Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package keylime for openSUSE:Factory checked
in at 2021-07-29 21:31:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/keylime (Old)
and /work/SRC/openSUSE:Factory/.keylime.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "keylime"
Thu Jul 29 21:31:05 2021 rev:4 rq:908385 version:6.1.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/keylime/keylime.changes 2021-07-22
22:43:06.943218942 +0200
+++ /work/SRC/openSUSE:Factory/.keylime.new.1899/keylime.changes
2021-07-29 21:31:35.952798018 +0200
@@ -1,0 +2,21 @@
+Mon Jul 26 09:31:01 UTC 2021 - Alberto Planas Dominguez <apla...@suse.com>
+
+- Update to Keylime 6.1.1
+ + keylime_tenant add crash with TypeError: Object of type 'bytes' is
+ not JSON serializable
+ + Whenever Keylime agent starts and cannot contact the registrar, it
+ fails and quits without flushing create EK handles
+ + keylime_tenant -c reglist now requires a "-t" parameter for no
+ reason
+ + Duplicated API calls to verifier in webapp backend
+ + Installer deletes tpm_cert_store files
+ + agent_uuid set to dmidecode crashes Keylime
+ + Copying of tpm_cert_store fails during installation
+ + If the PCR belong to a measured boot list, it is not validated
+ + keylime_tenant --c update fails with a race condition
+- Drop patches already present in the new version
+ + webapp-fix-tls-certs-paths.patch
+ + check_pcrs-match-PCR-if-no-mb_refstate-is-provided.patch
+ + tenant-do_cvdelete-wait-until-404.patch
+
+-------------------------------------------------------------------
Old:
----
check_pcrs-match-PCR-if-no-mb_refstate-is-provided.patch
keylime-6.1.0.tar.xz
tenant-do_cvdelete-wait-until-404.patch
webapp-fix-tls-certs-paths.patch
New:
----
keylime-6.1.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ keylime.spec ++++++
--- /var/tmp/diff_new_pack.CMteEL/_old 2021-07-29 21:31:36.564797264 +0200
+++ /var/tmp/diff_new_pack.CMteEL/_new 2021-07-29 21:31:36.568797259 +0200
@@ -20,12 +20,12 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%define skip_python2 1
