Commit Graph

  • f5749ae5de Accepting request 1332105 from security factory Ana Guerrero 2026-02-10 20:11:47 +00:00
  • 8d1ed044ff Update to version 0.2.8+116 (bsc#1257908, CVE-2026-25727) slfo-main Alberto Planas 2026-02-09 16:06:02 +01:00
  • d3a8058f07 Accepting request 1332104 from home:aplanas:branches:security Alberto Planas Dominguez 2026-02-09 20:39:52 +00:00
  • 46b225857f Accepting request 1332066 from home:aplanas:branches:security Alberto Planas Dominguez 2026-02-09 15:03:25 +00:00
  • 1afaced36f Accepting request 1325856 from security Ana Guerrero 2026-01-08 14:25:53 +00:00
  • 8f3ff6f180 Use tmpfiles.d for /var directories (jsc#PED-14736) Alberto Planas 2026-01-07 21:34:14 +01:00
  • 3f6139556a Accepting request 1325855 from home:aplanas:branches:security Alberto Planas Dominguez 2026-01-07 20:22:10 +00:00
  • ef9216bf04 Accepting request 1300481 from security Ana Guerrero 2025-08-21 14:53:47 +00:00
  • 0bad5920be Accepting request 1300480 from home:aplanas:branches:security Alberto Planas Dominguez 2025-08-20 10:28:22 +00:00
  • e1f94ad160 Accepting request 1298141 from security Dominique Leuenberger 2025-08-08 13:10:03 +00:00
  • e797f77345 Accepting request 1298140 from home:aplanas:branches:security Alberto Planas Dominguez 2025-08-07 12:43:55 +00:00
  • 04e22137d7 Accepting request 1293147 from security slfo-1.2 Ana Guerrero 2025-07-15 14:42:05 +00:00
  • 130f7998f3 Accepting request 1293147 from security Ana Guerrero 2025-07-15 14:42:05 +00:00
  • bab9b48ae1 - Update vendored crates (bsc#1242623, CVE-2025-3416) * openssl 0.10.73 - Update to version 0.2.7+117: * Increase coverage in evidence handling structure * Add Capabilities Negotiations resp. missing fields * Fix UEFI test to check file access in all cases * context_info_handler: Do not assume /var/lib/keylime exists * Fix clippy warnings about uninlined format arguments * attestation: Allow unwrap() in tests * Increase coverage (groom code, extend unit tests) * Include IMA/UEFI logs in Evidence Handling request * Include method to get all IMA entries as string * Send correct list of pcr banks and sign algorithms * Try to fix TPM tests related issues * Define attestation perform asynchronous * Perform attestation in push model agent binary * Refactor code to use new attestation.rs * Create attestation.rs for Attestation stuff * Move ContextInfo management to its own handler * Adjust context_info.rs after rebase * Add attestation function to ContextInfo structure * Add prohibited signing algorithms, avoid ecschnorr * keylime/config: Use macro to implement PushModelConfigTrait * Introduce keylime-macros and define_view_trait * config: Remove KeylimeConfig structure * config: Remove unnecessary options and lazy initialization * Fix pcr_bank function to send all possible slots * Send Content-Type:application/json on request (#1039) * Send correct 'key_algorithm' in certification_keys (#1035) * Push Model: Persist Attestation Key to file * Add Keylime push model binary to root GNUmakefile * Use singleton to avoid multiple Context allocation * tests: Do not assume /var/lib/keylime exists (#1030) * lib/cert: Fix race condition due to use of same file path * payloads: Fix race condition in tests * Add uefi_log_handler.rs to parse UEFI binary * Use IMA log parser to send correct entry count * Add IMA log parser * build(deps): bump once_cell from 1.19.0 to 1.21.3 * lib/config/base.rs: Add more unit tests * lib/permissions: Add unit tests * keylime-agent: move JsonWrapper from common.rs to the library * lib/agent_data: Move agent_data related tests from common * common: Replace APIVersion with the library Version structure * keylime_agent: Move secure_mount.rs to the library * lib: Rename keylime_error.rs as error.rs * config: Move config to keylime library * config: Rename push_model_config to push_model * lib: Move permissions.rs from keylime-agent to the lib * Extract Capabilities Negotiation info from TPM (#1014) Alberto Planas Dominguez 2025-07-14 13:25:21 +00:00
  • 0c84208f74 Accepting request 1293142 from home:aplanas:branches:security Alberto Planas Dominguez 2025-07-14 13:25:21 +00:00
  • 16a95103b3 Accepting request 1285370 from security Ana Guerrero 2025-06-13 16:44:25 +00:00
  • 9b0ea34a6a Accepting request 1285370 from security Ana Guerrero 2025-06-13 16:44:25 +00:00
  • 965b61292e - Add reference to CVE-2024-43806 Alberto Planas Dominguez 2025-06-13 07:09:13 +00:00
  • 361093e06e Accepting request 1285369 from home:aplanas:branches:security Alberto Planas Dominguez 2025-06-13 07:09:13 +00:00
  • 20e305cf12 Accepting request 1283647 from security Ana Guerrero 2025-06-10 06:59:29 +00:00
  • cf8483182a Accepting request 1283647 from security Ana Guerrero 2025-06-10 06:59:29 +00:00
  • 9fa5dca9cc - Update vendored crates (bsc#1243861, CVE-2024-12224) * idna 1.0.3 - Add Cargo_lock.patch to adjust versions that will allow the compilation of mbox crate - Update to version 0.2.7+70: * build(deps): bump wiremock from 0.6.2 to 0.6.3 * build(deps): bump uuid from 1.16.0 to 1.17.0 * lib: Introduce AgentIdentity structure * gitignore: Add *.swp and *.orig to be ignored * build(deps): bump clap from 4.5.38 to 4.5.39 * build(deps): bump tokio from 1.45.0 to 1.45.1 * Unify Push Model structures time formats to UTC (#1016) * Add Quote related structures to Keylime library * Remove configuration file trailing whitespaces (#1012) * keylime-agent.conf: add all accepted TPM encryption algs * tpm: add policy auth for EK to activate crendential * Enable non standard key sizes and curves for EK and AK * config: Use next_back() instead of last() for iterators * Update to tss-esapi v7.6.0 * Avoid duplicated call to ctx.create_ek * build(deps): bump clap from 4.5.23 to 4.5.38 * Add registration for Push Model client * build(deps): bump tokio from 1.44.2 to 1.45.0 * build(deps): bump chrono from 0.4.40 to 0.4.41 * build(deps): bump tempfile from 3.17.1 to 3.20.0 * Refactor code: move error, registration to lib * Move structure filling and URL selection code (#999) * build(deps): bump pest_derive from 2.7.15 to 2.8.0 * build(deps): bump pest from 2.7.15 to 2.8.0 * build(deps): bump libc from 0.2.169 to 0.2.172 * Add Evidence/Authentication messages to prototype * build(deps): bump uuid from 1.15.1 to 1.16.0 * build(deps): bump thiserror from 2.0.11 to 2.0.12 * build(deps): bump signal-hook from 0.3.17 to 0.3.18 * build(deps): bump log from 0.4.25 to 0.4.27 * build(deps): bump assert_cmd from 2.0.16 to 2.0.17 * build(deps): bump actix-web from 4.9.0 to 4.10.2 * build(deps): bump reqwest from 0.12.12 to 0.12.15 * build(deps): bump serde from 1.0.217 to 1.0.219 * Add unit tests for sessions.rs structures * Add auth(sessions) structures * Fix minor README.md issue (#988) * Define EvidenceHandling structures (#971) * Add mockoon test scenario * Add client certificates to push-attestation prototype * Cargo: bump url crate to