Hello community, here is the log from the commit of package linuxrc for openSUSE:Factory checked in at 2015-03-09 10:04:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/linuxrc (Old) and /work/SRC/openSUSE:Factory/.linuxrc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "linuxrc" Changes: -------- --- /work/SRC/openSUSE:Factory/linuxrc/linuxrc.changes 2015-02-06 10:57:21.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.linuxrc.new/linuxrc.changes 2015-03-09 10:04:31.000000000 +0100 @@ -1,0 +2,9 @@ +Thu Mar 5 14:55:47 CET 2015 - [email protected] + +- quote filenames +- warn if driver update didn't contain usable data +- show error message for failed driver update loads (bnc #901598) +- allow files to be signed directly +- 5.0.32 + +------------------------------------------------------------------- Old: ---- linuxrc-5.0.31.tar.xz New: ---- linuxrc-5.0.32.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ linuxrc.spec ++++++ --- /var/tmp/diff_new_pack.GjnnJJ/_old 2015-03-09 10:04:32.000000000 +0100 +++ /var/tmp/diff_new_pack.GjnnJJ/_new 2015-03-09 10:04:32.000000000 +0100 @@ -25,7 +25,7 @@ Summary: SUSE Installation Program License: GPL-3.0+ Group: System/Boot -Version: 5.0.31 +Version: 5.0.32 Release: 0 Source: %{name}-%{version}.tar.xz BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ linuxrc-5.0.31.tar.xz -> linuxrc-5.0.32.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/linuxrc-5.0.31/VERSION new/linuxrc-5.0.32/VERSION --- old/linuxrc-5.0.31/VERSION 2015-02-05 11:58:44.000000000 +0100 +++ new/linuxrc-5.0.32/VERSION 2015-03-05 14:53:44.000000000 +0100 @@ -1 +1 @@ -5.0.31 +5.0.32 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/linuxrc-5.0.31/auto2.c new/linuxrc-5.0.32/auto2.c --- old/linuxrc-5.0.31/auto2.c 2015-02-05 11:58:44.000000000 +0100 +++ new/linuxrc-5.0.32/auto2.c 2015-03-05 14:53:44.000000000 +0100 @@ -405,6 +405,8 @@ /* load & run driverupdates */ if(config.update.urls) { + int should_have_updates = 0; + dud_count = config.update.count; /* point at list end */ for(names = &config.update.name_list; *names; names = &(*names)->next); @@ -417,8 +419,20 @@ fprintf(url->quiet ? stderr : stdout, "Reading driver update: %s\n", sl->key); fflush(url->quiet ? stderr : stdout); + // for later... + char *err_buf = NULL; + strprintf(&err_buf, "Failed to load driver update:\n%s", url_print(url, 0)); + if(url->is.mountable) { err = url_mount(url, config.mountpoint.update, test_and_add_dud); + if(!url->quiet) { + if(err) { + dia_message2(err_buf, MSGTYPE_ERROR); + } + else { + should_have_updates = 1; + } + } } else { char *file_name = strdup(new_download()); @@ -448,12 +462,18 @@ free(path2); if(!err) { + if(!url->quiet) should_have_updates = 1; test_and_add_dud(url); LXRC_WAIT util_umount(config.mountpoint.update); } + else if(!url->quiet) { + dia_message2(err_buf, MSGTYPE_ERROR); + } } + str_copy(&err_buf, NULL); + LXRC_WAIT url_umount(url); @@ -462,7 +482,11 @@ util_do_driver_updates(); if(dud_count == config.update.count) { - fprintf(stderr, "No new driver updates found.\n"); + if(should_have_updates) { + char *msg = "No applicable driver updates found."; + fprintf(stderr, "%s\n", msg); + dia_message2(msg, MSGTYPE_INFO); + } } else { if(*names) { @@ -1033,7 +1057,11 @@ if(config.win) win_close(&win); if(dud_count == config.update.count) { - fprintf(stderr, "No new driver updates found.