct pakfire_archive* archive,
		struct pakfire_key* key, const char* signature, size_t length, time_t timestamp) {
	char path[PATH_MAX];
	int r;

	// Make filename
	r = pakfire_string_format(path, "signatures/%s", pakfire_key_get_fingerprint(key));
	if (r < 0)
		return 1;

	// Create a new file entry
	struct archive_entry* entry = archive_entry_new();
	if (!entry)
		return 1;

	// Set filename
	archive_entry_set_pathname(entry, path);

	// This is a regular file
    archive_entry_set_filetype(entry, AE_IFREG);
    archive_entry_set_perm(entry, 0444);

	// Set size
	archive_entry_set_size(entry, length);

	// Set ownership
	archive_entry_set_uname(entry, "root");
	archive_entry_set_uid(entry, 0);
	archive_entry_set_gname(entry, "root");
	archive_entry_set_gid(entry, 0);

	// Set times
	archive_entry_set_birthtime(entry, timestamp, 0);
	archive_entry_set_ctime(entry, timestamp, 0);
	archive_entry_set_mtime(entry, timestamp, 0);
	archive_entry_set_atime(entry, timestamp, 0);

	// Write entry
	r = pakfire_archive_append_file(archive, entry, signature, length);
	archive_entry_free(entry);

	return r;
}

PAKFIRE_EXPORT int pakfire_archive_sign(struct pakfire_archive* archive, struct pakfire_key* key) {
	int r;

	// Verify checksums
	r = pakfire_archive_verify_checksums(archive, PAKFIRE_ARCHIVE_VERIFY_ALL);
	if (r) {
		ERROR(archive->pakfire, "The archive checksums don't match\n");
		return r;
	}

	char* signature = NULL;
	size_t signature_length = 0;
	time_t timestamp = 0;

	// Create the signature
	r = pakfire_archive_create_signature(archive, key,
		&signature, &signature_length, &timestamp);
	if (r)
		return r;

	// Append signature to archive
	r = pakfire_archive_append_signature(archive, key,
		signature, signature_length, timestamp);
	if (r)
		return r;

	return 0;
}

PAKFIRE_EXPORT ssize_t pakfire_archive_get_size(struct pakfire_archive* archive) {
	struct stat buf;

	int r = fstat(fileno(archive->f), &buf);
	if (r) {
		ERROR(archive->pakfire, "Could not stat %s: %m\n", archive->path);

		return -1;
	}

	return buf.st_size;
}

int pakfire_archive_digest(struct pakfire_archive* archive,
		enum pakfire_digests type, unsigned char* digest, size_t* length) {
	int r = 1;

	const EVP_MD* md = NULL;

	// Select hash function
	switch (type) {
		case PAKFIRE_DIGEST_SHA512:
			md = EVP_sha512();
			break;

		case PAKFIRE_DIGEST_SHA256:
			md = EVP_sha256();
			break;

		default:
			errno = ENOTSUP;
			return 1;
	}

	// Initialize context
	EVP_MD_CTX* ctx = EVP_MD_CTX_new();
	if (!ctx) {
		ERROR(archive->pakfire, "Could not initialize EVP context: %m\n");
		goto ERROR;
	}

	r = EVP_DigestInit_ex(ctx, md, NULL);
	if (r != 1) {
		ERROR(archive->pakfire, "EVP_DigestInit_ex failed: %s\n",
			ERR_error_string(ERR_get_error(), NULL));
		r = 1;
		goto ERROR;
	}

	char buffer[64 * 1024];

	// Feed archive into the hash functions
	while (!feof(archive->f)) {
		size_t bytes_read = fread(buffer, 1, sizeof(buffer), archive->f);

		if (ferror(archive->f)) {
			ERROR(archive->pakfire, "Error reading from file: %m\n");
			goto ERROR;
		}

		r = EVP_DigestUpdate(ctx, buffer, bytes_read);
		if (r != 1) {
			ERROR(archive->pakfire, "EVP_DigestUpdate failed: %s\n",
				ERR_error_string(ERR_get_error(), NULL));
			r = 1;
			goto ERROR;
		}
	}