version 2.5.4 * Add logging to the push attestation prototype * Do not use certificate on insecure mode * common: Move the EncryptedData structure from common to the library * common: Move AuthTag from common to the library * build(deps): bump openssl from 0.10.71 to 0.10.72 * common: Move Symmkey to library as crypto::symmkey * common: Remove unused constants and static values * build(deps): bump tokio from 1.43.0 to 1.44.2 * Refactor code: Include AgentIdentity structure * Push model prototype * Add support for ek certificate chain, stored in TPM NVRAM. * Recover key_class field and set it as "asymmetric" * Update push model structures to latest values * build(deps): bump serde_json from 1.0.138 to 1.0.140 * packit: Add identifier for each copr_build job * keylime-agent.conf: only mention ecdsa and rsassa for signing * build(deps): bump openssl from 0.10.70 to 0.10.71 * build(deps): bump uuid from 1.13.2 to 1.15.1 * Add capabilities_negotiation structures * packit: Add compatibility/api_version_compatibility test * build(deps): bump uuid from 1.11.0 to 1.13.2 * build(deps): bump serde_json from 1.0.135 to 1.0.138 * build(deps): bump thiserror from 2.0.9 to 2.0.11 * build(deps): bump tempfile from 3.14.0 to 3.17.1 * Allow agent to start as non-root * scripts: Fix coverage information downloading script * build(deps): bump openssl from 0.10.68 to 0.10.70 * build(deps): bump tokio from 1.42.0 to 1.43.0 Alberto Planas Dominguez 2025-06-06 12:03:07 +00:00
  • ab9fe4b84f Accepting request 1283646 from home:aplanas:branches:security Alberto Planas Dominguez 2025-06-06 12:03:07 +00:00
  • c1a016424c Accepting request 1240482 from security Ana Guerrero 2025-01-28 13:58:26 +00:00
  • be6eebfb25 Accepting request 1240482 from security Ana Guerrero 2025-01-28 13:58:26 +00:00
  • bb63965416 - Update to version 0.2.7+1: * dist: Enable logging for keylime library in the service * Bump version to 0.2.7 * scripts: Download coverage data from Testing Farm directly * main: Remove unnecessary lifetime * cargo: Bump pretty_env_logger to version 0.5.0 * scripts: Fix regex in download_packit_coverage.sh * cargo: Bump clap crate to version 4.5.23 * cargo: Bump base64 crate to version 0.22.1 * build(deps): bump log from 0.4.22 to 0.4.25 * build(deps): bump serde_json from 1.0.133 to 1.0.135 * cargo: Bump tokio crate to version 1.42.0 * packit: Fix RPM builds on copr * cargo: Bump thiserror crate to version 0.2.9 * cargo: Update reqwest to version 0.12.12 * build(deps): bump libc from 0.2.168 to 0.2.169 * build(deps): bump glob from 0.3.1 to 0.3.2 * version: Implement API version validation and ordering * main: Support using multiple API versions for registration * keylime: Introduce the registrar_client module * Provide endpoints under multiple API versions * Move 'serialization' module to the keylime library * Drop unnecessary dependency on common::API_VERSION * keylime-agent.conf: Bump version to 2.3 * build(deps): bump serde from 1.0.210 to 1.0.217 * build(deps): bump pest_derive from 2.7.14 to 2.7.15 * build(deps): bump pest from 2.7.14 to 2.7.15 * build(deps): bump libc from 0.2.167 to 0.2.168 * config: Make IAK and IDevID certificates optional * Fix warnings reported by clippy * workflows: Run job in the CI container directly * tests: Add unit test for device ID builder * main: Move IAK/IDevID related code to dedicated module * tests: Add script to generate IAK and IDevID certificates * build(deps): bump