Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package keylime for openSUSE:Factory checked
in at 2022-06-17 21:20:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/keylime (Old)
and /work/SRC/openSUSE:Factory/.keylime.new.1548 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "keylime"
Fri Jun 17 21:20:27 2022 rev:19 rq:982482 version:6.4.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/keylime/keylime.changes 2022-05-25
20:34:12.896198565 +0200
+++ /work/SRC/openSUSE:Factory/.keylime.new.1548/keylime.changes
2022-06-17 21:22:53.870785896 +0200
@@ -1,0 +2,37 @@
+Mon Jun 13 14:15:49 UTC 2022 - apla...@suse.com
+
+- Update to version v6.4.1:
+ * Bump version for pypi
+ * verifier: ensure that execptions caused by the agent result in a failure
+ * tpm_main: add failure tagging to measured boot parsing
+ * tpm_main: fix temp file handling in parse_binary_bootlog(..)
+ * pylint: fix bad-option-value and implicit-str-concat warnings
+ * ca: drop support for using CFSSL as a backend
+ * ca_openssl_impl: add basic support for generating a CRL
+ * config: change libefivar.so to libefivar.so.1
+ * elchecking: add workaround for wrong GUID parsing
+ * Add test /functional/measured-boot-swtpm-sanity to Packit CI plan
+ * Fix order of parameters in an error message
+ * pylint: remove usage of distutils because it is deprecated
+ * ca_util: do not use deprecated setDeamon() call
+ * elchecking: error if policy name is invalid, change default to reject-all
+ * Simplify GitHub Actions used for code coverage processing
+ * ima_dm: enable support for dm_target_update events
+ * benchmark: remove benchmark code
+ * ima: remove read_unpack(..) function
+ * Fixes #996, by properly catching exceptions resulting from network
problems on the verifier.
+ * List tests in Packit-CI plan explicitly
+ * contributing: add section about code style
+ * fix git blame ignore entry for code style changes
+ * Enable test /functional/basic-attestation-without-mtls
+ * Defer loading PyZMQ to avoid optional dependency
+ * Unify log messages about deleting agent from CV
+ * Ignore reformat commit for git blame
+ * Reformat Keylime with isort and black to new code style
+ * Introducing pre-commit hook to enforce code style with isort and black
+- Drop already merged patches:
+ * config-libefivars.diff
+- Drop cfssl dependency, as uses openssl only
+- Drop cfssl firewalld rule
+
+-------------------------------------------------------------------
Old:
----
config-libefivars.diff
keylime-v6.4.0.tar.xz
New:
----
keylime-v6.4.1.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ keylime.spec ++++++
--- /var/tmp/diff_new_pack.cdE073/_old 2022-06-17 21:22:54.314786137 +0200
+++ /var/tmp/diff_new_pack.cdE073/_new 2022-06-17 21:22:54.318786140 +0200
@@ -19,13 +19,8 @@
%global srcname keylime
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%define skip_python2 1
-%if 0%{?suse_version} >= 1550
-%bcond_without cfssl
-%else
-%bcond_with cfssl
-%endif
Name: keylime
-Version: 6.4.0
+Version: 6.4.1
Release: 0
Summary: Open source TPM software for Bootstrapping and Maintaining
Trust
License: Apache-2.0 AND MIT
@@ -35,8 +30,6 @@
Source2: %{name}-user.conf
# PATCH-FIX-OPENSUSE keylime.conf.diff
Patch1: keylime.conf.diff
-# PATCH-FIX-OPENSUSE config-libefivars.diff
-Patch2: config-libefivars.diff
BuildRequires: %{python_module setuptools}
BuildRequires: fdupes
BuildRequires: firewall-macros
@@ -108,7 +101,6 @@
Requires: %{name}-tpm_cert_store = %{version}
Requires: python3-%{name} = %{version}
Recommends: %{name}-firewalld = %{version}
-Recommends: cfssl
%description -n %{name}-registrar
Subpackage of %{name} for registrar service.
@@ -125,9 +117,6 @@
%prep
%autosetup -p1 -n %{name}-v%{version}
-%if !%{with cfssl}
-sed -i "s/ca_implementation = cfssl/ca_implementation = openssl/g" keylime.conf
-%endif
%build
%python_build
++++++ _service ++++++
--- /var/tmp/diff_new_pack.cdE073/_old 2022-06-17 21:22:54.346786155 +0200
+++ /var/tmp/diff_new_pack.cdE073/_new 2022-06-17 21:22:54.350786157 +0200
@@ -1,7 +1,7 @@
<services>
<service name="tar_scm" mode="disabled">
<param name="versionformat">@PARENT_TAG@</param>
- <param name="revision">refs/tags/v6.4.0</param>
+ <param name="revision">refs/tags/v6.4.1</param>
<param name="url">https://github.com/keylime/keylime.git</param>
<param name="scm">git</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.cdE073/_old 2022-06-17 21:22:54.370786168 +0200
+++ /var/tmp/diff_new_pack.cdE073/_new 2022-06-17 21:22:54.374786170 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/keylime/keylime.git</param>
- <param
name="changesrevision">c8137d941b1813bcf2fbb726e108693c6dc6aec6</param></service></servicedata>
+ <param
name="changesrevision">bbc191948341b71c64a38d897470f300c7ebcbb1</param></service></servicedata>
(No newline at EOF)
++++++ keylime-v6.4.0.tar.xz -> keylime-v6.4.1.tar.xz ++++++
/work/SRC/openSUSE:Factory/keylime/keylime-v6.4.0.tar.xz
/work/SRC/openSUSE:Factory/.keylime.new.1548/keylime-v6.4.1.tar.xz differ: char
15, line 1
++++++ keylime.conf.diff ++++++
--- /var/tmp/diff_new_pack.cdE073/_old 2022-06-17 21:22:54.414786192 +0200
+++ /var/tmp/diff_new_pack.cdE073/_new 2022-06-17 21:22:54.418786194 +0200
@@ -1,14 +1,8 @@
-Index: keylime-v6.4.0/keylime.conf
+Index: keylime-v6.4.1/keylime.conf
===================================================================
---- keylime-v6.4.0.orig/keylime.conf
-+++ keylime-v6.4.0/keylime.conf
-@@ -9,11 +9,13 @@ enable_tls = True
- # Valid values are "cfssl" or "openssl". For cfssl to work, you must have the
- # go binary installed in your path or in /usr/local/.
