From b81535020ec70738c8fbac002c0f3346f7a87cc2ce7f5ef5699f169fdee793b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Tue, 25 Feb 2025 17:51:27 +0100 Subject: [PATCH] Sync from SUSE:SLFO:Main disk-encryption-tool revision 918d2e9800b0ed11f5ca0cebe15102b4 --- .gitattributes | 23 +++ _service | 13 ++ _servicedata | 6 + ...ryption-tool-1+git20241112.f83dfa0.obscpio | 3 + disk-encryption-tool.changes | 177 ++++++++++++++++++ disk-encryption-tool.obsinfo | 4 + disk-encryption-tool.spec | 59 ++++++ 7 files changed, 285 insertions(+) create mode 100644 .gitattributes create mode 100644 _service create mode 100644 _servicedata create mode 100644 disk-encryption-tool-1+git20241112.f83dfa0.obscpio create mode 100644 disk-encryption-tool.changes create mode 100644 disk-encryption-tool.obsinfo create mode 100644 disk-encryption-tool.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/_service b/_service new file mode 100644 index 0000000..dd1b941 --- /dev/null +++ b/_service @@ -0,0 +1,13 @@ + + + git + https://github.com/openSUSE/disk-encryption-tool.git + master + 1+git%cd.%h + enable + disk-encryption-tool.spec + + + + + diff --git a/_servicedata b/_servicedata new file mode 100644 index 0000000..50bfa11 --- /dev/null +++ b/_servicedata @@ -0,0 +1,6 @@ + + + https://github.com/lnussel/disk-encryption-tool.git + 702dff62d37b74244b58b41f78b41cd2befe581b + https://github.com/openSUSE/disk-encryption-tool.git + f83dfa0842cb1cb92b25bbb8761fb0b34a55bb65 \ No newline at end of file diff --git a/disk-encryption-tool-1+git20241112.f83dfa0.obscpio b/disk-encryption-tool-1+git20241112.f83dfa0.obscpio new file mode 100644 index 0000000..04f176e --- /dev/null +++ b/disk-encryption-tool-1+git20241112.f83dfa0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4095ad7d30ef000d80618895e580c131046f457e0417d66157cdc035459d61c9 +size 29194 diff --git a/disk-encryption-tool.changes b/disk-encryption-tool.changes new file mode 100644 index 0000000..caf6a9a --- /dev/null +++ b/disk-encryption-tool.changes @@ -0,0 +1,177 @@ +------------------------------------------------------------------- +Tue Nov 12 13:57:19 UTC 2024 - aplanas@suse.com + +- Update to version 1+git20241112.f83dfa0: + * Move enrollment to sdbootutil + +------------------------------------------------------------------- +Thu Nov 07 20:11:14 UTC 2024 - aplanas@suse.com + +- Update to version 1+git20241107.fc90da6: + * Clean enrollment key also in the jeos module + +------------------------------------------------------------------- +Thu Nov 07 19:37:35 UTC 2024 - aplanas@suse.com + +- Update to version 1+git20241107.5a2eef7: + * Clean the enrollment key + * Set crypttab options + * Use sdbootutil to enroll recovery key + * use $tmpdir/mnt instead of /mnt as it's not there in the intird + * Fix variable name + * Reload disk partitions after resize + * Make only rootfs ro + * Remove SLE15 compatibility + * Remove GRUB2 configuration + * Remove image encryption support + * Remove prime support + * Encrypt multiple disks + * CI: Use OVMF image with included variable store + * Revert "CI: workaround for bug#1230912" + +------------------------------------------------------------------- +Thu Oct 10 11:55:17 UTC 2024 - aplanas@suse.com + +- Update to version 1+git20241008.826cb75: + * Revert "Add systemd-repart-dracut.service" + * CI: workaround for bug#1230912 + * Add systemd-repart-dracut.service + +------------------------------------------------------------------- +Tue Aug 27 11:22:29 UTC 2024 - aplanas@suse.com + +- Update to version 1+git20240826.c956112: + * CI: Also provide an ignition config + +------------------------------------------------------------------- +Thu Aug 22 14:22:23 UTC 2024 - aplanas@suse.com + +- Update to version 1+git20240821.f98edd6: + * CI: Pass -cpu host to QEMU + * Fix CI + * Add basic automated testing + * Remove cat of issue file + +------------------------------------------------------------------- +Fri Aug 16 16:03:54 UTC 2024 - aplanas@suse.com + +- Update to version 1+git20240816.42c8565: + * Fix extra arguments in password enrollment + +------------------------------------------------------------------- +Mon Aug 12 12:59:27 UTC 2024 - aplanas@suse.com + +- Update to version 1+git20240812.fd4668d: + * Add %pre(un)/%post(un) calls + +------------------------------------------------------------------- +Mon Aug 12 11:20:56 UTC 2024 - aplanas@suse.com + +- Update to version 1+git20240812.9dc5b0c: + * Create initrd if only enrolled by password + * Add enrollment systemd service + * Add initial component with tpm2+pin + * Rename rd.encrypt credential + * Add 'force' in rd.encrypt creds + * Read the password when resizing + * Add .dir-locals.el + * Revert "Start the module after ignition is done" + * Use sdbootutil enroll + * Start the module after ignition is done + +------------------------------------------------------------------- +Thu Jul 04 