Accepting request 150393 from home:gary_lin:branches:Base:System

- Merge patches for FATE#314506
  + Add mokutil-support-crypt-hash-methods.patch to support the
    password hashes from /etc/shadow
  + Add mokutil-update-man-page.patch to update man page for the
    new added options
- Add mokutil-lcrypt-ldflag.patch to correct LDFLAGS

OBS-URL: https://build.opensuse.org/request/show/150393
OBS-URL: https://build.opensuse.org/package/show/Base:System/mokutil?expand=0&rev=6
This commit is contained in:
Gary Ching-Pang Lin 2013-01-30 09:56:06 +00:00 committed by Git OBS Bridge
parent 5d0e0f3e36
commit 747dfe4b95
6 changed files with 2095 additions and 346 deletions

View File

@ -0,0 +1,29 @@
From aa48dc644fbf775970d01a368c532d0668015f18 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 30 Jan 2013 16:30:23 +0800
Subject: [PATCH] Include lcrypt in LDFLAGS
---
src/Makefile.am | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index afe1752..de7ddca 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,10 +1,10 @@
bin_PROGRAMS = mokutil
mokutil_CFLAGS = $(OPENSSL_CFLAGS) \
- -lcrypt \
$(WARNINGFLAGS_C)
-mokutil_LDADD = $(OPENSSL_LIBS)
+mokutil_LDADD = $(OPENSSL_LIBS) \
+ -lcrypt
mokutil_SOURCES = efi.h \
efilib.c \
--
1.7.10.4

