Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

mokutil-0.6.0-slfo.1.1.4 RPM for x86_64

From OpenSuSE Leap 16.0 for x86_64

Name: mokutil Distribution: SUSE Linux Framework One
Version: 0.6.0 Vendor: SUSE LLC <https://www.suse.com/>
Release: slfo.1.1.4 Build date: Mon Aug 26 11:13:05 2024
Group: Productivity/Security Build host: h03-ch2c
Size: 102282 Source RPM: mokutil-0.6.0-slfo.1.1.4.src.rpm
Packager: https://www.suse.com/
Url: https://github.com/lcp/mokutil
Summary: Tools for manipulating machine owner keys
This program provides the means to enroll and erase the machine owner
keys (MOK) stored in the database of shim.

Provides

Requires

License

GPL-3.0-only

Changelog

* Mon Jun 27 2022 jlee@suse.com
  - Update to 0.6.0
      + 6c98907 SBAT revocation update support
      + 0276891 mokutil: Add trust_mok_keys and untrust_mok_keys
      + 57bc385 mokutil: enable setting fallback verbosity and noreboot mode
      + b15e7c4 util: add the missing stdio.h
  - Drop mokutil-fix-missing-header.patch (upstream)
* Thu Jul 15 2021 glin@suse.com
  - Update to 0.5.0
    + mokutil: delete key/hash from the reverse request
    + efi_x509: fix an error handling in is_immediate_ca()
    + efi_x509: fix certificates fingerprint calculation
    + efi_x509: use EVP_Digest()* functions instead of the deprecated
      SHA1_*()
    + src/util.c: fix NULL pointer dereference in mok_get_variable
    + mokutil: Read the SbatLevelRT variable to get the SBAT entries
    + mokutil: add mok-variables parsing support
    + mokutil: Add option to print the UEFI SBAT variable content
    + mokutil: only check for Secure Boot support in options that
      need it
    + efi_x509: add the function to fetch SKID
    + keyring: add the function to check kernel keyring
    + mokutil: initialize data for efi_get_variable()
    + mokutil: correct the data for efi_set_variable() in
      set_password()
    + mokutil: improve the readability of issue_mok_request()
    + mokutil: drop the checks for PK and KEK
    + mokutil: check the blocklists before enrolling a key
    + mokutil: adjust the command bits
    + mokutil: remove "--simple-hash"
    + make CA check non-fatal
    + mokutil: close file in the error path
    + mokutil: do the CA check
    + efi_x509: add the function to check immediate CA
    + efi_x509: use d2i_X509() to create X509 handling
    + mokutil: rename hash_file as pw_hash_file
    + password-crypt: update the function names
    + password-crypt: fix the types of several functions
    + mokutil: fix the error message in sb_state()
    + mokutil: move x509 functions to efi_x509.c
    + mokutil: move the hash functions to efi_hash.c
    + util: add functions for db_var_name and db_friendly_name
    + Remove the SHA1 code from identify_hash_type()
    + Map the UEFI variable names with a function
    + Fix -Wcast-align warnings
    + Fix 32 bit build
    + Add --timeout to manpage and other corrections.
    + mokutil.c: fix typo enrollement -> enrollment
    + Avoid taking pointer to packed struct
    + Fix name of --enable-validation in the description
    + Remove shebang from bash-completion/mokutil
  - Add mokutil-fix-missing-header.patch to fix the compilation error
    due to the missing header
  - Refresh mokutil-remove-libkeyutils-check.patch and only apply
    it to openSUSE Leap 15.*
  - Drop upstreamed patches:
    + mokutil-remove-shebang-from-bash-completion-file.patch
    + mokutil-bsc1173115-add-ca-and-keyring-checks.patch
  - Drop mokutil-support-revoke-builtin-cert.patch since we don't use
