Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package parsec for openSUSE:Factory checked in at 2024-11-30 13:31:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/parsec (Old) and /work/SRC/openSUSE:Factory/.parsec.new.28523 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "parsec" Sat Nov 30 13:31:57 2024 rev:25 rq:1227480 version:1.4.1 Changes: -------- --- /work/SRC/openSUSE:Factory/parsec/parsec.changes 2024-04-16 20:11:47.105961942 +0200 +++ /work/SRC/openSUSE:Factory/.parsec.new.28523/parsec.changes 2024-11-30 13:31:59.212054205 +0100 @@ -1,0 +2,10 @@ +Sat Nov 30 00:04:56 UTC 2024 - Rein Fernhout <[email protected]> + +- Do not add lock group to parsec +- Added a patch from upstream to fix a build error: + * 0001-Fix-unnecessary-qualifications-error.patch + +- Update to 1.4.1: + * Full changelog: https://github.com/parallaxsecond/parsec/compare/1.4.0...1.4.1 + +------------------------------------------------------------------- Old: ---- parsec-1.4.0.tar.gz New: ---- 0001-Fix-unnecessary-qualifications-error.patch parsec-1.4.1.tar.gz BETA DEBUG BEGIN: New:- Added a patch from upstream to fix a build error: * 0001-Fix-unnecessary-qualifications-error.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ parsec.spec ++++++ --- /var/tmp/diff_new_pack.9T4Yzh/_old 2024-11-30 13:32:00.248097358 +0100 +++ /var/tmp/diff_new_pack.9T4Yzh/_new 2024-11-30 13:32:00.252097524 +0100 @@ -17,11 +17,11 @@ %global rustflags '-Clink-arg=-Wl,-z,relro,-z,now' -%define archive_version 1.4.0 +%define archive_version 1.4.1 %{?systemd_ordering} Name: parsec -Version: 1.4.0 +Version: 1.4.1 Release: 0 Summary: Platform AbstRaction for SECurity License: Apache-2.0 @@ -33,9 +33,11 @@ Source5: parsec.conf Source6: system-user-parsec.conf Source10: https://git.trustedfirmware.org/TS/trusted-services.git/snapshot/trusted-services-389b506.tar.gz +Patch1: 0001-Fix-unnecessary-qualifications-error.patch BuildRequires: cargo >= 1.66 BuildRequires: clang-devel BuildRequires: cmake +BuildRequires: gcc-c++ BuildRequires: llvm-devel %if 0%{?suse_version} == 1500 # Fix build with GCC13 on Backports SLE15-SPx - Avoid to get -lstdc++ not found @@ -74,6 +76,7 @@ %prep %setup -q -a1 -a10 -n parsec-%{archive_version} +%autopatch -p1 rmdir trusted-services-vendor mv trusted-services-389b506 trusted-services-vendor # Enable all providers ++++++ 0001-Fix-unnecessary-qualifications-error.patch ++++++ >From 86d4d2ca2f1e873a29f9f4d4bba99fedee19a144 Mon Sep 17 00:00:00 2001 From: Gowtham Suresh Kumar <[email protected]> Date: Thu, 29 Aug 2024 17:10:06 +0100 Subject: [PATCH] Fix unnecessary qualifications error Signed-off-by: Gowtham Suresh Kumar <[email protected]> --- src/front/domain_socket.rs | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/front/domain_socket.rs b/src/front/domain_socket.rs index 9fb8a0c..a0effa5 100644 --- a/src/front/domain_socket.rs +++ b/src/front/domain_socket.rs @@ -239,15 +239,16 @@ pub mod peer_credentials { pub mod impl_linux { use super::UCred; use libc::{c_void, getsockopt, socklen_t, ucred, SOL_SOCKET, SO_PEERCRED}; + use std::io; + use std::mem::size_of; use std::os::unix::io::AsRawFd; use std::os::unix::net::UnixStream; - use std::{io, mem}; pub fn peer_cred(socket: &UnixStream) -> io::Result<UCred> { - let ucred_size = mem::size_of::<ucred>(); + let ucred_size = size_of::<ucred>(); // Trivial sanity checks. - assert!