Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package keylime for openSUSE:Factory checked
in at 2022-07-18 18:33:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/keylime (Old)
and /work/SRC/openSUSE:Factory/.keylime.new.1523 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "keylime"
Mon Jul 18 18:33:05 2022 rev:22 rq:989361 version:6.4.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/keylime/keylime.changes 2022-06-30
13:18:10.637525058 +0200
+++ /work/SRC/openSUSE:Factory/.keylime.new.1523/keylime.changes
2022-07-18 18:33:11.689694116 +0200
@@ -1,0 +2,40 @@
+Fri Jul 15 08:31:50 UTC 2022 - Alberto Planas Dominguez <apla...@suse.com>
+
+- Replace python-gpg requirement
+- Fix consolidation for _distconfdir and _sysconfdir macro
+
+-------------------------------------------------------------------
+Wed Jul 13 13:43:12 UTC 2022 - apla...@suse.com
+
+- Update to version v6.4.2:
+ * Bump version # to 6.4.2
+ * Use python3-gpg instead of python3-gnupg
+ * Update Packit CI tests to test both agent and zeromq revocation notifiers
+ * ima_ast: Make entry parsing stricter
+ * ima_ast: Calculate length of "n" and "n-ng" in bytes
+ * Fix broken URLs in README (Additional Reading)
+ * Remove CFSSL leftovers
+ * signing: move exception handing to verify_signature()
+ * Set revocation_notifiers = agent as default in keylime.conf
+ * cloud_verifier: Support /notifications/revocation REST API
+ * keylime_agent: Support /notifications/revocation REST method
+ * revocation_notifier: Factor out revocation message processing
+ * keylime: initialize supplementary groups when dropping privileges
+ * Refactor allowlist processing to enable verifier-side signature checks
+ * Full removal of the tenant WebApp
+ * update roadmap for 2022 and 2023
+ * docs: make Python requirements less strict
+ * docs: update API documentation for 2.1, add missing fields for agent quote
+ * Add python3-alembic to distros
+ * Update fmf plans to run test with IMA policy
+ * Drop SPDX-License-Identifier header
+ * Adjust CI test name according to keylime-tests PR#125
+ * ci: Run lint with Python 3.6 as well
+ * [trivial]: fix style of recently added docs files
+ * Improve error handling when doing signature verification
+ * Fix coverage file paths in submit-HEAD-coverage workflow
+ * Adding files from keylime-docs into main repo
+- Fix keylime service home directory
+- Adjust the directory for the TPM certificates
+
+-------------------------------------------------------------------
Old:
----
keylime-v6.4.1.tar.xz
New:
----
keylime-v6.4.2.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ keylime.spec ++++++
--- /var/tmp/diff_new_pack.9nS5e1/_old 2022-07-18 18:33:12.361695071 +0200
+++ /var/tmp/diff_new_pack.9nS5e1/_new 2022-07-18 18:33:12.365695077 +0200
@@ -27,7 +27,7 @@
%define _config_norepl %config(noreplace)
%endif
Name: keylime
-Version: 6.4.1
+Version: 6.4.2
Release: 0
Summary: Open source TPM software for Bootstrapping and Maintaining
Trust
License: Apache-2.0 AND MIT
@@ -52,9 +52,9 @@
Requires: python-SQLAlchemy
Requires: python-alembic
Requires: python-cryptography
+Requires: python-gpg
Requires: python-lark-parser
Requires: python-psutil
-Requires: python-python-gnupg
Requires: python-pyzmq
Requires: python-requests
Requires: python-simplejson
@@ -153,8 +153,6 @@
export VERSION=%{version}
%python_install
-cp -r %{srcname}/static %{buildroot}%{python_sitelib}/%{srcname}
