rust-keylime/rust-keylime.changes

-------------------------------------------------------------------
Mon Feb 09 14:44:05 UTC 2026 - aplanas@suse.com

- Update vendored crates (bsc#1257908, CVE-2026-25727)
  * time 0.3.47

- Update to version 0.2.8+116:
  * build(deps): bump bytes from 1.7.2 to 1.11.1
  * api: Modify /version endpoint output in version 2.5
  * Add API v2.5 with backward-compatible /v2.5/quotes/integrity
  * tests: add unit test for resolve_agent_id (#1182)
  * (pull-model): enable retry logic for registration
  * rpm: Update specfiles to apply on master
  * workflows: Add test to detect unused crates
  * lib: Drop unused crates
  * push-model: Drop unused crates
  * keylime-agent: Drop unused crates
  * build(deps): bump uuid from 1.18.1 to 1.19.0
  * Update reqwest-retry to 0.8, retry-policies to 0.5
  * rpm: Fix cargo_build macro usage on CentOS Stream
  * fix(push-model): resolve hash_ek uuid to actual EK hash
  * build(deps): bump thiserror from 2.0.16 to 2.0.17
  * workflows: Separate upstream test suite from e2e coverage
  * Send UEFI measured boot logs as raw bytes (#1173)
  * auth: Add unit tests for SecretToken implementation
  * packit: Enable push-attestation tests
  * resilient_client: Prevent authentication token leakage in logs

-------------------------------------------------------------------
Wed Jan 07 15:53:59 UTC 2026 - aplanas@suse.com

- Use tmpfiles.d for /var directories (PED-14736)
  + tmpfiles.keylime renamed to rust-keylime.conf and extended

- Update to version 0.2.8+96:
  * build(deps): bump wiremock from 0.6.4 to 0.6.5
  * build(deps): bump actions/checkout from 5 to 6
  * build(deps): bump chrono from 0.4.41 to 0.4.42
  * packit: Get coverage from Fedora 43 runs
  * Fix issues pointed out by clippy
  * Replace mutex unwraps with proper error handling in TPM library
  * Remove unused session request methods from StructureFiller
  * Fix config panic on missing ek_handle in push model agent
  * build(deps): bump tempfile from 3.21.0 to 3.23.0
  * build(deps): bump actions/upload-artifact from 4 to 6 (#1163)
  * Fix clippy warnings project-wide
  * Add KEYLIME_DIR support for verifier TLS certificates in push model agent
  * Thread privileged resources and use MeasurementList for IMA reading
  * Add privileged resource initialization and privilege dropping to push model agent
  * Fix privilege dropping order in run_as()
  * add documentation on FQDN hostnames
  * Remove confusing logs for push mode agent
  * Set correct default Verifier port (8891->8881) (#1159)
  * Add verifier_url to reference configuration file (#1158)
  * Add TLS support for Registrar communication (#1139)
  * Fix agent handling of 403 registration responses (#1154)
  * Add minor README.md rephrasing (#1151)
  * build(deps): bump actions/checkout from 5 to 6 (#1153)
  * ci: update spec files for packit COPR build
  * docs: improve challenge encoding and async TPM documentation
  * refactor: improve middleware and error handling
  * feat: add authentication client with middleware integration
  * docker: Include keylime_push_model_agent binary
  * Include attestation_interval configuration (#1146)
  * Persist payload keys to avoid attestation failure on restart
  * crypto: Implement the load or generate pattern for keys
  * Use simple algorithm specifiers in certification_keys object (#1140)
  * tests: Enable more tests in CI
  * Fix RSA2048 algorithm reporting in keylime agent
  * Remove disabled_signing_algorithms configuration
  * rpm: Fix metadata patches to apply to current code
  * workflows/rpm.yml: Use more strict patching
  * build(deps): bump uuid from 1.17.0 to 1.18.1
  * Fix ECC algorithm selection and reporting for keylime agent
  * Improve logging consistency and coherency
  * Implement minimal RFC compliance for Location header and URI parsing (#1125)
  * Use separate keys for payload mechanism and mTLS
  * docker: update rust to 1.81 for distroless Dockerfile
  * Ensure UEFI log capabilities are set to false
  * build(deps): bump http from 1.1.0 to 1.3.1
  * build(deps): bump log from 0.4.27 to 0.4.28
  * build(deps): bump cfg-if from 1.0.1 to 1.0.3
  * build(deps): bump actix-rt from 2.10.0 to 2.11.0
  * build(deps): bump async-trait from 0.1.88 to 0.1.89
  * build(deps): bump trybuild from 1.0.105 to 1.0.110
  * Accept evidence handling structures null entries
  * workflows: Add test to check if RPM patches still apply
  * CI: Enable test add-agent-with-malformed-ek-cert
  * config: Fix singleton tests
  * FSM: Remove needless lifetime annotations (#1105)
  * rpm: Do not remove wiremock which is now available in Fedora
  * Use latest Fedora httpdate version (1.0.3)
  * Enhance coverage with parse_retry_after test
  * Fix issues reported by CI regarding unwrap() calls
  * Reuse max retries indicated to the ResilientClient
  * Include limit of retries to 5 for Retry-After
  * Add policy to handle Retry-After response headers
  * build(deps): bump wiremock from 0.6.3 to 0.6.4
  * build(deps): bump serde_json from 1.0.140 to 1.0.143
  * build(deps): bump pest_derive from 2.8.0 to 2.8.1
  * build(deps): bump syn from 2.0.90 to 2.0.106
  * build(deps): bump tempfile from 3.20.0 to 3.21.0
  * build(deps): bump thiserror from 2.0.12 to 2.0.16
  * rpm: Fix patches to apply to current master code
  * build(deps): bump anyhow from 1.0.98 to 1.0.99
  * state_machine: Automatically clean config override during tests
  * config: Implement singleton and factory pattern
  * testing: Support overriding configuration during tests
  * feat: implement standalone challenge-response authentication module
  * structures: rename session structs for clarity and fix typos
  * tpm: refactor certify_credential_with_iak() into a more generic function
  * Add Push Model Agent Mermaid FSM chart (#1095)
  * Add state to avoid exiting on wrong attestation (#1093)
  * Add 6 alphanumeric lowercase X-Request-ID header
  * Enhance Evidence Handling response parsing
  * build(deps): bump quote from 1.0.35 to 1.0.40
  * build(deps): bump libc from 0.2.172 to 0.2.175
  * build(deps): bump glob from 0.3.2 to 0.3.3
  * build(deps): bump actix-web from 4.10.2 to 4.11.0

-------------------------------------------------------------------
Wed Aug 20 09:26:08 UTC 2025 - aplanas@suse.com

