Add keylime-agent-rust to RHEL 9

Resolves: rhbz#2084552
2022-06-21 08:38:28 -03:00 · 2022-06-21 08:38:28 -03:00 · 9ab97f2b94
commit 9ab97f2b94
parent 941160b7e0
6 changed files with 632 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+/rust-keylime-0.1.0~20220603gitaed51c7-vendor.tar.xz
+/rust-keylime-0.1.0~20220603gitaed51c7.tar.gz
--- a/gating.yaml
+++ b/gating.yaml
@ -0,0 +1,8 @@
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.openstack-swtmp.functional}
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.beaker-tpm-ima.functional}
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.beaker-beaker-swtpm-multihost.functional}
--- a/keylime-agent-rust.spec
+++ b/keylime-agent-rust.spec
@ -0,0 +1,370 @@
+# keylime-agent-rust.spec
+# Generated by rust2rpm 20
+
+# missing dev-dependencies: wiremock
+%bcond_with check
+
+%global crate keylime_agent
+%global crate_version 0.1.0
+
+%global commit aed51c7c8c526953e945357594352c3df2ca4ace
+%global shortcommit %(c=%{commit}; echo ${c:0:7})
+%global commitdate 20220603
+
+# RHEL: Use bundled deps as it doesn't ship Rust libraries
+%global bundled_rust_deps 1
+
+Name:           keylime-agent-rust
+Version:        %{crate_version}~%{commitdate}git%{shortcommit}
+Release:        %{?autorelease}%{!?autorelease:1%{?dist}}
+Summary:        Rust agent for Keylime
+
+# Upstream license specification: Apache-2.0
+#
+# The build dependencies have the following licenses:
+#
+#   0BSD or MIT or ASL 2.0
+#   ASL 2.0
+#   ASL 2.0 or Boost
+#   ASL 2.0 or MIT
+#   ASL 2.0 with exceptions
+#   BSD
+#   MIT
+#   MIT or ASL 2.0
+#   MIT or ASL 2.0 or zlib
+#   MIT or zlib or ASL 2.0
+#   Unlicense or MIT
+#   zlib or ASL 2.0 or MIT
+#
+License:        ASL 2.0 and BSD and MIT
+URL:            https://github.com/keylime/rust-keylime/
+# The source tarball is downloaded using the following commands:
+#   spectool -g keylime-agent-rust.spec
+Source0:        %{url}/archive/%{commit}/rust-keylime-%{version}.tar.gz
+# The vendor tarball is created using cargo vendor:
+#   tar xf rust-keylime-%%{version}.tar.gz
+#   cd rust-keylime-%%{version}
+#   cargo vendor
+#   tar jcf rust-keylime-%%{version}-vendor.tar.xz vendor
+Source1:        rust-keylime-%{version}-vendor.tar.xz
+Patch0:         rust-keylime-fix-metadata.diff
+Patch1:         rust-keylime-add-quote-serialization.patch
+
+ExclusiveArch:  %{rust_arches}
+
+Requires: tpm2-tss
+
+# The keylime-base package provides the configuration file from the python
+# implementation which ca be used for the rust implementation. It is available
+# from Fedora 36
+Requires: keylime-base
+
+BuildRequires:  systemd
+BuildRequires:  openssl-devel
+BuildRequires:  libarchive-devel
+BuildRequires:  tpm2-tss-devel
+BuildRequires:  rust-toolset
+BuildRequires:  clang
+
+# Virtual Provides to support swapping between Python and Rust implementation
+Provides:       keylime-agent
+Conflicts:      keylime-agent
+
+Provides: bundled(crate(actix-codec)) = 0.5.0
+Provides: bundled(crate(actix-http)) = 3.0.4
+Provides: bundled(crate(actix-macros)) = 0.2.3
+Provides: bundled(crate(actix-router)) = 0.5.0
+Provides: bundled(crate(actix-rt)) = 2.6.0
+Provides: bundled(crate(actix-server)) = 2.0.0
+Provides: bundled(crate(actix-service)) = 2.0.2
