Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package disk-encryption-tool for
openSUSE:Factory checked in at 2025-03-26 21:16:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/disk-encryption-tool (Old)
and /work/SRC/openSUSE:Factory/.disk-encryption-tool.new.2696 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "disk-encryption-tool"
Wed Mar 26 21:16:33 2025 rev:15 rq:1255636 version:1+git20241213.2504619
Changes:
--------
---
/work/SRC/openSUSE:Factory/disk-encryption-tool/disk-encryption-tool.changes
2024-11-14 16:07:25.243609819 +0100
+++
/work/SRC/openSUSE:Factory/.disk-encryption-tool.new.2696/disk-encryption-tool.changes
2025-03-26 21:16:48.002043269 +0100
@@ -1,0 +2,15 @@
+Mon Mar 24 13:17:06 UTC 2025 - apla...@suse.com
+
+- Update to version 1+git20241213.2504619:
+ * Do not mark swap as x-initrd.attach
+ * Check root_options to skip cr_root encryption
+
+-------------------------------------------------------------------
+Fri Dec 06 09:11:27 UTC 2024 - apla...@suse.com
+
+- Update to version 1+git20241129.1c9848e:
+ * Support swap partititons
+ * Drop x-initrd.mount tag in crypttab
+ * Increase the key timeout to 1h
+
+-------------------------------------------------------------------
Old:
----
disk-encryption-tool-1+git20241112.f83dfa0.obscpio
New:
----
disk-encryption-tool-1+git20241213.2504619.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ disk-encryption-tool.spec ++++++
--- /var/tmp/diff_new_pack.fX0Pq4/_old 2025-03-26 21:16:49.946123943 +0100
+++ /var/tmp/diff_new_pack.fX0Pq4/_new 2025-03-26 21:16:49.954124275 +0100
@@ -1,7 +1,7 @@
#
# spec file for package disk-encryption-tool
#
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
Name: disk-encryption-tool
-Version: 1+git20241112.f83dfa0
+Version: 1+git20241213.2504619
Release: 0
Summary: Tool to reencrypt kiwi raw images
License: MIT
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.fX0Pq4/_old 2025-03-26 21:16:50.190134069 +0100
+++ /var/tmp/diff_new_pack.fX0Pq4/_new 2025-03-26 21:16:50.202134567 +0100
@@ -3,6 +3,6 @@
<param
name="url">https://github.com/lnussel/disk-encryption-tool.git</param>
<param
name="changesrevision">702dff62d37b74244b58b41f78b41cd2befe581b</param></service><service
name="tar_scm">
<param
name="url">https://github.com/openSUSE/disk-encryption-tool.git</param>
- <param
name="changesrevision">f83dfa0842cb1cb92b25bbb8761fb0b34a55bb65</param></service></servicedata>
+ <param
name="changesrevision">2504619af79099a907b707e8f11abee6ad3109d7</param></service></servicedata>
(No newline at EOF)
++++++ disk-encryption-tool-1+git20241112.f83dfa0.obscpio ->
disk-encryption-tool-1+git20241213.2504619.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/disk-encryption-tool-1+git20241112.f83dfa0/disk-encryption-tool
new/disk-encryption-tool-1+git20241213.2504619/disk-encryption-tool
--- old/disk-encryption-tool-1+git20241112.f83dfa0/disk-encryption-tool
2024-11-12 14:56:12.000000000 +0100
+++ new/disk-encryption-tool-1+git20241213.2504619/disk-encryption-tool
2024-12-13 10:00:25.000000000 +0100
@@ -203,50 +203,62 @@
fi
shift 2
-declare loop_TYPE
+declare loop_TYPE is_btrfs is_swap
eval "$(blkid -c /dev/null -o export "$blkpart"|sed 's/^/loop_/')"
[ "$loop_TYPE" != crypto_LUKS ] || { echo "Already encrypted"; exit 0; }
-[ "$loop_TYPE" = btrfs ] || err "File system is ${loop_TYPE:-unknown} but only
btrfs is supported"
+[ "$loop_TYPE" != btrfs ] || is_btrfs=1
+[ "$loop_TYPE" != swap ] || is_swap=1
-if [ -z "$mounted" ]; then
- log_info "mounting fs"
- mkdir -p "$tmpdir/mnt"
- mount -t btrfs -o rw "${blkpart}" "$tmpdir/mnt"
- mp="$tmpdir/mnt"
-else
- mountpoint -q "$mp" || err "$mp is not mounted"
- findmnt -o SOURCE,TARGET,FSTYPE,OPTIONS -Rvn --pairs "$mp" >
"$tmpdir/mounts"
- mount -o remount,rw "$mp"
-fi
-
-read -r minsize bytes _rest < <(btrfs inspect-internal min-dev-size "$mp")