openssl from 0.10.66 to 0.10.68 * build(deps): bump uuid from 1.10.0 to 1.11.0 * build(deps): bump serde_json from 1.0.128 to 1.0.133 * build(deps): bump actix-web from 4.5.1 to 4.9.0 * build(deps): bump reqwest from 0.12.7 to 0.12.9 * tests/setup_swtpm.sh: Add script to setup temporary TPM * Use a single TPM context and avoid race conditions during tests * config: Enable passing a hostname instead of IP * build(deps): bump clap from 4.3.11 to 4.5.21 * build(deps): bump tempfile from 3.10.1 to 3.14.0 * build(deps): bump pest_derive from 2.7.6 to 2.7.14 * build(deps): bump pest from 2.7.6 to 2.7.14 * build(deps): bump codecov/codecov-action from 4 to 5 * workflows: Submit the coverage for merged PR from Fedora 41 * tests: Use Fedora 41 to generate code coverage * api: Make API configuration modular * agent_handler: Move the /agent scope configuration * notifications_handler: Move the /notifications scope configuration * quotes_handler: Move the /quotes scope configuration to quotes_handler * keys_handler: Move /keys scope configuration to keys_handler * Use ${DESTDIR} for config * Fix showing wrong UUID * build(deps): bump actix-rt from 2.9.0 to 2.10.0 * config: Refactor AgentConfig Source trait implementation * build(deps): bump log from 0.4.21 to 0.4.22 * build(deps): bump serde_json from 1.0.120 to 1.0.128 * tpm: check if EK certificate has valid ASN.1 DER encoding * build(deps): bump futures from 0.3.27 to 0.3.31 * cargo: Bump reqwest to version 0.12.7 * build(deps): bump serde from 1.0.203 to 1.0.210 * tests: Add more tests to Packit CI * build(deps): bump docker/build-push-action from 5 to 6 * tests: apply workarounds to known bugs Alberto Planas Dominguez 2025-01-27 09:54:47 +00:00
  • 07c7b57d19 Accepting request 1240481 from home:aplanas:branches:security Alberto Planas Dominguez 2025-01-27 09:54:47 +00:00
  • 2c26f91682 Accepting request 1198291 from security Dominique Leuenberger 2024-09-04 11:21:17 +00:00
  • 93b5f5c002 Accepting request 1198291 from security Dominique Leuenberger 2024-09-04 11:21:17 +00:00
  • e4c8388ef3 Accepting request 1198288 from home:aplanas:branches:security Alberto Planas Dominguez 2024-09-02 12:27:20 +00:00
  • ab13a755ab Accepting request 1198288 from home:aplanas:branches:security Alberto Planas Dominguez 2024-09-02 12:27:20 +00:00
  • 6602935b9e Accepting request 1180842 from security Ana Guerrero 2024-06-17 17:27:02 +00:00
  • af870de896 Accepting request 1180842 from security Ana Guerrero 2024-06-17 17:27:02 +00:00
  • eed6549f29 Accepting request 1180841 from home:aplanas:branches:security Alberto Planas Dominguez 2024-06-14 08:03:14 +00:00
  • b1372b3534 Accepting request 1180841 from home:aplanas:branches:security Alberto Planas Dominguez 2024-06-14 08:03:14 +00:00
  • 0f8c222617 Accepting request 1174582 from security Ana Guerrero 2024-05-17 18:04:01 +00:00
  • da0366a2b7 Accepting request 1174582 from security Ana Guerrero 2024-05-17 18:04:01 +00:00
  • da46ac6620 Accepting request 1174581 from home:aplanas:branches:security Alberto Planas Dominguez 2024-05-16 13:50:48 +00:00
  • f271eab181 Accepting request 1174581 from home:aplanas:branches:security Alberto Planas Dominguez 2024-05-16 13:50:48 +00:00
  • dabe00e6e0 Accepting request 1171249 from security Ana Guerrero 2024-05-02 21:42:51 +00:00
  • e916b86c6d Accepting request 1171249 from security Ana Guerrero 2024-05-02 21:42:51 +00:00
