Commit Graph

52 Commits

Author SHA1 Message Date
Sergio Correia
22efa77106 Update to latest upstream version, v18 2021-04-15 08:18:36 -03:00
Sergio Correia
bf943bd577 Update to latest upstream version, v17 2021-04-14 17:52:08 -03:00
Sergio Correia
accda6600e Fix for -t option in clevis luks bind
Backport upstream commit ea0d0c20
2021-03-16 10:48:57 -03:00
Sergio Correia
abb66036e6
Update to latest upstream version, v16 2021-02-09 14:53:16 -03:00
Fedora Release Engineering
79bc444333 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 02:05:10 +00:00
Luca BRUNO
2b2840995c
spec: add clevis sysusers.d entry
This adds a sysusers.d entry for the package, and moves user creation
to the relevant compat macro.

Refs:
 * https://www.freedesktop.org/software/systemd/man/sysusers.d.html
 * https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format
 * https://pagure.io/packaging-committee/pull-request/981
2020-12-17 10:33:25 +00:00
Peter Robinson
d1703cbd94 Upstream patch for tpm-tools 5.0 support 2020-11-23 08:15:01 +00:00
Sergio Correia
ced0ef05e5 Add jq to dependencies 2020-10-29 10:33:10 -03:00
Sergio Correia
c29e330dd8 Update to latest upstream version, v15 2020-10-28 16:23:35 -03:00
Sergio Correia
6e9ce1a014 Suppress output in %pre scriptlet when adjusting users/groups
This approach is also used in other packages, e.g., systemd.
Resolves: rhbz#1876729
2020-09-08 10:50:58 -03:00
Sergio Correia
fe15ade0e2 clevis-luks-askpass now exits cleanly with SIGTERM
Backport of upstream PR#230.
Resolves: rhbz#1876001
2020-09-08 10:50:40 -03:00
Sergio Correia
aedbfaae21 Make sure clevis-luks-askpass is using the correct path, if enabled 2020-09-08 09:37:29 -03:00
Sergio Correia
ce9256d835 Use autosetup -S git 2020-09-05 12:02:28 -03:00
Sergio Correia
c408be4b5f Update sources file with new release 2020-08-31 09:01:33 -03:00
Sergio Correia
3830667585 Update to latest upstream version, v14 2020-08-31 08:44:43 -03:00
Benjamin Gilbert
1c516e45a0 Downgrade cracklib-dicts to Recommends
It's a 10 MB dependency, and isn't needed if dictcheck = 0 in
/etc/security/pwquality.conf.
2020-08-02 15:41:05 -04:00
Fedora Release Engineering
54371165dc - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-27 14:05:14 +00:00
Sergio Correia
f809e9547c
Update to latest upstream version, v13 2020-05-10 11:10:44 -03:00
Sergio Correia
01ab2d45ee List cracklib-dicts also in BuildRequires
As it's required for running some of the tests.
2020-05-07 16:08:33 -03:00
Sergio Correia
da1cc2c84c Make cracklib-dicts a regular dependency 2020-04-06 11:55:07 -03:00
Fedora Release Engineering
46bbd21faf - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-28 14:11:51 +00:00
Sergio Correia
402b5b8896
Update to new upstream version, v12 2020-01-20 13:29:15 +01:00
Sergio Correia
e9acb551d3 Handle case where we try to use a partially used luksmeta slot
In some situations, especially with older versions of clevis, we can end
up with a partially used luksmeta slot.

We can identify such slots because they will be marked as inactive, yet
they will contain the clevis UUID, "cb6e8904-81ff-40da-a84a-07ab9ab5715e".

When this situation happens, we have cryptsetup and luksmeta slots "out
of sync", and since we currently have cryptsetup choose the slot, we may
end up trying to use such a partially used slot, which in turn will fail
because luksmeta will not be able to save data to it.

We handle this case by wiping the partially used slot, if we identify
the situation will arise.

