openSUSE Commits
Threads by month
- ----- 2024 -----
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
November 2023
- 1 participants
- 1691 discussions
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libqb for openSUSE:Factory checked in at 2023-11-22 18:54:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libqb (Old)
and /work/SRC/openSUSE:Factory/.libqb.new.25432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libqb"
Wed Nov 22 18:54:30 2023 rev:37 rq:1128101 version:2.0.8+20230721.002171b
Changes:
--------
--- /work/SRC/openSUSE:Factory/libqb/libqb.changes 2023-07-26 13:22:18.743438414 +0200
+++ /work/SRC/openSUSE:Factory/.libqb.new.25432/libqb.changes 2023-11-22 18:54:49.832064784 +0100
@@ -5 +5 @@
-- log: fix potential overflow with long log messages (gh#ClusterLabs/libqb#490)
+- log: fix potential overflow with long log messages (gh#ClusterLabs/libqb#490, CVE-2023-39976, bsc#1214066)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package transactional-update for openSUSE:Factory checked in at 2023-11-22 18:54:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/transactional-update (Old)
and /work/SRC/openSUSE:Factory/.transactional-update.new.25432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "transactional-update"
Wed Nov 22 18:54:28 2023 rev:102 rq:1127927 version:4.5.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/transactional-update/transactional-update.changes 2023-09-22 21:46:42.667329112 +0200
+++ /work/SRC/openSUSE:Factory/.transactional-update.new.25432/transactional-update.changes 2023-11-22 18:54:46.987960406 +0100
@@ -1,0 +2,19 @@
+Mon Nov 20 17:12:20 UTC 2023 - Ignaz Forster <iforster(a)suse.com>
+
+- Version 4.5.0
+ - libtukit: Use permissions of real /etc when creating overlay
+ [bsc#1215878]
+ - libtukit, tukit: Support "rollback" via library now
+ - tukitd: Implement Snapshot delete and rollback methods
+ - tukit: Check for missing arguments with "close" and "abort"
+ commands
+ - t-u: Warn user when using "kdump" if it isn't configured to
+ avoid confusion with "setup-kdump" [boo#1215725]
+ - t-u: Abort if mkdumprd run is not successful
+ - t-u: Use defaut from config file if t-u is called without
+ arguments [gh#openSUSE/transactional-update#101]
+ - Improved README.md [gh#openSUSE/transactional-update#59] and
+ API docs
+ - Code cleanup
+
+-------------------------------------------------------------------
@@ -11 +30 @@
- run.
+ run. [gh#openSUSE/transactional-update#62]
Old:
----
transactional-update-4.4.0.tar.gz
New:
----
transactional-update-4.5.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ transactional-update.spec ++++++
--- /var/tmp/diff_new_pack.y9mziK/_old 2023-11-22 18:54:47.651984776 +0100
+++ /var/tmp/diff_new_pack.y9mziK/_new 2023-11-22 18:54:47.651984776 +0100
@@ -26,7 +26,7 @@
%{!?_distconfdir: %global _distconfdir %{_prefix}%{_sysconfdir}}
Name: transactional-update
-Version: 4.4.0
+Version: 4.5.0
Release: 0
Summary: Transactional Updates with btrfs and snapshots
License: GPL-2.0-or-later AND LGPL-2.1-or-later
++++++ transactional-update-4.4.0.tar.gz -> transactional-update-4.5.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.4.0/NEWS new/transactional-update-4.5.0/NEWS
--- old/transactional-update-4.4.0/NEWS 2023-09-11 15:49:37.000000000 +0200
+++ new/transactional-update-4.5.0/NEWS 2023-11-20 18:09:46.000000000 +0100
@@ -1,6 +1,20 @@
transactional-update NEWS -- history of user-visible changes.
-Copyright (C) 2016-2022 Thorsten Kukuk, Ignaz Forster et al.
+Copyright (C) 2016-2023 Thorsten Kukuk, Ignaz Forster et al.
+
+Version 4.5.0 (2023-11-20)
+* libtukit: Use permissions of real /etc when creating overlay
+ [bsc#1215878]
+* libtukit, tukit: Support "rollback" via library now
+* tukitd: Implement Snapshot delete and rollback methods
+* tukit: Check for missing arguments with "close" and "abort" commands
+* t-u: Warn user when using "kdump" if it isn't configured to avoid
+ confusion with "setup-kdump" [boo#1215725]
+* t-u: Abort if mkdumprd run is not successful
+* t-u: Use defaut from config file if t-u is called without arguments
+ [gh#openSUSE/transactional-update#101]
+* Improved README.md [gh#openSUSE/transactional-update#59] and API docs
+* Code cleanup
Version 4.4.0
* t-u: Introduce setup-fips command [jsc#SMO-194]
@@ -8,7 +22,7 @@
D-Bus interface or tukit the snapshots will be automatically cleaned up
by snapper after some time now; in the past only snapshots created by
the transactional-update shell script would be cleanup after, and only
- after a `t-u cleanup` run.
+ after a `t-u cleanup` run. [gh#openSUSE/transactional-update#62]
* tukit: enable kexec's syscall detection feature
* tukit: Don't throw exceptions from the child process after fork
* tukitd: Rename service file to org.opensuse.tukit.service
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.4.0/README.md new/transactional-update-4.5.0/README.md
--- old/transactional-update-4.4.0/README.md 2023-09-11 15:49:37.000000000 +0200
+++ new/transactional-update-4.5.0/README.md 2023-11-20 18:09:46.000000000 +0100
@@ -1,37 +1,54 @@
# transactional-update
## Update the operating system in an atomic way
-This project provides an application and library to update a Linux operating system in a transactional way, i.e. the update will be performed in the background while the system continues running as it is. Only if the update was the successful the system will boot into the new snapshot.
+transactional-update provides an application and library to update a Linux operating system in a transactional way, i.e. the update will be performed in the background while the system continues running as it is. Only if the update was the successful as a whole the system will boot into the new snapshot.
-Originally developed for the openSUSE project as the update mechanism for all transactional / read-only systems (openSUSE MicroOS, SLE Micro, SLES / openSUSE Leap / openSUSE Tumbleweed "Transactional Server" role) the original *transactional-update* Bash script has since been split into several components:
+It consists of the following components:
* **libtukit**: A generic library for atomic system updates.
-* **tukit**: A command line application to access the library functionality.
-* **tukitd**: A D-Bus service to access the library functionality.
-* **transactional-update**: An (open)SUSE specific tukit wrapper to call common tasks, e.g. updating the system or installing the boot loader.
+* **tukit**: A command line application to access the library's functionality directly.
+* **tukitd**: A D-Bus service to access the library's functionality.
+* **transactional-update**: An (open)SUSE specific tukit wrapper to call common tasks, e.g. updating the system, installing RPM packages or refreshing the boot loader.
+
+## What's a "transaction" when thinking about OS updates?
+You may be familiar with the term "transaction" in the context of a classical database transaction: Only if all the single changes to the database tables could be applied successfully, then a final COMMIT will activate them, otherwise a ROLLBACK will just discard everything again.
+
+In the context of operating system updates this is equivalent: Only if all updates (or other changes) could be applied successfully, then the system will switch into that new updated state. If any error occured - think about failed package post scripts or running out of disk space - the updated system will just be discarded again. All of this is happening in the background, i.e. the currently running system just continues to run all the time.
+
+Or in a more formal way: A transactional update is an update that
+* is atomic
+ * Either fully applied, or not applied at all
+ * Update does not influence the running system
+* can be rolled back
+ * A failed or incompatible update can be quickly discarded to restore the previous system condition
## Supported Systems
-Currently only systems running **Btrfs with Snapper** are supported, however the API is intentionally generic and able to support a wider range of backends for atomic / transactional systems.
+* **Btrfs with Snapper**: Creates a new snapshot of the system and applies the update there. In contrast to classical A/B partitioning mechanisms snapper can handle a large number of snapshots, and snapshot handling of Btrfs is very fast and space efficient.
+* The API is intentionally generic and able to support a wider range of backends for atomic / transactional systems.
## How does this work?
-First a new snapshot of the system is created. Afterwards, this snapshot is changed from read-only to read-write and several special directories such as /dev, /sys and /proc are mounted. The proposed change(s) can the be performed in that snapshot in a chroot environment, on (open)SUSE systems for example zypper is wrapped in a *tukit* call to install, update or remove RPMs. If the update did succeed switch the snapshot to read-only (on ro systems) and make the subvolume the new default. On next boot, the system will boot the new snapshot. If the updated system should not boot (see also [health-checker](https://github.com/openSUSE/health-checker)) the system can simply be rolled back to the old snapshot.
+With the Snapper implementation, first a new snapshot of the system is created. Afterwards, this snapshot is changed from read-only to read-write and several special directories such as /dev, /sys and /proc are mounted. The proposed change(s) will be performed in that snapshot in a chroot environment; on (open)SUSE systems for example *zypper* is wrapped into a *tukit* call to install, update or remove RPMs. If the update did succeed, then switch the snapshot to read-only (on ro systems) and make the subvolume the new default. On next boot, the system will boot the new snapshot. If the updated system should not boot (see also [health-checker](https://github.com/openSUSE/health-checker)) the system can simply be rolled back to the old snapshot.
## How to update an atomic system
-Applications can integrate support directly (such as dnf or Cockpit - see below), otherwise any command can be wrapped with `tukit execute` (e.g. zypper).
+Applications can integrate support directly (such as dnf or Cockpit - see [Known Users](#known-users) below), otherwise any command can be wrapped with `tukit execute` (e.g. zypper).
## User Documentation
* [The Transactional Update Guide](https://kubic.opensuse.org/documentation/transactional-update-guide/… provides general information on the concept of transactional-update.
+* [Various talks](https://media.ccc.de/search/?q=transactional-update) are available online.
## API Documentation
Developers that want to integrate support for transactional updates may be interested in the following official API ressources:
-* C++: [Transaction.hpp](lib/Transaction.hpp) / [SnapshotManager](lib/SnapshotManager.hpp)
+* C++: [Transaction.hpp](lib/Transaction.hpp) / [SnapshotManager.hpp](lib/SnapshotManager.hpp)
* C: [libtukit.h](lib/Bindings/libtukit.h) (C binding - see the C++ header files for documentation)
* D-Bus interface: [org.opensuse.tukit.Transaction.xml](dbus/org.opensuse.tukit.Transaction.xml) / [org.opensuse.tukit.Snapshot.xml](dbus/org.opensuse.tukit.Snapshot.xml)
-## Known users
+## Known Users
+transactional-update was originally developed for the **openSUSE project** as the update mechanism for all transactional / read-only systems ([openSUSE MicroOS](https://microos.opensuse.org/), [SUSE Linux Enterprise Micro](https://www.suse.com/products/micro/), SUSE Linux Enterprise Server / openSUSE Leap / openSUSE Tumbleweed "Transactional Server" role) and is used as the update mechanism there.
+
+Additionally the following components support transactional-update directly:
* **dnf**, Fedora's package management system, supports transactional systems directly via the [libdnf-plugin-txnupd](https://code.opensuse.org/microos/libdnf-plugin-txnup… plugin (libtukit).
* **Cockpit** can update transactional systems via the [cockpit-tukit](https://github.com/openSUSE/cockpit-tukit) plugin (tukitd).
* **Salt** contains the [salt.modules.transactional\_update module](https://docs.saltproject.io/en/3004/ref/modules/all/salt.modules.transactional_update.html) module (transactional-update).
* **Ansible** also supports transactional-update via the the [community.general.zypper](https://docs.ansible.com/ansible/latest/collectio… module (transactional-update).
## Caveats
-* A transactional system needs strict separation of applications, configuration and user data. Data in /var must not be available during the update, as changes in there would necessarily modify the state of the currently running system.
+* A transactional system needs strict separation of applications, configuration and user data. Data in /var must not be available during the update, as changes in there would necessarily modify the state of the currently running system. For better handling of package and admin configuration files see the UAPI Group's [Configuration File Specification](https://uapi-group.org/specifications/specs/configuration_fi….
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.4.0/configure.ac new/transactional-update-4.5.0/configure.ac
--- old/transactional-update-4.4.0/configure.ac 2023-09-11 15:49:37.000000000 +0200
+++ new/transactional-update-4.5.0/configure.ac 2023-11-20 18:09:46.000000000 +0100
@@ -1,11 +1,11 @@
dnl Process this file with autoconf to produce a configure script.
-AC_INIT(transactional-update, 4.4.0)
+AC_INIT(transactional-update, 4.5.0)
# Increase on any interface change and reset revision
-LIBTOOL_CURRENT=4
+LIBTOOL_CURRENT=5
# On interface change increase if backwards compatible, reset otherwise
-LIBTOOL_AGE=0
+LIBTOOL_AGE=1
# Increase on *any* C/C++ library code change, reset at interface change
-LIBTOOL_REVISION=7
+LIBTOOL_REVISION=0
AC_CANONICAL_SYSTEM
AM_INIT_AUTOMAKE([foreign])
AC_CONFIG_FILES([tukit.pc])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.4.0/dbus/README.md new/transactional-update-4.5.0/dbus/README.md
--- old/transactional-update-4.4.0/dbus/README.md 2023-09-11 15:49:37.000000000 +0200
+++ new/transactional-update-4.5.0/dbus/README.md 2023-11-20 18:09:46.000000000 +0100
@@ -1,6 +1,5 @@
# Tukit DBUS Service
-The tukitd service provides an DBUS interface which supports the same functionality as
-the command line interface "tukit".
+The tukitd service provides a DBUS interface for the libtukit API.
## Starting/Stopping Servive
### Starting
@@ -13,14 +12,18 @@
This `systemctl` call stops the service:
> systemctl stop tukitd.service
+## Monitoring
+For debugging purposes the transferred messages can be monitored via
+> busctl --system monitor org.opensuse.tukit
+
## DBUS API
-The following sections describe each call which is available via DBUS.
-The command line program `busctl` can be used for demonstrating the API calls
-and showing the results.
+### API Documentation
+The complete API documentation can be found in the org.opensuse.tukit.Transaction.xml and
+org.opensuse.tukit.Snapshot.xml interface files.
-### Transaction
+### Examples
-#### open
+#### Open
Creates a new transaction and returns its unique ID.
Parameter:
@@ -37,9 +40,9 @@
`busctl` example:
-> busctl call org.opensuse.tukit /org/opensuse/tukit/Transaction org.opensuse.tukit.Transaction open "s" "default"
+> busctl call org.opensuse.tukit /org/opensuse/tukit/Transaction org.opensuse.tukit.Transaction Open "s" "default"
-### call
+### Call
Executes the given command from within the transaction's **chroot environment**, resuming the
transaction with the given ID; returns the exit status and the result of the given command.
In case of errors the snapshot will not be deleted.
@@ -58,12 +61,12 @@
`busctl` example:
* call `ls` in open transaction with ID `536`:
- > busctl call org.opensuse.tukit /org/opensuse/tukit/Transaction org.opensuse.tukit.Transaction call "ss" "536" "bash -c 'ls'"
-
+ > busctl call org.opensuse.tukit /org/opensuse/tukit/Transaction org.opensuse.tukit.Transaction Call "ss" "536" "bash -c 'ls'"
+
The returned signal can be monitored by:
> busctl --system --match "path\_namespace='/org/opensuse/tukit'" monitor
-### callext
+### CallExt
Executes the given command. The command is **not** executed in a **chroot environment**, but instead runs
in the current system, replacing '{}' with the mount directory of the given snapshot.
In case of errors the snapshot will not be deleted.
@@ -82,33 +85,33 @@
`busctl` example:
* copy file from active system into transaction with ID `536`:
- > busctl call org.opensuse.tukit /org/opensuse/tukit/Transaction org.opensuse.tukit.Transaction callext "ss" "536" "bash -c 'mv /tmp/mylib {}/usr/lib'"
+ > busctl call org.opensuse.tukit /org/opensuse/tukit/Transaction org.opensuse.tukit.Transaction CallExt "ss" "536" "bash -c 'mv /tmp/mylib {}/usr/lib'"
The returned signal can be monitored by:
> busctl --system --match "path\_namespace='/org/opensuse/tukit'" monitor
-### close
+### Close
Closes the given transaction and sets the snapshot as the new default snapshot.
Parameter:
* unique ID (string)
Return value:
-* return integer; 0 on success
+* None
`busctl` Example:
-> busctl call org.opensuse.tukit /org/opensuse/tukit/Transaction org.opensuse.tukit.Transaction close "s" "420"
+> busctl call org.opensuse.tukit /org/opensuse/tukit/Transaction org.opensuse.tukit.Transaction Close "s" "420"
-### abort
-Deletes the given snapshot.
+### Abort
+Cancel an open transaction so the snapshot will be deleted again.
Parameter:
* unique ID (string)
Return value:
-* return integer; 0 on success
+* None
`busctl` Example:
-> busctl call org.opensuse.tukit /org/opensuse/tukit/Transaction org.opensuse.tukit.Transaction abort "s" "420"
+> busctl call org.opensuse.tukit /org/opensuse/tukit/Transaction org.opensuse.tukit.Transaction Abort "s" "420"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.4.0/dbus/org.opensuse.tukit.Snapshot.xml new/transactional-update-4.5.0/dbus/org.opensuse.tukit.Snapshot.xml
--- old/transactional-update-4.4.0/dbus/org.opensuse.tukit.Snapshot.xml 2023-09-11 15:49:37.000000000 +0200
+++ new/transactional-update-4.5.0/dbus/org.opensuse.tukit.Snapshot.xml 2023-11-20 18:09:46.000000000 +0100
@@ -8,11 +8,10 @@
<doc:para>
Retrieve a list of snapshots present on the system, including their properties. For
performance reasons only the properties explicity requested via the "columns" arg
- are queried. the desired snapshots's properties (such as the snapshot id,
- description or whether it is the default snapshot) have to be queried explicitly.
+ are queried.
