-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathNEWS
170 lines (117 loc) · 7.19 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
NEWS for stprov v0.4.2
Bug fixes:
* Without -h and -H, use default hostname, e.g.,
"localhost.local", without prepending an extra dot.
New features:
* For network autoselect (-A), prefer the fastest network interface.
* Log the IP addresses used for the OS package HEAD request.
* Populate the new host config description field with stprov version
and timestamp, e.g.,
"stprov version v0.4.0-13-g50ea7c2; timestamp 2025-01-30T13:49:01Z"
This is the successor of the timestamp field, that was removed
in v0.3.5.
Incompatible changes:
* This version requires go version 1.22 or later when building.
This release implements the specifications at
https://git.glasklar.is/system-transparency/project/docs/-/tree/v0.4.1/content/docs/reference
This release has been tested to work with:
* stboot's provision mode, release tag v0.5.2:
https://git.glasklar.is/system-transparency/core/stboot/-/tree/v0.5.2
* ISO building using stmgr, pre-release tag v0.5.0:
https://git.glasklar.is/system-transparency/core/stmgr/-/tree/v0.5.0
NEWS for stprov v0.3.9
This release fixes two bugs during stprov's network setup.
Bug fixes
* Skip network interfaces without MAC addresses during autoselect.
* Ensure the selected network interface is in state UP before doing a
one-off HTTP HEAD request on the OS package URL. This fixes a bug where
stprov sometimes fails to santity-check the OS package URL, in particular
when there's no DNS resolution which masks temporary errors with retries.
This release implements the following specifications:
* The system documentation in this repository (docs/stprov-system.md)
* https://git.glasklar.is/system-transparency/project/docs/-/blob/v0.3.0/content/docs/reference/efi-variables.md
* https://git.glasklar.is/system-transparency/project/docs/-/blob/v0.3.0/content/docs/reference/host_configuration.md
* https://git.glasklar.is/system-transparency/project/docs/-/blob/v0.3.0/content/docs/reference/trust_policy.md
This release has been tested to work with:
* stboot's provision mode, release tag v0.4.2:
https://git.glasklar.is/system-transparency/core/stboot/-/tree/v0.4.2
* ISO building using stmgr, pre-release tag v0.4.0:
https://git.glasklar.is/system-transparency/core/stmgr/-/tree/v0.4.0
NEWS for stprov v0.3.5
This release mainly improves documentation, test coverage, and fixes bugs.
There are a few minor features added relating to the stprov command-line UI,
and a little bit of clean-up as summarized in the miscellaneous section.
Incompatible changes
* The -b option no longer accepts interface names that contain comma.
Security fixes:
* The -a option in stprov remote-run accepts addresses in CIDR notation,
but falls back on /32 if an address omits the subnet mask. The same
subnet mask was used for IPv6, resulting in a much larger subnet. This
issue has been fixed, such that the default IPv6 subnet-mask is /128.
Bug fixes
* Produce host configurations that are compatible with stboot (stprov and
stboot diverged on how to handle empty values, which has now been fixed).
* Correctly set the host configuration fields "bonding_mode" and
"bond_name". The bonded interface name is always set to "bond0".
* Add a Makefile option for setting custom OS-package URLs. The
built-in default used to be hardcoded without a good way of changing it.
* Read TLS roots from a location that is consistent with stboot. The
consulted location is "/etc/trust_policy/tls_roots.pem".
* Several nits and confusions in the stprov usage message were fixed.
New features:
* Options with multiple values can be specified as a comma-separated
list (-e val,val) and/or by repeating the option (-e val -e val). This
makes the UX consistent for the -a, -b, and other multi-value options.
* The -r option can accept multiple OS-package URLs.
* The -d option can accept multiple DNS servers. The built-in default
has as a result also been updated to include Quad9's secondary server.
New documentation:
* System documentation has been added, see docs/stprov-system.md.
* Usage manual has been added, see docs/stprov-manual.md.
Miscellaneous:
* The OS package URL (-r) and user/password (-u/-p) options are no longer
mutually exclusive. The user and password options are instead silently
ignored for OS package URLs without the "user:password" pattern.
* The host configuration fields "authentication" and "identity" were
removed. So, the dummy "foo" and "bar" values are no longer written.
Note that stprov never supported any real use of the removed fields.
* The host configuration field "timestamp" was removed. In other words,
the platform's host configuration no longer indicates a provisioning date.
* Failing HEAD requests on OS package URLs are treated as errors rather
than warnings. This behavior can be overridden with the force flag (-f).
* Major improvements to the QEMU test coverage, see integration/qemu.sh.
This release implements the following specifications:
* The system documentation in this repository (docs/stprov-system.md)
* https://git.glasklar.is/system-transparency/project/docs/-/blob/v0.2.0/content/docs/reference/efi-variables.md
* https://git.glasklar.is/system-transparency/project/docs/-/blob/v0.2.0/content/docs/reference/host_configuration.md
* https://git.glasklar.is/system-transparency/project/docs/-/blob/v0.2.0/content/docs/reference/trust_policy.md
This release has been tested to work with:
* stboot's provision mode, release tag v0.3.6:
https://git.glasklar.is/system-transparency/core/stboot/-/tree/v0.3.6
* ISO building using stmgr, pre-release tag v0.3.2:
https://git.glasklar.is/system-transparency/core/stmgr/-/tree/v0.3.2
NEWS for stprov v0.2.1
Other than improved documentation and testing, this release brings a few
user-experience improvements such as santity-checking OS package URLs.
New features:
* Make a HEAD request on the specified OS package URL to see if it works
Enhancements:
* More intuitive hostname default value (no longer a domain name)
* Add qemu-based integration test
* Run tests and commitlint in CI for every commit
* Add documentation, including MAINTAINERS, README, RELEASES, and NEWS
* Minor internal refactoring
Bug fixes:
* Fix default bonding mode name
* Fix broken and racy unit tests
* Fix license copyright and list of authors
Breaking changes:
* None
This release has been tested to work with:
* stboot in provison mode (trust policy fetch-method set to "network")
https://git.glasklar.is/system-transparency/core/stboot/, tag v0.2.1
Use the following reference specifications to be interoperable with stprov:
* EFI-NVRAM host configuration
https://git.glasklar.is/system-transparency/project/docs/-/blob/main/content/docs/reference/host_configuration.md,
commit-id 3f46dd067931b9023984052cc5b98ff6d0ed0a28
We list additional reference specifications here as they become available.