diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e3405f6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/fido-device-onboard-rs-*.4.9.tar.gz diff --git a/0001-chore-update-libcryptsetup-rs-to-0.8.patch b/0001-chore-update-libcryptsetup-rs-to-0.8.patch new file mode 100644 index 0000000..b9ee09b --- /dev/null +++ b/0001-chore-update-libcryptsetup-rs-to-0.8.patch @@ -0,0 +1,64 @@ +From 5e57b7fc4afc170c65e4b9a283da2f59fb3f127e Mon Sep 17 00:00:00 2001 +From: Irene Diez +Date: Tue, 13 Jun 2023 17:40:05 +0200 +Subject: [PATCH] chore: update libcryptsetup to 0.8.0 and fix API changes + +Signed-off-by: Irene Diez +--- + Cargo.lock | 4 ++-- + client-linuxapp/Cargo.toml | 2 +- + client-linuxapp/src/reencrypt/rebind.rs | 4 ++-- + 3 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/client-linuxapp/Cargo.toml b/client-linuxapp/Cargo.toml +index f97a649d..cbd132b8 100644 +--- a/client-linuxapp/Cargo.toml ++++ b/client-linuxapp/Cargo.toml +@@ -17,7 +17,7 @@ rand = "0.8.4" + nix = "0.26" + uuid = "1.3" + thiserror = "1" +-libcryptsetup-rs = { version = "0.6.1", features = ["mutex"] } ++libcryptsetup-rs = { version = "0.8.0", features = ["mutex"] } + secrecy = "0.8" + devicemapper = "0.33" + +diff --git a/client-linuxapp/src/reencrypt/mod.rs b/client-linuxapp/src/reencrypt/mod.rs +index da2b7d38..1e38d35a 100644 +--- a/client-linuxapp/src/reencrypt/mod.rs ++++ b/client-linuxapp/src/reencrypt/mod.rs +@@ -64,7 +64,7 @@ fn perform_reencrypt(dev_name: &str) -> Result<()> { + .context("Error opening device")?; + + dev.context_handle() +- .load::(None, None) ++ .load::<()>(None, None) + .context("Error loading device context")?; + + let status = dev +diff --git a/client-linuxapp/src/reencrypt/rebind.rs b/client-linuxapp/src/reencrypt/rebind.rs +index 0c35a71c..693beb1f 100644 +--- a/client-linuxapp/src/reencrypt/rebind.rs ++++ b/client-linuxapp/src/reencrypt/rebind.rs +@@ -154,7 +154,7 @@ fn clevis_bind( + log::trace!("Clevis bind successful"); + + dev.context_handle() +- .load::(None, None) ++ .load::<()>(None, None) + .context("Error re-loading device context")?; + + log::trace!("Reloaded device context"); +diff --git a/client-linuxapp/src/serviceinfo.rs b/client-linuxapp/src/serviceinfo.rs +index 43c60302..89ce7e6b 100644 +--- a/client-linuxapp/src/serviceinfo.rs ++++ b/client-linuxapp/src/serviceinfo.rs +@@ -253,7 +253,7 @@ impl DiskEncryptionInProgress { + log::debug!("Device initiated"); + + dev.context_handle() +- .load::(None, None) ++ .load::<()>(None, None) + .context("Error loading device context")?; + + log::debug!("Device information loaded"); diff --git a/fido-device-onboard.spec b/fido-device-onboard.spec new file mode 100644 index 0000000..29174b5 --- /dev/null +++ b/fido-device-onboard.spec @@ -0,0 +1,263 @@ +%global dracutlibdir %{_prefix}/lib/dracut +%bcond_without check +%global combined_license Apache-2.0 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND ((Apache-2.0 OR MIT) AND BSD-3-Clause) AND (Apache-2.0 ITH LLVM-exception OR Apache-2.0 OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND (CC0-1.0 OR Apache-2.0) AND (CC0-1.0 OR MIT-0 OR Apache 2.0) AND ISC AND MIT AND ((MIT OR Apache-2.0) AND Unicode-DFS-2016) AND (Apache-2.0 OR MIT OR Zlib) AND MPL-2.0 AND (Unlicense OR MIT) + +Name: fido-device-onboard +Version: 0.4.9 +Release: 5%{?dist} +Summary: A rust implementation of the FIDO Device Onboard Specification +License: BSD-3-Clause + + +URL: https://github.com/fedora-iot/fido-device-onboard-rs +Source0: %{url}/archive/v%{version}/%{name}-rs-%{version}.tar.gz +# From upstream +Patch0: 0001-chore-update-libcryptsetup-rs-to-0.8.patch + +%if 0%{?rhel} && !0%{?eln} +BuildRequires: rust-toolset +%else +BuildRequires: rust-packaging +%endif +BuildRequires: clang-devel +BuildRequires: cryptsetup-devel +BuildRequires: device-mapper-devel +BuildRequires: golang +BuildRequires: openssl-devel >= 3.0.1-12 +BuildRequires: systemd-rpm-macros +BuildRequires: tpm2-tss-devel + +%description +%{summary}. + +%prep +%autosetup -p1 -n %{name}-rs-%{version} + +%cargo_prep + +%generate_buildrequires +%cargo_generate_buildrequires -a + +%build +%cargo_build \ +-F openssl-kdf/deny_custom + +%cargo_license_summary +%{cargo_license} > LICENSE.dependencies + +%install +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-client-linuxapp +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-client +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-server +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-owner-onboarding-server +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-rendezvous-server +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-serviceinfo-api-server +install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-owner-tool +install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-admin-tool +install -D -m 0644 -t %{buildroot}%{_unitdir} examples/systemd/* +install -D -m 0644 -t %{buildroot}%{_docdir}/fdo examples/config/* +# duplicates as needed by AIO command so link them +ln -s %{_bindir}/fdo-owner-tool %{buildroot}%{_libexecdir}/fdo/fdo-owner-tool +ln -s %{_bindir}/fdo-admin-tool %{buildroot}%{_libexecdir}/fdo/fdo-admin-tool +mkdir -p %{buildroot}%{_sysconfdir}/fdo +# Dracut manufacturing service +install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/module-setup.sh +install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-generator +install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-service +install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client.service + +%package -n fdo-init +Summary: dracut module for device initialization +License: %combined_license +Requires: openssl-libs >= 3.0.1-12 +Requires: dracut +%description -n fdo-init +%{summary} + +%files -n fdo-init +%license LICENSE LICENSE.dependencies +%{dracutlibdir}/modules.d/52fdo/ +%{_libexecdir}/fdo/fdo-manufacturing-client + +%package -n fdo-owner-onboarding-server +Summary: FDO Owner Onboarding Server implementation +License: %combined_license +Requires: openssl-libs >= 3.0.1-12 +%description -n fdo-owner-onboarding-server +%{summary} + +%files -n fdo-owner-onboarding-server +%license LICENSE LICENSE.dependencies +%{_libexecdir}/fdo/fdo-owner-onboarding-server +%{_libexecdir}/fdo/fdo-serviceinfo-api-server +%dir %{_docdir}/fdo +%{_docdir}/fdo/serviceinfo-api-server.yml +%{_docdir}/fdo/owner-onboarding-server.yml +%{_unitdir}/fdo-serviceinfo-api-server.service +%{_unitdir}/fdo-owner-onboarding-server.service + +%post -n fdo-owner-onboarding-server +%systemd_post fdo-owner-onboarding-server.service +%systemd_post fdo-serviceinfo-api-server.service + +%preun -n fdo-owner-onboarding-server +%systemd_preun fdo-owner-onboarding-server.service +%systemd_post fdo-serviceinfo-api-server.service + +%postun -n fdo-owner-onboarding-server +%systemd_postun_with_restart fdo-owner-onboarding-server.service +%systemd_postun_with_restart fdo-serviceinfo-api-server.service + +%package -n fdo-rendezvous-server +Summary: FDO Rendezvous Server implementation +License: %combined_license +%description -n fdo-rendezvous-server +%{summary} + +%files -n fdo-rendezvous-server +%license LICENSE LICENSE.dependencies +%{_libexecdir}/fdo/fdo-rendezvous-server +%dir %{_docdir}/fdo +%{_docdir}/fdo/rendezvous-*.yml +%{_unitdir}/fdo-rendezvous-server.service + +%post -n fdo-rendezvous-server +%systemd_post fdo-rendezvous-server.service + +%preun -n fdo-rendezvous-server +%systemd_preun fdo-rendezvous-server.service + +%postun -n fdo-rendezvous-server +%systemd_postun_with_restart fdo-rendezvous-server.service + +%package -n fdo-manufacturing-server +Summary: FDO