commit dracut-pcr-signature for openSUSE:Factory

Source-Sync Wed, 10 Apr 2024 08:49:09 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package dracut-pcr-signature for 
openSUSE:Factory checked in at 2024-04-10 17:48:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dracut-pcr-signature (Old)
 and      /work/SRC/openSUSE:Factory/.dracut-pcr-signature.new.29460 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "dracut-pcr-signature"

Wed Apr 10 17:48:44 2024 rev:5 rq:1166632 version:0.3+0

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/dracut-pcr-signature/dracut-pcr-signature.changes    
    2024-03-13 22:17:50.818656944 +0100
+++ 
/work/SRC/openSUSE:Factory/.dracut-pcr-signature.new.29460/dracut-pcr-signature.changes
     2024-04-10 17:48:50.977071456 +0200
@@ -1,0 +2,6 @@
+Wed Apr 10 11:13:22 UTC 2024 - [email protected]
+
+- Update to version 0.3+0:
+  * Various small improvements
+
+-------------------------------------------------------------------

Old:
----
  dracut-pcr-signature-0.2+0.tar.xz

New:
----
  dracut-pcr-signature-0.3+0.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ dracut-pcr-signature.spec ++++++
--- /var/tmp/diff_new_pack.U4hrVx/_old  2024-04-10 17:48:52.113113264 +0200
+++ /var/tmp/diff_new_pack.U4hrVx/_new  2024-04-10 17:48:52.113113264 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           dracut-pcr-signature
-Version:        0.2+0
+Version:        0.3+0
 Release:        0
 Summary:        Dracut module to import PCR signatures
 License:        GPL-2.0-or-later

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.U4hrVx/_old  2024-04-10 17:48:52.149114588 +0200
+++ /var/tmp/diff_new_pack.U4hrVx/_new  2024-04-10 17:48:52.153114736 +0200
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param 
name="url">https://github.com/aplanas/dracut-pcr-signature.git</param>
-              <param 
name="changesrevision">b6b4f3e73cfb572448fa0b28b962af4fcc817e5f</param></service></servicedata>
+              <param 
name="changesrevision">37e8da3db49f22c517b14a877ce0169ba8979927</param></service></servicedata>
 (No newline at EOF)
 

++++++ dracut-pcr-signature-0.2+0.tar.xz -> dracut-pcr-signature-0.3+0.tar.xz 
++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/dracut-pcr-signature-0.2+0/module-setup.sh 
new/dracut-pcr-signature-0.3+0/module-setup.sh
--- old/dracut-pcr-signature-0.2+0/module-setup.sh      2024-03-12 
16:06:09.000000000 +0100
+++ new/dracut-pcr-signature-0.3+0/module-setup.sh      2024-04-10 
11:18:36.000000000 +0200
@@ -11,7 +11,7 @@
 }
 
 installkernel() {
-    inst_multiple grep rmdir
+    inst_multiple mountpoint rmdir dd tr
     # Filesystem (vfat) and codepages required to mount the ESP
     hostonly="" instmods vfat nls_cp437 nls_iso8859-1
 }
@@ -22,8 +22,8 @@
     # easy execute the service when the ESP device is ready and the
     # systemd-cryptsetup service was still not executed
     # (cryptsetup.target).  One solution is to use a generator, that
-    # will after/requires from dev-disk-bytpartuuid-XXX, where XXX
+    # will after/requires from dev-disk-by-partuuid-XXX, where XXX
     # comes from LoaderDevicePartUUID efivar.  The other option is an
-    # override (this one)
+    # override (this one).
     inst_simple "${moddir}/pcr-signature.conf" 
"/etc/systemd/system/[email protected]/pcr-signature.conf"
 }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/dracut-pcr-signature-0.2+0/pcr-signature.sh 
new/dracut-pcr-signature-0.3+0/pcr-signature.sh
--- old/dracut-pcr-signature-0.2+0/pcr-signature.sh     2024-03-12 
16:06:09.000000000 +0100
+++ new/dracut-pcr-signature-0.3+0/pcr-signature.sh     2024-04-10 
11:18:36.000000000 +0200
@@ -1,64 +1,42 @@
 #!/bin/bash
+set -euo pipefail
 
-MNT="/tmp/pcr-signature"
-# Maybe a better place is loader/credentials
-SYSTEMD="EFI/systemd"
-OPENSUSE="EFI/opensuse"
-SIGNATURES=""
-VENDOR="4a67b082-0a4c-41cf-b6c7-440b29bb8c4f"
 # If GRUB2 is used, bli.mod needs to be loaded
-EFIVAR="/sys/firmware/efi/efivars/LoaderDevicePartUUID-$VENDOR"
+EFIVAR="/sys/firmware/efi/efivars/LoaderDevicePartUUID-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f"
 
-cleanup()
-{
-    is_mount "$MNT" && umount "$MNT"
-    rmdir "$MNT"
-}
-trap cleanup EXIT
+[ -e "$EFIVAR" ] || exit 0
 
-is_mount() {
-    grep -q "$1" /proc/mounts
-}
+if [ -e "/var/lib/systemd/pcrlock.json" ] || [ -e 
"/etc/systemd/tpm2-pcr-signature.json" ]; then
+       # Already ran?
+       exit 0
+fi
 
-mount_esp() {
-    [ -e "$EFIVAR" ] || return 0
-    mount "$DEV" "$MNT"
-    if [ -e "${MNT}/${SYSTEMD}" ]; then
-       SIGNATURES="$SYSTEMD"
-       return 0
-    elif [ -e "${MNT}/${OPENSUSE}" ]; then
-       SIGNATURES="$OPENSUSE"
-       return 0
-    fi
-    umount "$MNT"
-}
+# Read the value of the EFI variable, that contains a header and
+# ends with '\0' and make it lowercase
+ESP_UUID="$(dd "if=$EFIVAR" bs=2 skip=2 conv=lcase status=none | tr -d '\0')"
+DEV="/dev/disk/by-partuuid/${ESP_UUID}"
+MNT="$(mktemp -d)"
 
-read_efivar() {
-    local var="$1"
-    local val
-
-    # Read the value of the EFI variable, that contains a header and
-    # ends with '\0' and make it lowercase
-    read -r val < "$var"
-    val="${val:1}"
-    echo "${val,,}"
+cleanup()
+{
+       if mountpoint -q "$MNT"; then
+               umount "$MNT"
+       fi
+       rmdir "$MNT"
 }
+trap cleanup EXIT
 
-DEV="/dev/disk/by-partuuid/$(read_efivar "$EFIVAR")"
-
-mkdir -p "$MNT"
-
-mount_esp
-
-if is_mount "$MNT"; then
-    if [ -e "${MNT}/${SIGNATURES}/pcrlock.json" ]; then
-       mkdir -p /var/lib/systemd
-       cp "${MNT}/${SIGNATURES}/pcrlock.json" /var/lib/systemd
-    elif [ -e "${MNT}/${SIGNATURES}/tpm2-pcr-signature.json" ] && [ -e 
"${MNT}/${SIGNATURES}/tpm2-pcr-public-key.pem" ]; then
-       mkdir -p /etc/systemd
-       cp "${MNT}/${SIGNATURES}/tpm2-pcr-signature.json" /etc/systemd
-       cp "${MNT}/${SIGNATURES}/tpm2-pcr-public-key.pem" /etc/systemd
-    fi
-fi
+mount -o ro "$DEV" "$MNT"
 
-is_mount "$MNT" && umount "$MNT"
+for location in "${MNT}/EFI/systemd" "${MNT}/EFI/opensuse"; do
+       if [ -e "${location}/pcrlock.json" ]; then
+               mkdir -p /var/lib/systemd
+               cp "${location}/pcrlock.json" /var/lib/systemd
+               break
+       elif [ -e "${location}/tpm2-pcr-signature.json" ] && [ -e 
"${location}/tpm2-pcr-public-key.pem" ]; then
+               mkdir -p /etc/systemd
+               cp "${location}/tpm2-pcr-signature.json" /etc/systemd
+               cp "${location}/tpm2-pcr-public-key.pem" /etc/systemd
+               break
+       fi
+done

commit dracut-pcr-signature for openSUSE:Factory

Reply via email to