Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package aeon-check for openSUSE:Factory checked in at 2025-01-05 15:30:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/aeon-check (Old) and /work/SRC/openSUSE:Factory/.aeon-check.new.1881 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "aeon-check" Sun Jan 5 15:30:42 2025 rev:3 rq:1234760 version:1.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/aeon-check/aeon-check.changes 2024-11-04 22:42:26.808078916 +0100 +++ /work/SRC/openSUSE:Factory/.aeon-check.new.1881/aeon-check.changes 2025-01-05 15:30:56.124970284 +0100 @@ -1,0 +2,6 @@ +Fri Jan 03 15:48:00 UTC 2025 - [email protected] + +- Update to version 1.0.3: + * boo#1234234 - correct PCR list for Aeon FDE + +------------------------------------------------------------------- Old: ---- aeon-check-1.0.2.obscpio New: ---- aeon-check-1.0.3.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ aeon-check.spec ++++++ --- /var/tmp/diff_new_pack.8dA3Jo/_old 2025-01-05 15:30:56.628991014 +0100 +++ /var/tmp/diff_new_pack.8dA3Jo/_new 2025-01-05 15:30:56.632991179 +0100 @@ -1,7 +1,7 @@ # # spec file for package aeon-check # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: aeon-check -Version: 1.0.2 +Version: 1.0.3 Release: 0 Summary: Aeon Check and Repair Tool License: MIT ++++++ _service ++++++ --- /var/tmp/diff_new_pack.8dA3Jo/_old 2025-01-05 15:30:56.656992166 +0100 +++ /var/tmp/diff_new_pack.8dA3Jo/_new 2025-01-05 15:30:56.660992330 +0100 @@ -3,7 +3,7 @@ <service name="obs_scm" mode="manual"> <param name="url">https://github.com/AeonDesktop/aeon-check.git</param> <param name="scm">git</param> - <param name="revision">v1.0.2</param> + <param name="revision">v1.0.3</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">enable</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ aeon-check-1.0.2.obscpio -> aeon-check-1.0.3.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aeon-check-1.0.2/aeon-check new/aeon-check-1.0.3/aeon-check --- old/aeon-check-1.0.2/aeon-check 2024-11-04 10:23:01.000000000 +0100 +++ new/aeon-check-1.0.3/aeon-check 2025-01-03 16:33:06.000000000 +0100 @@ -11,6 +11,9 @@ exec 1>>/var/log/aeon-check.log 2>&1 boo1228416() { + # Problem: boo1228416. TPM2 using pcr hashes not pcrlock + # Solution: Configure and enrol pcrlock for FDE + # Determine root device rootdev=/dev/$(dmsetup deps -o devname /dev/mapper/aeon_root | cut -d '(' -f2 | cut -d ')' -f1) # Check for failure conditions @@ -43,4 +46,22 @@ fi } -boo1228416 \ No newline at end of file +boo1234234() { + # Problem: boo1234234 and related bugs. TPM2 enrolments failing because PCR0 invalidated by firmware updates. + # Solution: Stop measuring PCR0 and update-predictions with the reduced PCR list + + # Only run if fde-tools is configured + if test -e /etc/sysconfig/fde-tools ; then + . /etc/sysconfig/fde-tools + + if [ "${FDE_SEAL_PCR_LIST}" = "0,4,5,7,9" ]; then + echo "boo1234234 detected - PCR0 measured for TPM FDE sealing - correcting" + echo "FDE_SEAL_PCR_LIST=4,5,7,9" > /etc/sysconfig/fde-tools + sdbootutil -v update-predictions + echo "boo1234234 corrected" + fi + fi +} + +boo1228416 +boo1234234 \ No newline at end of file ++++++ aeon-check.obsinfo ++++++ --- /var/tmp/diff_new_pack.8dA3Jo/_old 2025-01-05 15:30:56.756996279 +0100 +++ /var/tmp/diff_new_pack.8dA3Jo/_new 2025-01-05 15:30:56.760996444 +0100 @@ -1,5 +1,5 @@ name: aeon-check -version: 1.0.2 -mtime: 1730712181 -commit: 2fba374a53baf36431b2091d12c542ab228ce436 +version: 1.0.3 +mtime: 1735918386 +commit: b86342cc45815e71a988c964774d8ffd34d3c6db
