Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package rubygem-agama-yast for openSUSE:Factory checked in at 2026-05-07 15:43:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-agama-yast (Old) and /work/SRC/openSUSE:Factory/.rubygem-agama-yast.new.1966 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-agama-yast" Thu May 7 15:43:30 2026 rev:42 rq:1350960 version:20.devel269.73cf33d8f Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-agama-yast/rubygem-agama-yast.changes 2026-04-16 18:46:03.923142387 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-agama-yast.new.1966/rubygem-agama-yast.changes 2026-05-07 15:44:03.916888734 +0200 @@ -1,0 +2,6 @@ +Fri Apr 17 10:29:38 UTC 2026 - José Iván López González <[email protected]> + +- Add support for configuring pervasive encryption APQNs and key + type (gh#agama-project/agama#3384). + +------------------------------------------------------------------- Old: ---- agama-yast-19.devel319.fca55b0ac.gem New: ---- agama-yast-20.devel269.73cf33d8f.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ agama-yast.spec ++++++ --- /var/tmp/diff_new_pack.Evh2SH/_old 2026-05-07 15:44:05.860968550 +0200 +++ /var/tmp/diff_new_pack.Evh2SH/_new 2026-05-07 15:44:05.884969535 +0200 @@ -17,7 +17,7 @@ Name: agama-yast -Version: 19.devel319.fca55b0ac +Version: 20.devel269.73cf33d8f Release: 0 %define mod_name agama-yast %define mod_full_name %{mod_name}-%{version} ++++++ rubygem-agama-yast.spec ++++++ --- /var/tmp/diff_new_pack.Evh2SH/_old 2026-05-07 15:44:06.320987436 +0200 +++ /var/tmp/diff_new_pack.Evh2SH/_new 2026-05-07 15:44:06.344988423 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-agama-yast -Version: 19.devel319.fca55b0ac +Version: 20.devel269.73cf33d8f Release: 0 %define mod_name agama-yast %define mod_full_name %{mod_name}-%{version} ++++++ agama-yast-19.devel319.fca55b0ac.gem -> agama-yast-20.devel269.73cf33d8f.gem ++++++ Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/agama/dbus/service_status.rb new/lib/agama/dbus/service_status.rb --- old/lib/agama/dbus/service_status.rb 1980-01-02 01:00:00.000000000 +0100 +++ new/lib/agama/dbus/service_status.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,98 +0,0 @@ -# frozen_string_literal: true - -# Copyright (c) [2022-2025] SUSE LLC -# -# All Rights Reserved. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of version 2 of the GNU General Public License as published -# by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for -# more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, contact SUSE LLC. -# -# To contact SUSE LLC about this file by physical or electronic mail, you may -# find current contact information at www.suse.com. - -module Agama - module DBus - # Represents the status of a Agama service and allows to configure callbacks to be called when - # the status value changes - class ServiceStatus - # Possible values of the service status - IDLE = "idle" - BUSY = "busy" - - # Constructor - # - # The service status is initialized as idle. - def initialize - @value = IDLE - @on_change_callbacks = [] - end - - # Whether the current service status value is busy - # - # @return [Boolean] - def busy? - value == BUSY - end - - # Changes the service status value to idle - # - # @note Callbacks are called. - # - # @return [self] - def idle - change_to(IDLE) - self - end - - # Changes the service status value to busy - # - # @note Callbacks are called. - # - # @return [self] - def busy - change_to(BUSY) - self - end - - # Sets the service status to busy meanwhile the given block is running - # - # @param block [Proc] - # @return [Object] the result of the given block - def busy_while(&block) - busy - block.call - ensure - idle - end - - # Registers a callback to be called when the service status changes - # - # @param block [Proc] - def on_change(&block) - @on_change_callbacks << block - end - - private - - # @return [IDLE, BUSY] - attr_reader :value - - # Changes the current service status value and runs the callbacks - # - # @param value [IDLE, BUSY] - def change_to(value) - @value = value - @on_change_callbacks.each(&:call) - end - end - end -end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/agama/dbus/with_path_generator.rb new/lib/agama/dbus/with_path_generator.rb --- old/lib/agama/dbus/with_path_generator.rb 1980-01-02 01:00:00.000000000 +0100 +++ new/lib/agama/dbus/with_path_generator.