pool/keylime
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity

Compare commits

base: pool:slfo-1.2
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2
..
compare: pool:factory
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2

12 Commits
slfo-1.2 ... factory

Author SHA256 Message Date
Ana Guerrero
8589de66a8 Accepting request 1326329 from security 
OBS-URL: https://build.opensuse.org/request/show/1326329
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/keylime?expand=0&rev=51
 2026-01-12 09:16:15 +00:00
Alberto Planas Dominguez
a4df9eb062 - Add missing pyasn1 dependency 
- Use tmpfiles.d for /var directories (PED-14735)
- Update to version 7.13.0+55:
  * [Automatic] Update Keylime base image 2026-01-05
  * docs: Document claims response from /verify/evidence
  * verify/evidence: Use tee label for TEE verification
  * verify/evidence: Change valid response to boolean
  * tee/snp: Return SEV-SNP claims upon successful verification
  * verify/evidence: Return TPM claims in response
  * verify/evidence: Define empty response fields
  * [Automatic] Update Keylime base image 2025-12-14
  * Fix TypeError when using -m flag without IMA measurement list path
  * Increase maximum_attestation_interval
  * Do not require wheel for building
  * Add session.refresh() before process_get_status()
  * Fix PUSH mode attestation status race condition
  * Add consecutive_attestation_failures column to legacy VerfierMain model
  * Remove operational_state field from status response in push mode

OBS-URL: https://build.opensuse.org/package/show/security/keylime?expand=0&rev=107
 2026-01-09 11:33:45 +00:00
Ana Guerrero
e901110412 Accepting request 1321784 from security 
OBS-URL: https://build.opensuse.org/request/show/1321784
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/keylime?expand=0&rev=50
 2025-12-10 14:29:59 +00:00
Alberto Planas Dominguez
38630ee9fe - Update to version 7.13.0+40 (CVE-2025-13609, bsc#1254199): 
* Fix registrar duplicate UUID vulnerability (#1825)
  * [Automatic] Update Keylime base image 2025-12-01
  * Include new attestation information fields (#1818)
  * Fix Database race conditions and SQLAlchemy 2.0 compatibility (#1823)
  * ci: add push model tests to the packit plan
  * push-model: require HTTPS for authentication and attestation endpoints
  * Fix operational_state tracking in push mode attestations
  * templates: add push model authentication config options to 2.5 templates
  * Improve test coverage for authentication components
  * Security: Hash authentication tokens in logs
  * Fix stale IMA policy cache in verification
  * Fix authentication behavior on failed attestations for push mode
  * Add shared memory infrastructure for multiprocess communication
  * Add agent authentication (challenge/response) protocol for push mode
  * Convert CRLF to LF line endings in attestation_controller.py
  * Add agent-driven (push) attestation protocol with PULL mode regression fixes (#1814)
  * [Automatic] Update Keylime base image (2025-11-01) (#1816)
  * docs: Fix man page RST formatting for rst2man compatibility (#1813)
  * tests: Enable more tests in CI
  * Apply limit on keylime-policy workers
  * tpm: fix ECC signature parsing to support variable-length coordinates
  * tpm: fix ECC P-521 credential activation with consistent marshaling
  * tpm: fix ECC P-521 coordinate validation
  * tests: Test keylime-policy both for filelist-ext.xml match and mismatch (#1806)
  * [Automatic] Update Keylime base image 2025-10-01
  * Remove deprecated disabled_signing_algorithms configuration option (#1804)
  * algorithms: add support for specific RSA algorithms
  * algorithms: add support for specific ECC curve algorithms
  * Update manages based on review feedback
  * Created manpage for keylime-policy and edited manpages for keylime verifier, registrar, agent
  * Manpage for keylime agent
  * Manpage for keylime verifier
  * Manpage for keylime registrar
  * Use constants for timeout and max retries defaults
  * tests: Add unit tests for the timeout configuration
  * verifier: Use timeout from `request_timeout` config option
  * revocation_notifier: Use timeout setting from config file
  * tenant: Set timeout when getting version from agent
  * verify/evidence: SEV-SNP evidence type/verifier
  * verify/evidence: Add evidence type to request JSON
- Update to version v7.13.0:
  * Bump version to 7.13.0
  * Avoid re-encoding certificate stored in DB
  * Revert "models: Do not re-encode certificate stored in DB"
  * Revert "registrar_agent: Use pyasn1 to parse PEM"
  * CI: Enable test add-agent-with-malformed-ek-cert
  * [Automatic] Update Keylime base image 2025-09-01
  * policy/sign: use print() when writing to /dev/stdout
  * registrar_agent: Use pyasn1 to parse PEM
  * models: Do not re-encode certificate stored in DB
  * mba: normalize vendor_db in EV_EFI_VARIABLE_AUTHORITY events
  * Fix minor typo (exponantial->exponential)
  * mb: support vendor_db as logged by newer shim versions
  * mb: support EV_EFI_HANDOFF_TABLES events on PCR1
  * Remove unnecessary configuration values
  * cloud_verifier_tornado: handle exception in notify_error()
  * requests_client: close the session at the end of the resource manager
  * Manpage for keylime_tenant (#1786)
  * Add 2.5 templates including Push Model changes
  * [Automatic] Update Keylime base image 2025-08-01
  * Initial version of verify evidence API
  * packit: Enable connection leak test in CI
  * db: Do not read pool size and max overflow for sqlite
  * Use context managers to close DB sessions
  * revocations: Try to send notifications on shutdown
  * verifier: Gracefully shutdown on signal
  * [Automatic] Update Keylime base image 2025-07-01
  * Use `fork` as `multiprocessing` start method
  * Fix inaccuracy in threat model and add reference to SBAT
  * Explain TPM properties and expand vTPM discussion
  * Misc formatting fixes
  * Add diagrams and tweak formatting
  * Fix formatting issues
  * Fix invalid RST and update TOC
  * Expand threat model page to include adversarial model
  * CI: Enable CONTAINER_ENGINE to allow other engines
  * Add --push-model option to avoid requests to agents
  * [Automatic] Update Keylime base image 2025-06-04
  * docker: Remove tpm2-tools compilation from base image
  * tests: fix rpm repo tests from create-runtime-policy
  * tests: skip measured-boot related tests for s390x and ppc64le
  * templates: duplicate str_to_version() in the adjust script
  * policy: fix mypy issues with rpm_repo
  * revocation_notifier: fix mypy issue by replacing deprecated call
  * Fix create_runtime_policy in python < 3.12
  * [Automatic] Update Keylime base image 2025-06-02
  * Fix after review
  * fixed CONSTANT names C0103 errors
  * [Automatic] Update Keylime base image 2025-05-02
  * [Automatic] Update Keylime base image 2025-04-04
  * [Automatic] Update Keylime base image 2025-04-01
  * Extend meta_data field in verifierdb
  * docs: update issue templates
  * docs: add GitHub PR template with documentation reminders
  * [Automatic] Update Keylime base image 2025-03-10
  * tpm_util: fix quote signature extraction for ECDSA
  * packit: Add compatibility/api_version_compatibility test
  * registrar: Log API versions during startup
  * lint: Fix mypy warnings
  * Remove excessive logging on exception
  * tests: change test_mba_parsing to not need keylime installed
  * scripts: Fix coverage information downloading script