-
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_verifier
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_registrar
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_agent
@@ -163,7 +161,6 @@
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_migrations_apply
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_userdata_encrypt
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_ima_emulator
-%python_clone -a %{buildroot}%{_bindir}/%{srcname}_webapp
%python_expand %fdupes %{buildroot}%{$python_sitelib}
@@ -179,9 +176,9 @@
install -Dpm 0644 %{SOURCE4} %{buildroot}%{_tmpfilesdir}/%{name}.conf
install -d %{buildroot}%{_localstatedir}/log/%{name}
-mkdir -p %{buildroot}/%{_localstatedir}/%{srcname}
-cp -r ./tpm_cert_store %{buildroot}%{_localstatedir}/%{srcname}/
-%fdupes %{buildroot}%{_localstatedir}/%{srcname}/
+mkdir -p %{buildroot}/%{_sharedstatedir}/%{srcname}
+cp -r ./tpm_cert_store %{buildroot}%{_sharedstatedir}/%{srcname}/
+%fdupes %{buildroot}%{_sharedstatedir}/%{srcname}/
# %%check
# %%pyunittest -v
@@ -195,7 +192,6 @@
%python_install_alternative %{srcname}_migrations_apply
%python_install_alternative %{srcname}_userdata_encrypt
%python_install_alternative %{srcname}_ima_emulator
-%python_install_alternative %{srcname}_webapp
%postun
%python_uninstall_alternative %{srcname}_verifier
@@ -206,7 +202,6 @@
%python_uninstall_alternative %{srcname}_migrations_apply
%python_uninstall_alternative %{srcname}_userdata_encrypt
%python_uninstall_alternative %{srcname}_ima_emulator
-%python_uninstall_alternative %{srcname}_webapp
%post -n %{srcname}-firewalld
%firewalld_reload
@@ -258,7 +253,7 @@
%files %{python_files}
%doc README.md
-%license LICENSE keylime/static/icons/ICON-LICENSE
+%license LICENSE
%python_alternative %{_bindir}/%{srcname}_verifier
%python_alternative %{_bindir}/%{srcname}_registrar
%python_alternative %{_bindir}/%{srcname}_agent
@@ -267,11 +262,10 @@
%python_alternative %{_bindir}/%{srcname}_migrations_apply
%python_alternative %{_bindir}/%{srcname}_userdata_encrypt
%python_alternative %{_bindir}/%{srcname}_ima_emulator
-%python_alternative %{_bindir}/%{srcname}_webapp
%{python_sitelib}/*
%files -n %{srcname}-config
-%{_config_norepl} %attr (600,keylime,tss) %{_distconfdir}/%{srcname}.conf
+%_config_norepl %attr (0600,keylime,tss) %{_distconfdir}/%{srcname}.conf
%files -n %{srcname}-firewalld
%dir %{_prefix}/lib/firewalld
@@ -279,11 +273,11 @@
%{_prefix}/lib/firewalld/services/%{srcname}.xml
%files -n %{srcname}-tpm_cert_store
-%dir %{_localstatedir}/%{srcname}/tpm_cert_store
-%{_localstatedir}/%{srcname}/tpm_cert_store/*
+%dir %attr(0700,keylime,tss) %{_sharedstatedir}/%{srcname}
+%dir %{_sharedstatedir}/%{srcname}/tpm_cert_store
+%{_sharedstatedir}/%{srcname}/tpm_cert_store/*
# We use this subpackage to store other unrelated things, as far as is
# required by all the services
-%dir %attr(0700,keylime,tss) %{_localstatedir}/%{srcname}
%{_sysusersdir}/%{srcname}-user.conf
%ghost %dir %attr(0700,keylime,tss) %{_rundir}/%{srcname}
%{_tmpfilesdir}/%{srcname}.conf
@@ -299,7 +293,7 @@
%{_unitdir}/%{srcname}_verifier.service
%files -n %{srcname}-logrotate
-%{_config_norepl} %{_distconfdir}/logrotate.d/%{srcname}
-%dir %attr(750,keylime,tss) %{_localstatedir}/log/%{srcname}
+%_config_norepl %{_distconfdir}/logrotate.d/%{srcname}
+%dir %attr(0750,keylime,tss) %{_localstatedir}/log/%{srcname}
%changelog
