Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package confidential-computing.sgx for
openSUSE:Factory checked in at 2026-03-26 21:07:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/confidential-computing.sgx (Old)
and /work/SRC/openSUSE:Factory/.confidential-computing.sgx.new.8177 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "confidential-computing.sgx"
Thu Mar 26 21:07:53 2026 rev:2 rq:1342771 version:2.28
Changes:
--------
---
/work/SRC/openSUSE:Factory/confidential-computing.sgx/confidential-computing.sgx.changes
2026-03-09 16:11:21.504968360 +0100
+++
/work/SRC/openSUSE:Factory/.confidential-computing.sgx.new.8177/confidential-computing.sgx.changes
2026-03-27 06:37:52.793225452 +0100
@@ -1,0 +2,5 @@
+Wed Mar 25 12:34:56 UTC 2026 - [email protected]
+
+- Handle /dev/sgx_provision for provisioning enclaves.
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ confidential-computing.sgx.spec ++++++
--- /var/tmp/diff_new_pack.J4Sws7/_old 2026-03-27 06:37:53.533255953 +0100
+++ /var/tmp/diff_new_pack.J4Sws7/_new 2026-03-27 06:37:53.533255953 +0100
@@ -83,6 +83,21 @@
%license License.txt
%dir %_datadir/%pkg
+%package -n system-group-sgx_prv
+Summary: System group sgx_prv
+Requires: %pkg = %primary_pkg_version
+%?sysusers_requires
+%description -n system-group-sgx_prv
+System group sgx_prv for provisioning enclaves.
+%if 0
+Any user which can create a provisioning enclave can access the
+processor-unique Provisioning Certificate Key via /dev/sgx_provision,
+which has privacy and fingerprinting implications.
+%endif
+%pre -n system-group-sgx_prv -f system-group-sgx_prv.pre
+%files -n system-group-sgx_prv
+%_sysusersdir/system-group-sgx_prv.conf
+
%package -n system-user-aesmd
Summary: System user aesmd
Requires: %pkg = %primary_pkg_version
@@ -99,6 +114,7 @@
%package -n system-user-qgsd
Summary: System user qgsd
Requires: %pkg = %primary_pkg_version
+Requires(pre): group(sgx)
%?sysusers_requires
%description -n system-user-qgsd
System user qgsd for Intel(R) TD Quoting Generation Service
@@ -134,11 +150,15 @@
Conflicts: libsgx-enclave-common
Conflicts: libsgx-enclave-common-debuginfo
Requires: %pkg = %primary_pkg_version
+Requires: system-group-sgx_prv = %primary_pkg_version
%description -n libsgx_enclave_common1
Intel(R) Software Guard Extensions Enclave Common Loader
%ldconfig_scriptlets -n libsgx_enclave_common1
+%posttrans -n libsgx_enclave_common1
+%udev_trigger_with_reload -y sgx_provision
%files -n libsgx_enclave_common1
%_libdir/libsgx_enclave_common.so.*
+%_udevrulesdir/50-suse-sgx_provision.rules
%package -n suse-libsgx-enclave-common-devel
Summary: SUSE build of Intel(R) SGX Enclave Common Loader for Developers
Conflicts: libsgx-enclave-common-devel
@@ -287,6 +307,7 @@
Conflicts: sgx-aesm-service
Conflicts: sgx-aesm-service-debuginfo
Requires: %pkg = %primary_pkg_version
+Requires: libcurl4
