Sync from SUSE:ALP:Source:Standard:1.0 rust-keylime revision a47610bf3ed55ecc9173b1a2d1db5d86
This commit is contained in:
2176
Cargo_lock.patch
2176
Cargo_lock.patch
File diff suppressed because it is too large
Load Diff
@@ -1,4 +1,4 @@
|
||||
<servicedata>
|
||||
<service name="tar_scm">
|
||||
<param name="url">https://github.com/keylime/rust-keylime.git</param>
|
||||
<param name="changesrevision">a56fc94c2d8c8dc4b48aaf13bf514964ac548aab</param></service></servicedata>
|
||||
<param name="changesrevision">4974f3b6785b2adbd102b724bbd9584836384596</param></service></servicedata>
|
||||
@@ -1,8 +1,8 @@
|
||||
diff --git i/keylime-agent.conf w/keylime-agent.conf
|
||||
index d6e8615..75994c4 100644
|
||||
index 49124f3..5dd707b 100644
|
||||
--- i/keylime-agent.conf
|
||||
+++ w/keylime-agent.conf
|
||||
@@ -29,13 +29,15 @@ api_versions = "default"
|
||||
@@ -33,14 +33,16 @@ api_versions = "default"
|
||||
# of 'SHA256(public EK in PEM format)'.
|
||||
#
|
||||
# To override, set KEYLIME_AGENT_UUID environment variable.
|
||||
@@ -10,7 +10,8 @@ index d6e8615..75994c4 100644
|
||||
+# uuid = "d432fbb3-d2f1-4a97-9ef7-75bd81c00000"
|
||||
+uuid = "generate"
|
||||
|
||||
# The binding IP address and port for the agent server
|
||||
# The binding IP address or hostname (FQDN) and port for the agent server
|
||||
# Supports IPv4, IPv6, or fully qualified domain names
|
||||
#
|
||||
# To override ip, set KEYLIME_AGENT_IP environment variable.
|
||||
# To override port, set KEYLIME_AGENT_PORT environment variable.
|
||||
@@ -19,8 +20,8 @@ index d6e8615..75994c4 100644
|
||||
+ip = "0.0.0.0"
|
||||
port = 9002
|
||||
|
||||
# Address and port where the verifier and tenant can connect to reach the agent.
|
||||
@@ -51,7 +53,8 @@ contact_port = 9002
|
||||
# Address (IP or hostname/FQDN) and port where the verifier and tenant can connect to reach the agent.
|
||||
@@ -58,7 +60,8 @@ contact_port = 9002
|
||||
# To override registrar_ip, set KEYLIME_AGENT_REGISTRAR_IP environment variable.
|
||||
# To override registrar_port, set KEYLIME_AGENT_REGISTRAR_PORT environment
|
||||
# variable.
|
||||
@@ -30,7 +31,7 @@ index d6e8615..75994c4 100644
|
||||
registrar_port = 8890
|
||||
|
||||
# Enable mTLS communication between agent, verifier and tenant.
|
||||
@@ -161,7 +164,8 @@ revocation_actions_dir = "/usr/libexec/keylime"
|
||||
@@ -191,7 +194,8 @@ revocation_actions_dir = "/usr/libexec/keylime"
|
||||
# KEYLIME_AGENT_REVOCATION_NOTIFICATION_IP environment variable.
|
||||
# To override revocation_notification_port, set
|
||||
# KEYLIME_AGENT_REVOCATION_NOTIFICATION_PORT environment variable.
|
||||
|
||||
BIN
rust-keylime-0.2.8+116.tar.zst
LFS
Normal file
BIN
rust-keylime-0.2.8+116.tar.zst
LFS
Normal file
Binary file not shown.
Binary file not shown.
