diff --git a/_service b/_service
index 255ec26..af360f3 100644
--- a/_service
+++ b/_service
@@ -1,6 +1,6 @@
xz
- parsec-0.7.2
+ parsec-0.8.0
diff --git a/parsec-0.7.2.tar.gz b/parsec-0.7.2.tar.gz
deleted file mode 100644
index 980a002..0000000
--- a/parsec-0.7.2.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:baa114fe0cadffccca3e8a29702c8482691e5ad44e823e317e04d33e7ef41c47
-size 837424
diff --git a/parsec-0.8.0.tar.gz b/parsec-0.8.0.tar.gz
new file mode 100644
index 0000000..0bd4917
--- /dev/null
+++ b/parsec-0.8.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ee23842c8f2975136a9e41caf075a659b5a81f1e8a95d388d84abc885d046b72
+size 867922
diff --git a/parsec-fix-old-rust.patch b/parsec-fix-old-rust.patch
deleted file mode 100644
index 46b9265..0000000
--- a/parsec-fix-old-rust.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From f9688c44319c1733586d6fbc3b3c24a403deaed8 Mon Sep 17 00:00:00 2001
-From: Hugues de Valon
-Date: Fri, 30 Apr 2021 10:48:37 +0100
-Subject: [PATCH] Make it compile for Rust 1.43.1
-
-The From trait was not implemented for that version of Rust. Uses the
-to_vec method which achieves the same thing.
-
-Signed-off-by: Hugues de Valon
----
- src/providers/pkcs11/key_management.rs | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/providers/pkcs11/key_management.rs b/src/providers/pkcs11/key_management.rs
-index 6bc5e06..73ce607 100644
---- a/src/providers/pkcs11/key_management.rs
-+++ b/src/providers/pkcs11/key_management.rs
-@@ -27,7 +27,7 @@ impl Provider {
- key_id: u32,
- key_type: KeyPairType,
- ) -> Result {
-- let mut template = vec![Attribute::Id(key_id.to_be_bytes().into())];
-+ let mut template = vec![Attribute::Id(key_id.to_be_bytes().to_vec())];
-
- match key_type {
- KeyPairType::PublicKey => template.push(Attribute::Class(ObjectClass::PUBLIC_KEY)),
-@@ -103,7 +103,7 @@ impl Provider {
- let key_id = self.create_key_id();
-
- let mut pub_template = vec![
-- Attribute::Id(key_id.to_be_bytes().into()),
-+ Attribute::Id(key_id.to_be_bytes().to_vec()),
- Attribute::Token(true.into()),
- Attribute::AllowedMechanisms(vec![Mechanism::try_from(
- key_attributes.policy.permitted_algorithms,
-@@ -122,7 +122,7 @@ impl Provider {
- let mech = match key_attributes.key_type {
- Type::RsaKeyPair => {
- pub_template.push(Attribute::Private(false.into()));
-- pub_template.push(Attribute::PublicExponent(utils::PUBLIC_EXPONENT.into()));
-+ pub_template.push(Attribute::PublicExponent(utils::PUBLIC_EXPONENT.to_vec()));
- pub_template.push(Attribute::ModulusBits(
- key_attributes.bits.try_into().map_err(to_response_status)?,
- ));
-@@ -225,7 +225,7 @@ impl Provider {
- template.push(Attribute::PublicExponent(exponent_object.into()));
- template.push(Attribute::Verify(true.into()));
- template.push(Attribute::Encrypt(true.into()));
-- template.push(Attribute::Id(key_id.to_be_bytes().into()));
-+ template.push(Attribute::Id(key_id.to_be_bytes().to_vec()));
- template.push(Attribute::Private(false.into()));
- template.push(Attribute::AllowedMechanisms(vec![MechanismType::RSA_PKCS]));
-
diff --git a/parsec.changes b/parsec.changes
index 831196a..a3f0c0f 100644
--- a/parsec.changes
+++ b/parsec.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Fri Aug 6 07:01:27 UTC 2021 - Guillaume GARDET
+
+- Update to 0.8.0:
+ * Changelog: https://github.com/parallaxsecond/parsec/compare/0.7.2...0.8.0
+- Drop upstream patch:
+ * parsec-fix-old-rust.patch
+- Disable 'trusted-service-provider' as it currently fails to build
+- Disable 'jwt-svid-authenticator' (SPIFFE-based authenticator)
+ on Leap, as it cannot be compiled with rust 1.43.1
+