(mem::size_of::<u32>() <= mem::size_of::<usize>()); + assert!(size_of::<u32>() <= size_of::<usize>()); assert!(ucred_size <= u32::MAX as usize); let mut ucred_size = ucred_size as socklen_t; @@ -266,7 +267,7 @@ pub mod peer_credentials { &mut ucred_size, ); - if ret == 0 && ucred_size as usize == mem::size_of::<ucred>() { + if ret == 0 && ucred_size as usize == size_of::<ucred>() { Ok(UCred { uid: ucred.uid, gid: ucred.gid, -- 2.47.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.9T4Yzh/_old 2024-11-30 13:32:00.308099857 +0100 +++ /var/tmp/diff_new_pack.9T4Yzh/_new 2024-11-30 13:32:00.312100024 +0100 @@ -1,11 +1,11 @@ <services> <service name="cargo_vendor" mode="manual"> <param name="compression">xz</param> - <param name="srcdir">parsec-1.4.0</param> + <param name="srcdir">parsec-1.4.1</param> <param name="update">true</param> </service> <service name="cargo_audit" mode="manual"> - <param name="srcdir">parsec-1.4.0</param> + <param name="srcdir">parsec-1.4.1</param> </service> </services> ++++++ parsec-1.4.0.tar.gz -> parsec-1.4.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/parsec-1.4.0/.github/actions/build_export_docker/action.yml new/parsec-1.4.1/.github/actions/build_export_docker/action.yml --- old/parsec-1.4.0/.github/actions/build_export_docker/action.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/parsec-1.4.1/.github/actions/build_export_docker/action.yml 2024-05-15 19:08:57.000000000 +0200 @@ -0,0 +1,21 @@ +name: "Build and export docker image" +description: "Builds and exports the docker images required by Parsec CI" +inputs: + image-name: + required: true + description: "Docker image name" + +runs: + using: "composite" + steps: + - name: Build the docker container + run: pushd e2e_tests/docker_image && docker build -t ${{ inputs.image-name }} -f ${{ inputs.image-name }}.Dockerfile . && popd + shell: bash + - name: Export the docker container + run: docker save ${{ inputs.image-name }} > /tmp/${{ inputs.image-name }}.tar + shell: bash + - name: Upload artifact + uses: actions/upload-artifact@v3 + with: + name: ${{ inputs.image-name }} + path: /tmp/${{ inputs.image-name }}.tar diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/parsec-1.4.0/.github/workflows/ci.yml new/parsec-1.4.1/.github/workflows/ci.yml --- old/parsec-1.4.0/.github/workflows/ci.yml 2024-04-08 12:15:53.000000000 +0200 +++ new/parsec-1.4.1/.github/workflows/ci.yml 2024-05-15 19:08:57.000000000 +0200 @@ -5,30 +5,41 @@ pull_request: workflow_dispatch: inputs: - trigger_docker: + trigger_test_all_docker: description: "'parsec-service-test-all' if docker build should be triggered" required: false default: "" + trigger_test_cross_docker: + description: "'parsec-service-test-cross-compile' if docker build should be triggered" + required: false + default: "" env: - TEST_ALL_DOCKER_IMAGE: ${{ github.event.inputs.trigger_docker || 'ghcr.io/parallaxsecond/parsec-service-test-all' }} + TEST_ALL_DOCKER_IMAGE: ${{ github.event.inputs.trigger_test_all_docker || 'ghcr.io/parallaxsecond/parsec-service-test-all' }} + TEST_CROSS_DOCKER_IMAGE: ${{ github.event.inputs.trigger_test_cross_docker || 'ghcr.io/parallaxsecond/parsec-service-test-cross-compile' }} jobs: build-and-export-test-all-docker: runs-on: ubuntu-latest # For running this job we need to manually trigger the CI and set the variable - if: ${{ github.event.inputs.trigger_docker == 'parsec-service-test-all' }} + if: ${{ github.event.inputs.trigger_test_all_docker == 'parsec-service-test-all' }} steps: - uses: actions/checkout@v3 - - name: Build the docker container - run: pushd e2e_tests/docker_image && docker build -t parsec-service-test-all -f parsec-service-test-all.Dockerfile . && popd - - name: Export the docker container - run: docker save parsec-service-test-all > /tmp/parsec-service-test-all.tar - - name: Upload artifact - uses: actions/upload-artifact@v3 + - name: Build and Export Docker Image + uses: ./.github/actions/build_export_docker with: - name: parsec-service-test-all - path: /tmp/parsec-service-test-all.tar + image-name: "parsec-service-test-all" + + build-and-export-cross-compile-docker: + runs-on: ubuntu-latest + # For running this job we need to manually trigger the CI and set the variable + if: ${{ github.event.inputs.trigger_test_cross_docker == 'parsec-service-test-cross-compile' }} + steps: + - uses: actions/checkout@v3 + - name: Build and Export Docker Image + uses: ./.github/actions/build_export_docker + with: + image-name: "parsec-service-test-cross-compile" all-providers: name: Various tests targeting a Parsec image with all providers included @@ -165,13 +176,22 @@ # Currently only the Mbed Crypto, PKCS 11, and TPM providers are tested as the other ones need to cross-compile other libraries. name: Cross-compile Parsec to various targets runs-on: ubuntu-latest + if: ${{ always() }} + needs: [build-and-export-cross-compile-docker] steps: - - uses: actions/checkout@v2 - - name: Run the container to execute the test script - run: - docker run -v $(pwd):/tmp/parsec -w /tmp/parsec ghcr.io/parallaxsecond/parsec-service-test-cross-compile /tmp/parsec/test/cross-compile.sh - # When running the container built on the CI - # run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec -t parsec-service-test-cross-compile /tmp/parsec/test/cross-compile.sh + - uses: actions/checkout@v3 + - name: Load Docker + uses: ./.github/actions/load_docker + if: ${{ env.TEST_CROSS_DOCKER_IMAGE == 'parsec-service-test-cross-compile' }} + with: + image-name: "${{ env.TEST_CROSS_DOCKER_IMAGE }}" + image-path: "/tmp" + - name: Run the cross compiler tests using pre-built docker image + if: ${{ env.TEST_CROSS_DOCKER_IMAGE != 'parsec-service-test-cross-compile' }} + run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec ghcr.io/parallaxsecond/parsec-service-test-cross-compile /tmp/parsec/test/cross-compile.sh + - name: Run the cross compiler tests using image built on the CI + if: ${{ env.TEST_CROSS_DOCKER_IMAGE == 'parsec-service-test-cross-compile' }} + run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec "${{ env.TEST_CROSS_DOCKER_IMAGE }}" /tmp/parsec/test/cross-compile.sh links: name: Check links diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/parsec-1.4.0/CHANGELOG.md new/parsec-1.4.1/CHANGELOG.md --- old/parsec-1.4.0/CHANGELOG.md 2024-04-08 12:15:53.000000000 +0200 +++ new/parsec-1.4.1/CHANGELOG.md 2024-05-15 19:08:57.000000000 +0200 @@ -1,5 +1,28 @@ # Changelog +## [1.4.1](https://github.com/parallaxsecond/parsec/tree/1.4.1) (2024-05-14) + +[Full