OBS-URL: https://build.opensuse.org/package/show/security/keylime?expand=0&rev=105
 2025-12-09 14:18:53 +00:00
Ana Guerrero
f423421d75 Accepting request 1300747 from security 
OBS-URL: https://build.opensuse.org/request/show/1300747
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/keylime?expand=0&rev=49
 2025-08-22 15:46:58 +00:00
Alberto Planas Dominguez
0b860515e8 - Convert to libalternatives on SLE-16-based and newer systems 
OBS-URL: https://build.opensuse.org/package/show/security/keylime?expand=0&rev=103
 2025-08-21 09:33:20 +00:00
Dominique Leuenberger
7ab145cac0 Accepting request 1299059 from security 
OBS-URL: https://build.opensuse.org/request/show/1299059
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/keylime?expand=0&rev=48
 2025-08-13 14:23:01 +00:00
Alberto Planas Dominguez
696909bcf8 - Switch to pyproject macros 
OBS-URL: https://build.opensuse.org/package/show/security/keylime?expand=0&rev=101
 2025-08-12 12:18:14 +00:00
Dominique Leuenberger
11d5497274 Accepting request 1245895 from security 
OBS-URL: https://build.opensuse.org/request/show/1245895
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/keylime?expand=0&rev=47
 2025-02-16 21:37:15 +00:00
Alberto Planas Dominguez
06a269ff7b - Update to version v7.12.1 (CVE-2025-1057, bsc#1237153): 
* Bump version to 7.12.1
  * models: Add Base64Bytes type to read and write from the database
  * Simplify response check from registrar
  * [Automatic] Update Keylime base image 2025-02-01

