Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package keylime for openSUSE:Factory checked
in at 2023-01-24 19:42:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/keylime (Old)
and /work/SRC/openSUSE:Factory/.keylime.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "keylime"
Tue Jan 24 19:42:07 2023 rev:29 rq:1060358 version:6.5.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/keylime/keylime.changes 2022-11-12
17:40:37.741975064 +0100
+++ /work/SRC/openSUSE:Factory/.keylime.new.32243/keylime.changes
2023-01-24 20:23:55.485645494 +0100
@@ -1,0 +2,191 @@
+Mon Jan 23 08:28:17 UTC 2023 - apla...@suse.com
+
+- Update to version v6.5.3:
+ * Bump version number to 6.5.3
+ * durable attestation: a simple "attestation replay" CLI utility
+ * cmd_exec: Replace cast()s to bytes with asserts isinstance(..., bytes)
+ * codestyle: Add type annotations to db/keylime_db.py and add to mypy
+ * codestyle: Add type annotations to requests_client.py and add to mypy
+ * codestyle: Add type annotations to tornado_requests.py and add to mypy
+ * mypy: Change list of checked files to shorter list of unchecked files
+ * codestyle: Add missing annotations to cmd_exec.py and add to mypy
+ * codestyle: Have all files in ima directory checked by mypy
+ * pylint: ignore zmq Context abstract-class-instantiated warnings
+ * tenant: reliable and consistent add/delete operations (fixes #1158) (#1271)
+ * tenant: fix the exit code for `bulkinfo` operation
+ * config: support override via environment variables
+ * Extend test execution instructions in TESTING.md
+ * packit-ci: Add hotfix for tpm2-tss Fedora BZ#2158598
+ * tenant: Remove code hashing a public key and using hash as UUID
+ * linters: Exclude intentionally invalid python file
+ * config: Check for available config upgrade on startup
+ * Do not install keylime nor configuration files during tests
+ * .ci/test_wrapper: Add test user keylime:tss
+ * config: Support quoted strings for TOML compatibility
+ * gitignore: Do not use 'config' as a match pattern
+ * tests: Add test for convert_config script
+ * convert_config: Set version for each mapping processed
+ * cmd/convert_config: Remove quotes and spaces around version string
+ * convert_config: Set default output path as /etc/keylime for root
+ * convert_config: Do not use keys() to iterate on maps
+ * Install config upgrade script as keylime_upgrade_config
+ * templates: Remove log_destination option
+ * Fix default values in mappings
+ * Correctly strip elements of a list on config v2.0 adjust script
+ * setup: Don't use keylime.conf to generate the split configuration
+ * convert_config: Add --defaults option to use default values
+ * convert_config: Use str_to_version from common module
+ * Add keylime/common/version.py for version manipulation
+ * elchecking: load policy modules explicitly
+ * Revert "tpm_abstract: move import of measured_boot into check_pcrs(..)"
+ * codestyle: Add type-annotations to cli/policies.py and add to mypy
+ * codestyle: Add type-annotations to cli/options.py and add to mypy
+ * Introduce a RetDictType for return type of cmd_exec.run()
+ * requirements, docs: add typing-extensions as a dependency
+ * ima_dm: add type checks and hints
+ * Switch code coverage measurement to Fedora 37
+ * codestyle: Fix annotation of mb_measurement_data
+ * ima: Fix the ima_sign_verification_keys initial datatype
+ * elchecking: add support for MeasuredBoot when SecureBoot is disabled
+ * verifier: a (very simple) cache implementation for IMA policies (solves
#1167)
+ * codestyle: Add type annotations to cmd/convert_ima_policy.py and add to
mypy
+ * codestyle: Add type annotations to cmd/ima_emulator_adapter.py and add to
mypy
+ * codestyle: Add type annotations to cmd/user_data_encrypt.py and add to mypy
+ * codestyle: Add type annotations to cmd/verifier.py and add to mypy
+ * codestyle: Add type annotations to cmd/tenant.py and add to mypy
+ * codestyle: Add type annotations to cmd/registrar.py and add to mypy
+ * codestyle: Add type annotations to cmd/ca.py and add to mypy
+ * codestyle: Add type annotations to cmd/agent.py and add to mypy
+ * CI tests: Do not remove Fedora tag repository
+ * tpm_abstract: move import of measured_boot into check_pcrs(..)
