baserev update by copy to link target

• Files Changed
• Browse Source

- Update to version v7.10.0:
  * Monthly Release (7.10.0)
  * mba: Add a separate table for measured boot policies. In the next PR, similar to named runtime policies, this table will be used to provide support for named measured boot policies and thier management.
  * user_guide: Add section about 'Key Learning to Verify Files'
  * docs: fix rendering in PCR example
  * docs: update PCR monitoring example
  * templates: Fix typo on default measured boot log location
  * packit: re-enable tests against Rawhide
  * elparser: add different escaping required for tpm2-tools >= 5.6
  * requirements: bump pyasn1-modules to 0.2.5

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Update to version v7.9.0:
  * templates: Add version 2.2, with event log location options
  * Monthly release (7.9.0)
  * update roadmap for 2024
  * Extended the length of `verifier_ip` column to String(255)
  * mba/e/elchecking: add workaround for non spec compliant firmware
  * mba/e/example: ignore EV_CPU_MICROCODE, EV_EFI_HANDOFF_TABLES2 and MokListRT
  * mba/e/example: Allow db entries to be also hashes
  * mba/elchecking: load imports first
  * codestyle: Have pyright ignore ffi.NULL
  * codestyle: Use cast() to set type after splitlines()
  * codestyle: Replace _ with variable name in abstract method (pyright)
  * codestyle: Address some issues detected by pyright
  * codestyle: Remove a 'type: ignore' comment (mypy)
  * detect template changes - docs
  * detect template changes - mappings
  * Tests: Switch code coverage measurement to Fedora 39
  * Correcting paths in userguide documentation
  * docs: fix conf.py
  * Add build os and python version to readthedocs
  * Fix readthedocs config file location
  * docs: add additional reading section
- Update to version v7.8.0:
  * Monthly release (7.8.0)
  * address marcio and stefan comments
  * Add documentation for IAK and IDevID
  * templates/2.1: Fix enable_iak_idevid in agent template
  * support for user mode in run-test.sh
  * docs: fix small typo in threat model
  * ca_impl_openssl: support CRL distribution point from config
  * ca_util: add import functions for private keys
  * Enable test functional/iak-idevid-register-with-certificates
  * Replace mailing list address with Slack channel
  * docs: Add configuration documentation
  * tests: Add tests for exception cases in configuration update
  * tests: Add test for update mapping corner cases
  * convert_config: Add support for update mappings
  * convert_config: Do not require keylime modules
  * convert_config: Make the config upgrade less verbose
  * ima: Report an error if no quote forward-progress was made
  * codestyle: Modify list generator to avoid annotation issue (pyright)
  * codestyle: Remove unnecessary type check ignore statement (mypy)
  * codestyle: Add missing type parameter to generic type 'Pattern' (mypy)
  * Update packit plan with new tests
  * Fix typo in Secure Payloads docs
  * incorrect boolean expression causing ECs to be disallowed
  * codestyle: Create explicit sighandler with type annotation (pyright)
  * cert_utils: Ignore malformed certificate files
  * unit test for cert utils
  * Add certificates and certificate checking for IDevID and IAK keys

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Update to version v7.7.0:
  * Monthly release (7.7.0)
  * tpm_cert_store: add the Nationz TPM EK x509 cert
  * codestyle: Have mypy ignore import of PoolManager
  * codestyle: Suppress pyright errors on methods that do exist
  * codestyle: Annotate some string constances (pyright)
  * types: Fix a deprecation warning from recent cryptography
  * create_policy: Set the generator value to LegacyAllowList
  * verifier: Compare generator against enum rather than magic '1'
  * Fix pylint C0103 (naming) errors in some files
  * crypto: Fix a pyright issue
  * test: Fix a pyright issue

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Update to version v7.6.0:
  * Monthly release (7.6.0)
  * test-requirements: remove types-atomicwrites
  * Fixed an inappropriate test expression to remove a logical short circuit
  * remove prov_db_filename from config
  * Fix for key parse error in tpm2_objects
  * Fix mapping.json path in the comments
  * ima: Emit a warning when a file signature could not be parsed
  * Initial PR to add support for IDevID and IAK
  * Implement automatic agent API version bump
  * tests: avoid fail when epel-release is installed

• Files Changed
• Browse Source

- M2Crypto is not used anymore.
- Clean up SPEC file.