Changelog](https://github.com/parallaxsecond/parsec/compare/1.4.1-rc1...1.4.1) + +**Fixed bugs:** + +- e2e\_tests: Ignore different key test for RSA in pkcs11 [\#764](https://github.com/parallaxsecond/parsec/pull/764) ([tgonzalezorlandoarm](https://github.com/tgonzalezorlandoarm)) + +**Merged pull requests:** + +- Minor CI pipeline fixes [\#766](https://github.com/parallaxsecond/parsec/pull/766) ([gowthamsk-arm](https://github.com/gowthamsk-arm)) + +## [1.4.1-rc1](https://github.com/parallaxsecond/parsec/tree/1.4.1-rc1) (2024-05-10) + +[Full Changelog](https://github.com/parallaxsecond/parsec/compare/1.4.0...1.4.1-rc1) + +**Merged pull requests:** + +- Revert "Test patch for cross-compiler docker image" [\#767](https://github.com/parallaxsecond/parsec/pull/767) ([gowthamsk-arm](https://github.com/gowthamsk-arm)) +- Use v1.0.0 release of trusted services [\#765](https://github.com/parallaxsecond/parsec/pull/765) ([gowthamsk-arm](https://github.com/gowthamsk-arm)) +- Adds support to build and test the cross-compiler docker images. [\#762](https://github.com/parallaxsecond/parsec/pull/762) ([gowthamsk-arm](https://github.com/gowthamsk-arm)) +- Minor fixes [\#760](https://github.com/parallaxsecond/parsec/pull/760) ([gowthamsk-arm](https://github.com/gowthamsk-arm)) + ## [1.4.0](https://github.com/parallaxsecond/parsec/tree/1.4.0) (2024-03-28) [Full Changelog](https://github.com/parallaxsecond/parsec/compare/1.4.0-rc2...1.4.0) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/parsec-1.4.0/Cargo.lock new/parsec-1.4.1/Cargo.lock --- old/parsec-1.4.0/Cargo.lock 2024-04-08 12:15:53.000000000 +0200 +++ new/parsec-1.4.1/Cargo.lock 2024-05-15 19:08:57.000000000 +0200 @@ -1100,7 +1100,7 @@ [[package]] name = "parsec-service" -version = "1.4.0" +version = "1.4.1" dependencies = [ "anyhow", "base64 0.21.4", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/parsec-1.4.0/Cargo.toml new/parsec-1.4.1/Cargo.toml --- old/parsec-1.4.0/Cargo.toml 2024-04-08 12:15:53.000000000 +0200 +++ new/parsec-1.4.1/Cargo.toml 2024-05-15 19:08:57.000000000 +0200 @@ -1,6 +1,6 @@ [package] name = "parsec-service" -version = "1.4.0" +version = "1.4.1" authors = ["Parsec Project Contributors"] description = "A language-agnostic API to secure services in a platform-agnostic way" license = "Apache-2.0" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/parsec-1.4.0/build.rs new/parsec-1.4.1/build.rs --- old/parsec-1.4.0/build.rs 2024-04-08 12:15:53.000000000 +0200 +++ new/parsec-1.4.1/build.rs 2024-05-15 19:08:57.000000000 +0200 @@ -19,11 +19,11 @@ println!("cargo:rerun-if-changed={}", header); let bindings = bindgen::Builder::default() + .clang_arg(format!("-I{}", ts_include_dir)) .clang_arg(format!( "-I{}", ts_include_dir + "/components/rpc/common/interface" )) - .rustfmt_bindings(true) .header(header) .header(encoding_header) .generate_comments(false) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/parsec-1.4.0/ci.sh new/parsec-1.4.1/ci.sh --- old/parsec-1.4.0/ci.sh 2024-04-08 12:15:53.000000000 +0200 +++ new/parsec-1.4.1/ci.sh 2024-05-15 19:08:57.000000000 +0200 @@ -120,7 +120,9 @@ run_key_mappings_tests() { # There is no keys generated for CryptoAuthLib yet. # This condition should be removed when the keys are generated for the CAL provider - if ! [[ "$PROVIDER_NAME" = "cryptoauthlib" ]]; then + # The v1.0.0 version