- Update vendored crates (bsc#1248006, CVE-2025-55159)
* slab 0.4.11
- Add Cargo_lock.patch patch to update slab and other dependencies
- Update to version 0.2.8+12:
* build(deps): bump actions/checkout from 4 to 5
* build(deps): bump cfg-if from 1.0.0 to 1.0.1
* build(deps): bump openssl from 0.10.72 to 0.10.73
* build(deps): bump clap from 4.5.39 to 4.5.45
* build(deps): bump pest from 2.8.0 to 2.8.1
* Fix clippy warnings
* Use verifier-provided interval for continuous attestation timing
* Add meta object with seconds_to_next_attestation to evidence response
* Fix boot time retrieval
* Fix IMA log format (it must be ['text/plain']) (#1073)
* Remove unnecessary configuration fields
* cargo: Bump retry-policies to version 0.4.0
* Bump version to 0.2.8
OBS-URL: https://build.opensuse.org/request/show/1300480
OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=86
- Update to version 0.2.7+1:
* dist: Enable logging for keylime library in the service
* Bump version to 0.2.7
* scripts: Download coverage data from Testing Farm directly
* main: Remove unnecessary lifetime
* cargo: Bump pretty_env_logger to version 0.5.0
* scripts: Fix regex in download_packit_coverage.sh
* cargo: Bump clap crate to version 4.5.23
* cargo: Bump base64 crate to version 0.22.1
* build(deps): bump log from 0.4.22 to 0.4.25
* build(deps): bump serde_json from 1.0.133 to 1.0.135
* cargo: Bump tokio crate to version 1.42.0
* packit: Fix RPM builds on copr
* cargo: Bump thiserror crate to version 0.2.9
* cargo: Update reqwest to version 0.12.12
* build(deps): bump libc from 0.2.168 to 0.2.169
* build(deps): bump glob from 0.3.1 to 0.3.2
* version: Implement API version validation and ordering
* main: Support using multiple API versions for registration
* keylime: Introduce the registrar_client module
* Provide endpoints under multiple API versions
* Move 'serialization' module to the keylime library
* Drop unnecessary dependency on common::API_VERSION
* keylime-agent.conf: Bump version to 2.3
* build(deps): bump serde from 1.0.210 to 1.0.217
* build(deps): bump pest_derive from 2.7.14 to 2.7.15
* build(deps): bump pest from 2.7.14 to 2.7.15
* build(deps): bump libc from 0.2.167 to 0.2.168
* config: Make IAK and IDevID certificates optional
* Fix warnings reported by clippy
* workflows: Run job in the CI container directly
* tests: Add unit test for device ID builder
* main: Move IAK/IDevID related code to dedicated module
* tests: Add script to generate IAK and IDevID certificates
* build(deps): bump openssl from 0.10.66 to 0.10.68
* build(deps): bump uuid from 1.10.0 to 1.11.0
* build(deps): bump serde_json from 1.0.128 to 1.0.133
* build(deps): bump actix-web from 4.5.1 to 4.9.0
* build(deps): bump reqwest from 0.12.7 to 0.12.9
* tests/setup_swtpm.sh: Add script to setup temporary TPM
* Use a single TPM context and avoid race conditions during tests
* config: Enable passing a hostname instead of IP
* build(deps): bump clap from 4.3.11 to 4.5.21
* build(deps): bump tempfile from 3.10.1 to 3.14.0
* build(deps): bump pest_derive from 2.7.6 to 2.7.14
* build(deps): bump pest from 2.7.6 to 2.7.14
* build(deps): bump codecov/codecov-action from 4 to 5
* workflows: Submit the coverage for merged PR from Fedora 41
* tests: Use Fedora 41 to generate code coverage
* api: Make API configuration modular
* agent_handler: Move the /agent scope configuration
* notifications_handler: Move the /notifications scope configuration
* quotes_handler: Move the /quotes scope configuration to quotes_handler
* keys_handler: Move /keys scope configuration to keys_handler
* Use ${DESTDIR} for config
