Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package secvarctl for openSUSE:Factory checked in at 2023-10-04 22:30:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/secvarctl (Old) and /work/SRC/openSUSE:Factory/.secvarctl.new.28202 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "secvarctl" Wed Oct 4 22:30:52 2023 rev:5 rq:1114835 version:1.0.0~rc1+git0.a180a56 Changes: -------- --- /work/SRC/openSUSE:Factory/secvarctl/secvarctl.changes 2022-11-23 09:48:36.799200142 +0100 +++ /work/SRC/openSUSE:Factory/.secvarctl.new.28202/secvarctl.changes 2023-10-04 22:31:31.639805696 +0200 @@ -1,0 +2,9 @@ +Mon Oct 02 13:56:10 UTC 2023 - msucha...@suse.com + +- Update to version 1.0.0~rc1+git0.a180a56: + * guest/util: Add crypto id to signature list + * secvarctl: guest secure boot variable backend + * secvarctl: reorganised host secure boot variable backend +- Fix installation: secvarctl-install.patch + +------------------------------------------------------------------- Old: ---- secvarctl-0.3+git13.76db7a7.tar.gz New: ---- secvarctl-1.0.0~rc1+git0.a180a56.tar.gz secvarctl-install.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ secvarctl.spec ++++++ --- /var/tmp/diff_new_pack.QliC6m/_old 2023-10-04 22:31:32.859849792 +0200 +++ /var/tmp/diff_new_pack.QliC6m/_new 2023-10-04 22:31:32.859849792 +0200 @@ -1,7 +1,7 @@ # # spec file for package secvarctl # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,13 +16,15 @@ # +%global make_parms OPENSSL=1 DEBUG=1 Name: secvarctl -Version: 0.3+git13.76db7a7 +Version: 1.0.0~rc1+git0.a180a56 Release: 0 Summary: Suite of tools to manipulate and generate Secure Boot variables on POWER License: Apache-2.0 URL: https://github.com/open-power/secvarctl Source: %{name}-%{version}.tar.gz +Patch0: secvarctl-install.patch BuildRequires: openssl-devel ExclusiveArch: ppc64 ppc64le @@ -30,18 +32,14 @@ The purpose of this tool is to simplify and automate the process of reading and writing secure boot keys. secvarctl allows the user to communicate, via terminal commands, with the keys efficiently. -Secure Variables are responsible for loading the target OS/hypervisor during Secure Boot. There are currently four secure variables in the Secure Boot process: The Platform Key (PK), Key Exchange Key (KEK), Database Key (db) and Blocklist Key (dbx).The PK serves as the root key, usually supplied by platform owner, if there is no PK then Secure Boot is not enabled. The PK has authority over all other keys. The KEK is usually provided by the OS vendor and has authority over the db and dbx. The db has authority over the kernels and other user specific firmware. The dbx has authority over kernels and specific firmware that are not to be loaded. - -Updating of these secure variables requires a specific format for success. If updating the PK, KEK or db, an x509 public key must be contained in an EFI Signature List (ESL). If updating the dbx, the binary that is to be banned must be hashed and placed in an ESL. Then, a PKCS7 structure must be generated by signing the new ESL with the private key of a secure variable that has authority over the variable being updated (Example: if updating the db, the new ESL must be signed by either the KEK or PK). Finally, the new ESL must be appended to the generated PKCS7 and the whole structure is then placed into what is called an Auth file (this adds extra header information, timestamp and content size). When the Auth file is generated, the resulting file is ready to be submited. Once submitted, the update is only applied when the POWER machine is rebooted. - %prep -%setup -q +%autosetup %build -%make_build OPENSSL=1 DEBUG=1 +%make_build %{make_parms} %install -%make_install OPENSSL=1 DEBUG=1 +%make_install %{make_parms} %files %license LICENSE ++++++ _service ++++++ --- /var/tmp/diff_new_pack.QliC6m/_old 2023-10-04 22:31:32.887850804 +0200 +++ /var/tmp/diff_new_pack.QliC6m/_new 2023-10-04 22:31:32.887850804 +0200 @@ -2,8 +2,9 @@ <service name="tar_scm" mode="disabled"> <param name="scm">git</param> <param name="url">https://github.com/open-power/secvarctl.git</param> - <param name="revision">main</param> - <param name="versionrewrite-pattern">v(.*)</param> + <param name="revision">guest-devel</param> + <param name="versionrewrite-pattern">v(.*)-(rc.*)</param> + <param name="versionrewrite-replacement">\1~\2</param> <param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.QliC6m/_old 2023-10-04 22:31:32.907851527 +0200 +++ /var/tmp/diff_new_pack.QliC6m/_new 2023-10-04 22:31:32.911851671 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/open-power/secvarctl.git</param> - <param name="changesrevision">76db7a76a4557824763d1f2314d0cdcd0782b655</param></service></servicedata> + <param name="changesrevision">a180a56b5c3330b1f5130633e7e7fb889e7eb74b</param></service></servicedata> (No newline at EOF) ++++++ secvarctl-install.patch ++++++ diff --git a/Makefile b/Makefile index 60fc11d..730934d 100644 --- a/Makefile +++ b/Makefile @@ -167,11 +167,11 @@ generate: install: all @mkdir -p $(DESTDIR)/usr/bin - @install -m 0755 secvarctl $(DESTDIR)/usr/bin/secvarctl + @install -m 0755 bin/secvarctl $(DESTDIR)/usr/bin/secvarctl @mkdir -p $(DESTDIR)/$(MANDIR)/man1 @install -m 0644 secvarctl.1 $(DESTDIR)/$(MANDIR)/man1 - @mkdir -p $(DESTDIR)/usr/lib/secvarctl - @install -m 0755 ./lib/* $(DESTDIR)/usr/lib/secvarctl + #@mkdir -p $(DESTDIR)/usr/lib/secvarctl + #@install -m 0755 ./lib/* $(DESTDIR)/usr/lib/secvarctl @echo "secvarctl installed successfully!" uninstall:
