Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package disk-encryption-tool for 
openSUSE:Factory checked in at 2023-12-22 22:40:49
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/disk-encryption-tool (Old)
 and      /work/SRC/openSUSE:Factory/.disk-encryption-tool.new.28375 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "disk-encryption-tool"

Fri Dec 22 22:40:49 2023 rev:3 rq:1134500 version:1+git20231221.d2e7fe6

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/disk-encryption-tool/disk-encryption-tool.changes    
    2023-12-15 21:47:31.570691649 +0100
+++ 
/work/SRC/openSUSE:Factory/.disk-encryption-tool.new.28375/disk-encryption-tool.changes
     2023-12-22 22:40:59.819260565 +0100
@@ -1,0 +2,14 @@
+Thu Dec 21 15:28:58 UTC 2023 - lnus...@suse.com
+
+- Update to version 1+git20231221.d2e7fe6:
+  * Fix setting separate crypt password
+
+-------------------------------------------------------------------
+Wed Dec 20 17:20:08 UTC 2023 - lnus...@suse.com
+
+- Update to version 1+git20231220.6a5fb7f:
+  * refactor luks detection
+  * Tweak combustion deps
+  * Fix combustion support (boo#1218131)
+
+-------------------------------------------------------------------

Old:
----
  disk-encryption-tool-1+git20231214.1708e01.obscpio

New:
----
  disk-encryption-tool-1+git20231221.d2e7fe6.obscpio

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ disk-encryption-tool.spec ++++++
--- /var/tmp/diff_new_pack.0phF6A/_old  2023-12-22 22:41:00.951302216 +0100
+++ /var/tmp/diff_new_pack.0phF6A/_new  2023-12-22 22:41:00.951302216 +0100
@@ -28,7 +28,7 @@
 %endif
 
 Name:           disk-encryption-tool
-Version:        1+git20231214.1708e01%{git_version}
+Version:        1+git20231221.d2e7fe6%{git_version}
 Release:        0
 Summary:        Tool to reencrypt kiwi raw images
 License:        MIT

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.0phF6A/_old  2023-12-22 22:41:00.999303982 +0100
+++ /var/tmp/diff_new_pack.0phF6A/_new  2023-12-22 22:41:01.003304129 +0100
@@ -3,6 +3,6 @@
                 <param 
name="url">https://github.com/lnussel/disk-encryption-tool.git</param>
               <param 
name="changesrevision">702dff62d37b74244b58b41f78b41cd2befe581b</param></service><service
 name="tar_scm">
                 <param 
name="url">https://github.com/openSUSE/disk-encryption-tool.git</param>
-              <param 
name="changesrevision">1708e014184aba1d69c3294a990594a35abbe71c</param></service></servicedata>
+              <param 
name="changesrevision">d2e7fe6e0781b71a19f35ca4fd27bca559c31fd7</param></service></servicedata>
 (No newline at EOF)
 

++++++ disk-encryption-tool-1+git20231214.1708e01.obscpio -> 
disk-encryption-tool-1+git20231221.d2e7fe6.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/disk-encryption-tool-1+git20231214.1708e01/README.md 
new/disk-encryption-tool-1+git20231221.d2e7fe6/README.md
--- old/disk-encryption-tool-1+git20231214.1708e01/README.md    2023-12-14 
11:04:59.000000000 +0100
+++ new/disk-encryption-tool-1+git20231221.d2e7fe6/README.md    2023-12-21 
16:03:00.000000000 +0100
@@ -39,9 +39,9 @@
 script would have to look like this:
 
