Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package sdbootutil for openSUSE:Factory
checked in at 2025-04-22 17:26:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sdbootutil (Old)
and /work/SRC/openSUSE:Factory/.sdbootutil.new.30101 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sdbootutil"
Tue Apr 22 17:26:01 2025 rev:58 rq:1271173 version:1+git20250421.7ffd25a
Changes:
--------
--- /work/SRC/openSUSE:Factory/sdbootutil/sdbootutil.changes 2025-04-10
21:58:33.874886638 +0200
+++ /work/SRC/openSUSE:Factory/.sdbootutil.new.30101/sdbootutil.changes
2025-04-22 17:26:23.958337888 +0200
@@ -1,0 +2,8 @@
+Mon Apr 21 13:43:47 UTC 2025 - Alberto Planas Dominguez <apla...@suse.com>
+
+- Update to version 1+git20250421.7ffd25a:
+ * Report when PCR 15 cannot be predicted
+ * Reap failed keys
+ * Improve asking passwords (bsc#1241171)
+
+-------------------------------------------------------------------
Old:
----
sdbootutil-1+git20250410.9086124.obscpio
New:
----
sdbootutil-1+git20250421.7ffd25a.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sdbootutil.spec ++++++
--- /var/tmp/diff_new_pack.q8X5a3/_old 2025-04-22 17:26:24.534362061 +0200
+++ /var/tmp/diff_new_pack.q8X5a3/_new 2025-04-22 17:26:24.534362061 +0200
@@ -17,7 +17,7 @@
Name: sdbootutil
-Version: 1+git20250410.9086124
+Version: 1+git20250421.7ffd25a
Release: 0
Summary: bootctl wrapper for BLS boot loaders
License: MIT
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.q8X5a3/_old 2025-04-22 17:26:24.574363740 +0200
+++ /var/tmp/diff_new_pack.q8X5a3/_new 2025-04-22 17:26:24.578363908 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/openSUSE/sdbootutil.git</param>
- <param
name="changesrevision">9086124f43b45a091e628146d54599a9e392d0a1</param></service></servicedata>
+ <param
name="changesrevision">7ffd25a7fc661511d0305a855d045c5e77306d5a</param></service></servicedata>
(No newline at EOF)
++++++ sdbootutil-1+git20250410.9086124.obscpio ->
sdbootutil-1+git20250421.7ffd25a.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sdbootutil-1+git20250410.9086124/sdbootutil
new/sdbootutil-1+git20250421.7ffd25a/sdbootutil
--- old/sdbootutil-1+git20250410.9086124/sdbootutil 2025-04-10
14:05:39.000000000 +0200
+++ new/sdbootutil-1+git20250421.7ffd25a/sdbootutil 2025-04-21
15:33:39.000000000 +0200
@@ -358,6 +358,29 @@
# session keyring, so we cannot do `keyctl unlink "$keyid" @s`
}
+ask_password()
+{
+ local msg="$1"
+ local -n nameref_pw="$2"
+ read -r -s -p "$msg: " nameref_pw
+ echo >&2
+}
+
+ask_new_password()
+{
+ local msg="$1"
+ local -n nameref_pw="$2"
+ local pw1 pw2
+ ask_password "New $msg" pw1
+ ask_password "Re-type $msg" pw2
+ if [ "$pw1" = "$pw2" ]; then
+ # shellcheck disable=SC2034
+ nameref_pw="$pw1"
+ else
+ error "Inputs did't match!"
+ fi
+}
+
subvol_is_ro()
{
[ -n "$have_snapshots" ] || return 0
@@ -2470,7 +2493,7 @@
keyid="$(keyctl id %user:sdbootutil 2> /dev/null)" || true
keyid_int="$(keyctl id %user:sdbootutil-pin 2> /dev/null)" || true
if [ -n "$arg_ask_key_pin_or_pw" ]; then
- read -r -s -p "Recovery PIN: " pin
+ ask_password "Recovery PIN" pin
extra=("--recovery-pin=yes")
elif [ -n "$PIN" ]; then
pin="$PIN"
@@ -2596,7 +2619,7 @@
elif [ -n "$keyid" ]; then
pw="$(keyctl pipe "$keyid")"
else
- read -r -s -p "Password for $dev: " pw
+ ask_password "Password for $dev" pw
# If the key was missing for all the keyrings put back
# into the cryptenroll keyring, as there is a chance
# that this is part or a re-enrollment
@@ -2611,12 +2634,13 @@
local pw out
pw="$(get_volume_password "$dev")"
out="$(cryptsetup luksDump --batch-mode --dump-master-key "$dev"
<<<"$pw")" || {
- # If luksDump fais, remove the password from the
+ # If luksDump fails, remove the password from the
# keyring. Can be that the password was wrong, and
# systemd-cryptenroll ask later for the password.
# Both passwords can appear in the keyring separated
# by NULL
keyctl revoke %user:cryptenroll 2> /dev/null || true
+ keyctl reap 2> /dev/null || true
return 1
}
echo "$out" | sed -n '/MK dump:/,$p' | sed -E 's/MK
dump:|[[:blank:]]+//g' | sed -z 's/\n//g'
@@ -2686,7 +2710,9 @@
# cannot nest two reads (one for crypttab and another for the
# password)
for dev in "${devs[@]}"; do
- vks+=("$(get_volume_key "$dev")")
+ local vk="$(get_volume_key "$dev")"
+ [ -n "$vk" ] || { warn "Volume key cannot be extracted.
Dropping PCR 15"; return 0; }
+ vks+=("$vk")
done
rm -f /var/lib/sdbootutil/measure-pcr-prediction
@@ -3036,7 +3062,7 @@
keyid="$(keyctl id %user:sdbootutil 2> /dev/null)" || true
keyid_int="$(keyctl id %user:sdbootutil-pin 2> /dev/null)" || true
if [ -n "$arg_ask_key_pin_or_pw" ]; then
- read -r -s -p "Recovery key: " key
+ ask_new_password "recovery key" key
elif [ -n "$KEY" ]; then
key="$KEY"
elif [ -n "$keyid_int" ]; then
@@ -3256,7 +3282,7 @@
if [ "$arg_method" = "tpm2+pin" ]; then
keyid="$(keyctl id %user:sdbootutil 2> /dev/null)" || true
if [ -n "$arg_ask_key_pin_or_pw" ]; then
- read -r -s -p "TPM2 PIN: " pin_or_pw
+ ask_new_password "TPM2 PIN" pin_or_pw
elif [ -n "$PIN" ]; then
pin_or_pw="$PIN"
elif [ -n "$keyid" ]; then
@@ -3267,7 +3293,7 @@
elif [ "$arg_method" = "password" ]; then
keyid="$(keyctl id %user:sdbootutil 2> /dev/null)" || true
if [ -n "$arg_ask_key_pin_or_pw" ]; then
- read -r -s -p "Password: " pin_or_pw
+ ask_new_password "password" pin_or_pw
elif [ -n "$PW" ]; then
pin_or_pw="$PW"
elif [ -n "$keyid" ]; then
++++++ sdbootutil.obsinfo ++++++
--- /var/tmp/diff_new_pack.q8X5a3/_old 2025-04-22 17:26:24.698368944 +0200
+++ /var/tmp/diff_new_pack.q8X5a3/_new 2025-04-22 17:26:24.702369111 +0200
@@ -1,5 +1,5 @@
name: sdbootutil
-version: 1+git20250410.9086124
-mtime: 1744286739
-commit: 9086124f43b45a091e628146d54599a9e392d0a1
+version: 1+git20250421.7ffd25a
+mtime: 1745242419
+commit: 7ffd25a7fc661511d0305a855d045c5e77306d5a
