Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package keylime for openSUSE:Factory checked in at 2023-04-27 19:59:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/keylime (Old) and /work/SRC/openSUSE:Factory/.keylime.new.1533 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "keylime" Thu Apr 27 19:59:05 2023 rev:35 rq:1082914 version:7.0.0 Changes: -------- --- /work/SRC/openSUSE:Factory/keylime/keylime.changes 2023-03-15 18:53:18.596001125 +0100 +++ /work/SRC/openSUSE:Factory/.keylime.new.1533/keylime.changes 2023-04-27 19:59:05.921278007 +0200 @@ -1,0 +2,64 @@ +Wed Apr 26 08:08:04 UTC 2023 - apla...@suse.com + +- Remove the agent subpackage +- Remove keylime_ima_emulator binary +- Add keylime_create_policy and keylime_sign_runtime_policy +- Update to version v7.0.0: + * bump version to 7.0.0 + * bump to version 6.8.0 + * build-sys: Use comma-separated list for running multiple linters + * tenant: Add brackets to ipv6 addresses when used in URL + * registrar: Detect IPv6 addresses to bind to and set address_family + * setup.cfg: use license_files instead of license_file + * Do not run Packit tests on F38 + * tests: Use Rust agent from COPR for e2e tests + * tenant: Raise a UserError on status_code != 200 returned from server + * Add missing test from keylime testsuite to e2e plan + * tests: remove tpm2-tss downgrade as Fedora bug got fixed + * da: non-zero exit code for attestation replay failures. + * ca:CLI utilities (keylime_ca,keylime_tenant) read password from ca.conf + * log: add a barebones log config in case configuration files not present + * Fix typo + * Use subtest in unittest. + * create_policy: Strip newline from file path read from measurement list + * create_policy: Validate policies against the JSON schema + * create_policy: Clarify help text for IMA measurement list + * create_policy: Add list of ignored keyrings after processing base policy + * create_policy: Add support for adding an IMA exclude list to the policy + * create_policy: Avoid duplicate entries in lists + * codestyle: Annotate with RuntimePolicyType and adapt code + * codestyle: Import urllib to make pyright happy + * Introduce PathLike_str for older python versions + * codestyle: Annotate create_policy.py and add to mypy + * docs: Update docs to reflect renaming of create_policy tool + * create_policy: Fix issues related to filelists-ext + * Move create_policy to keylime/cmd and install as keylime_create_policy + * Implement DSSE signature verification for runtime policies + * tenant: Raise UserError on (add/update)runtimepolicy status codes 401 + * tests: Split unittests into two runs to avoid issue + * ima: Add a JSON schema for the runtime policy and use it on given policies + * Implement DSSE policy signing tool + * ima: Derive RUNTIME_POLICY_GENERATOR from enum.IntEnum + * packit: use rust agent for e2e tests + * services: remove agent systemd services + * tests: remove unused code + * tests: remove agent from config test + * tpm_ek_ca: remove check_tpm_cert_store(..) function + * tpm, measured boot: remove refrences to virtual TPMs + * tpm: remove unsed variables and some refactoring + * algorithms: remove unused from_algorithm method + * mpypy, pyright: remove refrences to agent in ignores + * config: remove refrences to agent + * crypto: remove unused functions + * secure_mount: removal + * tpm: remove unsed functions + * registar_client: remove functions only used by the agent + * user_utils: removal + * revocation notifier: remove zeroMQ client code + * ca_util: remove listen command and related functions + * revocation actions: remove all + * ima emulator: full removal + * agent: remove agent code + * agentstates: rename tpm_clocking to tpm_clockinfo + +------------------------------------------------------------------- Old: ---- agent.conf.diff keylime-v6.7.0.tar.xz New: ---- keylime-v7.0.