From 747332bc194b31edcf94155a61c01ec4ed9e66e4c02d4ada8cca2706f5ca2735 Mon Sep 17 00:00:00 2001 From: Guillaume GARDET Date: Wed, 14 Apr 2021 15:57:17 +0000 Subject: [PATCH] Accepting request 885427 from home:Guillaume_G:branches:security - Requires 'tpm2-0-tss' as it holds the udev rule to make /dev/tpm* owned by tss user - Requires 'libtss2-tcti-device0' as it is required to start parsec with TPM support - Enable all authenticators which adds 'direct-authenticator' - Add CryptoAuthLib template (disabled) in config.toml OBS-URL: https://build.opensuse.org/request/show/885427 OBS-URL: https://build.opensuse.org/package/show/security/parsec?expand=0&rev=8 --- cargo_config | 2 +- config.toml | 8 ++++++++ parsec.changes | 14 ++++++++++++++ parsec.spec | 14 ++++++++++---- 4 files changed, 33 insertions(+), 5 deletions(-) diff --git a/cargo_config b/cargo_config index 6fb4ff4..97852b5 100644 --- a/cargo_config +++ b/cargo_config @@ -2,4 +2,4 @@ replace-with = "vendored-sources" [source.vendored-sources] -directory = "vendor" \ No newline at end of file +directory = "vendor" diff --git a/config.toml b/config.toml index f85f9d8..e563599 100644 --- a/config.toml +++ b/config.toml @@ -29,3 +29,11 @@ key_info_manager = "on-disk-manager" #key_info_manager = "on-disk-manager" #tcti = "device:/dev/tpmrm0" #owner_hierarchy_auth = "" + +#[[provider]] +#provider_type = "CryptoAuthLib" +#key_info_manager = "on-disk-manager" +#device_type = "atecc508a" +#iface_type = "i2c" +#wake_delay = 1500 +#rx_retries = 20 diff --git a/parsec.changes b/parsec.changes index 71f42b3..72a7ecf 100644 --- a/parsec.changes +++ b/parsec.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Wed Apr 14 14:54:32 UTC 2021 - Guillaume GARDET + +- Requires 'tpm2-0-tss' as it holds the udev rule to make /dev/tpm* + owned by tss user +- Requires 'libtss2-tcti-device0' as it is required to start parsec + with TPM support + +------------------------------------------------------------------- +Wed Apr 7 07:42:24 UTC 2021 - Guillaume GARDET + +- Enable all authenticators which adds 'direct-authenticator' +- Add CryptoAuthLib template (disabled) in config.toml + ------------------------------------------------------------------- Thu Apr 1 10:19:21 UTC 2021 - Guillaume GARDET diff --git a/parsec.spec b/parsec.spec index c432dc3..a0b4cb3 100644 --- a/parsec.spec +++ b/parsec.spec @@ -17,8 +17,10 @@ %global rustflags '-Clink-arg=-Wl,-z,relro,-z,now' -# Features available: mbed-crypto-provider, pkcs11-provider, tpm-provider, all-providers -%define features "all-providers" +# Features available: +# all-providers = ["tpm-provider", "pkcs11-provider", "mbed-crypto-provider", "cryptoauthlib-provider"] +# all-authenticators = ["direct-authenticator", "unix-peer-credentials-authenticator"] +%define features "all-authenticators,all-providers" %{?systemd_ordering} Name: parsec Version: 0.7.2 @@ -48,6 +50,10 @@ Recommends: opensc %sysusers_requires # /dev/tpm* are owned by tss user Requires(pre): system-user-tss +# tpm2-0-tss holds the udev rule to make /dev/tpm* owned by tss user +Requires: tpm2-0-tss +# Without libtss2-tcti-device0 parsec fails to start TPM properly +Requires: libtss2-tcti-device0 ExcludeArch: armv6l armv6hl %description @@ -57,12 +63,12 @@ This abstraction layer keeps workloads decoupled from physical platform details, enabling cloud-native delivery flows within the data center and at the edge. %prep -%setup -qa1 +%autosetup -p1 -a1 rm -rf .cargo && mkdir .cargo cp %{SOURCE2} .cargo/config # Enable all providers sed -i -e 's#default = \["unix-peer-credentials-authenticator"\]##' Cargo.toml -echo 'default = ["unix-peer-credentials-authenticator", "all-providers"]' >> Cargo.toml +echo 'default = ["all-authenticators", "all-providers"]' >> Cargo.toml %build export PROTOC=%{_bindir}/protoc