     #!/bin/bash
-    # combustion: encrypt
-    if [ "$1" = "--encrypt" ]; then
-        echo 12345 | disk-encryption-tool -v --gen-key
+    # combustion: prepare
+    if [ "$1" = "--prepare" ]; then
+        echo 12345 | disk-encryption-tool -v
     else
         echo root:12345 | chpasswd
     fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/disk-encryption-tool-1+git20231214.1708e01/disk-encryption-tool 
new/disk-encryption-tool-1+git20231221.d2e7fe6/disk-encryption-tool
--- old/disk-encryption-tool-1+git20231214.1708e01/disk-encryption-tool 
2023-12-14 11:04:59.000000000 +0100
+++ new/disk-encryption-tool-1+git20231221.d2e7fe6/disk-encryption-tool 
2023-12-21 16:03:00.000000000 +0100
@@ -184,7 +184,7 @@
                        kv="${kv##*/}"
                        initrd="${initrd#"$mp"}"
                        log_info "create $initrd for $kv"
-                       chroot "$mp" dracut --add qemu --add-drivers "dm_crypt 
nls_iso8859-1 nls_cp437" -q --reproducible -f "$initrd" "$kv" "$@"
+                       hostonly_l=no chroot "$mp" dracut -q --reproducible -f 
"$initrd" "$kv" "$@"
                done
        else
                err "Unsupported boot loader or fs layout"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/disk-encryption-tool-1+git20231214.1708e01/disk-encryption-tool-dracut 
new/disk-encryption-tool-1+git20231221.d2e7fe6/disk-encryption-tool-dracut
--- old/disk-encryption-tool-1+git20231214.1708e01/disk-encryption-tool-dracut  
2023-12-14 11:04:59.000000000 +0100
+++ new/disk-encryption-tool-1+git20231221.d2e7fe6/disk-encryption-tool-dracut  
2023-12-21 16:03:00.000000000 +0100
@@ -1,19 +1,23 @@
 #!/bin/sh
+
 exec < /dev/console >/dev/console 2>&1
 type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh
-script=/run/combustion/mount/combustion/script
-if [ -e "$script" ] && grep -qE '^# combustion:(.*)\<encrypt\>' "$script"; then
-       systemctl start sysroot.mount
-       # silence systemd
-       kill -SIGRTMIN+21 1
-       chmod a+x "$script"
-       "$script" --encrypt
-elif getargbool 0 rd.encrypt || [ ! -e /sysroot/etc/machine-id ]; then
-       systemctl start sysroot.mount
-       # silence systemd
-       kill -SIGRTMIN+21 1
-       echo -ne '\a'
-       read -n1 -s -r -t 5 -p "Press ESC to prevent encrypting the disk" 
inhibitor
-       echo
-       [ "$inhibitor" = $'\e' ] || /usr/bin/disk-encryption-tool -v --gen-key 
|| die "Encryption failed"
+
+# XXX: this is so dirty
+systemctl start sysroot.mount
+mount --target-prefix /sysroot --fstab /sysroot/etc/fstab /var
+if [ ! -e /sysroot/var/lib/YaST2/reconfig_system ]; then
+       echo "system already configured, no encryption"
+       umount /sysroot/var
+       exit 0
+fi
+umount /sysroot/var
+
+# silence systemd
+kill -SIGRTMIN+21 1
+echo -ne '\n\n\a'
+read -n1 -s -r -t 10 -p "*** Press ESC to prevent encrypting the disk" 
inhibitor
+echo
+if [ "$inhibitor" != $'\e' ]; then
+       /usr/bin/disk-encryption-tool -v --gen-key || die "Encryption failed"
 fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/disk-encryption-tool-1+git20231214.1708e01/disk-encryption-tool-dracut.service
 
new/disk-encryption-tool-1+git20231221.d2e7fe6/disk-encryption-tool-dracut.service
--- 
old/disk-encryption-tool-1+git20231214.1708e01/disk-encryption-tool-dracut.service
  2023-12-14 11:04:59.000000000 +0100
+++ 
new/disk-encryption-tool-1+git20231221.d2e7fe6/disk-encryption-tool-dracut.service
  2023-12-21 16:03:00.000000000 +0100
@@ -7,12 +7,7 @@
 Requires=initrd-root-device.target
 After=initrd-root-device.target
 
-# we want to run after combustion copied the config but before combustion
-# itself runs
-Requires=combustion.service
-After=firstboot-detect.service
-After=combustion-prepare.service
-Before=combustion.service
+After=combustion.service
 