Requires: suse-libsgx-aesm-ecdsa-plugin = %primary_pkg_version
Requires: suse-libsgx-aesm-pce-plugin = %primary_pkg_version
Requires: suse-libsgx-aesm-quote-ex-plugin = %primary_pkg_version
@@ -378,6 +399,7 @@
Conflicts: libsgx-dcap-ql
Conflicts: libsgx-dcap-ql-debuginfo
Requires: %pkg = %primary_pkg_version
+Requires: libsgx_quote_ex1 = %primary_pkg_version
%description -n libsgx_dcap_gl1
Intel(R) Software Guard Extensions Data Center Attestation Primitives
%ldconfig_scriptlets -n libsgx_dcap_gl1
@@ -403,6 +425,7 @@
Conflicts: libsgx-pce-logic
Conflicts: libsgx-pce-logic-debuginfo
Requires: %pkg = %primary_pkg_version
+Requires: suse-libsgx-prebuilt-signed
%description -n suse-libsgx-pce-logic
Intel(R) Software Guard Extensions Provisioning Certification Enclave Logic
%ldconfig_scriptlets -n suse-libsgx-pce-logic
@@ -417,8 +440,8 @@
Conflicts: libsgx-qe3-logic
Conflicts: libsgx-qe3-logic-debuginfo
Requires: %pkg = %primary_pkg_version
-Requires: suse-libsgx-ae-id-enclave
-Requires: suse-libsgx-ae-qe3
+Requires: libdcap_quoteprov1
+Requires: suse-libsgx-prebuilt-signed
%description -n suse-libsgx-qe3-logic
Intel(R) Software Guard Extensions QE3 Logic
%ldconfig_scriptlets -n suse-libsgx-qe3-logic
@@ -522,8 +545,8 @@
Conflicts: libsgx-tdx-logic
Conflicts: libsgx-tdx-logic-debuginfo
Requires: %pkg = %primary_pkg_version
-Requires: suse-libsgx-ae-id-enclave
-Requires: suse-libsgx-ae-tdqe
+Requires: libdcap_quoteprov1 = %sgx_dcap_version-%release
+Requires: suse-libsgx-prebuilt-signed
%description -n libsgx_tdx_logic1
Intel(R) Trust Domain Extensions QE logic library
%ldconfig_scriptlets -n libsgx_tdx_logic1
@@ -543,29 +566,30 @@
%files -n suse-libsgx-tdx-logic-devel
%_includedir/td_ql_wrapper.h
-%package -n libsgx_dcap_quote_verify1
+%package -n libsgx_dcap_quoteverify1
Version: %sgx_dcap_version
Summary: SUSE build of Intel(R) SGX DCAP library
URL: https://github.com/intel/SGXDataCenterAttestationPrimitives
Conflicts: libsgx-dcap-quote-verify
Conflicts: libsgx-dcap-quote-verify-debuginfo
Requires: %pkg = %primary_pkg_version
-Requires: suse-tee_appraisal_policy
-%description -n libsgx_dcap_quote_verify1
+Requires: libsgx_urts1 = %primary_pkg_version
+Requires: suse-libsgx-prebuilt-signed
+%description -n libsgx_dcap_quoteverify1
SUSE build of Intel(R) SGX DCAP library
-%ldconfig_scriptlets -n libsgx_dcap_quote_verify1
-%files -n libsgx_dcap_quote_verify1
+%ldconfig_scriptlets -n libsgx_dcap_quoteverify1
+%files -n libsgx_dcap_quoteverify1
%_libdir/libsgx_dcap_quoteverify.so.*
-%package -n suse-libsgx-dcap-quote-verify-devel
+%package -n suse-libsgx-dcap-quoteverify-devel
Version: %sgx_dcap_version
Summary: SUSE build of Intel(R) Trust Domain Extensions QE logic
library For Developers
URL: https://github.com/intel/SGXDataCenterAttestationPrimitives
Conflicts: libsgx-dcap-quote-verify-devel