+ * docker: fix and improve build_locally.sh
+ * docker: use version 5.4 of tpm2-tools
+ * docker: update container to Fedora 37
+ * codestyle: Type-annotate files in revocation_actions & add to mypy
+ * Remove redundant parameter from enforce_pcrs()
+ * codestyle: Add missing type annotations to files in common & add to mypy
+ * api_version: Catch InvalidVersion for packaging v22.0
+ * verifier: fix for IMA policy checksum calculation
+ * codestyle: Type-annotate measured_boot.py and add to mypy
+ * codestyle: Fix variable assigments in tpm2_object_test.py and add to mypy
+ * codestyle: Fix and add type annotations to tpm2_objects.py and add to mypy
+ * codestyle: Cast the agent Dict to allow Any types to be assigned to it
+ * codestyle: Change verifier_port annotation from int to str
+ * codestyle: Avoid switching datatypes of agent by using differnt variable
+ * codestyle: Fix event parameter to be an Optional[Event]
+ * codestyle: Fix annotation of tosend parameter to be a Dict[str, Any]
+ * codestyle: add type hints to elchecking module
+ * codestyle: Type-annotate web_util.py and add to mypy
+ * codestyle: Add missing type annotations to ima.py and add to mypy
+ * codestyle: Add missing type annotations to ima_test.py and add to mypy
+ * codestyle: Add missing type annotations to file_signatures.py and add to
mypy
+ * logging: remove option to log into separate file
+ * codestyle: Add type annotations to tpm classes and address issues
+ * codestyle: Add type-annotations to signing.py and add to mypy
+ * codestyle: Add missing type annotations to api_version.py and add to mypy
+ * codestyle: Add keylime_logging.py to mypy
+ * codestyle: Add missing type-annotations to agentstates and add to mypy
+ * codestyle: Add missing type annotations to failure.py and add to mypy
+ * codestyle: Type-annotate user_utils_test.py and add to mypy
+ * codestyle: Type-annotate user_utils.py and add to mypy
+ * codestyle: Type-annotate ca_util.py and add to mypy
+ * codestyle: Add missing annotations to cert_utils and add to mypy
+ * codestyle: Type-annotate ca_impl_openssl and add to mypy
+ * codestyle: Type-annotate tpm_ek_ca.py and add to mypy
+ * codestyle: Type-annotate fs_util.py and add to mypy
+ * codestyle: Add json.py to mypy.ini
+ * codestyle: Type-annotate secure_mount.py and add to mypy
+ * codestyle: Add missing annotations to crypto.py and add to mypy
+ * common: remove metrics
+ * cmd: removal of keylime_migrations_apply
+ * codestyle: Set type of trusted_server_ca to List[str] and initialize with
list
+ * codestyle: Avoid switching of type of trusted_ca by using another variable
+ * codestyle: Enable test_tpm.py to be type-checked by pyright
+ * codestyle: Fix an issue detected by pyright in test_ca_impl_openssl
+ * codestyle: Fix typo in annotation
+ * codestyle: Relax some parameter type requirements due to test case
+ * codestyle: Fix an issue detected by pyright in test_ca_util.py
+ * ci: add mypy to CI
+ * config: add missing type hints
+ * ima/ast: add missing type hints
+ * json: allow ignore comment to be parsed by mypy
+ * tox: add mypy support
+ * tox: Add test directory to black and isort tools' command line
+ * codestyle: Add type annotations to test_ima_verification.py and fix issues
+ * codestyle: Add type annotations to test_validators and fix issues
+ * codestyle: Add type annotations to test_crypto.py
+ * tpm: Replace assert with Exception
+ * Fix incorrect generators in converted IMA policies (#1223)
+ * ima: Remove dead m2w function parameter
+ * ima: Remove 'main' function from ima.py
+ * codestyle: Add type annotations to cmd_exec.py
+ * tpm: Type-annotate tools_version and avoid switching data types
+ * codestyle: cmd: Type annotation ima_emulator_adapter.py
+ * codestyle: Add type annotations to various low-level functions
+ * pyproject: Add test directory for pyright and exclude some tests
+ * verifier: Calculates the checksum for the whole IMA policy on the verifier
#1198
+ * codestyle: Add type annotations to crypto.py and address issues
+ * codestyle: Do not assign function parameter a new value in function
+ * codestyle: Avoid switching type of ek_handle from 'str' to int
+ * codestyle: Avoid switching type of pcrs variable from List[str] to dict
+ * codestyle: Avoid switching type of tpm_policy from possible 'str' to dict
+ * codestyle: Drop re.Pattern annotation due to pyright on python 3.6
+ * codestyle: Add missing type annotations to ima/ima.py and address issues
+ * ima: Always set algorithm in Digest class and require a string
+ * codestyle: Add type annotations to various files
+ * config: remove fallback config
+ * codestyle: Add missing type annotations to agentstates.py
+ * pyright: Fix a pyright issue in ca_impl_openssl
+ * cleaning up pyproject.toml
+ * fixing type issue
+ * tests: Switch to sha256 hashes for signatures
+ * The verifier can selectively load only a subset of columns from the
`allowlist` table.
+ * pyright: Enable pyright on cmd/ima_emulator_adapter.py
+ * pyright: Add type annotations to cmd/convert_ima_policy.py
+ * pyright: Add type annotations to ima/file_signatures.py
+ * ima: Raise ValueError on unsupported key types
+ * pyright: Fix issue in keylime/revocation_notifier.py
+ * pyright: Fix issue in keylime/da/record.py
+ * pyright: Fix issues in keylime/ima/file_signatures.py
+ * pyright: Fix issue in keylime/json.py
+ * code-style: Make tox less verbose when running check tools
+ * code-style: Run isort as part of 'make check'
+ * code-style: Run black --diff as part of 'make check'
+ * pyright: Run pyright as part of 'make check'
+ * pyright: Fix an issue in ima/ima.py
+ * removing unnecessary entry from pyright ignore list
+ * addressing type issues related to IMA
+ * algorithms: simplify the Hash class
+ * CI/CD: Run pyright as part of PRs
+ * pyproject: Filter-out files with warnings in pyright
+ * Some fixes to validate_ima_policy_data (#1192)
+ * common: Raise ValueError in Hash constructor if hash not supported
+ * common: Add a test case for testing the Hash class
+ * ima: this PR adds checksums for allowlists as a separate column on the DB
+ * requirements.txt, docs: add gpg package and sync list in docs
+ * codestyle: Add codestyle checking for script/create_policy
+ * scripts: Fix pylint issue W1514 in scripts/create_policy
+ * scripts: Fix pylint issue C0209 in scripts/create_policy
+ * codestyle: Add codestyle checking for all .py files under scripts/
+ * scripts: Fix pylint issue W0612 in scripts/templates/2.0/adjust.py
+ * scripts: Fix pylint issue W0613 in scripts/templates/2.0/adjust.py
+ * scripts: Fix pylint issue C0201 in scripts/templates/2.0/adjust.py
