keylime-selinux-7.3.0-13.el9_3> M Mv ĉJ4!!%joLne)Ip-Bm5 ']e releng@rockylinux.org p-Bm5 ']x{5/`]+s<^hP8[pvNVI~B4+PWWt( 'Y.>z+=J9SWܬ+\#;w %G/BWj{Pw7. V,wF߈? >3gcU?4C*ΕUfsi47)+N jkywk6IJFRi˜bCDt2vyGQz.3}.1"&. $.D9kЯ+'tۯˆ!澰$1Le Hð*YqP)yºڢPCw2V[t%Z\wـHa/'V:41!#[HQ<1ba#&UGFtY4BLrQ-3@!?!d ! 8X\  CIPi          c  h t      (a8l9:=I>Q@YGdHpI|XY\]^bDd e f l t u v!!$!(!.!p!tCkeylime-selinux7.3.013.el9_3keylime SELinux policyCustom SELinux policy moduleepb-54c479b0-897c-4ec6-aeb3-2c45f7f37fb7-b-x86-643`Rocky Linux 9.3Rocky Enterprise Software FoundationASL 2.0 and MITRocky Linux Build System (Peridot) Unspecifiedhttps://github.com/keylime/keylimelinuxnoarch if /usr/sbin/selinuxenabled; then if [ -e /etc/selinux/config ]; then . /etc/selinux/config fi _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if [ "${SELINUXTYPE}" = "${_policytype}" ]; then [ -f /var/lib/rpm-state/file_contexts.pre ] || cp -f /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts /var/lib/rpm-state/file_contexts.pre fi fi if [ -e /etc/selinux/config ]; then . /etc/selinux/config fi _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if [ "${SELINUXTYPE}" = "${_policytype}" ]; then /usr/sbin/semodule -n -s ${_policytype} -X 200 -i /usr/share/selinux/packages/targeted/keylime.pp.bz2 || : /usr/sbin/selinuxenabled && /usr/sbin/load_policy || : fi if [ -e /etc/selinux/config ]; then . /etc/selinux/config fi _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if /usr/sbin/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then if [ -f /var/lib/rpm-state/file_contexts.pre ]; then /usr/sbin/fixfiles -C /var/lib/rpm-state/file_contexts.pre restore &> /dev/null rm -f /var/lib/rpm-state/file_contexts.pre fi fi if [ "$1" -le "1" ]; then # First install # The services need to be restarted for the custom label to be # applied in case they where already present in the system, # restart fails silently in case they where not. for svc in agent registrar verifier; do [ -f "/usr/lib/systemd/system/keylime_${svc}".service ] && \ if [ $1 -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then # Package upgrade, not uninstall /usr/lib/systemd/systemd-update-helper mark-restart-system-units "keylime_${svc}".service || : fi done fi exit 0if [ $1 -eq 0 ]; then if [ -e /etc/selinux/config ]; then . /etc/selinux/config fi _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if [ $1 -eq 0 ]; then if [ "${SELINUXTYPE}" = "${_policytype}" ]; then /usr/sbin/semodule -n -X 200 -s ${_policytype} -r keylime &> /dev/null || : /usr/sbin/selinuxenabled && /usr/sbin/load_policy || : fi fi if [ -e /etc/selinux/config ]; then . /etc/selinux/config fi _policytype=targeted if [ -z "${_policytype}" ]; then _policytype="targeted" fi if /usr/sbin/selinuxenabled && [ "${SELINUXTYPE}" = "${_policytype}" ]; then if [ -f /var/lib/rpm-state/file_contexts.pre ]; then /usr/sbin/fixfiles -C /var/lib/rpm-state/file_contexts.pre restore &> /dev/null rm -f /var/lib/rpm-state/file_contexts.pre fi fi fi:0&dzeee515869b557cb771f5a011e19618a65d5204d3d0e77f605562a08b75c22061592119d8076de8c580b49c88e23df3787b71d7f6e1deddc9be00b1c0c8fff5b684@rootrootrootrootrootrootkeylime-7.3.0-13.el9_3.src.rpmkeylime-selinux     /bin/sh/bin/sh/bin/shlibselinux-utilspolicycoreutilspolicycoreutils-python-utilsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsZstd)selinux-policyselinux-policy-baseselinux-policy-targetedselinux-policy-targeted3.0.4-14.6.0-14.0-15.4.18-138.1.23-1.el9_3.238.1.23-1.el9_3.24.16.1.3e@e.w@e#@edid@d@d@dd@dhd.@d@cGc@c@cr-c pccccb@bbbSergio Correia - 7.3.0-13Anderson Toshiyuki Sasaki - 7.3.0-12Anderson Toshiyuki Sasaki - 7.3.0-11Anderson Toshiyuki Sasaki - 7.3.0-10Sergio Correia - 7.3.0-9Sergio Correia - 7.3.0-8Anderson Toshiyuki Sasaki - 7.3.0-7Sergio Correia - 7.3.0-6Anderson Toshiyuki Sasaki - 7.3.0-5Sergio Correia - 7.3.0-4Sergio Correia - 7.3.0-3Patrik Koncity - 7.3.0-2Sergio Correia - 7.3.0-1Sergio Correia - 6.5.2-4Sergio Correia - 6.5.2-3Patrik Koncity - 6.5.2-2Sergio Correia - 6.5.2-1Sergio Correia - 6.5.0-1Sergio Correia - 6.4.3-1Patrik Koncity - 6.4.2-6Patrik Koncity - 6.4.2-5Patrik Koncity - 6.4.2-4Patrik Koncity - 6.4.2-3Sergio Correia - 6.4.2-2Sergio Correia - 6.4.2-1Sergio Correia - 6.4.1-1- Backport fix for CVE-2023-3674 Resolves: RHEL-21013- Set the generator and timestamp in create_policy.py Related: RHEL-11866- Suppress unnecessary error message Related: RHEL-11866- Restore allowlist generation script Resolves: RHEL-11866 Resolves: RHEL-11867- Rebuild for properly tagging the resulting build Resolves: RHEL-1898- Add missing dependencies python3-jinja2 and util-linux Resolves: RHEL-1898- Automatically update agent API version Resolves: RHEL-1518- Fix registrar is subject to a DoS against SSL (CVE-2023-38200) Resolves: rhbz#2222694- Fix challenge-protocol bypass during agent registration (CVE-2023-38201) Resolves: rhbz#2222695- Update spec file to use %verify(not md5 size mode mtime) for files updated in %post scriptlets Resolves: RHEL-475- Fix Keylime configuration upgrades issues introduced in last rebase Resolves: RHEL-475 - Handle session close using a session manager Resolves: RHEL-1252 - Add ignores for EV_PLATFORM_CONFIG_FLAGS Resolves: RHEL-947- Keylime SELinux policy provides more restricted ports. - New SELinux label for ports used by keylime. - Adding tabrmd interfaces allow unix stream socket communication and dbus communication. - Allow the keylime_server_t domain to get the attributes of all filesystems. Resolves: RHEL-595 Resolves: RHEL-390 Resolves: RHEL-948- Update to 7.3.0 Resolves: RHEL-475- Backport upstream PR#1240 - logging: remove option to log into separate file Resolves: rhbz#2154584 - keylime verifier is not logging to /var/log/keylime- Remove leftover policy file Related: rhbz#2152135- Use keylime selinux policy from upstream. Resolves: rhbz#2152135- Update to 6.5.2 Resolves: CVE-2022-3500 Resolves: rhbz#2138167 - agent fails IMA attestation when one scripts is executed quickly after the other Resolves: rhbz#2140670 - Segmentation fault in /usr/share/keylime/create_mb_refstate script Resolves: rhbz#142009 - Registrar may crash during EK validation when require_ek_cert is enabled- Update to 6.5.0 Resolves: rhbz#2120686 - Keylime configuration is too complex- Update to 6.4.3 Resolves: rhbz#2121044 - Error parsing EK ASN.1 certificate of Nuvoton HW TPM- Update keylime SELinux policy - Resolves: rhbz#2121058- Update keylime SELinux policy and removed duplicate rules - Resolves: rhbz#2121058- Update keylime SELinux policy - Resolves: rhbz#2121058- Add keylime-selinux policy as subpackage - See https://fedoraproject.org/wiki/SELinux/IndependentPolicy - Resolves: rhbz#2121058- Fix efivar-libs dependency Related: rhbz#2082989- Update to 6.4.2 Related: rhbz#2082989- Add keylime to RHEL-9 Resolves: rhbz#2082989/bin/sh/bin/sh/bin/sh7.3.0-13.el9_3keylime.ifkeylime.pp.bz2keylime/usr/share/selinux/devel/include/distributed//usr/share/selinux/packages/targeted//var/lib/selinux/targeted/active/modules/200/-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64-v2 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpiozstd19x86_64-redhat-linux-gnuSE Linux policy interface sourceutf-8695863bee38834e1940cb790a1bf67babf68f2f5e560960d5f18fa3de74557697d545b5736ee8b10a1c5db605debdcec92b61cc4aa63fa2b00e72d7d52754c22?(/hug071081a4164d21b7a3339./usr/share/selinux/devel/include/distributed/keylime.if## policy for \-#gZcFc- M,O'Rz 0C]-牔c՜w#EC)(JJ,ZÌs9:k-w^zbp%%)0L'Ri$mI(I$Dtҥ߂nnMm^XMKt; 7_gUa7wtvq{CAm[b,L-Ͽ,YiUg8iYasr>ۋ8/,eH)L$O>d6F"}+"[-3mȚ)2OD4%&lHNZ_fnec =}T;\ܽ7ӋV9<^_3v[w:=.su;=oEO?=>޿g|`>_3OpHO,4To QT*1c 2˝ݛ6pe@Y6lu̵4x&ZL5ak6q!:Ž H*ԖŤ>xj(P"͘UgͲȗ|#Ɉ@ %@!@ aGI$$JۿA^[7pZmD>gwpFyx{<'*%š$cTu3!l'^za4gz^9]fz3u""$=t_r{za Ӷ#Y[vbZG~WV黖9pkѬktU$:pcaۻm{""RIXt@!8 \Vm,cNe$ǴZigU~agM:eNVF=_zʰoQ"̬ :>9ArUU3G;Txi>cc݈׽VG9N\?AQL& o^>0QoiYsJ da=XaPz^g^Nw7k/% n50lߧxk~SLn94q@6- f@4F|ꬰ^7}Yy߉`\ fMI`39'4ƍ5Ĥ6Y$6IȖIIDI#yd1,%IP&(Kaj-me@F$TI=l$ȉYÞ$qDtIF(?G $=d ) O>[r|_|$&L2Zҫkș7_rroJ“`Ɇ \$L☻26k,7+7 aalp6ӑTcb&IVUdl_iD{sdEܴMҒ]' J"Ĉ$$T*ETra7nBMmYk3VXD@DA?PU·o}}=ޒ{ֵ$Đxgoׯ^zI$I$I$|޽kZֵk\@^TUXWX+Rq`e15FUQ7V'J)%6&P̨e~&l ʖiHhӬHhLwIn,dDc(q0YbH̋l,i=5ER"ʫUCv@&$|RjO~^qdjUUq g+{ ۆ{رbŋ \F -#Ć014!L"fs091 `bP0PA R rH~~ 2O 9?3y/1'i$DۦLL~3TDҢ.mZ笀k/:ـVyX8r`f8꟦bc爘4~J/z?{"'"/kNxv]k+kZڵԓ+DA<'݂|0'uH~ĈCn_i'ymK;wG@/76xe0/_DީMe-zZKJ..=c<9s1r.7lٳfֵ͟\s7Λ6Zk7#/5G0圹"_e×2Veh9g.E\r/_y.v^w/;^vykםØrFd.Ku:ZT?&"9w;xOص?P=Bv L+Wm$Ç'% ܌&:` { 0n4ݣL֠idF{@a ݨf{50=Л4&Ntm[AjH7^|gD ""BaQP#&D[GtAI"'Щ/^7KTBLod#t\ѨѩH2[5פLoA>;m]X1,RG94/yc!\2\ZN*USS3 Ç0y<3my8UliM=bزڴWYR?&X1IVIPY%$~:LU#pQAM (YѷS}+r&V'.S^9O+ϗ)[Օw#Gy'Ƃ٭wҌo9큋y%T 箼-S|Cn\[6TS7A ]CHLd-q bxDm1lP4kQ!QH$au$BTG1h+#oDN*HS]߻rƛj4v>M# Jmd{8ݦGY$INeVH#Zݪv؈/;Dlݦ=Z0٥b"3HLЎVklI& ± M,Y>Y=d0Z|5+"\s'oǺ%⸳XM_=jZ'aD:Z&SgϿIPsc <$U^QUE! {w2(Rjƹ].$lN((i6¥ڗĊx^XHNjc:$9bR0@< 㤩[94ly5iiB*eB { 1Q&US2*B`-žBj;-SʈY]$F]Esv'ZӨUTS?{Vt/T+Ii?'f;gĒ M\}uLwOvmfBbض-}y}[:UP H@~uCбN޸2XAUO?;#5YeW@QRˎ4SnFj *at(ODha]]'7umw>·Ži~G~X<~|϶<6=+TW+)RzL  RiƱZ!'0{gnZ˩;w0xּkƵ{Sv``}۹/^ ܾl{]'J9﯁|<}9sons7Sԥ)O=j+)!"ck\0=%iVKZ֕Lk]k['9]fkrw庙9ֺ2|NV֘!'եh'[Z.d­{W a!o^7uM~f*R+mͽϟ\$ӋkJZ-8|S.GzZUsyk^2#5Թu\Zxֺuw;e-#Ƶ֖Zg<Ƿ7J^睛6ڔ[lfw<ӽiGk;v;]L^<{rpyx]ߜtai_síu3.0]iL0KS;Lc֔yLuu޵=zo'>p>|{yߕ+{mJ^k9W)\g'n8Suv%k) u1ZJgҙ`rDy$Mk|.kǯOfͶyT)\r;"kn_s57/M b&1Z]L+*޵ֿ9ן^>=r3s*sRڟKu~mX }m~u])鮭np԰U~F?6[m*mm5ѦUdбpYL *ќ5h͟10U-œ$Z KBJ-"h4I""~?FIw3 LRRwd)*p!6؆ I!FIRlMRRRd!IIHRQ2%JJD%&IID0L Q0JL2JB`%Z̰,-*Ij-, bg{LsKIi>0o+bV,{,3geg i2ų?V[.LoIUCnK[7 ,ic.N&s-)pn{$/i6aLKtƬfZR$<)H=+kfl"5fyj|EEJ…G!a Agݸ;y 3ViVcp<1M"qs˼}ԠH9# ZUds*2ccbښ~SCgp~vhYem UۺkpzOfٶk_nlQVC~dF @~ ,uFzR ;"+JVNUkU!bX3io)  *jXPVU-j)3HN, 뤇6׭hq--cUϻॳx4o;x4aۉ )lͽSͧX"V8SHs|m_˫3LA)U1R9Ԣ_^QUV /t=ׯǙ·c5H)0va=/SHiȐ,F)s,G4L2xPq= +&y8kuofq!Uz'{8,mR%KF?yR!1g ۺ 0 ˽tOi㹤^O vv{OKmI2e`}OD9I֥҅UiSMlh&1}eZ;aͿOF[R#Ikv|&Mb%1n0m-fi9tuwnhK \E~dFgŰfqgfqmyH52p97EiAZY|.3e㖛=ٍOIXrYjF*Zgٙъ_[ݺeM>$g:3t9g"io'!G>F|mf W_|yTC~ŹVp̒LTܺe1t D學]t1ir<cE!ݦ<^KvERRP*,Hz8t÷l:"&yU"Ph^QIdrba>+2W.q#&cBB=$έ^SIY1EW .1S6[jp0fiX1.d~te+t&riZi,˳VqG3DÅbZ0 $JW0b鉤ФXe\q&RAV#1]wJyi1h^UX\a /RmvWXZ}uҩU^Ns=ᖤGO9s=.2]g1G ]]έ cU˼ )1@V!P]SڙSn= #z UBLמș`s):.QI:L *庮Ң9F!&*)~YYg&jz=Q$[jV=rnIL۝=qYD0T.--% ^1+(71eqc3z$HPϐJKKVI*!KVX#2˞DPZM$!i:rsZuvڲpaɷq2=䑄CF84̉Eի7pI.ӗv)iv`HrBx@~gF`L'̬AV̎3HGpqUEdJIE"d-Y@`]bLPyޮӯwА8˽X])ڵ Sw5їwwrՖmosі x叏{,qlP1sMn:*xi$w,A΋<3W6p^I&neѣ.mbuGAc[-IۆWFy2w4lv-ÛLIngKmht9dؒd`r)dŖTM9ޓjb{}y :JߌA([·-fPP*B *1Fٮ;9'v!)9hEhї4 )QفY@!sqg~ZOKDY4D^7|yw3 f*X[,[$2p;YG6|;gVFmcsda"1}bcy$Ga(.8Ӧ$/vzOoW6$snFcuNϗÄs@*辷Gcr50%fQbcۿ$̜3&ؾBL0"D} ( sH*ю.Z(ͬ$6"ęA$wf,Gχ#m,7+,qX{Z_co$oMި,qGʟ V $HQ"ۓt4Ж}?~-6&"~CbZKIi*FNȢb0*)2!h1ZD\$% IOmBHjO2@2$BDxJ%.p *L]^bTRAILER!!! cFcddDDDD4cZ2R(2D $@&(IJR4`SR}$kU*dɚ2P6Xj|Cټ 6D*wB-_G5QZzN@4Ց8z2HTu*"ZȔ@vWVcp,Kc&)L@'D]qD>&=0Ũ0]_Fޅ'A-3N q/Cز&˔1S? f$4QrJ*OkY.C}=Tk?ȝK՟f*# [HPbmCijX ZHe, ̹9k`g4:c>ex?r߿߾h[Sj/F:O|lHy ,~:ܶZz\CX4H[zE`*1"V6jv'L> ȡOXWq@^DPOHd$ v"*y^χCF7ݮrRUsč'Hc98U0|aZR&whMbaȔ4Xl 6p61Hh T X)@ݜ{Ѐ B_tMd7