Sync from SUSE:SLFO:Main rust-keylime revision 38dc69a9ff2ea2ca73e1f2f330ee3543

_service

@@ -1,21 +1,28 @@
 <services>
-  <service name="tar_scm" mode="disabled">
-    <param name="versionformat">0.2.1+git.%ct.%h</param>
-    <param name="revision">master</param>
+  <service mode="disabled" name="obs_scm">
     <param name="url">https://github.com/keylime/rust-keylime.git</param>
+    <param name="versionformat">@PARENT_TAG@~@TAG_OFFSET@</param>
     <param name="scm">git</param>
+    <param name="revision">v0.2.6</param>
+    <param name="revision">master</param>
+    <param name="match-tag">*</param>
+    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
+    <param name="versionrewrite-replacement">\1</param>
     <param name="changesgenerate">enable</param>
+    <param name="changesauthor">aplanas@suse.com</param>
   </service>
-  <service name="recompress" mode="disabled">
-    <param name="compression">xz</param>
+  <service mode="disabled" name="tar" />
+  <service mode="disabled" name="recompress">
     <param name="file">*.tar</param>
+    <param name="compression">zst</param>
   </service>
+  <service mode="disabled" name="set_version"/>
   <!-- <service name="cargo_vendor" mode="disabled"> -->
-  <!--    <param name="srcdir">rust-keylime</param> -->
-  <!--    <param name="compression">xz</param> -->
+  <!--    <param name="src">rust-keylime</param> -->
+  <!--    <param name="compression">zst</param> -->
+  <!--    <param name="update">true</param> -->
   <!-- </service> -->
   <service name="cargo_audit" mode="disabled">
     <param name="srcdir">rust-keylime</param>
-  </service> 
-  <service name="set_version" mode="disabled"/>
+  </service>
 </services>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/keylime/rust-keylime.git</param>
-              <param name="changesrevision">b497f1d9638be6c41b56aaa6855faf7f71c13651</param></service></servicedata>
+              <param name="changesrevision">d75475e728a907b9d556405d13e2b4180aa57322</param></service></servicedata>

ima-policy.service

@@ -5,7 +5,7 @@ Description=Load the IMA Policy
 Type=oneshot
 RemainAfterExit=yes
 Environment=IMA_SECFS_POLICY=/sys/kernel/security/ima/policy
-Environment=IMA_POLICY=/etc/ima/ima-policy
+Environment=IMA_POLICY=/etc/ima/ima-policy.POST-SYSTEMD
 ExecStart=bash -c '[ -f $IMA_SECFS_POLICY ] && [ -f $IMA_POLICY ] && cat $IMA_POLICY > $IMA_SECFS_POLICY'
 TimeoutStartSec=0
 

keylime-agent.conf.diff

@@ -2,7 +2,7 @@ Index: rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime-agent.conf
 ===================================================================
 --- rust-keylime-0.2.0+git.1677002906.cf6c4f0.orig/keylime-agent.conf
 +++ rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime-agent.conf
-@@ -19,13 +19,15 @@ version = "2.0"
+@@ -19,13 +19,15 @@ version = "2.2"
  # of 'SHA256(public EK in PEM format)'.
  #
  # To override, set KEYLIME_AGENT_UUID environment variable.