+ * scripts: Fix pylint issue W1309 in scripts/templates/2.0/adjust.py
+ * scripts: Fix pylint issue W0707 in scripts/convert_config.py
+ * scripts: Fix pylint issue W1514 in scripts/convert_config.py
+ * scripts: Fix pylint issue W0621 in scripts/convert_config.py
+ * scripts: Fix pylint issue W0105 in scripts/convert_config.py
+ * scripts: Fix pylint issue W1309 in scripts/convert_config.py
+ * scripts: Fix pylint issue W0611 in scripts/convert_config.py
+ * scripts: Fix pylin R1705 in scipts/convert_config.py
+ * common: Remove redundant return parameter from validate_ima_policy_data
+ * common: Remove redundant return parameter from valid_exclude_list
+ * common: Remove redundant return parameter from valid_regex
+ * Do not use default values that need reading the config in methods
+ * non-obvious type fixes not concerning IMA (#1173)
+ * da: This commit implements most of the changes for #73 "Durable (Offline)
Attestation". (#1129)
+ * verifier: Do not access agent["tpm_clockinfo"] if value is 'None'
+ * Enable e2e test functional/tpm-issuer-cert-using-ecc
+ * tpm_main: fix ek creation for tpm2-tools versions > 4.2
+
+-------------------------------------------------------------------
Old:
----
keylime-v6.5.2.tar.xz
New:
----
keylime-v6.5.3.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ keylime.spec ++++++
--- /var/tmp/diff_new_pack.WO7tr7/_old 2023-01-24 20:23:56.117648624 +0100
+++ /var/tmp/diff_new_pack.WO7tr7/_new 2023-01-24 20:23:56.121648644 +0100
@@ -1,7 +1,7 @@
#
# spec file for package keylime
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -27,7 +27,7 @@
%define _config_norepl %config(noreplace)
%endif
Name: keylime
-Version: 6.5.2
+Version: 6.5.3
Release: 0
Summary: Open source TPM software for Bootstrapping and Maintaining
Trust
License: Apache-2.0 AND MIT
@@ -173,15 +173,16 @@
patch -s --fuzz=0 config/registrar.conf < %{SOURCE11}
patch -s --fuzz=0 config/verifier.conf < %{SOURCE12}
-%python_clone -a %{buildroot}%{_bindir}/%{srcname}_verifier
-%python_clone -a %{buildroot}%{_bindir}/%{srcname}_registrar
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_agent
-%python_clone -a %{buildroot}%{_bindir}/%{srcname}_tenant
+%python_clone -a %{buildroot}%{_bindir}/%{srcname}_attest
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_ca
-%python_clone -a %{buildroot}%{_bindir}/%{srcname}_migrations_apply
-%python_clone -a %{buildroot}%{_bindir}/%{srcname}_userdata_encrypt
-%python_clone -a %{buildroot}%{_bindir}/%{srcname}_ima_emulator
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_convert_ima_policy
+%python_clone -a %{buildroot}%{_bindir}/%{srcname}_ima_emulator
+%python_clone -a %{buildroot}%{_bindir}/%{srcname}_registrar
+%python_clone -a %{buildroot}%{_bindir}/%{srcname}_tenant
+%python_clone -a %{buildroot}%{_bindir}/%{srcname}_upgrade_config
+%python_clone -a %{buildroot}%{_bindir}/%{srcname}_userdata_encrypt
+%python_clone -a %{buildroot}%{_bindir}/%{srcname}_verifier
%python_expand %fdupes %{buildroot}%{$python_sitelib}
@@ -208,26 +209,28 @@
# %%pyunittest -v
%post
-%python_install_alternative %{srcname}_verifier
-%python_install_alternative %{srcname}_registrar
%python_install_alternative %{srcname}_agent
-%python_install_alternative %{srcname}_tenant
+%python_install_alternative %{srcname}_attest
%python_install_alternative %{srcname}_ca
-%python_install_alternative %{srcname}_migrations_apply
