Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-79831

drop old keylime policy related scripts

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Critical Critical
    • rhel-10.0
    • rhel-10.0
    • keylime
    • keylime-7.12.1-2.el10
    • No
    • Important
    • 1
    • rhel-security-special-projects
    • ssg_security
    • 27
    • 2
    • QE ack, Dev ack
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • SECENGSP Cycle 15
    • Removed Functionality
    • Hide
      .Keylime policy management scripts are removed and replaced with `keylime-policy`

      In RHEL 10, Keylime is provided with the `keylime-policy` tool, which replaces the following policy management scripts:

      * `keylime_convert_runtime_policy`
      * `keylime_create_policy`
      * `keylime_sign_runtime_policy`
      * `create_mb_refstate`
      * `create_allowlist.sh`

      The scripts have been removed and are no longer provided in RHEL 10.
      Show
      .Keylime policy management scripts are removed and replaced with `keylime-policy` In RHEL 10, Keylime is provided with the `keylime-policy` tool, which replaces the following policy management scripts: * `keylime_convert_runtime_policy` * `keylime_create_policy` * `keylime_sign_runtime_policy` * `create_mb_refstate` * `create_allowlist.sh` The scripts have been removed and are no longer provided in RHEL 10.
    • Done
    • Unspecified
    • Unspecified
    • Unspecified
    • All
    • None

      What were you trying to do that didn't work?

      in RHEL-10 we are shipping the new keylime-policy tool obsoleting old scripts.

      In order to avoid supporting old scripts for 15+ years we should drop them from the package

      • keylime_convert_runtime_policy
      • keylime_create_policy
      • keylime_sign_runtime_policy
      • create_mb_refstate
        keylime-7.12.1-1.el10

              scorreia@redhat.com Sergio Correia
              ksrot@redhat.com Karel Srot
              Sergio Correia Sergio Correia
              Karel Srot Karel Srot
              Jan Fiala Jan Fiala
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: