rpms/keylime-agent-rust
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to upstream version 0.2.5

Browse Source 
Resolves: RHEL-38409

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
This commit is contained in:
Anderson Toshiyuki Sasaki 2024-06-12 11:17:32 +02:00
parent 5659df95c8
commit f28d571391
6 changed files with 426 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -12,3 +12,5 @@
/rust-keylime-0.2.1-vendor.tar.xz
/v0.2.2.tar.gz
/rust-keylime-0.2.2-vendor.tar.xz
/rust-keylime-0.2.5-vendor.tar.xz
/v0.2.5.tar.gz

32
keylime-agent-rust.spec
View File

@ -15,7 +15,7 @@
%endif
Name: keylime-agent-rust
Version: 0.2.2
Version: 0.2.5
Release: %{?autorelease}%{!?autorelease:1%{?dist}}
Summary: Rust agent for Keylime
@ -53,9 +53,17 @@ Source0: %{url}/archive/refs/tags/v%{version}.tar.gz
# --exclude-crate-path "libloading#tests"
# tar jcf rust-keylime-%%{version}-vendor.tar.xz vendor
Source1: rust-keylime-%{version}-vendor.tar.xz
## Patches for building from system Rust libraries (Fedora)
## (0-99) General patches
# Fix build with latest rust: https://github.com/keylime/rust-keylime/pull/789
# and https://github.com/keylime/rust-keylime/pull/793
Patch0: rust-keylime-unnecessary-qualifications.patch
# Fix regression to support hostname in registrar_ip configuration option
# https://github.com/keylime/rust-keylime/pull/797
Patch1: rust-keylime-support-hostnames-in-registrar-ip.patch
## (100-199) Patches for building from system Rust libraries (Fedora)
# Drop completely the legacy-python-actions feature
Patch1: rust-keylime-metadata.patch
Patch100: rust-keylime-metadata.patch
## (200+) Patches for building from vendored Rust libraries (RHEL)
ExclusiveArch: %{rust_arches}
@ -87,13 +95,14 @@ Conflicts: keylime-agent
Rust agent for Keylime
%prep
%autosetup -n rust-keylime-%{version} -N
%autosetup -n rust-keylime-%{version} -N %{?bundled_rust_deps:-a1}
%autopatch -M 99 -p1
%if 0%{?bundled_rust_deps}
# Source1 is vendored dependencies
%cargo_prep -V 1
%autopatch -m 100 -p1
%cargo_prep -v vendor
%autopatch -m 200 -p1
%else
%autopatch -M 99 -p1
%autopatch -m 100 -M 199 -p1
%cargo_prep
%generate_buildrequires
%cargo_generate_buildrequires
@ -101,6 +110,11 @@ Rust agent for Keylime
%build
%cargo_build
%cargo_license_summary
%{cargo_license} > LICENSE.dependencies
%if 0%{?bundled_rust_deps}
%cargo_vendor_manifest
%endif
%install
@ -148,6 +162,10 @@ chown -R keylime:keylime %{_sysconfdir}/keylime
%files
%license LICENSE
%license LICENSE.dependencies
%if 0%{?bundled_rust_deps}
%license cargo-vendor.txt
%endif
%doc README.md
%attr(500,keylime,keylime) %dir %{_sysconfdir}/keylime
%attr(500,keylime,keylime) %dir %{_sysconfdir}/keylime/agent.conf.d

26
rust-keylime-metadata.patch
View File

@ -1,16 +1,5 @@
--- a/keylime-agent/Cargo.toml 2023-07-13 17:19:34.757045275 +0200
+++ b/keylime-agent/Cargo.toml 2023-07-13 17:46:40.031264398 +0200
@@ -21,8 +21,8 @@
libc = "0.2.43"
log = "0.4"
openssl = "0.10.15"
-picky-asn1-der = "0.3.1"
-picky-asn1-x509 = "0.6.1"
+picky-asn1-der = "0.3"
+picky-asn1-x509 = "0.7"
pretty_env_logger = "0.4"
reqwest = {version = "0.11", default-features = false, features = ["json"]}
serde = "1.0.80"
--- a/keylime-agent/Cargo.toml 2024-01-31 10:25:42.291841679 +0100
+++ b/keylime-agent/Cargo.toml 2024-01-31 10:28:02.795282892 +0100
@@ -48,18 +48,6 @@
default = []
# this should change to dev-dependencies when we have integration testing
@ -30,3 +19,14 @@
[package.metadata.deb]
section = "net"
--- a/Cargo.toml 2024-05-02 11:18:17.351856756 +0200
+++ b/Cargo.toml 2024-05-02 11:18:23.930839679 +0200
@@ -16,7 +16,7 @@
[workspace.dependencies]
actix-rt = "2"
actix-web = { version = "4", default-features = false, features = ["macros", "openssl"] }
-base64 = "0.21"
+base64 = "0.22"
cfg-if = "1"
clap = { version = "4.3", features = ["derive"] }
config = { version = "0.13", default-features = false, features = ["toml"] }

