Accepting request 958717 from security

Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/958717 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/parsec?expand=0&rev=11
2022-03-03 23:17:46 +00:00 · 2022-03-03 23:17:46 +00:00 · 56f1e7d6db
commit 56f1e7d6db
parent c9b73dbebe 5ffa71a25b
9 changed files with 24 additions and 40 deletions
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 <services>
  <service name="cargo_vendor" mode="disabled">
    <param name="compression">xz</param>
-    <param name="srcdir">parsec-0.8.1</param>
+    <param name="srcdir">parsec-1.0.0-rc1</param>
  </service>
 </services>
--- a/harden_parsec.service.patch
+++ b/harden_parsec.service.patch
@ -1,22 +0,0 @@
-Index: parsec-0.8.0/systemd-daemon/parsec.service
-===================================================================
--- parsec-0.8.0.orig/systemd-daemon/parsec.service
-+++ parsec-0.8.0/systemd-daemon/parsec.service
-@@ -3,6 +3,17 @@ Description=Parsec Service
- Documentation=https://parallaxsecond.github.io/parsec-book/parsec_service/install_parsec_linux.html
- 
- [Service]
-+# added automatically, for details please see
-+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
-+ProtectSystem=full
-+ProtectHome=true
-+ProtectHostname=true
-+ProtectKernelTunables=true
-+ProtectKernelModules=true
-+ProtectKernelLogs=true
-+ProtectControlGroups=true
-+RestrictRealtime=true
-+# end of automatic additions 
- WorkingDirectory=/home/parsec/
- ExecStart=/usr/libexec/parsec/parsec --config /etc/parsec/config.toml
- 
--- a/parsec-0.8.1.tar.gz
+++ b/parsec-0.8.1.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:efd6a895d28763d972ea9b5a8c0153f6fe6d72e84d7051823409e8c31e5011ed
-size 871707
--- a/parsec-1.0.0-rc1.tar.gz
+++ b/parsec-1.0.0-rc1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9f530627ddc23e8521a5f16a4f79a18992b13a8674edff2a7abeb5f2687ae2bc
+size 905092
--- a/parsec.changes
+++ b/parsec.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Feb 24 08:29:19 UTC 2022 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Update to 1.0.0-rc1:
+  * Changelog: https://github.com/parallaxsecond/parsec/compare/0.8.1...1.0.0-rc1
+- Drop upstream patch:
+  * harden_parsec.service.patch
+
 -------------------------------------------------------------------
 Thu Jan 13 13:25:14 UTC 2022 - Guillaume GARDET <guillaume.gardet@opensuse.org>

--- a/parsec.spec
+++ b/parsec.spec
@ -17,24 +17,23 @@


 %global rustflags '-Clink-arg=-Wl,-z,relro,-z,now'
+%define archive_version 1.0.0-rc1

 %{?systemd_ordering}
 Name:           parsec
-Version:        0.8.1
+Version:        1.0.0~rc1
 Release:        0
 Summary:        Platform AbstRaction for SECurity
 License:        Apache-2.0
 URL:            https://parallaxsecond.github.io/parsec-book
-Source0:        https://github.com/parallaxsecond/parsec/archive/%{version}.tar.gz#/parsec-%{version}.tar.gz
+Source0:        https://github.com/parallaxsecond/parsec/archive/%{archive_version}.tar.gz#/parsec-%{archive_version}.tar.gz
 Source1:        vendor.tar.xz
 Source2:        cargo_config
 Source3:        parsec.service
 Source4:        config.toml
 Source5:        parsec.conf
 Source6:        system-user-parsec.conf
-Source10:       https://git.trustedfirmware.org/TS/trusted-services.git/snapshot/trusted-services-c1cf912.tar.gz
-# PATCH-FIX-UPSTREAM - https://github.com/parallaxsecond/parsec/issues/569
-Patch0:         harden_parsec.service.patch
+Source10:       https://git.trustedfirmware.org/TS/trusted-services.git/snapshot/trusted-services-389b506.tar.gz
 BuildRequires:  cargo
 BuildRequires:  clang-devel
 BuildRequires:  cmake
@ -65,19 +64,18 @@ This abstraction layer keeps workloads decoupled from physical platform details,
 enabling cloud-native delivery flows within the data center and at the edge.

 %prep
-%setup -q -a1 -a10
+%setup -q -a1 -a10 -n parsec-%{archive_version}
 rmdir trusted-services-vendor
-mv trusted-services-c1cf912 trusted-services-vendor
+mv trusted-services-389b506 trusted-services-vendor
 rm -rf .cargo && mkdir .cargo
 cp %{SOURCE2} .cargo/config
 # Enable all providers
 sed -i -e 's#default = \["unix-peer-credentials-authenticator"\]##' Cargo.toml
-# Features available in 0.8.0:
+# Features available in 1.0.0:
 # all-providers = ["tpm-provider", "pkcs11-provider", "mbed-crypto-provider", "cryptoauthlib-provider", "trusted-service-provider"]
 # all-authenticators = ["direct-authenticator", "unix-peer-credentials-authenticator", "jwt-svid-authenticator"]
 # But disable "trusted-service-provider" until we have a trusted-services package
 echo 'default = ["tpm-provider", "pkcs11-provider", "mbed-crypto-provider", "cryptoauthlib-provider", "all-authenticators"]' >> Cargo.toml
-%patch0 -p1

 %build
 export PROTOC=%{_bindir}/protoc
--- a/trusted-services-389b506.tar.gz
+++ b/trusted-services-389b506.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1e1d41603d8cf9d98b23416055d8714c3fea71da5d6fc54cf5c425531536bf9f
+size 479477
--- a/trusted-services-c1cf912.tar.gz
+++ b/trusted-services-c1cf912.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7725f1023f51268d006668947dc888b171c59676834542934391f9a2a1fc19ca
-size 370978
--- a/vendor.tar.xz
+++ b/vendor.tar.xz
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:911a2577cbf6edf40a159bdc72aa344846d31560ed666da7ef8b6d652ed055d1
-size 42468788
+oid sha256:1e0f46598a3e7fd1beba18cba10d43e4c2a3f4e909c559adcb70f0c5bfbae42c
+size 38440920