ENDIF ( CMAKE_USE_PTHREADS_INIT )
ENDIF ( ENABLE_USE_THREADS )
+INCLUDE(CheckSymbolExists)
FIND_PACKAGE(Rpm REQUIRED)
IF ( NOT RPM_FOUND)
MESSAGE( FATAL_ERROR " rpm-devel not found" )
INCLUDE_DIRECTORIES(${RPM_INCLUDE_DIR})
# fix includes not relative to rpm
INCLUDE_DIRECTORIES(${RPM_INCLUDE_DIR}/rpm)
+
+ # rpmtsSetVfyFlags were introduced in rpm-4.15
+ UNSET( RPMTSSETVFYFLAGS_FOUND CACHE )
+ SET( CMAKE_REQUIRED_LIBRARIES "-lrpm" )
+ CHECK_SYMBOL_EXISTS( rpmtsSetVfyFlags rpm/rpmts.h RPMTSSETVFYFLAGS_FOUND )
+ IF ( NOT RPMTSSETVFYFLAGS_FOUND )
+ ADD_DEFINITIONS( -DHAVE_NO_RPMTSSETVFYFLAGS )
+ ENDIF ()
+
if ( RPM_SUSPECT_VERSION STREQUAL "5.x" )
MESSAGE( STATUS "rpm found: enable rpm-4 compat interface." )
ADD_DEFINITIONS(-D_RPM_5)
SET(LIBZYPP_MAJOR "17")
SET(LIBZYPP_COMPATMINOR "12")
SET(LIBZYPP_MINOR "14")
-SET(LIBZYPP_PATCH "0")
+SET(LIBZYPP_PATCH "1")
#
-# LAST RELEASED: 17.14.0 (12)
+# LAST RELEASED: 17.14.1 (12)
# (The number in parenthesis is LIBZYPP_COMPATMINOR)
#=======
Or what if the build service could offer a service based on keywords or other data: like http://build.opensuse.org/services/mostpopular/repo/repoindex.xml would contain dynamically the 15 most popular repositories. You add that service, and then ZYpp does the work for you of adding new popular repositories, and remove the old ones.
+\subsection services-usecase-4 Usecase #4: Collect openSUSE core repos in one service
+
+Some people prefer to keep and maintain the distros core repos within one local service rather than managing the repos individually. Since version 14.21.0 libzypp supports a simple form of variable replacement within a repoindex.xml file, which makes this even easier.
+
+To use a local RIS service create a directory /somewhere on your disk (or accessible via http, nfs, etc.) and create the file
+./repo/repoindex.xml inside. A repoindex.xml for openSUSE Leap 15.1 might look like this:
+
+\verbatim
+<repoindex ttl="0"
+ disturl="https://download.opensuse.org"
+ distsub="leap/"
+ distver="15.1"
+ debugenable="false"
+ sourceenable="false">
+
+ <repo url="%{disturl}/distribution/%{distsub}%{distver}/repo/oss"
+ alias="repo-oss"
+ name="%{alias} (%{distver})"
+ enabled="true"
+ autorefresh="true"/>
+
+ <repo url="%{disturl}/distribution/%{distsub}%{distver}/repo/non-oss"
+ alias="repo-non-oss"
+ name="%{alias} (%{distver})"
+ enabled="true"
+ autorefresh="true"/>
+
+
+ <repo url="%{disturl}/update/%{distsub}%{distver}/oss"
+ alias="update-oss"
+ name="%{alias} (%{distver})"
+ enabled="true"
+ autorefresh="true"/>
+
+ <repo url="%{disturl}/update/%{distsub}%{distver}/non-oss"
+ alias="upadte-non-oss"
+ name="%{alias} (%{distver})"
+ enabled="true"
+ autorefresh="true"/>
+
+
+ <repo url="%{disturl}/debug/distribution/%{distsub}%{distver}/repo/oss"
+ alias="debug-oss"
+ name="%{alias} (%{distver})"
+ enabled="%{debugenable}"
+ autorefresh="true"/>
+
+ <repo url="%{disturl}/debug/distribution/%{distsub}%{distver}/repo/oss"
+ alias="debug-non-oss"
+ name="%{alias} (%{distver})"
+ enabled="%{debugenable}"
+ autorefresh="true"/>
+
+
+ <repo url="%{disturl}/source/distribution/%{distsub}%{distver}/repo/oss"
+ alias="source-oss"
+ name="%{alias} (%{distver})"
+ enabled="%{sourceenable}"
+ autorefresh="true"/>
+
+ <repo url="%{disturl}/source/distribution/%{distsub}%{distver}/repo/non-oss"
+ alias="source-non-oss"
+ name="%{alias} (%{distver})"
+ enabled="%{sourceenable}"
+ autorefresh="true"/>
+</repoindex>
+\endverbatim
+
+%{VAR} always refers to the value defined in the <tt>repoindex</tt> tag (reserved names are 'ttl' and 'alias'). %{alias} is available within a <tt>repo</tt> tag after the alias was defined there.
