Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package yast2-storage-ng for
openSUSE:Factory checked in at 2025-02-25 16:40:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-storage-ng (Old)
and /work/SRC/openSUSE:Factory/.yast2-storage-ng.new.1873 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-storage-ng"
Tue Feb 25 16:40:00 2025 rev:171 rq:1248189 version:5.0.27
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-storage-ng/yast2-storage-ng.changes
2025-02-12 21:30:54.700708708 +0100
+++
/work/SRC/openSUSE:Factory/.yast2-storage-ng.new.1873/yast2-storage-ng.changes
2025-02-25 16:40:45.601795499 +0100
@@ -1,0 +2,14 @@
+Mon Feb 24 15:11:04 UTC 2025 - Ancor Gonzalez Sosa <an...@suse.com>
+
+- Discarded RAM disks as candidate for installation
+ (gh#agama-project/agama#2042).
+- 5.0.27
+
+-------------------------------------------------------------------
+Fri Feb 21 13:30:05 UTC 2025 - Knut Anderssen <kanders...@suse.com>
+
+- Added AutoYaST support for selecting the APQNs and pervasive
+ encryption key type (jsc#PED-10950).
+- 5.0.26
+
+-------------------------------------------------------------------
Old:
----
yast2-storage-ng-5.0.25.tar.bz2
New:
----
yast2-storage-ng-5.0.27.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-storage-ng.spec ++++++
--- /var/tmp/diff_new_pack.HlWVBe/_old 2025-02-25 16:40:46.617837948 +0100
+++ /var/tmp/diff_new_pack.HlWVBe/_new 2025-02-25 16:40:46.617837948 +0100
@@ -17,7 +17,7 @@
Name: yast2-storage-ng
-Version: 5.0.25
+Version: 5.0.27
Release: 0
Summary: YaST2 - Storage Configuration
License: GPL-2.0-only OR GPL-3.0-only
++++++ yast2-storage-ng-5.0.25.tar.bz2 -> yast2-storage-ng-5.0.27.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-5.0.25/package/yast2-storage-ng.changes
new/yast2-storage-ng-5.0.27/package/yast2-storage-ng.changes
--- old/yast2-storage-ng-5.0.25/package/yast2-storage-ng.changes
2025-02-12 13:33:29.000000000 +0100
+++ new/yast2-storage-ng-5.0.27/package/yast2-storage-ng.changes
2025-02-24 16:18:28.000000000 +0100
@@ -1,4 +1,18 @@
-------------------------------------------------------------------
+Mon Feb 24 15:11:04 UTC 2025 - Ancor Gonzalez Sosa <an...@suse.com>
+
+- Discarded RAM disks as candidate for installation
+ (gh#agama-project/agama#2042).
+- 5.0.27
+
+-------------------------------------------------------------------
+Fri Feb 21 13:30:05 UTC 2025 - Knut Anderssen <kanders...@suse.com>
+
+- Added AutoYaST support for selecting the APQNs and pervasive
+ encryption key type (jsc#PED-10950).
+- 5.0.26
+
+-------------------------------------------------------------------
Wed Feb 12 11:01:03 UTC 2025 - Stefan Hundhammer <shundham...@suse.com>
- Require libstorage bindings for the current Ruby version (bsc#1235598)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-5.0.25/package/yast2-storage-ng.spec
new/yast2-storage-ng-5.0.27/package/yast2-storage-ng.spec
--- old/yast2-storage-ng-5.0.25/package/yast2-storage-ng.spec 2025-02-12
13:33:29.000000000 +0100
+++ new/yast2-storage-ng-5.0.27/package/yast2-storage-ng.spec 2025-02-24
16:18:28.000000000 +0100
@@ -16,7 +16,7 @@
#
Name: yast2-storage-ng
-Version: 5.0.25
+Version: 5.0.27
Release: 0
Summary: YaST2 - Storage Configuration
License: GPL-2.0-only OR GPL-3.0-only
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-5.0.25/src/lib/y2partitioner/actions/controllers/encryption.rb
new/yast2-storage-ng-5.0.27/src/lib/y2partitioner/actions/controllers/encryption.rb
---
old/yast2-storage-ng-5.0.25/src/lib/y2partitioner/actions/controllers/encryption.rb
2025-02-12 13:33:29.000000000 +0100
+++
new/yast2-storage-ng-5.0.27/src/lib/y2partitioner/actions/controllers/encryption.rb
2025-02-24 16:18:28.000000000 +0100
@@ -52,7 +52,7 @@
# Selected APQNs to generate a new secure key for pervasive encryption
#
- # @return [Array<Y2Storage:.EncryptionProcesses::Apqn>]
+ # @return [Array<Y2Storage::EncryptionProcesses::Apqn>]
attr_accessor :apqns
# @return [String] Type for the new secure key for pervasive encryption
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-5.0.25/src/lib/y2storage/autoinst_profile/partition_section.rb
new/yast2-storage-ng-5.0.27/src/lib/y2storage/autoinst_profile/partition_section.rb
---
old/yast2-storage-ng-5.0.25/src/lib/y2storage/autoinst_profile/partition_section.rb
2025-02-12 13:33:29.000000000 +0100
+++
new/yast2-storage-ng-5.0.27/src/lib/y2storage/autoinst_profile/partition_section.rb