\n"); + if(!err) { + char *msg = "No applicable driver updates found."; + fprintf(stderr, "%s\n", msg); + dia_message2(msg, MSGTYPE_INFO); + } } else { if(*names) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/linuxrc-5.0.31/changelog new/linuxrc-5.0.32/changelog --- old/linuxrc-5.0.31/changelog 2015-02-05 11:58:44.000000000 +0100 +++ new/linuxrc-5.0.32/changelog 2015-03-05 14:53:44.000000000 +0100 @@ -1,3 +1,9 @@ +2015-03-05: 5.0.32 + - quote filenames + - warn if driver update didn't contain usable data + - show error message for failed driver update loads (bnc #901598) + - allow files to be signed directly + 2015-02-05: 5.0.31 - update git2log script - keep default nanny setting unless explicitly changed diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/linuxrc-5.0.31/dialog.c new/linuxrc-5.0.32/dialog.c --- old/linuxrc-5.0.31/dialog.c 2015-02-05 11:58:44.000000000 +0100 +++ new/linuxrc-5.0.32/dialog.c 2015-03-05 14:53:44.000000000 +0100 @@ -314,6 +314,21 @@ } +/* + * Like dia_message() but start and stop window mode as needed. + */ +int dia_message2(char *txt, int type) +{ + int i, win; + + if(!(win = config.win)) util_disp_init(); + i = dia_message(txt, type); + if(!win) util_disp_done(); + + return i; +} + + int dia_message (char *txt_tv, int msgtype_iv) { window_t win_ri; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/linuxrc-5.0.31/dialog.h new/linuxrc-5.0.32/dialog.h --- old/linuxrc-5.0.31/dialog.h 2015-02-05 11:58:44.000000000 +0100 +++ new/linuxrc-5.0.32/dialog.h 2015-03-05 14:53:44.000000000 +0100 @@ -126,6 +126,7 @@ int nr_lines_iv, int width_iv, int eof_iv); extern void dia_handle_ctrlc (void); +int dia_message2(char *txt, int type); char *dia_get_text(dia_item_t di); dia_item_t dia_menu2(char *title, int width, int (*func)(dia_item_t), dia_item_t *items, dia_item_t default_item); int dia_list(char *title, int width, int (*func)(int), char **items, int default_item, dia_align_t align); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/linuxrc-5.0.31/url.c new/linuxrc-5.0.32/url.c --- old/linuxrc-5.0.31/url.c 2015-02-05 11:58:44.000000000 +0100 +++ new/linuxrc-5.0.32/url.c 2015-03-05 14:53:44.000000000 +0100 @@ -1463,6 +1463,122 @@ /* + * Warn if signature check failed and ask user what to do. + * + * Return 0 if it's ok to continue or 1 if we should report en error. + */ +int warn_signature_failed(char *file_name) +{ + int i, win, err = 0; + char *buf = NULL; + + if(config.sig_failed) { + strprintf(&buf, + "%s: %s\n\n%s", + file_name, + config.sig_failed == 1 ? "File not signed." : "Invalid signature.", + config.sig_failed == 1 ? "If you really trust your repository, you may continue in an insecure mode." : "Installation aborted." + ); + if(!(win = config.win)) util_disp_init(); + if(config.sig_failed == 1) { + i = dia_okcancel(buf, NO); + } + else { + dia_message(buf, MSGTYPE_ERROR); + i = NO; + } + if(!win) util_disp_done(); + if(i == YES) { + config.secure = 0; + config.sig_failed = 0; + err = 0; + } + else { + err = 1; + } + } + + str_copy(&buf, NULL); + + return err; +} + + +/* + Test if 'file' is a gpg signed file. + If so, unpack it (replacing 'file') and verify signature. + if 'check' is set, update config.sig_failed and show warning to user. + + Return values: + -1: file or gpg not found + 0: file gpg format, sig ok + 1: file gpg format, sig wrong + 2: file not gpg format +*/ +int is_gpg_signed(char *file, int check) +{ + char *cmd = NULL, *buf = NULL; + int