06:39:14 UTC 2024 - aplanas@suse.com + +- Update to version 1+git20240704.5a6539c: + * Rename variable to SDB_ADD_INITIAL_COMPONENT + +------------------------------------------------------------------- +Tue Jul 02 07:29:01 UTC 2024 - aplanas@suse.com + +- Update to version 1+git20240702.24fe41e: + * Minor fix in spec file + * Requires qrencode + * Makes luks2_devices global + * Add PCR 8 if GRUB2 is detected + * If keyctl id fails, exit early + * Exit early if no luks2 devices present + +------------------------------------------------------------------- +Thu Mar 28 15:22:41 UTC 2024 - lnussel@suse.com + +- Update to version 1+git20240328.c4935cc: + * Check rd.encrypt systemd credential + * Add support for TPM PIN + * Add support for jeos-config + * Merge jeos module diskencrypt into enroll + * Add editorconfig + * Fix indent + +------------------------------------------------------------------- +Tue Feb 13 16:51:11 UTC 2024 - lnussel@suse.com + +- Update to version 1+git20240213.68c965a: + * Fix pcr-oracle detection logic + * Do not call dracut after encryption + * Use systemd-pcrlock + * Rename generate_key function + * Allow to turn off disk encryption via rd.enrypt + * Turn on messages again + +------------------------------------------------------------------- +Thu Dec 21 15:28:58 UTC 2023 - lnussel@suse.com + +- Update to version 1+git20231221.d2e7fe6: + * Fix setting separate crypt password + +------------------------------------------------------------------- +Wed Dec 20 17:20:08 UTC 2023 - lnussel@suse.com + +- Update to version 1+git20231220.6a5fb7f: + * refactor luks detection + * Tweak combustion deps + * Fix combustion support (boo#1218131) + +------------------------------------------------------------------- +Thu Dec 14 10:05:42 UTC 2023 - lnussel@suse.com + +- Update to version 1+git20231214.1708e01: + * Add ExclusiveArch for 64-bit EFI architectures + * Don't set rw systems ro + +------------------------------------------------------------------- +Wed Dec 13 16:47:45 UTC 2023 - lnussel@suse.com + +- Update to version 1+git20231213.cfe4cb3: + * Drop the second wipe + * Comment where to find the PCRs later + * Drop pcr-oracle RSA PEM parameter + * Include PCR#9 in the predictions + * Drop TPM2 from cryptab + +------------------------------------------------------------------- +Mon Dec 11 07:46:39 UTC 2023 - lnussel@suse.com + +- Update to version 1+git20231130.dac7e54: + * Silence shellcheck + * Drop TPM2 from crypttab + +------------------------------------------------------------------- +Wed Nov 29 13:55:58 UTC 2023 - lnussel@suse.com + +- Update to version 1+git20231129.5fb1e1a: + * Require tpm2.0-tools + * FIDO2 and TPM2 dialog improvements + * Fix yesno dialog call o_O + * Fix partition resizing on first boot + * Add jeos-firstboot-enroll + * Requires pcr-enroll + * Store generated key as 'cryptenroll' keyring + * Update README + * Require keyutils + * Rename to disk-encryption-tool + +------------------------------------------------------------------- +Tue Nov 14 16:08:10 UTC 2023 - Ludwig Nussel + +- initial package diff --git a/disk-encryption-tool.obsinfo b/disk-encryption-tool.obsinfo new file mode 100644 index 0000000..0cc53e3 --- /dev/null +++ b/disk-encryption-tool.obsinfo @@ -0,0 +1,4 @@ +name: disk-encryption-tool +version: 1+git20241112.f83dfa0 +mtime: 1731419772 +commit: f83dfa0842cb1cb92b25bbb8761fb0b34a55bb65 diff --git a/disk-encryption-tool.spec b/disk-encryption-tool.spec new file mode 100644 index 0000000..5e99a0c --- /dev/null +++ b/disk-encryption-tool.spec @@ -0,0 +1,59 @@ +# +# spec file for package disk-encryption-tool +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# +# icecream 0 + + +Name: disk-encryption-tool +Version: 1+git20241112.f83dfa0 +Release: 0 +Summary: Tool to reencrypt kiwi raw images +License: MIT +URL: https://github.com/openSUSE/disk-encryption-tool +Source: disk-encryption-tool-%{version}.tar +Requires: cryptsetup +Requires: keyutils +ExclusiveArch: aarch64 ppc64le riscv64 x86_64 +BuildArch: noarch + +%description +Convert a plain text kiwi image into one with LUKS full disk +encryption. Supports both raw and qcow2 images. It assumes that the +third partition is the root fs using btrfs. +After encrypting the disk, the fs is mounted and a new initrd +created as well as the grub2 config adjusted. + +%prep +%setup -q + +%build + +%install +mkdir -p %buildroot/usr/lib/dracut/modules.d/95disk-encryption-tool +for i in disk-encryption-tool{,-dracut,-dracut.service} module-setup.sh; do + cp "$i" %buildroot/usr/lib/dracut/modules.d/95disk-encryption-tool/"$i" +done +mkdir -p %buildroot/usr/bin +ln -s ../lib/dracut/modules.d/95disk-encryption-tool/disk-encryption-tool %buildroot/usr/bin + +%files +%license LICENSE +/usr/bin/disk-encryption-tool +%dir /usr/lib/dracut +%dir /usr/lib/dracut/modules.d +/usr/lib/dracut/modules.d/95disk-encryption-tool + +%changelog