- Update vendored crates (bsc#1248006, CVE-2025-55159)
  * slab 0.4.11

- Add Cargo_lock.patch patch to update slab and other dependencies

- Update to version 0.2.8+12:
  * build(deps): bump actions/checkout from 4 to 5
  * build(deps): bump cfg-if from 1.0.0 to 1.0.1
  * build(deps): bump openssl from 0.10.72 to 0.10.73
  * build(deps): bump clap from 4.5.39 to 4.5.45
  * build(deps): bump pest from 2.8.0 to 2.8.1
  * Fix clippy warnings
  * Use verifier-provided interval for continuous attestation timing
  * Add meta object with seconds_to_next_attestation to evidence response
  * Fix boot time retrieval
  * Fix IMA log format (it must be ['text/plain']) (#1073)
  * Remove unnecessary configuration fields
  * cargo: Bump retry-policies to version 0.4.0
  * Bump version to 0.2.8

-------------------------------------------------------------------
Thu Aug 07 12:17:29 UTC 2025 - aplanas@suse.com

- Update vendored crates (bsc#1247193, CVE-2025-58266)
  * shlex 1.3.0

- Rebase keylime-agent.conf.diff for current configuration

- Drop Cargo_lock.patch patch, already present in Cargo.lock

- Update to version 0.2.7+141:
  * service: Use WantedBy=multi-user.target
  * rpm: Add subpackage for push-attestation agent
  * push-model: implement continuous attestation with configurable intervals
  * Retry registration forever in the state machine
  * Add Verifier URL to configuration
  * Align exp.backoff to current configuration format
  * Increase coverage of state machine (using Context)
  * Increase coverage of struct_filler.rs
  * Groom code (remove dead code)
  * Fix exponential backoff (10secs, 4xx accepted)
  * test: Add documentation test to tests/run.sh
  * tpm: Avoid running code example during documentation tests
  * state_machine: Always start the agent from the Unregistered state
  * Add fixes for the URL construction
  * Refactor evidences collection in push attestation agent
  * push-model: refactor attestation logic into a state machine
  * Fix body sending by allowing serializing strings (#1057)
  * Log ResilientClient errors/response status codes (#1055)
  * Add AK signing scheme and hash algorithm to negotiation
  * tpm: Add method to extract signing scheme and hash algorithm from AK
  * Allow custom content-type/accept headers
  * Integrate exponential backoff to registration (#1052)
  * keylime/structures: Rename ShaValues to PcrBanks
  * Add resilient_client for exponential backoff (#1048)

-------------------------------------------------------------------
Mon Jul 14 12:56:25 UTC 2025 - aplanas@suse.com

- Update vendored crates (bsc#1242623, CVE-2025-3416)
  * openssl 0.10.73

- Update to version 0.2.7+117:
  * Increase coverage in evidence handling structure
  * Add Capabilities Negotiations resp. missing fields
  * Fix UEFI test to check file access in all cases
  * context_info_handler: Do not assume /var/lib/keylime exists
  * Fix clippy warnings about uninlined format arguments
  * attestation: Allow unwrap() in tests
  * Increase coverage (groom code, extend unit tests)
  * Include IMA/UEFI logs in Evidence Handling request
  * Include method to get all IMA entries as string
  * Send correct list of pcr banks and sign algorithms
  * Try to fix TPM tests related issues
  * Define attestation perform asynchronous
  * Perform attestation in push model agent binary
  * Refactor code to use new attestation.rs
  * Create attestation.rs for Attestation stuff
  * Move ContextInfo management to its own handler
  * Adjust context_info.rs after rebase
  * Add attestation function to ContextInfo structure
  * Add prohibited signing algorithms, avoid ecschnorr
  * keylime/config: Use macro to implement PushModelConfigTrait
  * Introduce keylime-macros and define_view_trait
  * config: Remove KeylimeConfig structure
  * config: Remove unnecessary options and lazy initialization
  * Fix pcr_bank function to send all possible slots
  * Send Content-Type:application/json on request (#1039)
  * Send correct 'key_algorithm' in certification_keys (#1035)
  * Push Model: Persist Attestation Key to file
  * Add Keylime push model binary to root GNUmakefile
  * Use singleton to avoid multiple Context allocation
  * tests: Do not assume `/var/lib/keylime` exists (#1030)
  * lib/cert: Fix race condition due to use of same file path
  * payloads: Fix race condition in tests
  * Add uefi_log_handler.rs to parse UEFI binary
  * Use IMA log parser to send correct entry count
  * Add IMA log parser
  * build(deps): bump once_cell from 1.19.0 to 1.21.3
  * lib/config/base.rs: Add more unit tests
  * lib/permissions: Add unit tests
  * keylime-agent: move JsonWrapper from common.rs to the library
  * lib/agent_data: Move agent_data related tests from common
  * common: Replace APIVersion with the library Version structure
  * keylime_agent: Move secure_mount.rs to the library
  * lib: Rename keylime_error.rs as error.rs
  * config: Move config to keylime library
  * config: Rename push_model_config to push_model
  * lib: Move permissions.rs from keylime-agent to the lib
  * Extract Capabilities Negotiation info from TPM (#1014)

-------------------------------------------------------------------
Thu Jun 05 11:48:58 UTC 2025 - aplanas@suse.com

- Update vendored crates (bsc#1243861, CVE-2024-12224)
  * idna 1.0.3

- Add Cargo_lock.patch to adjust versions that will allow the
  compilation of mbox crate

