Open source TPM software for Bootstrapping and Maintaining Trust
eca2d398c1
The included patches implement graceful shutdown for both pull and push models, cancelling pending operations, and waiting for critical in-flight operations to finish before shutting down. Backport the following upstream PRs: - https://github.com/keylime/keylime/pull/1809 - Document supported configuration options - Sync missing and removed options from configuration templates - https://github.com/keylime/keylime/pull/1868 - Remove 'enable_authentication' from agent config templates - https://github.com/keylime/keylime/pull/1855 - Add push-model documentation - https://github.com/keylime/keylime/pull/1869 - Add verifier graceful shutdown - https://github.com/keylime/keylime/pull/1883 - Ignore SIGTERM and SIGINT signals on Manager and parent processes - https://github.com/keylime/keylime/pull/1886 - Move socket from /tmp to /var/run/keylime Also, update the keylime-selinux to the latest release (43.2.1) to include the following changes: - https://github.com/RedHat-SP-Security/keylime-selinux/pull/33 - Allow Keylime to perform socket operation on /var/run/keylime - https://github.com/RedHat-SP-Security/keylime-selinux/pull/34 - Allow Keylime to read /proc/net to populate certificates Subject Alternative Names (SAN) Documentation updates and configuration template updates were included to allow the graceful shutdown patch to apply cleanly. This also modifies the test runner to use pytest, adding python3-pytest to the BuildRequires. This was necessary to make the fixtures created in conftest.py to be used, which is not available when running with unittest. Resolves: RHEL-151493 Resolves: RHEL-151408 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> |
||
|---|---|---|
| .fmf | ||
| .gitignore | ||
| 0001-Fix-timestamp-conversion-to-use-UTC-timezone.patch | ||
| 0002-Fix-efivar-availability-check-in-test_create_mb_poli.patch | ||
| 0003-Close-DB-sessions-to-prevent-connection-exhaustion.patch | ||
| 0004-Include-thread-safe-session-management.patch | ||
| 0005-Address-some-improvements-from-code-review.patch | ||
| 0006-Fix-race-condition-on-in-SessionManager.patch | ||
| 0007-Fix-linter-errors-in-PersistableModel.get-and-.all.patch | ||
| 0008-refactor-Remove-dead-code-AuthSession.authenticate_a.patch | ||
| 0009-db-Clean-up-scoped-session-after-each-request.patch | ||
| 0010-fix-Check-active-flag-in-_extract_identity-and-guard.patch | ||
| 0011-fix-Add-fork-safety-to-DBManager-via-dispose.patch | ||
| 0012-fix-mem-leak-remove-unbounded-functools.cache-from-l.patch | ||
| 0013-fix-verifier-race-condition-on-agent-delete.patch | ||
| 0014-push-attestation-documentation.patch | ||
| 0015-remove-enable-authentication-config-option.patch | ||
| 0016-docs-push-attestation-config-tables.patch | ||
| 0017-verifier-graceful-shutdown.patch | ||
| 0018-ignore-sigterm-sigint-manager-parent-processes.patch | ||
| 0019-move-socket-var-run.patch | ||
| changelog | ||
| ci_tests.fmf | ||
| gating.yaml | ||
| keylime-fix-db-connection-leaks.patch | ||
| keylime.spec | ||
| keylime.sysusers | ||
| keylime.tmpfiles | ||
| README.md | ||
| sources | ||
keylime
The keylime package