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ keylime.spec ++++++ --- /var/tmp/diff_new_pack.xXAOSX/_old 2023-04-27 19:59:06.677282450 +0200 +++ /var/tmp/diff_new_pack.xXAOSX/_new 2023-04-27 19:59:06.677282450 +0200 @@ -27,7 +27,7 @@ %define _config_norepl %config(noreplace) %endif Name: keylime -Version: 6.7.0 +Version: 7.0.0 Release: 0 Summary: Open source TPM software for Bootstrapping and Maintaining Trust License: Apache-2.0 AND MIT @@ -38,10 +38,9 @@ Source3: logrotate.%{name} Source4: tmpfiles.%{name} # openSUSE adjustments for generated configuration files -Source10: agent.conf.diff -Source11: registrar.conf.diff -Source12: verifier.conf.diff -Source13: tenant.conf.diff +Source10: registrar.conf.diff +Source11: verifier.conf.diff +Source12: tenant.conf.diff BuildRequires: %{python_module Jinja2} BuildRequires: %{python_module setuptools} BuildRequires: fdupes @@ -103,19 +102,6 @@ %description -n %{name}-tpm_cert_store Subpackage of %{name} for storing the TPM certificates. -%package -n %{name}-agent -Summary: Keylime agent service -Requires: %{name}-config = %{version} -Requires: %{name}-logrotate = %{version} -Requires: %{name}-tpm_cert_store = %{version} -Requires: python3-%{name} = %{version} -Recommends: %{name}-firewalld = %{version} -Recommends: dmidecode -Conflicts: rust-keylime - -%description -n %{name}-agent -Subpackage of %{name} for agent service. - %package -n %{name}-registrar Summary: Keylime registrar service Requires: %{name}-config = %{version} @@ -170,17 +156,17 @@ export VERSION=%{version} %python_install -patch -s --fuzz=0 config/agent.conf < %{SOURCE10} -patch -s --fuzz=0 config/registrar.conf < %{SOURCE11} -patch -s --fuzz=0 config/verifier.conf < %{SOURCE12} -patch -s --fuzz=0 config/tenant.conf < %{SOURCE13} +rm config/agent.conf +patch -s --fuzz=0 config/registrar.conf < %{SOURCE10} +patch -s --fuzz=0 config/verifier.conf < %{SOURCE11} +patch -s --fuzz=0 config/tenant.conf < %{SOURCE12} -%python_clone -a %{buildroot}%{_bindir}/%{srcname}_agent %python_clone -a %{buildroot}%{_bindir}/%{srcname}_attest %python_clone -a %{buildroot}%{_bindir}/%{srcname}_ca %python_clone -a %{buildroot}%{_bindir}/%{srcname}_convert_runtime_policy -%python_clone -a %{buildroot}%{_bindir}/%{srcname}_ima_emulator +%python_clone -a %{buildroot}%{_bindir}/%{srcname}_create_policy %python_clone -a %{buildroot}%{_bindir}/%{srcname}_registrar +%python_clone -a %{buildroot}%{_bindir}/%{srcname}_sign_runtime_policy %python_clone -a %{buildroot}%{_bindir}/%{srcname}_tenant %python_clone -a %{buildroot}%{_bindir}/%{srcname}_upgrade_config %python_clone -a %{buildroot}%{_bindir}/%{srcname}_userdata_encrypt @@ -192,8 +178,6 @@ install -Dpm 0600 "$cfg" %{buildroot}%{_distconfdir}/%{srcname}/$(basename "$cfg") done -install -Dpm 0644 ./services/%{srcname}_agent.service %{buildroot}%{_unitdir}/%{srcname}_agent.service -install -Dpm 0644 ./services/var-lib-%{srcname}-secure.mount %{buildroot}%{_unitdir}/var-lib-%{srcname}-secure.mount install -Dpm 0644 ./services/%{srcname}_verifier.service %{buildroot}%{_unitdir}/%{srcname}_verifier.service install -Dpm 0644 ./services/%{srcname}_registrar.service %{buildroot}%{_unitdir}/%{srcname}_registrar.service @@ -211,24 +195,24 @@ # %%pyunittest -v %post -%python_install_alternative %{srcname}_agent %python_install_alternative %{srcname}_attest %python_install_alternative %{srcname}_ca %python_install_alternative %{srcname}_convert_runtime_policy -%python_install_alternative %{srcname}_ima_emulator +%python_install_alternative %{srcname}_create_policy %python_install_alternative %{srcname}_registrar +%python_install_alternative %{srcname}_sign_runtime_policy %python_install_alternative %{srcname}_tenant %python_install_alternative %{srcname}_upgrade_config %python_install_alternative %{srcname}_userdata_encrypt %python_install_alternative %{srcname}_verifier %postun -%python_uninstall_alternative %{srcname}_agent %python_uninstall_alternative %{srcname}_attest %python_uninstall_alternative %{srcname}_ca %python_uninstall_alternative %{srcname}_convert_runtime_policy -%python_uninstall_alternative %{srcname}_ima_emulator +%python_uninstall_alternative %{srcname}_create_policy %python_uninstall_alternative %{srcname}_registrar +%python_uninstall_alternative %{srcname}_sign_runtime_policy %python_uninstall_alternative %{srcname}_tenant %python_uninstall_alternative %{srcname}_upgrade_config %python_uninstall_alternative %{srcname}_userdata_encrypt @@ -266,31 +250,15 @@ %postun -n %{srcname}-registrar %service_del_postun %{srcname}_registrar.service -%pre -n %{srcname}-agent -%service_add_pre %{srcname}_agent.service -%service_add_pre var-lib-%{srcname}-secure.mount - -%post -n %{srcname}-agent -%service_add_post %{srcname}_agent.service -%service_add_post var-lib-%{srcname}-secure.mount - -%preun -n %{srcname}-agent -%service_del_preun %{srcname}_agent.service -%service_del_preun var-lib-%{srcname}-secure.mount - -%postun -n %{srcname}-agent -%service_del_postun %{srcname}_agent.service -%service_del_postun var-lib-%{srcname}-secure.mount - %files %{python_files} %doc README.md %license LICENSE -%python_alternative %{_bindir}/%{srcname}_agent %python_alternative %{_bindir}/%{srcname}_attest %python_alternative %{_bindir}/%{srcname}_ca %python_alternative %{_bindir}/%{srcname}_convert_runtime_policy -%python_alternative %{_bindir}/%{srcname}_ima_emulator +%python_alternative %{_bindir}/%{srcname}_create_policy %python_alternative %{_bindir}/%{srcname}_registrar +%python_alternative %{_bindir}/%{srcname}_sign_runtime_policy %python_alternative %{_bindir}/%{srcname}_tenant %python_alternative %{_bindir}/%{srcname}_upgrade_config %python_alternative %{_bindir}/%{srcname}_userdata_encrypt @@ -317,12 +285,6 @@ %ghost %dir %attr(0700,keylime,tss) %{_rundir}/%{srcname} %{_tmpfilesdir}/%{srcname}.conf -%files -n %{srcname}-agent -%dir %attr(0700,keylime,tss) %{_distconfdir}/%{srcname} -%_config_norepl %attr (0600,keylime,tss) %{_distconfdir}/%{srcname}/agent.conf -%{_unitdir}/%{srcname}_agent.service -%{_unitdir}/var-lib-%{srcname}-secure.mount - %files -n %{srcname}-registrar %dir %attr(0700,keylime,tss) %{_distconfdir}/%{srcname} %_config_norepl %attr (0600,keylime,tss) %{_distconfdir}/%{srcname}/registrar.conf ++++++ _service ++++++ --- /var/tmp/diff_new_pack.xXAOSX/_old 2023-04-27 19:59:06.713282662 +0200 +++ /var/tmp/diff_new_pack.xXAOSX/_new 2023-04-27 19:59:06.717282686 +0200 @@ -1,7 +1,7 @@ <services> <service name="tar_scm" mode="disabled"> <param name="versionformat">@PARENT_TAG@</param> - <param name="revision">refs/tags/v6.7.0</param> + <param name="revision">refs/tags/v7.0.0</param> <param name="url">https://github.com/keylime/keylime.git</param> <param name="scm">git</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.xXAOSX/_old 2023-04-27 19:59:06.737282804 +0200 +++ /var/tmp/diff_new_pack.xXAOSX/_new 2023-04-27 19:59:06.741282827 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/keylime/keylime.git</param> - <param name="changesrevision">3ed38978fa67c00fd79a2ad02dc788bff50d034f</param></service></servicedata> + <param name="changesrevision">b089c294424e5345ee3c04aa61f42e995b2bcbb0</param></service></servicedata> (No newline at EOF) ++++++ keylime-v6.7.0.tar.xz -> keylime-v7.0.0.tar.xz ++++++ /work/SRC/openSUSE:Factory/keylime/keylime-v6.7.0.tar.xz /work/SRC/openSUSE:Factory/.keylime.new.1533/keylime-v7.0.0.tar.xz differ: char 15, line 1