automatic import of keylime-agent-rustopeneuler24.03_LTS

4 files changed, 427 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index e69de29..e735e6c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,2 @@
+/rust-keylime-0.2.2-vendor.tar.xz
+/v0.2.2.tar.gz
diff --git a/keylime-agent-rust.spec b/keylime-agent-rust.spec
new file mode 100644
index 0000000..22fe063
--- /dev/null
+++ b/keylime-agent-rust.spec
@@ -0,0 +1,388 @@
+# keylime-agent-rust.spec
+# Generated by rust2rpm 20
+
+%bcond_without check
+
+%global crate keylime_agent
+
+# RHEL: Use bundled deps as it doesn't ship Rust libraries
+%global bundled_rust_deps 1
+
+Name:           keylime-agent-rust
+Version:        0.2.2
+Release:        1%{?dist}
+Summary:        Rust agent for Keylime
+
+# Upstream license specification: Apache-2.0
+#
+# The build dependencies have the following licenses:
+#
+#   0BSD or MIT or ASL 2.0
+#   ASL 2.0
+#   ASL 2.0 or Boost
+#   ASL 2.0 or MIT
+#   ASL 2.0 with exceptions
+#   BSD
+#   MIT
+#   MIT or ASL 2.0
+#   MIT or ASL 2.0 or zlib
+#   MIT or zlib or ASL 2.0
+#   Unlicense or MIT
+#   zlib or ASL 2.0 or MIT
+#
+License:        ASL 2.0 and BSD and MIT
+URL:            https://github.com/keylime/rust-keylime/
+# The source tarball is downloaded using the following commands:
+#   spectool -g keylime-agent-rust.spec
+Source0:        %{url}/archive/refs/tags/v%{version}.tar.gz
+# The vendor tarball is created using cargo-vendor-filterer to remove Windows
+# related files (https://github.com/cgwalters/cargo-vendor-filterer)
+#   tar xf rust-keylime-%%{version}.tar.gz
+#   cd rust-keylime-%%{version}
+#   cargo vendor-filterer --platform x86_64-unknown-linux-gnu \
+#       --platform powerpc64le-unknown-linux-gnu \
+#       --platform aarch64-unknown-linux-gnu \
+#       --platform i686-unknown-linux-gnu \
+#       --platform s390x-unknown-linux-gnu \
+#       --exclude-crate-path "libloading#tests"
+#   tar jcf rust-keylime-%%{version}-vendor.tar.xz vendor
+Source1:        rust-keylime-%{version}-vendor.tar.xz
+# Drop dependencies and adjust the features
+Patch0:         rust-keylime-adjust-features.patch
+
+ExclusiveArch:  %{rust_arches}
+
+Requires: tpm2-tss
+
+# The keylime-base package provides the configuration file from the python
+# implementation which ca be used for the rust implementation. It is available
+# from Fedora 36
+Requires: keylime-base
+Requires: util-linux-core
+
+BuildRequires:  systemd
+BuildRequires:  openssl-devel
+BuildRequires:  libarchive-devel
+BuildRequires:  tpm2-tss-devel
+BuildRequires:  rust-toolset
+BuildRequires:  clang
+
+# Virtual Provides to support swapping between Python and Rust implementation
+Provides:       keylime-agent
+Conflicts:      keylime-agent
+
+Provides: bundled(crate(actix-codec)) = 0.5.0
+Provides: bundled(crate(actix-http)) = 3.3.1
+Provides: bundled(crate(actix-macros)) = 0.2.3
+Provides: bundled(crate(actix-router)) = 0.5.1
+Provides: bundled(crate(actix-rt)) = 2.8.0
+Provides: bundled(crate(actix-server)) = 2.1.1
+Provides: bundled(crate(actix-service)) = 2.0.2
