Sergio Arroutbi
1c694a08aa
TPM2 use first PCR algorithm bank supported by TPM
...
Resolves: #RHEL-65469
Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
2024-11-05 16:19:26 +01:00
Sergio Arroutbi
18a84f13b2
Split PKCS#11 files into clevis-pin-pkcs11 package
...
Resolves: #RHEL-62072
Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
2024-10-18 11:11:05 +00:00
Sergio Arroutbi
8a9b4eb00d
Fix clevis v21 tang functionality at boot time
...
Resolves: #RHEL-61661
Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
2024-10-09 12:20:42 +02:00
Sergio Arroutbi
9ceb9926a0
Fix clevis v21 tang functionality at boot time
...
Resolves: #RHEL-61186
Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
2024-10-01 17:25:46 +02:00
Sergio Arroutbi
205a7189bd
Rebase to clevis-21 upstream version
...
Resolves: RHEL-60113
Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
2024-09-26 15:03:23 +02:00
Sergio Arroutbi
a9afd51906
Rebase to clevis-20 upstream version
...
Resolves: RHEL-29279
Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
2024-05-21 10:10:50 +02:00
Sergio Arroutbi
c1f7a45957
Migrate to SPDX like licensing
...
Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
2023-05-31 12:06:33 +02:00
Sergio Arroutbi
0318ae55d0
Include LUKSv2 volumes in description
...
Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
2023-02-28 20:41:52 +01:00
Sergio Correia
df4b0fde9e
Update to latest upstream version, v19
...
Resolves: rhbz#2165258
2023-02-01 23:24:50 -03:00
Sergio Arroutbi
b7dbfb6f3e
Backport upstream fixes
...
6e48a1c: luks-edit: remove unnecessary 2>/dev/null
3f879a3: Avoid invalid message for clevis command
e0e92f8: Fix typo in error messages
47b01ab: Improve boot performance by removing key check
f5786d3: Notify error url on server connect fail
f621575: luks: fix typo when adding a pending device
0589c14: luks: ignore empty & comment lines in crypttab
3bb852b: luks: define max entropy bits for pwmake
Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
2022-12-16 14:45:23 +01:00
Sergio Arroutbi
594feccd06
External token id parameter
...
This change introduces new parameter "-e", that
allows specifying an existing token ID to avoid
having to provide an existing passphrase and
use an already configured LUKS2 token ID to read it
Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
2022-12-09 12:12:31 +01:00
Sergio Correia
2efddf72e8
Opt into %autorelease/%autochangelog
2022-08-05 16:54:37 -03:00
Luca BRUNO
94157136c2
clevis: simplify sysusers.d fragment by using default 'nologin' shell
...
This tweaks the existing sysuser.d fragment in order to simplify it.
The 'nologin' shell is the documented systemd default, so there is
no need to explicitly specify it.
This change allows better handling of default vs custom shell in the
macro logic which bridges between `systemd-sysusers` and `useradd`.
2022-08-05 09:32:00 +00:00
Fedora Release Engineering
3eb26d224b
Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-20 23:04:49 +00:00
Sergio Arroutbi
e4d2e989a6
Support a null pin
...
Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
2022-07-08 15:46:15 +02:00
Sergio Arroutbi
fb2f34f129
Apply systemd-preset in clevis-systemd postinstall
...
This change calls "systemd preset" command after
clevis-systemd postinstall, so that it applies
distro global policies after installation, allowing
to start the service when global policies indicate so
Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
2022-06-28 15:49:54 +02:00
Fedora Release Engineering
1b2bdf29ff
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-19 23:21:01 +00:00
Sergio Correia
93af905e1f
Account for unlocking failures in clevis-luks-askpass
...
Resolves: rhbz#1878892
2021-10-29 12:10:03 -03:00
Sahana Prasad
2fc1533e5b
Rebuilt with OpenSSL 3.0.0
2021-09-14 18:59:34 +02:00
Fedora Release Engineering
9a0b8d7fad
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-21 19:34:39 +00:00
Sergio Correia
7df4966cc9
Port to OpenSSL 3
...
Backport of upstream commit (ee1dfedb)
2021-05-07 09:14:44 -03:00
Sergio Correia
22efa77106
Update to latest upstream version, v18
2021-04-15 08:18:36 -03:00
Sergio Correia
bf943bd577
Update to latest upstream version, v17
2021-04-14 17:52:08 -03:00
Sergio Correia
accda6600e
Fix for -t option in clevis luks bind
...
Backport upstream commit ea0d0c20
2021-03-16 10:48:57 -03:00
Sergio Correia
abb66036e6
Update to latest upstream version, v16
2021-02-09 14:53:16 -03:00
Fedora Release Engineering
79bc444333
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 02:05:10 +00:00
Luca BRUNO
2b2840995c
spec: add clevis sysusers.d entry
...
