Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-pynitrokey for openSUSE:Factory checked in at 2024-02-01 18:04:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-pynitrokey (Old) and /work/SRC/openSUSE:Factory/.python-pynitrokey.new.1815 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pynitrokey" Thu Feb 1 18:04:42 2024 rev:8 rq:1143287 version:0.4.45 Changes: -------- --- /work/SRC/openSUSE:Factory/python-pynitrokey/python-pynitrokey.changes 2024-01-07 21:40:56.353409198 +0100 +++ /work/SRC/openSUSE:Factory/.python-pynitrokey.new.1815/python-pynitrokey.changes 2024-02-01 18:05:11.154652022 +0100 @@ -1,0 +2,19 @@ +Wed Jan 31 15:56:49 UTC 2024 - Dirk Müller <dmuel...@suse.com> + +- add support-spsdk-2.0.patch: support spsdk 2.0 + +------------------------------------------------------------------- +Mon Jan 29 08:19:30 UTC 2024 - Dirk Müller <dmuel...@suse.com> + +- allow the fixed click version as well +- correct runtime requires + +------------------------------------------------------------------- +Fri Jan 26 20:51:05 UTC 2024 - Johannes Kastl <opensuse_buildserv...@ojkastl.de> + +- update to 0.4.45: + * Remove firmware version check for SE050 test by + @sosthene-nitrokey in #481 + * nk3 secrets: Log payload length by @robin-nitrokey in #496 + +------------------------------------------------------------------- Old: ---- pynitrokey-0.4.44.tar.gz New: ---- pynitrokey-0.4.45.tar.gz support-spsdk-2.0.patch BETA DEBUG BEGIN: New: - add support-spsdk-2.0.patch: support spsdk 2.0 BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-pynitrokey.spec ++++++ --- /var/tmp/diff_new_pack.v18Wrf/_old 2024-02-01 18:05:11.978681837 +0100 +++ /var/tmp/diff_new_pack.v18Wrf/_new 2024-02-01 18:05:11.978681837 +0100 @@ -23,7 +23,7 @@ %endif Name: python-pynitrokey -Version: 0.4.44 +Version: 0.4.45 Release: 0 Summary: Python Library for Nitrokey devices License: Apache-2.0 OR MIT @@ -31,6 +31,8 @@ Source: https://files.pythonhosted.org/packages/source/p/pynitrokey/pynitrokey-%{version}.tar.gz Source1: LICENSE-MIT Source2: LICENSE-APACHE +# PATCH-FIX-UPSTREAM: support spsdk >= 2.0 +Patch1: https://github.com/Nitrokey/pynitrokey/pull/499.patch#/support-spsdk-2.0.patch BuildRequires: %{python_module click-aliases} BuildRequires: %{python_module flit} BuildRequires: %{python_module pip} @@ -38,9 +40,9 @@ # https://github.com/Nitrokey/pynitrokey/blob/master/pyproject.toml BuildRequires: %{python_module certifi >= 14.5.14} BuildRequires: %{python_module cffi} -BuildRequires: %{python_module click >= 8.0.0 with %python-click < 9} -# "cryptography >=3.4.4,<37" -BuildRequires: %{python_module cryptography} +BuildRequires: %{python_module click >= 8.1.6} +# "cryptography >=41.0.4,<44" +BuildRequires: %{python_module cryptography >= 41.0.4 with %python-cryptography < 44} BuildRequires: %{python_module ecdsa} # "frozendict ~= 2.3.4" BuildRequires: %{python_module frozendict >= 2.3.4} @@ -52,12 +54,9 @@ BuildRequires: %{python_module python-dateutil >= 2.7.0} BuildRequires: %{python_module pyusb} BuildRequires: %{python_module requests} -# "spsdk >=1.7.0,<1.8.0" -BuildRequires: %{python_module spsdk >= 1.11.0 with %python-spsdk < 1.12.0} -BuildRequires: %{python_module tqdm} -# "urllib3 ~= 1.26.7" -BuildRequires: %{python_module urllib3 >= 1.26.7} +BuildRequires: %{python_module spsdk >= 2.0 with %python-spsdk < 2.1} BuildRequires: %{python_module tlv8} +BuildRequires: %{python_module tqdm} # "typing_extensions ~= 4.3.0" BuildRequires: %{python_module typing_extensions >= 4.3.0} BuildRequires: %{python_module pyserial} @@ -72,6 +71,7 @@ Requires: intelhex Requires: python-certifi >= 14.5.14 Requires: python-cffi +Requires: python-click >= 8.1.6 Requires: python-click-aliases Requires: python-cryptography Requires: python-ecdsa @@ -83,16 +83,15 @@ Requires: python-pyusb Requires: python-requests Requires: python-semver -Requires: python-spsdk >= 1.7.0 Requires: python-tlv8 Requires: python-tqdm Requires: python-typing_extensions >= 4.3.0 Requires: python-urllib3 >= 1.26.7 -Requires: (python-click >= 8.0.0 with python-click < 9) Requires: (python-fido2 >= 1.1.0 with python-fido2 < 2) Requires: (python-nethsm >= 0.5.0 with python-nethsm < 2) +Requires: (python-spsdk >= 2.0 with python-spsdk < 2.1) Requires(post): update-alternatives -Requires(postun):update-alternatives +Requires(postun): update-alternatives # only build for x86_64, as some dependencies are not available # for other architectures ExclusiveArch: x86_64 @@ -120,7 +119,7 @@ - [NetHSM](https://docs.nitrokey.com/nethsm/index.html) %prep -%setup -q -n pynitrokey-%{version} +%autosetup -p1 -n pynitrokey-%{version} cp %SOURCE1 . cp %SOURCE2 . ++++++ pynitrokey-0.4.44.tar.gz -> pynitrokey-0.4.45.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.4.44/PKG-INFO new/pynitrokey-0.4.45/PKG-INFO --- old/pynitrokey-0.4.44/PKG-INFO 1970-01-01 01:00:00.000000000 +0100 +++ new/pynitrokey-0.4.45/PKG-INFO 1970-01-01 01:00:00.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: pynitrokey -Version: 0.4.44 +Version: 0.4.45 Summary: Python Library for Nitrokey devices. Author-email: Nitrokey <p...@nitrokey.com> Requires-Python: >=3.9 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.4.44/pynitrokey/VERSION new/pynitrokey-0.4.45/pynitrokey/VERSION --- old/pynitrokey-0.4.44/pynitrokey/VERSION 2023-12-18 23:49:57.000000000 +0100 +++ new/pynitrokey-0.4.45/pynitrokey/VERSION 2024-01-23 17:12:03.000000000 +0100 @@ -1 +1 @@ -0.4.44 +0.4.45 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.4.44/pynitrokey/cli/nk3/test.py new/pynitrokey-0.4.45/pynitrokey/cli/nk3/test.py --- old/pynitrokey-0.4.44/pynitrokey/cli/nk3/test.py 2023-12-18 23:49:57.000000000 +0100 +++ new/pynitrokey-0.4.45/pynitrokey/cli/nk3/test.py 2024-01-23 17:12:03.000000000 +0100 @@ -360,13 +360,6 @@ if not isinstance(device, Nitrokey3Device): return TestResult(TestStatus.SKIPPED) - firmware_version = ctx.firmware_version or device.version() - if ( - firmware_version.core() < Version(1, 5, 0) - or firmware_version.core() >= Version(1, 6, 0) - or firmware_version.pre is None - ): - return TestResult(TestStatus.SKIPPED) que: Queue[Optional[bytes]] = Queue() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pynitrokey-0.4.44/pynitrokey/nk3/secrets_app.py new/pynitrokey-0.4.45/pynitrokey/nk3/secrets_app.py --- old/pynitrokey-0.4.44/pynitrokey/nk3/secrets_app.py 2023-12-18 23:49:57.000000000 +0100 +++ new/pynitrokey-0.4.45/pynitrokey/nk3/secrets_app.py 2024-01-23 17:12:03.000000000 +0100 @@ -347,9 +347,7 @@ return self._send_receive_inner(bytes_data, log_info=f"{ins}") def _send_receive_inner(self, data: bytes, log_info: str = "") -> bytes: - self.logfn( - f"Sending {log_info if log_info else ''} {data.hex() if data else data!r}" - ) + self.logfn(f"Sending {log_info if log_info else ''} (data: {len(data)} bytes)") try: result = self.dev.otp(data=data) @@ -358,18 +356,14 @@ raise status_bytes, result = result[:2], result[2:] - self.logfn( - f"Received [{status_bytes.hex()}] {result.hex() if result else result!r}" - ) + self.logfn(f"Received [{status_bytes.hex()}] (data: {len(result)} bytes)") log_multipacket = False data_final = result MORE_DATA_STATUS_BYTE = 0x61 while status_bytes[0] == MORE_DATA_STATUS_BYTE: if log_multipacket: - self.logfn( - f"Got RemainingData status: [{status_bytes.hex()}] {result.hex() if result else result!r}" - ) + self.logfn(f"Got RemainingData status: [{status_bytes.hex()}]") log_multipacket = True ins_b, p1, p2 = self._encode_command(Instruction.SendRemaining) bytes_data = iso7816_compose(ins_b, p1, p2) @@ -380,9 +374,7 @@ raise # Data order is different here than in APDU - SW is first, then the data if any status_bytes, result = result[:2], result[2:] - self.logfn( - f"Received [{status_bytes.hex()}] {result.hex() if result else result!r}" - ) + self.logfn(f"Received [{status_bytes.hex()}] (data: {len(result)} bytes)") if status_bytes[0] in [0x90, MORE_DATA_STATUS_BYTE]: data_final += result @@ -391,15 +383,15 @@ if log_multipacket: self.logfn( - f"Received final data: [{status_bytes.hex()}] {data_final.hex() if data_final else data_final!r}" + f"Received final data: [{status_bytes.hex()}] (data: {len(data_final)} bytes)" ) if data_final: try: - self.logfn( - f"Decoded received: {[e.data for e in tlv8.decode(data_final)]}" - ) + tlv8.decode(data_final) + self.logfn("TLV-decoding of data successful") except Exception: + self.logfn("TLV-decoding of data failed") pass return data_final @@ -481,7 +473,7 @@ for e in resd: # e: tlv8.Entry res[e.type_id] = e.data - self.logfn(f"{hex(e.type_id)} {hex(len(e.data))} {e.data.hex()}") + self.logfn(f"{hex(e.type_id)} {hex(len(e.data))}") p = PasswordSafeEntry( login=res.get(Tag.PwsLogin.value), password=res.get(Tag.PwsPassword.value), ++++++ support-spsdk-2.0.patch ++++++ >From c6b206348cce17f439c4718ab784fd9be459293b Mon Sep 17 00:00:00 2001 From: Markus Meissner <co...