242
rust-keylime-support-hostnames-in-registrar-ip.patch Normal file
View File

@ -0,0 +1,242 @@
From d4becf39196aa17583b02ad21cadcfe606d49a86 Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Tue, 28 May 2024 15:44:29 +0200
Subject: [PATCH] config: Support hostnames in registrar_ip option
This restores previous behavior where hostnames could be used to set the
'registrar_ip' configuration option.
The configuration will try to parse the input configuration string as an
IP and in case of failure, try to parse the string as a hostname.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
---
keylime-agent/src/config.rs | 9 ++-
keylime-agent/src/error.rs | 4 ++
keylime-agent/src/registrar_agent.rs | 40 ++++++++----
keylime/src/hostname.pest | 2 +
keylime/src/hostname_parser.rs | 94 ++++++++++++++++++++++++++++
keylime/src/lib.rs | 1 +
6 files changed, 136 insertions(+), 14 deletions(-)
create mode 100644 keylime/src/hostname.pest
create mode 100644 keylime/src/hostname_parser.rs
diff --git a/keylime-agent/src/config.rs b/keylime-agent/src/config.rs
index 03a6fa57..7ed5c70f 100644
--- a/keylime-agent/src/config.rs
+++ b/keylime-agent/src/config.rs
@@ -9,6 +9,7 @@ use config::{
use glob::glob;
use keylime::{
algorithms::{EncryptionAlgorithm, HashAlgorithm, SignAlgorithm},
+ hostname_parser::parse_hostname,
ip_parser::parse_ip,
list_parser::parse_list,
};
@@ -856,8 +857,12 @@ fn config_translate_keywords(
let ip = parse_ip(config.agent.ip.as_ref())?.to_string();
let contact_ip = parse_ip(config.agent.contact_ip.as_ref())?.to_string();
- let registrar_ip =
- parse_ip(config.agent.registrar_ip.as_ref())?.to_string();
+ let registrar_ip = match parse_ip(config.agent.registrar_ip.as_ref()) {
+ Ok(ip) => ip.to_string(),
+ Err(_) => {
+ parse_hostname(config.agent.registrar_ip.as_ref())?.to_string()
+ }
+ };
// Validate the configuration
diff --git a/keylime-agent/src/error.rs b/keylime-agent/src/error.rs
index 73bbc1a1..c322dcd3 100644
--- a/keylime-agent/src/error.rs
+++ b/keylime-agent/src/error.rs
@@ -47,6 +47,10 @@ pub(crate) enum Error {
Io(#[from] std::io::Error),
#[error("Failed to parse IP")]
IpParserError(#[from] keylime::ip_parser::IpParsingError),
+ #[error("Failed to parse hostname")]
+ HostnameParserError(
+ #[from] keylime::hostname_parser::HostnameParsingError,
+ ),
#[error("Text decoding error: {0}")]
Utf8(#[from] std::string::FromUtf8Error),
#[error("Secure Mount error: {0})")]
diff --git a/keylime-agent/src/registrar_agent.rs b/keylime-agent/src/registrar_agent.rs
index da75cf7e..0905ec19 100644
--- a/keylime-agent/src/registrar_agent.rs
+++ b/keylime-agent/src/registrar_agent.rs
@@ -84,12 +84,20 @@ pub(crate) async fn do_activate_agent(
) -> crate::error::Result<()> {
let data = Activate { auth_tag };
- // Add brackets if the address is IPv6
- let parsed_ip = registrar_ip.parse::<IpAddr>()?;
- let remote_ip = if parsed_ip.is_ipv6() {
- format!("[{registrar_ip}]")
- } else {
- registrar_ip.to_string()
+ let remote_ip = match registrar_ip.parse::<IpAddr>() {
+ Ok(addr) => {
+ // Add brackets if the address is IPv6
+ if addr.is_ipv6() {
+ format!("[{registrar_ip}]")
+ } else {
+ registrar_ip.to_string()
+ }
+ }
+ Err(_) => {
+ // The registrar_ip option can also be a hostname. If it is the case, the hostname was
+ // already validated during configuration
+ registrar_ip.to_string()
+ }
};
#[cfg(test)]
@@ -173,12 +181,20 @@ pub(crate) async fn do_register_agent(
port: Some(port),
};
- // Add brackets if the address is IPv6
- let parsed_ip = registrar_ip.parse::<IpAddr>()?;
- let remote_ip = if parsed_ip.is_ipv6() {
- format!("[{registrar_ip}]")
- } else {
- registrar_ip.to_string()