+Provides: bundled(crate(actix-tls)) = 3.0.3
+Provides: bundled(crate(actix-utils)) = 3.0.0
+Provides: bundled(crate(actix-web)) = 4.3.1
+Provides: bundled(crate(actix-web-codegen)) = 4.2.0
+Provides: bundled(crate(ahash)) = 0.7.6
+Provides: bundled(crate(ahash)) = 0.8.3
+Provides: bundled(crate(aho-corasick)) = 0.7.19
+Provides: bundled(crate(anstream)) = 0.3.2
+Provides: bundled(crate(anstyle)) = 1.0.1
+Provides: bundled(crate(anstyle-parse)) = 0.2.1
+Provides: bundled(crate(anstyle-query)) = 1.0.0
+Provides: bundled(crate(async-trait)) = 0.1.57
+Provides: bundled(crate(atty)) = 0.2.14
+Provides: bundled(crate(autocfg)) = 1.1.0
+Provides: bundled(crate(base64)) = 0.13.1
+Provides: bundled(crate(base64)) = 0.21.0
+Provides: bundled(crate(bindgen)) = 0.63.0
+Provides: bundled(crate(bitfield)) = 0.13.2
+Provides: bundled(crate(bitflags)) = 1.3.2
+Provides: bundled(crate(block-buffer)) = 0.10.3
+Provides: bundled(crate(bytes)) = 1.2.1
+Provides: bundled(crate(bytestring)) = 1.1.0
+Provides: bundled(crate(cc)) = 1.0.73
+Provides: bundled(crate(cexpr)) = 0.6.0
+Provides: bundled(crate(cfg-if)) = 1.0.0
+Provides: bundled(crate(clang-sys)) = 1.4.0
+Provides: bundled(crate(clap)) = 4.3.11
+Provides: bundled(crate(clap_builder)) = 4.3.11
+Provides: bundled(crate(clap_derive)) = 4.3.2
+Provides: bundled(crate(clap_lex)) = 0.5.0
+Provides: bundled(crate(colorchoice)) = 1.0.0
+Provides: bundled(crate(compress-tools)) = 0.12.4
+Provides: bundled(crate(config)) = 0.13.3
+Provides: bundled(crate(convert_case)) = 0.4.0
+Provides: bundled(crate(cpufeatures)) = 0.2.5
+Provides: bundled(crate(crypto-common)) = 0.1.6
+Provides: bundled(crate(derive_more)) = 0.99.17
+Provides: bundled(crate(digest)) = 0.10.5
+Provides: bundled(crate(either)) = 1.8.0
+Provides: bundled(crate(encoding_rs)) = 0.8.31
+Provides: bundled(crate(enumflags2)) = 0.7.7
+Provides: bundled(crate(enumflags2_derive)) = 0.7.7
+Provides: bundled(crate(env_logger)) = 0.7.1
+Provides: bundled(crate(errno)) = 0.3.1
+Provides: bundled(crate(fastrand)) = 1.8.0
+Provides: bundled(crate(fnv)) = 1.0.7
+Provides: bundled(crate(foreign-types)) = 0.3.2
+Provides: bundled(crate(foreign-types-shared)) = 0.1.1
+Provides: bundled(crate(form_urlencoded)) = 1.1.0
+Provides: bundled(crate(futures)) = 0.3.27
+Provides: bundled(crate(futures-channel)) = 0.3.27
+Provides: bundled(crate(futures-core)) = 0.3.27
+Provides: bundled(crate(futures-executor)) = 0.3.27
+Provides: bundled(crate(futures-io)) = 0.3.27
+Provides: bundled(crate(futures-macro)) = 0.3.27
+Provides: bundled(crate(futures-sink)) = 0.3.27
+Provides: bundled(crate(futures-task)) = 0.3.27
+Provides: bundled(crate(futures-util)) = 0.3.27
+Provides: bundled(crate(generic-array)) = 0.14.6
+Provides: bundled(crate(getrandom)) = 0.2.7
+Provides: bundled(crate(glob)) = 0.3.1
+Provides: bundled(crate(h2)) = 0.3.17
+Provides: bundled(crate(hashbrown)) = 0.12.3
+Provides: bundled(crate(heck)) = 0.4.0
+Provides: bundled(crate(hex)) = 0.4.3
+Provides: bundled(crate(hostname-validator)) = 1.1.1
+Provides: bundled(crate(http)) = 0.2.8
+Provides: bundled(crate(http-body)) = 0.4.5
