commit keylime for openSUSE:Factory

Thu, 09 Mar 2023 08:45:32 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package keylime for openSUSE:Factory checked 
in at 2023-03-09 17:45:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/keylime (Old)
 and      /work/SRC/openSUSE:Factory/.keylime.new.31432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "keylime"

Thu Mar  9 17:45:03 2023 rev:33 rq:1069984 version:6.6.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/keylime/keylime.changes  2023-03-04 
22:42:37.503581753 +0100
+++ /work/SRC/openSUSE:Factory/.keylime.new.31432/keylime.changes       
2023-03-09 17:45:16.646760189 +0100
@@ -1,0 +2,6 @@
+Tue Mar  7 16:11:03 UTC 2023 - Alberto Planas Dominguez <apla...@suse.com>
+
+- Add tenant.conf.diff path to do not require a valid EK certificate
+  (that is the case in TPM simulator)
+
+-------------------------------------------------------------------

New:
----
  tenant.conf.diff

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ keylime.spec ++++++
--- /var/tmp/diff_new_pack.Es6lrI/_old  2023-03-09 17:45:17.318763765 +0100
+++ /var/tmp/diff_new_pack.Es6lrI/_new  2023-03-09 17:45:17.322763787 +0100
@@ -41,6 +41,7 @@
 Source10:       agent.conf.diff
 Source11:       registrar.conf.diff
 Source12:       verifier.conf.diff
+Source13:       tenant.conf.diff
 BuildRequires:  %{python_module Jinja2}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  fdupes
@@ -172,6 +173,7 @@
 patch -s --fuzz=0 config/agent.conf < %{SOURCE10}
 patch -s --fuzz=0 config/registrar.conf < %{SOURCE11}
 patch -s --fuzz=0 config/verifier.conf < %{SOURCE12}
+patch -s --fuzz=0 config/tenant.conf < %{SOURCE13}
 
 %python_clone -a %{buildroot}%{_bindir}/%{srcname}_agent
 %python_clone -a %{buildroot}%{_bindir}/%{srcname}_attest

++++++ tenant.conf.diff ++++++
--- tenant.conf.ORIG    2023-03-07 17:08:27.642929656 +0100
+++ tenant.conf 2023-03-07 17:09:23.018891153 +0100
@@ -106,7 +106,8 @@
 # might provide a signed list of EK public key hashes.  Then you could write
 # an ek_check_script that checks the signature of the allowlist and then
 # compares the hash of the given EK with the allowlist.
-require_ek_cert = True
+# require_ek_cert = True
+require_ek_cert = False
 
 # Optional script to execute to check the EK and/or EK certificate against a
 # allowlist or any other additional EK processing you want to do. Runs in

Reply via email to