add kbs settings patch file

.gitlab-ci.yml

@@ -18,11 +18,15 @@ build:
           - arm-unknown-linux-gnueabihf
           - armv7-unknown-linux-gnueabihf
           - x86_64-unknown-linux-gnu
+          - x86_64-unknown-linux-musl
 
-build x86_64-apple-darwin:
+build darwin:
   stage: build
   tags: [darwin-builder]
   script:
     - ./build.sh
-  variables:
-    TARGET: x86_64-apple-darwin
+  parallel:
+    matrix:
+      - TARGET:
+        - x86_64-apple-darwin
+        - aarch64-apple-darwin

build.sh

@@ -5,6 +5,7 @@ cd libsignal-service-java
 git config user.email nobody@signald.org
 git config user.name signald
 git am ../libsignal-service-java.patch
+git am ../update-kbs-settings.patch
 python3 ../update-verification-metadata.py
 git diff --color=always
 gradle assemble publish || (gradle --write-verification-metadata sha256 && git diff --color=always && exit 1)

hashes.json

@@ -1,26 +1,34 @@
 {
     "aarch64-unknown-linux-gnu": {
-        "jar": "0655a334d0cb9281536578c374d1a370c6153164fbba3719320e6a731b4db00e",
-        "module": "608bdadffc100797831e87d71e1e050e61e042db9032acca53f6357491c0ab2d"
+        "jar": "802529c1472f7e621cca496c918d7bfec08314572f10e168b0d20b15a5b8101a",
+        "module": "48e315037d2d9af6c7cf7b811d9a81d81b1eff13cbb1837b7638a3803b68f303"
     },
     "arm-unknown-linux-gnueabi": {
-        "jar": "045603c735f6856eef7184c3480e3d9be6d513dc547a6583b014e74646da6826",
-        "module": "77e4f0f516577de0511f9b631b21820538d10cad0fef87f8918df4122c8ba73b"
+        "jar": "8ef66fe1ae28fe7b2918292824ef33a41a3432c3a981cfa55665106c89348327",
+        "module": "7c988dfb2fca57ff0aabd7bd88ebfa5658be8722adb0831a5140aed3d1529097"
     },
     "arm-unknown-linux-gnueabihf": {
-        "jar": "5cd241208f489ba051d7e215abe5a32e31daf3b067ead5845b9b5640c61629ad",
-        "module": "6d3b60d27fe87d9b3c7738c0df873967f205bf01839ce2f79cfcbcb1638851db"
+        "jar": "446a796b0a2a062c65d9d5cb75a3fd4aadc03ab321b52c39a5bfe1e6f9dc9891",
+        "module": "30e6a82cc6d2b01b57b758d8352c9d90926f31becfe6218c43d2614a309c9cbc"
     },
     "armv7-unknown-linux-gnueabihf": {
-        "jar": "0d26c8aa61baedff7cb3a487493469b9b1858f4e2e8c4836994deb566c1c8244",
-        "module": "b5753c4c91f36eb0495c3e9505d9826a776f3697523b0e9e81544d30904b5a37"
+        "jar": "3e896a52cf5816387094137403c112353de93f4b7591bcfc5965e89ef3777c5b",
+        "module": "39be083718c6b8afe94e2ccff63c918ea1255292881afbb60b12236cd4b70dc6"
     },
     "x86_64-unknown-linux-gnu": {
-        "jar": "3a2516fcc468f462790648df25061386e2b3b9530f60aeed2b49b3bd0e9f8412",
-        "module": "98d297a13d9ac675d42982c864c2ad13d5574a97fe3afc5b8c75abaf61740189"
+        "jar": "b38295eb11df91939b872f49eb8b55b2faf7933da92202b95d82320f4cdcb644",
+        "module": "1b739335cde181864882481f5feca8fca3f7baa439f79c36ac596a781e6d4477"
     },
     "x86_64-apple-darwin": {
-        "jar": "690745c6d40bbddbe1632c52942746428eafa6fdc02423f7c3d1d7ced5267777",
-        "module": "a596556990b0d0bad2da402cf2c6f0196ebd7f86e18477d6564c8b848be4ea93"
+        "jar": "949a72b14d81389a30e330db3162f822a475d0f19087590f334639acdb01b4eb",
+        "module": "7de5da969225585d36d68ba7a87c80d33886e36a04dea9d78ef8c2df9f6a3bf2"
+    },
+    "aarch64-apple-darwin": {
+        "jar": "e7f405b1c521054bbea8ec0ff87c54527f17e8c914079d7805c4def3589e8af1",
+        "module": "3c153a7e01ae317280981e387d3fd002b7106ce65653be1b6e4216a4f4d9d314"
+    },
+    "x86_64-unknown-linux-musl": {
+        "jar": "9a46edb376089b6284cbc76c4e6bc21fa91f8ee7e3daf221d704243cfe0c16cf",
+        "module": "a35abf78dc674557ddc7da348d5eb2d015b4e843d5402df95922ba2780b36169"
     }
 }

