diff --git a/.gitmodules b/.gitmodules
index 982d68e..2efa9e7 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,39 +1,170 @@
-[submodule "obs-service-set_version"]
- path = obs-service-set_version
- url = https://src.opensuse.org/SLFO-pool/obs-service-set_version.git
[submodule "cri-tools"]
path = cri-tools
url = https://src.opensuse.org/pool/cri-tools.git
-[submodule "fakeroot"]
- path = fakeroot
- url = https://src.opensuse.org/pool/fakeroot.git
[submodule "crudini"]
path = crudini
url = https://src.opensuse.org/pool/crudini.git
-[submodule "autoconf"]
- path = autoconf
- url = https://src.opensuse.org/SLFO-pool/autoconf.git
-[submodule "python-pydantic"]
- path = python-pydantic
- url = https://src.opensuse.org/SLFO-pool/python-pydantic
-[submodule "python-pydantic-core"]
- path = python-pydantic-core
- url = https://src.opensuse.org/SLFO-pool/python-pydantic-core
-[submodule "python-inline-snapshot"]
- path = python-inline-snapshot
- url = https://src.opensuse.org/SLFO-pool/python-inline-snapshot
-[submodule "python-executing"]
- path = python-executing
- url = https://src.opensuse.org/SLFO-pool/python-executing
-[submodule "python-typing-inspection"]
- path = python-typing-inspection
- url = https://src.opensuse.org/SLFO-pool/python-typing-inspection
-[submodule "python-annotated-types"]
- path = python-annotated-types
- url = https://src.opensuse.org/SLFO-pool/python-annotated-types
-[submodule "python-typing_extensions"]
- path = python-typing_extensions
- url = https://src.opensuse.org/SLFO-pool/python-typing_extensions
-[submodule "python-flit-core"]
- path = python-flit-core
- url = https://src.opensuse.org/SLFO-pool/python-flit-core
+[submodule "cni-plugins"]
+ path = cni-plugins
+ url = https://src.opensuse.org/pool/cni-plugins
+[submodule "python-kubernetes"]
+ path = python-kubernetes
+ url = https://src.opensuse.org/pool/python-kubernetes
+ branch = leap-16.0
+[submodule "python-durationpy"]
+ path = python-durationpy
+ url = https://src.opensuse.org/pool/python-durationpy
+ branch = leap-16.0
+[submodule "python-recommonmark"]
+ path = python-recommonmark
+ url = https://src.opensuse.org/pool/python-recommonmark
+ branch = leap-16.0
+[submodule "python-iniparse"]
+ path = python-iniparse
+ url = https://src.opensuse.org/pool/python-iniparse
+ branch = leap-16.0
+[submodule "python-commonmark"]
+ path = python-commonmark
+ url = https://src.opensuse.org/pool/python-commonmark
+ branch = leap-16.0
+[submodule "cni"]
+ path = cni
+ url = https://src.opensuse.org/pool/cni
+[submodule "python-tenacity"]
+ path = python-tenacity
+ url = https://src.opensuse.org/pool/python-tenacity
+[submodule "python-pint"]
+ path = python-pint
+ url = https://src.opensuse.org/pool/python-pint
+ branch = leap-16.0
+[submodule "python-flexcache"]
+ path = python-flexcache
+ url = https://src.opensuse.org/pool/python-flexcache
+ branch = leap-16.0
+[submodule "python-flexparser"]
+ path = python-flexparser
+ url = https://src.opensuse.org/pool/python-flexparser
+ branch = leap-16.0
+[submodule "python-uncertainties"]
+ path = python-uncertainties
+ url = https://src.opensuse.org/pool/python-uncertainties
+ branch = leap-16.0
+[submodule "python-dogpile.cache"]
+ path = python-dogpile.cache
+ url = https://src.opensuse.org/pool/python-dogpile.cache
+ branch = leap-16.0
+[submodule "python-pytest-mpl"]
+ path = python-pytest-mpl
+ url = https://src.opensuse.org/pool/python-pytest-mpl
+ branch = leap-16.0
+[submodule "python-zeroconf"]
+ path = python-zeroconf
+ url = https://src.opensuse.org/pool/python-zeroconf
+ branch = leap-16.0
+[submodule "python-ifaddr"]
+ path = python-ifaddr
+ url = https://src.opensuse.org/pool/python-ifaddr
+ branch = leap-16.0
+[submodule "python-yappi"]
+ path = python-yappi
+ url = https://src.opensuse.org/pool/python-yappi
+[submodule "python-routes"]
+ path = python-routes
+ url = https://src.opensuse.org/pool/python-routes
+ branch = leap-16.0
+[submodule "python-repoze.lru"]
+ path = python-repoze.lru
+ url = https://src.opensuse.org/pool/python-repoze.lru
+ branch = leap-16.0
+[submodule "ipxe"]
+ path = ipxe
+ url = https://src.opensuse.org/pool/ipxe
+ branch = leap-16.0
+[submodule "python-setproctitle"]
+ path = python-setproctitle
+ url = https://src.opensuse.org/pool/python-setproctitle
+ branch = leap-16.0
+[submodule "python-requests-kerberos"]
+ path = python-requests-kerberos
+ url = https://src.opensuse.org/pool/python-requests-kerberos
+ branch = leap-16.0
+[submodule "python-pecan"]
+ path = python-pecan
+ url = https://src.opensuse.org/pool/python-pecan
+ branch = leap-16.0
+[submodule "python-pycdlib"]
+ path = python-pycdlib
+ url = https://src.opensuse.org/pool/python-pycdlib
+[submodule "python-cliff"]
+ path = python-cliff
+ url = https://src.opensuse.org/pool/python-cliff
+[submodule "python-autopage"]
+ path = python-autopage
+ url = https://src.opensuse.org/pool/python-autopage
+[submodule "python-cmd2"]
+ path = python-cmd2
+ url = https://src.opensuse.org/pool/python-cmd2
+ branch = leap-16.0
+[submodule "uwsgi"]
+ path = uwsgi
+ url = https://src.opensuse.org/pool/uwsgi
+ branch = leap-16.0
+[submodule "python-requestsexceptions"]
+ path = python-requestsexceptions
+ url = https://src.opensuse.org/pool/python-requestsexceptions
+[submodule "python-python-memcached"]
+ path = python-python-memcached
+ url = https://src.opensuse.org/pool/python-python-memcached
+[submodule "python-kombu"]
+ path = python-kombu
+ url = https://src.opensuse.org/pool/python-kombu
+[submodule "python-amqp"]
+ path = python-amqp
+ url = https://src.opensuse.org/pool/python-amqp
+ branch = leap-16.0
+[submodule "python-statsd"]
+ path = python-statsd
+ url = https://src.opensuse.org/pool/python-statsd
+[submodule "python-warlock"]
+ path = python-warlock
+ url = https://src.opensuse.org/pool/python-warlock
+[submodule "python-case"]
+ path = python-case
+ url = https://src.opensuse.org/pool/python-case
+ branch = leap-16.0
+[submodule "python-vine"]
+ path = python-vine
+ url = https://src.opensuse.org/pool/python-vine
+ branch = leap-16.0
+[submodule "python-Pyro5"]
+ path = python-Pyro5
+ url = https://src.opensuse.org/pool/python-Pyro5
+ branch = leap-16.0
+[submodule "python-pre-commit"]
+ path = python-pre-commit
+ url = https://src.opensuse.org/pool/python-pre-commit
+[submodule "python-serpent"]
+ path = python-serpent
+ url = https://src.opensuse.org/pool/python-serpent
+ branch = leap-16.0
+[submodule "python-google-cloud-monitoring"]
+ path = python-google-cloud-monitoring
+ url = https://src.opensuse.org/pool/python-google-cloud-monitoring
+[submodule "python-google-cloud-pubsub"]
+ path = python-google-cloud-pubsub
+ url = https://src.opensuse.org/pool/python-google-cloud-pubsub
+[submodule "python-cfgv"]
+ path = python-cfgv
+ url = https://src.opensuse.org/pool/python-cfgv
+[submodule "python-identify"]
+ path = python-identify
+ url = https://src.opensuse.org/pool/python-identify
+[submodule "python-pandas"]
+ path = python-pandas
+ url = https://src.opensuse.org/pool/python-pandas
+[submodule "python-grpc-google-iam-v1"]
+ path = python-grpc-google-iam-v1
+ url = https://src.opensuse.org/pool/python-grpc-google-iam-v1
+[submodule "python-editdistance"]
+ path = python-editdistance
+ url = https://src.opensuse.org/pool/python-editdistance
diff --git a/_config b/_config
index f282a84..34e99f7 100644
--- a/_config
+++ b/_config
@@ -1,8 +1,11 @@
-Prefer: -libqpid-proton10 -python311-urllib3_1
+Prefer: -libqpid-proton10 -python313-urllib3_1
Prefer: -cargo1.58 -cargo1.57 cargo1.89