Name: keylime
-Version: 6.1.0
+Version: 6.1.1
Release: 0
Summary: Open source TPM software for Bootstrapping and Maintaining
Trust
License: Apache-2.0 AND MIT
URL: https://github.com/keylime/keylime
-Source0: %{name}-%{version}.tar.xz
+Source0: %{name}-%{version}.tar.gz
Source1: keylime.xml
# PATCH-FIX-OPENSUSE version.diff
Patch1: version.diff
@@ -33,12 +33,6 @@
Patch2: keylime.conf.diff
# PATCH-FIX-OPENSUSE config-libefivars.diff
Patch3: config-libefivars.diff
-# PATCH-FIX-UPSTREAM webapp-fix-tls-certs-paths.patch gh#keylime/keylime!659
-Patch4: webapp-fix-tls-certs-paths.patch
-# PATCH-FIX-UPSTREAM check_pcrs-match-PCR-if-no-mb_refstate-is-provided.patch
gh#keylime/keylime!695
-Patch5: check_pcrs-match-PCR-if-no-mb_refstate-is-provided.patch
-# PATCH-FIX-UPSTREAM tenant-do_cvdelete-wait-until-404.patch
gh#keylime/keylime!711
-Patch6: tenant-do_cvdelete-wait-until-404.patch
BuildRequires: %{python_module setuptools}
BuildRequires: fdupes
BuildRequires: firewall-macros
++++++ keylime.conf.diff ++++++
--- /var/tmp/diff_new_pack.CMteEL/_old 2021-07-29 21:31:36.624797190 +0200
+++ /var/tmp/diff_new_pack.CMteEL/_new 2021-07-29 21:31:36.628797185 +0200
@@ -1,7 +1,7 @@
-Index: keylime-6.1.0/keylime.conf
+Index: keylime-6.1.1/keylime.conf
===================================================================
---- keylime-6.1.0.orig/keylime.conf
-+++ keylime-6.1.0/keylime.conf
+--- keylime-6.1.1.orig/keylime.conf
++++ keylime-6.1.1/keylime.conf
@@ -12,11 +12,13 @@ tls_check_hostnames = False
# Valid values are "cfssl" or "openssl". For cfssl to work, you must have the
# go binary installed in your path or in /usr/local/.
@@ -18,7 +18,7 @@
receive_revocation_port = 8992
#=============================================================================
-@@ -24,11 +26,13 @@ receive_revocation_port = 8992
+@@ -24,7 +26,8 @@ receive_revocation_port = 8992
#=============================================================================
# The binding address and port for the agent server
@@ -27,6 +27,10 @@
+cloudagent_ip = 0.0.0.0
cloudagent_port = 9002
+ # Address and port where the verifier and tenant can connect to reach the
agent.
+@@ -33,7 +36,8 @@ agent_contact_ip = 127.0.0.1
+ agent_contact_port = 9002
+
# The address and port of registrar server which agent communicate with
-registrar_ip = 127.0.0.1
+# registrar_ip = 127.0.0.1
@@ -34,7 +38,7 @@
registrar_port = 8890
# The name of the RSA key that Keylime should use for protecting shares of
U/V.
-@@ -68,7 +72,8 @@ extract_payload_zip = True
+@@ -73,7 +77,8 @@ extract_payload_zip = True
# 'dmidecode -s system-uuid'.
# If you set this to "hostname", Keylime will use the full qualified domain
# name of current host as the agent id.
@@ -44,8 +48,8 @@
# Whether to listen for revocation notifications from the verifier or not.
listen_notfications = True
-@@ -129,7 +134,8 @@ ek_handle = generate
- #=============================================================================
+@@ -137,7 +142,8 @@ ek_handle = generate
+ cloudverifier_id = default
# The IP address and port of verifier server binds to
-cloudverifier_ip = 127.0.0.1
@@ -54,7 +58,7 @@
cloudverifier_port = 8881
# The address and port of registrar server that verifier communicates with
-@@ -241,7 +247,8 @@ revocation_notifier = True
+@@ -250,7 +256,8 @@ revocation_notifier = True
# The revocation notifier IP address and port used to start the revocation
service.
# If the 'revocation_notifier' option is set to "true", then the verifier
# automatically starts the revocation service.
@@ -64,7 +68,7 @@
revocation_notifier_port = 8992
# The verifier limits the size of upload payloads (allowlists) which defaults
to
-@@ -380,7 +387,8 @@ max_retries = 10
+@@ -389,7 +396,8 @@ max_retries = 10
# might provide a signed list of EK public key hashes. Then you could write
# an ek_check_script that checks the signature of the allowlist and then
# compares the hash of the given EK with the allowlist.
@@ -74,7 +78,7 @@
# Optional script to execute to check the EK and/or EK certificate against a
# allowlist or any other additional EK processing you want to do. Runs in
-@@ -406,7 +414,8 @@ ek_check_script=
+@@ -415,7 +423,8 @@ ek_check_script=
# The registrar's IP address and port used to communicate with other services
# as well as the bind address for the registrar server.
++++++ version.diff ++++++
--- /var/tmp/diff_new_pack.CMteEL/_old 2021-07-29 21:31:36.644797166 +0200
+++ /var/tmp/diff_new_pack.CMteEL/_new 2021-07-29 21:31:36.644797166 +0200
@@ -1,8 +1,8 @@
-Index: keylime-6.1.0/setup.py
+Index: keylime-6.1.1/setup.py
===================================================================
---- keylime-6.1.0.orig/setup.py
-+++ keylime-6.1.0/setup.py
-@@ -32,6 +32,7 @@ setuptools.setup(
+--- keylime-6.1.1.orig/setup.py
++++ keylime-6.1.1/setup.py
+@@ -13,6 +13,7 @@ setuptools.setup(
description=(
'TPM-based key bootstrapping and system '
'integrity measurement system for cloud'),
