From 9b83977ce4b8bea107c2d3a92a1062d66b4ed069 Mon Sep 17 00:00:00 2001
From: DistroBaker <osci-list@redhat.com>
Date: Tue, 9 Feb 2021 18:14:54 +0000
Subject: [PATCH] Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/clevis.git#abb66036e6df1719e6cd0247b937e58d80c499ca
---
 .gitignore                |   1 +
 clevis-tpm2-tools-5.patch | 118 --------------------------------------
 clevis.spec               |  11 ++--
 sources                   |   2 +-
 4 files changed, 9 insertions(+), 123 deletions(-)
 delete mode 100644 clevis-tpm2-tools-5.patch

diff --git a/.gitignore b/.gitignore
index 05219af..1de2d61 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@
 /clevis-13.tar.xz
 /clevis-14.tar.xz
 /clevis-15.tar.xz
+/clevis-16.tar.xz
diff --git a/clevis-tpm2-tools-5.patch b/clevis-tpm2-tools-5.patch
deleted file mode 100644
index 604ea53..0000000
--- a/clevis-tpm2-tools-5.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From ef76951e4486dadf41ca8085e09849466a0c7fd3 Mon Sep 17 00:00:00 2001
-From: Jonas Witschel <diabonas@gmx.de>
-Date: Wed, 11 Nov 2020 12:43:18 +0100
-Subject: [PATCH] pins/tpm2: add support for tpm2-tools 5.X
-
-tpm2-tools 5.0 consolidates all tools into a single busybox-style binary, so
-the preferred way to invoke the commands would be e.g. "tpm2 createprimary"
-instead of "tpm2_createprimary". However, compatibility symlinks tpm2_* -> tpm2
-are installed by default, so we keep the old syntax for tpm2-tools 5.0 to avoid
-creating another special case, since the option syntax has not changed (it
-should be stable since version 4).
-
-tpm2-tools 3.X is deprecated, but unfortunately still packaged by a few Linux
-distributions, so keep supporting it for now at least.
----
- src/pins/tpm2/clevis-decrypt-tpm2 | 12 ++++++------
- src/pins/tpm2/clevis-encrypt-tpm2 | 16 ++++++++--------
- 2 files changed, 14 insertions(+), 14 deletions(-)
-
-diff --git a/src/pins/tpm2/clevis-decrypt-tpm2 b/src/pins/tpm2/clevis-decrypt-tpm2
-index 83bf8f0..6226cb7 100755
---- a/src/pins/tpm2/clevis-decrypt-tpm2
-+++ b/src/pins/tpm2/clevis-decrypt-tpm2
-@@ -49,8 +49,8 @@ TPM2TOOLS_INFO="$(tpm2_createprimary -v)"
- 
- match='version="(.)\.'
- [[ $TPM2TOOLS_INFO =~ $match ]] && TPM2TOOLS_VERSION="${BASH_REMATCH[1]}"
--if [[ $TPM2TOOLS_VERSION != 3 ]] && [[ $TPM2TOOLS_VERSION != 4 ]]; then
--    echo "The tpm2 pin requires tpm2-tools version 3 or 4" >&2
-+if [[ $TPM2TOOLS_VERSION -lt 3 ]] || [[ $TPM2TOOLS_VERSION -gt 5 ]]; then
-+    echo "The tpm2 pin requires a tpm2-tools version between 3 and 5" >&2
-     exit 1
- fi
- 
-@@ -135,7 +135,7 @@ fi
- 
- case "$TPM2TOOLS_VERSION" in
-     3) tpm2_createprimary -Q -H "$auth" -g "$hash" -G "$key" -C "$TMP"/primary.context || fail=$?;;
--    4) tpm2_createprimary -Q -C "$auth" -g "$hash" -G "$key" -c "$TMP"/primary.context || fail=$?;;
-+    4|5) tpm2_createprimary -Q -C "$auth" -g "$hash" -G "$key" -c "$TMP"/primary.context || fail=$?;;
-     *) fail=1;;
- esac
- if [ -n "$fail" ]; then
-@@ -146,8 +146,8 @@ fi
- case "$TPM2TOOLS_VERSION" in
-     3) tpm2_load -Q -c "$TMP"/primary.context -u "$TMP"/jwk.pub -r "$TMP"/jwk.priv \
-                  -C "$TMP"/load.context || fail=$?;;
--    4) tpm2_load -Q -C "$TMP"/primary.context -u "$TMP"/jwk.pub -r "$TMP"/jwk.priv \
--                 -c "$TMP"/load.context || fail=$?;;
-+    4|5) tpm2_load -Q -C "$TMP"/primary.context -u "$TMP"/jwk.pub -r "$TMP"/jwk.priv \
-+                   -c "$TMP"/load.context || fail=$?;;
-     *) fail=1;;
- esac
- if [ -n "$fail" ]; then
-@@ -157,7 +157,7 @@ fi
- 
- case "$TPM2TOOLS_VERSION" in
