rpms/clevis
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Merged update from upstream sources

Browse Source 
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/clevis.git#abb66036e6df1719e6cd0247b937e58d80c499ca
This commit is contained in:
DistroBaker 2021-02-09 18:14:54 +00:00
parent 470e558edd
commit 9b83977ce4
4 changed files with 9 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -3,3 +3,4 @@
/clevis-13.tar.xz
/clevis-14.tar.xz
/clevis-15.tar.xz
/clevis-16.tar.xz

118
clevis-tpm2-tools-5.patch
View File

@ -1,118 +0,0 @@
From ef76951e4486dadf41ca8085e09849466a0c7fd3 Mon Sep 17 00:00:00 2001
From: Jonas Witschel <diabonas@gmx.de>
Date: Wed, 11 Nov 2020 12:43:18 +0100
Subject: [PATCH] pins/tpm2: add support for tpm2-tools 5.X
tpm2-tools 5.0 consolidates all tools into a single busybox-style binary, so
the preferred way to invoke the commands would be e.g. "tpm2 createprimary"
instead of "tpm2_createprimary". However, compatibility symlinks tpm2_* -> tpm2
are installed by default, so we keep the old syntax for tpm2-tools 5.0 to avoid
creating another special case, since the option syntax has not changed (it
should be stable since version 4).
tpm2-tools 3.X is deprecated, but unfortunately still packaged by a few Linux
distributions, so keep supporting it for now at least.
---
src/pins/tpm2/clevis-decrypt-tpm2 | 12 ++++++------
src/pins/tpm2/clevis-encrypt-tpm2 | 16 ++++++++--------
2 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/src/pins/tpm2/clevis-decrypt-tpm2 b/src/pins/tpm2/clevis-decrypt-tpm2
index 83bf8f0..6226cb7 100755
--- a/src/pins/tpm2/clevis-decrypt-tpm2
+++ b/src/pins/tpm2/clevis-decrypt-tpm2
@@ -49,8 +49,8 @@ TPM2TOOLS_INFO="$(tpm2_createprimary -v)"
match='version="(.)\.'
[[ $TPM2TOOLS_INFO =~ $match ]] && TPM2TOOLS_VERSION="${BASH_REMATCH[1]}"
-if [[ $TPM2TOOLS_VERSION != 3 ]] && [[ $TPM2TOOLS_VERSION != 4 ]]; then
- echo "The tpm2 pin requires tpm2-tools version 3 or 4" >&2
+if [[ $TPM2TOOLS_VERSION -lt 3 ]] || [[ $TPM2TOOLS_VERSION -gt 5 ]]; then
+ echo "The tpm2 pin requires a tpm2-tools version between 3 and 5" >&2
exit 1
fi
@@ -135,7 +135,7 @@ fi
case "$TPM2TOOLS_VERSION" in
3) tpm2_createprimary -Q -H "$auth" -g "$hash" -G "$key" -C "$TMP"/primary.context || fail=$?;;
- 4) tpm2_createprimary -Q -C "$auth" -g "$hash" -G "$key" -c "$TMP"/primary.context || fail=$?;;
+ 4|5) tpm2_createprimary -Q -C "$auth" -g "$hash" -G "$key" -c "$TMP"/primary.context || fail=$?;;
*) fail=1;;
esac
if [ -n "$fail" ]; then
@@ -146,8 +146,8 @@ fi
case "$TPM2TOOLS_VERSION" in
3) tpm2_load -Q -c "$TMP"/primary.context -u "$TMP"/jwk.pub -r "$TMP"/jwk.priv \
-C "$TMP"/load.context || fail=$?;;
- 4) tpm2_load -Q -C "$TMP"/primary.context -u "$TMP"/jwk.pub -r "$TMP"/jwk.priv \
- -c "$TMP"/load.context || fail=$?;;
+ 4|5) tpm2_load -Q -C "$TMP"/primary.context -u "$TMP"/jwk.pub -r "$TMP"/jwk.priv \
+ -c "$TMP"/load.context || fail=$?;;
*) fail=1;;
esac
if [ -n "$fail" ]; then
@@ -157,7 +157,7 @@ fi
case "$TPM2TOOLS_VERSION" in
3) jwk="$(tpm2_unseal -c "$TMP"/load.context ${pcr_spec:+-L $pcr_spec})" || fail=$?;;
- 4) jwk="$(tpm2_unseal -c "$TMP"/load.context ${pcr_spec:+-p pcr:$pcr_spec})" || fail=$?;;
+ 4|5) jwk="$(tpm2_unseal -c "$TMP"/load.context ${pcr_spec:+-p pcr:$pcr_spec})" || fail=$?;;
*) fail=1;;
esac
if [ -n "$fail" ]; then
diff --git a/src/pins/tpm2/clevis-encrypt-tpm2 b/src/pins/tpm2/clevis-encrypt-tpm2
index 16d35c4..69a1126 100755
--- a/src/pins/tpm2/clevis-encrypt-tpm2
+++ b/src/pins/tpm2/clevis-encrypt-tpm2
@@ -71,8 +71,8 @@ TPM2TOOLS_INFO="$(tpm2_createprimary -v)"
match='version="(.)\.'
[[ $TPM2TOOLS_INFO =~ $match ]] && TPM2TOOLS_VERSION="${BASH_REMATCH[1]}"
-if [[ $TPM2TOOLS_VERSION != 3 ]] && [[ $TPM2TOOLS_VERSION != 4 ]]; then
- echo "The tpm2 pin requires tpm2-tools version 3 or 4" >&2
+if [[ $TPM2TOOLS_VERSION -lt 3 ]] || [[ $TPM2TOOLS_VERSION -gt 5 ]]; then
+ echo "The tpm2 pin requires a tpm2-tools version between 3 and 5" >&2
exit 1
fi
@@ -153,7 +153,7 @@ trap 'on_exit' EXIT
case "$TPM2TOOLS_VERSION" in
3) tpm2_createprimary -Q -H "$auth" -g "$hash" -G "$key" -C "$TMP"/primary.context || fail=$?;;
- 4) tpm2_createprimary -Q -C "$auth" -g "$hash" -G "$key" -c "$TMP"/primary.context || fail=$?;;
+ 4|5) tpm2_createprimary -Q -C "$auth" -g "$hash" -G "$key" -c "$TMP"/primary.context || fail=$?;;
*) fail=1;;
esac
if [ -n "$fail" ]; then
@@ -166,7 +166,7 @@ if [ -n "$pcr_ids" ]; then
if [ -z "$pcr_digest" ]; then
case "$TPM2TOOLS_VERSION" in
3) tpm2_pcrlist -Q -L "$pcr_bank":"$pcr_ids" -o "$TMP"/pcr.digest || fail=$?;;
- 4) tpm2_pcrread -Q "$pcr_bank":"$pcr_ids" -o "$TMP"/pcr.digest || fail=$?;;
+ 4|5) tpm2_pcrread -Q "$pcr_bank":"$pcr_ids" -o "$TMP"/pcr.digest || fail=$?;;
*) fail=1;;
esac
if [ -n "$fail" ]; then
@@ -183,8 +183,8 @@ if [ -n "$pcr_ids" ]; then
case "$TPM2TOOLS_VERSION" in
3) tpm2_createpolicy -Q -g "$hash" -P -L "$pcr_bank":"$pcr_ids" \
-F "$TMP"/pcr.digest -f "$TMP"/pcr.policy || fail=$?;;
- 4) tpm2_createpolicy -Q -g "$hash" --policy-pcr -l "$pcr_bank":"$pcr_ids" \
- -f "$TMP"/pcr.digest -L "$TMP"/pcr.policy || fail=$?;;
+ 4|5) tpm2_createpolicy -Q -g "$hash" --policy-pcr -l "$pcr_bank":"$pcr_ids" \
+ -f "$TMP"/pcr.digest -L "$TMP"/pcr.policy || fail=$?;;
*) fail=1;;
esac
if [ -n "$fail" ]; then
@@ -200,8 +200,8 @@ fi
case "$TPM2TOOLS_VERSION" in
3) tpm2_create -Q -g "$hash" -G "$alg_create_key" -c "$TMP"/primary.context -u "$TMP"/jwk.pub \
-r "$TMP"/jwk.priv -A "$obj_attr" "${policy_options[@]}" -I- <<< "$jwk" || fail=$?;;
- 4) tpm2_create -Q -g "$hash" -C "$TMP"/primary.context -u "$TMP"/jwk.pub \
- -r "$TMP"/jwk.priv -a "$obj_attr" "${policy_options[@]}" -i- <<< "$jwk" || fail=$?;;
+ 4|5) tpm2_create -Q -g "$hash" -C "$TMP"/primary.context -u "$TMP"/jwk.pub \
+ -r "$TMP"/jwk.priv -a "$obj_attr" "${policy_options[@]}" -i- <<< "$jwk" || fail=$?;;
*) fail=1;;
esac
if [ -n "$fail" ]; then