	// Finalise hash function
	r = EVP_DigestFinal_ex(ctx, digest, (unsigned int*)length);
	if (r != 1) {
		ERROR(archive->pakfire, "EVP_DigestFinal_ex failed: %s\n",
			ERR_error_string(ERR_get_error(), NULL));
		r = 1;
		goto ERROR;
	}

	// Success
	r = 0;

ERROR:
	// Cleanup
	if (ctx)
		EVP_MD_CTX_free(ctx);

	rewind(archive->f);

	return r;
}

static int pakfire_archive_make_package_from_json(struct pakfire_archive* archive,
		struct pakfire_repo* repo, struct pakfire_package** package) {
	unsigned char digest[EVP_MAX_MD_SIZE];
	size_t digest_length = 0;
	int r;

	// Calculate digest
	// This must be done before we create the package object
	r = pakfire_archive_digest(archive, PAKFIRE_DIGEST_SHA512, digest, &digest_length);
	if (r) {
		ERROR(archive->pakfire, "Could not calculate digest of %s: %m\n", archive->path);
		return r;
	}

	// Fetch the most basic package information
	const char* name = pakfire_archive_metadata_get(archive, "name", NULL);
	const char* evr  = pakfire_archive_metadata_get(archive, "evr", NULL);
	const char* arch = pakfire_archive_metadata_get(archive, "arch", NULL);

	// Create a new package object
	struct pakfire_package* pkg = pakfire_package_create(archive->pakfire,
		repo, name, evr, arch);
	if (!pkg)
		return 1;

#ifdef ENABLE_DEBUG
	const char* nevra = pakfire_package_get_nevra(pkg);
	DEBUG(archive->pakfire, "Created package %s (%p) from archive %p\n",
		nevra, pkg, archive);
#endif

	// Set path
	pakfire_package_set_path(pkg, archive->path);

	// Set digest
	pakfire_package_set_digest(pkg, PAKFIRE_DIGEST_SHA512, digest);

	// Vendor
	const char* vendor = pakfire_archive_metadata_get(archive, "vendor", NULL);
	if (vendor)
		pakfire_package_set_vendor(pkg, vendor);

	// Distribution
	const char* distribution = pakfire_archive_metadata_get(archive, "distribution", NULL);
	if (distribution)
		pakfire_package_set_distribution(pkg, distribution);

	// UUID
	const char* uuid = pakfire_archive_metadata_get(archive, "uuid", NULL);
	if (uuid)
		pakfire_package_set_uuid(pkg, uuid);

	// Groups
	const char* groups = pakfire_archive_metadata_get(archive, "groups", NULL);
	if (groups)
		pakfire_package_set_groups(pkg, groups);

	// Maintainer
	const char* maintainer = pakfire_archive_metadata_get(archive, "maintainer", NULL);
	if (maintainer)
		pakfire_package_set_maintainer(pkg, maintainer);

	// URL
	const char* url = pakfire_archive_metadata_get(archive, "url", NULL);
	if (url)
		pakfire_package_set_url(pkg, url);

	// License
	const char* license = pakfire_archive_metadata_get(archive, "license", NULL);
	if (license)
		pakfire_package_set_license(pkg, license);

	// Summary
	const char* summary = pakfire_archive_metadata_get(archive, "summary", NULL);
	if (summary)
		pakfire_package_set_summary(pkg, summary);

	// Description
	const char* description = pakfire_archive_metadata_get(archive, "description", NULL);
	if (description)
		pakfire_package_set_description(pkg, description);

	// Installed package size
	size_t installsize = pakfire_archive_metadata_get_int64(archive, "size", NULL);
	if (installsize)
		pakfire_package_set_installsize(pkg, installsize);