</doc:para>
<doc:example language="shell" title="Query some fields">
- <doc:para>Request of common fields:</doc:para>
+ <doc:para>Request several common fields:</doc:para>
<doc:code>busctl call org.opensuse.tukit /org/opensuse/tukit/Snapshot org.opensuse.tukit.Snapshot List "s" "number,description,default,active,userdata,cleanup,date,user"</doc:code>
<doc:para>Example output on bus:</doc:para>
<doc:code>
@@ -201,10 +200,10 @@
<doc:error name="org.opensuse.tukit.Error">if an error occured.</doc:error>
</doc:errors>
<arg type="s" name="columns" direction="in">
- <doc:doc><doc:summary>A comma separated list of fields to query such as the snapshot
+ <doc:doc><doc:summary>A comma separated list of fields to query, such as the snapshot
id, the description or whether it is the default snapshot. The accepted field names
- currently match the ... If the list is empty, an
- empty map array will be returned; this can be used to query the number of
+ currently match the accepted fields of the "snapper list" command. If the list is
+ empty, an empty map array will be returned; this can be used to query the number of
snapshots.</doc:summary></doc:doc>
</arg>
<arg type="aa{ss}" name="list" direction="out">
@@ -215,4 +214,4 @@
</arg>
</method>
</interface>
-</node>
\ No newline at end of file
+</node>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.4.0/dbus/tukitd.c new/transactional-update-4.5.0/dbus/tukitd.c
--- old/transactional-update-4.4.0/dbus/tukitd.c 2023-09-11 15:49:37.000000000 +0200
+++ new/transactional-update-4.5.0/dbus/tukitd.c 2023-11-20 18:09:46.000000000 +0100
@@ -763,6 +763,53 @@
return ret;
}
+static int snapshot_delete(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) {
+ char *snapshot;
+ int ret = 0;
+ sd_bus_message *message = NULL;
+
+ if (sd_bus_message_read(m, "s", &snapshot) < 0) {
+ sd_bus_error_set_const(ret_error, "org.opensuse.tukit.Error", "Could not read D-Bus parameters.");
+ return -1;
+ }
+
+ ret = lockSnapshot(userdata, snapshot, ret_error);
+ if (ret != 0) {
+ return ret;
+ }
+
+ fprintf(stdout, "Deleting snapshot %s...\n", snapshot);
+ if ((ret = tukit_sm_deletesnap(snapshot)) < 0) {
+ sd_bus_error_set_const(ret_error, "org.opensuse.tukit.Error", tukit_get_errmsg());
+ sd_bus_message_unref(message);
+ unlockSnapshot(userdata, snapshot);
+ return ret;
+ }
+
+ unlockSnapshot(userdata, snapshot);
+ return sd_bus_reply_method_return(m, "");
+}
+
+static int snapshot_rollback(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) {
+ char *snapshot;
+ int ret = 0;
+ sd_bus_message *message = NULL;
+
+ if (sd_bus_message_read(m, "s", &snapshot) < 0) {
+ sd_bus_error_set_const(ret_error, "org.opensuse.tukit.Error", "Could not read D-Bus parameters.");
+ return -1;
+ }
+
+ if ((ret = tukit_sm_rollbackto(snapshot)) < 0) {
+ sd_bus_error_set_const(ret_error, "org.opensuse.tukit.Error", tukit_get_errmsg());
+ sd_bus_message_unref(message);
+ return ret;
+ }
+
+ fprintf(stdout, "Rollback to snapshot %s.\n", snapshot);
+ return sd_bus_reply_method_return(m, "");
+}
+
int event_handler(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) {
TransactionEntry* activeTransaction = userdata;
if (activeTransaction->id != NULL) {
@@ -801,6 +848,8 @@
static const sd_bus_vtable tukit_snapshot_vtable[] = {
SD_BUS_VTABLE_START(0),
SD_BUS_METHOD_WITH_ARGS("List", SD_BUS_ARGS("s", columns), SD_BUS_RESULT("aa{ss}", list), snapshot_list, 0),
+ SD_BUS_METHOD_WITH_ARGS("Delete", SD_BUS_ARGS("s", snapshot), SD_BUS_NO_RESULT, snapshot_delete, 0),
+ SD_BUS_METHOD_WITH_ARGS("RollbackTo", SD_BUS_ARGS("s", snapshot), SD_BUS_NO_RESULT, snapshot_rollback, 0),
SD_BUS_VTABLE_END
};
@@ -843,7 +892,7 @@
"/org/opensuse/tukit/Snapshot",
"org.opensuse.tukit.Snapshot",
tukit_snapshot_vtable,
- NULL);
+ activeTransactions);
if (ret < 0) {
fprintf(stderr, "Failed to issue method call: %s\n", strerror(-ret));
goto finish;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.4.0/etc/transactional-update.conf new/transactional-update-4.5.0/etc/transactional-update.conf
--- old/transactional-update-4.4.0/etc/transactional-update.conf 2023-09-11 15:49:37.000000000 +0200
+++ new/transactional-update-4.5.0/etc/transactional-update.conf 2023-11-20 18:09:46.000000000 +0100
@@ -5,7 +5,7 @@
# Valid values: auto rebootmgr notify systemd kexec kured none
#REBOOT_METHOD=auto
-# zypper update method
+# Default zypper update method
# Valid values: dup up
UPDATE_METHOD=dup
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.4.0/lib/Bindings/CBindings.cpp new/transactional-update-4.5.0/lib/Bindings/CBindings.cpp
--- old/transactional-update-4.4.0/lib/Bindings/CBindings.cpp 2023-09-11 15:49:37.000000000 +0200
+++ new/transactional-update-4.5.0/lib/Bindings/CBindings.cpp 2023-11-20 18:09:46.000000000 +0100
@@ -249,6 +249,18 @@
}
}
+int tukit_sm_rollbackto(const char* id) {
+ try {
+ std::unique_ptr<TransactionalUpdate::SnapshotManager> snapshotMgr = TransactionalUpdate::SnapshotFactory::get();
+ snapshotMgr->rollbackTo(id);
+ return 0;
+ } catch (const std::exception &e) {
+ fprintf(stderr, "ERROR: %s\n", e.what());
+ errmsg = e.what();
+ return -1;
+ }
+}
+
int tukit_reboot(const char* method) {
try {
auto rebootmgr = Reboot{method};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.4.0/lib/Bindings/libtukit.h new/transactional-update-4.5.0/lib/Bindings/libtukit.h
--- old/transactional-update-4.4.0/lib/Bindings/libtukit.h 2023-09-11 15:49:37.000000000 +0200
+++ new/transactional-update-4.5.0/lib/Bindings/libtukit.h 2023-11-20 18:09:46.000000000 +0100
@@ -43,6 +43,7 @@
const char* tukit_sm_get_list_value(tukit_sm_list list, size_t row, char* columns);
void tukit_free_sm_list(tukit_sm_list list);
int tukit_sm_deletesnap(const char* id);
+int tukit_sm_rollbackto(const char* id);
int tukit_reboot(const char* method);
#ifdef __cplusplus
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.4.0/lib/Overlay.cpp new/transactional-update-4.5.0/lib/Overlay.cpp
--- old/transactional-update-4.4.0/lib/Overlay.cpp 2023-09-11 15:49:37.000000000 +0200
+++ new/transactional-update-4.5.0/lib/Overlay.cpp 2023-11-20 18:09:46.000000000 +0100
@@ -17,6 +17,7 @@
#include <selinux/selinux.h>
#include <selinux/context.h>
#include <sstream>
+#include <sys/stat.h>
#include <unistd.h>
using std::exception;
@@ -185,7 +186,16 @@
// Remove overlay directory if it already exists (e.g. after the snapshot was deleted)
fs::remove_all(upperdir);
- fs::create_directories(upperdir);
+ fs::create_directory(upperdir, "/etc");
+ // Explicitly copy the current /etc permissions, even if the umask was more restrictive
+ struct stat status;
+ tulog.info(parent.upperdir.string());
+ if (stat(parent.upperdir.c_str(), &status) != 0) {
+ throw std::runtime_error{"could not get permissions of /etc: " + std::string(strerror(errno))};
+ }
+ if (chmod(upperdir.c_str(), status.st_mode) != 0) {
+ throw std::runtime_error{"could not set permissions of " + upperdir.string() + ": " + std::string(strerror(errno))};
+ }
char* context = NULL;
if (getfilecon("/etc", &context) > 0) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.4.0/lib/Snapshot/Snapper.cpp new/transactional-update-4.5.0/lib/Snapshot/Snapper.cpp
--- old/transactional-update-4.4.0/lib/Snapshot/Snapper.cpp 2023-09-11 15:49:37.000000000 +0200
+++ new/transactional-update-4.5.0/lib/Snapshot/Snapper.cpp 2023-11-20 18:09:46.000000000 +0100
@@ -125,6 +125,10 @@
callSnapper("delete " + id);
}
+void Snapper::rollbackTo(std::string id) {
+ callSnapper("rollback " + id);
+}
+
bool Snapper::isInProgress() {
std::string desc = callSnapper("--csvout list --columns number,userdata");
std::smatch match;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.4.0/lib/Snapshot/Snapper.hpp new/transactional-update-4.5.0/lib/Snapshot/Snapper.hpp
--- old/transactional-update-4.4.0/lib/Snapshot/Snapper.hpp 2023-09-11 15:49:37.000000000 +0200
+++ new/transactional-update-4.5.0/lib/Snapshot/Snapper.hpp 2023-11-20 18:09:46.000000000 +0100
@@ -37,6 +37,7 @@
std::string getCurrent() override;
std::string getDefault() override;
void deleteSnap(std::string id) override;
+ void rollbackTo(std::string id) override;
private:
std::string callSnapper(std::string);
inline static bool snapperNoDbus;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.4.0/lib/Snapshot.hpp new/transactional-update-4.5.0/lib/Snapshot.hpp
--- old/transactional-update-4.4.0/lib/Snapshot.hpp 2023-09-11 15:49:37.000000000 +0200
+++ new/transactional-update-4.5.0/lib/Snapshot.hpp 2023-11-20 18:09:46.000000000 +0100
@@ -10,7 +10,6 @@
#define T_U_SNAPSHOT_H
#include <filesystem>
-#include <memory>
#include <string>
namespace TransactionalUpdate {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.4.0/lib/SnapshotManager.hpp new/transactional-update-4.5.0/lib/SnapshotManager.hpp
--- old/transactional-update-4.4.0/lib/SnapshotManager.hpp 2023-09-11 15:49:37.000000000 +0200
+++ new/transactional-update-4.5.0/lib/SnapshotManager.hpp 2023-11-20 18:09:46.000000000 +0100
@@ -58,12 +58,18 @@
virtual std::string getDefault() = 0;
/**
- * @brief deleteSnap Deletes the given snapshot; note that the method may not fail if the snapshot
+ * @brief deleteSnap Deletes the given snapshot; note that the method may fail if the snapshot
* cannot be deleted because it is currently in use or set as the default snapshot, so
* getCurrent() and getDefault() should be used beforehand.
* @param id ID of the snapshot to be deleted.
*/
virtual void deleteSnap(std::string id) = 0;
+
+ /**
+ * @brief Set the given snapshot ID as the default snapshot ID
+ * @param id ID of the snapshot to be rolled back to.
+ */
+ virtual void rollbackTo(std::string id) = 0;
};
class SnapshotFactory {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.4.0/lib/Transaction.cpp new/transactional-update-4.5.0/lib/Transaction.cpp
--- old/transactional-update-4.4.0/lib/Transaction.cpp 2023-09-11 15:49:37.000000000 +0200
+++ new/transactional-update-4.5.0/lib/Transaction.cpp 2023-11-20 18:09:46.000000000 +0100
@@ -17,7 +17,6 @@
#include "Supplement.hpp"
#include "Util.hpp"
#include <cerrno>
-#include <chrono>
#include <cstdlib>
#include <cstring>
#include <fstream>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.4.0/man/transactional-update.8.xml new/transactional-update-4.5.0/man/transactional-update.8.xml
--- old/transactional-update-4.4.0/man/transactional-update.8.xml 2023-09-11 15:49:37.000000000 +0200
+++ new/transactional-update-4.5.0/man/transactional-update.8.xml 2023-11-20 18:09:46.000000000 +0100
@@ -144,8 +144,10 @@
<refsect1 id='commands'><title>COMMANDS</title>
<para>
- If none of the following commands is given <option>up</option> will be
- assumed.
+ If none of the following commands is given, the value of
+ <option>UPDATE_METHOD</option> in
+ <citerefentry><refentrytitle>transactional-update.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ will be assumed.
</para>
<refsect2 id='general_commands'><title>General Commands</title>
<para>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.4.0/man/transactional-update.conf.5.xml new/transactional-update-4.5.0/man/transactional-update.conf.5.xml
--- old/transactional-update-4.4.0/man/transactional-update.conf.5.xml 2023-09-11 15:49:37.000000000 +0200
+++ new/transactional-update-4.5.0/man/transactional-update.conf.5.xml 2023-11-20 18:09:46.000000000 +0100
@@ -165,7 +165,9 @@
<listitem>
<para>
Specify the zypper update method to use. This value is used for
- <citerefentry><refentrytitle>transactional-update.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+ <citerefentry><refentrytitle>transactional-update.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ and in case no command is specified when calling
+ <literal>transactional-update</literal>.
</para>
<variablelist>
<varlistentry>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.4.0/sbin/transactional-update.in new/transactional-update-4.5.0/sbin/transactional-update.in
--- old/transactional-update-4.4.0/sbin/transactional-update.in 2023-09-11 15:49:37.000000000 +0200
+++ new/transactional-update-4.5.0/sbin/transactional-update.in 2023-11-20 18:09:46.000000000 +0100
@@ -50,6 +50,7 @@
SETUP_FIPS=0
SETUP_KDUMP=0
SETUP_SELINUX=0
+UPDATE_METHOD="up"
USE_TELEMETRICS=0
TELEM_PAYLOAD="PACKAGE_NAME=transactional-update\nPACKAGE_VERSION=@VERSION@"
TELEM_CLASS=""
@@ -247,11 +248,14 @@
}
rebuild_kdump_initrd() {
- test -f "/.snapshots/$1/snapshot/usr/lib/systemd/system/kdump.service" || return 0
- tukit -q call "$1" systemctl is-enabled --quiet kdump.service
- if [ $? = 0 -a -x "/.snapshots/$1/snapshot/sbin/mkdumprd" ]; then
+ if tukit -q call "$1" systemctl is-enabled --quiet kdump.service; then
tukit ${TUKIT_OPTS} call "$1" /sbin/mkdumprd |& tee -a ${LOGFILE} 1>&${origstdout}
+ return ${PIPESTATUS[0]}
+ elif [ ${SETUP_KDUMP} -ge 1 ]; then
+ log_info "INFO: Requested rebuild of kdump initrd, but kdump is not enabled."
+ log_info " Did you mean 'setup-kdump'?"
fi
+ return 0;
}
# start telemetry system if installed
@@ -854,270 +858,274 @@
ORIG_ARGS=("$@")
-while [ 1 ]; do
- if [ $# -eq 0 ]; then
- break
- fi
-
- case "$1" in
- cleanup)
- DO_CLEANUP_OVERLAYS=1
- DO_CLEANUP_SNAPSHOTS=1
- shift
- ;;
- cleanup-snapshots)
- DO_CLEANUP_SNAPSHOTS=1
- shift
- ;;
- cleanup-overlays)
- DO_CLEANUP_OVERLAYS=1
- shift
- ;;
- dist-upgrade|dup)
- DO_DUP=1
- ZYPPER_ARG="--no-cd dup"
- shift
- TELEM_CLASS="upgrade"
- ;;
- update|up)
- ZYPPER_ARG=up
- shift
- TELEM_CLASS="update"
- ;;
- patch)
- ZYPPER_ARG="--non-interactive-include-reboot-patches patch"
- shift
- TELEM_CLASS="patch"
- ;;
- ptf|pkg|package)
- TELEM_CLASS="package"
- shift
- if [ $# -eq 0 ]; then
- usage 1
- fi
- # Interactively run installing PTFs
- ZYPPER_NONINTERACTIVE="${FORCE_NONINTERACTIVE:-}"
- case "$1" in
- install|in)
- ZYPPER_ARG="install"
- shift
- ;;
- remove|rm)
- ZYPPER_ARG="remove"
- if [ -n "${ZYPPER_NONINTERACTIVE}" ]; then
- ZYPPER_NONINTERACTIVE="-y"
- fi
- shift
- ;;
- update|up)
- ZYPPER_ARG="up"
- shift
- ;;
- *)
- usage 1;
- ;;
- esac
- DO_CALLEXT=1
+parse_args() {
+ while [ 1 ]; do
+ if [ $# -eq 0 ]; then
+ break
+ fi
- if [ $# -eq 0 ]; then
- usage 1
- fi
+ case "$1" in
+ cleanup)
+ DO_CLEANUP_OVERLAYS=1
+ DO_CLEANUP_SNAPSHOTS=1
+ shift
+ ;;
+ cleanup-snapshots)
+ DO_CLEANUP_SNAPSHOTS=1
+ shift
+ ;;
+ cleanup-overlays)
+ DO_CLEANUP_OVERLAYS=1
+ shift
+ ;;
+ dist-upgrade|dup)
+ DO_DUP=1
+ ZYPPER_ARG="--no-cd dup"
+ shift
+ TELEM_CLASS="upgrade"
+ ;;
+ update|up)
+ ZYPPER_ARG=up
+ shift
+ TELEM_CLASS="update"
+ ;;
+ patch)
+ ZYPPER_ARG="--non-interactive-include-reboot-patches patch"
+ shift
+ TELEM_CLASS="patch"
+ ;;
+ ptf|pkg|package)
+ TELEM_CLASS="package"
+ shift
+ if [ $# -eq 0 ]; then
+ usage 1
+ fi
+ # Interactively run installing PTFs
+ ZYPPER_NONINTERACTIVE="${FORCE_NONINTERACTIVE:-}"
+ case "$1" in
+ install|in)
+ ZYPPER_ARG="install"
+ shift
+ ;;
+ remove|rm)
+ ZYPPER_ARG="remove"
+ if [ -n "${ZYPPER_NONINTERACTIVE}" ]; then
+ ZYPPER_NONINTERACTIVE="-y"
+ fi
+ shift
+ ;;
+ update|up)
+ ZYPPER_ARG="up"
+ shift
+ ;;
+ *)
+ usage 1;
+ ;;
+ esac
+ DO_CALLEXT=1
- while [ 1 ]; do
if [ $# -eq 0 ]; then
- break;
+ usage 1
+ fi
+
+ while [ 1 ]; do
+ if [ $# -eq 0 ]; then
+ break;
+ else
+ ZYPPER_ARG_PKGS+=("$1");
+ shift
+ fi
+ done
+ ;;
+ migration)
+ TELEM_CLASS="migration"
+ __NO_RESET=0
+ DO_MIGRATION=1
+ ZYPPER_ARG="migration --no-snapshots --no-selfupdate"
+ if [ -n "${FORCE_NONINTERACTIVE}" ]; then
+ # non interative option is named different for
+ # different commands ...
+ ZYPPER_NONINTERACTIVE="--non-interactive --auto-agree-with-licenses"
else
- ZYPPER_ARG_PKGS+=("$1");
+ ZYPPER_NONINTERACTIVE=""
+ fi
+ shift
+ ;;
+ bootloader)
+ test -z "$TELEM_CLASS" && TELEM_CLASS="bootloader"
+ REWRITE_BOOTLOADER=1
+ REWRITE_GRUB_CFG=1
+ shift
+ ;;
+ grub.cfg)
+ test -z "$TELEM_CLASS" && TELEM_CLASS="bootloader"
+ REWRITE_GRUB_CFG=1
+ shift
+ ;;
+ shell)
+ test -z "$TELEM_CLASS" && TELEM_CLASS="shell"
+ RUN_SHELL=1
+ shift
+ if [ "$1" = "-c" ]; then
+ if [ -z "$2" ]; then
+ SHELL_CMD="-"
+ else
+ SHELL_CMD="$2"
+ shift
+ fi
shift
fi
- done
- ;;
- migration)
- TELEM_CLASS="migration"
- __NO_RESET=0
- DO_MIGRATION=1
- ZYPPER_ARG="migration --no-snapshots --no-selfupdate"
- if [ -n "${FORCE_NONINTERACTIVE}" ]; then
- # non interative option is named different for
- # different commands ...
- ZYPPER_NONINTERACTIVE="--non-interactive --auto-agree-with-licenses"
- else
- ZYPPER_NONINTERACTIVE=""
- fi
- shift
- ;;
- bootloader)
- test -z "$TELEM_CLASS" && TELEM_CLASS="bootloader"
- REWRITE_BOOTLOADER=1
- REWRITE_GRUB_CFG=1
- shift
- ;;
- grub.cfg)
- test -z "$TELEM_CLASS" && TELEM_CLASS="bootloader"
- REWRITE_GRUB_CFG=1
- shift
- ;;
- shell)
- test -z "$TELEM_CLASS" && TELEM_CLASS="shell"
- RUN_SHELL=1
- shift
- if [ "$1" = "-c" ]; then
- if [ -z "$2" ]; then
- SHELL_CMD="-"
- else
- SHELL_CMD="$2"
+ ;;
+ initrd)
+ test -z "$TELEM_CLASS" && TELEM_CLASS="initrd"
+ REWRITE_INITRD=1
+ REBUILD_KDUMP_INITRD=1
+ shift
+ ;;
+ kdump)
+ test -z "$TELEM_CLASS" && TELEM_CLASS="kdump"
+ REBUILD_KDUMP_INITRD=1
+ SETUP_KDUMP=2
+ shift
+ ;;
+ reboot)
+ REBOOT_AFTERWARDS=1
+ shift
+ ;;
+ rollback)
+ TELEM_CLASS="rollback"
+ DO_ROLLBACK=1
+ DO_SELF_UPDATE=0
+ shift
+ if [ $# -eq 1 ]; then
+ ROLLBACK_SNAPSHOT=$1
shift
fi
+ ;;
+ apply)
+ DO_APPLY=1
shift
- fi
- ;;
- initrd)
- test -z "$TELEM_CLASS" && TELEM_CLASS="initrd"
- REWRITE_INITRD=1
- REBUILD_KDUMP_INITRD=1
- shift
- ;;
- kdump)
- test -z "$TELEM_CLASS" && TELEM_CLASS="kdump"
- REBUILD_KDUMP_INITRD=1
- shift
- ;;
- reboot)
- REBOOT_AFTERWARDS=1
- shift
- ;;
- rollback)
- TELEM_CLASS="rollback"
- DO_ROLLBACK=1
- DO_SELF_UPDATE=0
- shift
- if [ $# -eq 1 ]; then
- ROLLBACK_SNAPSHOT=$1
+ ;;
+ run)
+ test -z "$TELEM_CLASS" && TELEM_CLASS="shell"
+ DO_RUN=1
shift
- fi
- ;;
- apply)
- DO_APPLY=1
- shift
- ;;
- run)
- test -z "$TELEM_CLASS" && TELEM_CLASS="shell"
- DO_RUN=1
- shift
-
- # Collect arguments for run
- if [ $# -eq 0 ]; then
- usage 1
- fi
- RUN_CMD=("$@")
- break
- ;;
- setup-fips)
- test -z "$TELEM_CLASS" && TELEM_CLASS="fips"
- SETUP_FIPS=1
- shift
- ;;
- setup-kdump)
- test -z "$TELEM_CLASS" && TELEM_CLASS="setup-kdump"
- SETUP_KDUMP=1
- shift
- if [[ $1 == --crashkernel* ]]; then
- if ! [[ $1 =~ ^--crashkernel=[[:digit:]]+,[[:digit:]]+ ]]; then
- echo "Invalid --crashkernel syntax"
+ # Collect arguments for run
+ if [ $# -eq 0 ]; then
usage 1
fi
- KDUMP_LOW="$(echo "$1" | cut -d '=' -f 2 | cut -d ',' -f 1)"
- KDUMP_HIGH="$(echo "$1" | cut -d '=' -f 2 | cut -d ',' -f 2)"
+
+ RUN_CMD=("$@")
+ break
+ ;;
+ setup-fips)
+ test -z "$TELEM_CLASS" && TELEM_CLASS="fips"
+ SETUP_FIPS=1
shift
- fi
- ;;
- setup-selinux)
- test -z "$TELEM_CLASS" && TELEM_CLASS="selinux"
- SETUP_SELINUX=1
- shift
- ;;
- status)
- DO_STATUS=1
- DO_SELF_UPDATE=0
- shift
- while [ 1 ]; do
- [ $# -eq 0 ] && break
- case "$1" in
- last)
- DO_STATUS_LAST=1
- shift
- ;;
- *)
- usage 1;
- ;;
- esac
- done
- ;;
- -i|--interactive)
- ZYPPER_NONINTERACTIVE=""
- shift
- ;;
- -n|--non-interactive)
- FORCE_NONINTERACTIVE="${ZYPPER_NONINTERACTIVE}"
- shift
- ;;
- -c|--continue)
- # Check whether we got an optional snapshot number argument
- if [[ $2 =~ ^[0-9]+$ ]]; then
- BASE_SNAPSHOT_ID="$2"
+ ;;
+ setup-kdump)
+ test -z "$TELEM_CLASS" && TELEM_CLASS="setup-kdump"
+ SETUP_KDUMP=1
+ shift
+ if [[ $1 == --crashkernel* ]]; then
+ if ! [[ $1 =~ ^--crashkernel=[[:digit:]]+,[[:digit:]]+ ]]; then
+ echo "Invalid --crashkernel syntax"
+ usage 1
+ fi
+ KDUMP_LOW="$(echo "$1" | cut -d '=' -f 2 | cut -d ',' -f 1)"
+ KDUMP_HIGH="$(echo "$1" | cut -d '=' -f 2 | cut -d ',' -f 2)"
+ shift
+ fi
+ ;;
+ setup-selinux)
+ test -z "$TELEM_CLASS" && TELEM_CLASS="selinux"
+ SETUP_SELINUX=1
+ shift
+ ;;
+ status)
+ DO_STATUS=1
+ DO_SELF_UPDATE=0
+ shift
+ while [ 1 ]; do
+ [ $# -eq 0 ] && break
+ case "$1" in
+ last)
+ DO_STATUS_LAST=1
+ shift
+ ;;
+ *)
+ usage 1;
+ ;;
+ esac
+ done
+ ;;
+ -i|--interactive)
+ ZYPPER_NONINTERACTIVE=""
+ shift
+ ;;
+ -n|--non-interactive)
+ FORCE_NONINTERACTIVE="${ZYPPER_NONINTERACTIVE}"
+ shift
+ ;;
+ -c|--continue)
+ # Check whether we got an optional snapshot number argument
+ if [[ $2 =~ ^[0-9]+$ ]]; then
+ BASE_SNAPSHOT_ID="$2"
+ shift
+ else
+ BASE_SNAPSHOT_ID="default"
+ fi
+ shift
+ ;;
+ --no-selfupdate)
+ DO_SELF_UPDATE=0
+ shift
+ ;;
+ -d|--drop-if-no-change)
+ TUKIT_OPTS="${TUKIT_OPTS} --discard"
+ shift
+ ;;
+ --quiet)
+ VERBOSITY=1
+ TUKIT_OPTS="${TUKIT_OPTS} --quiet"
+ DRACUT_OPTS="${DRACUT_OPTS} --quiet"
+ # ZYPPER_ARG handled below
+ shift
+ ;;
+ register)
+ DO_REGISTRATION=1
shift
- else
- BASE_SNAPSHOT_ID="default"
- fi
- shift
- ;;
- --no-selfupdate)
- DO_SELF_UPDATE=0
- shift
- ;;
- -d|--drop-if-no-change)
- TUKIT_OPTS="${TUKIT_OPTS} --discard"
- shift
- ;;
- --quiet)
- VERBOSITY=1
- TUKIT_OPTS="${TUKIT_OPTS} --quiet"
- DRACUT_OPTS="${DRACUT_OPTS} --quiet"
- # ZYPPER_ARG handled below
- shift
- ;;
- register)
- DO_REGISTRATION=1
- shift
- if [ $# -eq 0 ]; then
- usage 1
- fi
- if ! command -v SUSEConnect >/dev/null; then
- echo "SUSEConnect does not exist on this system."