+
+Given the file is located at /somewhere/repo/repoindex.xml, add the service by:
+\verbatim
+zypper sa /somewhere openSUSE
+\endverbatim
+
+Manually refresh the service (incl. its repos) with:
+\verbatim
+zypper refs -r
+\endverbatim
+
+Refreshing the service will evaluate the repoindex.xml and adjust the Services repos accordingly. The repos alias will be prefixed by the service name:
+\verbatim
+zypper lr
+> # | Alias | Name | Enabled | ... | Refresh
+> ---+-------------------------+-----------------------+---------+-...-+--------
+> 9 | openSUSE:debug-non-oss | debug-non-oss (15.1) | No | ... | ----
+> 10 | openSUSE:debug-oss | debug-oss (15.1) | No | ... | ----
+> 11 | openSUSE:repo-non-oss | repo-non-oss (15.1) | Yes | ... | Yes
+> 12 | openSUSE:repo-oss | repo-oss (15.1) | Yes | ... | Yes
+> 13 | openSUSE:source-non-oss | source-non-oss (15.1) | No | ... | ----
+> 14 | openSUSE:source-oss | source-oss (15.1) | No | ... | ----
+> 15 | openSUSE:upadte-non-oss | upadte-non-oss (15.1) | Yes | ... | Yes
+> 16 | openSUSE:update-oss | update-oss (15.1) | Yes | ... | Yes
+\endverbatim
+
+After editing the repoindex.xml you must manually refresh the service to takeover the changes, or you turn on autorefresh for the service (depends on how often you change the content):
+\verbatim
+zypper ms -r openSUSE
+\endverbatim
+
+Rather than hardcoding the <tt>distver="15.1"</tt>, you can also use a repo variable like <tt>distver="${releasever}"</tt>.
+
\section service-impl Developers: Implementation
Services are implemented in the following classes:
- \ref zypp::repo::ServiceRepos (Repositories in a service)
-*/
\ No newline at end of file
+*/
-------------------------------------------------------------------
+Thu Sep 26 14:08:51 CEST 2019 - ma@suse.de
+
+- Revert "Use CURL_HTTP_VERSION_2TLS if available" (bsc#1146027)
+- doc: add service example using variables
+- Fix build with rpm >= 4.15 (fixes #172)
+- version 17.14.1 (12)
+
+-------------------------------------------------------------------
Mon Aug 5 13:03:55 CEST 2019 - ma@suse.de
- PublicKey::algoName: supply key algorithm and length
"Project-Id-Version: YaST (@memory@)\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2019-02-27 13:31+0100\n"
-"PO-Revision-Date: 2019-02-12 10:55+0000\n"
-"Last-Translator: Miguel Branco <mgl.branco@gmail.com>\n"
+"PO-Revision-Date: 2019-08-26 11:51+0000\n"
+"Last-Translator: Manuel Vazquez <xixirei@yahoo.es>\n"
"Language-Team: Galician <https://l10n.opensuse.org/projects/libzypp/master/"
"gl/>\n"
"Language: gl\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 3.3\n"
+"X-Generator: Weblate 3.6.1\n"
#. dubious: Throw on malformed known types, otherwise log a warning.