+Prefer: chrony-pool-suse
+Prefer: -postgresql17-devel-mini
+
+BuildFlags: excludebuild:python-pandas:test-py313
Macros:
-%__python3 /usr/bin/python3.11
%registry_url %(echo %{vendor} | cut -d '/' -f 3 | sed 's/build/registry/')
:Macros
@@ -46,92 +49,59 @@ Macros:
:Macros
%endif
-# Missing deps for testsuite
-BuildFlags: excludebuild:autoconf:el
-BuildFlags: excludebuild:autoconf:testsuite
-
-# Missing deps for python packages related to suse-edge-components-versions
-BuildFlags: excludebuild:python-pydantic:test
-BuildFlags: excludebuild:python-pydantic-core:test
-BuildFlags: excludebuild:python-inline-snapshot:test
-BuildFlags: excludebuild:python-executing:test
-BuildFlags: excludebuild:python-annotated-types:test
-BuildFlags: excludebuild:python-typing-inspection:test
-BuildFlags: excludebuild:python-typing_extensions:test
-
# Only build manifest embedding images here
%if "%_repository" == "test_manifest_images"
BuildFlags: onlybuild:edge-image-builder-image
BuildFlags: onlybuild:release-manifest-image
- # Exclude the images selected by the following section
- # as the standard repository is a dependency
- %ifarch aarch64
- BuildFlags: excludebuild:baremetal-operator-image
- BuildFlags: excludebuild:endpoint-copier-operator-image
- BuildFlags: excludebuild:ironic-image
- BuildFlags: excludebuild:ironic-ipa-downloader-image
- BuildFlags: excludebuild:kiwi-builder-image
- BuildFlags: excludebuild:kubectl-image
- BuildFlags: excludebuild:kube-rbac-proxy-image
- BuildFlags: excludebuild:metallb-controller-image
- BuildFlags: excludebuild:metallb-speaker-image
- BuildFlags: excludebuild:nessie-image
- BuildFlags: excludebuild:suse-edge-components-versions-image
- %endif
%else
-# Only a subset of stack is arm64 ready
+# Only a subset of stack is arm64 ready exclude what is not ready
%ifarch aarch64
- BuildFlags: onlybuild:autoconf
- BuildFlags: onlybuild:baremetal-operator
- BuildFlags: onlybuild:baremetal-operator-image
- BuildFlags: onlybuild:ca-certificates-suse
- BuildFlags: onlybuild:container-build-checks
- BuildFlags: onlybuild:crudini
- BuildFlags: onlybuild:edge-build-checks
- BuildFlags: onlybuild:edge-image-builder
- BuildFlags: onlybuild:edge-image-builder-image
- BuildFlags: onlybuild:endpoint-copier-operator
- BuildFlags: onlybuild:endpoint-copier-operator-image
- BuildFlags: onlybuild:fakeroot
- BuildFlags: onlybuild:hauler
- BuildFlags: onlybuild:ipcalc
- BuildFlags: onlybuild:ironic-image
- BuildFlags: onlybuild:ironic-ipa-downloader-image
- BuildFlags: onlybuild:ironic-ipa-ramdisk
- BuildFlags: onlybuild:kubectl
- BuildFlags: onlybuild:kubectl-image
- BuildFlags: onlybuild:kube-rbac-proxy
- BuildFlags: onlybuild:kube-rbac-proxy-image
- BuildFlags: onlybuild:metallb
- BuildFlags: onlybuild:metallb-controller-image
- BuildFlags: onlybuild:metallb-speaker-image
- BuildFlags: onlybuild:nessie
- BuildFlags: onlybuild:nessie-image
- BuildFlags: onlybuild:nm-configurator
- BuildFlags: onlybuild:python-annotated-types
- BuildFlags: onlybuild:python-executing
- BuildFlags: onlybuild:python-flit-core
- BuildFlags: onlybuild:python-inline-snapshot
- BuildFlags: onlybuild:python-pydantic
- BuildFlags: onlybuild:python-pydantic-core
- BuildFlags: onlybuild:python-pyhelm3
- BuildFlags: onlybuild:python-rich
- BuildFlags: onlybuild:python-suse-edge-components-versions
- BuildFlags: onlybuild:python-typing-inspection
- BuildFlags: onlybuild:python-typing_extensions
- BuildFlags: onlybuild:shim-noarch
- BuildFlags: onlybuild:suse-edge-components-versions-image
+ # Akri
+ BuildFlags: excludebuild:akri
+ BuildFlags: excludebuild:akri-agent-image
+ BuildFlags: excludebuild:akri-controller-image
+ BuildFlags: excludebuild:akri-debug-echo-discovery-handler-image
+ BuildFlags: excludebuild:akri-onvif-discovery-handler-image
+ BuildFlags: excludebuild:akri-opcua-discovery-handler-image
+ BuildFlags: excludebuild:akri-udev-discovery-handler-image
+ BuildFlags: excludebuild:akri-webhook-configuration-image
+ BuildFlags: excludebuild:cri-tools
+
+ # FRR
+ BuildFlags: excludebuild:frr-image
+ BuildFlags: excludebuild:frr-k8s
+ BuildFlags: excludebuild:frr-k8s-image
+
+ # SRIOV
+ BuildFlags: excludebuild:ib-sriov-cni
+ BuildFlags: excludebuild:ib-sriov-cni-image
+ BuildFlags: excludebuild:network-resources-injector
+ BuildFlags: excludebuild:network-resources-injector-image
+ BuildFlags: excludebuild:node-feature-discovery
+ BuildFlags: excludebuild:node-feature-discovery-image
+ BuildFlags: excludebuild:sriov-cni
+ BuildFlags: excludebuild:sriov-cni-image
+ BuildFlags: excludebuild:sriov-network-device-plugin
+ BuildFlags: excludebuild:sriov-network-device-plugin-image
+ BuildFlags: excludebuild:sriov-network-operator
+ BuildFlags: excludebuild:sriov-network-operator-config-daemon-image
+ BuildFlags: excludebuild:sriov-network-operator-manager-image
+ BuildFlags: excludebuild:sriov-network-operator-webhook-image
+
+ # Upgrade controller
+ BuildFlags: excludebuild:release-manifest-image
+ BuildFlags: excludebuild:upgrade-controller
+ BuildFlags: excludebuild:upgrade-controller-image
%endif
%endif
%if "%_repository" == "images" || "%_repository" == "test_manifest_images"
- Prefer: container:sles15-image
Type: docker
Repotype: none
Patterntype: none
BuildEngine: podman
- Prefer: sles-release
- BuildFlags: dockerarg:SLE_VERSION=15.7
+ Prefer: SLES-release
+ BuildFlags: dockerarg:SLE_VERSION=16.0
# Publish multi-arch container images only once all archs have been built
PublishFlags: archsync
@@ -146,47 +116,6 @@ BuildFlags: onlybuild:release-manifest-image
%endif
-%if "%_repository" == "images_16.0"
- Prefer: container:sles15-image
- Type: docker
- BuildEngine: podman
- Repotype: none
- Patterntype: none
- BuildFlags: dockerarg:SLE_VERSION=16.0
- BuildFlags: onlybuild:kiwi-builder-image
-
- Substitute: system-packages:podman podman buildah createrepo_c release-compare skopeo umoci
-
- # Publish multi-arch container images only once all archs have been built
- PublishFlags: archsync
-
- # Exclude the images selected by the aarch64 section
- %ifarch aarch64
- BuildFlags: excludebuild:baremetal-operator-image
- BuildFlags: excludebuild:edge-image-builder-image
- BuildFlags: excludebuild:endpoint-copier-operator-image
- BuildFlags: excludebuild:ironic-image
- BuildFlags: excludebuild:ironic-ipa-downloader-image
- BuildFlags: excludebuild:kubectl-image
- BuildFlags: excludebuild:kube-rbac-proxy-image
- BuildFlags: excludebuild:metallb-controller-image
- BuildFlags: excludebuild:metallb-speaker-image
- BuildFlags: excludebuild:nessie-image
- BuildFlags: excludebuild:suse-edge-components-versions-image
- %endif
-
-%else
- %if "%{sub %{reverse %_project} 1 7}" != "%{reverse :ToTest}" && "%{sub %{reverse %_project} 1 9}" != "%{reverse :Snapshot}"
- BuildFlags: excludebuild:kiwi-builder-image
- %else
- %ifarch aarch64
- BuildFlags: onlybuild:kiwi-builder-image
- %endif
- %endif
-%endif
-
-
-
%if "%_repository" == "charts" || "%_repository" == "phantomcharts" || "%_repository" == "releasecharts"
Type: helm
Repotype: helm
@@ -203,12 +132,16 @@ BuildFlags: onlybuild:release-manifest-image
# ironic-ipa-ramdisk are noarch packages that need to be availble to both archs
ExportFilter: ^ironic-ipa-ramdisk-.*\.noarch\.rpm$ aarch64 x86_64
+ ExportFilter: ^grub2-.*-efi-.*\.noarch\.rpm$ aarch64 x86_64
%endif
+%if "%_repository" != "standard"
+ BuildFlags: excludebuild:grub-aggregate
+%endif
# Enable reproducible builds
# https://en.opensuse.org/openSUSE:Reproducible_Builds\#With_OBS
Macros:
-%source_date_epoch_from_changelog Y
+%source_date_epoch_from_changelog N
