diff --git a/_service b/_service
index f9f6fd9..255ec26 100644
--- a/_service
+++ b/_service
@@ -1,5 +1,6 @@
xz
+ parsec-0.7.2
diff --git a/cargo_config b/cargo_config
index 5f8057b..6fb4ff4 100644
--- a/cargo_config
+++ b/cargo_config
@@ -2,7 +2,4 @@
replace-with = "vendored-sources"
[source.vendored-sources]
-directory = "vendor"
-
-[term]
-verbose = true
\ No newline at end of file
+directory = "vendor"
\ No newline at end of file
diff --git a/config.toml b/config.toml
index c96c94d..f85f9d8 100644
--- a/config.toml
+++ b/config.toml
@@ -1,4 +1,4 @@
-# See a more complete example in /usr/shar/doc/parsec/config.toml
+# See a more complete example in /usr/share/doc/packages/parsec/config.toml
[core_settings]
[listener]
@@ -13,12 +13,19 @@ name = "on-disk-manager"
manager_type = "OnDisk"
[[provider]]
-# provider_type: `MbedCrypto`, `Pkcs11`, `Tpm`
provider_type = "MbedCrypto"
key_info_manager = "on-disk-manager"
-[[provider]]
-provider_type = "Tpm"
-key_info_manager = "on-disk-manager"
-tcti = "device:/dev/tpmrm0"
-owner_hierarchy_auth = ""
+#[[provider]]
+#provider_type = "Pkcs11"
+#key_info_manager = "on-disk-manager"
+#library_path = "/usr/lib64/opensc-pkcs11.so"
+#slot_number = 123456789
+#user_pin = "123456"
+#software_public_operations = false
+
+#[[provider]]
+#provider_type = "Tpm"
+#key_info_manager = "on-disk-manager"
+#tcti = "device:/dev/tpmrm0"
+#owner_hierarchy_auth = ""
diff --git a/parsec-0.6.0.tar.gz b/parsec-0.6.0.tar.gz
deleted file mode 100644
index 3f50f4f..0000000
--- a/parsec-0.6.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0c2585eb41c0667851223c99280142e05924338b937054967516df19a9c3e6dc
-size 815830
diff --git a/parsec-0.7.2.tar.gz b/parsec-0.7.2.tar.gz
new file mode 100644
index 0000000..980a002
--- /dev/null
+++ b/parsec-0.7.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:baa114fe0cadffccca3e8a29702c8482691e5ad44e823e317e04d33e7ef41c47
+size 837424
diff --git a/parsec.changes b/parsec.changes
index cbda27e..71f42b3 100644
--- a/parsec.changes
+++ b/parsec.changes
@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Thu Apr 1 10:19:21 UTC 2021 - Guillaume GARDET
+
+- Make 'parsec' user part of 'tss' group to access /dev/tpm* devices
+
+-------------------------------------------------------------------
+Wed Mar 31 16:02:31 UTC 2021 - Guillaume GARDET
+
+- Update to 0.7.2:
+ * Changelog: https://github.com/parallaxsecond/parsec/compare/0.6.0...0.7.2
+
+-------------------------------------------------------------------
+Tue Mar 30 13:20:44 UTC 2021 - Guillaume GARDET
+
+- Recommends 'opensc' as it is used to initialize HSM keys (PKCS#11 backend)
+- Add PKCS#11 template (disabled) in config.toml
+- Disable Tpm backend by default in config.toml
+
-------------------------------------------------------------------
Fri Nov 13 14:19:05 UTC 2020 - Guillaume GARDET
diff --git a/parsec.spec b/parsec.spec
index 44142d7..c432dc3 100644
--- a/parsec.spec
+++ b/parsec.spec
@@ -1,7 +1,7 @@
#
# spec file for package parsec
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -15,12 +15,13 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
+
%global rustflags '-Clink-arg=-Wl,-z,relro,-z,now'
# Features available: mbed-crypto-provider, pkcs11-provider, tpm-provider, all-providers
%define features "all-providers"
%{?systemd_ordering}
Name: parsec
-Version: 0.6.0
+Version: 0.7.2
Release: 0
Summary: Platform AbstRaction for SECurity
License: Apache-2.0
@@ -36,28 +37,32 @@ BuildRequires: cargo
BuildRequires: clang-devel
BuildRequires: cmake
BuildRequires: llvm-devel
-BuildRequires: protobuf-devel
BuildRequires: pkgconfig
-BuildRequires: pkgconfig(tss2-esys) >= 2.3.3
+BuildRequires: protobuf-devel
BuildRequires: python3
BuildRequires: rust-packaging
BuildRequires: sysuser-tools
+BuildRequires: pkgconfig(tss2-esys) >= 2.3.3
+# opensc is used to initialize HSM keys (PKCS#11 backend)
+Recommends: opensc
%sysusers_requires
+# /dev/tpm* are owned by tss user
+Requires(pre): system-user-tss
ExcludeArch: armv6l armv6hl
%description
PARSEC is the Platform AbstRaction for SECurity, an open-source initiative to provide
a common API to hardware security and cryptographic services in a platform-agnostic way.
-This abstraction layer keeps workloads decoupled from physical platform details,
+This abstraction layer keeps workloads decoupled from physical platform details,
enabling cloud-native delivery flows within the data center and at the edge.
-
%prep
%setup -qa1
-mkdir .cargo
+rm -rf .cargo && mkdir .cargo
cp %{SOURCE2} .cargo/config
-sed -i -e 's#default = \[\]##' Cargo.toml
-echo 'default = ["all-providers"]' >> Cargo.toml
+# Enable all providers
+sed -i -e 's#default = \["unix-peer-credentials-authenticator"\]##' Cargo.toml
+echo 'default = ["unix-peer-credentials-authenticator", "all-providers"]' >> Cargo.toml
%build
export PROTOC=%{_bindir}/protoc
diff --git a/system-user-parsec.conf b/system-user-parsec.conf
index c443261..dd279cf 100644
--- a/system-user-parsec.conf
+++ b/system-user-parsec.conf
@@ -3,4 +3,5 @@ g parsec -
g parsec-clients -
g tss -
u parsec - "PARSEC" /etc/parsec
-m parsec lock
\ No newline at end of file
+m parsec lock
+m parsec tss
\ No newline at end of file
diff --git a/vendor.tar.xz b/vendor.tar.xz
index 87e7260..11233cd 100644
--- a/vendor.tar.xz
+++ b/vendor.tar.xz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:3e8a9595e1622a9684ee690788120edbfa8cbf6dd7794eb13f0824bae547c9f1
-size 15581964
+oid sha256:52db05370be4cd68810011da087965bd267731e298df1620667179225eecb505
+size 27078988