Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package yast2-storage-ng for
openSUSE:Factory checked in at 2024-05-09 12:07:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-storage-ng (Old)
and /work/SRC/openSUSE:Factory/.yast2-storage-ng.new.1880 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-storage-ng"
Thu May 9 12:07:55 2024 rev:159 rq:1172660 version:5.0.14
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-storage-ng/yast2-storage-ng.changes
2024-04-26 23:26:38.479567657 +0200
+++
/work/SRC/openSUSE:Factory/.yast2-storage-ng.new.1880/yast2-storage-ng.changes
2024-05-09 12:08:22.050952603 +0200
@@ -1,0 +2,9 @@
+Tue May 7 14:38:42 UTC 2024 - Ancor Gonzalez Sosa <an...@suse.com>
+
+- Proposal: Make the encryption method and the key derivation
+ function configurable by product.
+- Partitioner: LUKS2 is always available and used by default, with
+ PBKDF2 as default derivation function (related to bsc#1185291).
+- 5.0.14
+
+-------------------------------------------------------------------
Old:
----
yast2-storage-ng-5.0.13.tar.bz2
New:
----
yast2-storage-ng-5.0.14.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-storage-ng.spec ++++++
--- /var/tmp/diff_new_pack.biFVpl/_old 2024-05-09 12:08:25.307070941 +0200
+++ /var/tmp/diff_new_pack.biFVpl/_new 2024-05-09 12:08:25.311071087 +0200
@@ -17,7 +17,7 @@
Name: yast2-storage-ng
-Version: 5.0.13
+Version: 5.0.14
Release: 0
Summary: YaST2 - Storage Configuration
License: GPL-2.0-only OR GPL-3.0-only
++++++ yast2-storage-ng-5.0.13.tar.bz2 -> yast2-storage-ng-5.0.14.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-5.0.13/package/yast2-storage-ng.changes
new/yast2-storage-ng-5.0.14/package/yast2-storage-ng.changes
--- old/yast2-storage-ng-5.0.13/package/yast2-storage-ng.changes
2024-04-25 16:28:38.000000000 +0200
+++ new/yast2-storage-ng-5.0.14/package/yast2-storage-ng.changes
2024-05-08 11:10:59.000000000 +0200
@@ -1,4 +1,13 @@
-------------------------------------------------------------------
+Tue May 7 14:38:42 UTC 2024 - Ancor Gonzalez Sosa <an...@suse.com>
+
+- Proposal: Make the encryption method and the key derivation
+ function configurable by product.
+- Partitioner: LUKS2 is always available and used by default, with
+ PBKDF2 as default derivation function (related to bsc#1185291).
+- 5.0.14
+
+-------------------------------------------------------------------
Wed Apr 24 07:48:08 UTC 2024 - Ancor Gonzalez Sosa <an...@suse.com>
- GuidedProposal: refine the :bigger_resize SpaceMaker strategy
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-5.0.13/package/yast2-storage-ng.spec
new/yast2-storage-ng-5.0.14/package/yast2-storage-ng.spec
--- old/yast2-storage-ng-5.0.13/package/yast2-storage-ng.spec 2024-04-25
16:28:38.000000000 +0200
+++ new/yast2-storage-ng-5.0.14/package/yast2-storage-ng.spec 2024-05-08
11:10:59.000000000 +0200
@@ -16,7 +16,7 @@
#
Name: yast2-storage-ng
-Version: 5.0.13
+Version: 5.0.14
Release: 0
Summary: YaST2 - Storage Configuration
License: GPL-2.0-only OR GPL-3.0-only
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-5.0.13/src/lib/installation/console/plugins/luks2_checkbox.rb
new/yast2-storage-ng-5.0.14/src/lib/installation/console/plugins/luks2_checkbox.rb
---
old/yast2-storage-ng-5.0.13/src/lib/installation/console/plugins/luks2_checkbox.rb
2024-04-25 16:28:38.000000000 +0200
+++
new/yast2-storage-ng-5.0.14/src/lib/installation/console/plugins/luks2_checkbox.rb
1970-01-01 01:00:00.000000000 +0100
@@ -1,75 +0,0 @@
-#
------------------------------------------------------------------------------
-# Copyright (c) 2021 SUSE LLC, All Rights Reserved.
