Sync from SUSE:SLFO:Main mokutil revision cd0ba1d68d8d635907ab4802c79d590e
This commit is contained in:
commit
9c4efc9635
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
## Default LFS
|
||||||
|
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.png filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zst filter=lfs diff=lfs merge=lfs -text
|
BIN
0.6.0.tar.gz
(Stored with Git LFS)
Normal file
BIN
0.6.0.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
149
modhash
Normal file
149
modhash
Normal file
@ -0,0 +1,149 @@
|
|||||||
|
#!/usr/bin/perl
|
||||||
|
#
|
||||||
|
# Calculate the digest of the kernel module
|
||||||
|
# It will strip kernel modules signature before calculation.
|
||||||
|
#
|
||||||
|
# Based on modsign-verify, written by Michal Marek
|
||||||
|
# Authors:
|
||||||
|
# Gary Lin <GLin@suse.com>
|
||||||
|
# Joey Lee <JLee@suse.com>
|
||||||
|
#
|
||||||
|
|
||||||
|
my $USAGE = "Usage: modhash [-v] [-q] [-d <digest algorithm>] <module>\n";
|
||||||
|
|
||||||
|
use strict;
|
||||||
|
use warnings;
|
||||||
|
use IPC::Open2;
|
||||||
|
use Getopt::Long;
|
||||||
|
use File::Temp qw(tempfile);
|
||||||
|
|
||||||
|
my $verbose = 1;
|
||||||
|
my $dgst = "sha256";
|
||||||
|
GetOptions(
|
||||||
|
"d=s" => \$dgst,
|
||||||
|
"q|quiet" => sub { $verbose-- if $verbose; },
|
||||||
|
"v|verbose" => sub { $verbose++; },
|
||||||
|
"h|help" => sub {
|
||||||
|
print $USAGE;
|
||||||
|
exit(0);
|
||||||
|
}
|
||||||
|
) or die($USAGE);
|
||||||
|
|
||||||
|
sub _verbose {
|
||||||
|
my $level = shift;
|
||||||
|
|
||||||
|
return if $verbose < $level;
|
||||||
|
print STDERR @_;
|
||||||
|
}
|
||||||
|
|
||||||
|
sub info { _verbose(1, @_); }
|
||||||
|
sub verbose { _verbose(2, @_); }
|
||||||
|
sub debug { _verbose(3, @_); }
|
||||||
|
|
||||||
|
if (@ARGV > 1) {
|
||||||
|
print STDERR "Excess arguments\n";
|
||||||
|
die($USAGE);
|
||||||
|
} elsif (@ARGV < 1) {
|
||||||
|
print STDERR "No module supplied\n";
|
||||||
|
die($USAGE);
|
||||||
|
}
|
||||||
|
my $module_name = shift(@ARGV);
|
||||||
|
|
||||||
|
if ($dgst ne "sha" and $dgst ne "sha1" and $dgst ne "sha256" and
|
||||||
|
$dgst ne "sha384" and $dgst ne "sha512") {
|
||||||
|
die("unsupported algorithm: $dgst");
|
||||||
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Function to read the contents of a file into a variable.
