Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package keylime for openSUSE:Factory checked in at 2023-03-09 17:45:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/keylime (Old) and /work/SRC/openSUSE:Factory/.keylime.new.31432 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "keylime" Thu Mar 9 17:45:03 2023 rev:33 rq:1069984 version:6.6.0 Changes: -------- --- /work/SRC/openSUSE:Factory/keylime/keylime.changes 2023-03-04 22:42:37.503581753 +0100 +++ /work/SRC/openSUSE:Factory/.keylime.new.31432/keylime.changes 2023-03-09 17:45:16.646760189 +0100 @@ -1,0 +2,6 @@ +Tue Mar 7 16:11:03 UTC 2023 - Alberto Planas Dominguez <apla...@suse.com> + +- Add tenant.conf.diff path to do not require a valid EK certificate + (that is the case in TPM simulator) + +------------------------------------------------------------------- New: ---- tenant.conf.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ keylime.spec ++++++ --- /var/tmp/diff_new_pack.Es6lrI/_old 2023-03-09 17:45:17.318763765 +0100 +++ /var/tmp/diff_new_pack.Es6lrI/_new 2023-03-09 17:45:17.322763787 +0100 @@ -41,6 +41,7 @@ Source10: agent.conf.diff Source11: registrar.conf.diff Source12: verifier.conf.diff +Source13: tenant.conf.diff BuildRequires: %{python_module Jinja2} BuildRequires: %{python_module setuptools} BuildRequires: fdupes @@ -172,6 +173,7 @@ patch -s --fuzz=0 config/agent.conf < %{SOURCE10} patch -s --fuzz=0 config/registrar.conf < %{SOURCE11} patch -s --fuzz=0 config/verifier.conf < %{SOURCE12} +patch -s --fuzz=0 config/tenant.conf < %{SOURCE13} %python_clone -a %{buildroot}%{_bindir}/%{srcname}_agent %python_clone -a %{buildroot}%{_bindir}/%{srcname}_attest ++++++ tenant.conf.diff ++++++ --- tenant.conf.ORIG 2023-03-07 17:08:27.642929656 +0100 +++ tenant.conf 2023-03-07 17:09:23.018891153 +0100 @@ -106,7 +106,8 @@ # might provide a signed list of EK public key hashes. Then you could write # an ek_check_script that checks the signature of the allowlist and then # compares the hash of the given EK with the allowlist. -require_ek_cert = True +# require_ek_cert = True +require_ek_cert = False # Optional script to execute to check the EK and/or EK certificate against a # allowlist or any other additional EK processing you want to do. Runs in