Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package confidential-computing.tee.dcap.pccs
for openSUSE:Factory checked in at 2026-03-26 21:07:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/confidential-computing.tee.dcap.pccs (Old)
and
/work/SRC/openSUSE:Factory/.confidential-computing.tee.dcap.pccs.new.8177 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "confidential-computing.tee.dcap.pccs"
Thu Mar 26 21:07:52 2026 rev:2 rq:1342558 version:1.25
Changes:
--------
---
/work/SRC/openSUSE:Factory/confidential-computing.tee.dcap.pccs/confidential-computing.tee.dcap.pccs.changes
2026-03-09 16:11:18.064826159 +0100
+++
/work/SRC/openSUSE:Factory/.confidential-computing.tee.dcap.pccs.new.8177/confidential-computing.tee.dcap.pccs.changes
2026-03-27 06:37:53.901271121 +0100
@@ -1,0 +2,5 @@
+Wed Mar 25 12:34:56 UTC 2026 - [email protected]
+
+- Build sqlite3_bindings with confidential-computing.tee.dcap.pccs.patch
+
+-------------------------------------------------------------------
New:
----
confidential-computing.tee.dcap.pccs.patch
----------(New B)----------
New:
- Build sqlite3_bindings with confidential-computing.tee.dcap.pccs.patch
----------(New E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ confidential-computing.tee.dcap.pccs.spec ++++++
--- /var/tmp/diff_new_pack.6lietx/_old 2026-03-27 06:37:54.609300303 +0100
+++ /var/tmp/diff_new_pack.6lietx/_new 2026-03-27 06:37:54.609300303 +0100
@@ -18,6 +18,19 @@
%define pccs_user pccs
%global _buildshell /bin/bash
+%if %{defined primary_python}
+%define my_python_fix_shebang %python3_fix_shebang
+%define pythons %primary_python
+%else
+%if 0%{?sle_version} > 150300
+%define my_python_fix_shebang %python311_fix_shebang
+%global pythons python311
+%else
+%global pythons %nil
+%endif
+%endif
+%define mypyexe %{expand:%__%modern_python}
+
Name: confidential-computing.tee.dcap.pccs
Version: 1.25
Release: 0
@@ -26,6 +39,7 @@
URL: https://github.com/intel/confidential-computing.tee.dcap.pccs
ExclusiveArch: x86_64
Source0: %name-%version.tar
+Patch0: %name.patch
Source123: %name.node_modules.cpio
Source321: %name.node_modules.txt
BuildRequires: bash
@@ -49,13 +63,17 @@
Summary: Intel(R) Software Guard Extensions PCK Caching Service
BuildRequires: cpio
BuildRequires: gawk
-BuildRequires: pkgconfig(python3)
+BuildRequires: gcc-c++
+BuildRequires: make
+BuildRequires: nodejs-devel >= 22
+BuildRequires: %pythons-devel
+BuildRequires: pkgconfig(sqlite3)
BuildRequires: python-rpm-macros
BuildRequires: systemd-rpm-macros
Conflicts: intel-tee-pccs-admin-tool
Conflicts: sgx-dcap-pccs
-Requires: python3-keyring
-Requires: python3-requests
+Requires: %pythons-keyring
+Requires: %pythons-requests
Requires: system-user-%pccs_user = %version-%release
Requires(posttrans): system-user-%pccs_user = %version-%release
%systemd_requires
@@ -73,11 +91,12 @@
Platform Manifests), helping centralize the infrastructure set-up as well.