+Provides: bundled(crate(actix-tls)) = 3.0.3
+Provides: bundled(crate(actix-utils)) = 3.0.0
+Provides: bundled(crate(actix-web)) = 4.0.1
+Provides: bundled(crate(actix-web-codegen)) = 4.0.0
+Provides: bundled(crate(adler)) = 1.0.2
+Provides: bundled(crate(ahash)) = 0.4.7
+Provides: bundled(crate(ahash)) = 0.7.6
+Provides: bundled(crate(aho-corasick)) = 0.7.18
+Provides: bundled(crate(alloc-no-stdlib)) = 2.0.3
+Provides: bundled(crate(alloc-stdlib)) = 0.2.1
+Provides: bundled(crate(ansi_term)) = 0.12.1
+Provides: bundled(crate(atty)) = 0.2.14
+Provides: bundled(crate(autocfg)) = 1.1.0
+Provides: bundled(crate(base64)) = 0.13.0
+Provides: bundled(crate(bindgen)) = 0.59.2
+Provides: bundled(crate(bitfield)) = 0.13.2
+Provides: bundled(crate(bitflags)) = 1.3.2
+Provides: bundled(crate(block-buffer)) = 0.10.2
+Provides: bundled(crate(brotli)) = 3.3.3
+Provides: bundled(crate(brotli-decompressor)) = 2.3.2
+Provides: bundled(crate(bumpalo)) = 3.9.1
+Provides: bundled(crate(bytes)) = 1.1.0
+Provides: bundled(crate(bytestring)) = 1.0.0
+Provides: bundled(crate(cc)) = 1.0.72
+Provides: bundled(crate(cexpr)) = 0.6.0
+Provides: bundled(crate(cfg-if)) = 1.0.0
+Provides: bundled(crate(clang-sys)) = 1.3.3
+Provides: bundled(crate(clap)) = 2.34.0
+Provides: bundled(crate(clap)) = 3.0.14
+Provides: bundled(crate(clap_derive)) = 3.0.14
+Provides: bundled(crate(compress-tools)) = 0.12.2
+Provides: bundled(crate(convert_case)) = 0.4.0
+Provides: bundled(crate(cookie)) = 0.16.0
+Provides: bundled(crate(core-foundation)) = 0.9.3
+Provides: bundled(crate(core-foundation-sys)) = 0.8.3
+Provides: bundled(crate(cpufeatures)) = 0.2.1
+Provides: bundled(crate(crc32fast)) = 1.3.2
+Provides: bundled(crate(crypto-common)) = 0.1.3
+Provides: bundled(crate(derive_more)) = 0.99.17
+Provides: bundled(crate(digest)) = 0.10.3
+Provides: bundled(crate(dlv-list)) = 0.2.3
+Provides: bundled(crate(either)) = 1.6.1
+Provides: bundled(crate(encoding_rs)) = 0.8.30
+Provides: bundled(crate(enumflags2)) = 0.7.3
+Provides: bundled(crate(enumflags2_derive)) = 0.7.3
+Provides: bundled(crate(env_logger)) = 0.7.1
+Provides: bundled(crate(env_logger)) = 0.9.0
+Provides: bundled(crate(fastrand)) = 1.7.0
+Provides: bundled(crate(firestorm)) = 0.5.0
+Provides: bundled(crate(flate2)) = 1.0.22
+Provides: bundled(crate(fnv)) = 1.0.7
+Provides: bundled(crate(foreign-types)) = 0.3.2
+Provides: bundled(crate(foreign-types-shared)) = 0.1.1
+Provides: bundled(crate(form_urlencoded)) = 1.0.1
+Provides: bundled(crate(futures)) = 0.3.21
+Provides: bundled(crate(futures-channel)) = 0.3.21
+Provides: bundled(crate(futures-core)) = 0.3.21
+Provides: bundled(crate(futures-executor)) = 0.3.21
+Provides: bundled(crate(futures-io)) = 0.3.21
+Provides: bundled(crate(futures-macro)) = 0.3.21
+Provides: bundled(crate(futures-sink)) = 0.3.21
+Provides: bundled(crate(futures-task)) = 0.3.21
+Provides: bundled(crate(futures-util)) = 0.3.21
+Provides: bundled(crate(generic-array)) = 0.14.5
+Provides: bundled(crate(getrandom)) = 0.2.4
+Provides: bundled(crate(glob)) = 0.3.0
+Provides: bundled(crate(h2)) = 0.3.11
+Provides: bundled(crate(hamming)) = 0.1.3
+Provides: bundled(crate(hashbrown)) = 0.9.1
+Provides: bundled(crate(hashbrown)) = 0.11.2
