-
Notifications
You must be signed in to change notification settings - Fork 2
/
NEWS
123 lines (82 loc) · 4.67 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
NEWS for stmgr v0.4.1
This release adds support for using relative OS package URLs.
New features and improvements:
* The stmgr ospkg subcommand now supports using a relative URL for
the OS package archive to download (os_pkg_url). Refer to the OS
package documentation for further details on this feature.
https://git.glasklar.is/system-transparency/project/docs/-/blob/v0.3.0/content/docs/reference/os_package.md#os_pkg_url
Compatibility:
* This release implements the specifications at
https://git.glasklar.is/system-transparency/project/docs/-/tree/v0.3.0/content/docs/reference
* Artifacts generated by this release of stmgr are tested with
stboot pre-release version v0.4.0, and are expected to work with
the final stboot release version as well.
* As long as only absolute URLs are specified for the os_pkg_url,
artifacts generated by this release of stmgr are fully compatible
with stboot-v0.3.6.
NEWS for stmgr v0.3.3
This release is an update to match the stboot-0.3.6 release. The
main new features relate to signing: UKI executables can now be
signed for Secure Boot. Signatures on OS packages and certificates
can now use private keys accessed via the ssh-agent protocol,
enabling use of keys residing on a more secure hardware device.
Incompatible changes:
* Generation of UKI files no longer defaults to using
/usr/lib/systemd/boot/efi/linuxx64.efi.stub. It now defaults to
a stub file embedded at stmgr compile time. (See uki/stub/README
for which version is embedded).
* The out-of-date "stmgr provision" subcommand has been deleted.
New features and improvements:
* Signing OS packages (stmgr ospkg sign) can now use ssh-agent to
access the private signing key, see docs/manual.md.
* Creating certificates (stmgr keygen certificate) used to always
create a new keypair as part of the process. That key generation
is now optional. More precisely, a root certificate can be
created for a private key specified with the -rootKey option,
including support for ssh-agent to access the private key. A
leaf certificate can be created with the new -leafKey option
specifying the public key to be certified.
* Host config validation (stmgr hostconfig check) has been updated
to match recent changes in stboot, including backwards
compatibility. Submission of additional host config files to
check in stmgr regression tests are welcome.
* The command "stmgr uki create" can now optionally sign the
generated UKI for Secure Boot; new flags: -signkey, -signcert.
* Improved documentation, new docs/manual.md.
Miscellaneous:
* Improved integration tests.
Compatibility:
* This release implements the specifications at
https://git.glasklar.is/system-transparency/project/docs/-/tree/v0.2.0/content/docs/reference
* Artifacts generated by this release of stmgr are tested with
stboot pre-release version v0.3.5, and are expected to work with
the stboot release v0.3.6.
https://git.glasklar.is/system-transparency/core/stboot/-/tree/v0.3.6
NEWS for stmgr v0.2.2
First advertised release following the common System Transparency
release policy. The previous v0.2.1 release
(https://git.glasklar.is/system-transparency/core/stmgr/-/releases/v0.2.1)
was a random snapshot of the repository with a tag and dump of the
recent commit messages as release info.
Changed since v0.2.1:
New features:
* None
Enhancements:
* Improved log messages
* Clean up temporary files when generating ISO
Bug fixes:
* None
Breaking changes:
* The command line flags '-validFrom' and '-validUntil' for the subcommand
'stmgr keygen certificate' now expect a date formatted as RFC3339 instead of
RFC822.
This release has been tested to work with:
* stboot v0.2.1
https://git.glasklar.is/system-transparency/core/stboot/-/tree/v0.2.1
This release implements the following specifications:
* OS package
https://git.glasklar.is/system-transparency/project/documentation/-/blob/dd4469e99ae35faf5d2ea068066627559e4a71ef/docs.system-transparency.org/content/docs/reference/os_package.md
* Host Configuration
https://git.glasklar.is/system-transparency/project/documentation/-/blob/dd4469e99ae35faf5d2ea068066627559e4a71ef/docs.system-transparency.org/content/docs/reference/host_configuration.md
* Trust Policy
https://git.glasklar.is/system-transparency/project/documentation/-/blob/dd4469e99ae35faf5d2ea068066627559e4a71ef/docs.system-transparency.org/content/docs/reference/trust_policy.md