- exit 1
- fi
+ if [ $# -eq 0 ]; then
+ usage 1
+ fi
+ if ! command -v SUSEConnect >/dev/null; then
+ echo "SUSEConnect does not exist on this system."
+ exit 1
+ fi
- REGISTRATION_ARGS="$*";
- shift $#
+ REGISTRATION_ARGS="$*";
+ shift $#
- # A lot of commands won't change anything; discard snapshot then
- TUKIT_OPTS="${TUKIT_OPTS} --discard"
- ;;
- -h|--help)
- usage 0
- ;;
- --version)
- print_version
- ;;
- *)
- if [ $# -ge 1 ]; then
- usage 1;
- fi
- ;;
- esac
-done
+ # A lot of commands won't change anything; discard snapshot then
+ TUKIT_OPTS="${TUKIT_OPTS} --discard"
+ ;;
+ -h|--help)
+ usage 0
+ ;;
+ --version)
+ print_version
+ ;;
+ *)
+ if [ $# -ge 1 ]; then
+ usage 1;
+ fi
+ ;;
+ esac
+ done
+}
+parse_args "${ORIG_ARGS[@]}"
# Duplicate stdout before creating custom handlers
exec {origstdout}>&1
@@ -1193,12 +1201,11 @@
REBUILD_KDUMP_INITRD=1
fi
-# If no commands were given, assume "up"
+# If no commands were given, use default from config
if [ -z "${ZYPPER_ARG}" -a -z "${TELEM_CLASS}" -a "${REBOOT_AFTERWARDS}" -eq 0 \
-a "${DO_REGISTRATION}" -eq 0 -a "${DO_CLEANUP_OVERLAYS}" -eq 0 \
-a "${DO_CLEANUP_SNAPSHOTS}" -eq 0 -a "${DO_APPLY}" -eq 0 ]; then
- ZYPPER_ARG="up"
- TELEM_CLASS="update"
+ parse_args "${UPDATE_METHOD}"
fi
# Prevent running transactional-update inside transactional-update
@@ -1313,7 +1320,7 @@
log_info "Rollback to snapshot ${ROLLBACK_SNAPSHOT}..."
- snapper rollback "${ROLLBACK_SNAPSHOT}"
+ tukit rollback "${ROLLBACK_SNAPSHOT}"
if [ $? -ne 0 ]; then
log_error "ERROR: Rollback to snapshot $ROLLBACK_SNAPSHOT failed!"
quit 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.4.0/tukit/tukit.cpp new/transactional-update-4.5.0/tukit/tukit.cpp
--- old/transactional-update-4.4.0/tukit/tukit.cpp 2023-09-11 15:49:37.000000000 +0200
+++ new/transactional-update-4.5.0/tukit/tukit.cpp 2023-11-20 18:09:46.000000000 +0100
@@ -49,6 +49,8 @@
cout << "\tCloses the given transaction and sets the snapshot as the new default snapshot\n";
cout << "abort <ID>\n";
cout << "\tDeletes the given snapshot again\n";
+ cout << "rollback <ID>\n";
+ cout << "\tRoll back to given snapshot\n";
cout << "\n";
cout << "Transaction Options:\n";
cout << "--continue[=<ID>], -c[<ID>] Use latest or given snapshot as base\n";
@@ -181,16 +183,33 @@
return status;
}
else if (arg == "close") {
+ if (argv[1] == nullptr) {
+ displayHelp();
+ throw invalid_argument{"Missing argument for 'close'"};
+ }
TransactionalUpdate::Transaction transaction{};
transaction.resume(argv[1]);
transaction.finalize();
return 0;
}
else if (arg == "abort") {
+ if (argv[1] == nullptr) {
+ displayHelp();
+ throw invalid_argument{"Missing argument for 'abort'"};
+ }
TransactionalUpdate::Transaction transaction{};
transaction.resume(argv[1]);
return 0;
}
+ else if (arg == "rollback") {
+ if (argv[1] == nullptr) {
+ displayHelp();
+ throw invalid_argument{"Missing argument for 'rollback'"};
+ }
+ unique_ptr<TransactionalUpdate::SnapshotManager> snapshotMgr = TransactionalUpdate::SnapshotFactory::get();
+ snapshotMgr->rollbackTo(argv[1]);
+ return 0;
+ }
else if (arg == "snapshots") {
unique_ptr<TransactionalUpdate::SnapshotManager> snapshotMgr = TransactionalUpdate::SnapshotFactory::get();
if (fields.empty()) {
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-pip for openSUSE:Factory checked in at 2023-11-22 18:54:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-pip (Old)
and /work/SRC/openSUSE:Factory/.python-pip.new.25432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pip"
Wed Nov 22 18:54:20 2023 rev:62 rq:1127960 version:23.3.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-pip/python-pip.changes 2023-08-30 10:21:34.406482585 +0200
+++ /work/SRC/openSUSE:Factory/.python-pip.new.25432/python-pip.changes 2023-11-22 18:54:33.287457601 +0100
@@ -1,0 +2,71 @@
+Tue Nov 21 10:38:00 UTC 2023 - Matej Cepl <mcepl(a)cepl.eu>
+
+- Update to 23.3.1:
+ - Bug Fixes
+ - Handle a timezone indicator of Z when parsing dates in the
+ self check. (#12338)
+ - Fix bug where installing the same package at the same time
+ with multiple pip processes could fail. (#12361)
+- Update to 23.3:
+ - Process
+ - Added reference to vulnerability reporting guidelines to
+ pip's security policy.
+ - Features
+ - Improve extras resolution for multiple constraints on same
+ base package. (#11924)
+ - Improve use of datastructures to make candidate selection
+ 1.6x faster. (#12204)
+ - Allow pip install --dry-run to use platform and ABI
+ overriding options. (#12215)
+ - Add is_yanked boolean entry to the installation report
+ (--report) to indicate whether the requirement was yanked
+ from the index, but was still selected by pip conform to
+ PEP 592. (#12224)
+ - Bug Fixes
+ - Ignore errors in temporary directory cleanup (show a
+ warning instead). (#11394)
+ - Normalize extras according to PEP 685 from package metadata
+ in the resolver for comparison. This ensures extras are
+ correctly compared and merged as long as the package
+ providing the extra(s) is built with values normalized
+ according to the standard. Note, however, that this
+ does not solve cases where the package itself contains
+ unnormalized extra values in the metadata. (#11649)
+ - Prevent downloading sdists twice when PEP 658 metadata is
+ present. (#11847)
+ - Include all requested extras in the install report
+ (--report). (#11924)
+ - Removed uses of datetime.datetime.utcnow from non-vendored
+ code. (#12005)
+ - Consistently report whether a dependency comes from an
+ extra. (#12095)
+ - Fix completion script for zsh (#12166)
+ - Fix improper handling of the new onexc argument of
+ shutil.rmtree() in Python 3.12. (#12187)
+ - Filter out yanked links from the available versions
+ error message: "(from versions: 1.0, 2.0, 3.0)" will
+ not contain yanked versions conform PEP 592. The yanked
+ versions (if any) will be mentioned in a separate error
+ message. (#12225)
+ - Fix crash when the git version number contains something
+ else than digits and dots. (#12280)
+ - Use -r=... instead of -r ... to specify references with
+ Mercurial. (#12306, CVE-2023-5752, bsc#1217353)
+ - Redact password from URLs in some additional
+ places. (#12350)
+ - pip uses less memory when caching large packages. As a
+ result, there is a new on-disk cache format stored in a new
+ directory ($PIP_CACHE_DIR/http-v2). (#2984)
+ - Vendored Libraries
+ - Upgrade certifi to 2023.7.22
+ - Add truststore 0.8.0
+ - Upgrade urllib3 to 1.26.17
+ - Improved Documentation
+ - Document that pip search support has been removed from PyPI
+ (#12059)
+ - Clarify --prefer-binary in CLI and docs (#12122)
+ - Document that using OS-provided Python can cause pip's test
+ suite to report false failures. (#12334)
+- Adjust pip-shipped-requests-cabundle.patch.
+
+-------------------------------------------------------------------
Old:
----
pip-23.2.1-gh.tar.gz
New:
----
pip-23.3.1-gh.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-pip.spec ++++++
--- /var/tmp/diff_new_pack.X1V6PT/_old 2023-11-22 18:54:34.075486522 +0100
+++ /var/tmp/diff_new_pack.X1V6PT/_new 2023-11-22 18:54:34.079486668 +0100
@@ -40,11 +40,11 @@
%endif
%{?sle15_python_module_pythons}
Name: python-pip%{psuffix}
-Version: 23.2.1
+Version: 23.3.1
Release: 0
Summary: A Python package management system
License: MIT
-URL: http://www.pip-installer.org
+URL: https://pip.pypa.io
# The PyPI archive lacks the tests
Source: https://github.com/pypa/pip/archive/%{version}.tar.gz#/pip-%{version}-gh.ta…
# PATCH-FIX-OPENSUSE pip-shipped-requests-cabundle.patch -- adapted patch from python-certifi package
++++++ pip-23.2.1-gh.tar.gz -> pip-23.3.1-gh.tar.gz ++++++
/work/SRC/openSUSE:Factory/python-pip/pip-23.2.1-gh.tar.gz /work/SRC/openSUSE:Factory/.python-pip.new.25432/pip-23.3.1-gh.tar.gz differ: char 15, line 1
++++++ pip-shipped-requests-cabundle.patch ++++++
--- /var/tmp/diff_new_pack.X1V6PT/_old 2023-11-22 18:54:34.131488577 +0100
+++ /var/tmp/diff_new_pack.X1V6PT/_new 2023-11-22 18:54:34.135488724 +0100
@@ -1,12 +1,10 @@
---
- src/pip/_vendor/certifi/core.py | 70 ++++------------------------------------
- tests/unit/test_options.py | 5 ++
- 2 files changed, 13 insertions(+), 62 deletions(-)
+ src/pip/_vendor/certifi/core.py | 105 +++-------------------------------------
+ tests/unit/test_options.py | 5 +
+ 2 files changed, 13 insertions(+), 97 deletions(-)
-Index: pip-22.3.1/src/pip/_vendor/certifi/core.py
-===================================================================
---- pip-22.3.1.orig/src/pip/_vendor/certifi/core.py
-+++ pip-22.3.1/src/pip/_vendor/certifi/core.py
+--- a/src/pip/_vendor/certifi/core.py
++++ b/src/pip/_vendor/certifi/core.py
@@ -3,106 +3,17 @@ certifi.py
~~~~~~~~~~
@@ -122,10 +120,8 @@
- return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
+def contents() -> str:
+ return read_text(encoding="ascii")
-Index: pip-22.3.1/tests/unit/test_options.py
-===================================================================
---- pip-22.3.1.orig/tests/unit/test_options.py
-+++ pip-22.3.1/tests/unit/test_options.py
+--- a/tests/unit/test_options.py
++++ b/tests/unit/test_options.py
@@ -1,4 +1,5 @@
import os
+import os.path
@@ -140,7 +136,7 @@
from tests.lib.options_helpers import AddFakeCommandMixin
-@@ -619,6 +621,9 @@ class TestOptionsConfigFiles:
+@@ -618,6 +620,9 @@ class TestOptionsConfigFiles:
else:
assert expect == cmd._determine_file(options, need_value=False)
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package p11-kit for openSUSE:Factory checked in at 2023-11-22 18:54:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/p11-kit (Old)
and /work/SRC/openSUSE:Factory/.p11-kit.new.25432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "p11-kit"
Wed Nov 22 18:54:14 2023 rev:46 rq:1127895 version:0.25.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/p11-kit/p11-kit.changes 2023-11-05 12:19:02.729690822 +0100
+++ /work/SRC/openSUSE:Factory/.p11-kit.new.25432/p11-kit.changes 2023-11-22 18:54:23.559100573 +0100
@@ -1,0 +2,7 @@
+Fri Nov 17 10:11:56 UTC 2023 - Pedro Monreal <pmonreal(a)suse.com>
+
+- Update to 0.25.3:
+ * rpc: fix serialization of NULL mechanism pointer [#601]
+ * fix meson build failure in macOS (appleframeworks not found) [#603]
+
+-------------------------------------------------------------------
Old:
----
p11-kit-0.25.2.tar.xz
p11-kit-0.25.2.tar.xz.sig
New:
----
p11-kit-0.25.3.tar.xz
p11-kit-0.25.3.tar.xz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ p11-kit.spec ++++++
--- /var/tmp/diff_new_pack.08fvqP/_old 2023-11-22 18:54:25.079156359 +0100
+++ /var/tmp/diff_new_pack.08fvqP/_new 2023-11-22 18:54:25.079156359 +0100
@@ -21,7 +21,7 @@
%define trustdir_cfg %{pkidir_cfg}/trust
%define trustdir_static %{pkidir_static}/trust
Name: p11-kit
-Version: 0.25.2
+Version: 0.25.3
Release: 0
Summary: Library to work with PKCS#11 modules
License: BSD-3-Clause
++++++ p11-kit-0.25.2.tar.xz -> p11-kit-0.25.3.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/p11-kit-0.25.2/ChangeLog new/p11-kit-0.25.3/ChangeLog
--- old/p11-kit-0.25.2/ChangeLog 2023-10-31 10:20:52.000000000 +0100
+++ new/p11-kit-0.25.3/ChangeLog 2023-11-15 13:43:08.000000000 +0100
@@ -1,5 +1,49 @@
# Generate automatically. Do not edit.
+commit 917e02a3211dabbdea4b079cb598581dce84fda1
+Author: Zoltan Fridrich <zfridric(a)redhat.com>
+Date: 2023-11-15
+
+ Release 0.25.3
+
+ Signed-off-by: Zoltan Fridrich <zfridric(a)redhat.com>
+
+ NEWS | 4 ++++
+ configure.ac | 4 ++--
+ meson.build | 4 ++--
+ 3 files changed, 8 insertions(+), 4 deletions(-)
+
+commit b7589ec79305f68b552ebb5cf2e4c6c3aa0703fa
+Author: Zoltan Fridrich <zfridric(a)redhat.com>
+Date: 2023-11-15
+
+ Fix meson build failure in macOS (appleframeworks not found)
+
+ Signed-off-by: Zoltan Fridrich <zfridric(a)redhat.com>
+
+ meson.build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+commit 66f1fc7b8f60693e0947d5a9d38cd0d1bc306baa
+Author: Daiki Ueno <ueno(a)gnu.org>
+Date: 2023-11-15
+
+ rpc: Fix serialization of NULL mechanism pointer
+
+ A NULL mechanism pointer is valid for C_*Init functions to cancel the
+ operation. Since 852ccd8d we encoded it with a CK_MECHANISM_TYPE 0 as
+ an indicator, though it clashes with CKM_RSA_PKCS_KEY_PAIR_GEN (0).
+ This patch changes the encoding to use a special value (0xffffffff) to
+ indicate that and also properly advance the offset when reading.
+
+ Signed-off-by: Daiki Ueno <ueno(a)gnu.org>
+
+ p11-kit/rpc-client.c | 8 ++++++--
+ p11-kit/rpc-message.c | 10 ++++++++--
+ p11-kit/rpc-server.c | 8 +++++++-
+ p11-kit/test-rpc.c | 27 +++++++++++++++++++++++++++
+ 4 files changed, 48 insertions(+), 5 deletions(-)
+
commit 66d6b42ef8dd84fcd8e199ac9f23f822f1a058c9
Author: Zoltan Fridrich <zfridric(a)redhat.com>
Date: 2023-10-31
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/p11-kit-0.25.2/NEWS new/p11-kit-0.25.3/NEWS
--- old/p11-kit-0.25.2/NEWS 2023-10-31 10:14:42.000000000 +0100
+++ new/p11-kit-0.25.3/NEWS 2023-11-15 13:40:11.000000000 +0100
@@ -1,3 +1,7 @@
+0.25.3 (stable)
+* rpc: fix serialization of NULL mechanism pointer [PR#601]
+* fix meson build failure in macOS (appleframeworks not found) [PR#603]
+
0.25.2 (stable)
* fix error code checking of readpassphrase for --login option [PR#595]
* build fixes [PR#594]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/p11-kit-0.25.2/configure new/p11-kit-0.25.3/configure
--- old/p11-kit-0.25.2/configure 2023-10-31 10:18:59.000000000 +0100
+++ new/p11-kit-0.25.3/configure 2023-11-15 13:41:32.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for p11-kit 0.25.2.
+# Generated by GNU Autoconf 2.71 for p11-kit 0.25.3.
#
# Report bugs to <https://github.com/p11-glue/p11-kit/issues>.
#
@@ -621,8 +621,8 @@
# Identity of this package.
PACKAGE_NAME='p11-kit'
PACKAGE_TARNAME='p11-kit'
-PACKAGE_VERSION='0.25.2'
-PACKAGE_STRING='p11-kit 0.25.2'
+PACKAGE_VERSION='0.25.3'
+PACKAGE_STRING='p11-kit 0.25.3'
PACKAGE_BUGREPORT='https://github.com/p11-glue/p11-kit/issues'
PACKAGE_URL='https://p11-glue.github.io/p11-glue/p11-kit.html'
@@ -1491,7 +1491,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures p11-kit 0.25.2 to adapt to many kinds of systems.
+\`configure' configures p11-kit 0.25.3 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1562,7 +1562,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of p11-kit 0.25.2:";;
+ short | recursive ) echo "Configuration of p11-kit 0.25.3:";;
esac
cat <<\_ACEOF
@@ -1748,7 +1748,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-p11-kit configure 0.25.2
+p11-kit configure 0.25.3
generated by GNU Autoconf 2.71
Copyright (C) 2021 Free Software Foundation, Inc.
@@ -2405,7 +2405,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by p11-kit $as_me 0.25.2, which was
+It was created by p11-kit $as_me 0.25.3, which was
generated by GNU Autoconf 2.71. Invocation command line was
$ $0$ac_configure_args_raw
@@ -3172,7 +3172,7 @@
# ? : +1 : ? == internal changes that doesn't break anything.
P11KIT_CURRENT=3
-P11KIT_REVISION=0
+P11KIT_REVISION=1
P11KIT_AGE=3
# ------------------------------------------------------------------------------
@@ -3702,7 +3702,7 @@
# Define the identity of the package.
PACKAGE='p11-kit'
- VERSION='0.25.2'
+ VERSION='0.25.3'
printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
@@ -21239,7 +21239,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by p11-kit $as_me 0.25.2, which was
+This file was extended by p11-kit $as_me 0.25.3, which was
generated by GNU Autoconf 2.71. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -21308,7 +21308,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config='$ac_cs_config_escaped'
ac_cs_version="\\
-p11-kit config.status 0.25.2
+p11-kit config.status 0.25.3
configured by $0, generated by GNU Autoconf 2.71,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/p11-kit-0.25.2/configure.ac new/p11-kit-0.25.3/configure.ac
--- old/p11-kit-0.25.2/configure.ac 2023-10-31 10:14:42.000000000 +0100
+++ new/p11-kit-0.25.3/configure.ac 2023-11-15 13:40:11.000000000 +0100
@@ -1,7 +1,7 @@
AC_PREREQ(2.61)
AC_INIT([p11-kit],
- [0.25.2],
+ [0.25.3],
[https://github.com/p11-glue/p11-kit/issues]
[p11-kit],
[https://p11-glue.github.io/p11-glue/p11-kit.html]
@@ -14,7 +14,7 @@
# ? : +1 : ? == internal changes that doesn't break anything.
P11KIT_CURRENT=3
-P11KIT_REVISION=0
+P11KIT_REVISION=1
P11KIT_AGE=3
# ------------------------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/p11-kit-0.25.2/doc/manual/html/index.html new/p11-kit-0.25.3/doc/manual/html/index.html
--- old/p11-kit-0.25.2/doc/manual/html/index.html 2023-10-31 10:20:51.000000000 +0100
+++ new/p11-kit-0.25.3/doc/manual/html/index.html 2023-11-15 13:43:08.000000000 +0100
@@ -14,7 +14,7 @@
<div class="titlepage">
<div>
<div><table class="navigation" id="top" width="100%" cellpadding="2" cellspacing="0"><tr><th valign="middle"><p class="title">p11-kit</p></th></tr></table></div>
-<div><p class="releaseinfo">for p11-kit 0.25.2</p></div>
+<div><p class="releaseinfo">for p11-kit 0.25.3</p></div>
</div>
<hr>
</div>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/p11-kit-0.25.2/meson.build new/p11-kit-0.25.3/meson.build
--- old/p11-kit-0.25.2/meson.build 2023-10-31 10:14:42.000000000 +0100
+++ new/p11-kit-0.25.3/meson.build 2023-11-15 13:40:11.000000000 +0100
@@ -1,5 +1,5 @@
project('p11-kit', 'c',
- version: '0.25.2',
+ version: '0.25.3',
meson_version: '>= 0.51')
version_arr = meson.project_version().split('.')