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,98 +0,0 @@ -# frozen_string_literal: true - -# Copyright (c) [2023] SUSE LLC -# -# All Rights Reserved. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of version 2 of the GNU General Public License as published -# by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for -# more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, contact SUSE LLC. -# -# To contact SUSE LLC about this file by physical or electronic mail, you may -# find current contact information at www.suse.com. - -require "dbus/object_path" -require "pathname" - -module Agama - module DBus - # Mixin for creating D-Bus path of dynamically exported objects - # - # @example - # class Test1 - # include WithPathGenerator - # path_generator "/test1/objects" - # end - # - # class Test2 - # include WithPathGenerator - # path_generator "/test2", "object" - # end - # - # test1.next_path #=> "/test1/objects/1" - # test1.next_path #=> "/test1/objects/2" - # - # test2.next_path #=> "/test2/object1" - # test2.next_path #=> "/test2/object2" - module WithPathGenerator - # Generates the next based on the configuration of the path generator - # - # @return [::DBus::ObjectPath] - def next_path - self.class.next_path - end - - def self.included(base) - base.extend ClassMethods - end - - # Define class methods - module ClassMethods - def next_path - raise "path_generator not configured yet" unless @path_generator - - @path_generator.next - end - - # Configures the path generator - # - # @param base_path [String] - # @param base_name [String] - def path_generator(base_path, base_name = "") - @path_generator = PathGenerator.new(base_path, base_name) - end - - # Class for generating an object path - class PathGenerator - def initialize(base_path, base_name) - @base_path = base_path - @base_name = base_name - end - - def next - path = Pathname.new(@base_path).join(@base_name + next_id.to_s) - ::DBus::ObjectPath.new(path.to_s) - end - - private - - # Generates the next id - # - # @return [Integer] - def next_id - @last_id ||= 0 - @last_id += 1 - end - end - end - end - end -end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/agama/ipmi.rb new/lib/agama/ipmi.rb --- old/lib/agama/ipmi.rb 1980-01-02 01:00:00.000000000 +0100 +++ new/lib/agama/ipmi.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,118 +0,0 @@ -# frozen_string_literal: true - -# Copyright (c) [2025] SUSE LLC -# -# All Rights Reserved. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of version 2 of the GNU General Public License as published -# by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for -# more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, contact SUSE LLC. -# -# To contact SUSE LLC about this file by physical or electronic mail, you may -# find current contact information at www.suse.com. - -require "yast" -require "agama/config" -require "tempfile" - -module Agama - # Class for very basic IPMI support - # - # Use for reporting current installer state to IPMI. - # - # Implemented: - # * STARTED - # * FAILED - # * FINISHED - # * ABORTED - class Ipmi - # @return [Logger] - attr_reader :logger - - def initialize(logger) - @logger = logger - - logger.info("IPMI available: #{available?}") - end - - def started - command(IPMI_STARTED) - end - - def finished - command(IPMI_FINISHED) - end - - def aborted - command(IPMI_ABORTED) - end - - def failed - command(IPMI_FAILED) - end - - private - - # See the body of #command for specification links - IPMI_STARTED = 0x7 - IPMI_FINISHED = 0x8 - IPMI_ABORTED = 0x9 - IPMI_FAILED = 0xA - - def available? - # Check whether we have a ipmi device and tool to use it. - # ipmi0 is used as a default in ipmitool - File.exist?