%clamp_mtime_to_source_date_epoch Y
%use_source_date_epoch_as_buildtime Y
%_buildhost reproducible
diff --git a/_meta b/_meta
index 62b26e1..e18b14e 100644
--- a/_meta
+++ b/_meta
@@ -34,20 +34,15 @@
x86_64
{%- endif %}
-{%- for repository in ["images", "images_16.0", "test_manifest_images"] %}
+{%- for repository in ["images", "test_manifest_images"] %}
{%- if release_project is defined and repository != "test_manifest_images" %}
{%- endif %}
- {%- if repository == "images_16.0" %}
-
-
-
- {%- else %}
-
-
- {%- endif %}
+
+
+
x86_64
aarch64
@@ -56,8 +51,9 @@
{%- if release_project is defined and not for_release %}
{%- endif %}
-
-
+
+
+
x86_64
aarch64
diff --git a/autoconf b/autoconf
deleted file mode 160000
index 0154270..0000000
--- a/autoconf
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 015427056954e149061e5c176e72f6067ebe4fb010fb697aba7bcfbb0e6d5568
diff --git a/baremetal-operator-image/Dockerfile b/baremetal-operator-image/Dockerfile
index 3e34e57..5d905eb 100644
--- a/baremetal-operator-image/Dockerfile
+++ b/baremetal-operator-image/Dockerfile
@@ -6,7 +6,7 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends baremetal-operator inotify-tools procps iproute2 bind-utils vim shadow; zypper -n clean; rm -rf /var/log/*
+RUN zypper --installroot /installroot --non-interactive install --no-recommends baremetal-operator python3-watchdog procps iproute2 bind-utils vim shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
diff --git a/baremetal-operator-image/bmo-run b/baremetal-operator-image/bmo-run
index 38e6c14..fd9b25c 100644
--- a/baremetal-operator-image/bmo-run
+++ b/baremetal-operator-image/bmo-run
@@ -3,10 +3,11 @@ export RESTART_CONTAINER_CERTIFICATE_UPDATED=${RESTART_CONTAINER_CERTIFICATE_UPD
export IRONIC_CACERT_FILE=${IRONIC_CACERT_FILE:-"/opt/metal3/certs/ca/tls.crt"}
if [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
- # shellcheck disable=SC2034
- inotifywait -m -e delete_self "${IRONIC_CACERT_FILE}" | while read -r file event; do
- kill $(pgrep baremetal-opera)
- done &
+ watchmedo shell-command \
+ --patterns="$(basename "${IRONIC_CACERT_FILE}")" \
+ --ignore-directories \
+ --command='if [[ "${watch_event_type}" == "deleted" ]]; then pkill -TERM baremetal-opera; fi' \
+ "$(dirname "${IRONIC_CACERT_FILE}")" &
fi
exec /usr/bin/baremetal-operator $@
\ No newline at end of file
diff --git a/cni b/cni
new file mode 160000
index 0000000..a18c16d
--- /dev/null
+++ b/cni
@@ -0,0 +1 @@
+Subproject commit a18c16d6bdfcaea00d98d1d6c4f2259bc8dd58db4b2ec10836a9725f88d5ab1f
diff --git a/cni-plugins b/cni-plugins
new file mode 160000
index 0000000..b6dd695
--- /dev/null
+++ b/cni-plugins
@@ -0,0 +1 @@
+Subproject commit b6dd6951d93c1ad24de28ef3110a006088b09c8d9c4928aca841718986809813
diff --git a/cri-tools b/cri-tools
index fc6852f..6b5145f 160000
--- a/cri-tools
+++ b/cri-tools
@@ -1 +1 @@
-Subproject commit fc6852f89d4ec8edc00219a6babb50106e60c3964b3f165a61e8f16bb4cc4d89
+Subproject commit 6b5145f3d4b76df0eeb3e6c7a24ad54cfcddd8e94a47944dddda92fe208ad1cb
diff --git a/crudini b/crudini
index c24bedd..a0919c8 160000
--- a/crudini
+++ b/crudini
@@ -1 +1 @@
-Subproject commit c24bedd13bbd6ec8ac6edfc9b7495c94667e77af6dfbc681255650a392f4024c
+Subproject commit a0919c82ee675ff1b268b90285427c85e4dea398e993c6b77f50125ca4899966
diff --git a/edge-image-builder-image/Dockerfile b/edge-image-builder-image/Dockerfile
index 392138b..f0938b2 100644
--- a/edge-image-builder-image/Dockerfile
+++ b/edge-image-builder-image/Dockerfile
@@ -7,7 +7,7 @@ MAINTAINER SUSE LLC (https://www.suse.com/)
COPY artifacts.yaml artifacts.yaml
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
-RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86 qemu-uefi-aarch64 cni-plugins; zypper -n clean; rm -rf /var/log/*
+RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86 qemu-uefi-aarch64 cni-plugins pigz zstd cpio && zypper -n clean && rm -rf /var/log/*
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.edge-image-builder
@@ -32,8 +32,7 @@ LABEL com.suse.release-stage="released"
# and also expects the boot kernel to be a portable executable (PE), not ELF.
RUN mkdir -p /usr/share/edk2/aarch64 && \
cp /usr/share/qemu/aavmf-aarch64-code.bin /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw && \
- cp /usr/share/qemu/aavmf-aarch64-vars.bin /usr/share/edk2/aarch64/vars-template-pflash.raw && \
- mv /boot/vmlinux* /boot/backup-vmlinux
+ cp /usr/share/qemu/aavmf-aarch64-vars.bin /usr/share/edk2/aarch64/vars-template-pflash.raw
ENTRYPOINT ["/usr/bin/eib"]
diff --git a/fakeroot b/fakeroot
deleted file mode 160000
index a93afed..0000000
--- a/fakeroot
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit a93afedfbd09dc0396c3f9edf415f3ad22cd24c7f0ff9ff72407d10c748ce0a5
diff --git a/grub-aggregate/_aggregate b/grub-aggregate/_aggregate
new file mode 100644
index 0000000..4038b9f
--- /dev/null
+++ b/grub-aggregate/_aggregate
@@ -0,0 +1,7 @@
+
+
+ grub2-x86_64-efi
+ grub2-arm64-efi
+
+
+
diff --git a/ipxe b/ipxe
new file mode 160000
index 0000000..afcb631
--- /dev/null
+++ b/ipxe
@@ -0,0 +1 @@
+Subproject commit afcb631479ec04dbf5c42f7c459a9a6fed67c77b55fef5f5804913e06e3f6976
diff --git a/ironic-image/Dockerfile b/ironic-image/Dockerfile
index 671f1f5..09b96a3 100644
--- a/ironic-image/Dockerfile
+++ b/ironic-image/Dockerfile
@@ -17,13 +17,19 @@ RUN /bin/prepare-efi.sh
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
+RUN zypper --installroot /installroot --non-interactive install --no-recommends \
+ python3-devel python3 python3-pip \
+ python313-sushy \
+ python3-watchdog python313-ironicclient \
+ git curl sles-release tar gzip vim gawk \
+ dnsmasq dosfstools apache2 ipcalc ipmitool iproute2 \
+ bind-utils procps qemu-tools sqlite3 util-linux xorriso \
+ tftp ipxe-bootimgs crudini \
+ openstack-ironic
+
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
- zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 bind-utils procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
- fi
-#!ArchExclusiveLine: aarch64
-RUN if [ "$(uname -m)" = "aarch64" ];then \
- zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 bind-utils procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
+ zypper --installroot /installroot --non-interactive install --no-recommends syslinux ; \
fi
# DATABASE
@@ -53,8 +59,8 @@ LABEL com.suse.release-stage="released"
COPY --from=base /installroot /
-RUN set -euo pipefail; ln -s /usr/bin/python3.11 /usr/local/bin/python3; \
- ln -s /usr/bin/pydoc3.11 /usr/local/bin/pydoc
+RUN set -euo pipefail; ln -s /usr/bin/python3.13 /usr/local/bin/python3; \
+ ln -s /usr/bin/pydoc3.13 /usr/local/bin/pydoc
ENV GRUB_DIR=/tftpboot/boot/grub
diff --git a/ironic-image/scripts/ironic-common.sh b/ironic-image/scripts/ironic-common.sh
index f192e36..0def24c 100644
--- a/ironic-image/scripts/ironic-common.sh
+++ b/ironic-image/scripts/ironic-common.sh
@@ -262,7 +262,7 @@ wait_for_interface_or_ip()
render_j2_config()
{
- python3.11 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < "$1" > "$2"
+ python3.13 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < "$1" > "$2"
}
run_ironic_dbsync()
diff --git a/ironic-image/scripts/rundnsmasq b/ironic-image/scripts/rundnsmasq
index 7c5b876..28174d0 100755
--- a/ironic-image/scripts/rundnsmasq
+++ b/ironic-image/scripts/rundnsmasq
@@ -36,7 +36,7 @@ fi
# Template and write dnsmasq.conf
# we template via /tmp as sed otherwise creates temp files in /etc directory
# where we can't write
-python3.11 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' <"/tmp/dnsmasq.conf.j2" >"${DNSMASQ_TEMP_DIR}/dnsmasq_temp.conf"
