Parsec service 1.1.0 release

[mohamedasaker-arm]

As we approach the next release of Parsec following an established process, Parsec will be released with v1.1.0, and we are aiming for Mid September.

Use this thread for discussions about the 1.1.0 release of the Parsec service, including:

• the planned content is due to be released (see the associated milestone)
• the timeline of the release
• the status of the work feeding into the release

Date of the Code Freeze: 7th September 2022 - TBD

Stages:

• Prior Code freeze
  • Review PRs across Parsec repos 
  • Merge PRs got approved
  • Check the milestone list
• During code freeze
  • Issue release candidate tag 1.1.0-rc1
  • Pull in the latest git dependencies in the crates to ensure the latest release would work.
  • Publish new versions of all managed crates. See this guide.
  • Check common dependency crates versions between the services and parsec-tool
  • Execute the normal e2e tests on real hardware:
    • Nitrokey HSM
    • Raspberry Pi with TPM
    • Trusted Services on a supported board
  • Execute fuzz testing for some time
  • Ask the Linux distributions packagers to try the tagged version
  • Ask the Parsec Yocto maintainers to try the tagged version
  •  Ask any interested people to try the tagged version
  • Review the book and make sure all pages are up-to-date. In particular, make sure the Threat Model is up to date.
  • Make sure all the markdown pages (like the README) look good.
  • Make sure the rustdoc pages (on docs.rs) are looking good (before and after the release).
  • If any bugs are reported, we fix bugs and then issue another release candidate, 1.1.0-rcx
  • When All reported issues are addressed, make a GitHub release out of the last tag, which includes its changelog, and ask maintainers to release this version of Parsec.
• Release
  • Push the release tag 1.1.0 
  • Publish the new quickstart bundle and update the quickstart guide with it
• Post-release
  • Close issues fixed in the release and the past milestone
  • Make a new issue milestone for the next release
  • Update the Roadmap
  • Update the Parsec Release Process with what we learnt.
  • If any bugs are reported, make new MINOR or PATCH tags (that would be 1.1.x  for this release)
  • Update the Parsec Tool demo
  • Profit 🥂

[gowthamsk-arm]

Hi All.

As part of the v1.1.0 parsec release, I am working on fixing the security issues that are reported via the cargo audit command. Currently, there is one issue related to Spiffe version that we are using. This can be found here. In order to fix it, I had to update the spiffe version to 0.2.1 from 0.2.0 and since it had dependencies with zeroize, I had to update psa-crypto to 0.9.2. The changes can be found here.

In the CI checks that we currently have, we make sure that we can compile the service with +1.53.0 as this is the rust version that is supported in OpenSUSE Leap 15.3. Rest of the distributions use higher versions.
This check is currently failing on my spiffe changes as hashbrown v0.12.3 crate cannot be compiled with 1.53.0 rust. Link to the CI failure is here.

The latest versions of rust used in the OpenSUSE distributions that we support are:
1.63 on openSUSE Tumbleweed (the rolling release) https://build.opensuse.org/package/view_file/openSUSE:Factory:ARM/rust/rust.spec?expand=1
1.62 on openSUSE Leap 15.4 (latest Leap release) https://build.opensuse.org/package/view_file/openSUSE:Leap:15.4/rust/rust.spec?expand=1
1.53 on openSUSE Leap 15.3 (which is EOL at the end of 2022) https://build.opensuse.org/package/view_file/openSUSE:Leap:15.3/rust/rust.spec?expand=1

Should we still support Leap 15.3? Any suggestions on this, please?

[mohamedasaker-arm]

Thanks Gowtham and Ionut, for resolving this issue (see here)

[mohamedasaker-arm]

Hey all,
I've pushed 1.1.0-rc1, and the code freeze has started.
Let's start testing 🤯

[mohamedasaker-arm]

Done!

• Pull in the latest git dependencies in the crates to ensure the latest release would work.
  This was not valid for cryptoki and tss-esapi so stick with the latest released crate (with no breaking changes)
• Publish new versions of all managed crates. See this guide.
  - parsec-interface = "0.27.0" is released
  - parsec-client = "0.14.1" is released
  - parsec-tool = "0.5.3" is released
  - psa-crypto = "0.9.2" is released
  Note that cryptoki is also released, but the new release isn't used/part of this parsec-service release.
• Check common dependency crates versions between the services and parsec-tool
  Multiple tools I used to check dependencies between multiple rust projects as an example
  - rust_dependency_version_checking
  - Using a local script to compare the different cargo tree
  tools helped reach common dependency crates.

Tagged RC2 (1.1.0-rc2)

[mohamedasaker-arm]

Updates:
Thanks to @gowthamsk-arm for executing the Fuzz testing for some time and reports no issue

• Execute fuzz testing for some time

Also, Thanks for creating PR to update the book with the release version after reviewing and checking what needs to be updated.
by this, we can mark this item

• Review the book and make sure all pages are up-to-date. In particular, make sure the Threat Model is up to date.

Thanks to @anta5010 for trying out the release candidate in meta-parsec yocto layer and reporting no issues for the parsec service.
However, an issue appeared in parsec-tool; more details here

• Ask the Parsec Yocto maintainers to try the tagged version

[mohamedasaker-arm]

1.1.0-rc2 is successfully packaged in fedora here 🚀 🔥

• Ask the Linux distributions packagers to try the tagged version

[mohamedasaker-arm]

Release is out 👯 🕺🏼 🎉