Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package rust-keylime for openSUSE:Factory checked in at 2023-02-23 16:28:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rust-keylime (Old) and /work/SRC/openSUSE:Factory/.rust-keylime.new.1706 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rust-keylime" Thu Feb 23 16:28:08 2023 rev:9 rq:1067124 version:0.2.0+git.1677002906.cf6c4f0 Changes: -------- --- /work/SRC/openSUSE:Factory/rust-keylime/rust-keylime.changes 2023-02-17 16:44:02.830538981 +0100 +++ /work/SRC/openSUSE:Factory/.rust-keylime.new.1706/rust-keylime.changes 2023-02-23 16:35:09.094706777 +0100 @@ -1,0 +2,11 @@ +Wed Feb 22 09:07:12 UTC 2023 - [email protected] + +- Update to version 0.2.0+git.1677002906.cf6c4f0: + * Bump version to 0.2.0 + * packit: Remove workaround for Fedora BZ#2158598 + * ima-emulator: Implement graceful shutdown + * Update tss-esapi in Cargo.toml + * packit: Re-enable tests on Fedora Rawhide + * Deprecate `with-zmq` and `legacy-python-actions` features + +------------------------------------------------------------------- Old: ---- rust-keylime-0.1.0+git.1676549716.5382ed9.tar.xz New: ---- rust-keylime-0.2.0+git.1677002906.cf6c4f0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rust-keylime.spec ++++++ --- /var/tmp/diff_new_pack.hc3bD0/_old 2023-02-23 16:35:14.966740314 +0100 +++ /var/tmp/diff_new_pack.hc3bD0/_new 2023-02-23 16:35:14.970740337 +0100 @@ -25,7 +25,7 @@ %define _config_norepl %config(noreplace) %endif Name: rust-keylime -Version: 0.1.0+git.1676549716.5382ed9 +Version: 0.2.0+git.1677002906.cf6c4f0 Release: 0 Summary: Rust implementation of the keylime agent License: Apache-2.0 AND MIT ++++++ _service ++++++ --- /var/tmp/diff_new_pack.hc3bD0/_old 2023-02-23 16:35:15.018740611 +0100 +++ /var/tmp/diff_new_pack.hc3bD0/_new 2023-02-23 16:35:15.022740634 +0100 @@ -1,6 +1,6 @@ <services> <service name="tar_scm" mode="disabled"> - <param name="versionformat">0.1.0+git.%ct.%h</param> + <param name="versionformat">0.2.0+git.%ct.%h</param> <param name="revision">master</param> <param name="url">https://github.com/keylime/rust-keylime.git</param> <param name="scm">git</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.hc3bD0/_old 2023-02-23 16:35:15.042740749 +0100 +++ /var/tmp/diff_new_pack.hc3bD0/_new 2023-02-23 16:35:15.046740771 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/keylime/rust-keylime.git</param> - <param name="changesrevision">5382ed930bbb70c2041160386547fbbf07dcde44</param></service></servicedata> + <param name="changesrevision">cf6c4f090be324b403d908a27af8c737b45f68e9</param></service></servicedata> (No newline at EOF) ++++++ keylime-agent.conf.diff ++++++ --- /var/tmp/diff_new_pack.hc3bD0/_old 2023-02-23 16:35:15.078740954 +0100 +++ /var/tmp/diff_new_pack.hc3bD0/_new 2023-02-23 16:35:15.082740977 +0100 @@ -1,7 +1,7 @@ -Index: rust-keylime-0.1.0+git.1676549716.5382ed9/keylime-agent.conf +Index: rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime-agent.conf =================================================================== ---- rust-keylime-0.1.0+git.1676549716.5382ed9.orig/keylime-agent.conf -+++ rust-keylime-0.1.0+git.1676549716.5382ed9/keylime-agent.conf +--- rust-keylime-0.2.0+git.1677002906.cf6c4f0.orig/keylime-agent.conf ++++ rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime-agent.conf @@ -19,13 +19,15 @@ version = "2.0" # of 'SHA256(public EK in PEM format)'. # @@ -30,17 +30,7 @@ registrar_port = 8890 # Enable mTLS communication between agent, verifier and tenant. -@@ -133,7 +136,8 @@ extract_payload_zip = true - # - # To override enable_revocation_notifications, set - # KEYLIME_AGENT_ENABLE_REVOCATION_NOTIFICATIONS environment variable. --enable_revocation_notifications = true -+# enable_revocation_notifications = true -+enable_revocation_notifications = false - - # The path to the directory containing the pre-installed revocation action - # scripts. Ideally should point to an fixed/immutable location subject to -@@ -151,7 +155,8 @@ revocation_actions_dir = "/usr/libexec/k +@@ -151,7 +154,8 @@ revocation_actions_dir = "/usr/libexec/k # KEYLIME_AGENT_REVOCATION_NOTIFICATION_IP environment variable. # To override revocation_notification_port, set # KEYLIME_AGENT_REVOCATION_NOTIFICATION_PORT environment variable. ++++++ rust-keylime-0.1.0+git.1676549716.5382ed9.tar.xz -> rust-keylime-0.2.0+git.1677002906.cf6c4f0.