of libts required for testing trusted-services does not generate keys + # in the form of 00*.psa_its. Hence we skip this test for the TS provider. + if ! [[ "$PROVIDER_NAME" = "cryptoauthlib" || "$PROVIDER_NAME" = "trusted-service" ]]; then echo "Execute key mappings tests" RUST_BACKTRACE=1 cargo test $TEST_FEATURES --manifest-path ./e2e_tests/Cargo.toml key_mappings fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/parsec-1.4.0/e2e_tests/docker_image/generate-keys.sh new/parsec-1.4.1/e2e_tests/docker_image/generate-keys.sh --- old/parsec-1.4.0/e2e_tests/docker_image/generate-keys.sh 2024-04-08 12:15:53.000000000 +0200 +++ new/parsec-1.4.1/e2e_tests/docker_image/generate-keys.sh 2024-05-15 19:08:57.000000000 +0200 @@ -8,6 +8,9 @@ set -xeuf -o pipefail + +rustup install 1.66.0 + wait_for_process() { while [ -z "$(pgrep $1)" ]; do sleep 0.1 @@ -94,7 +97,7 @@ mv /tmp/create_keys/parsec/NVChip /tmp/ondisk # Build the service with trusted service provider - cargo build --features "trusted-service-provider, all-authenticators" + cargo +1.66.0 build --features "trusted-service-provider, all-authenticators" # Start the service with trusted service provider ./target/debug/parsec -c e2e_tests/provider_cfg/trusted-service/config.toml & wait_for_process "parsec" @@ -144,7 +147,7 @@ EOF popd # Build the service with trusted service provider - cargo build --features "trusted-service-provider, all-authenticators" + cargo +1.66.0 build --features "trusted-service-provider, all-authenticators" # Start the service with trusted service provider ./target/debug/parsec -c e2e_tests/provider_cfg/trusted-service/config-sqlite.toml & wait_for_process "parsec" @@ -167,7 +170,7 @@ cargo install parsec-tool # Build service with all providers (trusted-service-provider isn't included) -cargo build --features "all-providers, all-authenticators" +cargo +1.66.0 build --features "all-providers, all-authenticators" # Start the service with all providers (trusted-service-provider isn't included) configure_tpm diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/parsec-1.4.0/e2e_tests/docker_image/parsec-service-test-all.Dockerfile new/parsec-1.4.1/e2e_tests/docker_image/parsec-service-test-all.Dockerfile --- old/parsec-1.4.0/e2e_tests/docker_image/parsec-service-test-all.Dockerfile 2024-04-08 12:15:53.000000000 +0200 +++ new/parsec-1.4.1/e2e_tests/docker_image/parsec-service-test-all.Dockerfile 2024-05-15 19:08:57.000000000 +0200 @@ -161,3 +161,18 @@ # Add safe.directory configuration to access repos freely RUN git config --global --add safe.directory '*' + +# Install latest Trusted Services libraries. The previously installed +# libraries are old and necessary for ./generate-keys.sh which uses +# Parsec 1.0.0 version that is incompatible with newer libts APIs. +RUN rm /usr/local/lib/libts.so* /usr/local/lib/libprotobuf-nanopb.a /usr/local/lib/libmbedcrypto.a +RUN git clone https://git.trustedfirmware.org/TS/trusted-services.git --branch main \ + && cd trusted-services \ + && git reset --hard b27d4163e01065d1203bd71ffa6562a651f77a13 +# Install correct python dependencies +RUN pip3 install -r trusted-services/requirements.txt +RUN cd trusted-services/deployments/libts/linux-pc/ \ + && cmake . \ + && make \ + && cp libts.so* nanopb_install/lib/libprotobuf-nanopb.a mbedtls_install/lib/libmbedcrypto.a /usr/local/lib/ +RUN rm -rf trusted-services diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/parsec-1.4.0/e2e_tests/docker_image/parsec-service-test-cross-compile.Dockerfile new/parsec-1.4.1/e2e_tests/docker_image/parsec-service-test-cross-compile.Dockerfile --- old/parsec-1.4.0/e2e_tests/docker_image/parsec-service-test-cross-compile.Dockerfile 2024-04-08 12:15:53.000000000 +0200 +++ new/parsec-1.4.1/e2e_tests/docker_image/parsec-service-test-cross-compile.Dockerfile 2024-05-15 19:08:57.000000000 +0200 @@ -11,9 +11,9 @@ # Setup git config for patching dependencies RUN git config --global user.email "[email protected]" RUN git config --global user.name "Parsec Team" -RUN git clone https://git.trustedfirmware.org/TS/trusted-services.git --branch integration \ +RUN git clone https://git.trustedfirmware.org/TS/trusted-services.git --branch main \ && cd trusted-services \ - && git reset --hard 389b50624f25dae860bbbf8b16f75b32f1589c8d + && git reset --hard b27d4163e01065d1203bd71ffa6562a651f77a13 # Install correct python dependencies RUN pip3 install -r trusted-services/requirements.txt RUN cd trusted-services/deployments/libts/arm-linux/ \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/parsec-1.4.0/e2e_tests/tests/per_provider/normal_tests/asym_encryption.rs new/parsec-1.4.1/e2e_tests/tests/per_provider/normal_tests/asym_encryption.rs --- old/parsec-1.4.0/e2e_tests/tests/per_provider/normal_tests/asym_encryption.rs 2024-04-08 12:15:53.000000000 +0200 +++ new/parsec-1.4.1/e2e_tests/tests/per_provider/normal_tests/asym_encryption.rs 2024-05-15 19:08:57.000000000 +0200 @@ -246,7 +246,12 @@ assert_eq!(PLAINTEXT_MESSAGE.to_vec(), plaintext); } +// TODO: Remove ignore if issue gets resolved upstream +// Test is ignored for PKCS11 because the library we use for testing currently breaks for new +// Docker builds +// See: https://github.com/parallaxsecond/parsec/issues/761 #[test] +#[cfg(not(any(feature = "pkcs11-provider")))] fn asym_encrypt_decrypt_rsa_pkcs_different_keys() { let key_name_1 = auto_test_keyname!("1"); let key_name_2 = auto_test_keyname!("2"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/parsec-1.4.0/fuzz/Cargo.lock new/parsec-1.4.1/fuzz/Cargo.lock --- old/parsec-1.4.0/fuzz/Cargo.lock 2024-04-08 12:15:53.000000000 +0200 +++ new/parsec-1.4.1/fuzz/Cargo.lock 2024-05-15 19:08:57.000000000 +0200 @@ -1201,7 +1201,7 @@ [[package]] name = "parsec-service" -version = "1.4.0" +version = "1.4.1" dependencies = [ "anyhow", "base64 0.21.4", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/parsec-1.4.0/src/providers/cryptoauthlib/mod.rs new/parsec-1.4.1/src/providers/cryptoauthlib/mod.rs --- old/parsec-1.4.0/src/providers/cryptoauthlib/mod.rs 2024-04-08 12:15:53.000000000 +0200 +++ new/parsec-1.4.1/src/providers/cryptoauthlib/mod.rs 2024-05-15 19:08:57.000000000 +0200 @@ -652,9 +652,8 @@ None => return Err(Error::new(ErrorKind::InvalidData, "Missing inteface type")), }; Provider::new( - self.provider_name.ok_or_else(|| { - std::io::Error::new(ErrorKind::InvalidData, "missing provider name") - })?, + self.provider_name + .ok_or_else(|| Error::new(ErrorKind::InvalidData, "missing provider name"))?, self.key_info_store .ok_or_else(|| Error::new(ErrorKind::InvalidData, "missing key info