Requires: %pkg = %primary_pkg_version
-Requires: libsgx_dcap_quote_verify1 = %sgx_dcap_version-%release
-%description -n suse-libsgx-dcap-quote-verify-devel
+Requires: libsgx_dcap_quoteverify1 = %sgx_dcap_version-%release
+%description -n suse-libsgx-dcap-quoteverify-devel
Intel(R) Trust Domain Extensions QE logic library For Developers
-%files -n suse-libsgx-dcap-quote-verify-devel
+%files -n suse-libsgx-dcap-quoteverify-devel
%_includedir/sgx_dcap_qal.h
%_includedir/sgx_dcap_quoteverify.h
%_includedir/sgx_qve_header.h
@@ -602,6 +626,7 @@
Conflicts: libsgx-dcap-default-qpl
Conflicts: libsgx-dcap-default-qpl-debuginfo
Requires: %pkg = %primary_pkg_version
+Requires: libcurl4
%description -n libsgx_default_qcnl_wrapper1
Intel(R) Software Guard Extensions Default Quote Provider Library
%ldconfig_scriptlets -n libsgx_default_qcnl_wrapper1
@@ -630,8 +655,7 @@
Requires: %pkg = %primary_pkg_version
Requires: libmpa_uefi1 = %sgx_dcap_version-%release
Requires: libsgx_urts1 = %primary_pkg_version
-Requires: suse-libsgx-ae-id-enclave
-Requires: suse-libsgx-ae-pce
+Requires: suse-libsgx-prebuilt-signed
%description -n suse-sgx-pck-id-retrieval-tool
Intel(R) Software Guard Extensions:this tool is used to collect the platform
information to retrieve the PCK certs from PCS(Provisioning Certification
Server)
%files -n suse-sgx-pck-id-retrieval-tool
@@ -708,7 +732,18 @@
%if "%build_flavor" == ""
%cmake_install
mkdir -p '%buildroot%_datadir/%pkg'
-mkdir -p '%buildroot%_tmpfilesdir' '%buildroot%_sysusersdir'
+mkdir -p '%buildroot%_tmpfilesdir' '%buildroot%_sysusersdir'
'%buildroot%_udevrulesdir'
+#
+tee '%buildroot%_udevrulesdir/50-suse-sgx_provision.rules' <<_EOR_
+SUBSYSTEM=="misc",KERNEL=="sgx_provision",GROUP="sgx_prv",MODE="0660"
+_EOR_
+#
+suc='system-group-sgx_prv.conf'
+tee "${suc}" <<'_EOC_'
+g sgx_prv -
+_EOC_
+%sysusers_generate_pre "${suc}" system-group-sgx_prv
+mv -vt '%buildroot%_sysusersdir' "${suc}"
#
suc='system-user-aesmd.conf'
tee "${suc}" <<'_EOC_'
@@ -725,6 +760,8 @@
suc='system-user-qgsd.conf'
tee "${suc}" <<'_EOC_'
u qgsd - "TD Quoting Generation Service" %_localstatedir/lib/qgsd
%_sbindir/nologin
+m qgsd sgx
+m qgsd sgx_prv
_EOC_
%sysusers_generate_pre "${suc}" system-user-qgsd
mv -vt '%buildroot%_sysusersdir' "${suc}"
++++++ _scmsync.obsinfo ++++++
--- /var/tmp/diff_new_pack.J4Sws7/_old 2026-03-27 06:37:53.569257438 +0100
+++ /var/tmp/diff_new_pack.J4Sws7/_new 2026-03-27 06:37:53.573257602 +0100
@@ -1,6 +1,6 @@
-mtime: 1772716141
-commit: df013ed29c9d784922daa7b353e1cd4388c21775d5f78ae6257780b36162d6e8
+mtime: 1774524289
+commit: 30e6705d0b05e9965eae5bc7d34187cda9f710719b97f60dd32b4f79b8824d3c
url: https://src.opensuse.org/SGX/confidential-computing.sgx.git
-revision: df013ed29c9d784922daa7b353e1cd4388c21775d5f78ae6257780b36162d6e8
+revision: 30e6705d0b05e9965eae5bc7d34187cda9f710719b97f60dd32b4f79b8824d3c