+python3.13 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' <"/tmp/dnsmasq.conf.j2" >"${DNSMASQ_TEMP_DIR}/dnsmasq_temp.conf"
for iface in $(echo "$DNSMASQ_EXCEPT_INTERFACE" | tr ',' ' '); do
sed -i -e "/^interface=.*/ a\except-interface=${iface}" "${DNSMASQ_TEMP_DIR}/dnsmasq_temp.conf"
diff --git a/ironic-image/scripts/runlogwatch.sh b/ironic-image/scripts/runlogwatch.sh
index f1346e7..a6cee14 100755
--- a/ironic-image/scripts/runlogwatch.sh
+++ b/ironic-image/scripts/runlogwatch.sh
@@ -1,17 +1,32 @@
#!/usr/bin/bash
# Ramdisk logs path
-LOG_DIR="/shared/log/ironic/deploy"
+export LOG_DIR="/shared/log/ironic/deploy"
mkdir -p "${LOG_DIR}"
-# shellcheck disable=SC2034
-python3.11 -m pyinotify --raw-format -e IN_CLOSE_WRITE -v "${LOG_DIR}" |
- while read -r event dir mask maskname filename filepath pathname wd; do
- #NOTE(elfosardo): a pyinotify event looks like this:
- #
- FILENAME=$(echo "${filename}" | cut -d'=' -f2-)
- echo "************ Contents of ${LOG_DIR}/${FILENAME} ramdisk log file bundle **************"
- tar -xOzvvf "${LOG_DIR}/${FILENAME}" | sed -e "s/^/${FILENAME}: /"
- rm -f "${LOG_DIR}/${FILENAME}"
+# Function to process log files
+process_log_file() {
+ local FILEPATH="$1"
+ # shellcheck disable=SC2155
+ local FILENAME=$(basename "${FILEPATH}")
+
+ echo "************ Contents of ${LOG_DIR}/${FILENAME} ramdisk log file bundle **************"
+ tar -tzf "${FILEPATH}" | while read -r entry; do
+ echo "${FILENAME}: **** Entry: ${entry} ****"
+ tar -xOzf "${FILEPATH}" "${entry}" | sed -e "s/^/${FILENAME}: /"
+ echo
done
+ rm -f "${FILEPATH}"
+}
+
+# Export the function so watchmedo can use it
+export -f process_log_file
+
+# Use watchmedo to monitor for file close events
+# shellcheck disable=SC2016
+watchmedo shell-command \
+ --patterns="*" \
+ --ignore-directories \
+ --command='if [[ "${watch_event_type}" == "closed" ]]; then process_log_file "${watch_src_path}"; fi' \
+ "${LOG_DIR}"
\ No newline at end of file
diff --git a/ironic-image/scripts/tls-common.sh b/ironic-image/scripts/tls-common.sh
index 1229715..4d25c70 100644
--- a/ironic-image/scripts/tls-common.sh
+++ b/ironic-image/scripts/tls-common.sh
@@ -105,11 +105,17 @@ configure_restart_on_certificate_update()
if [[ "${enabled}" == "true" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
if [[ "${service}" == httpd ]]; then
+ # shellcheck disable=SC2034
signal="WINCH"
fi
- python3 -m pyinotify --raw-format -e IN_DELETE_SELF -v "${cert_file}" |
- while read -r; do
- pkill "-${signal}" "${service}"
- done &
+
+ # Use watchmedo to monitor certificate file deletion
+ # shellcheck disable=SC2016
+ watchmedo shell-command \
+ --patterns="$(basename "${cert_file}")" \
+ --ignore-directories \
+ --command='if [[ "${watch_event_type}" == "deleted" ]]; then pkill -'"${signal}"' '"${service}"'; fi' \
+ "$(dirname "${cert_file}")" &
fi
}
+
diff --git a/ironic-ipa-downloader-image/Dockerfile b/ironic-ipa-downloader-image/Dockerfile
index 08909e2..a75c12c 100644
--- a/ironic-ipa-downloader-image/Dockerfile
+++ b/ironic-ipa-downloader-image/Dockerfile
@@ -9,8 +9,6 @@ COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio findutils
-RUN cp /usr/bin/getopt /installroot/
-
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
@@ -32,7 +30,6 @@ LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
-RUN cp /getopt /usr/bin/
RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
# configure non-root user
COPY configure-nonroot.sh /bin/
diff --git a/ironic-ipa-downloader-image/Dockerfile.aarch64 b/ironic-ipa-downloader-image/Dockerfile.aarch64
index 6f47548..34ae7b7 100644
--- a/ironic-ipa-downloader-image/Dockerfile.aarch64
+++ b/ironic-ipa-downloader-image/Dockerfile.aarch64
@@ -9,8 +9,6 @@ COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio findutils
-RUN cp /usr/bin/getopt /installroot/
-
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
@@ -32,7 +30,6 @@ LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
-RUN cp /getopt /usr/bin/
RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
# configure non-root user
COPY configure-nonroot.sh /bin/
diff --git a/ironic-ipa-downloader-image/Dockerfile.x86_64 b/ironic-ipa-downloader-image/Dockerfile.x86_64
index 619cbeb..3f1911b 100644
--- a/ironic-ipa-downloader-image/Dockerfile.x86_64
+++ b/ironic-ipa-downloader-image/Dockerfile.x86_64
@@ -9,8 +9,6 @@ COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 tar gawk curl xz zstd shadow cpio findutils
-RUN cp /usr/bin/getopt /installroot/
-
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
@@ -32,7 +30,6 @@ LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
-RUN cp /getopt /usr/bin/
RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
# configure non-root user
COPY configure-nonroot.sh /bin/
diff --git a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
index 454b163..d7c6f32 100644
--- a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
+++ b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
@@ -76,6 +76,7 @@
+
@@ -87,6 +88,7 @@
+
@@ -95,15 +97,14 @@
+
-
-
diff --git a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
index e398255..6c725fc 100644
--- a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
+++ b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
@@ -29,12 +29,12 @@ Source0: config.sh
Source10: ironic-ipa-ramdisk.kiwi
Source20: root
+#!BuildIgnore: systemd-mini
+BuildRequires: systemd
BuildRequires: -post-build-checks
BuildRequires: bash
BuildRequires: kiwi
-BuildRequires: kiwi-tools
BuildRequires: zypper
-BuildArch: noarch
BuildRequires: checkmedia
BuildRequires: acl
@@ -55,7 +55,6 @@ BuildRequires: grub2-x86_64-efi
%ifarch aarch64
BuildRequires: grub2-arm64-efi
%endif
-BuildRequires: haveged
BuildRequires: hdparm
BuildRequires: hwinfo
BuildRequires: ipmitool
@@ -65,7 +64,7 @@ BuildRequires: kernel-default
BuildRequires: kernel-firmware-all
BuildRequires: lvm2
BuildRequires: net-tools
-BuildRequires: ntp
+BuildRequires: chrony
BuildRequires: open-iscsi
BuildRequires: openssh
BuildRequires: openstack-ironic-python-agent
@@ -77,7 +76,6 @@ BuildRequires: pkgconfig
BuildRequires: Mesa-gallium
BuildRequires: plymouth
BuildRequires: plymouth-scripts
-BuildRequires: python311-proliantutils
BuildRequires: psmisc
BuildRequires: qemu-tools
BuildRequires: sg3_utils
@@ -105,6 +103,9 @@ BuildRequires: lshw
BuildRequires: kbd
BuildRequires: dmidecode
BuildRequires: efibootmgr
+BuildRequires: glibc-locale
+BuildRequires: krb5
+BuildRequires: gettext-runtime
%ifarch x86_64
BuildRequires: syslinux
%endif
@@ -113,10 +114,9 @@ BuildRequires: syslinux
Kernel and ramdisk image for use with Metal3
%package %{_arch}
+BuildArch: noarch
Summary: Kernel and ramdisk image for Metal3
Group: System/Management
-Provides: openstack-ironic-python-agent = %{version}
-Obsoletes: openstack-ironic-python-agent < %{version}
%description %{_arch}
Kernel and ramdisk image for use with Metal3
diff --git a/metal3-chart/charts/ironic/templates/configmap.yaml b/metal3-chart/charts/ironic/templates/configmap.yaml
index 58912b4..ca1e970 100644
--- a/metal3-chart/charts/ironic/templates/configmap.yaml
+++ b/metal3-chart/charts/ironic/templates/configmap.yaml
@@ -53,5 +53,5 @@ data:
IRONIC_USE_MARIADB: "false"
{{- end }}
{{- with .Values.ironicExtraEnv -}}
- {{ toYaml . | nindent 2 }}
+ {{ toYaml . | nindent 2 }}
{{- end -}}
\ No newline at end of file
diff --git a/metal3-chart/values.yaml b/metal3-chart/values.yaml
index 2364916..928a68a 100644
--- a/metal3-chart/values.yaml
+++ b/metal3-chart/values.yaml
@@ -89,8 +89,6 @@ metal3-media:
# available to the Ironic deployment services.
mediaVolume:
hostPath: /opt/media
- image:
- repository: "%%IMG_REPO%%/%%IMG_PREFIX%%ironic"
#
# ironic service
diff --git a/obs-service-set_version b/obs-service-set_version
deleted file mode 160000
index 796f9dc..0000000
--- a/obs-service-set_version
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 796f9dc0b9b8dfefc72648043648d347040ce4e95d9810ec9ccba00645a4573d
diff --git a/python-Pyro5 b/python-Pyro5
new file mode 160000
index 0000000..34ebd08
--- /dev/null
+++ b/python-Pyro5
@@ -0,0 +1 @@
+Subproject commit 34ebd08ab32e6375255d3716d1d423d3615ea9e450242320a3bcd1dc3ee0174f
diff --git a/python-amqp b/python-amqp
new file mode 160000
index 0000000..d536919
--- /dev/null
+++ b/python-amqp
@@ -0,0 +1 @@
+Subproject commit d53691982c4a2673d643d21078ea290ddcb2e53f5e49ba1bb481fd0099cc2761
diff --git a/python-annotated-types b/python-annotated-types
deleted file mode 160000
index ffc9e3f..0000000
--- a/python-annotated-types
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit ffc9e3fb44e2fcc3fb2c22a521f9df0c6a6417c4ae9b2a8a9a02bd3e5d555e3c
diff --git a/python-autopage b/python-autopage
new file mode 160000
index 0000000..d94c1ee
--- /dev/null
+++ b/python-autopage
@@ -0,0 +1 @@
+Subproject commit d94c1eef649d7a18285d707bdf3d1d403e654f7469d472513fe44e042c0ba10d
diff --git a/python-case b/python-case
new file mode 160000
index 0000000..e2f2275
--- /dev/null
+++ b/python-case
@@ -0,0 +1 @@
+Subproject commit e2f227563f85203064d09061632831248efc03ee259eede37e286088504177ad
diff --git a/python-cfgv b/python-cfgv
new file mode 160000
index 0000000..1c0551d
--- /dev/null
+++ b/python-cfgv
@@ -0,0 +1 @@
+Subproject commit 1c0551d5f98cdb28bf2c4674572d5447a03609e4fa9fd6c450ca93bad2646e91
diff --git a/python-cliff b/python-cliff
new file mode 160000
index 0000000..eedf9cc
--- /dev/null
+++ b/python-cliff
@@ -0,0 +1 @@
+Subproject commit eedf9cc5d262163b721030a2028c5db94a68a708d23daec9d7610a7e128c516a
diff --git a/python-cmd2 b/python-cmd2
new file mode 160000
index 0000000..4d2e0aa
--- /dev/null
+++ b/python-cmd2
@@ -0,0 +1 @@
+Subproject commit 4d2e0aa7e8fb1a316943de564c626855f1ac9fb32039e2a0b5bd42f2ab734c26
diff --git a/python-commonmark b/python-commonmark
new file mode 160000
index 0000000..00e4175
--- /dev/null
+++ b/python-commonmark
@@ -0,0 +1 @@
+Subproject commit 00e4175582282b894244147b9de9e24563e5426e167b02a80e6befcea55394fd
diff --git a/python-dogpile.cache b/python-dogpile.cache
new file mode 160000
index 0000000..605b09b
--- /dev/null
+++ b/python-dogpile.cache
@@ -0,0 +1 @@
+Subproject commit 605b09b518a53bc9af479a22cc6693575c10214e94984c9e33e93e725daf66dc
diff --git a/python-durationpy b/python-durationpy
new file mode 160000
index 0000000..6b352c2
--- /dev/null
+++ b/python-durationpy
@@ -0,0 +1 @@
+Subproject commit 6b352c2e86c5f521ee8ea443debf5c0592125709ce2f63fdc33f6e3f15232ee1
diff --git a/python-editdistance b/python-editdistance
new file mode 160000
index 0000000..d957c04
--- /dev/null
+++ b/python-editdistance
@@ -0,0 +1 @@
+Subproject commit d957c048375091a66d59482c45acfb5bbd4ae581637c46d0836b2685352dd4ba
diff --git a/python-executing b/python-executing
deleted file mode 160000
index ac466db..0000000
--- a/python-executing
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit ac466db0b5734fd479794b9fdc61da736b008b2ae4c73d533b785f9b67d7f541
diff --git a/python-flexcache b/python-flexcache
new file mode 160000
index 0000000..c1ce05f
--- /dev/null
+++ b/python-flexcache
@@ -0,0 +1 @@
+Subproject commit c1ce05f6e75e94e6f2fc7e6cb407eefd7b3e516162def7c214bb1163a0ec3443
diff --git a/python-flexparser b/python-flexparser
new file mode 160000
index 0000000..a0cc6a8
--- /dev/null
+++ b/python-flexparser
@@ -0,0 +1 @@
+Subproject commit a0cc6a8151cca7c9ced9c6432df9dfff5d492a3975178a9f876fe5810c462f93
diff --git a/python-flit-core b/python-flit-core
deleted file mode 160000
index 4362b05..0000000
--- a/python-flit-core
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 4362b05ea3d7513b64a6e64a7b923fbb0bc6b676ba8cd3c528d141456ba08635
diff --git a/python-google-cloud-monitoring b/python-google-cloud-monitoring
new file mode 160000
index 0000000..747f52a
--- /dev/null
+++ b/python-google-cloud-monitoring
@@ -0,0 +1 @@
+Subproject commit 747f52a49995a2b75397ad0c767d25e62776128aa5a6e27a76634a8f27d4eb6c
diff --git a/python-google-cloud-pubsub b/python-google-cloud-pubsub
new file mode 160000
index 0000000..474ed3b
--- /dev/null
+++ b/python-google-cloud-pubsub
@@ -0,0 +1 @@
+Subproject commit 474ed3b69fb655489d877308107ef1433842638cf45b52e125f1993eb9bacdfa
diff --git a/python-grpc-google-iam-v1 b/python-grpc-google-iam-v1
new file mode 160000
index 0000000..3060f85
--- /dev/null
+++ b/python-grpc-google-iam-v1
@@ -0,0 +1 @@
+Subproject commit 3060f8579f26f4a8ce2b12c5ae353c20ddafb7e71e384b93080f8c2936949b18
diff --git a/python-identify b/python-identify
new file mode 160000
index 0000000..a7e6a73
--- /dev/null
+++ b/python-identify
@@ -0,0 +1 @@
+Subproject commit a7e6a733149ef2ec6bfddf64aa084cece354812d0ad98ce93bdb45cbe45145e3
diff --git a/python-ifaddr b/python-ifaddr
new file mode 160000
index 0000000..77eab78
--- /dev/null
+++ b/python-ifaddr
@@ -0,0 +1 @@
+Subproject commit 77eab78851795c8943685f68a2de41ff5adde626cb2d4a19d7e6e4a823a7b772
diff --git a/python-iniparse b/python-iniparse
new file mode 160000
index 0000000..5f23a4d
--- /dev/null
+++ b/python-iniparse
@@ -0,0 +1 @@
+Subproject commit 5f23a4d54fa7f4906cae6b7ca0ad1a567119ff447e03b9d4e7bd5c102098e733
diff --git a/python-inline-snapshot b/python-inline-snapshot
deleted file mode 160000
index 1e91744..0000000
--- a/python-inline-snapshot
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 1e917444d7edcfcc9862db03abfac4007783b2e29ac33bbe84e2dc1dd9f9c167
diff --git a/python-kombu b/python-kombu
new file mode 160000
index 0000000..29792cf
--- /dev/null
+++ b/python-kombu
@@ -0,0 +1 @@
+Subproject commit 29792cfaeb72133948df0bcd0be1e204c9abb51928ae03a9034f09115bf1fcb5
diff --git a/python-kubernetes b/python-kubernetes
new file mode 160000
index 0000000..734555e
--- /dev/null
+++ b/python-kubernetes
@@ -0,0 +1 @@
+Subproject commit 734555e3c5855d07836682ad96f3f1036bfd51412094f6f333be983663a08404
diff --git a/python-pandas b/python-pandas
new file mode 160000
index 0000000..93ae2a2
--- /dev/null
+++ b/python-pandas
@@ -0,0 +1 @@
+Subproject commit 93ae2a2ae1770c8eab65c646d548c41c649121712aa905e2d86ee95f49605b7a
diff --git a/python-pecan b/python-pecan
new file mode 160000
index 0000000..fa6b8cd
--- /dev/null
+++ b/python-pecan
@@ -0,0 +1 @@
+Subproject commit fa6b8cda43b64553f90a702bde868fe24659f72b3abdaac68d5beb5c05a0099a
diff --git a/python-pint b/python-pint
new file mode 160000
index 0000000..3e86ac6
--- /dev/null
+++ b/python-pint
@@ -0,0 +1 @@
+Subproject commit 3e86ac69b312fd0d818a2411d1a6e820709889aa3acbaaa35ee8bcc0b1e8c785
diff --git a/python-pre-commit b/python-pre-commit
new file mode 160000
index 0000000..01d16f6
--- /dev/null
+++ b/python-pre-commit
@@ -0,0 +1 @@
+Subproject commit 01d16f673e4ae5b4d9ff9e4c773bf0ded6ae741663832ef5835d223608443cea
diff --git a/python-pycdlib b/python-pycdlib
new file mode 160000
index 0000000..0a8b0d5
--- /dev/null
+++ b/python-pycdlib
@@ -0,0 +1 @@
