Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package keylime for openSUSE:Factory checked
in at 2022-02-26 17:02:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/keylime (Old)
and /work/SRC/openSUSE:Factory/.keylime.new.1958 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "keylime"
Sat Feb 26 17:02:01 2022 rev:15 rq:957406 version:6.3.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/keylime/keylime.changes 2022-02-09
20:39:12.126376267 +0100
+++ /work/SRC/openSUSE:Factory/.keylime.new.1958/keylime.changes
2022-02-26 17:02:31.279540081 +0100
@@ -1,0 +2,62 @@
+Thu Feb 24 14:49:33 UTC 2022 - apla...@suse.com
+
+- Drop patches beacuse merged upstream:
+ * version.diff
+ * cloud_verifier_tornado-use-fork_processes.patch
+- Drop binaries not used anymore:
+ * keylime_provider_platform_init
+ * keylime_provider_registrar
+ * keylime_provider_vtpm_add
+- Update to version v6.3.1:
+ * revocation_notifier: mark webhook threads as daemon and add timeout
+ * Fix Packit CI test plan Summary
+ * Enable Packit CI testing on CentOS Stream 8
+ * Enable Packit CI testing on Fedora Rawhide
+ * Remove last trace of TPM 1.2 (hopefully)
+ * verifier: remove start_tornado() function
+ * verifier: wait for connections to be closed before stopping ioloop
+ * revocation_notifier: kill ZeroMQ broker if it blocks more than 5s
+ * Add more e2e tests to Packit CI
+ * Enable EPEL repo on CentOS Stream in packit.yaml
+ * agent, crypto: add localhost, server and contact ip to agent certificate
+ * Add better default repo path for run_local.sh
+ * Fix incorrect variable name in test_restful
+ * Run existing agent tests against the rust-keylime agent
+ * Fix small wording mistakes caught while reading the code
+ * agent: move key and certificate logging levels from debug to info
+ * agent: allow absolute paths for rsa_keyname and mtls_cert
+ * Add missing backend parameter
+ * cloud_verifier_tornado: use fork_processes
+ * ci: automatically push release to PyPI
+ * setup.{py,cfg}: Move setup configuration to setup.cfg
+ * Add iproute tool to Dockerfile
+ * Pylint does not like single-line functions.
+ * A small beauty fix
+ * This is a small fix to proactively fix Issue #840 by identifying
non-escaped double quotes in the tpm2-tools output
+ * setup.py: add version number and new Python versions, drop unsed binaries
+ * setup.py, config: install default configuration into package path
+ * ci: move old keylime.conf to keylime.conf.orig before running tests
+ * retry: fix pylint issue
+ * Adding Infineon Optiga 034 RSA and ECC certificates for Infineon SLB9675
devices.
+ * Ensure columns "mb_refstate" and "allowlist" are of type LONGTEXT in table
"verifiermain"
+ * tenant: add exponential backoff option to retry timings
+ * cloud verifier: add exponential backoff option to retry timings
+ * tpm: add exponential backoff option to retry timings
+ * test, retry: add unit test for retry algorithm
+ * common: add algorithm for retry time calculation
+ * registrar, tpm_main: ensure that correct types are commited to DB.
+ * Fix typo for config param listen_notifications
+ * Lint is _really_ unhappy today.
+ * Linty fixes
+ * Adding a unit test file for tpm_main
+ * tpm_main: check if PCRs for the hash algorithm are available
+ * tpm_main: handle if tpm2_checkquote returns no PCRs for a hash algorithm
+ * agent: output supported_version as result not as a status
+ * Add missing subcommands to -c help message
+ * tests: fix mtls_cert generation in test_restful.py
+ * revocation_notifier: fix socket path permission check
+ * Remove unused database_query config param
+ * Move umask calls only on entry points
+ * config: move directory utilities to fs_util
+
+-------------------------------------------------------------------
Old:
----
cloud_verifier_tornado-use-fork_processes.patch
keylime-v6.3.0.tar.xz
version.diff
New:
----
keylime-v6.3.1.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ keylime.spec ++++++
--- /var/tmp/diff_new_pack.n6NLGZ/_old 2022-02-26 17:02:32.063540205 +0100
+++ /var/tmp/diff_new_pack.n6NLGZ/_new 2022-02-26 17:02:32.067540206 +0100
@@ -25,21 +25,17 @@
%bcond_with cfssl
%endif
Name: keylime
-Version: 6.3.0
+Version: 6.3.1
Release: 0
