Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

evmctl-1.4-150400.1.5 RPM for ppc64le

From OpenSuSE Leap 15.5 for ppc64le

Name: evmctl Distribution: SUSE Linux Enterprise 15
Version: 1.4 Vendor: SUSE LLC <https://www.suse.com/>
Release: 150400.1.5 Build date: Sun May 8 00:45:10 2022
Group: System/Kernel Build host: ibs-power9-13
Size: 141599 Source RPM: ima-evm-utils-1.4-150400.1.5.src.rpm
Packager: https://www.suse.com/
Url: http://sourceforge.net/projects/linux-ima/
Summary: IMA/EVM signing utility
The evmctl utility can be used for producing and verifying digital signatures,
which are used by Linux kernel integrity subsystem (IMA/EVM). It can be also
used to import keys into the kernel keyring.

Provides

Requires

License

LGPL-2.1-or-later

Changelog

* Fri Nov 05 2021 [email protected]
  - Update to version 1.4
    * Elliptic curve support and tests
    * PKCS11 support and tests
    * Ability to manually specify the keyid included in the IMA xattr
    * Improve IMA measurement list per TPM bank verification
    * Linking with IBM TSS
    * Set default hash algorithm in package configuration
    * (Minimal) support and test EVM portable signatures
    * CI testing:
    * Refresh and include new distros
    * Podman support
    * GitHub Actions
    * Limit "sudo" usage
    * Misc bug fixes and code cleanup
    * Fix static analysis bug reports, memory leaks
    * Remove experimental code that was never upstreamed in the kernel
    * Use unsigned variable, remove unused variables, etc
  - Upstream bumped soname to 3.0.0
* Thu Oct 29 2020 [email protected]
  - Update to version 1.3.2
    * Bugfixes: importing keys
    * NEW: Docker based travis distro testing
    * Travis bugfixes, code cleanup, software version update,
    and script removal
    * Initial travis testing
  - Remove 0001-help-Add-missing-new-line-for-ignore-violations.patch
    (patch from this release)
  - Add make check + dependencies (getfattr => attr, xxd => vim)
* Thu Oct 01 2020 [email protected]
  - Fix missing new line in help
    (0001-help-Add-missing-new-line-for-ignore-violations.patch)
* Fri Aug 14 2020 [email protected]
  - Update to version 1.3.1
    * "--pcrs" support for per crypto algorithm
    * Drop/rename "ima_measurement" options
    * Moved this summary from "Changelog" to "NEWS", removing
    requirement for GNU empty files
    * Distro build fixes
    * Remove 0001-pcr_tss-Fix-compilation-for-old-compilers.patch (from this
      release)
* Thu Jul 23 2020 [email protected]
  - Use %autosetup -p1
* Wed Jul 22 2020 [email protected]
  - Remove suse_version check for tpm2-0-tss-devel as the package is available
    for back as far as SLE 12 SP2 and respective openSUSE versions (also check
    was wrong, should have been 1500).
* Wed Jul 22 2020 [email protected]
  - Fixes from previous SR (reported by fvogt):
    * Move ibmtss runtime dependency to evmctl package
    * Remove dependencies to devel package (should not be needed)
* Wed Jul 22 2020 [email protected]
  - Update to version 1.3
    version 1.3 new features:
    * NEW ima-evm-utils regression test infrastructure with two initial
    tests:
    - ima_hash.test: calculate/verify different crypto hash algorithms
    - sign_verify.test: EVM and IMA sign/verify signature tests
    * TPM 2.0 support
    - Calculate the new per TPM 2.0 bank template data digest
    - Support original padding the SHA1 template data digest
    - Compare ALL the re-calculated TPM 2.0 bank PCRs against the
    TPM 2.0 bank PCR values
    - Calculate the per TPM bank "boot_aggregate" values, including
    PCRs 8 & 9 in calculation
    - Support reading the per TPM 2.0 Bank PCRs using Intel's TSS
    - boot_aggregate.test: compare the calculated "boot_aggregate"
    values with the "boot_aggregate" value included in the IMA
    measurement.
    * TPM 1.2 support
    - Additionally support reading the TPM 1.2 PCRs from a supplied file
    ("--pcrs" option)
    * Based on original IMA LTP and standalone version support
    - Calculate the TPM 1.2 "boot_aggregate" based on the exported
    TPM 1.2 BIOS event log.
    - In addition to verifying the IMA measurement list against the
    the TPM PCRs, verify the IMA template data digest against the
    template data.  (Based on LTP "--verify" option.)
    - Ignore file measurement violations while verifying the IMA
    measurment list. (Based on LTP "--validate" option.)
    - Verify the file data signature included in the measurement list
    based on the file hash also included in the measurement list
    (--verify-sig)
    - Support original "ima" template (mixed templates not supported)
    * Support "sm3" crypto name
    Bug fixes and code cleanup:
    * Don't exit with -1 on failure, exit with 125
    * On signature verification failure, include pathname.
    * Provide minimal hash_info.h file in case one doesn't exist, needed
    by the ima-evm-utils regression tests.
    * On systems with TPM 1.2, skip "boot_aggregate.test" using sample logs
    * Fix hash_algo type comparison mismatch
    * Simplify/clean up code
    * Address compiler complaints and failures
    * Fix memory allocations and leaks
    * Sanity check provided input files are regular files
    * Revert making "tsspcrread" a compile build time decision.
    * Limit additional messages based on log level (-v)