+Provides: bundled(crate(heck)) = 0.4.0
+Provides: bundled(crate(hermit-abi)) = 0.1.19
+Provides: bundled(crate(hex)) = 0.4.3
+Provides: bundled(crate(hostname-validator)) = 1.1.0
+Provides: bundled(crate(http)) = 0.2.6
+Provides: bundled(crate(http-body)) = 0.4.4
+Provides: bundled(crate(httparse)) = 1.6.0
+Provides: bundled(crate(httpdate)) = 1.0.2
+Provides: bundled(crate(humantime)) = 1.3.0
+Provides: bundled(crate(humantime)) = 2.1.0
+Provides: bundled(crate(hyper)) = 0.14.17
+Provides: bundled(crate(hyper-tls)) = 0.5.0
+Provides: bundled(crate(idna)) = 0.2.3
+Provides: bundled(crate(indexmap)) = 1.8.0
+Provides: bundled(crate(instant)) = 0.1.12
+Provides: bundled(crate(ipnet)) = 2.3.1
+Provides: bundled(crate(itoa)) = 1.0.1
+Provides: bundled(crate(jobserver)) = 0.1.24
+Provides: bundled(crate(js-sys)) = 0.3.56
+Provides: bundled(crate(keylime_agent)) = 0.1.0
+Provides: bundled(crate(language-tags)) = 0.3.2
+Provides: bundled(crate(lazy_static)) = 1.4.0
+Provides: bundled(crate(lazycell)) = 1.3.0
+Provides: bundled(crate(libc)) = 0.2.118
+Provides: bundled(crate(libloading)) = 0.7.3
+Provides: bundled(crate(local-channel)) = 0.1.2
+Provides: bundled(crate(local-waker)) = 0.1.2
+Provides: bundled(crate(lock_api)) = 0.4.6
+Provides: bundled(crate(log)) = 0.4.14
+Provides: bundled(crate(matches)) = 0.1.9
+Provides: bundled(crate(mbox)) = 0.6.0
+Provides: bundled(crate(memchr)) = 2.4.1
+Provides: bundled(crate(mime)) = 0.3.16
+Provides: bundled(crate(minimal-lexical)) = 0.2.1
+Provides: bundled(crate(miniz_oxide)) = 0.4.4
+Provides: bundled(crate(mio)) = 0.7.14
+Provides: bundled(crate(mio)) = 0.8.2
+Provides: bundled(crate(miow)) = 0.3.7
+Provides: bundled(crate(native-tls)) = 0.2.8
+Provides: bundled(crate(nom)) = 7.1.1
+Provides: bundled(crate(ntapi)) = 0.3.7
+Provides: bundled(crate(num-derive)) = 0.3.3
+Provides: bundled(crate(num-integer)) = 0.1.44
+Provides: bundled(crate(num-traits)) = 0.2.14
+Provides: bundled(crate(num_cpus)) = 1.13.1
+Provides: bundled(crate(num_threads)) = 0.1.5
+Provides: bundled(crate(once_cell)) = 1.9.0
+Provides: bundled(crate(openssl)) = 0.10.38
+Provides: bundled(crate(openssl-probe)) = 0.1.5
+Provides: bundled(crate(openssl-sys)) = 0.9.72
+Provides: bundled(crate(ordered-multimap)) = 0.3.1
+Provides: bundled(crate(os_str_bytes)) = 6.0.0
+Provides: bundled(crate(parking_lot)) = 0.11.2
+Provides: bundled(crate(parking_lot_core)) = 0.8.5
+Provides: bundled(crate(paste)) = 1.0.7
+Provides: bundled(crate(peeking_take_while)) = 0.1.2
+Provides: bundled(crate(percent-encoding)) = 2.1.0
+Provides: bundled(crate(pest)) = 2.1.3
+Provides: bundled(crate(pin-project-lite)) = 0.2.8
+Provides: bundled(crate(pin-utils)) = 0.1.0
+Provides: bundled(crate(pkg-config)) = 0.3.24
+Provides: bundled(crate(ppv-lite86)) = 0.2.16
+Provides: bundled(crate(pretty_env_logger)) = 0.4.0
+Provides: bundled(crate(primal)) = 0.3.0
+Provides: bundled(crate(primal-bit)) = 0.3.0
+Provides: bundled(crate(primal-check)) = 0.3.1
+Provides: bundled(crate(primal-estimate)) = 0.3.1
+Provides: bundled(crate(primal-sieve)) = 0.3.1
+Provides: bundled(crate(proc-macro-error)) = 1.0.4
+Provides: bundled(crate(proc-macro-error-attr)) = 1.0.4
+Provides: bundled(crate(proc-macro2)) = 1.0.36