	// Build Host
	const char* build_host = pakfire_archive_metadata_get(archive, "build", "host");
	if (build_host)
		pakfire_package_set_build_host(pkg, build_host);

	// Build ID
	const char* build_id = pakfire_archive_metadata_get(archive, "build", "id");
	if (build_id)
		pakfire_package_set_build_id(pkg, build_id);

	// Build Time
	time_t build_time = pakfire_archive_metadata_get_int64(archive, "build", "time");
	if (build_time)
		pakfire_package_set_build_time(pkg, build_time);

	// Source package
	const char* source_name = pakfire_archive_metadata_get(archive, "build", "source-name");
	if (source_name)
		pakfire_package_set_source_name(pkg, source_name);

	// Source EVR
	const char* source_evr = pakfire_archive_metadata_get(archive, "build", "source-evr");
	if (source_evr)
		pakfire_package_set_source_evr(pkg, source_evr);

	// Source arch
	const char* source_arch = pakfire_archive_metadata_get(archive, "build", "source-arch");
	if (source_arch)
		pakfire_package_set_source_arch(pkg, source_arch);

	// Dependencies
	const struct dependencies {
		const char* type;
		void (*func)(struct pakfire_package*, const char* s);
	} dependencies[] = {
		{ "provides", pakfire_package_add_provides },
		{ "prerequires", pakfire_package_add_prerequires },
		{ "requires", pakfire_package_add_requires },
		{ "conflicts", pakfire_package_add_conflicts },
		{ "obsoletes", pakfire_package_add_obsoletes },
		{ "recommends", pakfire_package_add_recommends },
		{ "suggests", pakfire_package_add_suggests },
		{ "supplements", pakfire_package_add_supplements },
		{ "enhances", pakfire_package_add_enhances },
		{ NULL, NULL },
	};

	for (const struct dependencies* deps = dependencies; deps->type; deps++) {
		struct json_object* array = pakfire_archive_metadata_get_object(
			archive, "dependencies", deps->type);
		if (!array)
			continue;

		// Determine the length of the array
		const size_t length = json_object_array_length(array);
		if (!length)
			continue;

		// Walk through all items in this array
		for (unsigned int i = 0; i < length; i++) {
			struct json_object* item = json_object_array_get_idx(array, i);
			if (!item)
				continue;

			// Extract the string value
			const char* string = json_object_get_string(item);
			if (!string)
				continue;

			// Add the dependency to the package
			deps->func(pkg, string);
		}
	}

	// Import filelist
	struct pakfire_filelist* filelist = pakfire_archive_get_filelist(archive);
	if (filelist) {
		pakfire_package_set_filelist(pkg, filelist);
		pakfire_filelist_unref(filelist);
	}

	// Success!
	*package = pkg;
	return 0;
}

static int pakfire_archive_make_legacy_package(struct pakfire_archive* archive,
		struct pakfire_repo* repo, struct pakfire_package** package) {
	unsigned char digest[EVP_MAX_MD_SIZE];
	size_t digest_length = 0;
	int r;

	// Calculate digest
	r = pakfire_archive_digest(archive, PAKFIRE_DIGEST_SHA512, digest, &digest_length);
	if (r) {
		ERROR(archive->pakfire, "Could not calculate digest of %s: %m\n", archive->path);
		return r;
	}

	char* name = pakfire_archive_get(archive, "package", "name");
	char* arch = pakfire_archive_get(archive, "package", "arch");

	char* evr = pakfire_archive_get(archive, "package", "evr");
	if (!evr) {
		char* epoch   = pakfire_archive_get(archive, "package", "epoch");
		char* version = pakfire_archive_get(archive, "package", "version");
		char* release = pakfire_archive_get(archive, "package", "release");

		evr = pakfire_package_join_evr(epoch, version, release);

		if (epoch)
			free(epoch);
		if (version)
			free(version);
		if (release)
			free(release);
	}

