Sync from SUSE:SLFO:Main rust-keylime revision 92fb7669da28698fc5169eb3f554c978

Sync from SUSE:SLFO:Main rust-keylime revision aa358296b361a134ebb48c196b128100
2025-07-19 09:56:53 +02:00 · 2025-06-18 21:29:59 +02:00
10 changed files with 3136 additions and 16 deletions
--- a/Cargo_lock.patch
+++ b/Cargo_lock.patch
--- a/5
+++ b/5
@@ -1,9 +1,10 @@
 <services>
  <service mode="disabled" name="obs_scm">
    <param name="url">https://github.com/keylime/rust-keylime.git</param>
-    <param name="versionformat">@PARENT_TAG@~@TAG_OFFSET@</param>
+    <!-- <param name="versionformat">@PARENT_TAG@</param> -->
+    <param name="versionformat">@PARENT_TAG@+@TAG_OFFSET@</param>
    <param name="scm">git</param>
-    <param name="revision">v0.2.6</param>
+    <param name="revision">v0.2.7</param>
    <param name="revision">master</param>
    <param name="match-tag">*</param>
    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
--- a/2
+++ b/2
@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                <param name="url">https://github.com/keylime/rust-keylime.git</param>
-              <param name="changesrevision">d75475e728a907b9d556405d13e2b4180aa57322</param></service></servicedata>
+              <param name="changesrevision">7b746b08d3c0fdd866a6e47e893f426adc1eec70</param></service></servicedata>
--- a/rust-keylime-0.2.6~0.tar.zst
+++ b/rust-keylime-0.2.6~0.tar.zst
--- a/rust-keylime-0.2.7+117.tar.zst
+++ b/rust-keylime-0.2.7+117.tar.zst
--- a/rust-keylime.changes
+++ b/rust-keylime.changes
@@ -1,3 +1,232 @@
+-------------------------------------------------------------------
+Mon Jul 14 12:56:25 UTC 2025 - aplanas@suse.com
+
+- Update vendored crates (bsc#1242623, CVE-2025-3416)
+  * openssl 0.10.73
+
+- Update to version 0.2.7+117:
+  * Increase coverage in evidence handling structure
+  * Add Capabilities Negotiations resp. missing fields
+  * Fix UEFI test to check file access in all cases
+  * context_info_handler: Do not assume /var/lib/keylime exists
+  * Fix clippy warnings about uninlined format arguments
+  * attestation: Allow unwrap() in tests
+  * Increase coverage (groom code, extend unit tests)
+  * Include IMA/UEFI logs in Evidence Handling request
+  * Include method to get all IMA entries as string
+  * Send correct list of pcr banks and sign algorithms
+  * Try to fix TPM tests related issues
+  * Define attestation perform asynchronous
+  * Perform attestation in push model agent binary
+  * Refactor code to use new attestation.rs
+  * Create attestation.rs for Attestation stuff
+  * Move ContextInfo management to its own handler
+  * Adjust context_info.rs after rebase
+  * Add attestation function to ContextInfo structure
+  * Add prohibited signing algorithms, avoid ecschnorr
+  * keylime/config: Use macro to implement PushModelConfigTrait
+  * Introduce keylime-macros and define_view_trait
+  * config: Remove KeylimeConfig structure
+  * config: Remove unnecessary options and lazy initialization
+  * Fix pcr_bank function to send all possible slots
+  * Send Content-Type:application/json on request (#1039)
+  * Send correct 'key_algorithm' in certification_keys (#1035)
+  * Push Model: Persist Attestation Key to file
+  * Add Keylime push model binary to root GNUmakefile
+  * Use singleton to avoid multiple Context allocation
+  * tests: Do not assume `/var/lib/keylime` exists (#1030)
+  * lib/cert: Fix race condition due to use of same file path
+  * payloads: Fix race condition in tests
+  * Add uefi_log_handler.rs to parse UEFI binary
+  * Use IMA log parser to send correct entry count
+  * Add IMA log parser
