- Rebase bindgen.patch and upstream the change
- Rebase keylime-agent.conf.diff
- Store the configuration file in /usr/etc/keylime/agent.conf
- Fix keylime user creation
- Drop webapp service port in firewall XML service file
- Update to version 0.1.0+git.1663769444.6318234:
* Update comments in the configuration file
* config: Align config locations with the python components
* config: Add configuration file version
* config: Add back support for KEYLIME_DIR env var
* Change configuration format to TOML
* Add support for using passphrase protected key
* Do not try to load TPM data generated by another TPM
* Allow using existing key and certificate
* Remove the agent TPM data from the config struct
* Rename the configuration options
* Use password to generate EK when provided
* Add tpm_ownerpassword option to keylime.conf
* Add cargo audit to CI static tests
* Add agent and faked_measured_boot_log tests context
* Appease clippy
OBS-URL: https://build.opensuse.org/request/show/1006459
OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=26
- Update to version 0.1.0+git.1655384301.b834667:
* Update fmf plans to run test with IMA policy
* .github/dependabot.yml: prevent updates that require manifest change
- Add logrotate configuration for the agent service
- Requires libtss2-tcti-device0 to interact with the real device
- Drop legacy Python subpackage and feature
- Move conflicts into the Python version
- Drop CFSSL port from the keylime.xml firewalld rules
OBS-URL: https://build.opensuse.org/request/show/984413
OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=15
- Add generate-cargo-lock-file.patch to fix the build system in OBS
- Add keylime.conf.diff to adjust the default config file
- Adjust build requirements
- Add firewalld XML rules
- Add systemd keylime_agent.service
- Fix license tag
- Update to version 0.0.1+git.1626706730.a009476:
* libarchive-devel is needed to build on Fedora
* Accept sets of U and V keys; use new Key types
* Output mask info
* Fix for race condition bug
* Do not resend pubkey to CV after attestation
* Run payload script from a shell
* Write out data and run payload
* Decrypt payload after key handlers find symm key
* Add handler for U and V keys
* Add helper functions for handling U and V keys
* Some TPM fixes for IMA PCR validation
* Do not flush AK context as this causes an error
* Fix bug in revocation service
* Drop references to vmask
* Better documentation of consts
* Do not fail if EK cert is not present in TPM NV
* Add more verbose logging to better match Python agent
* Remove verify stub as we are not using it
* tests: Don't pass --allow-signing to swtpm_setup
* Fix typos
* Add dependency for libzmq3-dev / zeromq-devel
* Fix new clippy lints
* Add handling for Identity and Integrity quotes
* Add Quote functionality
* Add marshaling functions for TPM structs
OBS-URL: https://build.opensuse.org/request/show/908894
OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=3