+Provides: bundled(crate(quick-error)) = 1.2.3
+Provides: bundled(crate(quote)) = 1.0.15
+Provides: bundled(crate(rand)) = 0.8.5
+Provides: bundled(crate(rand_chacha)) = 0.3.1
+Provides: bundled(crate(rand_core)) = 0.6.3
+Provides: bundled(crate(redox_syscall)) = 0.2.10
+Provides: bundled(crate(regex)) = 1.5.4
+Provides: bundled(crate(regex-syntax)) = 0.6.25
+Provides: bundled(crate(remove_dir_all)) = 0.5.3
+Provides: bundled(crate(reqwest)) = 0.11.10
+Provides: bundled(crate(rust-ini)) = 0.17.0
+Provides: bundled(crate(rustc-hash)) = 1.1.0
+Provides: bundled(crate(rustc-serialize)) = 0.3.24
+Provides: bundled(crate(rustc_version)) = 0.3.3
+Provides: bundled(crate(rustc_version)) = 0.4.0
+Provides: bundled(crate(ryu)) = 1.0.9
+Provides: bundled(crate(schannel)) = 0.1.19
+Provides: bundled(crate(scopeguard)) = 1.1.0
+Provides: bundled(crate(security-framework)) = 2.6.1
+Provides: bundled(crate(security-framework-sys)) = 2.6.1
+Provides: bundled(crate(semver)) = 0.11.0
+Provides: bundled(crate(semver)) = 1.0.5
+Provides: bundled(crate(semver-parser)) = 0.10.2
+Provides: bundled(crate(serde)) = 1.0.136
+Provides: bundled(crate(serde_derive)) = 1.0.136
+Provides: bundled(crate(serde_json)) = 1.0.79
+Provides: bundled(crate(serde_urlencoded)) = 0.7.1
+Provides: bundled(crate(sha-1)) = 0.10.0
+Provides: bundled(crate(shlex)) = 1.1.0
+Provides: bundled(crate(signal-hook-registry)) = 1.4.0
+Provides: bundled(crate(slab)) = 0.4.5
+Provides: bundled(crate(smallvec)) = 1.8.0
+Provides: bundled(crate(socket2)) = 0.4.4
+Provides: bundled(crate(stable_deref_trait)) = 1.2.0
+Provides: bundled(crate(static_assertions)) = 1.1.0
+Provides: bundled(crate(strsim)) = 0.8.0
+Provides: bundled(crate(strsim)) = 0.10.0
+Provides: bundled(crate(syn)) = 1.0.86
+Provides: bundled(crate(synstructure)) = 0.12.6
+Provides: bundled(crate(target-lexicon)) = 0.12.3
+Provides: bundled(crate(tempfile)) = 3.3.0
+Provides: bundled(crate(termcolor)) = 1.1.2
+Provides: bundled(crate(textwrap)) = 0.11.0
+Provides: bundled(crate(textwrap)) = 0.14.2
+Provides: bundled(crate(thiserror)) = 1.0.30
+Provides: bundled(crate(thiserror-impl)) = 1.0.30
+Provides: bundled(crate(time)) = 0.3.9
+Provides: bundled(crate(time-macros)) = 0.2.4
+Provides: bundled(crate(tinyvec)) = 1.5.1
+Provides: bundled(crate(tinyvec_macros)) = 0.1.0
+Provides: bundled(crate(tokio)) = 1.16.1
+Provides: bundled(crate(tokio-macros)) = 1.7.0
+Provides: bundled(crate(tokio-native-tls)) = 0.3.0
+Provides: bundled(crate(tokio-openssl)) = 0.6.3
+Provides: bundled(crate(tokio-util)) = 0.6.9
+Provides: bundled(crate(tokio-util)) = 0.7.1
+Provides: bundled(crate(tower-service)) = 0.3.1
+Provides: bundled(crate(tracing)) = 0.1.30
+Provides: bundled(crate(tracing-attributes)) = 0.1.20
+Provides: bundled(crate(tracing-core)) = 0.1.22
+Provides: bundled(crate(try-lock)) = 0.2.3
+Provides: bundled(crate(tss-esapi)) = 7.0.0
+Provides: bundled(crate(tss-esapi-sys)) = 0.3.0
+Provides: bundled(crate(typenum)) = 1.15.0
+Provides: bundled(crate(ucd-trie)) = 0.1.3
+Provides: bundled(crate(unicode-bidi)) = 0.3.7
+Provides: bundled(crate(unicode-normalization)) = 0.1.19
+Provides: bundled(crate(unicode-width)) = 0.1.9
+Provides: bundled(crate(unicode-xid)) = 0.2.2