    the builtin cert prompt patch in shim anymore.
* Tue May 04 2021 dmueller@suse.com
  - spec file cleanup
* Wed Sep 16 2020 glin@suse.com
  - Add mokutil-bsc1173115-add-ca-and-keyring-checks.patch to add
    options for CA and kernel keyring checks (bsc#1173115)
    + Add new BuildRequires: keyutils-devel
    + Add mokutil-remove-libkeyutils-check.patch to disable the
      version check of libkeyutils
  - Refresh mokutil-support-revoke-builtin-cert.patch
* Fri Aug 14 2020 glin@suse.com
  - Update mokutil-support-revoke-builtin-cert.patch
    + Add "--revoke-cert" to the man page
* Fri Dec 13 2019 normand@linux.vnet.ibm.com
  - Add build for ppc64/ppc64le
* Tue May 28 2019 glin@suse.com
  - Update to 0.4.0
    + Rename export_moks as export_db_keys
    + Add support for exporting other keys
    + add new --mok argument
    + set list-enrolled command as default for some arguments
    + Add more info to --sb-state: show when we're in SetupMode or
      with shim validation disabled
    + Correct help: --set-timeout is really --timeout
    + generate_hash() / generate_pw_hash(): don't use strlen() for
      strncpy bounds
    + Add the type casting to silence the warning
    + Add a way for mokutil to configure a timeout for MokManager's
      prompt
    + list_keys_in_var(): check errno correctly, not ret twice
    + Fix typo in error message when the system lacks Secure Boot
      support
    + Add bash completion file
    + mokutil: be explicit about file modes in all cases
    + Make all efi_guid_t const
    + Don't allow sha1 on the mokutil command line
    + Build with -fshort-wchar so toggle passwords work right
    + Fix the 32bit signedness comparison
    + Fix the potential buffer overflow
  - Add mokutil-remove-shebang-from-bash-completion-file.patch to
    remove shebang from bash-completion/mokutil
  - Drop upstreamed patches
    + mokutil-constify-efi-guid.patch
    + mokutil-fix-overflow.patch
    + mokutil-fshort-wchar.patch
    + mokutil-set-efi-variable-file-mode.patch
  - Refresh mokutil-support-revoke-builtin-cert.patch
  - Install bash-completion/mokutil
* Thu Mar 21 2019 glin@suse.com
  - Add modhash to calculate the hash of kernel module (SLE-5661)
    + Also add openssl to Requires since the script needs it
* Fri Nov 23 2018 glin@suse.com
  - Enable AArch64 build (bsc#1119769, fate#326541)
* Tue Mar 27 2018 kukuk@suse.de
  - Use %license instead of %doc [bsc#1082318]
* Wed Jul 13 2016 glin@suse.com
  - Patches for efivar 0.24
    + Add mokutil-set-efi-variable-file-mode.patch to set the file
      mode explicitly.
    + Add mokutil-constify-efi-guid.patch to make all efi_guild_t
      variables const.
    + Refresh mokutil-support-revoke-builtin-cert.patch for the
      change of efi_set_variable()
* Tue Jun 30 2015 glin@suse.com
  - Add mokutil-fshort-wchar.patch to make sure the UEFI strings are
    UCS-2 encoding.
* Tue Nov 04 2014 glin@suse.com
  - Update to 0.3.0
  - Add mokutil-fix-overflow.patch to fix the buffer overflow
  - Drop upstreamed patches
    + mokutil-upstream-fixes.patch
    + mokutil-mokx-support.patch
    + mokutil-check-corrupted-key-list.patch
    + mokutil-check-secure-boot-support.patch
    + mokutil-clean-request.patch
    + mokutil-fix-hash-file-read.patch
    + mokutil-fix-hash-list-size.patch
    + mokutil-more-details-for-skipped-keys.patch
    + mokutil-no-invalid-x509.patch
  - Refresh mokutil-support-revoke-builtin-cert.patch
* Wed Apr 16 2014 glin@suse.com
  - Add mokutil-fix-hash-file-read.patch to fix the error handling of
