[yast-commit] r38042 - /branches/tmp/lslezak/cd-creator/src/ProductCreator.ycp
Author: lslezak Date: Fri May 18 17:17:46 2007 New Revision: 38042 URL: http://svn.opensuse.org/viewcvs/yast?rev=38042&view=rev Log: - sign also add-ons and YUM sources Modified: branches/tmp/lslezak/cd-creator/src/ProductCreator.ycp Modified: branches/tmp/lslezak/cd-creator/src/ProductCreator.ycp URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/cd-creator/src/ProductCreator.ycp?rev=38042&r1=38041&r2=38042&view=diff ============================================================================== --- branches/tmp/lslezak/cd-creator/src/ProductCreator.ycp (original) +++ branches/tmp/lslezak/cd-creator/src/ProductCreator.ycp Fri May 18 17:17:46 2007 @@ -1600,6 +1600,42 @@ return ret; } +global boolean SignSUSEtagsSource(string gpg_key, string dir, string passphrase) +{ + // export the key + boolean success = ExportPublicKey(gpg_key, dir); + // update SHA1 sums + success = success && UpdateContentFile(dir, "suse/setup/descr"); + + if (!success) + { + return false; + } + + // sign the source + success = SignSourceFiles(gpg_key, dir, passphrase); + + if (success) + { + // update directory.yast file + string command = sformat("/bin/rm -f '%1/directory.yast' && /usr/bin/create_directory.yast '%1'", String::Quote(dir)); + y2milestone("Updating %1/directory.yast ...", dir); + integer updated = (integer)SCR::Execute(.target.bash, command); + y2milestone("Updated: %1", updated == 0); + success = success && updated == 0; + } + + return success; +} + +global boolean SignYUMSource(string gpg_key, string dir, string passphrase) +{ + boolean ret = GPG::SignAsciiDetached(gpg_key, dir + "/repodata/repomd.xml", passphrase); + ret = ret && GPG::ExportAsciiPublicKey(gpg_key, dir + "/repodata/repomd.xml.key"); + + return ret; +} + global boolean SignSourceStep() { boolean success = true; @@ -1607,48 +1643,55 @@ // sign the files string gpg_key = Config["gpg_key"]:""; - // TODO FIXME sign correctly YUM sources - if (gpg_key != "") { - boolean signed = false; + string passphrase = (Mode::commandline()) ? gpg_passphrase : GPGWidgets::AskPassphrasePopup(gpg_key); - while (!signed) + // not aborted + if (passphrase != nil) { - string passphrase = (Mode::commandline()) ? gpg_passphrase : GPGWidgets::AskPassphrasePopup(gpg_key); - - if (passphrase == nil) - { - // aborted - break; - } - - // export the key - success = success && ExportPublicKey(gpg_key, skel_root); - // update SHA1 sums - success = success && UpdateContentFile(skel_root, "suse/setup/descr"); - // sign the source - signed = SignSourceFiles(gpg_key, skel_root, passphrase); + // sign each product + foreach(integer srcid, string dir, product_map, { + boolean signed = false; + map general_info = Pkg::SourceGeneralData(srcid); + + while (!signed) + { + if (general_info["type"]:"" == "YaST") + { + // sign the source + signed = SignSUSEtagsSource(gpg_key, skel_root + "/" + dir, passphrase); + } + else + { + // sign the source + signed = SignYUMSource(gpg_key, skel_root + "/" + dir, passphrase); + } - // yes/no popup: error message - if (!signed && !Popup::YesNo(_("Error: Could not digitally sign the source.\nTry it again?"))) - { - break; - } + // yes/no popup: error message + if (!signed) + { + if (Popup::YesNo(_("Error: Could not digitally sign the source.\nTry it again?"))) + { + passphrase = (Mode::commandline()) ? gpg_passphrase : GPGWidgets::AskPassphrasePopup(gpg_key); + } + else + { + break; + } + } + } - if (signed) - { - // update directory.yast file - string command = sformat("/bin/rm -f '%1/directory.yast' && /usr/bin/create_directory.yast '%1'", String::Quote(skel_root)); - y2milestone("Updating %1/directory.yast ...", skel_root); - integer updated = (integer)SCR::Execute(.target.bash, command); - y2milestone("Updated: %1", updated == 0); - success = success && updated == 0; - } + success = success && signed; + } + ); + } + else + { + success = false; } - success = success && signed; - + // insert the key into the installation initrd success = success && InsertKeyToInitrds(gpg_key, skel_root); } -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org
participants (1)
-
lslezak@svn.opensuse.org