From 27a098f766bee51aa9901d0d6d4a3c71d3baf078ebf8c49579e943ed2df2691b Mon Sep 17 00:00:00 2001 From: Alberto Planas Dominguez Date: Tue, 17 Dec 2024 09:57:38 +0000 Subject: [PATCH 1/2] - Update to version 0.5+1: * Make the mount do not depend of default service OBS-URL: https://build.opensuse.org/package/show/devel:microos/dracut-pcr-signature?expand=0&rev=26 --- .gitattributes | 23 ++++++++ .gitignore | 1 + _service | 17 ++++++ _servicedata | 4 ++ dracut-pcr-signature-0.4+0.tar.xz | 3 + dracut-pcr-signature-0.4+2.tar.xz | 3 + dracut-pcr-signature-0.5+0.tar.xz | 3 + dracut-pcr-signature.changes | 93 +++++++++++++++++++++++++++++++ dracut-pcr-signature.spec | 64 +++++++++++++++++++++ 9 files changed, 211 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 _service create mode 100644 _servicedata create mode 100644 dracut-pcr-signature-0.4+0.tar.xz create mode 100644 dracut-pcr-signature-0.4+2.tar.xz create mode 100644 dracut-pcr-signature-0.5+0.tar.xz create mode 100644 dracut-pcr-signature.changes create mode 100644 dracut-pcr-signature.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_service b/_service new file mode 100644 index 0000000..4ab0712 --- /dev/null +++ b/_service @@ -0,0 +1,17 @@ + + + + git + https://github.com/aplanas/dracut-pcr-signature.git + main + @PARENT_TAG@+@TAG_OFFSET@ + v(.*) + enable + dracut-pcr-signature.spec + + + xz + *.tar + + + diff --git a/_servicedata b/_servicedata new file mode 100644 index 0000000..21e9a1d --- /dev/null +++ b/_servicedata @@ -0,0 +1,4 @@ + + + https://github.com/aplanas/dracut-pcr-signature.git + 9b0e552451921068dd81fff3184c1dccbe2a905a \ No newline at end of file diff --git a/dracut-pcr-signature-0.4+0.tar.xz b/dracut-pcr-signature-0.4+0.tar.xz new file mode 100644 index 0000000..739b16c --- /dev/null +++ b/dracut-pcr-signature-0.4+0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:771a8ea29ed9eab9140114868d4c709989687376c8a7145aa22bbd6642929181 +size 8400 diff --git a/dracut-pcr-signature-0.4+2.tar.xz b/dracut-pcr-signature-0.4+2.tar.xz new file mode 100644 index 0000000..357c12f --- /dev/null +++ b/dracut-pcr-signature-0.4+2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8981075a7fdbf011e50511a1247598dc6362f5abc806fb1e1d4d366cae364df3 +size 8348 diff --git a/dracut-pcr-signature-0.5+0.tar.xz b/dracut-pcr-signature-0.5+0.tar.xz new file mode 100644 index 0000000..1506e2a --- /dev/null +++ b/dracut-pcr-signature-0.5+0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:13afef632a38aa91c5cd2ef765f3e4a1b02052ad371689b7da1a52e91b327d0f +size 8620 diff --git a/dracut-pcr-signature.changes b/dracut-pcr-signature.changes new file mode 100644 index 0000000..880c599 --- /dev/null +++ b/dracut-pcr-signature.changes @@ -0,0 +1,93 @@ +------------------------------------------------------------------- +Tue Dec 17 09:56:49 UTC 2024 - aplanas@suse.com + +- Update to version 0.5+1: + * Make the mount do not depend of default service + +------------------------------------------------------------------- +Thu Oct 31 09:37:56 UTC 2024 - aplanas@suse.com + +- Update to version 0.5+0: + * Normalize spec file + * Use a generator to mount ESP + * Avoid race condition when multiple disks are encrypted + +------------------------------------------------------------------- +Mon Oct 07 14:52:41 UTC 2024 - aplanas@suse.com + +- Update to version 0.4+2: + * Synchronize spec file + * Copy JSON file in /run to survive initrd + +------------------------------------------------------------------- +Thu May 30 08:45:40 UTC 2024 - Alberto Planas Dominguez + +- Update to version 0.4: + + No new features, tagged on 0.3+6 +- Remove GRUB2 conflict + +------------------------------------------------------------------- +Mon May 13 20:42:01 UTC 2024 - Alberto Planas Dominguez + +- Adapt regenerate initrd macro expansion + +------------------------------------------------------------------- +Mon Apr 22 09:08:46 UTC 2024 - aplanas@suse.com + +- Update to version 0.3+6: + * Add UTF8 character set + +------------------------------------------------------------------- +Wed Apr 17 12:29:01 UTC 2024 - aplanas@suse.com + +- Update to