rpms/clevis
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Merged update from upstream sources

Browse Source 
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/clevis.git#accda6600ef0b8f1bbbccdf9b133d306cf94ae9e
This commit is contained in:
DistroBaker 2021-03-16 18:15:30 +00:00
parent 04b12b8598
commit f6576d8f7a
2 changed files with 59 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
0001-Fix-for-t-option-in-clevis-luks-bind-297.patch Normal file
View File

@ -0,0 +1,52 @@
From a7d17dab6957b3036972575af04b55590c53b9ad Mon Sep 17 00:00:00 2001
From: John Baublitz <jbaublitz@redhat.com>
Date: Tue, 16 Mar 2021 09:36:46 -0400
Subject: [PATCH] Fix for -t option in clevis luks bind (#297)
---
src/luks/clevis-luks-bind | 2 +-
src/luks/clevis-luks-common-functions.in | 2 +-
src/luks/tests/bind-luks2 | 4 ++++
3 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/luks/clevis-luks-bind b/src/luks/clevis-luks-bind
index 9bea9b1..a0f3430 100755
--- a/src/luks/clevis-luks-bind
+++ b/src/luks/clevis-luks-bind
@@ -119,7 +119,7 @@ if [ "${luks_type}" = "luks1" ] && ! luksmeta test -d "${DEV}"; then
luksmeta init -d "${DEV}" ${FRC}
fi
-if ! clevis_luks_do_bind "${DEV}" "${SLT}" "" \
+if ! clevis_luks_do_bind "${DEV}" "${SLT}" "${TOKEN_ID}" \
"${PIN}" "${CFG}" \
"${YES}" "" \
"${existing_key}" "${keyfile}"; then
diff --git a/src/luks/clevis-luks-common-functions.in b/src/luks/clevis-luks-common-functions.in
index 1bd7616..30fef56 100644
--- a/src/luks/clevis-luks-common-functions.in
+++ b/src/luks/clevis-luks-common-functions.in
@@ -978,7 +978,7 @@ clevis_luks_do_bind() {
return 1
fi
- if ! clevis_luks_save_slot "${DEV}" "${SLT}" "${tkn_id}" \
+ if ! clevis_luks_save_slot "${DEV}" "${SLT}" "${TKN_ID}" \
"${jwe}" "${OVERWRITE}"; then
echo "Unable to update metadata; operation cancelled" >&2
clevis_luks_restore_dev "${CLEVIS_TMP_DIR}" || :
diff --git a/src/luks/tests/bind-luks2 b/src/luks/tests/bind-luks2
index 492db50..04c6b8e 100755
--- a/src/luks/tests/bind-luks2
+++ b/src/luks/tests/bind-luks2
@@ -47,3 +47,7 @@ new_device "luks2" "${DEV}"
if ! clevis luks bind -d "${DEV}" -t "$TOKEN_ID" tang "${CFG}" <<< "${DEFAULT_PASS}"; then
error "${TEST}: Binding is expected to succeed when given a correct (${DEFAULT_PASS}) password." >&2
fi
+
+if ! cryptsetup token export --token-id=5 "${DEV}"; then
+ error "${TEST}: Clevis did not add the LUKS2 token to the correct slot." >&2
+fi
--
2.30.2

8
clevis.spec
View File

@ -1,6 +1,6 @@
Name: clevis
Version: 16
Release: 1%{?dist}
Release: 2%{?dist}
Summary: Automated decryption framework
License: GPLv3+
@ -8,6 +8,8 @@ URL: https://github.com/latchset/%{name}
Source0: https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz
Source1: clevis.sysusers
Patch0001: 0001-Fix-for-t-option-in-clevis-luks-bind-297.patch
BuildRequires: git-core
BuildRequires: gcc
BuildRequires: meson
@ -33,6 +35,7 @@ BuildRequires: cracklib-dicts
BuildRequires: luksmeta
BuildRequires: openssl
BuildRequires: diffutils
BuildRequires: cryptsetup
BuildRequires: jq
Requires: tpm2-tools >= 4.0.0
@ -191,6 +194,9 @@ exit 0
%attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2
%changelog
* Tue Mar 16 2021 Sergio Correia <scorreia@redhat.com> - 16-2
- Fix for -t option in clevis luks bind - backport upstream commit ea0d0c20
* Tue Feb 09 2021 Sergio Correia <scorreia@redhat.com> - 16-1
- Update to new clevis upstream release, v16.