-------------------------------------------------------------------
Fri Apr 30 11:36:56 UTC 2021 - Guillaume GARDET
diff --git a/parsec.spec b/parsec.spec
index 4932685..96fca40 100644
--- a/parsec.spec
+++ b/parsec.spec
@@ -17,13 +17,10 @@
%global rustflags '-Clink-arg=-Wl,-z,relro,-z,now'
-# Features available:
-# all-providers = ["tpm-provider", "pkcs11-provider", "mbed-crypto-provider", "cryptoauthlib-provider"]
-# all-authenticators = ["direct-authenticator", "unix-peer-credentials-authenticator"]
-%define features "all-authenticators,all-providers"
+
%{?systemd_ordering}
Name: parsec
-Version: 0.7.2
+Version: 0.8.0
Release: 0
Summary: Platform AbstRaction for SECurity
License: Apache-2.0
@@ -35,8 +32,7 @@ Source3: parsec.service
Source4: config.toml
Source5: parsec.conf
Source6: system-user-parsec.conf
-# Fix build with old rust used in Leap 15.3/SLE15-SP3 - https://github.com/parallaxsecond/parsec/issues/409
-Patch1: parsec-fix-old-rust.patch
+Source10: https://git.trustedfirmware.org/TS/trusted-services.git/snapshot/trusted-services-c1cf912.tar.gz
BuildRequires: cargo
BuildRequires: clang-devel
BuildRequires: cmake
@@ -65,17 +61,31 @@ This abstraction layer keeps workloads decoupled from physical platform details,
enabling cloud-native delivery flows within the data center and at the edge.
%prep
-%autosetup -p1 -a1
+%setup -q -a1 -a10
+rmdir trusted-services-vendor
+mv trusted-services-c1cf912 trusted-services-vendor
rm -rf .cargo && mkdir .cargo
cp %{SOURCE2} .cargo/config
# Enable all providers
sed -i -e 's#default = \["unix-peer-credentials-authenticator"\]##' Cargo.toml
-echo 'default = ["all-authenticators", "all-providers"]' >> Cargo.toml
+# Features available in 0.8.0:
+# all-providers = ["tpm-provider", "pkcs11-provider", "mbed-crypto-provider", "cryptoauthlib-provider", "trusted-service-provider"]
+# all-authenticators = ["direct-authenticator", "unix-peer-credentials-authenticator", "jwt-svid-authenticator"]
+%if 0%{suse_version} > 1500
+# Tumbleweed
+# Disable "trusted-service-provider" until we have a trusted-services package
+echo 'default = ["tpm-provider", "pkcs11-provider", "mbed-crypto-provider", "cryptoauthlib-provider", "all-authenticators"]' >> Cargo.toml
+%else
+# Leap/SLE
+# Disable jwt-svid-authenticator (SPIFFE-based authenticator) as it cannot be compiled with rust 1.43.1
+# Disable "trusted-service-provider" until we have a trusted-services package
+echo 'default = ["direct-authenticator", "unix-peer-credentials-authenticator", "tpm-provider", "pkcs11-provider", "mbed-crypto-provider", "cryptoauthlib-provider"]' >> Cargo.toml
+%endif
%build
export PROTOC=%{_bindir}/protoc
export PROTOC_INCLUDE=%{_includedir}
-%cargo_build -- --features=%features
+%cargo_build
%sysusers_generate_pre %{SOURCE6} parsec
%install
@@ -98,7 +108,7 @@ rm -rf %{buildroot}%{_datadir}/cargo/registry
%check
export PROTOC=%{_bindir}/protoc
export PROTOC_INCLUDE=%{_includedir}
-%cargo_test -- --lib --features=%features
+%cargo_test -- --lib
%pre -f parsec.pre
%service_add_pre parsec.service
diff --git a/trusted-services-c1cf912.tar.gz b/trusted-services-c1cf912.tar.gz
new file mode 100644
index 0000000..a73a2d1
--- /dev/null
+++ b/trusted-services-c1cf912.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7725f1023f51268d006668947dc888b171c59676834542934391f9a2a1fc19ca
+size 370978
diff --git a/vendor.tar.xz b/vendor.tar.xz
index 11233cd..4f8dd1c 100644
--- a/vendor.tar.xz
+++ b/vendor.tar.xz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:52db05370be4cd68810011da087965bd267731e298df1620667179225eecb505
-size 27078988
+oid sha256:ff2f7282df17acde5a50c99263eabc8c8ab2a97f1c6481ca61293cd58c233896
+size 42409996