2025-02-24 16:18:28.000000000 +0100
@@ -54,6 +54,8 @@
{ name: :crypt_label },
{ name: :crypt_cipher },
{ name: :crypt_key_size },
+ { name: :crypt_pervasive_apqns },
+ { name: :crypt_pervasive_key_type },
{ name: :raid_name },
{ name: :raid_options },
{ name: :mkfs_options },
@@ -109,6 +111,12 @@
# @return [Integer,nil] If nil, the default key size will be used. If
an integer
# value is used, it has to be a multiple of 8.
+ # @!attribute crypt_pervasive_apqns
+ # @return [Array<String>,nil] items like "01.0001"
+ #
+ # @!attribute crypt_pervasive_key_type
+ # @return [String,nil] "CCA-AESCIPHER" or "CCA-AESDATA"
+
# @!attribute filesystem
# @return [Symbol] file system type to use in the partition, it also
# influences other fields
@@ -187,6 +195,8 @@
@raid_options =
RaidOptionsSection.new_from_hashes(hash["raid_options"], self)
end
+ @crypt_pervasive_apqns = hash["crypt_pervasive_apqns"] if
hash["crypt_pervasive_apqns"]
+
@subvolumes_prefix = hash["subvolumes_prefix"]
@create_subvolumes = hash.fetch("create_subvolumes", true)
@subvolumes = subvolumes_from_hashes(hash["subvolumes"]) if
hash["subvolumes"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-5.0.25/src/lib/y2storage/disk_analyzer.rb
new/yast2-storage-ng-5.0.27/src/lib/y2storage/disk_analyzer.rb
--- old/yast2-storage-ng-5.0.25/src/lib/y2storage/disk_analyzer.rb
2025-02-12 13:33:29.000000000 +0100
+++ new/yast2-storage-ng-5.0.27/src/lib/y2storage/disk_analyzer.rb
2025-02-24 16:18:28.000000000 +0100
@@ -276,11 +276,14 @@
# A device is candidate for installation if no filesystem belonging to the
device is mounted and the
# device does not contain a repository for installation.
#
+ # Moreover, RAM disks are also discarded.
+ #
# @param device [BlkDevice]
# @return [Boolean]
def candidate_disk?(device)
!contain_mounted_filesystem?(device) &&
- !contain_installation_repository?(device)
+ !contain_installation_repository?(device) &&
+ !device.name.match?(/^\/dev\/ram\d+$/)
end
# Checks whether a device contains a mounted filesystem
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-5.0.25/src/lib/y2storage/planned/can_be_encrypted.rb
new/yast2-storage-ng-5.0.27/src/lib/y2storage/planned/can_be_encrypted.rb
--- old/yast2-storage-ng-5.0.25/src/lib/y2storage/planned/can_be_encrypted.rb
2025-02-12 13:33:29.000000000 +0100
+++ new/yast2-storage-ng-5.0.27/src/lib/y2storage/planned/can_be_encrypted.rb
2025-02-24 16:18:28.000000000 +0100
@@ -61,6 +61,16 @@
# @return [String, nil] nil or empty string to use the default cipher
attr_accessor :encryption_cipher
+ # Selected APQNs to generate a new security key for pervasive encryption
+ #
+ # @return [Array<String>]
+ attr_accessor :encryption_pervasive_apqns
+
+ # Pervasive key key_type
+ #
+ # @return [String, nil] nil or empty string to use the default key type
+ attr_accessor :encryption_pervasive_key_type
+
# Key size (in bits) to use when encrypting a LUKS device
#
# Any positive value must be a multiple of 8.
@@ -74,7 +84,9 @@
attr_accessor :encryption_key_size
# Initializations of the mixin, to be called from the class constructor.
- def initialize_can_be_encrypted; end
+ def initialize_can_be_encrypted
+ self.encryption_pervasive_apqns = []
+ end
# Checks whether the resulting device must be encrypted
#
@@ -106,7 +118,15 @@
result = super
if create_encryption?
