qubesos-bot
commented
6 years ago Package for dom0 was built (build log) and uploaded to current-testing repository
Closed qubesos-bot closed 6 years ago
qubesos-bot
commented
6 years ago Package for dom0 was built (build log) and uploaded to current-testing repository
marmarek
commented
6 years ago -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Upload antievilmaid 5206053615b96af9c9d74adc39df8b9d9807d1a6 r4.0 current repo -----BEGIN PGP SIGNATURE-----
iQJUBAEBCAA+FiEEF7fMGYa9PSjEFHW2hG1rcJxuLn8FAlqgOlIgHG1hcm1hcmVr QGludmlzaWJsZXRoaW5nc2xhYi5jb20ACgkQhG1rcJxuLn8ECg/9Hso0ATQjjCOK xe9QcnJVRk4LJQNUp6jo1mnJOxZU2BMDGZnoKuyWbwq8nRGjY27ZmO1uq0u6gcH8 gOMfvDvifN57m8foWJGqOBZYQQgqdAiG9y45z40horEryY2g2wbfjEkVgTyeRo7K x+7W90YEBry+FFx2bZNGQHICgf+kdS6aNvx2aOBWqBdZ6d17uAwETOxCHpCI88Rh FnilpEKL7xJBc/BspwYkrgeYannIj7xSVqO4Zj1d0oF7lfJB3cWe++RVTvPkN4gd FPdiYlT5gPDMM92imGF90cwVBHY3hNigiAFGiY7TPHqUH3GdiUzZzuGZNabahGJU EwQ3P+CPtonAI5RFgGhMVI4h/FRL7xHI1F7SIJfaqFrEapHTYkQBbeV68GfRdcWw LzexpnSQryXVM6OLHEWwfkxvvcV8r2OScQru82uQ6t7FtKmsbKY0Hn0Qq1yaxYZT uc5KhU1GFFA+HfFtVH6uq1kjrHqslv7RNvZHxKESRmfMHyxg+/fSTF8qdblyFquS zEeGDIQhKpO5m8PVu4KnX9qPCPHpl3bE+fKUviFPF8wnQ5IMwRWTT4O2P/SfTK4c CgKLfAaPZfDTwNRmIKJD9LRiHBBbwMLEjXwCv6vj933M3mulIyqRK62oIyNZCSU3 /4mNsc6D4m1LIlTAvaB4JCJSt6LTMP0= =q9S5 -----END PGP SIGNATURE-----
qubesos-bot
commented
6 years ago Package for dom0 was uploaded to stable repository
Update of antievilmaid to v4.0.1 for Qubes r4.0, see comments below for details.
Built from: https://github.com/QubesOS/qubes-antievilmaid/commit/5206053615b96af9c9d74adc39df8b9d9807d1a6
Changes since previous version: QubesOS/qubes-antievilmaid@5206053 version 4.0.1 QubesOS/qubes-antievilmaid@cf44b67 travis: update versions (4.0 only) QubesOS/qubes-antievilmaid@9c5af9c -seal: better error message when run manually w/o suffix arg QubesOS/qubes-antievilmaid@190241f improve and document freshness token unsealing error QubesOS/qubes-antievilmaid@8b4c9bf add missing cryptsetup binary to initramfs QubesOS/qubes-antievilmaid@abd446b change TPM NVRAM indices to improve compatibility QubesOS/qubes-antievilmaid@8ee6220 readme: better SRK pw change instructions QubesOS/qubes-antievilmaid@63186a3 readme: add upgrade instructions QubesOS/qubes-antievilmaid@b218da8 -install: remove the "experimental" warning for MFA QubesOS/qubes-antievilmaid@69b65de specfile: depend on coreutils containing base32 binary QubesOS/qubes-antievilmaid@b858ec9 -install: remove stray tab QubesOS/qubes-antievilmaid@75f8c2d README: fix typos; clearer MFA AEM media requirements QubesOS/qubes-antievilmaid@d87193b -install: make sure user sees the "wrong RTC TZ" warning QubesOS/qubes-antievilmaid@7ce339c allow (less secure) MFA AEM install on internal/non-removable media QubesOS/qubes-antievilmaid@4b1f533 change freshness token file extension from .fsh to .fre QubesOS/qubes-antievilmaid@13b1f38 Save seed to secret.otp with trailing newline QubesOS/qubes-antievilmaid@10f663d tpm_id: Update error message QubesOS/qubes-antievilmaid@d1830e6 Use same format (16 bytes hex) for owner and freshness pw QubesOS/qubes-antievilmaid@3ae0a09 Use same hex() and unhex() everywhere QubesOS/qubes-antievilmaid@3bbf8a8 Use the same sysfs TPM directory everywhere QubesOS/qubes-antievilmaid@b51d815 -tpm-setup: only move tcs data when actually creating tpm id QubesOS/qubes-antievilmaid@d634830 -tpm-setup: don't ask for TPM ID when tcsd is stopped QubesOS/qubes-antievilmaid@f5ae26f $TPM_FRESHNESS_PASSWORD -> $TPM_FRESHNESS_PASSWORD_FILE QubesOS/qubes-antievilmaid@67ae71c Reset dictionary attack lock on -seal startup