rust-keylime.changes

@@ -1,3 +1,199 @@
+-------------------------------------------------------------------
+Fri Jun 14 07:39:29 UTC 2024 - aplanas@suse.com
+
+- Update to version 0.2.6~0:
+  * Bump version to 0.2.6
+  * build(deps): bump libc from 0.2.153 to 0.2.155
+  * build(deps): bump serde from 1.0.196 to 1.0.203
+  * rpm/fedora: Update rust macro usage
+  * config: Support hostnames in registrar_ip option
+  * added use of persisted IAK and IDevID and authorisation values
+  * config changes
+  * Adding /agent/info API to agent
+  * Fix leftover 'unnecessary qualification' warnings on tests
+
+-------------------------------------------------------------------
+Thu May 16 13:40:05 UTC 2024 - aplanas@suse.com
+
+- Update to version 0.2.5~4:
+  * Fix 'unnecessary qualification' warnings
+  * fix IAK template to match IDevID
+  * rpm: fix COPR RPMs build for centos-stream-10
+  * Build COPR RPMs for centos-stream-10
+
+-------------------------------------------------------------------
+Thu May 02 07:31:40 UTC 2024 - aplanas@suse.com
+
+- Update to version 0.2.5~0:
+  * Bump version to 0.2.5
+  * cargo: Relax required version for pest crate
+  * build(deps): bump log from 0.4.20 to 0.4.21
+  * build(deps): bump thiserror from 1.0.56 to 1.0.59
+
+-------------------------------------------------------------------
+Tue Apr 30 07:52:30 UTC 2024 - aplanas@suse.com
+
+- actix-web update moves rustls as feature (bsc#1223234, CVE-2024-32650)
+- Update to version 0.2.4~39:
+  * build(deps): bump openssl from 0.10.63 to 0.10.64
+  * build(deps): bump h2 from 0.3.24 to 0.3.26
+  * build(deps): bump serde_json from 1.0.107 to 1.0.116
+  * build(deps): bump actix-web from 4.4.1 to 4.5.1
+  * crypto: Enable TLS 1.3
+  * build(deps): bump tempfile from 3.9.0 to 3.10.1
+  * build(deps): bump mio from 0.8.4 to 0.8.11
+  * enable hex values to be used for tpm_ownerpassword
+  * config: Support IPv6 with or without brackets
+  * keylime: Implement a simple IP parser to remove brackets
+  * crypto: Implement CertificateBuilder to generate certificates
+  * tests: Fix coverage download by supporting arbitrary URL
+  * cargo: Add testing feature to keylime library
+  * Set X509 SAN with local DNSname/IP/IPv6
+  * Include newest Node20 versions for Github actions
+  * tpm: Add unit test for uncovered public functions
+  * crypto: Implement ECC key generation support
+  * crypto: Add test for match_cert_to_template()
+  * Fix minor typo, format and remove end whitespaces
+  * crypto: Make error types less specific
+  * tests/run.sh: Run tarpaulin with a single thread
+  * payloads: Remove explicit drop of channel transmitter
+  * crypto: Move to keylime library
+  * crypto: Add specific type for every possible error
+  * tpm: Rename origin of error as source in structures
+  * list_parser: Add source for error for backtrace
+  * algorithms: Make errors more specific
+  * typo fix for default path to measured boot log file
+  * README: remove mentions of libarchive as a dependency
+  * Dockerfile.wolfi: Update clang to version 17
+  * docker: Remove libarchive as a dependency
+  * rpm: Remove libarchive from dependencies
+  * cargo: Replace compress-tools with zip crate
+  * cargo: Bump ahash to version 0.8.7
+  * build(deps): bump serde from 1.0.195 to 1.0.196
+  * build(deps): bump libc from 0.2.152 to 0.2.153
+  * build(deps): bump reqwest from 0.11.23 to 0.11.24
+  * docker: Install configuration file in the correct path
+  * config: Make IAK/IDevID disabled by default
+
+-------------------------------------------------------------------
+Wed Jan 31 09:22:00 UTC 2024 - aplanas@suse.com
+
+- Update to version 0.2.4+git.1706692574.a744517:
+  * Bump version to 0.2.4
+  * build(deps): bump uuid from 1.4.1 to 1.7.0
+  * keylime-agent.conf: Allow setting event logs paths
+  * Mutable log paths: allow IMA and MBA log paths to be overridden by keylime configuration.
+  * workflows: Update checkout action to version 4
+  * build(deps): bump serde from 1.0.188 to 1.0.195
+  * build(deps): bump pest_derive from 2.7.0 to 2.7.6
+  * build(deps): bump openssl from 0.10.62 to 0.10.63
+  * build(deps): bump config from 0.13.3 to 0.13.4
+  * build(deps): bump base64 from 0.21.4 to 0.21.7
+  * build(deps): bump tempfile from 3.8.0 to 3.9.0
+  * build(deps): bump pest from 2.7.0 to 2.7.6
+  * build(deps): bump actix-web from 4.4.0 to 4.4.1
+  * build(deps): bump reqwest from 0.11.22 to 0.11.23
+  * build(deps): bump h2 from 0.3.17 to 0.3.24
+  * build(deps): bump shlex from 1.1.0 to 1.3.0
+  * cargo: Bump tss-esapi to version 7.4.0
+  * workflows: Fix keylime-bot token usage
+  * tpm: Add error context for every possible error
