------------------------------------------------------------------- Mon Dec 13 15:53:39 UTC 2021 - aplanas@suse.com - Update to version 0.1.0+git.1639176416.fc90088: * Code refactor to use updated tss-esapi - Drop add_property_tag_variant_for_maxcapbuffer.patch, included in the upstream crate ------------------------------------------------------------------- Wed Nov 24 13:48:07 UTC 2021 - Alberto Planas Dominguez - Conflict with keylime-agent, keylime-config and keylime-firewalld - Add keylime_ima_emulator tool - Add patch add_property_tag_variant_for_maxcapbuffer.patch ------------------------------------------------------------------- Fri Nov 19 13:02:48 UTC 2021 - aplanas@suse.com - Update to version 0.1.0+git.1637095429.d5a3191: * Run Fedora tests on unified Keylime test container * ima_emulator: Print error message when TCTI envvar is not set * Add keylime_ima_emulator executable for testing * Fix 0mq problem * ci: Check unit test coverage with cargo tarpaulin (#216) * config: merge with Python keylime.conf and remove unused entries * Add support for contact ip and port * common: move get env or from config into sperate function * keys_handler: Add unit tests * quotes_handler: Add unit tests (#265) * Fix bugs that occur after a delete and re-add from the tenant * Retain the main loop running after payload execution (#249) * keys_handler: verify HMAC in constant-time (#248) * build: Adjust package dependencies to compile in Fedora (#245) * Generate Cargo.lock file * Add Ueno as a maintainer and set codeowners * Fix clippy errors, update to newest TSS-ESAPI - Drop generate-cargo-lock-file.patch (already in upstream) ------------------------------------------------------------------- Mon Aug 16 14:23:13 UTC 2021 - aplanas@suse.com - Update to version 0.1.0+git.1629114992.890e8c9: * Add "v1.0" prefix to agent APIs - Update generate-cargo-lock-file.patch ------------------------------------------------------------------- Wed Jul 28 08:56:33 UTC 2021 - Alberto Planas Dominguez - Add generate-cargo-lock-file.patch to fix the build system in OBS - Add keylime.conf.diff to adjust the default config file - Adjust build requirements - Add firewalld XML rules - Add systemd keylime_agent.service - Fix license tag ------------------------------------------------------------------- Thu Jul 22 09:20:38 UTC 2021 - aplanas@suse.com - Update to version 0.0.1+git.1626706730.a009476: * libarchive-devel is needed to build on Fedora * Accept sets of U and V keys; use new Key types * Output mask info * Fix for race condition bug * Do not resend pubkey to CV after attestation * Run payload script from a shell * Write out data and run payload * Decrypt payload after key handlers find symm key * Add handler for U and V keys * Add helper functions for handling U and V keys * Some TPM fixes for IMA PCR validation * Do not flush AK context as this causes an error * Fix bug in revocation service * Drop references to vmask * Better documentation of consts * Do not fail if EK cert is not present in TPM NV * Add more verbose logging to better match Python agent * Remove verify stub as we are not using it * tests: Don't pass --allow-signing to swtpm_setup * Fix typos * Add dependency for libzmq3-dev / zeromq-devel * Fix new clippy lints * Add handling for Identity and Integrity quotes * Add Quote functionality * Add marshaling functions for TPM structs ------------------------------------------------------------------- Tue Jun 08 11:59:11 UTC 2021 - aplanas@suse.com - Update to version 0.0.1+git.1620935374.4df2148: * Add function to read PCR mask * Small fixes in TPM functions * Send quote data to actixweb handlers ------------------------------------------------------------------- Tue May 04 12:23:18 UTC 2021 - aplanas@suse.com - Update to version 0.0.1+git.1618949271.f609525: * Add more TPM helper functions * Use PKeys consistently * Rebase on tss-esapi 5.0 * Pass a PKeyRef to asym_verify * Use #[[from] from thiserror * Fix uppercase acronyms * Add testing feature * Remove port bindings for agent * More verbose TPM and revocation error, verbose success * Fix docker networking