store"))?, iface_cfg, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/parsec-1.4.0/src/providers/mod.rs new/parsec-1.4.1/src/providers/mod.rs --- old/parsec-1.4.0/src/providers/mod.rs 2024-04-08 12:15:53.000000000 +0200 +++ new/parsec-1.4.1/src/providers/mod.rs 2024-05-15 19:08:57.000000000 +0200 @@ -90,7 +90,7 @@ let provider_id = match provider_identity.uuid.as_str() { core::Provider::PROVIDER_UUID => Ok(ProviderId::Core), #[cfg(feature = "cryptoauthlib-provider")] - crate::providers::cryptoauthlib::Provider::PROVIDER_UUID => Ok(ProviderId::CryptoAuthLib), + cryptoauthlib::Provider::PROVIDER_UUID => Ok(ProviderId::CryptoAuthLib), #[cfg(feature = "mbed-crypto-provider")] mbed_crypto::Provider::PROVIDER_UUID => Ok(ProviderId::MbedCrypto), #[cfg(feature = "pkcs11-provider")] @@ -98,7 +98,7 @@ #[cfg(feature = "tpm-provider")] tpm::Provider::PROVIDER_UUID => Ok(ProviderId::Tpm), #[cfg(feature = "trusted-service-provider")] - crate::providers::trusted_service::Provider::PROVIDER_UUID => Ok(ProviderId::TrustedService), + trusted_service::Provider::PROVIDER_UUID => Ok(ProviderId::TrustedService), _ => Err(format!("Cannot convert from ProviderIdentity to ProviderId.\nProvider \"{}\" is not recognised.\nCould be it does not exist, or Parsec was not compiled with the required provider feature flags.", provider_identity.uuid)), }?; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/parsec-1.4.0/src/providers/trusted_service/context/mod.rs new/parsec-1.4.1/src/providers/trusted_service/context/mod.rs --- old/parsec-1.4.0/src/providers/trusted_service/context/mod.rs 2024-04-08 12:15:53.000000000 +0200 +++ new/parsec-1.4.1/src/providers/trusted_service/context/mod.rs 2024-05-15 19:08:57.000000000 +0200 @@ -4,7 +4,7 @@ use log::{error, info, trace}; use prost::Message; use std::convert::{TryFrom, TryInto}; -use std::ffi::{c_void, CString}; +use std::ffi::CString; use std::io::{self}; use std::ptr::null_mut; use std::slice; @@ -61,9 +61,8 @@ /// is required from the caller. #[derive(Debug)] pub struct Context { - rpc_caller: *mut rpc_caller, + rpc_caller_session: *mut rpc_caller_session, service_context: *mut service_context, - rpc_session_handle: *mut c_void, call_mutex: Mutex<()>, } @@ -75,33 +74,20 @@ unsafe { service_locator_init() }; info!("Obtaining a crypto Trusted Service context."); - let mut status = 0; - let service_name = CString::new("sn:trustedfirmware.org:crypto:0").unwrap(); - let service_context = unsafe { service_locator_query(service_name.as_ptr(), &mut status) }; + let service_name = CString::new("sn:trustedfirmware.org:crypto-protobuf:0").unwrap(); + let service_context = unsafe { service_locator_query(service_name.as_ptr()) }; if service_context.is_null() { - error!("Locating crypto Trusted Service failed, status: {}", status); + error!("Locating crypto Trusted Service failed"); return Err(io::Error::new( io::ErrorKind::Other, "Failed to obtain a Trusted Service context", ) .into()); - } else if status != 0 { - return Err(io::Error::new( - io::ErrorKind::Other, - format!( - "Failed to connect to Trusted Service; status code: {}", - status - ), - ) - .into()); } info!