Hello community,
here is the log from the commit of package linuxrc for openSUSE:Factory checked
in at 2015-03-23 12:14:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/linuxrc (Old)
and /work/SRC/openSUSE:Factory/.linuxrc.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "linuxrc"
Changes:
--------
--- /work/SRC/openSUSE:Factory/linuxrc/linuxrc.changes 2015-03-18
12:59:24.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.linuxrc.new/linuxrc.changes 2015-03-23
12:14:48.000000000 +0100
@@ -1,0 +2,8 @@
+Wed Mar 18 17:16:36 CET 2015 - snw...@suse.com
+
+- update copyright string
+- verify also rpm signatures
+- track also improper driver updates (bnc #901598)
+- 5.0.34
+
+-------------------------------------------------------------------
Old:
----
linuxrc-5.0.33.tar.xz
New:
----
linuxrc-5.0.34.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ linuxrc.spec ++++++
--- /var/tmp/diff_new_pack.ky6NQi/_old 2015-03-23 12:14:49.000000000 +0100
+++ /var/tmp/diff_new_pack.ky6NQi/_new 2015-03-23 12:14:49.000000000 +0100
@@ -25,7 +25,7 @@
Summary: SUSE Installation Program
License: GPL-3.0+
Group: System/Boot
-Version: 5.0.33
+Version: 5.0.34
Release: 0
Source: %{name}-%{version}.tar.xz
BuildRoot: %{_tmppath}/%{name}-%{version}-build
++++++ linuxrc-5.0.33.tar.xz -> linuxrc-5.0.34.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/linuxrc-5.0.33/VERSION new/linuxrc-5.0.34/VERSION
--- old/linuxrc-5.0.33/VERSION 2015-03-09 10:41:11.000000000 +0100
+++ new/linuxrc-5.0.34/VERSION 2015-03-18 16:32:48.000000000 +0100
@@ -1 +1 @@
-5.0.33
+5.0.34
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/linuxrc-5.0.33/auto2.c new/linuxrc-5.0.34/auto2.c
--- old/linuxrc-5.0.33/auto2.c 2015-03-09 10:41:11.000000000 +0100
+++ new/linuxrc-5.0.34/auto2.c 2015-03-18 16:32:48.000000000 +0100
@@ -530,6 +530,10 @@
if(!is_dud && (url->is.file || !url->is.mountable)) {
is_dud = 1;
+ // log as driver update
+ config.update.count++;
+ slist_append_str(&config.update.name_list, url->path);
+
s = url_print(url, 1);
printf("%s: adding to %s system\n", s, config.rescue ? "rescue" :
"installation");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/linuxrc-5.0.33/changelog new/linuxrc-5.0.34/changelog
--- old/linuxrc-5.0.33/changelog 2015-03-09 10:41:11.000000000 +0100
+++ new/linuxrc-5.0.34/changelog 2015-03-18 16:32:48.000000000 +0100
@@ -1,3 +1,8 @@
+2015-03-18: 5.0.34
+ - update copyright string
+ - verify also rpm signatures
+ - track also improper driver updates (bnc #901598)
+
2015-03-09: 5.0.33
- don't set a default keymap too eagerly (bnc #857194)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/linuxrc-5.0.33/linuxrc.c new/linuxrc-5.0.34/linuxrc.c
--- old/linuxrc-5.0.33/linuxrc.c 2015-03-09 10:41:11.000000000 +0100
+++ new/linuxrc-5.0.34/linuxrc.c 2015-03-18 16:32:48.000000000 +0100
@@ -872,7 +872,7 @@
if (config.linemode)
putchar('\n');
printf(
- "\n>>> %s installation program v" LXRC_FULL_VERSION " (c) 1996-2014 SUSE
Linux Products GmbH <<<\n",
+ "\n>>> %s installation program v" LXRC_FULL_VERSION " (c) 1996-2015 SUSE
Linux GmbH <<<\n",
config.product
);
if (config.linemode)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/linuxrc-5.0.33/url.c new/linuxrc-5.0.34/url.c
--- old/linuxrc-5.0.33/url.c 2015-03-09 10:41:11.000000000 +0100
+++ new/linuxrc-5.0.34/url.c 2015-03-18 16:32:48.000000000 +0100
@@ -1,4 +1,4 @@
-#define _GNU_SOURCE /* strnlen, getline */
+#define _GNU_SOURCE /* strnlen, getline, strcasestr */
/*
@@ -70,6 +70,10 @@
static void digest_process(url_data_t *url_data, void *buffer, size_t len);
static void digest_finish(url_data_t *url_data);
static int digest_verify(url_data_t *url_data, char *file_name);
+static int warn_signature_failed(char *file_name);
+static int is_gpg_signed(char *file);
+static int is_rpm_signed(char *file);
+static int is_signed(char *file, int check);
void url_read(url_data_t *url_data)
@@ -1507,7 +1511,6 @@
/*
Test if 'file' is a gpg signed file.
