From 25e9933bf0c949217fc273194652475410e034c8 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Thu, 20 Jul 2023 12:39:12 +0100 Subject: [PATCH] Update to FDO 0.4.10 Resolves: rhbz#2224364 Signed-off-by: Peter Robinson --- ...chore-update-libcryptsetup-rs-to-0.8.patch | 64 ++++++++ fdo-fix-tss-esapi-features.patch | 22 +++ fido-device-onboard.spec | 151 ++++++++++-------- make-vendored-tarfile.sh | 14 -- sources | 4 +- 5 files changed, 168 insertions(+), 87 deletions(-) create mode 100644 0001-chore-update-libcryptsetup-rs-to-0.8.patch create mode 100644 fdo-fix-tss-esapi-features.patch delete mode 100644 make-vendored-tarfile.sh diff --git a/0001-chore-update-libcryptsetup-rs-to-0.8.patch b/0001-chore-update-libcryptsetup-rs-to-0.8.patch new file mode 100644 index 0000000..0ae9422 --- /dev/null +++ b/0001-chore-update-libcryptsetup-rs-to-0.8.patch @@ -0,0 +1,64 @@ +From 5e57b7fc4afc170c65e4b9a283da2f59fb3f127e Mon Sep 17 00:00:00 2001 +From: Irene Diez +Date: Tue, 13 Jun 2023 17:40:05 +0200 +Subject: [PATCH] chore: update libcryptsetup to 0.8.0 and fix API changes + +Signed-off-by: Irene Diez +--- + Cargo.lock | 4 ++-- + client-linuxapp/Cargo.toml | 2 +- + client-linuxapp/src/reencrypt/rebind.rs | 4 ++-- + 3 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/client-linuxapp/Cargo.toml b/client-linuxapp/Cargo.toml +index f97a649d..cbd132b8 100644 +--- a/client-linuxapp/Cargo.toml ++++ b/client-linuxapp/Cargo.toml +@@ -17,7 +17,7 @@ rand = "0.8.4" + nix = "0.26" + uuid = "1.3" + thiserror = "1" +-libcryptsetup-rs = { version = "0.7.0", features = ["mutex"] } ++libcryptsetup-rs = { version = "0.8.0", features = ["mutex"] } + secrecy = "0.8" + devicemapper = "0.33" + +diff --git a/client-linuxapp/src/reencrypt/mod.rs b/client-linuxapp/src/reencrypt/mod.rs +index da2b7d38..1e38d35a 100644 +--- a/client-linuxapp/src/reencrypt/mod.rs ++++ b/client-linuxapp/src/reencrypt/mod.rs +@@ -64,7 +64,7 @@ fn perform_reencrypt(dev_name: &str) -> Result<()> { + .context("Error opening device")?; + + dev.context_handle() +- .load::(None, None) ++ .load::<()>(None, None) + .context("Error loading device context")?; + + let status = dev +diff --git a/client-linuxapp/src/reencrypt/rebind.rs b/client-linuxapp/src/reencrypt/rebind.rs +index 0c35a71c..693beb1f 100644 +--- a/client-linuxapp/src/reencrypt/rebind.rs ++++ b/client-linuxapp/src/reencrypt/rebind.rs +@@ -154,7 +154,7 @@ fn clevis_bind( + log::trace!("Clevis bind successful"); + + dev.context_handle() +- .load::(None, None) ++ .load::<()>(None, None) + .context("Error re-loading device context")?; + + log::trace!("Reloaded device context"); +diff --git a/client-linuxapp/src/serviceinfo.rs b/client-linuxapp/src/serviceinfo.rs +index 43c60302..89ce7e6b 100644 +--- a/client-linuxapp/src/serviceinfo.rs ++++ b/client-linuxapp/src/serviceinfo.rs +@@ -253,7 +253,7 @@ impl DiskEncryptionInProgress { + log::debug!("Device initiated"); + + dev.context_handle() +- .load::(None, None) ++ .load::<()>(None, None) + .context("Error loading device context")?; + + log::debug!("Device information loaded"); diff --git a/fdo-fix-tss-esapi-features.patch b/fdo-fix-tss-esapi-features.patch new file mode 100644 index 0000000..38ad741 --- /dev/null +++ b/fdo-fix-tss-esapi-features.patch @@ -0,0 +1,22 @@ +--- fido-device-onboard-rs-0.4.10/manufacturing-client/Cargo.toml.orig 2023-07-03 15:24:05.020575397 +0100 ++++ fido-device-onboard-rs-0.4.10/manufacturing-client/Cargo.toml 2023-07-03 15:24:26.381717418 +0100 +@@ -16,7 +16,7 @@ + sys-info = "0.9" + passwd = "0.0.1" + rand = "0.8.4" +-tss-esapi = "7.2" ++tss-esapi = { version = "7.2", features = ["generate-bindings"] } + regex = "1.3.7" + + fdo-data-formats = { path = "../data-formats", version = "0.4.10" } +--- fido-device-onboard-rs-0.4.10/owner-tool/Cargo.toml.orig 2023-07-03 15:22:27.024923885 +0100 ++++ fido-device-onboard-rs-0.4.10/owner-tool/Cargo.toml 2023-07-03 15:23:31.955355563 +0100 +@@ -14,7 +14,7 @@ + serde = { version = "1", features = ["derive"] } + serde_yaml = "0.9" + tokio = { version = "1", features = ["full"] } +-tss-esapi = "7.2" ++tss-esapi = { version = "7.2", features = ["generate-bindings"] } + + fdo-util = { path = "../util", version = "0.4.10" } + fdo-data-formats = { path = "../data-formats", version = "0.4.10" } diff --git a/fido-device-onboard.spec b/fido-device-onboard.spec index 39fc9d0..a0b315d 100644 --- a/fido-device-onboard.spec +++ b/fido-device-onboard.spec @@ -1,57 +1,32 @@ -%global debug_package %{nil} -%define dracutlibdir %{_prefix}/lib/dracut +%global dracutlibdir %{_prefix}/lib/dracut %bcond_without check -%global forgeurl https://github.com/fedora-iot/fido-device-onboard-rs - -Version: 0.4.7 - -%forgemeta +%global combined_license Apache-2.0 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND ((Apache-2.0 OR MIT) AND BSD-3-Clause) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND (CC0-1.0 OR Apache-2.0) AND (CC0-1.0 OR MIT-0 OR Apache 2.0) AND ISC AND MIT AND ((MIT OR Apache-2.0) AND Unicode-DFS-2016) AND (Apache-2.0 OR MIT OR Zlib) AND MPL-2.0 AND (Unlicense OR MIT) Name: fido-device-onboard -Release: 3%{?dist} +Version: 0.4.10 +Release: 2%{?dist} Summary: A rust implementation of the FIDO Device Onboard Specification +License: BSD-3-Clause -# Apache-2.0 -# Apache-2.0 OR BSL-1.0 -# Apache-2.0 OR ISC OR MIT -# Apache-2.0 OR MIT -# (Apache-2.0 OR MIT) AND BSD-3-Clause -# Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT -# BSD-2-Clause -# BSD-3-Clause -# CC0-1.0 -# CC0-1.0 OR Apache-2.0 -# ISC -# MIT -# MIT OR Apache-2.0 -# MIT OR Apache-2.0 OR Zlib -# MPL-2.0 -# Unlicense OR MIT -# Zlib OR Apache-2.0 OR MIT +URL: https://github.com/fedora-iot/fido-device-onboard-rs +Source0: %{url}/archive/v%{version}/%{name}-rs-%{version}.tar.gz +# See make-vendored-tarfile.sh in upstream repo +Source1: %{name}-rs-%{version}-vendor-patched.tar.xz +# From upstream +Patch0: 0001-chore-update-libcryptsetup-rs-to-0.8.patch +Patch1: fdo-fix-tss-esapi-features.patch -License: Apache-2.0 and BSD and MIT -URL: %{forgeurl} +# Because nobody cares +ExcludeArch: %{ix86} -Source0: %{forgesource} -# this is a basic script to generate the vendor tarfile. -Source1: make-vendored-tarfile.sh -%if "%{?commit}" != "" -Source2: %{name}-rs-%{commit}-vendor-patched.tar.xz -%else -Source2: %{name}-rs-%{version}-vendor-patched.tar.xz -%endif - -ExclusiveArch: %{rust_arches} -# Needs, at least, tss bindings regen -ExcludeArch: s390x i686 %{power64} - -%if 0%{?rhel} && !0%{?eln} +%if 0%{?rhel} BuildRequires: rust-toolset %else BuildRequires: rust-packaging %endif BuildRequires: clang-devel BuildRequires: cryptsetup-devel +BuildRequires: device-mapper-devel BuildRequires: golang BuildRequires: openssl-devel >= 3.0.1-12 BuildRequires: systemd-rpm-macros @@ -61,24 +36,23 @@ BuildRequires: tpm2-tss-devel %{summary}. %prep -%forgesetup +%autosetup -p1 -n %{name}-rs-%{version} + +%if 0%{?rhel} +%cargo_prep -V 1 +%else %cargo_prep - -# Vendored crates -tar xf %{SOURCE2} -mkdir -p .cargo -cat >.cargo/config << EOF -[source.crates-io] -replace-with = "vendored-sources" - -[source.vendored-sources] -directory = "vendor" -EOF +%generate_buildrequires +%cargo_generate_buildrequires -a +%endif %build %cargo_build \ -F openssl-kdf/deny_custom +%{?cargo_license_summary} +%{?cargo_license} > LICENSE.dependencies + %install install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-client-linuxapp install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-client @@ -86,13 +60,13 @@ install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufact install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-owner-onboarding-server install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-rendezvous-server install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-serviceinfo-api-server -# duplicates as needed by AIO command -install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-owner-tool -install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-admin-tool install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-owner-tool install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-admin-tool install -D -m 0644 -t %{buildroot}%{_unitdir} examples/systemd/* install -D -m 0644 -t %{buildroot}%{_docdir}/fdo examples/config/* +# duplicates as needed by AIO command so link them +ln -s %{_bindir}/fdo-owner-tool %{buildroot}%{_libexecdir}/fdo/fdo-owner-tool +ln -s %{_bindir}/fdo-admin-tool %{buildroot}%{_libexecdir}/fdo/fdo-admin-tool mkdir -p %{buildroot}%{_sysconfdir}/fdo # Dracut manufacturing service install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/module-setup.sh @@ -102,28 +76,33 @@ install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/m %package -n fdo-init Summary: dracut module for device initialization +License: %combined_license Requires: openssl-libs >= 3.0.1-12 +Requires: dracut %description -n fdo-init %{summary} %files -n fdo-init -%license LICENSE -%{dracutlibdir}/modules.d/52fdo/* +%license LICENSE LICENSE.dependencies +%{dracutlibdir}/modules.d/52fdo/ %{_libexecdir}/fdo/fdo-manufacturing-client %package -n fdo-owner-onboarding-server Summary: FDO Owner Onboarding Server implementation +License: %combined_license Requires: openssl-libs >= 3.0.1-12 %description -n fdo-owner-onboarding-server %{summary} %files -n fdo-owner-onboarding-server -%license LICENSE +%license LICENSE LICENSE.dependencies %{_libexecdir}/fdo/fdo-owner-onboarding-server %{_libexecdir}/fdo/fdo-serviceinfo-api-server +%dir %{_docdir}/fdo +%{_docdir}/fdo/device_specific_serviceinfo.yml %{_docdir}/fdo/serviceinfo-api-server.yml -%{_unitdir}/fdo-serviceinfo-api-server.service %{_docdir}/fdo/owner-onboarding-server.yml +%{_unitdir}/fdo-serviceinfo-api-server.service %{_unitdir}/fdo-owner-onboarding-server.service %post -n fdo-owner-onboarding-server @@ -140,12 +119,14 @@ Requires: openssl-libs >= 3.0.1-12 %package -n fdo-rendezvous-server Summary: FDO Rendezvous Server implementation +License: %combined_license %description -n fdo-rendezvous-server %{summary} %files -n fdo-rendezvous-server -%license LICENSE +%license LICENSE LICENSE.dependencies %{_libexecdir}/fdo/fdo-rendezvous-server +%dir %{_docdir}/fdo %{_docdir}/fdo/rendezvous-*.yml %{_unitdir}/fdo-rendezvous-server.service @@ -160,13 +141,15 @@ Summary: FDO Rendezvous Server implementation %package -n fdo-manufacturing-server Summary: FDO Manufacturing Server implementation +License: %combined_license Requires: openssl-libs >= 3.0.1-12 %description -n fdo-manufacturing-server %{summary} %files -n fdo-manufacturing-server -%license LICENSE +%license LICENSE LICENSE.dependencies %{_libexecdir}/fdo/fdo-manufacturing-server +%dir %{_docdir}/fdo %{_docdir}/fdo/manufacturing-server.yml %{_unitdir}/fdo-manufacturing-server.service @@ -181,15 +164,17 @@ Requires: openssl-libs >= 3.0.1-12 %package -n fdo-client Summary: FDO Client implementation +License: %combined_license Requires: openssl-libs >= 3.0.1-12 Requires: clevis Requires: clevis-luks +Requires: clevis-pin-tpm2 Requires: cryptsetup %description -n fdo-client %{summary} %files -n fdo-client -%license LICENSE +%license LICENSE LICENSE.dependencies %{_libexecdir}/fdo/fdo-client-linuxapp %{_unitdir}/fdo-client-linuxapp.service @@ -204,27 +189,29 @@ Requires: cryptsetup %package -n fdo-owner-cli Summary: FDO Owner tools implementation +License: %combined_license %description -n fdo-owner-cli %{summary} %files -n fdo-owner-cli -%license LICENSE +%license LICENSE LICENSE.dependencies %{_bindir}/fdo-owner-tool %{_libexecdir}/fdo/fdo-owner-tool %package -n fdo-admin-cli Summary: FDO admin tools implementation -Requires: fdo-manufacturing-server -Requires: fdo-init -Requires: fdo-client -Requires: fdo-rendezvous-server -Requires: fdo-owner-onboarding-server -Requires: fdo-owner-cli +License: %combined_license +Requires: fdo-manufacturing-server = %{version}-%{release} +Requires: fdo-init = %{version}-%{release} +Requires: fdo-client = %{version}-%{release} +Requires: fdo-rendezvous-server = %{version}-%{release} +Requires: fdo-owner-onboarding-server = %{version}-%{release} +Requires: fdo-owner-cli = %{version}-%{release} %description -n fdo-admin-cli %{summary} %files -n fdo-admin-cli -%license LICENSE +%license LICENSE LICENSE.dependencies %{_bindir}/fdo-admin-tool %{_libexecdir}/fdo/fdo-admin-tool %{_unitdir}/fdo-aio.service @@ -240,6 +227,28 @@ Requires: fdo-owner-cli %systemd_postun_with_restart fdo-aio.service %changelog +* Mon Jul 03 2023 Peter Robinson - 0.4.10-2 +- Updates for eln/c9s building + +* Fri Jun 23 2023 Peter Robinson - 0.4.10-1 +- Update to 0.4.10 + +* Wed Jun 14 2023 Peter Robinson - 0.4.9-5 +- More spec updates + +* Wed Jun 14 2023 Peter Robinson - 0.4.9-4 +- Add patch for libcryptsetup-rs 0.8 API changes + +* Tue Jun 13 2023 Peter Robinson - 0.4.9-3 +- Updates for licenses + +* Tue May 30 2023 Peter Robinson - 0.4.9-2 +- Review feedback +- Patch for libcryptsetup-rs 0.7 + +* Thu May 11 2023 Peter Robinson - 0.4.9-1 +- Update to 0.4.9 + * Mon Feb 20 2023 Peter Robinson - 0.4.7-3 - Fix services start diff --git a/make-vendored-tarfile.sh b/make-vendored-tarfile.sh deleted file mode 100644 index 314a2cd..0000000 --- a/make-vendored-tarfile.sh +++ /dev/null @@ -1,14 +0,0 @@ -#/bin/bash -set -x -ver=$1 -cargo vendor -# Various vendor cleanups -pushd vendor -# cleanup windows files -rm -rf winapi/src/* -touch winapi/src/lib.rs -rm -rf winapi-x86_64-pc-windows-gnu/lib/* -rm -rf winapi-i686-pc-windows-gnu/lib/* -rm -rf vcpkg/test-data -popd #vendor -tar cjf fido-device-onboard-rs-$ver-vendor-patched.tar.xz vendor/ diff --git a/sources b/sources index 3787d2c..1f86956 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (fido-device-onboard-rs-0.4.7.tar.gz) = 4a3e5d1f36a5a52369e0d331370aa16d8ebe0659ab9a5b53d4b4620bc53c2e9b3b4f3b93f46027b2207cee8393c26507af028fbbab0876d79cca7dbd515c5925 -SHA512 (fido-device-onboard-rs-0.4.7-vendor-patched.tar.xz) = b2ca4e5ed1abde32ba67e2e2748db8012a013dbbc03a0520d8e8acee2ea4acc1160d559d7b90eace56c1f7cd4f967071ae460c4d3b09d117b61282f1448c2236 +SHA512 (fido-device-onboard-rs-0.4.10.tar.gz) = 7b8b082b845f6af269adaff9608075da43d884edd2ed39ec7b613c368d95b0083a8edbf160479d5effb7c19ce5049a2da3e5806dfbe7addcbc34bd3658367731 +SHA512 (fido-device-onboard-rs-0.4.10-vendor-patched.tar.xz) = e8a272e186be04d5937ed32d33bd9d968150cbe84c7cfa9fe5dc53055d7fc61c2198d42e38ee31fb56aaec75c27098e14af15964c6524fa7e396cd05081e337a