+Provides: bundled(crate(httparse)) = 1.8.0
+Provides: bundled(crate(httpdate)) = 1.0.2
+Provides: bundled(crate(humantime)) = 1.3.0
+Provides: bundled(crate(hyper)) = 0.14.20
+Provides: bundled(crate(idna)) = 0.3.0
+Provides: bundled(crate(indexmap)) = 1.9.1
+Provides: bundled(crate(io-lifetimes)) = 1.0.10
+Provides: bundled(crate(ipnet)) = 2.5.0
+Provides: bundled(crate(is-terminal)) = 0.4.7
+Provides: bundled(crate(itoa)) = 1.0.3
+Provides: bundled(crate(keylime)) = 0.2.2
+Provides: bundled(crate(keylime_agent)) = 0.2.2
+Provides: bundled(crate(keylime_ima_emulator)) = 0.2.2
+Provides: bundled(crate(language-tags)) = 0.3.2
+Provides: bundled(crate(lazy_static)) = 1.4.0
+Provides: bundled(crate(lazycell)) = 1.3.0
+Provides: bundled(crate(libc)) = 0.2.147
+Provides: bundled(crate(libloading)) = 0.7.3
+Provides: bundled(crate(linux-raw-sys)) = 0.3.1
+Provides: bundled(crate(local-channel)) = 0.1.3
+Provides: bundled(crate(local-waker)) = 0.1.3
+Provides: bundled(crate(lock_api)) = 0.4.9
+Provides: bundled(crate(log)) = 0.4.17
+Provides: bundled(crate(mbox)) = 0.6.0
+Provides: bundled(crate(memchr)) = 2.5.0
+Provides: bundled(crate(mime)) = 0.3.16
+Provides: bundled(crate(minimal-lexical)) = 0.2.1
+Provides: bundled(crate(mio)) = 0.8.4
+Provides: bundled(crate(nom)) = 7.1.1
+Provides: bundled(crate(num-derive)) = 0.3.3
+Provides: bundled(crate(num-traits)) = 0.2.15
+Provides: bundled(crate(num_cpus)) = 1.13.1
+Provides: bundled(crate(num_threads)) = 0.1.6
+Provides: bundled(crate(oid)) = 0.2.1
+Provides: bundled(crate(once_cell)) = 1.15.0
+Provides: bundled(crate(openssl)) = 0.10.55
+Provides: bundled(crate(openssl-macros)) = 0.1.0
+Provides: bundled(crate(openssl-sys)) = 0.9.90
+Provides: bundled(crate(parking_lot)) = 0.12.1
+Provides: bundled(crate(parking_lot_core)) = 0.9.3
+Provides: bundled(crate(paste)) = 1.0.9
+Provides: bundled(crate(pathdiff)) = 0.2.1
+Provides: bundled(crate(peeking_take_while)) = 0.1.2
+Provides: bundled(crate(percent-encoding)) = 2.2.0
+Provides: bundled(crate(pest)) = 2.7.0
+Provides: bundled(crate(pest_derive)) = 2.7.0
+Provides: bundled(crate(pest_generator)) = 2.7.0
+Provides: bundled(crate(pest_meta)) = 2.7.0
+Provides: bundled(crate(picky-asn1)) = 0.3.3
+Provides: bundled(crate(picky-asn1)) = 0.5.0
+Provides: bundled(crate(picky-asn1-der)) = 0.2.5
+Provides: bundled(crate(picky-asn1-der)) = 0.3.1
+Provides: bundled(crate(picky-asn1-x509)) = 0.6.1
+Provides: bundled(crate(pin-project-lite)) = 0.2.9
+Provides: bundled(crate(pin-utils)) = 0.1.0
+Provides: bundled(crate(pkg-config)) = 0.3.25
+Provides: bundled(crate(ppv-lite86)) = 0.2.16
+Provides: bundled(crate(pretty_env_logger)) = 0.4.0
+Provides: bundled(crate(proc-macro2)) = 1.0.64
+Provides: bundled(crate(quick-error)) = 1.2.3
+Provides: bundled(crate(quote)) = 1.0.29
+Provides: bundled(crate(rand)) = 0.8.5
+Provides: bundled(crate(rand_chacha)) = 0.3.1
+Provides: bundled(crate(rand_core)) = 0.6.4
+Provides: bundled(crate(regex)) = 1.6.0
+Provides: bundled(crate(regex-syntax)) = 0.6.27
+Provides: bundled(crate(reqwest)) = 0.11.16