File diff suppressed because it is too large Load Diff

View File

@ -1,7 +1,7 @@
From bd29992e580e9a48dc698e2e108c73b51a98f05f Mon Sep 17 00:00:00 2001 From bd29992e580e9a48dc698e2e108c73b51a98f05f Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com> From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 9 Jan 2013 15:44:42 +0800 Date: Wed, 9 Jan 2013 15:44:42 +0800
Subject: [PATCH 01/10] Use getopt() to parse options Subject: [PATCH 1/9] Use getopt() to parse options
--- ---
src/mokutil.c | 259 +++++++++++++++++++++++++++------------------------------ src/mokutil.c | 259 +++++++++++++++++++++++++++------------------------------
@ -350,7 +350,7 @@ index ea8481a..2ab005c 100644
From 32a919cd2ca89ea0dfcc7644c05a3cf88cbb13c4 Mon Sep 17 00:00:00 2001 From 32a919cd2ca89ea0dfcc7644c05a3cf88cbb13c4 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com> From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 9 Jan 2013 17:37:30 +0800 Date: Wed, 9 Jan 2013 17:37:30 +0800
Subject: [PATCH 02/10] Adopt new password hash format Subject: [PATCH 2/9] Adopt new password hash format
old format: MokNew + sha256sum(MokNew + password) old format: MokNew + sha256sum(MokNew + password)
new format: salt + sha256sum(salt + password) new format: salt + sha256sum(salt + password)
@ -555,7 +555,7 @@ index 2ab005c..61c432d 100644
From 326082d300337b347ae2cc42808ce905dd92eb3b Mon Sep 17 00:00:00 2001 From 326082d300337b347ae2cc42808ce905dd92eb3b Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com> From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 9 Jan 2013 17:59:01 +0800 Date: Wed, 9 Jan 2013 17:59:01 +0800
Subject: [PATCH 03/10] Close the key file Subject: [PATCH 3/9] Close the key file
--- ---
src/mokutil.c | 2 ++ src/mokutil.c | 2 ++
@ -581,7 +581,7 @@ index 61c432d..86d5328 100644
From 97d977246991f750827764fb48662c8be4b40f78 Mon Sep 17 00:00:00 2001 From 97d977246991f750827764fb48662c8be4b40f78 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com> From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 10 Jan 2013 17:07:36 +0800 Date: Thu, 10 Jan 2013 17:07:36 +0800
Subject: [PATCH 04/10] Get rid of misused while statement Subject: [PATCH 4/9] Get rid of misused while statement
--- ---
src/mokutil.c | 4 ++-- src/mokutil.c | 4 ++--
@ -616,7 +616,7 @@ index 86d5328..36783cb 100644
From ca1978555253562c4ad39ff8b050cbbbe485474b Mon Sep 17 00:00:00 2001 From ca1978555253562c4ad39ff8b050cbbbe485474b Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com> From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 10 Jan 2013 17:24:58 +0800 Date: Thu, 10 Jan 2013 17:24:58 +0800
Subject: [PATCH 05/10] Read the password hash from the file Subject: [PATCH 5/9] Read the password hash from the file
--- ---
src/mokutil.c | 158 ++++++++++++++++++++++++++++++++++++++++++++++----------- src/mokutil.c | 158 ++++++++++++++++++++++++++++++++++++++++++++++-----------
@ -916,7 +916,7 @@ index 36783cb..4b9002e 100644
From c45ffc0d42c0564cf817a1682c0cbd5be164197d Mon Sep 17 00:00:00 2001 From c45ffc0d42c0564cf817a1682c0cbd5be164197d Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com> From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 10 Jan 2013 18:29:17 +0800 Date: Thu, 10 Jan 2013 18:29:17 +0800
Subject: [PATCH 06/10] Add a new command to generate the password hash Subject: [PATCH 6/9] Add a new command to generate the password hash
--- ---
src/mokutil.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++- src/mokutil.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
@ -1053,7 +1053,7 @@ index 4b9002e..fdb1a2b 100644
From ba347d456e80101b7c4306e7b30465c47c0fbea6 Mon Sep 17 00:00:00 2001 From ba347d456e80101b7c4306e7b30465c47c0fbea6 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com> From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 15 Jan 2013 16:14:32 +0800 Date: Tue, 15 Jan 2013 16:14:32 +0800
Subject: [PATCH 07/10] Amend help Subject: [PATCH 7/9] Amend help
--- ---
src/mokutil.c | 59 ++++++++++++++++++++++----------------------------------- src/mokutil.c | 59 ++++++++++++++++++++++-----------------------------------
@ -1136,7 +1136,7 @@ index fdb1a2b..72a651a 100644
From f1a1c7abd8fde13afcb5196c599c662109936d49 Mon Sep 17 00:00:00 2001 From f1a1c7abd8fde13afcb5196c599c662109936d49 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com> From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 15 Jan 2013 17:48:04 +0800 Date: Tue, 15 Jan 2013 17:48:04 +0800
Subject: [PATCH 08/10] New commands to revoke the import or delete request Subject: [PATCH 8/9] New commands to revoke the import or delete request
--- ---
src/mokutil.c | 58 +++++++++++++++++++++++++++++++++++---------------------- src/mokutil.c | 58 +++++++++++++++++++++++++++++++++++----------------------
@ -1254,7 +1254,7 @@ index 72a651a..7392845 100644
From 5cd7872982361be10755e3c8e7ecf228da92e164 Mon Sep 17 00:00:00 2001 From 5cd7872982361be10755e3c8e7ecf228da92e164 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com> From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 16 Jan 2013 15:12:28 +0800 Date: Wed, 16 Jan 2013 15:12:28 +0800
Subject: [PATCH 09/10] Apply stricter permissions to some variables Subject: [PATCH 9/9] Apply stricter permissions to some variables
The UEFI variables which contain the password or the password hash The UEFI variables which contain the password or the password hash
should not be accessed by normal users. should not be accessed by normal users.
@ -1340,340 +1340,3 @@ index 7392845..c1a0ffc 100644
-- --
1.7.10.4 1.7.10.4
From 47645170396e2800980044c7054bcd1078bbba93 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Fri, 18 Jan 2013 17:47:04 +0800
Subject: [PATCH 10/10] Extend the password hash format
Several new fields were added to support hash from /etc/shadow.
[Hash Method][Interation Count][Salt Size][Salt][hash]
Besides, the salt is hashed with the 8-bit char password instead of
an efi_char16_t password array.
---
src/PasswordHash.h | 33 ++++++++++++++++
src/mokutil.c | 106 +++++++++++++++++++++++++++++-----------------------
2 files changed, 93 insertions(+), 46 deletions(-)
create mode 100644 src/PasswordHash.h
diff --git a/src/PasswordHash.h b/src/PasswordHash.h
new file mode 100644
index 0000000..2aeded6
--- /dev/null
+++ b/src/PasswordHash.h
@@ -0,0 +1,33 @@
+#ifndef __PASSWORD_HASH_H__
+#define __PASSWORD_HASH_H__
+
+#include <sys/types.h>
+
+#define PASSWORD_HASH_SIZE 88
+
+/* The max salt size (in bits) */
+#define T_DES_SALT_MAX 12
+#define E_BSI_DES_SALT_MAX 24
+#define MD5_SALT_MAX 48
+#define SHA256_SALT_MAX 96
+#define SHA512_SALT_MAX 96
+#define BLOWFISH_SALT_MAX 128
+
+enum HashMethod {
+ Tranditional_DES = 0,
+ Extend_BSDI_DES,
+ MD5_BASED,
+ SHA256_BASED,
+ SHA512_BASED,
+ BLOWFISH_BASED
+};
+
+typedef struct {
+ uint16_t method;
+ uint32_t iter_count;
+ uint16_t salt_size;
+ uint8_t salt[16];
+ uint8_t hash[64];
+} __attribute__ ((packed)) pw_hash_t;
+
+#endif /* __PASSWORD_HASH_H__ */
diff --git a/src/mokutil.c b/src/mokutil.c
index c1a0ffc..38039b9 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -13,6 +13,7 @@
#include "efi.h"
#include "signature.h"
+#include "PasswordHash.h"
#define SHIM_LOCK_GUID \
