diff --git a/.gitignore b/.gitignore index 8c2394e..44f05e1 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -/clevis-5.tar.bz2 +/clevis-6.tar.bz2 diff --git a/clevis.spec b/clevis.spec index 8b983dc..56e0108 100644 --- a/clevis.spec +++ b/clevis.spec @@ -1,7 +1,7 @@ %global _hardened_build 1 Name: clevis -Version: 5 +Version: 6 Release: 1%{?dist} Summary: Automated decryption framework @@ -24,6 +24,7 @@ BuildRequires: curl Requires: coreutils Requires: jose >= 8 Requires: curl +Requires(pre): shadow-utils %description Clevis is a framework for automated decryption. It allows you to encrypt @@ -59,7 +60,6 @@ Automatically unlocks LUKSv1 block devices in early boot. %package udisks2 Summary: UDisks2/Storaged integration for clevis Requires: %{name}-luks%{?_isa} = %{version}-%{release} -Requires(pre): shadow-utils %description udisks2 Automatically unlocks LUKSv1 block devices in desktop environments that @@ -69,20 +69,18 @@ use UDisks2 or storaged (like GNOME). %setup -q %build -%configure +%configure --enable-user=clevis --enable-group=clevis %make_build V=1 %install %make_install -%{__sed} -i "s|^\(Exec=.*/clevis-luks-udisks2\)$|\1 -u %{name} -g %{name}|" \ - %{buildroot}/%{_sysconfdir}/xdg/autostart/%{name}-luks-udisks2.desktop %check desktop-file-validate \ %{buildroot}/%{_sysconfdir}/xdg/autostart/%{name}-luks-udisks2.desktop %make_build check -%pre udisks2 +%pre getent group %{name} >/dev/null || groupadd -r %{name} getent passwd %{name} >/dev/null || \ useradd -r -g %{name} -d %{_localstatedir}/cache/%{name} -s /sbin/nologin \ @@ -117,6 +115,11 @@ exit 0 %attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2 %changelog +* Tue Jun 27 2017 Nathaniel McCallum - 6-1 +- New upstream release +- Specify unprivileged user/group during configuration +- Move clevis user/group creation to base clevis package + * Mon Jun 26 2017 Nathaniel McCallum - 5-1 - New upstream release - Run clevis decryption from udisks2 under an unprivileged user diff --git a/sources b/sources index 005ab13..849d599 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (clevis-5.tar.bz2) = 2679b2f9575a98eb325202f899d34cbe1e32de7cb06d58178a7890e5ca477f3c8761050db1751812b220ee1321cf7f5a24a819c2c88b93619b255c5def03ce70 +SHA512 (clevis-6.tar.bz2) = 5a465aa23f0559fc2a1c22b54992ba799e8528fcb62a0b3d9d1874a0ba4b2ee9307619837089bb811beb20fe337d5c1d3f7dfa66fa500a2209cae96027a0864b