-isdigits "$minsize" || err "Failed to read minimum btrfs size"
-[ "$bytes" = 'bytes' ] || err "Failed to read minimum btrfs size"
-
-log_info "resizing fs"
-btrfs filesystem resize "$minsize" "$mp"
-
-if [ -e "$tmpdir/mounts" ]; then
- # subshell intentional here
- tac "$tmpdir/mounts" | while read -r line; do
- eval "$line"
- umount "$TARGET"
- done
-else
- umount "$mp"
-fi
-unset mp
+if [ -n "$is_btrfs" ]; then
+ if [ -z "$mounted" ]; then
+ log_info "mounting fs"
+ mkdir -p "$tmpdir/mnt"
+ mount -t btrfs -o rw "${blkpart}" "$tmpdir/mnt"
+ mp="$tmpdir/mnt"
+ else
+ mountpoint -q "$mp" || err "$mp is not mounted"
+ findmnt -o SOURCE,TARGET,FSTYPE,OPTIONS -Rvn --pairs "$mp" >
"$tmpdir/mounts"
+ mount -o remount,rw "$mp"
+ fi
-settle_umount_events
+ read -r minsize bytes _rest < <(btrfs inspect-internal min-dev-size
"$mp")
+ isdigits "$minsize" || err "Failed to read minimum btrfs size"
+ [ "$bytes" = 'bytes' ] || err "Failed to read minimum btrfs size"
+
+ log_info "resizing fs"
+ btrfs filesystem resize "$minsize" "$mp"
+
+ if [ -e "$tmpdir/mounts" ]; then
+ # Subshell intentional here
+ tac "$tmpdir/mounts" | while read -r line; do
+ eval "$line"
+ umount "$TARGET"
+ done
+ else
+ umount "$mp"
+ fi
+ unset mp
-# Shrink partition to a minimum so reencryption doesn't write
-# everything
-log_info "resizing partition"
-echo "size=$((minsize/1024+32*1024))KiB" | sfdisk --force --no-reread -q -N
"$partno" "$blkdev" &> /dev/null
-udevadm settle
-if [ -e /etc/initrd-release ]; then
- # seems to be the only way to tell the kernel about a specific
partition change
- partx -u --nr "$partno" "$blkdev" || :
+ settle_umount_events
+elif [ -n "$is_swap" ]; then
+ # sfdisk returns the size in Kilobytes. We choose a very small
+ # size, as in any case we need to do the mkswap later again
+ minsize=$(($(sfdisk --show-size "$blkpart")*1024))
+ minswap=$((512*1024))
+ minsize=$((minsize < minswap ? minsize : minswap))
+fi
+
+if [ -n "$is_btrfs" ] || [ -n "$is_swap" ]; then
+ # Shrink partition to a minimum so reencryption doesn't write
+ # everything
+ log_info "resizing partition"
+ echo "size=$((minsize/1024+32*1024))KiB" | sfdisk --force --no-reread
-q -N "$partno" "$blkdev" &> /dev/null
+ udevadm settle
+ if [ -e /etc/initrd-release ]; then
+ # Seems to be the only way to tell the kernel about a
+ # specific partition change
+ partx -u --nr "$partno" "$blkdev" || :
+ fi
fi
# If a keyring is set, see if the password is stored there and recover
@@ -262,7 +274,7 @@
password="$(dd if=/dev/urandom bs=8 count=1 2> /dev/null | base64)"
if [ -n "$keyring" ]; then
echo -n "$password" | keyctl padd user "$keyring" @u > /dev/null
- keyctl timeout %user:"$keyring" 600
+ keyctl timeout %user:"$keyring" 3600
fi
[ -z "$verbose" ] || echo -e "Enrollment key: \e[1m$password\e[m"
fi
@@ -270,34 +282,49 @@
echo "Encrypting..."
encrypt "$@"
-log_info "grow partition again"
-echo ", +" | sfdisk --no-reread -q -N "$partno" "$blkdev" &> /dev/null
-if [ -e /etc/initrd-release ]; then
- # seems to be the only way to tell the kernel about a specific
partition change
- partx -u --nr "$partno" "$blkdev" || :
- cryptsetup resize "$cr_name" <<<"$password"
+if [ -n "$is_btrfs" ] || [ -n "$is_swap" ]; then
+ log_info "grow partition again"
+ # TODO: recover the size back
+ echo ", +" | sfdisk --no-reread -q -N "$partno" "$blkdev" &> /dev/null
+ if [ -e /etc/initrd-release ]; then
+ # Seems to be the only way to tell the kernel about a
+ # specific partition change
+ partx -u --nr "$partno" "$blkdev" || :
+ cryptsetup resize "$cr_name" <<<"$password"
+ fi
fi
-if [ -z "$mounted" ]; then
- mount -o rw "$cr_dev" "$tmpdir/mnt"
- mp="$tmpdir/mnt"
-else
- read -r line < "$tmpdir/mounts"
- eval "$line"
- mapfile -td, options < <(echo -n "$OPTIONS")
- for ((i=0;i<${#options};++i)); do [ "${options[i]}" = ro ] &&
options[i]=rw; done