+Provides: bundled(crate(url)) = 2.2.2
+Provides: bundled(crate(uuid)) = 0.8.2
+Provides: bundled(crate(vcpkg)) = 0.2.15
+Provides: bundled(crate(vec_map)) = 0.8.2
+Provides: bundled(crate(version_check)) = 0.9.4
+Provides: bundled(crate(want)) = 0.3.0
+Provides: bundled(crate(wasi)) = 0.10.2
+Provides: bundled(crate(wasi)) = 0.11.0
+Provides: bundled(crate(wasm-bindgen)) = 0.2.79
+Provides: bundled(crate(wasm-bindgen-backend)) = 0.2.79
+Provides: bundled(crate(wasm-bindgen-futures)) = 0.4.29
+Provides: bundled(crate(wasm-bindgen-macro)) = 0.2.79
+Provides: bundled(crate(wasm-bindgen-macro-support)) = 0.2.79
+Provides: bundled(crate(wasm-bindgen-shared)) = 0.2.79
+Provides: bundled(crate(web-sys)) = 0.3.56
+Provides: bundled(crate(which)) = 4.2.4
+Provides: bundled(crate(winapi)) = 0.3.9
+Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0
+Provides: bundled(crate(winapi-util)) = 0.1.5
+Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0
+Provides: bundled(crate(winreg)) = 0.10.1
+Provides: bundled(crate(zeroize)) = 1.5.2
+Provides: bundled(crate(zeroize_derive)) = 1.3.1
+Provides: bundled(crate(zstd)) = 0.10.0
+Provides: bundled(crate(zstd-safe)) = 4.1.4
+Provides: bundled(crate(zstd-sys)) = 1.6.3
+
+%description
+Rust agent for Keylime
+
+%prep
+%autosetup -N -n rust-keylime-%{commit}
+%cargo_prep -V 1
+%autopatch -p1
+
+# Sometimes Rust sources start with #![...] attributes, and "smart" editors think
+# it's a shebang and make them executable. Then brp-mangle-shebangs gets upset...
+find -name '*.rs' -type f -perm /111 -exec chmod -v -x '{}' '+'
+
+%build
+%cargo_build
+
+%install
+%cargo_install
+mkdir -p %{buildroot}/%{_sharedstatedir}/keylime
+mkdir -p --mode=0700 %{buildroot}/%{_rundir}/keylime
+mkdir -p --mode=0700 %{buildroot}/%{_localstatedir}/log/keylime
+mkdir -p --mode=0700 %{buildroot}/%{_libexecdir}/keylime
+
+install -Dpm 644 ./dist/systemd/system/keylime_agent.service \
+    %{buildroot}%{_unitdir}/keylime_agent.service
+
+install -Dpm 644 ./dist/systemd/system/var-lib-keylime-secure.mount \
+    %{buildroot}%{_unitdir}/var-lib-keylime-secure.mount
+
+%preun
+%systemd_preun keylime_agent.service
+%systemd_preun var-lib-keylime-secure.mount
+
+%postun
+%systemd_postun_with_restart keylime_agent.service
+%systemd_postun_with_restart var-lib-keylime-secure.mount
+
+%files
+%license LICENSE
+%doc README.md
+%{_unitdir}/keylime_agent.service
+%{_unitdir}/var-lib-keylime-secure.mount
+%attr(700,keylime,keylime) %dir %{_rundir}/keylime
+%attr(700,keylime,keylime) %dir %{_localstatedir}/log/keylime
+%attr(700,keylime,keylime) %{_sharedstatedir}/keylime
+%{_bindir}/keylime_agent
+%{_bindir}/keylime_ima_emulator
+
+%if %{with check}
+%check
+%cargo_test
+%endif
+
+%changelog
+%autochangelog
--- a/rust-keylime-add-quote-serialization.patch
+++ b/rust-keylime-add-quote-serialization.patch
@ -0,0 +1,217 @@
+From 423f7337d991ec5085914a361e68260bdd513ac6 Mon Sep 17 00:00:00 2001
+From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
+Date: Mon, 20 Jun 2022 11:51:46 +0200
+Subject: [PATCH] tpm: Add serialization functions for structures in quotes
+
+Add serialization and deserialization functions for the data in quotes
+to avoid endianness issues when the arch is big-endian.