Manufacturing Server implementation +License: %combined_license +Requires: openssl-libs >= 3.0.1-12 +%description -n fdo-manufacturing-server +%{summary} + +%files -n fdo-manufacturing-server +%license LICENSE LICENSE.dependencies +%{_libexecdir}/fdo/fdo-manufacturing-server +%dir %{_docdir}/fdo +%{_docdir}/fdo/manufacturing-server.yml +%{_unitdir}/fdo-manufacturing-server.service + +%post -n fdo-manufacturing-server +%systemd_post fdo-manufacturing-server.service + +%preun -n fdo-manufacturing-server +%systemd_preun fdo-manufacturing-server.service + +%postun -n fdo-manufacturing-server +%systemd_postun_with_restart fdo-manufacturing-server.service + +%package -n fdo-client +Summary: FDO Client implementation +License: %combined_license +Requires: openssl-libs >= 3.0.1-12 +Requires: clevis +Requires: clevis-luks +Requires: clevis-pin-tpm2 +Requires: cryptsetup +%description -n fdo-client +%{summary} + +%files -n fdo-client +%license LICENSE LICENSE.dependencies +%{_libexecdir}/fdo/fdo-client-linuxapp +%{_unitdir}/fdo-client-linuxapp.service + +%post -n fdo-client +%systemd_post fdo-client-linuxapp.service + +%preun -n fdo-client +%systemd_preun fdo-client-linuxapp.service + +%postun -n fdo-client +%systemd_postun_with_restart fdo-client-linuxapp.service + +%package -n fdo-owner-cli +Summary: FDO Owner tools implementation +License: %combined_license +%description -n fdo-owner-cli +%{summary} + +%files -n fdo-owner-cli +%license LICENSE LICENSE.dependencies +%{_bindir}/fdo-owner-tool +%{_libexecdir}/fdo/fdo-owner-tool + +%package -n fdo-admin-cli +Summary: FDO admin tools implementation +License: %combined_license +Requires: fdo-manufacturing-server = %{version}-%{release} +Requires: fdo-init = %{version}-%{release} +Requires: fdo-client = %{version}-%{release} +Requires: fdo-rendezvous-server = %{version}-%{release} +Requires: fdo-owner-onboarding-server = %{version}-%{release} +Requires: fdo-owner-cli = %{version}-%{release} +%description -n fdo-admin-cli +%{summary} + +%files -n fdo-admin-cli +%license LICENSE LICENSE.dependencies +%{_bindir}/fdo-admin-tool +%{_libexecdir}/fdo/fdo-admin-tool +%{_unitdir}/fdo-aio.service +%dir %{_sysconfdir}/fdo + +%post -n fdo-admin-cli +%systemd_post fdo-aio.service + +%preun -n fdo-admin-cli +%systemd_preun fdo-aio.service + +%postun -n fdo-admin-cli +%systemd_postun_with_restart fdo-aio.service + +%changelog +* Wed Jun 14 2023 Peter Robinson - 0.4.9-5 +- More spec updates + +* Wed Jun 14 2023 Peter Robinson - 0.4.9-4 +- Add patch for libcryptsetup-rs 0.8 API changes + +* Tue Jun 13 2023 Peter Robinson - 0.4.9-3 +- Updates for licenses + +* Tue May 30 2023 Peter Robinson - 0.4.9-2 +- Review feedback +- Patch for libcryptsetup-rs 0.7 + +* Thu May 11 2023 Peter Robinson - 0.4.9-1 +- Update to 0.4.9 + +* Mon Feb 20 2023 Peter Robinson - 0.4.7-3 +- Fix services start + +* Wed Feb 15 2023 Peter Robinson - 0.4.7-2 +- Upstream fix for rhbz#2168089 + +* Wed Nov 30 2022 Peter Robinson - 0.4.7-1 +- Update to 0.4.7 +- Package updates and cleanup + +* Tue Mar 29 2022 Antonio Murdaca - 0.4.5-1 +- bump to 0.4.5 + +* Mon Feb 28 2022 Antonio Murdaca - 0.4.0-2 +- fix runtime requirements to use openssl-libs and not -devel + +* Thu Feb 24 2022 Antonio Murdaca - 0.4.0-1 +- upgrade to 0.4.0 + +* Tue Feb 01 2022 Antonio Murdaca - 0.3.0-1 +- bump to 0.3.0 + +* Tue Jan 11 2022 Antonio Murdaca - 0.2.0-2 +- use patched vendor w/o win files and rename license + +* Mon Dec 13 2021 Antonio Murdaca - 0.2.0-1 +- import fido-device-onboard diff --git a/sources b/sources new file mode 100644 index 0000000..ca926d7 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (fido-device-onboard-rs-0.4.9.tar.gz) = eae79e4af7557a574fad42d73bf6f8c382c1034baf73e1adf703a21c41636cdac8a961e10b9f651334268220f465a7ec6c682cbd9f3425e4de25518126490ba0