From 56e0917a5bb483b1931d820adea81e46a0412452 Mon Sep 17 00:00:00 2001
From: Antonio Murdaca <runcom@linux.com>
Date: Mon, 13 Dec 2021 10:26:09 +0100
Subject: [PATCH] import fido-device-onboard

Resolves: RHELPLAN-94672

Signed-off-by: Antonio Murdaca <runcom@linux.com>
---
 .gitignore               |   2 +
 fido-device-onboard.spec | 177 +++++++++++++++++++++++++++++++++++++++
 gating.yaml              |   6 ++
 patch                    |  30 +++++++
 rpminspect.yaml          |   3 +
 sources                  |   2 +
 tests/tests.yml          |  10 +++
 7 files changed, 230 insertions(+)
 create mode 100644 fido-device-onboard.spec
 create mode 100644 gating.yaml
 create mode 100644 patch
 create mode 100644 rpminspect.yaml
 create mode 100644 sources
 create mode 100644 tests/tests.yml

diff --git a/.gitignore b/.gitignore
index e69de29..f097557 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,2 @@
+/fido-device-onboard-rs-0.2.0-vendor.tar.gz
+/fido-device-onboard-rs-0.2.0.tar.gz
diff --git a/fido-device-onboard.spec b/fido-device-onboard.spec
new file mode 100644
index 0000000..2150dee
--- /dev/null
+++ b/fido-device-onboard.spec
@@ -0,0 +1,177 @@
+%define dracutlibdir %{_prefix}/lib/dracut
+%bcond_without check
+%global __cargo_skip_build 0
+%global __cargo_is_lib() false
+%global forgeurl https://github.com/fedora-iot/fido-device-onboard-rs
+
+Version:        0.2.0
+
+%forgemeta
+
+Name:           fido-device-onboard
+Release:        1%{?dist}
+Summary:        An implementation of the FIDO Device Onboard Specification written in rust
+
+License:        BSD 3
+URL:            %{forgeurl}
+Source:         %{forgesource}
+%if "%{?commit}" != ""
+Source1:        %{name}-rs-%{commit}-vendor.tar.gz
+%else
+Source1:        %{name}-rs-%{version}-vendor.tar.gz
+%endif
+Patch0:         patch
+
+ExclusiveArch:  %{rust_arches}
+# RHBZ 1869980
+ExcludeArch:    s390x i686 %{power64}
+
+%if 0%{?rhel} && !0%{?eln}
+BuildRequires:  rust-toolset
+%else
+BuildRequires:  rust-packaging
+%endif
+BuildRequires: systemd-rpm-macros
+BuildRequires: openssl-devel
+BuildRequires: golang
+
+%description
+%{summary}.
+
+%prep
+%forgesetup
+%patch0 -p1
+%cargo_prep
+%if 0%{?rhel} && !0%{?eln}
+tar xvf %{SOURCE1}
+mkdir -p .cargo
+cat >.cargo/config << EOF
+[source.crates-io]
+replace-with = "vendored-sources"
+
+[source.vendored-sources]
+directory = "vendor"
+EOF
+%endif
+
+%build
+%{__cargo} build --release --features openssl-kdf/deny_custom,fdo-data-formats/use_noninteroperable_kdf
+
+%install
+install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-client-linuxapp
+install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-client
+install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-server
+install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-owner-onboarding-server
+install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-rendezvous-server
+install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-owner-tool
+install -D -m 0644 -t %{buildroot}%{_unitdir} examples/systemd/*
+install -D -m 0644 -t %{buildroot}%{_docdir}/fdo examples/config/*
+# 52fdo
+install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/module-setup.sh
+install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-generator
+install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-service
+install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client.service
+
+%package -n fdo-init
+Summary: dracut module for device initialization
+%description -n fdo-init
+%{summary}
+
+%files -n fdo-init
+%license LICENSE
+%{dracutlibdir}/modules.d/52fdo/*
+%{_libexecdir}/fdo/fdo-manufacturing-client
+
+%package -n fdo-owner-onboarding-server
+Summary: FDO Owner Onboarding Server implementation
+%description -n fdo-owner-onboarding-server
+%{summary}
+
+%files -n fdo-owner-onboarding-server
+%license LICENSE
+%{_libexecdir}/fdo/fdo-owner-onboarding-server
+%{_docdir}/fdo/owner-onboarding-server.yml
+%{_unitdir}/fdo-owner-onboarding-server.service
+
+%post -n fdo-owner-onboarding-server
+%systemd_post fdo-owner-onboarding-server.service
+
+%preun -n fdo-owner-onboarding-server
+%systemd_preun fdo-owner-onboarding-server.service
+
+%postun -n fdo-owner-onboarding-server
+%systemd_postun_with_restart fdo-owner-onboarding-server.service
+
+%package -n fdo-rendezvous-server
+Summary: FDO Rendezvous Server implementation