projectscmsync: https://src.opensuse.org/SGX/_ObsPrj
++++++ build.specials.obscpio ++++++
++++++ build.specials.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.gitignore new/.gitignore
--- old/.gitignore 1970-01-01 01:00:00.000000000 +0100
+++ new/.gitignore 2026-03-26 12:26:07.000000000 +0100
@@ -0,0 +1 @@
+.osc
++++++ confidential-computing.sgx.patch ++++++
--- /var/tmp/diff_new_pack.J4Sws7/_old 2026-03-27 06:37:53.761265351 +0100
+++ /var/tmp/diff_new_pack.J4Sws7/_new 2026-03-27 06:37:53.765265516 +0100
@@ -9,7 +9,7 @@
external/CppMicroServices/framework/include/cppmicroservices/FrameworkEvent.h
| 1
external/CppMicroServices/framework/src/service/ServiceListeners.cpp
| 4
external/CppMicroServices/third_party/miniz.c
| 5
- external/dcap_source/QuoteGeneration/pce_wrapper/pce_wrapper.cpp
| 29
+ external/dcap_source/QuoteGeneration/pce_wrapper/pce_wrapper.cpp
| 28
external/dcap_source/QuoteGeneration/qcnl/certification_provider.cpp
| 2
external/dcap_source/QuoteGeneration/qcnl/inc/pccs_response_object.h
| 2
external/dcap_source/QuoteGeneration/qcnl/inc/qcnl_config.h
| 2
@@ -23,10 +23,10 @@
external/dcap_source/QuoteGeneration/quote_wrapper/tdx_attest/tdx_attest.c
| 6
external/dcap_source/QuoteVerification/appraisal/qae/qae.edl
| 3
external/dcap_source/QuoteVerification/appraisal/qal/opa_builtins.cpp
| 5
- external/dcap_source/QuoteVerification/appraisal/qal/qae_wrapper.cpp
| 37
+ external/dcap_source/QuoteVerification/appraisal/qal/qae_wrapper.cpp
| 36
external/dcap_source/QuoteVerification/appraisal/tee_appraisal_tool/gen_payload.cpp
| 1
external/dcap_source/QuoteVerification/appraisal/tee_appraisal_tool/tee_appraisal_tool.cpp
| 5
- external/dcap_source/QuoteVerification/dcap_quoteverify/linux/qve_parser.cpp
| 30
+ external/dcap_source/QuoteVerification/dcap_quoteverify/linux/qve_parser.cpp
| 29
external/dcap_source/QuoteVerification/dcap_quoteverify/tee_qv_class.cpp
| 2
external/dcap_source/tools/PCKRetrievalTool/App/linux/network_wrapper.cpp
| 6
external/dcap_source/tools/PCKRetrievalTool/App/utility.cpp
| 7
@@ -45,7 +45,7 @@
psw/urts/urts_com.h
| 2
sdk/CMakeLists.txt
| 357 +++
sdk/tsetjmp/_setjmp.S
| 2
- 46 files changed, 1502 insertions(+), 189 deletions(-)
+ 46 files changed, 1502 insertions(+), 186 deletions(-)
--- /dev/null
+++ b/CMakeLists.txt
@@ -1193,7 +1193,7 @@
pStat->m_comp_size = MZ_READ_LE32(p + MZ_ZIP_CDH_COMPRESSED_SIZE_OFS);
--- a/external/dcap_source/QuoteGeneration/pce_wrapper/pce_wrapper.cpp
+++ b/external/dcap_source/QuoteGeneration/pce_wrapper/pce_wrapper.cpp
-@@ -84,16 +84,16 @@ bool get_pce_path(
+@@ -84,16 +84,17 @@ bool get_pce_path(
Dl_info dl_info;
if(g_pce_status.pce_path[0])
{
@@ -1208,15 +1208,15 @@
NULL != dl_info.dli_fname)
{
- if(strnlen(dl_info.dli_fname,buf_size)>=buf_size)
-- return false;
-- (void)strncpy(p_file_path,dl_info.dli_fname,buf_size);
