pool/rust-keylime
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rust-keylime/rust-keylime.changes
Alberto Planas Dominguez 8d3be32d1f Accepting request 956709 from home:aplanas:branches:security 
- Update to version 0.1.0+git.1645023877.811a869:
  * Make clippy happy.
  * Add a --help message.
  * Depend on Rust-TSS-ESAPI 7.0.0 stable
  * main: Return error on initialization if python shim is missing
  * common: Add hardcoded config defaults for revocation
  * main: Add execution permissions to revocation actions
  * revocation: Log revocation actions output
  * revocation: Fix get_revocation_cert_path() comment
  * gitignore: Add filters for some temporary files
  * revocation: Do not ignore revocation actions from config
  * revocation: Implement python actions support
  * tests: Implement proof-of-concept python shim
  * revocation: Implement lookup_action() function
  * common: Add revocation actions configurations
  * revocation: Enforce local action naming restriction
  * revocation: Remove duplicate logger initialization
  * crypto: unfiy import_x509 and load_x509
  * update Cargo.lock
  * common: update API version to v2.0
  * tpm: drop zlib compression in quotes
  * run agent webserver with mTLS enabled and add mtls_cert to registrar
  * crypto: load and generate X509 certificates, mTLS context generation
  * keylime.conf: add setting for Keylime CA
  * Bump tss-esapi crate to 7.0.0-beta.1
  * Update to fix typo
  * Use Path and PathBuf consistently to represent paths
  * Bump versions of some dependencies
  * quotes_handler: Check quotes in tests
  * tpm: Remove hard-coded struct sizes with std::mem::size_of
  * tpm: Let compiler to infer arch-dependent integer types
  * Use CString as the first argument of libc::chown
  * keys_handler: Add API to get public key (#284)
  * crypto: Fix algorithms used for revocation signature (#275)
  * revocation: Use revocation certificate set by configuration (#300)
  * common: Add revocation_cert to the global configuration structure
  * ima_emulator: Fix running hash calculation on resumption
  * keys_handler: Add test with encrypted payload
  * main: Use condition variable to wait for payload encryption key
  * main: Use Option to represent a combined key
  * main: Redefine KeySet as a vector
  * keys_handler, main: Move crypto operations to crypto module
  * keys_handler: Make use of type safe payload deserialization
  * Remove unused imports
  * Remove duplicate CODEOWNERS file
  * Remove panic when running rev action
  * move global configuration into a single struct
  * Add codeowners

OBS-URL: https://build.opensuse.org/request/show/956709
OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=9
2022-02-22 13:05:07 +00:00

