Update to FDO 0.4.10

Resolves: rhbz#2224364

Signed-off-by: Peter Robinson <pbrobinson@gmail.com>

0001-chore-update-libcryptsetup-rs-to-0.8.patch

@@ -0,0 +1,64 @@
+From 5e57b7fc4afc170c65e4b9a283da2f59fb3f127e Mon Sep 17 00:00:00 2001
+From: Irene Diez <idiez@redhat.com>
+Date: Tue, 13 Jun 2023 17:40:05 +0200
+Subject: [PATCH] chore: update libcryptsetup to 0.8.0 and fix API changes
+
+Signed-off-by: Irene Diez <idiez@redhat.com>
+---
+ Cargo.lock                              | 4 ++--
+ client-linuxapp/Cargo.toml              | 2 +-
+ client-linuxapp/src/reencrypt/rebind.rs | 4 ++--
+ 3 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/client-linuxapp/Cargo.toml b/client-linuxapp/Cargo.toml
+index f97a649d..cbd132b8 100644
+--- a/client-linuxapp/Cargo.toml
++++ b/client-linuxapp/Cargo.toml
+@@ -17,7 +17,7 @@ rand = "0.8.4"
+ nix = "0.26"
+ uuid = "1.3"
+ thiserror = "1"
+-libcryptsetup-rs = { version = "0.7.0", features = ["mutex"] }
++libcryptsetup-rs = { version = "0.8.0", features = ["mutex"] }
+ secrecy = "0.8"
+ devicemapper = "0.33"
+ 
+diff --git a/client-linuxapp/src/reencrypt/mod.rs b/client-linuxapp/src/reencrypt/mod.rs
+index da2b7d38..1e38d35a 100644
+--- a/client-linuxapp/src/reencrypt/mod.rs
++++ b/client-linuxapp/src/reencrypt/mod.rs
+@@ -64,7 +64,7 @@ fn perform_reencrypt(dev_name: &str) -> Result<()> {
+         .context("Error opening device")?;
+ 
+     dev.context_handle()
+-        .load::<libcryptsetup_rs::CryptParamsLuks2>(None, None)
++        .load::<()>(None, None)
+         .context("Error loading device context")?;
+ 
+     let status = dev
+diff --git a/client-linuxapp/src/reencrypt/rebind.rs b/client-linuxapp/src/reencrypt/rebind.rs
+index 0c35a71c..693beb1f 100644
+--- a/client-linuxapp/src/reencrypt/rebind.rs
++++ b/client-linuxapp/src/reencrypt/rebind.rs
+@@ -154,7 +154,7 @@ fn clevis_bind(
+     log::trace!("Clevis bind successful");
+ 
+     dev.context_handle()
+-        .load::<libcryptsetup_rs::CryptParamsLuks2>(None, None)
++        .load::<()>(None, None)
+         .context("Error re-loading device context")?;
+ 
+     log::trace!("Reloaded device context");
+diff --git a/client-linuxapp/src/serviceinfo.rs b/client-linuxapp/src/serviceinfo.rs
+index 43c60302..89ce7e6b 100644
+--- a/client-linuxapp/src/serviceinfo.rs
++++ b/client-linuxapp/src/serviceinfo.rs
+@@ -253,7 +253,7 @@ impl DiskEncryptionInProgress {
+         log::debug!("Device initiated");
+ 
+         dev.context_handle()
+-            .load::<libcryptsetup_rs::CryptParamsLuks2>(None, None)
++            .load::<()>(None, None)
+             .context("Error loading device context")?;
+ 
+         log::debug!("Device information loaded");

fdo-fix-tss-esapi-features.patch

@@ -0,0 +1,22 @@
+--- fido-device-onboard-rs-0.4.10/manufacturing-client/Cargo.toml.orig	2023-07-03 15:24:05.020575397 +0100
++++ fido-device-onboard-rs-0.4.10/manufacturing-client/Cargo.toml	2023-07-03 15:24:26.381717418 +0100
+@@ -16,7 +16,7 @@
+ sys-info = "0.9"
+ passwd = "0.0.1"
+ rand = "0.8.4"
+-tss-esapi = "7.2"
++tss-esapi = { version = "7.2", features = ["generate-bindings"] }
+ regex = "1.3.7"
+ 
+ fdo-data-formats = { path = "../data-formats", version = "0.4.10" }
+--- fido-device-onboard-rs-0.4.10/owner-tool/Cargo.toml.orig	2023-07-03 15:22:27.024923885 +0100
++++ fido-device-onboard-rs-0.4.10/owner-tool/Cargo.toml	2023-07-03 15:23:31.955355563 +0100
+@@ -14,7 +14,7 @@
+ serde = { version = "1", features = ["derive"] }
+ serde_yaml = "0.9"
+ tokio = { version = "1", features = ["full"] }
+-tss-esapi = "7.2"
++tss-esapi = { version = "7.2", features = ["generate-bindings"] }
+ 
+ fdo-util = { path = "../util", version = "0.4.10" }
+ fdo-data-formats = { path = "../data-formats", version = "0.4.10" }