+ let remote_ip = match registrar_ip.parse::<IpAddr>() {
+ Ok(addr) => {
+ // Add brackets if the address is IPv6
+ if addr.is_ipv6() {
+ format!("[{registrar_ip}]")
+ } else {
+ registrar_ip.to_string()
+ }
+ }
+ Err(_) => {
+ // The registrar_ip option can also be a hostname. If it is the case, the hostname was
+ // already validated during configuration
+ registrar_ip.to_string()
+ }
};
#[cfg(test)]
diff --git a/keylime/src/hostname.pest b/keylime/src/hostname.pest
new file mode 100644
index 00000000..6e7c54e4
--- /dev/null
+++ b/keylime/src/hostname.pest
@@ -0,0 +1,2 @@
+hostname = {SOI ~ label ~ ("." ~ label)* ~ EOI}
+label = { ASCII_ALPHANUMERIC+ ~ ("-"+ ~ ASCII_ALPHANUMERIC+)*}
diff --git a/keylime/src/hostname_parser.rs b/keylime/src/hostname_parser.rs
new file mode 100644
index 00000000..dbf971a6
--- /dev/null
+++ b/keylime/src/hostname_parser.rs
@@ -0,0 +1,94 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2024 Keylime Authors
+
+use pest::Parser;
+use pest_derive::Parser;
+use thiserror::Error;
+
+#[derive(Parser)]
+#[grammar = "hostname.pest"]
+pub struct HostnameParser;
+
+#[derive(Error, Debug)]
+pub enum HostnameParsingError {
+ #[error("Invalid input {0}")]
+ InvalidInput(String),
+
+ #[error("failed to parse the input {input}")]
+ ParseError {
+ input: String,
+ source: Box<pest::error::Error<Rule>>,
+ },
+}
+
+/// Parses a hostname from a string slice following RFC-1123
+///
+/// Valid hostnames are formed by labels separated by dots ('.').
+///
+/// The labels can only contain alphanumeric characters ('a'..'z' | 'A'..'Z' | '0'..'9') and the
+/// hyphen ('-'). The labels cannot begin or end with an hyphen.
+///
+/// # Arguments
+///
+/// * `hostname` the string to be parsed
+///
+/// # Returns
+///
+/// The obtained hostname as a &str if it is a valid hostname
+///
+/// # Examples
+///
+/// Valid hostnames:
+///
+/// * `hostname`
+/// * `host-name`
+/// * `a.b.c`
+/// * `a-b.c-d.e-f`
+///
+/// Invalid hostnames:
+///
+/// * `a_b.c`
+/// * `a.b-.c`
+/// * `a.-b.c`
+pub fn parse_hostname(hostname: &str) -> Result<&str, HostnameParsingError> {
+ let Some(pair) = HostnameParser::parse(Rule::hostname, hostname)
+ .map_err(|e| HostnameParsingError::ParseError {
+ input: hostname.to_string(),
+ source: Box::new(e),
+ })?
+ .next()
+ else {
+ return Err(HostnameParsingError::InvalidInput(hostname.to_string()));
+ };
+ return Ok(pair.as_str());
+}
+
+// Unit Testing
+#[cfg(test)]
+mod tests {
+ use super::*;
+
+ #[test]
+ fn test_parse_hostname() {
+ // Sanity: most common case
+ assert_eq!(parse_hostname("hostname").unwrap(), "hostname"); //#[allow_ci]
+ assert_eq!(parse_hostname("ab.cd.ef").unwrap(), "ab.cd.ef"); //#[allow_ci]
+ assert_eq!(parse_hostname("ab-cd-ef").unwrap(), "ab-cd-ef"); //#[allow_ci]
+
+ // More advanced cases
+ assert_eq!(
+ parse_hostname("hostname-123.test").unwrap(), //#[allow_ci]
+ "hostname-123.test"
+ );
+ assert_eq!(parse_hostname("123-456.789").unwrap(), "123-456.789"); //#[allow_ci]
+ assert_eq!(parse_hostname("1----9").unwrap(), "1----9"); //#[allow_ci]
+
+ // Invalid input
+ assert!(parse_hostname("-host-na.me").is_err());
+ assert!(parse_hostname("host-na.me-").is_err());
+ assert!(parse_hostname(".host-na.me").is_err());
+ assert!(parse_hostname("host-na.me.").is_err());
+ assert!(parse_hostname("host_name").is_err());
+ assert!(parse_hostname("host..name").is_err());
+ }
+}
diff --git a/keylime/src/lib.rs b/keylime/src/lib.rs
index 3f0213eb..791729e1 100644
--- a/keylime/src/lib.rs
+++ b/keylime/src/lib.rs
@@ -1,5 +1,6 @@
pub mod algorithms;
pub mod crypto;
+pub mod hostname_parser;
pub mod ima;
pub mod ip_parser;
pub mod list_parser;

