ANNOUNCE: stmgr-v0.5.2 - ST-announce

7 Mar 2025


      The ST team is happy to announce a new release of the stmgr program,
tag v0.5.2, which succeeds the previous release at tag v0.4.1.  The
source code for this release is available from the git repository:
git clone -b v0.5.2 https://git.glasklar.is/system-transparency/core/stmgr.git
Authoritative ST release signing keys are published at
https://www.system-transparency.org/keys, and the tag signature can be
verified using the command
git -c gpg.format=ssh -c gpg.ssh.allowedSignersFile=allowed-ST-release-signers \
  tag --verify v0.5.2
The expectations and intended use of the stmgr program is documented
in the repository's RELEASES file.  This RELEASES file also contains
more information concerning the overall release process, see:
https://git.glasklar.is/system-transparency/core/stmgr/-/blob/main/RELEASES....
Learn about what's new in a release from the repository's NEWS file.  An
excerpt from the latest NEWS-file entry is listed below for convenience.
If you find any bugs, please report them on the System Transparency
discuss list or open an issue on GitLab in the stmgr repository:
https://lists.system-transparency.org/mailman3/postorius/lists/st-discuss.li...
  https://git.glasklar.is/system-transparency/core/stmgr/-/issues
Cheers,
The ST team
NEWS for stmgr v0.5.2
New features and improvements:
* stmgr uki: The create subcommand now accepts a comma-separated
      list for the -format option, to produce multiple output files.
      E.g., use -format iso,uki to produce both a .uki file (a UEFI
      executable) and the same file wrapped in a bootable .iso image.
Bug fixes:
* stmgr keygen: The certificate subcommand now assigns issuer and
      subject in generated X.509 certificates. The certificate's
      subject is assigned a CommonName based on the public key hash.
      For CA certs, the issuer is set to the same value, while for
      non-CA certificates, the issuer is set to the subject of the
      parent certificate.
This makes generated certs comply with RFC 5280, and work
      correctly with tools such as openssl verify.
Incompatible changes:
* This version requires go version 1.22 or later when building.
* The default log-level is changed from "error" to "info".
Compatibility:
* This release implements the specifications at
      https://git.glasklar.is/system-transparency/project/docs/-/tree/v0.4.1/conte...
* Artifacts generated by this release of stmgr are tested with
      stboot release version v0.5.2,
      https://git.glasklar.is/system-transparency/core/stboot/-/tree/v0.5.2.