import clevis-15-11.el8
This commit is contained in:
CentOS Sources
root
parent
4354f2acf8
commit
f1602f07a2
24
SOURCES/0010-avoid-clevis-invalid-msg.patch
Normal file
24
SOURCES/0010-avoid-clevis-invalid-msg.patch
Normal file
@ -0,0 +1,24 @@
|
||||
--- clevis-15.ori/src/clevis 2020-10-28 19:55:47.663228800 +0100
|
||||
+++ clevis-15/src/clevis 2022-06-22 11:06:27.061230653 +0200
|
||||
@@ -27,6 +27,7 @@
|
||||
}
|
||||
|
||||
cmd=clevis
|
||||
+input_commands="$cmd $@"
|
||||
while [ $# -gt 0 ]; do
|
||||
[[ "$1" =~ ^- ]] && break
|
||||
cmd="$cmd-$1"
|
||||
@@ -36,8 +37,11 @@
|
||||
done
|
||||
|
||||
exec >&2
|
||||
-echo
|
||||
-echo "Command '$cmd' is invalid"
|
||||
+if [ "$cmd" != "clevis" ];
|
||||
+then
|
||||
+ echo
|
||||
+ echo "Command '$input_commands' is invalid"
|
||||
+fi
|
||||
echo
|
||||
echo "Usage: clevis COMMAND [OPTIONS]"
|
||||
echo
|
||||
@ -0,0 +1,53 @@
|
||||
From 51ae4f94a4955d9f06955ccd5a8b396b01c80d48 Mon Sep 17 00:00:00 2001
|
||||
From: Sergio Arroutbi <sarroutb@redhat.com>
|
||||
Date: Tue, 2 Aug 2022 11:07:00 -0300
|
||||
Subject: [PATCH] Improve boot performance by removing key check
|
||||
|
||||
---
|
||||
src/luks/clevis-luks-common-functions | 9 +++++++--
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/luks/clevis-luks-common-functions b/src/luks/clevis-luks-common-functions
|
||||
index 038cc37..950f217 100644
|
||||
--- a/src/luks/clevis-luks-common-functions
|
||||
+++ b/src/luks/clevis-luks-common-functions
|
||||
@@ -328,6 +328,7 @@ clevis_luks_check_valid_key_or_keyfile() {
|
||||
clevis_luks_unlock_device_by_slot() {
|
||||
local DEV="${1}"
|
||||
local SLT="${2}"
|
||||
+ local SKIP_CHECK="${3}"
|
||||
|
||||
[ -z "${DEV}" ] && return 1
|
||||
[ -z "${SLT}" ] && return 1
|
||||
@@ -343,7 +344,9 @@ clevis_luks_unlock_device_by_slot() {
|
||||
return 1
|
||||
fi
|
||||
|
||||
- clevis_luks_check_valid_key_or_keyfile "${DEV}" "${passphrase}" || return 1
|
||||
+ if [ -z "${SKIP_CHECK}" ]; then
|
||||
+ clevis_luks_check_valid_key_or_keyfile "${DEV}" "${passphrase}" || return 1
|
||||
+ fi
|
||||
printf '%s' "${passphrase}"
|
||||
}
|
||||
|
||||
@@ -351,6 +354,8 @@ clevis_luks_unlock_device_by_slot() {
|
||||
# parameter and returns the decoded passphrase.
|
||||
clevis_luks_unlock_device() {
|
||||
local DEV="${1}"
|
||||
+ local SKIP_CHECK="YES"
|
||||
+
|
||||
[ -z "${DEV}" ] && return 1
|
||||
|
||||
local used_slots
|
||||
@@ -361,7 +366,7 @@ clevis_luks_unlock_device() {
|
||||
|
||||
local slt pt
|
||||
for slt in ${used_slots}; do
|
||||
- if ! pt=$(clevis_luks_unlock_device_by_slot "${DEV}" "${slt}") \
|
||||
+ if ! pt=$(clevis_luks_unlock_device_by_slot "${DEV}" "${slt}" "${SKIP_CHECK}") \
|
||||
|| [ -z "${pt}" ]; then
|
||||
continue
|
||||
fi
|
||||
--
|
||||
2.35.1
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
Name: clevis
|
||||
Version: 15
|
||||
Release: 8%{?dist}
|
||||
Release: 11%{?dist}
|
||||
Summary: Automated decryption framework
|
||||
|
||||
License: GPLv3+
|
||||
@ -18,6 +18,8 @@ Patch0006: 0006-luks-enable-debugging-in-clevis-scripts-when-rd.debu.patch
|
||||
Patch0007: 0007-luks-explicitly-specify-pbkdf-iterations-to-cryptset.patch
|
||||
Patch0008: 0008-tang-dump-url-on-error-communication.patch
|
||||
Patch0009: 0009-feat-rename-the-test-pin-to-null-pin.patch
|
||||
Patch0010: 0010-avoid-clevis-invalid-msg.patch
|
||||
Patch0011: 0011-Improve-boot-performance-by-removing-key-check.patch
|
||||
|
||||
BuildRequires: git
|
||||
BuildRequires: gcc
|
||||
@ -53,6 +55,7 @@ Requires: jose >= 8
|
||||
Requires: curl
|
||||
Requires: jq
|
||||
Requires(pre): shadow-utils
|
||||
Requires(post): systemd
|
||||
|
||||
%description
|
||||
Clevis is a framework for automated decryption. It allows you to encrypt
|
||||
@ -138,16 +141,8 @@ if getent group tss >/dev/null && ! groups %{name} | grep -q "\btss\b"; then
|
||||
fi
|
||||
exit 0
|
||||
|
||||
%posttrans
|
||||
# In case clevis-luks-askpass is enabled, make sure it's using the
|
||||
# correct target, which changed in v14.
|
||||
[ "$(find /etc/systemd/system/ -name "clevis-luks-askpass*")" ] || exit 0
|
||||
find /etc/systemd/system/ -name "clevis-luks-askpass*" \
|
||||
| grep -q cryptsetup.target.wants && exit 0
|
||||
|
||||
find /etc/systemd/system/ -name "clevis-luks-askpass*" -exec rm {} +
|
||||
systemctl enable clevis-luks-askpass.path >/dev/null 2>&1 || :
|
||||
exit 0
|
||||
%post systemd
|
||||
systemctl preset %{name}-luks-askpass.path >/dev/null 2>&1 || :
|
||||
|
||||
%files
|
||||
%license COPYING
|
||||
@ -205,6 +200,18 @@ exit 0
|
||||
%attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2
|
||||
|
||||
%changelog
|
||||
* Tue Aug 02 2022 Sergio Arroutbi <sarroutb@redhat.com> - 15-11
|
||||
- Start clevis-luks-askpass.path service according to global policy
|
||||
Resolves: rhbz#2107081
|
||||
|
||||
* Thu Jul 21 2022 Sergio Arroutbi <sarroutb@redhat.com> - 15-10
|
||||
- Improve boot performance by removing key check
|
||||
Resolves: rhbz#2099748
|
||||
|
||||
* Wed Jun 22 2022 Sergio Arroutbi <sarroutb@redhat.com> - 15-9
|
||||
- Avoid invalid message for clevis command
|
||||
Resolves: rhbz#2099325
|
||||
|
||||
* Wed Jan 26 2022 Sergio Correia <scorreia@redhat.com> - 15-8
|
||||
- Support a null pin
|
||||
Resolves: rhbz#2028096
|
||||
|
||||
Loading…
Reference in New Issue
Block a user