Author: jsuchome
Date: Mon Jul 30 21:20:09 2007
New Revision: 39816
URL: http://svn.opensuse.org/viewcvs/yast?rev=39816&view=rev
Log:
- enable resigning of the packages (#287447)
Modified:
trunk/add-on-creator/package/yast2-add-on-creator.changes
trunk/add-on-creator/src/AddOnCreator.ycp
trunk/add-on-creator/src/complex.ycp
trunk/add-on-creator/src/helps.ycp
Modified: trunk/add-on-creator/package/yast2-add-on-creator.changes
URL: http://svn.opensuse.org/viewcvs/yast/trunk/add-on-creator/package/yast2-add-on-creator.changes?rev=39816&r1=39815&r2=39816&view=diff
==============================================================================
--- trunk/add-on-creator/package/yast2-add-on-creator.changes (original)
+++ trunk/add-on-creator/package/yast2-add-on-creator.changes Mon Jul 30 21:20:09 2007
@@ -1,6 +1,11 @@
-------------------------------------------------------------------
Thu Jun 14 14:15:55 CEST 2007 - jsuchome@suse.cz
+- enable resigning of the packages (#287447)
+
+-------------------------------------------------------------------
+Thu Jun 14 14:15:55 CEST 2007 - jsuchome@suse.cz
+
- checkbox for marking pattern as required (#224342)
- 2.15.13
Modified: trunk/add-on-creator/src/AddOnCreator.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/add-on-creator/src/AddOnCreator.ycp?rev=39816&r1=39815&r2=39816&view=diff
==============================================================================
--- trunk/add-on-creator/src/AddOnCreator.ycp (original)
+++ trunk/add-on-creator/src/AddOnCreator.ycp Mon Jul 30 21:20:09 2007
@@ -485,6 +485,32 @@
],
];
+// script used for signing rpm's
+string expect_script =
+"#!/usr/bin/expect --
+exp_internal 0
+
+set stat 0
+foreach rpm $argv {
+ spawn -noecho rpm --delsign $rpm
+ expect {
+ eof {}
+ }
+ spawn -noecho rpm --define \"_signature gpg\" --define \"_gpg_name %1\" --define \"_gpgbin /usr/bin/gpg\" --resign $rpm
+ expect \"pass phrase:\" {send \"%2\r\"}
+ expect {
+ \"is good.\" {send \"\n\"}
+ eof {}
+ }
+ wait
+ spawn -noecho rpm --define \"_signature gpg\" --define \"_gpg_name %1\" --define \"_gpgbin /usr/bin/gpg\" --checksig $rpm
+ expect {
+ -re \": .*(gpg|pgp).*OK\" {continue;}
+ eof {set stat 1;}
+ }
+}
+exit $stat";
+
// just key:value mapping
global map content_map = $[];
@@ -596,11 +622,14 @@
global map package2filename = $[];
// mapping of source package name to full file name
-global map srcpackage2filename = $[];
+global map srcpackage2filename = $[];
// if we want only to sign existing product (and possibly create iso of it)
global boolean only_sign_product = false;
+// also sign all rpm's (see bug #287447)
+global boolean resign_packages = false;
+
/**
* Data was modified?
*/
@@ -1452,6 +1481,10 @@
if (arch != "ZZZ_imported" && arch != "ZZZ_required" &&
FileUtils::Exists (out_dir))
{
+ // arch_directories will be needed later for CreateMD5SUMS and
+ // resign_packages
+ arch_directories = (list<string>)
+ union (arch_directories, [arch]);
if (size (package2filename) > 0 && arch != "src")
{
foreach (string p, (list<string>) pa, {
@@ -1672,6 +1705,25 @@
SCR::Execute (.target.bash, command, $["LANG" : "C"]);
});
+ // sign the packages
+ if (resign_packages)
+ {
+ string expect = tmpdir + "/sign.ex";
+ SCR::Write (.target.string, expect,
+ sformat (expect_script, key, passphrase));
+ list<string> dirs = maplist (string arch_dir, arch_directories, {
+ return full_data_path + "/" + arch_dir;
+ });
+ foreach (string full_path, dirs, {
+ if (dir_has_files (full_path))
+ {
+ string cmd = sformat ("LANG=C expect %1 %2/*.rpm", expect, full_path);
+ out = (map) SCR::Execute (.target.bash_output, cmd);
+ }
+ });
+ SCR::Execute (.target.bash, sformat ("rm %1", expect));
+ }
+
// sign the content file
SCR::Execute (.target.bash, sformat ("rm -f '%1/content.asc'", base_path));
out = (map) SCR::Execute (.target.bash_output, sformat("
Modified: trunk/add-on-creator/src/complex.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/add-on-creator/src/complex.ycp?rev=39816&r1=39815&r2=39816&view=diff
==============================================================================
--- trunk/add-on-creator/src/complex.ycp (original)
+++ trunk/add-on-creator/src/complex.ycp Mon Jul 30 21:20:09 2007
@@ -1311,6 +1311,11 @@
),
// password entry label
`Password (`id(`pw), _("&Passphrase"), AddOnCreator::passphrase),
+ // checkbox label
+ `Left (`CheckBox (`id (`resign),
+ _("Re&sign all packages with selected key"),
+ AddOnCreator::resign_packages)
+ ),
`VSpacing (0.7)
), `HSpacing ());
@@ -1337,8 +1342,15 @@
}
}
else if (ret == `next) {
+ boolean resign = (boolean) UI::QueryWidget(`id(`resign), `Value);
+ if (resign && !Package::Install ("expect"))
+ {
+ UI::ChangeWidget (`id (`resign), `Value, false);
+ continue;
+ }
AddOnCreator::gpg_key = key;
AddOnCreator::passphrase = (string)UI::QueryWidget(`id(`pw),`Value);
+ AddOnCreator::resign_packages = resign;
break;
}
else if (ret == `abort || ret == `cancel) {
Modified: trunk/add-on-creator/src/helps.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/add-on-creator/src/helps.ycp?rev=39816&r1=39815&r2=39816&view=diff
==============================================================================
--- trunk/add-on-creator/src/helps.ycp (original)
+++ trunk/add-on-creator/src/helps.ycp Mon Jul 30 21:20:09 2007
@@ -131,7 +131,10 @@
"signing" : _("<p>Here, configure the signing of the add-on product. Choose a secret key from the list of keys available or create a new one with <b>Create</b>.</p>") +
// help text for signing dialog, cont.
- _("<p>Enter the passphrase needed to unlock the secret key.</p>"),
+ _("<p>Enter the passphrase needed to unlock the secret key.</p>") +
+
+ // help text for signing dialog, cont.
+ _("<p>Select if you want to <b>sign all packages</b> of the add-on product with selected key. All previous package signatures will be removed.</p>"),
// help text for generating new key dialog
"generate" : _("<p>Enter the values necessary for generating the new primary key pair.</p>") +
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org