+  * build(deps): bump once_cell from 1.19.0 to 1.21.3
+  * lib/config/base.rs: Add more unit tests
+  * lib/permissions: Add unit tests
+  * keylime-agent: move JsonWrapper from common.rs to the library
+  * lib/agent_data: Move agent_data related tests from common
+  * common: Replace APIVersion with the library Version structure
+  * keylime_agent: Move secure_mount.rs to the library
+  * lib: Rename keylime_error.rs as error.rs
+  * config: Move config to keylime library
+  * config: Rename push_model_config to push_model
+  * lib: Move permissions.rs from keylime-agent to the lib
+  * Extract Capabilities Negotiation info from TPM (#1014)
+
+-------------------------------------------------------------------
+Thu Jun 05 11:48:58 UTC 2025 - aplanas@suse.com
+
+- Update vendored crates (bsc#1243861, CVE-2024-12224)
+  * idna 1.0.3
+
+- Add Cargo_lock.patch to adjust versions that will allow the
+  compilation of mbox crate
+
+- Update to version 0.2.7+70: 
+  * build(deps): bump wiremock from 0.6.2 to 0.6.3
+  * build(deps): bump uuid from 1.16.0 to 1.17.0
+  * lib: Introduce AgentIdentity structure
+  * gitignore: Add *.swp and *.orig to be ignored
+  * build(deps): bump clap from 4.5.38 to 4.5.39
+  * build(deps): bump tokio from 1.45.0 to 1.45.1
+  * Unify Push Model structures time formats to UTC (#1016)
+  * Add Quote related structures to Keylime library
+  * Remove configuration file trailing whitespaces (#1012)
+  * keylime-agent.conf: add all accepted TPM encryption algs
+  * tpm: add policy auth for EK to activate crendential
+  * Enable non standard key sizes and curves for EK and AK
+  * config: Use next_back() instead of last() for iterators
+  * Update to tss-esapi v7.6.0
+  * Avoid duplicated call to ctx.create_ek
+  * build(deps): bump clap from 4.5.23 to 4.5.38
+  * Add registration for Push Model client
+  * build(deps): bump tokio from 1.44.2 to 1.45.0
+  * build(deps): bump chrono from 0.4.40 to 0.4.41
+  * build(deps): bump tempfile from 3.17.1 to 3.20.0
+  * Refactor code: move error, registration to lib
+  * Move structure filling and URL selection code (#999)
+  * build(deps): bump pest_derive from 2.7.15 to 2.8.0
+  * build(deps): bump pest from 2.7.15 to 2.8.0
+  * build(deps): bump libc from 0.2.169 to 0.2.172
+  * Add Evidence/Authentication messages to prototype
+  * build(deps): bump uuid from 1.15.1 to 1.16.0
+  * build(deps): bump thiserror from 2.0.11 to 2.0.12
+  * build(deps): bump signal-hook from 0.3.17 to 0.3.18
+  * build(deps): bump log from 0.4.25 to 0.4.27
+  * build(deps): bump assert_cmd from 2.0.16 to 2.0.17
+  * build(deps): bump actix-web from 4.9.0 to 4.10.2
+  * build(deps): bump reqwest from 0.12.12 to 0.12.15
+  * build(deps): bump serde from 1.0.217 to 1.0.219
+  * Add unit tests for sessions.rs structures
+  * Add auth(sessions) structures
+  * Fix minor README.md issue (#988)
+  * Define EvidenceHandling structures (#971)
+  * Add mockoon test scenario
+  * Add client certificates to push-attestation prototype
+  * Cargo: bump url crate to version 2.5.4
+  * Add logging to the push attestation prototype
+  * Do not use certificate on insecure mode
+  * common: Move the EncryptedData structure from common to the library
+  * common: Move AuthTag from common to the library
+  * build(deps): bump openssl from 0.10.71 to 0.10.72
+  * common: Move Symmkey to library as crypto::symmkey
+  * common: Remove unused constants and static values
+  * build(deps): bump tokio from 1.43.0 to 1.44.2
+  * Refactor code: Include AgentIdentity structure
+  * Push model prototype
+  * Add support for ek certificate chain, stored in TPM NVRAM.