	/*
		Check architecture
		Legacy package formats use "arch = all" for source packages.
		We need to check for "type = source" and then reset arch
	*/
	if (arch && strcmp(arch, "all") == 0) {
		char* type = pakfire_archive_get(archive, "package", "type");
		if (type) {
			if (strcmp(type, "source") == 0) {
				free(arch);
				arch = NULL;
			}
		}
		free(type);
	}

	struct pakfire_package* pkg = pakfire_package_create(
		archive->pakfire, repo, name, evr, (arch) ? arch : "src"
	);

	if (name)
		free(name);
	if (evr)
		free(evr);
	if (arch)
		free(arch);

#ifdef ENABLE_DEBUG
	const char* nevra = pakfire_package_get_nevra(pkg);
	DEBUG(archive->pakfire, "Created package %s (%p) from archive %p\n",
		nevra, pkg, archive);
#endif

	// Set path
	pakfire_package_set_path(pkg, archive->path);

	// Set UUID
	char* uuid = pakfire_archive_get(archive, "package", "uuid");
	if (uuid) {
		pakfire_package_set_uuid(pkg, uuid);
		free(uuid);
	}

	// Set groups
	char* groups = pakfire_archive_get(archive, "package", "groups");
	if (groups) {
		pakfire_package_set_groups(pkg, groups);
		free(groups);
	}

	// Set maintainer
	char* maintainer = pakfire_archive_get(archive, "package", "maintainer");
	if (maintainer) {
		pakfire_package_set_maintainer(pkg, maintainer);
		free(maintainer);
	}

	// Set URL
	char* url = pakfire_archive_get(archive, "package", "url");
	if (url) {
		pakfire_package_set_url(pkg, url);
		free(url);
	}

	// Set license
	char* license = pakfire_archive_get(archive, "package", "license");
	if (license) {
		pakfire_package_set_license(pkg, license);
		free(license);
	}

	// Set summary
	char* summary = pakfire_archive_get(archive, "package", "summary");
	if (summary) {
		pakfire_package_set_summary(pkg, summary);
		free(summary);
	}

	// Set description
	char* description = pakfire_archive_get(archive, "package", "description");
	if (description) {
		pakfire_package_set_description(pkg, description);
		free(description);
	}

	// Get package size
	pakfire_package_set_downloadsize(pkg, pakfire_archive_get_size(archive));

	// Get install size
	char* size = pakfire_archive_get(archive, "package", "size");
	if (size) {
		size_t s = strtoul(size, NULL, 10);
		free(size);

		pakfire_package_set_installsize(pkg, s);
	}

	// Set vendor
	char* vendor = pakfire_archive_get(archive, "distribution", "vendor");
	if (vendor) {
		pakfire_package_set_vendor(pkg, vendor);
		free(vendor);
	}

	// Set build host
	char* build_host = pakfire_archive_get(archive, "build", "host");
	if (build_host) {
		pakfire_package_set_build_host(pkg, build_host);
		free(build_host);
	}

	// Set build ID
	char* build_id = pakfire_archive_get(archive, "build", "id");
	if (build_id) {
		pakfire_package_set_build_id(pkg, build_id);
		free(build_id);
	}

	// Set build time
	char* build_time = pakfire_archive_get(archive, "build", "time");
	if (build_time) {
		time_t t = strtoull(build_time, NULL, 10);
		free(build_time);

		pakfire_package_set_build_time(pkg, t);
	}

	// Relations

	const struct __relation {
		const char* type;
		void (*func)(struct pakfire_package*, const char* dep);
	} relations[] = {
		{ "provides", pakfire_package_add_provides },
		{ "prerequires", pakfire_package_add_prerequires },
		{ "requires", pakfire_package_add_requires },
		{ "conflicts", pakfire_package_add_conflicts },
		{ "obsoletes", pakfire_package_add_obsoletes },
		{ "recommends", pakfire_package_add_recommends },
		{ "suggests", pakfire_package_add_suggests },
		{ "supplements", pakfire_package_add_supplements },
		{ "enhances", pakfire_package_add_enhances },
		{ NULL, NULL },
	};

	for (const struct __relation* relation = relations; relation->type; relation++) {
		char* rels = pakfire_archive_get(archive, "dependencies", relation->type);
		if (rels) {
			pakfire_str2deps(archive->pakfire, pkg, relation->func, rels);
			free(rels);
		}
	}

