#
# spec file for package ktls-utils
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


Name:           ktls-utils
Version:        0.10+33.g311d943
Release:        2.2
Summary:        Agent for performing handshakes for kernel TLS sockets
License:        GPL-2.0-only
Group:          System/Kernel
URL:            https://github.com/oracle/ktls-utils
Source:         ktls-utils-%{version}.tar
BuildRequires:  autoconf
BuildRequires:  libtool
BuildRequires:  pkgconfig(glib-2.0) >= 2.6
BuildRequires:  pkgconfig(gnutls) >= 3.3.0
BuildRequires:  pkgconfig(libkeyutils)
BuildRequires:  pkgconfig(libnl-3.0) >= 3.1
BuildRequires:  pkgconfig(systemd)

%description
In-kernel TLS consumers need a mechanism to perform TLS handshakes on a
connected socket to negotiate TLS session parameters that can then be
programmed into the kernel's TLS record protocol engine.

This package of software provides a TLS handshake user agent that listens for
kernel requests and then materializes a user space socket endpoint on which to
perform these handshakes. The resulting negotiated session parameters are
passed back to the kernel via standard kTLS socket options.

%prep
%setup -q -n ktls-utils-%{version}

%build
./autogen.sh
%{configure} --with-systemd
%{make_build} CFLAGS="%{optflags}"

%install
%{make_install}

%pre
%service_add_pre tlshd.service

%post
%service_add_post tlshd.service

%preun
%service_del_preun tlshd.service

%postun
%service_del_postun tlshd.service

%files
%doc README.md
%license LICENSE.txt
%{_sbindir}/tlshd
%{_unitdir}/tlshd.service
%config(noreplace) %{_sysconfdir}/tlshd.conf
%{_mandir}/man8/tlshd.8*
%{_mandir}/man5/tlshd.conf.5*

%changelog
* Fri Dec  6 2024 Daniel Wagner <daniel.wagner@suse.com>
- Update to version 0.10+33.g311d943:
  * tlshd: always link .nvme default keyring into the session (bsc#1229034)
  * tlshd: Ensure libnl-genl3 is available
  * tlshd: receive new session ticket msg after completing quic handshake
  * tlshd: use quic_config to get parameters for quic handshake
  * tlshd: clean up some unnecessary code in quic handshake
  * tlshd: improve error logging for tlshd_server_psk_cb()
  * tlshd: guard against possible overrun of tlshd_peername
  * tlshd: fix optlen passed to getsockopt()
  * tlshd: free pathname before it goes out of scope
  * tlshd: add support for quic handshake
  * tlshd: include socket ip_proto in tlshd_handshake_parms
  * tlshd: Refactor tlshd_service_socket()
  * config: supply meaningful error for non-existing pathnames
  * tlshd: Fix implicit signedness conversion
  * tlshd: Fix memory leaks
* Thu Mar 21 2024 Martin Wilck <mwilck@suse.com>
- Update to version 0.10+12.gc3923f7:
  * Rework priority string setting for PSK (bsc#1221437)
  * config: use 'authenticate' as a section name
  * server: add missing priority setting (gh#oracle/ktls-utils#49)
* Tue Mar  5 2024 Martin Wilck <mwilck@suse.com>
- Update to upstream version 0.10+9.gf28f084:
  * ktls: restrict hash functions to supported sizes (bsc#1218037)
  * tlshd: Add support for chained certs
* Tue Feb 20 2024 Martin Wilck <mwilck@suse.com>
- Update to upstream version 0.10:
  * All previously SUSE_specific patches included
  * tlshd: Reorganize tlshd.conf
  - get rid of [main]
  - add [debug] and move the debug-related options there
  - move the "keyrings" option to [authenticate]
  * tlshd: add 'delay' configuration parameter
  * tlshd: Add .conf option to specify trust store
  * Bug fixes and cleanups
* Wed Jan 17 2024 Martin Wilck <mwilck@suse.com>
- Spec file:
  * fix summary and license
  * use pkgconfig for BuildRequires
  * remove superfluous PreReq dependencies
  * use %%config(noreplace) for the config file (because it may
    contain paths to key files)
  * remove BuildRoot
  * simplify build section
* Tue Jan  9 2024 Martin Wilck <mwilck@suse.com>
- Update to version 0.9+4.g01b3018 (jsc#PED-7559)
  * _service: move to openSUSE git repository
- Patches now in git, remove them from spec file:
  * del 0001-netlink-de-constify-nla_policy
  * del 0001-tlshd-Allow-for-compilation-with-older-libnl-librari.patch
  * del 0002-tlshd-Check-for-gnutls_get_system_config_file.patch
  * del 0003-tlshd-add-delay-configuration-parameter.patch
* Wed Aug 16 2023 Hannes Reinecke <hare@suse.de>
- Reshuffle patches to match upstream submission:
  * Remove 0001-netlink-de-constify-nla_policy
  * Add 0001-tlshd-Allow-for-compilation-with-older-libnl-librari.patch
  * Remove 0001-Check-for-gnutls_get_system_config_file.patch
  * Add 0002-tlshd-Check-for-gnutls_get_system_config_file.patch
  * Remove 0001-Add-tlshd_delay-configuration-option.patch
  * Add 0003-tlshd-add-delay-configuration-parameter.patch
* Wed Aug 16 2023 Hannes Reinecke <hare@suse.de>
- Add patch to exercise handshake timeout
  * 0001-Add-tlshd_delay-configuration-option.patch
- Add patch to allow compilation on older releases
  * 0001-Check-for-gnutls_get_system_config_file.patch
* Sat Jul  1 2023 Hannes Reinecke <hare@suse.de>
- Add patch for older libnl versions
  + 0001-netlink-de-constify-nla_policy.patch
- Fix build error on 32-bit
  + 0001-tlshd-fix-max-config-file-size-comparison.patch
* Fri Jun 30 2023 Hannes Reinecke <hare@suse.de>
- Initial package, version 0.9