Commit Graph

76 Commits

Author SHA1 Message Date
koncpa
1f4b0be92c Enable RHEL gating for clevis
Resolves: RHEL-37598

Signed-off-by: Patrik Koncity <pkoncity@redhat.com>
2024-05-21 16:39:05 +02:00
Sergio Arroutbi
a9afd51906 Rebase to clevis-20 upstream version
Resolves: RHEL-29279

Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
2024-05-21 10:10:50 +02:00
Fedora Release Engineering
45f9470a7b Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-24 07:25:08 +00:00
Fedora Release Engineering
f620bc5d11 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-19 15:37:32 +00:00
Fedora Release Engineering
dac788fd4d Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-07-19 15:50:22 +00:00
Sergio Arroutbi
c1f7a45957
Migrate to SPDX like licensing
Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
2023-05-31 12:06:33 +02:00
Sergio Arroutbi
0318ae55d0 Include LUKSv2 volumes in description
Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
2023-02-28 20:41:52 +01:00
Sergio Correia
df4b0fde9e
Update to latest upstream version, v19
Resolves: rhbz#2165258
2023-02-01 23:24:50 -03:00
Fedora Release Engineering
be98c83e8d Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-18 23:59:52 +00:00
Sergio Arroutbi
b7dbfb6f3e Backport upstream fixes
6e48a1c: luks-edit: remove unnecessary 2>/dev/null
3f879a3: Avoid invalid message for clevis command
e0e92f8: Fix typo in error messages
47b01ab: Improve boot performance by removing key check
f5786d3: Notify error url on server connect fail
f621575: luks: fix typo when adding a pending device
0589c14: luks: ignore empty & comment lines in crypttab
3bb852b: luks: define max entropy bits for pwmake

Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
2022-12-16 14:45:23 +01:00
Sergio Correia
de7b822cf3
Do not update the changelog file
As we are now using %autochangelog, we should not update the changelog
file anymore.
2022-12-09 12:50:01 -03:00
Sergio Arroutbi
594feccd06 External token id parameter
This change introduces new parameter "-e", that
allows specifying an existing token ID to avoid
having to provide an existing passphrase and
use an already configured LUKS2 token ID to read it

Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
2022-12-09 12:12:31 +01:00
Sergio Correia
2efddf72e8 Opt into %autorelease/%autochangelog 2022-08-05 16:54:37 -03:00
Luca BRUNO
94157136c2 clevis: simplify sysusers.d fragment by using default 'nologin' shell
This tweaks the existing sysuser.d fragment in order to simplify it.
The 'nologin' shell is the documented systemd default, so there is
no need to explicitly specify it.
This change allows better handling of default vs custom shell in the
macro logic which bridges between `systemd-sysusers` and `useradd`.
2022-08-05 09:32:00 +00:00
Fedora Release Engineering
3eb26d224b Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-20 23:04:49 +00:00
Sergio Arroutbi
e4d2e989a6 Support a null pin
Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
2022-07-08 15:46:15 +02:00
Sergio Arroutbi
fb2f34f129 Apply systemd-preset in clevis-systemd postinstall
This change calls "systemd preset" command after
clevis-systemd postinstall, so that it applies
distro global policies after installation, allowing
to start the service when global policies indicate so

Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
2022-06-28 15:49:54 +02:00
Fedora Release Engineering
1b2bdf29ff - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-19 23:21:01 +00:00
Sergio Correia
93af905e1f Account for unlocking failures in clevis-luks-askpass
Resolves: rhbz#1878892
2021-10-29 12:10:03 -03:00
Sahana Prasad
2fc1533e5b Rebuilt with OpenSSL 3.0.0 2021-09-14 18:59:34 +02:00
Fedora Release Engineering
9a0b8d7fad - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-21 19:34:39 +00:00
Fedora Release Engineering
ee15149284 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-21 14:37:20 +00:00
Sergio Correia
7df4966cc9 Port to OpenSSL 3
Backport of upstream commit (ee1dfedb)
2021-05-07 09:14:44 -03:00
Sergio Correia
22efa77106 Update to latest upstream version, v18 2021-04-15 08:18:36 -03:00
Sergio Correia
bf943bd577 Update to latest upstream version, v17 2021-04-14 17:52:08 -03:00
Sergio Correia
accda6600e Fix for -t option in clevis luks bind
Backport upstream commit ea0d0c20
2021-03-16 10:48:57 -03:00
Sergio Correia
abb66036e6
Update to latest upstream version, v16 2021-02-09 14:53:16 -03:00
Fedora Release Engineering
79bc444333 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 02:05:10 +00:00
Luca BRUNO
2b2840995c
spec: add clevis sysusers.d entry
This adds a sysusers.d entry for the package, and moves user creation
to the relevant compat macro.

