Sync from SUSE:ALP:Source:Standard:1.0 pcr-oracle revision 3b3073123ee846cf76d8ce2104a8b194

2023-11-14 13:46:31 +01:00 · 2023-11-14 13:46:31 +01:00 · f47711ca2b
commit f47711ca2b
6 changed files with 1284 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/17
+++ b/17
@ -0,0 +1,17 @@
+<!-- See https://en.opensuse.org/openSUSE:Build_Service_Concept_SourceService -->
+<!-- for more details on the syntax -->
+
+<services>
+	<service name="tar_scm" mode="disabled">
+		<param name="scm">git</param>
+		<param name="url">https://github.com/okirch/pcr-oracle.git</param>
+		<param name="filename">pcr-oracle</param>
+		<param name="versionformat">@PARENT_TAG@</param>
+		<param name="revision">refs/tags/0.4.6</param>
+	</service>
+	<service name="recompress" mode="disabled">
+		 <param name="file">pcr-oracle*.tar</param>
+		 <param name="compression">xz</param>
+	</service>
+	<service mode="disabled" name="set_version" />
+</services>
--- a/pcr-oracle-0.4.6.tar.xz
+++ b/pcr-oracle-0.4.6.tar.xz
--- a/pcr-oracle.changes
+++ b/pcr-oracle.changes
@ -0,0 +1,89 @@
+-------------------------------------------------------------------
+Thu Oct 19 11:01:10 UTC 2023 - Alberto Planas Dominguez <aplanas@suse.com>
+
+- Add systemd-boot.patch to support systemd-cryptenroll JSON files
+
+-------------------------------------------------------------------
+Wed Jul 26 14:06:43 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
+
+- Add libtss2-tcti-device0 as the default TCTI interface to avoid
+  the following error:
+  Esys_Initialize() Initialize default tcti. ErrorCode (0x000a000a) 
+
+-------------------------------------------------------------------
+Tue Jul  4 07:44:10 UTC 2023 - Olaf Kirch <okir@suse.com>
+
+- Added a _service file
+- BuildRequire libopenssl-devel rather than openssl
+- Updated to version 0.4.6:
+  - recognize SOURCE_DATE_EPOCH for reproducible builds
+  - Remove authorized policy file from the unseal action
+  - Unseal the data without calling __pcr_policy_make()
+  - Skip the variable event with 0 length (#26)
+  - Add the new parameter: policy-name (#27)
+  - Skip the leading operators when matching grub2 commands (#28)
+  - microconf change: force rebuilding the sed script
+
+-------------------------------------------------------------------
+Mon Jun  5 07:45:13 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
+
+- Update to version 0.4.5
+  - update manpage to reflect added support of unseal w/ tpm2.0 key
+    format
+  - Implement unseal for TPM 2.0 Key File
+  - Update manpage to describe the new key-format switch
+  - Add TPM 2.0 Key File support to 'seal-secret' and 'sign'
+  - Add comment to SRK template regarding NODA flag.
+  - pcr-oracle.8: add a section on pcr policy sealing
+  - Add self-test subcommand to pcr-oracle
+  - Rename __tss_check_error -> tss_check_error
+  - Moved two tss related functions to a file of their own
+  - Add test-pcr.sh script
+  - Use the same SRK template as the one in grub2
+  - Implement seal/unseal using a regular PCR policy
+  - When displaying the DevicePath, print ACPI PNP ids
+  - Handle failure to read EFI variables more gracefully
+  - Gracefully handle AUTHORITY events for eg driver BSAs that
+    reside in ROM
+  - efi-variable rehash: break out the code to detect how the
+    firmware hashed the event
+
+-------------------------------------------------------------------
+Thu Jun  1 07:07:04 UTC 2023 - Marcus Meissner <meissner@suse.com>
+
+- build with optflags, remove unneeded clean section, macro bindir
+
+-------------------------------------------------------------------
+Mon Jan 16 08:52:50 UTC 2023 - Olaf Kirch <okir@suse.com>
+
+- Updated to version 0.4.2
+
+-------------------------------------------------------------------
+Thu Jan  5 13:54:40 UTC 2023 - Michal Suchanek <msuchanek@suse.com>
+
+- Fix project URL
+
+-------------------------------------------------------------------
+Wed Jan  4 11:50:54 UTC 2023 - Olaf Kirch <okir@suse.com>
+
+- add --rsa-generate-key option
+
+-------------------------------------------------------------------
+Tue Jan  3 15:00:08 UTC 2023 - Olaf Kirch <okir@suse.com>
+
+- Updated to version 0.4.1:
+   - disable debug messages from authenticode PECOFF parser
+   - add --tpm-eventlog option
+   - add manpage
+
+-------------------------------------------------------------------
+Mon Jan  2 16:36:29 UTC 2023 - Olaf Kirch <okir@suse.com>
+
+- Updated to version 0.4:
+   - drop the dependency on tss2 fapi
+   - introduce authorized policies
+
+-------------------------------------------------------------------
+Tue Nov  8 11:18:07 UTC 2022 - Olaf Kirch <okir@suse.com>
+
+- Establish pcr-oracle as standalone package, apart from fde-tools
--- a/pcr-oracle.spec
+++ b/pcr-oracle.spec
@ -0,0 +1,61 @@
+#
+# spec file for package pcr-oracle
+#
+# Copyright (c) 2023 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+# needssslcertforbuild
+
+
+Name:           pcr-oracle
+Version:        0.4.6
+Release:        0
+Summary:        Predict TPM PCR values
+License:        GPL-2.0-only
+Group:          System/Boot
+URL:            https://github.com/okirch/pcr-oracle
+Source:         %{name}-%{version}.tar.xz
+# PATCH-FEATURE-UPSTREAM systemd-boot.patch gh#okirch/pcr-oracle#31
+Patch01:        systemd-boot.patch
+BuildRequires:  libopenssl-devel >= 0.9.8
+BuildRequires:  tpm2-0-tss-devel
+Requires:       libtss2-tcti-device0
+ExclusiveArch:  x86_64 aarch64 ppc64le riscv64
+
+%description
+This utility tries to predict the values of the TPM's Platform
+Configuration Registers following an update of system components
+like shim, grub, etc.
+
+%prep
+%autosetup -p1
+
+%build
+# beware, this is not autoconf
+./configure --prefix /usr
+make CCOPT="%optflags"
+
+%install
+make install DESTDIR=%{buildroot}
+install -d %{buildroot}/%{_bindir}
+mv %{buildroot}/bin/pcr-oracle %{buildroot}/%{_bindir}
+rmdir %{buildroot}/bin
+
+%files
+%defattr(-,root,root)
+%doc README.md
+%doc test-authorized.sh
+%{_bindir}/pcr-oracle
+%{_mandir}/man8/pcr-oracle.8*
+
+%changelog
--- a/systemd-boot.patch
+++ b/systemd-boot.patch