("/dev/ipmi0") && File.exist?("/usr/bin/ipmitool") - end - - # Sends an event to IPMI when /dev/ipmi0 device is available - # - # Events are 7B long but differs only in the command code. - # - # @param code [Byte] one byte in hex - def command(code) - return if !available? - - # ipmitool wants to read events from a file, not possible to - # pass it directly as an argument - file = Tempfile.new("agama-ipmi") - - # man ipmitool: - # - # The format of each line in the file is as follows: - # <{EvM Revision} {Sensor Type} {Sensor Num} {Event Dir/Type} - # {Event Data 0} {Event Data 1} {Event Data 2}>[# COMMENT] - # ... - # EvM Revision - The "Event Message Revision" is 0x04 for messages that - # comply with the IPMI 2.0 Specification - # and 0x03 for messages that comply with the IPMI 1.0 Specification. - # Sensor Type - Indicates the Event Type or Class. - # Sensor Num - Represents the 'sensor' within the management controller - # that generated the Event Message. - # Event Dir/Type - This field is encoded with the event direction as the high bit (bit 7) - # and the event type as the low 7 bits. Event direction is - # 0 for an assertion event and 1 for a deassertion event. - - # https://www.intel.com/content/www/us/en/products/docs/servers/ipmi/ipmi-second-gen-interface-spec-v2-rev1-1.html - # - # 42.2 Sensor Type Codes and Data (page 512) - # Sensor Type: 0x1f, Base OS Boot / Installation Status - # - # Event Type: 0x6f, Sensor-specific (page 503) - file.write("0x4 0x1F 0x0 0x6f 0x#{code.to_s(16)} 0x0 0x0\n") - file.close - - system("ipmitool event file #{file.path}") - - file.unlink - end - end -end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/agama/ssl/certificate.rb new/lib/agama/ssl/certificate.rb --- old/lib/agama/ssl/certificate.rb 1980-01-02 01:00:00.000000000 +0100 +++ new/lib/agama/ssl/certificate.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,262 +0,0 @@ -# frozen_string_literal: true - -require "openssl" -require "suse/connect" -require "yast2/execute" -require "agama/ssl/fingerprint" -require "agama/ssl/certificate_details" - -module Agama - module SSL - # class handling SSL certificate - class Certificate - include Yast::Logger - - Yast.import "Stage" - Yast.import "Installation" - - # Path to the registration certificate in the instsys - INSTSYS_CERT_DIR = "/etc/pki/trust/anchors" - INSTSYS_SERVER_CERT_FILE = File.join(INSTSYS_CERT_DIR, "registration_server.pem").freeze - # Path to system CA certificates - CA_CERTS_DIR = "/var/lib/ca-certificates" - - # all used certificate paths, this is used during upgrade to import - # the old certificate into the inst-sys, put the older paths at the end - # so the newer paths are checked first - PATHS = [ - # the YaST (SUSEConnect) current default path - # /etc/pki/trust/anchors/registration_server.pem - SUSE::Connect::YaST::SERVER_CERT_FILE, - # old location of the certificate (before moved to /etc) - # https://bugzilla.suse.com/show_bug.cgi?id=1130864 - "/usr/share/pki/trust/anchors/registration_server.pem", - # RMT certificate - # https://github.com/SUSE/rmt/blob/b240ce577bd1637cfb57548f2741a1925cf3e4ee/public/tools/rmt-client-setup#L214 - "/etc/pki/trust/anchors/rmt-server.pem", - # SMT certificate - # https://github.com/SUSE/smt/blob/SMT12/script/clientSetup4SMT.sh#L245 - "/etc/pki/trust/anchors/registration-server.pem", - # the SLE11 path (for both YaST and the clientSetup4SMT.sh script) - # https://github.com/yast/yast-registration/blob/Code-11-SP3/src/modules/Register.ycp#L296-L297 - "/etc/ssl/certs/registration-server.pem" - ].freeze - - attr_reader :x509_cert - - # Path to store the certificate of the registration server - # - # @return [String] Path to store the certificate - def self.default_certificate_path - INSTSYS_SERVER_CERT_FILE - end - - def initialize(x509_cert) - @x509_cert = x509_cert - end - - def self.load_file(file) - load(File.read(file)) - end - - def self.load(data) - cert = OpenSSL::X509::Certificate.new(data) - Certificate.new(cert) - end - - def self.download(url, insecure: false) - # TODO - # result = Downloader.download(url, insecure: insecure) - # load(result) - end - - # Path to temporal CA certificates (to be used only in instsys) - TMP_CA_CERTS_DIR = "/var/lib/YaST2/ca-certificates" - - # Update instys CA certificates - # - # update-ca-certificates script cannot be used in inst-sys. - # See bsc#981428 and bsc#989787. - # - # @return [Boolean] true if update was successful; false otherwise. - # - # @see CA_CERTS_DIR - # @see TMP_CA_CERTS_DIR - def self.update_instsys_ca - FileUtils.mkdir_p(TMP_CA_CERTS_DIR) - # Extract system certs in openssl and pem formats - Yast::Execute.locally("trust", "extract", "--format=openssl-directory", - "--filter=ca-anchors", "--overwrite", File.join(TMP_CA_CERTS_DIR, "openssl")) - Yast::Execute.locally("trust", "extract", "--format=pem-directory-hash", - "--filter=ca-anchors", "--overwrite", File.join(TMP_CA_CERTS_DIR, "pem")) - - # Copy certificates/links - new_files = [] - ["pem", "openssl"].each do |subdir| - files = Dir[File.join(TMP_CA_CERTS_DIR, subdir, "*")] - next if files.empty? - - subdir = File.join(CA_CERTS_DIR, subdir) - FileUtils.mkdir_p(subdir) unless Dir.exist?(subdir) - files.each do |file| - # FileUtils.cp does not seem to allow copying the links without dereferencing them. - Yast::Execute.locally("cp", "--no-dereference", "--preserve=links", file, subdir) - new_files << File.join(subdir, File.basename(file)) - end - end - - # Cleanup - FileUtils.rm_rf(TMP_CA_CERTS_DIR) - - return false if new_files.empty? - - # Reload SUSEConnect internal cert pool (suseconnect-ng only) - SUSE::Connect::SSLCertificate.reload if SUSE::Connect::SSLCertificate.respond_to?(:reload) - - # Check that last file was copied to return true or false - File.exist?(new_files.last) - end - - # certificate serial number (in HEX format, e.g. AB:CD:42:FF...) - def serial - x509_cert.serial.to_s(16).scan(/../).join(":") - end - - def issued_on - x509_cert.not_before.localtime.strftime("%F") - end - - def valid_yet? - Time.now > x509_cert.not_before - end - - def expires_on - x509_cert.not_after.localtime.strftime("%F") - end - - def expired? - Time.now > x509_cert.not_after - end - - def subject_name - find_subject_attribute("CN") - end - - def subject_organization - find_subject_attribute("O") - end - - def subject_organization_unit - find_subject_attribute("OU") - end - - def issuer_name - find_issuer_attribute("CN") - end - - def issuer_organization - find_issuer_attribute("O") - end - - def issuer_organization_unit - find_issuer_attribute("OU") - end - - def match_fingerprint?(fingerp) - fingerp == fingerprint(fingerp.sum) - end - - def fingerprint(sum) - case sum.upcase - when Fingerprint::SHA1 - sha1_fingerprint - when Fingerprint::SHA256 - sha256_fingerprint - else - raise "Unsupported checksum type '#{sum}'" - end - end - - # Import the certificate - # - # Depending if running in installation or in a installed system, - # it will rely on #import_to_instsys or #import_to_system methods. - # - # @return [true] true if import was successful - # - # @raise Connect::SystemCallError - # @raise Cheetah::ExecutionFailed - - # @see #import_to_instsys - def import - import_to_instsys - end - - # Import the certificate to the installation system - # - # This method exists because the procedure to import certificates - # to installation system is slightly different to the one followed - # to import certificates to a installed system. - # - # @param target_path [String] where the imported certificate will be saved, - # the path should contain the INSTSYS_CERT_DIR prefix otherwise it might - # not work correctly. - # @return [Boolean] true if import was successful; false otherwise. - # - # @see update_instsys_ca - def import_to_instsys(target_path = self.class.default_certificate_path) - # Copy certificate - File.write(target_path, x509_cert.to_pem) - - # Update database - self.class.update_instsys_ca - end - - # Log the certificate details - def log_details - require "registration/ssl_certificate_details" - # log also the