* Fix showing wrong UUID
* build(deps): bump actix-rt from 2.9.0 to 2.10.0
* config: Refactor AgentConfig Source trait implementation
* build(deps): bump log from 0.4.21 to 0.4.22
* build(deps): bump serde_json from 1.0.120 to 1.0.128
* tpm: check if EK certificate has valid ASN.1 DER encoding
* build(deps): bump futures from 0.3.27 to 0.3.31
* cargo: Bump reqwest to version 0.12.7
* build(deps): bump serde from 1.0.203 to 1.0.210
* tests: Add more tests to Packit CI
* build(deps): bump docker/build-push-action from 5 to 6
* tests: apply workarounds to known bugs
OBS-URL: https://build.opensuse.org/request/show/1240481
OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=76
- Update to version 0.2.6~0:
* Bump version to 0.2.6
* build(deps): bump libc from 0.2.153 to 0.2.155
* build(deps): bump serde from 1.0.196 to 1.0.203
* rpm/fedora: Update rust macro usage
* config: Support hostnames in registrar_ip option
* added use of persisted IAK and IDevID and authorisation values
* config changes
* Adding /agent/info API to agent
* Fix leftover 'unnecessary qualification' warnings on tests
OBS-URL: https://build.opensuse.org/request/show/1180841
OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=72
- actix-web update moves rustls as feature (bsc#1223234, CVE-2024-32650)
- Update to version 0.2.4~39:
* build(deps): bump openssl from 0.10.63 to 0.10.64
* build(deps): bump h2 from 0.3.24 to 0.3.26
* build(deps): bump serde_json from 1.0.107 to 1.0.116
* build(deps): bump actix-web from 4.4.1 to 4.5.1
* crypto: Enable TLS 1.3
* build(deps): bump tempfile from 3.9.0 to 3.10.1
* build(deps): bump mio from 0.8.4 to 0.8.11
* enable hex values to be used for tpm_ownerpassword
* config: Support IPv6 with or without brackets
* keylime: Implement a simple IP parser to remove brackets
* crypto: Implement CertificateBuilder to generate certificates
* tests: Fix coverage download by supporting arbitrary URL
* cargo: Add testing feature to keylime library
* Set X509 SAN with local DNSname/IP/IPv6
* Include newest Node20 versions for Github actions
* tpm: Add unit test for uncovered public functions
* crypto: Implement ECC key generation support
* crypto: Add test for match_cert_to_template()
* Fix minor typo, format and remove end whitespaces
* crypto: Make error types less specific
* tests/run.sh: Run tarpaulin with a single thread
* payloads: Remove explicit drop of channel transmitter
* crypto: Move to keylime library
* crypto: Add specific type for every possible error
* tpm: Rename origin of error as source in structures
* list_parser: Add source for error for backtrace
* algorithms: Make errors more specific
* typo fix for default path to measured boot log file
* README: remove mentions of libarchive as a dependency
* Dockerfile.wolfi: Update clang to version 17
* docker: Remove libarchive as a dependency
* rpm: Remove libarchive from dependencies
* cargo: Replace compress-tools with zip crate
* cargo: Bump ahash to version 0.8.7
* build(deps): bump serde from 1.0.195 to 1.0.196
* build(deps): bump libc from 0.2.152 to 0.2.153
* build(deps): bump reqwest from 0.11.23 to 0.11.24
* docker: Install configuration file in the correct path
* config: Make IAK/IDevID disabled by default
OBS-URL: https://build.opensuse.org/request/show/1171003
OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=67
- Update to version 0.2.4+git.1706692574.a744517:
* Bump version to 0.2.4
* build(deps): bump uuid from 1.4.1 to 1.7.0
* keylime-agent.conf: Allow setting event logs paths
* Mutable log paths: allow IMA and MBA log paths to be overridden by keylime configuration.
