Accepting request 1191164 from utilities

OBS-URL: https://build.opensuse.org/request/show/1191164
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sbctl?expand=0&rev=4

_service

@@ -5,7 +5,6 @@
     <param name="exclude">.git</param>
     <param name="revision">@PARENT_TAG@</param>
     <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
   </service>
   <service name="set_version" mode="manual">
     <param name="basename">sbctl</param>

sbctl-0.14.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b1e7b62c66e842113a31ab1c1505886e38475c5f1ee8a5f15f2ab32f25ad3ef4
-size 17935856

sbctl-0.15.3.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:af78a78997f903aaa9d275d026e094cc4cbd668254ca320d463232728f91ad5f
+size 17951470

sbctl.changes

@@ -1,3 +1,51 @@
+-------------------------------------------------------------------
+Wed Jul 31 23:55:22 UTC 2024 - Joshua Smith <smolsheep@opensuse.org>
+
+- Update to version 0.15.3:
+  * Fixed a mistake where the db_additions setting in sbctl.conf
+    was not wired up to sbctl setup.
+  * Relaxed the check for an existing install in sbctl setup form
+    looking after /var/lib/sbctl to check for /var/lib/sbctl/keys.
+  * Fixed a bug where dmi information was not read for quirk
+    detection when landlock was enabled.
+  * Fixed a bug where sbctl create-keys did not have access to
+    /var/lib under landlock.
+  * Fixed a bug where sbctl setup didn't have access to /usr/share.
+
+-------------------------------------------------------------------
+Wed Jul 31 14:13:47 UTC 2024 - Joshua Smith <smolsheep@opensuse.org>
+
+- Added minimum go required version
+- Update to version 0.15.2:
+  * Fixed a bug where sbctl setup aborts early because
+    /var/lib/sbctl already exists.
+- Updates from version 0.15.1:
+  * Fixed an issue where sbctl migrate did not work without
+    --disable-landlock.
+  * Fixed an issue where bundles.db would be written to files.json
+    deleting list of files.
+- Updates from version 0.15:
+  See the release for full changes.
+  https://github.com/Foxboron/sbctl/releases/tag/0.15
+  * sbctl will try to sandbox all commands with landlock. Landlock
+    is a unpriviledged sandbox, similar to OpenBSD pledge, that
+    allows sbctl to declare the directories and files we are
+    reading/writing a head. This feature is enabled by default and
+    can be disabled by setting landlock: false in the new config
+    file, or by passing --disable-landlock flag.
+  * sbctl has moved from using /usr/share/secureboot to
+    /var/lib/sbctl. The useage of /usr was mostly for legacy
+    reasons but there wasn't any motivation to fix this until now.
+    To help with the migration sbctl migrate has been implemented.
+    It will move all the files from the old location to
+    /var/lib/sbctl and rename files accordingly.
+  * sbctl now support creation of TPM key files using
+    go-tpm-keyfiles. These keys are mostly compatible with how
+    other TPM2 TSS keyfiles are created. This key type can be used
+    by passing on of several keytype flags to create-keys or
+    rotate-keys, or by specifying the type in the new configuration
+    file.
+
 -------------------------------------------------------------------
 Thu May  9 15:54:58 UTC 2024 - Joshua Smith <smolsheep@opensuse.org>
 

sbctl.spec

@@ -17,7 +17,7 @@
 
 
 Name:           sbctl
-Version:        0.14
+Version:        0.15.3
 Release:        0
 Summary:        Secure Boot key manager
 License:        MIT
@@ -40,10 +40,13 @@ Requires:       util-linux
 BuildRequires:  asciidoc
 BuildRequires:  binutils
 %if 0%{?suse_version}
+BuildRequires:  go >= 1.22.0
 BuildRequires:  golang-packaging
+BuildRequires:  pkgconfig(openssl) > 3.0.0
 %endif
 %if 0%{?ubuntu}
-BuildRequires:  golang
+BuildRequires:  golang >= 1.22.0
+BuildRequires:  libssl-dev > 3.0.0
 %endif
 
 %description
@@ -55,7 +58,15 @@ needs to be signed in the boot chain.
 %autosetup -a 1
 
 %build
-%make_build all
+# Remove toolchain directive as we can't download it from external and we lack a corresponding
+# macro package for deb (golang-packaging)
+%if 0%{?ubuntu}
+sed -i '/^toolchain.*/d' go.mod
+%endif
+
+# Remove upstream version set.
+sed -i 's|VERSION =.*||' Makefile
+VERSION="%{version}" %make_build all
 
 %install
 %make_install BINDIR="%{_sbindir}" PREFIX="%{_prefix}"
@@ -79,6 +90,7 @@ sed -i 's|bin/sh|bin/bash|' %{buildroot}%{_prefix}/lib/kernel/install.d/91-sbctl
 
 %{_prefix}/lib/kernel/install.d/91-sbctl.install
 %{_mandir}/man8/sbctl.8*
+%{_mandir}/man5/sbctl.conf.5*
 %{_datadir}/bash-completion/completions/sbctl
 %{_datadir}/fish/vendor_completions.d/sbctl.fish
 %{_datadir}/zsh/site-functions/_sbctl

vendor.tar.gz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:8c1bc51d0fcb14867b8309e8cba83a494dec0f6137b01098cb7c537d9d630788
-size 4584792
+oid sha256:b66951060caf84826b0f64aa2dacc23fc8bfcbee06c7b633ac90f846d723a293
+size 5705126