Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package skelcd-control-MicroOS for openSUSE:Factory checked in at 2021-03-24 16:11:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/skelcd-control-MicroOS (Old) and /work/SRC/openSUSE:Factory/.skelcd-control-MicroOS.new.2401 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "skelcd-control-MicroOS" Wed Mar 24 16:11:13 2021 rev:16 rq:880745 version:20210323.2 Changes: -------- --- /work/SRC/openSUSE:Factory/skelcd-control-MicroOS/skelcd-control-MicroOS.changes 2020-12-01 14:21:23.725503017 +0100 +++ /work/SRC/openSUSE:Factory/.skelcd-control-MicroOS.new.2401/skelcd-control-MicroOS.changes 2021-03-24 16:11:13.383830134 +0100 @@ -1,0 +2,41 @@ +Tue Mar 23 11:11:40 EDT 2021 - Neal Gompa <ngomp...@gmail.com> + +- Replace installing AppArmor patterns with SELinux ones to + work around broken yast-security behavior (boo#1183804) +- Enable SELinux again (jsc#SMO-20) +- 20210323.2 + +------------------------------------------------------------------- +Tue Mar 23 09:48:31 EDT 2021 - Neal Gompa <ngomp...@gmail.com> + +- Install AppArmor patterns again and temporarily revert enabling + SELinux by default to unblock other MicroOS stuff (boo#1183804) +- 20210323.1 + +------------------------------------------------------------------- +Tue Mar 23 07:28:11 EDT 2021 - Neal Gompa <ngomp...@gmail.com> + +- Stop force-installing AppArmor (boo#1183894) +- 20210323 + +------------------------------------------------------------------- +Mon Mar 22 23:28:11 CEST 2021 - Dario Faggioli <dfaggi...@suse.com> + +- Enable COW for /home on GNOME and KDE Desktop +- 20210322 + +------------------------------------------------------------------- +Mon Mar 1 21:13:55 UTC 2021 - David Diaz <dgonza...@suse.com> + +- Set SELinux enforcing mode by default (jsc#SMO-20) . +- Use the new security proposal client (jsc#SLE-15840, + jsc#SLE-17307). +- 20210303 + +------------------------------------------------------------------- +Mon Feb 22 21:45:19 EST 2021 - Neal Gompa <ngomp...@gmail.com> + +- Declare package manager patterns for each MicroOS role (boo#1182803) +- 20210222 + +------------------------------------------------------------------- Old: ---- skelcd-control-MicroOS-20201126.tar.bz2 New: ---- skelcd-control-MicroOS-20210323.2.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ skelcd-control-MicroOS.spec ++++++ --- /var/tmp/diff_new_pack.HKgwuJ/_old 2021-03-24 16:11:14.179830970 +0100 +++ /var/tmp/diff_new_pack.HKgwuJ/_new 2021-03-24 16:11:14.187830978 +0100 @@ -1,7 +1,7 @@ # # spec file for package skelcd-control-MicroOS # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -118,7 +118,7 @@ URL: https://github.com/yast/skelcd-control-MicroOS AutoReqProv: off -Version: 20201126 +Version: 20210323.2 Release: 0 Summary: The MicroOS control file needed for installation License: MIT ++++++ skelcd-control-MicroOS-20201126.tar.bz2 -> skelcd-control-MicroOS-20210323.2.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/skelcd-control-MicroOS-20201126/.github/workflows/ci.yml new/skelcd-control-MicroOS-20210323.2/.github/workflows/ci.yml --- old/skelcd-control-MicroOS-20201126/.github/workflows/ci.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/skelcd-control-MicroOS-20210323.2/.github/workflows/ci.yml 2021-03-23 16:18:36.000000000 +0100 @@ -0,0 +1,26 @@ + +# See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions + +name: CI + +on: [push, pull_request] + +jobs: + Package: + runs-on: ubuntu-latest + container: registry.opensuse.org/yast/head/containers/yast-ruby:latest + + steps: + + - name: Git Checkout + uses: actions/checkout@v2 + + - name: Install Prerequisites + run: rake build_dependencies:install + + # just for easier debugging... + - name: Inspect Installed Packages + run: rpm -qa | sort + + - name: Package Build + run: yast-ci-ruby -o package diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/skelcd-control-MicroOS-20201126/README.md new/skelcd-control-MicroOS-20210323.2/README.md --- old/skelcd-control-MicroOS-20201126/README.md 2020-11-26 15:49:12.000000000 +0100 +++ new/skelcd-control-MicroOS-20210323.2/README.md 2021-03-23 16:18:36.000000000 +0100 @@ -1,6 +1,9 @@ skelcd-control-MicroOS =================== +[![Workflow Status](https://github.com/yast/skelcd-control-MicroOS/workflows/CI/badge.svg?branch=master)]( +https://github.com/yast/skelcd-control-MicroOS/actions?query=branch%3Amaster) + Installation control file for openSUSE MicroOS See also the [documentation for the `control.xml` file][1]. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/skelcd-control-MicroOS-20201126/control/control.MicroOS.xml new/skelcd-control-MicroOS-20210323.2/control/control.MicroOS.xml --- old/skelcd-control-MicroOS-20201126/control/control.MicroOS.xml 2020-11-26 15:49:12.000000000 +0100 +++ new/skelcd-control-MicroOS-20210323.2/control/control.MicroOS.xml 2021-03-23 16:18:36.000000000 +0100 @@ -70,6 +70,15 @@ <!-- bnc #431158: Adjusts /etc/sysconfig/security/POLKIT_DEFAULT_PRIVS if set --> <polkit_default_privs>restrictive</polkit_default_privs> + <!-- Set SELinux enforcing mode by default --> + <selinux> + <mode>enforcing</mode> + <configurable config:type="boolean">true</configurable> + <!-- There are two SELinux patterns available, "selinux" and "microos_selinux". + The latest has been chosen because its similarity with the one used on + SLE Micro, "microos-selinux" --> + <patterns>microos_selinux</patterns> + </selinux> </globals> <software> @@ -78,7 +87,7 @@ <selection_type config:type="symbol">auto</selection_type> - <default_patterns>microos_base microos_defaults microos_hardware</default_patterns> + <default_patterns>microos_base microos_base_zypper microos_defaults microos_hardware</default_patterns> <!-- bnc#876760: Explicitly selecting these (optional) patterns by default if they exist --> <optional_default_patterns>32bit</optional_default_patterns> @@ -224,7 +233,7 @@ <id>container_host_role</id> <software> - <default_patterns>microos_base microos_defaults microos_hardware microos_apparmor container_runtime</default_patterns> + <default_patterns>microos_base microos_base_zypper microos_defaults microos_hardware microos_selinux container_runtime</default_patterns> </software> <order config:type="integer">200</order> @@ -242,7 +251,7 @@ <network_manager>always</network_manager> </network> <software> - <default_patterns>microos_base microos_defaults microos_hardware microos_apparmor microos_gnome_desktop container_runtime</default_patterns> + <default_patterns>microos_base microos_base_packagekit microos_defaults microos_hardware microos_selinux microos_gnome_desktop container_runtime</default_patterns> </software> <partitioning> <expert_partitioner_warning config:type="boolean">true</expert_partitioner_warning> @@ -285,7 +294,6 @@ </subvolume> <subvolume> <path>home</path> - <copy_on_write config:type="boolean">false</copy_on_write> </subvolume> <subvolume> <path>opt</path> @@ -349,7 +357,7 @@ <network_manager>always</network_manager> </network> <software> - <default_patterns>microos_base microos_defaults microos_hardware microos_apparmor microos_kde_desktop container_runtime</default_patterns> + <default_patterns>microos_base microos_base_packagekit microos_defaults microos_hardware microos_selinux microos_kde_desktop container_runtime</default_patterns> </software> <partitioning> <expert_partitioner_warning config:type="boolean">true</expert_partitioner_warning> @@ -392,7 +400,6 @@ </subvolume> <subvolume> <path>home</path> - <copy_on_write config:type="boolean">false</copy_on_write> </subvolume> <subvolume> <path>opt</path> @@ -597,6 +604,11 @@ <name>software</name> <presentation_order>20</presentation_order> </proposal_module> + <!