Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package keylime for openSUSE:Factory checked
in at 2023-04-27 19:59:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/keylime (Old)
and /work/SRC/openSUSE:Factory/.keylime.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "keylime"
Thu Apr 27 19:59:05 2023 rev:35 rq:1082914 version:7.0.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/keylime/keylime.changes 2023-03-15
18:53:18.596001125 +0100
+++ /work/SRC/openSUSE:Factory/.keylime.new.1533/keylime.changes
2023-04-27 19:59:05.921278007 +0200
@@ -1,0 +2,64 @@
+Wed Apr 26 08:08:04 UTC 2023 - apla...@suse.com
+
+- Remove the agent subpackage
+- Remove keylime_ima_emulator binary
+- Add keylime_create_policy and keylime_sign_runtime_policy
+- Update to version v7.0.0:
+ * bump version to 7.0.0
+ * bump to version 6.8.0
+ * build-sys: Use comma-separated list for running multiple linters
+ * tenant: Add brackets to ipv6 addresses when used in URL
+ * registrar: Detect IPv6 addresses to bind to and set address_family
+ * setup.cfg: use license_files instead of license_file
+ * Do not run Packit tests on F38
+ * tests: Use Rust agent from COPR for e2e tests
+ * tenant: Raise a UserError on status_code != 200 returned from server
+ * Add missing test from keylime testsuite to e2e plan
+ * tests: remove tpm2-tss downgrade as Fedora bug got fixed
+ * da: non-zero exit code for attestation replay failures.
+ * ca:CLI utilities (keylime_ca,keylime_tenant) read password from ca.conf
+ * log: add a barebones log config in case configuration files not present
+ * Fix typo
+ * Use subtest in unittest.
+ * create_policy: Strip newline from file path read from measurement list
+ * create_policy: Validate policies against the JSON schema
+ * create_policy: Clarify help text for IMA measurement list
+ * create_policy: Add list of ignored keyrings after processing base policy
+ * create_policy: Add support for adding an IMA exclude list to the policy
+ * create_policy: Avoid duplicate entries in lists
+ * codestyle: Annotate with RuntimePolicyType and adapt code
+ * codestyle: Import urllib to make pyright happy
+ * Introduce PathLike_str for older python versions
+ * codestyle: Annotate create_policy.py and add to mypy
+ * docs: Update docs to reflect renaming of create_policy tool
+ * create_policy: Fix issues related to filelists-ext
+ * Move create_policy to keylime/cmd and install as keylime_create_policy
+ * Implement DSSE signature verification for runtime policies
+ * tenant: Raise UserError on (add/update)runtimepolicy status codes 401
+ * tests: Split unittests into two runs to avoid issue
+ * ima: Add a JSON schema for the runtime policy and use it on given policies
+ * Implement DSSE policy signing tool
+ * ima: Derive RUNTIME_POLICY_GENERATOR from enum.IntEnum
+ * packit: use rust agent for e2e tests
+ * services: remove agent systemd services
+ * tests: remove unused code
+ * tests: remove agent from config test
+ * tpm_ek_ca: remove check_tpm_cert_store(..) function
+ * tpm, measured boot: remove refrences to virtual TPMs
+ * tpm: remove unsed variables and some refactoring
+ * algorithms: remove unused from_algorithm method
+ * mpypy, pyright: remove refrences to agent in ignores
+ * config: remove refrences to agent
+ * crypto: remove unused functions
+ * secure_mount: removal
+ * tpm: remove unsed functions
+ * registar_client: remove functions only used by the agent
+ * user_utils: removal
+ * revocation notifier: remove zeroMQ client code
+ * ca_util: remove listen command and related functions
+ * revocation actions: remove all
+ * ima emulator: full removal
+ * agent: remove agent code
+ * agentstates: rename tpm_clocking to tpm_clockinfo
+
+-------------------------------------------------------------------
Old:
----
agent.conf.diff
keylime-v6.7.0.tar.xz
New:
----
keylime-v7.0.0.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ keylime.spec ++++++
--- /var/tmp/diff_new_pack.xXAOSX/_old 2023-04-27 19:59:06.677282450 +0200
+++ /var/tmp/diff_new_pack.xXAOSX/_new 2023-04-27 19:59:06.677282450 +0200
@@ -27,7 +27,7 @@
%define _config_norepl %config(noreplace)
%endif
Name: keylime
-Version: 6.7.0
+Version: 7.0.0
Release: 0
Summary: Open source TPM software for Bootstrapping and Maintaining
Trust
License: Apache-2.0 AND MIT
@@ -38,10 +38,9 @@
Source3: logrotate.%{name}
Source4: tmpfiles.%{name}
# openSUSE adjustments for generated configuration files
-Source10: agent.conf.diff
-Source11: registrar.conf.diff
-Source12: verifier.conf.diff
-Source13: tenant.conf.diff
+Source10: registrar.conf.diff
+Source11: verifier.conf.diff
+Source12: tenant.conf.diff
BuildRequires: %{python_module Jinja2}
BuildRequires: %{python_module setuptools}
BuildRequires: fdupes
@@ -103,19 +102,6 @@
%description -n %{name}-tpm_cert_store
Subpackage of %{name} for storing the TPM certificates.