method = encryption_method || EncryptionMethod.find(:luks1)
- result = plain_device.encrypt(method: method, password:
encryption_password)
+ args = {}
+ # FIXME: For pervasive_luks2 the arguments need to be passed
directly at #encrypt
+ # instead of being able to assign them afterwards. That's a defect
on the API of
+ # that encryption method that should be fixed
+ if method.is?(:pervasive_luks2)
+ args[:apqns] = encryption_pervasive_apqns
+ args[:key_type] = encryption_pervasive_key_type
+ end
+ result = plain_device.encrypt(method: method, password:
encryption_password, **args)
assign_enc_attr(result, :pbkdf)
assign_enc_attr(result, :label)
assign_enc_attr(result, :cipher)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-5.0.25/src/lib/y2storage/proposal/autoinst_drive_planner.rb
new/yast2-storage-ng-5.0.27/src/lib/y2storage/proposal/autoinst_drive_planner.rb
---
old/yast2-storage-ng-5.0.25/src/lib/y2storage/proposal/autoinst_drive_planner.rb
2025-02-12 13:33:29.000000000 +0100
+++
new/yast2-storage-ng-5.0.27/src/lib/y2storage/proposal/autoinst_drive_planner.rb
2025-02-24 16:18:28.000000000 +0100
@@ -17,6 +17,7 @@
# To contact SUSE LLC about this file by physical or electronic mail, you may
# find current contact information at www.suse.com.
+require "yast"
require "y2storage/proposal_settings"
require "y2storage/proposal/autoinst_size_parser"
require "y2storage/volume_specification"
@@ -24,7 +25,8 @@
module Y2Storage
module Proposal
# This module offers a set of common methods that are used by AutoYaST
planners.
- class AutoinstDrivePlanner
+ class AutoinstDrivePlanner # rubocop:disable Metrics/ClassLength
+ include Yast::Logger
# @!attribute [r] devicegraph
# @return [Devicegraph]
# @!attribute [r] issues_list
@@ -147,11 +149,49 @@
device.encryption_label = partition_section.crypt_label
device.encryption_cipher = partition_section.crypt_cipher
device.encryption_key_size = encryption_key_size_for(partition_section)
+ if device.encryption_method&.is?(:pervasive_luks2)
+ device.encryption_pervasive_apqns = apqns_for(partition_section)
+ device.encryption_pervasive_key_type =
partition_section.crypt_pervasive_key_type
+ end
return unless device.encryption_method&.password_required?
device.encryption_password =
find_encryption_password(partition_section)
end
+ # Determines if the given apqn is valid for being used for
pervasive_luks2 encryption
+ #
+ # @param apqn [EncryptionProcesses::Apqn]
+ # @return [Boolean] whether the given apqn can be used for
pervasive_luks2 encryption
+ def valid_apqn_candidate?(apqn)
+ if apqn.online?
+ return true if apqn.master_key_pattern
+
+ log.error "The APQN #{apqn.name} does not have a configured master
key pattern"
+ else
+ log.error "The APQN #{apqn.name} is not online"
+ end
+ false
+ end
+
+ # Obtains the online APQNs for a partition section
+ #
+ # @param partition_section [AutoinstProfile::PartitionSection] AutoYaST
specification
+ # @return [Array<EncryptionProcesses::Apqn>]
+ def apqns_for(partition_section)
+ result = []
+ apqns = partition_section.crypt_pervasive_apqns || []
+ all_apqns = Y2Storage::EncryptionProcesses::Apqn.all
+ apqns.each do |name|
+ apqn = all_apqns.find { |a| a.name == name }
+ if apqn
+ result << apqn if valid_apqn_candidate?(apqn)
+ else
+ log.error "The APQN #{name} was not found"
+ end
+ end
