Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/clevis.git#abb66036e6df1719e6cd0247b937e58d80c499ca
This commit is contained in:
parent
470e558edd
commit
9b83977ce4
1
.gitignore
vendored
1
.gitignore
vendored
@ -3,3 +3,4 @@
|
||||
/clevis-13.tar.xz
|
||||
/clevis-14.tar.xz
|
||||
/clevis-15.tar.xz
|
||||
/clevis-16.tar.xz
|
||||
|
@ -1,118 +0,0 @@
|
||||
From ef76951e4486dadf41ca8085e09849466a0c7fd3 Mon Sep 17 00:00:00 2001
|
||||
From: Jonas Witschel <diabonas@gmx.de>
|
||||
Date: Wed, 11 Nov 2020 12:43:18 +0100
|
||||
Subject: [PATCH] pins/tpm2: add support for tpm2-tools 5.X
|
||||
|
||||
tpm2-tools 5.0 consolidates all tools into a single busybox-style binary, so
|
||||
the preferred way to invoke the commands would be e.g. "tpm2 createprimary"
|
||||
instead of "tpm2_createprimary". However, compatibility symlinks tpm2_* -> tpm2
|
||||
are installed by default, so we keep the old syntax for tpm2-tools 5.0 to avoid
|
||||
creating another special case, since the option syntax has not changed (it
|
||||
should be stable since version 4).
|
||||
|
||||
tpm2-tools 3.X is deprecated, but unfortunately still packaged by a few Linux
|
||||
distributions, so keep supporting it for now at least.
|
||||
---
|
||||
src/pins/tpm2/clevis-decrypt-tpm2 | 12 ++++++------
|
||||
src/pins/tpm2/clevis-encrypt-tpm2 | 16 ++++++++--------
|
||||
2 files changed, 14 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/src/pins/tpm2/clevis-decrypt-tpm2 b/src/pins/tpm2/clevis-decrypt-tpm2
|
||||
index 83bf8f0..6226cb7 100755
|
||||
--- a/src/pins/tpm2/clevis-decrypt-tpm2
|
||||
+++ b/src/pins/tpm2/clevis-decrypt-tpm2
|
||||
@@ -49,8 +49,8 @@ TPM2TOOLS_INFO="$(tpm2_createprimary -v)"
|
||||
|
||||
match='version="(.)\.'
|
||||
[[ $TPM2TOOLS_INFO =~ $match ]] && TPM2TOOLS_VERSION="${BASH_REMATCH[1]}"
|
||||
-if [[ $TPM2TOOLS_VERSION != 3 ]] && [[ $TPM2TOOLS_VERSION != 4 ]]; then
|
||||
- echo "The tpm2 pin requires tpm2-tools version 3 or 4" >&2
|
||||
+if [[ $TPM2TOOLS_VERSION -lt 3 ]] || [[ $TPM2TOOLS_VERSION -gt 5 ]]; then
|
||||
+ echo "The tpm2 pin requires a tpm2-tools version between 3 and 5" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
@@ -135,7 +135,7 @@ fi
|
||||
|
||||
case "$TPM2TOOLS_VERSION" in
|
||||
3) tpm2_createprimary -Q -H "$auth" -g "$hash" -G "$key" -C "$TMP"/primary.context || fail=$?;;
|
||||
- 4) tpm2_createprimary -Q -C "$auth" -g "$hash" -G "$key" -c "$TMP"/primary.context || fail=$?;;
|
||||
+ 4|5) tpm2_createprimary -Q -C "$auth" -g "$hash" -G "$key" -c "$TMP"/primary.context || fail=$?;;
|
||||
*) fail=1;;
|
||||
esac
|
||||
if [ -n "$fail" ]; then
|
||||
@@ -146,8 +146,8 @@ fi
|
||||
case "$TPM2TOOLS_VERSION" in
|
||||
3) tpm2_load -Q -c "$TMP"/primary.context -u "$TMP"/jwk.pub -r "$TMP"/jwk.priv \
|
||||
-C "$TMP"/load.context || fail=$?;;
|
||||