    reading a hash file
* Thu Apr 10 2014 glin@suse.com
  - Add mokutil-check-corrupted-key-list.patch to check whether the
    key list is corrupted or not
  - Add mokutil-no-invalid-x509.patch to avoid importing an invalid
    x509 certificate
* Mon Mar 24 2014 glin@suse.com
  - Add mokutil-more-details-for-skipped-keys.patch to show the
    reason to skip the key
  - Add mokutil-check-secure-boot-support.patch to check whether the
    system supports Secure Boot or not
* Fri Feb 21 2014 glin@suse.com
  - Add mokutil-support-revoke-builtin-cert.patch to add an option to
    revoke the built-in certificate in shim
* Wed Feb 12 2014 glin@suse.com
  - Add mokutil-fix-hash-list-size.patch to update the list size
    after merging or deleting a hash
  - Add mokutil-clean-request.patch to clean the request if all keys
    are removed
* Wed Jan 22 2014 glin@suse.com
  - Update mokutil-mokx-support.patch to fix the test-key request
    check
* Thu Dec 05 2013 glin@suse.com
  - Add mokutil-upstream-fixes.patch to include upstream fixes for
    db signature check, gcc warnings, and error handling
  - Add mokutil-mokx-support.patch to support the MOK blacklist
    (FATE#316531)
* Thu Jul 25 2013 glin@suse.com
  - Update to 0.2.0
    + Generate the password hash with crypt() by default instead of
      the original sha256 password hash
    + Add an option to import the root password hash
    + Amend error messages, help, and man page
  - Drop upstreamed patches
    + mokutil-lcrypt-ldflag.patch
    + mokutil-probe-secure-boot-state.patch
    + mokutil-allow-password-from-pipe.patch
    + mokutil-bnc809703-check-pending-request.patch
    + mokutil-support-delete-keys.patch
    + mokutil-support-crypt-hash-methods.patch
    + mokutil-update-man-page.patch
    + mokutil-bnc809215-improve-wording.patch
    + mokutil-support-new-pw-hash.patch
    + mokutil-no-duplicate-keys-imported.patch
* Tue Apr 02 2013 glin@suse.com
  - Add mokutil-bnc809215-improve-wording.patch to make the messages
    understandable (bnc#809215)
  - Add mokutil-bnc809703-check-pending-request.patch to remove the
    key from the pending request if necessary (bnc#809703)
* Wed Jan 30 2013 glin@suse.com
  - Merge patches for FATE#314506
    + Add mokutil-support-crypt-hash-methods.patch to support the
      password hashes from /etc/shadow
    + Add mokutil-update-man-page.patch to update man page for the
      new added options
  - Add mokutil-lcrypt-ldflag.patch to correct LDFLAGS
* Fri Jan 18 2013 glin@suse.com
  - Update mokutil-support-new-pw-hash.patch to extend the password
    hash format
* Wed Jan 16 2013 glin@suse.com
  - Merge patches for FATE#314506
    + Add mokutil-support-delete-keys.patch to delete specific keys
    + Add mokutil-support-new-pw-hash.patch to support the new
      password format
    + Add mokutil-allow-password-from-pipe.patch to allow the
      password to be generated in a script and be sent through
      pipeline
  - Install COPYING
* Tue Dec 11 2012 glin@suse.com
  - Add mokutil-probe-secure-boot-state.patch to probe the state of
    secure boot
  - Add mokutil-no-duplicate-keys-imported.patch to avoid importing
    duplicate keys
* Wed Nov 07 2012 glin@suse.com
  - Add new package mokutil-0.1.0 (FATE#314510)

Files

/usr/bin/modhash
/usr/bin/mokutil
/usr/share/bash-completion/completions
/usr/share/bash-completion/completions/mokutil
/usr/share/licenses/mokutil
/usr/share/licenses/mokutil/COPYING
/usr/share/man/man1/mokutil.1.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Nov 2 00:10:22 2024