Sync from SUSE:SLFO:Main disk-encryption-tool revision 918d2e9800b0ed11f5ca0cebe15102b4

2025-02-25 17:51:27 +01:00 · 2025-02-25 17:51:27 +01:00 · b81535020e
commit b81535020e
7 changed files with 285 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/13
+++ b/13
@ -0,0 +1,13 @@
+<services>
+  <service name="obs_scm" mode="manual">
+    <param name="scm">git</param>
+    <param name="url">https://github.com/openSUSE/disk-encryption-tool.git</param>
+    <param name="revision">master</param>
+    <param name="versionformat">1+git%cd.%h</param>
+    <param name="changesgenerate">enable</param>
+    <param name="extract">disk-encryption-tool.spec</param>
+  </service>
+  <service name="set_version" mode="manual"/>
+  <service name="tar" mode="buildtime"/>
+</services>
+
--- a/6
+++ b/6
@ -0,0 +1,6 @@
+<servicedata>
+<service name="tar_scm">
+                <param name="url">https://github.com/lnussel/disk-encryption-tool.git</param>
+              <param name="changesrevision">702dff62d37b74244b58b41f78b41cd2befe581b</param></service><service name="tar_scm">
+                <param name="url">https://github.com/openSUSE/disk-encryption-tool.git</param>
+              <param name="changesrevision">f83dfa0842cb1cb92b25bbb8761fb0b34a55bb65</param></service></servicedata>
--- a/disk-encryption-tool-1+git20241112.f83dfa0.obscpio
+++ b/disk-encryption-tool-1+git20241112.f83dfa0.obscpio
--- a/disk-encryption-tool.changes
+++ b/disk-encryption-tool.changes
@ -0,0 +1,177 @@
+-------------------------------------------------------------------
+Tue Nov 12 13:57:19 UTC 2024 - aplanas@suse.com
+
+- Update to version 1+git20241112.f83dfa0:
+  * Move enrollment to sdbootutil
+
+-------------------------------------------------------------------
+Thu Nov 07 20:11:14 UTC 2024 - aplanas@suse.com
+
+- Update to version 1+git20241107.fc90da6:
+  * Clean enrollment key also in the jeos module
+
+-------------------------------------------------------------------
+Thu Nov 07 19:37:35 UTC 2024 - aplanas@suse.com
+
+- Update to version 1+git20241107.5a2eef7:
+  * Clean the enrollment key
+  * Set crypttab options
+  * Use sdbootutil to enroll recovery key
+  * use $tmpdir/mnt instead of /mnt as it's not there in the intird
+  * Fix variable name
+  * Reload disk partitions after resize
+  * Make only rootfs ro
+  * Remove SLE15 compatibility
+  * Remove GRUB2 configuration
+  * Remove image encryption support
+  * Remove prime support
+  * Encrypt multiple disks
+  * CI: Use OVMF image with included variable store
+  * Revert "CI: workaround for bug#1230912"
+
+-------------------------------------------------------------------
+Thu Oct 10 11:55:17 UTC 2024 - aplanas@suse.com
+
+- Update to version 1+git20241008.826cb75:
+  * Revert "Add systemd-repart-dracut.service"
+  * CI: workaround for bug#1230912
+  * Add systemd-repart-dracut.service
+
+-------------------------------------------------------------------
+Tue Aug 27 11:22:29 UTC 2024 - aplanas@suse.com
+
+- Update to version 1+git20240826.c956112:
+  * CI: Also provide an ignition config
+
+-------------------------------------------------------------------
+Thu Aug 22 14:22:23 UTC 2024 - aplanas@suse.com
+
+- Update to version 1+git20240821.f98edd6:
+  * CI: Pass -cpu host to QEMU
+  * Fix CI
+  * Add basic automated testing
+  * Remove cat of issue file
+
+-------------------------------------------------------------------
+Fri Aug 16 16:03:54 UTC 2024 - aplanas@suse.com
+
+- Update to version 1+git20240816.42c8565:
+  * Fix extra arguments in password enrollment
+
+-------------------------------------------------------------------
+Mon Aug 12 12:59:27 UTC 2024 - aplanas@suse.com
+
+- Update to version 1+git20240812.fd4668d:
+  * Add %pre(un)/%post(un) calls
+
+-------------------------------------------------------------------
+Mon Aug 12 11:20:56 UTC 2024 - aplanas@suse.com
+
+- Update to version 1+git20240812.9dc5b0c:
+  * Create initrd if only enrolled by password
+  * Add enrollment systemd service
+  * Add initial component with tpm2+pin
+  * Rename rd.encrypt credential
+  * Add 'force' in rd.encrypt creds
+  * Read the password when resizing
+  * Add .dir-locals.el
+  * Revert "Start the module after ignition is done"
+  * Use sdbootutil enroll
+  * Start the module after ignition is done
+
+-------------------------------------------------------------------
+Thu Jul 04 06:39:14 UTC 2024 - aplanas@suse.com
+
+- Update to version 1+git20240704.5a6539c:
+  * Rename variable to SDB_ADD_INITIAL_COMPONENT
+
+-------------------------------------------------------------------
+Tue Jul 02 07:29:01 UTC 2024 - aplanas@suse.com
+
+- Update to version 1+git20240702.24fe41e:
+  * Minor fix in spec file
+  * Requires qrencode
+  * Makes luks2_devices global
+  * Add PCR 8 if GRUB2 is detected
+  * If keyctl id fails, exit early
+  * Exit early if no luks2 devices present
+
+-------------------------------------------------------------------
+Thu Mar 28 15:22:41 UTC 2024 - lnussel@suse.com
+
+- Update to version 1+git20240328.c4935cc:
+  * Check rd.encrypt systemd credential
+  * Add support for TPM PIN
+  * Add support for jeos-config
+  * Merge jeos module diskencrypt into enroll
+  * Add editorconfig
+  * Fix indent
+
+-------------------------------------------------------------------
+Tue Feb 13 16:51:11 UTC 2024 - lnussel@suse.com
+
+- Update to version 1+git20240213.68c965a:
+  * Fix pcr-oracle detection logic
+  * Do not call dracut after encryption
+  * Use systemd-pcrlock
+  * Rename generate_key function
+  * Allow to turn off disk encryption via rd.enrypt
+  * Turn on messages again
+
+-------------------------------------------------------------------
+Thu Dec 21 15:28:58 UTC 2023 - lnussel@suse.com
+
+- Update to version 1+git20231221.d2e7fe6:
+  * Fix setting separate crypt password
+
+-------------------------------------------------------------------
+Wed Dec 20 17:20:08 UTC 2023 - lnussel@suse.com
+
+- Update to version 1+git20231220.6a5fb7f:
+  * refactor luks detection
+  * Tweak combustion deps
+  * Fix combustion support (boo#1218131)
+
+-------------------------------------------------------------------
+Thu Dec 14 10:05:42 UTC 2023 - lnussel@suse.com
+
+- Update to version 1+git20231214.1708e01:
+  * Add ExclusiveArch for 64-bit EFI architectures
+  * Don't set rw systems ro
+
+-------------------------------------------------------------------
+Wed Dec 13 16:47:45 UTC 2023 - lnussel@suse.com
+
+- Update to version 1+git20231213.cfe4cb3:
+  * Drop the second wipe
+  * Comment where to find the PCRs later
+  * Drop pcr-oracle RSA PEM parameter
+  * Include PCR#9 in the predictions
+  * Drop TPM2 from cryptab
+
+-------------------------------------------------------------------
+Mon Dec 11 07:46:39 UTC 2023 - lnussel@suse.com
+
+- Update to version 1+git20231130.dac7e54:
+  * Silence shellcheck
+  * Drop TPM2 from crypttab
+
+-------------------------------------------------------------------
+Wed Nov 29 13:55:58 UTC 2023 - lnussel@suse.com
+
+- Update to version 1+git20231129.5fb1e1a:
+  * Require tpm2.0-tools
+  * FIDO2 and TPM2 dialog improvements
+  * Fix yesno dialog call o_O
+  * Fix partition resizing on first boot
+  * Add jeos-firstboot-enroll
+  * Requires pcr-enroll
+  * Store generated key as 'cryptenroll' keyring
+  * Update README
+  * Require keyutils
+  * Rename to disk-encryption-tool
+
+-------------------------------------------------------------------
+Tue Nov 14 16:08:10 UTC 2023 - Ludwig Nussel <lnussel@suse.com>
+
+- initial package
--- a/disk-encryption-tool.obsinfo
+++ b/disk-encryption-tool.obsinfo
@ -0,0 +1,4 @@
+name: disk-encryption-tool
+version: 1+git20241112.f83dfa0
+mtime: 1731419772
+commit: f83dfa0842cb1cb92b25bbb8761fb0b34a55bb65
--- a/disk-encryption-tool.spec
+++ b/disk-encryption-tool.spec
@ -0,0 +1,59 @@
+#
+# spec file for package disk-encryption-tool
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+# icecream 0
+
+
+Name:           disk-encryption-tool
+Version:        1+git20241112.f83dfa0
+Release:        0
+Summary:        Tool to reencrypt kiwi raw images
+License:        MIT
+URL:            https://github.com/openSUSE/disk-encryption-tool
+Source:         disk-encryption-tool-%{version}.tar
+Requires:       cryptsetup
+Requires:       keyutils
+ExclusiveArch:  aarch64 ppc64le riscv64 x86_64
+BuildArch:      noarch
+
+%description
+Convert a plain text kiwi image into one with LUKS full disk
+encryption. Supports both raw and qcow2 images. It assumes that the
+third partition is the root fs using btrfs.
+After encrypting the disk, the fs is mounted and a new initrd
+created as well as the grub2 config adjusted.
+
+%prep
+%setup -q
+
+%build
+
+%install
+mkdir -p %buildroot/usr/lib/dracut/modules.d/95disk-encryption-tool
+for i in disk-encryption-tool{,-dracut,-dracut.service} module-setup.sh; do
+  cp "$i" %buildroot/usr/lib/dracut/modules.d/95disk-encryption-tool/"$i"
+done
+mkdir -p %buildroot/usr/bin
+ln -s ../lib/dracut/modules.d/95disk-encryption-tool/disk-encryption-tool %buildroot/usr/bin
+
+%files
+%license LICENSE
+/usr/bin/disk-encryption-tool
+%dir /usr/lib/dracut
+%dir /usr/lib/dracut/modules.d
+/usr/lib/dracut/modules.d/95disk-encryption-tool
+
+%changelog