- 4) tpm2_load -Q -C "$TMP"/primary.context -u "$TMP"/jwk.pub -r "$TMP"/jwk.priv \
|
||||
- -c "$TMP"/load.context || fail=$?;;
|
||||
+ 4|5) tpm2_load -Q -C "$TMP"/primary.context -u "$TMP"/jwk.pub -r "$TMP"/jwk.priv \
|
||||
+ -c "$TMP"/load.context || fail=$?;;
|
||||
*) fail=1;;
|
||||
esac
|
||||
if [ -n "$fail" ]; then
|
||||
@@ -157,7 +157,7 @@ fi
|
||||
|
||||
case "$TPM2TOOLS_VERSION" in
|
||||
3) jwk="$(tpm2_unseal -c "$TMP"/load.context ${pcr_spec:+-L $pcr_spec})" || fail=$?;;
|
||||
- 4) jwk="$(tpm2_unseal -c "$TMP"/load.context ${pcr_spec:+-p pcr:$pcr_spec})" || fail=$?;;
|
||||
+ 4|5) jwk="$(tpm2_unseal -c "$TMP"/load.context ${pcr_spec:+-p pcr:$pcr_spec})" || fail=$?;;
|
||||
*) fail=1;;
|
||||
esac
|
||||
if [ -n "$fail" ]; then
|
||||
diff --git a/src/pins/tpm2/clevis-encrypt-tpm2 b/src/pins/tpm2/clevis-encrypt-tpm2
|
||||
index 16d35c4..69a1126 100755
|
||||
--- a/src/pins/tpm2/clevis-encrypt-tpm2
|
||||
+++ b/src/pins/tpm2/clevis-encrypt-tpm2
|
||||
@@ -71,8 +71,8 @@ TPM2TOOLS_INFO="$(tpm2_createprimary -v)"
|
||||
|
||||
match='version="(.)\.'
|
||||
[[ $TPM2TOOLS_INFO =~ $match ]] && TPM2TOOLS_VERSION="${BASH_REMATCH[1]}"
|
||||
-if [[ $TPM2TOOLS_VERSION != 3 ]] && [[ $TPM2TOOLS_VERSION != 4 ]]; then
|
||||
- echo "The tpm2 pin requires tpm2-tools version 3 or 4" >&2
|
||||
+if [[ $TPM2TOOLS_VERSION -lt 3 ]] || [[ $TPM2TOOLS_VERSION -gt 5 ]]; then
|
||||
+ echo "The tpm2 pin requires a tpm2-tools version between 3 and 5" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
@@ -153,7 +153,7 @@ trap 'on_exit' EXIT
|
||||
|
||||
case "$TPM2TOOLS_VERSION" in
|
||||
3) tpm2_createprimary -Q -H "$auth" -g "$hash" -G "$key" -C "$TMP"/primary.context || fail=$?;;
|
||||
- 4) tpm2_createprimary -Q -C "$auth" -g "$hash" -G "$key" -c "$TMP"/primary.context || fail=$?;;
|
||||
+ 4|5) tpm2_createprimary -Q -C "$auth" -g "$hash" -G "$key" -c "$TMP"/primary.context || fail=$?;;
|
||||
*) fail=1;;
|
||||
esac
|
||||
if [ -n "$fail" ]; then
|
||||
@@ -166,7 +166,7 @@ if [ -n "$pcr_ids" ]; then
|
||||
if [ -z "$pcr_digest" ]; then
|
||||
case "$TPM2TOOLS_VERSION" in
|
||||
3) tpm2_pcrlist -Q -L "$pcr_bank":"$pcr_ids" -o "$TMP"/pcr.digest || fail=$?;;
|
||||
- 4) tpm2_pcrread -Q "$pcr_bank":"$pcr_ids" -o "$TMP"/pcr.digest || fail=$?;;
|
||||
+ 4|5) tpm2_pcrread -Q "$pcr_bank":"$pcr_ids" -o "$TMP"/pcr.digest || fail=$?;;
|
||||
*) fail=1;;
|
||||
esac
|
||||
if [ -n "$fail" ]; then
|
||||
@@ -183,8 +183,8 @@ if [ -n "$pcr_ids" ]; then
|
||||
case "$TPM2TOOLS_VERSION" in
|
||||
3) tpm2_createpolicy -Q -g "$hash" -P -L "$pcr_bank":"$pcr_ids" \
|
||||
-F "$TMP"/pcr.digest -f "$TMP"/pcr.policy || fail=$?;;
|
||||
- 4) tpm2_createpolicy -Q -g "$hash" --policy-pcr -l "$pcr_bank":"$pcr_ids" \
|
||||
- -f "$TMP"/pcr.digest -L "$TMP"/pcr.policy || fail=$?;;
|
||||
+ 4|5) tpm2_createpolicy -Q -g "$hash" --policy-pcr -l "$pcr_bank":"$pcr_ids" \