fido-device-onboard.spec

@@ -1,57 +1,32 @@
-%global debug_package %{nil}
-%define dracutlibdir %{_prefix}/lib/dracut
+%global dracutlibdir %{_prefix}/lib/dracut
 %bcond_without check
-%global forgeurl https://github.com/fedora-iot/fido-device-onboard-rs
-
-Version:        0.4.7
-
-%forgemeta
+%global combined_license Apache-2.0 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND ((Apache-2.0 OR MIT) AND BSD-3-Clause) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND (CC0-1.0 OR Apache-2.0) AND (CC0-1.0 OR MIT-0 OR Apache 2.0) AND ISC AND MIT AND ((MIT OR Apache-2.0) AND Unicode-DFS-2016) AND (Apache-2.0 OR MIT OR Zlib) AND MPL-2.0 AND (Unlicense OR MIT)
 
 Name:           fido-device-onboard
-Release:        3%{?dist}
+Version:        0.4.10
+Release:        2%{?dist}
 Summary:        A rust implementation of the FIDO Device Onboard Specification
+License:        BSD-3-Clause
 
-# Apache-2.0
-# Apache-2.0 OR BSL-1.0
-# Apache-2.0 OR ISC OR MIT
-# Apache-2.0 OR MIT
-# (Apache-2.0 OR MIT) AND BSD-3-Clause
-# Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT
-# BSD-2-Clause
-# BSD-3-Clause
-# CC0-1.0
-# CC0-1.0 OR Apache-2.0
-# ISC
-# MIT
-# MIT OR Apache-2.0
-# MIT OR Apache-2.0 OR Zlib
-# MPL-2.0
-# Unlicense OR MIT
-# Zlib OR Apache-2.0 OR MIT
+URL:            https://github.com/fedora-iot/fido-device-onboard-rs
+Source0:        %{url}/archive/v%{version}/%{name}-rs-%{version}.tar.gz
+# See make-vendored-tarfile.sh in upstream repo
+Source1:        %{name}-rs-%{version}-vendor-patched.tar.xz
+# From upstream
+Patch0:         0001-chore-update-libcryptsetup-rs-to-0.8.patch
+Patch1:         fdo-fix-tss-esapi-features.patch
 
-License:        Apache-2.0 and BSD and MIT
-URL:            %{forgeurl}
+# Because nobody cares
+ExcludeArch: %{ix86}
 
-Source0:        %{forgesource}
-# this is a basic script to generate the vendor tarfile.
-Source1:        make-vendored-tarfile.sh
-%if "%{?commit}" != ""
-Source2:        %{name}-rs-%{commit}-vendor-patched.tar.xz
-%else
-Source2:        %{name}-rs-%{version}-vendor-patched.tar.xz
-%endif
-
-ExclusiveArch:  %{rust_arches}
-# Needs, at least, tss bindings regen
-ExcludeArch:    s390x i686 %{power64}
-
-%if 0%{?rhel} && !0%{?eln}
+%if 0%{?rhel}
 BuildRequires:  rust-toolset
 %else
 BuildRequires:  rust-packaging
 %endif
 BuildRequires:  clang-devel
 BuildRequires:  cryptsetup-devel
+BuildRequires:  device-mapper-devel
 BuildRequires:  golang
 BuildRequires:  openssl-devel >= 3.0.1-12
 BuildRequires:  systemd-rpm-macros
@@ -61,24 +36,23 @@ BuildRequires:  tpm2-tss-devel
 %{summary}.
 
