Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: mokutil | Distribution: SUSE Linux Framework One |
Version: 0.6.0 | Vendor: SUSE LLC <https://www.suse.com/> |
Release: slfo.1.1.4 | Build date: Mon Aug 26 11:13:10 2024 |
Group: Productivity/Security | Build host: h04-armsrv1 |
Size: 110474 | Source RPM: mokutil-0.6.0-slfo.1.1.4.src.rpm |
Packager: https://www.suse.com/ | |
Url: https://github.com/lcp/mokutil | |
Summary: Tools for manipulating machine owner keys |
This program provides the means to enroll and erase the machine owner keys (MOK) stored in the database of shim.
GPL-3.0-only
* Mon Jun 27 2022 jlee@suse.com - Update to 0.6.0 + 6c98907 SBAT revocation update support + 0276891 mokutil: Add trust_mok_keys and untrust_mok_keys + 57bc385 mokutil: enable setting fallback verbosity and noreboot mode + b15e7c4 util: add the missing stdio.h - Drop mokutil-fix-missing-header.patch (upstream) * Thu Jul 15 2021 glin@suse.com - Update to 0.5.0 + mokutil: delete key/hash from the reverse request + efi_x509: fix an error handling in is_immediate_ca() + efi_x509: fix certificates fingerprint calculation + efi_x509: use EVP_Digest()* functions instead of the deprecated SHA1_*() + src/util.c: fix NULL pointer dereference in mok_get_variable + mokutil: Read the SbatLevelRT variable to get the SBAT entries + mokutil: add mok-variables parsing support + mokutil: Add option to print the UEFI SBAT variable content + mokutil: only check for Secure Boot support in options that need it + efi_x509: add the function to fetch SKID + keyring: add the function to check kernel keyring + mokutil: initialize data for efi_get_variable() + mokutil: correct the data for efi_set_variable() in set_password() + mokutil: improve the readability of issue_mok_request() + mokutil: drop the checks for PK and KEK + mokutil: check the blocklists before enrolling a key + mokutil: adjust the command bits + mokutil: remove "--simple-hash" + make CA check non-fatal + mokutil: close file in the error path + mokutil: do the CA check + efi_x509: add the function to check immediate CA + efi_x509: use d2i_X509() to create X509 handling + mokutil: rename hash_file as pw_hash_file + password-crypt: update the function names + password-crypt: fix the types of several functions + mokutil: fix the error message in sb_state() + mokutil: move x509 functions to efi_x509.c + mokutil: move the hash functions to efi_hash.c + util: add functions for db_var_name and db_friendly_name + Remove the SHA1 code from identify_hash_type() + Map the UEFI variable names with a function + Fix -Wcast-align warnings + Fix 32 bit build + Add --timeout to manpage and other corrections. + mokutil.c: fix typo enrollement -> enrollment + Avoid taking pointer to packed struct + Fix name of --enable-validation in the description + Remove shebang from bash-completion/mokutil - Add mokutil-fix-missing-header.patch to fix the compilation error due to the missing header - Refresh mokutil-remove-libkeyutils-check.patch and only apply it to openSUSE Leap 15.* - Drop upstreamed patches: + mokutil-remove-shebang-from-bash-completion-file.patch + mokutil-bsc1173115-add-ca-and-keyring-checks.patch - Drop mokutil-support-revoke-builtin-cert.patch since we don't use the builtin cert prompt patch in shim anymore. * Tue May 04 2021 dmueller@suse.com - spec file cleanup * Wed Sep 16 2020 glin@suse.com - Add mokutil-bsc1173115-add-ca-and-keyring-checks.patch to add options for CA and kernel keyring checks (bsc#1173115) + Add new BuildRequires: keyutils-devel + Add mokutil-remove-libkeyutils-check.patch to disable the version check of libkeyutils - Refresh mokutil-support-revoke-builtin-cert.patch * Fri Aug 14 2020 glin@suse.com - Update mokutil-support-revoke-builtin-cert.patch + Add "--revoke-cert" to the man page * Fri Dec 13 2019 normand@linux.vnet.ibm.com - Add build for ppc64/ppc64le * Tue May 28 2019 glin@suse.com - Update to 0.4.0 + Rename export_moks as export_db_keys + Add support for exporting other keys + add new --mok argument + set list-enrolled command as default for some arguments + Add more info to --sb-state: show when we're in SetupMode or with shim validation disabled + Correct help: --set-timeout is really --timeout + generate_hash() / generate_pw_hash(): don't use strlen() for strncpy bounds + Add the type casting to silence the warning + Add a way for mokutil to configure a timeout for MokManager's prompt + list_keys_in_var(): check errno correctly, not ret twice + Fix typo in error message when the system lacks Secure Boot support + Add bash completion file + mokutil: be explicit about file modes in all cases + Make all efi_guid_t const + Don't allow sha1 on the mokutil command line + Build with -fshort-wchar so toggle passwords work right + Fix the 32bit signedness comparison + Fix the potential buffer overflow - Add mokutil-remove-shebang-from-bash-completion-file.patch to remove shebang from