forked from pool/sbctl
a2c36c2f28
- Update to version 0.15.3:
* Fixed a mistake where the db_additions setting in sbctl.conf
was not wired up to sbctl setup.
* Relaxed the check for an existing install in sbctl setup form
looking after /var/lib/sbctl to check for /var/lib/sbctl/keys.
* Fixed a bug where dmi information was not read for quirk
detection when landlock was enabled.
* Fixed a bug where sbctl create-keys did not have access to
/var/lib under landlock.
* Fixed a bug where sbctl setup didn't have access to /usr/share.
- Added minimum go required version
- Update to version 0.15.2:
* Fixed a bug where sbctl setup aborts early because
/var/lib/sbctl already exists.
- Updates from version 0.15.1:
* Fixed an issue where sbctl migrate did not work without
--disable-landlock.
* Fixed an issue where bundles.db would be written to files.json
deleting list of files.
- Updates from version 0.15:
See the release for full changes.
https://github.com/Foxboron/sbctl/releases/tag/0.15
* sbctl will try to sandbox all commands with landlock. Landlock
is a unpriviledged sandbox, similar to OpenBSD pledge, that
allows sbctl to declare the directories and files we are
reading/writing a head. This feature is enabled by default and
can be disabled by setting landlock: false in the new config
file, or by passing --disable-landlock flag.
* sbctl has moved from using /usr/share/secureboot to
/var/lib/sbctl. The useage of /usr was mostly for legacy
reasons but there wasn't any motivation to fix this until now.
To help with the migration sbctl migrate has been implemented.
It will move all the files from the old location to
/var/lib/sbctl and rename files accordingly.
* sbctl now support creation of TPM key files using
go-tpm-keyfiles. These keys are mostly compatible with how
other TPM2 TSS keyfiles are created. This key type can be used
by passing on of several keytype flags to create-keys or
rotate-keys, or by specifying the type in the new configuration
file.
OBS-URL: https://build.opensuse.org/request/show/1191021
OBS-URL: https://build.opensuse.org/package/show/utilities/sbctl?expand=0&rev=11
100 lines
2.8 KiB
RPMSpec
100 lines
2.8 KiB
RPMSpec
#
|
|
# spec file for package sbctl
|
|
#
|
|
# Copyright (c) 2024 SUSE LLC
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
Name: sbctl
|
|
Version: 0.15.3
|
|
Release: 0
|
|
Summary: Secure Boot key manager
|
|
License: MIT
|
|
Group: System/Boot
|
|
URL: https://github.com/Foxboron/sbctl
|
|
%if "%{_vendor}" == "debbuild"
|
|
# Needed to set Maintainer in output debs
|
|
Packager: Jan Loeser <jan.loeser@posteo.de>
|
|
%endif
|
|
Source: %{name}-%{version}.tar.gz
|
|
Source1: vendor.tar.gz
|
|
Source2: %{name}-rpmlintrc
|
|
Requires: binutils
|
|
%if 0%{?suse_version}
|
|
Requires: util-linux-systemd
|
|
%endif
|
|
%if 0%{?ubuntu}
|
|
Requires: util-linux
|
|
%endif
|
|
BuildRequires: asciidoc
|
|
BuildRequires: binutils
|
|
%if 0%{?suse_version}
|
|
BuildRequires: go >= 1.22.0
|
|
BuildRequires: golang-packaging
|
|
BuildRequires: pkgconfig(openssl) > 3.0.0
|
|
%endif
|
|
%if 0%{?ubuntu}
|
|
BuildRequires: golang >= 1.22.0
|
|
BuildRequires: libssl-dev > 3.0.0
|
|
%endif
|
|
|
|
%description
|
|
sbctl intends to be a user-friendly secure boot key manager capable of setting
|
|
up secure boot, offer key management capabilities, and keep track of files that
|
|
needs to be signed in the boot chain.
|
|
|
|
%prep
|
|
%autosetup -a 1
|
|
|
|
%build
|
|
# Remove toolchain directive as we can't download it from external and we lack a corresponding
|
|
# macro package for deb (golang-packaging)
|
|
%if 0%{?ubuntu}
|
|
sed -i '/^toolchain.*/d' go.mod
|
|
%endif
|
|
|
|
# Remove upstream version set.
|
|
sed -i 's|VERSION =.*||' Makefile
|
|
VERSION="%{version}" %make_build all
|
|
|
|
%install
|
|
%make_install BINDIR="%{_sbindir}" PREFIX="%{_prefix}"
|
|
|
|
# Fix potential-bashisms rpmlint error by using bash shebang
|
|
sed -i 's|bin/sh|bin/bash|' %{buildroot}%{_prefix}/lib/kernel/install.d/91-sbctl.install
|
|
|
|
%check
|
|
%make_build test
|
|
|
|
%files
|
|
%doc README.md
|
|
%license LICENSE
|
|
|
|
%dir %{_prefix}/lib/kernel/
|
|
%dir %{_prefix}/lib/kernel/install.d/
|
|
%dir %{_datadir}/fish/
|
|
%dir %{_datadir}/fish/vendor_completions.d/
|
|
%dir %{_datadir}/zsh/
|
|
%dir %{_datadir}/zsh/site-functions/
|
|
|
|
%{_prefix}/lib/kernel/install.d/91-sbctl.install
|
|
%{_mandir}/man8/sbctl.8*
|
|
%{_mandir}/man5/sbctl.conf.5*
|
|
%{_datadir}/bash-completion/completions/sbctl
|
|
%{_datadir}/fish/vendor_completions.d/sbctl.fish
|
|
%{_datadir}/zsh/site-functions/_sbctl
|
|
%{_sbindir}/sbctl
|
|
|
|
%changelog
|