Accepting request 1274530 from utilities

OBS-URL: https://build.opensuse.org/request/show/1274530 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sbctl?expand=0&rev=6
- Update to version 0.17:
2025-05-05 20:29:15 +00:00 · 2025-05-05 11:38:27 +00:00 · 2024-11-11 12:46:49 +00:00 · 2024-11-11 07:48:00 +00:00 · 2024-08-02 15:27:24 +00:00 · 2024-08-02 11:04:58 +00:00
6 changed files with 11 additions and 47 deletions
--- a/2
+++ b/2
@@ -14,7 +14,5 @@
    <param name="compression">gz</param>
  </service>
  <service name="go_modules" mode="manual">
-    <param name="replace">github.com/ulikunitz/xz=github.com/ulikunitz/xz@v0.5.14</param>
-    <param name="replace">golang.org/x/net=golang.org/x/net@v0.46.0</param>
  </service>
 </services>
--- a/sbctl-0.17.tar.gz
+++ b/sbctl-0.17.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dd4f4d609a203ecc4d37736315377e58949138b3dc9c8d12d8b4b38a2e074e32
+size 17957224
--- a/sbctl-0.18.tar.gz
+++ b/sbctl-0.18.tar.gz
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f244890d1676bc9e7761ebbbdc7e94e516b47642ef37efd0b7b60e5223fcaaa5
-size 17960022
--- a/sbctl.changes
+++ b/sbctl.changes
@@ -1,37 +1,3 @@
-------------------------------------------------------------------
-Wed Nov 12 07:29:18 UTC 2025 - Fridrich Strba <fstrba@suse.com>
-
- Upgrade the embedded golang.org/x/net to 0.46.0
-  * Fixes: bsc#1251399, CVE-2025-47911: various algorithms with
-    quadratic complexity when parsing HTML documents
-  * Fixes: bsc#1251609, CVE-2025-58190: excessive memory consumption
-    by 'html.ParseFragment' when processing specially crafted input
-
-------------------------------------------------------------------
-Mon Oct 13 09:06:05 UTC 2025 - Jan Loeser <rooterle@posteo.de>
-
- Update to version 0.18:
-  * logging: fixup new go vet warning
-  * workflows: add cc for cross compile
-  * workflow: add sudo to apt
-  * workflow: add pcsclite to ci
-  * workflow: try enable cgo
-  * go.mod: update golang.org/x/ dependencies
-  * fix: avoid adding bogus Country attribute to subject DNs
-  * sbctl: only store file if we did actually sign the file
-  * installkernel: add post install hook for Debian's traditional installkernel
-  * CI: missing libpcsclite pkg
-  * workflows: add missing depends and new pattern keyword
-  * Add yubikey example for create keys to the README
-  * Initial yubikey backend keytype support
-  * verify: ensure we pass args in correct order
-
-------------------------------------------------------------------
-Mon Sep  1 09:34:54 UTC 2025 - Michael Vetter <mvetter@suse.com>
-
- bsc#1248949 (CVE-2025-58058):
-  Bump xz to 0.5.14
-
 -------------------------------------------------------------------
 Mon May  5 11:24:29 UTC 2025 - Jan Loeser <jan.loeser@posteo.de>

--- a/sbctl.spec
+++ b/sbctl.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package sbctl
 #
-# Copyright (c) 2025 SUSE LLC and contributors
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,12 +17,16 @@


 Name:           sbctl
-Version:        0.18
+Version:        0.17
 Release:        0
 Summary:        Secure Boot key manager
 License:        MIT
 Group:          System/Boot
 URL:            https://github.com/Foxboron/sbctl
+%if "%{_vendor}" == "debbuild"
+# Needed to set Maintainer in output debs
+Packager:       Jan Loeser <jan.loeser@posteo.de>
+%endif
 Source:         %{name}-%{version}.tar.gz
 Source1:        vendor.tar.gz
 Source2:        %{name}-rpmlintrc
@@ -38,12 +42,10 @@ BuildRequires:  binutils
 %if 0%{?suse_version}
 BuildRequires:  go >= 1.22.0
 BuildRequires:  golang-packaging
-BuildRequires:  pcsc-lite-devel
 BuildRequires:  pkgconfig(openssl) > 3.0.0
 %endif
 %if 0%{?ubuntu}
 BuildRequires:  golang >= 1.22.0
-BuildRequires:  libpcsclite-dev
 BuildRequires:  libssl-dev > 3.0.0
 %endif

@@ -78,14 +80,12 @@ sed -i 's|bin/sh|bin/bash|' %{buildroot}%{_prefix}/lib/kernel/install.d/91-sbctl

 %dir %{_prefix}/lib/kernel/
 %dir %{_prefix}/lib/kernel/install.d/
-%dir %{_prefix}/lib/kernel/postinst.d/
 %dir %{_datadir}/fish/
 %dir %{_datadir}/fish/vendor_completions.d/
 %dir %{_datadir}/zsh/
 %dir %{_datadir}/zsh/site-functions/

