From 432824d6203f7d97f9d763c3413b82df5a1f7284b01e22ea8b653127165936d2 Mon Sep 17 00:00:00 2001 From: Alberto Planas Dominguez Date: Tue, 17 Jan 2023 15:00:07 +0000 Subject: [PATCH] Accepting request 1058991 from home:aplanas:branches:security - Update to version 0.1.0+git.1672681780.762cec8: * build(deps): bump openssl from 0.10.41 to 0.10.45 * build(deps): bump tokio from 1.21.1 to 1.23.0 * Disable dnf-makecache.service to save RAM * CI tests: Do not remove Fedora tag repository * add support for cargo deb * Pacify clippy::needless-borrow * Move tpm.rs from keylime-agent to the library * Split crates into library and applications - Add 0001-keylime-agent-remove-const_err-deny.patch - Fix "cargo install" with workspaces https://github.com/rust-lang/cargo/issues/7599 - Add 0001-Cargo.toml-tss-esapi-bindings.patch - Update to version 0.1.0+git.1670590616.e80c67a: * main: only read uuid from KeylimeConfig * Enabling more e2e tests in Packit CI * systemd: start agent after network is online * Cargo: Drop unused dependencies rust-ini and toml OBS-URL: https://build.opensuse.org/request/show/1058991 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=33 --- 0001-Cargo.toml-tss-esapi-bindings.patch | 43 +++++++++++++++++++ ...-keylime-agent-remove-const_err-deny.patch | 32 ++++++++++++++ _constraints | 7 +++ _servicedata | 2 +- ...eylime-0.1.0+git.1666019359.f5de47b.tar.xz | 3 -- ...eylime-0.1.0+git.1672681780.762cec8.tar.xz | 3 ++ rust-keylime.changes | 26 +++++++++++ rust-keylime.spec | 17 ++++++-- vendor.tar.xz | 4 +- 9 files changed, 128 insertions(+), 9 deletions(-) create mode 100644 0001-Cargo.toml-tss-esapi-bindings.patch create mode 100644 0001-keylime-agent-remove-const_err-deny.patch create mode 100644 _constraints delete mode 100644 rust-keylime-0.1.0+git.1666019359.f5de47b.tar.xz create mode 100644 rust-keylime-0.1.0+git.1672681780.762cec8.tar.xz diff --git a/0001-Cargo.toml-tss-esapi-bindings.patch b/0001-Cargo.toml-tss-esapi-bindings.patch new file mode 100644 index 0000000..bac77dd --- /dev/null +++ b/0001-Cargo.toml-tss-esapi-bindings.patch @@ -0,0 +1,43 @@ +From df18e7f683b610e198f8d359d2036655a1891795 Mon Sep 17 00:00:00 2001 +From: Alberto Planas +Date: Tue, 17 Jan 2023 11:35:59 +0100 +Subject: [PATCH] Cargo.toml: tss-esapi bindings + +Generate the tss-esapi bindings during compilation time. This will +extend the amount of supported architectures. + +This is a regression done after the crate split, that was fixed before +in #459. + +Signed-off-by: Alberto Planas +--- + keylime-ima-emulator/Cargo.toml | 2 +- + keylime/Cargo.toml | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/keylime-ima-emulator/Cargo.toml b/keylime-ima-emulator/Cargo.toml +index ee3d5c1..333a192 100644 +--- a/keylime-ima-emulator/Cargo.toml ++++ b/keylime-ima-emulator/Cargo.toml +@@ -12,4 +12,4 @@ keylime = { path = "../keylime" } + log = "0.4" + openssl = "0.10.15" + thiserror = "1.0" +-tss-esapi = "7.1.0" ++tss-esapi = {version = "7.1.0", features = ["generate-bindings"]} +diff --git a/keylime/Cargo.toml b/keylime/Cargo.toml +index 9693912..c343d40 100644 +--- a/keylime/Cargo.toml ++++ b/keylime/Cargo.toml +@@ -14,7 +14,7 @@ serde = "1.0.80" + serde_derive = "1.0.80" + static_assertions = "1" + thiserror = "1.0" +-tss-esapi = "7.1.0" ++tss-esapi = {version = "7.1.0", features = ["generate-bindings"]} + + [dev-dependencies] + tempfile = "3.0.4" +-- +2.39.0 + diff --git a/0001-keylime-agent-remove-const_err-deny.patch b/0001-keylime-agent-remove-const_err-deny.patch new file mode 100644 index 0000000..4f0075f --- /dev/null +++ b/0001-keylime-agent-remove-const_err-deny.patch @@ -0,0 +1,32 @@ +From a44207e5ffde079b39b119afbf12871d2f78adf1 Mon Sep 17 00:00:00 2001 +From: Alberto Planas +Date: Mon, 16 Jan 2023 15:51:46 +0100 +Subject: [PATCH] keylime-agent: remove const_err deny + +In 1.66 / 1.66.1 const_err is already a hard error, and was enabled as +such as long ago. New compilers will complain in case that this is still +used: + + warning: lint `const_err` has been removed: converted into hard error + +More info: + https://github.com/rust-lang/rust/issues/71800 +--- + keylime-agent/src/main.rs | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/keylime-agent/src/main.rs b/keylime-agent/src/main.rs +index 6333652..1d6fdf4 100644 +--- a/keylime-agent/src/main.rs ++++ b/keylime-agent/src/main.rs +@@ -3,7 +3,6 @@ + + #![deny( + nonstandard_style, +- const_err, + dead_code, + improper_ctypes, + non_shorthand_field_patterns, +-- +2.39.0 + diff --git a/_constraints b/_constraints new file mode 100644 index 0000000..4988ecd --- /dev/null +++ b/_constraints @@ -0,0 +1,7 @@ + + + + 10 + + + diff --git a/_servicedata b/_servicedata index 065d1cb..a36c1ea 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://github.com/keylime/rust-keylime.git - f5de47bd3fdcf767403242d05032b5775f3883ed \ No newline at end of file + 762cec820ee1bc00ca480cf3b410e61904410ffa \ No newline at end of file diff --git a/rust-keylime-0.1.0+git.1666019359.f5de47b.tar.xz b/rust-keylime-0.1.0+git.1666019359.f5de47b.tar.xz deleted file mode 100644 index 67f958a..0000000 --- a/rust-keylime-0.1.0+git.1666019359.f5de47b.