diff --git a/files/0001-isoverifier-Remove-hardcoded-ubuntu-ism-in-verifyWit.patch b/files/0001-isoverifier-Remove-hardcoded-ubuntu-ism-in-verifyWit.patch new file mode 100644 --- /dev/null +++ b/files/0001-isoverifier-Remove-hardcoded-ubuntu-ism-in-verifyWit.patch @@ -0,0 +1,111 @@ +From 3739e33915f96baaf086739c7f4985851aa5468b Mon Sep 17 00:00:00 2001 +From: Joey Riches +Date: Mon, 10 Jul 2023 16:14:51 +0100 +Subject: [PATCH 1/2] isoverifier: Remove hardcoded ubuntu-ism in + verifyWithSha256Sum function + +This will allow adding support for other distributions which use +signatures against sha256sum files. +--- + isoimagewriter/isoverifier.cpp | 23 +++++++++++++++-------- + isoimagewriter/isoverifier.h | 2 +- + 2 files changed, 16 insertions(+), 9 deletions(-) + +diff --git a/isoimagewriter/isoverifier.cpp b/isoimagewriter/isoverifier.cpp +index 5a23732..c5e9f65 100644 +--- a/isoimagewriter/isoverifier.cpp ++++ b/isoimagewriter/isoverifier.cpp +@@ -39,7 +39,10 @@ void IsoVerifier::verifyIso() + QFileInfo fileInfo(m_filePath); + QString fileName = fileInfo.fileName(); + QString keyFingerprint; ++ QString shaFile; ++ QString sigFile; + ++ /* FIXME: Find some way to clean this up before it gets out of hand */ + if (fileName.startsWith("neon-") + && importSigningKey("neon-signing-key.gpg", keyFingerprint)) { + m_verificationMean = VerificationMean::DotSigFile; +@@ -49,9 +52,13 @@ void IsoVerifier::verifyIso() + } else if (fileName.startsWith("kubuntu-") + && importSigningKey("ubuntu-signing-key.gpg", keyFingerprint)) { + m_verificationMean = VerificationMean::Sha256SumsFile; ++ shaFile = QString("SHA256SUMS"); ++ sigFile = QString("SHA256SUMS.gpg"); + } else if (fileName.startsWith("ubuntu-") + && importSigningKey("ubuntu-signing-key.gpg", keyFingerprint)) { + m_verificationMean = VerificationMean::Sha256SumsFile; ++ shaFile = QString("SHA256SUMS"); ++ sigFile = QString("SHA256SUMS.gpg"); + } else if (fileName.startsWith("netrunner-")) { + m_verificationMean = VerificationMean::Sha256SumInput; + } else { +@@ -64,7 +71,7 @@ void IsoVerifier::verifyIso() + verifyWithDotSigFile(keyFingerprint); + break; + case VerificationMean::Sha256SumsFile: +- verifyWithSha256SumsFile(keyFingerprint); ++ verifyWithSha256SumsFile(keyFingerprint, shaFile, sigFile); + break; + case VerificationMean::Sha256SumInput: + emit inputRequested(i18n("SHA256 Checksum"), +@@ -173,12 +180,12 @@ void IsoVerifier::verifyWithDotSigFile(const QString &keyFingerprint) + emit finished(m_isIsoValid, m_error); + } + +-void IsoVerifier::verifyWithSha256SumsFile(const QString &keyFingerprint) ++void IsoVerifier::verifyWithSha256SumsFile(const QString &keyFingerprint, const QString &shaFile, const QString &sigFile) + { + QFileInfo fileInfo(m_filePath); +- QFile checksumsFile(fileInfo.absolutePath() + "/SHA256SUMS"); ++ QFile checksumsFile(fileInfo.absolutePath() + "/" + shaFile); + if (!checksumsFile.open(QIODevice::ReadOnly | QIODevice::Text)) { +- m_error = i18n("Could not open SHA256SUMS file, please download to same directory"); ++ m_error = i18n("Could not find %1, please download to same directory", shaFile); + emit finished(m_isIsoValid, m_error); return; + } + +@@ -192,7 +199,7 @@ void IsoVerifier::verifyWithSha256SumsFile(const QString &keyFingerprint) + if (match.hasMatch()) { + checksum = match.captured(1); + } else { +- m_error = i18n("Could not find checksum in SHA256SUMS file"); ++ m_error = i18n("Could not find checksum in %1", shaFile); + emit finished(m_isIsoValid, m_error); return; + } + +@@ -209,15 +216,15 @@ void IsoVerifier::verifyWithSha256SumsFile(const QString &keyFingerprint) + } + QByteArray hashResult = hash.result(); + if (checksum != hashResult.toHex()) { +- m_error = i18n("Checksum of .iso file does not match value in SHA256SUMS file"); ++ m_error = i18n("Checksum of .iso file does not match value in %1", shaFile); + emit finished(m_isIsoValid, m_error); return; + } + + // Check GPG signature + QString isoFileName = fileInfo.fileName(); +- QFile signatureFile(fileInfo.absolutePath() + "/SHA256SUMS.gpg"); ++ QFile signatureFile(fileInfo.absolutePath() + "/" + sigFile); + if (!signatureFile.open(QIODevice::ReadOnly)) { +- m_error = i18n("Could not find SHA256SUMS.gpg, please download PGP signature file to same directory."); ++ m_error = i18n("Could not find %1, please download PGP signature file to same directory.", sigFile); + emit finished(m_isIsoValid, m_error); return; + } + +diff --git a/isoimagewriter/isoverifier.h b/isoimagewriter/isoverifier.h +index e69fd1b..2e886c3 100644 +--- a/isoimagewriter/isoverifier.h ++++ b/isoimagewriter/isoverifier.h +@@ -47,7 +47,7 @@ private: + + bool importSigningKey(const QString &fileName, QString &keyFingerPrint); + void verifyWithDotSigFile(const QString &keyFingerPrint); +- void verifyWithSha256SumsFile(const QString &keyFingerPrint); ++ void verifyWithSha256SumsFile(const QString &keyFingerPrint, const QString &shaFile, const QString &sigFile); + void verifyWithSha256Sum(bool ok, const QString &checksum); + }; + +-- +2.40.1 + diff --git a/files/0002-isoverifier-Add-support-for-verifying-Solus-ISOs.patch b/files/0002-isoverifier-Add-support-for-verifying-Solus-ISOs.patch new file mode 100644 --- /dev/null +++ b/files/0002-isoverifier-Add-support-for-verifying-Solus-ISOs.patch @@ -0,0 +1,106 @@ +From 4edd8b5a03e07174bb1a06c5d8b3a2226fbe3cf1 Mon Sep 17 00:00:00 2001 +From: Joey Riches +Date: Mon, 10 Jul 2023 16:23:38 +0100 +Subject: [PATCH 2/2] isoverifier: Add support for verifying Solus ISOs + +Solus uses sha256sum files and detached signature files similarly to +Ubuntu. + +https://help.getsol.us/docs/user/quick-start/installation/#linux-and-mac + +https://getsol.us/download/ + +Depends on #35. +--- + isoimagewriter/isoverifier.cpp | 5 +++ + signing-keys/CMakeLists.txt | 1 + + signing-keys/solus-signing-key.gpg | 52 ++++++++++++++++++++++++++++++ + 3 files changed, 58 insertions(+) + create mode 100644 signing-keys/solus-signing-key.gpg + +diff --git a/isoimagewriter/isoverifier.cpp b/isoimagewriter/isoverifier.cpp +index c5e9f65..82ce797 100644 +--- a/isoimagewriter/isoverifier.cpp ++++ b/isoimagewriter/isoverifier.cpp +@@ -59,6 +59,11 @@ void IsoVerifier::verifyIso() + m_verificationMean = VerificationMean::Sha256SumsFile; + shaFile = QString("SHA256SUMS"); + sigFile = QString("SHA256SUMS.gpg"); ++ } else if (fileName.startsWith("Solus-") ++ && importSigningKey("solus-signing-key.gpg", keyFingerprint)) { ++ m_verificationMean = VerificationMean::Sha256SumsFile; ++ shaFile = QString("%1.sha256sum").arg(fileName); ++ sigFile = QString("%1.sha256sum.sign").arg(fileName); + } else if (fileName.startsWith("netrunner-")) { + m_verificationMean = VerificationMean::Sha256SumInput; + } else { +diff --git a/signing-keys/CMakeLists.txt b/signing-keys/CMakeLists.txt +index aac029e..0dbe632 100644 +--- a/signing-keys/CMakeLists.txt ++++ b/signing-keys/CMakeLists.txt +@@ -1,3 +1,4 @@ + install(FILES neon-signing-key.gpg DESTINATION ${KDE_INSTALL_DATADIR}/isoimagewriter/) + install(FILES arch-signing-key.gpg DESTINATION ${KDE_INSTALL_DATADIR}/isoimagewriter/) + install(FILES ubuntu-signing-key.gpg DESTINATION ${KDE_INSTALL_DATADIR}/isoimagewriter/) ++install(FILES solus-signing-key.gpg DESTINATION ${KDE_INSTALL_DATADIR}/isoimagewriter/) +diff --git a/signing-keys/solus-signing-key.gpg b/signing-keys/solus-signing-key.gpg +new file mode 100644 +index 0000000..4128913 +--- /dev/null ++++ b/signing-keys/solus-signing-key.gpg +@@ -0,0 +1,52 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++ ++mQINBGShd3wBEAC4132PvygNG6ClrKmTJrBJZY780+8cZSVOSvRV8ijieLE3aL0M ++54DCk6agXIOoKogiFk2DEVxO0sIWUjvpotjZMQwJdpxoF1d5jtKD0AVWCRC/+Sor ++wTaDydV8Hdzi21pmQBgh9G2hpAWGd9FteOuSF8TuQ4v1gzFQILDt9vZmi+er2Dse ++7QfyQE3dLXabVAavl5CiHvKuJHhUkpI42Msg42qYHEeY4kX+l5PjU+dd/k1OZ2Dj ++x0OgxIVQoZTLMHhQr6+Ox3mPJWWLTWW0ZnLdGsczCVP13CNhU2rdo/m7UAXsf9j0 ++iALcj9dZQdMLbgL2eWlp8sC5PBgwLlj2L810WGnjuk08/08o6nfOuEE+GTZTWunx ++6AJwHAzBRqMYuQIDpH3x5/ShN2MCOUTKj7a411i/gkA7xM2DpWjKB67Vp6zzMfYg ++gkmjCcNMLfEsTsZz+A/BFA0GEAtT9pVAG8pfLTLT/oe6ics7xiw/lT7jbUvRaTkx ++6K63nme0fmR4SONTKWsijk05Q6ALIDeMuXcM6P1pJyDXYLVglpc+TeYmtcmi5Pl7 ++veNw7lEEiaiMn2v1k835GjM9vnx2AKoEEvb1hmGWEEtH/nMA5/Oa0dMK/S7NymUK ++6dTKyMZDyUupBuNrd8OxHjCekdy5E1g71UthGVNAffTefEwseoWfzUyKpwARAQAB ++tDBTb2x1cyAoUmVsZWFzZSAmIEVuZ2luZWVyaW5nKSA8cmVsZW5nQGdldHNvbC51 ++cz6JAk4EEwEIADgWIQT19mhcr1VZdx2cy5JhjrNgC9MtWQUCZKF3fAIbAwULCQgH ++AgYVCgkICwIEFgIDAQIeAQIXgAAKCRBhjrNgC9MtWa16D/9jknd43Cjp5tnhu6q0 ++vBOfZMkcLIQg+KDtw2RhsU6pPDPCNR8SPV7asrBPyzviOuIxy/J0FYg0MV2uq3A3 ++X9tZyQWXrUwEXOSQaum5QyGiNbAasRtOv0eKmxVXekdfwngn284p01sDDIfqNIVr ++Y2Wr8PksdqTzgzjpI2lLEDviQy4k/qvW+TgBIjXX8gZKjTEtG9pCWd2je7lbZYDU ++aQpTGF6oFifH3kz2V1o4NB2to+hOk1EhkEpPyoblzvh3sHV1BTNXz1eUz0LtYPlt ++z1mXKxSz7/EyvqmjFIDPp18u3MeY3kBgRy33/YsLUgwM/oGspG+FkppV8A2oS0BI ++22qYEQgMeqx2am5ptSwDPHFMRS3ge65qwtrPc4pKO8a4OK4xgY3iXy94h/iQISUU ++PqNjVX8XKT30/pmUVHa0xswgtJfXkdlglbGMw822kS3hauy4yNako5otNS4QvyTD ++/pmsb1E3sMY6ZAO5/dEIqJyE9J4aqSza6WOqkw8QiElzgacmk4+CTVswoXYIakMD ++TBG2XtLqvvFVW7QdbstpnbkxZwx0oyF+cwbvdSbzVT6cb02bvTkkGXg8Oe3uRp6D ++jG7DPgunQSrGTdsz2PSvCa60HD3+LQWREUmmxEqbtcKEqVwjFeK09pT8AUuCcfpv ++wb+wa5WULPpKKKCVbgjmFR3Rg7kCDQRkoXd8ARAA7ZkTZ7Wt4t6UARxJNYLYI5q1 ++Oz03ExlxE2XC0ViYQebxu0wHeJzKLpFAhvlMCtSbHGq6yF8Zbh7YTmkPnO9CxFIa ++bJvVxbk6uOaYlvAbUFdC1Bb/wCazDufSi0CFCxkbUeDoTz8xj62FbFP9IqaFW1LL ++4D8G+Y4ZTfZ89z4lXXwoH/r36dUCH0+3nKJpGcDluzDOUHxhI2wLD2m2smH87p4v ++DiRIJCNoAgglH6DJ9InTNbXtfb/NNgtQEV5BBzvCUg8aKbwiY/8TxBfYdZMd26zV ++y1TQ6nQHxDIxKnH0j7X7ILv/VS0PgNLCfvoUG0p4Oc5KpNFL6WWzDimK6AvrttUX ++mWpeufDtOG31WBhA/+m/5g8ViHGXt8pSWMZqBVoOAz8gZvGBOucQKH72DBo2U4HK ++JiPuHnkKQhptKlmL0oDAPV7N0IonanoHM7sMvFtUoy1DqWH02ZPotmBQ/F/jhdV1 ++aD/p0hbj0bP87WGss8MOe1uA/EchLVUoiuvLzZm2X6XmNTPvWpguwySVmvuYOtwf ++RiX9ZYfQYQ81JYwvm3aCT3QbPWJO0I80T3MwBkmMeSCw/6NeC4CI3h4xwVaxuPGz ++6PnQnFLZD7mSXnsz1oKwbDKN95J2woUGQ66FfsjJs0VDEqjiwIYKy8Fz5fPHHa4k ++SGkzovLKEyWay2otE2UAEQEAAYkCNgQYAQgAIBYhBPX2aFyvVVl3HZzLkmGOs2AL ++0y1ZBQJkoXd8AhsMAAoJEGGOs2AL0y1ZMt4P/0MegT1+1OW4OI8rqdrSsmC289QD ++nBdLLNDrVxgVlhvh1SdQSRganixCxwCVufSZOyryhwap6Qd5qUBO8aB3kXqAR0y3 ++bJl//9wnnu49bO+y42B/SKP0xDKlJTkEsO5D3haH3mr+JutEXvlNfTrnO6UZ4dhZ ++5XNtppFLSEZLHuuFKp51vx0UjCvB/OxyoG9NGDrw+SypYwzbG3rxu9CnANAYjuhC ++k/AS37/7FP1nYXzrajKVqmKy+/PvlBSTjxVXqjRKHKiHq26P5POkogwkEslduhZe ++2AZkM1nat/SYYCmM9YPxo+JSnoqHEn+v7WWP7XwEREtkC1I1QzFtltwxV05+7YQI ++y1k58oOlYy7Tat+Z2cRVwJ0mQX0mUbEsDNGCjovo7/bnplXSmeJpQXVqz0zwJTPx ++7JyyInMtXkj+4yfunsVZjGj03eRsrGnzqcOaQItQSIc7pG82wRciVaUY/a2ZV/b/ ++jX2h03FgEQpC2d6x1PmEybNqc/dqlw+Bp3uEFVRHafmlEzfjAFUA0yGnH/aZhuf6 ++1FyyrUsV6qRmpDHR+OhMCmbT563JoKMIcHxOHOKzYDi1f41D4sup/lIqD3CZ27bl ++9Yo6qcwO1C6W39tJ/s9c/GVttNrGvEpMf/Z3ATAPDyBPRyaR737PWEd3+diDOBNp ++IiMBlLMLXidsum+0 ++=duuK ++-----END PGP PUBLIC KEY BLOCK----- +-- +2.40.1 + diff --git a/package.yml b/package.yml --- a/package.yml +++ b/package.yml @@ -1,6 +1,6 @@ name : isoimagewriter version : 1.0.0 -release : 1 +release : 2 source : - https://cdn.download.kde.org/stable/isoimagewriter/1.0.0/isoimagewriter-1.0.0.tar.xz : a69022303ec1beb6b7b4f0d68e59e4199d3c9868767cb9eb23c6dd1999e06a5d license : GPL-3.0-or-later @@ -18,6 +18,8 @@ - kwidgetsaddons-devel - solid-devel setup : | + %patch -p1 < $pkgfiles/0001-isoverifier-Remove-hardcoded-ubuntu-ism-in-verifyWit.patch + %patch -p1 < $pkgfiles/0002-isoverifier-Add-support-for-verifying-Solus-ISOs.patch %cmake_ninja build : | %ninja_build diff --git a/pspec_x86_64.xml b/pspec_x86_64.xml --- a/pspec_x86_64.xml +++ b/pspec_x86_64.xml @@ -2,8 +2,8 @@ isoimagewriter - Troy Harvey - harveydevel@gmail.com + Joey Riches + josephriches@gmail.com GPL-3.0-or-later system.utils @@ -23,6 +23,7 @@ /usr/share/applications/org.kde.isoimagewriter.desktop /usr/share/isoimagewriter/arch-signing-key.gpg /usr/share/isoimagewriter/neon-signing-key.gpg + /usr/share/isoimagewriter/solus-signing-key.gpg /usr/share/isoimagewriter/ubuntu-signing-key.gpg /usr/share/locale/ca/LC_MESSAGES/isoimagewriter.mo /usr/share/locale/ca@valencia/LC_MESSAGES/isoimagewriter.mo @@ -64,12 +65,12 @@ - - 2023-06-02 + + 2023-07-10 1.0.0 Packaging update - Troy Harvey - harveydevel@gmail.com + Joey Riches + josephriches@gmail.com \ No newline at end of file