@@ -1,3 +1,123 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 09 14:44:05 UTC 2026 - aplanas@suse.com
|
||||
|
||||
- Update vendored crates (bsc#1257908, CVE-2026-25727)
|
||||
* time 0.3.47
|
||||
|
||||
- Update to version 0.2.8+116:
|
||||
* build(deps): bump bytes from 1.7.2 to 1.11.1
|
||||
* api: Modify /version endpoint output in version 2.5
|
||||
* Add API v2.5 with backward-compatible /v2.5/quotes/integrity
|
||||
* tests: add unit test for resolve_agent_id (#1182)
|
||||
* (pull-model): enable retry logic for registration
|
||||
* rpm: Update specfiles to apply on master
|
||||
* workflows: Add test to detect unused crates
|
||||
* lib: Drop unused crates
|
||||
* push-model: Drop unused crates
|
||||
* keylime-agent: Drop unused crates
|
||||
* build(deps): bump uuid from 1.18.1 to 1.19.0
|
||||
* Update reqwest-retry to 0.8, retry-policies to 0.5
|
||||
* rpm: Fix cargo_build macro usage on CentOS Stream
|
||||
* fix(push-model): resolve hash_ek uuid to actual EK hash
|
||||
* build(deps): bump thiserror from 2.0.16 to 2.0.17
|
||||
* workflows: Separate upstream test suite from e2e coverage
|
||||
* Send UEFI measured boot logs as raw bytes (#1173)
|
||||
* auth: Add unit tests for SecretToken implementation
|
||||
* packit: Enable push-attestation tests
|
||||
* resilient_client: Prevent authentication token leakage in logs
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 07 15:53:59 UTC 2026 - aplanas@suse.com
|
||||
|
||||
- Use tmpfiles.d for /var directories (PED-14736)
|
||||
+ tmpfiles.keylime renamed to rust-keylime.conf and extended
|
||||
|
||||
- Update to version 0.2.8+96:
|
||||
* build(deps): bump wiremock from 0.6.4 to 0.6.5
|
||||
* build(deps): bump actions/checkout from 5 to 6
|
||||
* build(deps): bump chrono from 0.4.41 to 0.4.42
|
||||
* packit: Get coverage from Fedora 43 runs
|
||||
* Fix issues pointed out by clippy
|
||||
* Replace mutex unwraps with proper error handling in TPM library
|
||||
* Remove unused session request methods from StructureFiller
|
||||
* Fix config panic on missing ek_handle in push model agent
|
||||
* build(deps): bump tempfile from 3.21.0 to 3.23.0
|
||||
* build(deps): bump actions/upload-artifact from 4 to 6 (#1163)
|
||||
* Fix clippy warnings project-wide
|
||||
* Add KEYLIME_DIR support for verifier TLS certificates in push model agent
|
||||
* Thread privileged resources and use MeasurementList for IMA reading
|
||||
* Add privileged resource initialization and privilege dropping to push model agent
|
||||
* Fix privilege dropping order in run_as()
|
||||
* add documentation on FQDN hostnames
|
||||
* Remove confusing logs for push mode agent
|
||||
* Set correct default Verifier port (8891->8881) (#1159)
|
||||
* Add verifier_url to reference configuration file (#1158)
|
||||
* Add TLS support for Registrar communication (#1139)
|
||||
* Fix agent handling of 403 registration responses (#1154)
|
||||
* Add minor README.md rephrasing (#1151)
|
||||
* build(deps): bump actions/checkout from 5 to 6 (#1153)
|
||||
* ci: update spec files for packit COPR build
|
||||
* docs: improve challenge encoding and async TPM documentation
|
||||
* refactor: improve middleware and error handling
|
||||
* feat: add authentication client with middleware integration
|
||||
* docker: Include keylime_push_model_agent binary
|
||||
* Include attestation_interval configuration (#1146)
|
||||
* Persist payload keys to avoid attestation failure on restart
|
||||
* crypto: Implement the load or generate pattern for keys
|
||||
* Use simple algorithm specifiers in certification_keys object (#1140)
|
||||
* tests: Enable more tests in CI
|
||||
* Fix RSA2048 algorithm reporting in keylime agent
|
||||
* Remove disabled_signing_algorithms configuration
|
||||
* rpm: Fix metadata patches to apply to current code
|
||||
* workflows/rpm.yml: Use more strict patching
|
||||
* build(deps): bump uuid from 1.17.0 to 1.18.1
|
||||
* Fix ECC algorithm selection and reporting for keylime agent
|
||||
* Improve logging consistency and coherency
|
||||
* Implement minimal RFC compliance for Location header and URI parsing (#1125)
|
||||
* Use separate keys for payload mechanism and mTLS
|
||||
* docker: update rust to 1.81 for distroless Dockerfile
|
||||
* Ensure UEFI log capabilities are set to false
|
||||
* build(deps): bump http from 1.1.0 to 1.3.1
|
||||
* build(deps): bump log from 0.4.27 to 0.4.28
|
||||
* build(deps): bump cfg-if from 1.0.1 to 1.0.3
|
||||
* build(deps): bump actix-rt from 2.10.0 to 2.11.0
|
||||
* build(deps): bump async-trait from 0.1.88 to 0.1.89
|
||||
* build(deps): bump trybuild from 1.0.105 to 1.0.110
|
||||
* Accept evidence handling structures null entries
|
||||
* workflows: Add test to check if RPM patches still apply
|
||||
* CI: Enable test add-agent-with-malformed-ek-cert
|
||||
* config: Fix singleton tests
|
||||
* FSM: Remove needless lifetime annotations (#1105)
|
||||
* rpm: Do not remove wiremock which is now available in Fedora
|
||||
* Use latest Fedora httpdate version (1.0.3)
|
||||
* Enhance coverage with parse_retry_after test
|
||||
* Fix issues reported by CI regarding unwrap() calls
|
||||
* Reuse max retries indicated to the ResilientClient
|
||||
* Include limit of retries to 5 for Retry-After
|
||||
* Add policy to handle Retry-After response headers
|
||||
* build(deps): bump wiremock from 0.6.3 to 0.6.4
|
||||
* build(deps): bump serde_json from 1.0.140 to 1.0.143
|
||||
* build(deps): bump pest_derive from 2.8.0 to 2.8.1
|
||||
* build(deps): bump syn from 2.0.90 to 2.0.106
|
||||
* build(deps): bump tempfile from 3.20.0 to 3.21.0
|
||||
* build(deps): bump thiserror from 2.0.12 to 2.0.16
|
||||
* rpm: Fix patches to apply to current master code
|
||||
* build(deps): bump anyhow from 1.0.98 to 1.0.99
|
||||
* state_machine: Automatically clean config override during tests
|
||||
* config: Implement singleton and factory pattern
|
||||
* testing: Support overriding configuration during tests
|
||||
* feat: implement standalone challenge-response authentication module
|
||||
* structures: rename session structs for clarity and fix typos
|
||||
* tpm: refactor certify_credential_with_iak() into a more generic function
|
||||
* Add Push Model Agent Mermaid FSM chart (#1095)
|
||||
* Add state to avoid exiting on wrong attestation (#1093)
|
||||
* Add 6 alphanumeric lowercase X-Request-ID header
|
||||
* Enhance Evidence Handling response parsing
|
||||
* build(deps): bump quote from 1.0.35 to 1.0.40
|
||||
* build(deps): bump libc from 0.2.172 to 0.2.175
|
||||
* build(deps): bump glob from 0.3.2 to 0.3.3
|
||||
* build(deps): bump actix-web from 4.10.2 to 4.11.0
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 20 09:26:08 UTC 2025 - aplanas@suse.com
|
||||
|
||||
|
||||
5
rust-keylime.conf
Normal file
5
rust-keylime.conf
Normal file
@@ -0,0 +1,5 @@
|
||||
#Type Path Mode User Group Age Argument...
