Sync from SUSE:SLFO:Main ktls-utils revision edb150dfa6f3304849484b44a7773aaa

2024-12-18 16:14:47 +01:00 · 2024-12-18 16:14:47 +01:00 · 7361e3c099
commit 7361e3c099
7 changed files with 232 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/16
+++ b/16
@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+<services>
+  <service name="obs_scm" mode="manual">
+    <param name="scm">git</param>
+    <param name="url">https://github.com/openSUSE/ktls-utils.git</param>
+    <param name="filename">ktls-utils</param>
+    <param name="versionformat">@PARENT_TAG@+@TAG_OFFSET@.g%h</param>
+    <param name="versionrewrite-pattern">ktls-utils-([0-9]\.[0-9]+)(\+0\.g.*)?(\+[1-9].*)?$</param>
+    <param name="versionrewrite-replacement">\1\3</param>
+    <param name="revision">main</param>
+    <param name="match-tag">ktls-utils-*</param>
+    <param name="changesgenerate">enable</param>
+  </service>
+  <service name="set_version" mode="manual"/>
+  <service mode="buildtime" name="tar"/>
+</services>
--- a/6
+++ b/6
@ -0,0 +1,6 @@
+<servicedata>
+<service name="tar_scm">
+                <param name="url">https://github.com/oracle/ktls-utils.git</param>
+              <param name="changesrevision">198ff00ba28cb97cdab6e49a7422cce331fde198</param></service><service name="tar_scm">
+                <param name="url">https://github.com/openSUSE/ktls-utils.git</param>
+              <param name="changesrevision">311d9438b984e3b2a36bd88fb3ab8c87c38701fa</param></service></servicedata>
--- a/ktls-utils-0.10+33.g311d943.obscpio
+++ b/ktls-utils-0.10+33.g311d943.obscpio
--- a/ktls-utils.changes
+++ b/ktls-utils.changes
@ -0,0 +1,103 @@
+-------------------------------------------------------------------
+Fri Dec 06 13:56:33 UTC 2024 - Daniel Wagner <daniel.wagner@suse.com>
+
+- Update to version 0.10+33.g311d943:
+  * tlshd: always link .nvme default keyring into the session (bsc#1229034)
+  * tlshd: Ensure libnl-genl3 is available
+  * tlshd: receive new session ticket msg after completing quic handshake
+  * tlshd: use quic_config to get parameters for quic handshake
+  * tlshd: clean up some unnecessary code in quic handshake
+  * tlshd: improve error logging for tlshd_server_psk_cb()
+  * tlshd: guard against possible overrun of tlshd_peername
+  * tlshd: fix optlen passed to getsockopt()
+  * tlshd: free pathname before it goes out of scope
+  * tlshd: add support for quic handshake
+  * tlshd: include socket ip_proto in tlshd_handshake_parms
+  * tlshd: Refactor tlshd_service_socket()
+  * config: supply meaningful error for non-existing pathnames
+  * tlshd: Fix implicit signedness conversion
+  * tlshd: Fix memory leaks
+
+-------------------------------------------------------------------
+Thu Mar 21 21:50:44 UTC 2024 - Martin Wilck <mwilck@suse.com>
+
+- Update to version 0.10+12.gc3923f7:
+  * Rework priority string setting for PSK (bsc#1221437)
+  * config: use 'authenticate' as a section name 
+  * server: add missing priority setting (gh#oracle/ktls-utils#49)
+
+-------------------------------------------------------------------
+Tue Mar  5 17:24:44 UTC 2024 - Martin Wilck <mwilck@suse.com>
+
+- Update to upstream version 0.10+9.gf28f084:
+  * ktls: restrict hash functions to supported sizes (bsc#1218037)
+  * tlshd: Add support for chained certs
+
+-------------------------------------------------------------------
+Tue Feb 20 17:28:48 UTC 2024 - Martin Wilck <mwilck@suse.com>
+
+- Update to upstream version 0.10:
+  * All previously SUSE_specific patches included
+  * tlshd: Reorganize tlshd.conf
+    - get rid of [main]
+    - add [debug] and move the debug-related options there
+    - move the "keyrings" option to [authenticate]
+  * tlshd: add 'delay' configuration parameter
+  * tlshd: Add .conf option to specify trust store
+  * Bug fixes and cleanups
+
+-------------------------------------------------------------------
+Wed Jan 17 11:56:19 UTC 2024 - Martin Wilck <mwilck@suse.com>
+
+- Spec file:
+  * fix summary and license
+  * use pkgconfig for BuildRequires