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Update to version v7.5.0 (CVE-2023-38201, bsc#1213314):
  * Monthly release (7.5.0)
  * Fix for CVE-2023-38201 (Security Advisory GHSA-f4r5-q63f-gcww)
  * verifier: should read parameters from verifier.conf only
  * tests: Correctly configure kernel IMA
  * Handle session close using a session manager
  * requirements.txt: update the need sqlalchemy version to 1.3.12 and above.
  * elchecking/example: add ignores for EV_PLATFORM_CONFIG_FLAGS
  * tpm_cert_store: add the Alibaba Cloud vTPM EK x509 cert
  * installer.sh: use the -i parameter to set the default binding and listening IP about the agent, verifier, and registrar server is 127.0.0.1  or 0.0.0.0
  * installer.sh: remove the unused command line params
  * Update container build workflow actions
  * mba: Manage the number of times measure boot attestation is done.
  * codestyle: Fix access to possibly not available package 'rpm' (pyright)
  * templates/2.0/mapping.json: fix the default registrar_port error in the verifier config

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Add BSD-3-Clause license
- Update to version v7.4.0 (CVE-2023-38200, bsc#1213310):
  * Monthly release (7.4.0)
  * codestyle: Fix tsa_rfc3161.py and have it pyright checked
  * installer.sh: support Anolis OS whose ID is anolis
  * tpm_util: Add the BSD license to the file due to functions from TPM 2 code
  * codestyle: Have pyright check keylime/da directory
  * docs: add missing options for verifier, remove vactivate
  * codestyle: Have pyright check mba/elchecking/ except for example.py
  * registrar_common: fix style complain
  * registrar_common: fix missing select and sock
  * Changes to script create_runtime_policy.sh, fixes #1426
  * tenant: non-zero exit code in case of error
  * mba: making MBA policy parser and checker pluggable
  * create_runtime_policy: fix bash typo
  * Extend Registrar SSL socket to be non-blocking
  * Several improvements for the "create_runtime_policy.sh" script
  * tpm_util: Replace a logger.error with an Exception in case of invalid signature
  * tpm_util: Remove useless comparison of always identical hashes
  * tests: Disable Packit CI on Rawhide due to infra issues
  * adding kubectl to tenant docker image
- Drop migrations_use_sa_text_for_raw_SQL.patch, merged upstream

• Files Changed
• Browse Source

- Add BSD-3-Clause license
- Update to version v7.4.0 (CVE-2023-38200):
  * Monthly release (7.4.0)
  * codestyle: Fix tsa_rfc3161.py and have it pyright checked
  * installer.sh: support Anolis OS whose ID is anolis
  * tpm_util: Add the BSD license to the file due to functions from TPM 2 code
  * codestyle: Have pyright check keylime/da directory
  * docs: add missing options for verifier, remove vactivate
  * codestyle: Have pyright check mba/elchecking/ except for example.py
  * registrar_common: fix style complain
  * registrar_common: fix missing select and sock
  * Changes to script create_runtime_policy.sh, fixes #1426
  * tenant: non-zero exit code in case of error
  * mba: making MBA policy parser and checker pluggable
  * create_runtime_policy: fix bash typo
  * Extend Registrar SSL socket to be non-blocking
  * Several improvements for the "create_runtime_policy.sh" script
  * tpm_util: Replace a logger.error with an Exception in case of invalid signature
  * tpm_util: Remove useless comparison of always identical hashes
  * tests: Disable Packit CI on Rawhide due to infra issues
  * adding kubectl to tenant docker image

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Drop migrations_use_sa_text_for_raw_SQL.patch, merged upstream
- Update to version v7.3.0:
  * Monthly release (7.3.0)
  * tenant: log cleanup and output improvements
  * mba: moving the boot event log parsing to the MBA subdirectory
  * Add secure mount sanity test to packit testing
  * templates: Set empty string as default value for tpm_ownerpassword
  * migrations: use sa.text for raw SQL
  * ima: only log the accept list on validation failure
  * ima: remove code used for reading the IMA log from disk
  * tpm: Move functions from tpm_astract.py to tpm_util.py
  * tpm: Move splitting of quote string into reusable function
  * tpm: Change default value of Hash parameter to Hash.SHA256 from None
  * [tests] Enable basic allowlist/excludelist test
  * installer.sh: update TPM2TOOLS_VER to 5.5 and cherry-pick patches to fix the bug of parsing for most newer logs with the tpm2_eventlog command.
  * web_util: Remove check for code being 'None' since it is always an int
  * verifier: Remove possibility for agent to be None and remove error case
  * verifier: Remove conversion of agent to dict
  * verifier: Remove possibility for agent to be None and remove error case
  * verifier: Remove check for agent is None since it cannot be None
- Add migrations_use_sa_text_for_raw_SQL.patch to fix migrations in
  new SQLAlchemy versions

