From b023bfab1c83185e2c43f735b6fa314d8d5b8c33fae156cfb65ca7a60cf1b8c2 Mon Sep 17 00:00:00 2001
From: Guillaume GARDET <guillaume.gardet@opensuse.org>
Date: Thu, 1 Apr 2021 13:00:44 +0000
Subject: [PATCH] Accepting request 882567 from
 home:Guillaume_G:branches:security

- Make 'parsec' user part of 'tss' group to access /dev/tpm* devices

- Update to 0.7.2:
  * Changelog: https://github.com/parallaxsecond/parsec/compare/0.6.0...0.7.2

- Recommends 'softhsm' as it is used by PKCS#11 backend
- Recommends 'opensc' as it is used to initialize HSM keys (PKCS#11 backend)
- Add PKCS#11 template (disabled) in config.toml
- Disable Tpm backend by default in config.toml

OBS-URL: https://build.opensuse.org/request/show/882567
OBS-URL: https://build.opensuse.org/package/show/security/parsec?expand=0&rev=5
---
 _service                |  1 +
 cargo_config            |  5 +----
 config.toml             | 21 ++++++++++++++-------
 parsec-0.6.0.tar.gz     |  3 ---
 parsec-0.7.2.tar.gz     |  3 +++
 parsec.changes          | 19 +++++++++++++++++++
 parsec.spec             | 25 ++++++++++++++++---------
 system-user-parsec.conf |  3 ++-
 vendor.tar.xz           |  4 ++--
 9 files changed, 58 insertions(+), 26 deletions(-)
 delete mode 100644 parsec-0.6.0.tar.gz
 create mode 100644 parsec-0.7.2.tar.gz

diff --git a/_service b/_service
index f9f6fd9..255ec26 100644
--- a/_service
+++ b/_service
@@ -1,5 +1,6 @@
 <services>
   <service name="cargo_vendor" mode="disabled">
     <param name="compression">xz</param>
+    <param name="srcdir">parsec-0.7.2</param>
   </service>
 </services>
diff --git a/cargo_config b/cargo_config
index 5f8057b..6fb4ff4 100644
--- a/cargo_config
+++ b/cargo_config
@@ -2,7 +2,4 @@
 replace-with = "vendored-sources"
 
 [source.vendored-sources]
-directory = "vendor"
-
-[term]
-verbose = true
\ No newline at end of file
+directory = "vendor"
\ No newline at end of file
diff --git a/config.toml b/config.toml
index c96c94d..e16ea92 100644
--- a/config.toml
+++ b/config.toml
@@ -1,4 +1,4 @@
-# See a more complete example in /usr/shar/doc/parsec/config.toml
+# See a more complete example in /usr/share/doc/packages/parsec/config.toml
 [core_settings]
 
 [listener]
@@ -13,12 +13,19 @@ name = "on-disk-manager"
 manager_type = "OnDisk"
 
 [[provider]]
-# provider_type: `MbedCrypto`, `Pkcs11`, `Tpm`
 provider_type = "MbedCrypto"
 key_info_manager = "on-disk-manager"
 
-[[provider]]
-provider_type = "Tpm"
-key_info_manager = "on-disk-manager"
-tcti = "device:/dev/tpmrm0"
-owner_hierarchy_auth = ""
+#[[provider]]
+#provider_type = "Pkcs11"
+#key_info_manager = "on-disk-manager"
+#library_path = "/usr/lib64/pkcs11/libsofthsm2.so"
+#slot_number = 123456789
+#user_pin = "123456"
+#software_public_operations = false
+
+#[[provider]]
+#provider_type = "Tpm"
+#key_info_manager = "on-disk-manager"
+#tcti = "device:/dev/tpmrm0"
+#owner_hierarchy_auth = ""
diff --git a/parsec-0.6.0.tar.gz b/parsec-0.6.0.tar.gz
deleted file mode 100644
index 3f50f4f..0000000
--- a/parsec-0.6.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0c2585eb41c0667851223c99280142e05924338b937054967516df19a9c3e6dc
-size 815830
diff --git a/parsec-0.7.2.tar.gz b/parsec-0.7.2.tar.gz
new file mode 100644
index 0000000..980a002
--- /dev/null
+++ b/parsec-0.7.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:baa114fe0cadffccca3e8a29702c8482691e5ad44e823e317e04d33e7ef41c47
+size 837424
diff --git a/parsec.changes b/parsec.changes
index cbda27e..4ef8b69 100644
--- a/parsec.changes
+++ b/parsec.changes
@@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Thu Apr  1 10:19:21 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Make 'parsec' user part of 'tss' group to access /dev/tpm* devices
+
+-------------------------------------------------------------------
+Wed Mar 31 16:02:31 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Update to 0.7.2:
+  * Changelog: https://github.com/parallaxsecond/parsec/compare/0.6.0...0.7.2
+
+-------------------------------------------------------------------
+Tue Mar 30 13:20:44 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Recommends 'softhsm' as it is used by PKCS#11 backend
+- Recommends 'opensc' as it is used to initialize HSM keys (PKCS#11 backend)
+- Add PKCS#11 template (disabled) in config.toml
+- Disable Tpm backend by default in config.toml
+
 -------------------------------------------------------------------
 Fri Nov 13 14:19:05 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
 