- Update to version 0.2.7+70: 
  * build(deps): bump wiremock from 0.6.2 to 0.6.3
  * build(deps): bump uuid from 1.16.0 to 1.17.0
  * lib: Introduce AgentIdentity structure
  * gitignore: Add *.swp and *.orig to be ignored
  * build(deps): bump clap from 4.5.38 to 4.5.39
  * build(deps): bump tokio from 1.45.0 to 1.45.1
  * Unify Push Model structures time formats to UTC (#1016)
  * Add Quote related structures to Keylime library
  * Remove configuration file trailing whitespaces (#1012)
  * keylime-agent.conf: add all accepted TPM encryption algs
  * tpm: add policy auth for EK to activate crendential
  * Enable non standard key sizes and curves for EK and AK
  * config: Use next_back() instead of last() for iterators
  * Update to tss-esapi v7.6.0
  * Avoid duplicated call to ctx.create_ek
  * build(deps): bump clap from 4.5.23 to 4.5.38
  * Add registration for Push Model client
  * build(deps): bump tokio from 1.44.2 to 1.45.0
  * build(deps): bump chrono from 0.4.40 to 0.4.41
  * build(deps): bump tempfile from 3.17.1 to 3.20.0
  * Refactor code: move error, registration to lib
  * Move structure filling and URL selection code (#999)
  * build(deps): bump pest_derive from 2.7.15 to 2.8.0
  * build(deps): bump pest from 2.7.15 to 2.8.0
  * build(deps): bump libc from 0.2.169 to 0.2.172
  * Add Evidence/Authentication messages to prototype
  * build(deps): bump uuid from 1.15.1 to 1.16.0
  * build(deps): bump thiserror from 2.0.11 to 2.0.12
  * build(deps): bump signal-hook from 0.3.17 to 0.3.18
  * build(deps): bump log from 0.4.25 to 0.4.27
  * build(deps): bump assert_cmd from 2.0.16 to 2.0.17
  * build(deps): bump actix-web from 4.9.0 to 4.10.2
  * build(deps): bump reqwest from 0.12.12 to 0.12.15
  * build(deps): bump serde from 1.0.217 to 1.0.219
  * Add unit tests for sessions.rs structures
  * Add auth(sessions) structures
  * Fix minor README.md issue (#988)
  * Define EvidenceHandling structures (#971)
  * Add mockoon test scenario
  * Add client certificates to push-attestation prototype
  * Cargo: bump url crate to version 2.5.4
  * Add logging to the push attestation prototype
  * Do not use certificate on insecure mode
  * common: Move the EncryptedData structure from common to the library
  * common: Move AuthTag from common to the library
  * build(deps): bump openssl from 0.10.71 to 0.10.72
  * common: Move Symmkey to library as crypto::symmkey
  * common: Remove unused constants and static values
  * build(deps): bump tokio from 1.43.0 to 1.44.2
  * Refactor code: Include AgentIdentity structure
  * Push model prototype
  * Add support for ek certificate chain, stored in TPM NVRAM.
  * Recover key_class field and set it as "asymmetric"
  * Update push model structures to latest values
  * build(deps): bump serde_json from 1.0.138 to 1.0.140
  * packit: Add identifier for each copr_build job
  * keylime-agent.conf: only mention ecdsa and rsassa for signing
  * build(deps): bump openssl from 0.10.70 to 0.10.71
  * build(deps): bump uuid from 1.13.2 to 1.15.1
  * Add capabilities_negotiation structures
  * packit: Add compatibility/api_version_compatibility test
  * build(deps): bump uuid from 1.11.0 to 1.13.2
  * build(deps): bump serde_json from 1.0.135 to 1.0.138
  * build(deps): bump thiserror from 2.0.9 to 2.0.11
  * build(deps): bump tempfile from 3.14.0 to 3.17.1
  * Allow agent to start as non-root
  * scripts: Fix coverage information downloading script
  * build(deps): bump openssl from 0.10.68 to 0.10.70
  * build(deps): bump tokio from 1.42.0 to 1.43.0

-------------------------------------------------------------------
Mon Jan 27 09:43:30 UTC 2025 - aplanas@suse.com

- Update to version 0.2.7+1:
  * dist: Enable logging for keylime library in the service
  * Bump version to 0.2.7
  * scripts: Download coverage data from Testing Farm directly
  * main: Remove unnecessary lifetime
  * cargo: Bump pretty_env_logger to version 0.5.0
  * scripts: Fix regex in download_packit_coverage.sh
  * cargo: Bump clap crate to version 4.5.23
  * cargo: Bump base64 crate to version 0.22.1
  * build(deps): bump log from 0.4.22 to 0.4.25
  * build(deps): bump serde_json from 1.0.133 to 1.0.135
  * cargo: Bump tokio crate to version 1.42.0
  * packit: Fix RPM builds on copr
  * cargo: Bump thiserror crate to version 0.2.9
  * cargo: Update reqwest to version 0.12.12
  * build(deps): bump libc from 0.2.168 to 0.2.169
  * build(deps): bump glob from 0.3.1 to 0.3.2
  * version: Implement API version validation and ordering
  * main: Support using multiple API versions for registration
  * keylime: Introduce the registrar_client module
  * Provide endpoints under multiple API versions
  * Move 'serialization' module to the keylime library
  * Drop unnecessary dependency on common::API_VERSION
  * keylime-agent.conf: Bump version to 2.3
  * build(deps): bump serde from 1.0.210 to 1.0.217
  * build(deps): bump pest_derive from 2.7.14 to 2.7.15
  * build(deps): bump pest from 2.7.14 to 2.7.15
  * build(deps): bump libc from 0.2.167 to 0.2.168
  * config: Make IAK and IDevID certificates optional
  * Fix warnings reported by clippy
  * workflows: Run job in the CI container directly
  * tests: Add unit test for device ID builder
  * main: Move IAK/IDevID related code to dedicated module
  * tests: Add script to generate IAK and IDevID certificates
  * build(deps): bump openssl from 0.10.66 to 0.10.68
  * build(deps): bump uuid from 1.10.0 to 1.11.0
  * build(deps): bump serde_json from 1.0.128 to 1.0.133
  * build(deps): bump actix-web from 4.5.1 to 4.9.0
  * build(deps): bump reqwest from 0.12.7 to 0.12.9
  * tests/setup_swtpm.sh: Add script to setup temporary TPM
  * Use a single TPM context and avoid race conditions during tests
  * config: Enable passing a hostname instead of IP
  * build(deps): bump clap from 4.3.11 to 4.5.21
  * build(deps): bump tempfile from 3.10.1 to 3.14.0
  * build(deps): bump pest_derive from 2.7.6 to 2.7.14
  * build(deps): bump pest from 2.7.6 to 2.7.14
  * build(deps): bump codecov/codecov-action from 4 to 5
  * workflows: Submit the coverage for merged PR from Fedora 41
  * tests: Use Fedora 41 to generate code coverage
  * api: Make API configuration modular
  * agent_handler: Move the /agent scope configuration
  * notifications_handler: Move the /notifications scope configuration
  * quotes_handler: Move the /quotes scope configuration to quotes_handler
  * keys_handler: Move /keys scope configuration to keys_handler
  * Use ${DESTDIR} for config
  * Fix showing wrong UUID
  * build(deps): bump actix-rt from 2.9.0 to 2.10.0
  * config: Refactor AgentConfig Source trait implementation
  * build(deps): bump log from 0.4.21 to 0.4.22
  * build(deps): bump serde_json from 1.0.120 to 1.0.128
  * tpm: check if EK certificate has valid ASN.1 DER encoding
  * build(deps): bump futures from 0.3.27 to 0.3.31
  * cargo: Bump reqwest to version 0.12.7
  * build(deps): bump serde from 1.0.203 to 1.0.210
  * tests: Add more tests to Packit CI
  * build(deps): bump docker/build-push-action from 5 to 6
  * tests: apply workarounds to known bugs

-------------------------------------------------------------------
Mon Sep 02 11:53:27 UTC 2024 - aplanas@suse.com

- Update vendored crates (bsc#1229952, bsc#1230029, CVE-2024-43806)
  * rustix 0.37.25
  * rustix 0.38.34
  * shlex  1.3.0