OBS-URL: https://build.opensuse.org/package/show/security/keylime?expand=0&rev=99
 2025-02-14 13:08:15 +00:00
Ana Guerrero
fa26e29937 Accepting request 1240485 from security 
OBS-URL: https://build.opensuse.org/request/show/1240485
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/keylime?expand=0&rev=46
 2025-01-28 13:58:27 +00:00
Alberto Planas Dominguez
0120e84a1c - Update to version v7.12.0: 
* Bump version to 7.12.0
  * API: Add /version endpoint to registrar
  * Remove unused registrar_common.py file
  * scripts: Download coverage data directly from Testing Farm
  * docs: Add separate documentation for each API version
  * scripts/create_runtime_policy.sh: fix path for the exclude list
  * docs: add documentation for keylime-policy
  * [Automatic] Update Keylime base image 2025-01-02
  * templates: Add the new agent.conf option 'api_versions'
  * Enable autocompletion using argcomplete
  * build(deps): bump codecov/codecov-action from 5.1.1 to 5.1.2
  * test: remove typed-ast from test-requirements.txt
  * tests: fix rpm tests to account for older createrepo_c versions
  * Configure EPEL-10 repo in packit-ci.fmf
  * packit: Fix typo to run keylime-policy-commands test
  * build(deps): bump codecov/codecov-action from 5.0.2 to 5.1.1
  * build(deps): bump pypa/gh-action-pypi-publish from 1.12.0 to 1.12.3
  * docker/ci: Add xxd to the CI image
  * docker/ci: Fix CI image build for dnf5
  * build(deps): bump docker/metadata-action from 5.5.1 to 5.6.1
  * build(deps): bump docker/build-push-action from 6.9.0 to 6.10.0
  * keylime-policy: improve error handling when provided a bad key (sign)
  * keylime-policy: exit with status 1 when the commands failed
  * keylime-policy: use Certificate() from models.base to validate certs
  * keylime-policy: check for valid cert file when using x509 backend (sign)
  * keylime-policy: fix help for "keylime-policy sign" verb
  * tenant: Correctly log number of tries when deleting
  * tests: Use Fedora 41 to generate code coverage
  * [Automatic] Update Keylime base image 2024-12-02
  * update TCTI environment variable usage
  * build(deps): bump codecov/codecov-action from 4.6.0 to 5.0.2
  * keylime-policy: add `create measured-boot' subcommand
  * keylime-policy: add `sign runtime' subcommand
  * keylime-policy: add logger to use with the policy tool
  * docker/release/build_locally.sh: Fail if skopeo is not installed
  * installer.sh: Restore execution permission
  * installer: Fix string comparison
  * build(deps): bump docker/build-push-action from 6.7.0 to 6.9.0
  * build(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0
  * build(deps): bump pypa/gh-action-pypi-publish from 1.11.0 to 1.12.0
  * build(deps): bump actions/setup-python from 5.2.0 to 5.3.0
  * installer.sh: updated EPEL, PEP668 Fix, logic fix
  * build(deps): bump pypa/gh-action-pypi-publish from 1.10.3 to 1.11.0
  * build(deps): bump actions/checkout from 4.2.1 to 4.2.2
  * postgresql support for docker using psycopg2
  * [Automatic] Update Keylime base image 2024-11-04
  * End of term for @maugustosilva + propose @ansasaki
  * installer.sh: update package list, add workaround for PEP 668
  * build(deps): bump actions/checkout from 4.2.0 to 4.2.1
  * keylime.conf: full removal
  * Drop pending SPDX-License-Identifier headers
  * create_runtime_policy: Validate algorithm from IMA measurement log
  * test_create_runtime_policy: Add test for mismatching algorithms
  * create-runtime-policy: Deal with SHA-256 and SM3_256 ambiguity
  * create_runtime_policy: drop commment with test data
  * create_runtime_policy: Use a common method to guess algorithm
  * keylime-policy: rename tool to keylime-policy instead of keylime_policy
  * keylime_policy: create runtime: remove --use-ima-measurement-list
  * keylime_policy: use consistent arg names for create_runtime_policy
  * tests: Add more tests to Packit CI
  * build(deps): bump pypa/gh-action-pypi-publish from 1.10.2 to 1.10.3
  * build(deps): bump actions/checkout from 4.1.7 to 4.2.0
  * [Automatic] Update Keylime base image 2024-10-01
  * elchecking/example: workaround empty PK, KEK, db and dbx
  * elchecking: add handling for EV_EFI_PLATFORM_FIRMWARE_BLOB2
  * create_runtime_policy: Fix log level for debug messages
  * build(deps): bump pypa/gh-action-pypi-publish from 1.10.1 to 1.10.2
  * build(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.5
  * pylintrc: Ignore too-many-positional-arguments check
  * keylime/web/base/controller: Move TypeAlias definition out of class
  * test_create_runtime_policy: Add tests for algorithm priority
  * test_create_runtime_policy: Add test case for symbolic links
  * create_runtime_policy: Calculate digests in multiple threads
  * create_runtime_policy: Allow rootfs to be in any directory