Tests also added to verify this case is handled properly.

Fixes: #70
2019-12-19 09:43:27 -03:00
Sergio Correia
745ee46295
Disable LUKS2 tests for now
As they fail randomly in Koji builders, killing the build.
2019-12-05 08:50:32 -03:00
Sergio Correia
c3193c30ba
Backport upstream tests and fixes
Commits backported:

* Add tests for LUKS binding and unbinding
- f5d42cb3ba

* Rework the logic for reading the existing key
- 834eda9db6

* fix for different output from 'luksAddKey' command w/cryptsetup v2.0.2 (
- 62bd6de0b8

* pins/tang: check that key derivation key is available
- c231352729
2019-12-05 08:06:14 -03:00
Peter Robinson
8f866ee158 fix patch application 2019-10-31 16:16:47 +00:00
Peter Robinson
b1fb02f6fe drop the rd.neednet for the time being 2019-10-31 16:07:08 +00:00
Javier Martinez Canillas
0f1aa4e16b
Add support for tpm2-tools 4.0
The tpm2-tools package in Fedora 32 was updated to version 4.0, but clevis
still only has 3.0 support. Support for the latest release is in the works
and will probable make it to the next clevis release.

But until that happens, let's backport the patches that add tpm2-tools 4.0
support for clevis so it continues to work in Fedora 32.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-09-06 17:34:52 +02:00
Fedora Release Engineering
03eb6fb719 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-24 20:24:00 +00:00
Fedora Release Engineering
4e89fd4755 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-01-31 15:44:00 +00:00
Peter Robinson
8da96d5981 Update patch for work around 2018-12-06 13:44:49 +00:00
Peter Robinson
85b667ec5e Work around network requirement for early boot 2018-12-06 13:30:05 +00:00
Javier Martinez Canillas
41ad3f90fc
A couple of fixes for v11
- Delete remaining references to the removed http pin
- Install cryptsetup and tpm2_pcrlist in the initramfs
- Add device TCTI library to the initramfs

Resolves: rhbz#1644876

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2018-11-09 12:35:10 +01:00
Nathaniel McCallum
db769ffa91 Update to v11 2018-08-13 23:39:02 -04:00
Fedora Release Engineering
81704e572b - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-12 21:52:22 +00:00
Igor Gnatenko
9fe295c7eb add BuildRequires: gcc
Reference: https://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot
2018-07-09 19:06:43 +02:00
Nathaniel McCallum
bff126bfb9 Add missing BR on tpm2-tools 2018-03-22 10:37:17 -04:00
Nathaniel McCallum
93bca47e02 Update to v10 2018-03-21 14:45:03 -04:00
Nathaniel McCallum
262c5de4b9 Update to v9 2018-02-13 16:00:29 -05:00
Fedora Release Engineering
1065982798 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-07 05:06:04 +00:00
Nathaniel McCallum
3738853563 Update to v8 2017-11-13 11:47:39 -05:00
Zbigniew Jędrzejewski-Szmek
2333aac0b7 Rebuild for cryptsetup-2.0.0 2017-11-08 16:59:58 +01:00
Nathaniel McCallum
e39c2e575f Update to v7 2017-10-27 16:52:43 -04:00
Fedora Release Engineering
96a509e3ae - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-02 18:51:37 +00:00
Fedora Release Engineering
233d695e6b - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-26 04:57:33 +00:00
Nathaniel McCallum
5fd422d0ac New upstream release 2017-06-27 07:28:46 -04:00
Nathaniel McCallum
042f0905c4 New upstream release 2017-06-26 11:43:58 -04:00
Nathaniel McCallum
61115a6c3d New upstream release 2017-06-14 13:32:56 -04:00
Nathaniel McCallum
52a6475da5 Add versioned requirement 2017-06-14 10:26:13 -04:00
Nathaniel McCallum
536be1e84a New upstream release 2017-06-14 10:24:19 -04:00