Accepting request 921728 from home:Guillaume_G:branches:security

- Allow access to /run/parsec to all users - Requires rust 1.53+ (now also available in 15.3/15-SP3 via Update) which allow to enable same features accross distros OBS-URL: https://build.opensuse.org/request/show/921728 OBS-URL: https://build.opensuse.org/package/show/security/parsec?expand=0&rev=13
2021-09-27 12:13:40 +00:00 · 2021-09-27 12:13:40 +00:00 · d8388a0735
commit d8388a0735
parent 663a30d392
3 changed files with 11 additions and 10 deletions
--- a/parsec.changes
+++ b/parsec.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Sep 27 10:18:08 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Allow access to /run/parsec to all users
+- Requires rust 1.53+ (now also available in 15.3/15-SP3 via Update)
+  which allow to enable same features accross distros
+
 -------------------------------------------------------------------
 Fri Aug  6 07:01:27 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>

--- a/parsec.conf
+++ b/parsec.conf
@ -1,3 +1,3 @@
 #Type   Path          Mode User   Group            Age         Argument
-d       /run/parsec   750  parsec parsec-clients   -           -
+d       /run/parsec   777  parsec parsec-clients   -           -

--- a/parsec.spec
+++ b/parsec.spec
@ -40,6 +40,8 @@ BuildRequires:  llvm-devel
 BuildRequires:  pkgconfig
 BuildRequires:  protobuf-devel
 BuildRequires:  python3
+# jwt-svid-authenticator (SPIFFE-based authenticator) needs rust >= 1.53
+BuildRequires:  rust >= 1.53
 BuildRequires:  rust-packaging
 BuildRequires:  sysuser-tools
 BuildRequires:  pkgconfig(tss2-esys) >= 2.3.3
@ -71,16 +73,8 @@ sed -i -e 's#default = \["unix-peer-credentials-authenticator"\]##' Cargo.toml
 # Features available in 0.8.0:
 # all-providers = ["tpm-provider", "pkcs11-provider", "mbed-crypto-provider", "cryptoauthlib-provider", "trusted-service-provider"]
 # all-authenticators = ["direct-authenticator", "unix-peer-credentials-authenticator", "jwt-svid-authenticator"]
-%if 0%{suse_version} > 1500
-# Tumbleweed
-# Disable "trusted-service-provider" until we have a trusted-services package
+# But disable "trusted-service-provider" until we have a trusted-services package
 echo 'default = ["tpm-provider", "pkcs11-provider", "mbed-crypto-provider", "cryptoauthlib-provider", "all-authenticators"]' >> Cargo.toml
-%else
-# Leap/SLE
-# Disable jwt-svid-authenticator (SPIFFE-based authenticator) as it cannot be compiled with rust 1.43.1
-# Disable "trusted-service-provider" until we have a trusted-services package
-echo 'default = ["direct-authenticator", "unix-peer-credentials-authenticator", "tpm-provider", "pkcs11-provider", "mbed-crypto-provider", "cryptoauthlib-provider"]' >> Cargo.toml
-%endif

 %build
 export PROTOC=%{_bindir}/protoc