openSUSE Build Service

buildservice-autocommit accepted request 1223399 from

Richard Brown (RBrownSUSE) 13 days ago (revision 110)

baserev update by copy to link target

Richard Brown (RBrownSUSE) committed 14 days ago (revision 109)

Richard Brown (RBrownSUSE) committed 14 days ago (revision 108)

Richard Brown (RBrownSUSE) committed 14 days ago (revision 107)

- Update to version 1.3.0:
  * Check passphrase twice when setting it, not when unlocking
  * Initial CLI support

buildservice-autocommit accepted request 1221741 from

Richard Brown (RBrownSUSE) 19 days ago (revision 106)

baserev update by copy to link target

Richard Brown (RBrownSUSE) committed 19 days ago (revision 105)

Richard Brown (RBrownSUSE) committed 19 days ago (revision 104)

- Update to version 1.2.5:
  * mktemp as root, so SELinux allows root to write to the file

buildservice-autocommit accepted request 1220516 from

Richard Brown (RBrownSUSE) 21 days ago (revision 103)

baserev update by copy to link target

Richard Brown (RBrownSUSE) committed 21 days ago (revision 102)

- Update to version 1.2.4:
  * Use mktemp (boo#1228861)
  * fix(fallback): ask the user passphase twice, to be sure no accidental typos are in input
  * don't fail migration if system is not encrypted
  * Update README.md: more logical arrangement

buildservice-autocommit accepted request 1190654 from

Richard Brown (RBrownSUSE) 4 months ago (revision 101)

baserev update by copy to link target

Richard Brown (RBrownSUSE) committed 4 months ago (revision 100)

- Update to version 1.2.3:
  * encrypt: recoverykey is now always slot #2

Richard Brown (RBrownSUSE) committed 4 months ago (revision 99)

- Update to version 1.2.2:
  * encrypt: create passphrase before recoverykey to keep key slot alignment with Default Mode

Richard Brown (RBrownSUSE) committed 4 months ago (revision 98)

  * mig: Actually check if /@/home mount fails (boo#1227714)
  * encrypt: Fix boo#1228416 by doing enrolment in correct order

Richard Brown (RBrownSUSE) committed 4 months ago (revision 97)

- Update to version 1.2.1:
  * mig: Actually check if /@/home mount fails (boo1227714)
  * encrypt: update predictions earlier also
  * encrypt: Do TPM enrolment earlier
  * encrypt: bindmnt tmp
  * encrypt: call sdbootutil with env
  * encrypt: dont remove crypt_dir
  * encrypt:Attempt to fix boo#1228416

buildservice-autocommit accepted request 1189392 from

Richard Brown (RBrownSUSE) 4 months ago (revision 96)

baserev update by copy to link target

Richard Brown (RBrownSUSE) committed 4 months ago (revision 95)

Richard Brown (RBrownSUSE) committed 4 months ago (revision 94)

  * Introduce systemd-repart modes, including image and self installation
  * Introduce encryption module

Richard Brown (RBrownSUSE) committed 4 months ago (revision 93)

- Update to version 1.2:
  * encrypt: actually add key for fallback mode
  * encrypt: show progress of final key storage
  * encrypt: temporarily set hostonly_cmdline=no overriding the setting from 01-dist.conf
  * encrypt: show different messages for Default and Fallback mode core: wipe key-file after modules mig: support and assume encrypt module
  * encrypt: use a key-file consistantly for smoother enrolment regardless of mode
  * encrypt: rework default mode to work with key-file images
  * encrypt: rename finalise_system to configure_encryption
  * use tee instead of cat for files
  * encrypt: enrol PCRs on firstboot
  * fixup
  * core: reread_partitiontable after deploying the image
  * core: reread_partitiontable after deploying the image
  * encrypt: restore crypttab, needed by sdbootutil
  * encrypt: drop cryptab, use cmdline for all luks config. use aeon_root as luks device mapper name
  * encrypt: add root=UUID= to cmdline, needed to update predictions
  * encrypt: mkinitrd with hostname_cmdline=no
  * encrypt: remove excess debug output, expect PCR's to be updated on firstboot
  * encrypt: also bind mount cgroupfs
  * encrypt: debug possible sdbootutil confusion regarding which bootloader is which
  * encrypt: remove root= defnition, dont edit cmdline
  * encrypt: tune root= definition
  * encrypt: More debugging
  * encrypt: Fix rootUUID call
  * repart: pause between retries to give the kernel a chance to clean up any weird loop device issues
  * encrypt: yet another attempt to fix dracut
  * encrypt: hostonly_cmdline=no for dracut
  * encrypt: introduce pre/15-encrypt to check TPM and notify users
  * encrypt: only make mountpoint if its needed
  * encrypt: post/10-encrypt to post/15-encrypt
  * encrypt: remove resolved debug output, add new PCR policy and justification
  * encrypt: More verbose logging, progress, and more robust sdbootutil calls
  * dump_image_repart_image: retry a few times to cover systemd-repart not always detecting the root partition first time
  * encrypt: crypttab noauto for / as it's mounted earlier already
  * encrypt: restore recovery key use
  * core: run reboot/shutdown with elevated privs
  * encrypt: debug crypttab editing
  * tik: reboot and shutdown quicker
  * repart_image: Dont bother checking the image, if it works, it works
  * encrypt: only use UUID of crypt container, ignore children
  * encrypt: more debugging broken initrd generation
  * dump_repart*: avoid piping from privileged commands and losing error conditions as a result
  * encrypt: redirect debug output to logs
  * dump_image_repart: pause after dissection
  * encrypt: tune up progress bars, and add some nasty debug checks
  * encrypt: remove spurious dd call
  * encrypt: monitor progress via pipe
  * encrypt: remove progress for now, subshell causes issues
  * encrypt: Show meaningful progress
  * encrypt: setup crypttab using UUID
  * encrypt: set_boot_target during encryption finalisation, don't run again after
  * core: set efibootorder before modules, EFI vars are correct for encryption
  * probe_partitions: correct variable used for mounting part to probe
  * encrypt: mount/unmount securityfs and efivars so PCR generation works
  * set_boot_target: probe for ESP rather than have fixed partition number
  * encrypt: improve logging, correct cryptab for tpm2
  * dump_image: improve logging of various dump_image_ functions
  * encrypt: correct crypto_LUKS typo
  * probepartitions: tune up behaviour to better support file-less probing
  * encrypt: rework to benefit from new systemd-repart core
  * probe_partitions: only mount if we're trying to find a file
  * Check for tpm 2.0 | Make systemd-repart flow more robust
  * tik: dump_image_repart: use images instead of bundles
  * tik: dump_image: support systemd-repart bundles and self installation in addition to dd
  * tik: get_img: support detecting systemd-repart bundles and falling back to systemd-repart self-deploying

buildservice-autocommit accepted request 1185112 from

Richard Brown (RBrownSUSE) 5 months ago (revision 92)

baserev update by copy to link target

Richard Brown (RBrownSUSE) committed 5 months ago (revision 91)

- Update to version 1.1.10:
  * mig: Handle failure of mounting /@/home subvolume [boo#1227339]
  * Update readme for upcoming v1.2 features
  * Make probe_partitions a core tik-function

Places

Revisions of tik

Places