  • 322aa96b35 Accepting request 1171248 from home:aplanas:branches:security Alberto Planas Dominguez 2024-05-02 07:48:12 +00:00
  • b1e46d42ce Accepting request 1171248 from home:aplanas:branches:security Alberto Planas Dominguez 2024-05-02 07:48:12 +00:00
  • aac8831159 Accepting request 1171003 from home:aplanas:branches:security Alberto Planas Dominguez 2024-04-30 13:43:16 +00:00
  • 87a74284fa Accepting request 1171003 from home:aplanas:branches:security Alberto Planas Dominguez 2024-04-30 13:43:16 +00:00
  • 1e967b2a37 Accepting request 1142970 from security Ana Guerrero 2024-01-31 22:53:38 +00:00
  • df9bb132fe Accepting request 1142970 from security Ana Guerrero 2024-01-31 22:53:38 +00:00
  • b18b7fcd26 Accepting request 1142969 from home:aplanas:branches:security Alberto Planas Dominguez 2024-01-31 10:21:27 +00:00
  • a86e2619c5 Accepting request 1142969 from home:aplanas:branches:security Alberto Planas Dominguez 2024-01-31 10:21:27 +00:00
  • 327341f15d Accepting request 1130185 from security Dominique Leuenberger 2023-12-02 16:12:34 +00:00
  • 8a695966a8 Accepting request 1130185 from security Dominique Leuenberger 2023-12-02 16:12:34 +00:00
  • 015b9a78ef Accepting request 1130184 from home:aplanas:branches:security Alberto Planas Dominguez 2023-12-01 10:38:34 +00:00
  • f3aac3b86c Accepting request 1130184 from home:aplanas:branches:security Alberto Planas Dominguez 2023-12-01 10:38:34 +00:00
  • a8f5f161db Accepting request 1123263 from security Ana Guerrero 2023-11-05 11:18:59 +00:00
  • 8ce1ddad4e Accepting request 1123263 from security Ana Guerrero 2023-11-05 11:18:59 +00:00
  • d9639ce738 Accepting request 1123262 from home:aplanas:branches:security Alberto Planas Dominguez 2023-11-03 15:44:38 +00:00
  • a0d5b99367 Accepting request 1123262 from home:aplanas:branches:security Alberto Planas Dominguez 2023-11-03 15:44:38 +00:00
  • b0af5b276e Accepting request 1098634 from security Dominique Leuenberger 2023-07-14 13:35:44 +00:00
  • bdcadbc0fe Accepting request 1098634 from security Dominique Leuenberger 2023-07-14 13:35:44 +00:00
  • d52384261a Accepting request 1098633 from home:aplanas:branches:security Alberto Planas Dominguez 2023-07-14 08:41:27 +00:00
  • bb02310d5b Accepting request 1098633 from home:aplanas:branches:security Alberto Planas Dominguez 2023-07-14 08:41:27 +00:00
  • 8b5f0cad45 Accepting request 1098388 from home:aplanas:branches:security Alberto Planas Dominguez 2023-07-12 15:37:38 +00:00
  • 423c032d07 Accepting request 1098388 from home:aplanas:branches:security Alberto Planas Dominguez 2023-07-12 15:37:38 +00:00
  • e33102575f Accepting request 1091267 from security Dominique Leuenberger 2023-06-08 19:41:54 +00:00
  • 8384097d6c Accepting request 1091267 from security Dominique Leuenberger 2023-06-08 19:41:54 +00:00
  • c727b184bc Accepting request 1091266 from home:aplanas:branches:security Alberto Planas Dominguez 2023-06-07 12:24:09 +00:00
  • 84ba0ed66d Accepting request 1091266 from home:aplanas:branches:security Alberto Planas Dominguez 2023-06-07 12:24:09 +00:00
  • 1f91fc88b8 Accepting request 1091251 from home:aplanas:branches:security Alberto Planas Dominguez 2023-06-07 10:22:53 +00:00
  • d6aff24884 Accepting request 1091251 from home:aplanas:branches:security Alberto Planas Dominguez 2023-06-07 10:22:53 +00:00
  • da9ebeb1f4 Accepting request 1090857 from security Dominique Leuenberger 2023-06-06 17:55:21 +00:00
  • 9368be7153 Accepting request 1090857 from security Dominique Leuenberger 2023-06-06 17:55:21 +00:00