- # Note: Revocation list generation is only supported by "cfssl".
--ca_implementation = openssl
-+# ca_implementation = openssl
-+ca_implementation = cfssl
+--- keylime-v6.4.1.orig/keylime.conf
++++ keylime-v6.4.1/keylime.conf
+@@ -7,7 +7,8 @@ enable_tls = True
# The address and port of the revocation notifier service on the verifier from
# which either the cloud_agent or keylime_ca receive revocation events.
@@ -18,7 +12,7 @@
receive_revocation_port = 8992
#=============================================================================
-@@ -21,7 +23,8 @@ receive_revocation_port = 8992
+@@ -15,7 +16,8 @@ receive_revocation_port = 8992
#=============================================================================
# The binding address and port for the agent server
@@ -28,7 +22,7 @@
cloudagent_port = 9002
# Address and port where the verifier and tenant can connect to reach the
agent.
-@@ -30,7 +33,8 @@ agent_contact_ip = 127.0.0.1
+@@ -24,7 +26,8 @@ agent_contact_ip = 127.0.0.1
agent_contact_port = 9002
# The address and port of registrar server which agent communicate with
@@ -38,7 +32,7 @@
registrar_port = 8890
# The name of the RSA key that Keylime should use for protecting shares of
U/V.
-@@ -86,7 +90,8 @@ extract_payload_zip = True
+@@ -80,7 +83,8 @@ extract_payload_zip = True
# 'dmidecode -s system-uuid'.
# If you set this to "hostname", Keylime will use the full qualified domain
# name of current host as the agent id.
@@ -48,7 +42,7 @@
# Whether to listen for revocation notifications from the verifier or not.
listen_notifications = True
-@@ -145,7 +150,8 @@ max_retries = 4
+@@ -139,7 +143,8 @@ max_retries = 4
# - hashing: sha512, sha384, sha256 or sha1
# - encryption: ecc or rsa
# - signing: rsassa, rsapss, ecdsa, ecdaa or ecschnorr
@@ -58,7 +52,7 @@
tpm_encryption_alg = rsa
tpm_signing_alg = rsassa
-@@ -171,7 +177,8 @@ ek_handle = generate
+@@ -165,7 +170,8 @@ ek_handle = generate
# chown keylime /var/lib/keylime/cv_ca
# chown keylime /var/lib/keylime/cv_ca/cacert.crt
#
@@ -68,7 +62,7 @@
#=============================================================================
[cloud_verifier]
-@@ -181,7 +188,8 @@ run_as =
+@@ -175,7 +181,8 @@ run_as =
cloudverifier_id = default
# The IP address and port of verifier server binds to
@@ -78,7 +72,7 @@
cloudverifier_port = 8881
# The address and port of registrar server that verifier communicates with
-@@ -282,7 +290,8 @@ revocation_notifier = True
+@@ -276,7 +283,8 @@ revocation_notifier = True
# The binding address and port of the revocation notifier service.
# If the 'revocation_notifier' option is set to "true", then the verifier
# automatically starts the revocation service.
@@ -88,7 +82,7 @@
revocation_notifier_port = 8992
# Enable revocation notifications via webhook. This can be used to notify
other
-@@ -419,7 +428,8 @@ max_payload_size = 1048576
+@@ -413,7 +421,8 @@ max_payload_size = 1048576
# and SHA-512).
# Note that you can't set a policy on PCR10 and PCR16 because Keylime uses
# them internally.
@@ -98,7 +92,7 @@
# Specify the file containing allowlists for processing Linux IMA measurements
# this file is used if tenant provides "default" as the allowlist file
-@@ -471,7 +481,8 @@ max_retries = 5
+@@ -465,7 +474,8 @@ max_retries = 5
# might provide a signed list of EK public key hashes. Then you could write
# an ek_check_script that checks the signature of the allowlist and then
# compares the hash of the given EK with the allowlist.
@@ -108,7 +102,7 @@
# Optional script to execute to check the EK and/or EK certificate against a
# allowlist or any other additional EK processing you want to do. Runs in
-@@ -497,7 +508,8 @@ ek_check_script=
+@@ -491,7 +501,8 @@ ek_check_script=
# The registrar's IP address and port used to communicate with other services
# as well as the bind address for the registrar server.
++++++ keylime.xml ++++++
--- /var/tmp/diff_new_pack.cdE073/_old 2022-06-17 21:22:54.434786203 +0200
+++ /var/tmp/diff_new_pack.cdE073/_new 2022-06-17 21:22:54.434786203 +0200
@@ -4,7 +4,6 @@
<description>Keylime is a remote attestation tool that requires access to
several ports.</description>
<port protocol="tcp" port="443"/><!-- Webapp -->
<port protocol="tcp" port="8881"/><!-- Verifier -->
- <port protocol="tcp" port="8888"/><!-- CFSSL -->
<port protocol="tcp" port="8890"/><!-- Registrar -->
<port protocol="tcp" port="8891"/><!-- Registrar TLS -->
<port protocol="tcp" port="8992"/><!-- Revocation -->
