rpms/clevis
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Auto sync2gitlab import of clevis-15-11.el8.src.rpm

Browse Source
This commit is contained in:
CentOS Sources 2022-08-06 10:10:57 +00:00
parent 79c181529b
commit 53509312c6
3 changed files with 95 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
0010-avoid-clevis-invalid-msg.patch Normal file
View File

@ -0,0 +1,24 @@
--- clevis-15.ori/src/clevis 2020-10-28 19:55:47.663228800 +0100
+++ clevis-15/src/clevis 2022-06-22 11:06:27.061230653 +0200
@@ -27,6 +27,7 @@
}
cmd=clevis
+input_commands="$cmd $@"
while [ $# -gt 0 ]; do
[[ "$1" =~ ^- ]] && break
cmd="$cmd-$1"
@@ -36,8 +37,11 @@
done
exec >&2
-echo
-echo "Command '$cmd' is invalid"
+if [ "$cmd" != "clevis" ];
+then
+ echo
+ echo "Command '$input_commands' is invalid"
+fi
echo
echo "Usage: clevis COMMAND [OPTIONS]"
echo

53
0011-Improve-boot-performance-by-removing-key-check.patch Normal file
View File

@ -0,0 +1,53 @@
From 51ae4f94a4955d9f06955ccd5a8b396b01c80d48 Mon Sep 17 00:00:00 2001
From: Sergio Arroutbi <sarroutb@redhat.com>
Date: Tue, 2 Aug 2022 11:07:00 -0300
Subject: [PATCH] Improve boot performance by removing key check
---
src/luks/clevis-luks-common-functions | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/luks/clevis-luks-common-functions b/src/luks/clevis-luks-common-functions
index 038cc37..950f217 100644
--- a/src/luks/clevis-luks-common-functions
+++ b/src/luks/clevis-luks-common-functions
@@ -328,6 +328,7 @@ clevis_luks_check_valid_key_or_keyfile() {
clevis_luks_unlock_device_by_slot() {
local DEV="${1}"
local SLT="${2}"
+ local SKIP_CHECK="${3}"
[ -z "${DEV}" ] && return 1
[ -z "${SLT}" ] && return 1
@@ -343,7 +344,9 @@ clevis_luks_unlock_device_by_slot() {
return 1
fi
- clevis_luks_check_valid_key_or_keyfile "${DEV}" "${passphrase}" || return 1
+ if [ -z "${SKIP_CHECK}" ]; then
+ clevis_luks_check_valid_key_or_keyfile "${DEV}" "${passphrase}" || return 1
+ fi
printf '%s' "${passphrase}"
}
@@ -351,6 +354,8 @@ clevis_luks_unlock_device_by_slot() {
# parameter and returns the decoded passphrase.
clevis_luks_unlock_device() {
local DEV="${1}"
+ local SKIP_CHECK="YES"
+
[ -z "${DEV}" ] && return 1
local used_slots
@@ -361,7 +366,7 @@ clevis_luks_unlock_device() {
local slt pt
for slt in ${used_slots}; do
- if ! pt=$(clevis_luks_unlock_device_by_slot "${DEV}" "${slt}") \
+ if ! pt=$(clevis_luks_unlock_device_by_slot "${DEV}" "${slt}" "${SKIP_CHECK}") \
|| [ -z "${pt}" ]; then
continue
fi
--
2.35.1

29
clevis.spec
View File

@ -2,7 +2,7 @@
Name: clevis Name: clevis
Version: 15 Version: 15
Release: 8%{?dist} Release: 11%{?dist}
Summary: Automated decryption framework Summary: Automated decryption framework
License: GPLv3+ License: GPLv3+
@ -18,6 +18,8 @@ Patch0006: 0006-luks-enable-debugging-in-clevis-scripts-when-rd.debu.patch
Patch0007: 0007-luks-explicitly-specify-pbkdf-iterations-to-cryptset.patch Patch0007: 0007-luks-explicitly-specify-pbkdf-iterations-to-cryptset.patch
Patch0008: 0008-tang-dump-url-on-error-communication.patch Patch0008: 0008-tang-dump-url-on-error-communication.patch
Patch0009: 0009-feat-rename-the-test-pin-to-null-pin.patch Patch0009: 0009-feat-rename-the-test-pin-to-null-pin.patch
Patch0010: 0010-avoid-clevis-invalid-msg.patch
Patch0011: 0011-Improve-boot-performance-by-removing-key-check.patch
BuildRequires: git BuildRequires: git
BuildRequires: gcc BuildRequires: gcc
@ -53,6 +55,7 @@ Requires: jose >= 8
Requires: curl Requires: curl
Requires: jq Requires: jq
Requires(pre): shadow-utils Requires(pre): shadow-utils
Requires(post): systemd
%description %description
Clevis is a framework for automated decryption. It allows you to encrypt Clevis is a framework for automated decryption. It allows you to encrypt
@ -138,16 +141,8 @@ if getent group tss >/dev/null && ! groups %{name} | grep -q "\btss\b"; then
fi fi
exit 0 exit 0
%posttrans %post systemd
# In case clevis-luks-askpass is enabled, make sure it's using the systemctl preset %{name}-luks-askpass.path >/dev/null 2>&1 || :
# correct target, which changed in v14.
[ "$(find /etc/systemd/system/ -name "clevis-luks-askpass*")" ] || exit 0
find /etc/systemd/system/ -name "clevis-luks-askpass*" \
| grep -q cryptsetup.target.wants && exit 0
find /etc/systemd/system/ -name "clevis-luks-askpass*" -exec rm {} +
systemctl enable clevis-luks-askpass.path >/dev/null 2>&1 || :
exit 0
%files %files
%license COPYING %license COPYING
@ -205,6 +200,18 @@ exit 0
%attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2 %attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2
%changelog %changelog
* Tue Aug 02 2022 Sergio Arroutbi <sarroutb@redhat.com> - 15-11
- Start clevis-luks-askpass.path service according to global policy
Resolves: rhbz#2107081
* Thu Jul 21 2022 Sergio Arroutbi <sarroutb@redhat.com> - 15-10
- Improve boot performance by removing key check
Resolves: rhbz#2099748
* Wed Jun 22 2022 Sergio Arroutbi <sarroutb@redhat.com> - 15-9
- Avoid invalid message for clevis command
Resolves: rhbz#2099325
* Wed Jan 26 2022 Sergio Correia <scorreia@redhat.com> - 15-8 * Wed Jan 26 2022 Sergio Correia <scorreia@redhat.com> - 15-8
- Support a null pin - Support a null pin
Resolves: rhbz#2028096 Resolves: rhbz#2028096