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Update to version v7.2.5:
  * bump version to 7.2.5
  * installer.sh: remove unused codes
  * tpm: Implement BigNum context creation and usage
  * tpm: Implement int2bn and bn2int in our class
  * tpm_util: Add EC key support for makecredential in python
  * tpm: Replace tpm2_makecredential with python implementation
  * tpm_util: Implement makecredential in python
  * tpm2_objects: Return parameters when unmarshalling tpm2b_public
  * The first of several PRs to clean up MBA
  * verifier: Update agent dict values only after checking each value
  * verifier: Remove assignment to variable overwritten immediately after
  * registrar: Reformat initialization of dictionary
  * registrar: Check for error case aik_enc being None first
  * tpm_main: Remove unused run() method
  * tpm_main: Remove unnecessary code for support of tpm2_quote
  * tpm_main: Get rid of hashdigest() method
  * tpm_main: Get rid of start_hash and use get_start_hash() of given Hash
  * algorithms: Make get_START_HASH and get_FF_HASH methods of Hash
  * Use <bytes>.hex() to create hex string
  * Use bytes.fromhex() instead of codecs for parsing of string with hex number
  * Tpm: Rename START_HASH to start_hash
  * Tpm: Remove unused parameters of __run method
  * tpm: Move EXIT_SUCCESS outside class scope
  * tpm: Rename tpm class to Tpm
  * tpm: Access agent_id directory from structure
  * codestyle: Fix issues detected by older pylint 2.13.9
  * tpm: Get rid of AbstractTPM class
  * codestyle: Add missing annotations to test_ima_dm.py to pass pyright
  * pypright: Remove ignored files that do not exist anymore
  * ima: Replace usage of codec to parse hex string with bytes.fromhex()
  * ima: Replace usage of codec with hex() method on bytes
  * ima: Validate proper JSON before trying to convert from string to JSON
  * tenant: fixes a (timing) issue whenever an agent is removed and re-added
  * verifier: Simplify initialization of agent_data dict
  * verifier: Use kwargs to pass ssl_context if it exists
  * verifier: Return an Empty Dict rather than None in case of error
  * verifier: Use get() on dict rather than catching an Exception
  * cloud_verifier: AgentsHandler: Consolidate checking of input parameters
  * registrar: Consolidate __validate_input() in BaseHandler
  * registrar: ProtectedHandler: Refactor __validate_input
  * registrar: UnprotectedHandler: Consolidate checking of input parameters
  * registrar: ProtectedHandler: Consolidate checking of input parameters
  * docs: remove Vagrant setup
  * registrar: Move getting network parameters into own function
  * [tests] Update test coverage task name regexp
  * tenant: report when the keystore fails
  * ca_util: fix captured exception
  * [tests] Simply coverage file URL parsing
  * tpm+ima: Convert tables to hold instances of hashers
  * docs/rest_apis.rst: remove the comma at the end of the JSON string
  * tpm: Activate tpm2_checkquote replacement code
  * tests: Add test case for checkquote and parsing of tpms_attest
  * tpm: Implement tpm2_checkquote in python
  * README.md: fix the invalid URL about IMA stub service.
  * README.md: fix the script name(./services/installer.sh) error
  * installer.sh: support Alibaba Cloud Linux OS whose ID is alinux
  * web_util: handle tls_dir default with cacerts correctly
  * codestyle: Add pyright ignore annoatations due to pyright 1.1.306
  * codestyle: Ignore import of NoResultFound from sqlalchemy 1.3 file
  * CI/CD: Run pyright as part of tox
  * agentstates: Reformat construction of returned dictionary
  * docker: fix tpm2-tools build
  * docker: upate to newer tpm2-tools version
  * docs/installation.rst: add the missing popd command in the manual deployment.
  * tpm: Implement function to extract clock info from TPMS_ATTEST
  * [tests] Reduce duplication in packit-ci test plan
  * Enable Packit CI again on all Fedora releases
  * Redefine the list of maintainers taking into account activity on the last 12 months, proposing a few new names to be added (please feel free to decline)

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source

- Add missing jsonschema dependecy

• Files Changed
• Browse Source