commit fsverity-utils for openSUSE:Factory

Thu, 26 Mar 2026 22:40:30 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package fsverity-utils for openSUSE:Factory 
checked in at 2026-03-25 21:18:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/fsverity-utils (Old)
 and      /work/SRC/openSUSE:Factory/.fsverity-utils.new.8177 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "fsverity-utils"

Wed Mar 25 21:18:33 2026 rev:4 rq:1342315 version:1.7

Changes:
--------
--- /work/SRC/openSUSE:Factory/fsverity-utils/fsverity-utils.changes    
2024-04-04 22:28:05.859373333 +0200
+++ /work/SRC/openSUSE:Factory/.fsverity-utils.new.8177/fsverity-utils.changes  
2026-03-27 06:40:06.690733942 +0100
@@ -1,0 +2,8 @@
+Tue Mar 24 21:28:12 UTC 2026 - Dirk Müller <[email protected]>
+
+- update to 1.7:
+  * Allowed fsverity-utils to build when PKCS#11 support is not
+    available in OpenSSL.  In that case, `fsverity sign` just
+    won't support that feature.
+
+-------------------------------------------------------------------

Old:
----
  fsverity-utils-1.6.tar.gz

New:
----
  fsverity-utils-1.7.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ fsverity-utils.spec ++++++
--- /var/tmp/diff_new_pack.4nrtVC/_old  2026-03-27 06:40:07.162753202 +0100
+++ /var/tmp/diff_new_pack.4nrtVC/_new  2026-03-27 06:40:07.166753365 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package fsverity-utils
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2026 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           fsverity-utils
-Version:        1.6
+Version:        1.7
 Release:        0
 Summary:        Userspace utilities for fs-verity
 License:        MIT

++++++ fsverity-utils-1.6.tar.gz -> fsverity-utils-1.7.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fsverity-utils-1.6/.github/workflows/ci.yml 
new/fsverity-utils-1.7/.github/workflows/ci.yml
--- old/fsverity-utils-1.6/.github/workflows/ci.yml     2024-03-21 
05:21:46.000000000 +0100
+++ new/fsverity-utils-1.7/.github/workflows/ci.yml     2025-11-05 
02:28:17.000000000 +0100
@@ -90,8 +90,6 @@
       run: |
         sudo apt-get update
         sudo apt-get install -y clang llvm
-    - name: Work around https://github.com/actions/runner-images/issues/9491
-      run: sudo sysctl vm.mmap_rnd_bits=28
     - run: scripts/run-tests.sh sanitizers
 
   valgrind-test:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fsverity-utils-1.6/Makefile 
new/fsverity-utils-1.7/Makefile
--- old/fsverity-utils-1.6/Makefile     2024-03-21 05:21:46.000000000 +0100
+++ new/fsverity-utils-1.7/Makefile     2025-11-05 02:28:17.000000000 +0100
@@ -218,7 +218,9 @@
                
https://boringssl.googlesource.com/boringssl/+archive/refs/heads/master.tar.gz
        mkdir boringssl
        tar xf boringssl.tar.gz -C boringssl
-       cmake -B boringssl/build boringssl
+       # BoringSSL is now C++, so build it as a shared library to avoid link
+       # issues with C programs.
+       cmake -B boringssl/build -D BUILD_SHARED_LIBS=1 boringssl
        $(MAKE) -C boringssl/build $(MAKEFLAGS)
 
 ##############################################################################
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fsverity-utils-1.6/NEWS.md 
new/fsverity-utils-1.7/NEWS.md
--- old/fsverity-utils-1.6/NEWS.md      2024-03-21 05:21:46.000000000 +0100
+++ new/fsverity-utils-1.7/NEWS.md      2025-11-05 02:28:17.000000000 +0100
@@ -1,5 +1,10 @@
 # fsverity-utils release notes
 
+## Version 1.7
+
+* Allowed fsverity-utils to build when PKCS#11 support is not available in
+  OpenSSL.  In that case, `fsverity sign` just won't support that feature.
+
 ## Version 1.6
 
 * Eliminated the dependency on `pandoc` for installing the manual page.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fsverity-utils-1.6/include/libfsverity.h 
new/fsverity-utils-1.7/include/libfsverity.h
--- old/fsverity-utils-1.6/include/libfsverity.h        2024-03-21 
05:21:46.000000000 +0100
+++ new/fsverity-utils-1.7/include/libfsverity.h        2025-11-05 
02:28:17.000000000 +0100
@@ -22,7 +22,7 @@
 #endif
 
 #define FSVERITY_UTILS_MAJOR_VERSION   1
-#define FSVERITY_UTILS_MINOR_VERSION   6
+#define FSVERITY_UTILS_MINOR_VERSION   7
 
 #define FS_VERITY_HASH_ALG_SHA256       1
 #define FS_VERITY_HASH_ALG_SHA512       2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fsverity-utils-1.6/lib/libfsverity.pc.in 
new/fsverity-utils-1.7/lib/libfsverity.pc.in
--- old/fsverity-utils-1.6/lib/libfsverity.pc.in        2024-03-21 
05:21:46.000000000 +0100
+++ new/fsverity-utils-1.7/lib/libfsverity.pc.in        2025-11-05 
02:28:17.000000000 +0100
@@ -4,7 +4,7 @@
 