@@ -10,7 +10,7 @@
cc = meson.get_compiler('c')
current = 3
-revision = 0
+revision = 1
age = 3
soversion = current - age
@@ -67,7 +67,7 @@
if cc.has_function('dgettext', dependencies : libintl)
libintl_deps += libintl
if ['darwin', 'ios'].contains(host_system)
- appleframeworks = dependency('appleframeworks', modules : 'foundation')
+ appleframeworks = dependency('appleframeworks', modules : 'CoreFoundation')
if appleframeworks.found()
libintl_deps += appleframeworks
endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/p11-kit-0.25.2/p11-kit/rpc-client.c new/p11-kit-0.25.3/p11-kit/rpc-client.c
--- old/p11-kit-0.25.2/p11-kit/rpc-client.c 2023-10-24 14:58:49.000000000 +0200
+++ new/p11-kit-0.25.3/p11-kit/rpc-client.c 2023-11-15 11:57:26.000000000 +0100
@@ -430,9 +430,13 @@
/* Make sure this is in the right order */
assert (!msg->signature || p11_rpc_message_verify_part (msg, "M"));
- /* This case is valid for C_*Init () functions to cancel operation */
+ /*
+ * The NULL mechanism is used for C_*Init () functions to
+ * cancel operation. We use a special value 0xffffffff as a
+ * marker to indicate that.
+ */
if (mech == NULL) {
- p11_rpc_buffer_add_uint32 (msg->output, 0);
+ p11_rpc_buffer_add_uint32 (msg->output, 0xffffffff);
return p11_buffer_failed (msg->output) ? CKR_HOST_MEMORY : CKR_OK;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/p11-kit-0.25.2/p11-kit/rpc-message.c new/p11-kit-0.25.3/p11-kit/rpc-message.c
--- old/p11-kit-0.25.2/p11-kit/rpc-message.c 2023-10-26 11:56:44.000000000 +0200
+++ new/p11-kit-0.25.3/p11-kit/rpc-message.c 2023-11-15 11:57:27.000000000 +0100
@@ -2114,8 +2114,14 @@
mech->mechanism = mechanism;
- /* special NULL case */
- if (mechanism == 0) {
+ /*
+ * The NULL mechanism is used for C_*Init () functions to
+ * cancel operation. We use a special value 0xffffffff as a
+ * marker to indicate that.
+ */
+ if (mechanism == 0xffffffff) {
+ mech->ulParameterLen = 0;
+ mech->pParameter = NULL;
return true;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/p11-kit-0.25.2/p11-kit/rpc-server.c new/p11-kit-0.25.3/p11-kit/rpc-server.c
--- old/p11-kit-0.25.2/p11-kit/rpc-server.c 2023-10-24 14:58:49.000000000 +0200
+++ new/p11-kit-0.25.3/p11-kit/rpc-server.c 2023-11-15 11:57:27.000000000 +0100
@@ -480,8 +480,14 @@
return PARSE_ERROR;
}
- if (temp.mechanism == 0) {
+ /*
+ * The NULL mechanism is used for C_*Init () functions to
+ * cancel operation. We use a special value 0xffffffff as a
+ * marker to indicate that.
+ */
+ if (temp.mechanism == 0xffffffff) {
*mech = NULL;
+ msg->parsed = offset;
return CKR_OK;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/p11-kit-0.25.2/p11-kit/test-rpc.c new/p11-kit-0.25.3/p11-kit/test-rpc.c
--- old/p11-kit-0.25.2/p11-kit/test-rpc.c 2023-10-24 14:58:49.000000000 +0200
+++ new/p11-kit-0.25.3/p11-kit/test-rpc.c 2023-11-15 11:57:27.000000000 +0100
@@ -675,6 +675,31 @@
p11_mutex_uninit (&delay_mutex);
}
+static void
+test_mechanism_unsupported (void *module)
+{
+ CK_FUNCTION_LIST_PTR rpc_module;
+ CK_SESSION_HANDLE session;
+ CK_MECHANISM mech;
+ CK_RV rv;
+
+ rpc_module = setup_test_rpc_module (&test_normal_vtable,
+ module, &session);
+
+ memset (&mech, 0, sizeof(mech));
+
+ /*
+ * This mechanism is not supported by the remote mock module,
+ * but it should be able to return an error through RPC.
+ */
+ mech.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
+
+ rv = (rpc_module->C_DigestInit) (session, &mech);
+ assert_num_eq (rv, CKR_MECHANISM_INVALID);
+
+ teardown_mock_module (rpc_module);
+}
+
#ifdef OS_UNIX
static void
@@ -759,6 +784,7 @@
p11_testx (test_get_info_stand_in, &mock_module_no_slots, "/rpc/get-info-stand-in");
p11_testx (test_get_slot_list_no_device, &mock_module_no_slots, "/rpc/get-slot-list-no-device");
p11_testx (test_simultaneous_functions, &mock_module_no_slots, "/rpc/simultaneous-functions");
+ p11_testx (test_mechanism_unsupported, &mock_module, "/rpc/mechanism-unsupported");
#ifdef OS_UNIX
p11_testx (test_fork_and_reinitialize, &mock_module_no_slots, "/rpc/fork-and-reinitialize");
@@ -778,6 +804,7 @@
p11_testx (test_get_info_stand_in, &mock_module_v3_no_slots, "/rpc3/get-info-stand-in");
p11_testx (test_get_slot_list_no_device, &mock_module_v3_no_slots, "/rpc3/get-slot-list-no-device");
p11_testx (test_simultaneous_functions, &mock_module_v3_no_slots, "/rpc3/simultaneous-functions");
+ p11_testx (test_mechanism_unsupported, &mock_module_v3, "/rpc3/mechanism-unsupported");
#ifdef OS_UNIX
p11_testx (test_fork_and_reinitialize, &mock_module_v3_no_slots, "/rpc3/fork-and-reinitialize");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/p11-kit-0.25.2/po/p11-kit.pot new/p11-kit-0.25.3/po/p11-kit.pot
--- old/p11-kit-0.25.2/po/p11-kit.pot 2023-10-31 10:20:49.000000000 +0100
+++ new/p11-kit-0.25.3/po/p11-kit.pot 2023-11-15 13:43:06.000000000 +0100
@@ -6,9 +6,9 @@
#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: p11-kit 0.25.2\n"
+"Project-Id-Version: p11-kit 0.25.3\n"
"Report-Msgid-Bugs-To: https://github.com/p11-glue/p11-kit/issues\n"
-"POT-Creation-Date: 2023-10-31 10:20+0100\n"
+"POT-Creation-Date: 2023-11-15 13:43+0100\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL(a)li.org>\n"
@@ -943,19 +943,19 @@
msgid "returned attributes in invalid order"
msgstr ""
-#: p11-kit/rpc-client.c:741 trust/module.c:384
+#: p11-kit/rpc-client.c:745 trust/module.c:384
msgid "invalid set of mutex calls supplied"
msgstr ""
-#: p11-kit/rpc-client.c:750 trust/module.c:393
+#: p11-kit/rpc-client.c:754 trust/module.c:393
msgid "can't do without os locking"
msgstr ""
-#: p11-kit/rpc-client.c:763
+#: p11-kit/rpc-client.c:767
msgid "C_Initialize called twice for same process"
msgstr ""
-#: p11-kit/rpc-client.c:870
+#: p11-kit/rpc-client.c:874
#, c-format
msgid "finalizing rpc module returned an error: %lu"
msgstr ""
@@ -982,52 +982,52 @@
msgid "invalid length space padded string received: %d != %d"
msgstr ""
-#: p11-kit/rpc-server.c:614
+#: p11-kit/rpc-server.c:620
msgid "invalid request from module, probably too short"
msgstr ""
-#: p11-kit/rpc-server.c:624
+#: p11-kit/rpc-server.c:630
msgid "couldn't initialize rpc response"
msgstr ""
-#: p11-kit/rpc-server.c:761
+#: p11-kit/rpc-server.c:767
msgid "invalid handshake received from connecting module"
msgstr ""
-#: p11-kit/rpc-server.c:2318
+#: p11-kit/rpc-server.c:2324
msgid "couldn't parse pkcs11 rpc message"
msgstr ""
-#: p11-kit/rpc-server.c:2430
+#: p11-kit/rpc-server.c:2436
msgid "out of memory error putting together message"
msgstr ""
-#: p11-kit/rpc-server.c:2454
+#: p11-kit/rpc-server.c:2460
msgid "out of memory responding with error"
msgstr ""
-#: p11-kit/rpc-server.c:2500
+#: p11-kit/rpc-server.c:2506
#, c-format
msgid "unsupported version received: %d"
msgstr ""
-#: p11-kit/rpc-server.c:2506
+#: p11-kit/rpc-server.c:2512
msgid "couldn't read credential byte"
msgstr ""
-#: p11-kit/rpc-server.c:2518
+#: p11-kit/rpc-server.c:2524
msgid "couldn't write credential byte"
msgstr ""
-#: p11-kit/rpc-server.c:2541
+#: p11-kit/rpc-server.c:2547
msgid "failed to read rpc message"
msgstr ""
-#: p11-kit/rpc-server.c:2546
+#: p11-kit/rpc-server.c:2552
msgid "unexpected error handling rpc message"
msgstr ""
-#: p11-kit/rpc-server.c:2564
+#: p11-kit/rpc-server.c:2570
msgid "failed to write rpc message"
msgstr ""
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libblockdev for openSUSE:Factory checked in at 2023-11-22 18:54:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libblockdev (Old)
and /work/SRC/openSUSE:Factory/.libblockdev.new.25432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libblockdev"
Wed Nov 22 18:54:12 2023 rev:23 rq:1127889 version:3.0.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/libblockdev/libblockdev.changes 2023-10-15 19:26:01.257613488 +0200
+++ /work/SRC/openSUSE:Factory/.libblockdev.new.25432/libblockdev.changes 2023-11-22 18:54:22.543063285 +0100
@@ -1,0 +2,5 @@
+Sat Nov 11 18:11:14 UTC 2023 - Sarah Kriesch <sarah.kriesch(a)opensuse.org>
+
+- Add %{_libdir}/libbd_s390.so for s390x because missing file identitied
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libblockdev.spec ++++++
--- /var/tmp/diff_new_pack.iWIbUD/_old 2023-11-22 18:54:23.215087948 +0100
+++ /var/tmp/diff_new_pack.iWIbUD/_new 2023-11-22 18:54:23.219088095 +0100
@@ -129,6 +129,7 @@
%{_includedir}/blockdev/plugins.h
%{_includedir}/blockdev/logging.h
%ifarch s390x
+%{_libdir}/libbd_s390.so
%{_includedir}/blockdev/s390.h
%endif
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package grub2 for openSUSE:Factory checked in at 2023-11-22 18:54:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/grub2 (Old)
and /work/SRC/openSUSE:Factory/.grub2.new.25432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "grub2"
Wed Nov 22 18:54:05 2023 rev:308 rq:1127831 version:2.12~rc1
Changes:
--------
--- /work/SRC/openSUSE:Factory/grub2/grub2.changes 2023-11-17 20:49:30.945088883 +0100
+++ /work/SRC/openSUSE:Factory/.grub2.new.25432/grub2.changes 2023-11-22 18:54:09.418581619 +0100
@@ -1,0 +2,9 @@
+Thu Nov 16 06:39:46 UTC 2023 - Gary Ching-Pang Lin <glin(a)suse.com>
+
+- Update the TPM2 patches to skip the persistent SRK handle if not
+ specified and improve the error messages
+ + 0003-protectors-Add-TPM2-Key-Protector.patch
+ + 0005-util-grub-protect-Add-new-tool.patch
+ + 0004-tpm2-Support-authorized-policy.patch
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ 0003-protectors-Add-TPM2-Key-Protector.patch ++++++
--- /var/tmp/diff_new_pack.vlU3tr/_old 2023-11-22 18:54:12.598698329 +0100
+++ /var/tmp/diff_new_pack.vlU3tr/_new 2023-11-22 18:54:12.598698329 +0100
@@ -1,7 +1,7 @@
-From 0ecf5ff31a89e061aef5e40ee68f8828e7b5eb81 Mon Sep 17 00:00:00 2001
+From 2a63876ca714d177f919b2392d8efa0e3bd3ebe2 Mon Sep 17 00:00:00 2001
From: Hernan Gatta <hegatta(a)linux.microsoft.com>
Date: Tue, 1 Feb 2022 05:02:55 -0800
-Subject: [PATCH v6 10/20] protectors: Add TPM2 Key Protector
+Subject: [PATCH v7 10/20] protectors: Add TPM2 Key Protector
The TPM2 key protector is a module that enables the automatic retrieval
of a fully-encrypted disk's unlocking key from a TPM 2.0.
@@ -111,20 +111,20 @@
Currently, there is only one supported policy command: TPM2_PolicyPCR.
The command set can be extended to support advanced features, such as
-as authorized policy, in the future.
+authorized policy, in the future.
Signed-off-by: Hernan Gatta <hegatta(a)linux.microsoft.com>
Signed-off-by: Gary Lin <glin(a)suse.com>
---
grub-core/Makefile.core.def | 13 +
grub-core/tpm2/args.c | 177 +++++
- grub-core/tpm2/module.c | 1040 +++++++++++++++++++++++++++++
+ grub-core/tpm2/module.c | 1028 +++++++++++++++++++++++++++++
grub-core/tpm2/tpm2key.asn | 31 +
- grub-core/tpm2/tpm2key.c | 440 ++++++++++++
+ grub-core/tpm2/tpm2key.c | 447 +++++++++++++
grub-core/tpm2/tpm2key_asn1_tab.c | 41 ++
include/grub/tpm2/internal/args.h | 41 ++
include/grub/tpm2/tpm2key.h | 83 +++
- 8 files changed, 1866 insertions(+)
+ 8 files changed, 1861 insertions(+)
create mode 100644 grub-core/tpm2/args.c
create mode 100644 grub-core/tpm2/module.c
create mode 100644 grub-core/tpm2/tpm2key.asn
@@ -342,10 +342,10 @@
+}
diff --git a/grub-core/tpm2/module.c b/grub-core/tpm2/module.c
new file mode 100644
-index 000000000..9605ddbc7
+index 000000000..df0727215
--- /dev/null
+++ b/grub-core/tpm2/module.c
-@@ -0,0 +1,1040 @@
+@@ -0,0 +1,1028 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2022 Microsoft Corporation
@@ -477,8 +477,7 @@
+ .arg = NULL,
+ .type = ARG_TYPE_STRING,
+ .doc =
-+ N_("In SRK mode, the SRK handle if the SRK is persistent "
-+ "(default is 0x81000001)."),
++ N_("In SRK mode, the SRK handle if the SRK is persistent."),
+ },
+ {
+ .longarg = "asymmetric",
@@ -519,51 +518,58 @@
+ grub_off_t file_size;
+ void *read_buffer;
+ grub_off_t read_n;
++ grub_err_t err;
+
+ /* Using GRUB_FILE_TYPE_SIGNATURE ensures we do not hash the keyfile into PCR9
+ * otherwise we'll never be able to predict the value of PCR9 at unseal time */
+ file = grub_file_open (filepath, GRUB_FILE_TYPE_SIGNATURE);
+ if (file == NULL)
+ {
-+ grub_dprintf ("tpm2", "Could not open file: %s\n", filepath);
-+ /* grub_file_open sets grub_errno on error, and if we do no unset it,
-+ * future calls to grub_file_open will fail (and so will anybody up the
-+ * stack who checks the value, if any). */
-+ grub_errno = GRUB_ERR_NONE;
-+ return GRUB_ERR_FILE_NOT_FOUND;
++ /* Push errno from grub_file_open() into the error message stack */
++ grub_error_push();
++ err = grub_error (GRUB_ERR_FILE_NOT_FOUND,
++ N_("Could not open file: %s\n"),
++ filepath);
++ goto error;
+ }
+
+ file_size = grub_file_size (file);
+ if (file_size == 0)
+ {
-+ grub_dprintf ("tpm2", "Could not read file size: %s\n", filepath);
-+ grub_file_close (file);
-+ return GRUB_ERR_OUT_OF_RANGE;
++ err = grub_error (GRUB_ERR_OUT_OF_RANGE,
++ N_("Could not read file size: %s"),
++ filepath);
++ goto error;
+ }
+
+ read_buffer = grub_malloc (file_size);
+ if (read_buffer == NULL)
+ {
-+ grub_dprintf ("tpm2", "Could not allocate buffer for %s.\n", filepath);
-+ grub_file_close (file);
-+ return GRUB_ERR_OUT_OF_MEMORY;
++ err = grub_error (GRUB_ERR_OUT_OF_MEMORY,
++ N_("Could not allocate buffer for %s"),
++ filepath);
++ goto error;
+ }
+
+ read_n = grub_file_read (file, read_buffer, file_size);
+ if (read_n != file_size)
+ {
-+ grub_dprintf ("tpm2", "Could not retrieve file contents: %s\n", filepath);
+ grub_free (read_buffer);
-+ grub_file_close (file);
-+ return GRUB_ERR_FILE_READ_ERROR;
++ err = grub_error (GRUB_ERR_FILE_READ_ERROR,
++ N_("Could not retrieve file contents: %s"),
++ filepath);
++ goto error;
+ }
+
-+ grub_file_close (file);
-+
+ *buffer = read_buffer;
+ *buffer_size = file_size;
+
-+ return GRUB_ERR_NONE;
++ err = GRUB_ERR_NONE;
++
++error:
++ grub_file_close (file);
++
++ return err;
+}
+
+static grub_err_t
@@ -575,12 +581,9 @@
+
+ grub_tpm2_buffer_init (&buf);
+ if (sealed_key_size > buf.cap)
-+ {
-+ grub_dprintf ("tpm2", "Sealed key file is larger than decode buffer "
-+ "(%" PRIuGRUB_SIZE " vs %" PRIuGRUB_SIZE " bytes).\n",
-+ sealed_key_size, buf.cap);
-+ return GRUB_ERR_BAD_ARGUMENT;
-+ }
++ return grub_error (GRUB_ERR_BAD_ARGUMENT,
++ N_("Sealed key larger than %" PRIuGRUB_SIZE " bytes"),
++ buf.cap);
+
+ grub_memcpy (buf.data, sealed_key, sealed_key_size);
+ buf.size = sealed_key_size;
@@ -589,11 +592,7 @@
+ grub_tpm2_mu_TPM2B_Unmarshal (&buf, (TPM2B *)&sk->private);
+
+ if (buf.error)
-+ {
-+ grub_dprintf ("tpm2", "Could not unmarshal sealed key file, it is likely "
-+ "malformed.\n");
-+ return GRUB_ERR_BAD_ARGUMENT;
-+ }
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Malformed TPM wire key file"));
+
+ return GRUB_ERR_NONE;
+}
@@ -668,10 +667,9 @@
+ grub_tpm2_buffer_init (&buf);
+ if (sealed_pub_size + sealed_priv_size > buf.cap)
+ {
-+ grub_dprintf ("tpm2", "Sealed key is larger than decode buffer "
-+ "(%" PRIuGRUB_SIZE " vs %" PRIuGRUB_SIZE " bytes).\n",
-+ sealed_pub_size, buf.cap);
-+ err = GRUB_ERR_BAD_ARGUMENT;
++ err = grub_error (GRUB_ERR_BAD_ARGUMENT,
++ N_("Sealed key larger than %" PRIuGRUB_SIZE " bytes"),
++ buf.cap);
+ goto error;
+ }
+
@@ -685,9 +683,7 @@
+
+ if (buf.error)
+ {
-+ grub_dprintf ("tpm2", "Could not unmarshal sealed key, it is likely "
-+ "malformed.\n");
-+ err = GRUB_ERR_BAD_ARGUMENT;
++ err = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Malformed TPM 2.0 key file"));
+ goto error;
+ }
+
@@ -720,21 +716,19 @@
+ TPM2B_NAME srkName = { 0 };
+ TPM_HANDLE srkHandle;
+
-+ /* Find SRK */
-+ rc = TPM2_ReadPublic (ctx->srk, NULL, &public);
-+ if (rc == TPM_RC_SUCCESS)
++ if (ctx->srk != 0)
+ {
-+ *srk = ctx->srk;
-+ return GRUB_ERR_NONE;
-+ }
++ /* Find SRK */
++ rc = TPM2_ReadPublic (ctx->srk, NULL, &public);
++ if (rc == TPM_RC_SUCCESS)
++ {
++ *srk = ctx->srk;
++ return GRUB_ERR_NONE;
++ }
+
-+ /* The handle exists but its public area could not be read. */
-+ if ((rc & ~TPM_RC_N_MASK) != TPM_RC_HANDLE)
-+ {
-+ grub_dprintf ("tpm2", "The SRK handle (0x%x) exists on the TPM but its "
-+ "public area could not be read (TPM2_ReadPublic "
-+ "failed with TSS/TPM error %u).\n", ctx->srk, rc);
-+ return GRUB_ERR_BAD_DEVICE;
++ return grub_error (GRUB_ERR_BAD_DEVICE,
++ N_("Failed to retrieve SRK (TPM2_ReadPublic: 0x%x)"),
++ rc);
+ }
+
+ /* Create SRK */
@@ -768,7 +762,7 @@
+ inPublic.publicArea.parameters.eccDetail.kdf.scheme = TPM_ALG_NULL;
+ }
+ else
-+ return GRUB_ERR_BAD_ARGUMENT;
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Unknown SRK algorithm"));
+
+ rc = TPM2_CreatePrimary (parent, &authCommand, &inSensitive, &inPublic,
+ &outsideInfo, &creationPcr, &srkHandle, &outPublic,
@@ -931,8 +925,8 @@
+ &session, NULL, NULL);
+ if (rc != TPM_RC_SUCCESS)
+ return grub_error (GRUB_ERR_BAD_DEVICE,
-+ N_("Failed to start auth session (TPM2_StartAuthSession: "
-+ "0x%x)"), rc);
++ N_("Failed to start auth session (TPM2_StartAuthSession: 0x%x)"),
++ rc);
+
+ /* Enforce the policy command sequence */
+ err = grub_tpm2_protector_enforce_policy_seq (policy_seq, session);