+  * remove superfluous PreReq dependencies
+  * use %config(noreplace) for the config file (because it may
+    contain paths to key files)
+  * remove BuildRoot
+  * simplify build section
+
+-------------------------------------------------------------------
+Tue Jan  9 16:12:57 UTC 2024 - Martin Wilck <mwilck@suse.com>
+
+- Update to version 0.9+4.g01b3018 (jsc#PED-7559)
+  * _service: move to openSUSE git repository
+- Patches now in git, remove them from spec file:
+  * del 0001-netlink-de-constify-nla_policy
+  * del 0001-tlshd-Allow-for-compilation-with-older-libnl-librari.patch
+  * del 0002-tlshd-Check-for-gnutls_get_system_config_file.patch
+  * del 0003-tlshd-add-delay-configuration-parameter.patch
+
+-------------------------------------------------------------------
+Wed 16 Aug 2023 08:21:59 PM CEST - Hannes Reinecke <hare@suse.de>
+
+- Reshuffle patches to match upstream submission:
+  * Remove 0001-netlink-de-constify-nla_policy
+  * Add 0001-tlshd-Allow-for-compilation-with-older-libnl-librari.patch
+  * Remove 0001-Check-for-gnutls_get_system_config_file.patch
+  * Add 0002-tlshd-Check-for-gnutls_get_system_config_file.patch
+  * Remove 0001-Add-tlshd_delay-configuration-option.patch
+  * Add 0003-tlshd-add-delay-configuration-parameter.patch
+
+-------------------------------------------------------------------
+Wed 16 Aug 2023 07:55:46 AM CEST - Hannes Reinecke <hare@suse.de>
+
+- Add patch to exercise handshake timeout
+  * 0001-Add-tlshd_delay-configuration-option.patch
+- Add patch to allow compilation on older releases
+  * 0001-Check-for-gnutls_get_system_config_file.patch
+
+-------------------------------------------------------------------
+Sat 01 Jul 2023 10:40:46 AM CEST - Hannes Reinecke <hare@suse.de>
+
+- Add patch for older libnl versions
+  + 0001-netlink-de-constify-nla_policy.patch
+- Fix build error on 32-bit
+  + 0001-tlshd-fix-max-config-file-size-comparison.patch
+
+-------------------------------------------------------------------
+Fri 30 Jun 2023 12:58:27 PM CEST - Hannes Reinecke <hare@suse.de>
+
+- Initial package, version 0.9
+
--- a/ktls-utils.obsinfo
+++ b/ktls-utils.obsinfo
@ -0,0 +1,4 @@
+name: ktls-utils
+version: 0.10+33.g311d943
+mtime: 1729779042
+commit: 311d9438b984e3b2a36bd88fb3ab8c87c38701fa
--- a/ktls-utils.spec
+++ b/ktls-utils.spec
@ -0,0 +1,77 @@
+#
+# spec file for package ktls-utils
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           ktls-utils
+Version:        0.10+33.g311d943
+Release:        0
+Summary:        Agent for performing handshakes for kernel TLS sockets
+License:        GPL-2.0-only
+Group:          System/Kernel
+URL:            https://github.com/oracle/ktls-utils
+Source:         ktls-utils-%{version}.tar
+BuildRequires:  autoconf
+BuildRequires:  libtool
+BuildRequires:  pkgconfig(glib-2.0) >= 2.6
+BuildRequires:  pkgconfig(gnutls) >= 3.3.0
+BuildRequires:  pkgconfig(libkeyutils)
+BuildRequires:  pkgconfig(libnl-3.0) >= 3.1
+BuildRequires:  pkgconfig(systemd)
+
+%description
+In-kernel TLS consumers need a mechanism to perform TLS handshakes on a
+connected socket to negotiate TLS session parameters that can then be
+programmed into the kernel's TLS record protocol engine.
+
+This package of software provides a TLS handshake user agent that listens for
+kernel requests and then materializes a user space socket endpoint on which to
+perform these handshakes. The resulting negotiated session parameters are
+passed back to the kernel via standard kTLS socket options.
+
+%prep
+%setup -q -n ktls-utils-%{version}
+
+%build
+./autogen.sh
+%{configure} --with-systemd
+%{make_build} CFLAGS="%{optflags}"
+
+%install
+%{make_install}
+
+%pre
+%service_add_pre tlshd.service
+
+%post
+%service_add_post tlshd.service
+
+%preun
+%service_del_preun tlshd.service
+
+%postun
+%service_del_postun tlshd.service
+
+%files
+%doc README.md
+%license LICENSE.txt
+%{_sbindir}/tlshd
+%{_unitdir}/tlshd.service
+%config(noreplace) %{_sysconfdir}/tlshd.conf
+%{_mandir}/man8/tlshd.8*
+%{_mandir}/man5/tlshd.conf.5*
+
+%changelog