%files -n suse-sgx-dcap-pccs
+%doc README.txt
%license License.txt
%_bindir/pccsadmin.py
%_libexecdir/suse-sgx-dcap-pccs
%_unitdir/*.service
-%python3_sitearch/*
+%python_sitearch/*
%pre -n suse-sgx-dcap-pccs
%service_add_pre pccs.service
%post -n suse-sgx-dcap-pccs
@@ -93,35 +112,7 @@
%build
find \( -name "*.js" -o -name "*.py" \) -type f -exec chmod -c 644 '{}' +
-# avoids binary bindings
-sed --regexp-extended -i~ '
-s|^[[:blank:]]+//[[:blank:]]*"| "|
-s|^[[:blank:]]+//[[:blank:]]*}| }|
-s|[[:blank:]]//.*$||' service/config/default.json
-diff -u "$_"~ "$_" && exit 1
-python3 - <<'_EOS_'
-import json
-with open("service/config/default.json", "r") as f:
- content = json.load(f)
-with open("a.json", "w") as f:
- json.dump(content, f, indent=2, sort_keys=True)
- f.write('\n')
-content["DB_CONFIG"]="mysql"
-del content["sqlite"]
-with open("b.json", "w") as f:
- json.dump(content, f, indent=2, sort_keys=True)
- f.write('\n')
-_EOS_
-cat b.json
-mv b.json service/config/default.json
-rm a.json
-
-sed -i~ "
-s|^const __dirname.*|import os from 'os';|
-/filename: __dirname/s|^.*| filename: os.homedir() +
'/logs/pccs_server.log',|
-" service/utils/Logger.js
-diff -u "$_"~ "$_" && exit 1
-
+rm -fv service/config/default.json service/config/production.json
sed -i~ '1{s|^.*|#!%_bindir/node|}' service/pccs_server.js
diff -u "$_"~ "$_" && exit 1
@@ -129,14 +120,14 @@
/^After/{
s|^.*|After=network.target time-sync.target mariadb.service|
a\
-# Use %_libexecdir/suse-sgx-dcap-pccs/config/default.json as template\
-ConditionPathExists=%_localstatedir/lib/%pccs_user/config/default.json
+# Use %_libexecdir/suse-sgx-dcap-pccs/config/upstream.json as template\
+ConditionPathExists=%_libexecdir/suse-sgx-dcap-pccs/config/default.json
}
/^EnvironmentFile=/d
/^Environment=/d
/^ExecStart/s|^.*|ExecStart=%_libexecdir/suse-sgx-dcap-pccs/pccs_server.js|
/^User/s|^.*|User=%pccs_user|
-/^WorkingDirectory/s|^.*|WorkingDirectory=%_localstatedir/lib/%pccs_user|
+/^WorkingDirectory/s|^.*|WorkingDirectory=%_libexecdir/suse-sgx-dcap-pccs|
' service/pccs.service
diff -u "$_"~ "$_" && exit 1
@@ -173,6 +164,12 @@
fi
rm -- "./${tgz}"
done < <(gawk '{print $2}' %{SOURCE321})
+ export NODE_PATH=$PWD
+ export V=1
+ export PYTHON=$(type -P "%?mypyexe" | xargs --no-run-if-empty readlink
-f)
+ npm rebuild --verbose sqlite3
+ mv -t sqlite3 sqlite3/build/Release
+ rm -rf sqlite3/build
find \( \
-name .nyc_output -o \
-name .vscode -o \
@@ -185,6 +182,7 @@
-name docs -o \
-name emacs -o \
-name gyp -o \
+ -name node-addon-api -o \
-name test -o \
-name tests -o \
-name tools -o \
@@ -274,9 +272,9 @@
mv -t '%buildroot%_tmpfilesdir' "${suc}"
mkdir -p '%buildroot%_bindir'
-mkdir -p '%buildroot%python3_sitearch'
+mkdir -p '%buildroot%python_sitearch'
mv PccsAdminTool/pccsadmin.py '%buildroot%_bindir'
-mv PccsAdminTool/lib '%buildroot%python3_sitearch'
+mv PccsAdminTool/lib '%buildroot%python_sitearch'
pushd service
mkdir -p '%buildroot%_libexecdir/suse-sgx-dcap-pccs'
@@ -303,5 +301,23 @@
popd
mv -t '%buildroot%_libexecdir/suse-sgx-dcap-pccs' node_modules