++++++ _service ++++++
--- /var/tmp/diff_new_pack.9nS5e1/_old 2022-07-18 18:33:12.397695123 +0200
+++ /var/tmp/diff_new_pack.9nS5e1/_new 2022-07-18 18:33:12.397695123 +0200
@@ -1,7 +1,7 @@
<services>
<service name="tar_scm" mode="disabled">
<param name="versionformat">@PARENT_TAG@</param>
- <param name="revision">refs/tags/v6.4.1</param>
+ <param name="revision">refs/tags/v6.4.2</param>
<param name="url">https://github.com/keylime/keylime.git</param>
<param name="scm">git</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.9nS5e1/_old 2022-07-18 18:33:12.417695151 +0200
+++ /var/tmp/diff_new_pack.9nS5e1/_new 2022-07-18 18:33:12.421695157 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/keylime/keylime.git</param>
- <param
name="changesrevision">bbc191948341b71c64a38d897470f300c7ebcbb1</param></service></servicedata>
+ <param
name="changesrevision">3661637256d42b997574f8d252476cafcdf21954</param></service></servicedata>
(No newline at EOF)
++++++ keylime-v6.4.1.tar.xz -> keylime-v6.4.2.tar.xz ++++++
/work/SRC/openSUSE:Factory/keylime/keylime-v6.4.1.tar.xz
/work/SRC/openSUSE:Factory/.keylime.new.1523/keylime-v6.4.2.tar.xz differ: char
15, line 1
++++++ keylime.conf.diff ++++++
--- /var/tmp/diff_new_pack.9nS5e1/_old 2022-07-18 18:33:12.453695203 +0200
+++ /var/tmp/diff_new_pack.9nS5e1/_new 2022-07-18 18:33:12.453695203 +0200
@@ -1,7 +1,7 @@
-Index: keylime-v6.4.1/keylime.conf
+Index: keylime-v6.4.2/keylime.conf
===================================================================
---- keylime-v6.4.1.orig/keylime.conf
-+++ keylime-v6.4.1/keylime.conf
+--- keylime-v6.4.2.orig/keylime.conf
++++ keylime-v6.4.2/keylime.conf
@@ -7,7 +7,8 @@ enable_tls = True
# The address and port of the revocation notifier service on the verifier from
@@ -72,7 +72,7 @@
cloudverifier_port = 8881
# The address and port of registrar server that verifier communicates with
-@@ -276,7 +283,8 @@ revocation_notifier = True
+@@ -288,7 +295,8 @@ revocation_notifiers = agent
# The binding address and port of the revocation notifier service.
# If the 'revocation_notifier' option is set to "true", then the verifier
# automatically starts the revocation service.
@@ -81,8 +81,8 @@
+revocation_notifier_ip = 0.0.0.0
revocation_notifier_port = 8992
- # Enable revocation notifications via webhook. This can be used to notify
other
-@@ -413,7 +421,8 @@ max_payload_size = 1048576
+ # Webhook url for revocation notifications.
+@@ -426,7 +434,8 @@ max_payload_size = 1048576
# and SHA-512).
# Note that you can't set a policy on PCR10 and PCR16 because Keylime uses
# them internally.
@@ -92,7 +92,7 @@
# Specify the file containing allowlists for processing Linux IMA measurements
# this file is used if tenant provides "default" as the allowlist file
-@@ -465,7 +474,8 @@ max_retries = 5
+@@ -478,7 +487,8 @@ max_retries = 5
# might provide a signed list of EK public key hashes. Then you could write
# an ek_check_script that checks the signature of the allowlist and then
# compares the hash of the given EK with the allowlist.
@@ -102,7 +102,7 @@
# Optional script to execute to check the EK and/or EK certificate against a
# allowlist or any other additional EK processing you want to do. Runs in
-@@ -491,7 +501,8 @@ ek_check_script=
+@@ -504,7 +514,8 @@ ek_check_script=
# The registrar's IP address and port used to communicate with other services
# as well as the bind address for the registrar server.