-- Security proposal including firewall, CPU mitigation, SELinux and PolicyKit --> + <proposal_module> + <name>security</name> + <presentation_order>50</presentation_order> + </proposal_module> </proposal_modules> </proposal> @@ -640,8 +652,9 @@ <name>default_target</name> <presentation_order>75</presentation_order> </proposal_module> + <!-- Security proposal including firewall, CPU mitigation, SELinux and PolicyKit --> <proposal_module> - <name>firewall</name> + <name>security</name> <presentation_order>50</presentation_order> </proposal_module> </proposal_modules> @@ -690,9 +703,9 @@ <name>default_target</name> <presentation_order>70</presentation_order> </proposal_module> - <!-- FaTE #303859 - simple network (in fact firewall) cfg in 1st stage --> + <!-- Security proposal including firewall, CPU mitigation, SELinux and PolicyKit --> <proposal_module> - <name>firewall</name> + <name>security</name> <presentation_order>99</presentation_order> </proposal_module> <!-- Fate #319624 - proposal and dialog for existing SSH host keys --> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/skelcd-control-MicroOS-20201126/package/skelcd-control-MicroOS.changes new/skelcd-control-MicroOS-20210323.2/package/skelcd-control-MicroOS.changes --- old/skelcd-control-MicroOS-20201126/package/skelcd-control-MicroOS.changes 2020-11-26 15:49:12.000000000 +0100 +++ new/skelcd-control-MicroOS-20210323.2/package/skelcd-control-MicroOS.changes 2021-03-23 16:18:36.000000000 +0100 @@ -1,4 +1,45 @@ ------------------------------------------------------------------- +Tue Mar 23 11:11:40 EDT 2021 - Neal Gompa <ngomp...@gmail.com> + +- Replace installing AppArmor patterns with SELinux ones to + work around broken yast-security behavior (boo#1183804) +- Enable SELinux again (jsc#SMO-20) +- 20210323.2 + +------------------------------------------------------------------- +Tue Mar 23 09:48:31 EDT 2021 - Neal Gompa <ngomp...@gmail.com> + +- Install AppArmor patterns again and temporarily revert enabling + SELinux by default to unblock other MicroOS stuff (boo#1183804) +- 20210323.1 + +------------------------------------------------------------------- +Tue Mar 23 07:28:11 EDT 2021 - Neal Gompa <ngomp...@gmail.com> + +- Stop force-installing AppArmor (boo#1183894) +- 20210323 + +------------------------------------------------------------------- +Mon Mar 22 23:28:11 CEST 2021 - Dario Faggioli <dfaggi...@suse.com> + +- Enable COW for /home on GNOME and KDE Desktop +- 20210322 + +------------------------------------------------------------------- +Mon Mar 1 21:13:55 UTC 2021 - David Diaz <dgonza...@suse.com> + +- Set SELinux enforcing mode by default (jsc#SMO-20) . +- Use the new security proposal client (jsc#SLE-15840, + jsc#SLE-17307). +- 20210303 + +------------------------------------------------------------------- +Mon Feb 22 21:45:19 EST 2021 - Neal Gompa <ngomp...@gmail.com> + +- Declare package manager patterns for each MicroOS role (boo#1182803) +- 20210222 + +------------------------------------------------------------------- Thu Nov 26 13:21:56 CEST 2020 - Richard Brown <rbr...@suse.de> - Correct MicroOS Desktop Polkit rules (boo#1163453) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/skelcd-control-MicroOS-20201126/package/skelcd-control-MicroOS.spec new/skelcd-control-MicroOS-20210323.2/package/skelcd-control-MicroOS.spec --- old/skelcd-control-MicroOS-20201126/package/skelcd-control-MicroOS.spec 2020-11-26 15:49:12.000000000 +0100 +++ new/skelcd-control-MicroOS-20210323.2/package/skelcd-control-MicroOS.spec 2021-03-23 16:18:36.000000000 +0100 @@ -118,7 +118,7 @@ Url: https://github.com/yast/skelcd-control-MicroOS AutoReqProv: off -Version: 20201126 +Version: 20210323.2 Release: 0 Summary: The MicroOS control file needed for installation License: MIT