From 4c223c644c40a231134386e2abc76297a79a86f5 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Tue, 22 Aug 2023 23:15:04 +0100 Subject: [PATCH] Own var/lib/fdo, SELinux fixes --- ...x-relabel-devcreds-before-onboarding.patch | 25 +++++++++++++++++++ fido-device-onboard.spec | 10 +++++++- 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 0001-fix-relabel-devcreds-before-onboarding.patch diff --git a/0001-fix-relabel-devcreds-before-onboarding.patch b/0001-fix-relabel-devcreds-before-onboarding.patch new file mode 100644 index 0000000..4462866 --- /dev/null +++ b/0001-fix-relabel-devcreds-before-onboarding.patch @@ -0,0 +1,25 @@ +From adb1d1055f85ae48b58252ca36ce00d861a27358 Mon Sep 17 00:00:00 2001 +From: Antonio Murdaca +Date: Tue, 15 Aug 2023 16:29:53 +0200 +Subject: [PATCH] fix: relabel devcreds before onboarding + +Signed-off-by: Antonio Murdaca +--- + examples/systemd/fdo-client-linuxapp.service | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/examples/systemd/fdo-client-linuxapp.service b/examples/systemd/fdo-client-linuxapp.service +index acfdc79..c0b3090 100644 +--- a/examples/systemd/fdo-client-linuxapp.service ++++ b/examples/systemd/fdo-client-linuxapp.service +@@ -6,6 +6,7 @@ After=network-online.target + Type=oneshot + EnvironmentFile=-/boot/fdo-client-env + Environment=LOG_LEVEL=info ++ExecStartPre=-/usr/sbin/restorecon /boot/device-credentials + ExecStart=/usr/libexec/fdo/fdo-client-linuxapp + ExecStartPost=-/usr/bin/mv /boot/device-credentials /etc/device-credentials + +-- +2.41.0 + diff --git a/fido-device-onboard.spec b/fido-device-onboard.spec index cb3672d..2594131 100644 --- a/fido-device-onboard.spec +++ b/fido-device-onboard.spec @@ -4,7 +4,7 @@ Name: fido-device-onboard Version: 0.4.12 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A rust implementation of the FIDO Device Onboard Specification License: BSD-3-Clause @@ -15,6 +15,7 @@ Source1: %{name}-rs-%{version}-vendor-patched.tar.xz Patch0: 0001-hack-drop-shadow.patch Patch1: 0001-fix-drop-unused-sha-crypt-dep.patch Patch2: fix-devmapper-version.patch +Patch3: 0001-fix-relabel-devcreds-before-onboarding.patch # Because nobody cares ExcludeArch: %{ix86} @@ -84,6 +85,7 @@ mkdir -p %{buildroot}%{_sysconfdir}/fdo/manufacturing-server.conf.d mkdir -p %{buildroot}%{_sysconfdir}/fdo/owner-onboarding-server.conf.d mkdir -p %{buildroot}%{_sysconfdir}/fdo/rendezvous-server.conf.d mkdir -p %{buildroot}%{_sysconfdir}/fdo/serviceinfo-api-server.conf.d +mkdir -p %{buildroot}%{_localstatedir}/lib/fdo # Dracut manufacturing service install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/module-setup.sh install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-generator @@ -121,6 +123,7 @@ Requires: openssl-libs >= 3.0.1-12 %dir %{_sysconfdir}/fdo/stores/owner_vouchers %{_libexecdir}/fdo/fdo-owner-onboarding-server %{_libexecdir}/fdo/fdo-serviceinfo-api-server +%dir %{_localstatedir}/lib/fdo %dir %{_docdir}/fdo %{_docdir}/fdo/device_specific_serviceinfo.yml %{_docdir}/fdo/serviceinfo-api-server.yml @@ -155,6 +158,7 @@ License: %combined_license %dir %{_sysconfdir}/fdo/stores/rendezvous_registered %dir %{_sysconfdir}/fdo/stores/rendezvous_sessions %{_libexecdir}/fdo/fdo-rendezvous-server +%dir %{_localstatedir}/lib/fdo %dir %{_docdir}/fdo %{_docdir}/fdo/rendezvous-*.yml %{_unitdir}/fdo-rendezvous-server.service @@ -185,6 +189,7 @@ Requires: openssl-libs >= 3.0.1-12 %dir %{_sysconfdir}/fdo/stores/manufacturer_keys %dir %{_sysconfdir}/fdo/stores/manufacturing_sessions %{_libexecdir}/fdo/fdo-manufacturing-server +%dir %{_localstatedir}/lib/fdo %dir %{_docdir}/fdo %{_docdir}/fdo/manufacturing-server.yml %{_unitdir}/fdo-manufacturing-server.service @@ -264,6 +269,9 @@ Requires: fdo-init = %{version}-%{release} %systemd_postun_with_restart fdo-aio.service %changelog +* Tue Aug 22 2023 Peter Robinson - 0.4.12-3 +- Own var/lib/fdo, SELinux fixes + * Thu Aug 17 2023 Peter Robinson - 0.4.12-2 - Add client/init deps to fdo-admin-cli