177 lines
7.4 KiB
Plaintext
Raw Blame History

-------------------------------------------------------------------
Tue Feb 22 12:34:16 UTC 2022 - aplanas@suse.com
- Update to version 0.1.0+git.1645023877.811a869:
* Make clippy happy.
* Add a --help message.
* Depend on Rust-TSS-ESAPI 7.0.0 stable
* main: Return error on initialization if python shim is missing
* common: Add hardcoded config defaults for revocation
* main: Add execution permissions to revocation actions
* revocation: Log revocation actions output
* revocation: Fix get_revocation_cert_path() comment
* gitignore: Add filters for some temporary files
* revocation: Do not ignore revocation actions from config
* revocation: Implement python actions support
* tests: Implement proof-of-concept python shim
* revocation: Implement lookup_action() function
* common: Add revocation actions configurations
* revocation: Enforce local action naming restriction
* revocation: Remove duplicate logger initialization
* crypto: unfiy import_x509 and load_x509
* update Cargo.lock
* common: update API version to v2.0
* tpm: drop zlib compression in quotes
* run agent webserver with mTLS enabled and add mtls_cert to registrar
* crypto: load and generate X509 certificates, mTLS context generation
* keylime.conf: add setting for Keylime CA
* Bump tss-esapi crate to 7.0.0-beta.1
* Update to fix typo
* Use Path and PathBuf consistently to represent paths
* Bump versions of some dependencies
* quotes_handler: Check quotes in tests
* tpm: Remove hard-coded struct sizes with std::mem::size_of
* tpm: Let compiler to infer arch-dependent integer types
* Use CString as the first argument of libc::chown
* keys_handler: Add API to get public key (#284)
* crypto: Fix algorithms used for revocation signature (#275)
* revocation: Use revocation certificate set by configuration (#300)
* common: Add revocation_cert to the global configuration structure
* ima_emulator: Fix running hash calculation on resumption
* keys_handler: Add test with encrypted payload
* main: Use condition variable to wait for payload encryption key
* main: Use Option to represent a combined key
* main: Redefine KeySet as a vector
* keys_handler, main: Move crypto operations to crypto module
* keys_handler: Make use of type safe payload deserialization
* Remove unused imports
* Remove duplicate CODEOWNERS file
* Remove panic when running rev action
* move global configuration into a single struct
* Add codeowners
-------------------------------------------------------------------
Mon Jan 10 13:06:42 UTC 2022 - aplanas@suse.com
- Update to version 0.1.0+git.1641587454.1248597:
* quotes_handler: send TPM2 event log for measured boot
* serialization: move serialization into separate module
* try to load AK from disk instead of always creating a new one
* update Cargo.lock file
* make hash, encryption and signing algorithm configurable
* tpm: remove get_sig_scheme(..) function
* hash: rename to algorithms and implement tss conversions
* cmd_exec: remove cmd_exec module
* secure_mount: fix mount of tmpfs for secure directory
* common: change default WORK_DIR to /var/lib/keylime
* tpm: remove special handling for PCR10
-------------------------------------------------------------------
Mon Dec 13 15:53:39 UTC 2021 - aplanas@suse.com
- Update to version 0.1.0+git.1639176416.fc90088:
* Code refactor to use updated tss-esapi
- Drop add_property_tag_variant_for_maxcapbuffer.patch, included in
the upstream crate
-------------------------------------------------------------------
Wed Nov 24 13:48:07 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
- Conflict with keylime-agent, keylime-config and keylime-firewalld
- Add keylime_ima_emulator tool
- Add patch add_property_tag_variant_for_maxcapbuffer.patch
-------------------------------------------------------------------
Fri Nov 19 13:02:48 UTC 2021 - aplanas@suse.com
- Update to version 0.1.0+git.1637095429.d5a3191:
* Run Fedora tests on unified Keylime test container
* ima_emulator: Print error message when TCTI envvar is not set
* Add keylime_ima_emulator executable for testing
* Fix 0mq problem
* ci: Check unit test coverage with cargo tarpaulin (#216)
* config: merge with Python keylime.conf and remove unused entries
* Add support for contact ip and port
* common: move get env or from config into sperate function
* keys_handler: Add unit tests
* quotes_handler: Add unit tests (#265)
* Fix bugs that occur after a delete and re-add from the tenant
* Retain the main loop running after payload execution (#249)
* keys_handler: verify HMAC in constant-time (#248)
* build: Adjust package dependencies to compile in Fedora (#245)
* Generate Cargo.lock file
* Add Ueno as a maintainer and set codeowners
* Fix clippy errors, update to newest TSS-ESAPI
- Drop generate-cargo-lock-file.patch (already in upstream)
-------------------------------------------------------------------
Mon Aug 16 14:23:13 UTC 2021 - aplanas@suse.com
- Update to version 0.1.0+git.1629114992.890e8c9:
* Add "v1.0" prefix to agent APIs
- Update generate-cargo-lock-file.patch
-------------------------------------------------------------------
Wed Jul 28 08:56:33 UTC 2021 - Alberto Planas Dominguez <aplanas@suse.com>
- Add generate-cargo-lock-file.patch to fix the build system in OBS
- Add keylime.conf.diff to adjust the default config file
- Adjust build requirements
- Add firewalld XML rules
- Add systemd keylime_agent.service
- Fix license tag
-------------------------------------------------------------------
Thu Jul 22 09:20:38 UTC 2021 - aplanas@suse.com
- Update to version 0.0.1+git.1626706730.a009476:
* libarchive-devel is needed to build on Fedora
* Accept sets of U and V keys; use new Key types
* Output mask info
* Fix for race condition bug
* Do not resend pubkey to CV after attestation
* Run payload script from a shell
* Write out data and run payload
* Decrypt payload after key handlers find symm key
* Add handler for U and V keys
* Add helper functions for handling U and V keys
* Some TPM fixes for IMA PCR validation
* Do not flush AK context as this causes an error
* Fix bug in revocation service
* Drop references to vmask
* Better documentation of consts
* Do not fail if EK cert is not present in TPM NV
* Add more verbose logging to better match Python agent
* Remove verify stub as we are not using it
* tests: Don't pass --allow-signing to swtpm_setup
* Fix typos
* Add dependency for libzmq3-dev / zeromq-devel
* Fix new clippy lints
* Add handling for Identity and Integrity quotes
* Add Quote functionality
* Add marshaling functions for TPM structs
-------------------------------------------------------------------
Tue Jun 08 11:59:11 UTC 2021 - aplanas@suse.com
- Update to version 0.0.1+git.1620935374.4df2148:
* Add function to read PCR mask
* Small fixes in TPM functions
* Send quote data to actixweb handlers
-------------------------------------------------------------------
Tue May 04 12:23:18 UTC 2021 - aplanas@suse.com
- Update to version 0.0.1+git.1618949271.f609525:
* Add more TPM helper functions
* Use PKeys consistently
* Rebase on tss-esapi 5.0
* Pass a PKeyRef to asym_verify
* Use #[[from] from thiserror
* Fix uppercase acronyms
* Add testing feature
* Remove port bindings for agent
* More verbose TPM and revocation error, verbose success
* Fix docker networking
Reference in New Issue View Git Blame Copy Permalink