  - Add patch 0001-pcr_tss-Fix-compilation-for-old-compilers.patch
  - Upstream bumped soname to 2.0.0
  - Add tpm2-0-tss-devel for Tumbleweed as build dependency, for the rest ibmtss
    as runtime dependency (needed for for reading PCR in ima_boot_aggregate cmd;
    better to use libtss2-esys and libtss2-rc than require tsspcrread binary in
    runtime, but tpm2-0-tss-devel is available only for Tumbleweed) + the same
    logic as runtime dependency for devel package
  - Mark COPYING as %license
* Tue Jul 30 2019 [email protected]
  - Update to version 1.2.1 (included changes of unreleased v1.2)
    version 1.2 new features:
    * Generate EVM signatures based on the specified hash algorithm
    * include "security.apparmor" in EVM signature
    * Add support for writing & verifying "user.xxxx" xattrs for testing
    * Support Strebog/Gost hash functions
    * Add OpenSSL engine support
    * Use of EVP_PKEY OpenSSL API to generate/verify v2 signatures
    * Support verifying multiple signatures at once
    * Support new template "buf" field and warn about other unknown fields
    * Improve OpenSSL error reporting
    * Support reading TPM 2.0 PCRs using tsspcrread
    Bug fixes and code cleanup:
    * Update manpage stylesheet detection
    * Fix xattr.h include file
    * On error when reading TPM PCRs, don't log gargabe
    * Properly return keyid string to calc_keyid_v1/v2 callers, caused by
    limiting keyid output to verbose mode
    * Fix hash buffer overflow caused by EVM support for larger hashes,
    defined MAX_DIGEST_SIZE and MAX_SIGNATURE_SIZE, and added "asserts".
    * Linked with libcrypto instead of OpenSSL
    * Updated Autotools, replacing INCLUDES with AM_CPPFLAGS
    * Include new "hash-info.gen" in tar
    * Log the hash algorithm, not just the hash value
    * Fixed memory leaks in: EV_MD_CTX, init_public_keys
    * Fixed other warnings/bugs discovered by clang, coverity
    * Remove indirect calls in verify_hash() to improve code readability
    * Don't fallback to using sha1
    * Namespace some too generic object names
    * Make functions/arrays static if possible
  - Upstream bumped soname to 1.0.0 in v1.2
  - Drop ima-evm-utils-xattr.patch and ima-evm-utils-fix-docbook-xsl-directory.patch (included in v1.2)
* Wed Sep 12 2018 [email protected]
  - ima-evm-utils-xattr.patch: xattr.h is now libattr.h
* Fri Mar 16 2018 [email protected]
  - Update to version 1.1
    * Support the new openssl 1.1 api
    * Support for validating multiple pcrs
    * Verify the measurement list signature based on the list digest
    * Verify the "ima-sig" measurement list using multiple keys
    * Fixed parsing the measurement template data field length
    * Portable & immutable EVM signatures (new format)
    * Multiple fixes that have been lingering in the next branch. Some
      are for experimental features that are not yet supported in the
      kernel.
  - Drop ima-evm-utils-openssl1.patch (not needed any more as IMA got
    backward compatible support for openssl 1.1).
* Tue Nov 21 2017 [email protected]
  - Small spec file cleanup with spec-cleaner
* Wed Nov 08 2017 [email protected]
  - ima-evm-utils-openssl1.patch: allow building against openssl 1.1 (bsc#1066947)
* Mon Oct 23 2017 [email protected]
  - added openssl-devel dependency to ima-evm-utils-devel. otherwise the ima
    header can't be included if the openssl headers are missing
* Sat Oct 14 2017 [email protected]
  - No need to remove .a files which don't exist.
  - Drop extraneous ldconfig call on preun.
  - Update RPM groups and descriptions.
* Fri Oct 13 2017 [email protected]
  - ima-evm-utils-fix-docbook-xsl-directory.patch: adjusted to refer to the
    "current" version of stylesheet to make the build work again
  - adjusted spec file to apply stylesheet patch to SLE12 as well
* Mon May 08 2017 [email protected]
  - Add ima-evm-utils to SLES. (FATE#321603)
* Tue Jan 19 2016 [email protected]
  - ima-evm-utils-fix-docbook-xsl-directory.patch:
    fixed the nwalsh docbook directory again
* Wed Dec 02 2015 [email protected]
  - Update to version 1.0
    * Recursive hashing
    * Immutable EVM signatures (experimental)
    * Command 'ima_clear' to remove xattrs
    * Support for passing password to the library
    * Support for asking password safely from the user
* Wed Jan 21 2015 [email protected]
  - Update to version 0.9
    * Updated README
    * man page generated and added to the package
    * Use additional SMACK xattrs for EVM signature generation
    * Signing functions moved to libimaevm for external use (RPM)
    * Fixed setting of correct hash header
  - Add additional requirements; asciidoc, docbook-xsl-stylesheets,
    libattr-devel and libxslt-tools
  - Remove COPYING from sources; upstream provides one now
  - Remove automake.patch; "test" directory isn't provided by upstream
    anymore
  - Remove ima-evm-utils-xattr.patch; libimaevm0 does link against
    libattr now
  - Split package in three subpackage
    * libimaevm0: contains shared library
    * -devel: contains header and examples files
    * evmctl: the kernel signing tool
  - Add ima-evm-utils-fix-docbook-xsl-directory.patch; fix path
    where Make is looking for docbook.xsl

Files

/usr/bin/evmctl
/usr/share/man/man1/evmctl.1.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 17:57:49 2024