import clevis-18-106.el9
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
a6a3bf0924
commit
f8a2cf5a25
25
SOURCES/0007-avoid-clevis-invalid-msg.patch
Normal file
25
SOURCES/0007-avoid-clevis-invalid-msg.patch
Normal file
@ -0,0 +1,25 @@
|
||||
--- clevis-18.ori/src/clevis 2021-04-15 13:00:19.965065700 +0200
|
||||
+++ clevis-18/src/clevis 2022-06-20 14:29:50.148261656 +0200
|
||||
@@ -27,6 +27,8 @@
|
||||
}
|
||||
|
||||
cmd=clevis
|
||||
+input_commands="$cmd $@"
|
||||
+
|
||||
while [ $# -gt 0 ]; do
|
||||
[[ "$1" =~ ^- ]] && break
|
||||
cmd="$cmd-$1"
|
||||
@@ -36,8 +38,11 @@
|
||||
done
|
||||
|
||||
exec >&2
|
||||
-echo
|
||||
-echo "Command '$cmd' is invalid"
|
||||
+if [ "$cmd" != "clevis" ];
|
||||
+then
|
||||
+ echo
|
||||
+ echo "Command '$input_commands' is invalid"
|
||||
+fi
|
||||
echo
|
||||
echo "Usage: clevis COMMAND [OPTIONS]"
|
||||
echo
|
||||
@ -0,0 +1,54 @@
|
||||
From da988dee93fd3171d41248fe884c627cdafa563e Mon Sep 17 00:00:00 2001
|
||||
From: Sergio Arroutbi <sarroutb@redhat.com>
|
||||
Date: Tue, 2 Aug 2022 09:25:54 -0300
|
||||
Subject: [PATCH] Improve boot performance by removing key check
|
||||
|
||||
---
|
||||
src/luks/clevis-luks-common-functions.in | 10 +++++++---
|
||||
1 file changed, 7 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/luks/clevis-luks-common-functions.in b/src/luks/clevis-luks-common-functions.in
|
||||
index f018340..d059aae 100644
|
||||
--- a/src/luks/clevis-luks-common-functions.in
|
||||
+++ b/src/luks/clevis-luks-common-functions.in
|
||||
@@ -313,6 +313,7 @@ clevis_luks_check_valid_key_or_keyfile() {
|
||||
clevis_luks_unlock_device_by_slot() {
|
||||
local DEV="${1}"
|
||||
local SLT="${2}"
|
||||
+ local SKIP_CHECK="${3}"
|
||||
|
||||
[ -z "${DEV}" ] && return 1
|
||||
[ -z "${SLT}" ] && return 1
|
||||
@@ -327,8 +328,9 @@ clevis_luks_unlock_device_by_slot() {
|
||||
|| [ -z "${passphrase}" ]; then
|
||||
return 1
|
||||
fi
|
||||
-
|
||||
- clevis_luks_check_valid_key_or_keyfile "${DEV}" "${passphrase}" || return 1
|
||||
+ if [ -z "${SKIP_CHECK}" ]; then
|
||||
+ clevis_luks_check_valid_key_or_keyfile "${DEV}" "${passphrase}" || return 1
|
||||
+ fi
|
||||
printf '%s' "${passphrase}"
|
||||
}
|
||||
|
||||
@@ -336,6 +338,8 @@ clevis_luks_unlock_device_by_slot() {
|
||||
# parameter and returns the decoded passphrase.
|
||||
clevis_luks_unlock_device() {
|
||||
local DEV="${1}"
|
||||
+ local SKIP_CHECK="YES"
|
||||
+
|
||||
[ -z "${DEV}" ] && return 1
|
||||
|
||||
local used_slots
|
||||
@@ -346,7 +350,7 @@ clevis_luks_unlock_device() {
|
||||
|
||||
local slt pt
|
||||
for slt in ${used_slots}; do
|
||||
- if ! pt=$(clevis_luks_unlock_device_by_slot "${DEV}" "${slt}") \
|
||||
+ if ! pt=$(clevis_luks_unlock_device_by_slot "${DEV}" "${slt}" "${SKIP_CHECK}") \
|
||||
|| [ -z "${pt}" ]; then
|
||||
continue
|
||||
fi
|
||||
--
|
||||
2.35.1
|
||||
|
||||
@ -0,0 +1,45 @@
|
||||
From 0654fd3f3fd1ebc080cb1140774120d8f392137b Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Renaud=20M=C3=A9trich?=
|
||||
<1163635+rmetrich@users.noreply.github.com>
|
||||
Date: Wed, 1 Dec 2021 09:37:35 -0300
|
||||
Subject: [PATCH] luks: enable debugging in clevis scripts when rd.debug is set
|
||||
(#340)
|
||||
|
||||
On Fedora/RHEL, the rd.debug kernel command line parameter controls
|
||||
debugging.
|
||||
By implementing the functionality inside clevis, troubleshooting will be
|
||||
greatly eased.
|
||||
See RHBZ #1980742 (https://bugzilla.redhat.com/show_bug.cgi?id=1980742).
