Author: jsuchome Date: Mon Jul 30 21:20:09 2007 New Revision: 39816 URL: http://svn.opensuse.org/viewcvs/yast?rev=39816&view=rev Log: - enable resigning of the packages (#287447) Modified: trunk/add-on-creator/package/yast2-add-on-creator.changes trunk/add-on-creator/src/AddOnCreator.ycp trunk/add-on-creator/src/complex.ycp trunk/add-on-creator/src/helps.ycp Modified: trunk/add-on-creator/package/yast2-add-on-creator.changes URL: http://svn.opensuse.org/viewcvs/yast/trunk/add-on-creator/package/yast2-add-on-creator.changes?rev=39816&r1=39815&r2=39816&view=diff ============================================================================== --- trunk/add-on-creator/package/yast2-add-on-creator.changes (original) +++ trunk/add-on-creator/package/yast2-add-on-creator.changes Mon Jul 30 21:20:09 2007 @@ -1,6 +1,11 @@ ------------------------------------------------------------------- Thu Jun 14 14:15:55 CEST 2007 - jsuchome@suse.cz +- enable resigning of the packages (#287447) + +------------------------------------------------------------------- +Thu Jun 14 14:15:55 CEST 2007 - jsuchome@suse.cz + - checkbox for marking pattern as required (#224342) - 2.15.13 Modified: trunk/add-on-creator/src/AddOnCreator.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/add-on-creator/src/AddOnCreator.ycp?rev=39816&r1=39815&r2=39816&view=diff ============================================================================== --- trunk/add-on-creator/src/AddOnCreator.ycp (original) +++ trunk/add-on-creator/src/AddOnCreator.ycp Mon Jul 30 21:20:09 2007 @@ -485,6 +485,32 @@ ], ]; +// script used for signing rpm's +string expect_script = +"#!/usr/bin/expect -- +exp_internal 0 + +set stat 0 +foreach rpm $argv { + spawn -noecho rpm --delsign $rpm + expect { + eof {} + } + spawn -noecho rpm --define \"_signature gpg\" --define \"_gpg_name %1\" --define \"_gpgbin /usr/bin/gpg\" --resign $rpm + expect \"pass phrase:\" {send \"%2\r\"} + expect { + \"is good.\" {send \"\n\"} + eof {} + } + wait + spawn -noecho rpm --define \"_signature gpg\" --define \"_gpg_name %1\" --define \"_gpgbin /usr/bin/gpg\" --checksig $rpm + expect { + -re \": .*(gpg|pgp).*OK\" {continue;} + eof {set stat 1;} + } +} +exit $stat"; + // just key:value mapping global map<string,string> content_map = $[]; @@ -596,11 +622,14 @@ global map<string,string> package2filename = $[]; // mapping of source package name to full file name -global map<string,string> srcpackage2filename = $[]; +global map<string,string> srcpackage2filename = $[]; // if we want only to sign existing product (and possibly create iso of it) global boolean only_sign_product = false; +// also sign all rpm's (see bug #287447) +global boolean resign_packages = false; + /** * Data was modified? */ @@ -1452,6 +1481,10 @@ if (arch != "ZZZ_imported" && arch != "ZZZ_required" && FileUtils::Exists (out_dir)) { + // arch_directories will be needed later for CreateMD5SUMS and + // resign_packages + arch_directories = (list<string>) + union (arch_directories, [arch]); if (size (package2filename) > 0 && arch != "src") { foreach (string p, (list<string>) pa, { @@ -1672,6 +1705,25 @@ SCR::Execute (.target.bash, command, $["LANG" : "C"]); }); + // sign the packages + if (resign_packages) + { + string expect = tmpdir + "/sign.ex"; + SCR::Write (.target.string, expect, + sformat (expect_script, key, passphrase)); + list<string> dirs = maplist (string arch_dir, arch_directories, { + return full_data_path + "/" + arch_dir; + }); + foreach (string full_path, dirs, { + if (dir_has_files (full_path)) + { + string cmd = sformat ("LANG=C expect %1 %2/*.rpm", expect, full_path); + out = (map) SCR::Execute (.target.bash_output, cmd); + } + }); + SCR::Execute (.target.bash, sformat ("rm %1", expect)); + } + // sign the content file SCR::Execute (.target.bash, sformat ("rm -f '%1/content.asc'", base_path)); out = (map) SCR::Execute (.target.bash_output, sformat(" Modified: trunk/add-on-creator/src/complex.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/add-on-creator/src/complex.ycp?rev=39816&r1=39815&r2=39816&view=diff ============================================================================== --- trunk/add-on-creator/src/complex.ycp (original) +++ trunk/add-on-creator/src/complex.ycp Mon Jul 30 21:20:09 2007 @@ -1311,6 +1311,11 @@ ), // password entry label `Password (`id(`pw), _("&Passphrase"), AddOnCreator::passphrase), + // checkbox label + `Left (`CheckBox (`id (`resign), + _("Re&sign all packages with selected key"), + AddOnCreator::resign_packages) + ), `VSpacing (0.7) ), `HSpacing ()); @@ -1337,8 +1342,15 @@ } } else if (ret == `next) { + boolean resign = (boolean) UI::QueryWidget(`id(`resign), `Value); + if (resign && !Package::Install ("expect")) + { + UI::ChangeWidget (`id (`resign), `Value, false); + continue; + } AddOnCreator::gpg_key = key; AddOnCreator::passphrase = (string)UI::QueryWidget(`id(`pw),`Value); + AddOnCreator::resign_packages = resign; break; } else if (ret == `abort || ret == `cancel) { Modified: trunk/add-on-creator/src/helps.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/add-on-creator/src/helps.ycp?rev=39816&r1=39815&r2=39816&view=diff ============================================================================== --- trunk/add-on-creator/src/helps.ycp (original) +++ trunk/add-on-creator/src/helps.ycp Mon Jul 30 21:20:09 2007 @@ -131,7 +131,10 @@ "signing" : _("<p>Here, configure the signing of the add-on product. Choose a secret key from the list of keys available or create a new one with <b>Create</b>.</p>") + // help text for signing dialog, cont. - _("<p>Enter the passphrase needed to unlock the secret key.</p>"), + _("<p>Enter the passphrase needed to unlock the secret key.</p>") + + + // help text for signing dialog, cont. + _("<p>Select if you want to <b>sign all packages</b> of the add-on product with selected key. All previous package signatures will be removed.</p>"), // help text for generating new key dialog "generate" : _("<p>Enter the values necessary for generating the new primary key pair.</p>") + -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org