|
||||||
|
#
|
||||||
|
sub read_file($)
|
||||||
|
{
|
||||||
|
my ($file) = @_;
|
||||||
|
my $contents;
|
||||||
|
my $len;
|
||||||
|
|
||||||
|
open(FD, "<$file") || die $file;
|
||||||
|
binmode FD;
|
||||||
|
my @st = stat(FD);
|
||||||
|
die $file if (!@st);
|
||||||
|
$len = read(FD, $contents, $st[7]) || die $file;
|
||||||
|
close(FD) || die $file;
|
||||||
|
die "$file: Wanted length ", $st[7], ", got ", $len, "\n"
|
||||||
|
if ($len != $st[7]);
|
||||||
|
return $contents;
|
||||||
|
}
|
||||||
|
|
||||||
|
sub openssl_pipe($$) {
|
||||||
|
my ($input, $cmd) = @_;
|
||||||
|
my ($pid, $res);
|
||||||
|
|
||||||
|
$pid = open2(*read_from, *write_to, $cmd) || die $cmd;
|
||||||
|
binmode write_to;
|
||||||
|
if (defined($input) && $input ne "") {
|
||||||
|
print write_to $input || die "$cmd: $!";
|
||||||
|
}
|
||||||
|
close(write_to) || die "$cmd: $!";
|
||||||
|
|
||||||
|
binmode read_from;
|
||||||
|
read(read_from, $res, 4096) || die "$cmd: $!";
|
||||||
|
close(read_from) || die "$cmd: $!";
|
||||||
|
waitpid($pid, 0) || die;
|
||||||
|
die "$cmd died: $?" if ($? >> 8);
|
||||||
|
return $res;
|
||||||
|
}
|
||||||
|
|
||||||
|
my $module = read_file($module_name);
|
||||||
|
my $module_len = length($module);
|
||||||
|
my $magic_number = "~Module signature appended~\n";
|
||||||
|
my $magic_len = length($magic_number);
|
||||||
|
my $info_len = 12;
|
||||||
|
|
||||||
|
if ($module_len < $magic_len) {
|
||||||
|
die "Module size too short\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
sub eat
|
||||||
|
{
|
||||||
|
my $length = shift;
|
||||||
|
if ($module_len < $length) {
|
||||||
|
die "Module size too short\n";
|
||||||
|
}
|
||||||
|
my $res = substr($module, -$length);
|
||||||
|
$module = substr($module, 0, $module_len - $length);
|
||||||
|
$module_len -= $length;
|
||||||
|
return $res;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (substr($module, -$magic_len) eq $magic_number) {
|
||||||
|
$module = substr($module, 0, $module_len - $magic_len);
|
||||||
|
$module_len -= $magic_len;
|
||||||
|
my $info = eat($info_len);
|
||||||
|
my ($algo, $hash, $id_type, $name_len, $key_len, $sig_len) =
|
||||||
|
unpack("CCCCCxxxN", $info);
|
||||||
|
my $signature = eat($sig_len);
|
||||||
|
if ($id_type == 1) {
|
||||||
|
if (unpack("n", $signature) == $sig_len - 2) {
|
||||||
|
verbose ("signed module (X.509)\n");
|
||||||
|
} else {
|
||||||
|
die "Invalid signature format\n";
|
||||||
|
}
|
||||||
|
if ($algo != 1) {
|
||||||
|
die "Unsupported signature algorithm\n";
|
||||||
|
}
|
||||||
|
$signature = substr($signature, 2);
|
||||||
|
my $key_id = eat($key_len);
|
||||||
|
my $name = eat($name_len);
|
||||||
|
} elsif ($id_type == 2) {
|
||||||
|
verbose ("signed module (PKCS#7)\n");
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
verbose ("unsigned module\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
verbose("Hash algorithm: $dgst\n");
|
||||||
|
|
||||||
|
my $digest = openssl_pipe($module, "openssl dgst -$dgst");
|
||||||
|
$digest =~ s/\(stdin\)= //;
|
||||||
|
|
||||||
|
print "$module_name: $digest"
|
44
mokutil-remove-libkeyutils-check.patch
Normal file
44
mokutil-remove-libkeyutils-check.patch
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
From 87eb098c85dcae328924e91bb84e8e68ea15fd15 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Gary Lin <glin@suse.com>
|
||||||
|
Date: Wed, 16 Sep 2020 17:02:56 +0800
|