+ result
+ end
+
# Determines the encryption method for a partition section
#
# @param device [Planned::Device] Planned device
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-5.0.25/test/data/devicegraphs/agama_pxe.yml
new/yast2-storage-ng-5.0.27/test/data/devicegraphs/agama_pxe.yml
--- old/yast2-storage-ng-5.0.25/test/data/devicegraphs/agama_pxe.yml
1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-storage-ng-5.0.27/test/data/devicegraphs/agama_pxe.yml
2025-02-24 16:18:28.000000000 +0100
@@ -0,0 +1,160 @@
+---
+- disk:
+ name: "/dev/ram0"
+ size: 2 GiB
+ block_size: 0.5 KiB
+ io_size: 0 B
+ min_grain: 1 MiB
+ align_ofs: 0 B
+- disk:
+ name: "/dev/ram1"
+ size: 2 GiB
+ block_size: 0.5 KiB
+ io_size: 0 B
+ min_grain: 1 MiB
+ align_ofs: 0 B
+ partition_table: gpt
+ partitions:
+ - free:
+ size: 1 MiB
+ start: 0 B
+ - partition:
+ size: 2 MiB
+ start: 1 MiB
+ name: "/dev/ram1p1"
+ type: primary
+ id: linux
+ - free:
+ size: 2045 MiB (2.00 GiB)
+ start: 3 MiB
+- disk:
+ name: "/dev/ram2"
+ size: 2 GiB
+ block_size: 0.5 KiB
+ io_size: 0 B
+ min_grain: 1 MiB
+ align_ofs: 0 B
+- disk:
+ name: "/dev/ram3"
+ size: 2 GiB
+ block_size: 0.5 KiB
+ io_size: 0 B
+ min_grain: 1 MiB
+ align_ofs: 0 B
+- disk:
+ name: "/dev/ram4"
+ size: 2 GiB
+ block_size: 0.5 KiB
+ io_size: 0 B
+ min_grain: 1 MiB
+ align_ofs: 0 B
+- disk:
+ name: "/dev/ram5"
+ size: 2 GiB
+ block_size: 0.5 KiB
+ io_size: 0 B
+ min_grain: 1 MiB
+ align_ofs: 0 B
+- disk:
+ name: "/dev/ram6"
+ size: 2 GiB
+ block_size: 0.5 KiB
+ io_size: 0 B
+ min_grain: 1 MiB
+ align_ofs: 0 B
+- disk:
+ name: "/dev/ram7"
+ size: 2 GiB
+ block_size: 0.5 KiB
+ io_size: 0 B
+ min_grain: 1 MiB
+ align_ofs: 0 B
+- disk:
+ name: "/dev/ram8"
+ size: 2 GiB
+ block_size: 0.5 KiB
+ io_size: 0 B
+ min_grain: 1 MiB
+ align_ofs: 0 B
+- disk:
+ name: "/dev/ram9"
+ size: 2 GiB
+ block_size: 0.5 KiB
+ io_size: 0 B
+ min_grain: 1 MiB
+ align_ofs: 0 B
+- disk:
+ name: "/dev/ram10"
+ size: 2 GiB
+ block_size: 0.5 KiB
+ io_size: 0 B
+ min_grain: 1 MiB
+ align_ofs: 0 B
+- disk:
+ name: "/dev/ram11"
+ size: 2 GiB
+ block_size: 0.5 KiB
+ io_size: 0 B
+ min_grain: 1 MiB
+ align_ofs: 0 B
+- disk:
+ name: "/dev/ram12"
+ size: 2 GiB
+ block_size: 0.5 KiB
+ io_size: 0 B
+ min_grain: 1 MiB
+ align_ofs: 0 B
+- disk:
+ name: "/dev/ram13"
+ size: 2 GiB
+ block_size: 0.5 KiB
+ io_size: 0 B
+ min_grain: 1 MiB
+ align_ofs: 0 B
+- disk:
+ name: "/dev/ram14"
+ size: 2 GiB
+ block_size: 0.5 KiB
+ io_size: 0 B
+ min_grain: 1 MiB
+ align_ofs: 0 B
+- disk:
+ name: "/dev/ram15"
+ size: 2 GiB
+ block_size: 0.5 KiB
+ io_size: 0 B
+ min_grain: 1 MiB
+ align_ofs: 0 B
+- disk:
+ name: "/dev/sda"
+ size: 70 GiB
+ block_size: 0.5 KiB
+ io_size: 0 B
+ min_grain: 1 MiB
+ align_ofs: 0 B
+ partition_table: gpt
+ partitions:
+ - free:
+ size: 1 MiB
+ start: 0 B
+ - partition:
+ size: 8 MiB
+ start: 1 MiB
+ name: "/dev/sda1"
+ type: primary
+ id: bios_boot
+ - partition:
+ size: 69622 MiB (67.99 GiB)
+ start: 9 MiB
+ name: "/dev/sda2"
+ type: primary
+ id: linux
+ - partition:
+ size: 2098159.5 KiB (2.00 GiB)
+ start: 69631 MiB (68.00 GiB)
+ name: "/dev/sda3"
+ type: primary
+ id: swap
+ - free:
+ size: 16.5 KiB
+ start: 73400303.5 KiB (70.00 GiB)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-5.0.25/test/y2storage/autoinst_proposal_encryption_test.rb
