commit e83954ae8f4e3f8502c2ebd330994a5c45db96fd65d1d27d1b331f4b5037f956 Author: Marcus Meissner Date: Tue Nov 3 08:16:41 2020 +0000 Accepting request 844364 from home:Guillaume_G parsec service OBS-URL: https://build.opensuse.org/request/show/844364 OBS-URL: https://build.opensuse.org/package/show/security/parsec?expand=0&rev=1 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_service b/_service new file mode 100644 index 0000000..f9f6fd9 --- /dev/null +++ b/_service @@ -0,0 +1,5 @@ + + + xz + + diff --git a/cargo_config b/cargo_config new file mode 100644 index 0000000..5f8057b --- /dev/null +++ b/cargo_config @@ -0,0 +1,8 @@ +[source.crates-io] +replace-with = "vendored-sources" + +[source.vendored-sources] +directory = "vendor" + +[term] +verbose = true \ No newline at end of file diff --git a/config.toml b/config.toml new file mode 100644 index 0000000..c96c94d --- /dev/null +++ b/config.toml @@ -0,0 +1,24 @@ +# See a more complete example in /usr/shar/doc/parsec/config.toml +[core_settings] + +[listener] +listener_type = "DomainSocket" +timeout = 200 # in milliseconds + +[authenticator] +auth_type = "UnixPeerCredentials" + +[[key_manager]] +name = "on-disk-manager" +manager_type = "OnDisk" + +[[provider]] +# provider_type: `MbedCrypto`, `Pkcs11`, `Tpm` +provider_type = "MbedCrypto" +key_info_manager = "on-disk-manager" + +[[provider]] +provider_type = "Tpm" +key_info_manager = "on-disk-manager" +tcti = "device:/dev/tpmrm0" +owner_hierarchy_auth = "" diff --git a/parsec-0.6.0.tar.gz b/parsec-0.6.0.tar.gz new file mode 100644 index 0000000..3f50f4f --- /dev/null +++ b/parsec-0.6.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0c2585eb41c0667851223c99280142e05924338b937054967516df19a9c3e6dc +size 815830 diff --git a/parsec.changes b/parsec.changes new file mode 100644 index 0000000..91e6d5f --- /dev/null +++ b/parsec.changes @@ -0,0 +1,13 @@ +------------------------------------------------------------------- +Fri Oct 23 15:10:32 UTC 2020 - Guillaume GARDET + +- Update to 0.6.0 +- Update config.toml +- Add patch: + * pkcs11-libloading-issue.patch + +------------------------------------------------------------------- +Fri Oct 16 16:07:51 UTC 2020 - Guillaume GARDET + +- Initiale version 0.5.0 + diff --git a/parsec.conf b/parsec.conf new file mode 100644 index 0000000..875d551 --- /dev/null +++ b/parsec.conf @@ -0,0 +1,3 @@ +#Type Path Mode User Group Age Argument +d /run/parsec 750 parsec parsec-clients - - + diff --git a/parsec.service b/parsec.service new file mode 100644 index 0000000..0e708c1 --- /dev/null +++ b/parsec.service @@ -0,0 +1,15 @@ +[Unit] +Description=Parsec Service +Documentation=https://parallaxsecond.github.io/parsec-book/parsec_service/install_parsec_linux.html + +[Service] +Type=notify +KillMode=process +Restart=on-failure +WorkingDirectory=/var/lib/parsec +ExecStart=/usr/libexec/parsec -c /etc/parsec/config.toml +User=parsec +Group=parsec + +[Install] +WantedBy=default.target \ No newline at end of file diff --git a/parsec.spec b/parsec.spec new file mode 100644 index 0000000..c475b20 --- /dev/null +++ b/parsec.spec @@ -0,0 +1,118 @@ +# +# spec file for package parsec +# +# Copyright (c) 2020 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + +%global rustflags '-Clink-arg=-Wl,-z,relro,-z,now' +# Features available: mbed-crypto-provider, pkcs11-provider, tpm-provider, all-providers +%define features "mbed-crypto-provider,tpm-provider" +%{?systemd_ordering} +Name: parsec +Version: 0.6.0 +Release: 0 +Summary: Platform AbstRaction for SECurity +License: Apache-2.0 +URL: https://parallaxsecond.github.io/parsec-book +Source0: https://github.com/parallaxsecond/parsec/archive/%{version}.tar.gz#/parsec-%{version}.tar.gz +Source1: vendor.tar.xz +Source2: cargo_config +Source3: parsec.service +Source4: config.toml +Source5: parsec.conf +Source6: system-user-parsec.conf +# Borrowed from Fedora - https://src.fedoraproject.org/rpms/parsec/blob/master/f/pkcs11-libloading-issue.patch +Patch1: pkcs11-libloading-issue.patch +BuildRequires: cargo +BuildRequires: clang-devel +BuildRequires: cmake +BuildRequires: llvm-devel +BuildRequires: protobuf-devel +BuildRequires: pkcs11-helper-devel +BuildRequires: pkgconfig +BuildRequires: pkgconfig(tss2-esys) >= 2.3.3 +BuildRequires: python3 +BuildRequires: rust-packaging +BuildRequires: sysuser-tools +%sysusers_requires +ExcludeArch: armv6l armv6hl + +%description +PARSEC is the Platform AbstRaction for SECurity, an open-source initiative to provide +a common API to hardware security and cryptographic services in a platform-agnostic way. +This abstraction layer keeps workloads decoupled from physical platform details, +enabling cloud-native delivery flows within the data center and at the edge. + + +%prep +%setup -qa1 +%patch1 -p1 +mkdir .cargo +cp %{SOURCE2} .cargo/config +sed -i -e 's#default = \[\]##' Cargo.toml +echo 'default = ["tpm-provider", "mbed-crypto-provider"]' >> Cargo.toml + +%build +export PROTOC=%{_bindir}/protoc +export PROTOC_INCLUDE=%{_includedir} +%cargo_build -- --features=%features +%sysusers_generate_pre %{SOURCE6} parsec + +%install +export PROTOC=%{_bindir}/protoc +export PROTOC_INCLUDE=%{_includedir} +%cargo_install +mkdir -p %{buildroot}%{_sysusersdir} +install -m 0644 %{SOURCE6} %{buildroot}%{_sysusersdir}/ +install -D -p -m0644 %{SOURCE3} %{buildroot}%{_unitdir}/parsec.service +install -D -p -m0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/parsec/config.toml +install -D -p -m0644 %{SOURCE5} %{buildroot}%{_tmpfilesdir}/parsec.conf +install -d -m0755 %{buildroot}%{_localstatedir}/lib/parsec +# Move parsec to _libexecdir +mkdir -p %{buildroot}%{_libexecdir} +mv target/release/parsec %{buildroot}%{_libexecdir} +# Clean-up +find %{buildroot} -name .crates2.json -delete +rm -rf %{buildroot}%{_datadir}/cargo/registry + +%check +export PROTOC=%{_bindir}/protoc +export PROTOC_INCLUDE=%{_includedir} +%cargo_test -- --lib --features=%features + +%pre -f parsec.pre +%service_add_pre parsec.service + +%post +%service_add_post parsec.service +%tmpfiles_create %_tmpfilesdir/parsec.conf + +%preun +%service_del_preun parsec.service + +%postun +%service_del_postun parsec.service + +%files +%license LICENSE +%doc README.md config.toml +%attr(0750,parsec,parsec) %dir %{_sysconfdir}/parsec/ +%attr(0750,parsec,parsec) %dir %{_localstatedir}/lib/parsec/ +%attr(0644,parsec,parsec) %config(noreplace) %{_sysconfdir}/parsec/config.toml +%{_libexecdir}/parsec +%{_tmpfilesdir}/parsec.conf +%{_unitdir}/parsec.service +%{_sysusersdir}/system-user-parsec.conf + +%changelog diff --git a/pkcs11-libloading-issue.patch b/pkcs11-libloading-issue.patch new file mode 100644 index 0000000..6f542b3 --- /dev/null +++ b/pkcs11-libloading-issue.patch @@ -0,0 +1,16 @@ +diff --git a/src/providers/pkcs11/utils.rs b/src/providers/pkcs11/utils.rs +index 7f51e8d..1755226 100644 +--- a/src/providers/pkcs11/utils.rs ++++ b/src/providers/pkcs11/utils.rs +@@ -284,7 +284,10 @@ impl CkMechanism { + /// of memory, hardware failure, corruption detection, lack of entropy and unsupported operations. + pub fn to_response_status(error: Error) -> ResponseStatus { + match error { +- Error::Io(e) => ResponseStatus::from(e), ++ Error::LibraryLoading{err} => { ++ format_error!("PKCS11 error to PsaErrorCommunicationFailure", err); ++ ResponseStatus::PsaErrorCommunicationFailure ++ }, + Error::Module(e) | Error::InvalidInput(e) => { + format_error!("Conversion of error to PsaErrorCommunicationFailure", e); + ResponseStatus::PsaErrorCommunicationFailure diff --git a/system-user-parsec.conf b/system-user-parsec.conf new file mode 100644 index 0000000..c443261 --- /dev/null +++ b/system-user-parsec.conf @@ -0,0 +1,6 @@ +# Type Name ID GECOS [HOME] +g parsec - +g parsec-clients - +g tss - +u parsec - "PARSEC" /etc/parsec +m parsec lock \ No newline at end of file diff --git a/vendor.tar.xz b/vendor.tar.xz new file mode 100644 index 0000000..87e7260 --- /dev/null +++ b/vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3e8a9595e1622a9684ee690788120edbfa8cbf6dd7794eb13f0824bae547c9f1 +size 15581964