#: zypp/CheckSum.cc:136
"Visit the SUSE Customer Center to check whether your registration is valid "
"and has not expired."
msgstr ""
+"Visite o Centro de servizos ao cliente de SUSE para comprobar se o seu "
+"rexistro é correcto e non caducou."
#: zypp/media/MediaCurl.cc:1141
msgid ""
"Project-Id-Version: zypp\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2019-02-27 13:31+0100\n"
-"PO-Revision-Date: 2019-03-14 18:32+0000\n"
+"PO-Revision-Date: 2019-09-26 04:52+0000\n"
"Last-Translator: Yasuhiko Kamata <belphegor@belbel.or.jp>\n"
"Language-Team: Japanese <https://l10n.opensuse.org/projects/libzypp/master/"
"ja/>\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Weblate 3.3\n"
+"X-Generator: Weblate 3.6.1\n"
#. dubious: Throw on malformed known types, otherwise log a warning.
#: zypp/CheckSum.cc:136
#: zypp/media/MediaException.cc:179
#, c-format, boost-format
msgid "Permission to access '%s' denied."
-msgstr "「%s」にアクセスするパーミッションが拒否されました。"
+msgstr "'%s' へのアクセスが拒否されました。"
#: zypp/media/MediaException.cc:187
#, c-format, boost-format
#define DATADIR (Pathname(TESTS_SRC_DIR) / "/zypp/data/RpmPkgSigCheck")
+#ifndef HAVE_NO_RPMTSSETVFYFLAGS
+#define HAVE_RPMTSSETVFYFLAGS
+#endif
+
///////////////////////////////////////////////////////////////////
//
// - RpmDb::checkPackage (legacy) and RpmDb::checkPackageSignature are
{ RpmDb::CHK_OK, " Header SHA256 digest: OK" },
{ RpmDb::CHK_OK, " Payload SHA256 digest: OK" },
{ RpmDb::CHK_OK, " MD5 digest: OK" },
+#ifdef HAVE_RPMTSSETVFYFLAGS
+ { RpmDb::CHK_NOKEY, " V3 RSA/SHA256 Signature, key ID 3dbdc284: NOKEY" },
+#endif
} };
BOOST_CHECK_EQUAL( xpct, cs );
}
{ RpmDb::CHK_OK, " Header SHA256 digest: OK" },
{ RpmDb::CHK_FAIL, " Payload SHA256 digest: BAD (Expected 6632dfb6e78fd3346baa860da339acdedf6f019fb1b5448ba1baa6cef67de795 != 85156c232f4c76273bbbb134d8d869e93bbfc845dd0d79016856e5356dd33727)" },
{ RpmDb::CHK_FAIL, " MD5 digest: BAD (Expected 8e64684e4d5bd90c3c13f76ecbda9ee2 != 442a473472708c39f3ac2b5eb38b476f)" },
+#ifdef HAVE_RPMTSSETVFYFLAGS
+ { RpmDb::CHK_FAIL, " V3 RSA/SHA256 Signature, key ID 3dbdc284: BAD" },
+#endif
} };
BOOST_CHECK_EQUAL( xpct, cs );
}
{ RpmDb::CHK_FAIL, " Header SHA256 digest: BAD (Expected e88100656c8e06b6e4bb9155f0dd111ef8042866941f02b623cb46e12a82f732 != 76b343bcb9b8aaf9998fdcf7392e234944a0b078c67667fa0d658208b9a66983)" },
{ RpmDb::CHK_FAIL, " Payload SHA256 digest: BAD (Expected 6632dfb6e78fd3346baa860da339acdedf6f019fb1b5448ba1baa6cef67de795 != 85156c232f4c76273bbbb134d8d869e93bbfc845dd0d79016856e5356dd33727)" },
{ RpmDb::CHK_FAIL, " MD5 digest: BAD (Expected 8e64684e4d5bd90c3c13f76ecbda9ee2 != 81df819a7d94638ff3ffe0bb93a7d177)" },