dates - log.info("#{CertificateDetails.new(self).summary}\n" \ - "Issued on: #{issued_on}\nExpires on: #{expires_on}") - - # log a warning for expired certificate - expires = x509_cert.not_after.localtime - log.warn("The certificate has EXPIRED! (#{expires})") if expires < Time.now - end - - private - - # @param x509_name [OpenSSL::X509::Name] name object - # @param attribute [String] requested attribute name. e.g. "CN" - # @return attribut value or nil if not defined - def find_name_attribute(x509_name, attribute) - # to_a returns an attribute list, e.g.: - # [["CN", "linux", 19], ["emailAddress", "root@...", 22], ["O", "YaST", 19], ...] - _attr, value, _code = x509_name.to_a.find { |a| a.first == attribute } - value - end - - def find_issuer_attribute(attribute) - find_name_attribute(x509_cert.issuer, attribute) - end - - def find_subject_attribute(attribute) - find_name_attribute(x509_cert.subject, attribute) - end - - def sha1_fingerprint - Fingerprint.new( - Fingerprint::SHA1, - ::SUSE::Connect::YaST.cert_sha1_fingerprint(x509_cert) - ) - end - - def sha256_fingerprint - Fingerprint.new( - Fingerprint::SHA256, - ::SUSE::Connect::YaST.cert_sha256_fingerprint(x509_cert) - ) - end - end - end -end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/agama/ssl/certificate_details.rb new/lib/agama/ssl/certificate_details.rb --- old/lib/agama/ssl/certificate_details.rb 1980-01-02 01:00:00.000000000 +0100 +++ new/lib/agama/ssl/certificate_details.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,54 +0,0 @@ -# frozen_string_literal: true - -require "agama/ssl/fingerprint" - -module Agama - module SSL - # class handling SSL certificate details - class CertificateDetails - include Yast::I18n - - # indent size used in summary text - INDENT = " " * 3 - - def initialize(certificate) - textdomain "agama" - @certificate = certificate - end - - def subject - identity_details(certificate.subject_name, certificate.subject_organization, - certificate.subject_organization_unit) - end - - def issuer - identity_details(certificate.issuer_name, certificate.issuer_organization, - certificate.issuer_organization_unit) - end - - def summary - # TRANSLATORS: SSL certificate details - summary = _("Certificate:") + "\n" + _("Issued To") + "\n" + subject + - "\n" + _("Issued By") + "\n" + issuer + "\n" + _("SHA1 Fingerprint: ") + - "\n" + INDENT + certificate.fingerprint(Fingerprint::SHA1).value + "\n" + - _("SHA256 Fingerprint: ") + "\n" - - sha256 = certificate.fingerprint(Fingerprint::SHA256).value - summary += INDENT + sha256 - end - - private - - attr_reader :certificate - - def identity_details(cname, org, orgu) - # label followed by the SSL certificate identification - _("Common Name (CN): ") + (cname || "") + "\n" + - # label followed by the SSL certificate identification - _("Organization (O): ") + (org || "") + "\n" + - # label followed by the SSL certificate identification - _("Organization Unit (OU): ") + (orgu || "") + "\n" - end - end - end -end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/agama/ssl/errors.rb new/lib/agama/ssl/errors.rb --- old/lib/agama/ssl/errors.rb 1980-01-02 01:00:00.000000000 +0100 +++ new/lib/agama/ssl/errors.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,56 +0,0 @@ -# frozen_string_literal: true - -require "yast" - -module Agama - module SSL - # remember the details about SSL verification failure - # the attributes are read from the SSL error context - Errors = Struct.new(:ssl_error_code, :ssl_error_msg, :ssl_failed_cert) do - include Singleton - - def reset - self.ssl_error_code = nil - self.ssl_error_msg = nil - self.ssl_failed_cert = nil - end - end - - # handles SSL error codes - module ErrorCodes - extend Yast::I18n - textdomain "registration" - - # "certificate has expired" - EXPIRED = 10 - # "self signed certificate" - SELF_SIGNED_CERT = 18 - # "self signed certificate in certificate chain" - SELF_SIGNED_CERT_IN_CHAIN = 19 - # "unable to get local issuer certificate" - NO_LOCAL_ISSUER_CERTIFICATE = 20 - - # openSSL error codes for which the