	// Set digests
	pakfire_package_set_digest(pkg, PAKFIRE_DIGEST_SHA512, digest);

	*package = pkg;

	return 0;
}

/*
	Copy all metadata from this archive to the package object
*/
PAKFIRE_EXPORT int pakfire_archive_make_package(struct pakfire_archive* archive,
		struct pakfire_repo* repo, struct pakfire_package** package) {
	struct pakfire_repo* dummy = NULL;
	int r;

	// Use dummy repo if no repository was passed
	if (!repo) {
		dummy = pakfire_get_repo(archive->pakfire, PAKFIRE_REPO_DUMMY);
		if (!dummy)
			return 1;

		repo = dummy;
	}

	// Make package from JSON metadata
	if (archive->format >= 6)
		r = pakfire_archive_make_package_from_json(archive, repo, package);

	// Use legacy stuff
	else
		r = pakfire_archive_make_legacy_package(archive, repo, package);

	// Import filelist
	struct pakfire_filelist* filelist = pakfire_archive_get_filelist(archive);
	if (filelist) {
		pakfire_package_set_filelist(*package, filelist);
		pakfire_filelist_unref(filelist);
	}

	// Free dummy repository
	if (dummy)
		pakfire_repo_unref(dummy);

	return r;
}

static int pakfire_archive_load_scriptlet(struct pakfire_archive* archive,
		struct archive* a, struct archive_entry* e, int flags, void* data) {
	const char* path = archive_entry_pathname(e);

	// Skip if this isn't a scriptlet
	if (!pakfire_string_startswith(path, "scriptlet/"))
		return 0;

	char* buffer = NULL;
	size_t size = 0;
	int r;

	// Fetch scriptlet
	r = pakfire_archive_copy_data_to_buffer(archive->pakfire, a, e, &buffer, &size);
	if (r)
		goto ERROR;

	struct pakfire_scriptlet* scriptlet = NULL;
	const char* type = path + strlen("scriptlet/");

	// Allocate a scriptlet
	r = pakfire_scriptlet_create(&scriptlet, archive->pakfire, type, buffer, size);
	if (r)
		goto ERROR;

	int* counter = (int*)data;

	// Make space for the new scriptlet
	archive->scriptlets = reallocarray(archive->scriptlets, *counter + 2,
		sizeof(*archive->scriptlets));

	archive->scriptlets[(*counter)++] = scriptlet;

ERROR:
	if (buffer)
		free(buffer);

	return r;
}

static int pakfire_archive_load_scriptlets(struct pakfire_archive* archive) {
	// Nothing to do
	if (archive->scriptlets_loaded)
		return 0;

	int counter = 0;

	return pakfire_archive_walk(archive, pakfire_archive_load_scriptlet, 0, &counter, NULL);
}

struct pakfire_scriptlet* pakfire_archive_get_scriptlet(
		struct pakfire_archive* archive, const char* type) {
	int r = pakfire_archive_load_scriptlets(archive);
	if (r) {
		ERROR(archive->pakfire, "Could not load scriptlets: %m\n");
		return NULL;
	}

	if (archive->scriptlets) {
		for (struct pakfire_scriptlet** scriptlet = archive->scriptlets; *scriptlet; scriptlet++) {
			const char* t = pakfire_scriptlet_get_type(*scriptlet);

			if (strcmp(t, type) == 0)
				return pakfire_scriptlet_ref(*scriptlet);
		}
	}

	return NULL;
}