|
||||
+ -f "$TMP"/pcr.digest -L "$TMP"/pcr.policy || fail=$?;;
|
||||
*) fail=1;;
|
||||
esac
|
||||
if [ -n "$fail" ]; then
|
||||
@@ -200,8 +200,8 @@ fi
|
||||
case "$TPM2TOOLS_VERSION" in
|
||||
3) tpm2_create -Q -g "$hash" -G "$alg_create_key" -c "$TMP"/primary.context -u "$TMP"/jwk.pub \
|
||||
-r "$TMP"/jwk.priv -A "$obj_attr" "${policy_options[@]}" -I- <<< "$jwk" || fail=$?;;
|
||||
- 4) tpm2_create -Q -g "$hash" -C "$TMP"/primary.context -u "$TMP"/jwk.pub \
|
||||
- -r "$TMP"/jwk.priv -a "$obj_attr" "${policy_options[@]}" -i- <<< "$jwk" || fail=$?;;
|
||||
+ 4|5) tpm2_create -Q -g "$hash" -C "$TMP"/primary.context -u "$TMP"/jwk.pub \
|
||||
+ -r "$TMP"/jwk.priv -a "$obj_attr" "${policy_options[@]}" -i- <<< "$jwk" || fail=$?;;
|
||||
*) fail=1;;
|
||||
esac
|
||||
if [ -n "$fail" ]; then
|
11
clevis.spec
11
clevis.spec
@ -1,13 +1,12 @@
|
||||
Name: clevis
|
||||
Version: 15
|
||||
Release: 4%{?dist}
|
||||
Version: 16
|
||||
Release: 1%{?dist}
|
||||
Summary: Automated decryption framework
|
||||
|
||||
License: GPLv3+
|
||||
URL: https://github.com/latchset/%{name}
|
||||
Source0: https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz
|
||||
Source1: clevis.sysusers
|
||||
Patch0: clevis-tpm2-tools-5.patch
|
||||
|
||||
BuildRequires: git-core
|
||||
BuildRequires: gcc
|
||||
@ -83,7 +82,6 @@ Requires: systemd%{?_isa} >= 236
|
||||
%endif
|
||||
%endif
|
||||
%endif
|
||||
Requires: nc
|
||||
|
||||
%description systemd
|
||||
Automatically unlocks LUKS _netdev block devices from /etc/crypttab.
|
||||
@ -166,6 +164,7 @@ exit 0
|
||||
%{_mandir}/man1/%{name}-luks-edit.1.*
|
||||
%{_mandir}/man1/%{name}-luks-regen.1.*
|
||||
%{_mandir}/man1/%{name}-luks-report.1.*
|
||||
%{_mandir}/man1/%{name}-luks-pass.1.*
|
||||
%{_bindir}/%{name}-luks-unlock
|
||||
%{_bindir}/%{name}-luks-unbind
|
||||
%{_bindir}/%{name}-luks-bind
|
||||
@ -174,6 +173,7 @@ exit 0
|
||||
%{_bindir}/%{name}-luks-edit
|
||||
%{_bindir}/%{name}-luks-regen
|
||||
%{_bindir}/%{name}-luks-report
|
||||
%{_bindir}/%{name}-luks-pass
|
||||
|
||||
%files systemd
|
||||
%{_libexecdir}/%{name}-luks-askpass
|
||||
@ -191,6 +191,9 @@ exit 0
|
||||
%attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2
|
||||
|
||||
%changelog
|
||||
* Tue Feb 09 2021 Sergio Correia <scorreia@redhat.com> - 16-1
|
||||
- Update to new clevis upstream release, v16.
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 15-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (clevis-15.tar.xz) = 8a84b9e081d02742c2c718bdc8b2c834764da6ec9ad1ae5640e8af80a38c2a1ec83eeea5de7696f60f7dd8f165b3dc527290831621440b1a46459d2c8bd56918
|
||||
SHA512 (clevis-16.tar.xz) = a474a0a4d17b65091a6447698a4f3e0e3bc45b61e686be76bc5d7b5d248e503803174ae40b958cfee8a72087089c1ac132b8684f2f913c5e8a9873ceae2aa5c3
|
||||
|
Loading…
Reference in New Issue
Block a user