 %{_prefix}/lib/kernel/install.d/91-sbctl.install
-%{_prefix}/lib/kernel/postinst.d/91-sbctl.install
 %{_mandir}/man8/sbctl.8*
 %{_mandir}/man5/sbctl.conf.5*
 %{_datadir}/bash-completion/completions/sbctl
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:d2fc644ddb2b233faec1f29dd1199748667ff2a50640a8b5107920fef6ca1fa2
-size 5068731
+oid sha256:e450acf9d24a41dc71ed6d2232f36e62506ddcceaf4ba587ea62b1f613240dd9
+size 5177988
Author	SHA256	Message	Date
Ana Guerrero	190b714e53	Accepting request 1274530 from utilities OBS-URL: https://build.opensuse.org/request/show/1274530 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sbctl?expand=0&rev=6	2025-05-05 20:29:15 +00:00
Jan Loeser	7310bb1da1	- Update to version 0.17: * Ensure we don't wrongly compare input/output files when signing * Added --json supprt to sbctl verify * Ensure sbctl setup with no arguments returns a helpful output * Import latest Microsoft keys for KEK and db databases * Ensure we print the path of the file when encountering an invalid PE file * Misc fixups in tests * Misc typo fixes in prints OBS-URL: https://build.opensuse.org/package/show/utilities/sbctl?expand=0&rev=15	2025-05-05 11:38:27 +00:00
Dominique Leuenberger	8ccb8a455a	Accepting request 1223291 from utilities OBS-URL: https://build.opensuse.org/request/show/1223291 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sbctl?expand=0&rev=5	2024-11-11 12:46:49 +00:00
Jan Loeser	c57b8b34a9	Accepting request 1216867 from home:smolsheep:upgrades - Disable tests that fail due to gh/foxboron/sbctl#343 - Update to version 0.16: * Ensure sbctl reads --config even if /etc/sbctl/sbctl.conf is present * Fixed a bug where sbctl would abort if the TPM eventlog contains the same byte multiple times * Fixed a landlock bug where enroll-keys --export did not work * Fixed a bug where an ESP mounted to multiple paths would not be detected * Exporting keys without efivars present work again * sbctl sign will now use the saved output path if the signed file is enrolled * enroll-keys --append will now work without --force. - Updates from version 0.15.4: * Fixed an issue where sign-all did not report a non-zero exit code when something failed * Fixed and issue where we couldn't write to a file with landlock * Fixed an issue where --json would print the human readable output and the json * Fixes landlock for UKI/bundles by disabling the sandbox feature * Some doc fixups that mentioned /usr/share/ OBS-URL: https://build.opensuse.org/request/show/1216867 OBS-URL: https://build.opensuse.org/package/show/utilities/sbctl?expand=0&rev=13	2024-11-11 07:48:00 +00:00
Dominique Leuenberger	a4f1debcdc	Accepting request 1191164 from utilities OBS-URL: https://build.opensuse.org/request/show/1191164 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sbctl?expand=0&rev=4	2024-08-02 15:27:24 +00:00
Jan Loeser	1fa59a3253	Accepting request 1191021 from home:smolsheep:upgrades - Update to version 0.15.3: * Fixed a mistake where the db_additions setting in sbctl.conf was not wired up to sbctl setup. * Relaxed the check for an existing install in sbctl setup form looking after /var/lib/sbctl to check for /var/lib/sbctl/keys. * Fixed a bug where dmi information was not read for quirk detection when landlock was enabled. * Fixed a bug where sbctl create-keys did not have access to /var/lib under landlock. * Fixed a bug where sbctl setup didn't have access to /usr/share. - Added minimum go required version - Update to version 0.15.2: * Fixed a bug where sbctl setup aborts early because /var/lib/sbctl already exists. - Updates from version 0.15.1: * Fixed an issue where sbctl migrate did not work without --disable-landlock. * Fixed an issue where bundles.db would be written to files.json deleting list of files. - Updates from version 0.15: See the release for full changes. https://github.com/Foxboron/sbctl/releases/tag/0.15 * sbctl will try to sandbox all commands with landlock. Landlock is a unpriviledged sandbox, similar to OpenBSD pledge, that allows sbctl to declare the directories and files we are reading/writing a head. This feature is enabled by default and can be disabled by setting landlock: false in the new config file, or by passing --disable-landlock flag. * sbctl has moved from using /usr/share/secureboot to /var/lib/sbctl. The useage of /usr was mostly for legacy reasons but there wasn't any motivation to fix this until now. To help with the migration sbctl migrate has been implemented. It will move all the files from the old location to /var/lib/sbctl and rename files accordingly. * sbctl now support creation of TPM key files using go-tpm-keyfiles. These keys are mostly compatible with how other TPM2 TSS keyfiles are created. This key type can be used by passing on of several keytype flags to create-keys or rotate-keys, or by specifying the type in the new configuration file. OBS-URL: https://build.opensuse.org/request/show/1191021 OBS-URL: https://build.opensuse.org/package/show/utilities/sbctl?expand=0&rev=11	2024-08-02 11:04:58 +00:00