Summary: Open source TPM software for Bootstrapping and Maintaining
Trust
License: Apache-2.0 AND MIT
URL: https://github.com/keylime/keylime
Source0: %{name}-v%{version}.tar.xz
Source1: keylime.xml
-# PATCH-FIX-OPENSUSE version.diff
-Patch1: version.diff
# PATCH-FIX-OPENSUSE keylime.conf.diff
-Patch2: keylime.conf.diff
+Patch1: keylime.conf.diff
# PATCH-FIX-OPENSUSE config-libefivars.diff
-Patch3: config-libefivars.diff
-# PATCH-FIX-UPSTREAM cloud_verifier_tornado-use-fork_processes.patch
(gh#keylime/keylime!880)
-Patch4: cloud_verifier_tornado-use-fork_processes.patch
+Patch2: config-libefivars.diff
BuildRequires: %{python_module setuptools}
BuildRequires: fdupes
BuildRequires: firewall-macros
@@ -145,9 +141,6 @@
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_tenant
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_ca
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_migrations_apply
-%python_clone -a %{buildroot}%{_bindir}/%{srcname}_provider_platform_init
-%python_clone -a %{buildroot}%{_bindir}/%{srcname}_provider_registrar
-%python_clone -a %{buildroot}%{_bindir}/%{srcname}_provider_vtpm_add
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_userdata_encrypt
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_ima_emulator
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_webapp
@@ -155,8 +148,6 @@
%python_expand %fdupes %{buildroot}%{$python_sitelib}
%if 0%{?suse_version} >= 1550
-# setup.py copy keylime.conf in /etc, but we expect it in /usr/etc
-rm %{buildroot}%{_sysconfdir}/%{srcname}.conf
install -Dpm 600 %{srcname}.conf
%{buildroot}%{_prefix}%{_sysconfdir}/%{srcname}.conf
%else
install -Dpm 600 %{srcname}.conf %{buildroot}%{_sysconfdir}/%{srcname}.conf
@@ -181,9 +172,6 @@
%python_install_alternative %{srcname}_tenant
%python_install_alternative %{srcname}_ca
%python_install_alternative %{srcname}_migrations_apply
-%python_install_alternative %{srcname}_provider_platform_init
-%python_install_alternative %{srcname}_provider_registrar
-%python_install_alternative %{srcname}_provider_vtpm_add
%python_install_alternative %{srcname}_userdata_encrypt
%python_install_alternative %{srcname}_ima_emulator
%python_install_alternative %{srcname}_webapp
@@ -195,9 +183,6 @@
%python_uninstall_alternative %{srcname}_tenant
%python_uninstall_alternative %{srcname}_ca
%python_uninstall_alternative %{srcname}_migrations_apply
-%python_uninstall_alternative %{srcname}_provider_platform_init
-%python_uninstall_alternative %{srcname}_provider_registrar
-%python_uninstall_alternative %{srcname}_provider_vtpm_add
%python_uninstall_alternative %{srcname}_userdata_encrypt
%python_uninstall_alternative %{srcname}_ima_emulator
%python_uninstall_alternative %{srcname}_webapp
@@ -250,9 +235,6 @@
%python_alternative %{_bindir}/%{srcname}_tenant
%python_alternative %{_bindir}/%{srcname}_ca
%python_alternative %{_bindir}/%{srcname}_migrations_apply
-%python_alternative %{_bindir}/%{srcname}_provider_platform_init
-%python_alternative %{_bindir}/%{srcname}_provider_registrar
-%python_alternative %{_bindir}/%{srcname}_provider_vtpm_add
%python_alternative %{_bindir}/%{srcname}_userdata_encrypt
%python_alternative %{_bindir}/%{srcname}_ima_emulator
%python_alternative %{_bindir}/%{srcname}_webapp
++++++ _service ++++++
--- /var/tmp/diff_new_pack.n6NLGZ/_old 2022-02-26 17:02:32.095540210 +0100
+++ /var/tmp/diff_new_pack.n6NLGZ/_new 2022-02-26 17:02:32.099540211 +0100
@@ -1,7 +1,7 @@
<services>
<service name="tar_scm" mode="disabled">
<param name="versionformat">@PARENT_TAG@</param>
- <param name="revision">refs/tags/v6.3.0</param>
+ <param name="revision">refs/tags/v6.3.1</param>
<param name="url">https://github.com/keylime/keylime.git</param>
<param name="scm">git</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.n6NLGZ/_old 2022-02-26 17:02:32.115540213 +0100
+++ /var/tmp/diff_new_pack.n6NLGZ/_new 2022-02-26 17:02:32.119540214 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/keylime/keylime.git</param>
- <param
name="changesrevision">d37c406e69cb6689baa2fb7964bad75209703724</param></service></servicedata>
+ <param
name="changesrevision">2cd35f3d03732407cffbbbfada1f6c8c3a1b59af</param></service></servicedata>
(No newline at EOF)
++++++ config-libefivars.diff ++++++