-%python_install_alternative %{srcname}_userdata_encrypt
-%python_install_alternative %{srcname}_ima_emulator
%python_install_alternative %{srcname}_convert_ima_policy
+%python_install_alternative %{srcname}_ima_emulator
+%python_install_alternative %{srcname}_registrar
+%python_install_alternative %{srcname}_tenant
+%python_install_alternative %{srcname}_upgrade_config
+%python_install_alternative %{srcname}_userdata_encrypt
+%python_install_alternative %{srcname}_verifier
%postun
-%python_uninstall_alternative %{srcname}_verifier
-%python_uninstall_alternative %{srcname}_registrar
%python_uninstall_alternative %{srcname}_agent
-%python_uninstall_alternative %{srcname}_tenant
+%python_uninstall_alternative %{srcname}_attest
%python_uninstall_alternative %{srcname}_ca
-%python_uninstall_alternative %{srcname}_migrations_apply
-%python_uninstall_alternative %{srcname}_userdata_encrypt
-%python_uninstall_alternative %{srcname}_ima_emulator
%python_uninstall_alternative %{srcname}_convert_ima_policy
+%python_uninstall_alternative %{srcname}_ima_emulator
+%python_uninstall_alternative %{srcname}_registrar
+%python_uninstall_alternative %{srcname}_tenant
+%python_uninstall_alternative %{srcname}_upgrade_config
+%python_uninstall_alternative %{srcname}_userdata_encrypt
+%python_uninstall_alternative %{srcname}_verifier
%post -n %{srcname}-firewalld
%firewalld_reload
@@ -280,15 +283,16 @@
%files %{python_files}
%doc README.md
%license LICENSE
-%python_alternative %{_bindir}/%{srcname}_verifier
-%python_alternative %{_bindir}/%{srcname}_registrar
%python_alternative %{_bindir}/%{srcname}_agent
-%python_alternative %{_bindir}/%{srcname}_tenant
+%python_alternative %{_bindir}/%{srcname}_attest
%python_alternative %{_bindir}/%{srcname}_ca
-%python_alternative %{_bindir}/%{srcname}_migrations_apply
-%python_alternative %{_bindir}/%{srcname}_userdata_encrypt
-%python_alternative %{_bindir}/%{srcname}_ima_emulator
%python_alternative %{_bindir}/%{srcname}_convert_ima_policy
+%python_alternative %{_bindir}/%{srcname}_ima_emulator
+%python_alternative %{_bindir}/%{srcname}_registrar
+%python_alternative %{_bindir}/%{srcname}_tenant
+%python_alternative %{_bindir}/%{srcname}_upgrade_config
+%python_alternative %{_bindir}/%{srcname}_userdata_encrypt
+%python_alternative %{_bindir}/%{srcname}_verifier
%{python_sitelib}/*
%files -n %{srcname}-config
++++++ _service ++++++
--- /var/tmp/diff_new_pack.WO7tr7/_old 2023-01-24 20:23:56.161648842 +0100
+++ /var/tmp/diff_new_pack.WO7tr7/_new 2023-01-24 20:23:56.161648842 +0100
@@ -1,7 +1,7 @@
<services>
<service name="tar_scm" mode="disabled">
<param name="versionformat">@PARENT_TAG@</param>
- <param name="revision">refs/tags/v6.5.2</param>
+ <param name="revision">refs/tags/v6.5.3</param>
<param name="url">https://github.com/keylime/keylime.git</param>
<param name="scm">git</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.WO7tr7/_old 2023-01-24 20:23:56.197649021 +0100
+++ /var/tmp/diff_new_pack.WO7tr7/_new 2023-01-24 20:23:56.201649040 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/keylime/keylime.git</param>
- <param
name="changesrevision">56e951a851b9a12a58fa473da94d1c1bf1415676</param></service></servicedata>
+ <param
name="changesrevision">453bfef69728f4ed54212608189efe466cd86038</param></service></servicedata>
(No newline at EOF)