-     3) jwk="$(tpm2_unseal -c "$TMP"/load.context ${pcr_spec:+-L $pcr_spec})" || fail=$?;;
--    4) jwk="$(tpm2_unseal -c "$TMP"/load.context ${pcr_spec:+-p pcr:$pcr_spec})" || fail=$?;;
-+    4|5) jwk="$(tpm2_unseal -c "$TMP"/load.context ${pcr_spec:+-p pcr:$pcr_spec})" || fail=$?;;
-     *) fail=1;;
- esac
- if [ -n "$fail" ]; then
-diff --git a/src/pins/tpm2/clevis-encrypt-tpm2 b/src/pins/tpm2/clevis-encrypt-tpm2
-index 16d35c4..69a1126 100755
---- a/src/pins/tpm2/clevis-encrypt-tpm2
-+++ b/src/pins/tpm2/clevis-encrypt-tpm2
-@@ -71,8 +71,8 @@ TPM2TOOLS_INFO="$(tpm2_createprimary -v)"
- 
- match='version="(.)\.'
- [[ $TPM2TOOLS_INFO =~ $match ]] && TPM2TOOLS_VERSION="${BASH_REMATCH[1]}"
--if [[ $TPM2TOOLS_VERSION != 3 ]] && [[ $TPM2TOOLS_VERSION != 4 ]]; then
--    echo "The tpm2 pin requires tpm2-tools version 3 or 4" >&2
-+if [[ $TPM2TOOLS_VERSION -lt 3 ]] || [[ $TPM2TOOLS_VERSION -gt 5 ]]; then
-+    echo "The tpm2 pin requires a tpm2-tools version between 3 and 5" >&2
-     exit 1
- fi
- 
-@@ -153,7 +153,7 @@ trap 'on_exit' EXIT
- 
- case "$TPM2TOOLS_VERSION" in
-     3) tpm2_createprimary -Q -H "$auth" -g "$hash" -G "$key" -C "$TMP"/primary.context || fail=$?;;
--    4) tpm2_createprimary -Q -C "$auth" -g "$hash" -G "$key" -c "$TMP"/primary.context || fail=$?;;
-+    4|5) tpm2_createprimary -Q -C "$auth" -g "$hash" -G "$key" -c "$TMP"/primary.context || fail=$?;;
-     *) fail=1;;
- esac
- if [ -n "$fail" ]; then
-@@ -166,7 +166,7 @@ if [ -n "$pcr_ids" ]; then
-     if [ -z "$pcr_digest" ]; then
-         case "$TPM2TOOLS_VERSION" in
-             3) tpm2_pcrlist -Q -L "$pcr_bank":"$pcr_ids" -o "$TMP"/pcr.digest || fail=$?;;
--            4) tpm2_pcrread -Q "$pcr_bank":"$pcr_ids" -o "$TMP"/pcr.digest || fail=$?;;
-+            4|5) tpm2_pcrread -Q "$pcr_bank":"$pcr_ids" -o "$TMP"/pcr.digest || fail=$?;;
-             *) fail=1;;
-         esac
-         if [ -n "$fail" ]; then
-@@ -183,8 +183,8 @@ if [ -n "$pcr_ids" ]; then
-     case "$TPM2TOOLS_VERSION" in
-         3) tpm2_createpolicy -Q -g "$hash" -P -L "$pcr_bank":"$pcr_ids" \
-                              -F "$TMP"/pcr.digest -f "$TMP"/pcr.policy || fail=$?;;
--        4) tpm2_createpolicy -Q -g "$hash" --policy-pcr -l "$pcr_bank":"$pcr_ids" \
--                             -f "$TMP"/pcr.digest -L "$TMP"/pcr.policy || fail=$?;;
-+        4|5) tpm2_createpolicy -Q -g "$hash" --policy-pcr -l "$pcr_bank":"$pcr_ids" \
-+                               -f "$TMP"/pcr.digest -L "$TMP"/pcr.policy || fail=$?;;
-         *) fail=1;;
-     esac
-     if [ -n "$fail" ]; then
-@@ -200,8 +200,8 @@ fi
- case "$TPM2TOOLS_VERSION" in
-     3) tpm2_create -Q -g "$hash" -G "$alg_create_key" -c "$TMP"/primary.context -u "$TMP"/jwk.pub \
-                    -r "$TMP"/jwk.priv -A "$obj_attr" "${policy_options[@]}" -I- <<< "$jwk" || fail=$?;;
--    4) tpm2_create -Q -g "$hash" -C "$TMP"/primary.context -u "$TMP"/jwk.pub \
--                   -r "$TMP"/jwk.priv -a "$obj_attr" "${policy_options[@]}" -i- <<< "$jwk" || fail=$?;;
-+    4|5) tpm2_create -Q -g "$hash" -C "$TMP"/primary.context -u "$TMP"/jwk.pub \
-+                     -r "$TMP"/jwk.priv -a "$obj_attr" "${policy_options[@]}" -i- <<< "$jwk" || fail=$?;;
-     *) fail=1;;
- esac
- if [ -n "$fail" ]; then
diff --git a/clevis.spec b/clevis.spec
index c475615..31e8780 100644
--- a/clevis.spec
+++ b/clevis.spec
@@ -1,13 +1,12 @@
 Name:           clevis
-Version:        15
-Release:        4%{?dist}
+Version:        16
+Release:        1%{?dist}
 Summary:        Automated decryption framework
 
