From a2eb9b6e7a336c551c0b693a0381c03be7bf108a Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Thu, 27 Jul 2023 12:52:56 +0100 Subject: [PATCH] 0.4.10 --- .gitignore | 2 +- ...chore-update-libcryptsetup-rs-to-0.8.patch | 64 ----------------- 0001-fix-drop-unused-sha-crypt-dep.patch | 30 ++++++++ 0001-hack-drop-shadow.patch | 68 +++++++++++++++++++ fdo-fix-tss-esapi-features.patch | 22 ------ fido-device-onboard.spec | 56 ++++++++++++--- fix-devmapper-version.patch | 13 ++++ sources | 4 +- 8 files changed, 161 insertions(+), 98 deletions(-) delete mode 100644 0001-chore-update-libcryptsetup-rs-to-0.8.patch create mode 100644 0001-fix-drop-unused-sha-crypt-dep.patch create mode 100644 0001-hack-drop-shadow.patch delete mode 100644 fdo-fix-tss-esapi-features.patch create mode 100644 fix-devmapper-version.patch diff --git a/.gitignore b/.gitignore index 95c57d9..ce5f38a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ /fido-device-onboard-rs-*.tar.gz -/fido-device-onboard-rs-0.4.10-vendor-patched.tar.xz +/fido-device-onboard-rs-*-vendor-patched.tar.xz diff --git a/0001-chore-update-libcryptsetup-rs-to-0.8.patch b/0001-chore-update-libcryptsetup-rs-to-0.8.patch deleted file mode 100644 index 0ae9422..0000000 --- a/0001-chore-update-libcryptsetup-rs-to-0.8.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 5e57b7fc4afc170c65e4b9a283da2f59fb3f127e Mon Sep 17 00:00:00 2001 -From: Irene Diez -Date: Tue, 13 Jun 2023 17:40:05 +0200 -Subject: [PATCH] chore: update libcryptsetup to 0.8.0 and fix API changes - -Signed-off-by: Irene Diez ---- - Cargo.lock | 4 ++-- - client-linuxapp/Cargo.toml | 2 +- - client-linuxapp/src/reencrypt/rebind.rs | 4 ++-- - 3 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/client-linuxapp/Cargo.toml b/client-linuxapp/Cargo.toml -index f97a649d..cbd132b8 100644 ---- a/client-linuxapp/Cargo.toml -+++ b/client-linuxapp/Cargo.toml -@@ -17,7 +17,7 @@ rand = "0.8.4" - nix = "0.26" - uuid = "1.3" - thiserror = "1" --libcryptsetup-rs = { version = "0.7.0", features = ["mutex"] } -+libcryptsetup-rs = { version = "0.8.0", features = ["mutex"] } - secrecy = "0.8" - devicemapper = "0.33" - -diff --git a/client-linuxapp/src/reencrypt/mod.rs b/client-linuxapp/src/reencrypt/mod.rs -index da2b7d38..1e38d35a 100644 ---- a/client-linuxapp/src/reencrypt/mod.rs -+++ b/client-linuxapp/src/reencrypt/mod.rs -@@ -64,7 +64,7 @@ fn perform_reencrypt(dev_name: &str) -> Result<()> { - .context("Error opening device")?; - - dev.context_handle() -- .load::(None, None) -+ .load::<()>(None, None) - .context("Error loading device context")?; - - let status = dev -diff --git a/client-linuxapp/src/reencrypt/rebind.rs b/client-linuxapp/src/reencrypt/rebind.rs -index 0c35a71c..693beb1f 100644 ---- a/client-linuxapp/src/reencrypt/rebind.rs -+++ b/client-linuxapp/src/reencrypt/rebind.rs -@@ -154,7 +154,7 @@ fn clevis_bind( - log::trace!("Clevis bind successful"); - - dev.context_handle() -- .load::(None, None) -+ .load::<()>(None, None) - .context("Error re-loading device context")?; - - log::trace!