+  * Recover key_class field and set it as "asymmetric"
+  * Update push model structures to latest values
+  * build(deps): bump serde_json from 1.0.138 to 1.0.140
+  * packit: Add identifier for each copr_build job
+  * keylime-agent.conf: only mention ecdsa and rsassa for signing
+  * build(deps): bump openssl from 0.10.70 to 0.10.71
+  * build(deps): bump uuid from 1.13.2 to 1.15.1
+  * Add capabilities_negotiation structures
+  * packit: Add compatibility/api_version_compatibility test
+  * build(deps): bump uuid from 1.11.0 to 1.13.2
+  * build(deps): bump serde_json from 1.0.135 to 1.0.138
+  * build(deps): bump thiserror from 2.0.9 to 2.0.11
+  * build(deps): bump tempfile from 3.14.0 to 3.17.1
+  * Allow agent to start as non-root
+  * scripts: Fix coverage information downloading script
+  * build(deps): bump openssl from 0.10.68 to 0.10.70
+  * build(deps): bump tokio from 1.42.0 to 1.43.0
+
+-------------------------------------------------------------------
+Mon Jan 27 09:43:30 UTC 2025 - aplanas@suse.com
+
+- Update to version 0.2.7+1:
+  * dist: Enable logging for keylime library in the service
+  * Bump version to 0.2.7
+  * scripts: Download coverage data from Testing Farm directly
+  * main: Remove unnecessary lifetime
+  * cargo: Bump pretty_env_logger to version 0.5.0
+  * scripts: Fix regex in download_packit_coverage.sh
+  * cargo: Bump clap crate to version 4.5.23
+  * cargo: Bump base64 crate to version 0.22.1
+  * build(deps): bump log from 0.4.22 to 0.4.25
+  * build(deps): bump serde_json from 1.0.133 to 1.0.135
+  * cargo: Bump tokio crate to version 1.42.0
+  * packit: Fix RPM builds on copr
+  * cargo: Bump thiserror crate to version 0.2.9
+  * cargo: Update reqwest to version 0.12.12
+  * build(deps): bump libc from 0.2.168 to 0.2.169
+  * build(deps): bump glob from 0.3.1 to 0.3.2
+  * version: Implement API version validation and ordering
+  * main: Support using multiple API versions for registration
+  * keylime: Introduce the registrar_client module
+  * Provide endpoints under multiple API versions
+  * Move 'serialization' module to the keylime library
+  * Drop unnecessary dependency on common::API_VERSION
+  * keylime-agent.conf: Bump version to 2.3
+  * build(deps): bump serde from 1.0.210 to 1.0.217
+  * build(deps): bump pest_derive from 2.7.14 to 2.7.15
+  * build(deps): bump pest from 2.7.14 to 2.7.15
+  * build(deps): bump libc from 0.2.167 to 0.2.168
+  * config: Make IAK and IDevID certificates optional
+  * Fix warnings reported by clippy
+  * workflows: Run job in the CI container directly
+  * tests: Add unit test for device ID builder
+  * main: Move IAK/IDevID related code to dedicated module
+  * tests: Add script to generate IAK and IDevID certificates
+  * build(deps): bump openssl from 0.10.66 to 0.10.68
+  * build(deps): bump uuid from 1.10.0 to 1.11.0
+  * build(deps): bump serde_json from 1.0.128 to 1.0.133
+  * build(deps): bump actix-web from 4.5.1 to 4.9.0
+  * build(deps): bump reqwest from 0.12.7 to 0.12.9
+  * tests/setup_swtpm.sh: Add script to setup temporary TPM
+  * Use a single TPM context and avoid race conditions during tests
+  * config: Enable passing a hostname instead of IP
+  * build(deps): bump clap from 4.3.11 to 4.5.21
+  * build(deps): bump tempfile from 3.10.1 to 3.14.0
+  * build(deps): bump pest_derive from 2.7.6 to 2.7.14
+  * build(deps): bump pest from 2.7.6 to 2.7.14
+  * build(deps): bump codecov/codecov-action from 4 to 5
+  * workflows: Submit the coverage for merged PR from Fedora 41
+  * tests: Use Fedora 41 to generate code coverage
+  * api: Make API configuration modular
+  * agent_handler: Move the /agent scope configuration
+  * notifications_handler: Move the /notifications scope configuration
+  * quotes_handler: Move the /quotes scope configuration to quotes_handler
+  * keys_handler: Move /keys scope configuration to keys_handler
+  * Use ${DESTDIR} for config
+  * Fix showing wrong UUID
+  * build(deps): bump actix-rt from 2.9.0 to 2.10.0