+  * tpm: Add AlgorithmError to TpmError
+  * detect idevid template from certificates
+  * build(deps): bump wiremock from 0.5.18 to 0.5.22
+  * build(deps): bump thiserror from 1.0.48 to 1.0.56
+  * Make use of workspace dependencies
+  * build(deps): bump openssl from 0.10.57 to 0.10.62
+  * packit: Bump Fedora version used for code coverage
+
+-------------------------------------------------------------------
+Fri Dec 01 10:04:40 UTC 2023 - aplanas@suse.com
+
+- Update to version 0.2.3+git.1701075380.a5dc985:
+  * build(deps): bump actix-rt from 2.8.0 to 2.9.0
+  * Bump version to 0.2.3
+  * build(deps): bump reqwest from 0.11.20 to 0.11.22
+  * Bump configuration version and fix enable_iak_idevid
+  * Enable test functional/iak-idevid-register-with-certificates
+  * Update packit plan with new tests
+  * Add certificates and certificate checking for IDevID and IAK keys (#669)
+
+-------------------------------------------------------------------
+Fri Nov 03 15:23:05 UTC 2023 - aplanas@suse.com
+
+- Update to version 0.2.2+git.1697658634.9c7c6fa:
+  * build(deps): bump rustix from 0.37.11 to 0.37.25
+  * build(deps): bump tempfile from 3.6.0 to 3.8.0
+  * build(deps): bump base64 from 0.21.0 to 0.21.4
+  * build(deps): bump serde_json from 1.0.96 to 1.0.107
+  * build(deps): bump openssl from 0.10.55 to 0.10.57
+  * cargo: Bump serde to version 1.0.188
+  * tests: Fix tarpaulin issues with dropped -v option
+  * build(deps): bump signal-hook from 0.3.15 to 0.3.17
+  * build(deps): bump actix-web from 4.3.1 to 4.4.0
+  * build(deps): bump thiserror from 1.0.40 to 1.0.48
+  * Remove private_in_public
+  * Initial PR to add support for IDevID and IAK
+  * build(deps): bump uuid from 1.3.1 to 1.4.1
+  * build(deps): bump log from 0.4.17 to 0.4.20
+  * build(deps): bump reqwest from 0.11.16 to 0.11.20
+  * Do not use too specific version on cargo audit workflow
+  * Add workflow to run cargo-audit security audit
+  * README: update dependencies for Debian and Ubuntu
+  * Use latest versions of checkout/upload-artifacts
+  * docker: Add 'keylime' system user
+  * Use "currently" for swtpm emulator warning (#632)
+  * Update container workflow actions versions
+  * Build container image and push to quay.io
+  * README: update requirements
+
+-------------------------------------------------------------------
+Fri Jul 14 07:31:23 UTC 2023 - aplanas@suse.com
+
+- Update to version 0.2.2+git.1689256829.3d2b627:
+  * Bump version to 0.2.2
+  * build(deps): bump tempfile from 3.5.0 to 3.6.0
+  * removing SIGINT stop signals from Dockerfiles and systemd service, as well as adding SIGTERM to IMA emulator as shutdown signal
+
+-------------------------------------------------------------------
+Wed Jul 12 14:17:39 UTC 2023 - aplanas@suse.com
+
+- Update to version 0.2.1+git.1689167094.67ce0cf:
+  * cargo: Bump serde to version 1.0.166
+  * build(deps): bump libc from 0.2.142 to 0.2.147
+  * adding release Dockerfiles in 3 flavours: fedora, distroless and wolfi
+  * hash: add more configurable hash algorithm for public key digest
+  * cargo: Update clap to version 4.3.11
+  * cargo: Bump tokio crate version to 1.28.2
+  * Add an example of IMA policy
+  * main: Gracefully shutdown on SIGTERM or SIGINT
+  * cargo: Bump proc-macro2 crate version
+  * revocation: Parse revocation actions flexibly
+  * crypto: Add unit tests for x509 functions
+  * crypto: Make internal functions private
+  * config: Add unit test for the list to files mapping
+  * config: Make trusted_client_ca to accept lists
+  * lib: Implement parser for lists from config file
+  * build(deps): bump openssl from 0.10.48 to 0.10.55
+  * Add secure mount sanity test to packit testing.
+  * [packit] Do not let COPR project expire
+
+-------------------------------------------------------------------
+Wed Jun  7 09:08:22 UTC 2023 - Alberto Planas Dominguez <aplanas@suse.com>
+
+- Recommends the IMA Policy subpackage only if SELinux is configured
+
+-------------------------------------------------------------------
+Mon Jun 05 08:41:33 UTC 2023 - aplanas@suse.com
+
+- Update to version 0.2.1+git.1685699835.3c9d17c:
+  * Remove MOUNT_SECURE bool
+  * rpm: Remove unused directory and add dependency for mount
+  * keylime-agent/src: update API version to 2.1 to consistent with https://github.com/keylime/keylime/blob/master/docs/rest_apis.rst
+  * docker/fedora/keylime_rust.Dockerfile: add the logic of cloning and compiling rust-keylime
+  * [tests] Update test coverage task name regexp
+  * [tests] Simply coverage file URL parsing
+
 -------------------------------------------------------------------
 Thu Apr 27 09:34:45 UTC 2023 - aplanas@suse.com
 