--- /var/tmp/diff_new_pack.n6NLGZ/_old 2022-02-26 17:02:32.127540215 +0100
+++ /var/tmp/diff_new_pack.n6NLGZ/_new 2022-02-26 17:02:32.131540216 +0100
@@ -1,8 +1,8 @@
-Index: keylime-v6.3.0/keylime/config.py
+Index: keylime-v6.3.1/keylime/config.py
===================================================================
---- keylime-v6.3.0.orig/keylime/config.py
-+++ keylime-v6.3.0/keylime/config.py
-@@ -194,7 +194,7 @@ MEASUREDBOOT_ML = '/sys/kernel/security/
+--- keylime-v6.3.1.orig/keylime/config.py
++++ keylime-v6.3.1/keylime/config.py
+@@ -191,7 +191,7 @@ MEASUREDBOOT_ML = '/sys/kernel/security/
MEASUREDBOOT_IMPORTS = get_config().get('cloud_verifier',
'measured_boot_imports', fallback='').split(',')
MEASUREDBOOT_POLICYNAME = get_config().get('cloud_verifier',
'measured_boot_policy_name', fallback='accept-all')
++++++ keylime-v6.3.0.tar.xz -> keylime-v6.3.1.tar.xz ++++++
/work/SRC/openSUSE:Factory/keylime/keylime-v6.3.0.tar.xz
/work/SRC/openSUSE:Factory/.keylime.new.1958/keylime-v6.3.1.tar.xz differ: char
15, line 1
++++++ keylime.conf.diff ++++++
--- /var/tmp/diff_new_pack.n6NLGZ/_old 2022-02-26 17:02:32.163540221 +0100
+++ /var/tmp/diff_new_pack.n6NLGZ/_new 2022-02-26 17:02:32.167540222 +0100
@@ -1,7 +1,7 @@
-Index: keylime-v6.3.0/keylime.conf
+Index: keylime-v6.3.1/keylime.conf
===================================================================
---- keylime-v6.3.0.orig/keylime.conf
-+++ keylime-v6.3.0/keylime.conf
+--- keylime-v6.3.1.orig/keylime.conf
++++ keylime-v6.3.1/keylime.conf
@@ -12,11 +12,13 @@ tls_check_hostnames = False
# Valid values are "cfssl" or "openssl". For cfssl to work, you must have the
# go binary installed in your path or in /usr/local/.
@@ -38,7 +38,7 @@
registrar_port = 8890
# The name of the RSA key that Keylime should use for protecting shares of
U/V.
-@@ -81,7 +85,8 @@ extract_payload_zip = True
+@@ -84,7 +88,8 @@ extract_payload_zip = True
# 'dmidecode -s system-uuid'.
# If you set this to "hostname", Keylime will use the full qualified domain
# name of current host as the agent id.
@@ -47,8 +47,8 @@
+agent_uuid = hostname
# Whether to listen for revocation notifications from the verifier or not.
- listen_notfications = True
-@@ -129,7 +134,8 @@ max_retries = 10
+ listen_notifications = True
+@@ -136,7 +141,8 @@ max_retries = 4
# - hashing: sha512, sha384, sha256 or sha1
# - encryption: ecc or rsa
# - signing: rsassa, rsapss, ecdsa, ecdaa or ecschnorr
@@ -58,7 +58,7 @@
tpm_encryption_alg = rsa
tpm_signing_alg = rsassa
-@@ -147,7 +153,8 @@ ek_handle = generate
+@@ -154,7 +160,8 @@ ek_handle = generate
cloudverifier_id = default
# The IP address and port of verifier server binds to
@@ -68,7 +68,7 @@
cloudverifier_port = 8881
# The address and port of registrar server that verifier communicates with
-@@ -266,7 +273,8 @@ revocation_notifier = True
+@@ -276,7 +283,8 @@ revocation_notifier = True
# The binding address and port of the revocation notifier service.
# If the 'revocation_notifier' option is set to "true", then the verifier
# automatically starts the revocation service.
@@ -78,7 +78,7 @@
revocation_notifier_port = 8992
# Enable revocation notifications via webhook. This can be used to notify
other
-@@ -400,10 +408,12 @@ max_payload_size = 1048576
+@@ -410,10 +418,12 @@ max_payload_size = 1048576
# and SHA-512).
# Note that you can't set a policy on PCR10 and PCR16 because Keylime uses
# them internally.
@@ -93,7 +93,7 @@
# Specify the file containing allowlists for processing Linux IMA measurements
# this file is used if tenant provides "default" as the allowlist file
-@@ -455,7 +465,8 @@ max_retries = 10
+@@ -469,7 +479,8 @@ max_retries = 5
# might provide a signed list of EK public key hashes. Then you could write
# an ek_check_script that checks the signature of the allowlist and then
# compares the hash of the given EK with the allowlist.
@@ -103,7 +103,7 @@
# Optional script to execute to check the EK and/or EK certificate against a
# allowlist or any other additional EK processing you want to do. Runs in
-@@ -481,7 +492,8 @@ ek_check_script=
+@@ -495,7 +506,8 @@ ek_check_script=
# The registrar's IP address and port used to communicate with other services
# as well as the bind address for the registrar server.