+  * config: Refactor AgentConfig Source trait implementation
+  * build(deps): bump log from 0.4.21 to 0.4.22
+  * build(deps): bump serde_json from 1.0.120 to 1.0.128
+  * tpm: check if EK certificate has valid ASN.1 DER encoding
+  * build(deps): bump futures from 0.3.27 to 0.3.31
+  * cargo: Bump reqwest to version 0.12.7
+  * build(deps): bump serde from 1.0.203 to 1.0.210
+  * tests: Add more tests to Packit CI
+  * build(deps): bump docker/build-push-action from 5 to 6
+  * tests: apply workarounds to known bugs
+
+-------------------------------------------------------------------
+Mon Sep 02 11:53:27 UTC 2024 - aplanas@suse.com
+
+- Update vendored crates (bsc#1229952, bsc#1230029, CVE-2024-43806)
+  * rustix 0.37.25
+  * rustix 0.38.34
+  * shlex  1.3.0
+
+- Update to version 0.2.6+13:
+  * Enable test functional/iak-idevid-persisted-and-protected
+  * build(deps): bump uuid from 1.7.0 to 1.10.0
+  * build(deps): bump openssl from 0.10.64 to 0.10.66
+  * keylime-agent/src/revocation: Fix comment indentation
+  * keylime/crypto: Fix indentation of documentation comment
+  * build(deps): bump thiserror from 1.0.59 to 1.0.63
+  * build(deps): bump serde_json from 1.0.116 to 1.0.120
+  * dependabot: Extend to also monitor workflow actions
+  * ci: Disable Packit CI on CentOS Stream 9
+  * ci: use CODECOV_TOKEN when submitting coverage data
+  * revocation: Use into() for unfallible transformation
+  * secure_mount: Fix possible infinite loop
+  * error: Rename enum variants to avoid clippy warning
+
 -------------------------------------------------------------------
 Fri Jun 14 07:39:29 UTC 2024 - aplanas@suse.com

--- a/rust-keylime.obsinfo
+++ b/rust-keylime.obsinfo
@@ -1,4 +1,4 @@
 name: rust-keylime
-version: 0.2.6~0
-mtime: 1718091585
-commit: d75475e728a907b9d556405d13e2b4180aa57322
+version: 0.2.7+117
+mtime: 1752485269
+commit: 7b746b08d3c0fdd866a6e47e893f426adc1eec70
--- a/rust-keylime.spec
+++ b/rust-keylime.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package rust-keylime
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -25,13 +25,13 @@
  %define _config_norepl %config(noreplace)
 %endif
 Name:           rust-keylime
-Version:        0.2.6~0
+Version:        0.2.7+117
 Release:        0
 Summary:        Rust implementation of the keylime agent
 License:        (Apache-2.0 OR MIT) AND BSD-3-Clause AND (Apache-2.0 OR MIT) AND Unicode-DFS-2016 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR MIT OR Zlib) AND (MIT OR Unlicense) AND (Apache-2.0 OR Zlib OR MIT) AND Apache-2.0 AND Apache-2.0 WITH LLVM-exception AND BSD-3-Clause AND ISC AND MIT
 URL:            https://github.com/keylime/rust-keylime
 Source:         rust-keylime-%{version}.tar.zst
-Source1:        vendor.tar.xz
+Source1:        vendor.tar.zst
 Source2:        cargo_config
 Source3:        keylime.xml
 Source4:        keylime-user.conf
@@ -41,11 +41,14 @@ Source7:        ima-policy.service
 Source8:        README.suse
 # PATCH-FIX-OPENSUSE keylime-agent.conf.diff
 Patch1:         keylime-agent.conf.diff
+Patch2:         Cargo_lock.patch
 BuildRequires:  cargo-packaging
 BuildRequires:  clang
 BuildRequires:  firewall-macros
 BuildRequires:  libarchive-devel
 BuildRequires:  rust
+# Required for SLE-15-SP5 / Micro55
+BuildRequires:  cargo >= 1.87
 BuildRequires:  sysuser-tools
 BuildRequires:  tpm2-0-tss-devel
 Requires:       libtss2-tcti-device0
@@ -72,7 +75,7 @@ Subpackage of %{name} to provide an suggested IMA policy for Keylime agent
 %prep
 %autosetup -a1 -p1
 mkdir .cargo
-install -D -m 644 %{SOURCE2} .cargo/config
+install -D -m 644 %{SOURCE2} .cargo/config.toml

 %build
 %{cargo_build} --no-default-features
--- a/vendor.tar.xz
+++ b/vendor.tar.xz
--- a/vendor.tar.zst
+++ b/vendor.tar.zst
Author	SHA256	Message	Date
Adrian Schröter	a744d748db	Sync from SUSE:SLFO:Main rust-keylime revision 92fb7669da28698fc5169eb3f554c978	2025-07-19 09:56:53 +02:00
Adrian Schröter	740eb9fb06	Sync from SUSE:SLFO:Main rust-keylime revision aa358296b361a134ebb48c196b128100	2025-06-18 21:29:59 +02:00