||||||
|
Subject: [PATCH] Remove libkeyutils pkgconfig check
|
||||||
|
|
||||||
|
keyutils didn't provide pkgconfig in 1.5.*
|
||||||
|
|
||||||
|
Signed-off-by: Gary Lin <glin@suse.com>
|
||||||
|
---
|
||||||
|
configure.ac | 1 -
|
||||||
|
src/Makefile.am | 3 +--
|
||||||
|
2 files changed, 1 insertion(+), 3 deletions(-)
|
||||||
|
|
||||||
|
Index: mokutil-0.6.0/configure.ac
|
||||||
|
===================================================================
|
||||||
|
--- mokutil-0.6.0.orig/configure.ac
|
||||||
|
+++ mokutil-0.6.0/configure.ac
|
||||||
|
@@ -85,7 +85,6 @@ AC_CHECK_FUNCS([memset])
|
||||||
|
|
||||||
|
PKG_CHECK_MODULES(OPENSSL, [openssl >= 0.9.8])
|
||||||
|
PKG_CHECK_MODULES(EFIVAR, [efivar >= 0.12])
|
||||||
|
-PKG_CHECK_MODULES(LIBKEYUTILS, [libkeyutils >= 1.5])
|
||||||
|
|
||||||
|
AC_ARG_WITH([bash-completion-dir],
|
||||||
|
AS_HELP_STRING([--with-bash-completion-dir[=PATH]],
|
||||||
|
Index: mokutil-0.6.0/src/Makefile.am
|
||||||
|
===================================================================
|
||||||
|
--- mokutil-0.6.0.orig/src/Makefile.am
|
||||||
|
+++ mokutil-0.6.0/src/Makefile.am
|
||||||
|
@@ -2,13 +2,12 @@ bin_PROGRAMS = mokutil
|
||||||
|
|
||||||
|
mokutil_CFLAGS = $(OPENSSL_CFLAGS) \
|
||||||
|
$(EFIVAR_CFLAGS) \
|
||||||
|
- $(LIBKEYUTILS_CFLAGS) \
|
||||||
|
$(WARNINGFLAGS_C) \
|
||||||
|
-DVERSION="\"$(VERSION)\""
|
||||||
|
|
||||||
|
mokutil_LDADD = $(OPENSSL_LIBS) \
|
||||||
|
$(EFIVAR_LIBS) \
|
||||||
|
- $(LIBKEYUTILS_LIBS) \
|
||||||
|
+ -lkeyutils \
|
||||||
|
-lcrypt
|
||||||
|
|
||||||
|
mokutil_SOURCES = signature.h \
|
297
mokutil.changes
Normal file
297
mokutil.changes
Normal file
@ -0,0 +1,297 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jun 27 05:00:25 UTC 2022 - Joey Lee <jlee@suse.com>
|
||||||
|
|
||||||
|
- Update to 0.6.0
|
||||||
|
+ 6c98907 SBAT revocation update support
|
||||||
|
+ 0276891 mokutil: Add trust_mok_keys and untrust_mok_keys
|
||||||
|
+ 57bc385 mokutil: enable setting fallback verbosity and noreboot mode
|
||||||
|
+ b15e7c4 util: add the missing stdio.h
|
||||||
|
- Drop mokutil-fix-missing-header.patch (upstream)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jul 15 06:39:26 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
|
||||||
|
|
||||||
|
- Update to 0.5.0
|
||||||
|
+ mokutil: delete key/hash from the reverse request
|
||||||
|
+ efi_x509: fix an error handling in is_immediate_ca()
|
||||||
|
+ efi_x509: fix certificates fingerprint calculation
|
||||||
|
+ efi_x509: use EVP_Digest()* functions instead of the deprecated
|
||||||
|
SHA1_*()
|
||||||
|
+ src/util.c: fix NULL pointer dereference in mok_get_variable
|
||||||
|
+ mokutil: Read the SbatLevelRT variable to get the SBAT entries
|
||||||
|
+ mokutil: add mok-variables parsing support
|
||||||
|
+ mokutil: Add option to print the UEFI SBAT variable content
|
||||||
|
+ mokutil: only check for Secure Boot support in options that
|
||||||
|
need it
|
||||||
|
+ efi_x509: add the function to fetch SKID
|
||||||
|
+ keyring: add the function to check kernel keyring
|
||||||
|
+ mokutil: initialize data for efi_get_variable()
|
||||||
|
+ mokutil: correct the data for efi_set_variable() in
|
||||||
|
set_password()
|
||||||
|
+ mokutil: improve the readability of issue_mok_request()
|
||||||
|
+ mokutil: drop the checks for PK and KEK
|
||||||
|
+ mokutil: check the blocklists before enrolling a key
|
||||||
|