-%package -n %{name}-agent
-Summary: Keylime agent service
-Requires: %{name}-config = %{version}
-Requires: %{name}-logrotate = %{version}
-Requires: %{name}-tpm_cert_store = %{version}
-Requires: python3-%{name} = %{version}
-Recommends: %{name}-firewalld = %{version}
-Recommends: dmidecode
-Conflicts: rust-keylime
-
-%description -n %{name}-agent
-Subpackage of %{name} for agent service.
-
%package -n %{name}-registrar
Summary: Keylime registrar service
Requires: %{name}-config = %{version}
@@ -170,17 +156,17 @@
export VERSION=%{version}
%python_install
-patch -s --fuzz=0 config/agent.conf < %{SOURCE10}
-patch -s --fuzz=0 config/registrar.conf < %{SOURCE11}
-patch -s --fuzz=0 config/verifier.conf < %{SOURCE12}
-patch -s --fuzz=0 config/tenant.conf < %{SOURCE13}
+rm config/agent.conf
+patch -s --fuzz=0 config/registrar.conf < %{SOURCE10}
+patch -s --fuzz=0 config/verifier.conf < %{SOURCE11}
+patch -s --fuzz=0 config/tenant.conf < %{SOURCE12}
-%python_clone -a %{buildroot}%{_bindir}/%{srcname}_agent
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_attest
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_ca
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_convert_runtime_policy
-%python_clone -a %{buildroot}%{_bindir}/%{srcname}_ima_emulator
+%python_clone -a %{buildroot}%{_bindir}/%{srcname}_create_policy
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_registrar
+%python_clone -a %{buildroot}%{_bindir}/%{srcname}_sign_runtime_policy
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_tenant
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_upgrade_config
%python_clone -a %{buildroot}%{_bindir}/%{srcname}_userdata_encrypt
@@ -192,8 +178,6 @@
install -Dpm 0600 "$cfg" %{buildroot}%{_distconfdir}/%{srcname}/$(basename
"$cfg")
done
-install -Dpm 0644 ./services/%{srcname}_agent.service
%{buildroot}%{_unitdir}/%{srcname}_agent.service
-install -Dpm 0644 ./services/var-lib-%{srcname}-secure.mount
%{buildroot}%{_unitdir}/var-lib-%{srcname}-secure.mount
install -Dpm 0644 ./services/%{srcname}_verifier.service
%{buildroot}%{_unitdir}/%{srcname}_verifier.service
install -Dpm 0644 ./services/%{srcname}_registrar.service
%{buildroot}%{_unitdir}/%{srcname}_registrar.service
@@ -211,24 +195,24 @@
# %%pyunittest -v
%post
-%python_install_alternative %{srcname}_agent
%python_install_alternative %{srcname}_attest
%python_install_alternative %{srcname}_ca
%python_install_alternative %{srcname}_convert_runtime_policy
-%python_install_alternative %{srcname}_ima_emulator
+%python_install_alternative %{srcname}_create_policy
%python_install_alternative %{srcname}_registrar
+%python_install_alternative %{srcname}_sign_runtime_policy
%python_install_alternative %{srcname}_tenant
%python_install_alternative %{srcname}_upgrade_config
%python_install_alternative %{srcname}_userdata_encrypt
%python_install_alternative %{srcname}_verifier
%postun
-%python_uninstall_alternative %{srcname}_agent
%python_uninstall_alternative %{srcname}_attest
%python_uninstall_alternative %{srcname}_ca
%python_uninstall_alternative %{srcname}_convert_runtime_policy
-%python_uninstall_alternative %{srcname}_ima_emulator
+%python_uninstall_alternative %{srcname}_create_policy