+
+The added serialization and deserialization functions will convert the
+data endianness as necessary.
+
+Note: the official marshalling and unmarshalling functions cannot be
+used directly because the tpm2-tools uses a custom format.
+
+Fixes: #407
+
+Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
+---
+ src/tpm.rs | 139 +++++++++++++++++++++++++++++++++++++++++------------
+ 1 file changed, 107 insertions(+), 32 deletions(-)
+
+diff --git a/src/tpm.rs b/src/tpm.rs
+index 9002c29..5521892 100644
+--- a/src/tpm.rs
+++ b/src/tpm.rs
+@@ -52,15 +52,20 @@ use tss_esapi::{
+     tss2_esys::{
+         Tss2_MU_TPM2B_PUBLIC_Marshal, Tss2_MU_TPMS_ATTEST_Marshal,
+         Tss2_MU_TPMS_ATTEST_Unmarshal, Tss2_MU_TPMT_SIGNATURE_Marshal,
+-        TPM2B_ATTEST, TPM2B_PUBLIC, TPML_DIGEST, TPML_PCR_SELECTION,
+-        TPMS_ATTEST, TPMS_SCHEME_HASH, TPMT_SIGNATURE, TPMT_SIG_SCHEME,
+-        TPMU_SIG_SCHEME,
+        TPM2B_ATTEST, TPM2B_DIGEST, TPM2B_PUBLIC, TPML_DIGEST,
+        TPML_PCR_SELECTION, TPMS_ATTEST, TPMS_PCR_SELECTION,
+        TPMS_SCHEME_HASH, TPMT_SIGNATURE, TPMT_SIG_SCHEME, TPMU_SIG_SCHEME,
+     },
+     utils::TpmsContext,
+     Context,
+ };
+ 
+ pub const MAX_NONCE_SIZE: usize = 64;
+pub const TPML_DIGEST_SIZE: usize = std::mem::size_of::<TPML_DIGEST>();
+pub const TPML_PCR_SELECTION_SIZE: usize =
+    std::mem::size_of::<TPML_PCR_SELECTION>();
+pub const TPMS_PCR_SELECTION_SIZE: usize =
+    std::mem::size_of::<TPMS_PCR_SELECTION>();
+ 
+ /*
+  * Input: None
+@@ -123,6 +128,95 @@ pub(crate) fn create_ek(
+ assert_eq_size!(TPML_PCR_SELECTION, [u8; 132]);
+ assert_eq_size!(TPML_DIGEST, [u8; 532]);
+ 
+// Serialize a TPML_PCR_SELECTION into a Vec<u8>
+// The serialization will adjust the data endianness as necessary and add paddings to keep the
+// memory aligment.
+pub(crate) fn serialize_pcrsel(
+    pcr_selection: &TPML_PCR_SELECTION,
+) -> Vec<u8> {
+    let mut output = Vec::with_capacity(TPML_PCR_SELECTION_SIZE);
+    output.extend(u32::to_le_bytes(pcr_selection.count));
+    for selection in pcr_selection.pcrSelections.iter() {
+        output.extend(selection.hash.to_le_bytes());
+        output.extend(selection.sizeofSelect.to_le_bytes());
+        output.extend(selection.pcrSelect);
+        output.extend([0u8; 1]); // padding to keep the memory alignment
+    }
+    output
+}
+
+// Deserialize a TPML_PCR_SELECTION from a &[u8] slice.
+// The deserialization will adjust the data endianness as necessary.
