Hello community, here is the log from the commit of package linuxrc for openSUSE:Factory checked in at 2017-12-08 12:55:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/linuxrc (Old) and /work/SRC/openSUSE:Factory/.linuxrc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "linuxrc" Fri Dec 8 12:55:04 2017 rev:251 rq:548561 version:5.1.1 Changes: -------- --- /work/SRC/openSUSE:Factory/linuxrc/linuxrc.changes 2017-12-03 10:07:44.767369057 +0100 +++ /work/SRC/openSUSE:Factory/.linuxrc.new/linuxrc.changes 2017-12-08 12:55:07.446590873 +0100 @@ -1,0 +2,8 @@ +Tue Dec 5 08:59:00 UTC 2017 - [email protected] + +- merge gh#openSUSE/linuxrc#160 +- read digests also from CHECKSUMS file +- adjust date +- 5.1.1 + +-------------------------------------------------------------------- Old: ---- linuxrc-5.1.0.tar.xz New: ---- linuxrc-5.1.1.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ linuxrc.spec ++++++ --- /var/tmp/diff_new_pack.CdwC4O/_old 2017-12-08 12:55:08.714545080 +0100 +++ /var/tmp/diff_new_pack.CdwC4O/_new 2017-12-08 12:55:08.718544936 +0100 @@ -17,7 +17,7 @@ Name: linuxrc -Version: 5.1.0 +Version: 5.1.1 Release: 0 Summary: SUSE Installation Program License: GPL-3.0+ ++++++ linuxrc-5.1.0.tar.xz -> linuxrc-5.1.1.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/linuxrc-5.1.0/VERSION new/linuxrc-5.1.1/VERSION --- old/linuxrc-5.1.0/VERSION 2017-11-27 14:35:21.000000000 +0100 +++ new/linuxrc-5.1.1/VERSION 2017-12-05 09:59:00.000000000 +0100 @@ -1 +1 @@ -5.1.0 +5.1.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/linuxrc-5.1.0/changelog new/linuxrc-5.1.1/changelog --- old/linuxrc-5.1.0/changelog 2017-11-27 14:35:21.000000000 +0100 +++ new/linuxrc-5.1.1/changelog 2017-12-05 09:59:00.000000000 +0100 @@ -1,3 +1,8 @@ +2017-12-05: 5.1.1 + - merge gh#openSUSE/linuxrc#160 + - read digests also from CHECKSUMS file + - adjust date + 2017-11-27: 5.1.0 - merge gh#openSUSE/linuxrc#159 - try harder to find a suitable network interface (bsc#1068336) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/linuxrc-5.1.0/file.c new/linuxrc-5.1.1/file.c --- old/linuxrc-5.1.0/file.c 2017-11-27 14:35:21.000000000 +0100 +++ new/linuxrc-5.1.1/file.c 2017-12-05 09:59:00.000000000 +0100 @@ -6,6 +6,8 @@ * */ +#define _GNU_SOURCE /* getline */ + #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -2705,3 +2707,35 @@ slist_free(repo); } + +/* + * Parse CHECKSUMS file. + * + * Add digest info to config.digests.list. + * + * File format: lines with + * SHA256 FILENAME + */ +void file_parse_checksums(char *file) +{ + FILE *fh; + char *buf = NULL; + size_t buf_size = 0; + char sha256[65], name[256]; + slist_t *sl_digest; + + if(!(fh = fopen(file, "r"))) return; + + while(getline(&buf, &buf_size, fh) > 0) { + if(sscanf(buf, "%64s %255s", sha256, name) == 2) { + sl_digest = slist_append(&config.digests.list, slist_new()); + strprintf(&sl_digest->key, "sha256 %s", sha256); + str_copy(&sl_digest->value, name); + } + } + + free(buf); + + fclose(fh); +} + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/linuxrc-5.1.0/file.h new/linuxrc-5.1.1/file.h --- old/linuxrc-5.1.0/file.h 2017-11-27 14:35:21.000000000 +0100 +++ new/linuxrc-5.1.1/file.h 2017-12-05 09:59:00.000000000 +0100 @@ -107,4 +107,5 @@ void get_ide_options(void); slist_t *file_parse_xmllike(char *name, char *tag); void file_parse_repomd(char *file); +void file_parse_checksums(char *file); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/linuxrc-5.1.0/linuxrc.c new/linuxrc-5.1.1/linuxrc.c --- old/linuxrc-5.1.0/linuxrc.c 2017-11-27 14:35:21.000000000 +0100 +++ new/linuxrc-5.1.1/linuxrc.c 2017-12-05 09:59:00.000000000 +0100 @@ -894,7 +894,7 @@ if (config.linemode) putchar('\n'); printf( - "\n>>> %s installation program v" LXRC_FULL_VERSION " (c) 1996-2016 SUSE LLC <<<\n", + "\n>>> %s installation program v" LXRC_FULL_VERSION " (c) 1996-2017 SUSE LLC <<<\n", config.product ); if (config.linemode) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/linuxrc-5.1.0/linuxrc_repo.md new/linuxrc-5.1.1/linuxrc_repo.md --- old/linuxrc-5.1.0/linuxrc_repo.md 2017-11-27 14:35:21.000000000 +0100 +++ new/linuxrc-5.1.1/linuxrc_repo.md 2017-12-05 09:59:00.000000000 +0100 @@ -79,12 +79,19 @@ Lets see how to avoid this. -### 2.1. solving the digest problem +### 2.1. getting file digests -As there's no longer a `content` file, linuxrc needs to get the digests in -some other way. Fortunately it parses `content` just like any other config -file, so you can simply copy it into linuxrc's config directory and add that -to the initrd. +There is no longer a `content` file. Instead, there is now a `CHECKSUMS` +file (with sligthly different format) containing sha256 digests of +repository files. + +`CHECKSUMS` must be signed (detached signature in `CHECKSUMS.ASC`). + +linuxrc gets the digests from two locations: +- a `content` file included in the initrd at installation system build time (placed directly into linuxrc's config directory) +- `CHECKSUMS` from the repo location + +To include `content` in the initrd in a place linuxrc finds it, do something like: ```sh mkdir -p /tmp/foo/etc/linuxrc.d diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/linuxrc-5.1.0/url.c new/linuxrc-5.1.1/url.c --- old/linuxrc-5.1.0/url.c 2017-11-27 14:35:21.000000000 +0100 +++ new/linuxrc-5.1.1/url.c 2017-12-05 09:59:00.000000000 +0100 @@ -2178,9 +2178,10 @@ if(!config.keepinstsysconfig) { config.digests.failed = 0; - // check for '/content' or '/repodata/repomd.xml' as indication we have a suse repo - // 'content' must be validly signed (we parse it), 'repomd.xml' not (we just check its presence) - // zenworks has a different approach ('settings.txt') - they don't have a repo + // Check for '/content' resp. '/repodata/repomd.xml' as indication we + // have a SUSE repo. + // The file must be validly signed (because we parse it). + // zenworks has a different approach ('settings.txt') - they don't have a repo. strprintf(&buf, "/%s", config.zen ? config.zenconfig : "content"); strprintf(&buf2, "file:%s", buf); @@ -2206,6 +2207,15 @@ config.repomd = 1; file_parse_repomd("/repomd.xml"); + + // download CHECKSUMS ... + read_failed = url_read_file( + url, NULL, "/CHECKSUMS", "/CHECKSUMS", NULL, + URL_FLAG_NODIGEST + (config.secure ? URL_FLAG_CHECK_SIG : 0) + ); + + // ... and parse it + if(!read_failed) file_parse_checksums("/CHECKSUMS"); } if(!config.sig_failed && util_check_exist(buf)) {