- Update to version 0.2.6+13:
  * Enable test functional/iak-idevid-persisted-and-protected
  * build(deps): bump uuid from 1.7.0 to 1.10.0
  * build(deps): bump openssl from 0.10.64 to 0.10.66
  * keylime-agent/src/revocation: Fix comment indentation
  * keylime/crypto: Fix indentation of documentation comment
  * build(deps): bump thiserror from 1.0.59 to 1.0.63
  * build(deps): bump serde_json from 1.0.116 to 1.0.120
  * dependabot: Extend to also monitor workflow actions
  * ci: Disable Packit CI on CentOS Stream 9
  * ci: use CODECOV_TOKEN when submitting coverage data
  * revocation: Use into() for unfallible transformation
  * secure_mount: Fix possible infinite loop
  * error: Rename enum variants to avoid clippy warning

-------------------------------------------------------------------
Fri Jun 14 07:39:29 UTC 2024 - aplanas@suse.com

- Update to version 0.2.6~0:
  * Bump version to 0.2.6
  * build(deps): bump libc from 0.2.153 to 0.2.155
  * build(deps): bump serde from 1.0.196 to 1.0.203
  * rpm/fedora: Update rust macro usage
  * config: Support hostnames in registrar_ip option
  * added use of persisted IAK and IDevID and authorisation values
  * config changes
  * Adding /agent/info API to agent
  * Fix leftover 'unnecessary qualification' warnings on tests

-------------------------------------------------------------------
Thu May 16 13:40:05 UTC 2024 - aplanas@suse.com

- Update to version 0.2.5~4:
  * Fix 'unnecessary qualification' warnings
  * fix IAK template to match IDevID
  * rpm: fix COPR RPMs build for centos-stream-10
  * Build COPR RPMs for centos-stream-10

-------------------------------------------------------------------
Thu May 02 07:31:40 UTC 2024 - aplanas@suse.com

- Update to version 0.2.5~0:
  * Bump version to 0.2.5
  * cargo: Relax required version for pest crate
  * build(deps): bump log from 0.4.20 to 0.4.21
  * build(deps): bump thiserror from 1.0.56 to 1.0.59

-------------------------------------------------------------------
Tue Apr 30 07:52:30 UTC 2024 - aplanas@suse.com

- actix-web update moves rustls as feature (bsc#1223234, CVE-2024-32650)
- Update to version 0.2.4~39:
  * build(deps): bump openssl from 0.10.63 to 0.10.64
  * build(deps): bump h2 from 0.3.24 to 0.3.26
  * build(deps): bump serde_json from 1.0.107 to 1.0.116
  * build(deps): bump actix-web from 4.4.1 to 4.5.1
  * crypto: Enable TLS 1.3
  * build(deps): bump tempfile from 3.9.0 to 3.10.1
  * build(deps): bump mio from 0.8.4 to 0.8.11
  * enable hex values to be used for tpm_ownerpassword
  * config: Support IPv6 with or without brackets
  * keylime: Implement a simple IP parser to remove brackets
  * crypto: Implement CertificateBuilder to generate certificates
  * tests: Fix coverage download by supporting arbitrary URL
  * cargo: Add testing feature to keylime library
  * Set X509 SAN with local DNSname/IP/IPv6
  * Include newest Node20 versions for Github actions
  * tpm: Add unit test for uncovered public functions
  * crypto: Implement ECC key generation support
  * crypto: Add test for match_cert_to_template()
  * Fix minor typo, format and remove end whitespaces
  * crypto: Make error types less specific
  * tests/run.sh: Run tarpaulin with a single thread
  * payloads: Remove explicit drop of channel transmitter
  * crypto: Move to keylime library
  * crypto: Add specific type for every possible error
  * tpm: Rename origin of error as source in structures
  * list_parser: Add source for error for backtrace
  * algorithms: Make errors more specific
  * typo fix for default path to measured boot log file
  * README: remove mentions of libarchive as a dependency
  * Dockerfile.wolfi: Update clang to version 17
  * docker: Remove libarchive as a dependency
  * rpm: Remove libarchive from dependencies
  * cargo: Replace compress-tools with zip crate
  * cargo: Bump ahash to version 0.8.7
  * build(deps): bump serde from 1.0.195 to 1.0.196
  * build(deps): bump libc from 0.2.152 to 0.2.153
  * build(deps): bump reqwest from 0.11.23 to 0.11.24
  * docker: Install configuration file in the correct path
  * config: Make IAK/IDevID disabled by default

-------------------------------------------------------------------
Wed Jan 31 09:22:00 UTC 2024 - aplanas@suse.com

- Update to version 0.2.4+git.1706692574.a744517:
  * Bump version to 0.2.4
  * build(deps): bump uuid from 1.4.1 to 1.7.0
  * keylime-agent.conf: Allow setting event logs paths
  * Mutable log paths: allow IMA and MBA log paths to be overridden by keylime configuration.
  * workflows: Update checkout action to version 4
  * build(deps): bump serde from 1.0.188 to 1.0.195
  * build(deps): bump pest_derive from 2.7.0 to 2.7.6
  * build(deps): bump openssl from 0.10.62 to 0.10.63
  * build(deps): bump config from 0.13.3 to 0.13.4
  * build(deps): bump base64 from 0.21.4 to 0.21.7
  * build(deps): bump tempfile from 3.8.0 to 3.9.0
  * build(deps): bump pest from 2.7.0 to 2.7.6
  * build(deps): bump actix-web from 4.4.0 to 4.4.1
  * build(deps): bump reqwest from 0.11.22 to 0.11.23
  * build(deps): bump h2 from 0.3.17 to 0.3.24
  * build(deps): bump shlex from 1.1.0 to 1.3.0
  * cargo: Bump tss-esapi to version 7.4.0
  * workflows: Fix keylime-bot token usage
  * tpm: Add error context for every possible error
  * tpm: Add AlgorithmError to TpmError
  * detect idevid template from certificates
  * build(deps): bump wiremock from 0.5.18 to 0.5.22
  * build(deps): bump thiserror from 1.0.48 to 1.0.56
  * Make use of workspace dependencies
  * build(deps): bump openssl from 0.10.57 to 0.10.62
  * packit: Bump Fedora version used for code coverage

-------------------------------------------------------------------
Fri Dec 01 10:04:40 UTC 2023 - aplanas@suse.com

- Update to version 0.2.3+git.1701075380.a5dc985:
  * build(deps): bump actix-rt from 2.8.0 to 2.9.0
  * Bump version to 0.2.3
  * build(deps): bump reqwest from 0.11.20 to 0.11.22
  * Bump configuration version and fix enable_iak_idevid
  * Enable test functional/iak-idevid-register-with-certificates
  * Update packit plan with new tests
  * Add certificates and certificate checking for IDevID and IAK keys (#669)

-------------------------------------------------------------------
Fri Nov 03 15:23:05 UTC 2023 - aplanas@suse.com