- OPTIONS="$(IFS=, eval echo '"${options[*]}"')"
- [ "$SOURCE" = "$blkpart" ] && SOURCE="$cr_dev"
- mount "$cr_dev" "$TARGET" -t "$FSTYPE" -o "$OPTIONS"
- mp="$TARGET"
-fi
+if [ -n "$is_btrfs" ]; then
+ if [ -z "$mounted" ]; then
+ mount -o rw "$cr_dev" "$tmpdir/mnt"
+ mp="$tmpdir/mnt"
+ else
+ read -r line < "$tmpdir/mounts"
+ eval "$line"
+ mapfile -td, options < <(echo -n "$OPTIONS")
+ for ((i=0;i<${#options};++i)); do [ "${options[i]}" = ro ] &&
options[i]=rw; done
+ OPTIONS="$(IFS=, eval echo '"${options[*]}"')"
+ [ "$SOURCE" = "$blkpart" ] && SOURCE="$cr_dev"
+ mount "$cr_dev" "$TARGET" -t "$FSTYPE" -o "$OPTIONS"
+ mp="$TARGET"
+ fi
-log_info "resizing fs to max again"
-btrfs filesystem resize max "$mp"
+ log_info "resizing fs to max again"
+ btrfs filesystem resize max "$mp"
-root_mp="${root_mp:-$mp}"
+ root_mp="${root_mp:-$mp}"
-make_rw "$root_mp"
+ make_rw "$root_mp"
+elif [ -n "$is_swap" ]; then
+ declare loop_UUID
+ eval "$(blkid -c /dev/null -o export "$cr_dev"|sed 's/^/loop_/')"
+ if [ -n "$loop_UUID" ]; then
+ mkswap --uuid "$loop_UUID" "$cr_dev"
+ else
+ warn "Can't determine device UUID. Can't recreate swap with
same UUID"
+ mkswap "$cr_dev"
+ fi
+fi
declare loop_UUID
eval "$(blkid -c /dev/null -o export "$blkpart"|sed 's/^/loop_/')"
@@ -307,7 +334,7 @@
# TODO: should cr_etc and/or cr_var be attached to
# initrd in MicroOS?
if [ "$cr_name" = "cr_root" ]; then
- opts="x-initrd.mount,x-initrd.attach"
+ opts="x-initrd.attach"
fi
elif [ "$crypttab_options" != "none" ]; then
opts="$crypttab_options"
@@ -318,6 +345,8 @@
warn "Can't determine device UUID. Can't generate crypttab"
fi
-make_ro "$root_mp"
+if [ -n "$is_btrfs" ]; then
+ make_ro "$root_mp"
+fi
echo "Image encryption completed"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/disk-encryption-tool-1+git20241112.f83dfa0/disk-encryption-tool-dracut
new/disk-encryption-tool-1+git20241213.2504619/disk-encryption-tool-dracut
--- old/disk-encryption-tool-1+git20241112.f83dfa0/disk-encryption-tool-dracut
2024-11-12 14:56:12.000000000 +0100
+++ new/disk-encryption-tool-1+git20241213.2504619/disk-encryption-tool-dracut
2024-12-13 10:00:25.000000000 +0100
@@ -63,7 +63,7 @@
/usr/bin/disk-encryption-tool --keyring cryptenroll
--options "${options:-auto}" --root /sysroot "$device" "$cr_name" || die
"Encryption failed"
done
fi
- if [ "$root_cr_root" != "skip" ]; then
+ if [ "$root_options" != "skip" ]; then
echo "Encrypt /sysroot"
/usr/bin/disk-encryption-tool --keyring cryptenroll --options
"${root_options:-auto}" "/sysroot" "$root_cr_name" || die "Encryption failed"
fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/disk-encryption-tool-1+git20241112.f83dfa0/module-setup.sh
new/disk-encryption-tool-1+git20241213.2504619/module-setup.sh
--- old/disk-encryption-tool-1+git20241112.f83dfa0/module-setup.sh
2024-11-12 14:56:12.000000000 +0100
+++ new/disk-encryption-tool-1+git20241213.2504619/module-setup.sh
2024-12-13 10:00:25.000000000 +0100
@@ -16,7 +16,7 @@
install() {
instmods dmi_sysfs # for systemd credentials via smbios
inst_multiple -o cryptsetup-reencrypt
- inst_multiple cryptsetup btrfs mktemp getopt mountpoint findmnt sfdisk
tac sed keyctl partx
+ inst_multiple cryptsetup btrfs mkswap mktemp getopt mountpoint findmnt
sfdisk tac sed keyctl partx
inst_script "$moddir"/disk-encryption-tool /usr/bin/disk-encryption-tool
inst_script "$moddir"/disk-encryption-tool-dracut
/usr/bin/disk-encryption-tool-dracut
++++++ disk-encryption-tool.obsinfo ++++++
--- /var/tmp/diff_new_pack.fX0Pq4/_old 2025-03-26 21:16:51.002167766 +0100
+++ /var/tmp/diff_new_pack.fX0Pq4/_new 2025-03-26 21:16:51.026168762 +0100
@@ -1,5 +1,5 @@
name: disk-encryption-tool
-version: 1+git20241112.f83dfa0
-mtime: 1731419772
-commit: f83dfa0842cb1cb92b25bbb8761fb0b34a55bb65
+version: 1+git20241213.2504619
+mtime: 1734080425
+commit: 2504619af79099a907b707e8f11abee6ad3109d7