  * keylime_policy: Calculate digests from each source separately
  * create_runtime_policy: Simplify boot_aggregate parsing
  * ima: Validate JSON when loading IMA Keyring from string
  * docs: include IDevID page also in the sidebar
  * docs: point to installation guide from RHEL and SLE Micro
  * build(deps): bump actions/setup-python from 5.1.1 to 5.2.0
  * build(deps): bump pypa/gh-action-pypi-publish from 1.9.0 to 1.10.1
  * change check_tpm_origin_check to a warning that does not prevent registration
  * docs: Fix Runtime Policy JSON schema to reflect the reality
  * README: update meeting time to 16:00 UK time
  * [Automatic] Update Keylime base image 2024-09-11
  * Sets absolute path for files inside a rootfs dir
  * policy/create_runtime_policy: fix handling of empty lines in exclude list
  * keylime_policy: setting 'log_hash_alg' to 'sha1' (template-hash algo)
  * tests: apply workarounds to known bugs
  * codestyle: Assign CERTIFICATE_PRIVATE_KEY_TYPES directly (pyright)
  * codestyle: convert bytearrays to bytes to get expected type (pyright)
  * codestyle: Use new variables after changing datatype (pyright)
  * Revert "DO NOT MERGE, TEMPORARY COMMIT"
  * [Automatic] Update Keylime base image 2024-08-16
  * Lint: ignore reportArgumentType and reportInvalidTypeForm errors
  * docker: Install latest Keylime during image build
  * cert_utils: add description why loading using cryptography might fail
  * Enable test functional/iak-idevid-persisted-and-protected
  * ima: list names of the runtime policies
  * tests: Enable test /sanity/opened-conf-files
  * build(deps): bump docker/build-push-action from 6.6.1 to 6.7.0
  * DO NOT MERGE, TEMPORARY COMMIT
  * tox: Use python 3.10 instead of 3.6
  * revocation_notifier: Use web_util to generate TLS context
  * mba: Add a skip custom policies option when loading mba.
  * build(deps): bump docker/build-push-action from 6.5.0 to 6.6.1
  * build(deps): bump docker/metadata-action from 4.6.0 to 5.5.1
  * workflows/base-image: Add latest tag to the CI image build
  * test: add setuptools to test-requirements.txt
  * keylime/models/registrar: attempt to make pylint happy
  * test: update green version in test/test-requirements.txt
  * test/run_tests.sh: take into account non-zero exit status from pytest
  * cmd/keylime_policy: add tool to handle keylime policies
  * cert_utils: add is_x509_cert()
  * common/algorithms: transform Encrypt and Sign class into enums
  * common/algorithms: add method to calculate digest of a file
  * [Automatic] Update Keylime base image 2024-08-02
  * workflows/base-image: Fix CI image build context
  * docker/ci: Add test dependency needed for PR#1568
  * workflow/base-image: Drop duplicated job ID
  * [Automatic] Update Keylime base image 2024-07-31
  * docker: Build CI image together with the base image
  * build(deps): bump docker/build-push-action from 4.2.1 to 6.5.0
  * build(deps): bump docker/login-action from 3.2.0 to 3.3.0
  * build(deps): bump docker/metadata-action from 4.6.0 to 5.5.1
  * workflows/update-base-image: Add a signoff to the automatic PR
  * workflows/container: Fix typo on sed command
  * docker: Build base image separately
  * build(deps): bump docker/login-action from 3.2.0 to 3.3.0
  * build(deps): bump docker/build-push-action from 6.4.1 to 6.5.0
  * build(deps): bump docker/build-push-action from 4.2.1 to 6.4.1
  * build(deps): bump docker/metadata-action from 4.6.0 to 5.5.1
  * build(deps): bump pre-commit/action from 3.0.0 to 3.0.1
  * tpm: Replace KDFs and ECDH implementations with python-cryptography
  * build(deps): bump codecov/codecov-action from 2.1.0 to 4.5.0
  * build(deps): bump docker/login-action from 2.2.0 to 3.2.0
  * Update .github/workflows/pypi-release.yml
  * Update .github/workflows/test.yml
  * build(deps): bump actions/setup-python from 2.3.4 to 5.1.1
  * ci: disable Packit testing for Rawhide
  * docker/release/base: Explicitly add the registry for base
  * ci: use CODECOV_TOKEN for coverage file upload
  * build(deps): bump actions/first-interaction
  * build(deps): bump actions/checkout from 2.7.0 to 4.1.7
  * docker/ci: Add test dependencies from #1568
  * docker: Update images to use Fedora 40
  * Added limit by mistake for dependabot
  * Adds dependabot
  * Add Frizbee Action
  * Change Docker and Action Tags to Digests
  * revocation_notifier: Explicitly add CA certificate bundle
  * Introduce new REST API framework and refactor registrar implementation
  * mba: Support named measured boot policies
  * tenant: add friendlier error message if mTLS CA is wrongly configured
  * ca_impl_openssl: Mark extensions as critical following RFC 5280
  * Include Authority Key Identifier in KL-generated certs
  * verifier, tenant: make payload for agent completely optional