- Update to version 0.2.2+git.1697658634.9c7c6fa:
  * build(deps): bump rustix from 0.37.11 to 0.37.25
  * build(deps): bump tempfile from 3.6.0 to 3.8.0
  * build(deps): bump base64 from 0.21.0 to 0.21.4
  * build(deps): bump serde_json from 1.0.96 to 1.0.107
  * build(deps): bump openssl from 0.10.55 to 0.10.57
  * cargo: Bump serde to version 1.0.188
  * tests: Fix tarpaulin issues with dropped -v option
  * build(deps): bump signal-hook from 0.3.15 to 0.3.17
  * build(deps): bump actix-web from 4.3.1 to 4.4.0
  * build(deps): bump thiserror from 1.0.40 to 1.0.48
  * Remove private_in_public
  * Initial PR to add support for IDevID and IAK
  * build(deps): bump uuid from 1.3.1 to 1.4.1
  * build(deps): bump log from 0.4.17 to 0.4.20
  * build(deps): bump reqwest from 0.11.16 to 0.11.20
  * Do not use too specific version on cargo audit workflow
  * Add workflow to run cargo-audit security audit
  * README: update dependencies for Debian and Ubuntu
  * Use latest versions of checkout/upload-artifacts
  * docker: Add 'keylime' system user
  * Use "currently" for swtpm emulator warning (#632)
  * Update container workflow actions versions
  * Build container image and push to quay.io
  * README: update requirements

-------------------------------------------------------------------
Fri Jul 14 07:31:23 UTC 2023 - aplanas@suse.com

- Update to version 0.2.2+git.1689256829.3d2b627:
  * Bump version to 0.2.2
  * build(deps): bump tempfile from 3.5.0 to 3.6.0
  * removing SIGINT stop signals from Dockerfiles and systemd service, as well as adding SIGTERM to IMA emulator as shutdown signal

-------------------------------------------------------------------
Wed Jul 12 14:17:39 UTC 2023 - aplanas@suse.com

- Update to version 0.2.1+git.1689167094.67ce0cf:
  * cargo: Bump serde to version 1.0.166
  * build(deps): bump libc from 0.2.142 to 0.2.147
  * adding release Dockerfiles in 3 flavours: fedora, distroless and wolfi
  * hash: add more configurable hash algorithm for public key digest
  * cargo: Update clap to version 4.3.11
  * cargo: Bump tokio crate version to 1.28.2
  * Add an example of IMA policy
  * main: Gracefully shutdown on SIGTERM or SIGINT
  * cargo: Bump proc-macro2 crate version
  * revocation: Parse revocation actions flexibly
  * crypto: Add unit tests for x509 functions
  * crypto: Make internal functions private
  * config: Add unit test for the list to files mapping
  * config: Make trusted_client_ca to accept lists
  * lib: Implement parser for lists from config file
  * build(deps): bump openssl from 0.10.48 to 0.10.55
  * Add secure mount sanity test to packit testing.
  * [packit] Do not let COPR project expire

-------------------------------------------------------------------
Wed Jun  7 09:08:22 UTC 2023 - Alberto Planas Dominguez <aplanas@suse.com>

- Recommends the IMA Policy subpackage only if SELinux is configured

-------------------------------------------------------------------
Mon Jun 05 08:41:33 UTC 2023 - aplanas@suse.com

- Update to version 0.2.1+git.1685699835.3c9d17c:
  * Remove MOUNT_SECURE bool
  * rpm: Remove unused directory and add dependency for mount
  * keylime-agent/src: update API version to 2.1 to consistent with https://github.com/keylime/keylime/blob/master/docs/rest_apis.rst
  * docker/fedora/keylime_rust.Dockerfile: add the logic of cloning and compiling rust-keylime
  * [tests] Update test coverage task name regexp
  * [tests] Simply coverage file URL parsing

-------------------------------------------------------------------
Thu Apr 27 09:34:45 UTC 2023 - aplanas@suse.com

- Update to version 0.2.1+git.1682587333.b497f1d:
  * Bump version to 0.2.1
  * Cargo: Update base64 to version 0.21
  * build(deps): bump enumflags2 from 0.7.5 to 0.7.7
  * build(deps): bump uuid from 1.3.0 to 1.3.1
  * build(deps): bump libc from 0.2.141 to 0.2.142
  * keylime-agent/src/common.rs: remove VTPM and IMA stub variables
  * rpm/fedora: Use vendored dependencies for all versions
  * packit: Enable building RPM on Copr for fedora-all
  * rpm/fedora: Fix metadata patch
  * build(deps): bump serde from 1.0.159 to 1.0.160
  * build(deps): bump serde_json from 1.0.95 to 1.0.96
  * cargo: Drop default features from actix-web
  * cargo: Drop default features from reqwest crate
  * cargo: Drop default features from config crate
  * build(deps): bump tempfile from 3.4.0 to 3.5.0
  * build(deps): bump libc from 0.2.140 to 0.2.141

-------------------------------------------------------------------
Fri Apr 14 07:42:55 UTC 2023 - aplanas@suse.com

- Update to version 0.2.0+git.1681457715.54484b7:
  * build(deps): bump h2 from 0.3.14 to 0.3.17 (CVE-2023-26964,
    bsc#1210344)
  * build(deps): bump reqwest from 0.11.15 to 0.11.16

-------------------------------------------------------------------
Wed Apr 12 14:52:38 UTC 2023 - aplanas@suse.com

- Update to version 0.2.0+git.1681223954.646cf61:
  * Allow setting measured boot log path for testing
  * build(deps): bump base64 from 0.13.1 to 0.21.0
  * build(deps): bump wiremock from 0.5.14 to 0.5.18
  * Build Fedora and CentOS packages on Copr using packit
  * build(deps): bump serde_json from 1.0.91 to 1.0.95
  * build(deps): bump actix-rt from 2.7.0 to 2.8.0
  * build(deps): bump base64 from 0.13.1 to 0.21.0
  * build(deps): bump serde from 1.0.147 to 1.0.159
  * build(deps): bump glob from 0.3.0 to 0.3.1
  * Add missing test from keylime testsuite to e2e plan
  * Fix typo in name of test for generating coverage
  * build(deps): bump thiserror from 1.0.38 to 1.0.40
  * build(deps): bump base64 from 0.13.1 to 0.21.0
  * build(deps): bump actix-web from 4.2.1 to 4.3.1
  * build(deps): bump serde from 1.0.145 to 1.0.147
  * build(deps): bump libc from 0.2.139 to 0.2.140
  * build(deps): bump futures from 0.3.25 to 0.3.27
  * build(deps): bump reqwest from 0.11.12 to 0.11.15
  * build(deps): bump config from 0.13.2 to 0.13.3
  * build(deps): bump openssl from 0.10.45 to 0.10.48
  * build(deps): bump tokio from 1.24.2 to 1.26.0
  * Cargo: Update tempfile to 3.4.0 version

