Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trust.d support #672

Merged
merged 35 commits into from
Dec 7, 2022
Merged

Trust.d support #672

merged 35 commits into from
Dec 7, 2022

Conversation

jw3
Copy link
Member

@jw3 jw3 commented Dec 4, 2022
edited
Loading

Backend support for reading and writing the trust.d structure.

Contains non-backwards compatible changes to the config toml.

Also:

  • adds a binding for signaling a trust reload through fapolicyd pipe
  • sets the fc 38 rpm images explicitly, not using rawhide tag
  • adds header-check target to makefile

Closes #642

@jw3 jw3 added enhancement New feature or request backend trust labels Dec 4, 2022
@jw3 jw3 marked this pull request as ready for review December 6, 2022 23:58
@jw3 jw3 merged commit 505e35b into ctc-oss:master Dec 7, 2022
jw3 added a commit that referenced this pull request Dec 8, 2022
@jw3
Trust.d support (#672)
4705091 
Backend support for reading and writing the trust.d structure.

Contains non-backwards compatible changes to the config toml. 

Also:
- adds a binding for signaling a trust reload through fapolicyd pipe
- sets the fc 38 rpm images explicitly, not using rawhide tag
- adds header-check target to makefile

Closes #642
@jw3 jw3 mentioned this pull request Dec 8, 2022
Closed
This was referenced Dec 19, 2023
Closed
Merged
jw3 added a commit that referenced this pull request Dec 19, 2023
@jw3
Update fapolicyd pipe commands (#966)
5999330 
Expands the fapolicyd fifo pipe signaling machinery to include cache
flush and rule reload.

This also fixes a bug from #672 where the trust reload was not including
a new line character.

This supports work that will take place for #877 to integrate the rule
reload with the profiler execution.

Closes #964
jw3 added a commit to jw3/fapolicy-analyzer that referenced this pull request Dec 27, 2023
@jw3
Update fapolicyd pipe commands (ctc-oss#966)
7bc359f 
Expands the fapolicyd fifo pipe signaling machinery to include cache
flush and rule reload.

This also fixes a bug from ctc-oss#672 where the trust reload was not including
a new line character.

This supports work that will take place for ctc-oss#877 to integrate the rule
reload with the profiler execution.

Closes ctc-oss#964
@jw3 jw3 mentioned this pull request Dec 27, 2023
Merged
jw3 added a commit that referenced this pull request Dec 29, 2023
@jw3
Update el8 to 1.2.2 (#970)
f11226c 
First release of forked el8

This commit rolls up changes from master which are listed below.

There are also some additional changes to support the el8 build.

- Release v1.2.2 (#969)

- Try harder to create rules backup (#967)

Add a fallback for when a rename does not succeed.

In the case where tempdir is on a different filesystem the
`std::fs::rename` call will fail.

```
This function will return an error in the following situations, but is not limited to just these cases:

  - from does not exist.
  - The user lacks permissions to view contents.
  - from and to are on separate filesystems.
```

https://doc.rust-lang.org/std/fs/fn.rename.html

This commit updates the logic to fallback to a copy and delete.

Closes #965

- Update fapolicyd pipe commands (#966)

Expands the fapolicyd fifo pipe signaling machinery to include cache
flush and rule reload.

This also fixes a bug from #672 where the trust reload was not including
a new line character.

This supports work that will take place for #877 to integrate the rule
reload with the profiler execution.

Closes #964

- Handle escapes in syslog entries (#959)

Adds tests to ensure escapes in syslog entries are being parsed properly

Closes #781

- Vendor updates (#957)

Updates crate vendoring to be sourced only from Fedora packages

Closes #958

- Build with Mock (#955)

Uses Fedora Mock to build RPMs in a clean chroot environment.

This commit modifies the GitHub CI RPM build by replacing the direct use
of rpmbuild with Fedora Mock through a Podman container.

This approach aligns our CI with the same approach used in Copr and
Koji. Mock is also recommended as an upstream best practice, and is
required for consistent behavior after the move to use
`%cargo_generate_buildrequires`.

Closes #952

- All arch support (#953)

Fixes an issue building auparse bindings for i686 and removes all
excluded arches from spec

An updated Rust ring crate made it possible to build on s390 and power64
arches. That update was present in #905 but was not enabled in the spec
until now.

Closes #947
Closes #948

- Update packaging for latest Rust and Legal guidelines (#951)

A couple of updates brought over from the rpm repo.

Update Rust build dependencies to use `%cargo_generate_buildrequires` to
generate, rather than explicitly listing dependencies. Projects with
subcrates were not originally supported but have been now for a while.

Update the license listing to include Rust statically linked licenses.

See https://src.fedoraproject.org/rpms/fapolicy-analyzer/pull-request/16

Closes #949
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
backend enhancement New feature or request trust
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Backend trust.d support
1 participant
@jw3