From d8388a07357ee1cda5b27e6e7fdc0c87aa713f21f078d379d84b03910e9125d6 Mon Sep 17 00:00:00 2001 From: Guillaume GARDET <guillaume.gardet@opensuse.org> Date: Mon, 27 Sep 2021 12:13:40 +0000 Subject: [PATCH] Accepting request 921728 from home:Guillaume_G:branches:security - Allow access to /run/parsec to all users - Requires rust 1.53+ (now also available in 15.3/15-SP3 via Update) which allow to enable same features accross distros OBS-URL: https://build.opensuse.org/request/show/921728 OBS-URL: https://build.opensuse.org/package/show/security/parsec?expand=0&rev=13 --- parsec.changes | 7 +++++++ parsec.conf | 2 +- parsec.spec | 12 +++--------- 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/parsec.changes b/parsec.changes index a3f0c0f..732b582 100644 --- a/parsec.changes +++ b/parsec.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Sep 27 10:18:08 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org> + +- Allow access to /run/parsec to all users +- Requires rust 1.53+ (now also available in 15.3/15-SP3 via Update) + which allow to enable same features accross distros + ------------------------------------------------------------------- Fri Aug 6 07:01:27 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org> diff --git a/parsec.conf b/parsec.conf index 875d551..e2ac5c3 100644 --- a/parsec.conf +++ b/parsec.conf @@ -1,3 +1,3 @@ #Type Path Mode User Group Age Argument -d /run/parsec 750 parsec parsec-clients - - +d /run/parsec 777 parsec parsec-clients - - diff --git a/parsec.spec b/parsec.spec index 96fca40..57eb534 100644 --- a/parsec.spec +++ b/parsec.spec @@ -40,6 +40,8 @@ BuildRequires: llvm-devel BuildRequires: pkgconfig BuildRequires: protobuf-devel BuildRequires: python3 +# jwt-svid-authenticator (SPIFFE-based authenticator) needs rust >= 1.53 +BuildRequires: rust >= 1.53 BuildRequires: rust-packaging BuildRequires: sysuser-tools BuildRequires: pkgconfig(tss2-esys) >= 2.3.3 @@ -71,16 +73,8 @@ sed -i -e 's#default = \["unix-peer-credentials-authenticator"\]##' Cargo.toml # Features available in 0.8.0: # all-providers = ["tpm-provider", "pkcs11-provider", "mbed-crypto-provider", "cryptoauthlib-provider", "trusted-service-provider"] # all-authenticators = ["direct-authenticator", "unix-peer-credentials-authenticator", "jwt-svid-authenticator"] -%if 0%{suse_version} > 1500 -# Tumbleweed -# Disable "trusted-service-provider" until we have a trusted-services package +# But disable "trusted-service-provider" until we have a trusted-services package echo 'default = ["tpm-provider", "pkcs11-provider", "mbed-crypto-provider", "cryptoauthlib-provider", "all-authenticators"]' >> Cargo.toml -%else -# Leap/SLE -# Disable jwt-svid-authenticator (SPIFFE-based authenticator) as it cannot be compiled with rust 1.43.1 -# Disable "trusted-service-provider" until we have a trusted-services package -echo 'default = ["direct-authenticator", "unix-peer-credentials-authenticator", "tpm-provider", "pkcs11-provider", "mbed-crypto-provider", "cryptoauthlib-provider"]' >> Cargo.toml -%endif %build export PROTOC=%{_bindir}/protoc