+Subproject commit 0a8b0d5058b95567d3abfac5868282b6a6a7d4a09893dec99e1b5b350a423d53
diff --git a/python-pydantic b/python-pydantic
deleted file mode 160000
index f19a5a7..0000000
--- a/python-pydantic
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit f19a5a780ff647ce0cd317ddbe6d60fb216b50ade0e294b24be5798d5bb7c55c
diff --git a/python-pydantic-core b/python-pydantic-core
deleted file mode 160000
index 00355d0..0000000
--- a/python-pydantic-core
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 00355d08255833b897253c1cee7752bb9a3dd0dce01359f71e040a5270c60904
diff --git a/python-pytest-mpl b/python-pytest-mpl
new file mode 160000
index 0000000..ea05902
--- /dev/null
+++ b/python-pytest-mpl
@@ -0,0 +1 @@
+Subproject commit ea05902cbc6850b8ced9b5013d7dd957b04e82298cefb1bbf29f479ccdd22644
diff --git a/python-python-memcached b/python-python-memcached
new file mode 160000
index 0000000..8422311
--- /dev/null
+++ b/python-python-memcached
@@ -0,0 +1 @@
+Subproject commit 84223113c4856edf52db4766dce58b71c7b0febd8e4a3f535866990fcf8aff25
diff --git a/python-recommonmark b/python-recommonmark
new file mode 160000
index 0000000..1040cc2
--- /dev/null
+++ b/python-recommonmark
@@ -0,0 +1 @@
+Subproject commit 1040cc24d87a15037eaf6f32a62ca9eb318018ea43c054c0f8425ebbb03306d1
diff --git a/python-repoze.lru b/python-repoze.lru
new file mode 160000
index 0000000..6749440
--- /dev/null
+++ b/python-repoze.lru
@@ -0,0 +1 @@
+Subproject commit 6749440ecd8b2d27b6a04a14e8b11000321e5fab9d29b14c41e0ebf7df050c31
diff --git a/python-requests-kerberos b/python-requests-kerberos
new file mode 160000
index 0000000..4a3edbf
--- /dev/null
+++ b/python-requests-kerberos
@@ -0,0 +1 @@
+Subproject commit 4a3edbf973ee7fc777543d9fdcf7980b6cbd7f39944788e84bfa98dc9f36472b
diff --git a/python-requestsexceptions b/python-requestsexceptions
new file mode 160000
index 0000000..aff64b8
--- /dev/null
+++ b/python-requestsexceptions
@@ -0,0 +1 @@
+Subproject commit aff64b82685693b241a083f85e14fcfe1e30a353ad91989bea8834c7aec1610b
diff --git a/python-rich/_service b/python-rich/_service
deleted file mode 100644
index 58c8622..0000000
--- a/python-rich/_service
+++ /dev/null
@@ -1,3 +0,0 @@
-
-
-
diff --git a/python-rich/pygments.patch b/python-rich/pygments.patch
deleted file mode 100644
index 5547d65..0000000
--- a/python-rich/pygments.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 08be21dadfd2ce9e96e41e366ab38bd8d7cd0e39 Mon Sep 17 00:00:00 2001
-From: Dan Lazin
-Date: Tue, 7 Jan 2025 16:04:56 -0500
-Subject: [PATCH] Fix test that changed with Pygments 2.19.
-
----
- tests/test_markdown.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: rich-13.9.4/tests/test_markdown.py
-===================================================================
---- rich-13.9.4.orig/tests/test_markdown.py
-+++ rich-13.9.4/tests/test_markdown.py
-@@ -110,7 +110,7 @@ def test_inline_code():
- inline_code_theme="emacs",
- )
- result = render(markdown)
-- expected = "inline \x1b[1;38;2;170;34;255;48;2;248;248;248mimport\x1b[0m\x1b[38;2;0;0;0;48;2;248;248;248m \x1b[0m\x1b[1;38;2;0;0;255;48;2;248;248;248mthis\x1b[0m code \n"
-+ expected = "inline \x1b[1;38;2;170;34;255;48;2;248;248;248mimport\x1b[0m\x1b[38;2;187;187;187;48;2;248;248;248m \x1b[0m\x1b[1;38;2;0;0;255;48;2;248;248;248mthis\x1b[0m code \n"
- print(result)
- print(repr(result))
- assert result == expected
-Index: rich-13.9.4/tests/test_syntax.py
-===================================================================
---- rich-13.9.4.orig/tests/test_syntax.py
-+++ rich-13.9.4/tests/test_syntax.py
-@@ -53,7 +53,7 @@ def test_blank_lines():
- print(repr(result))
- assert (
- result
-- == "\x1b[1;38;2;24;24;24;48;2;248;248;248m \x1b[0m\x1b[38;2;173;173;173;48;2;248;248;248m1 \x1b[0m\x1b[48;2;248;248;248m \x1b[0m\n\x1b[1;38;2;24;24;24;48;2;248;248;248m \x1b[0m\x1b[38;2;173;173;173;48;2;248;248;248m2 \x1b[0m\x1b[48;2;248;248;248m \x1b[0m\n\x1b[1;38;2;24;24;24;48;2;248;248;248m \x1b[0m\x1b[38;2;173;173;173;48;2;248;248;248m3 \x1b[0m\x1b[1;38;2;0;128;0;48;2;248;248;248mimport\x1b[0m\x1b[38;2;0;0;0;48;2;248;248;248m \x1b[0m\x1b[1;38;2;0;0;255;48;2;248;248;248mthis\x1b[0m\x1b[48;2;248;248;248m \x1b[0m\n\x1b[1;38;2;24;24;24;48;2;248;248;248m \x1b[0m\x1b[38;2;173;173;173;48;2;248;248;248m4 \x1b[0m\x1b[48;2;248;248;248m \x1b[0m\n\x1b[1;38;2;24;24;24;48;2;248;248;248m \x1b[0m\x1b[38;2;173;173;173;48;2;248;248;248m5 \x1b[0m\x1b[48;2;248;248;248m \x1b[0m\n"
-+ == "\x1b[1;38;2;24;24;24;48;2;248;248;248m \x1b[0m\x1b[38;2;173;173;173;48;2;248;248;248m1 \x1b[0m\x1b[48;2;248;248;248m \x1b[0m\n\x1b[1;38;2;24;24;24;48;2;248;248;248m \x1b[0m\x1b[38;2;173;173;173;48;2;248;248;248m2 \x1b[0m\x1b[48;2;248;248;248m \x1b[0m\n\x1b[1;38;2;24;24;24;48;2;248;248;248m \x1b[0m\x1b[38;2;173;173;173;48;2;248;248;248m3 \x1b[0m\x1b[1;38;2;0;128;0;48;2;248;248;248mimport\x1b[0m\x1b[38;2;187;187;187;48;2;248;248;248m \x1b[0m\x1b[1;38;2;0;0;255;48;2;248;248;248mthis\x1b[0m\x1b[48;2;248;248;248m \x1b[0m\n\x1b[1;38;2;24;24;24;48;2;248;248;248m \x1b[0m\x1b[38;2;173;173;173;48;2;248;248;248m4 \x1b[0m\x1b[48;2;248;248;248m \x1b[0m\n\x1b[1;38;2;24;24;24;48;2;248;248;248m \x1b[0m\x1b[38;2;173;173;173;48;2;248;248;248m5 \x1b[0m\x1b[48;2;248;248;248m \x1b[0m\n"
- )
-
-
-@@ -119,7 +119,7 @@ def test_python_render_simple_indent_gui
- )
- rendered_syntax = render(syntax)
- print(repr(rendered_syntax))
-- expected = '\x1b[34mdef\x1b[0m \x1b[32mloop_first_last\x1b[0m(values: Iterable[T]) -> Iterable[Tuple[\x1b[36mb\x1b[0m\n\x1b[2;37m│ \x1b[0m\x1b[33m"""Iterate and generate a tuple with a flag for first an\x1b[0m\n\x1b[2m│ \x1b[0miter_values = \x1b[36miter\x1b[0m(values)\n\x1b[2m│ \x1b[0m\x1b[34mtry\x1b[0m:\n\x1b[2m│ │ \x1b[0mprevious_value = \x1b[36mnext\x1b[0m(iter_values)\n\x1b[2m│ \x1b[0m\x1b[34mexcept\x1b[0m \x1b[36mStopIteration\x1b[0m:\n\x1b[2m│ │ \x1b[0m\x1b[34mreturn\x1b[0m\n\x1b[2m│ \x1b[0mfirst = \x1b[34mTrue\x1b[0m\n\x1b[2m│ \x1b[0m\x1b[34mfor\x1b[0m value \x1b[35min\x1b[0m iter_values:\n\x1b[2m│ │ \x1b[0m\x1b[34myield\x1b[0m first, \x1b[34mFalse\x1b[0m, previous_value\n\x1b[2m│ │ \x1b[0mfirst = \x1b[34mFalse\x1b[0m\n\x1b[2m│ │ \x1b[0mprevious_value = value\n\x1b[2m│ \x1b[0m\x1b[34myield\x1b[0m first, \x1b[34mTrue\x1b[0m, previous_value\n'
-+ expected = '\x1b[34mdef\x1b[0m\x1b[37m \x1b[0m\x1b[32mloop_first_last\x1b[0m(values: Iterable[T]) -> Iterable[Tuple[\x1b[36mb\x1b[0m\n\x1b[2;37m│ \x1b[0m\x1b[33m"""Iterate and generate a tuple with a flag for first an\x1b[0m\n\x1b[2m│ \x1b[0miter_values = \x1b[36miter\x1b[0m(values)\n\x1b[2m│ \x1b[0m\x1b[34mtry\x1b[0m:\n\x1b[2m│ │ \x1b[0mprevious_value = \x1b[36mnext\x1b[0m(iter_values)\n\x1b[2m│ \x1b[0m\x1b[34mexcept\x1b[0m \x1b[36mStopIteration\x1b[0m:\n\x1b[2m│ │ \x1b[0m\x1b[34mreturn\x1b[0m\n\x1b[2m│ \x1b[0mfirst = \x1b[34mTrue\x1b[0m\n\x1b[2m│ \x1b[0m\x1b[34mfor\x1b[0m value \x1b[35min\x1b[0m iter_values:\n\x1b[2m│ │ \x1b[0m\x1b[34myield\x1b[0m first, \x1b[34mFalse\x1b[0m, previous_value\n\x1b[2m│ │ \x1b[0mfirst = \x1b[34mFalse\x1b[0m\n\x1b[2m│ │ \x1b[0mprevious_value = value\n\x1b[2m│ \x1b[0m\x1b[34myield\x1b[0m first, \x1b[34mTrue\x1b[0m, previous_value\n'
- assert rendered_syntax == expected
-
-
-
diff --git a/python-rich/python-rich.spec b/python-rich/python-rich.spec
deleted file mode 100644
index f9b2489..0000000
--- a/python-rich/python-rich.spec
+++ /dev/null
