Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package yast2-bootloader for
openSUSE:Factory checked in at 2023-02-10 14:33:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-bootloader (Old)
and /work/SRC/openSUSE:Factory/.yast2-bootloader.new.1848 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-bootloader"
Fri Feb 10 14:33:38 2023 rev:327 rq:1063964 version:4.5.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-bootloader/yast2-bootloader.changes
2022-10-13 15:39:47.182447182 +0200
+++
/work/SRC/openSUSE:Factory/.yast2-bootloader.new.1848/yast2-bootloader.changes
2023-02-10 14:33:41.793338359 +0100
@@ -1,0 +2,7 @@
+Wed Feb 8 15:30:25 UTC 2023 - Josef Reidinger <[email protected]>
+
+- make secure boot for ppc64 consistent with how secure boot works
+ on other architectures (bsc#1206295)
+- 4.5.8
+
+-------------------------------------------------------------------
Old:
----
yast2-bootloader-4.5.7.tar.bz2
New:
----
yast2-bootloader-4.5.8.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-bootloader.spec ++++++
--- /var/tmp/diff_new_pack.ecwAUe/_old 2023-02-10 14:33:42.345341657 +0100
+++ /var/tmp/diff_new_pack.ecwAUe/_new 2023-02-10 14:33:42.349341681 +0100
@@ -1,7 +1,7 @@
#
# spec file for package yast2-bootloader
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: yast2-bootloader
-Version: 4.5.7
+Version: 4.5.8
Release: 0
Summary: YaST2 - Bootloader Configuration
License: GPL-2.0-or-later
@@ -39,7 +39,8 @@
BuildRequires: rubygem(%rb_default_ruby_abi:rspec)
BuildRequires: rubygem(%rb_default_ruby_abi:yast-rake)
-PreReq: /bin/sed %fillup_prereq
+PreReq: %fillup_prereq
+PreReq: /bin/sed
# Base classes for inst clients
Requires: parted
# ReducedRecorder
++++++ yast2-bootloader-4.5.7.tar.bz2 -> yast2-bootloader-4.5.8.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-bootloader-4.5.7/package/yast2-bootloader.changes
new/yast2-bootloader-4.5.8/package/yast2-bootloader.changes
--- old/yast2-bootloader-4.5.7/package/yast2-bootloader.changes 2022-10-10
10:22:49.000000000 +0200
+++ new/yast2-bootloader-4.5.8/package/yast2-bootloader.changes 2023-02-09
09:58:42.000000000 +0100
@@ -1,4 +1,11 @@
-------------------------------------------------------------------
+Wed Feb 8 15:30:25 UTC 2023 - Josef Reidinger <[email protected]>
+
+- make secure boot for ppc64 consistent with how secure boot works
+ on other architectures (bsc#1206295)
+- 4.5.8
+
+-------------------------------------------------------------------
Wed Oct 5 21:35:19 UTC 2022 - Josef Reidinger <[email protected]>
- prevent leak of grub2 password to logs(bsc#1201962)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-bootloader-4.5.7/package/yast2-bootloader.spec
new/yast2-bootloader-4.5.8/package/yast2-bootloader.spec
--- old/yast2-bootloader-4.5.7/package/yast2-bootloader.spec 2022-10-10
10:22:49.000000000 +0200
+++ new/yast2-bootloader-4.5.8/package/yast2-bootloader.spec 2023-02-09
09:58:42.000000000 +0100
@@ -17,7 +17,7 @@
Name: yast2-bootloader
-Version: 4.5.7
+Version: 4.5.8
Release: 0
Summary: YaST2 - Bootloader Configuration
License: GPL-2.0-or-later
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-bootloader-4.5.7/src/lib/bootloader/grub2base.rb
new/yast2-bootloader-4.5.8/src/lib/bootloader/grub2base.rb
--- old/yast2-bootloader-4.5.7/src/lib/bootloader/grub2base.rb 2022-10-10
10:22:49.000000000 +0200
+++ new/yast2-bootloader-4.5.8/src/lib/bootloader/grub2base.rb 2023-02-09
09:58:42.000000000 +0100
@@ -159,7 +159,7 @@
propose_xen_hypervisor
self.trusted_boot = false
- self.secure_boot = Systeminfo.secure_boot_active?
