Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package fde-tools for openSUSE:Factory checked in at 2023-07-27 16:52:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/fde-tools (Old) and /work/SRC/openSUSE:Factory/.fde-tools.new.32662 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "fde-tools" Thu Jul 27 16:52:48 2023 rev:6 rq:1100993 version:0.6.6 Changes: -------- --- /work/SRC/openSUSE:Factory/fde-tools/fde-tools.changes 2023-07-25 11:51:16.309511702 +0200 +++ /work/SRC/openSUSE:Factory/.fde-tools.new.32662/fde-tools.changes 2023-07-27 16:53:04.370581885 +0200 @@ -1,0 +2,6 @@ +Thu Jul 27 06:23:22 UTC 2023 - Gary Ching-Pang Lin <g...@suse.com> + +- Add fde-tools-handle-authorized-policy-failure.patch handle the + failure of authorized policy creation + +------------------------------------------------------------------- New: ---- fde-tools-handle-authorized-policy-failure.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ fde-tools.spec ++++++ --- /var/tmp/diff_new_pack.eEXNGW/_old 2023-07-27 16:53:05.010585501 +0200 +++ /var/tmp/diff_new_pack.eEXNGW/_new 2023-07-27 16:53:05.014585523 +0200 @@ -26,15 +26,15 @@ Source: https://github.com/openSUSE/%{name}/archive/%{version}/%{name}-%{version}.tar.gz Source1: fde-tools.service Patch: fde-tools-firstboot-alp-snapshot.patch +Patch1: fde-tools-handle-authorized-policy-failure.patch BuildRequires: help2man BuildRequires: openssl >= 0.9.8 BuildRequires: tpm2-0-tss-devel BuildRequires: pkgconfig(libcryptsetup) BuildRequires: pkgconfig(libfido2) Requires: cryptsetup -Requires: pcr-oracle >= 0.4.5 -# Requires: tpm2.0-tools Requires: mokutil +Requires: pcr-oracle >= 0.4.5 ExclusiveArch: aarch64 s390x ppc64le x86_64 riscv64 %package -n fde-firstboot ++++++ fde-tools-handle-authorized-policy-failure.patch ++++++ >From cb36d5affed81af38d673486980d484e71f9d09f Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin <g...@suse.com> Date: Thu, 27 Jul 2023 14:21:55 +0800 Subject: [PATCH] Check failure of authorized policy creation (#14) The return value of tpm_create_authorized_policy was not checked, and this may ignore the failure from the underlying functions. Besides, the return value of some pcr-oracle commands were not correctly handled. Fix those cases to make fdectl exit right after the failure of the pcr-oracle commands. Signed-off-by: Gary Lin <g...@suse.com> --- share/commands/add-secondary-key | 4 ++++ share/tpm | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/share/commands/add-secondary-key b/share/commands/add-secondary-key index a9710c7..9673546 100644 --- a/share/commands/add-secondary-key +++ b/share/commands/add-secondary-key @@ -68,6 +68,10 @@ function init_authorized_policy { # loading the pubkey. tpm_set_authorized_policy_paths "$policy_name" tpm_create_authorized_policy $FDE_AP_SECRET_KEY $FDE_AP_AUTHPOLICY $FDE_AP_PUBLIC_KEY + if [ $? -ne 0 ]; then + display_errorbox "Failed to create authorized policy" + return 1 + fi if [ "$FDE_AUTHORIZED_POLICY" != "$policy_name" ]; then fde_set_variable FDE_AUTHORIZED_POLICY "$policy_name" diff --git a/share/tpm b/share/tpm index 90a3da3..0cc507a 100644 --- a/share/tpm +++ b/share/tpm @@ -165,7 +165,7 @@ function tpm_create_authorized_policy { --algorithm $FDE_SEAL_PCR_BANK \ create-authorized-policy $FDE_SEAL_PCR_LIST if [ $? -ne 0 ]; then - return $? + return 1 fi # Store the public key in a format suitable for feeding it to the TPM @@ -175,7 +175,7 @@ function tpm_create_authorized_policy { --public-key "$public_key" \ store-public-key if [ $? -ne 0 ]; then - return $? + return 1 fi fi } -- 2.35.3