|
||||
---
|
||||
src/luks/clevis-luks-common-functions.in | 15 +++++++++++++++
|
||||
1 file changed, 15 insertions(+)
|
||||
|
||||
diff --git a/src/luks/clevis-luks-common-functions.in b/src/luks/clevis-luks-common-functions.in
|
||||
index d059aae..87b370f 100644
|
||||
--- a/src/luks/clevis-luks-common-functions.in
|
||||
+++ b/src/luks/clevis-luks-common-functions.in
|
||||
@@ -20,6 +20,21 @@
|
||||
|
||||
CLEVIS_UUID="cb6e8904-81ff-40da-a84a-07ab9ab5715e"
|
||||
|
||||
+enable_debugging() {
|
||||
+ # Automatically enable debugging if in initramfs phase and rd.debug
|
||||
+ if [ -e /usr/lib/dracut-lib.sh ]; then
|
||||
+ local bashopts=$-
|
||||
+ # Because dracut is loosely written, disable hardening options temporarily
|
||||
+ [[ $bashopts != *u* ]] || set +u
|
||||
+ [[ $bashopts != *e* ]] || set +e
|
||||
+ . /usr/lib/dracut-lib.sh
|
||||
+ [[ $bashopts != *u* ]] || set -u
|
||||
+ [[ $bashopts != *e* ]] || set -e
|
||||
+ fi
|
||||
+}
|
||||
+
|
||||
+enable_debugging
|
||||
+
|
||||
# valid_slot() will check whether a given slot is possibly valid, i.e., if it
|
||||
# is a numeric value within the specified range.
|
||||
valid_slot() {
|
||||
--
|
||||
2.35.1
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: clevis
|
||||
Version: 18
|
||||
Release: 102%{?dist}
|
||||
Release: 106%{?dist}
|
||||
Summary: Automated decryption framework
|
||||
|
||||
License: GPLv3+
|
||||
@ -13,6 +13,9 @@ Patch0002: 0002-systemd-account-for-unlocking-failures-in-clevis-luk.patch
|
||||
Patch0004: 0004-luks-explicitly-specify-pbkdf-iterations-to-cryptset.patch
|
||||
Patch0005: 0005-tang-dump-url-on-error-communication.patch
|
||||
Patch0006: 0006-feat-rename-the-test-pin-to-null-pin.patch
|
||||
Patch0007: 0007-avoid-clevis-invalid-msg.patch
|
||||
Patch0008: 0008-Improve-boot-performance-by-removing-key-check.patch
|
||||
Patch0009: 0009-luks-enable-debugging-in-clevis-scripts-when-rd.debu.patch
|
||||
|
||||
BuildRequires: git-core
|
||||
BuildRequires: gcc
|
||||
@ -48,6 +51,7 @@ Requires: jose >= 8
|
||||
Requires: curl
|
||||
Requires: jq
|
||||
Requires(pre): shadow-utils
|
||||
Requires(post): systemd
|
||||
Recommends: cracklib-dicts
|
||||
|
||||
%description
|
||||
@ -132,16 +136,8 @@ if getent group tss >/dev/null && ! groups %{name} | grep -q "\btss\b"; then
|
||||
fi
|
||||
exit 0
|
||||
|
||||
%posttrans
|
||||
# In case the clevis-luks-askpass is enabled, make sure it's using the
|
||||
# correct target, which changed in v14.
|
||||
[ "$(find /etc/systemd/system/ -name "clevis-luks-askpass*")" ] || exit 0
|
||||
find /etc/systemd/system/ -name "clevis-luks-askpass*" \
|
||||
| grep -q cryptsetup.target.wants && exit 0
|
||||
|
||||
find /etc/systemd/system/ -name "clevis-luks-askpass*" -exec rm {} +
|
||||
systemctl enable clevis-luks-askpass.path >/dev/null 2>&1 || :
|
||||
exit 0
|
||||
%post systemd
|
||||
systemctl preset %{name}-luks-askpass.path >/dev/null 2>&1 || :
|
||||
|
||||
%files
|
||||
%license COPYING
|
||||
@ -200,6 +196,22 @@ exit 0
|
||||
%attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2
|
||||
|
||||
%changelog
|
||||
* Tue Aug 02 2022 Sergio Correia <scorreia@redhat.com> - 18-106
|
||||
- Enable debugging in clevis scripts when rd.debug is set
|
||||
Resolves: rhbz#2022420
|
||||
|
||||
* Tue Aug 02 2022 Sergio Arroutbi <sarroutb@redhat.com> - 18-105
|
||||
- Start clevis-luks-askpass.path service according to global policy
|
||||
Resolves: rhbz#2107078
|
||||
|
||||
* Thu Jul 21 2022 Sergio Arroutbi <sarroutb@redhat.com> - 18-104
|
||||
- Improve boot performance by removing key check
|
||||
Resolves: rhbz#2099701
|
||||
|
||||
* Mon Jun 20 2022 Sergio Arroutbi <sarroutb@redhat.com> - 18-103
|
||||
- Avoid invalid message for clevis command
|
||||
Resolves: rhbz#2080281
|
||||
|
||||
* Wed Jan 26 2022 Sergio Correia <scorreia@redhat.com> - 18-102
|
||||
- Support a null pin
|
||||
Resolves: rhbz#2028091
|
||||
|
||||
Loading…
Reference in New Issue
Block a user