-------------------------------------------------------------------
Wed Mar 15 16:46:28 UTC 2023 - Alberto Planas Dominguez <aplanas@suse.com>

- Add keylime-ima-policy subpackage to provide a better IMA policy

-------------------------------------------------------------------
Thu Mar 02 15:12:27 UTC 2023 - aplanas@suse.com

- Update to version 0.2.0+git.1677691779.f7edd9a:
  * Disable e2e on Rawhide due to RHBZ#2171376
  * Change number of required uploaded files
  * Coverage for rust agent as github action.
  * config: Skip validation of keylime_dir during tests

-------------------------------------------------------------------
Thu Mar  2 15:11:47 UTC 2023 - Alberto Planas Dominguez <aplanas@suse.com>

- Create the certificiate directory

-------------------------------------------------------------------
Wed Feb 22 09:07:12 UTC 2023 - aplanas@suse.com

- Update to version 0.2.0+git.1677002906.cf6c4f0:
  * Bump version to 0.2.0
  * packit: Remove workaround for Fedora BZ#2158598
  * ima-emulator: Implement graceful shutdown
  * Update tss-esapi in Cargo.toml
  * packit: Re-enable tests on Fedora Rawhide
  * Deprecate `with-zmq` and `legacy-python-actions` features

-------------------------------------------------------------------
Thu Feb 16 12:51:38 UTC 2023 - aplanas@suse.com

- Drop zmq from the feature set
- Remove already merged patches:
  * 0001-keylime-agent-remove-const_err-deny.patch
  * 0001-Cargo.toml-tss-esapi-bindings.patch
- Update to version 0.1.0+git.1676549716.5382ed9:
  * Cargo: Update clap minimum version to 3.2
  * Cargo: Update uuid minimum version to 1.3
  * Cargo: Update tokio minimum version to 1.24 and reduce features
  * build(deps): bump tss-esapi from 7.1.0 to 7.2.0
  * cargo deb: include shim.py in packaging
  * build(deps): bump thiserror from 1.0.36 to 1.0.38
  * keylime-agent.conf: Add comments on how to override options
  * config: Fix overriding options with env vars
  * Add missing e2e tests and reordering tests based on alphabetical order
  * e2e tests: Fix test name
  * Store associated U keys, auth tags, and payloads together
  * Refactor ZeroMQ revocation listener to not block
  * keylime-agent: Gracefully shutdown on SIGINT
  * Refactor async code for keys and payloads
  * main: Move payload related functions to payloads module
  * main: Run ZeroMQ service in a separate task
  * Remove unused option "openstack" for obtaining uuid
  * algorithms: fix typo
  * clippy: fix uninlined_format_args warnings
  * clippy: fix needless_borrow warnings
  * crypto, mTLS: allow certificate chain for trusted_client_ca
  * build(deps): bump base64 from 0.13.0 to 0.13.1
  * build(deps): bump serde_json from 1.0.85 to 1.0.91
  * build(deps): bump libc from 0.2.133 to 0.2.139
  * build(deps): bump bumpalo from 3.11.0 to 3.12.0
  * build(deps): bump futures from 0.3.24 to 0.3.25
  * Cargo.toml: tss-esapi bindings
  * packit-ci: Disable Rawhide due to agent compilation issues
  * packit-ci: Add hotfix for tpm2-tss Fedora BZ#2158598
  * keylime-agent: remove const_err deny
  * build(deps): bump tokio from 1.23.0 to 1.24.2

-------------------------------------------------------------------
Mon Jan 16 14:02:08 UTC 2023 - aplanas@suse.com

- Update to version 0.1.0+git.1672681780.762cec8:
  * build(deps): bump openssl from 0.10.41 to 0.10.45
  * build(deps): bump tokio from 1.21.1 to 1.23.0
  * Disable dnf-makecache.service to save RAM
  * CI tests: Do not remove Fedora tag repository
  * add support for cargo deb
  * Pacify clippy::needless-borrow
  * Move tpm.rs from keylime-agent to the library
  * Split crates into library and applications
- Add 0001-keylime-agent-remove-const_err-deny.patch
- Fix "cargo install" with workspaces
  https://github.com/rust-lang/cargo/issues/7599
- Add 0001-Cargo.toml-tss-esapi-bindings.patch

-------------------------------------------------------------------
Fri Dec 09 13:10:40 UTC 2022 - aplanas@suse.com

- Update to version 0.1.0+git.1670590616.e80c67a:
  * main: only read uuid from KeylimeConfig
  * Enabling more e2e tests in Packit CI
  * systemd: start agent after network is online
  * Cargo: Drop unused dependencies rust-ini and toml

-------------------------------------------------------------------
Tue Oct 25 08:16:33 UTC 2022 - aplanas@suse.com

- Add cargo-audit service per policy
- Update to version 0.1.0+git.1666019359.f5de47b:
  * README: mark Rust agent as the official one, fix cargo run command

-------------------------------------------------------------------
Wed Oct 12 07:51:22 UTC 2022 - aplanas@suse.com

- Drop bindgen.patch as is already upstream
- Update to version 0.1.0+git.1664480840.0ea0492:
  * Increase unit testing
  * Test all features with cargo tarpaulin
  * Cargo.toml: tss-esapi bindings

-------------------------------------------------------------------
Mon Sep 26 14:15:04 UTC 2022 - aplanas@suse.com

- Rebase bindgen.patch and upstream the change
- Rebase keylime-agent.conf.diff
- Store the configuration file in /usr/etc/keylime/agent.conf
- Fix keylime user creation
- Drop webapp service port in firewall XML service file
- Update to version 0.1.0+git.1663769444.6318234:
  * Update comments in the configuration file
  * config: Align config locations with the python components
  * config: Add configuration file version
  * config: Add back support for KEYLIME_DIR env var
  * Change configuration format to TOML
  * Add support for using passphrase protected key
  * Do not try to load TPM data generated by another TPM
  * Allow using existing key and certificate
  * Remove the agent TPM data from the config struct
  * Rename the configuration options
  * Use password to generate EK when provided
  * Add tpm_ownerpassword option to keylime.conf
  * Add cargo audit to CI static tests
  * Add agent and faked_measured_boot_log tests context
  * Appease clippy

-------------------------------------------------------------------
Wed Aug 10 13:39:08 UTC 2022 - aplanas@suse.com

- Update to version 0.1.0+git.1659977521.0186093:
  * Fix display of mb measurement file path
  * Add more helpful error when config file is not found
  * Fix small comment about implementing TPM ownership
  * main: die when cannot drop privileges
  * keylime.conf: add run_as section
  * Use Rust agent-specific config in Makefile
  * Fix typo in listen_notifications option in keylime.conf
  * tpm: Support pre-existing EK
  * Set swtpm context which is later used for test filtering
  * Add GitLeaks configuration to ignore RSA key used for testing
  * Handle whitespace in keylime.conf
- Rename keylime.conf.diff to keylime-agent.conf.diff
- Drop 0001-main-die-when-cannot-drop-privileges.patch, as is already
  merged upstream
- Add bindgen.patch to add more architectures