EFI_GUID (0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23)
@@ -20,8 +21,6 @@ EFI_GUID (0x605dab50, 0xe046, 0x4300, 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b,
#define PASSWORD_MAX 16
#define PASSWORD_MIN 8
-#define SALT_SIZE 16
-
#define HELP 0x1
#define LIST_ENROLLED 0x2
#define LIST_NEW 0x4
@@ -359,37 +358,35 @@ error:
return ret;
}
-static void
-generate_salt (uint8_t salt[], unsigned int salt_len)
+static unsigned int
+generate_salt (uint8_t salt[], unsigned int max_size, unsigned int min_size)
{
+ unsigned int salt_len = max_size / 8;
int i;
srand (time (NULL));
for (i = 0; i < salt_len; i++)
salt[i] = rand() % 256;
+
+ return max_size;
}
static int
generate_hash (void *salt, unsigned int salt_len, char *password,
int pw_len, uint8_t *auth)
{
- efi_char16_t efichar_pass[PASSWORD_MAX+1];
- unsigned long efichar_len;
SHA256_CTX ctx;
if (!password || !auth)
return -1;
- efichar_len = efichar_from_char (efichar_pass, password,
- (PASSWORD_MAX+1)*sizeof(efi_char16_t));
-
SHA256_Init (&ctx);
if (salt)
SHA256_Update (&ctx, salt, salt_len);
- SHA256_Update (&ctx, efichar_pass, efichar_len);
+ SHA256_Update (&ctx, password, pw_len);
SHA256_Final (auth, &ctx);
@@ -412,7 +409,7 @@ char_to_int (const char c)
}
static int
-read_hex_array (const char *string, char *out, int len)
+read_hex_array (const char *string, uint8_t *out, unsigned int len)
{
int i, digit_1, digit_2;
@@ -422,17 +419,18 @@ read_hex_array (const char *string, char *out, int len)
if (digit_1 < 0 || digit_2 < 0)
return -1;
- out[i] = (char)digit_1 * 16 + (char)digit_2;
+ out[i] = (uint8_t)digit_1 * 16 + (uint8_t)digit_2;
}
return 0;
}
static int
-get_hash_from_file (const char *file, void *salt, void *hash)
+get_hash_from_file (const char *file, pw_hash_t *pw_hash)
{
FILE *fptr;
- char salt_string[2*SALT_SIZE];
+ unsigned int method, iter_count, salt_size;
+ char salt_string[2*(SHA256_SALT_MAX/8)];
char hash_string[2*SHA256_DIGEST_LENGTH];
fptr = fopen (file, "r");
@@ -441,19 +439,24 @@ get_hash_from_file (const char *file, void *salt, void *hash)
return -1;
}
- memset (salt_string, 0, 2*SALT_SIZE);
+ memset (salt_string, 0, 2*(SHA256_SALT_MAX/8));
memset (hash_string, 0, 2*SHA256_DIGEST_LENGTH);
- fscanf (fptr, "%32c.%64c", salt_string, hash_string);
+ fscanf (fptr, "%x.%x.%x.%24c.%64c", &method, &iter_count, &salt_size,
+ salt_string, hash_string);
fclose (fptr);
- if (read_hex_array (salt_string, salt, SALT_SIZE) < 0) {
+ pw_hash->method = (uint16_t)method;
+ pw_hash->iter_count = (uint32_t)iter_count;
+ pw_hash->salt_size = (uint16_t)salt_size;
+
+ if (read_hex_array (salt_string, pw_hash->salt, salt_size/8) < 0) {
fprintf (stderr, "Corrupted salt\n");
return -1;
}
- if (read_hex_array (hash_string, hash, SHA256_DIGEST_LENGTH) < 0) {
+ if (read_hex_array (hash_string, pw_hash->hash, SHA256_DIGEST_LENGTH) < 0) {
fprintf (stderr, "Corrupted hash\n");
return -1;
}
@@ -467,13 +470,16 @@ update_request (void *new_list, int list_len, uint8_t import,
{
efi_variable_t var;
const char *req_name, *auth_name;
- uint8_t salt[SALT_SIZE];
- uint8_t hash[SHA256_DIGEST_LENGTH];
- uint8_t auth[SALT_SIZE + SHA256_DIGEST_LENGTH];
+ pw_hash_t pw_hash;
char *password = NULL;
int pw_len;
int ret = -1;
+ bzero (&pw_hash, sizeof(pw_hash_t));
+ pw_hash.method = SHA256_BASED;
+ pw_hash.iter_count = 1;
+ pw_hash.salt_size = SHA256_SALT_MAX;
+
if (import) {
req_name = "MokNew";
auth_name = "MokAuth";
@@ -483,7 +489,7 @@ update_request (void *new_list, int list_len, uint8_t import,
}
if (hash_file) {
- if (get_hash_from_file (hash_file, salt, hash) < 0) {
+ if (get_hash_from_file (hash_file, &pw_hash) < 0) {