 %prep
-%forgesetup
+%autosetup -p1 -n %{name}-rs-%{version}
+
+%if 0%{?rhel}
+%cargo_prep -V 1
+%else
 %cargo_prep
-
-# Vendored crates
-tar xf %{SOURCE2}
-mkdir -p .cargo
-cat >.cargo/config << EOF
-[source.crates-io]
-replace-with = "vendored-sources"
-
-[source.vendored-sources]
-directory = "vendor"
-EOF
+%generate_buildrequires
+%cargo_generate_buildrequires -a
+%endif
 
 %build
 %cargo_build \
 -F openssl-kdf/deny_custom
 
+%{?cargo_license_summary}
+%{?cargo_license} > LICENSE.dependencies
+
 %install
 install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-client-linuxapp
 install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-client
@@ -86,13 +60,13 @@ install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufact
 install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-owner-onboarding-server
 install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-rendezvous-server
 install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-serviceinfo-api-server
-# duplicates as needed by AIO command
-install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-owner-tool
-install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-admin-tool
 install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-owner-tool
 install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-admin-tool
 install -D -m 0644 -t %{buildroot}%{_unitdir} examples/systemd/*
 install -D -m 0644 -t %{buildroot}%{_docdir}/fdo examples/config/*
+# duplicates as needed by AIO command so link them
+ln -s %{_bindir}/fdo-owner-tool  %{buildroot}%{_libexecdir}/fdo/fdo-owner-tool
+ln -s %{_bindir}/fdo-admin-tool %{buildroot}%{_libexecdir}/fdo/fdo-admin-tool
 mkdir -p %{buildroot}%{_sysconfdir}/fdo
 # Dracut manufacturing service
 install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/module-setup.sh
@@ -102,28 +76,33 @@ install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/m
 
 %package -n fdo-init
 Summary: dracut module for device initialization
+License: %combined_license
 Requires: openssl-libs >= 3.0.1-12
+Requires: dracut
 %description -n fdo-init
 %{summary}
 
 %files -n fdo-init
-%license LICENSE
-%{dracutlibdir}/modules.d/52fdo/*
+%license LICENSE LICENSE.dependencies
+%{dracutlibdir}/modules.d/52fdo/
 %{_libexecdir}/fdo/fdo-manufacturing-client
 
 %package -n fdo-owner-onboarding-server
 Summary: FDO Owner Onboarding Server implementation
+License: %combined_license
 Requires: openssl-libs >= 3.0.1-12
 %description -n fdo-owner-onboarding-server
 %{summary}
 
 %files -n fdo-owner-onboarding-server
-%license LICENSE
+%license LICENSE LICENSE.dependencies
 %{_libexecdir}/fdo/fdo-owner-onboarding-server
 %{_libexecdir}/fdo/fdo-serviceinfo-api-server
+%dir %{_docdir}/fdo
+%{_docdir}/fdo/device_specific_serviceinfo.yml
 %{_docdir}/fdo/serviceinfo-api-server.yml
-%{_unitdir}/fdo-serviceinfo-api-server.service
 %{_docdir}/fdo/owner-onboarding-server.yml
+%{_unitdir}/fdo-serviceinfo-api-server.service
 %{_unitdir}/fdo-owner-onboarding-server.service
 
 %post -n fdo-owner-onboarding-server
@@ -140,12 +119,14 @@ Requires: openssl-libs >= 3.0.1-12
 
 %package -n fdo-rendezvous-server
 Summary: FDO Rendezvous Server implementation
+License: %combined_license
 %description -n fdo-rendezvous-server
 %{summary}
 
 %files -n fdo-rendezvous-server
-%license LICENSE
+%license LICENSE LICENSE.dependencies
 %{_libexecdir}/fdo/fdo-rendezvous-server
+%dir %{_docdir}/fdo
 %{_docdir}/fdo/rendezvous-*.yml
 %{_unitdir}/fdo-rendezvous-server.service
 
@@ -160,13 +141,15 @@ Summary: FDO Rendezvous Server implementation
 
 %package -n fdo-manufacturing-server
 Summary: FDO Manufacturing Server implementation
+License: %combined_license
 Requires: openssl-libs >= 3.0.1-12
 %description -n fdo-manufacturing-server
 %{summary}
 
 %files -n fdo-manufacturing-server
-%license LICENSE
+%license LICENSE LICENSE.dependencies
 %{_libexecdir}/fdo/fdo-manufacturing-server
+%dir %{_docdir}/fdo
 %{_docdir}/fdo/manufacturing-server.yml
 %{_unitdir}/fdo-manufacturing-server.service
 
@@ -181,15 +164,17 @@ Requires: openssl-libs >= 3.0.1-12
 
 %package -n fdo-client
 Summary: FDO Client implementation
+License: %combined_license
 Requires: openssl-libs >= 3.0.1-12
 Requires: clevis
 Requires: clevis-luks
+Requires: clevis-pin-tpm2
 Requires: cryptsetup
 %description -n fdo-client
 %{summary}
 