@@ -944,9 +938,9 @@
+ rc = TPM2_Unseal (sealed_handle, &authCmd, &data, NULL);
+ if (rc != TPM_RC_SUCCESS)
+ {
-+ err = GRUB_ERR_BAD_DEVICE;
-+ grub_error (err, N_("Failed to unseal sealed key (TPM2_Unseal: 0x%x)"),
-+ rc);
++ err = grub_error (GRUB_ERR_BAD_DEVICE,
++ N_("Failed to unseal sealed key (TPM2_Unseal: 0x%x)"),
++ rc);
+ goto error;
+ }
+
@@ -954,8 +948,8 @@
+ key_out = grub_malloc (data.size);
+ if (key_out == NULL)
+ {
-+ err = GRUB_ERR_OUT_OF_MEMORY;
-+ grub_error (err, N_("No memory left to allocate unlock key buffer"));
++ err = grub_error (GRUB_ERR_OUT_OF_MEMORY,
++ N_("No memory left to allocate unlock key buffer"));
+ goto error;
+ }
+
@@ -999,7 +993,7 @@
+ err = grub_tpm2_protector_srk_read_file (ctx->tpm2key, &file_bytes,
+ &file_size);
+ if (err != GRUB_ERR_NONE)
-+ return grub_error (err, N_("Failed to read key file %s"), ctx->tpm2key);
++ return err;
+
+ err = grub_tpm2_protector_srk_unmarshal_tpm2key (file_bytes,
+ file_size,
@@ -1008,29 +1002,21 @@
+ &parent_handle,
+ &sealed_key);
+ if (err != GRUB_ERR_NONE)
-+ {
-+ grub_error (err, N_("Failed to unmarshal key, ensure the key file is in "
-+ "TPM 2.0 Key File format"));
-+ goto exit1;
-+ }
++ goto exit1;
+ }
+ else
+ {
+ err = grub_tpm2_protector_srk_read_file (ctx->keyfile, &file_bytes,
+ &file_size);
+ if (err != GRUB_ERR_NONE)
-+ return grub_error (err, N_("Failed to read key file %s"), ctx->keyfile);
++ return err;
+
+ parent_handle = TPM_RH_OWNER;
+ err = grub_tpm2_protector_srk_unmarshal_keyfile (file_bytes,
+ file_size,
+ &sealed_key);
+ if (err != GRUB_ERR_NONE)
-+ {
-+ grub_error (err, N_("Failed to unmarshal key, ensure the key file is in "
-+ "TPM wire format"));
-+ goto exit1;
-+ }
++ goto exit1;
+ }
+
+ /* Get the SRK to unseal the sealed key */
@@ -1044,11 +1030,16 @@
+ &sealed_handle, &name, NULL);
+ if (rc != TPM_RC_SUCCESS)
+ {
-+ err = GRUB_ERR_BAD_DEVICE;
-+ grub_error (err, N_("Failed to load sealed key (TPM2_Load: 0x%x)"), rc);
++ err = grub_error (GRUB_ERR_BAD_DEVICE,
++ N_("Failed to load sealed key (TPM2_Load: 0x%x)"),
++ rc);
+ goto exit2;
+ }
+
++ /*
++ * Set err to an error code to trigger the standalone policy sequence
++ * if there is no authpolicy sequence
++ */
+ err = GRUB_ERR_READ_ERROR;
+
+ /* Iterate the authpolicy sequence to find one that unseals the key */
@@ -1200,9 +1191,6 @@
+
+ if (ctx->mode == GRUB_TPM2_PROTECTOR_MODE_SRK)
+ {
-+ if (!ctx->srk)
-+ ctx->srk = TPM2_SRK_HANDLE;
-+
+ if (!ctx->asymmetric)
+ {
+ ctx->asymmetric = TPM_ALG_RSA;
@@ -1425,10 +1413,10 @@
+END
diff --git a/grub-core/tpm2/tpm2key.c b/grub-core/tpm2/tpm2key.c
new file mode 100644
-index 000000000..62f6d865b
+index 000000000..a26c287c9
--- /dev/null
+++ b/grub-core/tpm2/tpm2key.c
-@@ -0,0 +1,440 @@
+@@ -0,0 +1,447 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2023 SUSE LLC
@@ -1543,24 +1531,29 @@
+ */
+ ret = asn1_array2tree (tpm2key_asn1_tab, &tpm2key_asn1, NULL);
+ if (ret != ASN1_SUCCESS)
-+ return GRUB_ERR_BAD_ARGUMENT;
++ return grub_error (GRUB_ERR_BAD_ARGUMENT,
++ N_("Failed to parse TPM2KEY ASN.1 array"));
+
+ ret = asn1_create_element (tpm2key_asn1, "TPM2KEY.TPMKey", &tpm2key);
+ if (ret != ASN1_SUCCESS)
-+ return GRUB_ERR_BAD_ARGUMENT;
++ return grub_error (GRUB_ERR_BAD_ARGUMENT,
++ N_("Failed to create TPM2KEY.TPMKey"));
+
+ ret = asn1_der_decoding (&tpm2key, data, size, NULL);
+ if (ret != ASN1_SUCCESS)
-+ return GRUB_ERR_BAD_ARGUMENT;
++ return grub_error (GRUB_ERR_BAD_ARGUMENT,
++ N_("Failed to decode TPM2KEY DER"));
+
+ /* Check if 'type' is Sealed Key or not */
+ ret = asn1_allocate_and_read (tpm2key, "type", &type_oid, &type_oid_size);
+ if (ret != ASN1_SUCCESS)
-+ return GRUB_ERR_BAD_FILE_TYPE;
++ return grub_error (GRUB_ERR_BAD_FILE_TYPE,
++ N_("Not a valid TPM2KEY file"));
+
+ if (grub_memcmp (sealed_key_oid, type_oid, type_oid_size) != 0)
+ {
-+ err = GRUB_ERR_BAD_FILE_TYPE;
++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE,
++ N_("Not a valid TPM2KEY file"));
+ goto error;
+ }
+
@@ -1568,7 +1561,7 @@
+ ret = asn1_allocate_and_read (tpm2key, "emptyAuth", &empty_auth, &empty_auth_size);
+ if (ret != ASN1_SUCCESS || grub_strncmp ("TRUE", empty_auth, empty_auth_size) != 0)
+ {
-+ err = GRUB_ERR_BAD_ARGUMENT;
++ err = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("emptyAuth not TRUE"));
+ goto error;
+ }
+
@@ -1576,7 +1569,8 @@
+ ret = asn1_read_value (tpm2key, "secret", NULL, &tmp_size);
+ if (ret != ASN1_ELEMENT_NOT_FOUND)
+ {
-+ err = GRUB_ERR_BAD_ARGUMENT;
++ err = grub_error (GRUB_ERR_BAD_ARGUMENT,
++ N_("\"secret\" not allowed for Sealed Key"));
+ goto error;
+ }
+
@@ -1608,14 +1602,14 @@
+ int ret;
+
+ if (parent == NULL)
-+ return GRUB_ERR_BAD_ARGUMENT;
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("NULL pointer detected"));
+
+ if (tpm2key == NULL)
-+ return GRUB_ERR_READ_ERROR;
++ return grub_error (GRUB_ERR_READ_ERROR, N_("Invalid parent node"));
+
+ ret = asn1_read_uint32 (tpm2key, "parent", parent);
+ if (ret != ASN1_SUCCESS)
-+ return GRUB_ERR_READ_ERROR;
++ return grub_error (GRUB_ERR_READ_ERROR, N_("Failed to retrieve parent"));
+
+ return GRUB_ERR_NONE;
+}
@@ -1626,14 +1620,16 @@
+ int ret;
+
+ if (name == NULL || data == NULL || size == NULL)
-+ return GRUB_ERR_BAD_ARGUMENT;
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter(s)"));
+
+ if (tpm2key == NULL)
-+ return GRUB_ERR_READ_ERROR;
++ return grub_error (GRUB_ERR_READ_ERROR, N_("Invalid %s node"), name);
+
+ ret = asn1_allocate_and_read (tpm2key, name, data, size);
+ if (ret != ASN1_SUCCESS)
-+ return GRUB_ERR_READ_ERROR;
++ return grub_error (GRUB_ERR_READ_ERROR,
++ N_("Failed to retrieve %s"),
++ name);
+
+ return GRUB_ERR_NONE;
+}
@@ -1764,9 +1760,7 @@
+ return GRUB_ERR_NONE;
+ }
+ else if (ret != ASN1_SUCCESS)
-+ {
-+ return GRUB_ERR_READ_ERROR;
-+ }
++ return grub_error (GRUB_ERR_READ_ERROR, N_("Failed to retrieve policy"));
+
+ return GRUB_ERR_NONE;
+}
@@ -1806,13 +1800,12 @@
+ return GRUB_ERR_NONE;
+ }
+ else if (ret != ASN1_SUCCESS)
-+ {
-+ return GRUB_ERR_READ_ERROR;
-+ }
++ return grub_error (GRUB_ERR_READ_ERROR, N_("Failed to retrieve authPolicy"));
+
+ /* Limit the number of authPolicy elements to two digits (99) */
+ if (authpol_n > 100 || authpol_n < 1)
-+ return GRUB_ERR_OUT_OF_RANGE;
++ return grub_error (GRUB_ERR_OUT_OF_RANGE,
++ N_("Invalid number of autoPolicy elements"));
+
+ /*
+ * Iterate the authPolicy elements backwards since grub_list_push() prepends
@@ -1822,7 +1815,8 @@
+ authpol = grub_zalloc (sizeof (struct tpm2key_authpolicy));
+ if (authpol == NULL)
+ {
-+ err = GRUB_ERR_OUT_OF_MEMORY;
++ err = grub_error (GRUB_ERR_OUT_OF_MEMORY,
++ N_("Failed to allocate memory for authPolicy"));
+ goto error;
+ }
+ grub_snprintf (authpol_pol, AUTHPOLICY_POL_MAX, "authPolicy.?%d.Policy", i);
@@ -1830,7 +1824,8 @@
+ ret = tpm2key_get_policy_seq (tpm2key, authpol_pol, &authpol->policy_seq);
+ if (ret != ASN1_SUCCESS)
+ {
-+ err = GRUB_ERR_READ_ERROR;
++ err = grub_error (GRUB_ERR_READ_ERROR,
++ N_("Failed to retrieve policy from authPolicy"));
+ goto error;
+ }
+
++++++ 0004-tpm2-Support-authorized-policy.patch ++++++
--- /var/tmp/diff_new_pack.vlU3tr/_old 2023-11-22 18:54:12.634699650 +0100
+++ /var/tmp/diff_new_pack.vlU3tr/_new 2023-11-22 18:54:12.638699797 +0100
@@ -1,31 +1,73 @@
-From d6e2d32d53d9a1aac2383fc6c075f3827111b643 Mon Sep 17 00:00:00 2001
+From 542c4fc6e067e04e8b96f798882ae968c59f4948 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin(a)suse.com>
Date: Thu, 6 Apr 2023 16:00:25 +0800
-Subject: [PATCH 4/4] tpm2: Support authorized policy
+Subject: [PATCH v7 16/20] tpm2: Support authorized policy
-TPM2_PolicyAuthorize is the key command to support authorized policy
-which allows the users to sign TPM policies with their own keys.
+This commit handles the TPM2_PolicyAuthorize command from the key file
+in TPM 2.0 Key File format.
-Per TPM 2.0 Key File(*), CommandPolicy for TPM2_PolicyAuthorize
+TPM2_PolicyAuthorize is the essential command to support authorized
+policy which allows the users to sign TPM policies with their own keys.
+Per TPM 2.0 Key File(*1), CommandPolicy for TPM2_PolicyAuthorize
comprises 'TPM2B_PUBLIC pubkey', 'TPM2B_DIGEST policy_ref', and
-'TPMT_SIGNATURE signature'. This commit unmarshals those data
-structures, fetches the current policy digest, hashes the policy digest
-with the hash algorithm written in 'signature', and then verifies
-'signature' with 'pubkey'. If everything goes well, TPM2_PolicyAuthorize
-is invoked to authorize the signed policy.
+'TPMT_SIGNATURE signature'. To verify the signature, the current policy
+digest is hashed with the hash algorithm written in 'signature', and then
+'signature' is verified with the hashed policy digest and 'pubkey'. Once
+TPM accepts 'signature', TPM2_PolicyAuthorize is invoked to authorize the
+signed policy.
-(*) https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html
+To create the key file with authorized policy, here are the pcr-oracle(*2)
+commands:
+
+ # Generate the RSA key and create the authorized policy file
+ $ pcr-oracle \
+ --rsa-generate-key \
+ --private-key policy-key.pem \
+ --auth authorized.policy \
+ create-authorized-policy 0,2,4,7,9
+
+ # Seal the secret with the authorized policy
+ $ pcr-oracle \
+ --key-format tpm2.0 \
+ --auth authorized.policy \
+ --input disk-secret.txt \
+ --output sealed.key \
+ seal-secret
+
+ # Sign the predicted PCR policy
+ $ pcr-oracle \
+ --key-format tpm2.0 \
+ --private-key policy-key.pem \
+ --from eventlog \
+ --stop-event "grub-file=grub.cfg" \
+ --after \
+ --input sealed.key \
+ --output sealed.tpm \
+ sign 0,2,4,7.9
+
+Then specify the key file and the key protector to grub.cfg in the EFI
+system partition:
+
+tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm
+cryptomount -u <PART_UUID> -P tpm2
+
+For any change in the boot components, just run the 'sign' command again
+to update the signature in sealed.tpm, and TPM can unseal the key file
+with the updated PCR policy.
+
+(*1) https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html
+(*2) https://github.com/okirch/pcr-oracle
Signed-off-by: Gary Lin <glin(a)suse.com>
---
- grub-core/tpm2/module.c | 98 +++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 98 insertions(+)
+ grub-core/tpm2/module.c | 84 +++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 84 insertions(+)
diff --git a/grub-core/tpm2/module.c b/grub-core/tpm2/module.c
-index 5274296b7..e5235c2ac 100644
+index df0727215..0cbfd06e8 100644
--- a/grub-core/tpm2/module.c
+++ b/grub-core/tpm2/module.c
-@@ -454,6 +454,101 @@ grub_tpm2_protector_policypcr (TPMI_SH_AUTH_SESSION session,
+@@ -453,6 +453,87 @@ grub_tpm2_protector_policypcr (TPMI_SH_AUTH_SESSION session,
return GRUB_ERR_NONE;
}
@@ -49,59 +91,45 @@
+ grub_tpm2_mu_TPM2B_DIGEST_Unmarshal (cmd_buf, &policy_ref);
+ grub_tpm2_mu_TPMT_SIGNATURE_Unmarshal (cmd_buf, &signature);
+ if (cmd_buf->error != 0)
-+ {
-+ err = GRUB_ERR_BAD_ARGUMENT;
-+ return grub_error (err, N_("Failed to unmarshal the buffer for "
-+ "TPM2_PolicyAuthorize"));
-+ }
++ return grub_error (GRUB_ERR_BAD_ARGUMENT,
++ N_("Failed to unmarshal the buffer for TPM2_PolicyAuthorize"));
+
+ /* Retrieve Policy Digest */
+ rc = TPM2_PolicyGetDigest (session, NULL, &pcr_policy, NULL);
+ if (rc != TPM_RC_SUCCESS)
-+ {
-+ err = GRUB_ERR_BAD_DEVICE;
-+ grub_error (err, N_("Failed to get policy digest (TPM error: 0x%x)."),
-+ rc);
-+ return err;
-+ }
++ return grub_error (GRUB_ERR_BAD_DEVICE,
++ N_("Failed to get policy digest (TPM2_PolicyGetDigest: 0x%x)."),
++ rc);
+
+ /* Calculate the digest of the polcy for VerifySignature */
+ sig_hash = TPMT_SIGNATURE_get_hash_alg (&signature);
+ if (sig_hash == TPM_ALG_NULL)
-+ {
-+ err = GRUB_ERR_BAD_ARGUMENT;
-+ grub_error (err, N_("Failed to get the hash algorithm of the signature"));
-+ return err;
-+ }
++ return grub_error (GRUB_ERR_BAD_ARGUMENT,
++ N_("Failed to get the hash algorithm of the signature"));
++
+ rc = TPM2_Hash (NULL, (TPM2B_MAX_BUFFER *)&pcr_policy, sig_hash,
+ TPM_RH_NULL, &pcr_policy_hash, NULL, NULL);
+ if (rc != TPM_RC_SUCCESS)
-+ {
-+ err = GRUB_ERR_BAD_DEVICE;
-+ grub_error (err, N_("Failed to create PCR policy hash (TPM2_Hash failed "
-+ "with TSS/TPM error %u)"), rc);
-+ return err;
-+ }
++ return grub_error (GRUB_ERR_BAD_DEVICE,
++ N_("Failed to create PCR policy hash (TPM2_Hash: 0x%x)"),
++ rc);
+
+ /* Load the public key */
+ rc = TPM2_LoadExternal (NULL, NULL, &pubkey, TPM_RH_OWNER,
+ &pubkey_handle, &pubname, NULL);
+ if (rc != TPM_RC_SUCCESS)
-+ {
-+ err = GRUB_ERR_BAD_DEVICE;
-+ grub_error (err, N_("Failed to load public key (TPM2_LoadExternal failed "
-+ "with TSS/TPM error %u)"), rc);
-+ return err;
-+ }
++ return grub_error (GRUB_ERR_BAD_DEVICE,
++ N_("Failed to load public key (TPM2_LoadExternal: 0x%x)"),
++ rc);
+
+ /* Verify the signature against the public key and the policy digest */
+ rc = TPM2_VerifySignature (pubkey_handle, NULL, &pcr_policy_hash, &signature,
+ &verification_ticket, NULL);
+ if (rc != TPM_RC_SUCCESS)
+ {
-+ err = GRUB_ERR_BAD_DEVICE;
-+ grub_error (err, N_("Failed to verify signature (TPM2_VerifySignature "
-+ "failed with TSS/TPM error %u)"), rc);
++ err = grub_error (GRUB_ERR_BAD_DEVICE,
++ N_("Failed to verify signature (TPM2_VerifySignature: 0x%x)"),
++ rc);
+ goto error;
+ }
+
@@ -110,9 +138,9 @@
+ &verification_ticket, NULL);
+ if (rc != TPM_RC_SUCCESS)
+ {
-+ err = GRUB_ERR_BAD_DEVICE;
-+ grub_error (err, N_("Failed to authorize PCR policy (TPM2_PolicyAuthorize "
-+ "failed with TSS/TPM error: 0x%u).\n"), rc);
++ err = grub_error (GRUB_ERR_BAD_DEVICE,
++ N_("Failed to authorize PCR policy (TPM2_PolicyAuthorize: 0x%x)"),
++ rc);
+ goto error;
+ }
+
@@ -127,7 +155,7 @@
static grub_err_t
grub_tpm2_protector_enforce_policy (tpm2key_policy_t policy, TPMI_SH_AUTH_SESSION session)
{
-@@ -473,6 +568,9 @@ grub_tpm2_protector_enforce_policy (tpm2key_policy_t policy, TPMI_SH_AUTH_SESSIO
+@@ -472,6 +553,9 @@ grub_tpm2_protector_enforce_policy (tpm2key_policy_t policy, TPMI_SH_AUTH_SESSIO
case TPM_CC_PolicyPCR:
err = grub_tpm2_protector_policypcr (session, &buf);
break;
++++++ 0005-util-grub-protect-Add-new-tool.patch ++++++
--- /var/tmp/diff_new_pack.vlU3tr/_old 2023-11-22 18:54:12.658700531 +0100
+++ /var/tmp/diff_new_pack.vlU3tr/_new 2023-11-22 18:54:12.662700677 +0100
@@ -1,7 +1,7 @@
-From e5a1c5fe660e74d99d33d7d28914e968077ae603 Mon Sep 17 00:00:00 2001
+From 1116bc4b9a27aceaec53421e89eb887e6ad3aef8 Mon Sep 17 00:00:00 2001
From: Hernan Gatta <hegatta(a)linux.microsoft.com>
Date: Tue, 1 Feb 2022 05:02:57 -0800
-Subject: [PATCH v6 12/20] util/grub-protect: Add new tool
+Subject: [PATCH v7 12/20] util/grub-protect: Add new tool
To utilize the key protectors framework, there must be a way to protect
full-disk encryption keys in the first place. The grub-protect tool
@@ -51,21 +51,21 @@
Signed-off-by: Hernan Gatta <hegatta(a)linux.microsoft.com>
Signed-off-by: Gary Lin <glin(a)suse.com>
---
- .gitignore | 2 +
Makefile.util.def | 22 +
configure.ac | 9 +
- util/grub-protect.c | 1524 +++++++++++++++++++++++++++++++++++++++++++
- 4 files changed, 1557 insertions(+)
+ util/grub-protect.c | 1492 +++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 1525 insertions(+)
create mode 100644 util/grub-protect.c
-Index: grub-2.12~rc1/Makefile.util.def
-===================================================================
---- grub-2.12~rc1.orig/Makefile.util.def
-+++ grub-2.12~rc1/Makefile.util.def
-@@ -208,6 +208,28 @@ program = {
+diff --git a/Makefile.util.def b/Makefile.util.def
+index e89abb38f..f43c223b9 100644
+--- a/Makefile.util.def
++++ b/Makefile.util.def
+@@ -207,6 +207,28 @@ program = {
+ ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
};
- program = {
++program = {
+ name = grub-protect;
+
+ common = grub-core/osdep/init.c;
@@ -87,14 +87,13 @@
+ enable = efi;
+};
+
-+program = {
+ program = {
name = grub-mkrelpath;
mansection = 1;
-
-Index: grub-2.12~rc1/configure.ac
-===================================================================
---- grub-2.12~rc1.orig/configure.ac
-+++ grub-2.12~rc1/configure.ac
+diff --git a/configure.ac b/configure.ac
+index c19779c14..9796e5f9b 100644
+--- a/configure.ac
++++ b/configure.ac
@@ -76,6 +76,7 @@ grub_TRANSFORM([grub-mkpasswd-pbkdf2])
grub_TRANSFORM([grub-mkrelpath])
grub_TRANSFORM([grub-mkrescue])
@@ -103,7 +102,7 @@
grub_TRANSFORM([grub-reboot])
grub_TRANSFORM([grub-script-check])
grub_TRANSFORM([grub-set-default])
-@@ -1992,6 +1993,14 @@ fi
+@@ -2018,6 +2019,14 @@ fi
AC_SUBST([LIBZFS])
AC_SUBST([LIBNVPAIR])
@@ -118,11 +117,12 @@
LIBS=""
AC_SUBST([FONT_SOURCE])
-Index: grub-2.12~rc1/util/grub-protect.c
-===================================================================
+diff --git a/util/grub-protect.c b/util/grub-protect.c
+new file mode 100644
+index 000000000..c6d41ea40
--- /dev/null
-+++ grub-2.12~rc1/util/grub-protect.c
-@@ -0,0 +1,1524 @@
++++ b/util/grub-protect.c
+@@ -0,0 +1,1492 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2022 Microsoft Corporation
