Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package keylime for openSUSE:Factory checked in at 2022-01-11 00:01:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/keylime (Old) and /work/SRC/openSUSE:Factory/.keylime.new.1892 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "keylime" Tue Jan 11 00:01:57 2022 rev:9 rq:945320 version:6.2.1 Changes: -------- --- /work/SRC/openSUSE:Factory/keylime/keylime.changes 2021-12-21 18:40:19.125856991 +0100 +++ /work/SRC/openSUSE:Factory/.keylime.new.1892/keylime.changes 2022-01-11 00:02:32.397274330 +0100 @@ -1,0 +2,51 @@ +Mon Jan 10 12:05:37 UTC 2022 - apla...@suse.com + +- Update to version v6.2.1: + * Another addition to gitignore + * Update .gitignore with more Keylime-specific files + * json: add support for sqlalchemy.engine.row.Row in newer sqlalchemy + * ima_ast: check if the PCR is the same as in the config + * Fix permissions issue on volume mount in run_local.sh + * Make run_local.sh use a local copy of the repo + * Small updates to GOVERNANCE.md + * Move cargo-tarpaulin install to separate command + * config: drop registrar_* TLS options in [registrar] section + * Fix missing && in Dockerfile + * Remove simplejson from scripts and docs + * Replace simplejson with built-in json module + * Add rust-keylime container dependencies + * config: fix getboolean with fallback + * Clean up CI scripts and rewrite run_local.sh + * ima: for ToMToU errors skip template content validation + * ima: Use a set of entry numbers and file offsets to remember multiple positions + * Rename CONTRIBUTORS.md to CONTRIBUTING.md + * Update GOVERNANCE.md to match MAINTAINERS.md rename + * Update MAINTAINERS + * Update README: remove Gitter, Travis CI + * ca: Use UTC when setting certificate validity + * Tenant commands return json + * scripts: Allow passing a base policy to create_policy tool + * ima: Handle the case of ima-sig with a path with spaces in them + * add length to string object + * scripts: Implement create_policy to create the JSON allowlist from files + * ima: Also add a sha256 default boot_aggregate hash with 64 '0's + * ima: Use seek() to get to the last known last entry + * ima: Extend allowlist to be able to handle generic ima-buf entries + * ima: Extend JSON allowlist with 'ima' entry and 'ignored_keyrings' + * ima: Populate verifier keyrings with keys taken from ima-buf log line + * ima: Remove methods from ImaKeyring that are now in ImaKeyrings + * ima: Start passing ima_keyrings through APIs replacing ima_keyring + * Extend AgentAttestState with ima_keyrings field and use it + * ima: Implement ImaKeyrings class to support multiple keyrings + * verifier: Extend verifier DB to persist learned keyrings + * Fix a couple of pylint errors + * ima: Fix spurious attestation failures + * ima: make ToMToU errors not a failure by default + * Simple fix for tenant error message printout. + * pylint: Fix errors related to R1714 + * pylint: Suppress C0201, C0209 and W0602 newly reported errors + * installer: do not install tpm2-abrmd + * tpm: by default use /dev/tpmrm0 instead of tpm2-abrmd + * verifier: add option to send revocation messages via webhook + +------------------------------------------------------------------- Old: ---- keylime-6.2.0.tar.gz New: ---- keylime-v6.2.1.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ keylime.spec ++++++ --- /var/tmp/diff_new_pack.w0WyVn/_old 2022-01-11 00:02:32.961274825 +0100 +++ /var/tmp/diff_new_pack.w0WyVn/_new 2022-01-11 00:02:32.961274825 +0100 @@ -1,7 +1,7 @@ # # spec file for package keylime # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,12 +25,12 @@ %bcond_with cfssl %endif Name: keylime -Version: 6.2.0 +Version: 6.2.1 Release: 0 Summary: Open source TPM software for Bootstrapping and Maintaining Trust License: Apache-2.0 AND MIT URL: https://github.com/keylime/keylime -Source0: %{name}-%{version}.tar.gz +Source0: %{name}-v%{version}.tar.xz Source1: keylime.xml # PATCH-FIX-OPENSUSE version.diff Patch1: version.diff @@ -123,7 +123,7 @@ Subpackage of %{name} for verifier service. %prep -%autosetup -p1 +%autosetup -p1 -n %{name}-v%{version} %if %{with cfssl} sed -i "s/ca_implementation = cfssl/ca_implementation = openssl/g" keylime.conf %endif ++++++ _service ++++++ --- /var/tmp/diff_new_pack.w0WyVn/_old 2022-01-11 00:02:33.001274860 +0100 +++ /var/tmp/diff_new_pack.w0WyVn/_new 2022-01-11 00:02:33.001274860 +0100 @@ -1,7 +1,7 @@ <services> <service name="tar_scm" mode="disabled"> <param name="versionformat">@PARENT_TAG@</param> - <param name="revision">refs/tags/v6.2.0</param> + <param name="revision">refs/tags/v6.2.1</param> <param name="url">https://github.com/keylime/keylime.git</param> <param name="scm">git</param> <param name="changesgenerate">enable</param> @@ -12,5 +12,4 @@ </service> <service name="set_version" mode="disabled"/> </services> -(No newline at EOF) ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.w0WyVn/_old 2022-01-11 00:02:33.021274877 +0100 +++ /var/tmp/diff_new_pack.w0WyVn/_new 2022-01-11 00:02:33.025274881 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/keylime/keylime.git</param> - <param name="changesrevision">d9ddb2dac6312983ca172df390fcce45da6d00da</param></service></servicedata> + <param name="changesrevision">53b47c5cfa29023138abe24e5464a3a7e24089d6</param></service></servicedata> (No newline at EOF) ++++++ keylime.conf.diff ++++++ --- /var/tmp/diff_new_pack.w0WyVn/_old 2022-01-11 00:02:33.041274895 +0100 +++ /var/tmp/diff_new_pack.w0WyVn/_new 2022-01-11 00:02:33.045274898 +0100 @@ -1,7 +1,7 @@ -Index: keylime-6.2.0/keylime.conf +Index: keylime-v6.2.1/keylime.conf =================================================================== ---- keylime-6.2.0.orig/keylime.conf -+++ keylime-6.2.0/keylime.conf +--- keylime-v6.2.1.orig/keylime.conf ++++ keylime-v6.2.1/keylime.conf @@ -12,11 +12,13 @@ tls_check_hostnames = False # Valid values are "cfssl" or "openssl". For cfssl to work, you must have the # go binary installed in your path or in /usr/local/. @@ -77,8 +77,8 @@ +revocation_notifier_ip = 0.0.0.0 revocation_notifier_port = 8992 - # The verifier limits the size of upload payloads (allowlists) which defaults to -@@ -354,10 +362,12 @@ max_payload_size = 1048576 + # Enable revocation notifications via webhook. This can be used to notify other +@@ -377,10 +385,12 @@ max_payload_size = 1048576 # and SHA-512). # Note that you can't set a policy on PCR10 and PCR16 because Keylime uses # them internally. @@ -93,7 +93,7 @@ # Specify the file containing allowlists for processing Linux IMA measurements # this file is used if tenant provides "default" as the allowlist file -@@ -409,7 +419,8 @@ max_retries = 10 +@@ -432,7 +442,8 @@ max_retries = 10 # might provide a signed list of EK public key hashes. Then you could write # an ek_check_script that checks the signature of the allowlist and then # compares the hash of the given EK with the allowlist. @@ -103,7 +103,7 @@ # Optional script to execute to check the EK and/or EK certificate against a # allowlist or any other additional EK processing you want to do. Runs in -@@ -435,7 +446,8 @@ ek_check_script= +@@ -458,7 +469,8 @@ ek_check_script= # The registrar's IP address and port used to communicate with other services # as well as the bind address for the registrar server. ++++++ version.diff ++++++ --- /var/tmp/diff_new_pack.w0WyVn/_old 2022-01-11 00:02:33.065274916 +0100 +++ /var/tmp/diff_new_pack.w0WyVn/_new 2022-01-11 00:02:33.069274920 +0100 @@ -1,12 +1,12 @@ -Index: keylime-6.1.1/setup.py +Index: keylime-v6.2.1/setup.py =================================================================== ---- keylime-6.1.1.orig/setup.py -+++ keylime-6.1.1/setup.py +--- keylime-v6.2.1.orig/setup.py ++++ keylime-v6.2.1/setup.py @@ -13,6 +13,7 @@ setuptools.setup( description=( 'TPM-based key bootstrapping and system ' 'integrity measurement system for cloud'), -+ version='6.1.0', ++ version='6.2.1', long_description=long_description, long_description_content_type='text/markdown', author='Keylime Community',