 %files -n fdo-client
-%license LICENSE
+%license LICENSE LICENSE.dependencies
 %{_libexecdir}/fdo/fdo-client-linuxapp
 %{_unitdir}/fdo-client-linuxapp.service
 
@@ -204,27 +189,29 @@ Requires: cryptsetup
 
 %package -n fdo-owner-cli
 Summary: FDO Owner tools implementation
+License: %combined_license
 %description -n fdo-owner-cli
 %{summary}
 
 %files -n fdo-owner-cli
-%license LICENSE
+%license LICENSE LICENSE.dependencies
 %{_bindir}/fdo-owner-tool
 %{_libexecdir}/fdo/fdo-owner-tool
 
 %package -n fdo-admin-cli
 Summary: FDO admin tools implementation
-Requires: fdo-manufacturing-server
-Requires: fdo-init
-Requires: fdo-client
-Requires: fdo-rendezvous-server
-Requires: fdo-owner-onboarding-server
-Requires: fdo-owner-cli
+License: %combined_license
+Requires: fdo-manufacturing-server = %{version}-%{release}
+Requires: fdo-init = %{version}-%{release}
+Requires: fdo-client = %{version}-%{release}
+Requires: fdo-rendezvous-server = %{version}-%{release}
+Requires: fdo-owner-onboarding-server = %{version}-%{release}
+Requires: fdo-owner-cli = %{version}-%{release}
 %description -n fdo-admin-cli
 %{summary}
 
 %files -n fdo-admin-cli
-%license LICENSE
+%license LICENSE LICENSE.dependencies
 %{_bindir}/fdo-admin-tool
 %{_libexecdir}/fdo/fdo-admin-tool
 %{_unitdir}/fdo-aio.service
@@ -240,6 +227,28 @@ Requires: fdo-owner-cli
 %systemd_postun_with_restart fdo-aio.service
 
 %changelog
+* Mon Jul 03 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.10-2
+- Updates for eln/c9s building
+
+* Fri Jun 23 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.10-1
+- Update to 0.4.10
+
+* Wed Jun 14 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.9-5
+- More spec updates
+
+* Wed Jun 14 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.9-4
+- Add patch for libcryptsetup-rs 0.8 API changes
+
+* Tue Jun 13 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.9-3
+- Updates for licenses
+
+* Tue May 30 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.9-2
+- Review feedback
+- Patch for libcryptsetup-rs 0.7
+
+* Thu May 11 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.9-1
+- Update to 0.4.9
+
 * Mon Feb 20 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.7-3
 - Fix services start
 

make-vendored-tarfile.sh

@@ -1,14 +0,0 @@
-#/bin/bash
-set -x
-ver=$1
-cargo vendor
-# Various vendor cleanups
-pushd vendor
-# cleanup windows files
-rm -rf winapi/src/*
-touch winapi/src/lib.rs
-rm -rf winapi-x86_64-pc-windows-gnu/lib/*
-rm -rf winapi-i686-pc-windows-gnu/lib/*
-rm -rf vcpkg/test-data
-popd #vendor
-tar cjf fido-device-onboard-rs-$ver-vendor-patched.tar.xz vendor/

sources

@@ -1,2 +1,2 @@
-SHA512 (fido-device-onboard-rs-0.4.7.tar.gz) = 4a3e5d1f36a5a52369e0d331370aa16d8ebe0659ab9a5b53d4b4620bc53c2e9b3b4f3b93f46027b2207cee8393c26507af028fbbab0876d79cca7dbd515c5925
-SHA512 (fido-device-onboard-rs-0.4.7-vendor-patched.tar.xz) = b2ca4e5ed1abde32ba67e2e2748db8012a013dbbc03a0520d8e8acee2ea4acc1160d559d7b90eace56c1f7cd4f967071ae460c4d3b09d117b61282f1448c2236
+SHA512 (fido-device-onboard-rs-0.4.10.tar.gz) = 7b8b082b845f6af269adaff9608075da43d884edd2ed39ec7b613c368d95b0083a8edbf160479d5effb7c19ce5049a2da3e5806dfbe7addcbc34bd3658367731
+SHA512 (fido-device-onboard-rs-0.4.10-vendor-patched.tar.xz) = e8a272e186be04d5937ed32d33bd9d968150cbe84c7cfa9fe5dc53055d7fc61c2198d42e38ee31fb56aaec75c27098e14af15964c6524fa7e396cd05081e337a