QubesOS/qubes-antievilmaid@338a27e -install: Move freshness token enrollment check up QubesOS/qubes-antievilmaid@2cbc74d rd.antievilmaid.uuid -> aem.uuid; remove rd.antievilmaid QubesOS/qubes-antievilmaid@94efdad -seal: Use UUID instead of label to find device QubesOS/qubes-antievilmaid@40e55c0 Factor out getparams() QubesOS/qubes-antievilmaid@225ebf2 -unseal: Add blank line after "Waiting for /dev/disk/..." messages QubesOS/qubes-antievilmaid@5e14237 -unseal: Abort on duplicate UUID attack QubesOS/qubes-antievilmaid@e91b783 -unseal: Fixed string & glob for prefix test; log -> message QubesOS/qubes-antievilmaid@c291949 -unseal: Also show UUID in log messages QubesOS/qubes-antievilmaid@36040a7 -unseal: wait for AEM media by UUID instead of label QubesOS/qubes-antievilmaid@b0b2dcf -tpm-setup fixes QubesOS/qubes-antievilmaid@08b9223 -tpm-setup: rest of the implementation; fixed tpm_id QubesOS/qubes-antievilmaid@e0dbede notty; anti-evil-maid-tpm-setup stub QubesOS/qubes-antievilmaid@86f8f71 Avoid cryptsetup password prompt QubesOS/qubes-antievilmaid@54ba055 Split up the freshness slot db QubesOS/qubes-antievilmaid@35e286b README: oathtool ignores spaces, substrings of valid padding QubesOS/qubes-antievilmaid@ab54284 remove dracut module dependency on "touch" QubesOS/qubes-antievilmaid@79e8840 Use AEM device label as TOTP label QubesOS/qubes-antievilmaid@2e0d4be Simplify tpm_nv_std QubesOS/qubes-antievilmaid@7dfa4f3 README: Use "sudo -s", like when copying the blob QubesOS/qubes-antievilmaid@7dc2ea3 -unseal: Uppercase long-ranging variables, move them a bit QubesOS/qubes-antievilmaid@a4bce7a -unseal: Use $UNSEALED_SECRET for freshness token secret QubesOS/qubes-antievilmaid@a4b2384 readme: manufacturer-seeded TOTP token support QubesOS/qubes-antievilmaid@0b29fdd -unseal: Unify Plymouth and non-Plymouth .otp/.key code QubesOS/qubes-antievilmaid@e4d04a4 -unseal: Skip readonly message if unnecessary QubesOS/qubes-antievilmaid@20a9953 module-setup.sh: Remove stale dependencies QubesOS/qubes-antievilmaid@76a401f Increase waitforenter() timeouts QubesOS/qubes-antievilmaid@e986b4d -unseal: Let systemd cleanup /tmp files on initrd exit QubesOS/qubes-antievilmaid@6d59863 Only reseal .txt/.otp/.key if necessary QubesOS/qubes-antievilmaid@1330457 -seal: Factor out $LABEL_SUFFIX QubesOS/qubes-antievilmaid@c991d2c -seal: Make functions etc. inherit the ERR trap QubesOS/qubes-antievilmaid@49ef074 README: Adjust references QubesOS/qubes-antievilmaid@2eaf3d5 make aem-install logs fit 80-char wide terminals QubesOS/qubes-antievilmaid@700d0ef rewrap long lines QubesOS/qubes-antievilmaid@d7dd0d6 add recovery instructions for text secret & passphrase snooping QubesOS/qubes-antievilmaid@cc57de3 remove "success" type message from checkfreshness() lib func QubesOS/qubes-antievilmaid@e585929 remove tpm_takeownership section from README QubesOS/qubes-antievilmaid@a89ca72 fix a typo QubesOS/qubes-antievilmaid@ef361fe change MFA skip keybind from
Referenced issues: QubesOS/qubes-issues#3296
If you're release manager, you can issue GPG-inline signed command:
Upload antievilmaid 5206053615b96af9c9d74adc39df8b9d9807d1a6 r4.0 current repo(available 7 days from now)Upload antievilmaid 5206053615b96af9c9d74adc39df8b9d9807d1a6 r4.0 current (dists) repo, you can choose subset of distributions, likevm-fc24 vm-fc25(available 7 days from now)Upload antievilmaid 5206053615b96af9c9d74adc39df8b9d9807d1a6 r4.0 security-testing repoAbove commands will work only if packages in current-testing repository were built from given commit (i.e. no new version superseded it).