Hello community, here is the log from the commit of package linuxrc for openSUSE:Factory checked in at 2015-03-23 12:14:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/linuxrc (Old) and /work/SRC/openSUSE:Factory/.linuxrc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "linuxrc" Changes: -------- --- /work/SRC/openSUSE:Factory/linuxrc/linuxrc.changes 2015-03-18 12:59:24.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.linuxrc.new/linuxrc.changes 2015-03-23 12:14:48.000000000 +0100 @@ -1,0 +2,8 @@ +Wed Mar 18 17:16:36 CET 2015 - snw...@suse.com + +- update copyright string +- verify also rpm signatures +- track also improper driver updates (bnc #901598) +- 5.0.34 + +------------------------------------------------------------------- Old: ---- linuxrc-5.0.33.tar.xz New: ---- linuxrc-5.0.34.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ linuxrc.spec ++++++ --- /var/tmp/diff_new_pack.ky6NQi/_old 2015-03-23 12:14:49.000000000 +0100 +++ /var/tmp/diff_new_pack.ky6NQi/_new 2015-03-23 12:14:49.000000000 +0100 @@ -25,7 +25,7 @@ Summary: SUSE Installation Program License: GPL-3.0+ Group: System/Boot -Version: 5.0.33 +Version: 5.0.34 Release: 0 Source: %{name}-%{version}.tar.xz BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ linuxrc-5.0.33.tar.xz -> linuxrc-5.0.34.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/linuxrc-5.0.33/VERSION new/linuxrc-5.0.34/VERSION --- old/linuxrc-5.0.33/VERSION 2015-03-09 10:41:11.000000000 +0100 +++ new/linuxrc-5.0.34/VERSION 2015-03-18 16:32:48.000000000 +0100 @@ -1 +1 @@ -5.0.33 +5.0.34 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/linuxrc-5.0.33/auto2.c new/linuxrc-5.0.34/auto2.c --- old/linuxrc-5.0.33/auto2.c 2015-03-09 10:41:11.000000000 +0100 +++ new/linuxrc-5.0.34/auto2.c 2015-03-18 16:32:48.000000000 +0100 @@ -530,6 +530,10 @@ if(!is_dud && (url->is.file || !url->is.mountable)) { is_dud = 1; + // log as driver update + config.update.count++; + slist_append_str(&config.update.name_list, url->path); + s = url_print(url, 1); printf("%s: adding to %s system\n", s, config.rescue ? "rescue" : "installation"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/linuxrc-5.0.33/changelog new/linuxrc-5.0.34/changelog --- old/linuxrc-5.0.33/changelog 2015-03-09 10:41:11.000000000 +0100 +++ new/linuxrc-5.0.34/changelog 2015-03-18 16:32:48.000000000 +0100 @@ -1,3 +1,8 @@ +2015-03-18: 5.0.34 + - update copyright string + - verify also rpm signatures + - track also improper driver updates (bnc #901598) + 2015-03-09: 5.0.33 - don't set a default keymap too eagerly (bnc #857194) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/linuxrc-5.0.33/linuxrc.c new/linuxrc-5.0.34/linuxrc.c --- old/linuxrc-5.0.33/linuxrc.c 2015-03-09 10:41:11.000000000 +0100 +++ new/linuxrc-5.0.34/linuxrc.c 2015-03-18 16:32:48.000000000 +0100 @@ -872,7 +872,7 @@ if (config.linemode) putchar('\n'); printf( - "\n>>> %s installation program v" LXRC_FULL_VERSION " (c) 1996-2014 SUSE Linux Products GmbH <<<\n", + "\n>>> %s installation program v" LXRC_FULL_VERSION " (c) 1996-2015 SUSE Linux GmbH <<<\n", config.product ); if (config.linemode) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/linuxrc-5.0.33/url.c new/linuxrc-5.0.34/url.c --- old/linuxrc-5.0.33/url.c 2015-03-09 10:41:11.000000000 +0100 +++ new/linuxrc-5.0.34/url.c 2015-03-18 16:32:48.000000000 +0100 @@ -1,4 +1,4 @@ -#define _GNU_SOURCE /* strnlen, getline */ +#define _GNU_SOURCE /* strnlen, getline, strcasestr */ /* @@ -70,6 +70,10 @@ static void digest_process(url_data_t *url_data, void *buffer, size_t len); static void digest_finish(url_data_t *url_data); static int digest_verify(url_data_t *url_data, char *file_name); +static int warn_signature_failed(char *file_name); +static int is_gpg_signed(char *file); +static int is_rpm_signed(char *file); +static int is_signed(char *file, int check); void url_read(url_data_t *url_data) @@ -1507,7 +1511,6 @@ /* Test if 'file' is a gpg signed file. If so, unpack it (replacing 'file') and verify signature. - if 'check' is set, update config.sig_failed and show warning to user. Return values: -1: file or gpg not found @@ -1515,7 +1518,7 @@ 1: file gpg format, sig wrong 2: file not gpg format */ -int is_gpg_signed(char *file, int check) +int is_gpg_signed(char *file) { char *cmd = NULL, *buf = NULL; int err = -1, is_sig = 0, sig_ok = 0; @@ -1567,12 +1570,104 @@ fprintf(stderr, "%s: gpg signature %s\n", file, err ? "failed" : "ok"); } + if(config.debug) fprintf(stderr, "%s: gpg check = %d\n", file, err); + + return err; +} + + +/* + Test if 'file' is a signed rpm. + If so, verify signature. + + Return values: + -1: file or 'rpmkeys' not found + 0: file rpm format, sig ok + 1: file rpm format, sig wrong + 2: file not rpm format or not signed +*/ +int is_rpm_signed(char *file) +{ + char *cmd = NULL, *buf = NULL; + int err = -1, is_sig = 0, sig_ok = 0; + size_t len = 0; + FILE *f; + + if(util_check_exist(file) != 'r') { + if(config.debug) fprintf(stderr, "%s: rpm sig check = %d\n", file, err); + + return err; + } + + char *type = util_fstype(file, NULL); + if(!type || strcmp(type, "rpm")) return 2; + + strprintf(&cmd, "rpmkeys --checksig --define '%%_keyringpath /pubkeys' '%s' 2>&1", file); + + if((f = popen(cmd, "r"))) { + while(getline(&buf, &len, f) > 0) { + char *s = strrchr(buf, ':') ?: buf; + + if(config.debug >= 2) fprintf(stderr, "%s", buf); + + if(strcasestr(s, " pgp ") || strcasestr(s, " gpg ")) is_sig = 1; + if(strstr(s, " pgp ") || strstr(s, " gpg ")) sig_ok = 1; + } + err = pclose(f) ? 1 : 0; + if(config.debug >= 2) fprintf(stderr, "rpmkeys returned %s\n", err ? "an error" : "ok"); + } + + str_copy(&cmd, NULL); + free(buf); + + if(err != -1) { + if(is_sig) { + err = !err && sig_ok ? 0 : 1; + } + else { + err = 2; + } + } + + if(err == 0 || err == 1) { + fprintf(stderr, "%s: rpm signature %s\n", file, err ? "failed" : "ok"); + } + + if(config.debug) fprintf(stderr, "%s: rpm sig check = %d\n", file, err); + + return err; +} + + +/* + Test if 'file' is a (non-detached) signed file. + Verify signature and, if necessary (gpg), unpack it, + replacing original 'file'. + + If 'check' is set, update config.sig_failed and show warning to user. + + Return values: + -1: file or checking command not found + 0: file has signature, sig ok + 1: file has signature, sig wrong + 2: file not signed +*/ +int is_signed(char *file, int check) +{ + int err; + + // first, maybe it's an rpm + err = is_rpm_signed(file); + + // if not, maybe gpg signed + if(!(err == 0 || err == 1)) err = is_gpg_signed(file); + if(check && config.secure && err == 1) { config.sig_failed = 2; err = warn_signature_failed(file); } - if(config.debug) fprintf(stderr, "%s: gpg check = %d\n", file, err); + if(config.debug) fprintf(stderr, "%s: sig check = %d\n", file, err); return err; } @@ -1621,12 +1716,12 @@ config.sig_failed = 0; if(!config.secure) { - is_gpg_signed(dst, 0); + is_signed(dst, 0); free(old_path); return err; } - gpg = is_gpg_signed(dst, 1); + gpg = is_signed(dst, 1); if(gpg != 2) { free(old_path); -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org