July 2024 - ST-announce - System Transparency mailing lists

stboot-v0.4.3 release
by Rasmus Dahlberg 13 Jul '24

13 Jul '24

The ST team is happy to announce a new release of the stboot bootloader, tag v0.4.3, which succeeds the previous release at tag v0.3.6. The source code for this release is available from the git repository: git clone -b v0.4.3 https://git.glasklar.is/system-transparency/core/stboot.git Authoritative ST release signing keys are published at: https://www.system-transparency.org/keys The tag signature can be verified using the following command: git -c gpg.format=ssh \ -c gpg.ssh.allowedSignersFile=allowed-ST-release-signers \ tag --verify v0.4.3 The expectations and intended use of the stboot bootloader is documented in the repository's RELEASES file. This RELEASES file also contains more information concerning the overall release process, see: https://git.glasklar.is/system-transparency/core/stboot/-/blob/v0.4.3/RELEA… Learn about what's new in a release from the repository's NEWS file. An excerpt from the latest NEWS-file entry is listed below for convenience. If you find any bugs, please report them on the System Transparency discuss list or open an issue on GitLab in the stboot repository: https://lists.system-transparency.org/mailman3/postorius/lists/st-discuss.l… https://git.glasklar.is/system-transparency/core/stboot/-/issues Cheers, The ST team NEWS for stboot v0.4.3 This release of stboot includes bug fixes and new features. The most notable feature is the ability to enter provisioning mode even if a host configuration has already been provisioned on the system. Bug fixes: * When running stboot as the init process, load kernel modules before trying to mount /sys/firmware/efi/efivars. This ensures EFI variables will work when the efivarfs driver is provided as a loadable kernel module (rather than being built into the kernel). For users that use u-root as the init process: be aware that the same issue which has now been fixed in stboot still remains open in u-root, see https://github.com/u-root/u-root/issues/2993. * Properly wait for the selected network interfaces to reach state UP before considering the network to be configured successfully. This ensures stboot will not spend any of its retries due to interfaces that are not up yet. New features and improvements: * If a provisioning OS package is included in the stboot image, it is now possible to enter provisioning mode if the provisioned host configuration is invalid or if the user presses Ctrl-C. See docs/stboot-system.md for details and security implications. * The OS package descriptor now supports "os_pkg_url" to be relative to the descriptor's (absolute) base URI. Refer to the OS package specification for the exact resolution rules. This release has been tested to work with: * Artifacts produced by stmgr v0.4.0 (pre-release version). https://git.glasklar.is/system-transparency/core/stmgr/-/tree/v0.4.0 * Systems provisioned with stprov v0.3.8 (pre-release version) https://git.glasklar.is/system-transparency/core/stprov/-/tree/v0.3.8 This release implements the specifications at https://git.glasklar.is/system-transparency/project/docs/-/tree/v0.3.0/cont…

1 0

stprov-v0.3.9 release
by Rasmus Dahlberg 10 Jul '24

10 Jul '24

The ST team is happy to announce a new release of the stprov software, tag v0.3.9, which succeeds the previous release at tag v0.3.5. The source code for this release is available from the git repository: git clone -b v0.3.9 https://git.glasklar.is/system-transparency/core/stprov.git Authoritative ST release signing keys are published at https://www.system-transparency.org/keys/ and the tag signature can be verified using the command git -c gpg.format=ssh \ -c gpg.ssh.allowedSignersFile=allowed-ST-release-signers \ tag --verify v0.3.9 The expectations and intended use of the stprov software is documented in the repository's RELEASES file. This RELEASES file also contains more information concerning the overall release process, see: https://git.glasklar.is/system-transparency/core/stprov/-/blob/v0.3.9/RELEA… Learn about what's new in a release from the repository's NEWS file. An excerpt from the latest NEWS-file entry is listed below for convenience. If you find any bugs, please report them on the System Transparency discuss list or open an issue on GitLab in the stprov repository: https://lists.system-transparency.org/mailman3/postorius/lists/st-discuss.l… https://git.glasklar.is/system-transparency/core/stprov/-/issues system-transparency-core-stprov-issues(a)incoming.glasklar.is Cheers, The ST team NEWS for stprov v0.3.9 This release fixes two bugs during stprov's network setup. Bug fixes * Skip network interfaces without MAC addresses during autoselect. * Ensure the selected network interface is in state UP before doing a one-off HTTP HEAD request on the OS package URL. This fixes a bug where stprov sometimes fails to santity-check the OS package URL, in particular when there's no DNS resolution which masks temporary errors with retries. This release implements the following specifications: * The system documentation in this repository (docs/stprov-system.md) * https://git.glasklar.is/system-transparency/project/docs/-/blob/v0.3.0/cont… * https://git.glasklar.is/system-transparency/project/docs/-/blob/v0.3.0/cont… * https://git.glasklar.is/system-transparency/project/docs/-/blob/v0.3.0/cont… This release has been tested to work with: * stboot's provision mode, release tag v0.4.2: https://git.glasklar.is/system-transparency/core/stboot/-/tree/v0.4.2 * ISO building using stmgr, pre-release tag v0.4.0: https://git.glasklar.is/system-transparency/core/stmgr/-/tree/v0.4.0

1 0

stmgr-v0.4.1 release
by Rasmus Dahlberg 10 Jul '24

10 Jul '24

The ST team is happy to announce a new release of the stmgr program, tag v0.4.1, which succeeds the previous release at tag v0.3.3. The source code for this release is available from the git repository: git clone -b v0.4.1 https://git.glasklar.is/system-transparency/core/stmgr.git Authoritative ST release signing keys are published at https://www.system-transparency.org/keys, and the tag signature can be verified using the command git -c gpg.format=ssh -c gpg.ssh.allowedSignersFile=allowed-ST-release-signers \ tag --verify v0.4.1 The expectations and intended use of the stmgr program is documented in the repository's RELEASES file. This RELEASES file also contains more information concerning the overall release process, see: https://git.glasklar.is/system-transparency/core/stmgr/-/blob/v0.4.1/RELEAS… Learn about what's new in a release from the repository's NEWS file. An excerpt from the latest NEWS-file entry is listed below for convenience. If you find any bugs, please report them on the System Transparency discuss list or open an issue on GitLab in the stmgr repository: https://lists.system-transparency.org/mailman3/postorius/lists/st-discuss.l… https://git.glasklar.is/system-transparency/core/stmgr/-/issues Cheers, The ST team NEWS for stmgr v0.4.1 This release adds support for using relative OS package URLs. New features and improvements: * The stmgr ospkg subcommand now supports using a relative URL for the OS package archive to download (os_pkg_url). Refer to the OS package documentation for further details on this feature. https://git.glasklar.is/system-transparency/project/docs/-/blob/v0.3.0/cont… Compatibility: * This release implements the specifications at https://git.glasklar.is/system-transparency/project/docs/-/tree/v0.3.0/cont… * Artifacts generated by this release of stmgr are tested with stboot pre-release version v0.4.0, and are expected to work with the final stboot release version as well. * As long as only absolute URLs are specified for the os_pkg_url, artifacts generated by this release of stmgr are fully compatible with stboot-v0.3.6.

1 0

2024

2023

ST-announce July 2024

2024

2023

ST-announce July 2024 ----- 2024 ----- September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 ----- 2023 ----- December 2023 November 2023

ST-announce July 2024