@@ -1,66 +0,0 @@
-#
-# spec file for package python-rich
-#
-# Copyright (c) 2025 SUSE LLC
-# Copyright (c) 2020-2021, Martin Hauke
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-%{?sle15_python_module_pythons}
-Name: python-rich
-Version: 14.0.0
-Release: 0
-Summary: A Python library for rich text and beautiful formatting in the terminal
-License: MIT
-URL: https://github.com/Textualize/rich
-#!RemoteAsset: https://github.com/Textualize/rich/archive/refs/tags/v%{version}.tar.gz rich-%{version}.tar.gz
-Source: rich-%{version}.tar.gz
-# PATCH-FIX-UPSTREAM https://github.com/Textualize/rich/pull/3604 Fix test that changed with Pygments 2.19.
-# and https://github.com/Textualize/rich/pull/3608 fix remaining tests with Pygments 2.19 #3604 did not fix
-Patch: pygments.patch
-BuildRequires: %{python_module base >= 3.8}
-BuildRequires: %{python_module markdown-it-py >= 2.2.0}
-BuildRequires: %{python_module pip}
-BuildRequires: %{python_module poetry-core}
-BuildRequires: %{python_module pygments >= 2.13.0}
-BuildRequires: fdupes
-BuildRequires: python-rpm-macros
-Requires: python-markdown-it-py >= 2.2.0
-Requires: python-pygments >= 2.13.0
-Suggests: python-ipywidgets >= 7.5.1
-BuildArch: noarch
-# TODO(edu): Disabled all tests
-%python_subpackages
-
-%description
-Render rich text, tables, progress bars, syntax highlighting,
-markdown and more to the terminal.
-
-%prep
-%autosetup -p1 -n rich-%{version}
-
-%build
-%pyproject_wheel
-
-%install
-%pyproject_install
-%python_expand %fdupes %{buildroot}%{$python_sitelib}
-
-%files %{python_files}
-%license LICENSE
-%doc README.md
-%{python_sitelib}/rich
-%{python_sitelib}/rich-%{version}.dist-info
-
-%changelog
diff --git a/python-routes b/python-routes
new file mode 160000
index 0000000..9e68681
--- /dev/null
+++ b/python-routes
@@ -0,0 +1 @@
+Subproject commit 9e68681b9f5373caba5c4f2a68eaf8b9fe24af026dfd0108bf21a50829b0e458
diff --git a/python-serpent b/python-serpent
new file mode 160000
index 0000000..130596c
--- /dev/null
+++ b/python-serpent
@@ -0,0 +1 @@
+Subproject commit 130596c4935859fe081e82f460a1fca6793cef992d3d8245a166a6858a5a3011
diff --git a/python-setproctitle b/python-setproctitle
new file mode 160000
index 0000000..d00222d
--- /dev/null
+++ b/python-setproctitle
@@ -0,0 +1 @@
+Subproject commit d00222df9171d1a52035bae9cd2c589116106a968d8d19a92d1ca3e38c196990
diff --git a/python-statsd b/python-statsd
new file mode 160000
index 0000000..7323317
--- /dev/null
+++ b/python-statsd
@@ -0,0 +1 @@
+Subproject commit 732331777aa5ba17304825c38babe64117dbf31b9212062179e56485750ce51d
diff --git a/python-tenacity b/python-tenacity
new file mode 160000
index 0000000..6780db9
--- /dev/null
+++ b/python-tenacity
@@ -0,0 +1 @@
+Subproject commit 6780db96304057406a65da8fd933ce3912f9b9f069c936dbaa6c0f6f6552a4ab
diff --git a/python-typing-inspection b/python-typing-inspection
deleted file mode 160000
index 9400618..0000000
--- a/python-typing-inspection
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 9400618faed93df5c23f0e6f02097b2c605b9e50898bbc414775f8e185b86b44
diff --git a/python-typing_extensions b/python-typing_extensions
deleted file mode 160000
index 598c5a8..0000000
--- a/python-typing_extensions
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 598c5a8313fca8f7f46421f9e8c8203b12dcd33b60544fe1d6fbe6fc0868d8f2
diff --git a/python-uncertainties b/python-uncertainties
new file mode 160000
index 0000000..a84d1f4
--- /dev/null
+++ b/python-uncertainties
@@ -0,0 +1 @@
+Subproject commit a84d1f426c61c79b5975a5ca5db19ed2571ee772946f7b753c70a460e7ed453b
diff --git a/python-vine b/python-vine
new file mode 160000
index 0000000..d71e74a
--- /dev/null
+++ b/python-vine
@@ -0,0 +1 @@
+Subproject commit d71e74aa12ee54704a5195b68e44430bbe9fee8344548a3bbfa2c90ff6f961db
diff --git a/python-warlock b/python-warlock
new file mode 160000
index 0000000..f6ce832
--- /dev/null
+++ b/python-warlock
@@ -0,0 +1 @@
+Subproject commit f6ce8327519c660ecb95efba411ade006966647718f1952a7823189e659c36da
diff --git a/python-yappi b/python-yappi
new file mode 160000
index 0000000..8d82c28
--- /dev/null
+++ b/python-yappi
@@ -0,0 +1 @@
+Subproject commit 8d82c2845e3c7ecbf951f62fbe2aeec3ab19a3774f03fbd94c0be9fab152b2b4
diff --git a/python-zeroconf b/python-zeroconf
new file mode 160000
index 0000000..4726e97
--- /dev/null
+++ b/python-zeroconf
@@ -0,0 +1 @@
+Subproject commit 4726e97454608d6da1dc30eef716dccbef660bf89d1f0750db0175bc16def5a5
diff --git a/shim-noarch/shim-15.7-150300.4.16.1.aarch64.rpm b/shim-noarch/shim-15.7-150300.4.16.1.aarch64.rpm
deleted file mode 100644
index d780602..0000000
Binary files a/shim-noarch/shim-15.7-150300.4.16.1.aarch64.rpm and /dev/null differ
diff --git a/shim-noarch/shim-15.7-150300.4.16.1.x86_64.rpm b/shim-noarch/shim-15.7-150300.4.16.1.x86_64.rpm
deleted file mode 100644
index e8cac3d..0000000
Binary files a/shim-noarch/shim-15.7-150300.4.16.1.x86_64.rpm and /dev/null differ
diff --git a/shim-noarch/shim-15.8-150300.4.20.2.aarch64.rpm b/shim-noarch/shim-15.8-150300.4.20.2.aarch64.rpm
new file mode 100644
index 0000000..22cd41e
Binary files /dev/null and b/shim-noarch/shim-15.8-150300.4.20.2.aarch64.rpm differ
diff --git a/shim-noarch/shim-15.8-150300.4.20.2.x86_64.rpm b/shim-noarch/shim-15.8-150300.4.20.2.x86_64.rpm
new file mode 100644
index 0000000..02791c5
Binary files /dev/null and b/shim-noarch/shim-15.8-150300.4.20.2.x86_64.rpm differ
diff --git a/shim-noarch/shim.changes b/shim-noarch/shim.changes
index f8eced6..2591dfa 100644
--- a/shim-noarch/shim.changes
+++ b/shim-noarch/shim.changes
@@ -1,3 +1,106 @@
+-------------------------------------------------------------------
+Tue Apr 22 20:39:33 UTC 2025 - Eugenio Paolantonio
+
+- Undefine %_enable_debug_packages to fix building with rpm-4.20
+ (backport of the fix from Factory in SR#1232808)
+- Fix build with rpm 4.20 by copying the extracted directories
+ explicitly
+
+-------------------------------------------------------------------
+Thu Sep 19 06:27:27 UTC 2024 - Gary Ching-Pang Lin
+
+- Update shim-install to limit the scope of the 'removable'
+ SL-Micro to the image booting with TPM2 unsealing (bsc#1210382)
+ * 769e41d Limit the removable option to encrypted SL-Micro
+
+-------------------------------------------------------------------
+Mon Sep 16 07:28:57 UTC 2024 - Gary Ching-Pang Lin
+
+- Update shim-install to use the 'removable' way for SL-Micro
+ (bsc#1230316)
+ * 433cc4e Always use the removable way for SL-Micro
+
+-------------------------------------------------------------------
+Sun May 19 15:08:27 UTC 2024 - Dennis Tseng
+
+-- Update to version 15.8
+ - Various CVE fixes are already merged into this version
+ mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)
+ avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)
+ Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)
+ Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)
+ pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)
+ pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)
+ - remove shim-Enable-the-NX-compatibility-flag-by-default.patch
+ The codes in this patch are already existing in shim-15.8
+ The NX flag is disable which is same as the default value of shim-15.8,
+ hence, not need to enable it by this patch now.