+ mokutil: adjust the command bits
|
||||||
|
+ mokutil: remove "--simple-hash"
|
||||||
|
+ make CA check non-fatal
|
||||||
|
+ mokutil: close file in the error path
|
||||||
|
+ mokutil: do the CA check
|
||||||
|
+ efi_x509: add the function to check immediate CA
|
||||||
|
+ efi_x509: use d2i_X509() to create X509 handling
|
||||||
|
+ mokutil: rename hash_file as pw_hash_file
|
||||||
|
+ password-crypt: update the function names
|
||||||
|
+ password-crypt: fix the types of several functions
|
||||||
|
+ mokutil: fix the error message in sb_state()
|
||||||
|
+ mokutil: move x509 functions to efi_x509.c
|
||||||
|
+ mokutil: move the hash functions to efi_hash.c
|
||||||
|
+ util: add functions for db_var_name and db_friendly_name
|
||||||
|
+ Remove the SHA1 code from identify_hash_type()
|
||||||
|
+ Map the UEFI variable names with a function
|
||||||
|
+ Fix -Wcast-align warnings
|
||||||
|
+ Fix 32 bit build
|
||||||
|
+ Add --timeout to manpage and other corrections.
|
||||||
|
+ mokutil.c: fix typo enrollement -> enrollment
|
||||||
|
+ Avoid taking pointer to packed struct
|
||||||
|
+ Fix name of --enable-validation in the description
|
||||||
|
+ Remove shebang from bash-completion/mokutil
|
||||||
|
- Add mokutil-fix-missing-header.patch to fix the compilation error
|
||||||
|
due to the missing header
|
||||||
|
- Refresh mokutil-remove-libkeyutils-check.patch and only apply
|
||||||
|
it to openSUSE Leap 15.*
|
||||||
|
- Drop upstreamed patches:
|
||||||
|
+ mokutil-remove-shebang-from-bash-completion-file.patch
|
||||||
|
+ mokutil-bsc1173115-add-ca-and-keyring-checks.patch
|
||||||
|
- Drop mokutil-support-revoke-builtin-cert.patch since we don't use
|
||||||
|
the builtin cert prompt patch in shim anymore.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue May 4 06:52:03 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- spec file cleanup
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Sep 16 09:06:02 UTC 2020 - Gary Ching-Pang Lin <glin@suse.com>
|
||||||
|
|
||||||
|
- Add mokutil-bsc1173115-add-ca-and-keyring-checks.patch to add
|
||||||
|
options for CA and kernel keyring checks (bsc#1173115)
|
||||||
|
+ Add new BuildRequires: keyutils-devel
|
||||||
|
+ Add mokutil-remove-libkeyutils-check.patch to disable the
|
||||||
|
version check of libkeyutils
|
||||||
|
- Refresh mokutil-support-revoke-builtin-cert.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Aug 14 06:59:46 UTC 2020 - Gary Ching-Pang Lin <glin@suse.com>
|
||||||
|
|
||||||
|
- Update mokutil-support-revoke-builtin-cert.patch
|
||||||
|
+ Add "--revoke-cert" to the man page
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Dec 13 10:38:44 UTC 2019 - Michel Normand <normand@linux.vnet.ibm.com>
|
||||||
|
|
||||||
|
- Add build for ppc64/ppc64le
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue May 28 04:38:14 UTC 2019 - Gary Ching-Pang Lin <glin@suse.com>
|
||||||
|
|
||||||
|
- Update to 0.4.0
|
||||||
|
+ Rename export_moks as export_db_keys
|
||||||
|
+ Add support for exporting other keys
|
||||||
|
+ add new --mok argument
|
||||||
|
+ set list-enrolled command as default for some arguments
|
||||||
|
+ Add more info to --sb-state: show when we're in SetupMode or
|
||||||
|
with shim validation disabled
|
||||||
|
+ Correct help: --set-timeout is really --timeout
|
||||||
|
+ generate_hash() / generate_pw_hash(): don't use strlen() for
|
||||||
|
strncpy bounds
|
||||||
|
