Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libjcat for openSUSE:Factory checked in at 2024-01-30 18:23:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libjcat (Old) and /work/SRC/openSUSE:Factory/.libjcat.new.1815 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libjcat" Tue Jan 30 18:23:53 2024 rev:14 rq:1142253 version:0.2.1 Changes: -------- --- /work/SRC/openSUSE:Factory/libjcat/libjcat.changes 2024-01-12 23:45:01.709723245 +0100 +++ /work/SRC/openSUSE:Factory/.libjcat.new.1815/libjcat.changes 2024-01-30 18:23:54.918695703 +0100 @@ -1,0 +2,8 @@ +Mon Jan 22 07:46:55 UTC 2024 - Dominique Leuenberger <dims...@opensuse.org> + +- Update to version 0.2.1: + + Do not dedupe sig and sig-of-checksum when loading. + + Fix the installed tests. + + Show the sig-of-checksum results clearer on the CLI. + +------------------------------------------------------------------- Old: ---- libjcat-0.2.0.tar.gz New: ---- libjcat-0.2.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libjcat.spec ++++++ --- /var/tmp/diff_new_pack.LjnVm2/_old 2024-01-30 18:23:55.678723122 +0100 +++ /var/tmp/diff_new_pack.LjnVm2/_new 2024-01-30 18:23:55.682723266 +0100 @@ -19,7 +19,7 @@ %define sover 1 Name: libjcat -Version: 0.2.0 +Version: 0.2.1 Release: 0 Summary: Library for reading and writing gzip-compressed JSON catalog files License: LGPL-2.1-or-later ++++++ libjcat-0.2.0.tar.gz -> libjcat-0.2.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libjcat-0.2.0/NEWS new/libjcat-0.2.1/NEWS --- old/libjcat-0.2.0/NEWS 2024-01-02 11:14:30.000000000 +0100 +++ new/libjcat-0.2.1/NEWS 2024-01-20 16:28:52.000000000 +0100 @@ -1,3 +1,12 @@ +Version 0.2.1 +~~~~~~~~~~~~~ +Released: 2024-01-20 + +Bugfixes: + - Do not dedupe sig and sig-of-checksum when loading (Richard Hughes) + - Fix the installed tests (Mario Limonciello) + - Show the sig-of-checksum results clearer on the CLI (Richard Hughes) + Version 0.2.0 ~~~~~~~~~~~~~ Released: 2024-01-02 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libjcat-0.2.0/README.md new/libjcat-0.2.1/README.md --- old/libjcat-0.2.0/README.md 2024-01-02 11:14:30.000000000 +0100 +++ new/libjcat-0.2.1/README.md 2024-01-20 16:28:52.000000000 +0100 @@ -157,6 +157,11 @@ firmware.bin: PASSED pkcs7: O=ACME Corp.,CN=ACME CA +NOTE: Only JCat v2.0.0 and newer supports the *checksum of the payload* functionality, and you +should also add signatures **without** using `--target` if you need to support older versions. +Additionally, older JCat versions deduplicate the blobs by just the blob kind, so you want to make +sure that the signature added with `--target` is added **before** the signature added without. + Testing ======= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libjcat-0.2.0/RELEASE new/libjcat-0.2.1/RELEASE --- old/libjcat-0.2.0/RELEASE 2024-01-02 11:14:30.000000000 +0100 +++ new/libjcat-0.2.1/RELEASE 2024-01-20 16:28:52.000000000 +0100 @@ -2,9 +2,9 @@ 1. Write NEWS entries for libjcat in the same format as usual. -git shortlog 0.1.14.. | grep -i -v trivial | grep -v Merge > NEWS.new +git shortlog 0.2.0.. | grep -i -v trivial | grep -v Merge > NEWS.new -Version 0.2.0 +Version 0.2.1 ~~~~~~~~~~~~~ Released: 2024-xx-xx @@ -15,7 +15,7 @@ Commit changes to git: # MAKE SURE THESE ARE CORRECT -export release_ver="0.2.0" +export release_ver="0.2.1" git commit -a -m "Release libjcat ${release_ver}" git tag -s -f -m "Release libjcat ${release_ver}" "${release_ver}" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libjcat-0.2.0/data/tests/colorhug/meson.build new/libjcat-0.2.1/data/tests/colorhug/meson.build --- old/libjcat-0.2.0/data/tests/colorhug/meson.build 2024-01-02 11:14:30.000000000 +0100 +++ new/libjcat-0.2.1/data/tests/colorhug/meson.build 2024-01-20 