libsignal-service-java.patch

@@ -1,4 +1,4 @@
-From b58a6a7defbc7fa876bb980ee45c5cbbe49ed40e Mon Sep 17 00:00:00 2001
+From c51057ae26118490176af0b2421f8fa62d926c00 Mon Sep 17 00:00:00 2001
 From: signald <nobody@signald.org>
 Date: Thu, 16 Jun 2022 13:04:00 -0700
 Subject: [PATCH] update build files and provide a way for the websocket
@@ -10,13 +10,13 @@ Subject: [PATCH] update build files and provide a way for the websocket
  gradle/verification-metadata.xml              | 13 ++++++++-----
  service/build.gradle                          | 19 +++++++++----------
  .../signalservice/api/NotSavedException.java  |  4 ++++
- .../signalservice/api/SignalWebSocket.java    | 16 ++++++++++++----
+ .../signalservice/api/SignalWebSocket.java    | 13 ++++++++++---
  settings.gradle                               |  1 -
- 7 files changed, 37 insertions(+), 36 deletions(-)
+ 7 files changed, 35 insertions(+), 35 deletions(-)
  create mode 100644 service/src/main/java/org/whispersystems/signalservice/api/NotSavedException.java
 
 diff --git a/build.gradle b/build.gradle
-index 2498bfcb..965084e6 100644
+index 2498bfcb..81f7038d 100644
 --- a/build.gradle
 +++ b/build.gradle
 @@ -9,11 +9,8 @@ buildscript {
@@ -48,7 +48,7 @@ index 2498bfcb..965084e6 100644
  subprojects {
 -    ext.lib_signal_service_version_number = "2.15.3_unofficial_50"
 -    ext.lib_signal_service_group_info     = "com.github.turasa"
-+    ext.lib_signal_service_version_number = "2.15.3_unofficial_50_signald_1"
++    ext.lib_signal_service_version_number = "2.15.3_unofficial_50_signald_2"
 +    ext.lib_signal_service_group_info     = "org.signald"
  
      if (JavaVersion.current().isJava8Compatible()) {
@@ -155,16 +155,10 @@ index 00000000..05d77d1f
 +public class NotSavedException extends Exception {
 +}
 diff --git a/service/src/main/java/org/whispersystems/signalservice/api/SignalWebSocket.java b/service/src/main/java/org/whispersystems/signalservice/api/SignalWebSocket.java
-index 5a98f3c4..6ae9d72e 100644
+index 5a98f3c4..dff24940 100644
 --- a/service/src/main/java/org/whispersystems/signalservice/api/SignalWebSocket.java
 +++ b/service/src/main/java/org/whispersystems/signalservice/api/SignalWebSocket.java
-@@ -238,11 +238,12 @@ public final class SignalWebSocket {
-    */
-   @SuppressWarnings("DuplicateThrows")
-   public Optional<SignalServiceEnvelope> readOrEmpty(long timeout, MessageReceivedCallback callback)
--      throws TimeoutException, WebSocketUnavailableException, IOException
-+      throws TimeoutException, WebSocketUnavailableException, IOException, NotSavedException
-   {
+@@ -243,6 +243,7 @@ public final class SignalWebSocket {
      while (true) {
        WebSocketRequestMessage  request  = getWebSocket().readRequest(timeout);
        WebSocketResponseMessage response = createWebSocketResponse(request);
@@ -172,7 +166,7 @@ index 5a98f3c4..6ae9d72e 100644
        try {
          if (isSignalServiceEnvelope(request)) {
            Optional<String> timestampHeader = findHeader(request);
-@@ -258,13 +259,20 @@ public final class SignalWebSocket {
+@@ -258,13 +259,19 @@ public final class SignalWebSocket {
  