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3689009ce99c1b288cdc6e77e13eb7e7b721948f0501620d584258d2c37595f2 -size 123780 diff --git a/rust-keylime-0.1.0+git.1672681780.762cec8.tar.xz b/rust-keylime-0.1.0+git.1672681780.762cec8.tar.xz new file mode 100644 index 0000000..b69be0c --- /dev/null +++ b/rust-keylime-0.1.0+git.1672681780.762cec8.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:68268240480a7dabb3475afae040ea4cf093a1e9a85333f9e72cfe32747a5402 +size 20677888 diff --git a/rust-keylime.changes b/rust-keylime.changes index 5453e98..1c8f53d 100644 --- a/rust-keylime.changes +++ b/rust-keylime.changes @@ -1,3 +1,29 @@ +------------------------------------------------------------------- +Mon Jan 16 14:02:08 UTC 2023 - aplanas@suse.com + +- Update to version 0.1.0+git.1672681780.762cec8: + * build(deps): bump openssl from 0.10.41 to 0.10.45 + * build(deps): bump tokio from 1.21.1 to 1.23.0 + * Disable dnf-makecache.service to save RAM + * CI tests: Do not remove Fedora tag repository + * add support for cargo deb + * Pacify clippy::needless-borrow + * Move tpm.rs from keylime-agent to the library + * Split crates into library and applications +- Add 0001-keylime-agent-remove-const_err-deny.patch +- Fix "cargo install" with workspaces + https://github.com/rust-lang/cargo/issues/7599 +- Add 0001-Cargo.toml-tss-esapi-bindings.patch + +------------------------------------------------------------------- +Fri Dec 09 13:10:40 UTC 2022 - aplanas@suse.com + +- Update to version 0.1.0+git.1670590616.e80c67a: + * main: only read uuid from KeylimeConfig + * Enabling more e2e tests in Packit CI + * systemd: start agent after network is online + * Cargo: Drop unused dependencies rust-ini and toml + ------------------------------------------------------------------- Tue Oct 25 08:16:33 UTC 2022 - aplanas@suse.com diff --git a/rust-keylime.spec b/rust-keylime.spec index d8080fe..aa82ee4 100644 --- a/rust-keylime.spec +++ b/rust-keylime.spec @@ -1,7 +1,7 @@ # # spec file for package rust-keylime # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,7 +25,7 @@ %define _config_norepl %config(noreplace) %endif Name: rust-keylime -Version: 0.1.0+git.1666019359.f5de47b +Version: 0.1.0+git.1672681780.762cec8 Release: 0 Summary: Rust implementation of the keylime agent License: Apache-2.0 AND MIT @@ -38,6 +38,10 @@ Source4: keylime-user.conf Source5: tmpfiles.keylime # PATCH-FIX-OPENSUSE keylime-agent.conf.diff Patch1: keylime-agent.conf.diff +# PATCH-FIX-UPSTREAM 0001-keylime-agent-remove-const_err-deny.patch gh#keylime/rust-keylime#501 +Patch2: 0001-keylime-agent-remove-const_err-deny.patch +# PATCH-FIX-UPSTREAM 0001-Cargo.toml-tss-esapi-bindings.patch gh#keylime/rust-keylime#502 +Patch3: 0001-Cargo.toml-tss-esapi-bindings.patch BuildRequires: cargo-packaging BuildRequires: clang BuildRequires: firewall-macros @@ -70,7 +74,14 @@ cp %{SOURCE2} .cargo/config %sysusers_generate_pre %{SOURCE4} keylime keylime-user.conf %install -%{cargo_install} --no-default-features --features "with-zmq" +# If https://github.com/Firstyear/cargo-packaging/pull/3 gets merged, +# replace it with: +# +# \%{cargo_install -p keylime-agent} --no-default-features --features "with-zmq" +# \%{cargo_install -p keylime-ima-emulator} + +install -Dpm 0755 %{_builddir}/%{name}-%{version}/target/release/keylime_agent %{buildroot}%{_bindir}/keylime_agent +install -Dpm 0755 %{_builddir}/%{name}-%{version}/target/release/keylime_ima_emulator %{buildroot}%{_bindir}/keylime_ima_emulator install -Dpm 0600 keylime-agent.conf %{buildroot}%{_distconfdir}/keylime/agent.conf install -Dpm 0644 ./dist/systemd/system/keylime_agent.service %{buildroot}%{_unitdir}/keylime_agent.service diff --git a/vendor.tar.xz b/vendor.tar.xz index 4fff3f5..3a1455c 100644 --- a/vendor.tar.xz +++ b/vendor.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:461817a4fcad41b34e4df2965734fdb55c2dae0043eba1c5b119006a60758a9e -size 21088228 +oid sha256:89e4102d09cff722290c9c3e1cc18b02dd3edb7f893039b1190b41c6cb213c17 +size 26221436