New Features:
pre-boot access control list, aka.
BootACLsupport [!119]- domains objects are now persistent
- new
Uid(dbus) /uid(object) property derived from the uuid of the device representing the root switch
sysfsandidattribute will be set/unset on connects and disconnects
- domains are now stored in the boltd database
- domains got the
BootACL(dbus) /bootacl(object) property
- uuids can be added, removed or set in batch
- when domain is online: changes are written to the sysfs
boot_aclattribute directly
- when domain is offline: changes are written to a journal and then reapplied in order when the domain is connected
- newly enrolled devices get added to all bootacls of all domains if the
policyisBOLT_POLICY_AUTO
- removed devices get deleted from all bootacls of all domains
boltacl domaincommand will show the bootacl slots and their content
- domains objects are now persistent
boltctlgained the-U, --uuidoption, to control how uuids are printed [!124]
Improvements and fixes:
Testing [!127]
- The test coverage increased to
84.80%overall and to90.0%for theboltdsource
- Coverage is reported for merge requests via the fedora ci image [!126]
boltctlis now included in the tests [!132]
- Fedora 29 is used for the fedora ci image
- The test coverage increased to
Bugs and robustness:
- The device state is verified in
Device.Authorize[!120]
- Handle empty 'keys' sysfs device attribute [!129]
- Properly adjust policies when enrolling already authorized devices [!136]
- Fix potential crasher when logging assertions
g_return_if_fail[!121]
- The device state is verified in