+pub(crate) fn deserialize_pcrsel(
+    pcrsel_vec: &[u8],
+) -> Result<TPML_PCR_SELECTION> {
+    if pcrsel_vec.len() != TPML_PCR_SELECTION_SIZE {
+        return Err(KeylimeError::InvalidRequest);
+    }
+
+    let mut reader = std::io::Cursor::new(pcrsel_vec);
+    let mut count_vec = [0u8; 4];
+    reader.read_exact(&mut count_vec)?;
+    let count = u32::from_le_bytes(count_vec);
+
+    let mut pcr_selections: [TPMS_PCR_SELECTION; 16] =
+        [TPMS_PCR_SELECTION::default(); 16];
+
+    for selection in &mut pcr_selections {
+        let mut hash_vec = [0u8; 2];
+        reader.read_exact(&mut hash_vec)?;
+        selection.hash = u16::from_le_bytes(hash_vec);
+
+        let mut size_vec = [0u8; 1];
+        reader.read_exact(&mut size_vec)?;
+        selection.sizeofSelect = u8::from_le_bytes(size_vec);
+
+        reader.read_exact(&mut selection.pcrSelect)?;
+    }
+
+    Ok(TPML_PCR_SELECTION {
+        count,
+        pcrSelections: pcr_selections,
+    })
+}
+
+// Serialize a TPML_DIGEST into a Vec<u8>
+// The serialization will adjust the data endianness as necessary.
+pub(crate) fn serialize_digest(digest_list: &TPML_DIGEST) -> Vec<u8> {
+    let mut output = Vec::with_capacity(TPML_DIGEST_SIZE);
+    output.extend(u32::to_le_bytes(digest_list.count));
+    for digest in digest_list.digests.iter() {
+        output.extend(digest.size.to_le_bytes());
+        output.extend(digest.buffer);
+    }
+    output
+}
+
+// Deserialize a TPML_DIGEST from a &[u8] slice.
+// The deserialization will adjust the data endianness as necessary.
+pub(crate) fn deserialize_digest(digest_vec: &[u8]) -> Result<TPML_DIGEST> {
+    if digest_vec.len() != TPML_DIGEST_SIZE {
+        return Err(KeylimeError::InvalidRequest);
+    }
+
+    let mut reader = std::io::Cursor::new(digest_vec);
+    let mut count_vec = [0u8; 4];
+
+    reader.read_exact(&mut count_vec)?;
+    let count = u32::from_le_bytes(count_vec);
+
+    let mut digests: [TPM2B_DIGEST; 8] = [TPM2B_DIGEST::default(); 8];
+
+    for digest in &mut digests {
+        let mut size_vec = [0u8; 2];
+        reader.read_exact(&mut size_vec)?;
+        digest.size = u16::from_le_bytes(size_vec);
+        reader.read_exact(&mut digest.buffer)?;
+    }
+
+    Ok(TPML_DIGEST { count, digests })
+}
+
+ // Recreate how tpm2-tools creates the PCR out file. Roughly, this is a
+ // TPML_PCR_SELECTION + number of TPML_DIGESTS + TPML_DIGESTs.
+ // Reference:
+@@ -140,16 +234,14 @@ pub(crate) fn pcrdata_to_vec(
+     const DIGEST_SIZE: usize = std::mem::size_of::<TPML_DIGEST>();
+ 
+     let mut pcrsel: TPML_PCR_SELECTION = selection_list.into();
+-    pcrsel.count = pcrsel.count.to_le();
+-    let pcrsel_vec: [u8; PCRSEL_SIZE] =
+-        unsafe { std::mem::transmute(pcrsel) };
+    let pcrsel_vec = serialize_pcrsel(&pcrsel);
+ 
+     let digest: Vec<TPML_DIGEST> = pcrdata.into();
+     let num_tpml_digests = digest.len() as u32;
+     let mut digest_vec = Vec::with_capacity(digest.len() * DIGEST_SIZE);
+ 
+     for d in digest {
+-        let vec: [u8; DIGEST_SIZE] = unsafe { std::mem::transmute(d) };
+        let vec = serialize_digest(&d);
+         digest_vec.extend(vec);
+     }
+ 
+@@ -665,41 +757,24 @@ pub mod testing {
+     );
+ 
+     fn vec_to_pcrdata(val: &[u8]) -> Result<(PcrSelectionList, PcrData)> {
+-        const PCRSEL_SIZE: usize = std::mem::size_of::<TPML_PCR_SELECTION>();
+-        const DIGEST_SIZE: usize = std::mem::size_of::<TPML_DIGEST>();
+-
+         let mut reader = std::io::Cursor::new(val);