version 0.3+5: + * Generate the initrd after installation + * Temporaly conflict with GRUB2 + * Small fix for comment + +------------------------------------------------------------------- +Tue Apr 16 17:19:57 UTC 2024 - aplanas@suse.com + +- Update to version 0.3+2: + * Do not hard fail when error in mount + +------------------------------------------------------------------- +Fri Apr 12 18:01:58 UTC 2024 - aplanas@suse.com + +- Update to version 0.3+1: + * Include mktemp in initrd + +------------------------------------------------------------------- +Wed Apr 10 11:13:22 UTC 2024 - aplanas@suse.com + +- Update to version 0.3+0: + * Various small improvements + +------------------------------------------------------------------- +Tue Mar 12 15:08:08 UTC 2024 - aplanas@suse.com + +- Update to version 0.2: + * Support GRUB2 configurations + +------------------------------------------------------------------- +Tue Jan 30 09:16:29 UTC 2024 - aplanas@suse.com + +- Update to version 0.1+3: + * Copy pcrlock.json if available + +------------------------------------------------------------------- +Tue Jan 09 07:35:24 UTC 2024 - aplanas@suse.com + +- Update to version 0.1+2: + * Explicitly add VFAT module + +------------------------------------------------------------------- +Fri Dec 01 13:04:17 UTC 2023 - aplanas@suse.com + +- Update to version 0.1+1: + * Use xz compression + +------------------------------------------------------------------- +Wed Nov 29 15:47:37 UTC 2023 - Alberto Planas Dominguez + +- Initial package diff --git a/dracut-pcr-signature.spec b/dracut-pcr-signature.spec new file mode 100644 index 0000000..45cebcf --- /dev/null +++ b/dracut-pcr-signature.spec @@ -0,0 +1,64 @@ +# +# spec file for package dracut-pcr-signature +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: dracut-pcr-signature +Version: 0.5+1 +Release: 0 +Summary: Dracut module to import PCR signatures +License: GPL-2.0-or-later +URL: https://github.com/aplanas/dracut-pcr-signature +Source: %{name}-%{version}.tar.xz +BuildRequires: pkgconfig +BuildRequires: rpm-config-SUSE +BuildRequires: pkgconfig(dracut) +BuildArch: noarch + +%description +Dracut module to import PCR signatures. This will make possible the +prediction of the initrd (and cmdline) hashes, as will not require the +update of the initrd to introduce the JSON and PEM files required to +unlock the LUKS2 device via systemd-cryptsetup. + +%prep +%setup -q + +%build + +%install +mkdir -p %{buildroot}%{_prefix}/lib/dracut/modules.d/50pcr-signature +for i in module-setup.sh boot-efi-generator.sh pcr-signature.sh pcr-signature.service; do + cp "$i" %{buildroot}%{_prefix}/lib/dracut/modules.d/50pcr-signature +done + +%post +%{?regenerate_initrd_post} + +%posttrans +%{?regenerate_initrd_posttrans} + +%postun +%{?regenerate_initrd_post} + +%files +%license LICENSE +%doc README.md +%dir %{_prefix}/lib/dracut +%dir %{_prefix}/lib/dracut/modules.d +%{_prefix}/lib/dracut/modules.d/50pcr-signature + +%changelog From c15bf51a2509623cca8fa22923f777843cda32fec8b8ad2d1f3f92c0d305f276 Mon Sep 17 00:00:00 2001 From: Alberto Planas Dominguez Date: Tue, 17 Dec 2024 10:08:28 +0000 Subject: [PATCH 2/2] Add missing file OBS-URL: https://build.opensuse.org/package/show/devel:microos/dracut-pcr-signature?expand=0&rev=27 --- dracut-pcr-signature-0.5+0.tar.xz | 3 --- dracut-pcr-signature-0.5+1.tar.xz | 3 +++ 2 files changed, 3 insertions(+), 3 deletions(-) delete mode 100644 dracut-pcr-signature-0.5+0.tar.xz create mode 100644 dracut-pcr-signature-0.5+1.tar.xz diff --git a/dracut-pcr-signature-0.5+0.tar.xz b/dracut-pcr-signature-0.5+0.tar.xz deleted file mode 100644 index 1506e2a..0000000 --- a/dracut-pcr-signature-0.5+0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:13afef632a38aa91c5cd2ef765f3e4a1b02052ad371689b7da1a52e91b327d0f -size 8620 diff --git a/dracut-pcr-signature-0.5+1.tar.xz b/dracut-pcr-signature-0.5+1.tar.xz new file mode 100644 index 0000000..34a0078 --- /dev/null +++ b/dracut-pcr-signature-0.5+1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2a1cf2bef09fb3c60389a05772988188ac1c584dc1b76881cfbcd7164628a91c +size 8620