import SSL certificate dialog is shown, - # for the other error codes just the error message is displayed - # (importing the certificate would not help) - IMPORT_ERROR_CODES = [ - SELF_SIGNED_CERT, - SELF_SIGNED_CERT_IN_CHAIN - ].freeze - - # error code => translatable error message - # @note the text messages need to be translated at runtime via _() call - # @note we do not translate every possible OpenSSL error message, just the most common ones - OPENSSL_ERROR_MESSAGES = { - # TRANSLATORS: SSL error message - EXPIRED => N_("Certificate has expired"), - # TRANSLATORS: SSL error message - SELF_SIGNED_CERT => N_("Self signed certificate"), - # TRANSLATORS: SSL error message - SELF_SIGNED_CERT_IN_CHAIN => N_("Self signed certificate in certificate chain"), - # TRANSLATORS: SSL error message - NO_LOCAL_ISSUER_CERTIFICATE => N_("Unable to get local issuer certificate") - }.freeze - end - end -end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/agama/ssl/fingerprint.rb new/lib/agama/ssl/fingerprint.rb --- old/lib/agama/ssl/fingerprint.rb 1980-01-02 01:00:00.000000000 +0100 +++ new/lib/agama/ssl/fingerprint.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,26 +0,0 @@ -# frozen_string_literal: true - -module Agama - module SSL - # Represents SSL fingerprint - class Fingerprint - attr_reader :sum, :value - - SHA1 = "SHA1" - SHA256 = "SHA256" - - def initialize(sum, value) - @sum = sum - @value = value - end - - def ==(other) - return false if other.nil? - - # case insensitive compare of the fingerprint value - # (ignore optional colon separators) - sum.casecmp(other.sum) == 0 && value.tr(":", "").casecmp(other.value.tr(":", "")) == 0 - end - end - end -end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/agama/ssl/storage.rb new/lib/agama/ssl/storage.rb --- old/lib/agama/ssl/storage.rb 1980-01-02 01:00:00.000000000 +0100 +++ new/lib/agama/ssl/storage.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,19 +0,0 @@ -# frozen_string_literal: true - -require "singleton" - -module Agama - module SSL - # Holds SSL related configuration - class Storage - include Singleton - - # @return [Array<Agama::SSL::fingerprint>] - attr_reader :fingerprints - - def initialize - @fingerprints = [] - end - end - end -end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/agama/storage/config_conversions/from_json_conversions/encryption.rb new/lib/agama/storage/config_conversions/from_json_conversions/encryption.rb --- old/lib/agama/storage/config_conversions/from_json_conversions/encryption.rb 1980-01-02 01:00:00.000000000 +0100 +++ new/lib/agama/storage/config_conversions/from_json_conversions/encryption.rb 1980-01-02 01:00:00.000000000 +0100 @@ -1,6 +1,6 @@ # frozen_string_literal: true -# Copyright (c) [2024] SUSE LLC +# Copyright (c) [2024-2026] SUSE LLC # # All Rights Reserved. # @@ -110,8 +110,10 @@ pervasive_json = encryption_json[:pervasiveLuks2] { - method: Y2Storage::EncryptionMethod::PERVASIVE_LUKS2, - password: convert_password(pervasive_json) + method: Y2Storage::EncryptionMethod::PERVASIVE_LUKS2, + password: convert_password(pervasive_json), + apqns: pervasive_json[:apqns] || [], + pervasive_key_type: pervasive_json[:keyType] } end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/agama/storage/config_conversions/to_json_conversions/encryption_properties.rb new/lib/agama/storage/config_conversions/to_json_conversions/encryption_properties.rb --- old/lib/agama/storage/config_conversions/to_json_conversions/encryption_properties.rb 1980-01-02 01:00:00.000000000 +0100 +++ new/lib/agama/storage/config_conversions/to_json_conversions/encryption_properties.rb 1980-01-02 01:00:00.000000000 +0100 @@ -1,6 +1,6 @@ # frozen_string_literal: true -# Copyright (c) [2024] SUSE LLC +# Copyright (c) [2024-2026] SUSE LLC # # All Rights Reserved. # @@ -75,7 +75,9 @@ # @return [Hash] def pervasive_luks2_properties_conversions { - password: config.password + password: config.password, + apqns: config.apqns, + keyType: config.pervasive_key_type } end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/agama/storage/configs/encryption.rb