pyOpenSSL 24.0.0 removed several APIs required by pccsadmin, so
porting to pycryptography is required on Fedora. Since RHEL does
not ship pyOpenSSL, the port is useful here too.
Using pyasn1 instead of asn1 gives stronger validation during
parsing and brings compatibility with RHEL that lacks python3-asn1
The keyring package needs to be optional on RHEL which lacks this
module (currently).
Also drop the inappropriate pccs port number change
Related: https://issues.redhat.com/browse/RHEL-121612
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
While pccs can be run node-local, a typical deployment would
have pccs on the LAN to cache certs across many hosts. As
such a dep on sgx-mpa is inappropriate, and tdx-qgs already
has a weak dep for this.
Related: https://issues.redhat.com/browse/RHEL-121612
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Since pccs was reintroduced the pccsadmin tool is now relevant on
both RHEL and Fedora
Related: https://issues.redhat.com/browse/RHEL-121612
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This ensures that if qgs is started, without a reboot after install,
it will have permissions to access /dev/sgx_provision
Resolves: https://issues.redhat.com/browse/RHEL-110112
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Changes to qgs.service to make it more amenable to writing a strict
SELinux policy.
Also add patch to allow control over socket perms so QEMU can get
access to the socket.
Related: https://issues.redhat.com/browse/RHELPLAN-171792
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
