Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package rust-keylime for openSUSE:Factory checked in at 2026-01-08 15:25:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rust-keylime (Old) and /work/SRC/openSUSE:Factory/.rust-keylime.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rust-keylime" Thu Jan 8 15:25:53 2026 rev:31 rq:1325856 version:0.2.8+96 Changes: -------- --- /work/SRC/openSUSE:Factory/rust-keylime/rust-keylime.changes 2025-08-21 16:54:10.849057367 +0200 +++ /work/SRC/openSUSE:Factory/.rust-keylime.new.1928/rust-keylime.changes 2026-01-08 15:26:39.287125974 +0100 @@ -1,0 +2,91 @@ +Wed Jan 07 15:53:59 UTC 2026 - [email protected] + +- Use tmpfiles.d for /var directories (PED-14736) + +- Update to version 0.2.8+96: + * build(deps): bump wiremock from 0.6.4 to 0.6.5 + * build(deps): bump actions/checkout from 5 to 6 + * build(deps): bump chrono from 0.4.41 to 0.4.42 + * packit: Get coverage from Fedora 43 runs + * Fix issues pointed out by clippy + * Replace mutex unwraps with proper error handling in TPM library + * Remove unused session request methods from StructureFiller + * Fix config panic on missing ek_handle in push model agent + * build(deps): bump tempfile from 3.21.0 to 3.23.0 + * build(deps): bump actions/upload-artifact from 4 to 6 (#1163) + * Fix clippy warnings project-wide + * Add KEYLIME_DIR support for verifier TLS certificates in push model agent + * Thread privileged resources and use MeasurementList for IMA reading + * Add privileged resource initialization and privilege dropping to push model agent + * Fix privilege dropping order in run_as() + * add documentation on FQDN hostnames + * Remove confusing logs for push mode agent + * Set correct default Verifier port (8891->8881) (#1159) + * Add verifier_url to reference configuration file (#1158) + * Add TLS support for Registrar communication (#1139) + * Fix agent handling of 403 registration responses (#1154) + * Add minor README.md rephrasing (#1151) + * build(deps): bump actions/checkout from 5 to 6 (#1153) + * ci: update spec files for packit COPR build + * docs: improve challenge encoding and async TPM documentation + * refactor: improve middleware and error handling + * feat: add authentication client with middleware integration + * docker: Include keylime_push_model_agent binary + * Include attestation_interval configuration (#1146) + * Persist payload keys to avoid attestation failure on restart + * crypto: Implement the load or generate pattern for keys + * Use simple algorithm specifiers in certification_keys object (#1140) + * tests: Enable more tests in CI + * Fix RSA2048 algorithm reporting in keylime agent + * Remove disabled_signing_algorithms configuration + * rpm: Fix metadata patches to apply to current code + * workflows/rpm.yml: Use more strict patching + * build(deps): bump uuid from 1.17.0 to 1.18.1 + * Fix ECC algorithm selection and reporting for keylime agent + * Improve logging consistency and coherency + * Implement minimal RFC compliance for Location header and URI parsing (#1125) + * Use separate keys for payload mechanism and mTLS + * docker: update rust to 1.81 for distroless Dockerfile + * Ensure UEFI log capabilities are set to false + * build(deps): bump http from 1.1.0 to 1.3.1 + * build(deps): bump log from 0.4.27 to 0.4.28 + * build(deps): bump cfg-if from 1.0.1 to 1.0.3 + * build(deps): bump actix-rt from 2.10.0 to 2.11.0 + * build(deps): bump async-trait from 0.1.88 to 0.1.89 + * build(deps): bump trybuild from 1.0.105 to 1.0.110 + * Accept evidence handling structures null entries + * workflows: Add test to check if RPM patches still apply + * CI: Enable test add-agent-with-malformed-ek-cert + * config: Fix singleton tests + * FSM: Remove needless lifetime annotations (#1105) + * rpm: Do not remove wiremock which is now available