new/lib/agama/storage/configs/encryption.rb --- old/lib/agama/storage/configs/encryption.rb 1980-01-02 01:00:00.000000000 +0100 +++ new/lib/agama/storage/configs/encryption.rb 1980-01-02 01:00:00.000000000 +0100 @@ -1,6 +1,6 @@ # frozen_string_literal: true -# Copyright (c) [2024-2025] SUSE LLC +# Copyright (c) [2024-2026] SUSE LLC # # All Rights Reserved. # @@ -30,7 +30,8 @@ include Yast2::Equatable include Y2Storage::SecretAttributes - eql_attr :eql_method, :password, :eql_pbkd_function, :label, :cipher, :key_size + eql_attr :eql_method, :password, :eql_pbkd_function, :label, :cipher, :key_size, :apqns, + :pervasive_key_type # @return [Y2Storage::EncryptionMethod::Base, nil] attr_accessor :method @@ -61,6 +62,21 @@ # value is used, it has to be a multiple of 8 attr_accessor :key_size + # List of APQNs used for generating secure keys (only for pervasive encryption). + # + # @return [Array<String>] + attr_accessor :apqns + + # Type of the generated secure key (only for pervasive encryption). + # + # @return [String, nil] Accepted key types: "EP11-AES", "CCA-AESCIPHER", "CCA-AESCIPHER". If + # nil, a default one is used according to the APQNs. + attr_accessor :pervasive_key_type + + def initialize + @apqns = [] + end + # Whether the password is missing. # # @return [Boolean] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/y2storage/proposal/agama_device_planner.rb new/lib/y2storage/proposal/agama_device_planner.rb --- old/lib/y2storage/proposal/agama_device_planner.rb 1980-01-02 01:00:00.000000000 +0100 +++ new/lib/y2storage/proposal/agama_device_planner.rb 1980-01-02 01:00:00.000000000 +0100 @@ -1,6 +1,6 @@ # frozen_string_literal: true -# Copyright (c) [2024-2025] SUSE LLC +# Copyright (c) [2024-2026] SUSE LLC # # All Rights Reserved. # @@ -142,6 +142,21 @@ planned.encryption_label = config.label planned.encryption_cipher = config.cipher planned.encryption_key_size = config.key_size + configure_pervasive_encryption(planned, config) + end + + # @param planned [Planned::Disk, Planned::Partition, Planned::LvmLv] + # @param config [Agama::Storage::Configs::Encryption] + def configure_pervasive_encryption(planned, config) + planned.encryption_pervasive_key_type = config.pervasive_key_type + + # TODO: report APQN issues (e.g., not found, incompatible types, different master key, + # offline). + + apqns = config.apqns || [] + planned.encryption_pervasive_apqns = Y2Storage::EncryptionProcesses::Apqn + .all + .select { |a| apqns.include?(a.name) } end # @param planned [Planned::Partition, Planned::LvmLv] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 1980-01-02 01:00:00.000000000 +0100 +++ new/metadata 1980-01-02 01:00:00.000000000 +0100 @@ -1,7 +1,7 @@ --- !ruby/object:Gem::Specification name: agama-yast version: !ruby/object:Gem::Version - version: 19.devel319.fca55b0ac + version: 20.devel269.73cf33d8f platform: ruby authors: - YaST Team @@ -317,7 +317,6 @@ - lib/agama/dbus/bus.rb - lib/agama/dbus/server_manager.rb - lib/agama/dbus/service_runner.rb -- lib/agama/dbus/service_status.rb - lib/agama/dbus/storage.rb - lib/agama/dbus/storage/dasd.rb - lib/agama/dbus/storage/iscsi.rb @@ -325,7 +324,6 @@ - lib/agama/dbus/storage/zfcp.rb - lib/agama/dbus/storage_service.rb - lib/agama/dbus/with_issues.rb -- lib/agama/dbus/with_path_generator.rb - lib/agama/dbus/with_progress.rb - lib/agama/helpers.rb - lib/agama/http.rb @@ -333,18 +331,12 @@ - lib/agama/http/clients/base.rb - lib/agama/http/clients/main.rb - lib/agama/http/clients/questions.rb -- lib/agama/ipmi.rb - lib/agama/issue.rb - lib/agama/json_importer.rb - lib/agama/product_reader.rb - lib/agama/progress.rb - lib/agama/question.rb - lib/agama/question_with_password.rb -- lib/agama/ssl/certificate.rb -- lib/agama/ssl/certificate_details.rb -- lib/agama/ssl/errors.rb -- lib/agama/ssl/fingerprint.rb -- lib/agama/ssl/storage.rb - lib/agama/storage.rb - lib/agama/storage/action.rb - lib/agama/storage/actions_generator.rb ++++++ po.tar.bz2 ++++++ ++++ 8065 lines of diff (skipped)