+Provides: bundled(crate(rustc-hash)) = 1.1.0
+Provides: bundled(crate(rustc_version)) = 0.3.3
+Provides: bundled(crate(rustc_version)) = 0.4.0
+Provides: bundled(crate(rustix)) = 0.37.11
+Provides: bundled(crate(ryu)) = 1.0.11
+Provides: bundled(crate(scopeguard)) = 1.1.0
+Provides: bundled(crate(semver)) = 0.11.0
+Provides: bundled(crate(semver)) = 1.0.14
+Provides: bundled(crate(semver-parser)) = 0.10.2
+Provides: bundled(crate(serde)) = 1.0.166
+Provides: bundled(crate(serde_bytes)) = 0.11.7
+Provides: bundled(crate(serde_derive)) = 1.0.166
+Provides: bundled(crate(serde_json)) = 1.0.96
+Provides: bundled(crate(serde_urlencoded)) = 0.7.1
+Provides: bundled(crate(sha1)) = 0.10.5
+Provides: bundled(crate(sha2)) = 0.10.6
+Provides: bundled(crate(shlex)) = 1.1.0
+Provides: bundled(crate(signal-hook)) = 0.3.15
+Provides: bundled(crate(signal-hook-registry)) = 1.4.0
+Provides: bundled(crate(slab)) = 0.4.7
+Provides: bundled(crate(smallvec)) = 1.9.0
+Provides: bundled(crate(socket2)) = 0.4.9
+Provides: bundled(crate(stable_deref_trait)) = 1.2.0
+Provides: bundled(crate(static_assertions)) = 1.1.0
+Provides: bundled(crate(strsim)) = 0.10.0
+Provides: bundled(crate(syn)) = 1.0.100
+Provides: bundled(crate(syn)) = 2.0.25
+Provides: bundled(crate(synstructure)) = 0.12.6
+Provides: bundled(crate(target-lexicon)) = 0.12.4
+Provides: bundled(crate(tempfile)) = 3.6.0
+Provides: bundled(crate(termcolor)) = 1.1.3
+Provides: bundled(crate(thiserror)) = 1.0.40
+Provides: bundled(crate(thiserror-impl)) = 1.0.40
+Provides: bundled(crate(time)) = 0.3.14
+Provides: bundled(crate(tinyvec)) = 1.6.0
+Provides: bundled(crate(tinyvec_macros)) = 0.1.0
+Provides: bundled(crate(tokio)) = 1.28.2
+Provides: bundled(crate(tokio-macros)) = 2.1.0
+Provides: bundled(crate(tokio-openssl)) = 0.6.3
+Provides: bundled(crate(tokio-util)) = 0.7.4
+Provides: bundled(crate(toml)) = 0.5.9
+Provides: bundled(crate(tower-service)) = 0.3.2
+Provides: bundled(crate(tracing)) = 0.1.36
+Provides: bundled(crate(tracing-core)) = 0.1.29
+Provides: bundled(crate(try-lock)) = 0.2.3
+Provides: bundled(crate(tss-esapi)) = 7.2.0
+Provides: bundled(crate(tss-esapi-sys)) = 0.4.0
+Provides: bundled(crate(typenum)) = 1.15.0
+Provides: bundled(crate(ucd-trie)) = 0.1.5
+Provides: bundled(crate(unicode-bidi)) = 0.3.8
+Provides: bundled(crate(unicode-ident)) = 1.0.4
+Provides: bundled(crate(unicode-normalization)) = 0.1.22
+Provides: bundled(crate(unicode-xid)) = 0.2.4
+Provides: bundled(crate(url)) = 2.3.1
+Provides: bundled(crate(utf8parse)) = 0.2.1
+Provides: bundled(crate(uuid)) = 1.3.1
+Provides: bundled(crate(version_check)) = 0.9.4
+Provides: bundled(crate(want)) = 0.3.0
+Provides: bundled(crate(which)) = 4.3.0
+Provides: bundled(crate(zeroize)) = 1.5.7
+Provides: bundled(crate(zeroize_derive)) = 1.3.2
+
+%description
+Rust agent for Keylime
+
+%prep
+%autosetup -N -n rust-keylime-%{version}
+%cargo_prep -V 1
+%autopatch -p1
+
+# Sometimes Rust sources start with #![...] attributes, and "smart" editors think
+# it's a shebang and make them executable. Then brp-mangle-shebangs gets upset...