+ self.secure_boot = Systeminfo.secure_boot_supported?
self.update_nvram = true
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-bootloader-4.5.7/src/lib/bootloader/systeminfo.rb
new/yast2-bootloader-4.5.8/src/lib/bootloader/systeminfo.rb
--- old/yast2-bootloader-4.5.7/src/lib/bootloader/systeminfo.rb 2022-10-10
10:22:49.000000000 +0200
+++ new/yast2-bootloader-4.5.8/src/lib/bootloader/systeminfo.rb 2023-02-09
09:58:42.000000000 +0100
@@ -12,22 +12,24 @@
# Provide system and architecture dependent information
class Systeminfo
class << self
+ include Yast::Logger
+
# Check current secure boot state.
#
- # This prefers the 'real' state over the config file setting, if
possible.
+ # This reflects settings on OS level. If secure boot is not supported,
it returns false.
#
# @return [Boolean] true if secure boot is currently active
def secure_boot_active?
- (efi_supported? || s390_secure_boot_supported? ||
ppc_secure_boot_active?) &&
+ secure_boot_supported? &&
Sysconfig.from_system.secure_boot
end
# Check if secure boot is in principle supported.
#
# @return [Boolean] true if secure boot is (in principle) supported on
this system
- # def secure_boot_supported?
- # efi_supported? || s390_secure_boot_supported? ||
ppc_secure_boot_supported?
- # end
+ def secure_boot_supported?
+ efi_supported? || s390_secure_boot_supported? ||
ppc_secure_boot_supported?
+ end
# Check if secure boot is configurable with a bootloader.
#
@@ -113,7 +115,10 @@
# see jsc#SLE-9425
return false unless Yast::Arch.s390
- File.read("/sys/firmware/ipl/has_secure", 1) == "1"
+ res = File.read("/sys/firmware/ipl/has_secure", 1)
+ log.info "s390 has secure: #{res}"
+
+ res == "1"
rescue StandardError
false
end
@@ -139,7 +144,10 @@
return false unless Yast::Arch.s390
# see jsc#SLE-9425
- File.read("/sys/firmware/ipl/secure", 1) == "1"
+ res = File.read("/sys/firmware/ipl/secure", 1)
+ log.info "s390 secure: #{res}"
+
+ res == "1"
rescue StandardError
false
end
@@ -158,7 +166,9 @@
begin
result = File.read("/proc/device-tree/ibm,secure-boot")
result = result.unpack1("N")
- rescue StandardError
+ log.info "reading ibm,secure-boot result #{result}"
+ rescue StandardError => e
+ log.info "reading ibm,secure-boot failed with #{e}"
result = nil
end
result
@@ -177,7 +187,7 @@
# @return [Boolean] true if this is an ppc machine and secure boot is
# supported with the current setup
def ppc_secure_boot_supported?
- ppc_secure_boot_active?
+ ppc_secure_boot_available?
end
# Check if secure boot is currently active on an ppc machine.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-bootloader-4.5.7/test/systeminfo_test.rb
new/yast2-bootloader-4.5.8/test/systeminfo_test.rb
--- old/yast2-bootloader-4.5.7/test/systeminfo_test.rb 2022-10-10
10:22:49.000000000 +0200
+++ new/yast2-bootloader-4.5.8/test/systeminfo_test.rb 2023-02-09
09:58:42.000000000 +0100
@@ -111,11 +111,11 @@
context "and ibm,secure-boot is not enabled on arch ppc64le " do
let(:arch) { "ppc64" }
- it "returns false and secure_boot_active? returns false" do
+ it "returns true and secure_boot_active? returns true" do
allow(File).to receive(:read).with("/sys/firmware/ipl/has_secure",
1).and_return(false)
allow(File).to
receive(:read).with("/proc/device-tree/ibm,secure-boot").and_return("\0\0\0\0")
expect(described_class.secure_boot_available?("grub2")).to be true
- expect(described_class.secure_boot_active?).to be false
+ expect(described_class.secure_boot_active?).to be true
end
end
