Debian Package Tracker
Register | Log in
Subscribe

fsverity-utils

Choose email to subscribe with

general
  • source: fsverity-utils (main)
  • version: 1.4-1~exp1
  • maintainer: Romain Perier (DMD) (DM)
  • std-ver: 4.5.1
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • stable: 1.3-1
  • testing: 1.4-1~exp1
  • unstable: 1.4-1~exp1
versioned links
  • 1.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.4-1~exp1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • fsverity
  • libfsverity-dev
  • libfsverity0
action needed
A new upstream version is available: 1.5 high
A new upstream version 1.5 is available, you should consider packaging it.
Created: 2022-02-07 Last update: 2022-05-28 02:36
1 bug tagged patch in the BTS normal
The BTS contains patches fixing 1 bug, consider including or untagging them.
Created: 2021-11-25 Last update: 2022-05-28 07:01
version in VCS is newer than in repository, is it time to upload? normal
vcswatch reports that this package seems to have a new changelog entry (version 1.5-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:
commit fdd46d08c4056b96bb31cb39ede6536758b3e350
Author: Romain Perier <romain.perier@gmail.com>
Date:   Tue Mar 22 10:56:36 2022 +0100

    New package version 1.5-1

commit 70ef7a65dd7d3f0a3fc922e647b97ac511889115
Merge: 1030404 20e87c1
Author: Romain Perier <romain.perier@gmail.com>
Date:   Tue Mar 22 10:51:22 2022 +0100

    Update upstream source from tag 'upstream/1.5'
    
    Update to upstream version '1.5'
    with Debian dir a181c37a7b91a2ee567fd1243b311203cca3c201

commit 20e87c13075a8e5660a8d69fd6c93d4f7c5f01a5
Author: Eric Biggers <ebiggers@google.com>
Date:   Sun Feb 6 10:59:13 2022 -0800

    v1.5
    
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit 071167f4e292af438cadfde487e1abfde8272a71
Author: Eric Biggers <ebiggers@google.com>
Date:   Sun Feb 6 10:55:14 2022 -0800

    NEWS.md: update for v1.5
    
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit d1e856b59dd7f205f65b22c2bca534505eaed1e1
Author: Eric Biggers <ebiggers@google.com>
Date:   Sun Feb 6 10:55:14 2022 -0800

    scripts/do-release.sh: split into prepare and publish
    
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit c7434e7c68f7d039a82a8594dd59638cb9ea9ef0
Author: Eric Biggers <ebiggers@google.com>
Date:   Sun Feb 6 10:41:13 2022 -0800

    scripts/run-sparse.sh: fix to exclude boringssl directory
    
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit 61493fd18b6799b5b79cc84fd79073f4b6edf6d8
Author: Eric Biggers <ebiggers@google.com>
Date:   Tue Jan 18 14:38:47 2022 -0800

    Clarify the purpose of built-in signatures
    
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit bdf36751928501fd61aba08220be6d971f9d15c7
Author: Eric Biggers <ebiggers@google.com>
Date:   Tue Jan 18 14:38:47 2022 -0800

    Makefile: fix a typo
    
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit 801cc31186a3e00a802819fb35c6921a9ee8e30b
Author: Eric Biggers <ebiggers@google.com>
Date:   Thu Dec 23 12:59:35 2021 -0600

    Add GitHub Actions support
    
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit 84854db9b6c0b306ebabc683739c681aaeae6dd2
Author: Eric Biggers <ebiggers@google.com>
Date:   Thu Dec 23 12:59:35 2021 -0600

    Support automatically building BoringSSL for testing
    
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit f4e213f13da4436e720246d9f93e007b0e20aff8
Author: Eric Biggers <ebiggers@google.com>
Date:   Thu Dec 23 12:59:35 2021 -0600

    run-tests.sh: make CFI test work on Ubuntu 20.04
    
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit 7d688009e9d2770e1fb83b75eae377f69fbe055b
Author: Eric Biggers <ebiggers@google.com>
Date:   Thu Dec 23 12:59:35 2021 -0600

    run-tests.sh: allow running individual tests
    
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit 4258209301d54512956d536149b0eef0c695cfe6
Author: Eric Biggers <ebiggers@google.com>
Date:   Sat Dec 18 21:54:58 2021 -0600

    lib: remove libfsverity_error_msg_errno()
    
    This is currently unused, and it currently uses GNU strerror_r() which
    is non-portable (doesn't work with musl libc).  Just remove it for now.
    
