From 7361e3c099aa1341e8e5cb1f635f430d2095421bbe1fa45a6380333f8e851c20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Wed, 18 Dec 2024 16:14:47 +0100 Subject: [PATCH] Sync from SUSE:SLFO:Main ktls-utils revision edb150dfa6f3304849484b44a7773aaa --- .gitattributes | 23 +++++++ _service | 16 +++++ _servicedata | 6 ++ ktls-utils-0.10+33.g311d943.obscpio | 3 + ktls-utils.changes | 103 ++++++++++++++++++++++++++++ ktls-utils.obsinfo | 4 ++ ktls-utils.spec | 77 +++++++++++++++++++++ 7 files changed, 232 insertions(+) create mode 100644 .gitattributes create mode 100644 _service create mode 100644 _servicedata create mode 100644 ktls-utils-0.10+33.g311d943.obscpio create mode 100644 ktls-utils.changes create mode 100644 ktls-utils.obsinfo create mode 100644 ktls-utils.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/_service b/_service new file mode 100644 index 0000000..d7de6f2 --- /dev/null +++ b/_service @@ -0,0 +1,16 @@ + + + + git + https://github.com/openSUSE/ktls-utils.git + ktls-utils + @PARENT_TAG@+@TAG_OFFSET@.g%h + ktls-utils-([0-9]\.[0-9]+)(\+0\.g.*)?(\+[1-9].*)?$ + \1\3 + main + ktls-utils-* + enable + + + + diff --git a/_servicedata b/_servicedata new file mode 100644 index 0000000..3437a59 --- /dev/null +++ b/_servicedata @@ -0,0 +1,6 @@ + + + https://github.com/oracle/ktls-utils.git + 198ff00ba28cb97cdab6e49a7422cce331fde198 + https://github.com/openSUSE/ktls-utils.git + 311d9438b984e3b2a36bd88fb3ab8c87c38701fa \ No newline at end of file diff --git a/ktls-utils-0.10+33.g311d943.obscpio b/ktls-utils-0.10+33.g311d943.obscpio new file mode 100644 index 0000000..c737982 --- /dev/null +++ b/ktls-utils-0.10+33.g311d943.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1ab0fa5b8fa3feb0015257afaefec2194b1004c624a8b954a6ef3c5b07f73ffa +size 229899 diff --git a/ktls-utils.changes b/ktls-utils.changes new file mode 100644 index 0000000..b5f17c3 --- /dev/null +++ b/ktls-utils.changes @@ -0,0 +1,103 @@ +------------------------------------------------------------------- +Fri Dec 06 13:56:33 UTC 2024 - Daniel Wagner + +- Update to version 0.10+33.g311d943: + * tlshd: always link .nvme default keyring into the session (bsc#1229034) + * tlshd: Ensure libnl-genl3 is available + * tlshd: receive new session ticket msg after completing quic handshake + * tlshd: use quic_config to get parameters for quic handshake + * tlshd: clean up some unnecessary code in quic handshake + * tlshd: improve error logging for tlshd_server_psk_cb() + * tlshd: guard against possible overrun of tlshd_peername + * tlshd: fix optlen passed to getsockopt() + * tlshd: free pathname before it goes out of scope + * tlshd: add support for quic handshake + * tlshd: include socket ip_proto in tlshd_handshake_parms + * tlshd: Refactor tlshd_service_socket() + * config: supply meaningful error for non-existing pathnames + * tlshd: Fix implicit signedness conversion + * tlshd: Fix memory leaks + +------------------------------------------------------------------- +Thu Mar 21 21:50:44 UTC 2024 - Martin Wilck + +- Update to version 0.10+12.gc3923f7: + * Rework priority string setting for PSK (bsc#1221437) + * config: use 'authenticate' as a section name + * server: add missing priority setting (gh#oracle/ktls-utils#49) + +------------------------------------------------------------------- +Tue Mar 5 17:24:44 UTC 2024 - Martin Wilck + +- Update to upstream version 0.10+9.gf28f084: + * ktls: restrict hash functions to supported sizes (bsc#1218037) + * tlshd: Add support for chained certs + +------------------------------------------------------------------- +Tue Feb 20 17:28:48 UTC 2024 - Martin Wilck + +- Update to upstream version 0.10: + * All previously SUSE_specific patches included + * tlshd: Reorganize tlshd.conf + - get rid of [main] + - add [debug] and move the debug-related options there + - move the "keyrings" option to [authenticate] + * tlshd: add 'delay' configuration parameter + * tlshd: Add .conf option to specify trust store + * Bug fixes and cleanups + +------------------------------------------------------------------- +Wed Jan 17 11:56:19 UTC 2024 - Martin Wilck + +- Spec