16:28:52.000000000 +0100 @@ -4,7 +4,7 @@ 'firmware.bin.ed25519', 'firmware.bin.p7b', ], - install_dir: join_paths(installed_test_bindir, 'colorhug'), + install_dir: join_paths(installed_test_datadir, 'colorhug'), ) if get_option('pkcs7') @@ -19,7 +19,7 @@ '--infile', '@INPUT@', '--outfile', '@OUTPUT@'], install: true, - install_dir: join_paths(installed_test_bindir, 'colorhug'), + install_dir: join_paths(installed_test_datadir, 'colorhug'), ) # generate self-signed detached signature *of the checksum* @@ -33,7 +33,7 @@ '--infile', '@INPUT@', '--outfile', '@OUTPUT@'], install: true, - install_dir: join_paths(installed_test_bindir, 'colorhug'), + install_dir: join_paths(installed_test_datadir, 'colorhug'), ) endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libjcat-0.2.0/data/tests/libjcat.test.in new/libjcat-0.2.1/data/tests/libjcat.test.in --- old/libjcat-0.2.0/data/tests/libjcat.test.in 2024-01-02 11:14:30.000000000 +0100 +++ new/libjcat-0.2.1/data/tests/libjcat.test.in 2024-01-20 16:28:52.000000000 +0100 @@ -1,3 +1,3 @@ [Test] Type=session -Exec=@installed_test_bindir@/jcat-self-test +Exec=sh -c "G_TEST_SRCDIR=@installed_test_datadir@ G_TEST_BUILDDIR=@installed_test_datadir@ @installed_test_bindir@/jcat-self-test" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libjcat-0.2.0/data/tests/meson.build new/libjcat-0.2.1/data/tests/meson.build --- old/libjcat-0.2.0/data/tests/meson.build 2024-01-02 11:14:30.000000000 +0100 +++ new/libjcat-0.2.1/data/tests/meson.build 2024-01-20 16:28:52.000000000 +0100 @@ -1,3 +1,11 @@ +install_data([ + 'secret.ed25519', + 'test.btcheckpoint', + 'test.btverifier', + ], + install_dir: installed_test_datadir, +) + configure_file( input : 'libjcat.test.in', output : 'libjcat.test', diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libjcat-0.2.0/data/tests/pki/meson.build new/libjcat-0.2.1/data/tests/pki/meson.build --- old/libjcat-0.2.0/data/tests/pki/meson.build 2024-01-02 11:14:30.000000000 +0100 +++ new/libjcat-0.2.1/data/tests/pki/meson.build 2024-01-20 16:28:52.000000000 +0100 @@ -1,8 +1,9 @@ install_data([ 'GPG-KEY-Linux-Vendor-Firmware-Service', 'LVFS-CA.pem', + 'test.ed25519', ], - install_dir: join_paths(installed_test_bindir, 'pki'), + install_dir: join_paths(installed_test_datadir, 'pki'), ) # generate certificate @@ -14,4 +15,6 @@ '--template', pkcs7_config, '--load-privkey', '@INPUT@', '--outfile', '@OUTPUT@'], + install: true, + install_dir: join_paths(installed_test_datadir, 'pki'), ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libjcat-0.2.0/libjcat/jcat-item.c new/libjcat-0.2.1/libjcat/jcat-item.c --- old/libjcat-0.2.0/libjcat/jcat-item.c 2024-01-02 11:14:30.000000000 +0100 +++ new/libjcat-0.2.1/libjcat/jcat-item.c 2024-01-20 16:28:52.000000000 +0100 @@ -293,6 +293,7 @@ for (guint i = 0; i < priv->blobs->len; i++) { JcatBlob *blob_tmp = g_ptr_array_index(priv->blobs, i); if (jcat_blob_get_kind(blob_tmp) == jcat_blob_get_kind(blob) && + jcat_blob_get_target(blob_tmp) == jcat_blob_get_target(blob) && g_strcmp0(jcat_blob_get_appstream_id(blob_tmp), jcat_blob_get_appstream_id(blob)) == 0) { g_ptr_array_remove(priv->blobs, blob_tmp); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libjcat-0.2.0/libjcat/jcat-self-test.c new/libjcat-0.2.1/libjcat/jcat-self-test.c --- old/libjcat-0.2.0/libjcat/jcat-self-test.c 2024-01-02 11:14:30.000000000 +0100 +++ new/libjcat-0.2.1/libjcat/jcat-self-test.c 2024-01-20 16:28:52.000000000 +0100 @@ -456,7 +456,7 @@ g_autofree gchar *fn_fail = NULL; g_autofree gchar *fn_pass = NULL; g_autofree gchar *fn_sig = NULL; - g_autofree gchar *pki_dir = NULL; + g_autofree gchar *pki_f = NULL; g_autofree gchar *sig_fn2 = NULL; g_autoptr(GBytes) blob_sig2 = NULL; g_autoptr(GBytes) data_fail = NULL; @@ -470,8 +470,8 @@ /* set up context */ jcat_context_set_keyring_path(context, "/tmp/libjcat-self-test/var"); - pki_dir = g_test_build_filename(G_TEST_DIST, "pki", NULL); - jcat_context_add_public_keys(context, pki_dir); + pki_f = g_test_build_filename(G_TEST_DIST, "pki", "LVFS-CA.pem", NULL); + jcat_context_add_public_key(context, pki_f); /* get engine */ engine = jcat_context_get_engine(context, JCAT_BLOB_KIND_PKCS7, &error); @@ -865,7 +865,7 @@ JcatResult *result; g_autofree gchar *fn_pass = NULL; g_autofree gchar *fn_sig = NULL; - g_autofree gchar *pki_dir = NULL; + g_autofree gchar *pki_f = NULL; g_autoptr(GBytes) data_fwbin = NULL; g_autoptr(GBytes) data_sig = NULL; g_autoptr(GError) error = NULL; @@ -880,8 +880,8 @@ /* set up context */ jcat_context_set_keyring_path(context, "/tmp"); - pki_dir = g_test_build_filename(G_TEST_BUILT, "pki", NULL); - jcat_context_add_public_keys(context, pki_dir); + pki_f = g_test_build_filename(G_TEST_BUILT, "pki", "test.pem", NULL); + jcat_context_add_public_key(context, pki_f); /* get all engines */ engine_sha256 = jcat_context_get_engine(context, JCAT_BLOB_KIND_SHA256, &error); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libjcat-0.2.0/libjcat/jcat-tool.c new/libjcat-0.2.1/libjcat/jcat-tool.c --- old/libjcat-0.2.0/libjcat/jcat-tool.c 2024-01-02 11:14:30.000000000 +0100 +++ new/libjcat-0.2.1/libjcat/jcat-tool.c 2024-01-20 16:28:52.000000000 +0100 @@ -571,6 +571,7 @@ g_autoptr(GError) error_verify = NULL; g_autoptr(JcatResult) result = NULL; g_autoptr(GBytes) blob_source = NULL; + g_autoptr(GString) kind_str = g_string_new(NULL); /* skip */ if (priv->kind != JCAT_BLOB_KIND_UNKNOWN && priv->kind != jcat_blob_get_kind(blob)) @@ -587,6 +588,13 @@ blob_source = g_bytes_ref(jcat_blob_get_data(blob_target)); } + g_string_append(kind_str, jcat_blob_kind_to_string(jcat_blob_get_kind(blob))); + if (jcat_blob_get_target(blob) != JCAT_BLOB_KIND_UNKNOWN) { + g_string_append_printf( + kind_str, + "-of-%s", + jcat_blob_kind_to_string(jcat_blob_get_target(blob))); + } if (priv->disable_time_checks) flags |= JCAT_VERIFY_FLAG_DISABLE_TIME_CHECKS; result = jcat_context_verify_blob(priv->context, @@ -597,20 +605,16 @@ if (result == NULL) { if (g_error_matches(error_verify, G_IO_ERROR, G_IO_ERROR_NOT_FOUND)) { g_print(" SKIPPED %s: %s\n", - jcat_blob_kind_to_string(jcat_blob_get_kind(blob)), + kind_str->str, error_verify->message); continue; } - g_print(" FAILED %s: %s\n", - jcat_blob_kind_to_string(jcat_blob_get_kind(blob)), - error_verify->message); + g_print(" FAILED %s: %s\n", kind_str->str, error_verify->message); ret = FALSE; continue; } authority = jcat_result_get_authority(result); - g_print(" PASSED %s: %s\n", - jcat_blob_kind_to_string(jcat_blob_get_kind(blob)), - authority != NULL ? authority : "OK"); + g_print(" PASSED %s: %s\n", kind_str->str, authority != NULL ? authority : "OK"); } if (!ret) { g_set_error(error, G_IO_ERROR, G_IO_ERROR_INVALID_DATA, "Validation failed"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libjcat-0.2.0/meson.build new/libjcat-0.2.1/meson.build --- old/libjcat-0.2.0/meson.build 2024-01-02 11:14:30.000000000 +0100 +++ new/libjcat-0.2.1/meson.build 2024-01-20 16:28:52.000000000 +0100 @@ -1,5 +1,5 @@ project('libjcat', 'c', - version : '0.2.0', + version : '0.2.1', license : 'LGPL-2.1+', meson_version : '>=0.56.0', default_options : ['warning_level=2', 'c_std=c99'], @@ -159,6 +159,7 @@ gnome = import('gnome') conf.set('installed_test_bindir', installed_test_bindir) +conf.set('installed_test_datadir', installed_test_datadir) conf.set_quoted('PACKAGE_NAME', meson.project_name()) conf.set_quoted('GETTEXT_PACKAGE', meson.project_name()) conf.set_quoted('JCAT_LOCALSTATEDIR', localstatedir)