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit ddc6bc9daeb79db932aa12edb85c7c2f4647472a
Author: Eric Biggers <ebiggers@google.com>
Date:   Wed Sep 22 11:50:15 2021 -0700

    Makefile: use -Wno-deprecated-declarations to avoid OpenSSL 3.0 warnings
    
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit 283177849d3b861ed088115f210fa7d76e717b5d
Author: Eric Biggers <ebiggers@google.com>
Date:   Wed Sep 22 11:43:36 2021 -0700

    scripts/run-tests.sh: test with OpenSSL 3.0
    
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit 2d61d505ba6b5f9f8b6eb141ac2e31714ed018c6
Author: Eric Biggers <ebiggers@google.com>
Date:   Mon Sep 13 10:52:21 2021 -0700

    scripts/run-tests.sh: test with OpenSSL 1.0
    
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit 66b1d8a276cb3836ac275cb9f3f6517a07462737
Author: Aleksander Adamowski <olo@fb.com>
Date:   Thu Sep 9 14:27:31 2021 -0700

    Implement PKCS#11 opaque keys support through OpenSSL pkcs11 engine
    
    PKCS#11 API allows us to use opaque keys confined in hardware security
    modules (HSMs) and similar hardware tokens without direct access to the
    key material, providing logical separation of the keys from the
    cryptographic operations performed using them.
    
    This commit allows using the popular libp11 pkcs11 module for the
    OpenSSL library with `fsverity` so that direct access to a private key
    file isn't necessary to sign files.
    
    The user needs to supply the path to the engine shared library
    (typically the libp11 shared object file) and the PKCS#11 module library
    (a shared object file specific to the given hardware token).  The user
    may also supply a token-specific key identifier.
    
    Test evidence with a hardware PKCS#11 token:
    
      $ echo test > dummy
      $ ./fsverity sign dummy dummy.sig \
        --pkcs11-engine=/usr/lib64/engines-1.1/libpkcs11.so \
        --pkcs11-module=/usr/local/lib64/pkcs11_module.so \
        --cert=test-pkcs11-cert.pem && echo OK;
      Signed file 'dummy'
      (sha256:c497326752e21b3992b57f7eff159102d474a97d972dc2c2d99d23e0f5fbdb65)
      OK
    
    Test evidence for regression check (checking that regular file-based key
    signing still works):
    
      $ ./fsverity sign dummy dummy.sig --key=key.pem --cert=cert.pem && \
        echo  OK;
      Signed file 'dummy'
      (sha256:c497326752e21b3992b57f7eff159102d474a97d972dc2c2d99d23e0f5fbdb65)
      OK
    
    Signed-off-by: Aleksander Adamowski <olo@fb.com>
    [EB: Avoided overloading the --key option and keyfile field, clarified
     the documentation, removed logic from cmd_sign.c that libfsverity
     already handles, and many other improvements.]
    Link: https://lore.kernel.org/r/20210909212731.1151190-1-olo@fb.com
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit 1030404fdcb2a5ba027447fbc5536c202d90c3ab
Author: Romain Perier <romain.perier@gmail.com>
Date:   Thu Jun 24 14:15:22 2021 +0200

    Fix package revision

commit d877c82b302a87e8019c811b3702cccc46c9e9a1
Author: Romain Perier <romain.perier@gmail.com>
Date:   Wed Jun 23 15:23:01 2021 +0200

    New package version 1.4-1
    
    This commit bumps package to new upstream version 1.4. A new man
    page for the fsverity tool is now available via the fsverity package.
    Also add pandoc as build dependency, as required for building the
    manpage.