in Fedora + * Use latest Fedora httpdate version (1.0.3) + * Enhance coverage with parse_retry_after test + * Fix issues reported by CI regarding unwrap() calls + * Reuse max retries indicated to the ResilientClient + * Include limit of retries to 5 for Retry-After + * Add policy to handle Retry-After response headers + * build(deps): bump wiremock from 0.6.3 to 0.6.4 + * build(deps): bump serde_json from 1.0.140 to 1.0.143 + * build(deps): bump pest_derive from 2.8.0 to 2.8.1 + * build(deps): bump syn from 2.0.90 to 2.0.106 + * build(deps): bump tempfile from 3.20.0 to 3.21.0 + * build(deps): bump thiserror from 2.0.12 to 2.0.16 + * rpm: Fix patches to apply to current master code + * build(deps): bump anyhow from 1.0.98 to 1.0.99 + * state_machine: Automatically clean config override during tests + * config: Implement singleton and factory pattern + * testing: Support overriding configuration during tests + * feat: implement standalone challenge-response authentication module + * structures: rename session structs for clarity and fix typos + * tpm: refactor certify_credential_with_iak() into a more generic function + * Add Push Model Agent Mermaid FSM chart (#1095) + * Add state to avoid exiting on wrong attestation (#1093) + * Add 6 alphanumeric lowercase X-Request-ID header + * Enhance Evidence Handling response parsing + * build(deps): bump quote from 1.0.35 to 1.0.40 + * build(deps): bump libc from 0.2.172 to 0.2.175 + * build(deps): bump glob from 0.3.2 to 0.3.3 + * build(deps): bump actix-web from 4.10.2 to 4.11.0 + +------------------------------------------------------------------- Old: ---- rust-keylime-0.2.8+12.tar.zst tmpfiles.keylime New: ---- rust-keylime-0.2.8+96.tar.zst rust-keylime.conf ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rust-keylime.spec ++++++ --- /var/tmp/diff_new_pack.7XfDu7/_old 2026-01-08 15:26:43.251290148 +0100 +++ /var/tmp/diff_new_pack.7XfDu7/_new 2026-01-08 15:26:43.251290148 +0100 @@ -1,7 +1,7 @@ # # spec file for package rust-keylime # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,7 +25,7 @@ %define _config_norepl %config(noreplace) %endif Name: rust-keylime -Version: 0.2.8+12 +Version: 0.2.8+96 Release: 0 Summary: Rust implementation of the keylime agent License: (Apache-2.0 OR MIT) AND BSD-3-Clause AND (Apache-2.0 OR MIT) AND Unicode-DFS-2016 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR MIT OR Zlib) AND (MIT OR Unlicense) AND (Apache-2.0 OR Zlib OR MIT) AND Apache-2.0 AND Apache-2.0 WITH LLVM-exception AND BSD-3-Clause AND ISC AND MIT @@ -35,7 +35,7 @@ Source2: cargo_config Source3: keylime.xml Source4: keylime-user.conf -Source5: tmpfiles.keylime +Source5: rust-keylime.conf Source6: ima-policy Source7: ima-policy.service Source8: README.suse @@ -97,13 +97,9 @@ install -Dpm 0644 %{SOURCE3} %{buildroot}%{_prefix}/lib/firewalld/services/keylime.xml install -Dpm 0644 %{SOURCE4} %{buildroot}%{_sysusersdir}/keylime-user.conf -install -Dpm 0644 %{SOURCE5} %{buildroot}%{_tmpfilesdir}/keylime.conf -install -d %{buildroot}%{_localstatedir}/log/keylime +install -Dpm 0644 %{SOURCE5} %{buildroot}%{_tmpfilesdir}/rust-keylime.conf install -d %{buildroot}%{_libexecdir}/keylime -# Create work directory and the certificate directory -mkdir -p %{buildroot}%{_sharedstatedir}/keylime/cv_ca - install -Dpm 0644 %{SOURCE6} %{buildroot}%{_sysconfdir}/ima/ima-policy install -Dpm 0644 %{SOURCE7} %{buildroot}%{_unitdir}/ima-policy.service @@ -116,7 +112,7 @@ %post %firewalld_reload -%tmpfiles_create keylime.conf +%tmpfiles_create %{_tmpfilesdir}/rust-keylime.conf %service_add_post keylime_agent.service %service_add_post var-lib-keylime-secure.mount @@ -141,11 +137,9 @@ %dir %{_prefix}/lib/firewalld/services %{_prefix}/lib/firewalld/services/keylime.xml %{_sysusersdir}/keylime-user.conf -%{_tmpfilesdir}/keylime.conf -%dir %attr(0750,keylime,tss) %{_localstatedir}/log/keylime +%dir %{_tmpfilesdir} +%{_tmpfilesdir}/rust-keylime.conf %dir %attr(0750,keylime,tss) %{_libexecdir}/keylime -%dir %attr(0700,keylime,tss) %{_sharedstatedir}/keylime -%dir %attr(0700,keylime,tss) %{_sharedstatedir}/keylime/cv_ca %files -n keylime-ima-policy %dir %attr(0750,root,root) %{_sysconfdir}/ima ++++++ Cargo_lock.patch ++++++ ++++ 3693 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/rust-keylime/Cargo_lock.patch ++++ and /work/SRC/openSUSE:Factory/.rust-keylime.new.1928/Cargo_lock.patch ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.7XfDu7/_old 2026-01-08 15:26:43.339293792 +0100 +++ /var/tmp/diff_new_pack.7XfDu7/_new 2026-01-08 15:26:43.339293792 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/keylime/rust-keylime.git</param> - <param name="changesrevision">a56fc94c2d8c8dc4b48aaf13bf514964ac548aab</param></service></servicedata> + <param name="changesrevision">e658b57da74e1255f6c05088bed9bdcbad75a541</param></service></servicedata> (No newline at EOF) ++++++ keylime-agent.conf.diff ++++++ --- /var/tmp/diff_new_pack.7XfDu7/_old 2026-01-08 15:26:43.403296443 +0100 +++ /var/tmp/diff_new_pack.7XfDu7/_new 2026-01-08 15:26:43.415296940 +0100 @@ -1,8 +1,8 @@ diff --git i/keylime-agent.conf w/keylime-agent.conf -index d6e8615..75994c4 100644 +index 49124f3..5dd707b 100644 --- i/keylime-agent.conf +++ w/keylime-agent.conf -@@ -29,13 +29,15 @@ api_versions = "default" +@@ -33,14 +33,16 @@ api_versions = "default" # of 'SHA256(public EK in PEM format)'. # # To override, set KEYLIME_AGENT_UUID environment variable. @@ -10,7 +10,8 @@ +# uuid = "d432fbb3-d2f1-4a97-9ef7-75bd81c00000" +uuid = "generate" - # The binding IP address and port for the agent server + # The binding IP address or hostname (FQDN) and port for the agent server + # Supports IPv4, IPv6, or fully qualified domain names # # To override ip, set KEYLIME_AGENT_IP environment variable. # To override port, set KEYLIME_AGENT_PORT environment variable. @@ -19,8 +20,8 @@ +ip = "0.0.0.0" port = 9002 - # Address and port where the verifier and tenant can connect to reach the agent. -@@ -51,7 +53,8 @@ contact_port = 9002 + # Address (IP or hostname/FQDN) and port where the verifier and tenant can connect to reach the agent. +@@ -58,7 +60,8 @@ contact_port = 9002 # To override registrar_ip, set KEYLIME_AGENT_REGISTRAR_IP environment variable. # To override registrar_port, set KEYLIME_AGENT_REGISTRAR_PORT environment # variable. @@ -30,7 +31,7 @@ registrar_port = 8890 # Enable mTLS communication between agent, verifier and tenant. -@@ -161,7 +164,8 @@ revocation_actions_dir = "/usr/libexec/keylime" +@@ -191,7 +194,8 @@ revocation_actions_dir = "/usr/libexec/keylime" # KEYLIME_AGENT_REVOCATION_NOTIFICATION_IP environment variable. # To override revocation_notification_port, set # KEYLIME_AGENT_REVOCATION_NOTIFICATION_PORT environment variable. ++++++ rust-keylime-0.2.8+12.tar.zst -> rust-keylime-0.2.8+96.tar.zst ++++++ ++++ 16946 lines of diff (skipped) ++++++ rust-keylime.conf ++++++ #Type Path Mode User Group Age Argument... d /var/log/keylime 0750 keylime tss - - d /var/lib/keylime 0700 keylime tss - - d /var/lib/keylime/cv_ca 0700 keylime tss - - d /run/keylime 0700 keylime tss - - ++++++ rust-keylime.obsinfo ++++++ --- /var/tmp/diff_new_pack.7XfDu7/_old 2026-01-08 15:26:43.779312016 +0100 +++ /var/tmp/diff_new_pack.7XfDu7/_new 2026-01-08 15:26:43.783312181 +0100 @@ -1,5 +1,5 @@ name: rust-keylime -version: 0.2.8+12 -mtime: 1755679596 -commit: a56fc94c2d8c8dc4b48aaf13bf514964ac548aab +version: 0.2.8+96 +mtime: 1767778745 +commit: e658b57da74e1255f6c05088bed9bdcbad75a541 ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/rust-keylime/vendor.tar.zst /work/SRC/openSUSE:Factory/.rust-keylime.new.1928/vendor.tar.zst differ: char 7, line 1