 # After ignition completed its stuff
 After=ignition-complete.target
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/disk-encryption-tool-1+git20231214.1708e01/jeos-firstboot-diskencrypt 
new/disk-encryption-tool-1+git20231221.d2e7fe6/jeos-firstboot-diskencrypt
--- old/disk-encryption-tool-1+git20231214.1708e01/jeos-firstboot-diskencrypt   
2023-12-14 11:04:59.000000000 +0100
+++ new/disk-encryption-tool-1+git20231221.d2e7fe6/jeos-firstboot-diskencrypt   
2023-12-21 16:03:00.000000000 +0100
@@ -59,7 +59,7 @@
                local dev
                for dev in "${crypt_devs[@]}"; do
                        echo "adding password to $dev"
-                       echo -n "$password" | run cryptsetup luksAddKey 
--verbose --batch-mode --force-password --key-file <(keyctl pipe 
"$crypt_keyid") "$dev"
+                       echo -n "$crypt_pw" | run cryptsetup luksAddKey 
--verbose --batch-mode --force-password --key-file <(keyctl pipe 
"$crypt_keyid") "$dev"
                done
        fi
 }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/disk-encryption-tool-1+git20231214.1708e01/jeos-firstboot-enroll 
new/disk-encryption-tool-1+git20231221.d2e7fe6/jeos-firstboot-enroll
--- old/disk-encryption-tool-1+git20231214.1708e01/jeos-firstboot-enroll        
2023-12-14 11:04:59.000000000 +0100
+++ new/disk-encryption-tool-1+git20231221.d2e7fe6/jeos-firstboot-enroll        
2023-12-21 16:03:00.000000000 +0100
@@ -1,17 +1,34 @@
 #!/bin/bash
 
-crypt_keyid=""
 with_fido2=
 with_tpm2=
 
+declare -a luks2_devices
+
 # After the enrolling, other tools can find this list in the LUKS
 # header
 pcrs="0,2,4,7,9"
 
+have_luks2()
+{
+       [ "${#luks2_devices[@]}" -gt 0 ]
+}
+
+detect_luks2()
+{
+    local dev fstype
+    [ -z "$luks2_devices" ] || return 0
+    while read -r dev fstype; do
+       [ "$fstype" = 'crypto_LUKS' ] || continue
+       cryptsetup isLuks --type luks2 "$dev" || continue
+       luks2_devices+=("$dev")
+    done < <(lsblk --noheadings -o PATH,FSTYPE)
+    have_luks2
+}
+
 enroll_systemd_firstboot() {
-    crypt_keyid="$(keyctl id %user:cryptenroll)"
-    [ -n "$crypt_keyid" ] || return 0
     [ -e /usr/bin/systemd-cryptenroll ] || return 0
+    detect_luks2 || return 0
 
     local has_fido2=${JEOS_HAS_FIDO2:-}
     local has_tpm2=
@@ -100,22 +117,16 @@
 }
 
 enroll_post() {
-    [ -n "$crypt_keyid" ] || return 0
     [ -e /usr/bin/systemd-cryptenroll ] || return 0
+    detect_luks2 || return 0
 
     local dev
     local fstype
-    if [ -z "$crypt_devs" ]; then
-           while read -r dev fstype; do
-               [ "$fstype" = 'crypto_LUKS' ] || continue
-               crypt_devs+=("$dev")
-           done < <(lsblk --noheadings -o PATH,FSTYPE)
-    fi
 
     crypttab_options="x-initrd.attach"
 
     if [ "$with_fido2" = '1' ]; then
-       for dev in "${crypt_devs[@]}"; do
+       for dev in "${luks2_devices[@]}"; do
            enroll_fido2 "$dev"
        done
        crypttab_options+=",fido2-device=auto"
@@ -124,7 +135,7 @@
     if [ "$with_tpm2" = '1' ]; then
        generate_key
        
-       for dev in "${crypt_devs[@]}"; do
+       for dev in "${luks2_devices[@]}"; do
            enroll_tpm2 "$dev"
        done
        crypttab_options+=",tpm2-device=auto"

++++++ disk-encryption-tool.obsinfo ++++++
--- /var/tmp/diff_new_pack.0phF6A/_old  2023-12-22 22:41:01.135308986 +0100
+++ /var/tmp/diff_new_pack.0phF6A/_new  2023-12-22 22:41:01.139309134 +0100
@@ -1,5 +1,5 @@
 name: disk-encryption-tool
-version: 1+git20231214.1708e01
-mtime: 1702548299
-commit: 1708e014184aba1d69c3294a990594a35abbe71c
+version: 1+git20231221.d2e7fe6
+mtime: 1703170980
+commit: d2e7fe6e0781b71a19f35ca4fd27bca559c31fd7
 

Reply via email to