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rust-keylime-0.1.0+git.1676549716.5382ed9/.packit.yaml new/rust-keylime-0.2.0+git.1677002906.cf6c4f0/.packit.yaml --- old/rust-keylime-0.1.0+git.1676549716.5382ed9/.packit.yaml 2023-02-16 13:15:16.000000000 +0100 +++ new/rust-keylime-0.2.0+git.1677002906.cf6c4f0/.packit.yaml 2023-02-21 19:08:26.000000000 +0100 @@ -4,6 +4,6 @@ metadata: targets: - fedora-stable -# - fedora-rawhide + - fedora-rawhide - centos-stream-9-x86_64 skip_build: true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rust-keylime-0.1.0+git.1676549716.5382ed9/Cargo.lock new/rust-keylime-0.2.0+git.1677002906.cf6c4f0/Cargo.lock --- old/rust-keylime-0.1.0+git.1676549716.5382ed9/Cargo.lock 2023-02-16 13:15:16.000000000 +0100 +++ new/rust-keylime-0.2.0+git.1677002906.cf6c4f0/Cargo.lock 2023-02-21 19:08:26.000000000 +0100 @@ -1109,7 +1109,7 @@ [[package]] name = "keylime" -version = "0.1.0" +version = "0.2.0" dependencies = [ "base64", "hex", @@ -1125,7 +1125,7 @@ [[package]] name = "keylime_agent" -version = "0.1.0" +version = "0.2.0" dependencies = [ "actix-rt", "actix-web", @@ -1160,13 +1160,14 @@ [[package]] name = "keylime_ima_emulator" -version = "0.1.0" +version = "0.2.0" dependencies = [ "clap", "hex", "keylime", "log", "openssl", + "signal-hook", "thiserror", "tss-esapi", ] @@ -2032,6 +2033,16 @@ checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3" [[package]] +name = "signal-hook" +version = "0.3.15" +source = "registry+https://github.com/rust-lang/crates.io-index"; +checksum = "732768f1176d21d09e076c23a93123d40bba92d50c4058da34d45c8de8e682b9" +dependencies = [ + "libc", + "signal-hook-registry", +] + +[[package]] name = "signal-hook-registry" version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rust-keylime-0.1.0+git.1676549716.5382ed9/keylime/Cargo.toml new/rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime/Cargo.toml --- old/rust-keylime-0.1.0+git.1676549716.5382ed9/keylime/Cargo.toml 2023-02-16 13:15:16.000000000 +0100 +++ new/rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime/Cargo.toml 2023-02-21 19:08:26.000000000 +0100 @@ -1,6 +1,6 @@ [package] name = "keylime" -version = "0.1.0" +version = "0.2.0" edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html @@ -14,7 +14,7 @@ serde_derive = "1.0.80" static_assertions = "1" thiserror = "1.0" -tss-esapi = {version = "7.1.0", features = ["generate-bindings"]} +tss-esapi = {version = "7.2.0", features = ["generate-bindings"]} [dev-dependencies] tempfile = "3.0.4" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rust-keylime-0.1.0+git.1676549716.5382ed9/keylime-agent/Cargo.toml new/rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime-agent/Cargo.toml --- old/rust-keylime-0.1.0+git.1676549716.5382ed9/keylime-agent/Cargo.toml 2023-02-16 13:15:16.000000000 +0100 +++ new/rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime-agent/Cargo.toml 2023-02-21 19:08:26.000000000 +0100 @@ -2,7 +2,7 @@ authors = ["Keylime Authors"] edition = "2021" name = "keylime_agent" -version = "0.1.0" +version = "0.2.0" license = "Apache-2.0" description = "Rust agent for Keylime" repository = "https://github.com/keylime/rust-keylime"; @@ -31,7 +31,7 @@ static_assertions = "1" tempfile = "3.0.4" tokio = {version = "1.24", features = ["rt", "sync"]} -tss-esapi = {version = "7.1.0", features = ["generate-bindings"]} +tss-esapi = {version = "7.2.0", features = ["generate-bindings"]} thiserror = "1.0" uuid = {version = "1.3", features = ["v4"]} zmq = {version = "0.9.2", optional = true} @@ -45,16 +45,20 @@ [features] # The features enabled by default -default = ["with-zmq", "legacy-python-actions"] +default = [] # this should change to dev-dependencies when we have integration testing testing = ["wiremock"] # Whether the agent should be compiled with support to listen for notification # messages on ZeroMQ +# +# This feature is deprecated and will be removed on next major release with-zmq = ["zmq"] # Whether the agent should be compiled with support for python revocation # actions loaded as modules, which is the only kind supported by the python # agent (unless the enhancement-55 is implemented). See: # https://github.com/keylime/enhancements/blob/master/55_revocation_actions_without_python.md +# +# This feature is deprecated and will be removed on next major release legacy-python-actions = [] [package.metadata.deb] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rust-keylime-0.1.0+git.1676549716.5382ed9/keylime-agent/src/config.rs new/rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime-agent/src/config.rs --- old/rust-keylime-0.1.0+git.1676549716.5382ed9/keylime-agent/src/config.rs 2023-02-16 13:15:16.000000000 +0100 +++ new/rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime-agent/src/config.rs 2023-02-21 19:08:26.000000000 +0100 @@ -38,7 +38,7 @@ pub static DEFAULT_SECURE_SIZE: &str = "1m"; pub static DEFAULT_TPM_OWNERPASSWORD: &str = ""; pub static DEFAULT_EXTRACT_PAYLOAD_ZIP: bool = true; -pub static DEFAULT_ENABLE_REVOCATION_NOTIFICATIONS: bool = true; +pub static DEFAULT_ENABLE_REVOCATION_NOTIFICATIONS: bool = false; pub static DEFAULT_REVOCATION_ACTIONS_DIR: &str = "/usr/libexec/keylime"; pub static DEFAULT_REVOCATION_NOTIFICATION_IP: &str = "127.0.0.1"; pub static DEFAULT_REVOCATION_NOTIFICATION_PORT: u32 = 8992; @@ -828,6 +828,7 @@ fn get_revocation_notification_ip_empty() { let mut test_config = KeylimeConfig { agent: AgentConfig { + enable_revocation_notifications: true, revocation_notification_ip: "".to_string(), ..Default::default() }, @@ -857,6 +858,7 @@ fn get_revocation_cert_empty() { let mut test_config = KeylimeConfig { agent: AgentConfig { + enable_revocation_notifications: true, revocation_cert: "".to_string(), ..Default::default() }, @@ -881,6 +883,7 @@ fn get_revocation_actions_dir_empty() { let mut test_config = KeylimeConfig { agent: AgentConfig { + enable_revocation_notifications: true, revocation_actions_dir: "".to_string(), ..Default::default() }, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rust-keylime-0.1.0+git.1676549716.5382ed9/keylime-agent/src/main.rs new/rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime-agent/src/main.rs --- old/rust-keylime-0.1.0+git.1676549716.5382ed9/keylime-agent/src/main.rs 2023-02-16 13:15:16.000000000 +0100 +++ new/rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime-agent/src/main.rs 2023-02-21 19:08:26.000000000 +0100 @@ -226,6 +226,8 @@ cfg_if::cfg_if! { if #[cfg(feature = "legacy-python-actions")] { + warn!("The support for legacy python revocation actions is deprecated and will be removed on next major release"); + let actions_dir = &config.agent.revocation_actions_dir; // Verify if the python shim is installed in the expected location let python_shim = Path::new(&actions_dir).join("shim.py"); @@ -729,6 +731,8 @@ // If with-zmq feature is enabled, run the service listening for ZeroMQ messages #[cfg(feature = "with-zmq")] let zmq_task = if config.agent.enable_revocation_notifications { + warn!