ST-announce March 2025

st-announce@lists.system-transparency.org

1 participants
3 discussions

ANNOUNCE: st-1.2.0
by Niels Möller 14 Mar '25

14 Mar '25

The System Transparency project is happy to announce a new ST collection release, st-1.2.0. See NEWS entries below for a summary of changes. The documentation for this release is available at https://docs.system-transparency.org/st-1.2.0/ A release tar file is published at https://dist.system-transparency.org/st/st-1.2.0.tar.gz https://dist.system-transparency.org/st/st-1.2.0.tar.gz.sig The release keys used for both the release tar file and the corresponding git tags are published at https://www.system-transparency.org/keys This collection release corresponds to the manifest file https://git.glasklar.is/system-transparency/core/system-transparency/-/blob… Project homepage and contact information can be found at https://www.system-transparency.org/ Cheers, The System Transparency team NEWS for st-1.2.0 This is an update to the st-1.1.0 collection release, with a few new features requested by users. It is intended to be backwards compatible with the st-1.0.0 and st-1.1.0 collections except for a new build-time requirement on go-1.22 or later. The code components of st-1.2.0 are stboot v0.5.2, stmgr v0.5.2, and stprov v0.4.2 (also listed, with corresponding commit hashes, in the manifest file). Corresponding documentation is included in the collection, and it is also published at https://docs.system-transparency.org/st-1.2.0/. Bug fixes: * stprov: Don't add any extra dot when using default hostname (neither -h or -H specified on the command line). * stmgr: Properly assign the issuer and subject in generated X.509 certificates. Features: * stboot: Add support for encrypted OS packages. * stprov: For network autoselect (-A), prefer the fastest network interface. * stboot, stprov: Improvements to logging. * stboot, stprov: Display and populate the new (and optional) "description" field in the host configuration. * stmgr: The uki subcommand can now produce both .uki and .iso in the same run. For more details, see the NEWS files and documentation for respective component.

1 0

ANNOUNCE: stmgr-v0.5.2
by Niels Möller 07 Mar '25

07 Mar '25

The ST team is happy to announce a new release of the stmgr program, tag v0.5.2, which succeeds the previous release at tag v0.4.1. The source code for this release is available from the git repository: git clone -b v0.5.2 https://git.glasklar.is/system-transparency/core/stmgr.git Authoritative ST release signing keys are published at https://www.system-transparency.org/keys, and the tag signature can be verified using the command git -c gpg.format=ssh -c gpg.ssh.allowedSignersFile=allowed-ST-release-signers \ tag --verify v0.5.2 The expectations and intended use of the stmgr program is documented in the repository's RELEASES file. This RELEASES file also contains more information concerning the overall release process, see: https://git.glasklar.is/system-transparency/core/stmgr/-/blob/main/RELEASES… Learn about what's new in a release from the repository's NEWS file. An excerpt from the latest NEWS-file entry is listed below for convenience. If you find any bugs, please report them on the System Transparency discuss list or open an issue on GitLab in the stmgr repository: https://lists.system-transparency.org/mailman3/postorius/lists/st-discuss.l… https://git.glasklar.is/system-transparency/core/stmgr/-/issues Cheers, The ST team NEWS for stmgr v0.5.2 New features and improvements: * stmgr uki: The create subcommand now accepts a comma-separated list for the -format option, to produce multiple output files. E.g., use -format iso,uki to produce both a .uki file (a UEFI executable) and the same file wrapped in a bootable .iso image. Bug fixes: * stmgr keygen: The certificate subcommand now assigns issuer and subject in generated X.509 certificates. The certificate's subject is assigned a CommonName based on the public key hash. For CA certs, the issuer is set to the same value, while for non-CA certificates, the issuer is set to the subject of the parent certificate. This makes generated certs comply with RFC 5280, and work correctly with tools such as openssl verify. Incompatible changes: * This version requires go version 1.22 or later when building. * The default log-level is changed from "error" to "info". Compatibility: * This release implements the specifications at https://git.glasklar.is/system-transparency/project/docs/-/tree/v0.4.1/cont… * Artifacts generated by this release of stmgr are tested with stboot release version v0.5.2, https://git.glasklar.is/system-transparency/core/stboot/-/tree/v0.5.2.

1 0

ANNOUNCE: stprov v0.4.2
by Niels Möller 07 Mar '25

07 Mar '25

The ST team is happy to announce a new release of the stprov software, tag v0.4.2, which succeeds the previous release at tag v0.3.9. The source code for this release is available from the git repository: git clone -b v0.4.2 https://git.glasklar.is/system-transparency/core/stprov.git Authoritative ST release signing keys are published at https://www.system-transparency.org/keys/ and the tag signature can be verified using the command git -c gpg.format=ssh \ -c gpg.ssh.allowedSignersFile=allowed-ST-release-signers \ tag --verify v0.4.2 The expectations and intended use of the stprov software is documented in the repository's RELEASES file. This RELEASES file also contains more information concerning the overall release process, see: https://git.glasklar.is/system-transparency/core/stprov/-/blob/v0.4.2/RELEA… Learn about what's new in a release from the repository's NEWS file. An excerpt from the latest NEWS-file entry is listed below for convenience. If you find any bugs, please report them on the System Transparency discuss list or open an issue on GitLab in the stprov repository: https://lists.system-transparency.org/mailman3/postorius/lists/st-discuss.l… https://git.glasklar.is/system-transparency/core/stprov/-/issues system-transparency-core-stprov-issues(a)incoming.glasklar.is Cheers, The ST team NEWS for stprov v0.4.2 Bug fixes: * Without -h and -H, use default hostname, e.g., "localhost.local", without prepending an extra dot. New features: * For network autoselect (-A), prefer the fastest network interface. * Log the IP addresses used for the OS package HEAD request. * Populate the new host config description field with stprov version and timestamp, e.g., "stprov version v0.4.0-13-g50ea7c2; timestamp 2025-01-30T13:49:01Z" This is the successor of the timestamp field, that was removed in v0.3.5. Incompatible changes: * This version requires go version 1.22 or later when building. This release implements the specifications at https://git.glasklar.is/system-transparency/project/docs/-/tree/v0.4.1/cont… This release has been tested to work with: * stboot's provision mode, release tag v0.5.2: https://git.glasklar.is/system-transparency/core/stboot/-/tree/v0.5.2 * ISO building using stmgr, pre-release tag v0.5.0: https://git.glasklar.is/system-transparency/core/stmgr/-/tree/v0.5.0

1 0

2025

2024

2023

ST-announce March 2025