Accepting request 885427 from home:Guillaume_G:branches:security

- Requires 'tpm2-0-tss' as it holds the udev rule to make /dev/tpm* owned by tss user - Requires 'libtss2-tcti-device0' as it is required to start parsec with TPM support - Enable all authenticators which adds 'direct-authenticator' - Add CryptoAuthLib template (disabled) in config.toml OBS-URL: https://build.opensuse.org/request/show/885427 OBS-URL: https://build.opensuse.org/package/show/security/parsec?expand=0&rev=8
2021-04-14 15:57:17 +00:00 · 2021-04-14 15:57:17 +00:00 · 747332bc19
commit 747332bc19
parent d07d808112
4 changed files with 33 additions and 5 deletions
--- a/config.toml
+++ b/config.toml
@ -29,3 +29,11 @@ key_info_manager = "on-disk-manager"
 #key_info_manager = "on-disk-manager"
 #tcti = "device:/dev/tpmrm0"
 #owner_hierarchy_auth = ""
+
+#[[provider]]
+#provider_type = "CryptoAuthLib"
+#key_info_manager = "on-disk-manager"
+#device_type = "atecc508a"
+#iface_type = "i2c"
+#wake_delay = 1500
+#rx_retries = 20
--- a/parsec.changes
+++ b/parsec.changes
@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Wed Apr 14 14:54:32 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Requires 'tpm2-0-tss' as it holds the udev rule to make /dev/tpm*
+  owned by tss user
+- Requires 'libtss2-tcti-device0' as it is required to start parsec
+  with TPM support
+
+-------------------------------------------------------------------
+Wed Apr  7 07:42:24 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Enable all authenticators which adds 'direct-authenticator'
+- Add CryptoAuthLib template (disabled) in config.toml
+
 -------------------------------------------------------------------
 Thu Apr  1 10:19:21 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>

--- a/parsec.spec
+++ b/parsec.spec
@ -17,8 +17,10 @@


 %global rustflags '-Clink-arg=-Wl,-z,relro,-z,now'
-# Features available: mbed-crypto-provider, pkcs11-provider, tpm-provider, all-providers
-%define features "all-providers"
+# Features available:
+# all-providers = ["tpm-provider", "pkcs11-provider", "mbed-crypto-provider", "cryptoauthlib-provider"]
+# all-authenticators = ["direct-authenticator", "unix-peer-credentials-authenticator"]
+%define features "all-authenticators,all-providers"
 %{?systemd_ordering}
 Name:           parsec
 Version:        0.7.2
@ -48,6 +50,10 @@ Recommends:     opensc
 %sysusers_requires
 # /dev/tpm* are owned by tss user
 Requires(pre):  system-user-tss
+# tpm2-0-tss holds the udev rule to make /dev/tpm* owned by tss user
+Requires:       tpm2-0-tss
+# Without libtss2-tcti-device0 parsec fails to start TPM properly
+Requires:       libtss2-tcti-device0
 ExcludeArch:    armv6l armv6hl

 %description
@ -57,12 +63,12 @@ This abstraction layer keeps workloads decoupled from physical platform details,
 enabling cloud-native delivery flows within the data center and at the edge.

 %prep
-%setup -qa1
+%autosetup -p1 -a1
 rm -rf .cargo && mkdir .cargo
 cp %{SOURCE2} .cargo/config
 # Enable all providers
 sed -i -e 's#default = \["unix-peer-credentials-authenticator"\]##' Cargo.toml
-echo 'default = ["unix-peer-credentials-authenticator", "all-providers"]' >> Cargo.toml
+echo 'default = ["all-authenticators", "all-providers"]' >> Cargo.toml

 %build
 export PROTOC=%{_bindir}/protoc