11
clevis.spec
View File

@ -1,13 +1,12 @@
Name: clevis
Version: 15
Release: 4%{?dist}
Version: 16
Release: 1%{?dist}
Summary: Automated decryption framework
License: GPLv3+
URL: https://github.com/latchset/%{name}
Source0: https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz
Source1: clevis.sysusers
Patch0: clevis-tpm2-tools-5.patch
BuildRequires: git-core
BuildRequires: gcc
@ -83,7 +82,6 @@ Requires: systemd%{?_isa} >= 236
%endif
%endif
%endif
Requires: nc
%description systemd
Automatically unlocks LUKS _netdev block devices from /etc/crypttab.
@ -166,6 +164,7 @@ exit 0
%{_mandir}/man1/%{name}-luks-edit.1.*
%{_mandir}/man1/%{name}-luks-regen.1.*
%{_mandir}/man1/%{name}-luks-report.1.*
%{_mandir}/man1/%{name}-luks-pass.1.*
%{_bindir}/%{name}-luks-unlock
%{_bindir}/%{name}-luks-unbind
%{_bindir}/%{name}-luks-bind
@ -174,6 +173,7 @@ exit 0
%{_bindir}/%{name}-luks-edit
%{_bindir}/%{name}-luks-regen
%{_bindir}/%{name}-luks-report
%{_bindir}/%{name}-luks-pass
%files systemd
%{_libexecdir}/%{name}-luks-askpass
@ -191,6 +191,9 @@ exit 0
%attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2
%changelog
* Tue Feb 09 2021 Sergio Correia <scorreia@redhat.com> - 16-1
- Update to new clevis upstream release, v16.
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 15-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

2
sources
View File

@ -1 +1 @@
SHA512 (clevis-15.tar.xz) = 8a84b9e081d02742c2c718bdc8b2c834764da6ec9ad1ae5640e8af80a38c2a1ec83eeea5de7696f60f7dd8f165b3dc527290831621440b1a46459d2c8bd56918
SHA512 (clevis-16.tar.xz) = a474a0a4d17b65091a6447698a4f3e0e3bc45b61e686be76bc5d7b5d248e503803174ae40b958cfee8a72087089c1ac132b8684f2f913c5e8a9873ceae2aa5c3