++++++ agent.conf.diff ++++++
--- /var/tmp/diff_new_pack.WO7tr7/_old 2023-01-24 20:23:56.213649099 +0100
+++ /var/tmp/diff_new_pack.WO7tr7/_new 2023-01-24 20:23:56.217649120 +0100
@@ -1,16 +1,16 @@
---- agent.conf.ORIG 2022-10-12 08:58:47.632424880 +0200
-+++ agent.conf 2022-10-12 09:11:55.149616202 +0200
+--- agent.conf.ORIG 2023-01-23 09:36:14.664727104 +0100
++++ agent.conf 2023-01-23 09:42:57.400962866 +0100
@@ -16,10 +16,12 @@
# 'dmidecode -s system-uuid'.
# If you set this to "hostname", Keylime will use the full qualified domain
# name of current host as the agent id.
--uuid = d432fbb3-d2f1-4a97-9ef7-75bd81c00000
-+# uuid = d432fbb3-d2f1-4a97-9ef7-75bd81c00000
+-uuid = "d432fbb3-d2f1-4a97-9ef7-75bd81c00000"
++# uuid = "d432fbb3-d2f1-4a97-9ef7-75bd81c00000"
+uuid = hostname
# The binding address and port for the agent server
--ip = 127.0.0.1
-+# ip = 127.0.0.1
+-ip = "127.0.0.1"
++# ip = "127.0.0.1"
+ip = 0.0.0.0
port = 9002
@@ -19,38 +19,20 @@
contact_port = 9002
# The address and port of registrar server which agent communicate with
--registrar_ip = 127.0.0.1
-+# registrar_ip = 127.0.0.1
+-registrar_ip = "127.0.0.1"
++# registrar_ip = "127.0.0.1"
+registrar_ip = <REMOTE_IP>
registrar_port = 8890
# Enable mTLS communication between agent, verifier and tenant.
@@ -102,7 +105,8 @@
- enable_revocation_notifications = True
+ enable_revocation_notifications = true
# The IP to listen for revocation notifications via ZeroMQ
--revocation_notification_ip = 127.0.0.1
-+# revocation_notification_ip = 127.0.0.1
+-revocation_notification_ip = "127.0.0.1"
++# revocation_notification_ip = "127.0.0.1"
+revocation_notification_ip = <REMOTE_IP>
# The port to listen for revocation notifications via ZeroMQ
revocation_notification_port = 8992
-@@ -153,7 +157,8 @@
-
- # List of hash algorithms used for PCRs
- # Accepted values: sha512, sha384, sha256, sha1
--tpm_hash_alg = sha1
-+# tpm_hash_alg = sha1
-+tpm_hash_alg = sha256
-
- # List of encryption algorithms to use with the TPM
- # Accepted values: ecc, rsa
-@@ -184,5 +189,5 @@
- # If cv_ca directory exists:
- # chown keylime /var/lib/keylime/cv_ca
- # chown keylime /var/lib/keylime/cv_ca/cacert.crt
--run_as =
--
-+# run_as =
-+run_as = keylime:tss
++++++ keylime-v6.5.2.tar.xz -> keylime-v6.5.3.tar.xz ++++++
/work/SRC/openSUSE:Factory/keylime/keylime-v6.5.2.tar.xz
/work/SRC/openSUSE:Factory/.keylime.new.32243/keylime-v6.5.3.tar.xz differ:
char 15, line 1
++++++ verifier.conf.diff ++++++
--- /var/tmp/diff_new_pack.WO7tr7/_old 2023-01-24 20:23:56.289649476 +0100
+++ /var/tmp/diff_new_pack.WO7tr7/_new 2023-01-24 20:23:56.293649496 +0100
@@ -1,6 +1,6 @@
---- verifier.conf.ORIG 2022-09-26 10:45:14.032956447 +0200
-+++ verifier.conf 2022-09-26 11:02:37.781854035 +0200
-@@ -5,7 +5,8 @@
+--- verifier.conf.ORIG 2023-01-23 09:36:14.684727116 +0100
++++ verifier.conf 2023-01-23 09:45:13.585042153 +0100
+@@ -8,7 +8,8 @@
uuid = default
# The verifier server IP address and port
@@ -10,7 +10,7 @@
port = 8881
# The address and port of registrar server that the verifier communicates with
-@@ -191,7 +192,8 @@
+@@ -233,7 +234,8 @@
enabled_revocation_notifications = ['agent']
# The binding address and port of the revocation notifier service via ZeroMQ.