("The support for ZeroMQ revocation notifications is deprecated and will be removed on next major release"); + let zmq_ip = config.agent.revocation_notification_ip; let zmq_port = config.agent.revocation_notification_port; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rust-keylime-0.1.0+git.1676549716.5382ed9/keylime-agent.conf new/rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime-agent.conf --- old/rust-keylime-0.1.0+git.1676549716.5382ed9/keylime-agent.conf 2023-02-16 13:15:16.000000000 +0100 +++ new/rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime-agent.conf 2023-02-21 19:08:26.000000000 +0100 @@ -133,7 +133,7 @@ # # To override enable_revocation_notifications, set # KEYLIME_AGENT_ENABLE_REVOCATION_NOTIFICATIONS environment variable. -enable_revocation_notifications = true +enable_revocation_notifications = false # The path to the directory containing the pre-installed revocation action # scripts. Ideally should point to an fixed/immutable location subject to diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rust-keylime-0.1.0+git.1676549716.5382ed9/keylime-ima-emulator/Cargo.toml new/rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime-ima-emulator/Cargo.toml --- old/rust-keylime-0.1.0+git.1676549716.5382ed9/keylime-ima-emulator/Cargo.toml 2023-02-16 13:15:16.000000000 +0100 +++ new/rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime-ima-emulator/Cargo.toml 2023-02-21 19:08:26.000000000 +0100 @@ -1,6 +1,6 @@ [package] name = "keylime_ima_emulator" -version = "0.1.0" +version = "0.2.0" edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html @@ -11,5 +11,6 @@ keylime = { path = "../keylime" } log = "0.4" openssl = "0.10.15" +signal-hook = "0.3" thiserror = "1.0" -tss-esapi = {version = "7.1.0", features = ["generate-bindings"]} +tss-esapi = {version = "7.2.0", features = ["generate-bindings"]} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rust-keylime-0.1.0+git.1676549716.5382ed9/keylime-ima-emulator/src/main.rs new/rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime-ima-emulator/src/main.rs --- old/rust-keylime-0.1.0+git.1676549716.5382ed9/keylime-ima-emulator/src/main.rs 2023-02-16 13:15:16.000000000 +0100 +++ new/rust-keylime-0.2.0+git.1677002906.cf6c4f0/keylime-ima-emulator/src/main.rs 2023-02-21 19:08:26.000000000 +0100 @@ -8,12 +8,17 @@ use log::*; use clap::Parser; +use signal_hook::consts::SIGINT; use std::collections::HashMap; use std::convert::{TryFrom, TryInto}; use std::fs::File; use std::io::prelude::*; use std::io::BufReader; use std::path::{Path, PathBuf}; +use std::sync::{ + atomic::{AtomicBool, Ordering}, + Arc, +}; use thiserror::Error; @@ -209,9 +214,10 @@ } } + let shutdown_marker = Arc::new(AtomicBool::new(false)); + signal_hook::flag::register(SIGINT, Arc::clone(&shutdown_marker))?; println!("Monitoring {}", args.ima_log.display()); - - loop { + while !shutdown_marker.load(Ordering::SeqCst) { for (pcr_hash_alg, position) in positions.iter_mut() { *position = ml_extend( &mut context, @@ -220,7 +226,7 @@ ima_hash_alg, *pcr_hash_alg, None, - )?; + ).expect("Error extending position {position} on PCR bank {pcr_hash_alg}"); } // FIXME: We could poll IMA_ML as in the python implementation, though @@ -230,4 +236,7 @@ let duration = std::time::Duration::from_millis(200); std::thread::sleep(duration); } + println!("Shutting down keylime IMA emulator"); + + Ok(()) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rust-keylime-0.1.0+git.1676549716.5382ed9/packit-ci.fmf new/rust-keylime-0.2.0+git.1677002906.cf6c4f0/packit-ci.fmf --- old/rust-keylime-0.1.0+git.1676549716.5382ed9/packit-ci.fmf 2023-02-16 13:15:16.000000000 +0100 +++ new/rust-keylime-0.2.0+git.1677002906.cf6c4f0/packit-ci.fmf 2023-02-21 19:08:26.000000000 +0100 @@ -62,13 +62,5 @@ script: - yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm - # temporary hotfix until Fedora BZ#2158598 gets fixed - - when: "distro == fedora-36 or distro == fedora-37" - prepare+: - - how: shell - order: 99 - script: - - yum -y downgrade tpm2-tss - execute: how: tmt ++++++ vendor.tar.xz ++++++ /work/SRC/openSUSE:Factory/rust-keylime/vendor.tar.xz /work/SRC/openSUSE:Factory/.rust-keylime.new.1706/vendor.tar.xz differ: char 27, line 1