bash-completion/mokutil - Drop upstreamed patches + mokutil-constify-efi-guid.patch + mokutil-fix-overflow.patch + mokutil-fshort-wchar.patch + mokutil-set-efi-variable-file-mode.patch - Refresh mokutil-support-revoke-builtin-cert.patch - Install bash-completion/mokutil * Thu Mar 21 2019 glin@suse.com - Add modhash to calculate the hash of kernel module (SLE-5661) + Also add openssl to Requires since the script needs it * Fri Nov 23 2018 glin@suse.com - Enable AArch64 build (bsc#1119769, fate#326541) * Tue Mar 27 2018 kukuk@suse.de - Use %license instead of %doc [bsc#1082318] * Wed Jul 13 2016 glin@suse.com - Patches for efivar 0.24 + Add mokutil-set-efi-variable-file-mode.patch to set the file mode explicitly. + Add mokutil-constify-efi-guid.patch to make all efi_guild_t variables const. + Refresh mokutil-support-revoke-builtin-cert.patch for the change of efi_set_variable() * Tue Jun 30 2015 glin@suse.com - Add mokutil-fshort-wchar.patch to make sure the UEFI strings are UCS-2 encoding. * Tue Nov 04 2014 glin@suse.com - Update to 0.3.0 - Add mokutil-fix-overflow.patch to fix the buffer overflow - Drop upstreamed patches + mokutil-upstream-fixes.patch + mokutil-mokx-support.patch + mokutil-check-corrupted-key-list.patch + mokutil-check-secure-boot-support.patch + mokutil-clean-request.patch + mokutil-fix-hash-file-read.patch + mokutil-fix-hash-list-size.patch + mokutil-more-details-for-skipped-keys.patch + mokutil-no-invalid-x509.patch - Refresh mokutil-support-revoke-builtin-cert.patch * Wed Apr 16 2014 glin@suse.com - Add mokutil-fix-hash-file-read.patch to fix the error handling of reading a hash file * Thu Apr 10 2014 glin@suse.com - Add mokutil-check-corrupted-key-list.patch to check whether the key list is corrupted or not - Add mokutil-no-invalid-x509.patch to avoid importing an invalid x509 certificate * Mon Mar 24 2014 glin@suse.com - Add mokutil-more-details-for-skipped-keys.patch to show the reason to skip the key - Add mokutil-check-secure-boot-support.patch to check whether the system supports Secure Boot or not * Fri Feb 21 2014 glin@suse.com - Add mokutil-support-revoke-builtin-cert.patch to add an option to revoke the built-in certificate in shim * Wed Feb 12 2014 glin@suse.com - Add mokutil-fix-hash-list-size.patch to update the list size after merging or deleting a hash - Add mokutil-clean-request.patch to clean the request if all keys are removed * Wed Jan 22 2014 glin@suse.com - Update mokutil-mokx-support.patch to fix the test-key request check * Thu Dec 05 2013 glin@suse.com - Add mokutil-upstream-fixes.patch to include upstream fixes for db signature check, gcc warnings, and error handling - Add mokutil-mokx-support.patch to support the MOK blacklist (FATE#316531) * Thu Jul 25 2013 glin@suse.com - Update to 0.2.0 + Generate the password hash with crypt() by default instead of the original sha256 password hash + Add an option to import the root password hash + Amend error messages, help, and man page - Drop upstreamed patches + mokutil-lcrypt-ldflag.patch + mokutil-probe-secure-boot-state.patch + mokutil-allow-password-from-pipe.patch + mokutil-bnc809703-check-pending-request.patch + mokutil-support-delete-keys.patch + mokutil-support-crypt-hash-methods.patch + mokutil-update-man-page.patch + mokutil-bnc809215-improve-wording.patch + mokutil-support-new-pw-hash.patch + mokutil-no-duplicate-keys-imported.patch * Tue Apr 02 2013 glin@suse.com - Add mokutil-bnc809215-improve-wording.patch to make the messages understandable (bnc#809215) - Add mokutil-bnc809703-check-pending-request.patch to remove the key from the pending request if necessary (bnc#809703) * Wed Jan 30 2013 glin@suse.com - Merge patches for FATE#314506 + Add mokutil-support-crypt-hash-methods.patch to support the password hashes from /etc/shadow + Add mokutil-update-man-page.patch to update man page for the new added options - Add mokutil-lcrypt-ldflag.patch to correct LDFLAGS * Fri Jan 18 2013 glin@suse.com - Update mokutil-support-new-pw-hash.patch to extend the password hash format * Wed Jan 16 2013 glin@suse.com - Merge patches for FATE#314506 + Add mokutil-support-delete-keys.patch to delete specific keys + Add mokutil-support-new-pw-hash.patch to support the new password format + Add mokutil-allow-password-from-pipe.patch to allow the password to be generated in a script and be sent through pipeline - Install COPYING * Tue Dec 11 2012 glin@suse.com - Add mokutil-probe-secure-boot-state.patch to probe the state of secure boot - Add mokutil-no-duplicate-keys-imported.patch to avoid importing duplicate keys * Wed Nov 07 2012 glin@suse.com - Add new package mokutil-0.1.0 (FATE#314510)
/usr/bin/modhash /usr/bin/mokutil /usr/share/bash-completion/completions /usr/share/bash-completion/completions/mokutil /usr/share/licenses/mokutil /usr/share/licenses/mokutil/COPYING /usr/share/man/man1/mokutil.1.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Nov 9 00:25:40 2024