rust-keylime
rust-keylime copied to clipboard
keylime
Publish agent on crates.io
I looked into packaging the rust agent for Debian and it makes it a lot easier if the agent is published on crates.io.
@lkatalin @ansasaki @ueno does anyone of you have the permission to create an account and publish to it?
Just a reminder: that would require renaming of the source package in Fedora (currently it is keylime-agent-rust, then it will need to be rust-keylime) and we might have to go through the review process again.
in openSUSE[1] the package is also named "rust-keylime", but the container image was also renamed to "keylime-agent"
[1] https://build.opensuse.org/package/view_file/openSUSE:Factory/rust-keylime/rust-keylime.spec?expand=1 [2] https://build.opensuse.org/package/view_file/openSUSE:Factory/rust-keylime-image/Dockerfile?expand=1
IMO, publishing the crate with the current state seems like more trouble than it's worth: nobody other than downstream packaging would use it through the tooling around crates.io. I would suggest first refactoring the crate into a reusable library crate and the application crates; that way, it would make more sense to have it on crates.io (e.g., allowing alternative agent implementation), while it would give us an opportunity to polish the library interface. I've created #481 as an initial attempt.
@toabctl Thank you for the reminder. I haven't had time to work on that lately, but apparently the plan was to polish the library crate (keylime) by porting reusable functions from the application crates (keylime_agent and keylime_ima_emulator), before publishing those on crates.io (so we can maintain semver easily). Currently, only a few facilities have been ported and the suggested strategy was to port from low-level to high-level (https://github.com/keylime/meetings/issues/58#issuecomment-1351237079).
That said, I wouldn't block on that, if there is any important use-case of published crates.