Update systemd unit file with new hierarchy

Signed-off-by: Hugues de Valon <[email protected]>

Author: hug-dev

Cargo.toml

@@ -52,7 +52,6 @@ features = ["pkcs11-provider", "tpm-provider", "tss-esapi/docs", "mbed-crypto-pr
 
 [features]
 default = []
-no-parsec-user-and-clients-group = []
 mbed-crypto-provider = ["psa-crypto"]
 pkcs11-provider = ["pkcs11", "picky-asn1-der", "picky-asn1", "picky-asn1-x509", "psa-crypto", "rand"]
 tpm-provider = ["tss-esapi", "picky-asn1-der", "picky-asn1", "picky-asn1-x509", "hex"]

ci.sh

@@ -67,10 +67,10 @@ while [ "$#" -gt 0 ]; do
             PROVIDER_NAME=$1
             cp $(pwd)/e2e_tests/provider_cfg/$1/config.toml $CONFIG_PATH
             if [ "$PROVIDER_NAME" = "all" ]; then
-                FEATURES="--features=all-providers,no-parsec-user-and-clients-group"
+                FEATURES="--features=all-providers"
                 TEST_FEATURES="--features=all-providers"
             else
-                FEATURES="--features=$1-provider,no-parsec-user-and-clients-group"
+                FEATURES="--features=$1-provider"
                 TEST_FEATURES="--features=$1-provider"
             fi
         ;;

config.toml

@@ -44,6 +44,12 @@ listener_type = "DomainSocket"
 # timeout expires, the connection is dropped.
 timeout = 200 # in milliseconds
 
+# Specify the Unix Domain Socket path. The path is fixed and should always be the default one for
+# clients to connect. However, it is useful to change it for tests.
+# WARNING: If a file already exists at that path, the service will remove it before creating the
+# socket file.
+#socket_path = "/run/parsec/parsec.sock"
+
 # (Required) Configuration for the components managing key info for providers.
 # Defined as an array of tables: https://github.com/toml-lang/toml#user-content-array-of-tables
 [[key_manager]]
@@ -54,7 +60,7 @@ name = "on-disk-manager"
 manager_type = "OnDisk"
 
 # Path to the location where the mapping will be persisted (in this case, the filesystem path)
-#store_path = "./mappings"
+#store_path = "/var/lib/parsec/mappings"
 
 # (Required) Provider configurations.
 # Defined as an array of tables: https://github.com/toml-lang/toml#user-content-array-of-tables

e2e_tests/Cargo.toml

@@ -18,6 +18,10 @@ parsec-client = { version = "0.9.0", features = ["testing"] }
 log = "0.4.11"
 rand = "0.7.3"
 
+[patch.crates-io]
+# Just to make the CI pass, update with the newest version
+parsec-client = { git = 'https://github.com/hug-dev/parsec-client-rust', branch = 'new-socket-path' }
+
 [dev-dependencies]
 ring = "0.16.15"
 env_logger = "0.7.1"

e2e_tests/provider_cfg/all/config.toml

@@ -10,10 +10,12 @@ allow_root = true
 [listener]
 listener_type = "DomainSocket"
 timeout = 200 # in milliseconds
+socket_path = "/tmp/parsec.sock"
 
 [[key_manager]]
 name = "on-disk-manager"
 manager_type = "OnDisk"
+store_path = "./mappings"
 
 [[provider]]
 provider_type = "MbedCrypto"

e2e_tests/provider_cfg/mbed-crypto/config.toml

@@ -12,10 +12,12 @@ listener_type = "DomainSocket"
 # The timeout needs to be smaller than the test client timeout (five seconds) as it is testing
 # that the service does not hang for very big values of body or authentication length.
 timeout = 3000 # in milliseconds
+socket_path = "/tmp/parsec.sock"
 
 [[key_manager]]
 name = "on-disk-manager"
 manager_type = "OnDisk"
+store_path = "./mappings"
 
 [[provider]]
 provider_type = "MbedCrypto"

e2e_tests/provider_cfg/pkcs11/config.toml

@@ -12,10 +12,12 @@ listener_type = "DomainSocket"
 # The timeout needs to be smaller than the test client timeout (five seconds) as it is testing
 # that the service does not hang for very big values of body or authentication length.
 timeout = 3000 # in milliseconds
+socket_path = "/tmp/parsec.sock"
 
 [[key_manager]]
 name = "on-disk-manager"
 manager_type = "OnDisk"
+store_path = "./mappings"
 
 [[provider]]
 provider_type = "Pkcs11"

e2e_tests/provider_cfg/tpm/config.toml

@@ -12,10 +12,12 @@ listener_type = "DomainSocket"
 # The timeout needs to be smaller than the test client timeout (five seconds) as it is testing
 # that the service does not hang for very big values of body or authentication length.
 timeout = 3000 # in milliseconds
+socket_path = "/tmp/parsec.sock"
 
 [[key_manager]]
 name = "on-disk-manager"
 manager_type = "OnDisk"
+store_path = "./mappings"
 
 [[provider]]
 provider_type = "Tpm"

e2e_tests/src/lib.rs

@@ -22,11 +22,15 @@ use parsec_client::core::interface::operations::psa_key_attributes::{
     Attributes, EccFamily, Lifetime, Policy, Type, UsageFlags,
 };
 use parsec_client::core::interface::requests::{Opcode, ProviderID, ResponseStatus, Result};
+use parsec_client::core::ipc_handler::unix_socket;
 use parsec_client::core::secrecy::{ExposeSecret, Secret};
 use parsec_client::error::Error;
 use std::collections::HashSet;
 use std::time::Duration;
 
+const TEST_SOCKET_PATH: &str = "/tmp/parsec.sock";
+const TEST_TIMEOUT: Duration = Duration::from_secs(1);
+
 /// Client structure automatically choosing a provider and high-level operation functions.
 #[derive(Debug)]
 pub struct TestClient {
@@ -58,6 +62,9 @@ impl TestClient {
             created_keys: Some(HashSet::new()),
         };
 
+        let ipc_handler = unix_socket::Handler::new(TEST_SOCKET_PATH.into(), Some(TEST_TIMEOUT));
+        client.basic_client.set_ipc_handler(Box::from(ipc_handler));
+
         let crypto_provider = client.find_crypto_provider();
         client.set_provider(crypto_provider);
         client

e2e_tests/src/raw_request.rs

@@ -13,7 +13,7 @@ const MAX_BODY_SIZE: usize = 1 << 31;
 #[derive(Copy, Clone, Debug)]
 pub struct RawRequestClient;
 
-static SOCKET_PATH: &str = "/run/parsec/parsec.sock";
+static SOCKET_PATH: &str = "/tmp/parsec.sock";
 const TIMEOUT: Duration = Duration::from_secs(5);
 
 #[allow(clippy::new_without_default)]