@@ -184,7 +184,6 @@
+ GRUB_PROTECT_OPT_TPM2_SRK,
+ GRUB_PROTECT_OPT_TPM2_KEYFILE,
+ GRUB_PROTECT_OPT_TPM2_OUTFILE,
-+ GRUB_PROTECT_OPT_TPM2_PERSIST,
+ GRUB_PROTECT_OPT_TPM2_EVICT,
+ GRUB_PROTECT_OPT_TPM2_TPM2KEY
+} grub_protect_opt;
@@ -203,9 +202,8 @@
+ GRUB_PROTECT_ARG_TPM2_SRK = 1 << 6,
+ GRUB_PROTECT_ARG_TPM2_KEYFILE = 1 << 7,
+ GRUB_PROTECT_ARG_TPM2_OUTFILE = 1 << 8,
-+ GRUB_PROTECT_ARG_TPM2_PERSIST = 1 << 9,
-+ GRUB_PROTECT_ARG_TPM2_EVICT = 1 << 10,
-+ GRUB_PROTECT_ARG_TPM2_TPM2KEY = 1 << 11
++ GRUB_PROTECT_ARG_TPM2_EVICT = 1 << 9,
++ GRUB_PROTECT_ARG_TPM2_TPM2KEY = 1 << 10
+} grub_protect_arg_t;
+
+typedef enum grub_protect_protector
@@ -237,7 +235,6 @@
+ TPM_HANDLE tpm2_srk;
+ const char *tpm2_keyfile;
+ const char *tpm2_outfile;
-+ int tpm2_persist;
+ int tpm2_evict;
+ int tpm2_tpm2key;
+};
@@ -318,8 +315,7 @@
+ .arg = "NUM",
+ .flags = 0,
+ .doc =
-+ N_("The SRK handle if the SRK is to be made persistent "
-+ "(default is 0x81000001)."),
++ N_("The SRK handle if the SRK is to be made persistent."),
+ .group = 0
+ },
+ {
@@ -335,16 +331,6 @@
+ .group = 0
+ },
+ {
-+ .name = "tpm2-persist",
-+ .key = GRUB_PROTECT_OPT_TPM2_PERSIST,
-+ .arg = NULL,
-+ .flags = 0,
-+ .doc =
-+ N_("Whether to persist the SRK onto the TPM, otherwise it is recreated "
-+ "ephemerally during boot (default is to not persist it)."),
-+ .group = 0
-+ },
-+ {
+ .name = "tpm2-evict",
+ .key = GRUB_PROTECT_OPT_TPM2_EVICT,
+ .arg = NULL,
@@ -634,7 +620,7 @@
+ rc = TPM2_PCR_Read (NULL, &pcr_sel, NULL, &pcr_sel_out, &pcr_values, NULL);
+ if (rc != TPM_RC_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to read PCRs (TPM error: 0x%x).\n"), rc);
++ fprintf (stderr, _("Failed to read PCRs (TPM2_PCR_Read: 0x%x).\n"), rc);
+ return GRUB_ERR_BAD_DEVICE;
+ }
+
@@ -711,7 +697,7 @@
+ if (rc != TPM_RC_SUCCESS)
+ {
+ fprintf (stderr,
-+ _("Failed to start trial policy session (TPM error: 0x%x).\n"),
++ _("Failed to start trial policy session (TPM2_StartAuthSession: 0x%x).\n"),
+ rc);
+ err = GRUB_ERR_BAD_DEVICE;
+ goto exit2;
@@ -723,7 +709,7 @@
+ rc = TPM2_PolicyPCR (session, NULL, &pcr_digest_in, &pcr_sel, NULL);
+ if (rc != TPM_RC_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to submit PCR policy (TPM error: 0x%x).\n"),
++ fprintf (stderr, _("Failed to submit PCR policy (TPM2_PolicyPCR: 0x%x).\n"),
+ rc);
+ err = GRUB_ERR_BAD_DEVICE;
+ goto exit3;
@@ -733,7 +719,7 @@
+ rc = TPM2_PolicyGetDigest (session, NULL, &policy_digest, NULL);
+ if (rc != TPM_RC_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to get policy digest (TPM error: 0x%x).\n"),
++ fprintf (stderr, _("Failed to get policy digest (TPM2_PolicyGetDigest: 0x%x).\n"),
+ rc);
+ err = GRUB_ERR_BAD_DEVICE;
+ goto exit3;
@@ -772,26 +758,25 @@
+ TPM2B_NAME srkName = { 0 };
+ TPM_HANDLE srkHandle;
+
-+ /* Find SRK */
-+ rc = TPM2_ReadPublic (args->tpm2_srk, NULL, &public);
-+ if (rc == TPM_RC_SUCCESS)
++ if (args->tpm2_srk != 0)
+ {
-+ if (args->tpm2_persist)
-+ fprintf (stderr,
-+ _("Warning: --tpm2-persist was specified but the SRK already "
-+ "exists on the TPM. Continuing anyway...\n"));
-+
-+ *srk = TPM2_SRK_HANDLE;
-+ return GRUB_ERR_NONE;
-+ }
++ /* Find SRK */
++ rc = TPM2_ReadPublic (args->tpm2_srk, NULL, &public);
++ if (rc == TPM_RC_SUCCESS)
++ {
++ printf (_("Read SRK from 0x%x\n"), args->tpm2_srk);
++ *srk = args->tpm2_srk;
++ return GRUB_ERR_NONE;
++ }
+
-+ /* The handle exists but its public area could not be read. */
-+ if ((rc & ~TPM_RC_N_MASK) != TPM_RC_HANDLE)
-+ {
-+ fprintf (stderr,
-+ _("The SRK exists on the TPM but its public area cannot be read "
-+ "(TPM error: 0x%x).\n"), rc);
-+ return GRUB_ERR_BAD_DEVICE;
++ /* The handle exists but its public area could not be read. */
++ if ((rc & ~TPM_RC_N_MASK) != TPM_RC_HANDLE)
++ {
++ fprintf (stderr,
++ _("Failed to retrieve SRK from 0x%x (TPM2_ReadPublic: 0x%x).\n"),
++ args->tpm2_srk, rc);
++ return GRUB_ERR_BAD_DEVICE;
++ }
+ }
+
+ /* Create SRK */
@@ -836,12 +821,12 @@
+ &srkName, NULL);
+ if (rc != TPM_RC_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to create SRK (TPM error: 0x%x).\n"), rc);
++ fprintf (stderr, _("Failed to create SRK (TPM2_CreatePrimary: 0x%x).\n"), rc);
+ return GRUB_ERR_BAD_DEVICE;
+ }
+
+ /* Persist SRK */
-+ if (args->tpm2_persist)
++ if (args->tpm2_srk != 0)
+ {
+ rc = TPM2_EvictControl (TPM_RH_OWNER, srkHandle, &authCommand,
+ args->tpm2_srk, NULL);
@@ -852,8 +837,8 @@
+ }
+ else
+ fprintf (stderr,
-+ _("Warning: Failed to persist SRK (TPM error: 0x%x\n). "
-+ "Continuing anyway...\n"), rc);
++ _("Warning: Failed to persist SRK (0x%x) (TPM2_EvictControl: 0x%x\n). "
++ "Continuing anyway...\n"), args->tpm2_srk, rc);
+ }
+
+ /* Epilogue */
@@ -891,7 +876,7 @@
+ &pcr_sel, &outPrivate, &outPublic, NULL, NULL, NULL, NULL);
+ if (rc != TPM_RC_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to seal key (TPM error: 0x%x).\n"), rc);
++ fprintf (stderr, _("Failed to seal key (TPM2_Create: 0x%x).\n"), rc);
+ return GRUB_ERR_BAD_DEVICE;
+ }
+
@@ -1202,7 +1187,7 @@
+ if (rc != TPM_RC_SUCCESS)
+ {
+ fprintf (stderr,
-+ _("Failed to evict SRK with handle 0x%x (TPM Error: 0x%x).\n"),
++ _("Failed to evict SRK with handle 0x%x (TPM2_EvictControl: 0x%x).\n"),
+ args->tpm2_srk, rc);
+ err = GRUB_ERR_BAD_DEVICE;
+ goto exit2;
@@ -1269,9 +1254,6 @@
+ args->tpm2_pcr_count = 1;
+ }
+
-+ if (args->tpm2_srk == 0)
-+ args->tpm2_srk = TPM2_SRK_HANDLE;
-+
+ if (args->tpm2_asymmetric == TPM_ALG_ERROR)
+ {
+ args->tpm2_asymmetric = TPM_ALG_RSA;
@@ -1319,19 +1301,16 @@
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
+
-+ if (args->args & GRUB_PROTECT_ARG_TPM2_PERSIST)
++ if (args->tpm2_srk == 0)
+ {
+ fprintf (stderr,
-+ _("--tpm2-persist is invalid when --action is 'remove'.\n"));
++ _("--tpm2-srk is not specified when --action is 'remove'.\n"));
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
+
+ if (args->tpm2_device == NULL)
+ args->tpm2_device = "/dev/tpm0";
+
-+ if (args->tpm2_srk == 0)
-+ args->tpm2_srk = TPM2_SRK_HANDLE;
-+
+ break;
+
+ default:
@@ -1497,17 +1476,6 @@
+ args->args |= GRUB_PROTECT_ARG_TPM2_OUTFILE;
+ break;
+
-+ case GRUB_PROTECT_OPT_TPM2_PERSIST:
-+ if (args->args & GRUB_PROTECT_ARG_TPM2_PERSIST)
-+ {
-+ fprintf (stderr, _("--tpm2-persist can only be specified once.\n"));
-+ return EINVAL;
-+ }
-+
-+ args->tpm2_persist = 1;
-+ args->args |= GRUB_PROTECT_ARG_TPM2_PERSIST;
-+ break;
-+
+ case GRUB_PROTECT_OPT_TPM2_EVICT:
+ if (args->args & GRUB_PROTECT_ARG_TPM2_EVICT)
+ {
@@ -1647,4 +1615,7 @@
+
+ return err;
+}
+--
+2.35.3
+
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ruby3.2 for openSUSE:Factory checked in at 2023-11-22 18:54:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ruby3.2 (Old)
and /work/SRC/openSUSE:Factory/.ruby3.2.new.25432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ruby3.2"
Wed Nov 22 18:54:03 2023 rev:4 rq:1127783 version:3.2.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/ruby3.2/ruby3.2.changes 2023-11-07 21:25:33.709753447 +0100
+++ /work/SRC/openSUSE:Factory/.ruby3.2.new.25432/ruby3.2.changes 2023-11-22 18:54:08.426545211 +0100
@@ -7,0 +8,6 @@
+Sat Nov 4 00:42:57 UTC 2023 - Marcus Rueckert <mrueckert(a)suse.de>
+
+- add Provides that we can differentiate between between jemalloc
+ enabled and non enabled ruby
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ruby3.2.spec ++++++
--- /var/tmp/diff_new_pack.y1fbBD/_old 2023-11-22 18:54:09.050568113 +0100
+++ /var/tmp/diff_new_pack.y1fbBD/_new 2023-11-22 18:54:09.054568260 +0100
@@ -106,6 +106,9 @@
BuildRequires: gmp-devel
%if %{with jemalloc}
BuildRequires: jemalloc-devel
+Provides: %{name}-with-jemalloc = %{version}-%{release}
+%else
+Provides: %{name}-without-jemalloc = %{version}-%{release}
%endif
BuildRequires: autoconf
BuildRequires: libffi-devel
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package readline for openSUSE:Factory checked in at 2023-11-22 18:54:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/readline (Old)
and /work/SRC/openSUSE:Factory/.readline.new.25432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "readline"
Wed Nov 22 18:54:01 2023 rev:15 rq:1127840 version:8.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/readline/readline.changes 2022-10-23 16:32:45.139204610 +0200
+++ /work/SRC/openSUSE:Factory/.readline.new.25432/readline.changes 2023-11-22 18:54:02.330321482 +0100
@@ -1,0 +2,28 @@
+Tue Nov 21 07:04:06 UTC 2023 - Dr. Werner Fink <werner(a)suse.de>
+
+- Add upstream patch readline82-002
+ * It's possible for readline to try to zero out a line that's not null-
+ terminated, leading to a memory fault.
+- Add upstream patch readline82-003
+- Add upstream patch readline82-004
+- Add upstream patch readline82-005
+ * If an application is using readline in callback mode, and a signal arrives
+ after readline checks for it in rl_callback_read_char() but before it
+ restores the application's signal handlers, it won't get processed until the
+ next time the application calls rl_callback_read_char(). Readline needs to
+ check for and resend any pending signals after restoring the application's
+ signal handlers.
+- Add upstream patch readline82-006
+ * This is a variant of the same issue as the one fixed by patch 5. In this
+ case, the signal arrives and is pending before readline calls rl_getc().
+ When this happens, the pending signal will be handled by the loop, but may
+ alter or destroy some state that the callback uses. Readline needs to treat
+ this case the same way it would if a signal interrupts pselect/select, so
+ compound operations like searches and reading numeric arguments get cleaned
+ up properly.
+- Add upstream patch readline82-007
+ * If readline is called with no prompt, it should display a newline if return
+ is typed on an empty line. It should still suppress the final newline if
+ return is typed on the last (empty) line of a multi-line command.
+
+-------------------------------------------------------------------
New:
----
readline82-002
readline82-002.sig
readline82-003
readline82-003.sig
readline82-004
readline82-004.sig
readline82-005
readline82-005.sig
readline82-006
readline82-006.sig
readline82-007
readline82-007.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ readline.spec ++++++
--- /var/tmp/diff_new_pack.7n4LSk/_old 2023-11-22 18:54:06.438472250 +0100
+++ /var/tmp/diff_new_pack.7n4LSk/_new 2023-11-22 18:54:06.442472396 +0100
@@ -1,7 +1,7 @@
#
# spec file for package readline
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -34,7 +34,19 @@
# signatures for official patches
# official patches
Patch101: readline82-001
+Patch102: readline82-002
+Patch103: readline82-003
+Patch104: readline82-004
+Patch105: readline82-005
+Patch106: readline82-006
+Patch107: readline82-007
Source101: readline82-001.sig
+Source102: readline82-002.sig
+Source103: readline82-003.sig
+Source104: readline82-004.sig
+Source105: readline82-005.sig
+Source106: readline82-006.sig
+Source107: readline82-007.sig
# local patches
Patch200: readline-%{version}.dif
Patch201: readline-6.3-input.dif
@@ -105,16 +117,22 @@
%prep
%setup -q -n readline-%{version}%{rextend}
# official patches
-%patch101 -p0
+%patch -P101 -p0
+%patch -P102 -p0
+%patch -P103 -p0
+%patch -P104 -p0
+%patch -P105 -p0
+%patch -P106 -p0
+%patch -P107 -p0
# local patches
-%patch201 -p2 -b .zerotty
-%patch202 -p2 -b .conf
-%patch203 -p2 -b .metamode
-%patch205 -b .xm
-%patch206 -b .destdir
-%patch207 -p2 -b .tmp
-%patch208 -p2 -b .screen
-%patch200 -b .0
+%patch -P201 -p2 -b .zerotty
+%patch -P202 -p2 -b .conf
+%patch -P203 -p2 -b .metamode
+%patch -P205 -b .xm
+%patch -P206 -b .destdir
+%patch -P207 -p2 -b .tmp
+%patch -P208 -p2 -b .screen
+%patch -P200 -b .0
%build
%global _lto_cflags %{_lto_cflags} -ffat-lto-objects
++++++ readline-6.3-input.dif ++++++
--- /var/tmp/diff_new_pack.7n4LSk/_old 2023-11-22 18:54:06.494474305 +0100
+++ /var/tmp/diff_new_pack.7n4LSk/_new 2023-11-22 18:54:06.494474305 +0100
@@ -5,7 +5,7 @@
--- lib/readline/input.c
+++ lib/readline/input.c 2018-11-29 08:29:58.432878428 +0000
-@@ -799,6 +799,8 @@ rl_read_key (void)
+@@ -801,6 +801,8 @@ rl_read_key (void)
return (c);
}
@@ -14,7 +14,7 @@
int
rl_getc (FILE *stream)
{
-@@ -846,7 +848,10 @@ rl_getc (FILE *stream)
+@@ -862,7 +864,10 @@ rl_getc (FILE *stream)
/* If zero characters are returned, then the file that we are
reading from is empty! Return EOF in that case. */
if (result == 0)
++++++ readline82-002 ++++++
READLINE PATCH REPORT
=====================
Readline-Release: 8.2
Patch-ID: readline82-002
Bug-Reported-by: srobertson(a)peratonlabs.com
Bug-Reference-ID:
Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2022-09/msg00049.html
Bug-Description:
It's possible for readline to try to zero out a line that's not null-
terminated, leading to a memory fault.
Patch (apply with `patch -p0'):
*** ../readline-8.2-patched/display.c 2022-04-05 10:47:31.000000000 -0400
--- display.c 2022-12-13 13:11:22.000000000 -0500
***************
*** 2684,2692 ****
if (visible_line)
! {
! temp = visible_line;
! while (*temp)
! *temp++ = '\0';
! }
rl_on_new_line ();
forced_display++;
--- 2735,2740 ----
if (visible_line)
! memset (visible_line, 0, line_size);
!
rl_on_new_line ();
forced_display++;
*** ../readline-8.2/patchlevel 2013-11-15 08:11:11.000000000 -0500
--- patchlevel 2014-03-21 08:28:40.000000000 -0400
***************
*** 1,3 ****
# Do not edit -- exists only for use by patch
! 1
--- 1,3 ----
# Do not edit -- exists only for use by patch
! 2
++++++ readline82-003 ++++++
READLINE PATCH REPORT
=====================
Readline-Release: 8.2
Patch-ID: readline82-003
Bug-Reported-by: Stefan Klinger <readline-gnu.org(a)stefan-klinger.de>
Bug-Reference-ID:
Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-readline/2023-08/msg00018.html
Bug-Description:
Patch (apply with `patch -p0'):
The custom color prefix that readline uses to color possible completions
must have a leading `.'.
*** ../readline-8.2-patched/colors.c 2021-12-08 11:38:25.000000000 -0500
--- colors.c 2023-08-28 16:40:04.000000000 -0400
***************
*** 74,78 ****
static void restore_default_color (void);
! #define RL_COLOR_PREFIX_EXTENSION "readline-colored-completion-prefix"
COLOR_EXT_TYPE *_rl_color_ext_list = 0;
--- 74,78 ----
static void restore_default_color (void);
! #define RL_COLOR_PREFIX_EXTENSION ".readline-colored-completion-prefix"
COLOR_EXT_TYPE *_rl_color_ext_list = 0;
*** ../readline-8.2/patchlevel 2013-11-15 08:11:11.000000000 -0500
--- patchlevel 2014-03-21 08:28:40.000000000 -0400
***************
*** 1,3 ****
# Do not edit -- exists only for use by patch
! 2
--- 1,3 ----
# Do not edit -- exists only for use by patch
! 3
++++++ readline82-004 ++++++
READLINE PATCH REPORT
=====================
Readline-Release: 8.2
Patch-ID: readline82-004
Bug-Reported-by: Henry Bent <henry.r.bent(a)gmail.com>
Bug-Reference-ID:
Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2022-11/msg00044.html
Bug-Description:
Patch (apply with `patch -p0'):
There are systems that supply one of select or pselect, but not both.
*** ../readline-8.2-patched/input.c 2022-04-08 15:43:24.000000000 -0400
--- input.c 2022-11-28 09:41:08.000000000 -0500
***************
*** 152,156 ****
--- 152,158 ----
int _rl_timeout_init (void);
int _rl_timeout_sigalrm_handler (void);
+ #if defined (RL_TIMEOUT_USE_SELECT)
int _rl_timeout_select (int, fd_set *, fd_set *, fd_set *, const struct timeval *, const sigset_t *);
+ #endif
static void _rl_timeout_handle (void);
***************
*** 249,253 ****
int chars_avail, k;
char input;
! #if defined(HAVE_SELECT)
fd_set readfds, exceptfds;
struct timeval timeout;
--- 251,255 ----
int chars_avail, k;
char input;
! #if defined (HAVE_PSELECT) || defined (HAVE_SELECT)
fd_set readfds, exceptfds;
struct timeval timeout;
***************
*** 806,810 ****
unsigned char c;
int fd;
! #if defined (HAVE_PSELECT)
sigset_t empty_set;
fd_set readfds;
--- 815,819 ----
unsigned char c;
int fd;
! #if defined (HAVE_PSELECT) || defined (HAVE_SELECT)
sigset_t empty_set;
fd_set readfds;
*** ../readline-8.2/patchlevel 2013-11-15 08:11:11.000000000 -0500
--- patchlevel 2014-03-21 08:28:40.000000000 -0400
***************
*** 1,3 ****
# Do not edit -- exists only for use by patch
! 3
--- 1,3 ----
# Do not edit -- exists only for use by patch
! 4
++++++ readline82-005 ++++++
READLINE PATCH REPORT
=====================
Readline-Release: 8.2
Patch-ID: readline82-005
Bug-Reported-by: Simon Marchi <simon.marchi(a)polymtl.ca>
Bug-Reference-ID:
Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-readline/2022-09/msg00005.html
Bug-Description:
If an application is using readline in callback mode, and a signal arrives
after readline checks for it in rl_callback_read_char() but before it
restores the application's signal handlers, it won't get processed until the
next time the application calls rl_callback_read_char(). Readline needs to
check for and resend any pending signals after restoring the application's
signal handlers.