-------------------------------------------------------------------
Tue Jul 12 09:20:39 UTC 2022 - aplanas@suse.com

- Update to version 0.1.0+git.1657303637.5b9072a:
  * keys_handler: Use scopes to drop mutexes before await
  * Enable usage of Rust IMA emulator in E2E tests.
  * ima_emulator: Support PCR hash algorithms other than SHA-1
  * ima_entry: add IMA entry parser ported from Python Keylime
  * algorithms: Add conversion between our hash algorithms and OpenSSL's
  * Remove unused functions revocation_ip_get and revocation_port_get. Change String to &str.
  * Adjust function usage comments to account for new parameters.
  * Load config file less at startup in src/common.rs
  * GNUmakefile: Make target dependencies explicit
  * permissions: Set supplementary groups when dropping privileges
  * main: Use more descriptive message for missing files error
  * Show path when fail to load the certificate
  * tpm: Add serialization functions for structures in quotes
- Requires tpm2.0-abrmd dependency, as the kernel resource manager
  could be not enough
- Downgrade /var/run/keylime permissions
- Set "run_as" parameter to "keylime:tss"
- Create the keylime user via systemd
- Fix keylime service home directory
- Add 0001-main-die-when-cannot-drop-privileges.patch to avoid the
  execution as root when the run_as user is missing in the system

-------------------------------------------------------------------
Wed Jun 22 08:45:20 UTC 2022 - Alberto Planas Dominguez <aplanas@suse.com>

- Update to version 0.1.0+git.1655384301.b834667:
  * Update fmf plans to run test with IMA policy
  * .github/dependabot.yml: prevent updates that require manifest change
- Add logrotate configuration for the agent service
- Requires libtss2-tcti-device0 to interact with the real device
- Drop legacy Python subpackage and feature
- Move conflicts into the Python version

-------------------------------------------------------------------
Wed Jun 15 09:52:48 UTC 2022 - Alberto Planas Dominguez <aplanas@suse.com>

- Drop CFSSL port from the keylime.xml firewalld rules

-------------------------------------------------------------------
Tue Jun 14 11:05:01 UTC 2022 - aplanas@suse.com

- Update to version 0.1.0+git.1655143451.7c4121e:
  * Add dependabot for automatic dependency updates
  * config: remove unused options
  * persist AK, NK and mTLS certificate to disk
  * Update tokio minimum version
  * Adjust CI test name according to keylime-tests PR#125
  * Make wiremock an optional dependency
  * Drop unused dependency flate2
  * Drop unused dependency rustc-serialize
  * Update clap dependency to 3.1.18
  * add support for "hash_ek" UUID creation
  * tpm: add and use EKResult struct as return value for create_ek(..)
  * replace custom marshall functions with the offical one
  * update to tss-esapi 7.1.0
  * quotes_handler: Rewind measured boot log file
  * Add test /functional/measured-boot-swtpm-sanity to Packit CI plan
  * OpenSSL on deb family is now libssl-dev

-------------------------------------------------------------------
Tue May 24 14:10:38 UTC 2022 - aplanas@suse.com

- Update to version 0.1.0+git.1653314004.ceda2ec:
  * Skip serialization of optional fields
  * Make support for legacy python revocation actions optional
  * main: Do not try to load CA cert if mTLS is disabled
  * CI: Add packit to run end-to-end tests
  * GNUmakefile: Install shim.py
  * Add service for secure mount
  * secure_mount: Do not try to give ownership to root
  * secure_mount: Rewrite check_mount()
  * main: Ignore original ownership when unzipping files
  * Drop privileges to run as normal user and group
  * main: Mount secure mount before dropping the privileges
  * main: Open files that require privilege at the beginning
  * quotes_handler: Fix measured boot list encoding
  * Fix typo in config_get()
  * Add option to disable mTLS
  * Update actix-web to 4, remove tokio 0.2 dependencies
  * crypto: Add helper function to convert public key to PEM string
  * Add ansasaki as maintainer

-------------------------------------------------------------------
Wed Apr 13 09:54:42 UTC 2022 - aplanas@suse.com

- Update to version 0.1.0+git.1649449492.59856c2:
  * errors_handler: Add handler for 404 error
  * errors_handler: Add tests for error handlers
  * main: Add handler for actix request parsing errors
  * main: Add default handlers for each scope
  * main: Use actix middleware to log requests
  * common: Change status code type from u32 to u16
  * common: Use trait ToString for status on JsonWrapper::error
  * quotes_handler: Add used measured boot path to warning message
  * common: Rename JsonWrapper::new as JsonWrapper::success
  * Generalize error JSON wrapping
  * main: Use scopes to organize API
  * Use JSON wrapper on error responses
  * quotes_handler: Simplify integrity quote structures
  * quotes_handler: Improve query parameters parsing
  * quotes_handler: Add missing log messages
  * keys_handler: Add API to verify derived key
  * keys_handler: Remove workaround for missing JSON Content-Type
  * keys_handler: Fix test for 256-bits keys
  * Use shared JSON wrapper for HTTP responses
  * ima: Avoid using unwrap() or panic!()
  * Apply changes suggested by cargo fmt and cargo clippy
  * ima: Read IMA measurement list begining at n-th entry.
  * ima: Get ima_ml_entry from HTTP request
  * version_handler: Introduce /version REST endpoint (#313)
  * main: Do not error if payload_script is not found
  * Remove revocation actions naming restriction
  * Revert API version to 2.0
  * Set working directory via KEYLIME_DIR env variable

-------------------------------------------------------------------
Fri Mar  4 16:02:57 UTC 2022 - Alberto Planas Dominguez <aplanas@suse.com>

- Add work_dir directory in /var/lib/keylime
- Add subpackage rust-keylime-python to execute revocation payload in Python

-------------------------------------------------------------------
Tue Mar 01 14:21:35 UTC 2022 - aplanas@suse.com

- Update to version 0.1.0+git.1645537954.2f1447d:
  * Make zmq an optional dependency
  * notifications_handler: Introduce /notifications/revocation REST endpoint
  * revocation: Move out revocation message processing
  * revocation: Make get_revocation_cert_path() public
  * Install systemd unit file

-------------------------------------------------------------------
Tue Feb 22 12:34:16 UTC 2022 - aplanas@suse.com

