From b074d86f1c41bdd47fd984c78208b2345fa0e611 Mon Sep 17 00:00:00 2001 From: Sergio Correia Date: Tue, 27 May 2025 09:35:19 +0000 Subject: [PATCH] Revert changes to default server_key_password for verifier/registrar Resolves: RHEL-93678 Signed-off-by: Sergio Correia --- ...erver_key_password-for-verifier-regi.patch | 66 +++++++++++++++++++ keylime.spec | 12 +++- 2 files changed, 75 insertions(+), 3 deletions(-) create mode 100644 0006-Revert-default-server_key_password-for-verifier-regi.patch diff --git a/0006-Revert-default-server_key_password-for-verifier-regi.patch b/0006-Revert-default-server_key_password-for-verifier-regi.patch new file mode 100644 index 0000000..48d8420 --- /dev/null +++ b/0006-Revert-default-server_key_password-for-verifier-regi.patch @@ -0,0 +1,66 @@ +From 733db4036f2142152795fc51b761f05e39594b08 Mon Sep 17 00:00:00 2001 +From: Sergio Correia +Date: Tue, 27 May 2025 09:31:54 +0000 +Subject: [PATCH 6/6] Revert "default" server_key_password for + verifier/registrar + +Signed-off-by: Sergio Correia +--- + templates/2.0/mapping.json | 4 ++-- + templates/2.1/mapping.json | 6 +++--- + 2 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/templates/2.0/mapping.json b/templates/2.0/mapping.json +index 80dcdde..8fce124 100644 +--- a/templates/2.0/mapping.json ++++ b/templates/2.0/mapping.json +@@ -232,7 +232,7 @@ + "server_key_password": { + "section": "cloud_verifier", + "option": "private_key_pw", +- "default": "" ++ "default": "default" + }, + "enable_agent_mtls": { + "section": "cloud_verifier", +@@ -563,7 +563,7 @@ + "server_key_password": { + "section": "registrar", + "option": "private_key_pw", +- "default": "" ++ "default": "default" + }, + "server_cert": { + "section": "registrar", +diff --git a/templates/2.1/mapping.json b/templates/2.1/mapping.json +index 956a53a..88e3fb6 100644 +--- a/templates/2.1/mapping.json ++++ b/templates/2.1/mapping.json +@@ -262,7 +262,7 @@ + "server_key_password": { + "section": "verifier", + "option": "server_key_password", +- "default": "" ++ "default": "default" + }, + "enable_agent_mtls": { + "section": "verifier", +@@ -593,7 +593,7 @@ + "server_key_password": { + "section": "registrar", + "option": "server_key_password", +- "default": "" ++ "default": "default" + }, + "server_cert": { + "section": "registrar", +@@ -835,4 +835,4 @@ + "handler_consoleHandler": "logging", + "logger_keylime": "logging" + } +-} +\ No newline at end of file ++} +-- +2.47.1 + diff --git a/keylime.spec b/keylime.spec index caa003f..70f2947 100644 --- a/keylime.spec +++ b/keylime.spec @@ -9,7 +9,7 @@ Name: keylime Version: 7.12.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Open source TPM software for Bootstrapping and Maintaining Trust URL: https://github.com/keylime/keylime @@ -21,9 +21,11 @@ Patch: 0001-Make-keylime-compatible-with-python-3.9.patch Patch: 0002-tests-fix-rpm-repo-tests-from-create-runtime-policy.patch Patch: 0003-tests-skip-measured-boot-related-tests-for-s390x-and.patch Patch: 0004-templates-duplicate-str_to_version-in-the-adjust-scr.patch -# RHEL-9 ships a slightly modified version of create_allowlist.sh. -# DO NOT REMOVE THE FOLLOWING PATCH IN FOLLOWING RHEL-9.x REBASES. +# RHEL-9 ships a slightly modified version of create_allowlist.sh and +# also a "default" server_key_password for the registrar and verifier. +# DO NOT REMOVE THE FOLLOWING TWO PATCHES IN FOLLOWING RHEL-9.x REBASES. Patch: 0005-Restore-RHEL-9-version-of-create_allowlist.sh.patch +Patch: 0006-Revert-default-server_key_password-for-verifier-regi.patch License: ASL 2.0 and MIT @@ -417,6 +419,10 @@ fi %license LICENSE %changelog +* Tue May 27 2025 Sergio Correia - 7.12.1-2 +- Revert changes to default server_key_password for verifier/registrar + Resolves: RHEL-93678 + * Thu May 22 2025 Sergio Correia - 7.12.1-1 - Update to 7.12.1 Resolves: RHEL-78418