 Name: libfsverity
 Description: fs-verity library
-Version: 1.6
+Version: 1.7
 Libs: -L${libdir} -lfsverity
 Requires.private: libcrypto
 Cflags: -I${includedir}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fsverity-utils-1.6/lib/sign_digest.c 
new/fsverity-utils-1.7/lib/sign_digest.c
--- old/fsverity-utils-1.6/lib/sign_digest.c    2024-03-21 05:21:46.000000000 
+0100
+++ new/fsverity-utils-1.7/lib/sign_digest.c    2025-11-05 02:28:17.000000000 
+0100
@@ -221,15 +221,6 @@
        return err;
 }
 
-static int
-load_pkcs11_private_key(const struct libfsverity_signature_params *sig_params
-                       __attribute__((unused)),
-                       EVP_PKEY **pkey_ret __attribute__((unused)))
-{
-       libfsverity_error_msg("BoringSSL doesn't support PKCS#11 tokens");
-       return -EINVAL;
-}
-
 #else /* OPENSSL_IS_BORINGSSL */
 
 static BIO *new_mem_buf(const void *buf, size_t size)
@@ -333,6 +324,18 @@
        return err;
 }
 
+#endif /* !OPENSSL_IS_BORINGSSL */
+
+#ifdef OPENSSL_NO_ENGINE
+static int
+load_pkcs11_private_key(const struct libfsverity_signature_params *sig_params
+                       __attribute__((unused)),
+                       EVP_PKEY **pkey_ret __attribute__((unused)))
+{
+       libfsverity_error_msg("libfsverity was linked to a version of OpenSSL 
that doesn't support PKCS#11 tokens");
+       return -EINVAL;
+}
+#else
 static int
 load_pkcs11_private_key(const struct libfsverity_signature_params *sig_params,
                        EVP_PKEY **pkey_ret)
@@ -375,8 +378,7 @@
        }
        return 0;
 }
-
-#endif /* !OPENSSL_IS_BORINGSSL */
+#endif
 
 /* Get a private key, either from disk or from a PKCS#11 token. */
 static int
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fsverity-utils-1.6/man/fsverity.1 
new/fsverity-utils-1.7/man/fsverity.1
--- old/fsverity-utils-1.6/man/fsverity.1       2024-03-21 05:21:46.000000000 
+0100
+++ new/fsverity-utils-1.7/man/fsverity.1       2025-11-05 02:28:17.000000000 
+0100
@@ -5,7 +5,7 @@
 .\" Use of this source code is governed by an MIT-style license that can be
 .\" found in the LICENSE file or at https://opensource.org/licenses/MIT.
 .\"
-.TH "FSVERITY" "1" "March 2024" "fsverity-utils v1.6" "User Commands"
+.TH "FSVERITY" "1" "November 2025" "fsverity-utils v1.7" "User Commands"
 .hy
 .
 .SH NAME
@@ -209,8 +209,8 @@
 To use a PKCS#11 token, provide \f[B]--pkcs11-engine\f[R],
 \f[B]--pkcs11-module\f[R], \f[B]--cert\f[R], and optionally
 \f[B]--pkcs11-keyid\f[R].
-PKCS#11 token support is unavailable when fsverity-utils was built with
-BoringSSL rather than OpenSSL.
+PKCS#11 token support is unavailable if fsverity-utils was built with a version
+of OpenSSL that does not support PKCS#11 tokens.
 .PP
 \f[B]fsverity sign\f[R] should only be used if you need compatibility with
 fs-verity built-in signatures.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fsverity-utils-1.6/scripts/run-tests.sh 
new/fsverity-utils-1.7/scripts/run-tests.sh
--- old/fsverity-utils-1.6/scripts/run-tests.sh 2024-03-21 05:21:46.000000000 
+0100
+++ new/fsverity-utils-1.7/scripts/run-tests.sh 2025-11-05 02:28:17.000000000 
+0100
@@ -206,7 +206,7 @@
 valgrind_test()
 {
        log "Build and test with valgrind"
-       $MAKE TEST_WRAPPER_PROG="valgrind --quiet --error-exitcode=100 
--leak-check=full --errors-for-leak-kinds=all" \
+       $MAKE TEST_WRAPPER_PROG="valgrind --quiet --error-exitcode=100 
--leak-check=full --errors-for-leak-kinds=definite,possible" \
                CFLAGS="-O2 -Werror" check
 }
 TEST_FUNCS+=(valgrind_test)
@@ -217,7 +217,8 @@
        log "-> Building BoringSSL"
        $MAKE boringssl
        log "-> Building fsverity-utils linked to BoringSSL"
-       $MAKE CFLAGS="-O2 -Werror" LDFLAGS="-Lboringssl/build/crypto" \
+       $MAKE CFLAGS="-O2 -Werror" \
+               LDFLAGS="-Lboringssl/build -Wl,-rpath=$PWD/boringssl/build" \
                CPPFLAGS="-Iboringssl/include" LDLIBS="-lcrypto -lpthread" check
 }
 TEST_FUNCS+=(boringssl_test)

Reply via email to