+find -name '*.rs' -type f -perm /111 -exec chmod -v -x '{}' '+'
+
+%build
+%cargo_build --no-default-features
+
+%install
+mkdir -p %{buildroot}/%{_sharedstatedir}/keylime
+mkdir -p --mode=0700 %{buildroot}/%{_rundir}/keylime
+mkdir -p --mode=0700 %{buildroot}/%{_libexecdir}/keylime
+mkdir -p --mode=0700  %{buildroot}/%{_sysconfdir}/keylime
+mkdir -p --mode=0700  %{buildroot}/%{_sysconfdir}/keylime/agent.conf.d
+
+install -Dpm 400 keylime-agent.conf \
+    %{buildroot}%{_sysconfdir}/keylime/agent.conf
+
+install -Dpm 644 ./dist/systemd/system/keylime_agent.service \
+    %{buildroot}%{_unitdir}/keylime_agent.service
+
+install -Dpm 644 ./dist/systemd/system/var-lib-keylime-secure.mount \
+    %{buildroot}%{_unitdir}/var-lib-keylime-secure.mount
+
+# Setting up the agent to use keylime:keylime user/group after dropping privileges.
+cat > %{buildroot}/%{_sysconfdir}/keylime/agent.conf.d/001-run_as.conf << EOF
+[agent]
+run_as = "keylime:keylime"
+EOF
+
+install -Dpm 0755 \
+    -t %{buildroot}%{_bindir} \
+    ./target/release/keylime_agent
+install -Dpm 0755 \
+    -t %{buildroot}%{_bindir} \
+    ./target/release/keylime_ima_emulator
+
+%posttrans
+chmod 500 %{_sysconfdir}/keylime/agent.conf.d
+chmod 400 %{_sysconfdir}/keylime/agent.conf.d/*.conf
+chmod 500 %{_sysconfdir}/keylime
+chown -R keylime:keylime %{_sysconfdir}/keylime
+
+%preun
+%systemd_preun keylime_agent.service
+%systemd_preun var-lib-keylime-secure.mount
+
+%postun
+%systemd_postun_with_restart keylime_agent.service
+%systemd_postun_with_restart var-lib-keylime-secure.mount
+
+%files
+%license LICENSE
+%doc README.md
+%attr(500,keylime,keylime) %dir %{_sysconfdir}/keylime
+%attr(500,keylime,keylime) %dir %{_sysconfdir}/keylime/agent.conf.d
+%config(noreplace) %attr(400,keylime,keylime) %{_sysconfdir}/keylime/agent.conf.d/001-run_as.conf
+%config(noreplace) %attr(400,keylime,keylime) %{_sysconfdir}/keylime/agent.conf
+%{_unitdir}/keylime_agent.service
+%{_unitdir}/var-lib-keylime-secure.mount
+%attr(700,keylime,keylime) %dir %{_rundir}/keylime
+%attr(700,keylime,keylime) %{_sharedstatedir}/keylime
+%attr(500,keylime,keylime) %{_libexecdir}/keylime
+%{_bindir}/keylime_agent
+%{_bindir}/keylime_ima_emulator
+
+%if %{with check}
+%check
+%cargo_test
+%endif
+
+%changelog
+* Thu Jul 20 2023 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 0.2.2-1
+- Update to upstream release 0.2.2
+
+* Thu May 25 2023 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 0.2.1-1
+- Update to upstream release 0.2.1
+
+* Wed Sep 21 2022 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 0.1.0-1
+- Update to upstream release 0.1.0
+
+* Thu Aug 25 2022 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 0.1.0~20220805git0185093-1
+- Update to upstream commit 0186093
+
+* Mon Jul 18 2022 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 0.1.0~20220603gitaed51c7-4
