| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| cherry-pick/1619791926.v9-1-g5482313.fix-generation-of-new-keys-when-no-keys-are-available.patch | Fix generation of new keys when no keys are available When no keys are available, tang creates a new pair of keys, however currently it checks the total number of keys, including rotated keys, to decide whether to create new keys. So not to have issues when all the keys have been rotated, let's check instead the total number of "regular" keys, the ones that will be advertised, and if there are none, then tang can create new keys. This fixes an issue when we do have all keys rotated. Tests added as well. |
no | v9-1-g5482313 <https://github.com/latchset/tang/commit/v9-1-g5482313> | 2021-04-30 | ||
| cherry-pick/1619793024.v9-2-gafb6055.keys-fix-signature-generation.patch | Keys: fix signature generation No need to create and pass an array with our template option. This was causing issues when we had multiple (>2) pairs of keys. Tests added to cover this scenario. |
no | v9-2-gafb6055 <https://github.com/latchset/tang/commit/v9-2-gafb6055> | 2021-04-30 | ||
| cherry-pick/1619654056.v9-3-g69b47ce.tests-unify-tests.patch | Tests: unify tests Let's try to not duplicate tests but instead reuse them across the supported platforms. |
no | v9-3-g69b47ce <https://github.com/latchset/tang/commit/v9-3-g69b47ce> | 2021-04-28 | ||
| cherry-pick/1606661229.v9-5-gfd69796.add-tangd-rotate-keys-helper-script.patch | Add tangd-rotate-keys helper script So that it becomes simpler to perform key rotation on the server side. Usage: tangd-rotate-keys [-h] [-v] -d <KEYDIR> Example: $ sudo tangd-rotate-keys -d /var/db/tang -v Disabled advertisement of key 5AiUA4IhvOFdXzFavO78TKJ8hEsfGk8I6ymy4rBPWi8.jwk -> .5AiUA4IhvOFdXzFavO78TKJ8hEsfGk8I6ymy4rBPWi8.jwk Disabled advertisement of key dDC74X-o31Fq5VJaM9iZ4baZD2hhHw-RrIMkxEz35Xc.jwk -> .dDC74X-o31Fq5VJaM9iZ4baZD2hhHw-RrIMkxEz35Xc.jwk Created new key bIGVyIP2D_NJGQeFA9cf9oix5KEVQyVq9ZGjjv0s3D8.jwk Created new key BL4IR73UhG8yyYbvGJspPIlLvG6AzTnM850tlCKrcII.jwk Keys rotated successfully |
no | v9-5-gfd69796 <https://github.com/latchset/tang/commit/v9-5-gfd69796> | 2020-11-29 | ||
| for-upstream/2018-08-11.use-asciidoctor-to-build-manpages.patch | Use asciidoctor to build the manpages | Christoph Biedl <debian.axhn@manchmal.in-ulm.de> | yes | upstream | 2018-08-11 | |
| for-upstream/2018-08-12.add-systemd-documentation-key.patch | Add documentation key to system unit file | Christoph Biedl <debian.axhn@manchmal.in-ulm.de> | yes | upstream | 2018-08-12 | |
| debian/2021-04-19.non-usrmerged.patch | Install systemd unit files in /lib/ | Christoph Biedl <debian.axhn@manchmal.in-ulm.de> | not-needed | 2021-04-19 | ||
| bullseye/1639480721.v10-9-ge82459f.keys-move-signing-part-out-of-find-by-thp-and-to-find-jws-81.patch | Keys: move signing part out of find_by_thp() and to find_jws() (#81) Handle just signing keys in find_jws(), to make sure we are responding only to proper queries. Tests were also failing to detect this issue and were updated accordingly. Issue discovered by Twitter Kernel and OS team during a source code audit while evaluating Tang/Clevis for their needs. Fixes CVE-2021-4076 |
no | v10-9-ge82459f <https://github.com/latchset/tang/commit/v10-9-ge82459f> | 2021-12-14 |