Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package sdbootutil for openSUSE:Factory
checked in at 2025-04-24 17:25:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sdbootutil (Old)
and /work/SRC/openSUSE:Factory/.sdbootutil.new.30101 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sdbootutil"
Thu Apr 24 17:25:26 2025 rev:59 rq:1272321 version:1+git20250423.61ca94f
Changes:
--------
--- /work/SRC/openSUSE:Factory/sdbootutil/sdbootutil.changes 2025-04-22
17:26:23.958337888 +0200
+++ /work/SRC/openSUSE:Factory/.sdbootutil.new.30101/sdbootutil.changes
2025-04-24 17:25:42.949843741 +0200
@@ -1,0 +2,13 @@
+Wed Apr 23 19:15:22 UTC 2025 - Alberto Planas Dominguez <apla...@suse.com>
+
+- Update to version 1+git20250423.61ca94f:
+ * Revert "Use filesystem order in grub2-bls" (bsc#1241046)
+
+-------------------------------------------------------------------
+Wed Apr 23 13:15:56 UTC 2025 - Alberto Planas Dominguez <apla...@suse.com>
+
+- Update to version 1+git20250423.7e34390:
+ * Check if TPM2 is in lockout (bsc#1241168)
+ * Retry password when mismatch
+
+-------------------------------------------------------------------
Old:
----
sdbootutil-1+git20250421.7ffd25a.obscpio
New:
----
sdbootutil-1+git20250423.61ca94f.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sdbootutil.spec ++++++
--- /var/tmp/diff_new_pack.p67bqz/_old 2025-04-24 17:25:43.917884362 +0200
+++ /var/tmp/diff_new_pack.p67bqz/_new 2025-04-24 17:25:43.921884530 +0200
@@ -17,7 +17,7 @@
Name: sdbootutil
-Version: 1+git20250421.7ffd25a
+Version: 1+git20250423.61ca94f
Release: 0
Summary: bootctl wrapper for BLS boot loaders
License: MIT
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.p67bqz/_old 2025-04-24 17:25:43.957886041 +0200
+++ /var/tmp/diff_new_pack.p67bqz/_new 2025-04-24 17:25:43.961886209 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/openSUSE/sdbootutil.git</param>
- <param
name="changesrevision">7ffd25a7fc661511d0305a855d045c5e77306d5a</param></service></servicedata>
+ <param
name="changesrevision">61ca94f3f22d7d39df828fe72c69146f28bfdc26</param></service></servicedata>
(No newline at EOF)
++++++ sdbootutil-1+git20250421.7ffd25a.obscpio ->
sdbootutil-1+git20250423.61ca94f.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sdbootutil-1+git20250421.7ffd25a/sdbootutil
new/sdbootutil-1+git20250423.61ca94f/sdbootutil
--- old/sdbootutil-1+git20250421.7ffd25a/sdbootutil 2025-04-21
15:33:39.000000000 +0200
+++ new/sdbootutil-1+git20250423.61ca94f/sdbootutil 2025-04-23
21:13:46.000000000 +0200
@@ -373,12 +373,13 @@
local pw1 pw2
ask_password "New $msg" pw1
ask_password "Re-type $msg" pw2
- if [ "$pw1" = "$pw2" ]; then
- # shellcheck disable=SC2034
- nameref_pw="$pw1"
- else
- error "Inputs did't match!"
- fi
+ while [ "$pw1" != "$pw2" ]; do
+ warn "Inputs did't match!"
+ ask_password "New $msg" pw1
+ ask_password "Re-type $msg" pw2
+ done
+ # shellcheck disable=SC2034
+ nameref_pw="$pw1"
}
subvol_is_ro()
@@ -2206,18 +2207,15 @@
local base="${2:-$boot_root}"
local locks=()
local n=0
- # GRUB2 is reading the files in filesystem order, so we cannot
- # iterate naturally the directory
- while read -r i; do
- [[ "$i" == *.conf ]] || continue
+ for i in "$base"/loader/entries/*.conf; do
n=$((n+1))
pcrlock \
lock-raw \
--pcr=9 \
--pcrlock="$tmpdir/entry-$n.pcrlock" \
- "$base/loader/entries/$i"
+ "$i"
locks+=("$tmpdir/entry-$n.pcrlock")
- done < <(ls -U "$base"/loader/entries)
+ done
mkdir -p /var/lib/pcrlock.d/643-grub2-bls-entry-files.pcrlock.d
jq --slurp '{"records": [.[].records[0]]}' \
"${locks[@]}" \
@@ -2761,6 +2759,7 @@
{
[ -e /etc/crypttab ] || return 0
grep -q "tpm2-device" /etc/crypttab || return 0
+ ! in_lockout || err "The TPM2 is in lockout. Use
'tpm2_dictionarylockout -c [ -p passwd ]' to continue"
# The PCR list is used by both models (pcr-oracle,
# systemd-pcrlock). The first one will try first to get the
@@ -2829,6 +2828,12 @@
grep -q "$kind" < <(systemd-cryptenroll "$dev")
}
+in_lockout()
+{
+ hash tpm2_getcap &> /dev/null || { warn "tpm2_getcap not found"; return
1; }
+ tpm2_getcap properties-variable | grep -q 'inLockout: *1'
+}
+
add_crypttab_option()
{
# This version will share the same options for all crypto_LUKS
@@ -3193,6 +3198,7 @@
case "$arg_method" in
"tpm2"|"tpm2+pin")
have_tpm2 || err "No TPM2 found found"
+ ! in_lockout || err "The TPM2 is in lockout. Use
'tpm2_dictionarylockout -c [ -p passwd ]' to continue"
add_crypttab_option 'tpm2-device=auto'
add_crypttab_option 'tpm2-measure-pcr=yes'
;;
++++++ sdbootutil.obsinfo ++++++
--- /var/tmp/diff_new_pack.p67bqz/_old 2025-04-24 17:25:44.073890909 +0200
+++ /var/tmp/diff_new_pack.p67bqz/_new 2025-04-24 17:25:44.073890909 +0200
@@ -1,5 +1,5 @@
name: sdbootutil
-version: 1+git20250421.7ffd25a
-mtime: 1745242419
-commit: 7ffd25a7fc661511d0305a855d045c5e77306d5a
+version: 1+git20250423.61ca94f
+mtime: 1745435626
+commit: 61ca94f3f22d7d39df828fe72c69146f28bfdc26