new/yast2-storage-ng-5.0.27/test/y2storage/autoinst_proposal_encryption_test.rb
---
old/yast2-storage-ng-5.0.25/test/y2storage/autoinst_proposal_encryption_test.rb
2025-02-12 13:33:29.000000000 +0100
+++
new/yast2-storage-ng-5.0.27/test/y2storage/autoinst_proposal_encryption_test.rb
2025-02-24 16:18:28.000000000 +0100
@@ -36,7 +36,7 @@
end
let(:scenario) { "empty_disks" }
- let(:issues_list) { ::Installation::AutoinstIssues::List.new }
+ let(:issues_list) { Installation::AutoinstIssues::List.new }
let(:partitioning) do
[
@@ -280,5 +280,64 @@
expect(mount_points).to contain_exactly("/boot", "/")
end
end
+
+ context "when using pervasive LUKS2 method" do
+ before do
+ allow(Yast::Execute).to receive(:locally).with(/zkey/, any_args)
+ allow_any_instance_of(Y2Storage::EncryptionMethod::PervasiveLuks2).to
receive(:available?)
+ .and_return(true)
+
+ allow(Y2Storage::EncryptionProcesses::Apqn).to
receive(:all).and_return(apqns)
+ end
+
+ let(:apqns) { [apqn1, apqn2, apqn3] }
+ let(:apqn1) do
+ instance_double(Y2Storage::EncryptionProcesses::Apqn, name: "01.0001",
type: "CEX5C",
+ mode: "CCA_Coproc", status: "online", master_key_pattern:
"0x654478", online?: true)
+ end
+ let(:apqn2) do
+ instance_double(Y2Storage::EncryptionProcesses::Apqn, name: "02.0001",
status: "offline",
+ master_key_pattern: nil, online?: false)
+ end
+ let(:apqn3) do
+ instance_double(Y2Storage::EncryptionProcesses::Apqn, name: "02.0002",
status: "online",
+ mode: "EP11-Coproc", master_key_pattern: nil, online?: true)
+ end
+
+ let(:password) { "s3cr3t" }
+ let(:method) { Y2Storage::EncryptionMethod::PERVASIVE_LUKS2 }
+ let(:apqn_name) { "01.0001" }
+
+ let(:partition) do
+ { "mount" => "/", "crypt_key" => password, "crypt_method" => method.id,
+"crypt_pervasive_apqns" => [apqn_name] }
+ end
+
+ it "encrypts the device with PERVASIVE LUKS2 as encryption method" do
+ proposal.propose
+ enc = proposal.devices.encryptions.first
+ expect(enc.method).to eq method
+ end
+
+ context "when an apqn is specified" do
+ context "and the selected APNs are online and with a proper master key
pattern configured" do
+ it "encrypts the device with the selected apqn" do
+ expect_any_instance_of(Y2Storage::BlkDevice).to
receive(:encrypt).with(method: method,
+ password: password, apqns: [apqn1], key_type:
nil).and_call_original
+ proposal.propose
+ end
+ end
+
+ context "and the selected APNs are not valid candidates to be used" do
+ let(:apqn_name) { "02.0001" }
+
+ it "encrypts the device with no APQNs selected explicitly" do
+ expect_any_instance_of(Y2Storage::BlkDevice).to
receive(:encrypt).with(method: method,
+ password: password, apqns: [], key_type: nil).and_call_original
+ proposal.propose
+ end
+ end
+ end
+ end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-storage-ng-5.0.25/test/y2storage/disk_analyzer_test.rb
new/yast2-storage-ng-5.0.27/test/y2storage/disk_analyzer_test.rb
--- old/yast2-storage-ng-5.0.25/test/y2storage/disk_analyzer_test.rb
2025-02-12 13:33:29.000000000 +0100
+++ new/yast2-storage-ng-5.0.27/test/y2storage/disk_analyzer_test.rb
2025-02-24 16:18:28.000000000 +0100
@@ -704,5 +704,13 @@
end
end
end
+
+ context "when there are some RAM disks (PXE scenario with Agama)" do
+ let(:scenario) { "agama_pxe" }
+
+ it "includes only the real physical disks" do
+ expect(candidate_disks).to eq ["/dev/sda"]
+ end
+ end
end
end