@safemailbox.de> Date: Tue, 30 Jan 2024 00:44:05 +0100 Subject: [PATCH] update spsdk to v2.0 and adapt; fixes #486 --- pynitrokey/nk3/bootloader/lpc55.py | 20 +++++++++++--------- pyproject.toml | 2 +- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/pynitrokey/nk3/bootloader/lpc55.py b/pynitrokey/nk3/bootloader/lpc55.py index 7429ca48..22d3c682 100644 --- a/pynitrokey/nk3/bootloader/lpc55.py +++ b/pynitrokey/nk3/bootloader/lpc55.py @@ -13,16 +13,18 @@ import sys from typing import List, Optional, Tuple -from spsdk.mboot import McuBoot, StatusCode -from spsdk.mboot.interfaces.usb import RawHid +from spsdk.mboot.error_codes import StatusCode +from spsdk.mboot.interfaces.usb import MbootUSBInterface +from spsdk.mboot.mcuboot import McuBoot from spsdk.mboot.properties import PropertyTag from spsdk.sbfile.sb2.images import BootImageV21 +from spsdk.utils.interfaces.device.usb_device import UsbDevice from spsdk.utils.usbfilter import USBDeviceFilter from ..utils import Uuid, Version from . import FirmwareMetadata, Nitrokey3Bootloader, ProgressCallback, Variant -RKHT = bytes.fromhex("050aad3e77791a81e59c5b2ba5a158937e9460ee325d8ccba09734b8fdebb171") +RKTH = bytes.fromhex("050aad3e77791a81e59c5b2ba5a158937e9460ee325d8ccba09734b8fdebb171") KEK = bytes([0xAA] * 32) UUID_LEN = 4 FILENAME_PATTERN = re.compile("(firmware|alpha)-nk3..-lpc55-(?P<version>.*)\\.sb2$") @@ -33,7 +35,7 @@ class Nitrokey3BootloaderLpc55(Nitrokey3Bootloader): """A Nitrokey 3 device running the LPC55 bootloader.""" - def __init__(self, device: RawHid): + def __init__(self, device: UsbDevice): from .. import PID_NITROKEY3_LPC55_BOOTLOADER, VID_NITROKEY if (device.vid, device.pid) != (VID_NITROKEY, PID_NITROKEY3_LPC55_BOOTLOADER): @@ -43,7 +45,7 @@ def __init__(self, device: RawHid): f"got {device.vid:x}:{device.pid:x}" ) self._path = device.path - self.device = McuBoot(device) + self.device = McuBoot(MbootUSBInterface(device)) def __enter__(self) -> "Nitrokey3BootloaderLpc55": self.device.open() @@ -122,7 +124,7 @@ def list() -> List["Nitrokey3BootloaderLpc55"]: f"0x{VID_NITROKEY:x}:0x{PID_NITROKEY3_LPC55_BOOTLOADER:x}" ) devices = [] - for device in RawHid.enumerate(device_filter): + for device in UsbDevice.enumerate(device_filter): try: devices.append(Nitrokey3BootloaderLpc55(device)) except ValueError: @@ -134,7 +136,7 @@ def list() -> List["Nitrokey3BootloaderLpc55"]: @staticmethod def open(path: str) -> Optional["Nitrokey3BootloaderLpc55"]: device_filter = USBDeviceFilter(path) - devices = RawHid.enumerate(device_filter) + devices = UsbDevice.enumerate(device_filter) if len(devices) == 0: logger.warn(f"No HID device at {path}") return None @@ -156,9 +158,9 @@ def parse_firmware_image(data: bytes) -> FirmwareMetadata: version = Version.from_bcd_version(image.header.product_version) metadata = FirmwareMetadata(version=version) if image.cert_block: - if image.cert_block.rkht == RKHT: + if image.cert_block.rkth == RKTH: metadata.signed_by = "Nitrokey" metadata.signed_by_nitrokey = True else: - metadata.signed_by = f"unknown issuer (RKHT: {image.cert_block.rkht.hex()})" + metadata.signed_by = f"unknown issuer (RKTH: {image.cert_block.rkth.hex()})" return metadata diff --git a/pyproject.toml b/pyproject.toml index 6400ca81..6a747606 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -31,7 +31,7 @@ dependencies = [ "python-dateutil ~= 2.7.0", "pyusb", "requests", - "spsdk >=1.11.0,<1.12.0", + "spsdk >=2.0,<2.1", "tqdm", "tlv8", "typing_extensions ~= 4.3.0",