From 8d3be32d1febdb61cdc0495c5476183cf1cc1eb570fb9e47432c0a4815dc02cc Mon Sep 17 00:00:00 2001 From: Alberto Planas Dominguez Date: Tue, 22 Feb 2022 13:05:07 +0000 Subject: [PATCH] Accepting request 956709 from home:aplanas:branches:security - Update to version 0.1.0+git.1645023877.811a869: * Make clippy happy. * Add a --help message. * Depend on Rust-TSS-ESAPI 7.0.0 stable * main: Return error on initialization if python shim is missing * common: Add hardcoded config defaults for revocation * main: Add execution permissions to revocation actions * revocation: Log revocation actions output * revocation: Fix get_revocation_cert_path() comment * gitignore: Add filters for some temporary files * revocation: Do not ignore revocation actions from config * revocation: Implement python actions support * tests: Implement proof-of-concept python shim * revocation: Implement lookup_action() function * common: Add revocation actions configurations * revocation: Enforce local action naming restriction * revocation: Remove duplicate logger initialization * crypto: unfiy import_x509 and load_x509 * update Cargo.lock * common: update API version to v2.0 * tpm: drop zlib compression in quotes * run agent webserver with mTLS enabled and add mtls_cert to registrar * crypto: load and generate X509 certificates, mTLS context generation * keylime.conf: add setting for Keylime CA * Bump tss-esapi crate to 7.0.0-beta.1 * Update to fix typo * Use Path and PathBuf consistently to represent paths * Bump versions of some dependencies * quotes_handler: Check quotes in tests * tpm: Remove hard-coded struct sizes with std::mem::size_of * tpm: Let compiler to infer arch-dependent integer types * Use CString as the first argument of libc::chown * keys_handler: Add API to get public key (#284) * crypto: Fix algorithms used for revocation signature (#275) * revocation: Use revocation certificate set by configuration (#300) * common: Add revocation_cert to the global configuration structure * ima_emulator: Fix running hash calculation on resumption * keys_handler: Add test with encrypted payload * main: Use condition variable to wait for payload encryption key * main: Use Option to represent a combined key * main: Redefine KeySet as a vector * keys_handler, main: Move crypto operations to crypto module * keys_handler: Make use of type safe payload deserialization * Remove unused imports * Remove duplicate CODEOWNERS file * Remove panic when running rev action * move global configuration into a single struct * Add codeowners OBS-URL: https://build.opensuse.org/request/show/956709 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=9 --- _servicedata | 2 +- cargo_config | 4 -- ...eylime-0.1.0+git.1641587454.1248597.tar.xz | 3 -- ...eylime-0.1.0+git.1645023877.811a869.tar.xz | 3 ++ rust-keylime.changes | 52 +++++++++++++++++++ rust-keylime.spec | 2 +- vendor.tar.xz | 4 +- 7 files changed, 59 insertions(+), 11 deletions(-) delete mode 100644 rust-keylime-0.1.0+git.1641587454.1248597.tar.xz create mode 100644 rust-keylime-0.1.0+git.1645023877.811a869.tar.xz diff --git a/_servicedata b/_servicedata index dc050ac..d4477a4 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://github.com/keylime/rust-keylime.git - 124859731fd5646005802c64bf2d26734bf2b28b \ No newline at end of file + 811a869a618cd21067a69979ad4c3663d630c9f7 \ No newline at end of file diff --git a/cargo_config b/cargo_config index e2342c9..97852b5 100644 --- a/cargo_config +++ b/cargo_config @@ -1,9 +1,5 @@ [source.crates-io] replace-with = "vendored-sources" -[source."https://github.com/parallaxsecond/rust-tss-esapi.git"] -git = "https://github.com/parallaxsecond/rust-tss-esapi.git" -replace-with = "vendored-sources" - [source.vendored-sources] directory = "vendor" diff --git a/rust-keylime-0.1.0+git.1641587454.1248597.tar.xz b/rust-keylime-0.1.0+git.1641587454.1248597.tar.xz deleted file mode 100644 index 3c2528b..0000000 --- a/rust-keylime-0.1.0+git.1641587454.1248597.