OBS-URL: https://build.opensuse.org/package/show/security/keylime?expand=0&rev=97
 2025-01-27 09:55:25 +00:00
8 changed files with 51 additions and 21 deletions
Expand all files Collapse all files

2
_servicedata
View File

@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/keylime/keylime.git</param>
<param name="changesrevision">dc75773679b1862e3b571f513e5aa9904efaf136</param></service></servicedata>
<param name="changesrevision">af531bdbd127dbe2595ffcc80bdd9b447b09e705</param></service></servicedata>

BIN
keylime-7.13.0+40.tar.xz LFS
View File

Binary file not shown.

BIN
keylime-7.13.0+55.tar.xz LFS Normal file
View File

Binary file not shown.

27
keylime.changes
View File

@@ -1,3 +1,30 @@
-------------------------------------------------------------------
Fri Jan 9 11:32:03 UTC 2026 - Alberto Planas Dominguez <aplanas@suse.com>
- Add missing pyasn1 dependency
-------------------------------------------------------------------
Thu Jan 08 08:37:05 UTC 2026 - aplanas@suse.com
- Use tmpfiles.d for /var directories (PED-14735)
- Update to version 7.13.0+55:
* [Automatic] Update Keylime base image 2026-01-05
* docs: Document claims response from /verify/evidence
* verify/evidence: Use tee label for TEE verification
* verify/evidence: Change valid response to boolean
* tee/snp: Return SEV-SNP claims upon successful verification
* verify/evidence: Return TPM claims in response
* verify/evidence: Define empty response fields
* [Automatic] Update Keylime base image 2025-12-14
* Fix TypeError when using -m flag without IMA measurement list path
* Increase maximum_attestation_interval
* Do not require wheel for building
* Add session.refresh() before process_get_status()
* Fix PUSH mode attestation status race condition
* Add consecutive_attestation_failures column to legacy VerfierMain model
* Remove operational_state field from status response in push mode
-------------------------------------------------------------------
Tue Dec 09 13:34:39 UTC 2025 - aplanas@suse.com

5
keylime.conf Normal file
View File

@@ -0,0 +1,5 @@
#Type Path Mode User Group Age Argument...
d /var/log/keylime 0750 keylime tss - -
d /var/lib/keylime 0700 keylime tss - -
L /var/lib/keylime/tpm_cert_store 0700 keylime tss - ../../../usr/lib/keylime/tpm_cert_store
d /run/keylime 0700 keylime tss - -

6
keylime.obsinfo
View File

@@ -1,4 +1,4 @@
name: keylime
version: 7.13.0+40
mtime: 1764941702
commit: dc75773679b1862e3b571f513e5aa9904efaf136
version: 7.13.0+55
mtime: 1767609804
commit: af531bdbd127dbe2595ffcc80bdd9b447b09e705

