The package rpms/parsec.git has added or updated architecture specific content in its spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s): https://src.fedoraproject.org/cgit/rpms/parsec.git/commit/?id=1380a225fbe693....
Change: +ExcludeArch: s390x %{power64}
Thanks.
Full change: ============
commit 1380a225fbe6939e4fd248a55ee091c1da9b9bf8 Author: Peter Robinson pbrobinson@gmail.com Date: Wed Sep 16 22:05:56 2020 +0100
initial import
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..28895ca --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/parsec-*.tar.gz diff --git a/0001-Bump-picky-version-number.patch b/0001-Bump-picky-version-number.patch new file mode 100644 index 0000000..1a4f54a --- /dev/null +++ b/0001-Bump-picky-version-number.patch @@ -0,0 +1,69 @@ +From 1c01cfe303e04e49374feb4060cc96a44b2775c9 Mon Sep 17 00:00:00 2001 +From: Joe Ellis joe.ellis@arm.com +Date: Tue, 8 Sep 2020 17:39:08 +0100 +Subject: [PATCH 1/5] Bump picky version number + +Signed-off-by: Joe Ellis joe.ellis@arm.com +--- + Cargo.toml | 6 +++--- + src/providers/pkcs11_provider/key_management.rs | 4 ++-- + src/providers/tpm_provider/utils.rs | 4 ++-- + 3 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/Cargo.toml b/Cargo.toml +index db7c22b..49c3457 100644 +--- a/Cargo.toml ++++ b/Cargo.toml +@@ -32,8 +32,8 @@ env_logger = "0.7.1" + log = { version = "0.4.8", features = ["serde"] } + pkcs11 = { version = "0.4.0", optional = true } + picky-asn1-der = { version = "0.2.2", optional = true } +-picky-asn1 = { version = "0.2.1", optional = true } +-tss-esapi = { version = "4.0.8-alpha.1", optional = true } ++picky-asn1 = { version = "0.3.0", optional = true } ++tss-esapi = { version = "4.0.9-alpha.1", optional = true } + bincode = "1.1.4" + structopt = "0.3.5" + derivative = "2.1.1" +@@ -42,7 +42,7 @@ hex = "0.4.2" + picky = "5.0.0" + psa-crypto = { version = "0.5.0" , default-features = false, features = ["operations"], optional = true } + zeroize = { version = "1.1.0", features = ["zeroize_derive"] } +-picky-asn1-x509 = { version = "0.3.0", optional = true } ++picky-asn1-x509 = { version = "0.3.2", optional = true } + users = "0.10.0" + libc = "0.2.72" + +diff --git a/src/providers/pkcs11_provider/key_management.rs b/src/providers/pkcs11_provider/key_management.rs +index 5f528e4..e4ecee7 100644 +--- a/src/providers/pkcs11_provider/key_management.rs ++++ b/src/providers/pkcs11_provider/key_management.rs +@@ -342,8 +342,8 @@ impl Pkcs11Provider { + + // To produce a valid ASN.1 RSAPublicKey structure, 0x00 is put in front of the positive + // integer if highest significant bit is one, to differentiate it from a negative number. +- let modulus = IntegerAsn1::from_unsigned_bytes_be(modulus); +- let public_exponent = IntegerAsn1::from_unsigned_bytes_be(public_exponent); ++ let modulus = IntegerAsn1::from_bytes_be_unsigned(modulus); ++ let public_exponent = IntegerAsn1::from_bytes_be_unsigned(public_exponent); + + let key = RSAPublicKey { + modulus, +diff --git a/src/providers/tpm_provider/utils.rs b/src/providers/tpm_provider/utils.rs +index 57a9090..4e94989 100644 +--- a/src/providers/tpm_provider/utils.rs ++++ b/src/providers/tpm_provider/utils.rs +@@ -178,8 +178,8 @@ fn convert_curve_to_tpm(key_attributes: Attributes) -> Result<EllipticCurve> { + pub fn pub_key_to_bytes(pub_key: PublicKey, key_attributes: Attributes) -> Result<Vec<u8>> { + match pub_key { + PublicKey::Rsa(key) => picky_asn1_der::to_vec(&RSAPublicKey { +- modulus: IntegerAsn1::from_unsigned_bytes_be(key), +- public_exponent: IntegerAsn1::from_signed_bytes_be(PUBLIC_EXPONENT.to_vec()), ++ modulus: IntegerAsn1::from_bytes_be_unsigned(key), ++ public_exponent: IntegerAsn1::from_bytes_be_signed(PUBLIC_EXPONENT.to_vec()), + }) + .or(Err(ResponseStatus::PsaErrorGenericError)), + PublicKey::Ecc { x, y } => { +-- +2.26.2 + diff --git a/parsec-fix-metadata.diff b/parsec-fix-metadata.diff new file mode 100644 index 0000000..8878c62 --- /dev/null +++ b/parsec-fix-metadata.diff @@ -0,0 +1,42 @@ +--- parsec-0.4.0/Cargo.toml.orig 2020-09-16 18:45:54.436475918 +0100 ++++ parsec-0.4.0/Cargo.toml 2020-09-16 18:46:17.364684962 +0100 +@@ -20,17 +20,16 @@ + [dependencies] + parsec-interface = "0.20.0" + rand = { version = "0.7.2", features = ["small_rng"] } +-base64 = "0.10.1" +-uuid = "0.7.4" ++base64 = "0.12.3" ++uuid = "0.8.1" + threadpool = "1.7.1" +-std-semaphore = "0.1.0" + signal-hook = "0.1.10" + sd-notify = { version = "0.1.1" } +-toml = "0.4.2" ++toml = "0.5.6" + serde = { version = "1.0", features = ["derive"] } + env_logger = "0.7.1" + log = { version = "0.4.8", features = ["serde"] } +-pkcs11 = { version = "0.4.0", optional = true } ++pkcs11 = { version = "0.5.0", optional = true } + picky-asn1-der = { version = "0.2.2", optional = true } + picky-asn1 = { version = "0.3.0", optional = true } + tss-esapi = { version = "4.0.9-alpha.1", optional = true } +@@ -39,7 +38,6 @@ + derivative = "2.1.1" + version = "3.0.0" + hex = "0.4.2" +-picky = "5.0.0" + psa-crypto = { version = "0.5.0" , default-features = false, features = ["operations"], optional = true } + zeroize = { version = "1.1.0", features = ["zeroize_derive"] } + picky-asn1-x509 = { version = "0.3.2", optional = true } +@@ -55,8 +53,7 @@ + + [build-dependencies] + bindgen = "0.54.0" +-cargo_toml = "0.7.0" +-toml = "0.4.2" ++toml = "0.5.6" + serde = { version = "1.0", features = ["derive"] } + + [package.metadata.docs.rs] diff --git a/parsec.service b/parsec.service new file mode 100644 index 0000000..42b4903 --- /dev/null +++ b/parsec.service @@ -0,0 +1,13 @@ +[Unit] +Description=Parsec Service +Documentation=https://parallaxsecond.github.io/parsec-book/parsec_service/install_parsec_l... + +[Service] +Type=notify +KillMode=process +Restart=on-failure +WorkingDirectory=/var/lib/parsec +ExecStart=/usr/libexec/parsec -c /etc/parsec/parsec.conf + +[Install] +WantedBy=default.target diff --git a/parsec.spec b/parsec.spec new file mode 100644 index 0000000..fc4a8d9 --- /dev/null +++ b/parsec.spec @@ -0,0 +1,106 @@ +%bcond_without check +%global __cargo_skip_build 0 +%global __cargo_is_lib() false + +%global __cargo_parse_opts --features=tpm-provider + +%global custom_cargo_build /usr/bin/env PROTOC=%{_bindir}/protoc PROTOC_INCLUDe=%{_includedir} CARGO_HOME=.cargo RUSTC_BOOTSTRAP=1 %{_bindir}/cargo build %{_smp_mflags} -Z avoid-dev-deps --release +%global custom_cargo_test /usr/bin/env PROTOC=%{_bindir}/protoc PROTOC_INCLUDe=%{_includedir} CARGO_HOME=.cargo RUSTC_BOOTSTRAP=1 %{_bindir}/cargo test %{_smp_mflags} -Z avoid-dev-deps --release --no-fail-fast + +Name: parsec +Version: 0.4.0 +Release: 2%{?dist} +Summary: The PARSEC daemon + +License: ASL 2.0 +URL: https://github.com/parallaxsecond/parsec +Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz +Source1: parsec.service +Patch0: 0001-Bump-picky-version-number.patch +# A slightly backported fix from an upstream PR +# https://github.com/parallaxsecond/parsec/pull/246 +Patch1: parsec-fix-metadata.diff + +ExclusiveArch: %{rust_arches} +# rhbz 1869980 +ExcludeArch: s390x %{power64} + +BuildRequires: protobuf-compiler +BuildRequires: rust-packaging +BuildRequires: systemd +Requires: tpm2-tss >= 3.0.0-3 +Requires(pre): shadow-utils +Requires(pre): tpm2-tss >= 3.0.0-3 +%{?systemd_requires} + +%description +PARSEC is the Platform AbstRaction for SECurity, an open-source initiative to +provide a common API to hardware security and cryptographic services in a +platform-agnostic way. This abstraction layer keeps workloads decoupled from +physical platform details, enabling cloud-native delivery flows within the data +center and at the edge. + +%prep +%autosetup -p1 +export PROTOC=%{_bindir}/protoc +export PROTOC_INCLUDE=%{_includedir} +%cargo_prep + +%generate_buildrequires +%cargo_generate_buildrequires + +%build +%custom_cargo_build --features=tpm-provider +# all-providers + +%install +export PROTOC=%{_bindir}/protoc +export PROTOC_INCLUDE=%{_includedir} +%cargo_install + +install -D -p -m0644 config.toml %{buildroot}%{_sysconfdir}/parsec/config.toml +install -D -p -m0644 %{SOURCE1} %{buildroot}%{_unitdir}/parsec.service +install -d -m0755 %{buildroot}%{_localstatedir}/lib/parsec +install -d -m0755 %{buildroot}%{_libexecdir} +mv %{buildroot}%{_bindir}/parsec %{buildroot}%{_libexecdir}/ + +%if %{with check} +%check +export PROTOC=%{_bindir}/protoc +export PROTOC_INCLUDE=%{_includedir} +%custom_cargo_test -- -- --skip real_ --skip loop_ --skip travis_ +%endif + +%pre +getent group parsec >/dev/null || groupadd -r parsec +getent passwd parsec >/dev/null || \ + useradd -r -g parsec -G tss -d /var/lib/parsec -s /sbin/nologin \ + -c "PARSEC service" parsec +# For PARSEC consumers, parsec user not in this group for isolation +getent group parsec-clients >/dev/null || groupadd -r parsec-clients +exit 0 + +%post +%systemd_post parsec.service + +%preun +%systemd_preun parsec.service + +%postun +%systemd_postun_with_restart parsec.service + +%files +%license LICENSE +%doc README.md +%attr(0750,parsec,parsec) %dir %{_sysconfdir}/parsec/ +%attr(0750,parsec,parsec) %dir %{_localstatedir}/lib/parsec/ +%config(noreplace) %{_sysconfdir}/parsec/config.toml +%{_libexecdir}/parsec +%{_unitdir}/parsec.service + +%changelog +* Wed Sep 16 2020 Peter Robinson pbrobinson@fedoraproject.org - 0.4.0-2 +- Add service user creation, enable MBedTLS/TPM2/pkcs11 providers, other fixes + +* Tue Sep 01 2020 Peter Robinson pbrobinson@fedoraproject.org 0.4.0-1 +- Initial package diff --git a/sources b/sources new file mode 100644 index 0000000..2632e98 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (parsec-0.4.0.tar.gz) = 5b587fc650d39ad9ad3358d957726f0478eb9ac29054c95c3a6f8856778268cb711b21e33cd852f13eee3d320c564d2444374e94029d8c926bc956fd81cb68ad
arch-excludes@lists.fedoraproject.org