v21

Release v21 version clevis with next changes:

• [EXPERIMENTAL] Add PKCS#11 pin basic functionality (5b07e40)
• ci: replace Centos Stream 8 (EOL) with Centos Stream 10 (dev) (a4dd9dd)
• Ensure dnf builddep is installed in Fedora (#466) (2b34226)
• udisks2: check for EINTR when reading in recover_key() (4c6d5d9)
• udisks2: check if variables are NULL before calling unref (eea777f)
• Fix README.md to include tang https configuration (#175) (#417) (4bddd5e)
• Prevent Address in use error (601d0a9)
• Fedora test build fix (3420001)

Full Changelog: v20...v21

Release version 20

Release v20 version clevis with next changes:

• luks/udisks2: explicitly NULL-terminate buffer (251a888)
• pins/sss: intialize variable before use (0938231)
• Fix DNS resolution in initramfs (#367) (bebb037)
• Upgrade checkout version (v3->v4) (#452) (ea7a8e1)
• Fix killing of child process of clevisloop (c03dbf3)
• Added language and misspell check for markdown files (#439) (fee1db3)
• luks: decouple dracut from systemd unlocker (afe91eb)
• luks: move dracut out of systemd directory (cfefdde)
• Include manual compilation steps (#433) (ec16c7a)
• Avoid execution of Github actions for Markdown (#427) (c9f2066)
• Upgrade version for checkout Github action (#429) (4764b66)
• Fix README.md to include "tang" pin (#424) (3add946)
• Use jose, not pwmake, for password generation (#418) (4d23eda)
• Use quay.io version of Fedora Rawhide container (#425) (bf9e1cd)
• Add bash syntax highlighting to README.md (#414) (7c23279)
• Fix README.md to include correct sss example (#409) (eb92459)
• Fix Github actions by using latest ubuntu distro (#411) (c1a8aff)
• documenting parameter to pass args to cryptsetup (96726a2)
• initial test of passing args to 'crypsetup open' (0666b88)
• passing args to 'crypsetup open' (c40bed3)

Release version 19

• Add external token id for existing passphrase (71869cb)
• luks-edit: remove unnecessary 2>/dev/null (6e48a1c)
• Avoid invalid message for clevis command (3f879a3)
• Notify error url on server connect fail (f5786d3)
• Improve boot performance by removing key check (47b01ab)
• systemd: account for unlocking failures in clevis-luks-askpass (92b09c9)
• luks: enable debugging in clevis scripts when rd.debug is set (8c9e020)
• luks: explicitly specify pbkdf iterations to cryptsetup (7159630)
• tpm2: improve validation of PCRs in clevis-encrypt-tpm2 (4eb1980)
• luks: define max entropy bits for pwmake (3bb852b)
• luks: ignore empty & comment lines in crypttab (0589c14)
• Avoid luksmeta corruption on clevis bind (d8a25e3)

Release version 18

• tang: fix clevis-encrypt-tang when specifying a SHA-256 thp (#305)

Release version 17

• Default tang JWK thumbprint is now SHA-256 / deprecate SHA-1 (#264)
• Make sure the configuration is valid JSON in clevis-luks-bind (fb3cdf5)
• Fix use of return instead of exit in clevis-luks-regen (32062be)
• Add test option for clevis luks unlock (#296)
• Fix for -t option in clevis luks bind (#297)
• Fix issue with multiple encrypted devices in Debian/Ubuntu (#293)
• luks: replace seq with bash's builtin sequence expression (#295)

Release version 16

• pins/tpm2: add support for tpm2-tools 5.X (#257)
• Add clevis luks pass command (#292)
• initramfs-tools: Include TPM kernel modules in initram (#276)
• Work around /dev/fd/X removal in systemd (#275)
• Add proper support for binary keyfiles (#268, b0af893)
• Fix error in passwords with spaces (#280)
• systemd: drop ncat dependency (#266)
• Improve tang advertisement validation on bind (#265, 0cae266)

Release version 15

• dracut: add rd.neednet for hostonly-cmdline and tang bindings present (e6a3d0a)
• luks: add clevis luks edit command (c4f9c27)
• luks: add clevis luks report (a0966ed)
• luks: add clevis luks regen command (a4bd2a6)
• askpass: change systemd directory watch condition to DirectoryNotEmpty (319cf80)
• Introduce -y (assume yes) argument to clevis luks bind (36fae7c)
• initramfs: Make network configuration on-demand (ee36980)
• Allow user to specify token ID when binding (#231) (1285061)
• initramfs: Wait for interface to appear instead of checking for carriers (f670383)

Release version 14

• rd.neednet=1 is not added automatically anymore by the dracut unlocker (c52caeb), so network should be set up when using tang.

• Improved support for unlocking multiple LUKS devices on boot (7c17448)

Release version 13

• added clevis luks list command
• Improvements to initramfs-tools support
• fixes to parsing PCR IDs with the tpm2 pin

v12

Release version 12

• Support for tpm2-tools 4.x
• Support for initramfs-tools unlocker