 License:        GPLv3+
 URL:            https://github.com/latchset/%{name}
 Source0:        https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz
 Source1:        clevis.sysusers
-Patch0:         clevis-tpm2-tools-5.patch
 
 BuildRequires:  git-core
 BuildRequires:  gcc
@@ -83,7 +82,6 @@ Requires:       systemd%{?_isa} >= 236
 %endif
 %endif
 %endif
-Requires:       nc
 
 %description systemd
 Automatically unlocks LUKS _netdev block devices from /etc/crypttab.
@@ -166,6 +164,7 @@ exit 0
 %{_mandir}/man1/%{name}-luks-edit.1.*
 %{_mandir}/man1/%{name}-luks-regen.1.*
 %{_mandir}/man1/%{name}-luks-report.1.*
+%{_mandir}/man1/%{name}-luks-pass.1.*
 %{_bindir}/%{name}-luks-unlock
 %{_bindir}/%{name}-luks-unbind
 %{_bindir}/%{name}-luks-bind
@@ -174,6 +173,7 @@ exit 0
 %{_bindir}/%{name}-luks-edit
 %{_bindir}/%{name}-luks-regen
 %{_bindir}/%{name}-luks-report
+%{_bindir}/%{name}-luks-pass
 
 %files systemd
 %{_libexecdir}/%{name}-luks-askpass
@@ -191,6 +191,9 @@ exit 0
 %attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2
 
 %changelog
+* Tue Feb 09 2021 Sergio Correia <scorreia@redhat.com> - 16-1
+- Update to new clevis upstream release, v16.
+
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 15-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 
diff --git a/sources b/sources
index ba551e3..ab2a495 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (clevis-15.tar.xz) = 8a84b9e081d02742c2c718bdc8b2c834764da6ec9ad1ae5640e8af80a38c2a1ec83eeea5de7696f60f7dd8f165b3dc527290831621440b1a46459d2c8bd56918
+SHA512 (clevis-16.tar.xz) = a474a0a4d17b65091a6447698a4f3e0e3bc45b61e686be76bc5d7b5d248e503803174ae40b958cfee8a72087089c1ac132b8684f2f913c5e8a9873ceae2aa5c3