25
keylime.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package keylime
#
# Copyright (c) 2025 SUSE LLC and contributors
# Copyright (c) 2026 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -31,7 +31,7 @@
%endif
%{?sle15_python_module_pythons}
Name: keylime
Version: 7.13.0+40
Version: 7.13.0+55
Release: 0
Summary: Open source TPM software for Bootstrapping and Maintaining Trust
License: Apache-2.0 AND MIT AND BSD-3-Clause
@@ -40,7 +40,7 @@ Source0: %{name}-%{version}.tar.xz
Source1: keylime.xml
Source2: %{name}-user.conf
Source3: logrotate.%{name}
Source4: tmpfiles.%{name}
Source4: %{name}.conf
# openSUSE adjustments for generated configuration files
Source10: registrar.conf.diff
Source11: verifier.conf.diff
@@ -65,6 +65,8 @@ Requires: python3-jsonschema
Requires: python3-lark
Requires: python3-packaging
Requires: python3-psutil
Requires: python3-pyasn1
Requires: python3-pyasn1-modules
Requires: python3-pyzmq
Requires: python3-requests
Requires: python3-tornado
@@ -198,11 +200,10 @@ install -Dpm 0644 %{SOURCE1} %{buildroot}%{_prefix}/lib/firewalld/services/%{src
install -Dpm 0644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}-user.conf
install -Dpm 0644 %{SOURCE3} %{buildroot}%{_distconfdir}/logrotate.d/%{name}
install -Dpm 0644 %{SOURCE4} %{buildroot}%{_tmpfilesdir}/%{name}.conf
install -d %{buildroot}%{_localstatedir}/log/%{name}
mkdir -p %{buildroot}/%{_sharedstatedir}/%{srcname}
cp -r ./tpm_cert_store %{buildroot}%{_sharedstatedir}/%{srcname}/
%fdupes %{buildroot}%{_sharedstatedir}/%{srcname}/
mkdir -p %{buildroot}%{_prefix}/lib/%{srcname}
cp -r ./tpm_cert_store %{buildroot}%{_prefix}/lib/%{srcname}/
%fdupes %{buildroot}%{_prefix}/lib/%{srcname}/
# %%check
# %%pyunittest -v
@@ -252,7 +253,7 @@ cp -r ./tpm_cert_store %{buildroot}%{_sharedstatedir}/%{srcname}/
%pre -n %{srcname}-tpm_cert_store -f %{srcname}.pre
%post -n %{srcname}-tpm_cert_store
%tmpfiles_create %{srcname}.conf
%tmpfiles_create %{_tmpfilesdir}/%{srcname}.conf
%pre -n %{srcname}-verifier
%service_add_pre %{srcname}_verifier.service
@@ -306,13 +307,12 @@ cp -r ./tpm_cert_store %{buildroot}%{_sharedstatedir}/%{srcname}/
%{_prefix}/lib/firewalld/services/%{srcname}.xml
%files -n %{srcname}-tpm_cert_store
%dir %attr(0700,keylime,tss) %{_sharedstatedir}/%{srcname}
%dir %attr(0700,keylime,tss) %{_sharedstatedir}/%{srcname}/tpm_cert_store
%attr(0600,keylime,tss) %{_sharedstatedir}/%{srcname}/tpm_cert_store/*
%dir %attr(0700,keylime,tss) %{_prefix}/lib/%{srcname}
%dir %attr(0700,keylime,tss) %{_prefix}/lib/%{srcname}/tpm_cert_store
%attr(0600,keylime,tss) %{_prefix}/lib/%{srcname}/tpm_cert_store/*
# We use this subpackage to store other unrelated things, as far as is
# required by all the services
%{_sysusersdir}/%{srcname}-user.conf
%ghost %dir %attr(0700,keylime,tss) %{_rundir}/%{srcname}
%{_tmpfilesdir}/%{srcname}.conf
%files -n %{srcname}-registrar
@@ -331,6 +331,5 @@ cp -r ./tpm_cert_store %{buildroot}%{_sharedstatedir}/%{srcname}/
%files -n %{srcname}-logrotate
%_config_norepl %{_distconfdir}/logrotate.d/%{srcname}
%dir %attr(0750,keylime,tss) %{_localstatedir}/log/%{srcname}
%changelog

1
tmpfiles.keylime
View File

@@ -1 +0,0 @@
d /run/keylime 0700 keylime tss