libimcv: Add Debian 12 (bookworm) to database

Because libcrypto and libssl are measured, we need a new group for Debian versions with OpenSSL 3 (I've rather added a suffix to the old group as that could eventually get removed, although we might need a 3.1 variant in the future - maybe we should measure some other files?).
2025-10-04 00:00:14 -04:00 · 2023-06-27 19:03:32 +02:00 · 2023-06-27 19:03:32 +02:00 · 55273157b0
commit 55273157b0
parent 995d7785b9
1 changed files with 55 additions and 1 deletions
--- a/src/libimcv/imv/data.sql
+++ b/src/libimcv/imv/data.sql
@ -616,6 +616,12 @@ INSERT INTO products (      /* 103 */
 'Debian 11 x86_64'
 );

+INSERT INTO products (      /* 104 */
+  name
+) VALUES (
+ 'Debian 12 x86_64'
+);
+
 /* Directories */

 INSERT INTO directories (		/*  1 */
@ -740,6 +746,18 @@ INSERT INTO files (				/*  6 */
  'tnc_config', 2
 );

+INSERT INTO files (             /*  7 */
+  name, dir
+) VALUES (
+ 'libcrypto.so.3', 11
+);
+
+INSERT INTO files (             /*  8 */
+  name, dir
+) VALUES (
+ 'libssl.so.3', 11
+);
+
 /* Algorithms */

 INSERT INTO algorithms (
@ -995,7 +1013,7 @@ INSERT INTO groups (			/*  4 */
 INSERT INTO groups (			/*  5 */
  name, parent
 ) VALUES (
-  'Debian x86_64', 2
+  'Debian x86_64 OpenSSL 1.1', 2
 );

 INSERT INTO groups (			/*  6 */
@ -1064,6 +1082,12 @@ INSERT INTO groups (      /* 16 */
  'TPM TBOOT'
 );

+INSERT INTO groups (      /* 17 */
+  name, parent
+) VALUES (
+  'Debian x86_64', 2
+);
+
 /* Default Product Groups */

 INSERT INTO groups_product_defaults (
@ -1678,6 +1702,12 @@ INSERT INTO groups_product_defaults (
  15, 79
 );

+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  17, 104
+);
+
 /* Policies */

 INSERT INTO policies (			/*  1 */
@ -1812,6 +1842,18 @@ INSERT INTO policies (          /* 22 */
  16, 'TPM TBOOT Measurements', 'T', 2, 2
 );

+INSERT INTO policies (          /* 23 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /usr/lib/x86_64-linux-gnu/libcrypto.so.3', 7, 2, 2
+);
+
+INSERT INTO policies (          /* 24 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /usr/lib/x86_64-linux-gnu/libssl.so.3', 8, 2, 2
+);
+
 /* Enforcements */

 INSERT INTO enforcements (		/*  1 */
@ -1922,6 +1964,18 @@ INSERT INTO enforcements (      /* 18 */
  22, 16, 60
 );

+INSERT INTO enforcements (      /* 19 */
+  policy, group_id, max_age
+) VALUES (
+  23, 17, 86400
+);
+
+INSERT INTO enforcements (      /* 20 */
+  policy, group_id, max_age
+) VALUES (
+  24, 17, 86400
+);
+
 /* swid_entities */

 INSERT INTO "swid_entities" (		/*  1 */