The ST team is happy to announce a new release of the stprov software, tag v0.5.4, which succeeds the previous release at tag v0.4.2. The source code for this release is available from the git repository:
git clone -b v0.5.4 https://git.glasklar.is/system-transparency/core/stprov.git
Authoritative ST release signing keys are published at
https://www.system-transparency.org/keys/
and the tag signature can be verified using the command
git -c gpg.format=ssh \ -c gpg.ssh.allowedSignersFile=allowed-ST-release-signers \ tag --verify v0.5.4
The expectations and intended use of the stprov software is documented in the repository's RELEASES file. This RELEASES file also contains more information concerning the overall release process, see:
https://git.glasklar.is/system-transparency/core/stprov/-/blob/v0.5.4/RELEAS...
Learn about what's new in a release from the repository's NEWS file. An excerpt from the latest NEWS-file entry is listed below for convenience.
If you find any bugs, please report them on the System Transparency discuss list or open an issue on GitLab in the stprov repository:
https://lists.system-transparency.org/mailman3/postorius/lists/st-discuss.li... https://git.glasklar.is/system-transparency/core/stprov/-/issues system-transparency-core-stprov-issues@incoming.glasklar.is
Cheers, The ST team
--- NEWS for stprov v0.5.4
This release most notably helps operators provision Secure Boot keys.
New features:
* Secure Boot policy objects PK, KEK, db, and dbx can be provisioned. See stprov-manual and stprov-system, which also links to a few HOW-TO guides. * It is optional to provide a file with with X.509 certificate roots for HTTPS. If omitted, HEAD requests on HTTPS URLs will definitely fail.
Miscellaneous:
* Add INFO prints that clarify if the stprov commands succeeded or not. * Add INFO prints that clarify what is being provisioned in EFI NVRAM.
Incompatible changes:
* This version requires go version 1.23 or later when building.
This release has been tested to work with:
* stboot's provision mode, pre-release tag v0.6.2. https://git.glasklar.is/system-transparency/core/stboot/-/tree/v0.6.2 * ISO building using stmgr, pre-release tag v0.6.4. https://git.glasklar.is/system-transparency/core/stmgr/-/tree/v0.6.4
This release implements the specifications at:
* https://git.glasklar.is/system-transparency/core/stprov/-/blob/v0.5.4/docs/s... * https://git.glasklar.is/system-transparency/core/stprov/-/blob/v0.5.4/docs/s... * https://git.glasklar.is/system-transparency/project/docs/-/tree/v0.5.2/conte...
st-announce@lists.system-transparency.org
-
Rasmus Dahlberg