|
||||
d /var/log/keylime 0750 keylime tss - -
|
||||
d /var/lib/keylime 0700 keylime tss - -
|
||||
d /var/lib/keylime/cv_ca 0700 keylime tss - -
|
||||
d /run/keylime 0700 keylime tss - -
|
||||
@@ -1,4 +1,4 @@
|
||||
name: rust-keylime
|
||||
version: 0.2.8+12
|
||||
mtime: 1755679596
|
||||
commit: a56fc94c2d8c8dc4b48aaf13bf514964ac548aab
|
||||
version: 0.2.8+116
|
||||
mtime: 1770636785
|
||||
commit: 4974f3b6785b2adbd102b724bbd9584836384596
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package rust-keylime
|
||||
#
|
||||
# Copyright (c) 2025 SUSE LLC and contributors
|
||||
# Copyright (c) 2026 SUSE LLC and contributors
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@@ -25,7 +25,7 @@
|
||||
%define _config_norepl %config(noreplace)
|
||||
%endif
|
||||
Name: rust-keylime
|
||||
Version: 0.2.8+12
|
||||
Version: 0.2.8+116
|
||||
Release: 0
|
||||
Summary: Rust implementation of the keylime agent
|
||||
License: (Apache-2.0 OR MIT) AND BSD-3-Clause AND (Apache-2.0 OR MIT) AND Unicode-DFS-2016 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR MIT OR Zlib) AND (MIT OR Unlicense) AND (Apache-2.0 OR Zlib OR MIT) AND Apache-2.0 AND Apache-2.0 WITH LLVM-exception AND BSD-3-Clause AND ISC AND MIT
|
||||
@@ -35,7 +35,7 @@ Source1: vendor.tar.zst
|
||||
Source2: cargo_config
|
||||
Source3: keylime.xml
|
||||
Source4: keylime-user.conf
|
||||
Source5: tmpfiles.keylime
|
||||
Source5: rust-keylime.conf
|
||||
Source6: ima-policy
|
||||
Source7: ima-policy.service
|
||||
Source8: README.suse
|
||||
@@ -97,13 +97,9 @@ install -Dpm 0644 ./dist/systemd/system/var-lib-keylime-secure.mount %{buildroot
|
||||
|
||||
install -Dpm 0644 %{SOURCE3} %{buildroot}%{_prefix}/lib/firewalld/services/keylime.xml
|
||||
install -Dpm 0644 %{SOURCE4} %{buildroot}%{_sysusersdir}/keylime-user.conf
|
||||
install -Dpm 0644 %{SOURCE5} %{buildroot}%{_tmpfilesdir}/keylime.conf
|
||||
install -d %{buildroot}%{_localstatedir}/log/keylime
|
||||
install -Dpm 0644 %{SOURCE5} %{buildroot}%{_tmpfilesdir}/rust-keylime.conf
|
||||
install -d %{buildroot}%{_libexecdir}/keylime
|
||||
|
||||
# Create work directory and the certificate directory
|
||||
mkdir -p %{buildroot}%{_sharedstatedir}/keylime/cv_ca
|
||||
|
||||
install -Dpm 0644 %{SOURCE6} %{buildroot}%{_sysconfdir}/ima/ima-policy
|
||||
install -Dpm 0644 %{SOURCE7} %{buildroot}%{_unitdir}/ima-policy.service
|
||||
|
||||
@@ -116,7 +112,7 @@ install -Dpm 0644 %{SOURCE7} %{buildroot}%{_unitdir}/ima-policy.service
|
||||
|
||||
%post
|
||||
%firewalld_reload
|
||||
%tmpfiles_create keylime.conf
|
||||
%tmpfiles_create %{_tmpfilesdir}/rust-keylime.conf
|
||||
%service_add_post keylime_agent.service
|
||||
%service_add_post var-lib-keylime-secure.mount
|
||||
|
||||
@@ -141,11 +137,9 @@ install -Dpm 0644 %{SOURCE7} %{buildroot}%{_unitdir}/ima-policy.service
|
||||
%dir %{_prefix}/lib/firewalld/services
|
||||
%{_prefix}/lib/firewalld/services/keylime.xml
|
||||
%{_sysusersdir}/keylime-user.conf
|
||||
%{_tmpfilesdir}/keylime.conf
|
||||
%dir %attr(0750,keylime,tss) %{_localstatedir}/log/keylime
|
||||
%dir %{_tmpfilesdir}
|
||||
%{_tmpfilesdir}/rust-keylime.conf
|
||||
%dir %attr(0750,keylime,tss) %{_libexecdir}/keylime
|
||||
%dir %attr(0700,keylime,tss) %{_sharedstatedir}/keylime
|
||||
%dir %attr(0700,keylime,tss) %{_sharedstatedir}/keylime/cv_ca
|
||||
|
||||
%files -n keylime-ima-policy
|
||||
%dir %attr(0750,root,root) %{_sysconfdir}/ima
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
d /run/keylime 0700 keylime tss
|
||||
BIN
vendor.tar.zst
BIN
vendor.tar.zst
Binary file not shown.
Reference in New Issue
Block a user