Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Critical
Fix Version/s: rhel-10.0
Affects Version/s: rhel-10.0
Component/s: keylime
Labels:
- rn-yml

Fixed in Build:
keylime-7.12.1-2.el10
Regression:
No
Severity:
Important
Epic Link:
SECENGSP-6735
sprint_count:
1

AssignedTeam:
rhel-security-special-projects
Sub-System Group:

ssg_security

Internal Target Milestone:
27
Story Points:
2
ACKs Check:

QE ack, Dev ack
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Sprint:
SECENGSP Cycle 15

Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/140847
Gating Tests:

Not Needed
Test Coverage:

RegressionOnly

Release Note Type:
Removed Functionality
Release Note Text:

Hide
.Keylime policy management scripts are removed and replaced with `keylime-policy`

In RHEL 10, Keylime is provided with the `keylime-policy` tool, which replaces the following policy management scripts:

* `keylime_convert_runtime_policy`
* `keylime_create_policy`
* `keylime_sign_runtime_policy`
* `create_mb_refstate`
* `create_allowlist.sh`

The scripts have been removed and are no longer provided in RHEL 10.

Show
.Keylime policy management scripts are removed and replaced with `keylime-policy` In RHEL 10, Keylime is provided with the `keylime-policy` tool, which replaces the following policy management scripts: * `keylime_convert_runtime_policy` * `keylime_create_policy` * `keylime_sign_runtime_policy` * `create_mb_refstate` * `create_allowlist.sh` The scripts have been removed and are no longer provided in RHEL 10.
Release Note Status:
Done
ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:
Architecture:

All

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

What were you trying to do that didn't work?

in RHEL-10 we are shipping the new keylime-policy tool obsoleting old scripts.

In order to avoid supporting old scripts for 15+ years we should drop them from the package

keylime_convert_runtime_policy
keylime_create_policy
keylime_sign_runtime_policy
create_mb_refstate

keylime-7.12.1-1.el10

links to

RHBA-2024:140847 keylime bug fix and enhancement update

Assignee:: Sergio Correia

Reporter:: Karel Srot

Developer:: Sergio Correia

QA Contact:: Karel Srot

Doc Contact:: Jan Fiala

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2025/02/17 2:31 PM

Updated:: 2025/05/13 11:20 AM

Resolved:: 2025/05/13 11:20 AM

Target end:: 2025/02/24

Next Planned Release Date:: 2025/05/13

Release Date:: 2025/05/13