From 5ffa71a25b0e55c0149c46d55bd5dbe6784ade4c65640396c3a990524a99d3ba Mon Sep 17 00:00:00 2001 From: Guillaume GARDET Date: Thu, 24 Feb 2022 09:42:19 +0000 Subject: [PATCH] Accepting request 957245 from home:Guillaume_G:branches:security - Update to 1.0.0-rc1: * Changelog: https://github.com/parallaxsecond/parsec/compare/0.8.1...1.0.0-rc1 - Drop upstream patch: * harden_parsec.service.patch OBS-URL: https://build.opensuse.org/request/show/957245 OBS-URL: https://build.opensuse.org/package/show/security/parsec?expand=0&rev=21 --- _service | 2 +- harden_parsec.service.patch | 22 ---------------------- parsec-0.8.1.tar.gz | 3 --- parsec-1.0.0-rc1.tar.gz | 3 +++ parsec.changes | 8 ++++++++ parsec.spec | 16 +++++++--------- trusted-services-389b506.tar.gz | 3 +++ trusted-services-c1cf912.tar.gz | 3 --- vendor.tar.xz | 4 ++-- 9 files changed, 24 insertions(+), 40 deletions(-) delete mode 100644 harden_parsec.service.patch delete mode 100644 parsec-0.8.1.tar.gz create mode 100644 parsec-1.0.0-rc1.tar.gz create mode 100644 trusted-services-389b506.tar.gz delete mode 100644 trusted-services-c1cf912.tar.gz diff --git a/_service b/_service index ed930c0..f593d1e 100644 --- a/_service +++ b/_service @@ -1,6 +1,6 @@ xz - parsec-0.8.1 + parsec-1.0.0-rc1 diff --git a/harden_parsec.service.patch b/harden_parsec.service.patch deleted file mode 100644 index d8bb41d..0000000 --- a/harden_parsec.service.patch +++ /dev/null @@ -1,22 +0,0 @@ -Index: parsec-0.8.0/systemd-daemon/parsec.service -=================================================================== ---- parsec-0.8.0.orig/systemd-daemon/parsec.service -+++ parsec-0.8.0/systemd-daemon/parsec.service -@@ -3,6 +3,17 @@ Description=Parsec Service - Documentation=https://parallaxsecond.github.io/parsec-book/parsec_service/install_parsec_linux.html - - [Service] -+# added automatically, for details please see -+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort -+ProtectSystem=full -+ProtectHome=true -+ProtectHostname=true -+ProtectKernelTunables=true -+ProtectKernelModules=true -+ProtectKernelLogs=true -+ProtectControlGroups=true -+RestrictRealtime=true -+# end of automatic additions - WorkingDirectory=/home/parsec/ - ExecStart=/usr/libexec/parsec/parsec --config /etc/parsec/config.toml - diff --git a/parsec-0.8.1.tar.gz b/parsec-0.8.1.tar.gz deleted file mode 100644 index 91a9d27..0000000 --- a/parsec-0.8.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:efd6a895d28763d972ea9b5a8c0153f6fe6d72e84d7051823409e8c31e5011ed -size 871707 diff --git a/parsec-1.0.0-rc1.tar.gz b/parsec-1.0.0-rc1.tar.gz new file mode 100644 index 0000000..2da559c --- /dev/null +++ b/parsec-1.0.0-rc1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9f530627ddc23e8521a5f16a4f79a18992b13a8674edff2a7abeb5f2687ae2bc +size 905092 diff --git a/parsec.changes b/parsec.changes index aedab0b..5a47088 100644 --- a/parsec.changes +++ b/parsec.