Hello community, here is the log from the commit of package libzypp for openSUSE:Factory checked in at 2018-09-13 12:09:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libzypp (Old) and /work/SRC/openSUSE:Factory/.libzypp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libzypp" Thu Sep 13 12:09:59 2018 rev:403 rq:634122 version:17.7.0 Changes: -------- --- /work/SRC/openSUSE:Factory/libzypp/libzypp.changes 2018-08-24 16:59:07.009716803 +0200 +++ /work/SRC/openSUSE:Factory/.libzypp.new/libzypp.changes 2018-09-13 12:10:02.034393985 +0200 @@ -1,0 +2,22 @@ +Fri Sep 7 12:07:39 CEST 2018 - [email protected] + +- Drop type application due to poor metadata support (bsc#1100095, + bsc#1104415) +- version 17.7.0 (2) + +------------------------------------------------------------------- +Thu Sep 6 12:16:25 CEST 2018 - [email protected] + +- Automatically fetch repository signing key from gpgkey url + (bsc#1088037) +- lsof: use '-K i' if lsof supports it (bsc#1099847,bsc#1036304) +- version 17.6.4 (2) + +------------------------------------------------------------------- +Thu Aug 30 16:44:56 CEST 2018 - [email protected] + +- Check for not imported keys after multi key import from rpmdb + (bsc#1096217) +- version 17.6.3 (2) + +------------------------------------------------------------------- Old: ---- libzypp-17.6.2.tar.bz2 New: ---- libzypp-17.7.0.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libzypp.spec ++++++ --- /var/tmp/diff_new_pack.7eZNDS/_old 2018-09-13 12:10:02.506393454 +0200 +++ /var/tmp/diff_new_pack.7eZNDS/_new 2018-09-13 12:10:02.510393450 +0200 @@ -17,7 +17,7 @@ Name: libzypp -Version: 17.6.2 +Version: 17.7.0 Release: 0 Url: https://github.com/openSUSE/libzypp Summary: Package, Patch, Pattern, and Product Management @@ -330,7 +330,9 @@ %files -f zypp.lang %defattr(-,root,root) +%if 0%{?suse_version} >= 1500 %license COPYING +%endif %dir %{_sysconfdir}/zypp %if 0%{?fedora_version} || 0%{?rhel_version} >= 600 || 0%{?centos_version} >= 600 %{_sysconfdir}/zypp/repos.d ++++++ libzypp-17.6.2.tar.bz2 -> libzypp-17.7.0.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.6.2/VERSION.cmake new/libzypp-17.7.0/VERSION.cmake --- old/libzypp-17.6.2/VERSION.cmake 2018-08-21 18:57:21.000000000 +0200 +++ new/libzypp-17.7.0/VERSION.cmake 2018-09-07 12:13:27.000000000 +0200 @@ -60,9 +60,9 @@ # SET(LIBZYPP_MAJOR "17") SET(LIBZYPP_COMPATMINOR "2") -SET(LIBZYPP_MINOR "6") -SET(LIBZYPP_PATCH "2") +SET(LIBZYPP_MINOR "7") +SET(LIBZYPP_PATCH "0") # -# LAST RELEASED: 17.6.2 (2) +# LAST RELEASED: 17.7.0 (2) # (The number in parenthesis is LIBZYPP_COMPATMINOR) #======= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.6.2/libzypp.spec.cmake new/libzypp-17.7.0/libzypp.spec.cmake --- old/libzypp-17.6.2/libzypp.spec.cmake 2018-08-16 13:10:16.000000000 +0200 +++ new/libzypp-17.7.0/libzypp.spec.cmake 2018-08-24 16:52:24.000000000 +0200 @@ -330,7 +330,9 @@ %files -f zypp.lang %defattr(-,root,root) +%if 0%{?suse_version} >= 1500 %license COPYING +%endif %dir %{_sysconfdir}/zypp %if 0%{?fedora_version} || 0%{?rhel_version} >= 600 || 0%{?centos_version} >= 600 %{_sysconfdir}/zypp/repos.d diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.6.2/package/libzypp.changes new/libzypp-17.7.0/package/libzypp.changes --- old/libzypp-17.6.2/package/libzypp.changes 2018-08-21 18:57:21.000000000 +0200 +++ new/libzypp-17.7.0/package/libzypp.changes 2018-09-07 12:13:27.000000000 +0200 @@ -1,4 +1,26 @@ ------------------------------------------------------------------- +Fri Sep 7 12:07:39 CEST 2018 - [email protected] + +- Drop type application due to poor metadata support (bsc#1100095, + bsc#1104415) +- version 17.7.0 (2) + +------------------------------------------------------------------- +Thu Sep 6 12:16:25 CEST 2018 - [email protected] + +- Automatically fetch repository signing key from gpgkey url + (bsc#1088037) +- lsof: use '-K i' if lsof supports it (bsc#1099847,bsc#1036304) +- version 17.6.4 (2) + +------------------------------------------------------------------- +Thu Aug 30 16:44:56 CEST 2018 - [email protected] + +- Check for not imported keys after multi key import from rpmdb + (bsc#1096217) +- version 17.6.3 (2) + +------------------------------------------------------------------- Tue Aug 21 18:46:35 CEST 2018 - [email protected] - fixup! Add filesize check for downloads with known size (bsc#408814) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.6.2/po/CMakeLists.txt new/libzypp-17.7.0/po/CMakeLists.txt --- old/libzypp-17.6.2/po/CMakeLists.txt 2018-07-16 16:37:05.000000000 +0200 +++ new/libzypp-17.7.0/po/CMakeLists.txt 2018-09-06 18:06:52.000000000 +0200 @@ -36,7 +36,7 @@ SET( _gmoFile ${CMAKE_CURRENT_BINARY_DIR}/${_lang}.gmo ) ADD_CUSTOM_COMMAND( OUTPUT ${_gmoFile} - COMMAND ${GETTEXT_MSGMERGE_EXECUTABLE} --quiet -o ${_poFile} ${_absFile} ${POT_FILE} + COMMAND ${GETTEXT_MSGMERGE_EXECUTABLE} --quiet --no-fuzzy-matching -o ${_poFile} ${_absFile} ${POT_FILE} COMMAND ${GETTEXT_MSGFMT_EXECUTABLE} -o ${_gmoFile} ${_poFile} DEPENDS ${POT_FILE} ${_absFile} COMMENT "Update ${_gmoFile}" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.6.2/po/zh_CN.po new/libzypp-17.7.0/po/zh_CN.po --- old/libzypp-17.6.2/po/zh_CN.po 2018-08-13 20:03:40.000000000 +0200 +++ new/libzypp-17.7.0/po/zh_CN.po 2018-09-01 08:01:43.000000000 +0200 @@ -12,8 +12,8 @@ "Project-Id-Version: YaST (@memory@)\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2018-08-03 11:09+0200\n" -"PO-Revision-Date: 2018-08-13 18:01+0000\n" -"Last-Translator: Yi-Jyun Pan <[email protected]>\n" +"PO-Revision-Date: 2018-09-01 06:01+0000\n" +"Last-Translator: H. Zeng <[email protected]>\n" "Language-Team: Chinese (China) " "<https://l10n.opensuse.org/projects/libzypp/master/zh_CN/>\n" "Language: zh_CN\n" @@ -4190,7 +4190,7 @@ #: zypp/media/MediaException.cc:195 #, c-format, boost-format msgid "Downloaded data exceeded the expected filesize '%s' of '%s'." -msgstr "下载到的数据超出了 '%2$s' 中预期的文件大小 ''%1$s'。" +msgstr "下载到的数据超出了 '%2$s' 中预期的文件大小 '%1$s'。" #: zypp/media/MediaException.cc:203 #, c-format, boost-format diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.6.2/tests/lib/TestSetup.h new/libzypp-17.7.0/tests/lib/TestSetup.h --- old/libzypp-17.6.2/tests/lib/TestSetup.h 2018-07-16 16:37:05.000000000 +0200 +++ new/libzypp-17.7.0/tests/lib/TestSetup.h 2018-09-05 12:33:56.000000000 +0200 @@ -92,7 +92,10 @@ { _ctor( rootdir_r, Arch_empty, options_r ); } ~TestSetup() - { USR << (_tmprootdir.path() == _rootdir ? "DELETE" : "KEEP") << " TESTSETUP below " << _rootdir << endl; } + { + USR << (_tmprootdir.path() == _rootdir ? "DELETE" : "KEEP") << " TESTSETUP below " << _rootdir << endl; + ZConfig::instance().setRepoManagerRoot( Pathname() ); + } public: /** Whether directory \a path_r contains a solver testcase. */ @@ -403,6 +406,8 @@ filesystem::clean_dir( _rootdir ); } + ZConfig::instance().setRepoManagerRoot( _rootdir ); + if ( ! sysarch_r.empty() ) ZConfig::instance().setSystemArchitecture( sysarch_r ); USR << "CREATED TESTSETUP below " << _rootdir << endl; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.6.2/zypp/KeyRing.cc new/libzypp-17.7.0/zypp/KeyRing.cc --- old/libzypp-17.6.2/zypp/KeyRing.cc 2018-08-17 14:58:46.000000000 +0200 +++ new/libzypp-17.7.0/zypp/KeyRing.cc 2018-09-05 12:33:56.000000000 +0200 @@ -91,6 +91,13 @@ return false; } + void KeyRingReport::reportNonImportedKeys(const std::set<Edition> &keys_r) + { + UserData data(KEYS_NOT_IMPORTED_REPORT); + data.set("Keys", keys_r); + report(data); + } + namespace { /////////////////////////////////////////////////////////////////// @@ -226,6 +233,8 @@ PublicKeyData trustedPublicKeyExists( const std::string & id ) { return publicKeyExists(id, trustedKeyRing());} + bool provideAndImportKeyFromRepositoryWorkflow (const std::string &id_r , const RepoInfo &info_r ); + private: bool verifyFile( const Pathname & file, const Pathname & signature, const Pathname & keyring ); void importKey( const Pathname & keyfile, const Pathname & keyring ); @@ -418,103 +427,157 @@ // get the id of the signature (it might be a subkey id!) std::string id = readSignatureKeyId( signature ); - // does key exists in trusted keyring - PublicKeyData trustedKeyData( publicKeyExists( id, trustedKeyRing() ) ); - if ( trustedKeyData ) - { - MIL << "Key is trusted: " << trustedKeyData << endl; + PublicKeyData foundKey; + Pathname whichKeyring; - // lets look if there is an updated key in the - // general keyring - PublicKeyData generalKeyData( publicKeyExists( id, generalKeyRing() ) ); - if ( generalKeyData ) - { - // bnc #393160: Comment #30: Compare at least the fingerprint - // in case an attacker created a key the the same id. - // - // FIXME: bsc#1008325: For keys using subkeys, we'd actually need - // to compare the subkey sets, to tell whether a key was updated. - // because created() remains unchanged if the primary key is not touched. - // For now we wait until a new subkey signs the data and treat it as a - // new key (else part below). - if ( trustedKeyData.fingerprint() == generalKeyData.fingerprint() - && trustedKeyData.created() < generalKeyData.created() ) - { - MIL << "Key was updated. Saving new version into trusted keyring: " << generalKeyData << endl; - importKey( exportKey( generalKeyData, generalKeyRing() ), true ); - trustedKeyData = publicKeyExists( id, trustedKeyRing() ); // re-read: invalidated by import? - } - } + if ( !id.empty() ) { - // it exists, is trusted, does it validate? - report->infoVerify( filedesc, trustedKeyData, context ); - if ( verifyFile( file, signature, trustedKeyRing() ) ) + // does key exists in trusted keyring + PublicKeyData trustedKeyData( publicKeyExists( id, trustedKeyRing() ) ); + if ( trustedKeyData ) { - return (sigValid_r=true); // signature is actually successfully validated! + MIL << "Key is trusted: " << trustedKeyData << endl; + + // lets look if there is an updated key in the + // general keyring + PublicKeyData generalKeyData( publicKeyExists( id, generalKeyRing() ) ); + if ( generalKeyData ) + { + // bnc #393160: Comment #30: Compare at least the fingerprint + // in case an attacker created a key the the same id. + // + // FIXME: bsc#1008325: For keys using subkeys, we'd actually need + // to compare the subkey sets, to tell whether a key was updated. + // because created() remains unchanged if the primary key is not touched. + // For now we wait until a new subkey signs the data and treat it as a + // new key (else part below). + if ( trustedKeyData.fingerprint() == generalKeyData.fingerprint() + && trustedKeyData.created() < generalKeyData.created() ) + { + MIL << "Key was updated. Saving new version into trusted keyring: " << generalKeyData << endl; + importKey( exportKey( generalKeyData, generalKeyRing() ), true ); + trustedKeyData = publicKeyExists( id, trustedKeyRing() ); // re-read: invalidated by import? + } + } + + foundKey = trustedKeyData; + whichKeyring = trustedKeyRing(); } else { - bool res = report->askUserToAcceptVerificationFailed( filedesc, exportKey( trustedKeyData, trustedKeyRing() ), context ); - MIL << "askUserToAcceptVerificationFailed: " << res << endl; - return res; - } - } - else - { - PublicKeyData generalKeyData( publicKeyExists( id, generalKeyRing() ) ); - if ( generalKeyData ) - { - PublicKey key( exportKey( generalKeyData, generalKeyRing() ) ); - MIL << "Key [" << id << "] " << key.name() << " is not trusted" << endl; - - // ok the key is not trusted, ask the user to trust it or not - KeyRingReport::KeyTrust reply = report->askUserToAcceptKey( key, context ); - if ( reply == KeyRingReport::KEY_TRUST_TEMPORARILY || - reply == KeyRingReport::KEY_TRUST_AND_IMPORT ) + PublicKeyData generalKeyData( publicKeyExists( id, generalKeyRing() ) ); + if ( generalKeyData ) { - MIL << "User wants to trust key [" << id << "] " << key.name() << endl; + PublicKey key( exportKey( generalKeyData, generalKeyRing() ) ); + MIL << "Key [" << id << "] " << key.name() << " is not trusted" << endl; - Pathname whichKeyring; - if ( reply == KeyRingReport::KEY_TRUST_AND_IMPORT ) + // ok the key is not trusted, ask the user to trust it or not + KeyRingReport::KeyTrust reply = report->askUserToAcceptKey( key, context ); + if ( reply == KeyRingReport::KEY_TRUST_TEMPORARILY || + reply == KeyRingReport::KEY_TRUST_AND_IMPORT ) { - MIL << "User wants to import key [" << id << "] " << key.name() << endl; - importKey( key, true ); - whichKeyring = trustedKeyRing(); - } - else - whichKeyring = generalKeyRing(); + MIL << "User wants to trust key [" << id << "] " << key.name() << endl; - // does it validate? - report->infoVerify( filedesc, generalKeyData, context ); - if ( verifyFile( file, signature, whichKeyring ) ) - { - return (sigValid_r=true); // signature is actually successfully validated! + if ( reply == KeyRingReport::KEY_TRUST_AND_IMPORT ) + { + MIL << "User wants to import key [" << id << "] " << key.name() << endl; + importKey( key, true ); + whichKeyring = trustedKeyRing(); + } + else + whichKeyring = generalKeyRing(); + + foundKey = generalKeyData; } else { - bool res = report->askUserToAcceptVerificationFailed( filedesc, key, context ); - MIL << "askUserToAcceptVerificationFailed: " << res << endl; - return res; + MIL << "User does not want to trust key [" << id << "] " << key.name() << endl; + return false; } } - else + else if ( ! context.empty() ) { - MIL << "User does not want to trust key [" << id << "] " << key.name() << endl; - return false; + // try to find the key in the repository info + if ( provideAndImportKeyFromRepositoryWorkflow( id, context.repoInfo() ) ) { + whichKeyring = trustedKeyRing(); + foundKey = PublicKeyData( publicKeyExists( id, trustedKeyRing() ) ); + } } } + } + + if ( foundKey ) { + // it exists, is trusted, does it validate? + report->infoVerify( filedesc, foundKey, context ); + if ( verifyFile( file, signature, whichKeyring ) ) + { + return (sigValid_r=true); // signature is actually successfully validated! + } else { - // signed with an unknown key... - MIL << "File [" << file << "] ( " << filedesc << " ) signed with unknown key [" << id << "]" << endl; - bool res = report->askUserToAcceptUnknownKey( filedesc, id, context ); - MIL << "askUserToAcceptUnknownKey: " << res << endl; - return res; + bool res = report->askUserToAcceptVerificationFailed( filedesc, exportKey( foundKey, whichKeyring ), context ); + MIL << "askUserToAcceptVerificationFailed: " << res << endl; + return res; } + } else { + // signed with an unknown key... + MIL << "File [" << file << "] ( " << filedesc << " ) signed with unknown key [" << id << "]" << endl; + bool res = report->askUserToAcceptUnknownKey( filedesc, id, context ); + MIL << "askUserToAcceptUnknownKey: " << res << endl; + return res; } + return false; } + bool KeyRing::Impl::provideAndImportKeyFromRepositoryWorkflow(const std::string &id_r, const RepoInfo &info_r) + { + if ( id_r.empty() ) + return false; + + const ZConfig &conf = ZConfig::instance(); + Pathname cacheDir = conf.repoManagerRoot() / conf.pubkeyCachePath(); + + Pathname myKey = info_r.provideKey( id_r, cacheDir ); + if ( myKey.empty() ) + // if we did not find any keys, there is no point in checking again, break + return false; + + callback::SendReport<KeyRingReport> report; + + PublicKey key; + try { + key = PublicKey( myKey ); + } catch ( const Exception &e ) { + ZYPP_CAUGHT(e); + return false; + } + + if ( !key.isValid() ) { + ERR << "Key [" << id_r << "] from cache: " << cacheDir << " is not valid" << endl; + return false; + } + + MIL << "Key [" << id_r << "] " << key.name() << " loaded from cache" << endl; + + KeyContext context; + context.setRepoInfo( info_r ); + if ( ! report->askUserToAcceptPackageKey( key, context ) ) { + return false; + } + + MIL << "User wants to import key [" << id_r << "] " << key.name() << " from cache" << endl; + try { + importKey( key, true ); + } catch ( const KeyRingException &e ) { + ZYPP_CAUGHT(e); + ERR << "Failed to import key: "<<id_r; + return false; + } + + return true; + } + std::list<PublicKey> KeyRing::Impl::publicKeys( const Pathname & keyring ) { const std::list<PublicKeyData> & keys( publicKeyData( keyring ) ); @@ -649,6 +712,11 @@ bool KeyRing::verifyFileTrustedSignature( const Pathname & file, const Pathname & signature ) { return _pimpl->verifyFileTrustedSignature( file, signature ); } + bool KeyRing::provideAndImportKeyFromRepositoryWorkflow(const std::string &id, const RepoInfo &info) + { + return _pimpl->provideAndImportKeyFromRepositoryWorkflow( id, info ); + } + void KeyRing::dumpPublicKey( const std::string & id, bool trusted, std::ostream & stream ) { _pimpl->dumpPublicKey( id, trusted, stream ); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.6.2/zypp/KeyRing.h new/libzypp-17.7.0/zypp/KeyRing.h --- old/libzypp-17.6.2/zypp/KeyRing.h 2018-08-01 13:29:26.000000000 +0200 +++ new/libzypp-17.7.0/zypp/KeyRing.h 2018-09-05 12:33:56.000000000 +0200 @@ -70,8 +70,6 @@ KEY_TRUST_AND_IMPORT }; - constexpr static const char * ACCEPT_PACKAGE_KEY_REQUEST = "KeyRingReport/AcceptPackageKey"; - /** * Ask user to trust and/or import the key to trusted keyring. * \see KeyTrust @@ -102,6 +100,7 @@ * Ask user to trust and/or import the package key to trusted keyring, using ReportBase::report * * The UserData object will have the following fields: + * UserData::type \ref ACCEPT_PACKAGE_KEY_REQUEST * "PublicKey" The PublicKey to be accepted * "KeyContext" The KeyContext * @@ -114,6 +113,21 @@ * */ bool askUserToAcceptPackageKey( const PublicKey &key_r, const KeyContext &keycontext_r = KeyContext() ); + /** \relates askUserToAcceptPackageKey generic reports UserData::type */ + constexpr static const char * ACCEPT_PACKAGE_KEY_REQUEST = "KeyRingReport/AcceptPackageKey"; + + /** + * Notify the user about keys that were not imported from the + * rpm key database into zypp keyring + * + * The UserData object will have the following fields: + * UserData::type \ref KEYS_NOT_IMPORTED_REPORT + * std::set<Edition> "Keys" set of keys that were not imported + * + */ + void reportNonImportedKeys( const std::set<Edition> &keys_r ); + /** \relates reportNonImportedKeys generic reports UserData::type */ + constexpr static const char *KEYS_NOT_IMPORTED_REPORT = "KeyRingReport/KeysNotImported"; }; @@ -307,6 +321,12 @@ bool verifyFileTrustedSignature( const Pathname &file, const Pathname &signature ); + /** + * Try to find the \a id in key cache or repository specified in \a info. Ask the user to trust + * the key if it was found + */ + bool provideAndImportKeyFromRepositoryWorkflow ( const std::string &id , const RepoInfo &info ); + /** Dtor */ ~KeyRing(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.6.2/zypp/PublicKey.cc new/libzypp-17.7.0/zypp/PublicKey.cc --- old/libzypp-17.6.2/zypp/PublicKey.cc 2018-08-01 13:29:26.000000000 +0200 +++ new/libzypp-17.7.0/zypp/PublicKey.cc 2018-08-29 11:57:05.000000000 +0200 @@ -338,7 +338,11 @@ { return makeIterable( &(*_pimpl->_subkeys.begin()), &(*_pimpl->_subkeys.end()) ); } bool PublicKeyData::providesKey( const std::string & id_r ) const - { return( id_r == _pimpl->_id || _pimpl->hasSubkeyId( id_r ) ); } + { + if ( id_r.size() == 8 ) // as a convenience allow to test the 8byte short ID rpm uses as gpg-pubkey version + return str::endsWithCI( _pimpl->_id, id_r ); + return( id_r == _pimpl->_id || _pimpl->hasSubkeyId( id_r ) ); + } PublicKeyData::AsciiArt PublicKeyData::asciiArt() const { return AsciiArt( fingerprint() /* TODO: key algorithm could be added as top tile. */ ); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.6.2/zypp/RepoInfo.cc new/libzypp-17.7.0/zypp/RepoInfo.cc --- old/libzypp-17.6.2/zypp/RepoInfo.cc 2018-08-03 11:23:52.000000000 +0200 +++ new/libzypp-17.7.0/zypp/RepoInfo.cc 2018-09-05 12:33:56.000000000 +0200 @@ -501,8 +501,11 @@ _pimpl->gpgKeyUrls().raw().push_back( url_r ); } - Pathname RepoInfo::provideKey(const std::string &keyID_r, const Pathname &targetDirectory_r) + Pathname RepoInfo::provideKey(const std::string &keyID_r, const Pathname &targetDirectory_r) const { + if ( keyID_r.empty() ) + return Pathname(); + MIL << "Check for " << keyID_r << " at " << targetDirectory_r << endl; std::string keyIDStr( keyID_r.size() > 8 ? keyID_r.substr( keyID_r.size()-8 ) : keyID_r ); // print short ID in Jobreports filesystem::TmpDir tmpKeyRingDir; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.6.2/zypp/RepoInfo.h new/libzypp-17.7.0/zypp/RepoInfo.h --- old/libzypp-17.6.2/zypp/RepoInfo.h 2018-08-01 13:29:26.000000000 +0200 +++ new/libzypp-17.7.0/zypp/RepoInfo.h 2018-09-05 12:33:56.000000000 +0200 @@ -401,7 +401,7 @@ void setGpgKeyUrl( const Url &gpgkey ); /** downloads all configured gpg keys into the defined directory */ - Pathname provideKey(const std::string &keyID_r, const Pathname &targetDirectory_r ); + Pathname provideKey(const std::string &keyID_r, const Pathname &targetDirectory_r ) const; /** * \short Whether packages downloaded from this repository will be kept in local cache diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.6.2/zypp/RepoManager.cc new/libzypp-17.7.0/zypp/RepoManager.cc --- old/libzypp-17.6.2/zypp/RepoManager.cc 2018-08-01 13:29:26.000000000 +0200 +++ new/libzypp-17.7.0/zypp/RepoManager.cc 2018-09-07 12:13:27.000000000 +0200 @@ -1350,7 +1350,7 @@ cmd.push_back( "-o" ); cmd.push_back( solvfile.asString() ); cmd.push_back( "-X" ); // autogenerate pattern from pattern-package - cmd.push_back( "-A" ); // autogenerate application pseudo packages + // bsc#1104415: no more application support // cmd.push_back( "-A" ); // autogenerate application pseudo packages if ( repokind == RepoType::RPMPLAINDIR ) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.6.2/zypp/RepoStatus.cc new/libzypp-17.7.0/zypp/RepoStatus.cc --- old/libzypp-17.6.2/zypp/RepoStatus.cc 2018-07-16 16:37:05.000000000 +0200 +++ new/libzypp-17.7.0/zypp/RepoStatus.cc 2018-09-07 12:13:27.000000000 +0200 @@ -97,7 +97,7 @@ // NOTE: changing magic will once invalidate all solv file caches // Helpfull if solv file content must be refreshed (e.g. due to different // repo2* arguments) even if raw metadata are unchanged. - static const std::string magic( "42" ); + static const std::string magic( "43" ); _pimpl->_checksum += magic; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.6.2/zypp/misc/CheckAccessDeleted.cc new/libzypp-17.7.0/zypp/misc/CheckAccessDeleted.cc --- old/libzypp-17.6.2/zypp/misc/CheckAccessDeleted.cc 2018-07-16 16:37:05.000000000 +0200 +++ new/libzypp-17.7.0/zypp/misc/CheckAccessDeleted.cc 2018-08-31 08:34:31.000000000 +0200 @@ -78,6 +78,8 @@ /** bsc#1099847: Check for lsof version < 4.90 which does not support '-K i' * Just a quick check to allow code15 libzypp runnig in a code12 environment. + * bsc#1036304: '-K i' was backported to older lsof versions, indicated by + * lsof providing 'backported-option-Ki'. */ bool lsofNoOptKi() { @@ -95,7 +97,7 @@ } tmpUnblock; librpmDb::db_const_iterator it; - return( it.findPackage( "lsof" ) && it->tag_edition() < Edition("4.90") ); + return( it.findPackage( "lsof" ) && it->tag_edition() < Edition("4.90") && !it->tag_provides().count( Capability("backported-option-Ki") ) ); } } //namespace diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.6.2/zypp/repo/PackageProvider.cc new/libzypp-17.7.0/zypp/repo/PackageProvider.cc --- old/libzypp-17.6.2/zypp/repo/PackageProvider.cc 2018-08-01 13:29:26.000000000 +0200 +++ new/libzypp-17.7.0/zypp/repo/PackageProvider.cc 2018-09-05 12:33:56.000000000 +0200 @@ -234,46 +234,9 @@ std::string keyID = hr->signatureKeyID(); if ( keyID.length() > 0 ) { - const ZConfig &conf = ZConfig::instance(); - Pathname cacheDir = conf.repoManagerRoot() / conf.pubkeyCachePath(); - - Pathname myKey = info.provideKey ( keyID, cacheDir ); - if ( myKey.empty() ) - // if we did not find any keys, there is no point in checking again, break - break; - - callback::SendReport<KeyRingReport> report; - - PublicKey key; - try { - key = PublicKey( myKey ); - } catch ( const Exception &e ) { - ZYPP_CAUGHT(e); - break; - } - - if ( !key.isValid() ) { - ERR << "Key [" << keyID << "] from cache: " << cacheDir << " is not valid" << endl; + if ( ! getZYpp()->keyRing()->provideAndImportKeyFromRepositoryWorkflow( keyID, info ) ) break; - } - - MIL << "Key [" << keyID << "] " << key.name() << " loaded from cache" << endl; - KeyContext context; - context.setRepoInfo( info ); - if ( ! report->askUserToAcceptPackageKey( key, context ) ) { - break; - } - - MIL << "User wants to import key [" << keyID << "] " << key.name() << " from cache" << endl; - KeyRing_Ptr theKeyRing = getZYpp()->keyRing(); - try { - theKeyRing->importKey( key, true ); - } catch ( const KeyRingException &e ) { - ZYPP_CAUGHT(e); - ERR << "Failed to import key: "<<keyID; - break; - } } else { // we did not find any information about the key in the header // this should never happen diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.6.2/zypp/target/TargetImpl.cc new/libzypp-17.7.0/zypp/target/TargetImpl.cc --- old/libzypp-17.6.2/zypp/target/TargetImpl.cc 2018-07-19 08:52:30.000000000 +0200 +++ new/libzypp-17.7.0/zypp/target/TargetImpl.cc 2018-09-07 12:13:27.000000000 +0200 @@ -915,7 +915,7 @@ cmd.push_back( _root.asString() ); } cmd.push_back( "-X" ); // autogenerate pattern/product/... from -package - cmd.push_back( "-A" ); // autogenerate application pseudo packages + // bsc#1104415: no more application support // cmd.push_back( "-A" ); // autogenerate application pseudo packages cmd.push_back( "-p" ); cmd.push_back( Pathname::assertprefix( _root, "/etc/products.d" ).asString() ); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzypp-17.6.2/zypp/target/rpm/RpmDb.cc new/libzypp-17.7.0/zypp/target/rpm/RpmDb.cc --- old/libzypp-17.6.2/zypp/target/rpm/RpmDb.cc 2018-07-16 16:37:05.000000000 +0200 +++ new/libzypp-17.7.0/zypp/target/rpm/RpmDb.cc 2018-08-29 11:57:05.000000000 +0200 @@ -1005,10 +1005,23 @@ try { getZYpp()->keyRing()->multiKeyImport( tmpfile.path(), true /*trusted*/); + // bsc#1096217: Try to spot and report legacy V3 keys found in the rpm database. + // Modern rpm does not import those keys, but when migrating a pre SLE12 system + // we may find them. rpm>4.13 even complains on sderr if sucha key is present. + std::set<Edition> missingKeys; + for ( const Edition & key : rpmKeys ) + { + if ( getZYpp()->keyRing()->isKeyTrusted( key.version() ) ) // key.version is the gpgkeys short ID + continue; + ERR << "Could not import key:" << str::Format("gpg-pubkey-%s") % key << " into zypp keyring (V3 key?)" << endl; + missingKeys.insert( key ); + } + if ( ! missingKeys.empty() ) + callback::SendReport<KeyRingReport>()->reportNonImportedKeys(missingKeys); } catch (Exception &e) { - ERR << "Could not import keys into in zypp keyring" << endl; + ERR << "Could not import keys into zypp keyring" << endl; } }