fprintf (stderr, "Failed to read hash\n");
goto error;
}
@@ -493,14 +499,13 @@ update_request (void *new_list, int list_len, uint8_t import,
goto error;
}
- generate_salt (salt, SALT_SIZE);
- if (generate_hash (salt, SALT_SIZE, password, pw_len, hash) < 0) {
+ generate_salt (pw_hash.salt, SHA256_SALT_MAX, 0);
+ if (generate_hash (pw_hash.salt, SHA256_SALT_MAX/8, password,
+ pw_len, pw_hash.hash) < 0) {
fprintf (stderr, "Couldn't generate hash\n");
goto error;
}
}
- memcpy (auth, salt, SALT_SIZE);
- memcpy (auth + SALT_SIZE, hash, SHA256_DIGEST_LENGTH);
if (new_list) {
/* Write MokNew*/
@@ -522,9 +527,9 @@ update_request (void *new_list, int list_len, uint8_t import,
test_and_delete_var (req_name);
}
- /* Write MokAuth */
- var.Data = auth;
- var.DataSize = SHA256_DIGEST_LENGTH + SALT_SIZE;
+ /* Write MokAuth or MokDelAuth */
+ var.Data = (void *)&pw_hash;
+ var.DataSize = PASSWORD_HASH_SIZE;
var.VariableName = auth_name;
var.VendorGuid = SHIM_LOCK_GUID;
@@ -848,15 +853,18 @@ static int
set_password (const char *hash_file)
{
efi_variable_t var;
- uint8_t salt[SALT_SIZE];
- uint8_t hash[SHA256_DIGEST_LENGTH];
- uint8_t auth[SHA256_DIGEST_LENGTH + SALT_SIZE];
+ pw_hash_t pw_hash;
char *password = NULL;
int pw_len;
int ret = -1;
+ bzero (&pw_hash, sizeof(pw_hash_t));
+ pw_hash.method = SHA256_BASED;
+ pw_hash.iter_count = 1;
+ pw_hash.salt_size = SHA256_SALT_MAX;
+
if (hash_file) {
- if (get_hash_from_file (hash_file, salt, hash) < 0) {
+ if (get_hash_from_file (hash_file, &pw_hash) < 0) {
fprintf (stderr, "Failed to read hash\n");
goto error;
}
@@ -866,17 +874,16 @@ set_password (const char *hash_file)
goto error;
}
- generate_salt (salt, SALT_SIZE);
- if (generate_hash (salt, SALT_SIZE, password, pw_len, hash) < 0) {
+ generate_salt (pw_hash.salt, SHA256_SALT_MAX, 0);
+ if (generate_hash (pw_hash.salt, SHA256_SALT_MAX/8, password,
+ pw_len, pw_hash.hash) < 0) {
fprintf (stderr, "Couldn't generate hash\n");
goto error;
}
}
- memcpy (auth, salt, SALT_SIZE);
- memcpy (auth + SALT_SIZE, hash, SHA256_DIGEST_LENGTH);
- var.Data = auth;
- var.DataSize = SHA256_DIGEST_LENGTH + SALT_SIZE;
+ var.Data = (void *)&pw_hash;
+ var.DataSize = PASSWORD_HASH_SIZE;
var.VariableName = "MokPW";
var.VendorGuid = SHIM_LOCK_GUID;
@@ -1044,11 +1051,15 @@ reset_moks (const char *hash_file)
static int
generate_pw_hash (const char *input_pw)
{
- uint8_t salt[SALT_SIZE];
- uint8_t hash[SHA256_DIGEST_LENGTH];
+ pw_hash_t pw_hash;
char *password = NULL;
int pw_len, i, ret = -1;
+ bzero (&pw_hash, sizeof(pw_hash_t));
+ pw_hash.method = SHA256_BASED;
+ pw_hash.iter_count = 1;
+ pw_hash.salt_size = SHA256_SALT_MAX;
+
if (input_pw) {
pw_len = strlen (input_pw);
if (pw_len > PASSWORD_MAX || pw_len < PASSWORD_MIN) {
@@ -1070,19 +1081,22 @@ generate_pw_hash (const char *input_pw)
}
}
- generate_salt (salt, SALT_SIZE);
- if (generate_hash (salt, SALT_SIZE, password, pw_len, hash) < 0) {
+ generate_salt (pw_hash.salt, SHA256_SALT_MAX, 0);
+ if (generate_hash (pw_hash.salt, SHA256_SALT_MAX/8, password,
+ pw_len, pw_hash.hash) < 0) {
fprintf (stderr, "Couldn't generate hash\n");
goto error;
}
/* Print the salt and hash */
- for (i = 0; i < SALT_SIZE; i++) {
- printf ("%x%x", salt[i]/16, salt[i]%16);
+ printf ("%x.%x.%x.", pw_hash.method, pw_hash.iter_count,
+ pw_hash.salt_size);
+ for (i = 0; i < (SHA256_SALT_MAX/8); i++) {
+ printf ("%x%x", pw_hash.salt[i]/16, pw_hash.salt[i]%16);
}
putchar ('.');
for (i = 0; i < SHA256_DIGEST_LENGTH; i++)
- printf ("%x%x", hash[i]/16, hash[i]%16);
+ printf ("%x%x", pw_hash.hash[i]/16, pw_hash.hash[i]%16);
putchar ('\n');
ret = 0;
--
1.7.10.4

View File

@ -0,0 +1,124 @@
From 53a40965390cfa3b99d636874c6b9d968380f312 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Wed, 30 Jan 2013 14:16:16 +0800
Subject: [PATCH] Update man page
---
man/mokutil.1 | 59 +++++++++++++++++++++++++++++++++++++++++----------------
1 file changed, 43 insertions(+), 16 deletions(-)
diff --git a/man/mokutil.1 b/man/mokutil.1
index 7a70d3e..fabd7a9 100644
--- a/man/mokutil.1
+++ b/man/mokutil.1
@@ -1,27 +1,41 @@
-.TH MOKUTIL 1 "Wed Nov 07 2012"
+.TH MOKUTIL 1 "Wed Jan 30 2013"
.SH NAME
mokutil \- utility to manipulate machine owner keys
.SH SYNOPSIS
-\fBmokutil\fR [--list-enrolled | -le]
+\fBmokutil\fR [--list-enrolled]
.br
-\fBmokutil\fR [--list-new | -ln]
+\fBmokutil\fR [--list-new]
.br
-\fBmokutil\fR [--import | -i] ...
+\fBmokutil\fR [--import \fIkeylist\fR| -i \fIkeylist\fR]
+ ([--hash-file \fIhashfile\fR | -f \fIhashfile\fR] | [--root-pw | -P])
.br
-\fBmokutil\fR [--delete-all | -D]
+\fBmokutil\fR [--delete \fIkeylist\fR | -d \fIkeylist\fR]
+ ([--hash-file \fIhashfile\fR | -f \fIhashfile\fR] | [--root-pw | -P])
.br
-\fBmokutil\fR [--revoke | -r]
+\fBmokutil\fR [--revoke-import]
+.br
+\fBmokutil\fR [--revoke-delete]
.br
\fBmokutil\fR [--export | -x]
.br
\fBmokutil\fR [--password | -p]
+ ([--hash-file \fIhashfile\fR | -f \fIhashfile\fR] | [--root-pw | -P])
.br
\fBmokutil\fR [--disable-validation]
.br
\fBmokutil\fR [--enable-validation]
.br
+\fBmokutil\fR [--sb-state]
+.br
+\fBmokutil\fR [--test-key | -t] ...
+.br
+\fBmokutil\fR [--reset]
+ ([--hash-file \fIhashfile\fR | -f \fIhashfile\fR] | [--root-pw | -P])
+.br
+\fBmokutil\fR [--generate-hash=\fIpassword\fR | -g\fIpassword\fR]
+.br
.SH DESCRIPTION
\fBmokutil\fR is a tool to import or delete the machines owner keys
@@ -31,36 +45,49 @@ mokutil \- utility to manipulate machine owner keys
.TP
\fB--list-enrolled\fR
List the keys the already stored in the database
-
.TP
\fB--list-new\fR
List the keys to be enrolled
-
.TP
\fB--import\fR
Collect the followed files and form a request to shim. The files must be in DER
format.
-
.TP
\fB--delete-all\fR
Request shim to delete all stored keys
-
.TP
-\fB--revoke\fR
-Revoke the current request
-
+\fB--revoke-import\fR
+Revoke the current import request (MokNew)
+.TP
+\fB--revoke-delete\fR
+Revoke the current delete request (MokDel)
.TP
\fB--export\fR
Export the keys stored in MokListRT
-
.TP
\fB--password\fR
Setup the password for MokManager
-
.TP
\fB--disable-validation\fR
Disable the validation process in shim
-
.TP
\fB--enrolled-validation\fR
Enable the validation process in shim
+.TP
+\fB--sb-state\fR
+Show SecureBoot State
+.TP
+\fB--test-key\fR
+Test if the key is enrolled or not
+.TP
+\fB--reset\fR
+Reset MOK list
+.TP
+\fB--generate-hash\fR
+Generate the password hash
+.TP
+\fB--hash-file\fR
+Use the password hash from a specific file
+.TP
+\fB--root-pw\fR
+Use the root password hash from /etc/shadow
--
1.7.10.4

View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Wed Jan 30 08:00:22 UTC 2013 - glin@suse.com
- Merge patches for FATE#314506
+ Add mokutil-support-crypt-hash-methods.patch to support the
password hashes from /etc/shadow
+ Add mokutil-update-man-page.patch to update man page for the
new added options
- Add mokutil-lcrypt-ldflag.patch to correct LDFLAGS
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jan 18 10:05:27 UTC 2013 - glin@suse.com Fri Jan 18 10:05:27 UTC 2013 - glin@suse.com

View File

@ -34,6 +34,14 @@ Patch3: mokutil-allow-password-from-pipe.patch
Patch4: mokutil-support-delete-keys.patch Patch4: mokutil-support-delete-keys.patch
# PATCH-FIX-UPSTREAM mokutil-support-new-pw-hash.patch glin@suse.com -- Support the new password hash format # PATCH-FIX-UPSTREAM mokutil-support-new-pw-hash.patch glin@suse.com -- Support the new password hash format
Patch5: mokutil-support-new-pw-hash.patch Patch5: mokutil-support-new-pw-hash.patch
# PATCH-FIX-UPSTREAM mokutil-support-crypt-hash-methods.patch glin@suse.com -- Support the hash methods used for /etc/shadow
Patch6: mokutil-support-crypt-hash-methods.patch
# PATCH-FIX-UPSTREAM mokutil-update-man-page.patch glin@suse.com -- Update man page
Patch7: mokutil-update-man-page.patch
# PATCH-FIX-UPSTREAM mokutil-lcrypt-ldflag.patch glin@suse.com -- Add -lcrpyt correctly
Patch8: mokutil-lcrypt-ldflag.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libopenssl-devel >= 0.9.8 BuildRequires: libopenssl-devel >= 0.9.8
BuildRequires: pkg-config BuildRequires: pkg-config
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -56,8 +64,12 @@ Authors:
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%build %build
autoreconf -i -f
%configure %configure
make make