  • c1697f5115 Accepting request 1090856 from home:aplanas:branches:security Alberto Planas Dominguez 2023-06-05 09:00:16 +00:00
  • 54599f1547 Accepting request 1090856 from home:aplanas:branches:security Alberto Planas Dominguez 2023-06-05 09:00:16 +00:00
  • 7b93d7581f Accepting request 1083982 from security Dominique Leuenberger 2023-05-03 10:56:22 +00:00
  • c0823d5d51 Accepting request 1083982 from security Dominique Leuenberger 2023-05-03 10:56:22 +00:00
  • ee3ef062f1 Accepting request 1083240 from home:aplanas:branches:security Marcus Meissner 2023-05-02 09:28:59 +00:00
  • 7f580f8c37 Accepting request 1083240 from home:aplanas:branches:security Marcus Meissner 2023-05-02 09:28:59 +00:00
  • b3e6a5e3cc Accepting request 1079394 from security Dominique Leuenberger 2023-04-15 20:32:17 +00:00
  • 6136cebd90 Accepting request 1079394 from security Dominique Leuenberger 2023-04-15 20:32:17 +00:00
  • 4644a39509 Accepting request 1079393 from home:aplanas:branches:security Alberto Planas Dominguez 2023-04-14 07:57:58 +00:00
  • 1815c3d2c6 Accepting request 1079393 from home:aplanas:branches:security Alberto Planas Dominguez 2023-04-14 07:57:58 +00:00
  • add91a3e3f Accepting request 1078771 from security Dominique Leuenberger 2023-04-13 12:10:22 +00:00
  • 31b7bc1b54 Accepting request 1078771 from security Dominique Leuenberger 2023-04-13 12:10:22 +00:00
  • aae55b563b Accepting request 1078770 from home:aplanas:branches:security Alberto Planas Dominguez 2023-04-12 15:42:21 +00:00
  • 8ee0ee3e2e Accepting request 1078770 from home:aplanas:branches:security Alberto Planas Dominguez 2023-04-12 15:42:21 +00:00
  • e18b9a008b Accepting request 1078761 from home:aplanas:branches:security Alberto Planas Dominguez 2023-04-12 15:20:32 +00:00
  • 7636097ea8 Accepting request 1078761 from home:aplanas:branches:security Alberto Planas Dominguez 2023-04-12 15:20:32 +00:00
  • 0280ff2755 Accepting request 1072184 from security Dominique Leuenberger 2023-03-17 16:02:33 +00:00
  • 946339c3f8 Accepting request 1072184 from security Dominique Leuenberger 2023-03-17 16:02:33 +00:00
  • 5c4b047874 Accepting request 1072183 from home:aplanas:branches:security Alberto Planas Dominguez 2023-03-15 17:59:09 +00:00
  • 3f6a4182e9 Accepting request 1072183 from home:aplanas:branches:security Alberto Planas Dominguez 2023-03-15 17:59:09 +00:00
  • 8f23d7d2e7 Accepting request 1072170 from home:aplanas:branches:security Alberto Planas Dominguez 2023-03-15 16:47:53 +00:00
  • 0226b7f990 Accepting request 1072170 from home:aplanas:branches:security Alberto Planas Dominguez 2023-03-15 16:47:53 +00:00
  • b25459410b Accepting request 1068976 from security Dominique Leuenberger 2023-03-03 21:24:40 +00:00
  • 22578d255b Accepting request 1068976 from security Dominique Leuenberger 2023-03-03 21:24:40 +00:00
  • 12219c580f Accepting request 1068975 from home:aplanas:branches:security Alberto Planas Dominguez 2023-03-02 16:01:44 +00:00
  • c9502def6b Accepting request 1068975 from home:aplanas:branches:security Alberto Planas Dominguez 2023-03-02 16:01:44 +00:00
  • cd6da99013 Accepting request 1067124 from security Dominique Leuenberger 2023-02-23 15:28:08 +00:00
  • 0c3d6f3aed Accepting request 1067124 from security Dominique Leuenberger 2023-02-23 15:28:08 +00:00
  • 6c2c82ac92 Accepting request 1067123 from home:aplanas:branches:security Alberto Planas Dominguez 2023-02-22 09:48:27 +00:00