142
rust-keylime-unnecessary-qualifications.patch Normal file
View File

@ -0,0 +1,142 @@
From c91fba3382867737d194dfedf85cae7ee133c9e3 Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Wed, 8 May 2024 14:13:47 +0200
Subject: [PATCH] Fix 'unnecessary qualification' warnings
Newer versions of the rust compiler generates warnings when symbols are
over-specified.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
---
keylime-agent/src/payloads.rs | 2 +-
keylime-agent/src/revocation.rs | 8 ++++----
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/keylime-agent/src/payloads.rs b/keylime-agent/src/payloads.rs
index 5c40125f..d42918c8 100644
--- a/keylime-agent/src/payloads.rs
+++ b/keylime-agent/src/payloads.rs
@@ -222,7 +222,7 @@ async fn run_encrypted_payload(
let action_file = unzipped.join("action_list");
if action_file.exists() {
- let action_data = std::fs::read_to_string(&action_file)
+ let action_data = fs::read_to_string(&action_file)
.expect("unable to read action_list");
action_data
diff --git a/keylime-agent/src/revocation.rs b/keylime-agent/src/revocation.rs
index e5ffaade..c48116b1 100644
--- a/keylime-agent/src/revocation.rs
+++ b/keylime-agent/src/revocation.rs
@@ -203,7 +203,7 @@ fn run_revocation_actions(
let action_file = unzipped.join("action_list");
if action_file.exists() {
- action_data = std::fs::read_to_string(&action_file)
+ action_data = fs::read_to_string(&action_file)
.expect("unable to read action_list");
let file_actions = parse_list(&action_data)?;
@@ -528,7 +528,7 @@ mod tests {
env!("CARGO_MANIFEST_DIR"),
"/tests/unzipped/test_ok.json"
);
- let json_str = std::fs::read_to_string(json_file).unwrap(); //#[allow_ci]
+ let json_str = fs::read_to_string(json_file).unwrap(); //#[allow_ci]
let json = serde_json::from_str(&json_str).unwrap(); //#[allow_ci]
let actions_dir =
&Path::new(env!("CARGO_MANIFEST_DIR")).join("tests/actions/");
@@ -567,7 +567,7 @@ mod tests {
env!("CARGO_MANIFEST_DIR"),
"/tests/unzipped/test_err.json"
);
- let json_str = std::fs::read_to_string(json_file).unwrap(); //#[allow_ci]
+ let json_str = fs::read_to_string(json_file).unwrap(); //#[allow_ci]
let json = serde_json::from_str(&json_str).unwrap(); //#[allow_ci]
let actions_dir =
&Path::new(env!("CARGO_MANIFEST_DIR")).join("tests/actions/");
@@ -602,7 +602,7 @@ mod tests {
let revocation_actions = "local_action_stand_alone.py, local_action_rev_script1.py";
}
}
- let json_str = std::fs::read_to_string(json_file).unwrap(); //#[allow_ci]
+ let json_str = fs::read_to_string(json_file).unwrap(); //#[allow_ci]
let json = serde_json::from_str(&json_str).unwrap(); //#[allow_ci]
let actions_dir =
&Path::new(env!("CARGO_MANIFEST_DIR")).join("tests/actions/");
From 96d4bd4349518f173ede77cc5986e5e425f621ba Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Tue, 21 May 2024 15:55:36 +0200
Subject: [PATCH] Fix leftover 'unnecessary qualification' warnings on tests
