Hello community, here is the log from the commit of package mksusecd for openSUSE:Factory checked in at 2017-12-06 09:00:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mksusecd (Old) and /work/SRC/openSUSE:Factory/.mksusecd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "mksusecd" Wed Dec 6 09:00:01 2017 rev:41 rq:548573 version:1.55 Changes: -------- --- /work/SRC/openSUSE:Factory/mksusecd/mksusecd.changes 2017-12-01 15:54:28.742221475 +0100 +++ /work/SRC/openSUSE:Factory/.mksusecd.new/mksusecd.changes 2017-12-06 09:00:01.757822142 +0100 @@ -1,0 +2,7 @@ +Tue Dec 5 09:50:35 UTC 2017 - wfeldt@opensuse.org + +- merge gh#openSUSE/mksusecd#28 +- support new CHECKSUMS file +- 1.55 + +-------------------------------------------------------------------- Old: ---- mksusecd-1.54.tar.xz New: ---- mksusecd-1.55.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mksusecd.spec ++++++ --- /var/tmp/diff_new_pack.bCliFn/_old 2017-12-06 09:00:02.969777780 +0100 +++ /var/tmp/diff_new_pack.bCliFn/_new 2017-12-06 09:00:02.977777487 +0100 @@ -18,7 +18,7 @@ Name: mksusecd -Version: 1.54 +Version: 1.55 Release: 0 Summary: Create SUSE Linux installation ISOs License: GPL-3.0+ ++++++ mksusecd-1.54.tar.xz -> mksusecd-1.55.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mksusecd-1.54/VERSION new/mksusecd-1.55/VERSION --- old/mksusecd-1.54/VERSION 2017-11-30 16:42:48.000000000 +0100 +++ new/mksusecd-1.55/VERSION 2017-12-05 10:50:35.000000000 +0100 @@ -1 +1 @@ -1.54 +1.55 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mksusecd-1.54/changelog new/mksusecd-1.55/changelog --- old/mksusecd-1.54/changelog 2017-11-30 16:42:48.000000000 +0100 +++ new/mksusecd-1.55/changelog 2017-12-05 10:50:35.000000000 +0100 @@ -1,3 +1,6 @@ +2017-12-01: 1.55 + - support new CHECKSUMS file + 2017-11-29: 1.54 - manage (sle15-style modules) repomd repositories diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/mksusecd-1.54/mksusecd new/mksusecd-1.55/mksusecd --- old/mksusecd-1.54/mksusecd 2017-11-30 16:42:48.000000000 +0100 +++ new/mksusecd-1.55/mksusecd 2017-12-05 10:50:35.000000000 +0100 @@ -182,10 +182,12 @@ sub prepare_pico; sub set_mkisofs_metadata; sub add_to_content_file; +sub update_content_or_checksums; sub update_content; +sub update_checksums; sub create_sign_key; sub add_sign_key; -sub sign_content; +sub sign_content_or_checksums; sub file_magic; sub get_archive_type; sub unpack_cpiox; @@ -222,7 +224,7 @@ my $opt_no_mbr_chs; my $opt_zipl; my $opt_check; -my $opt_digest = 'sha1'; +my $opt_digest = 'sha256'; my @opt_initrds; my $opt_boot_options; my $opt_type; @@ -484,8 +486,8 @@ } if($opt_sign && ( - # we are going to change '/content' in one way or another - @opt_initrds || @opt_kernel_rpms || $opt_boot_options || $opt_new_boot_entry || update_content) + # we are going to change '/content' resp. '/CHECKSUMS' in one way or another + @opt_initrds || @opt_kernel_rpms || $opt_boot_options || $opt_new_boot_entry || update_content_or_checksums) ) { extract_installkeys; create_sign_key; @@ -500,7 +502,7 @@ prepare_addon; - sign_content if update_content; + sign_content_or_checksums if update_content_or_checksums; $todo = build_todo; set_mkisofs_metadata; @@ -2899,6 +2901,20 @@ # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# update_content_or_checksums() +# +# Create a new /content or /CHECKSUMS file and return 1 if it is different +# from the existing one (meaning it needs to be re-signed). +# +sub update_content_or_checksums +{ + return $has_content ? update_content : update_checksums; +} + + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# update_content() +# # Create a new /content file and return 1 if it is different from the # existing one. # @@ -2991,6 +3007,83 @@ # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# update_checksums() +# +# Create a new /CHECKSUMS file and return 1 if it is different from the +# existing one. +# +sub update_checksums +{ + my $changed = 0; + + # don't modify CHECKSUMS if it doesn't exist or we're not going to re-sign it + return $changed if $has_content || !$opt_sign; + + my $content_file = fname "CHECKSUMS"; + + my $cont; + + # $cont is modelled after $cont in update_content() so that + # it can be passed to add_to_content_file() + $cont->{bits} = 256; + + # first, read existing file + # ($content_file may be undefined - which is ok) + if(open(my $f, $content_file)) { + while(<$f>) { + next if /^\s*$/; + if(/^(\S+)\s+(\S+)/) { + my $sum = "\L$1"; + my $name = $2; + + $cont->{HASH}{$name}{old} = "$cont->{bits} $sum"; + add_to_content_file $cont, "HASH", $name, '^'; + } + } + close $f; + } + + # then, pick the files we want to be checksummed + for (sort keys %$files) { + next if m#directory\.yast$#; + + add_to_content_file $cont, "HASH", $_, '^boot/'; + add_to_content_file $cont, "HASH", $_, '^media\.1/'; + add_to_content_file $cont, "HASH", $_, '^docu/'; + add_to_content_file $cont, "HASH", $_, '^EFI/'; + } + + # compare new and old file checksums + for (keys %{$cont->{HASH}}) { + if($cont->{HASH}{$_}{new} ne $cont->{HASH}{$_}{old}) { + $changed = 1; + last; + } + } + + # if something changed, write new file + if($changed) { + my $n = copy_or_new_file "CHECKSUMS"; + + if($n) { + if(open my $f, ">", $n) { + for (sort keys %{$cont->{HASH}}) { + next if !$cont->{HASH}{$_}{new}; + my $hash = $cont->{HASH}{$_}{new}; + $hash = (split ' ', $hash)[1]; + printf $f "%s %s\n", $hash, $_; + } + + close $f; + } + } + } + + return $changed; +} + + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # create_sign_key() # # Create a temporary gpg keyring and either add the provided gpg key or @@ -3105,24 +3198,26 @@ # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -# sign_content() +# sign_content_or_checksums() # -# Re-sign 'content' file with our own key if we modified it. +# Re-sign 'content' or 'CHECKSUMS' with our own key if we modified it. # -sub sign_content +sub sign_content_or_checksums { return if !$sign_key_dir; - my $c = copy_file "content"; + my $name = $has_content ? "content" : "CHECKSUMS"; + + my $c = copy_file $name; return if !defined $c; - my $k = copy_or_new_file "content.key"; + my $k = copy_or_new_file "$name.key"; - copy_file "content.asc"; + copy_file "$name.asc"; system "cp $sign_key_pub $k"; - print "re-signing '/content'\n" if $opt_verbose >= 1; + print "re-signing '/$name'\n" if $opt_verbose >= 1; system "gpg --homedir=$sign_key_dir --batch --yes --armor --detach-sign $c"; }