rust-keylime.obsinfo

@@ -0,0 +1,4 @@
+name: rust-keylime
+version: 0.2.6~0
+mtime: 1718091585
+commit: d75475e728a907b9d556405d13e2b4180aa57322

rust-keylime.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package rust-keylime
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -25,12 +25,12 @@
   %define _config_norepl %config(noreplace)
 %endif
 Name:           rust-keylime
-Version:        0.2.1+git.1682587333.b497f1d
+Version:        0.2.6~0
 Release:        0
 Summary:        Rust implementation of the keylime agent
-License:        Apache-2.0 AND MIT
+License:        (Apache-2.0 OR MIT) AND BSD-3-Clause AND (Apache-2.0 OR MIT) AND Unicode-DFS-2016 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR MIT OR Zlib) AND (MIT OR Unlicense) AND (Apache-2.0 OR Zlib OR MIT) AND Apache-2.0 AND Apache-2.0 WITH LLVM-exception AND BSD-3-Clause AND ISC AND MIT
 URL:            https://github.com/keylime/rust-keylime
-Source:         rust-keylime-%{version}.tar.xz
+Source:         rust-keylime-%{version}.tar.zst
 Source1:        vendor.tar.xz
 Source2:        cargo_config
 Source3:        keylime.xml
@@ -51,7 +51,7 @@ BuildRequires:  tpm2-0-tss-devel
 Requires:       libtss2-tcti-device0
 Requires:       logrotate
 Requires:       tpm2.0-abrmd
-Recommends:     keylime-ima-policy
+Recommends:     (keylime-ima-policy if selinux-policy-targeted)
 Provides:       user(keylime)
 %sysusers_requires
 # Disable this line if you wish to support all platforms.  In most
@@ -72,7 +72,7 @@ Subpackage of %{name} to provide an suggested IMA policy for Keylime agent
 %prep
 %autosetup -a1 -p1
 mkdir .cargo
-cp %{SOURCE2} .cargo/config
+install -D -m 644 %{SOURCE2} .cargo/config
 
 %build
 %{cargo_build} --no-default-features