+ Add the type casting to silence the warning
|
||||||
|
+ Add a way for mokutil to configure a timeout for MokManager's
|
||||||
|
prompt
|
||||||
|
+ list_keys_in_var(): check errno correctly, not ret twice
|
||||||
|
+ Fix typo in error message when the system lacks Secure Boot
|
||||||
|
support
|
||||||
|
+ Add bash completion file
|
||||||
|
+ mokutil: be explicit about file modes in all cases
|
||||||
|
+ Make all efi_guid_t const
|
||||||
|
+ Don't allow sha1 on the mokutil command line
|
||||||
|
+ Build with -fshort-wchar so toggle passwords work right
|
||||||
|
+ Fix the 32bit signedness comparison
|
||||||
|
+ Fix the potential buffer overflow
|
||||||
|
- Add mokutil-remove-shebang-from-bash-completion-file.patch to
|
||||||
|
remove shebang from bash-completion/mokutil
|
||||||
|
- Drop upstreamed patches
|
||||||
|
+ mokutil-constify-efi-guid.patch
|
||||||
|
+ mokutil-fix-overflow.patch
|
||||||
|
+ mokutil-fshort-wchar.patch
|
||||||
|
+ mokutil-set-efi-variable-file-mode.patch
|
||||||
|
- Refresh mokutil-support-revoke-builtin-cert.patch
|
||||||
|
- Install bash-completion/mokutil
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Mar 21 02:39:46 UTC 2019 - Gary Ching-Pang Lin <glin@suse.com>
|
||||||
|
|
||||||
|
- Add modhash to calculate the hash of kernel module (SLE-5661)
|
||||||
|
+ Also add openssl to Requires since the script needs it
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Nov 23 08:58:24 UTC 2018 - glin@suse.com
|
||||||
|
|
||||||
|
- Enable AArch64 build (bsc#1119769, fate#326541)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Mar 27 09:54:10 CEST 2018 - kukuk@suse.de
|
||||||
|
|
||||||
|
- Use %license instead of %doc [bsc#1082318]
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jul 13 04:52:23 UTC 2016 - glin@suse.com
|
||||||
|
|
||||||
|
- Patches for efivar 0.24
|
||||||
|
+ Add mokutil-set-efi-variable-file-mode.patch to set the file
|
||||||
|
mode explicitly.
|
||||||
|
+ Add mokutil-constify-efi-guid.patch to make all efi_guild_t
|
||||||
|
variables const.
|
||||||
|
+ Refresh mokutil-support-revoke-builtin-cert.patch for the
|
||||||
|
change of efi_set_variable()
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jun 30 08:43:45 UTC 2015 - glin@suse.com
|
||||||
|
|
||||||
|
- Add mokutil-fshort-wchar.patch to make sure the UEFI strings are
|
||||||
|
UCS-2 encoding.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Nov 4 07:52:54 UTC 2014 - glin@suse.com
|
||||||
|
|
||||||
|
- Update to 0.3.0
|
||||||
|
- Add mokutil-fix-overflow.patch to fix the buffer overflow
|
||||||
|
- Drop upstreamed patches
|
||||||
|
+ mokutil-upstream-fixes.patch
|
||||||
|
+ mokutil-mokx-support.patch
|
||||||
|
+ mokutil-check-corrupted-key-list.patch
|
||||||
|
+ mokutil-check-secure-boot-support.patch
|
||||||
|
+ mokutil-clean-request.patch
|
||||||
|
+ mokutil-fix-hash-file-read.patch
|
||||||
|
+ mokutil-fix-hash-list-size.patch
|
||||||
|
+ mokutil-more-details-for-skipped-keys.patch
|
||||||
|
+ mokutil-no-invalid-x509.patch
|
||||||
|
- Refresh mokutil-support-revoke-builtin-cert.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Apr 16 04:11:50 UTC 2014 - glin@suse.com
|
||||||
|
|
||||||
|
- Add mokutil-fix-hash-file-read.patch to fix the error handling of
|
||||||
|
reading a hash file
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Apr 10 04:44:22 UTC 2014 - glin@suse.com
|
||||||
|
|
||||||
|