If so, unpack it (replacing 'file') and verify signature.
- if 'check' is set, update config.sig_failed and show warning to user.
Return values:
-1: file or gpg not found
@@ -1515,7 +1518,7 @@
1: file gpg format, sig wrong
2: file not gpg format
*/
-int is_gpg_signed(char *file, int check)
+int is_gpg_signed(char *file)
{
char *cmd = NULL, *buf = NULL;
int err = -1, is_sig = 0, sig_ok = 0;
@@ -1567,12 +1570,104 @@
fprintf(stderr, "%s: gpg signature %s\n", file, err ? "failed" : "ok");
}
+ if(config.debug) fprintf(stderr, "%s: gpg check = %d\n", file, err);
+
+ return err;
+}
+
+
+/*
+ Test if 'file' is a signed rpm.
+ If so, verify signature.
+
+ Return values:
+ -1: file or 'rpmkeys' not found
+ 0: file rpm format, sig ok
+ 1: file rpm format, sig wrong
+ 2: file not rpm format or not signed
+*/
+int is_rpm_signed(char *file)
+{
+ char *cmd = NULL, *buf = NULL;
+ int err = -1, is_sig = 0, sig_ok = 0;
+ size_t len = 0;
+ FILE *f;
+
+ if(util_check_exist(file) != 'r') {
+ if(config.debug) fprintf(stderr, "%s: rpm sig check = %d\n", file, err);
+
+ return err;
+ }
+
+ char *type = util_fstype(file, NULL);
+ if(!type || strcmp(type, "rpm")) return 2;
+
+ strprintf(&cmd, "rpmkeys --checksig --define '%%_keyringpath /pubkeys' '%s'
2>&1", file);
+
+ if((f = popen(cmd, "r"))) {
+ while(getline(&buf, &len, f) > 0) {
+ char *s = strrchr(buf, ':') ?: buf;
+
+ if(config.debug >= 2) fprintf(stderr, "%s", buf);
+
+ if(strcasestr(s, " pgp ") || strcasestr(s, " gpg ")) is_sig = 1;
+ if(strstr(s, " pgp ") || strstr(s, " gpg ")) sig_ok = 1;
+ }
+ err = pclose(f) ? 1 : 0;
+ if(config.debug >= 2) fprintf(stderr, "rpmkeys returned %s\n", err ? "an
error" : "ok");
+ }
+
+ str_copy(&cmd, NULL);
+ free(buf);
+
+ if(err != -1) {
+ if(is_sig) {
+ err = !err && sig_ok ? 0 : 1;
+ }
+ else {
+ err = 2;
+ }
+ }
+
+ if(err == 0 || err == 1) {
+ fprintf(stderr, "%s: rpm signature %s\n", file, err ? "failed" : "ok");
+ }
+
+ if(config.debug) fprintf(stderr, "%s: rpm sig check = %d\n", file, err);
+
+ return err;
+}
+
+
+/*
+ Test if 'file' is a (non-detached) signed file.
+ Verify signature and, if necessary (gpg), unpack it,
+ replacing original 'file'.
+
+ If 'check' is set, update config.sig_failed and show warning to user.
+
+ Return values:
+ -1: file or checking command not found
+ 0: file has signature, sig ok
+ 1: file has signature, sig wrong
+ 2: file not signed
+*/
+int is_signed(char *file, int check)
+{
+ int err;
+
+ // first, maybe it's an rpm
+ err = is_rpm_signed(file);
+
+ // if not, maybe gpg signed
+ if(!(err == 0 || err == 1)) err = is_gpg_signed(file);
+
if(check && config.secure && err == 1) {
config.sig_failed = 2;
err = warn_signature_failed(file);
}
- if(config.debug) fprintf(stderr, "%s: gpg check = %d\n", file, err);
+ if(config.debug) fprintf(stderr, "%s: sig check = %d\n", file, err);
return err;
}
@@ -1621,12 +1716,12 @@
config.sig_failed = 0;
if(!config.secure) {
- is_gpg_signed(dst, 0);
+ is_signed(dst, 0);
free(old_path);
return err;
}
- gpg = is_gpg_signed(dst, 1);
+ gpg = is_signed(dst, 1);
if(gpg != 2) {
free(old_path);
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