+%description -n fdo-rendezvous-server
+%{summary}
+
+%files -n fdo-rendezvous-server
+%license LICENSE
+%{_libexecdir}/fdo/fdo-rendezvous-server
+%{_docdir}/fdo/rendezvous-server.yml
+%{_unitdir}/fdo-rendezvous-server.service
+
+%post -n fdo-rendezvous-server
+%systemd_post fdo-rendezvous-server.service
+
+%preun -n fdo-rendezvous-server
+%systemd_preun fdo-rendezvous-server.service
+
+%postun -n fdo-rendezvous-server
+%systemd_postun_with_restart fdo-rendezvous-server.service
+
+%package -n fdo-manufacturing-server
+Summary: FDO Manufacturing Server implementation
+%description -n fdo-manufacturing-server
+%{summary}
+
+%files -n fdo-manufacturing-server
+%license LICENSE
+%{_libexecdir}/fdo/fdo-manufacturing-server
+%{_docdir}/fdo/manufacturing-server.yml
+%{_docdir}/fdo/rendezvous-info.yml
+%{_unitdir}/fdo-manufacturing-server.service
+
+%post -n fdo-manufacturing-server
+%systemd_post fdo-manufacturing-server.service
+
+%preun -n fdo-manufacturing-server
+%systemd_preun fdo-manufacturing-server.service
+
+%postun -n fdo-manufacturing-server
+%systemd_postun_with_restart fdo-manufacturing-server.service
+
+%package -n fdo-client
+Summary: FDO Client implementation
+%description -n fdo-client
+%{summary}
+
+%files -n fdo-client
+%license LICENSE
+%{_libexecdir}/fdo/fdo-client-linuxapp
+%{_unitdir}/fdo-client-linuxapp.service
+
+%post -n fdo-client
+%systemd_post fdo-client-linuxapp.service
+
+%preun -n fdo-client
+%systemd_preun fdo-client-linuxapp.service
+
+%postun -n fdo-client
+%systemd_postun_with_restart fdo-client.linuxapp.service
+
+%package -n fdo-owner-cli
+Summary: FDO Owner tools implementation
+%description -n fdo-owner-cli
+%{summary}
+
+%files -n fdo-owner-cli
+%license LICENSE
+%{_bindir}/fdo-owner-tool
+%{_docdir}/fdo/owner-addresses.yml
+
+%changelog
+* Mon Dec 13 2021 Antonio Murdaca <runcom@linux.com> - 0.2.0-1
+- import fido-device-onboard
diff --git a/gating.yaml b/gating.yaml
new file mode 100644
index 0000000..6985029
--- /dev/null
+++ b/gating.yaml
@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-8
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
diff --git a/patch b/patch
new file mode 100644
index 0000000..c2dd4c1
--- /dev/null
+++ b/patch
@@ -0,0 +1,30 @@
+--- fido-device-onboard-rs/Cargo.toml	2021-12-13 15:53:23.071283719 +0100
++++ fido-device-onboard-rs/Cargo.toml	2021-12-13 15:50:55.968837268 +0100
+@@ -15,3 +15,6 @@
+ 
+     "integration-tests",
+ ]
++
++[profile.release]
++debug = true
+\ No newline at end of file
+--- fido-device-onboard-rs/examples/systemd/fdo-client-linuxapp.service	2021-12-13 15:53:23.071283719 +0100
++++ fido-device-onboard-rs/examples/systemd/fdo-client-linuxapp.service	2021-12-13 15:51:01.323889924 +0100
+@@ -7,6 +7,7 @@
+ Type=oneshot
+ Environment=DEVICE_CREDENTIAL=/boot/device-credentials
+ Environment=LOG_LEVEL=info
++Environment=ALLOW_NONINTEROPABLE_KDF=1
+ ExecStart=/usr/libexec/fdo/fdo-client-linuxapp
+ ExecStartPost=/usr/bin/mv /boot/device-credentials /etc/device-credentials
+ 
+--- fido-device-onboard-rs/examples/systemd/fdo-owner-onboarding-server.service	2021-12-13 15:53:23.072283729 +0100
++++ fido-device-onboard-rs/examples/systemd/fdo-owner-onboarding-server.service	2021-12-13 15:51:04.354919728 +0100
+@@ -4,6 +4,7 @@
+ 
+ [Service]
+ Environment=LOG_LEVEL=info
++Environment=ALLOW_NONINEROPABLE_KDF=1
+ ExecStart=/usr/libexec/fdo/fdo-owner-onboarding-server
+ # restart and failure condition
+ 
diff --git a/rpminspect.yaml b/rpminspect.yaml
new file mode 100644
index 0000000..2771533
--- /dev/null
+++ b/rpminspect.yaml
@@ -0,0 +1,3 @@
+---
+inspections:
+    annocheck: off
diff --git a/sources b/sources
new file mode 100644
index 0000000..360aa1c
--- /dev/null
+++ b/sources
@@ -0,0 +1,2 @@
+SHA512 (fido-device-onboard-rs-0.2.0-vendor.tar.gz) = 7760bd0eb21754185c7bf1d782cbad36dc044faa811a6d626897d4a208c7f374ce28201a9f25ed4de36d05d492a8cf2f521f14aa72e3c51b0ffbc3430e8d06fc
+SHA512 (fido-device-onboard-rs-0.2.0.tar.gz) = 9d6be123d2b0dc90172600a736a2fedbfc97e2014fd09217800a086dfe788f4e20b053af3a697187141d788c3de3093e49664626b37f8b6f6dc1cc1a33a0f027
diff --git a/tests/tests.yml b/tests/tests.yml
new file mode 100644
index 0000000..2ba072f
--- /dev/null
+++ b/tests/tests.yml
@@ -0,0 +1,10 @@
+- hosts: localhost
+  roles:
+  - role: standard-test-basic
+    tags:
+    - classic
+    tests:
+    - simple:
+        dir: .
+        run: "fdo-owner-tool --help"
+