Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package sdbootutil for openSUSE:Factory
checked in at 2024-10-02 21:32:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sdbootutil (Old)
and /work/SRC/openSUSE:Factory/.sdbootutil.new.19354 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sdbootutil"
Wed Oct 2 21:32:57 2024 rev:33 rq:1205163 version:1+git20241002.7da4a47
Changes:
--------
--- /work/SRC/openSUSE:Factory/sdbootutil/sdbootutil.changes 2024-09-04
13:22:26.884303478 +0200
+++ /work/SRC/openSUSE:Factory/.sdbootutil.new.19354/sdbootutil.changes
2024-10-02 21:33:25.074464924 +0200
@@ -1,0 +2,27 @@
+Wed Oct 02 09:15:48 UTC 2024 - apla...@suse.com
+
+- Update to version 1+git20241002.7da4a47:
+ * Do not specify bootloader requirement
+
+-------------------------------------------------------------------
+Wed Oct 02 07:43:16 UTC 2024 - apla...@suse.com
+
+- Update to version 1+git20241002.7b8957c:
+ * Requires udev for bootctl
+ * Use chroot instead of --sysroot in dracut
+ * Replace cut with idiomatic code
+ * Show recovery PIN generated by systemd-pcrlock
+
+-------------------------------------------------------------------
+Thu Sep 12 14:03:12 UTC 2024 - apla...@suse.com
+
+- Update to version 1+git20240912.02d30ed:
+ * Generate predictions for update_entry
+
+-------------------------------------------------------------------
+Thu Sep 05 13:53:58 UTC 2024 - apla...@suse.com
+
+- Update to version 1+git20240905.e7ca8cf:
+ * Replace root=UUID= with root=device
+
+-------------------------------------------------------------------
Old:
----
sdbootutil-1+git20240903.81f1f40.obscpio
New:
----
sdbootutil-1+git20241002.7da4a47.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sdbootutil.spec ++++++
--- /var/tmp/diff_new_pack.mZDykE/_old 2024-10-02 21:33:25.866497851 +0200
+++ /var/tmp/diff_new_pack.mZDykE/_new 2024-10-02 21:33:25.866497851 +0200
@@ -27,24 +27,26 @@
%define git_version %{nil}
%endif
Name: sdbootutil
-Version: 1+git20240903.81f1f40%{git_version}
+Version: 1+git20241002.7da4a47%{git_version}
Release: 0
Summary: script to install shim with sd-boot
License: MIT
URL: https://en.opensuse.org/openSUSE:Usr_merge
Source: %{name}-%{version}.tar
Requires: dialog
+Requires: dracut-pcr-signature
Requires: efibootmgr
Requires: jq
Requires: pcr-oracle
Requires: sed
-Requires: systemd-boot
# While systemd-pcrlock is in experimental
Requires: systemd-experimental
-Requires: dracut-pcr-signature
-Supplements: (systemd-boot and shim)
+# While bootctl is in udev
+Requires: udev
Requires: (%{name}-snapper if (snapper and btrfsprogs))
Requires: (%{name}-tukit if read-only-root-fs)
+Supplements: (grub2-x86_64-efi-bls and shim)
+Supplements: (systemd-boot and shim)
ExclusiveArch: aarch64 ppc64le riscv64 x86_64
%description
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.mZDykE/_old 2024-10-02 21:33:25.914499847 +0200
+++ /var/tmp/diff_new_pack.mZDykE/_new 2024-10-02 21:33:25.918500013 +0200
@@ -3,6 +3,6 @@
<param
name="url">https://github.com/lnussel/sdbootutil.git</param>
<param
name="changesrevision">708592a5033bb41d14e378172466ae9e90dfb3c4</param></service><service
name="tar_scm">
<param
name="url">https://github.com/openSUSE/sdbootutil.git</param>
- <param
name="changesrevision">81f1f40666b325a807fb4d220782cfce642f2160</param></service></servicedata>
+ <param
name="changesrevision">7da4a479cf89b2d20e9cc81e15ba58cf32294735</param></service></servicedata>
(No newline at EOF)
++++++ sdbootutil-1+git20240903.81f1f40.obscpio ->
sdbootutil-1+git20241002.7da4a47.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sdbootutil-1+git20240903.81f1f40/sdbootutil
new/sdbootutil-1+git20241002.7da4a47/sdbootutil
--- old/sdbootutil-1+git20240903.81f1f40/sdbootutil 2024-09-03
14:09:58.000000000 +0200
+++ new/sdbootutil-1+git20241002.7da4a47/sdbootutil 2024-10-02
11:14:41.000000000 +0200
@@ -327,7 +327,7 @@
{
local subvol="$1"
# - delete BOOT_IMAGE= and initrd=
- # - make sure root= refers to uuid
+ # - replace or add root= to refers to UUID or mapped device (if
encrypted)
