Accepting request 885427 from home:Guillaume_G:branches:security

- Requires 'tpm2-0-tss' as it holds the udev rule to make /dev/tpm*
  owned by tss user
- Requires 'libtss2-tcti-device0' as it is required to start parsec
  with TPM support
- Enable all authenticators which adds 'direct-authenticator'
- Add CryptoAuthLib template (disabled) in config.toml

OBS-URL: https://build.opensuse.org/request/show/885427
OBS-URL: https://build.opensuse.org/package/show/security/parsec?expand=0&rev=8

config.toml

@@ -29,3 +29,11 @@ key_info_manager = "on-disk-manager"
 #key_info_manager = "on-disk-manager"
 #tcti = "device:/dev/tpmrm0"
 #owner_hierarchy_auth = ""
+
+#[[provider]]
+#provider_type = "CryptoAuthLib"
+#key_info_manager = "on-disk-manager"
+#device_type = "atecc508a"
+#iface_type = "i2c"
+#wake_delay = 1500
+#rx_retries = 20

parsec.changes

@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Wed Apr 14 14:54:32 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Requires 'tpm2-0-tss' as it holds the udev rule to make /dev/tpm*
+  owned by tss user
+- Requires 'libtss2-tcti-device0' as it is required to start parsec
+  with TPM support
+
+-------------------------------------------------------------------
+Wed Apr  7 07:42:24 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Enable all authenticators which adds 'direct-authenticator'
+- Add CryptoAuthLib template (disabled) in config.toml
+
 -------------------------------------------------------------------
 Thu Apr  1 10:19:21 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
 

parsec.spec

@@ -17,8 +17,10 @@
 
 
 %global rustflags '-Clink-arg=-Wl,-z,relro,-z,now'
-# Features available: mbed-crypto-provider, pkcs11-provider, tpm-provider, all-providers
+# Features available:
-%define features "all-providers"
+# all-providers = ["tpm-provider", "pkcs11-provider", "mbed-crypto-provider", "cryptoauthlib-provider"]
+# all-authenticators = ["direct-authenticator", "unix-peer-credentials-authenticator"]
+%define features "all-authenticators,all-providers"
 %{?systemd_ordering}
 Name:           parsec
 Version:        0.7.2
@@ -48,6 +50,10 @@ Recommends:     opensc
 %sysusers_requires
 # /dev/tpm* are owned by tss user
 Requires(pre):  system-user-tss
+# tpm2-0-tss holds the udev rule to make /dev/tpm* owned by tss user
+Requires:       tpm2-0-tss
+# Without libtss2-tcti-device0 parsec fails to start TPM properly
+Requires:       libtss2-tcti-device0
 ExcludeArch:    armv6l armv6hl
 
 %description
@@ -57,12 +63,12 @@ This abstraction layer keeps workloads decoupled from physical platform details,
 enabling cloud-native delivery flows within the data center and at the edge.
 
 %prep
-%setup -qa1
+%autosetup -p1 -a1
 rm -rf .cargo && mkdir .cargo
 cp %{SOURCE2} .cargo/config
 # Enable all providers
 sed -i -e 's#default = \["unix-peer-credentials-authenticator"\]##' Cargo.toml
-echo 'default = ["unix-peer-credentials-authenticator", "all-providers"]' >> Cargo.toml
+echo 'default = ["all-authenticators", "all-providers"]' >> Cargo.toml
 
 %build
 export PROTOC=%{_bindir}/protoc