Package ima-evm-integrity-check: Information

    Source package: ima-evm-integrity-check
    Version: 0.7.7-alt1
    Build time:  Nov 21, 2024, 04:59 PM
    Category: System/Base
    Report package bug
    License: GPLv2+
    Summary: IMA/EVM integrity check
    Description: 
    This package make use of the IMA and EVM technologies from the Linux
    integrity subsystem. Basically IMA and EVM provide the following
    functionality:
    
    - measurement (hashing) of file content as it is accessed and keeping
      track of this information in an audit log;
    - appraisal of files, which allows to prevent access when
      a measurement (hash) or digital signature does not match
      the expected value.
    
    This package requires kernel with corresponding config options enabled.

    List of RPM packages built from this SRPM:
    ima-evm-integrity-check (noarch)
    make-initrd-integrity (noarch)

    Maintainer: Paul Wolneykien


      1. bash4
      2. rpm-build-licenses

    Last changed


    Nov. 21, 2024 Paul Wolneykien 1:0.7.7-alt1
    - Fix: Don't run update-grub if /etc/sysconfig/grub2 doesn't exist.
    - controls: Return error if specified configuration variable isn't
      defined anywhere.
    - Fix handling of /boot/boot.conf.
    - Provide next epoch of 'cert-distro-updater' and 'updater' packages
      to make upgrade possible (+ conflict them).
    Sept. 5, 2024 Paul Wolneykien 0.7.6-alt1
    - Make the contents of /etc/sysconfig/integrity override values
      set in /etc/integrity/config.
    May 30, 2024 Paul Wolneykien 0.7.5-alt1
    - Use 0x80000002 as the default EVM mode.
    - Automatically enable --with-evm for integrity-sign --verify if EVM
      is enabled in the kernel.
    - Fix: Disable autoreq for integrity initrd script.
    - Added notes about new features (README and man).
    - Pass explicit EVM option via state file to Stage II.
    - Fix: Reconfigure bootloader on each stage.
    - Fix: Delete old /var/lib/integrity_update/default.
    - Don't touch filesystem immutable bit in EVM mode.
    - Added option --without-evm.
    - Run make-initrd with normal log output.
    - Allow to cancel loading the system if IMA policy fails to load.
    - Check loading of IMA and EVM policy at system boot (ima-check.service).
    - Load IMA policy at initrd stage only when ima_appraise=enforce.
    - Run make-initrd with normal log output.
    - Fixed OpenSSL GOST module path when copying to initrd.
    - Fix: Abort on some make-initrd errors.