# - replace or add rootflags to point at correct subvolume
# - replace or add systemd.machine-id to match current machine-id
#
@@ -341,9 +341,12 @@
# already there). Since we always operate on the same line,
# "empty" t jumps are used to reset the condition after very
# s///.
- local sed_arguments=("-e s/[ \t]\+/ /g"\
- "-e s/\<\(BOOT_IMAGE\|initrd\)=[^ ]* \?//"\
- "-e s/\<root=[^ ]*/root=UUID=$root_uuid/;tb;s,\$,
root=UUID=$root_uuid,;tc;:c;:b")
+ local root_param="UUID=$root_uuid"
+ [ -z "$root_device_is_crypt" ] || root_param="$root_device"
+ local sed_arguments=("-e s/[ \t]\+/ /g"
+ "-e s/\<\(BOOT_IMAGE\|initrd\)=[^ ]* \?//"
+ "-e s/\$//;ta;:a"
+ "-e s,\<root=[^ ]*,root=$root_param,;tb;s,\$,
root=$root_param,;tc;:c;:b")
[ -z "$have_snapshots" ] || sed_arguments+=("-e s,\<rootflags=subvol=[^
]*,rootflags=subvol=$subvol,;td;s,\$, rootflags=subvol=$subvol,;te;:e;:d")
[ -z "$machine_id" ] || sed_arguments+=("-e s,\<systemd.machine_id=[^
]*,systemd.machine_id=$machine_id,;tf;s,\$,
systemd.machine_id=$machine_id,;tg;:g;:f")
sed "${sed_arguments[@]}"
@@ -362,7 +365,7 @@
local ext="${2:-}"
[ -z "$ext" ] || ext="|$ext"
- update_entries jq
"[.[]|select(has(\"options\"))|select(.options|test(\"root=UUID=$root_uuid
.*rootflags=subvol=$subvol\")$ext)]"
+ update_entries jq
"[.[]|select(has(\"options\"))|select(.options|test(\"root=(?:UUID=$root_uuid|$root_device)
.*rootflags=subvol=$subvol\")$ext)]"
}
update_entries_for_snapshot()
@@ -379,7 +382,7 @@
update_entries_for_this_system()
{
- update_entries jq
"[.[]|select(has(\"options\"))|select(.options|test(\"root=UUID=$root_uuid\"))]"
+ update_entries jq
"[.[]|select(has(\"options\"))|select(.options|test(\"root=(?:UUID=$root_uuid|$root_device)\"))]"
}
entry_conf_file()
@@ -607,6 +610,25 @@
return 1
}
+mount_chroot()
+{
+ local snapshot_dir="$1"
+
+ mount -t tmpfs -o size=10m tmpfs "$snapshot_dir/run"
+ for i in proc dev sys var tmp; do
+ mount --bind "/$i" "$snapshot_dir/$i"
+ done
+}
+
+umount_chroot()
+{
+ local snapshot_dir="$1"
+
+ for i in proc dev sys var tmp run; do
+ umount "$snapshot_dir/$i"
+ done
+}
+
mount_etc()
{
local snapshot_dir="$1"
@@ -728,21 +750,28 @@
/usr/bin/mkmoduleinitrd "${subvol#"${subvol_prefix}"}"
"$kernel_version" "$tmpdir/initrd-$i"
elif ! reuse_initrd "$snapshot" "$subvol" "$kernel_version"; then
local snapshot_dir="/.snapshots/$snapshot/snapshot"
- local dracut_args=()
- dracut_args=('--force' '--tmpdir' '/var/tmp')
- if [ "$subvol" != "$root_subvol" ] && [ -n "$have_snapshots" ];
then
- dracut_args+=('--sysroot' "${snapshot_dir}"
'--add-device' "$root_device")
- fi
+ local dracut_args=(
+ '--quiet'
+ '--reproducible'
+ '--force'
+ '--tmpdir' '/var/tmp'
+ )
log_info "generating new initrd"
+ [ "$subvol" != "$root_subvol" ] && [ -n "$have_snapshots" ] &&
mount_chroot "${snapshot_dir}"
# In MicroOS we need to be sure to have the same /etc
# inside the snapshot. For example, /etc/crypttab can
# have modifications in the overlay that will be
# visible once the snapshot is active, but the version
# in /.snashots is still the unmodified base
is_transactional && mount_etc "${snapshot_dir}"
- run_command_live_output dracut --quiet --reproducible
"${dracut_args[@]}" "$tmpdir/initrd-0" "$kernel_version"
+ if [ "$subvol" != "$root_subvol" ] && [ -n "$have_snapshots" ];
then
+ run_command_live_output chroot "${snapshot_dir}" dracut
"${dracut_args[@]}" "$tmpdir/initrd-0" "$kernel_version"
+ else
+ run_command_live_output dracut "${dracut_args[@]}"
"$tmpdir/initrd-0" "$kernel_version"
+ fi
is_transactional && umount_etc "${snapshot_dir}"
+ [ "$subvol" != "$root_subvol" ] && [ -n "$have_snapshots" ] &&
umount_chroot "${snapshot_dir}"
fi
make_free_space "$snapshot" || err "No free space in $boot_root for new
kernel"
@@ -1079,6 +1108,8 @@
echo "Updating $id"
update_entry_conf "$conf" "$snapshot"
+ # This action will require to update the PCR predictions
+ update_predictions=1
}
update_all_entries()
@@ -1954,16 +1985,30 @@
elif [ -n "$keyid" ]; then
pin="$(keyctl pipe "$keyid")"
extra=("--recovery-pin=yes")
+ else
+ # No PIN was provided, systemd-pcrlock will generate one
+ # Add this argument to show it
+ extra=("--recovery-pin=show")
fi
- PIN="$pin" pcrlock --pcr="$pcrs" "${extra[@]}" make-policy || {
+ local output
+ if ! output="$(PIN="$pin" pcrlock --pcr="$pcrs" "${extra[@]}"
make-policy)"; then
echo "Error creating the policy!"
if [ -z "$pin" ]; then
echo "Please, provide the recovery PIN to register the
new policy"
else
echo "Provided PIN incorrect or TPM2 locked after too
many retries"
fi
- }
+ elif [ -z "$pin" ]; then
+ if ! echo "$output" | grep "recovery PIN"; then
+ echo "Unable to find the generated recovery PIN"
+ elif [ -x /usr/bin/qrencode ]; then
+ echo "You can also scan it with your mobile
phone:"
+ local split
+ IFS=":" read -r -a split <<< "$output"
+ echo "${split[1]}" | qrencode -t utf8i
+ fi
+ fi
# Publish the assets in the ESP, so can be imported by
# dracut-pcr-signature
@@ -2531,6 +2576,8 @@
# shellcheck disable=SC2016
eval "$(bootctl 2>/dev/null | sed -ne 's/Firmware Arch:
*\(\w\+\)/firmware_arch="\1"/p;s/ *token: *\(\w\+\)/entry_token="\1"/p;s,
*\$BOOT: *\([^ ]\+\).*,boot_root="\1",p')"
read -r root_uuid root_device < <(findmnt / -v -r -n -o UUID,SOURCE)
+root_device_is_crypt=
+[ "$(lsblk --noheadings -o TYPE "$root_device")" = "crypt" ] &&
root_device_is_crypt=1
root_subvol=""
subvol_prefix=""
if [ "$(stat -f -c %T /)" = "btrfs" ] && [ -d /.snapshots ]; then
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sdbootutil-1+git20240903.81f1f40/sdbootutil.spec
new/sdbootutil-1+git20241002.7da4a47/sdbootutil.spec
--- old/sdbootutil-1+git20240903.81f1f40/sdbootutil.spec 2024-09-03
14:09:58.000000000 +0200
+++ new/sdbootutil-1+git20241002.7da4a47/sdbootutil.spec 2024-10-02
11:14:41.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package sdbootutil
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -33,18 +33,20 @@
License: MIT
URL: https://en.opensuse.org/openSUSE:Usr_merge
Source: %{name}-%{version}.tar
+Requires: dracut-pcr-signature
+Requires: dialog
Requires: efibootmgr
-Requires: systemd-boot
Requires: jq
-Requires: sed
Requires: pcr-oracle
-Requires: dialog
+Requires: sed
# While systemd-pcrlock is in experimental
Requires: systemd-experimental
-Requires: dracut-pcr-signature
-Supplements: (systemd-boot and shim)
+# While bootctl is in udev
+Requires: udev
Requires: (%{name}-snapper if (snapper and btrfsprogs))
Requires: (%{name}-tukit if read-only-root-fs)
+Supplements: (systemd-boot and shim)
+Supplements: (grub2-x86_64-efi-bls and shim)
ExclusiveArch: aarch64 ppc64le riscv64 x86_64
%description
++++++ sdbootutil.obsinfo ++++++
--- /var/tmp/diff_new_pack.mZDykE/_old 2024-10-02 21:33:26.050505501 +0200
+++ /var/tmp/diff_new_pack.mZDykE/_new 2024-10-02 21:33:26.054505668 +0200
@@ -1,5 +1,5 @@
name: sdbootutil
-version: 1+git20240903.81f1f40
-mtime: 1725365398
-commit: 81f1f40666b325a807fb4d220782cfce642f2160
+version: 1+git20241002.7da4a47
+mtime: 1727860481
+commit: 7da4a479cf89b2d20e9cc81e15ba58cf32294735