-
+#ifdef HAVE_RPMTSSETVFYFLAGS
+ { RpmDb::CHK_FAIL, " V3 RSA/SHA256 Signature, key ID 3dbdc284: BAD" },
+#endif
} };
BOOST_CHECK_EQUAL( xpct, cs );
}
{ RpmDb::CHK_OK, " Header SHA256 digest: OK" },
{ RpmDb::CHK_OK, " Payload SHA256 digest: OK" },
{ RpmDb::CHK_OK, " MD5 digest: OK" },
+#ifdef HAVE_RPMTSSETVFYFLAGS
+ { RpmDb::CHK_OK, " V3 RSA/SHA256 Signature, key ID 3dbdc284: OK" },
+#endif
} };
BOOST_CHECK_EQUAL( xpct, cs );
}
{ RpmDb::CHK_OK, " Header SHA256 digest: OK" },
{ RpmDb::CHK_FAIL, " Payload SHA256 digest: BAD (Expected 6632dfb6e78fd3346baa860da339acdedf6f019fb1b5448ba1baa6cef67de795 != 85156c232f4c76273bbbb134d8d869e93bbfc845dd0d79016856e5356dd33727)" },
{ RpmDb::CHK_FAIL, " MD5 digest: BAD (Expected 8e64684e4d5bd90c3c13f76ecbda9ee2 != 442a473472708c39f3ac2b5eb38b476f)" },
+#ifdef HAVE_RPMTSSETVFYFLAGS
+ { RpmDb::CHK_FAIL, " V3 RSA/SHA256 Signature, key ID 3dbdc284: BAD" },
+#endif
} };
BOOST_CHECK_EQUAL( xpct, cs );
}
{ RpmDb::CHK_FAIL, " Header SHA256 digest: BAD (Expected e88100656c8e06b6e4bb9155f0dd111ef8042866941f02b623cb46e12a82f732 != 76b343bcb9b8aaf9998fdcf7392e234944a0b078c67667fa0d658208b9a66983)" },
{ RpmDb::CHK_FAIL, " Payload SHA256 digest: BAD (Expected 6632dfb6e78fd3346baa860da339acdedf6f019fb1b5448ba1baa6cef67de795 != 85156c232f4c76273bbbb134d8d869e93bbfc845dd0d79016856e5356dd33727)" },
{ RpmDb::CHK_FAIL, " MD5 digest: BAD (Expected 8e64684e4d5bd90c3c13f76ecbda9ee2 != 81df819a7d94638ff3ffe0bb93a7d177)" },
+#ifdef HAVE_RPMTSSETVFYFLAGS
+ { RpmDb::CHK_FAIL, " V3 RSA/SHA256 Signature, key ID 3dbdc284: BAD" },
+#endif
} };
BOOST_CHECK_EQUAL( xpct, cs );
}
// restrict following of redirections from https to https only
SET_OPTION( CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTPS );
#endif
-#if CURLVERSION_AT_LEAST(7,60,0) // SLE15+
- SET_OPTION( CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2TLS );
-#endif
if( _settings.verifyPeerEnabled() ||
_settings.verifyHostEnabled() )
rpmQVKArguments_s qva;
memset( &qva, 0, sizeof(rpmQVKArguments_s) );
+#ifdef HAVE_NO_RPMTSSETVFYFLAGS
+ // Legacy: In rpm >= 4.15 qva_flags symbols don't exist
+ // and qva_flags is not used in signature checking at all.
qva.qva_flags = (VERIFY_DIGEST|VERIFY_SIGNATURE);
-
+#else
+ ::rpmtsSetVfyFlags( ts, RPMVSF_DEFAULT );
+#endif
RpmlogCapture vresult;
LocaleGuard guard( LC_ALL, "C" ); // bsc#1076415: rpm log output is localized, but we need to parse it :(
int res = ::rpmVerifySignatures( &qva, ts, fd, path_r.basename().c_str() );
projects / platform / upstream / libzypp.git / commitdiff