%python_uninstall_alternative %{srcname}_registrar
+%python_uninstall_alternative %{srcname}_sign_runtime_policy
%python_uninstall_alternative %{srcname}_tenant
%python_uninstall_alternative %{srcname}_upgrade_config
%python_uninstall_alternative %{srcname}_userdata_encrypt
@@ -266,31 +250,15 @@
%postun -n %{srcname}-registrar
%service_del_postun %{srcname}_registrar.service
-%pre -n %{srcname}-agent
-%service_add_pre %{srcname}_agent.service
-%service_add_pre var-lib-%{srcname}-secure.mount
-
-%post -n %{srcname}-agent
-%service_add_post %{srcname}_agent.service
-%service_add_post var-lib-%{srcname}-secure.mount
-
-%preun -n %{srcname}-agent
-%service_del_preun %{srcname}_agent.service
-%service_del_preun var-lib-%{srcname}-secure.mount
-
-%postun -n %{srcname}-agent
-%service_del_postun %{srcname}_agent.service
-%service_del_postun var-lib-%{srcname}-secure.mount
-
%files %{python_files}
%doc README.md
%license LICENSE
-%python_alternative %{_bindir}/%{srcname}_agent
%python_alternative %{_bindir}/%{srcname}_attest
%python_alternative %{_bindir}/%{srcname}_ca
%python_alternative %{_bindir}/%{srcname}_convert_runtime_policy
-%python_alternative %{_bindir}/%{srcname}_ima_emulator
+%python_alternative %{_bindir}/%{srcname}_create_policy
%python_alternative %{_bindir}/%{srcname}_registrar
+%python_alternative %{_bindir}/%{srcname}_sign_runtime_policy
%python_alternative %{_bindir}/%{srcname}_tenant
%python_alternative %{_bindir}/%{srcname}_upgrade_config
%python_alternative %{_bindir}/%{srcname}_userdata_encrypt
@@ -317,12 +285,6 @@
%ghost %dir %attr(0700,keylime,tss) %{_rundir}/%{srcname}
%{_tmpfilesdir}/%{srcname}.conf
-%files -n %{srcname}-agent
-%dir %attr(0700,keylime,tss) %{_distconfdir}/%{srcname}
-%_config_norepl %attr (0600,keylime,tss) %{_distconfdir}/%{srcname}/agent.conf
-%{_unitdir}/%{srcname}_agent.service
-%{_unitdir}/var-lib-%{srcname}-secure.mount
-
%files -n %{srcname}-registrar
%dir %attr(0700,keylime,tss) %{_distconfdir}/%{srcname}
%_config_norepl %attr (0600,keylime,tss)
%{_distconfdir}/%{srcname}/registrar.conf
++++++ _service ++++++
--- /var/tmp/diff_new_pack.xXAOSX/_old 2023-04-27 19:59:06.713282662 +0200
+++ /var/tmp/diff_new_pack.xXAOSX/_new 2023-04-27 19:59:06.717282686 +0200
@@ -1,7 +1,7 @@
<services>
<service name="tar_scm" mode="disabled">
<param name="versionformat">@PARENT_TAG@</param>
- <param name="revision">refs/tags/v6.7.0</param>
+ <param name="revision">refs/tags/v7.0.0</param>
<param name="url">https://github.com/keylime/keylime.git</param>
<param name="scm">git</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.xXAOSX/_old 2023-04-27 19:59:06.737282804 +0200
+++ /var/tmp/diff_new_pack.xXAOSX/_new 2023-04-27 19:59:06.741282827 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/keylime/keylime.git</param>
- <param
name="changesrevision">3ed38978fa67c00fd79a2ad02dc788bff50d034f</param></service></servicedata>
+ <param
name="changesrevision">b089c294424e5345ee3c04aa61f42e995b2bcbb0</param></service></servicedata>
(No newline at EOF)
++++++ keylime-v6.7.0.tar.xz -> keylime-v7.0.0.tar.xz ++++++
/work/SRC/openSUSE:Factory/keylime/keylime-v6.7.0.tar.xz
/work/SRC/openSUSE:Factory/.keylime.new.1533/keylime-v7.0.0.tar.xz differ: char
15, line 1