-#
-# This program is free software; you can redistribute it and/or modify it under
-# the terms of version 2 of the GNU General Public License as published by the
-# Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
details.
-#
-#
------------------------------------------------------------------------------
-
-require "yast"
-
-require "cwm"
-require "installation/console/menu_plugin"
-require "y2storage/storage_env"
-
-module Installation
- module Console
- module Plugins
- # define a checkbox for enabling the experimental LUKS2 support in the
installer
- class LUKS2CheckBox < CWM::CheckBox
- include Yast::Logger
-
- def initialize
- super
- textdomain "storage"
- end
-
- # set the initial status
- def init
- check if Y2Storage::StorageEnv.instance.luks2_available?
- end
-
- def label
- # TRANSLATORS: check box label
- _("Enable Experimental LUKS2 Encryption Support")
- end
-
- def store
- # the evaluated env variables are cached, we need to drop the cache
- # when doing any change
- Y2Storage::StorageEnv.instance.reset_cache
-
- if checked?
- ENV["YAST_LUKS2_AVAILABLE"] = "1"
- else
- ENV.delete("YAST_LUKS2_AVAILABLE")
- end
- end
-
- def help
- # TRANSLATORS: help text for the checkbox enabling LUKS2 support
- _("<p>You can enable experimental LUKS2 encryption support in "\
- "the YaST partitioner. It is not supported and is designed as a " \
- "technology preview only.</p>")
- end
- end
-
- # define the plugin
- class LUKS2CheckBoxPlugin < MenuPlugin
- def widget
- LUKS2CheckBox.new
- end
-
- # at the end
- def order
- 2000
- end
- end
- end
- end
-end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-5.0.13/src/lib/y2partitioner/actions/controllers/encryption.rb
new/yast2-storage-ng-5.0.14/src/lib/y2partitioner/actions/controllers/encryption.rb
---
old/yast2-storage-ng-5.0.13/src/lib/y2partitioner/actions/controllers/encryption.rb
2024-04-25 16:28:38.000000000 +0200
+++
new/yast2-storage-ng-5.0.14/src/lib/y2partitioner/actions/controllers/encryption.rb
2024-05-08 11:10:59.000000000 +0200
@@ -71,8 +71,8 @@
@fs_controller = fs_controller
@action = actions.first
@password = encryption&.password || ""
- @pbkdf = encryption&.pbkdf
@method = initial_method
+ @pbkdf = initial_pbkdf
@apqns = initial_apqns
@label = initial_label
end
@@ -215,10 +215,22 @@
if methods.include?(encryption&.method)
encryption.method
else
- Y2Storage::EncryptionMethod::LUKS1
+ Y2Storage::EncryptionMethod::LUKS2
end
end
+ # Initial password-based key derivation function, if relevant
+ #
+ # @return [Y2Storage::PbkdFunction, nil]
+ def initial_pbkdf
+ function = encryption&.pbkdf
+ return function unless function.nil? && method.is?(:luks2)
+
+ # Hardcoded conservative default, we can either change it or make it
configurable
+ # (see Y2Storage::Configuration) in the future if needed.
+ Y2Storage::PbkdFunction::PBKDF2
+ end
+
# Currently used APQNs when the device is encrypted with pervasive
encryption
#
# @return [Array<Y2Storage::EncryptionProcesses::Apqn>]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-5.0.13/src/lib/y2storage/encryption_method/luks2.rb
new/yast2-storage-ng-5.0.14/src/lib/y2storage/encryption_method/luks2.rb
--- old/yast2-storage-ng-5.0.13/src/lib/y2storage/encryption_method/luks2.rb
2024-04-25 16:28:38.000000000 +0200
+++ new/yast2-storage-ng-5.0.14/src/lib/y2storage/encryption_method/luks2.rb
2024-05-08 11:10:59.000000000 +0200
@@ -60,12 +60,6 @@
encryption_process.create_device(blk_device, dm_name, pbkdf: pbkdf,
label: label)
end
- # @see Base#available?