This adds a sysusers.d entry for the package, and moves user creation
to the relevant compat macro.
Refs:
* https://www.freedesktop.org/software/systemd/man/sysusers.d.html
* https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format
* https://pagure.io/packaging-committee/pull-request/981
2020-12-17 10:33:25 +00:00
Peter Robinson
d1703cbd94
Upstream patch for tpm-tools 5.0 support
2020-11-23 08:15:01 +00:00
Sergio Correia
ced0ef05e5
Add jq to dependencies
2020-10-29 10:33:10 -03:00
Sergio Correia
c29e330dd8
Update to latest upstream version, v15
2020-10-28 16:23:35 -03:00
Sergio Correia
6e9ce1a014
Suppress output in %pre scriptlet when adjusting users/groups
...
This approach is also used in other packages, e.g., systemd.
Resolves: rhbz#1876729
2020-09-08 10:50:58 -03:00
Sergio Correia
fe15ade0e2
clevis-luks-askpass now exits cleanly with SIGTERM
...
Backport of upstream PR#230.
Resolves: rhbz#1876001
2020-09-08 10:50:40 -03:00
Sergio Correia
aedbfaae21
Make sure clevis-luks-askpass is using the correct path, if enabled
2020-09-08 09:37:29 -03:00
Sergio Correia
ce9256d835
Use autosetup -S git
2020-09-05 12:02:28 -03:00
Sergio Correia
c408be4b5f
Update sources file with new release
2020-08-31 09:01:33 -03:00
Sergio Correia
3830667585
Update to latest upstream version, v14
2020-08-31 08:44:43 -03:00
Benjamin Gilbert
1c516e45a0
Downgrade cracklib-dicts to Recommends
...
It's a 10 MB dependency, and isn't needed if dictcheck = 0 in
/etc/security/pwquality.conf.
2020-08-02 15:41:05 -04:00
Fedora Release Engineering
54371165dc
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-27 14:05:14 +00:00
Sergio Correia
f809e9547c
Update to latest upstream version, v13
2020-05-10 11:10:44 -03:00
Sergio Correia
01ab2d45ee
List cracklib-dicts also in BuildRequires
...
As it's required for running some of the tests.
2020-05-07 16:08:33 -03:00
Sergio Correia
da1cc2c84c
Make cracklib-dicts a regular dependency
2020-04-06 11:55:07 -03:00
Fedora Release Engineering
46bbd21faf
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-28 14:11:51 +00:00
Sergio Correia
402b5b8896
Update to new upstream version, v12
2020-01-20 13:29:15 +01:00
Sergio Correia
e9acb551d3
Handle case where we try to use a partially used luksmeta slot
...
In some situations, especially with older versions of clevis, we can end
up with a partially used luksmeta slot.
We can identify such slots because they will be marked as inactive, yet
they will contain the clevis UUID, "cb6e8904-81ff-40da-a84a-07ab9ab5715e".
When this situation happens, we have cryptsetup and luksmeta slots "out
of sync", and since we currently have cryptsetup choose the slot, we may
end up trying to use such a partially used slot, which in turn will fail
because luksmeta will not be able to save data to it.
We handle this case by wiping the partially used slot, if we identify
the situation will arise.
Tests also added to verify this case is handled properly.
Fixes : #70
2019-12-19 09:43:27 -03:00
Sergio Correia
745ee46295
Disable LUKS2 tests for now
...
As they fail randomly in Koji builders, killing the build.
2019-12-05 08:50:32 -03:00
Sergio Correia
c3193c30ba
Backport upstream tests and fixes
...
Commits backported:
* Add tests for LUKS binding and unbinding
- f5d42cb3ba
* Rework the logic for reading the existing key
- 834eda9db6
* fix for different output from 'luksAddKey' command w/cryptsetup v2.0.2 (
- 62bd6de0b8
* pins/tang: check that key derivation key is available
- c231352729
2019-12-05 08:06:14 -03:00
Peter Robinson
8f866ee158
fix patch application
2019-10-31 16:16:47 +00:00
Peter Robinson
b1fb02f6fe
drop the rd.neednet for the time being
2019-10-31 16:07:08 +00:00
Javier Martinez Canillas
0f1aa4e16b
Add support for tpm2-tools 4.0
...
The tpm2-tools package in Fedora 32 was updated to version 4.0, but clevis
still only has 3.0 support. Support for the latest release is in the works
and will probable make it to the next clevis release.
But until that happens, let's backport the patches that add tpm2-tools 4.0
support for clevis so it continues to work in Fedora 32.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-09-06 17:34:52 +02:00
Fedora Release Engineering
03eb6fb719
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-24 20:24:00 +00:00