-%python3_fix_shebang
+%my_python_fix_shebang
+
+tee README.txt <<'_EOR_'
+# Quickstart for pccs.service
+
+zypper in suse-sgx-dcap-pccs
+cp -i %_libexecdir/suse-sgx-dcap-pccs/config/upstream.json
%_libexecdir/suse-sgx-dcap-pccs/config/default.json
+edit %_libexecdir/suse-sgx-dcap-pccs/config/default.json
+ "DB_CONFIG": "sqlite",
+ "HTTPS_private_pem": "%_localstatedir/lib/%pccs_user/private.pem",
+ "HTTPS_file_crt": "%_localstatedir/lib/%pccs_user/file.crt",
+
+openssl genrsa -out ~%pccs_user/private.pem 2048
+openssl req -new -key ~%pccs_user/private.pem -out ~%pccs_user/csr.pem -subj
'/CN=localhost'
+openssl x509 -req -in ~%pccs_user/csr.pem -signkey ~%pccs_user/private.pem
-out ~%pccs_user/file.crt
+
+chown -c %pccs_user:%pccs_user
%_libexecdir/suse-sgx-dcap-pccs/config/default.json ~%pccs_user/private.pem
~%pccs_user/csr.pem ~%pccs_user/file.crt
+systemctl enable --now pccs.service
+_EOR_
++++++ _scmsync.obsinfo ++++++
--- /var/tmp/diff_new_pack.6lietx/_old 2026-03-27 06:37:54.653302117 +0100
+++ /var/tmp/diff_new_pack.6lietx/_new 2026-03-27 06:37:54.657302281 +0100
@@ -1,6 +1,6 @@
-mtime: 1772798488
-commit: b2f2a71154ec31fbe30412653cd71302b5208fc37d9854b81a460702975815aa
+mtime: 1774451645
+commit: 8ecb95ba7638ad8eb0fec0d6b15f495d8894c5c5bb62160de4169eca16ed5519
url: https://src.opensuse.org/SGX/confidential-computing.tee.dcap.pccs.git
-revision: b2f2a71154ec31fbe30412653cd71302b5208fc37d9854b81a460702975815aa
+revision: 8ecb95ba7638ad8eb0fec0d6b15f495d8894c5c5bb62160de4169eca16ed5519
projectscmsync: https://src.opensuse.org/SGX/_ObsPrj
++++++ build.specials.obscpio ++++++
++++++ build.specials.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.gitignore new/.gitignore
--- old/.gitignore 1970-01-01 01:00:00.000000000 +0100
+++ new/.gitignore 2026-03-25 16:16:25.000000000 +0100
@@ -0,0 +1,7 @@
+*.obscpio
+*.osc
+*~
+.pbuild
+_build.*
+_service:*
+package-lock.json
++++++ confidential-computing.tee.dcap.pccs.patch ++++++
---
service/config/default.json | 49 ------------------------------------------
service/config/upstream.json | 50 +++++++++++++++++++++++++++++++++++++++++++
service/pccs_server.js | 4 +--
service/utils/Logger.js | 7 ++----
service/utils/apputil.js | 14 +++++++-----
5 files changed, 64 insertions(+), 60 deletions(-)
--- a/service/config/default.json
+++ b/service/config/default.json
@@ -1,49 +0,0 @@
-{
- "HTTPS_PORT" : 8081,
- "hosts" : "127.0.0.1",
- "uri": "https://api.trustedservices.intel.com/sgx/certification/v4/";,
- "ApiKey": "",
- "proxy" : "",
- "RefreshSchedule": "0 0 1 * * *",
- "UserTokenHash" : "",
- "AdminTokenHash" : "",
- "CachingFillMode" : "LAZY",
- "OPENSSL_FIPS_MODE" : false,
- "LogLevel" : "info",
- "DB_CONFIG" : "sqlite",
- "sqlite" : {
- "options" : {
- "dialect": "sqlite",
- "define": {
- "freezeTableName": true
- },
- "logging" : false,
- "storage": "pckcache.db"
- }
- },
- //"mysql" : { // This config section is used only if DB_CONFIG ==
"mysql".
- // // Uncomment when using with MySQL and adjust the values
to match your DB setup.
