commit kiwi-templates-Minimal for openSUSE:Factory

Sat, 11 Apr 2026 13:23:40 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package kiwi-templates-Minimal for 
openSUSE:Factory checked in at 2026-04-11 22:22:54
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kiwi-templates-Minimal (Old)
 and      /work/SRC/openSUSE:Factory/.kiwi-templates-Minimal.new.21863 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "kiwi-templates-Minimal"

Sat Apr 11 22:22:54 2026 rev:36 rq:1345800 version:84.87.1

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/kiwi-templates-Minimal/kiwi-templates-Minimal.changes
    2026-02-14 21:37:31.285151038 +0100
+++ 
/work/SRC/openSUSE:Factory/.kiwi-templates-Minimal.new.21863/kiwi-templates-Minimal.changes
 2026-04-11 22:23:04.060258766 +0200
@@ -1,0 +2,9 @@
+Fri Apr 10 08:47:11 UTC 2026 - Alberto Planas Dominguez <[email protected]>
+
+- Use set -euxo pipefail for generated script
+- Assert that /boot/efi has the correct umask
+- Drop systemd-experimental as systemd-pcrlock is in udev
+- Add "umask=0077" for the ESP to keep /boot/efi/loader/random-seed secret
+  (boo#1250510) 
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ Minimal.kiwi ++++++
--- /var/tmp/diff_new_pack.cD4Qzz/_old  2026-04-11 22:23:04.724285948 +0200
+++ /var/tmp/diff_new_pack.cD4Qzz/_new  2026-04-11 22:23:04.744286767 +0200
@@ -503,7 +503,6 @@
         <package name="sdbootutil-jeos-firstboot-enroll"/>
         <package name="efibootmgr"/>
         <package name="uefi_mbr" arch="x86_64"/>
-        <package name="systemd-experimental"/> <!-- XXX: pulls in python but 
needed for tpm files -->
         <package name="disk-encryption-tool"/>
         <package name="systemd-repart-dracut"/>
         <package name="dracut-pcr-signature"/>

++++++ config.sh ++++++
--- /var/tmp/diff_new_pack.cD4Qzz/_old  2026-04-11 22:23:04.884292497 +0200
+++ /var/tmp/diff_new_pack.cD4Qzz/_new  2026-04-11 22:23:04.896292989 +0200
@@ -124,6 +124,17 @@
        systemctl enable chronyd
 fi
 
+cat >/etc/fstab.script <<"EOF"
+#!/bin/sh
+set -euxo pipefail
+# Add umask=0077 to the ESP (boo#1250510)
+gawk -i inplace '$2 == "/boot/efi" && $4 == "defaults" { $4 = $4",umask=0077" 
} { print $0 }' /etc/fstab
+# Ensure it's present
+gawk '$2 == "/boot/efi" { if ($4 !~ /umask=0077/) exit(1); }' /etc/fstab
+EOF
+
+chmod a+x /etc/fstab.script
+
 #======================================
 # Add default kernel boot options
 #--------------------------------------

Reply via email to