Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package checkmedia for openSUSE:Factory checked in at 2025-05-20 09:31:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/checkmedia (Old) and /work/SRC/openSUSE:Factory/.checkmedia.new.30101 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "checkmedia" Tue May 20 09:31:05 2025 rev:39 rq:1277059 version:6.4 Changes: -------- --- /work/SRC/openSUSE:Factory/checkmedia/checkmedia.changes 2024-03-06 23:03:46.163655055 +0100 +++ /work/SRC/openSUSE:Factory/.checkmedia.new.30101/checkmedia.changes 2025-05-20 09:31:12.792010622 +0200 @@ -1,0 +2,8 @@ +Tue May 13 08:29:09 UTC 2025 - wfe...@opensuse.org + +- merge gh#openSUSE/checkmedia#20 +- added --[no-]signature-tag options for explicit handling of the + 'signature' tag (bsc#1243125) +- 6.4 + +-------------------------------------------------------------------- Old: ---- checkmedia-6.3.tar.xz New: ---- checkmedia-6.4.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ checkmedia.spec ++++++ --- /var/tmp/diff_new_pack.9yMghB/_old 2025-05-20 09:31:13.280030957 +0200 +++ /var/tmp/diff_new_pack.9yMghB/_new 2025-05-20 09:31:13.284031123 +0200 @@ -1,7 +1,7 @@ # # spec file for package checkmedia # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ Summary: Check installation or Live media License: GPL-3.0-or-later Group: System/Management -Version: 6.3 +Version: 6.4 Release: 0 URL: https://github.com/openSUSE/checkmedia Source: %{name}-%{version}.tar.xz ++++++ checkmedia-6.3.tar.xz -> checkmedia-6.4.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checkmedia-6.3/VERSION new/checkmedia-6.4/VERSION --- old/checkmedia-6.3/VERSION 2024-03-05 18:39:47.000000000 +0100 +++ new/checkmedia-6.4/VERSION 2025-05-13 10:29:09.000000000 +0200 @@ -1 +1 @@ -6.3 +6.4 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checkmedia-6.3/changelog new/checkmedia-6.4/changelog --- old/checkmedia-6.3/changelog 2024-03-05 18:39:47.000000000 +0100 +++ new/checkmedia-6.4/changelog 2025-05-13 10:29:09.000000000 +0200 @@ -1,3 +1,8 @@ +2025-05-13: 6.4 + - merge gh#openSUSE/checkmedia#20 + - added --[no-]signature-tag options for explicit handling of the + 'signature' tag (bsc#1243125) + 2024-03-05: 6.3 - merge gh#openSUSE/checkmedia#18 - tagmedia: fix size detection for block devices (bsc#1220972) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checkmedia-6.3/tagmedia new/checkmedia-6.4/tagmedia --- old/checkmedia-6.3/tagmedia 2024-03-05 18:39:47.000000000 +0100 +++ new/checkmedia-6.4/tagmedia 2025-05-13 10:29:09.000000000 +0200 @@ -128,6 +128,7 @@ my $opt_signature_export; my $opt_signature_import; my $opt_signature_create; +my $opt_signature_tag; GetOptions( 'show' => \$opt_show, @@ -145,6 +146,8 @@ 'export-signature=s' => \$opt_signature_export, 'import-signature=s' => \$opt_signature_import, 'create-signature=s' => \$opt_signature_create, + 'signature-tag' => \$opt_signature_tag, + 'no-signature-tag' => sub { $opt_signature_tag = 0 }, 'clean' => \$opt_clean, 'verbose|v' => sub { $opt_verbose++ }, 'version' => sub { print "$VERSION\n"; exit 0 }, @@ -195,6 +198,12 @@ die "$opt_digest: unsupported digest\n"; } +if($opt_digest && ($opt_signature_create || $opt_signature_export || $opt_signature_import)) { + die "Sorry, no digest calculation and signature handling at the same time.\n"; +} + +$opt_signature_tag = ($opt_style eq 'suse' ? 1 : 0) if !defined $opt_signature_tag; + get_fragments_value $current_tags; if($opt_style eq 'suse') { @@ -325,6 +334,9 @@ --skip N Ignore N 2 kiB blocks at image end (rh style, default: 15). --check Tell installer to run media check at startup (suse style). --supported Set supported flag (rh style). + --signature-tag When adding a digest, check for signature block and add signature tag if + one is found (default for style suse). + --no-signature-tag When adding a digest, do not check for signature block (default for style rh). Signature related options: @@ -866,7 +878,7 @@ # # This is just for auto-detecting the signature location; it has no effect # on the digest calculation. - if($opt_style ne 'suse' && $image->{skip_blocks} >= 4) { + if($opt_signature_tag && $opt_style ne 'suse' && $image->{skip_blocks} >= 4 && !$image->{signature_start}) { my $buf; my $read_len = sysread $image->{fh}, $buf, 4 << 9; if(SIGNATURE_MAGIC eq substr($buf, 0, length SIGNATURE_MAGIC)) { @@ -1042,6 +1054,7 @@ close $p; import_signature $image, "$image->{name}.tmp_key"; system "gpg --batch --yes --armor --export '$keyid' >$image->{name}.key"; + print "public key for verifying $image->{name} written to $image->{name}.key\n"; } unlink "$image->{name}.tmp_key"; } @@ -1066,7 +1079,7 @@ my ($image, $pos, $buf_ref) = @_; my $blocks = length($$buf_ref) >> 9; - if($opt_style eq 'suse' && !$image->{signature_start}) { + if($opt_signature_tag && !$image->{signature_start}) { for (my $i = 0; $i < $blocks; $i++) { if(SIGNATURE_MAGIC eq substr($$buf_ref, $i << 9, length SIGNATURE_MAGIC)) { $image->{signature_start} = $pos + $i; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checkmedia-6.3/tagmedia_man.adoc new/checkmedia-6.4/tagmedia_man.adoc --- old/checkmedia-6.3/tagmedia_man.adoc 2024-03-05 18:39:47.000000000 +0100 +++ new/checkmedia-6.4/tagmedia_man.adoc 2025-05-13 10:29:09.000000000 +0200 @@ -83,6 +83,12 @@ *--supported*:: Set supported flag (rh style). +*--signature-tag*:: +When adding a digest, check for a signature block and add a 'signature' tag if one is found (default for style suse). + +*--no-signature-tag*:: +When adding a digest, do not check for a signature block (default for style rh). + === Signature related options *--create-signature* _KEYID_:: @@ -101,8 +107,8 @@ == Digest notes -The digest is calculated over the entire image, leaving out the meta data block and, if one exists, the signature block. Padding blocks -are also not taken into account. +The digest is calculated over the entire image, leaving out the meta data block and, if one exists, the signature block (unless *--no-signature-tag* is used). +Padding blocks are also not taken into account. For SUSE style media a separate digest over the last partition is also added, if a partition table exists. If this happens to be an EFI System Partition, the last but one partition is used. @@ -125,6 +131,8 @@ As an exception, if no such block had been identified, *tagmedia* will try to create one in the padding area, if a padding area exists. +There are two options *--signature-tag* and *--no-signature-tag* that can be used to tell tagmedia explicitly whether to scan for a signature block or not. + If you do not want *tagmedia* to run gpg directly, it is also possible to create the signature independently of *tagmedia* using *--export-tags* to store the raw meta data in a file, then sign it and import the signature using the *--import-signature* option.