- // "database" : "pckcache",
- // "username" : "<Your MySQL username>",
- // "password" : "<Your MySQL password>",
- // "options" : {
- // "host": "localhost",
- // "port": "3306",
- // "dialect": "mysql",
- // "pool": {
- // "max": 5,
- // "min": 0,
- // "acquire": 30000,
- // "idle": 10000
- // },
- // "define": {
- // "freezeTableName": true
- // },
- // "logging" : false
- // },
- // "ssl":{
- // "required": false,
- // "ca":"/if_ssl_is_required/path/to/your_ssl_ca"
- // }
- //}
-}
--- /dev/null
+++ b/service/config/upstream.json
@@ -0,0 +1,50 @@
+{
+ "HTTPS_PORT" : 8081,
+ "HTTPS_private_pem" : "/var/lib/pccs/private.pem",
+ "HTTPS_file_crt" : "/var/lib/pccs/file.crt",
+ "hosts" : "127.0.0.1",
+ "uri": "https://api.trustedservices.intel.com/sgx/certification/v4/";,
+ "ApiKey": "",
+ "proxy" : "",
+ "RefreshSchedule": "0 0 1 * * *",
+ "UserTokenHash" : "",
+ "AdminTokenHash" : "",
+ "CachingFillMode" : "LAZY",
+ "OPENSSL_FIPS_MODE" : false,
+ "LogLevel" : "info",
+ "DB_CONFIG" : "sqlite",
+ "sqlite" : {
+ "options" : {
+ "dialect": "sqlite",
+ "define": {
+ "freezeTableName": true
+ },
+ "logging" : true,
+ "storage": "/var/lib/pccs/pckcache.db"
+ }
+ },
+ "mysql" : {
+ "database" : "pckcache",
+ "username" : "<Your MySQL username>",
+ "password" : "<Your MySQL password>",
+ "options" : {
+ "host": "localhost",
+ "port": "3306",
+ "dialect": "mysql",
+ "pool": {
+ "max": 5,
+ "min": 0,
+ "acquire": 30000,
+ "idle": 10000
+ },
+ "define": {
+ "freezeTableName": true
+ },
+ "logging" : true
+ },
+ "ssl":{
+ "required": false,
+ "ca":"/if_ssl_is_required/path/to/your_ssl_ca"
+ }
+ }
+}
--- a/service/pccs_server.js
+++ b/service/pccs_server.js
@@ -130,8 +130,8 @@ function startHttpsServer() {
let privateKey;
let certificate;
try {
- privateKey = fs.readFileSync('./ssl_key/private.pem', 'utf8');
- certificate = fs.readFileSync('./ssl_key/file.crt', 'utf8');
+ privateKey = fs.readFileSync(Config.get('HTTPS_private_pem'), 'utf8');
+ certificate = fs.readFileSync(Config.get('HTTPS_file_crt'), 'utf8');
} catch (err) {
logger.error('The private key or certificate for HTTPS server is
missing.');
logger.endAndExitProcess();
--- a/service/utils/Logger.js
+++ b/service/utils/Logger.js
@@ -35,8 +35,7 @@ import path from 'path';
import clshooked from 'cls-hooked';
import * as fs from 'fs';
import { parseAndModifyUrl } from "../pcs_client/pcs_client.js";
-import { fileURLToPath } from 'url';
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
+import os from 'os';
const { createLogger, format, transports } = winston;
const { combine, timestamp, printf } = format;
@@ -51,7 +50,7 @@ export function formatLogMessage (tokens
const options = {
file: {
level: Config.has('LogLevel') ? Config.get('LogLevel') : 'info',
- filename: __dirname + `/../logs/pccs_server.log`,
+ filename: os.homedir() + '/logs/pccs_server.log',
handleExceptions: true,
json: false,
colorize: true,
@@ -109,7 +108,7 @@ process.on('SIGINT', () => {
});
// Create ./logs if it doesn't exist
-fs.mkdirSync('./logs', { recursive: true });
+fs.mkdirSync(os.homedir() + '/logs', { recursive: true });
// Add a stopped flag
let stopped = false;
--- a/service/utils/apputil.js
+++ b/service/utils/apputil.js
@@ -35,6 +35,10 @@ import { sequelize } from '../dao/models
import { Umzug, SequelizeStorage } from 'umzug';
import * as fs from 'fs';
import url from 'url';
+import path from 'path';
+import {fileURLToPath} from 'url';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
export function get_api_version_from_url(url) {
if (!url) return 0;
@@ -84,14 +88,14 @@ async function test_db_status() {
}
async function db_migration() {
- const migrations = fs.readdirSync('./migrations').map(name => {
- const path = `./migrations/${name}`;
+ const migrations = fs.readdirSync(__dirname + '/../migrations').map(name => {
+ const my_path = `${__dirname}/..//migrations/${name}`;
return {
name,
up: async () => {
if (name.endsWith('.up.sql')) {
- const sqls = fs.readFileSync(path, 'utf-8').split(';');
+ const sqls = fs.readFileSync(my_path, 'utf-8').split(';');
for (const sql of sqls) {
if (sql.trim()) {
await sequelize.query(sql); // Await ensures each query
completes before the next begins.
@@ -99,7 +103,7 @@ async function db_migration() {
}
}
} else if (name.endsWith('.js')){
- const migration = await import(url.pathToFileURL(path));
+ const migration = await import(url.pathToFileURL(my_path));
return migration.default.up(sequelize);
}
},
@@ -115,7 +119,7 @@ async function db_migration() {
return Promise.all(queries);
}
} else if (name.endsWith('.js')) {
- const migration = await import(url.pathToFileURL(path));
+ const migration = await import(url.pathToFileURL(my_path));
return migration.default.down(sequelize);
}
},