Patch (apply with `patch -p0'):
*** ../readline-8.2-patched/callback.c 2022-04-29 12:02:56.000000000 -0400
--- callback.c 2022-10-11 10:59:06.000000000 -0400
***************
*** 116,120 ****
do { \
if (rl_persistent_signal_handlers == 0) \
! rl_clear_signals (); \
return; \
} while (0)
--- 116,123 ----
do { \
if (rl_persistent_signal_handlers == 0) \
! { \
! rl_clear_signals (); \
! if (_rl_caught_signal) _rl_signal_handler (_rl_caught_signal); \
! } \
return; \
} while (0)
*** ../readline-8.2/patchlevel 2013-11-15 08:11:11.000000000 -0500
--- patchlevel 2014-03-21 08:28:40.000000000 -0400
***************
*** 1,3 ****
# Do not edit -- exists only for use by patch
! 4
--- 1,3 ----
# Do not edit -- exists only for use by patch
! 5
++++++ readline82-006 ++++++
READLINE PATCH REPORT
=====================
Readline-Release: 8.2
Patch-ID: readline82-006
Bug-Reported-by: Tom de Vries <tdevries(a)suse.de>
Bug-Reference-ID:
Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-readline/2022-09/msg00001.html
Bug-Description:
This is a variant of the same issue as the one fixed by patch 5. In this
case, the signal arrives and is pending before readline calls rl_getc().
When this happens, the pending signal will be handled by the loop, but may
alter or destroy some state that the callback uses. Readline needs to treat
this case the same way it would if a signal interrupts pselect/select, so
compound operations like searches and reading numeric arguments get cleaned
up properly.
Patch (apply with `patch -p0'):
*** ../readline-8.2-patched/input.c 2022-12-22 16:15:48.000000000 -0500
--- input.c 2023-01-10 11:53:45.000000000 -0500
***************
*** 812,816 ****
rl_getc (FILE *stream)
{
! int result;
unsigned char c;
int fd;
--- 812,816 ----
rl_getc (FILE *stream)
{
! int result, ostate, osig;
unsigned char c;
int fd;
***************
*** 823,828 ****
--- 823,842 ----
while (1)
{
+ osig = _rl_caught_signal;
+ ostate = rl_readline_state;
+
RL_CHECK_SIGNALS ();
+ #if defined (READLINE_CALLBACKS)
+ /* Do signal handling post-processing here, but just in callback mode
+ for right now because the signal cleanup can change some of the
+ callback state, and we need to either let the application have a
+ chance to react or abort some current operation that gets cleaned
+ up by rl_callback_sigcleanup(). If not, we'll just run through the
+ loop again. */
+ if (osig != 0 && (ostate & RL_STATE_CALLBACK))
+ goto postproc_signal;
+ #endif
+
/* We know at this point that _rl_caught_signal == 0 */
***************
*** 888,891 ****
--- 902,908 ----
handle_error:
+ osig = _rl_caught_signal;
+ ostate = rl_readline_state;
+
/* If the error that we received was EINTR, then try again,
this is simply an interrupted system call to read (). We allow
***************
*** 928,933 ****
--- 945,959 ----
#endif /* SIGALRM */
+ postproc_signal:
+ /* POSIX says read(2)/pselect(2)/select(2) don't return EINTR for any
+ reason other than being interrupted by a signal, so we can safely
+ call the application's signal event hook. */
if (rl_signal_event_hook)
(*rl_signal_event_hook) ();
+ #if defined (READLINE_CALLBACKS)
+ else if (osig == SIGINT && (ostate & RL_STATE_CALLBACK) && (ostate & (RL_STATE_ISEARCH|RL_STATE_NSEARCH|RL_STATE_NUMERICARG)))
+ /* just these cases for now */
+ _rl_abort_internal ();
+ #endif
}
}
*** ../readline-8.2/patchlevel 2013-11-15 08:11:11.000000000 -0500
--- patchlevel 2014-03-21 08:28:40.000000000 -0400
***************
*** 1,3 ****
# Do not edit -- exists only for use by patch
! 5
--- 1,3 ----
# Do not edit -- exists only for use by patch
! 6
++++++ readline82-007 ++++++
READLINE PATCH REPORT
=====================
Readline-Release: 8.2
Patch-ID: readline82-007
Bug-Reported-by: Kevin Pulo <kev(a)pulo.com.au>
Bug-Reference-ID:
Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-readline/2022-11/msg00002.html
Bug-Description:
If readline is called with no prompt, it should display a newline if return
is typed on an empty line. It should still suppress the final newline if
return is typed on the last (empty) line of a multi-line command.
Patch (apply with `patch -p0'):
*** ../readline-8.2-patched/display.c 2022-04-05 10:47:31.000000000 -0400
--- display.c 2022-12-13 13:11:22.000000000 -0500
***************
*** 3342,3348 ****
&last_face[_rl_screenwidth - 1 + woff], 1);
}
! _rl_vis_botlin = 0;
! if (botline_length > 0 || _rl_last_c_pos > 0)
rl_crlf ();
fflush (rl_outstream);
rl_display_fixed++;
--- 3394,3400 ----
&last_face[_rl_screenwidth - 1 + woff], 1);
}
! if ((_rl_vis_botlin == 0 && botline_length == 0) || botline_length > 0 || _rl_last_c_pos > 0)
rl_crlf ();
+ _rl_vis_botlin = 0;
fflush (rl_outstream);
rl_display_fixed++;
*** ../readline-8.2/patchlevel 2013-11-15 08:11:11.000000000 -0500
--- patchlevel 2014-03-21 08:28:40.000000000 -0400
***************
*** 1,3 ****
# Do not edit -- exists only for use by patch
! 6
--- 1,3 ----
# Do not edit -- exists only for use by patch
! 7
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package 000product for openSUSE:Factory checked in at 2023-11-22 04:08:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/000product (Old)
and /work/SRC/openSUSE:Factory/.000product.new.25432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "000product"
Wed Nov 22 04:08:38 2023 rev:3813 rq: version:unknown
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
openSUSE-Addon-NonOss-ftp-ftp-x86_64.kiwi: same change
openSUSE-cd-mini-x86_64.kiwi: same change
++++++ openSUSE-dvd5-dvd-x86_64.kiwi ++++++
--- /var/tmp/diff_new_pack.9iGaId/_old 2023-11-22 04:08:41.484677543 +0100
+++ /var/tmp/diff_new_pack.9iGaId/_new 2023-11-22 04:08:41.488677690 +0100
@@ -364,6 +364,7 @@
<repopackage name="dracut"/>
<repopackage name="dracut-transactional-update"/>
<repopackage name="drbd"/>
+ <repopackage name="drbd-kmp-default"/>
<repopackage name="drbd-utils"/>
<repopackage name="drkonqi5"/>
<repopackage name="drkonqi5-lang"/>
@@ -1004,6 +1005,7 @@
<repopackage name="kernel-firmware-network"/>
<repopackage name="kernel-firmware-nfp"/>
<repopackage name="kernel-firmware-nvidia"/>
+ <repopackage name="kernel-firmware-nvidia-gspx-G06"/>
<repopackage name="kernel-firmware-platform"/>
<repopackage name="kernel-firmware-prestera"/>
<repopackage name="kernel-firmware-qcom"/>
@@ -3098,6 +3100,7 @@
<repopackage name="ntfsprogs"/>
<repopackage name="numactl"/>
<repopackage name="numlockx"/>
+ <repopackage name="nvidia-open-driver-G06-signed-kmp-default"/>
<repopackage name="nvme-cli"/>
<repopackage name="nvme-cli-bash-completion"/>
<repopackage name="obex-data-server"/>
@@ -4467,6 +4470,8 @@
<repopackage name="virt-viewer"/>
<repopackage name="virt-what"/>
<repopackage name="virtiofsd"/>
+ <repopackage name="virtualbox-guest-tools"/>
+ <repopackage name="virtualbox-kmp-default"/>
<repopackage name="vlan"/>
<repopackage name="vlc"/>
<repopackage name="vlc-codec-gstreamer"/>
openSUSE-ftp-ftp-x86_64.kiwi: same change
stub.kiwi: same change
++++++ dvd.group ++++++
--- /var/tmp/diff_new_pack.9iGaId/_old 2023-11-22 04:08:41.624682711 +0100
+++ /var/tmp/diff_new_pack.9iGaId/_new 2023-11-22 04:08:41.632683006 +0100
@@ -367,6 +367,7 @@
<package name="dracut" supportstatus="unsupported"/> <!-- reason: dvd:patterns-base-console -->
<package name="dracut-transactional-update" supportstatus="unsupported"/> <!-- reason: dvd:patterns-base-transactional_base -->
<package name="drbd" supportstatus="unsupported"/> <!-- reason: common_locks:expansion -->
+ <package name="drbd-kmp-default" supportstatus="unsupported"/> <!-- reason: common_locks:expansion -->
<package name="drbd-utils" supportstatus="unsupported"/> <!-- reason: common_locks:expansion -->
<package name="drkonqi5" supportstatus="unsupported"/> <!-- reason: dvd:patterns-kde-kde -->
<package name="drkonqi5-lang" supportstatus="unsupported"/> <!-- reason: dvd:patterns-kde-kde -->
@@ -1004,6 +1005,7 @@
<package name="kernel-firmware-network" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_cd_core -->
<package name="kernel-firmware-nfp" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_cd_core -->
<package name="kernel-firmware-nvidia" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_cd_core -->
+ <package name="kernel-firmware-nvidia-gspx-G06" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_dvd -->
<package name="kernel-firmware-platform" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_cd_core -->
<package name="kernel-firmware-prestera" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_cd_core -->
<package name="kernel-firmware-qcom" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_cd_core -->
@@ -2309,7 +2311,7 @@
<package name="libnma-gtk4-0" supportstatus="unsupported"/> <!-- reason: dvd:patterns-gnome-gnome -->
<package name="libnma-lang" supportstatus="unsupported"/> <!-- reason: dvd:patterns-gnome-gnome -->
<package name="libnma0" supportstatus="unsupported"/> <!-- reason: dvd:patterns-gnome-gnome -->
- <package name="libnotify-tools" supportstatus="unsupported"/> <!-- reason: dvd:patterns-xfce-xfce -->
+ <package name="libnotify-tools" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_cd_core -->
<package name="libnotify4" supportstatus="unsupported"/> <!-- reason: dvd:openSUSE-release -->
<package name="libnpth0" supportstatus="unsupported"/> <!-- reason: dvd:openSUSE-release -->
<package name="libnscd1" supportstatus="unsupported"/> <!-- reason: dvd:patterns-gnome-gnome -->
@@ -3057,6 +3059,7 @@
<package name="ntfsprogs" supportstatus="unsupported"/> <!-- reason: dvd:patterns-base-console -->
<package name="numactl" supportstatus="unsupported"/> <!-- reason: dvd:patterns-base-console -->
<package name="numlockx" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_cd_core -->
+ <package name="nvidia-open-driver-G06-signed-kmp-default" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_dvd -->
<package name="nvme-cli" supportstatus="unsupported"/> <!-- reason: dvd:nvme-cli -->
<package name="nvme-cli-bash-completion" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_dvd -->
<package name="obex-data-server" supportstatus="unsupported"/> <!-- reason: dvd:patterns-xfce-xfce -->
@@ -4418,6 +4421,8 @@
<package name="virt-viewer" supportstatus="unsupported"/> <!-- reason: dvd:patterns-server-kvm_tools -->
<package name="virt-what" supportstatus="unsupported"/> <!-- reason: dvd:patterns-base-console -->
<package name="virtiofsd" supportstatus="unsupported"/> <!-- reason: dvd:patterns-server-kvm_server -->
+ <package name="virtualbox-guest-tools" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_cd_core -->
+ <package name="virtualbox-kmp-default" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_cd_core -->
<package name="vlan" supportstatus="unsupported"/> <!-- reason: dvd:patterns-base-console -->
<package name="vlc" supportstatus="unsupported"/> <!-- reason: dvd:patterns-kde-kde_multimedia -->
<package name="vlc-codec-gstreamer" supportstatus="unsupported"/> <!-- reason: dvd:patterns-kde-kde_multimedia -->
@@ -4803,8 +4808,6 @@
</group>
<group name="dvd.x86_64">
<conditional name="only_x86_64"/>
- <packagelist relationship="recommends">
- <!-- virtualbox-guest-tools uninstallable: nothing provides kernel-uname-r = 6.6.1-1-default needed by virtualbox-kmp-default-7.0.12_k6.6.1_1-2.2.x86_64-->
- </packagelist>
+ <packagelist relationship="recommends"/>
</group>
++++++ unsorted.yml ++++++
--- /var/tmp/diff_new_pack.9iGaId/_old 2023-11-22 04:08:41.728686550 +0100
+++ /var/tmp/diff_new_pack.9iGaId/_new 2023-11-22 04:08:41.736686845 +0100
@@ -3228,7 +3228,6 @@
- drawing
- drawing-lang
- drbd-formula
- - drbd-kmp-default
- drc
- drc-doc
- driverctl
@@ -8937,7 +8936,6 @@
- kernel-docs-html
- kernel-firmware
- kernel-firmware-nvidia-gsp-G06
- - kernel-firmware-nvidia-gspx-G06
- kernel-install-tools
- kernel-kvmsmall
- kernel-kvmsmall-devel
@@ -18470,7 +18468,6 @@
- nut-drivers-net
- nvdock
- nvidia-open-driver-G06-signed-default-devel
- - nvidia-open-driver-G06-signed-kmp-default
- nvidia-texture-tools
- nvimpager
- nvimpager-zsh-completion
@@ -45130,9 +45127,7 @@
- virtualbox-devel
- virtualbox-guest-desktop-icons
- virtualbox-guest-source
- - virtualbox-guest-tools
- virtualbox-host-source
- - virtualbox-kmp-default
- virtualbox-qt
- virtualbox-vnc
- virtualbox-websrv
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package 000product for openSUSE:Factory checked in at 2023-11-22 03:09:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/000product (Old)
and /work/SRC/openSUSE:Factory/.000product.new.25432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "000product"
Wed Nov 22 03:09:07 2023 rev:3812 rq: version:unknown
Changes:
--------
New Changes file:
NO CHANGES FILE!!!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ MicroOS-dvd5-dvd-x86_64.kiwi ++++++
--- /var/tmp/diff_new_pack.b1QfSX/_old 2023-11-22 03:09:12.276488737 +0100
+++ /var/tmp/diff_new_pack.b1QfSX/_new 2023-11-22 03:09:12.276488737 +0100
@@ -1,4 +1,4 @@
-<image name="OBS__MicroOS___20231120" schemaversion="4.1">
+<image name="OBS__MicroOS___20231121" schemaversion="4.1">
<description type="system">
<author>The SUSE Team</author>
<contact>build(a)opensuse.org</contact>
@@ -35,11 +35,11 @@
<productvar name="SEPARATE_MEDIA">true</productvar>
<productvar name="SHA1OPT">-x -2</productvar>
<productvar name="VENDOR">openSUSE</productvar>
- <productvar name="VERSION">20231120</productvar>
+ <productvar name="VERSION">20231121</productvar>
<productinfo name="CONTENTSTYLE">11</productinfo>
- <productinfo name="DISTRO">cpe:/o:opensuse:microos:20231120,openSUSE MicroOS</productinfo>
+ <productinfo name="DISTRO">cpe:/o:opensuse:microos:20231121,openSUSE MicroOS</productinfo>
<productinfo name="LINGUAS">en_US </productinfo>
- <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/MicroOS/20231120/x86_64</productinfo>
+ <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/MicroOS/20231121/x86_64</productinfo>
<productinfo name="VENDOR">openSUSE</productinfo>
<productoption name="INI_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
<productoption name="PLUGIN_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
@@ -164,7 +164,6 @@
<repopackage name="busybox-gzip"/>
<repopackage name="busybox-hostname"/>
<repopackage name="busybox-sed"/>
- <repopackage name="busybox-sendmail"/>
<repopackage name="busybox-static"/>
<repopackage name="busybox-which"/>
<repopackage name="busybox-xz"/>
++++++ openSUSE-Addon-NonOss-ftp-ftp-x86_64.kiwi ++++++
--- /var/tmp/diff_new_pack.b1QfSX/_old 2023-11-22 03:09:12.308489915 +0100
+++ /var/tmp/diff_new_pack.b1QfSX/_new 2023-11-22 03:09:12.308489915 +0100
@@ -1,4 +1,4 @@
-<image name="OBS__openSUSE-Addon-NonOss___20231120" schemaversion="4.1">
+<image name="OBS__openSUSE-Addon-NonOss___20231121" schemaversion="4.1">
<description type="system">
<author>The SUSE Team</author>
<contact>build(a)opensuse.org</contact>
@@ -35,11 +35,11 @@
<productvar name="SEPARATE_MEDIA">true</productvar>
<productvar name="SHA1OPT">-x -2</productvar>
<productvar name="VENDOR">openSUSE</productvar>
- <productvar name="VERSION">20231120</productvar>
+ <productvar name="VERSION">20231121</productvar>
<productinfo name="CONTENTSTYLE">11</productinfo>
- <productinfo name="DISTRO">cpe:/o:opensuse:opensuse-addon-nonoss:20231120,openSUSE NonOSS Addon</productinfo>
+ <productinfo name="DISTRO">cpe:/o:opensuse:opensuse-addon-nonoss:20231121,openSUSE NonOSS Addon</productinfo>
<productinfo name="LINGUAS">af ar be_BY bg br ca cy el et ga gl gu_IN he hi_IN hr ka km ko lt mk nn pa_IN rw sk sl sr_CS ss st tg th tr uk ve vi xh zu </productinfo>
- <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE-Addon-NonOss/2023…</productinfo>
+ <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE-Addon-NonOss/2023…</productinfo>
<productinfo name="VENDOR">openSUSE</productinfo>
<productoption name="INI_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
<productoption name="PLUGIN_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
++++++ openSUSE-cd-mini-x86_64.kiwi ++++++
--- /var/tmp/diff_new_pack.b1QfSX/_old 2023-11-22 03:09:12.328490651 +0100
+++ /var/tmp/diff_new_pack.b1QfSX/_new 2023-11-22 03:09:12.332490798 +0100
@@ -1,4 +1,4 @@
-<image name="OBS__openSUSE___20231120" schemaversion="4.1">
+<image name="OBS__openSUSE___20231121" schemaversion="4.1">
<description type="system">
<author>The SUSE Team</author>
<contact>build(a)opensuse.org</contact>
@@ -35,11 +35,11 @@
<productvar name="SEPARATE_MEDIA">true</productvar>
<productvar name="SHA1OPT">-x -2</productvar>
<productvar name="VENDOR">openSUSE</productvar>
- <productvar name="VERSION">20231120</productvar>
+ <productvar name="VERSION">20231121</productvar>
<productinfo name="CONTENTSTYLE">11</productinfo>
- <productinfo name="DISTRO">cpe:/o:opensuse:opensuse:20231120,openSUSE Tumbleweed</productinfo>
+ <productinfo name="DISTRO">cpe:/o:opensuse:opensuse:20231121,openSUSE Tumbleweed</productinfo>
<productinfo name="LINGUAS">cs da de el en en_GB en_US es fr hu it ja pl pt pt_BR ru zh zh_CN zh_TW </productinfo>
- <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE/20231120/x86_64</productinfo>
+ <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE/20231121/x86_64</productinfo>
<productinfo name="VENDOR">openSUSE</productinfo>
<productoption name="INI_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
<productoption name="PLUGIN_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
++++++ openSUSE-dvd5-dvd-x86_64.kiwi ++++++
--- /var/tmp/diff_new_pack.b1QfSX/_old 2023-11-22 03:09:12.352491535 +0100
+++ /var/tmp/diff_new_pack.b1QfSX/_new 2023-11-22 03:09:12.356491681 +0100
@@ -1,4 +1,4 @@
-<image name="OBS__openSUSE___20231120" schemaversion="4.1">
+<image name="OBS__openSUSE___20231121" schemaversion="4.1">
<description type="system">
<author>The SUSE Team</author>
<contact>build(a)opensuse.org</contact>
@@ -35,11 +35,11 @@
<productvar name="SEPARATE_MEDIA">true</productvar>
<productvar name="SHA1OPT">-x -2</productvar>
<productvar name="VENDOR">openSUSE</productvar>
- <productvar name="VERSION">20231120</productvar>
+ <productvar name="VERSION">20231121</productvar>
<productinfo name="CONTENTSTYLE">11</productinfo>
- <productinfo name="DISTRO">cpe:/o:opensuse:opensuse:20231120,openSUSE Tumbleweed</productinfo>
+ <productinfo name="DISTRO">cpe:/o:opensuse:opensuse:20231121,openSUSE Tumbleweed</productinfo>
<productinfo name="LINGUAS">cs da de el en en_GB en_US es fr hu it ja pl pt pt_BR ru zh zh_CN zh_TW </productinfo>
- <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE/20231120/x86_64</productinfo>
+ <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE/20231121/x86_64</productinfo>
<productinfo name="VENDOR">openSUSE</productinfo>
<productoption name="INI_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
<productoption name="PLUGIN_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
@@ -364,7 +364,6 @@
<repopackage name="dracut"/>
<repopackage name="dracut-transactional-update"/>
<repopackage name="drbd"/>
- <repopackage name="drbd-kmp-default"/>
<repopackage name="drbd-utils"/>
<repopackage name="drkonqi5"/>
<repopackage name="drkonqi5-lang"/>
@@ -1005,7 +1004,6 @@
<repopackage name="kernel-firmware-network"/>
<repopackage name="kernel-firmware-nfp"/>
<repopackage name="kernel-firmware-nvidia"/>
- <repopackage name="kernel-firmware-nvidia-gspx-G06"/>
<repopackage name="kernel-firmware-platform"/>