diff --git a/parsec.spec b/parsec.spec
index 44142d7..74bf9e8 100644
--- a/parsec.spec
+++ b/parsec.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package parsec
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -15,12 +15,13 @@
 # Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
+
 %global rustflags '-Clink-arg=-Wl,-z,relro,-z,now'
 # Features available: mbed-crypto-provider, pkcs11-provider, tpm-provider, all-providers
 %define features "all-providers"
 %{?systemd_ordering}
 Name:           parsec
-Version:        0.6.0
+Version:        0.7.2
 Release:        0
 Summary:        Platform AbstRaction for SECurity
 License:        Apache-2.0
@@ -36,28 +37,34 @@ BuildRequires:  cargo
 BuildRequires:  clang-devel
 BuildRequires:  cmake
 BuildRequires:  llvm-devel
-BuildRequires:  protobuf-devel
 BuildRequires:  pkgconfig
-BuildRequires:  pkgconfig(tss2-esys) >= 2.3.3
+BuildRequires:  protobuf-devel
 BuildRequires:  python3
 BuildRequires:  rust-packaging
 BuildRequires:  sysuser-tools
+BuildRequires:  pkgconfig(tss2-esys) >= 2.3.3
+# opensc is used to initialize HSM keys (PKCS#11 backend)
+Recommends:     opensc
+# softhsm is used by PKCS#11 backend
+Recommends:     softhsm
 %sysusers_requires
+# /dev/tpm* are owned by tss user
+Requires(pre):  system-user-tss
 ExcludeArch:    armv6l armv6hl
 
 %description
 PARSEC is the Platform AbstRaction for SECurity, an open-source initiative to provide
 a common API to hardware security and cryptographic services in a platform-agnostic way.
-This abstraction layer keeps workloads decoupled from physical platform details, 
+This abstraction layer keeps workloads decoupled from physical platform details,
 enabling cloud-native delivery flows within the data center and at the edge.
 
-
 %prep
 %setup -qa1
-mkdir .cargo
+rm -rf .cargo && mkdir .cargo
 cp %{SOURCE2} .cargo/config
-sed -i -e 's#default = \[\]##' Cargo.toml
-echo 'default = ["all-providers"]' >> Cargo.toml
+# Enable all providers
+sed -i -e 's#default = \["unix-peer-credentials-authenticator"\]##' Cargo.toml
+echo 'default = ["unix-peer-credentials-authenticator", "all-providers"]' >> Cargo.toml
 
 %build
 export PROTOC=%{_bindir}/protoc
diff --git a/system-user-parsec.conf b/system-user-parsec.conf
index c443261..dd279cf 100644
--- a/system-user-parsec.conf
+++ b/system-user-parsec.conf
@@ -3,4 +3,5 @@ g parsec -
 g parsec-clients - 
 g tss - 
 u parsec - "PARSEC" /etc/parsec
-m parsec lock
\ No newline at end of file
+m parsec lock
+m parsec tss
\ No newline at end of file
diff --git a/vendor.tar.xz b/vendor.tar.xz
index 87e7260..11233cd 100644
--- a/vendor.tar.xz
+++ b/vendor.tar.xz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:3e8a9595e1622a9684ee690788120edbfa8cbf6dd7794eb13f0824bae547c9f1
-size 15581964
+oid sha256:52db05370be4cd68810011da087965bd267731e298df1620667179225eecb505
+size 27078988