commit 2f415a6743b36f61dd5f8d138b0bbaaacb453a76
Merge: 1319a55 9e08289
Author: Romain Perier <romain.perier@gmail.com>
Date:   Wed Jun 23 15:18:21 2021 +0200

    Update upstream source from tag 'upstream/1.4'
    
    Update to upstream version '1.4'
    with Debian dir 3a0c0f8961d914490dbe6b72b7bff3599273f17a

commit 9e082897d61a2449657651aa5a0931aca31428fd
Author: Eric Biggers <ebiggers@google.com>
Date:   Mon Jun 14 16:14:52 2021 -0700

    v1.4
    
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit a1243f21c7c268c32de326ab717a6648107f7112
Author: Eric Biggers <ebiggers@google.com>
Date:   Thu Jun 10 00:20:56 2021 -0700

    Add man page for fsverity
    
    Add a manual page for the fsverity utility, documenting all subcommands
    and options.
    
    The page is written in Markdown and is translated to groff using pandoc.
    It can be installed by 'make install-man'.
    
    Link: https://lore.kernel.org/r/20210610072056.35190-1-ebiggers@kernel.org
    Acked-by: Luca Boccassi <bluca@debian.org>
    Reviewed-by: Victor Hsieh <victorhsieh@google.com>
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit 811f6d328c23a8ba284abcb30e9e3aba50f124b2
Author: Eric Biggers <ebiggers@google.com>
Date:   Thu Jun 10 00:09:19 2021 -0700

    Add *.exe to gitignore
    
    Ignore .exe files produced by the Windows build.  The test programs were
    already matched by another pattern, but fsverity.exe wasn't.
    
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit 6f64dde651fbd91205b58e484518dcb3a0aa9e8f
Author: Eric Biggers <ebiggers@google.com>
Date:   Thu Jun 3 12:58:12 2021 -0700

    programs/fsverity: add --out-merkle-tree and --out-descriptor options
    
    Make 'fsverity digest' and 'fsverity sign' support writing the Merkle
    tree and fs-verity descriptor to files, using new options
    '--out-merkle-tree=FILE' and '--out-descriptor=FILE'.
    
    Normally these new options aren't useful, but they can be needed in
    cases where the fs-verity metadata needs to be consumed by something
    other than one of the native Linux kernel implementations of fs-verity.
    
    This is different from 'fsverity dump_metadata' in that
    'fsverity dump_metadata' only works on a file with fs-verity enabled,
    whereas these new options are for the userspace file digest computation.
    
    Link: https://lore.kernel.org/r/20210603195812.50838-5-ebiggers@kernel.org
    Reviewed-by: Victor Hsieh <victorhsieh@google.com>
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit 1690cc2c74e13031451b0aa617ed221477baba1b
Author: Eric Biggers <ebiggers@google.com>
Date:   Thu Jun 3 12:58:11 2021 -0700

    programs/utils: add full_pwrite() and preallocate_file()
    
    These helper functions will be used by the implementation of the
    --out-merkle-tree option for 'fsverity digest' and 'fsverity sign'.
    
    Link: https://lore.kernel.org/r/20210603195812.50838-4-ebiggers@kernel.org
    Reviewed-by: Victor Hsieh <victorhsieh@google.com>
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit 3b7ac7d54a75cc17a4272cf3b3346561f00af68d
Author: Eric Biggers <ebiggers@google.com>
Date:   Thu Jun 3 12:58:10 2021 -0700

    programs/test_compute_digest: test the metadata callbacks
    
    Test that the libfsverity_metadata_callbacks support seems to be working
    correctly.
    
    Link: https://lore.kernel.org/r/20210603195812.50838-3-ebiggers@kernel.org
    Reviewed-by: Victor Hsieh <victorhsieh@google.com>
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit cf9001d76141be5f8e216fc4b15224b4db535dff
Author: Eric Biggers <ebiggers@google.com>
Date:   Thu Jun 3 12:58:09 2021 -0700

    lib/compute_digest: add callbacks for getting the verity metadata
    
    Allow callers of libfsverity_compute_digest() to provide callback
    functions which get passed the Merkle tree and fs-verity descriptor
    after they are calculated.
    