+- Remove vendored source files for non-Linux or unsupported platforms
+
+* Fri Jul 08 2022 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 0.1.0~20220603gitaed51c7-3
+- Add support for hash algorithms other than SHA-1 to the IMA emulator
+
+* Mon Jul 04 2022 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 0.1.0~20220603gitaed51c7-2
+- Use classic release instead of autorelease macro
+- Use classic changelog instead of autochangelog macro
+
+* Mon Jul 04 2022 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 0.1.0~20220603gitaed51c7-2
+- Backport patch to load configuration file only once
+
+* Fri Jul 01 2022 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 0.1.0~20220603gitaed51c7-2
+- Set supplementary groups when dropping privileges
+- Show more descriptive error messages on missing files errors
+- Create /usr/libexec/keylime directory
+
+* Tue Jun 21 2022 Sergio Correia <scorreia@redhat.com> - 0.1.0~20220603gitaed51c7-1
+- Add keylime-agent-rust to RHEL 9
diff --git a/rust-keylime-adjust-features.patch b/rust-keylime-adjust-features.patch
new file mode 100644
index 0000000..6822950
--- /dev/null
+++ b/rust-keylime-adjust-features.patch
@@ -0,0 +1,35 @@
+--- a/keylime-agent/Cargo.toml	2023-05-25 11:34:50.849496112 +0200
++++ b/keylime-agent/Cargo.toml	2023-05-25 11:35:38.163793600 +0200
+@@ -34,11 +34,6 @@
+ tss-esapi = {version = "7.2.0", features = ["generate-bindings"]}
+ thiserror = "1.0"
+ uuid = {version = "1.3", features = ["v4"]}
+-zmq = {version = "0.9.2", optional = true}
+-# wiremock was moved to be a regular dependency because optional
+-# dev-dependencies are not supported
+-# see: https://github.com/rust-lang/cargo/issues/1596
+-wiremock = {version = "0.5", optional = true}
+ 
+ [dev-dependencies]
+ actix-rt = "2"
+@@ -46,20 +41,6 @@
+ [features]
+ # The features enabled by default
+ default = []
+-# this should change to dev-dependencies when we have integration testing
+-testing = ["wiremock"]
+-# Whether the agent should be compiled with support to listen for notification
+-# messages on ZeroMQ
+-#
+-# This feature is deprecated and will be removed on next major release
+-with-zmq = ["zmq"]
+-# Whether the agent should be compiled with support for python revocation
+-# actions loaded as modules, which is the only kind supported by the python
+-# agent (unless the enhancement-55 is implemented). See:
+-# https://github.com/keylime/enhancements/blob/master/55_revocation_actions_without_python.md
+-#
+-# This feature is deprecated and will be removed on next major release
+-legacy-python-actions = []
+ 
+ [package.metadata.deb]
+ section = "net"
diff --git a/sources b/sources
new file mode 100644
index 0000000..0f5e8c9
--- /dev/null
+++ b/sources
@@ -0,0 +1,2 @@
+1f9d3d2d1ed91f924850acbafa79bb2c  rust-keylime-0.2.2-vendor.tar.xz
+5b88c36a3ee50aeef6564eebe7cf5534  v0.2.2.tar.gz