Fix leftover 'unnecessary qualification' warnings generated when running
the tests ('cargo test --features=testing') with newer rust compilers.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
---
keylime-agent/src/errors_handler.rs | 4 ++--
keylime-agent/src/keys_handler.rs | 5 +----
keylime-agent/src/main.rs | 4 ++--
3 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/keylime-agent/src/errors_handler.rs b/keylime-agent/src/errors_handler.rs
index b0fa4c24..48ea2ffb 100644
--- a/keylime-agent/src/errors_handler.rs
+++ b/keylime-agent/src/errors_handler.rs
@@ -266,7 +266,7 @@ pub(crate) fn wrap_404<B>(
#[cfg(test)]
mod tests {
use super::*;
- use actix_web::{middleware, test, App, Resource};
+ use actix_web::{test, App, Resource};
use core::future::Future;
use serde::{Deserialize, Serialize};
use serde_json::{json, Value};
@@ -379,7 +379,7 @@ mod tests {
let mut app = test::init_service(
App::new()
.wrap(
- middleware::ErrorHandlers::new()
+ ErrorHandlers::new()
.handler(http::StatusCode::NOT_FOUND, wrap_404),
)
.app_data(
diff --git a/keylime-agent/src/keys_handler.rs b/keylime-agent/src/keys_handler.rs
index 6f4489d3..3407deeb 100644
--- a/keylime-agent/src/keys_handler.rs
+++ b/keylime-agent/src/keys_handler.rs
@@ -970,10 +970,7 @@ mod tests {
// Send Shutdown message to the workers for a graceful shutdown
keys_tx.send((KeyMessage::Shutdown, None)).await.unwrap(); //#[allow_ci]
- payload_tx
- .send(payloads::PayloadMessage::Shutdown)
- .await
- .unwrap(); //#[allow_ci]
+ payload_tx.send(PayloadMessage::Shutdown).await.unwrap(); //#[allow_ci]
arbiter.join();
}
diff --git a/keylime-agent/src/main.rs b/keylime-agent/src/main.rs
index f0713f9b..77f84cd3 100644
--- a/keylime-agent/src/main.rs
+++ b/keylime-agent/src/main.rs
@@ -1066,7 +1066,7 @@ mod testing {
/// CryptoTest error
#[error("CryptoTestError")]
- CryptoTestError(#[from] crate::crypto::testing::CryptoTestError),
+ CryptoTestError(#[from] crypto::testing::CryptoTestError),
/// IO error
#[error("IOError")]
@@ -1078,7 +1078,7 @@ mod testing {
/// TPM error
#[error("TPMError")]
- TPMError(#[from] keylime::tpm::TpmError),
+ TPMError(#[from] tpm::TpmError),
/// TSS esapi error
#[error("TSSError")]

4
sources
View File

@ -1,2 +1,2 @@
SHA512 (v0.2.2.tar.gz) = d83dbece1e850383fe98dec7ab2c473cdad46193d0f31eba25ae0a75928df94ee00fa8ee656806f356fcccbc36a5b6f417c1029a1f6a3a0974186197826eb4cc
SHA512 (rust-keylime-0.2.2-vendor.tar.xz) = 2b7de85d6250161d6fccfbc70700c8561114c37698cf5ed328545a1934b1f6b3b92d7c62d3aca93d20c1c474e870c17441d02a60b407d80aee18d80a2addc8c2
SHA512 (rust-keylime-0.2.5-vendor.tar.xz) = 96aba845b075f2ff638a2f82da8606ed44d9df7084318ed9bbfa9b781df6b862b3b1c54b609333cfda8f42c168b2f211699e3d3a28b19cb4432b4b05db384d1e
SHA512 (v0.2.5.tar.gz) = 3f36e3e248ff29dcbcbe77516f4edad7fa15a4e2fbdff5bc488393bb562abcc7c976712bc8cbdb4b397ee571d8652d9d8ad1c18740c92c1458176f218d067d39