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:48b36f8cf6d5f70584d512011f6289cd2c29276e0ae3ee5a91ca10de117c78e5 -size 99924 diff --git a/rust-keylime-0.1.0+git.1645023877.811a869.tar.xz b/rust-keylime-0.1.0+git.1645023877.811a869.tar.xz new file mode 100644 index 0000000..db76094 --- /dev/null +++ b/rust-keylime-0.1.0+git.1645023877.811a869.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:94c1b05120c3a6811dc46f1f5be833d2c3a16f83283f2fdbf506447b5a643d89 +size 108236 diff --git a/rust-keylime.changes b/rust-keylime.changes index 599b03e..1e2de92 100644 --- a/rust-keylime.changes +++ b/rust-keylime.changes @@ -1,3 +1,55 @@ +------------------------------------------------------------------- +Tue Feb 22 12:34:16 UTC 2022 - aplanas@suse.com + +- Update to version 0.1.0+git.1645023877.811a869: + * Make clippy happy. + * Add a --help message. + * Depend on Rust-TSS-ESAPI 7.0.0 stable + * main: Return error on initialization if python shim is missing + * common: Add hardcoded config defaults for revocation + * main: Add execution permissions to revocation actions + * revocation: Log revocation actions output + * revocation: Fix get_revocation_cert_path() comment + * gitignore: Add filters for some temporary files + * revocation: Do not ignore revocation actions from config + * revocation: Implement python actions support + * tests: Implement proof-of-concept python shim + * revocation: Implement lookup_action() function + * common: Add revocation actions configurations + * revocation: Enforce local action naming restriction + * revocation: Remove duplicate logger initialization + * crypto: unfiy import_x509 and load_x509 + * update Cargo.lock + * common: update API version to v2.0 + * tpm: drop zlib compression in quotes + * run agent webserver with mTLS enabled and add mtls_cert to registrar + * crypto: load and generate X509 certificates, mTLS context generation + * keylime.conf: add setting for Keylime CA + * Bump tss-esapi crate to 7.0.0-beta.1 + * Update to fix typo + * Use Path and PathBuf consistently to represent paths + * Bump versions of some dependencies + * quotes_handler: Check quotes in tests + * tpm: Remove hard-coded struct sizes with std::mem::size_of + * tpm: Let compiler to infer arch-dependent integer types + * Use CString as the first argument of libc::chown + * keys_handler: Add API to get public key (#284) + * crypto: Fix algorithms used for revocation signature (#275) + * revocation: Use revocation certificate set by configuration (#300) + * common: Add revocation_cert to the global configuration structure + * ima_emulator: Fix running hash calculation on resumption + * keys_handler: Add test with encrypted payload + * main: Use condition variable to wait for payload encryption key + * main: Use Option to represent a combined key + * main: Redefine KeySet as a vector + * keys_handler, main: Move crypto operations to crypto module + * keys_handler: Make use of type safe payload deserialization + * Remove unused imports + * Remove duplicate CODEOWNERS file + * Remove panic when running rev action + * move global configuration into a single struct + * Add codeowners + ------------------------------------------------------------------- Mon Jan 10 13:06:42 UTC 2022 - aplanas@suse.com diff --git a/rust-keylime.spec b/rust-keylime.spec index b9390d2..a59efb5 100644 --- a/rust-keylime.spec +++ b/rust-keylime.spec @@ -18,7 +18,7 @@ %global rustflags '-Clink-arg=-Wl,-z,relro,-z,now' Name: rust-keylime -Version: 0.1.0+git.1641587454.1248597 +Version: 0.1.0+git.1645023877.811a869 Release: 0 Summary: Rust implementation of the keylime agent License: Apache-2.0 AND MIT diff --git a/vendor.tar.xz b/vendor.tar.xz index f99cfa4..a50efe7 100644 --- a/vendor.tar.xz +++ b/vendor.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:941961ebcf6380eb86a2626b46c3a79c5b27ca07645a40c76e18fbd12d275a42 -size 15901920 +oid sha256:a2dee61ae8bc920f8247890f43cc75ca314b3c9b31e28015ba1d224af7271542 +size 16956876