- def available?
- # jsc#PED-3878 and jsc#GEHC-6
- Yast::Mode.auto || StorageEnv.instance.luks2_available?
- end
-
private
# @see Base#encryption_process
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-5.0.13/src/lib/y2storage/proposal_settings.rb
new/yast2-storage-ng-5.0.14/src/lib/y2storage/proposal_settings.rb
--- old/yast2-storage-ng-5.0.13/src/lib/y2storage/proposal_settings.rb
2024-04-25 16:28:38.000000000 +0200
+++ new/yast2-storage-ng-5.0.14/src/lib/y2storage/proposal_settings.rb
2024-05-08 11:10:59.000000000 +0200
@@ -448,9 +448,18 @@
# Loads the default encryption settings
#
- # The encryption settings are not part of control.xml, but can be injected
by a previous step of
+ # The default encryption settings can be read from control.xml.
+ #
+ # Additionally, the encryption password can be injected by a previous step
of
# the installation, eg. the dialog of the Common Criteria system role
def load_encryption
+ enc_method = EncryptionMethod.find(feature(:proposal,
:encryption_method).to_s)
+ self.encryption_method = enc_method if enc_method
+
+ enc_pbkdf = PbkdFunction.find(feature(:proposal, :encryption_pbkdf))
+ self.encryption_pbkdf = enc_pbkdf if enc_pbkdf
+
+ # Password potentially injected by a previous step
enc = feature(:proposal, :encryption)
return unless enc
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-5.0.13/src/lib/y2storage/storage_env.rb
new/yast2-storage-ng-5.0.14/src/lib/y2storage/storage_env.rb
--- old/yast2-storage-ng-5.0.13/src/lib/y2storage/storage_env.rb
2024-04-25 16:28:38.000000000 +0200
+++ new/yast2-storage-ng-5.0.14/src/lib/y2storage/storage_env.rb
2024-05-08 11:10:59.000000000 +0200
@@ -32,13 +32,11 @@
ENV_ACTIVATE_LUKS = "YAST_ACTIVATE_LUKS".freeze
- ENV_LUKS2_AVAILABLE = "YAST_LUKS2_AVAILABLE".freeze
-
ENV_LIBSTORAGE_IGNORE_PROBE_ERRORS =
"LIBSTORAGE_IGNORE_PROBE_ERRORS".freeze
ENV_REUSE_LVM = "YAST_REUSE_LVM".freeze
- private_constant :ENV_MULTIPATH, :ENV_BIOS_RAID, :ENV_ACTIVATE_LUKS,
:ENV_LUKS2_AVAILABLE
+ private_constant :ENV_MULTIPATH, :ENV_BIOS_RAID, :ENV_ACTIVATE_LUKS
private_constant :ENV_LIBSTORAGE_IGNORE_PROBE_ERRORS
private_constant :ENV_REUSE_LVM
@@ -82,16 +80,6 @@
active?(ENV_ACTIVATE_LUKS, default: true)
end
- # Whether YaST should offer the encryption method for regular LUKS2
- #
- # See jsc#SLE-21309 where is stated that YaST support to setup LUKS2
devices should be
- # "available only via a special Linuxrc option and communicated as a tech
preview".
- #
- # @return [Boolean]
- def luks2_available?
- active?(ENV_LUKS2_AVAILABLE, default: false)
- end
-
# Whether YaST should reuse existing LVM
#
# see jsc#PED-6407 or jsc#IBM-1315
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-5.0.13/test/installation/console/plugins/luks2_checkbox_test.rb
new/yast2-storage-ng-5.0.14/test/installation/console/plugins/luks2_checkbox_test.rb
---
old/yast2-storage-ng-5.0.13/test/installation/console/plugins/luks2_checkbox_test.rb
2024-04-25 16:28:38.000000000 +0200
+++
new/yast2-storage-ng-5.0.14/test/installation/console/plugins/luks2_checkbox_test.rb
1970-01-01 01:00:00.000000000 +0100
@@ -1,114 +0,0 @@
-# Copyright (c) [2021] SUSE LLC
-#
-# All Rights Reserved.