("Starting crypto Trusted Service context"); - let mut rpc_caller = null_mut(); - let rpc_session_handle = unsafe { - service_context_open(service_context, TS_RPC_ENCODING_PROTOBUF, &mut rpc_caller) - }; - if rpc_caller.is_null() || rpc_session_handle.is_null() { + let rpc_caller_session = unsafe { service_context_open(service_context) }; + if rpc_caller_session.is_null() { return Err(io::Error::new( io::ErrorKind::Other, "Failed to start Trusted Service context", @@ -109,9 +95,8 @@ .into()); } let ctx = Context { - rpc_caller, + rpc_caller_session, service_context, - rpc_session_handle, call_mutex: Mutex::new(()), }; @@ -129,8 +114,19 @@ trace!("Beginning call to Trusted Service"); let mut buf_out = null_mut(); - let call_handle = - unsafe { rpc_caller_begin(self.rpc_caller, &mut buf_out, req.encoded_len()) }; + // The response buffer length is set to 4096 as a common buffer length + // for all operations. In case of the session memory policy being "alloc_for_session" + // which is dependant on the platform, this value doesnt impact but for + // platforms with memory policy "alloc_for_each_call" the buffer length should be + // sufficient enough to hold the entire response. + let call_handle = unsafe { + rpc_caller_session_begin( + self.rpc_caller_session, + &mut buf_out, + req.encoded_len(), + 4096, + ) + }; if call_handle.is_null() { error!("Call handle was null"); return Err(WrapperError::CallHandleNull.into()); @@ -140,7 +136,9 @@ } let mut buf_out = unsafe { slice::from_raw_parts_mut(buf_out, req.encoded_len()) }; req.encode(&mut buf_out).map_err(|e| { - unsafe { rpc_caller_end(self.rpc_caller, call_handle) }; + unsafe { + let _ = rpc_caller_session_end(call_handle); + }; format_error!("Failed to serialize Protobuf request", e); WrapperError::FailedPbConversion })?; @@ -151,13 +149,12 @@ let mut resp_buf = null_mut(); let mut resp_buf_size = 0; let status = unsafe { - rpc_caller_invoke( - self.rpc_caller, + rpc_caller_session_invoke( call_handle, i32::from(req.opcode()).try_into().unwrap(), - &mut opstatus, &mut resp_buf, &mut resp_buf_size, + &mut opstatus, ) }; Error::from_status_opstatus( @@ -165,16 +162,23 @@ i32::try_from(opstatus).map_err(|_| Error::Wrapper(WrapperError::InvalidOpStatus))?, ) .map_err(|e| { - unsafe { rpc_caller_end(self.rpc_caller, call_handle) }; + unsafe { + let _ = rpc_caller_session_end(call_handle); + }; e })?; let resp_buf = unsafe { slice::from_raw_parts_mut(resp_buf, resp_buf_size) }; resp.merge(&*resp_buf).map_err(|e| { - unsafe { rpc_caller_end(self.rpc_caller, call_handle) }; + unsafe { + let _ = rpc_caller_session_end(call_handle); + }; format_error!("Failed to serialize Protobuf request", e); WrapperError::FailedPbConversion })?; - unsafe { rpc_caller_end(self.rpc_caller, call_handle) }; + unsafe { + let status = rpc_caller_session_end(call_handle); + Error::from_status_opstatus(status, 0)?; + }; Ok(resp) } @@ -182,7 +186,7 @@ impl Drop for Context { fn drop(&mut self) { - unsafe { service_context_close(self.service_context, self.rpc_session_handle) }; + unsafe { service_context_close(self.service_context, self.rpc_caller_session) }; unsafe { service_context_relinquish(self.service_context) }; } ++++++ system-user-parsec.conf ++++++ --- /var/tmp/diff_new_pack.9T4Yzh/_old 2024-11-30 13:32:00.508108188 +0100 +++ /var/tmp/diff_new_pack.9T4Yzh/_new 2024-11-30 13:32:00.512108354 +0100 @@ -2,8 +2,7 @@ g parsec - g parsec-clients - g tss - -u parsec - "PARSEC" /etc/parsec -m parsec lock +u parsec - "PARSEC" /etc/parserc m parsec tss (No newline at EOF)