- Add mokutil-check-corrupted-key-list.patch to check whether the
|
||||||
|
key list is corrupted or not
|
||||||
|
- Add mokutil-no-invalid-x509.patch to avoid importing an invalid
|
||||||
|
x509 certificate
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Mar 24 07:37:39 UTC 2014 - glin@suse.com
|
||||||
|
|
||||||
|
- Add mokutil-more-details-for-skipped-keys.patch to show the
|
||||||
|
reason to skip the key
|
||||||
|
- Add mokutil-check-secure-boot-support.patch to check whether the
|
||||||
|
system supports Secure Boot or not
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Feb 21 10:10:15 UTC 2014 - glin@suse.com
|
||||||
|
|
||||||
|
- Add mokutil-support-revoke-builtin-cert.patch to add an option to
|
||||||
|
revoke the built-in certificate in shim
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Feb 12 10:06:31 UTC 2014 - glin@suse.com
|
||||||
|
|
||||||
|
- Add mokutil-fix-hash-list-size.patch to update the list size
|
||||||
|
after merging or deleting a hash
|
||||||
|
- Add mokutil-clean-request.patch to clean the request if all keys
|
||||||
|
are removed
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 22 05:55:45 UTC 2014 - glin@suse.com
|
||||||
|
|
||||||
|
- Update mokutil-mokx-support.patch to fix the test-key request
|
||||||
|
check
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Dec 5 02:11:40 UTC 2013 - glin@suse.com
|
||||||
|
|
||||||
|
- Add mokutil-upstream-fixes.patch to include upstream fixes for
|
||||||
|
db signature check, gcc warnings, and error handling
|
||||||
|
- Add mokutil-mokx-support.patch to support the MOK blacklist
|
||||||
|
(FATE#316531)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jul 25 09:13:44 UTC 2013 - glin@suse.com
|
||||||
|
|
||||||
|
- Update to 0.2.0
|
||||||
|
+ Generate the password hash with crypt() by default instead of
|
||||||
|
the original sha256 password hash
|
||||||
|
+ Add an option to import the root password hash
|
||||||
|
+ Amend error messages, help, and man page
|
||||||
|
- Drop upstreamed patches
|
||||||
|
+ mokutil-lcrypt-ldflag.patch
|
||||||
|
+ mokutil-probe-secure-boot-state.patch
|
||||||
|
+ mokutil-allow-password-from-pipe.patch
|
||||||
|
+ mokutil-bnc809703-check-pending-request.patch
|
||||||
|
+ mokutil-support-delete-keys.patch
|
||||||
|
+ mokutil-support-crypt-hash-methods.patch
|
||||||
|
+ mokutil-update-man-page.patch
|
||||||
|
+ mokutil-bnc809215-improve-wording.patch
|
||||||
|
+ mokutil-support-new-pw-hash.patch
|
||||||
|
+ mokutil-no-duplicate-keys-imported.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Apr 2 04:43:59 UTC 2013 - glin@suse.com
|
||||||
|
|
||||||
|
- Add mokutil-bnc809215-improve-wording.patch to make the messages
|
||||||
|
understandable (bnc#809215)
|
||||||
|
- Add mokutil-bnc809703-check-pending-request.patch to remove the
|
||||||
|
key from the pending request if necessary (bnc#809703)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 30 08:00:22 UTC 2013 - glin@suse.com
|
||||||
|
|
||||||
|
- Merge patches for FATE#314506
|
||||||
|
+ Add mokutil-support-crypt-hash-methods.patch to support the
|
||||||
|
password hashes from /etc/shadow
|
||||||
|
+ Add mokutil-update-man-page.patch to update man page for the
|
||||||
|
new added options
|
||||||
|
- Add mokutil-lcrypt-ldflag.patch to correct LDFLAGS
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jan 18 10:05:27 UTC 2013 - glin@suse.com
|
||||||
|
|
||||||
|