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of version 2 of the GNU General Public License as published
-# by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
-# more details.
-#
-# You should have received a copy of the GNU General Public License along
-# with this program; if not, contact SUSE LLC.
-#
-# To contact SUSE LLC about this file by physical or electronic mail, you may
-# find current contact information at www.suse.com.
-
-require_relative "../../../spec_helper"
-
-begin
- # in development or in GitHub Actions the file might be present,
- # try loading the original file
- old_require "installation/console/menu_plugin"
-rescue LoadError
- # the file is missing, mock the "installation/console/menu_plugin" content,
- # needed during RPM build
- module Installation
- module Console
- class MenuPlugin
- end
- end
- end
-end
-
-require "installation/console/plugins/luks2_checkbox"
-require "cwm/rspec"
-
-describe Installation::Console::Plugins::LUKS2CheckBox do
- subject(:widget) { described_class.new }
-
- include_examples "CWM::CheckBox"
-
- describe "#init" do
- before do
- expect(Y2Storage::StorageEnv.instance).to receive(:luks2_available?)
- .and_return(luks2_available)
- end
-
- context "LUKS2 available" do
- let(:luks2_available) { true }
-
- it "sets the initial state to checked" do
- expect(widget).to receive(:check)
- widget.init
- end
- end
-
- context "LUKS2 not available" do
- let(:luks2_available) { false }
-
- it "sets the initial state to unchecked" do
- expect(widget).to_not receive(:check)
- widget.init
- end
- end
- end
-
- describe "#store" do
- before do
- allow(Y2Storage::StorageEnv.instance).to receive(:reset_cache)
- allow(ENV).to receive(:delete)
- allow(ENV).to receive(:[]=)
-
- allow(widget).to receive(:checked?).and_return(checked)
- end
-
- context "the checkbox is checked" do
- let(:checked) { true }
-
- it "sets the YAST_LUKS2_AVAILABLE env variable to 1" do
- expect(Y2Storage::StorageEnv.instance).to receive(:reset_cache)
- expect(ENV).to receive(:[]=).with("YAST_LUKS2_AVAILABLE", "1")
- widget.store
- end
- end
-
- context "the checkbox is not checked" do
- let(:checked) { false }
-
- it "deletes the YAST_LUKS2_AVAILABLE env variable" do
- expect(Y2Storage::StorageEnv.instance).to receive(:reset_cache)
- expect(ENV).to receive(:delete).with("YAST_LUKS2_AVAILABLE")
- widget.store
- end
- end
- end
-end
-
-describe Installation::Console::Plugins::LUKS2CheckBoxPlugin do
- describe "#order" do
- it "returns a positive number" do
- expect(subject.order).to be_a(Numeric)
- expect(subject.order).to be > 0
- end
- end
-
- describe "#widget" do
- it "returns a CWM widget" do
- expect(subject.widget).to be_a(CWM::AbstractWidget)
- end
- end
-end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-5.0.13/test/y2partitioner/actions/controllers/encryption_test.rb
new/yast2-storage-ng-5.0.14/test/y2partitioner/actions/controllers/encryption_test.rb
---
old/yast2-storage-ng-5.0.13/test/y2partitioner/actions/controllers/encryption_test.rb
2024-04-25 16:28:38.000000000 +0200
+++
new/yast2-storage-ng-5.0.14/test/y2partitioner/actions/controllers/encryption_test.rb
2024-05-08 11:10:59.000000000 +0200
@@ -54,7 +54,7 @@
let(:dev_name) { "/dev/vda2" }
it "assigns the default encryption method" do
- expect(subject.method.is?(:luks1)).to eq(true)
+ expect(subject.method.is?(:luks2)).to eq(true)
end
end
@@ -78,7 +78,7 @@
end
it "assigns the default encryption method" do
- expect(subject.method.is?(:luks1)).to eq(true)