+-        let mut pcrsel_vec = [0u8; PCRSEL_SIZE];
+-        let len = reader.read(&mut pcrsel_vec)?;
+-        if len != pcrsel_vec.len() {
+-            return Err(KeylimeError::InvalidRequest);
+-        }
+-        let mut pcrsel = unsafe {
+-            std::mem::transmute::<[u8; PCRSEL_SIZE], TPML_PCR_SELECTION>(
+-                pcrsel_vec,
+-            )
+-        };
+        let mut pcrsel_vec = [0u8; TPML_PCR_SELECTION_SIZE];
+        reader.read_exact(&mut pcrsel_vec)?;
+
+        let pcrsel = deserialize_pcrsel(&pcrsel_vec)?;
+         let pcrlist: PcrSelectionList = pcrsel.try_into()?;
+ 
+         let mut count_vec = [0u8; 4];
+-        let len = reader.read(&mut count_vec)?;
+-        if len < count_vec.len() {
+-            return Err(KeylimeError::InvalidRequest);
+-        }
+        reader.read_exact(&mut count_vec)?;
+         let count = u32::from_le_bytes(count_vec);
+         // Always 1 PCR digest should follow
+         if count != 1 {
+             return Err(KeylimeError::InvalidRequest);
+         }
+ 
+-        let mut digest_vec = [0u8; DIGEST_SIZE];
+-        let len = reader.read(&mut digest_vec)?;
+-        if len != digest_vec.len() {
+-            return Err(KeylimeError::InvalidRequest);
+-        }
+-        let mut digest = unsafe {
+-            std::mem::transmute::<[u8; DIGEST_SIZE], TPML_DIGEST>(digest_vec)
+-        };
+        let mut digest_vec = [0u8; TPML_DIGEST_SIZE];
+        reader.read_exact(&mut digest_vec)?;
+        let digest = deserialize_digest(&digest_vec)?;
+         let mut digest_list = DigestList::new();
+         for i in 0..digest.count {
+             digest_list.add(digest.digests[i as usize].try_into()?);
+-- 
+2.35.3
+
--- a/rust-keylime-fix-metadata.diff
+++ b/rust-keylime-fix-metadata.diff
@ -0,0 +1,33 @@
+diff --git a/Cargo.toml b/Cargo.toml
+index 95bbfab..200fbc7 100644
+--- a/Cargo.toml
+++ b/Cargo.toml
+@@ -39,25 +39,16 @@ serde_json = { version = "1.0", features = ["raw_value"] }
+ static_assertions = "1"
+ tempfile = "3.0.4"
+ tokio = {version = "1", features = ["full"]}
+-tss-esapi = "7.0.0"
+tss-esapi = {version = "7.0.0", features = ["generate-bindings"]}
+ thiserror = "1.0"
+ uuid = {version = "0.8", features = ["v4"]}
+-zmq = {version = "0.9.2", optional = true}
+ 
+ [dev-dependencies]
+ actix-rt = "2"
+-wiremock = "0.5"
+ 
+ [features]
+ # The features enabled by default
+-default = ["with-zmq", "legacy-python-actions"]
+# Removed default features to drop ZeroMQ and the need for the python shim
+default = []
+ # this should change to dev-dependencies when we have integration testing
+ testing = []
+-# Whether the agent should be compiled with support to listen for notification
+-# messages on ZeroMQ
+-with-zmq = ["zmq"]
+-# Whether the agent should be compiled with support for python revocation
+-# actions loaded as modules, which is the only kind supported by the python
+-# agent (unless the enhancement-55 is implemented). See:
+-# https://github.com/keylime/enhancements/blob/master/55_revocation_actions_without_python.md
+-legacy-python-actions = []
--- a/2
+++ b/2
@ -0,0 +1,2 @@
+SHA512 (rust-keylime-0.1.0~20220603gitaed51c7-vendor.tar.xz) = 591a378ff4c70767bd54f998ecd117ffc65e72c48900f69cb83ef57bfb2abe1afb6652e0cc2810c1c92ddcdbe17147c2cfc16a6c846bd46781c09c5db3748ea6
+SHA512 (rust-keylime-0.1.0~20220603gitaed51c7.tar.gz) = 0a045b0caa13a582a1270428edb49a7e20cc7df15b749458a9ddb2b84c05f240225d9e876a0cc082978dc5b52f7e0175cbbc3b937edd1ffed68e252be3ea17f8