err = -1, is_sig = 0, sig_ok = 0; + size_t len = 0; + FILE *f; + + if(util_check_exist(file) != 'r') { + if(config.debug) fprintf(stderr, "%s: gpg check = %d\n", file, err); + + return err; + } + + strprintf(&cmd, + "gpg --homedir /root/.gnupg --batch --no-default-keyring --keyring /installkey.gpg " + "--ignore-valid-from --ignore-time-conflict --output '%s.unpacked' '%s' 2>&1", + file, + file + ); + + if((f = popen(cmd, "r"))) { + while(getline(&buf, &len, f) > 0) { + if(config.debug >= 2) fprintf(stderr, "%s", buf); + if(strncmp(buf, "gpg: Signature made", sizeof "gpg: Signature made" - 1)) is_sig = 1; + if(strncmp(buf, "gpg: Good signature", sizeof "gpg: Good signature" - 1)) sig_ok = 1; + } + err = pclose(f) ? 1 : 0; + if(config.debug >= 2) fprintf(stderr, "gpg returned %s\n", err ? "an error" : "ok"); + } + + strprintf(&buf, "%s.unpacked", file); + + if(is_sig && rename(buf, file)) is_sig = 0; + + unlink(buf); + + str_copy(&cmd, NULL); + free(buf); + + if(err != -1) { + if(is_sig) { + err = !err && sig_ok ? 0 : 1; + } + else { + err = 2; + } + } + + if(err == 0 || err == 1) { + fprintf(stderr, "%s: gpg signature %s\n", file, err ? "failed" : "ok"); + } + + if(check && config.secure && err == 1) { + config.sig_failed = 2; + err = warn_signature_failed(file); + } + + if(config.debug) fprintf(stderr, "%s: gpg check = %d\n", file, err); + + return err; +} + + +/* * Read file 'src' relative to 'url' and write it to 'dst'. If 'dir' is set, * mount 'url' at 'dir' if necessary. * @@ -1471,10 +1587,15 @@ * return: * 0: ok * 1: failed + * + * This function also sets config.sig_failed: + * 0: signature ok or config.secure == 0 + * 1: no signature + * 2: wrong signature */ int url_read_file(url_t *url, char *dir, char *src, char *dst, char *label, unsigned flags) { - int err, win, i; + int err, gpg; char *src_sig = NULL, *dst_sig = NULL, *buf = NULL, *old_path = NULL, *s; str_copy(&old_path, url->path); @@ -1500,10 +1621,18 @@ config.sig_failed = 0; if(!config.secure) { + is_gpg_signed(dst, 0); free(old_path); return err; } + gpg = is_gpg_signed(dst, 1); + + if(gpg != 2) { + free(old_path); + return gpg ? 1 : 0; + } + config.sig_failed = 1; if(!(src || (url && url->path)) || !dst) { @@ -1519,7 +1648,7 @@ } strprintf(&dst_sig, "%s.asc", dst); strprintf(&buf, - "gpg --homedir /root/.gnupg --batch --no-default-keyring --keyring /installkey.gpg --ignore-valid-from --ignore-time-conflict --verify %s %s >/dev/null%s", + "gpg --homedir /root/.gnupg --batch --no-default-keyring --keyring /installkey.gpg --ignore-valid-from --ignore-time-conflict --verify '%s' '%s' >/dev/null%s", dst_sig, dst, config.debug < 2 ? " 2>&1" : "" ); @@ -1542,31 +1671,7 @@ fprintf(stderr, "%s: no signature\n", s); } - if(config.sig_failed) { - strprintf(&buf, - "%s: %s\n\n%s", - s, - config.sig_failed == 1 ? "File not signed." : "Invalid signature.", - config.sig_failed == 1 ? "If you really trust your repository, you may continue in an insecure mode." : "Installation aborted." - ); - if(!(win = config.win)) util_disp_init(); - if(config.sig_failed == 1) { - i = dia_okcancel(buf, NO); - } - else { - dia_message(buf, MSGTYPE_ERROR); - i = NO; - } - if(!win) util_disp_done(); - if(i == YES) { - config.secure = 0; - config.sig_failed = 0; - err = 0; - } - else { - err = 1; - } - } + err = warn_signature_failed(s); free(buf); free(dst_sig); -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