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Feb 24 08:29:19 UTC 2022 - Guillaume GARDET + +- Update to 1.0.0-rc1: + * Changelog: https://github.com/parallaxsecond/parsec/compare/0.8.1...1.0.0-rc1 +- Drop upstream patch: + * harden_parsec.service.patch + ------------------------------------------------------------------- Thu Jan 13 13:25:14 UTC 2022 - Guillaume GARDET diff --git a/parsec.spec b/parsec.spec index 9a2c689..cdafe5a 100644 --- a/parsec.spec +++ b/parsec.spec @@ -17,24 +17,23 @@ %global rustflags '-Clink-arg=-Wl,-z,relro,-z,now' +%define archive_version 1.0.0-rc1 %{?systemd_ordering} Name: parsec -Version: 0.8.1 +Version: 1.0.0~rc1 Release: 0 Summary: Platform AbstRaction for SECurity License: Apache-2.0 URL: https://parallaxsecond.github.io/parsec-book -Source0: https://github.com/parallaxsecond/parsec/archive/%{version}.tar.gz#/parsec-%{version}.tar.gz +Source0: https://github.com/parallaxsecond/parsec/archive/%{archive_version}.tar.gz#/parsec-%{archive_version}.tar.gz Source1: vendor.tar.xz Source2: cargo_config Source3: parsec.service Source4: config.toml Source5: parsec.conf Source6: system-user-parsec.conf -Source10: https://git.trustedfirmware.org/TS/trusted-services.git/snapshot/trusted-services-c1cf912.tar.gz -# PATCH-FIX-UPSTREAM - https://github.com/parallaxsecond/parsec/issues/569 -Patch0: harden_parsec.service.patch +Source10: https://git.trustedfirmware.org/TS/trusted-services.git/snapshot/trusted-services-389b506.tar.gz BuildRequires: cargo BuildRequires: clang-devel BuildRequires: cmake @@ -65,19 +64,18 @@ This abstraction layer keeps workloads decoupled from physical platform details, enabling cloud-native delivery flows within the data center and at the edge. %prep -%setup -q -a1 -a10 +%setup -q -a1 -a10 -n parsec-%{archive_version} rmdir trusted-services-vendor -mv trusted-services-c1cf912 trusted-services-vendor +mv trusted-services-389b506 trusted-services-vendor rm -rf .cargo && mkdir .cargo cp %{SOURCE2} .cargo/config # Enable all providers sed -i -e 's#default = \["unix-peer-credentials-authenticator"\]##' Cargo.toml -# Features available in 0.8.0: +# Features available in 1.0.0: # all-providers = ["tpm-provider", "pkcs11-provider", "mbed-crypto-provider", "cryptoauthlib-provider", "trusted-service-provider"] # all-authenticators = ["direct-authenticator", "unix-peer-credentials-authenticator", "jwt-svid-authenticator"] # But disable "trusted-service-provider" until we have a trusted-services package echo 'default = ["tpm-provider", "pkcs11-provider", "mbed-crypto-provider", "cryptoauthlib-provider", "all-authenticators"]' >> Cargo.toml -%patch0 -p1 %build export PROTOC=%{_bindir}/protoc diff --git a/trusted-services-389b506.tar.gz b/trusted-services-389b506.tar.gz new file mode 100644 index 0000000..b0b15c5 --- /dev/null +++ b/trusted-services-389b506.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1e1d41603d8cf9d98b23416055d8714c3fea71da5d6fc54cf5c425531536bf9f +size 479477 diff --git a/trusted-services-c1cf912.tar.gz b/trusted-services-c1cf912.tar.gz deleted file mode 100644 index a73a2d1..0000000 --- a/trusted-services-c1cf912.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7725f1023f51268d006668947dc888b171c59676834542934391f9a2a1fc19ca -size 370978 diff --git a/vendor.tar.xz b/vendor.tar.xz index b91faf3..f7a7fdf 100644 --- a/vendor.tar.xz +++ b/vendor.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:911a2577cbf6edf40a159bdc72aa344846d31560ed666da7ef8b6d652ed055d1 -size 42468788 +oid sha256:1e0f46598a3e7fd1beba18cba10d43e4c2a3f4e909c559adcb70f0c5bfbae42c +size 38440920