Fix for -t option in clevis luks bind
Backport upstream commit ea0d0c20
This commit is contained in:
Sergio Correia
parent
abb66036e6
commit
accda6600e
52
0001-Fix-for-t-option-in-clevis-luks-bind-297.patch
Normal file
52
0001-Fix-for-t-option-in-clevis-luks-bind-297.patch
Normal file
@ -0,0 +1,52 @@
|
||||
From a7d17dab6957b3036972575af04b55590c53b9ad Mon Sep 17 00:00:00 2001
|
||||
From: John Baublitz <jbaublitz@redhat.com>
|
||||
Date: Tue, 16 Mar 2021 09:36:46 -0400
|
||||
Subject: [PATCH] Fix for -t option in clevis luks bind (#297)
|
||||
|
||||
---
|
||||
src/luks/clevis-luks-bind | 2 +-
|
||||
src/luks/clevis-luks-common-functions.in | 2 +-
|
||||
src/luks/tests/bind-luks2 | 4 ++++
|
||||
3 files changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/luks/clevis-luks-bind b/src/luks/clevis-luks-bind
|
||||
index 9bea9b1..a0f3430 100755
|
||||
--- a/src/luks/clevis-luks-bind
|
||||
+++ b/src/luks/clevis-luks-bind
|
||||
@@ -119,7 +119,7 @@ if [ "${luks_type}" = "luks1" ] && ! luksmeta test -d "${DEV}"; then
|
||||
luksmeta init -d "${DEV}" ${FRC}
|
||||
fi
|
||||
|
||||
-if ! clevis_luks_do_bind "${DEV}" "${SLT}" "" \
|
||||
+if ! clevis_luks_do_bind "${DEV}" "${SLT}" "${TOKEN_ID}" \
|
||||
"${PIN}" "${CFG}" \
|
||||
"${YES}" "" \
|
||||
"${existing_key}" "${keyfile}"; then
|
||||
diff --git a/src/luks/clevis-luks-common-functions.in b/src/luks/clevis-luks-common-functions.in
|
||||
index 1bd7616..30fef56 100644
|
||||
--- a/src/luks/clevis-luks-common-functions.in
|
||||
+++ b/src/luks/clevis-luks-common-functions.in
|
||||
@@ -978,7 +978,7 @@ clevis_luks_do_bind() {
|
||||
return 1
|
||||
fi
|
||||
|
||||
- if ! clevis_luks_save_slot "${DEV}" "${SLT}" "${tkn_id}" \
|
||||
+ if ! clevis_luks_save_slot "${DEV}" "${SLT}" "${TKN_ID}" \
|
||||
"${jwe}" "${OVERWRITE}"; then
|
||||
echo "Unable to update metadata; operation cancelled" >&2
|
||||
clevis_luks_restore_dev "${CLEVIS_TMP_DIR}" || :
|
||||
diff --git a/src/luks/tests/bind-luks2 b/src/luks/tests/bind-luks2
|
||||
index 492db50..04c6b8e 100755
|
||||
--- a/src/luks/tests/bind-luks2
|
||||
+++ b/src/luks/tests/bind-luks2
|
||||
@@ -47,3 +47,7 @@ new_device "luks2" "${DEV}"
|
||||
if ! clevis luks bind -d "${DEV}" -t "$TOKEN_ID" tang "${CFG}" <<< "${DEFAULT_PASS}"; then
|
||||
error "${TEST}: Binding is expected to succeed when given a correct (${DEFAULT_PASS}) password." >&2
|
||||
fi
|
||||
+
|
||||
+if ! cryptsetup token export --token-id=5 "${DEV}"; then
|
||||
+ error "${TEST}: Clevis did not add the LUKS2 token to the correct slot." >&2
|
||||
+fi
|
||||
--
|
||||
2.30.2
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: clevis
|
||||
Version: 16
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: Automated decryption framework
|
||||
|
||||
License: GPLv3+
|
||||
@ -8,6 +8,8 @@ URL: https://github.com/latchset/%{name}
|
||||
Source0: https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz
|
||||
Source1: clevis.sysusers
|
||||
|
||||
Patch0001: 0001-Fix-for-t-option-in-clevis-luks-bind-297.patch
|
||||
|
||||
BuildRequires: git-core
|
||||
BuildRequires: gcc
|
||||
BuildRequires: meson
|
||||
@ -33,6 +35,7 @@ BuildRequires: cracklib-dicts
|
||||
BuildRequires: luksmeta
|
||||
BuildRequires: openssl
|
||||
BuildRequires: diffutils
|
||||
BuildRequires: cryptsetup
|
||||
BuildRequires: jq
|
||||
|
||||
Requires: tpm2-tools >= 4.0.0
|
||||
@ -191,6 +194,9 @@ exit 0
|
||||
%attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2
|
||||
|
||||
%changelog
|
||||
* Tue Mar 16 2021 Sergio Correia <scorreia@redhat.com> - 16-2
|
||||
- Fix for -t option in clevis luks bind - backport upstream commit ea0d0c20
|
||||
|
||||
* Tue Feb 09 2021 Sergio Correia <scorreia@redhat.com> - 16-1
|
||||
- Update to new clevis upstream release, v16.
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user