+ - Patches (git log --oneline --reverse 15.7..15.8)
+ 657b248 Make sbat_var.S parse right with buggy gcc/binutils
+ 7c76425 Enable the NX compatibility flag by default.
+ 89972ae CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper
+ c7b3051 pe: Align section size up to page size for mem attrs
+ e4f40ae pe: Add IS_PAGE_ALIGNED macro
+ f23883c Don't loop forever in load_certs() with buggy firmware
+ 1f38cb3 Optionally allow to keep shim protocol installed
+ 102a658 Drop invalid calls to `CRYPTO_set_mem_functions`
+ aae3df0 test-sbat: Fix exit code
+ cca3933 Block Debian grub binaries with SBAT < 4
+ cf59f34 Further improve load_certs() for non-compliant drivers/firmwares
+ 0601f44 SBAT-related documents formatting and spelling
+ 0640e13 Add a security contact email address in README.md
+ 0bfc397 Work around malformed path delimiters in file paths from DHCP
+ a8b0b60 pe: only process RelocDir->Size of reloc section
+ f7a4338 Skip testing msleep()
+ 549d346 Rename 'msecs' to 'usecs' to avoid potential confusion
+ 908c388 Change type of fallback_verbose_wait from int to unsigned long
+ 05eae92 Add SbatLevel_Variable.txt to document the various revocations
+ 243f125 Use -Wno-unused-but-set-variable for Cryptlib and OpenSSL
+ 89d25a1 Add a make rule for compile_commands.json
+ 118ff87 Add gnu-stack notes
+ f132655 test: Make our fake dprintf be a statement.
+ be00279 Remove CentOS 7 test builds.
+ 9964960 Split pe.c up even more.
+ 569270d Test (and fix) ImageAddress()
+ 61e9894 Verify signature before verifying sbat levels
+ 1578b55 Add libFuzzer support for csv.c
+ a0673e3 Fix a 1-byte memory leak in .sbat parsing.
+ e246812 Add libFuzzer support to the .sbat parser.
+ fd43eda Work around ImageAddress() usage mistake
+ 1e985a3 Correctly free memory allocated in handle_image()
+ dbbe3c8 mok: Avoid underflow in maximum variable size calculation
+ 04111d4 Make some of the static analysis tools a little easier to run
+ 7ba7440 compile_commands.json: remove stuff clang doesn't like
+ 66e6579 CVE-2023-40546 mok: fix LogError() invocation
+ f271826 Add primitives for overflow-checked arithmetic operations.
+ 8372147 pe-relocate: Add a fuzzer for read_header()
+ 5a5147d CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries
+ e912071 pe-relocate: make read_header() use checked arithmetic operations.
+ 93ce255 CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat()
+ e7f5fdf pe-relocate: Ensure nothing else implements CVE-2023-40550
+ afdc503 CVE-2023-40549 Authenticode: verify that the signature header is in bounds.
+ 96dccc2 CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system
+ dae82f6 Further mitigations against CVE-2023-40546 as a class
+ ea0f9df Allow SbatLevel data from external binary
+ b078ef2 Always clear SbatLevel when Secure Boot is disabled
+ 7dfb687 BS Variables for bootmgr revocations
+ a967c0e shim should not self revoke
+ 577cedd Print message when refusing to apply SbatLevel
+ e801b0d sbat revocations: check the full section name
+ 0226b56 CVE-2023-40547 - avoid incorrectly trusting HTTP headers
+ 6f0c8d2 Print errors when setting/clearing memory attrs
+ 57c0eed Updated Revocations for January 2024 CVEs
+ 49c6d95 Fix some minor ia32 build issues.
+ be8ff7c post-process-pe: Don't set the NX_COMPAT flag by default after all.
+ 13abd9f pe-relocate: Avoid __builtin_add_overflow() on GCC < 5
+ c46c975 Suppress "Failed to open <..>\revocations.efi" when file does not exist
+ 30a4f37 Rename "previous" revocations to "automatic"
+ 6f395c2 Build time selectable automatic SBATLevel revocations
+ a23e2f0 netboot read_image() should not hardcode DEFAULT_LOADER
+ 993a345 Try to load revocations.efi even if directory read fails
+ 1770a03 gitmodules: use shim-15.8 for gnu-efi branch
+ 5914984 (HEAD -> main, tag: latest-release, tag: 15.8, origin/main, origin/HEAD) Bump version to 15.8
+
-------------------------------------------------------------------
Thu Mar 14 06:05:12 UTC 2024 - Gary Ching-Pang Lin
diff --git a/shim-noarch/shim.spec b/shim-noarch/shim.spec
index 44c1652..2657d9a 100644
--- a/shim-noarch/shim.spec
+++ b/shim-noarch/shim.spec
@@ -21,14 +21,14 @@
%define sysefibasedir %{_datadir}/efi
Name: shim
-Version: 15.7
+Version: 15.8
Release: 0
Summary: UEFI shim loader
License: BSD-2-Clause
Group: System/Boot
URL: https://github.com/rhboot/shim
-Source: shim-15.7-150300.4.16.1.x86_64.rpm
-Source1: shim-15.7-150300.4.16.1.aarch64.rpm
+Source: shim-15.8-150300.4.20.2.x86_64.rpm
+Source1: shim-15.8-150300.4.20.2.aarch64.rpm
Requires: perl-Bootloader
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
@@ -63,9 +63,9 @@ rpm2cpio %{SOURCE1} | cpio --extract --unconditional --preserve-modification-tim
%install
# purely repackaged
-cp -a * %{buildroot}
+cp -a usr %{buildroot}
rm -rf %{buildroot}/usr/lib64/efi
-rm %{buildroot}/etc/uefi/certs/BCA4E38E-shim.crt %{buildroot}/usr/sbin/shim-install %{buildroot}/usr/share/doc/packages/shim/COPYRIGHT
+rm %{buildroot}/usr/sbin/shim-install %{buildroot}/usr/share/doc/packages/shim/COPYRIGHT
%files aarch64
%defattr(-,root,root)
diff --git a/suse-edge-components-versions-image/Dockerfile b/suse-edge-components-versions-image/Dockerfile
index fbe9579..d912763 100644
--- a/suse-edge-components-versions-image/Dockerfile
+++ b/suse-edge-components-versions-image/Dockerfile
@@ -8,7 +8,7 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
-RUN zypper --installroot /installroot --non-interactive install --no-recommends python311-suse-edge-components-versions
+RUN zypper --installroot /installroot --non-interactive install --no-recommends python3-suse-edge-components-versions
# https://opensource.suse.com/bci-docs/guides/adding-users/
ARG USERNAME=suse
diff --git a/uwsgi b/uwsgi
new file mode 160000
index 0000000..4d93bb1
--- /dev/null
+++ b/uwsgi
@@ -0,0 +1 @@
+Subproject commit 4d93bb17ec8dd2e06d3404718733c05f688a071a22e1c50ce5c4ea25c441a460