- Update to version 0.1.0+git.1645023877.811a869:
  * Make clippy happy.
  * Add a --help message.
  * Depend on Rust-TSS-ESAPI 7.0.0 stable
  * main: Return error on initialization if python shim is missing
  * common: Add hardcoded config defaults for revocation
  * main: Add execution permissions to revocation actions
  * revocation: Log revocation actions output
  * revocation: Fix get_revocation_cert_path() comment
  * gitignore: Add filters for some temporary files
  * revocation: Do not ignore revocation actions from config
  * revocation: Implement python actions support
  * tests: Implement proof-of-concept python shim
  * revocation: Implement lookup_action() function
  * common: Add revocation actions configurations
  * revocation: Enforce local action naming restriction
  * revocation: Remove duplicate logger initialization
  * crypto: unfiy import_x509 and load_x509
  * update Cargo.lock
  * common: update API version to v2.0
  * tpm: drop zlib compression in quotes
  * run agent webserver with mTLS enabled and add mtls_cert to registrar
  * crypto: load and generate X509 certificates, mTLS context generation
  * keylime.conf: add setting for Keylime CA
  * Bump tss-esapi crate to 7.0.0-beta.1
  * Update to fix typo
  * Use Path and PathBuf consistently to represent paths
  * Bump versions of some dependencies
  * quotes_handler: Check quotes in tests
  * tpm: Remove hard-coded struct sizes with std::mem::size_of
  * tpm: Let compiler to infer arch-dependent integer types
  * Use CString as the first argument of libc::chown
  * keys_handler: Add API to get public key (#284)
  * crypto: Fix algorithms used for revocation signature (#275)
  * revocation: Use revocation certificate set by configuration (#300)
  * common: Add revocation_cert to the global configuration structure
  * ima_emulator: Fix running hash calculation on resumption
  * keys_handler: Add test with encrypted payload
  * main: Use condition variable to wait for payload encryption key
  * main: Use Option to represent a combined key
  * main: Redefine KeySet as a vector
  * keys_handler, main: Move crypto operations to crypto module
  * keys_handler: Make use of type safe payload deserialization
  * Remove unused imports
  * Remove duplicate CODEOWNERS file
  * Remove panic when running rev action
  * move global configuration into a single struct
  * Add codeowners

-------------------------------------------------------------------
Mon Jan 10 13:06:42 UTC 2022 - aplanas@suse.com

- Update to version 0.1.0+git.1641587454.1248597:
  * quotes_handler: send TPM2 event log for measured boot
  * serialization: move serialization into separate module
  * try to load AK from disk instead of always creating a new one
  * update Cargo.lock file
  * make hash, encryption and signing algorithm configurable
  * tpm: remove get_sig_scheme(..) function
  * hash: rename to algorithms and implement tss conversions
  * cmd_exec: remove cmd_exec module
  * secure_mount: fix mount of tmpfs for secure directory
  * common: change default WORK_DIR to /var/lib/keylime
  * tpm: remove special handling for PCR10

-------------------------------------------------------------------
Mon Dec 13 15:53:39 UTC 2021 - aplanas@suse.com

- Update to version 0.1.0+git.1639176416.fc90088:
  * Code refactor to use updated tss-esapi
- Drop add_property_tag_variant_for_maxcapbuffer.patch, included in
  the upstream crate

-------------------------------------------------------------------
Wed Nov 24 13:48:07 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>

- Conflict with keylime-agent, keylime-config and keylime-firewalld
- Add keylime_ima_emulator tool
- Add patch add_property_tag_variant_for_maxcapbuffer.patch

-------------------------------------------------------------------
Fri Nov 19 13:02:48 UTC 2021 - aplanas@suse.com

- Update to version 0.1.0+git.1637095429.d5a3191:
  * Run Fedora tests on unified Keylime test container
  * ima_emulator: Print error message when TCTI envvar is not set
  * Add keylime_ima_emulator executable for testing
  * Fix 0mq problem
  * ci: Check unit test coverage with cargo tarpaulin (#216)
  * config: merge with Python keylime.conf and remove unused entries
  * Add support for contact ip and port
  * common: move get env or from config into sperate function
  * keys_handler: Add unit tests
  * quotes_handler: Add unit tests (#265)
  * Fix bugs that occur after a delete and re-add from the tenant
  * Retain the main loop running after payload execution (#249)
  * keys_handler: verify HMAC in constant-time (#248)
  * build: Adjust package dependencies to compile in Fedora (#245)
  * Generate Cargo.lock file
  * Add Ueno as a maintainer and set codeowners
  * Fix clippy errors, update to newest TSS-ESAPI
- Drop generate-cargo-lock-file.patch (already in upstream)

-------------------------------------------------------------------
Mon Aug 16 14:23:13 UTC 2021 - aplanas@suse.com

- Update to version 0.1.0+git.1629114992.890e8c9:
  * Add "v1.0" prefix to agent APIs
- Update generate-cargo-lock-file.patch

-------------------------------------------------------------------
Wed Jul 28 08:56:33 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>

- Add generate-cargo-lock-file.patch to fix the build system in OBS
- Add keylime.conf.diff to adjust the default config file
- Adjust build requirements
- Add firewalld XML rules
- Add systemd keylime_agent.service
- Fix license tag

-------------------------------------------------------------------
Thu Jul 22 09:20:38 UTC 2021 - aplanas@suse.com

- Update to version 0.0.1+git.1626706730.a009476:
  * libarchive-devel is needed to build on Fedora
  * Accept sets of U and V keys; use new Key types
  * Output mask info
  * Fix for race condition bug
  * Do not resend pubkey to CV after attestation
  * Run payload script from a shell
  * Write out data and run payload
  * Decrypt payload after key handlers find symm key
  * Add handler for U and V keys
  * Add helper functions for handling U and V keys
  * Some TPM fixes for IMA PCR validation
  * Do not flush AK context as this causes an error
  * Fix bug in revocation service
  * Drop references to vmask
  * Better documentation of consts
  * Do not fail if EK cert is not present in TPM NV
  * Add more verbose logging to better match Python agent
  * Remove verify stub as we are not using it
  * tests: Don't pass --allow-signing to swtpm_setup
  * Fix typos
  * Add dependency for libzmq3-dev / zeromq-devel
  * Fix new clippy lints
  * Add handling for Identity and Integrity quotes
  * Add Quote functionality
  * Add marshaling functions for TPM structs

-------------------------------------------------------------------
Tue Jun 08 11:59:11 UTC 2021 - aplanas@suse.com

- Update to version 0.0.1+git.1620935374.4df2148:
  * Add function to read PCR mask
  * Small fixes in TPM functions
  * Send quote data to actixweb handlers

-------------------------------------------------------------------
Tue May 04 12:23:18 UTC 2021 - aplanas@suse.com

- Update to version 0.0.1+git.1618949271.f609525:
  * Add more TPM helper functions
  * Use PKeys consistently
  * Rebase on tss-esapi 5.0
  * Pass a PKeyRef to asym_verify
  * Use #[[from] from thiserror
  * Fix uppercase acronyms
  * Add testing feature
  * Remove port bindings for agent
  * More verbose TPM and revocation error, verbose success
  * Fix docker networking