    This will allow adding options to 'fsverity digest' and 'fsverity sign'
    which cause this metadata to be dumped to files.  Normally this isn't
    useful, but this can be needed in cases where the fs-verity metadata
    needs to be consumed by something other than one of the native Linux
    kernel implementations of fs-verity.
    
    Link: https://lore.kernel.org/r/20210603195812.50838-2-ebiggers@kernel.org
    Reviewed-by: Victor Hsieh <victorhsieh@google.com>
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit cf8fa5e5a7ac5b3b2dbfcc87e5dbd5f984c2d83a
Author: Eric Biggers <ebiggers@google.com>
Date:   Fri Jan 15 10:24:02 2021 -0800

    programs/fsverity: Add dump_metadata subcommand
    
    Add a 'fsverity dump_metadata' subcommand which calls
    FS_IOC_READ_VERITY_METADATA on a file and prints the returned metadata
    to stdout.  There are three subsubcommands, one for each type of
    metadata that can be read using the ioctl:
    
            fsverity dump_metadata merkle_tree FILE
            fsverity dump_metadata descriptor FILE
            fsverity dump_metadata signature FILE
    
    By default the whole metadata item is dumped.  --length and --offset can
    be specified to dump only a particular range of the item.
    
    This subcommand will be used by xfstests to test the
    FS_IOC_READ_VERITY_METADATA ioctl.
    
    Link: https://lore.kernel.org/r/20210115182402.35691-3-ebiggers@kernel.org
    Signed-off-by: Eric Biggers <ebiggers@google.com>

commit 1a7bc44a0b536de901f682337add379c1ebbf218
Author: Eric Biggers <ebiggers@google.com>
Date:   Fri Jan 15 10:24:01 2021 -0800

    Upgrade to latest fsverity_uapi.h
    
    Add the FS_IOC_READ_VERITY_METADATA ioctl.
    
    Link: https://lore.kernel.org/r/20210115182402.35691-2-ebiggers@kernel.org
    Signed-off-by: Eric Biggers <ebiggers@google.com>
Created: 2021-06-24 Last update: 2022-05-27 14:35
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.5.1).
Created: 2021-08-18 Last update: 2022-05-11 23:24
testing migrations
  • This package is part of the ongoing testing transition known as auto-openssl. Please avoid uploads unrelated to this transition, they would likely delay it and require supplementary work from the release managers. On the other hand, if your package has problems preventing it to migrate to testing, please fix them as soon as possible. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
news
[rss feed]
  • [2021-08-16] fsverity-utils 1.4-1~exp1 MIGRATED to testing (Debian testing watch)
  • [2021-06-24] Accepted fsverity-utils 1.4-1~exp1 (source) into unstable (Romain Perier)
  • [2021-02-21] fsverity-utils 1.3-1 MIGRATED to testing (Debian testing watch)
  • [2021-02-11] Accepted fsverity-utils 1.3-1 (source) into unstable (Romain Perier) (signed by: Luca Boccassi)
  • [2020-10-06] fsverity-utils 1.2-1 MIGRATED to testing (Debian testing watch)
  • [2020-10-01] Accepted fsverity-utils 1.2-1 (source amd64) into unstable, unstable (Debian FTP Masters) (signed by: Luca Boccassi)
  • [2020-07-21] fsverity-utils 1.0-1 MIGRATED to testing (Debian testing watch)
  • [2020-07-15] Accepted fsverity-utils 1.0-1 (source amd64) into unstable, unstable (Debian FTP Masters) (signed by: Luca Boccassi)
bugs [bug history graph]
  • all: 1
  • RC: 0
  • I&N: 1
  • M&W: 0
  • F&P: 0
  • patch: 1
links
  • homepage
  • lintian
  • buildd: logs, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1.4-1~exp1build1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing