commit mkdud for openSUSE:Factory

16 Jan 2016

Hello community,

here is the log from the commit of package mkdud for openSUSE:Factory checked in at 2016-01-16 11:56:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mkdud (Old)
 and      /work/SRC/openSUSE:Factory/.mkdud.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "mkdud"

Changes:
--------

--- /work/SRC/openSUSE:Factory/mkdud/mkdud.changes	2016-01-13 22:46:25.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.mkdud.new/mkdud.changes	2016-01-16 11:56:59.000000000 +0100
@@ -1,0 +2,6 @@
+Thu Jan 14 14:17:15 UTC 2016 - snwint@suse.com
+
+- added --obs-keys option to retrieve necessary obs project keys
+- 1.22
+
+-------------------------------------------------------------------

Old:
----
  mkdud-1.21.tar.xz

New:
----
  mkdud-1.22.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mkdud.spec ++++++
--- /var/tmp/diff_new_pack.RHUBCg/_old	2016-01-16 11:57:01.000000000 +0100
+++ /var/tmp/diff_new_pack.RHUBCg/_new	2016-01-16 11:57:01.000000000 +0100
@@ -23,7 +23,7 @@
 Summary:        Create driver update from rpms
 License:        GPL-3.0+
 Group:          Hardware/Other
-Version:        1.21
+Version:        1.22
 Release:        0
 Source:         %{name}-%{version}.tar.xz
 Url:            https://github.com/wfeldt/mkdud

++++++ mkdud-1.21.tar.xz -> mkdud-1.22.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mkdud-1.21/VERSION new/mkdud-1.22/VERSION
--- old/mkdud-1.21/VERSION	2016-01-13 14:51:37.000000000 +0100
+++ new/mkdud-1.22/VERSION	2016-01-14 15:15:40.000000000 +0100
@@ -1 +1 @@
-1.21
+1.22
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mkdud-1.21/changelog new/mkdud-1.22/changelog
--- old/mkdud-1.21/changelog	2016-01-13 14:51:37.000000000 +0100
+++ new/mkdud-1.22/changelog	2016-01-14 15:15:40.000000000 +0100
@@ -1,3 +1,6 @@
+2016-01-14:	1.22
+	- added --obs-keys option to retrieve necessary obs project keys
+
 2016-01-13:	1.21
 	- use mkpath instead of make_path to be compatible with older perl versions
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mkdud-1.21/mkdud new/mkdud-1.22/mkdud
--- old/mkdud-1.21/mkdud	2016-01-13 14:51:37.000000000 +0100
+++ new/mkdud-1.22/mkdud	2016-01-14 15:15:40.000000000 +0100
@@ -115,6 +115,7 @@
 sub import_sign_key;
 sub get_sign_key_name;
 sub sign_file;
+sub get_obs_key;
 
 my %config;
 my $opt_create;
@@ -139,6 +140,7 @@
 my $opt_preparer;
 my $opt_application;
 my $opt_volume;
+my $opt_obs_keys;
 
 # global variables
 my $dud;
@@ -151,6 +153,8 @@
 my $format_compr = "gz";
 my $sign_key_dir;
 my $sign_key_ok;
+my $obs;
+my $pubkey_info;
 
 # linuxrc versions in service packs
 my $servicepack;
@@ -179,6 +183,7 @@
   'detached-sign'    => \$opt_sign,
   'sign'             => sub { $opt_sign = 1; $opt_sign_direct = 1 },
   'sign-key=s'       => \$opt_sign_key,
+  'obs-keys'         => \$opt_obs_keys,
   'force'            => \$opt_force,
   'format=s'         => \$opt_format,
   'prefix=i'         => \$opt_dud_prefix,
@@ -220,6 +225,23 @@
 
 $opt_sign_key ||= $config{'sign-key'};
 
+if($opt_obs_keys) {
+  if(open my $f, "$ENV{HOME}/.oscrc") {
+    while(<$f>) {
+      if(m#^\[(https?://([^/\]]+))#) {
+        $obs->{server}{$2} = $1;
+      }
+    }
+    close $f;
+  }
+
+  for (sort keys %{$obs->{server}}) {
+    my $x = $_;
+    $x =~ s/^[^\.]*\.//;
+    $obs->{server_short}{$x} = $obs->{server}{$_};
+  }
+}
+
 my $tmp = Tmp::new($opt_save_temp);
 
 my $tmp_dud = $tmp->dir('dud');
@@ -384,6 +406,10 @@
       --vendor                  Set ISO publisher id (if using format 'iso').
       --preparer                Set ISO data preparer id (if using format 'iso').
       --application             Set ISO application id (if using format 'iso').
+      --obs-keys                Retrieve and add project keys from the openSUSE build service
+                                as needed to verify the RPMs in SOURCES.
+                                See 'Adding RPMs notes' below.
+
 
 Configuration file:
 
@@ -400,8 +426,7 @@
   - RPMs. The packages are used according to the value of the --install option.
 
   - PGP pubic key files (ASCII). The files are added to the rpm key database for verifying
-    RPMs during the installation process. Note that the keys are not copied
-    into the target system (the installed system).
+    RPMs during the installation process. See 'Adding RPMs notes' below.
 
   - kernel modules.
 
@@ -426,6 +451,37 @@
 
   - ISO images. The images are unpacked and scanned for driver updates.
 