+ int r = ::snprintf(p_file_path, buf_size, "%s", dl_info.dli_fname);
+ size_t out = r;
-+ return r > 0 && out < buf_size;
++ if (!(r > 0 && out < buf_size))
+ return false;
+- (void)strncpy(p_file_path,dl_info.dli_fname,buf_size);
}
else //not a dynamic executable
{
-@@ -109,21 +109,18 @@ bool get_pce_path(
+@@ -109,21 +110,18 @@ bool get_pce_path(
if ( p_last_slash != NULL )
{
p_last_slash++; //increment beyond the last slash
@@ -1573,7 +1573,7 @@
#include "sgx_urts.h"
#include "qae_u.h"
#include "sgx_error.h"
-@@ -78,21 +79,21 @@ static bool get_qae_path(
+@@ -78,21 +79,22 @@ static bool get_qae_path(
Dl_info dl_info;
if (s_qae_info.m_qae_path[0])
{
@@ -1588,11 +1588,11 @@
NULL != dl_info.dli_fname)
{
- if (strnlen(dl_info.dli_fname, buf_size) >= buf_size)
-- return false;
-- (void)strncpy(p_file_path, dl_info.dli_fname, buf_size);
+ int r = ::snprintf(p_file_path, buf_size, "%s", dl_info.dli_fname);
+ size_t out = r;
-+ return r > 0 && out < buf_size;
++ if (!(r > 0 && out < buf_size))
+ return false;
+- (void)strncpy(p_file_path, dl_info.dli_fname, buf_size);
}
else // not a dynamic executable
{
@@ -1602,7 +1602,7 @@
return false;
p_file_path[i] = '\0';
}
-@@ -101,30 +102,22 @@ static bool get_qae_path(
+@@ -101,30 +103,22 @@ static bool get_qae_path(
if (p_last_slash != NULL)
{
p_last_slash++; // increment beyond the last slash
@@ -1638,7 +1638,7 @@
}
return true;
}
-@@ -246,7 +239,7 @@ quote3_error_t ecall_appraise_quote_resu
+@@ -246,7 +240,7 @@ quote3_error_t ecall_appraise_quote_resu
std::lock_guard<std::mutex> lock(s_qae_info.m_qae_mutex);
sgx_status_t ret = qae_appraise_quote_result(s_qae_info.m_qae_eid,
&retval,
@@ -1647,7 +1647,7 @@
p_qaps,
qaps_count,
appraisal_check_date,
-@@ -337,4 +330,4 @@ quote3_error_t ecall_authenticate_policy
+@@ -337,4 +331,4 @@ quote3_error_t ecall_authenticate_policy
retval = SGX_QL_ERROR_UNEXPECTED;
}
return retval;
@@ -1690,7 +1690,7 @@
EC_GROUP *ec_group = NULL;
---
a/external/dcap_source/QuoteVerification/dcap_quoteverify/linux/qve_parser.cpp
+++
b/external/dcap_source/QuoteVerification/dcap_quoteverify/linux/qve_parser.cpp
-@@ -61,21 +61,21 @@ bool get_qve_path(
+@@ -61,21 +61,22 @@ bool get_qve_path(
Dl_info dl_info;
if(g_qve_path[0])
{
@@ -1705,11 +1705,11 @@
NULL != dl_info.dli_fname)
{
- if(strnlen(dl_info.dli_fname,buf_size)>=buf_size)
-- return false;
-- (void)strncpy(p_file_path,dl_info.dli_fname,buf_size);
+ int r = ::snprintf(p_file_path, buf_size, "%s", dl_info.dli_fname);
+ size_t out = r;
-+ return r > 0 && out < buf_size;
++ if (!(r > 0 && out < buf_size))
+ return false;
+- (void)strncpy(p_file_path,dl_info.dli_fname,buf_size);
}
else //not a dynamic executable
{
@@ -1719,7 +1719,7 @@
return false;
p_file_path[i] = '\0';
}
-@@ -84,21 +84,17 @@ bool get_qve_path(
+@@ -84,21 +85,17 @@ bool get_qve_path(
if ( p_last_slash != NULL )
{
p_last_slash++; //increment beyond the last slash