Refs:
 * https://www.freedesktop.org/software/systemd/man/sysusers.d.html
 * https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format
 * https://pagure.io/packaging-committee/pull-request/981
2020-12-17 10:33:25 +00:00
Peter Robinson
d1703cbd94 Upstream patch for tpm-tools 5.0 support 2020-11-23 08:15:01 +00:00
Sergio Correia
ced0ef05e5 Add jq to dependencies 2020-10-29 10:33:10 -03:00
Sergio Correia
c29e330dd8 Update to latest upstream version, v15 2020-10-28 16:23:35 -03:00
Sergio Correia
6e9ce1a014 Suppress output in %pre scriptlet when adjusting users/groups
This approach is also used in other packages, e.g., systemd.
Resolves: rhbz#1876729
2020-09-08 10:50:58 -03:00
Sergio Correia
fe15ade0e2 clevis-luks-askpass now exits cleanly with SIGTERM
Backport of upstream PR#230.
Resolves: rhbz#1876001
2020-09-08 10:50:40 -03:00
Sergio Correia
aedbfaae21 Make sure clevis-luks-askpass is using the correct path, if enabled 2020-09-08 09:37:29 -03:00
Sergio Correia
ce9256d835 Use autosetup -S git 2020-09-05 12:02:28 -03:00
Sergio Correia
c408be4b5f Update sources file with new release 2020-08-31 09:01:33 -03:00
Sergio Correia
3830667585 Update to latest upstream version, v14 2020-08-31 08:44:43 -03:00
Benjamin Gilbert
1c516e45a0 Downgrade cracklib-dicts to Recommends
It's a 10 MB dependency, and isn't needed if dictcheck = 0 in
/etc/security/pwquality.conf.
2020-08-02 15:41:05 -04:00
Fedora Release Engineering
54371165dc - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-27 14:05:14 +00:00
Sergio Correia
f809e9547c
Update to latest upstream version, v13 2020-05-10 11:10:44 -03:00
Sergio Correia
01ab2d45ee List cracklib-dicts also in BuildRequires
As it's required for running some of the tests.
2020-05-07 16:08:33 -03:00
Sergio Correia
da1cc2c84c Make cracklib-dicts a regular dependency 2020-04-06 11:55:07 -03:00
Fedora Release Engineering
46bbd21faf - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-28 14:11:51 +00:00
Sergio Correia
402b5b8896
Update to new upstream version, v12 2020-01-20 13:29:15 +01:00
Sergio Correia
e9acb551d3 Handle case where we try to use a partially used luksmeta slot
In some situations, especially with older versions of clevis, we can end
up with a partially used luksmeta slot.

We can identify such slots because they will be marked as inactive, yet
they will contain the clevis UUID, "cb6e8904-81ff-40da-a84a-07ab9ab5715e".

When this situation happens, we have cryptsetup and luksmeta slots "out
of sync", and since we currently have cryptsetup choose the slot, we may
end up trying to use such a partially used slot, which in turn will fail
because luksmeta will not be able to save data to it.

We handle this case by wiping the partially used slot, if we identify
the situation will arise.

Tests also added to verify this case is handled properly.

Fixes: #70
2019-12-19 09:43:27 -03:00
Sergio Correia
745ee46295
Disable LUKS2 tests for now
As they fail randomly in Koji builders, killing the build.
2019-12-05 08:50:32 -03:00
Sergio Correia
c3193c30ba
Backport upstream tests and fixes
Commits backported:

* Add tests for LUKS binding and unbinding
- f5d42cb3ba

* Rework the logic for reading the existing key
- 834eda9db6

* fix for different output from 'luksAddKey' command w/cryptsetup v2.0.2 (
- 62bd6de0b8

* pins/tang: check that key derivation key is available
- c231352729
2019-12-05 08:06:14 -03:00
Peter Robinson
8f866ee158 fix patch application 2019-10-31 16:16:47 +00:00
Peter Robinson
b1fb02f6fe drop the rd.neednet for the time being 2019-10-31 16:07:08 +00:00