diff --git a/.gitignore b/.gitignore index a78c6fa..50b9e29 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,4 @@ /v6.8.0.tar.gz /v7.0.0.tar.gz /v7.2.5.tar.gz +/v7.3.0.tar.gz diff --git a/0002-templates-Fix-mapping-and-adjust-for-Rust-agent.patch b/0002-templates-Fix-mapping-and-adjust-for-Rust-agent.patch deleted file mode 100644 index 65adb72..0000000 --- a/0002-templates-Fix-mapping-and-adjust-for-Rust-agent.patch +++ /dev/null @@ -1,119 +0,0 @@ -From de764c330e3a3f0306d47f7a1b5b3138e9106a06 Mon Sep 17 00:00:00 2001 -From: Anderson Toshiyuki Sasaki -Date: Thu, 1 Jun 2023 09:58:56 -0300 -Subject: [PATCH 2/2] templates: Fix mapping and adjust for Rust agent - -The Rust Keylime agent does not set take ownership or set the TPM owner -password. For this reason, the default value for tpm_ownerpassword -should be the empty string "". - -Also, the agent does not support lists in the format specified for the -Python agent (i.e. a Python list such as ["string_a", "string_b"]. For -this reason, the adjust script should instead remove the square brackets -and make the strings to be separated with a comma. - -Signed-off-by: Anderson Toshiyuki Sasaki ---- - templates/2.0/adjust.py | 49 ++++++++++++++++++++++++++++++++++---- - templates/2.0/mapping.json | 4 ++-- - 2 files changed, 47 insertions(+), 6 deletions(-) - -diff --git a/templates/2.0/adjust.py b/templates/2.0/adjust.py -index c1e582a..1aa5702 100644 ---- a/templates/2.0/adjust.py -+++ b/templates/2.0/adjust.py -@@ -62,10 +62,6 @@ def adjust(config: RawConfigParser, mapping: Dict) -> None: # pylint: disable=u - - # Dictionary defining values to convert to lists - tolist = { -- "agent": [ -- "trusted_client_ca", -- "revocation_actions", -- ], - "verifier": [ - "trusted_server_ca", - "severity_labels", -@@ -84,6 +80,12 @@ def adjust(config: RawConfigParser, mapping: Dict) -> None: # pylint: disable=u - "registrar": ["trusted_client_ca"], - } - -+ mergelist = { -+ "agent": [ -+ "revocation_actions", -+ ] -+ } -+ - for section in config: - try: - config_version = str_to_version(config[section].get("version", "1.0")) -@@ -151,6 +153,45 @@ def adjust(config: RawConfigParser, mapping: Dict) -> None: # pylint: disable=u - - print(f"[{section}] For option '{option}', converted '{value}' to " f"'{config[section][option]}'") - -+ # This is a special treatment to make lists compatible with the Rust agent -+ if section in mergelist: -+ for option in mergelist[section]: -+ if section in config and option in config[section]: -+ # Get raw string value -+ value = config[section][option].strip(' "') -+ -+ if value == "default": -+ continue -+ -+ l = [] -+ try: -+ v = ast.literal_eval(value) -+ # If the value in the config was already a list, continue -+ if isinstance(v, list): -+ l = v -+ # If the value in the config was tuple -+ elif isinstance(v, tuple): -+ l = list(v) -+ -+ except Exception as e: -+ print( -+ f"[{section}] In option '{option}', failed to parse " -+ f"'{value}' as python type, trying manual splitting" -+ ) -+ -+ # Eliminate surrounding spaces and brackets, if present -+ v = value.strip("[ ]").split(",") -+ -+ # Eliminate surrounding quotes and blank spaces from each element -+ v = map(lambda x: x.strip(' "'), v) -+ -+ # Remove empty strings -+ l = list(filter(lambda x: (x != ""), v)) -+ -+ config[section][option] = ",".join(l) -+ -+ print(f"[{section}] For option '{option}', converted '{value}' to '{config[section][option]}'") -+ - # Other special adjustments - - # Convert agent boolean values to lower case (for TOML output) -diff --git a/templates/2.0/mapping.json b/templates/2.0/mapping.json -index 62e8538..fd8519e 100644 ---- a/templates/2.0/mapping.json -+++ b/templates/2.0/mapping.json -@@ -100,7 +100,7 @@ - "tpm_ownerpassword": { - "section": "cloud_agent", - "option": "tpm_ownerpassword", -- "default": "keylime" -+ "default": "" - }, - "extract_payload_zip": { - "section": "cloud_agent", -@@ -120,7 +120,7 @@ - "revocation_actions": { - "section": "cloud_agent", - "option": "revocation_actions", -- "default": "[]" -+ "default": "" - }, - "payload_script": { - "section": "cloud_agent", --- -2.39.2 - diff --git a/keylime.spec b/keylime.spec index 4f31c45..e1322a3 100644 --- a/keylime.spec +++ b/keylime.spec @@ -8,7 +8,7 @@ %global selinuxtype targeted Name: keylime -Version: 7.2.5 +Version: 7.3.0 Release: %autorelease Summary: Open source TPM software for Bootstrapping and Maintaining Trust @@ -19,11 +19,10 @@ Source1: %{srcname}.sysusers Source2: https://github.com/RedHat-SP-Security/%{name}-selinux/archive/v%{policy_version}/keylime-selinux-%{policy_version}.tar.gz Patch: 01-duplicate-str-to-version.patch -Patch: 0002-templates-Fix-mapping-and-adjust-for-Rust-agent.patch # Main program: BSD # Icons: MIT -License: ASL 2.0 and MIT +License: Apache-2.0 AND MIT BuildRequires: git-core BuildRequires: swig @@ -106,6 +105,7 @@ Requires: python3-gpg Requires: python3-lark-parser Requires: python3-pyasn1 Requires: python3-pyasn1-modules +Requires: python3-typing-extensions Requires: tpm2-tools %description -n python3-%{srcname} diff --git a/sources b/sources index 7719191..ac05c02 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (v7.2.5.tar.gz) = 375342f82786b604b534edf31dd0d9203d653562bc1ab0542a90b699e208e8fe4076dce7900c0f66f262c301418ae173390af15c01024e5d02b2b997eeabe702 +SHA512 (v7.3.0.tar.gz) = 6a5ee3e642015b4c09058ab84db9c1c132d94b387284cb363285fb43a875921fdf0e88ef4b67ab886ceed4e6a5a49aeef0334d42d9662d27f865287d3e9e000b SHA512 (keylime-selinux-1.0.0.tar.gz) = d0b4fea7407ad493b08e6f087e8f32b1a65acbee59bf6e20a0e26aaa139f56c1206c7e707898fd8a2e11468cd918f76cb6985f68b8a2faa8a2a4b7a9ba4c3674