* workflows: Update checkout action to version 4
* build(deps): bump serde from 1.0.188 to 1.0.195
* build(deps): bump pest_derive from 2.7.0 to 2.7.6
* build(deps): bump openssl from 0.10.62 to 0.10.63
* build(deps): bump config from 0.13.3 to 0.13.4
* build(deps): bump base64 from 0.21.4 to 0.21.7
* build(deps): bump tempfile from 3.8.0 to 3.9.0
* build(deps): bump pest from 2.7.0 to 2.7.6
* build(deps): bump actix-web from 4.4.0 to 4.4.1
* build(deps): bump reqwest from 0.11.22 to 0.11.23
* build(deps): bump h2 from 0.3.17 to 0.3.24
* build(deps): bump shlex from 1.1.0 to 1.3.0
* cargo: Bump tss-esapi to version 7.4.0
* workflows: Fix keylime-bot token usage
* tpm: Add error context for every possible error
* tpm: Add AlgorithmError to TpmError
* detect idevid template from certificates
* build(deps): bump wiremock from 0.5.18 to 0.5.22
* build(deps): bump thiserror from 1.0.48 to 1.0.56
* Make use of workspace dependencies
* build(deps): bump openssl from 0.10.57 to 0.10.62
* packit: Bump Fedora version used for code coverage
OBS-URL: https://build.opensuse.org/request/show/1142969
OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=65
- Update to version 0.2.3+git.1701075380.a5dc985:
* build(deps): bump actix-rt from 2.8.0 to 2.9.0
* Bump version to 0.2.3
* build(deps): bump reqwest from 0.11.20 to 0.11.22
* Bump configuration version and fix enable_iak_idevid
* Enable test functional/iak-idevid-register-with-certificates
* Update packit plan with new tests
* Add certificates and certificate checking for IDevID and IAK keys (#669)
OBS-URL: https://build.opensuse.org/request/show/1130184
OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=63
- Update to version 0.2.1+git.1682587333.b497f1d:
* Bump version to 0.2.1
* Cargo: Update base64 to version 0.21
* build(deps): bump enumflags2 from 0.7.5 to 0.7.7
* build(deps): bump uuid from 1.3.0 to 1.3.1
* build(deps): bump libc from 0.2.141 to 0.2.142
* keylime-agent/src/common.rs: remove VTPM and IMA stub variables
* rpm/fedora: Use vendored dependencies for all versions
* packit: Enable building RPM on Copr for fedora-all
* rpm/fedora: Fix metadata patch
* build(deps): bump serde from 1.0.159 to 1.0.160
* build(deps): bump serde_json from 1.0.95 to 1.0.96
* cargo: Drop default features from actix-web
* cargo: Drop default features from reqwest crate
* cargo: Drop default features from config crate
* build(deps): bump tempfile from 3.4.0 to 3.5.0
* build(deps): bump libc from 0.2.140 to 0.2.141
OBS-URL: https://build.opensuse.org/request/show/1083240
OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=51
- Add generate-cargo-lock-file.patch to fix the build system in OBS
- Add keylime.conf.diff to adjust the default config file
- Adjust build requirements
- Add firewalld XML rules
- Add systemd keylime_agent.service
- Fix license tag
- Update to version 0.0.1+git.1626706730.a009476:
* libarchive-devel is needed to build on Fedora
* Accept sets of U and V keys; use new Key types
* Output mask info
* Fix for race condition bug
* Do not resend pubkey to CV after attestation
* Run payload script from a shell
* Write out data and run payload
* Decrypt payload after key handlers find symm key
* Add handler for U and V keys
* Add helper functions for handling U and V keys
* Some TPM fixes for IMA PCR validation
* Do not flush AK context as this causes an error
* Fix bug in revocation service
* Drop references to vmask
* Better documentation of consts
* Do not fail if EK cert is not present in TPM NV
* Add more verbose logging to better match Python agent
* Remove verify stub as we are not using it
* tests: Don't pass --allow-signing to swtpm_setup
* Fix typos
* Add dependency for libzmq3-dev / zeromq-devel
* Fix new clippy lints
* Add handling for Identity and Integrity quotes
* Add Quote functionality
* Add marshaling functions for TPM structs
OBS-URL: https://build.opensuse.org/request/show/908894
OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=3