- Update mokutil-support-new-pw-hash.patch to extend the password
|
||||||
|
hash format
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 16 08:41:15 UTC 2013 - glin@suse.com
|
||||||
|
|
||||||
|
- Merge patches for FATE#314506
|
||||||
|
+ Add mokutil-support-delete-keys.patch to delete specific keys
|
||||||
|
+ Add mokutil-support-new-pw-hash.patch to support the new
|
||||||
|
password format
|
||||||
|
+ Add mokutil-allow-password-from-pipe.patch to allow the
|
||||||
|
password to be generated in a script and be sent through
|
||||||
|
pipeline
|
||||||
|
- Install COPYING
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Dec 11 08:07:32 UTC 2012 - glin@suse.com
|
||||||
|
|
||||||
|
- Add mokutil-probe-secure-boot-state.patch to probe the state of
|
||||||
|
secure boot
|
||||||
|
- Add mokutil-no-duplicate-keys-imported.patch to avoid importing
|
||||||
|
duplicate keys
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Nov 7 08:10:45 UTC 2012 - glin@suse.com
|
||||||
|
|
||||||
|
- Add new package mokutil-0.1.0 (FATE#314510)
|
||||||
|
|
66
mokutil.spec
Normal file
66
mokutil.spec
Normal file
@ -0,0 +1,66 @@
|
|||||||
|
#
|
||||||
|
# spec file for package mokutil
|
||||||
|
#
|
||||||
|
# Copyright (c) 2022 SUSE LLC
|
||||||
|
#
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon. The license for this file, and modifications and additions to the
|
||||||
|
# file, is the same license as for the pristine package itself (unless the
|
||||||
|
# license for the pristine package is not an Open Source License, in which
|
||||||
|
# case the license is the MIT License). An "Open Source License" is a
|
||||||
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
Name: mokutil
|
||||||
|
Version: 0.6.0
|
||||||
|
Release: 0
|
||||||
|
Summary: Tools for manipulating machine owner keys
|
||||||
|
License: GPL-3.0-only
|
||||||
|
Group: Productivity/Security
|
||||||
|
URL: https://github.com/lcp/mokutil
|
||||||
|
Source: https://github.com/lcp/%{name}/archive/%{version}.tar.gz
|
||||||
|
Source1: modhash
|
||||||
|
# PATCH-FIX-SUSE mokutil-remove-libkeyutils-check.patch glin@suse.com -- Disable the check of libkeyutils version
|
||||||
|
Patch1: mokutil-remove-libkeyutils-check.patch
|
||||||
|
BuildRequires: autoconf
|
||||||
|
BuildRequires: automake
|
||||||
|
BuildRequires: efivar-devel >= 0.12
|
||||||
|
BuildRequires: keyutils-devel >= 1.5.0
|
||||||
|
BuildRequires: libopenssl-devel >= 0.9.8
|
||||||
|
BuildRequires: pkgconfig
|
||||||
|
Requires: openssl
|
||||||
|
ExclusiveArch: x86_64 aarch64 ppc64le ppc64
|
||||||
|
|
||||||
|
%description
|
||||||
|
This program provides the means to enroll and erase the machine owner
|
||||||
|
keys (MOK) stored in the database of shim.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -q
|
||||||
|
%if 0%{?suse_version} <= 1500
|
||||||
|
%patch1 -p1
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%build
|
||||||
|
./autogen.sh
|
||||||
|
%configure
|
||||||
|
%make_build
|
||||||
|
|
||||||
|
%install
|
||||||
|
%make_install
|
||||||
|
install -m 755 -D %{SOURCE1} %{buildroot}/%{_bindir}/modhash
|
||||||
|
|
||||||
|
%files
|
||||||
|
%license COPYING
|
||||||
|
%{_bindir}/mokutil
|
||||||
|
%{_bindir}/modhash
|
||||||
|
%{_mandir}/man?/*
|
||||||
|
%dir %{_datadir}/bash-completion/completions/
|
||||||
|
%{_datadir}/bash-completion/completions/mokutil
|
||||||
|
|
||||||
|
%changelog
|
Loading…
Reference in New Issue
Block a user