+ expect(subject.method.is?(:luks2)).to eq(true)
end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-5.0.13/test/y2storage/encryption_method_test.rb
new/yast2-storage-ng-5.0.14/test/y2storage/encryption_method_test.rb
--- old/yast2-storage-ng-5.0.13/test/y2storage/encryption_method_test.rb
2024-04-25 16:28:38.000000000 +0200
+++ new/yast2-storage-ng-5.0.14/test/y2storage/encryption_method_test.rb
2024-05-08 11:10:59.000000000 +0200
@@ -70,60 +70,27 @@
context "if there are online Crypto Express CCA coprocessors" do
let(:lszcrypt) { lszcrypt_output("ok") }
- context "and YAST_LUKS2_AVAILABLE is not set" do
- it "returns methods for LUKS1, pervasive LUKS2 and random swap" do
- expect(described_class.available.map(&:to_sym))
- .to contain_exactly(:luks1, :pervasive_luks2, :random_swap)
- end
- end
-
- context "and YAST_LUKS2_AVAILABLE is set" do
- let(:env_vars) { { "YAST_LUKS2_AVAILABLE" => "1" } }
-
- it "returns methods for LUKS1, LUKS2, pervasive LUKS2 and random swap"
do
- expect(described_class.available.map(&:to_sym))
- .to contain_exactly(:luks1, :luks2, :pervasive_luks2, :random_swap)
- end
+ it "returns methods for LUKS1, LUKS2, pervasive LUKS2 and random swap" do
+ expect(described_class.available.map(&:to_sym))
+ .to contain_exactly(:luks1, :luks2, :pervasive_luks2, :random_swap)
end
end
context "if no Crypto Express CCA coprocessor is available (online)" do
let(:lszcrypt) { lszcrypt_output("no_devs") }
- context "and YAST_LUKS2_AVAILABLE is not set" do
- it "returns methods for LUKS1 and random swap" do
- expect(described_class.available.map(&:to_sym))
- .to contain_exactly(:luks1, :random_swap)
- end
- end
-
- context "and YAST_LUKS2_AVAILABLE is set" do
- let(:env_vars) { { "YAST_LUKS2_AVAILABLE" => "1" } }
-
- it "returns methods for LUKS1, LUKS2 and random swap" do
- expect(described_class.available.map(&:to_sym))
- .to contain_exactly(:luks1, :luks2, :random_swap)
- end
+ it "returns methods for LUKS1, LUKS2 and random swap" do
+ expect(described_class.available.map(&:to_sym))
+ .to contain_exactly(:luks1, :luks2, :random_swap)
end
end
context "if secure AES keys are not supported" do
let(:lszcrypt) { "" }
- context "and YAST_LUKS2_AVAILABLE is not set" do
- it "returns methods for LUKS1 and random swap" do
- expect(described_class.available.map(&:to_sym))
- .to contain_exactly(:luks1, :random_swap)
- end
- end
-
- context "and YAST_LUKS2_AVAILABLE is set" do
- let(:env_vars) { { "YAST_LUKS2_AVAILABLE" => "1" } }
-
- it "returns methods for LUKS1, LUKS2 and random swap" do
- expect(described_class.available.map(&:to_sym))
- .to contain_exactly(:luks1, :luks2, :random_swap)
- end
+ it "returns methods for LUKS1, LUKS2 and random swap" do
+ expect(described_class.available.map(&:to_sym))
+ .to contain_exactly(:luks1, :luks2, :random_swap)
end
end
@@ -133,20 +100,9 @@
.and_raise Cheetah::ExecutionFailed.new("", "", "", "")
end
- context "and YAST_LUKS2_AVAILABLE is not set" do
- it "returns methods for LUKS1 and random swap" do
- expect(described_class.available.map(&:to_sym))
- .to contain_exactly(:luks1, :random_swap)
- end
- end
-
- context "and YAST_LUKS2_AVAILABLE is set" do
- let(:env_vars) { { "YAST_LUKS2_AVAILABLE" => "1" } }
-
- it "returns methods for LUKS1, LUKS2 and random swap" do
- expect(described_class.available.map(&:to_sym))
- .to contain_exactly(:luks1, :luks2, :random_swap)
- end
+ it "returns methods for LUKS1, LUKS2 and random swap" do
+ expect(described_class.available.map(&:to_sym))
+ .to contain_exactly(:luks1, :luks2, :random_swap)
end
end