file: + * fix summary and license + * use pkgconfig for BuildRequires + * remove superfluous PreReq dependencies + * use %config(noreplace) for the config file (because it may + contain paths to key files) + * remove BuildRoot + * simplify build section + +------------------------------------------------------------------- +Tue Jan 9 16:12:57 UTC 2024 - Martin Wilck + +- Update to version 0.9+4.g01b3018 (jsc#PED-7559) + * _service: move to openSUSE git repository +- Patches now in git, remove them from spec file: + * del 0001-netlink-de-constify-nla_policy + * del 0001-tlshd-Allow-for-compilation-with-older-libnl-librari.patch + * del 0002-tlshd-Check-for-gnutls_get_system_config_file.patch + * del 0003-tlshd-add-delay-configuration-parameter.patch + +------------------------------------------------------------------- +Wed 16 Aug 2023 08:21:59 PM CEST - Hannes Reinecke + +- Reshuffle patches to match upstream submission: + * Remove 0001-netlink-de-constify-nla_policy + * Add 0001-tlshd-Allow-for-compilation-with-older-libnl-librari.patch + * Remove 0001-Check-for-gnutls_get_system_config_file.patch + * Add 0002-tlshd-Check-for-gnutls_get_system_config_file.patch + * Remove 0001-Add-tlshd_delay-configuration-option.patch + * Add 0003-tlshd-add-delay-configuration-parameter.patch + +------------------------------------------------------------------- +Wed 16 Aug 2023 07:55:46 AM CEST - Hannes Reinecke + +- Add patch to exercise handshake timeout + * 0001-Add-tlshd_delay-configuration-option.patch +- Add patch to allow compilation on older releases + * 0001-Check-for-gnutls_get_system_config_file.patch + +------------------------------------------------------------------- +Sat 01 Jul 2023 10:40:46 AM CEST - Hannes Reinecke + +- Add patch for older libnl versions + + 0001-netlink-de-constify-nla_policy.patch +- Fix build error on 32-bit + + 0001-tlshd-fix-max-config-file-size-comparison.patch + +------------------------------------------------------------------- +Fri 30 Jun 2023 12:58:27 PM CEST - Hannes Reinecke + +- Initial package, version 0.9 + diff --git a/ktls-utils.obsinfo b/ktls-utils.obsinfo new file mode 100644 index 0000000..6389bda --- /dev/null +++ b/ktls-utils.obsinfo @@ -0,0 +1,4 @@ +name: ktls-utils +version: 0.10+33.g311d943 +mtime: 1729779042 +commit: 311d9438b984e3b2a36bd88fb3ab8c87c38701fa diff --git a/ktls-utils.spec b/ktls-utils.spec new file mode 100644 index 0000000..f10e6cd --- /dev/null +++ b/ktls-utils.spec @@ -0,0 +1,77 @@ +# +# spec file for package ktls-utils +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: ktls-utils +Version: 0.10+33.g311d943 +Release: 0 +Summary: Agent for performing handshakes for kernel TLS sockets +License: GPL-2.0-only +Group: System/Kernel +URL: https://github.com/oracle/ktls-utils +Source: ktls-utils-%{version}.tar +BuildRequires: autoconf +BuildRequires: libtool +BuildRequires: pkgconfig(glib-2.0) >= 2.6 +BuildRequires: pkgconfig(gnutls) >= 3.3.0 +BuildRequires: pkgconfig(libkeyutils) +BuildRequires: pkgconfig(libnl-3.0) >= 3.1 +BuildRequires: pkgconfig(systemd) + +%description +In-kernel TLS consumers need a mechanism to perform TLS handshakes on a +connected socket to negotiate TLS session parameters that can then be +programmed into the kernel's TLS record protocol engine. + +This package of software provides a TLS handshake user agent that listens for +kernel requests and then materializes a user space socket endpoint on which to +perform these handshakes. The resulting negotiated session parameters are +passed back to the kernel via standard kTLS socket options. + +%prep +%setup -q -n ktls-utils-%{version} + +%build +./autogen.sh +%{configure} --with-systemd +%{make_build} CFLAGS="%{optflags}" + +%install +%{make_install} + +%pre +%service_add_pre tlshd.service + +%post +%service_add_post tlshd.service + +%preun +%service_del_preun tlshd.service + +%postun +%service_del_postun tlshd.service + +%files +%doc README.md +%license LICENSE.txt +%{_sbindir}/tlshd +%{_unitdir}/tlshd.service +%config(noreplace) %{_sysconfdir}/tlshd.conf +%{_mandir}/man8/tlshd.8* +%{_mandir}/man5/tlshd.conf.5* + +%changelog