+Adding RPMs notes:
+
+  If you add RPMs to SOURCES, these RPMs can be used to update the installation system
+  and/or to be installed in the target system. See --install option on how to choose.
+
+  The best way is to go for 'repo' to install them in the target system as then they
+  are handled by the package manager and package dependencies are automatically resolved.
+
+  But there are two catches:
+
+    (1) The package must be actually required by the selected pattern or it must be
+    manually selected in the package manager; else it won't be installed at all.
+
+    This is normally no problem if you update a package (as it's likely required, else
+    you wouldn't want to update it) but if you try to install some uncommon package
+    it might not be selected.
+
+    (2) If the package is signed, the signature will be checked by the package manager
+    and you'll end up with a warning if the necessary public key is not available. This
+    particularly happens with packages from the openSUSE build service which were built
+    in some user's project.
+
+    For this, mkdud will package any pgp public key files you add to SOURCES in a way so
+    that they are used by the package manager during installation. They will *not* be
+    installed in the target system.
+
+    To ease this even more, the --obs-keys option causes mkdud to retrieve the necessary
+    keys for each RPM in SOURCES from the build service using the 'osc' tool. Note that
+    you must configure the build service access via .oscrc in your HOME directory for this
+    to work.
+
 References:
 
 Driver update documentation is available here:
@@ -539,6 +595,15 @@
 
     push @files, $ft;
 
+    if($opt_obs_keys && $opt_install{repo}) {
+      my $x = `rpm --nosignature -qp -i $_[0] 2>$tmp_err`;
+      if($x =~ /^Signature\s*:.*Key ID/m) {
+        $x = `rpm --nosignature -qp --qf '%{DISTURL}' $_[0] 2>$tmp_err`;
+        $x = get_obs_key $x, $_[0];
+        push @files, { type => 'pubkey', file => $x } if $x;
+      }
+    }
+
     return;
   }
   elsif(/^ELF/) {
@@ -1871,12 +1936,13 @@
   }
 
   # ----------------------------
-  # other files
+  # public rpm keys
 
   for (glob("$dir/inst-sys/usr/lib/rpm/gnupg/keys/*")) {
     s#^.*/##;
     next unless /\.asc$/;
     $sect{pubkeys} .= "      $_\n";
+    $sect{pubkeys} .= "      ($pubkey_info->{$_})\n" if $pubkey_info->{$_};
   }
 
   # ----------------------------
@@ -2053,6 +2119,8 @@
   my $date;
   my $priv;
   my $pub;
+  my $uid;
+  my $expire;
 
   local $_;
 
@@ -2061,13 +2129,18 @@
       $priv = 1 if /BEGIN PGP PRIVATE KEY BLOCK/;
       $pub = 1 if /BEGIN PGP PUBLIC KEY BLOCK/;
       $keyid = $1 if !$keyid && /^:signature packet:.*keyid\s+([0-9a-zA-Z]+)/;
-      $date = $1, last if !$date && $keyid && /created\s+(\d+)/;
+      $uid = $1 if !$uid && /^:user ID packet: "(.+)"/;
+      $expire = $1 if !$expire && /pub.*( \[expires:[^\]]*\])/;
+      $date = $1 if !$date && $keyid && /created\s+(\d+)/;
     }
     close $p;
   }
 
   if($pub && $date) {
-    return sprintf "gpg-pubkey-%08x-%08x.asc", hex($keyid) & 0xffffffff, $date;
+    my $x = sprintf "gpg-pubkey-%08x-%08x.asc", hex($keyid) & 0xffffffff, $date;
+    $pubkey_info->{$x} = "$uid$expire";
+    # print ">$x: $uid$expire<\n";
+    return $x;
   }
   else {
     die "$key: signing key is not a public key\n";
@@ -2093,3 +2166,59 @@
   }
 }
 
+
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+sub get_obs_key
+{
+  my $url = $_[0];
+  my $rpm = $_[1];
+
+  my ($server, $prj, $uri);
+
+  if($url =~ m#obs://([^/]+)/([^/]+)/#) {
+    $server = $1;
+    $prj = $2;
+
+    $uri = $obs->{server}{$server};
+
+    if(!$uri) {
+      my $x = $server;
+      $x =~ s/^[^\.]*\.//;
+      $uri = $obs->{server_short}{$x};
+    }
+  }
+
+  if(!$server) {
+    print STDERR "$rpm: obs info missing, can't get sign key\n";
+
+    return undef;
+  }
+
+  if(!$uri) {
+    print STDERR "$rpm: no config for obs server \"$server\", can't get sign key\n";
+
+    return undef;
+  }
+
+  # print ">$uri $prj<\n";
+
+  my $k = `osc -A '$uri' signkey $prj 2>/dev/null`;
+
+  # stupid osc writes also other stuff to stdout...
+  $k =~ s/^.*(-----BEGIN PGP PUBLIC KEY BLOCK-----)/$1/s;
+
+  if($k =~ /^-----BEGIN PGP PUBLIC KEY BLOCK-----/) {
+    my $tmp_file = $tmp->file();
+    my $f;
+    open $f, ">$tmp_file";
+    print $f $k;
+    close $f;
+
+    return $tmp_file;
+  }
+
+  print STDERR "$rpm: no sign key found\n";
+
+  return undef;
+}
+

    

commit mkdud for openSUSE:Factory

root＠hilbert.suse.de