<repopackage name="kernel-firmware-prestera"/>
<repopackage name="kernel-firmware-qcom"/>
@@ -3100,7 +3098,6 @@
<repopackage name="ntfsprogs"/>
<repopackage name="numactl"/>
<repopackage name="numlockx"/>
- <repopackage name="nvidia-open-driver-G06-signed-kmp-default"/>
<repopackage name="nvme-cli"/>
<repopackage name="nvme-cli-bash-completion"/>
<repopackage name="obex-data-server"/>
@@ -4064,6 +4061,7 @@
<repopackage name="ruby3.2-rubygem-version_gem"/>
<repopackage name="ruby3.2-rubygem-virtus"/>
<repopackage name="ruby3.2-rubygem-warden"/>
+ <repopackage name="ruby3.2-rubygem-webmock"/>
<repopackage name="ruby3.2-rubygem-webrick"/>
<repopackage name="ruby3.2-rubygem-websocket"/>
<repopackage name="ruby3.2-rubygem-websocket-driver"/>
@@ -4469,8 +4467,6 @@
<repopackage name="virt-viewer"/>
<repopackage name="virt-what"/>
<repopackage name="virtiofsd"/>
- <repopackage name="virtualbox-guest-tools"/>
- <repopackage name="virtualbox-kmp-default"/>
<repopackage name="vlan"/>
<repopackage name="vlc"/>
<repopackage name="vlc-codec-gstreamer"/>
++++++ openSUSE-ftp-ftp-i586.kiwi ++++++
--- /var/tmp/diff_new_pack.b1QfSX/_old 2023-11-22 03:09:12.376492418 +0100
+++ /var/tmp/diff_new_pack.b1QfSX/_new 2023-11-22 03:09:12.376492418 +0100
@@ -1,4 +1,4 @@
-<image name="OBS__openSUSE___20231120" schemaversion="4.1">
+<image name="OBS__openSUSE___20231121" schemaversion="4.1">
<description type="system">
<author>The SUSE Team</author>
<contact>build(a)opensuse.org</contact>
@@ -20,7 +20,7 @@
<productvar name="DISTNAME">openSUSE</productvar>
<productvar name="FLAVOR">ftp</productvar>
<productvar name="MAKE_LISTINGS">true</productvar>
- <productvar name="MEDIUM_NAME">openSUSE-20231120-i586</productvar>
+ <productvar name="MEDIUM_NAME">openSUSE-20231121-i586</productvar>
<productvar name="MULTIPLE_MEDIA">true</productvar>
<productvar name="PRODUCT_DIR">/</productvar>
<productvar name="PRODUCT_NAME">$DISTNAME-$FLAVOR</productvar>
@@ -32,11 +32,11 @@
<productvar name="SEPARATE_MEDIA">true</productvar>
<productvar name="SHA1OPT">-x -2</productvar>
<productvar name="VENDOR">openSUSE</productvar>
- <productvar name="VERSION">20231120</productvar>
+ <productvar name="VERSION">20231121</productvar>
<productinfo name="CONTENTSTYLE">11</productinfo>
- <productinfo name="DISTRO">cpe:/o:opensuse:opensuse:20231120,openSUSE Tumbleweed</productinfo>
+ <productinfo name="DISTRO">cpe:/o:opensuse:opensuse:20231121,openSUSE Tumbleweed</productinfo>
<productinfo name="LINGUAS">cs da de el en en_GB en_US es fr hu it ja pl pt pt_BR ru zh zh_CN zh_TW </productinfo>
- <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE/20231120/i586</productinfo>
+ <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE/20231121/i586</productinfo>
<productinfo name="VENDOR">openSUSE</productinfo>
<productoption name="DEBUGMEDIUM">2</productoption>
<productoption name="INI_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
++++++ openSUSE-ftp-ftp-x86_64.kiwi ++++++
--- /var/tmp/diff_new_pack.b1QfSX/_old 2023-11-22 03:09:12.396493154 +0100
+++ /var/tmp/diff_new_pack.b1QfSX/_new 2023-11-22 03:09:12.400493301 +0100
@@ -1,4 +1,4 @@
-<image name="OBS__openSUSE___20231120" schemaversion="4.1">
+<image name="OBS__openSUSE___20231121" schemaversion="4.1">
<description type="system">
<author>The SUSE Team</author>
<contact>build(a)opensuse.org</contact>
@@ -23,7 +23,7 @@
<productvar name="DISTNAME">openSUSE</productvar>
<productvar name="FLAVOR">ftp</productvar>
<productvar name="MAKE_LISTINGS">true</productvar>
- <productvar name="MEDIUM_NAME">openSUSE-20231120-x86_64</productvar>
+ <productvar name="MEDIUM_NAME">openSUSE-20231121-x86_64</productvar>
<productvar name="MULTIPLE_MEDIA">true</productvar>
<productvar name="PRODUCT_DIR">/</productvar>
<productvar name="PRODUCT_NAME">$DISTNAME-$FLAVOR</productvar>
@@ -35,11 +35,11 @@
<productvar name="SEPARATE_MEDIA">true</productvar>
<productvar name="SHA1OPT">-x -2</productvar>
<productvar name="VENDOR">openSUSE</productvar>
- <productvar name="VERSION">20231120</productvar>
+ <productvar name="VERSION">20231121</productvar>
<productinfo name="CONTENTSTYLE">11</productinfo>
- <productinfo name="DISTRO">cpe:/o:opensuse:opensuse:20231120,openSUSE Tumbleweed</productinfo>
+ <productinfo name="DISTRO">cpe:/o:opensuse:opensuse:20231121,openSUSE Tumbleweed</productinfo>
<productinfo name="LINGUAS">cs da de el en en_GB en_US es fr hu it ja pl pt pt_BR ru zh zh_CN zh_TW </productinfo>
- <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE/20231120/x86_64</productinfo>
+ <productinfo name="REPOID">obsproduct://build.opensuse.org/openSUSE:Factory/openSUSE/20231121/x86_64</productinfo>
<productinfo name="VENDOR">openSUSE</productinfo>
<productoption name="DEBUGMEDIUM">2</productoption>
<productoption name="INI_DIR">/usr/share/kiwi/modules/plugins/tumbleweed</productoption>
++++++ Aeon.product ++++++
--- /var/tmp/diff_new_pack.b1QfSX/_old 2023-11-22 03:09:12.440494774 +0100
+++ /var/tmp/diff_new_pack.b1QfSX/_new 2023-11-22 03:09:12.440494774 +0100
@@ -6,7 +6,7 @@
<name>Aeon</name>
<releasepkgname>Aeon-release</releasepkgname>
<endoflife/>
- <version>20231120</version>
+ <version>20231121</version>
<!-- release is no longer optional -->
<release>0</release>
<productline>Aeon</productline>
++++++ MicroOS.product ++++++
--- /var/tmp/diff_new_pack.b1QfSX/_old 2023-11-22 03:09:12.460495510 +0100
+++ /var/tmp/diff_new_pack.b1QfSX/_new 2023-11-22 03:09:12.464495657 +0100
@@ -6,7 +6,7 @@
<name>MicroOS</name>
<releasepkgname>MicroOS-release</releasepkgname>
<endoflife/>
- <version>20231120</version>
+ <version>20231121</version>
<!-- release is no longer optional -->
<release>0</release>
<productline>MicroOS</productline>
++++++ dvd.group ++++++
--- /var/tmp/diff_new_pack.b1QfSX/_old 2023-11-22 03:09:12.540498455 +0100
+++ /var/tmp/diff_new_pack.b1QfSX/_new 2023-11-22 03:09:12.548498749 +0100
@@ -235,7 +235,7 @@
<package name="busybox-misc" supportstatus="unsupported"/> <!-- reason: dvd:patterns-server-kvm_tools -->
<package name="busybox-psmisc" supportstatus="unsupported"/> <!-- reason: dvd:patterns-yast-yast2_server -->
<package name="busybox-sed" supportstatus="unsupported"/> <!-- reason: dvd:openSUSE-release -->
- <package name="busybox-sendmail" supportstatus="unsupported"/> <!-- reason: dvd:grub2 -->
+ <package name="busybox-sendmail" supportstatus="unsupported"/> <!-- reason: dvd:patterns-yast-yast2_server -->
<package name="busybox-static" supportstatus="unsupported"/> <!-- reason: dvd:patterns-gnome-gnome -->
<package name="busybox-tar" supportstatus="unsupported"/> <!-- reason: dvd:patterns-server-kvm_server -->
<package name="busybox-which" supportstatus="unsupported"/> <!-- reason: dvd:patterns-server-lamp_server -->
@@ -367,7 +367,6 @@
<package name="dracut" supportstatus="unsupported"/> <!-- reason: dvd:patterns-base-console -->
<package name="dracut-transactional-update" supportstatus="unsupported"/> <!-- reason: dvd:patterns-base-transactional_base -->
<package name="drbd" supportstatus="unsupported"/> <!-- reason: common_locks:expansion -->
- <package name="drbd-kmp-default" supportstatus="unsupported"/> <!-- reason: common_locks:expansion -->
<package name="drbd-utils" supportstatus="unsupported"/> <!-- reason: common_locks:expansion -->
<package name="drkonqi5" supportstatus="unsupported"/> <!-- reason: dvd:patterns-kde-kde -->
<package name="drkonqi5-lang" supportstatus="unsupported"/> <!-- reason: dvd:patterns-kde-kde -->
@@ -1005,7 +1004,6 @@
<package name="kernel-firmware-network" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_cd_core -->
<package name="kernel-firmware-nfp" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_cd_core -->
<package name="kernel-firmware-nvidia" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_cd_core -->
- <package name="kernel-firmware-nvidia-gspx-G06" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_dvd -->
<package name="kernel-firmware-platform" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_cd_core -->
<package name="kernel-firmware-prestera" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_cd_core -->
<package name="kernel-firmware-qcom" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_cd_core -->
@@ -2311,7 +2309,7 @@
<package name="libnma-gtk4-0" supportstatus="unsupported"/> <!-- reason: dvd:patterns-gnome-gnome -->
<package name="libnma-lang" supportstatus="unsupported"/> <!-- reason: dvd:patterns-gnome-gnome -->
<package name="libnma0" supportstatus="unsupported"/> <!-- reason: dvd:patterns-gnome-gnome -->
- <package name="libnotify-tools" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_cd_core -->
+ <package name="libnotify-tools" supportstatus="unsupported"/> <!-- reason: dvd:patterns-xfce-xfce -->
<package name="libnotify4" supportstatus="unsupported"/> <!-- reason: dvd:openSUSE-release -->
<package name="libnpth0" supportstatus="unsupported"/> <!-- reason: dvd:openSUSE-release -->
<package name="libnscd1" supportstatus="unsupported"/> <!-- reason: dvd:patterns-gnome-gnome -->
@@ -3059,7 +3057,6 @@
<package name="ntfsprogs" supportstatus="unsupported"/> <!-- reason: dvd:patterns-base-console -->
<package name="numactl" supportstatus="unsupported"/> <!-- reason: dvd:patterns-base-console -->
<package name="numlockx" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_cd_core -->
- <package name="nvidia-open-driver-G06-signed-kmp-default" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_dvd -->
<package name="nvme-cli" supportstatus="unsupported"/> <!-- reason: dvd:nvme-cli -->
<package name="nvme-cli-bash-completion" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_dvd -->
<package name="obex-data-server" supportstatus="unsupported"/> <!-- reason: dvd:patterns-xfce-xfce -->
@@ -4015,6 +4012,7 @@
<package name="ruby3.2-rubygem-version_gem" supportstatus="unsupported"/> <!-- reason: common_locks:expansion -->
<package name="ruby3.2-rubygem-virtus" supportstatus="unsupported"/> <!-- reason: common_locks:expansion -->
<package name="ruby3.2-rubygem-warden" supportstatus="unsupported"/> <!-- reason: common_locks:expansion -->
+ <package name="ruby3.2-rubygem-webmock" supportstatus="unsupported"/> <!-- reason: common_locks:expansion -->
<package name="ruby3.2-rubygem-webrick" supportstatus="unsupported"/> <!-- reason: common_locks:expansion -->
<package name="ruby3.2-rubygem-websocket" supportstatus="unsupported"/> <!-- reason: common_locks:expansion -->
<package name="ruby3.2-rubygem-websocket-driver" supportstatus="unsupported"/> <!-- reason: common_locks:expansion -->
@@ -4420,8 +4418,6 @@
<package name="virt-viewer" supportstatus="unsupported"/> <!-- reason: dvd:patterns-server-kvm_tools -->
<package name="virt-what" supportstatus="unsupported"/> <!-- reason: dvd:patterns-base-console -->
<package name="virtiofsd" supportstatus="unsupported"/> <!-- reason: dvd:patterns-server-kvm_server -->
- <package name="virtualbox-guest-tools" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_cd_core -->
- <package name="virtualbox-kmp-default" supportstatus="unsupported"/> <!-- reason: dvd:patterns-media-rest_cd_core -->
<package name="vlan" supportstatus="unsupported"/> <!-- reason: dvd:patterns-base-console -->
<package name="vlc" supportstatus="unsupported"/> <!-- reason: dvd:patterns-kde-kde_multimedia -->
<package name="vlc-codec-gstreamer" supportstatus="unsupported"/> <!-- reason: dvd:patterns-kde-kde_multimedia -->
@@ -4807,6 +4803,8 @@
</group>
<group name="dvd.x86_64">
<conditional name="only_x86_64"/>
- <packagelist relationship="recommends"/>
+ <packagelist relationship="recommends">
+ <!-- virtualbox-guest-tools uninstallable: nothing provides kernel-uname-r = 6.6.1-1-default needed by virtualbox-kmp-default-7.0.12_k6.6.1_1-2.2.x86_64-->
+ </packagelist>
</group>
++++++ openSUSE-Addon-NonOss.product ++++++
--- /var/tmp/diff_new_pack.b1QfSX/_old 2023-11-22 03:09:12.564499338 +0100
+++ /var/tmp/diff_new_pack.b1QfSX/_new 2023-11-22 03:09:12.568499485 +0100
@@ -4,7 +4,7 @@
<product>
<vendor>openSUSE</vendor>
<name>openSUSE-Addon-NonOss</name>
- <version>20231120</version>
+ <version>20231121</version>
<release>0</release>
<summary>openSUSE NonOSS Addon</summary>
<shortsummary>non oss addon</shortsummary>
++++++ openSUSE.product ++++++
--- /var/tmp/diff_new_pack.b1QfSX/_old 2023-11-22 03:09:12.584500074 +0100
+++ /var/tmp/diff_new_pack.b1QfSX/_new 2023-11-22 03:09:12.588500222 +0100
@@ -4,7 +4,7 @@
<product>
<vendor>openSUSE</vendor>
<name>openSUSE</name>
- <version>20231120</version>
+ <version>20231121</version>
<release>0</release>
<productline>openSUSE</productline>
++++++ opensuse_microos.group ++++++
--- /var/tmp/diff_new_pack.b1QfSX/_old 2023-11-22 03:09:12.632501841 +0100
+++ /var/tmp/diff_new_pack.b1QfSX/_new 2023-11-22 03:09:12.636501989 +0100
@@ -156,7 +156,6 @@
<package name="busybox-gzip" supportstatus="unsupported"/> <!-- reason: opensuse_microos:MicroOS-release -->
<package name="busybox-hostname" supportstatus="unsupported"/> <!-- reason: opensuse_microos:patterns-microos-base -->
<package name="busybox-sed" supportstatus="unsupported"/> <!-- reason: opensuse_microos:MicroOS-release -->
- <package name="busybox-sendmail" supportstatus="unsupported"/> <!-- reason: opensuse_microos:patterns-microos-base -->
<package name="busybox-static" supportstatus="unsupported"/> <!-- reason: opensuse_microos_desktop:patterns-microos-desktop-kde -->
<package name="busybox-which" supportstatus="unsupported"/> <!-- reason: opensuse_microos:patterns-microos-base -->
<package name="busybox-xz" supportstatus="unsupported"/> <!-- reason: opensuse_microos:MicroOS-release -->
@@ -286,7 +285,7 @@
<package name="drkonqi5-lang" supportstatus="unsupported"/> <!-- reason: opensuse_microos_desktop:patterns-microos-desktop-kde -->
<package name="dump-rmt" supportstatus="unsupported"/> <!-- reason: opensuse_microos:MicroOS-release -->
<package name="e2fsprogs" supportstatus="unsupported"/> <!-- reason: opensuse_microos:patterns-microos-base -->
- <package name="ed" supportstatus="unsupported"/> <!-- reason: opensuse_microos_desktop:patterns-microos-desktop-kde -->
+ <package name="ed" supportstatus="unsupported"/> <!-- reason: opensuse_microos_desktop:patterns-microos-desktop-gnome -->
<package name="edict-eucjp" supportstatus="unsupported"/> <!-- reason: opensuse_microos:MicroOS-release -->
<package name="edict2" supportstatus="unsupported"/> <!-- reason: opensuse_microos:MicroOS-release -->
<package name="efibootmgr" supportstatus="unsupported"/> <!-- reason: opensuse_microos:patterns-microos-onlyDVD -->
@@ -2338,7 +2337,7 @@
<package name="poppler-data" supportstatus="unsupported"/> <!-- reason: opensuse_microos:MicroOS-release -->
<package name="poppler-tools" supportstatus="unsupported"/> <!-- reason: opensuse_microos_desktop:patterns-microos-desktop-kde -->
<package name="popt-lang" supportstatus="unsupported"/> <!-- reason: opensuse_microos:MicroOS-release -->
- <package name="postfix" supportstatus="unsupported"/> <!-- reason: opensuse_microos_desktop:patterns-microos-desktop-kde -->
+ <package name="postfix" supportstatus="unsupported"/> <!-- reason: opensuse_microos_desktop:patterns-microos-desktop-gnome -->
<package name="power-profiles-daemon" supportstatus="unsupported"/> <!-- reason: opensuse_microos_desktop:patterns-microos-desktop-kde -->
<package name="powerdevil5" supportstatus="unsupported"/> <!-- reason: opensuse_microos_desktop:patterns-microos-desktop-kde -->
<package name="powerdevil5-lang" supportstatus="unsupported"/> <!-- reason: opensuse_microos_desktop:patterns-microos-desktop-kde -->
@@ -2632,7 +2631,7 @@
<package name="system-user-daemon" supportstatus="unsupported"/> <!-- reason: opensuse_microos_desktop:patterns-microos-desktop-kde -->
<package name="system-user-flatpak" supportstatus="unsupported"/> <!-- reason: opensuse_microos_desktop:patterns-microos-desktop-kde -->
<package name="system-user-lp" supportstatus="unsupported"/> <!-- reason: opensuse_microos:MicroOS-release -->
- <package name="system-user-mail" supportstatus="unsupported"/> <!-- reason: opensuse_microos_desktop:patterns-microos-desktop-kde -->
+ <package name="system-user-mail" supportstatus="unsupported"/> <!-- reason: opensuse_microos_desktop:patterns-microos-desktop-gnome -->
<package name="system-user-man" supportstatus="unsupported"/> <!-- reason: opensuse_microos_desktop:patterns-microos-desktop-kde -->
<package name="system-user-nobody" supportstatus="unsupported"/> <!-- reason: opensuse_microos:patterns-microos-base -->
<package name="system-user-pulse" supportstatus="unsupported"/> <!-- reason: opensuse_microos_desktop:patterns-microos-desktop-gnome -->
++++++ unsorted.yml ++++++
--- /var/tmp/diff_new_pack.b1QfSX/_old 2023-11-22 03:09:12.684503755 +0100
+++ /var/tmp/diff_new_pack.b1QfSX/_new 2023-11-22 03:09:12.692504050 +0100
@@ -808,6 +808,9 @@
- arch-install-scripts
- archivemount
- ardour
+ - argocd-cli
+ - argocd-cli-bash-completion
+ - argocd-cli-zsh-completion
- argon2
- argon2-devel
- argon2-doc
@@ -2713,6 +2716,7 @@
- ctdb
- ctdb-pcp-pmda
- ctop
+ - ctre-devel
- ctris
- cttop
- cuarzo-srm-devel
@@ -3224,6 +3228,7 @@
- drawing
- drawing-lang
- drbd-formula
+ - drbd-kmp-default
- drc
- drc-doc
- driverctl
@@ -8932,6 +8937,7 @@
- kernel-docs-html
- kernel-firmware
- kernel-firmware-nvidia-gsp-G06
+ - kernel-firmware-nvidia-gspx-G06
- kernel-install-tools
- kernel-kvmsmall
- kernel-kvmsmall-devel
@@ -13339,8 +13345,13 @@
- libnftnl-devel
- libnghttp2-14-32bit
- libnghttp2-devel
+ - libnghttp3-9
+ - libnghttp3-devel
- libngspice-devel
- libngspice0
+ - libngtcp2-16
+ - libngtcp2-devel
+ - libngtcp2_crypto_gnutls8
- libnice
- libnice-devel
- libnice10-32bit
@@ -15270,6 +15281,9 @@
- libvdpau_virtio_gpu
- libvdpau_virtio_gpu-32bit
- libverdict1_4
+ - libversion
+ - libversion-devel
+ - libversion1
- libverto-devel
- libverto-devel-32bit
- libverto-glib-devel
@@ -18456,6 +18470,7 @@
- nut-drivers-net
- nvdock
- nvidia-open-driver-G06-signed-default-devel
+ - nvidia-open-driver-G06-signed-kmp-default
- nvidia-texture-tools
- nvimpager
- nvimpager-zsh-completion
@@ -23484,7 +23499,6 @@
- python310-csvkit
- python310-cu2qu
- python310-cufflinks
- - python310-curio
- python310-curlylint
- python310-curses
- python310-curtsies
@@ -24946,7 +24960,6 @@
- python310-pygn
- python310-pygraphviz
- python310-pyhcl
- - python310-pyheif
- python310-pyhibp
- python310-pyicumessageformat
- python310-pyinotify
@@ -26951,7 +26964,6 @@
- python311-csvkit
- python311-cu2qu
- python311-cufflinks
- - python311-curio
- python311-curlylint
- python311-curtsies
- python311-cwcwidth
@@ -28330,7 +28342,6 @@
- python311-pygn
- python311-pygraphviz
- python311-pyhcl
- - python311-pyheif
- python311-pyhibp
- python311-pyicumessageformat
- python311-pyinstaller-hooks-contrib
@@ -30359,7 +30370,6 @@
- python39-csvkit
- python39-cu2qu
- python39-cufflinks
- - python39-curio
- python39-curlylint
- python39-curses
- python39-curtsies
@@ -31817,7 +31827,6 @@
- python39-pygn
- python39-pygraphviz
- python39-pyhcl
- - python39-pyheif
- python39-pyhibp
- python39-pyicumessageformat
- python39-pyinotify
@@ -45121,7 +45130,9 @@
- virtualbox-devel
- virtualbox-guest-desktop-icons
- virtualbox-guest-source
+ - virtualbox-guest-tools
- virtualbox-host-source
+ - virtualbox-kmp-default
- virtualbox-qt
- virtualbox-vnc
- virtualbox-websrv
1
0