            SignalServiceEnvelope envelope = new SignalServiceEnvelope(request.getBody().toByteArray(), timestamp);
  
@@ -181,7 +175,6 @@ index 5a98f3c4..6ae9d72e 100644
 +            callback.onMessage(envelope);
 +          } catch (NotSavedException e) {
 +            sendResponse = false;
-+            throw e;
 +          }
            return Optional.of(envelope);
          } else if (isSocketEmptyRequest(request)) {
@@ -195,7 +188,7 @@ index 5a98f3c4..6ae9d72e 100644
        }
      }
    }
-@@ -315,6 +323,6 @@ public final class SignalWebSocket {
+@@ -315,6 +322,6 @@ public final class SignalWebSocket {
     * received.
     */
    public interface MessageReceivedCallback {

update-hashes.py

@@ -10,7 +10,9 @@ TARGETS = [
     "arm-unknown-linux-gnueabihf",
     "armv7-unknown-linux-gnueabihf",
     "x86_64-unknown-linux-gnu",
-    "x86_64-apple-darwin"
+    "x86_64-apple-darwin",
+    "x86_64-unknown-linux-musl",
+    "aarch64-apple-darwin"
 ]
 
 urlFormat = "https://gitlab.com/api/v4/groups/6853927/-/packages/maven/org/signald/libsignal-client-{target}/{version}/libsignal-client-{target}-{version}.{ext}"

update-kbs-settings.patch

@@ -0,0 +1,38 @@
+From d432b9234521947d7bb07434f69a30b407700f5c Mon Sep 17 00:00:00 2001
+From: Greyson Parrelli <greyson@signal.org>
+Date: Thu, 20 Oct 2022 13:12:27 -0400
+Subject: [PATCH 2/2] [Signal-Android] Updated KBS settings.
+ 9941ffe79c2508eb9b1f1fa78b47b84c465d1199
+
+---
+ .../internal/contacts/crypto/RemoteAttestationCipher.java  | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/service/src/main/java/org/whispersystems/signalservice/internal/contacts/crypto/RemoteAttestationCipher.java b/service/src/main/java/org/whispersystems/signalservice/internal/contacts/crypto/RemoteAttestationCipher.java
+index 05073edf..32e86c70 100644
+--- a/service/src/main/java/org/whispersystems/signalservice/internal/contacts/crypto/RemoteAttestationCipher.java
++++ b/service/src/main/java/org/whispersystems/signalservice/internal/contacts/crypto/RemoteAttestationCipher.java
+@@ -24,6 +24,11 @@ import java.util.Set;
+ 
+ public final class RemoteAttestationCipher {
+ 
++  private static final Set<String> ALLOWED_ADVISORIES = new HashSet<String>() {{
++    add("INTEL-SA-00334");
++    add("INTEL-SA-00615");
++  }};
++
+   private RemoteAttestationCipher() {
+   }
+ 
+@@ -100,7 +105,7 @@ public final class RemoteAttestationCipher {
+     if ("OK".equals(entity.getIsvEnclaveQuoteStatus())) {
+       return true;
+     } else if ("SW_HARDENING_NEEDED".equals(entity.getIsvEnclaveQuoteStatus())) {
+-      return entity.getAdvisoryIds().length == 1 && "INTEL-SA-00334".equals(entity.getAdvisoryIds()[0]);
++      return Arrays.stream(entity.getAdvisoryIds()).allMatch(ALLOWED_ADVISORIES::contains);
+     } else {
+       return false;
+     }
+-- 
+2.30.2
+