("Reloaded device context"); -diff --git a/client-linuxapp/src/serviceinfo.rs b/client-linuxapp/src/serviceinfo.rs -index 43c60302..89ce7e6b 100644 ---- a/client-linuxapp/src/serviceinfo.rs -+++ b/client-linuxapp/src/serviceinfo.rs -@@ -253,7 +253,7 @@ impl DiskEncryptionInProgress { - log::debug!("Device initiated"); - - dev.context_handle() -- .load::(None, None) -+ .load::<()>(None, None) - .context("Error loading device context")?; - - log::debug!("Device information loaded"); diff --git a/0001-fix-drop-unused-sha-crypt-dep.patch b/0001-fix-drop-unused-sha-crypt-dep.patch new file mode 100644 index 0000000..cc8c67e --- /dev/null +++ b/0001-fix-drop-unused-sha-crypt-dep.patch @@ -0,0 +1,30 @@ +From 8899817ceff3371649ed87b700fb81490fb258c8 Mon Sep 17 00:00:00 2001 +From: Peter Robinson +Date: Thu, 27 Jul 2023 10:36:58 +0100 +Subject: [PATCH] fix: drop unused sha-crypt dep + +The use of sha-crypt was dropped with commit 8d1d1b2 but one of the +Cargo.toml updates was missed so drop it there and update Cargo.lock +to match. + +Fixes: 8d1d1b2 ("chore: replace sha-crypt with openssl process calls") +Signed-off-by: Peter Robinson +--- + integration-tests/Cargo.toml | 3 +-- + 2 files changed, 1 insertion(+), 21 deletions(-) + +diff --git a/integration-tests/Cargo.toml b/integration-tests/Cargo.toml +index 451bc3f..e3b87a9 100644 +--- a/integration-tests/Cargo.toml ++++ b/integration-tests/Cargo.toml +@@ -35,7 +35,6 @@ + passwd = "0.0.1" + pem = "2.0" + users = "0.11.0" +-sha-crypt = "0.5.0" + + fdo-data-formats = { path = "../data-formats" } + fdo-util = { path = "../util" } +-- +2.41.0 + diff --git a/0001-hack-drop-shadow.patch b/0001-hack-drop-shadow.patch new file mode 100644 index 0000000..23448c9 --- /dev/null +++ b/0001-hack-drop-shadow.patch @@ -0,0 +1,68 @@ +From 309c07aa5d43b3d126ccac640901f22afcc25b77 Mon Sep 17 00:00:00 2001 +From: Peter Robinson +Date: Thu, 27 Jul 2023 10:21:26 +0100 +Subject: [PATCH] hack; drop shadow + +Signed-off-by: Peter Robinson +--- + integration-tests/Cargo.toml | 3 +-- + integration-tests/tests/e2e.rs | 7 ------- + integration-tests/tests/service_info.rs | 7 ------- + 3 files changed, 1 insertion(+), 16 deletions(-) + +diff --git a/integration-tests/Cargo.toml b/integration-tests/Cargo.toml +index 451bc3f..3e19ebb 100644 +--- a/integration-tests/Cargo.toml ++++ b/integration-tests/Cargo.toml +@@ -33,10 +33,9 @@ serde_json = "1.0" + pretty_assertions = "1.0.0" + paste = "1.0" + passwd = "0.0.1" +-shadow = "0.0.1" + pem = "2.0" + users = "0.11.0" + sha-crypt = "0.5.0" + + fdo-data-formats = { path = "../data-formats" } +-fdo-util = { path = "../util" } +\ No newline at end of file ++fdo-util = { path = "../util" } +diff --git a/integration-tests/tests/e2e.rs b/integration-tests/tests/e2e.rs +index 9857ce0..611fc84 100644 +--- a/integration-tests/tests/e2e.rs ++++ b/integration-tests/tests/e2e.rs +@@ -406,13 +406,6 @@ ssh-ed25519 sshkey_default user@example2.com + "User: {} is not created during onboarding", + &new_user + ); +- if let Some(test_user) = shadow::Shadow::from_name(new_user) { +- pretty_assertions::assert_eq!( +- test_user.password.is_empty(), +- false, +- "Password not created during onboarding" +- ); +- } + } else { + L.l("Skipped create initial user validation + To validate set env variable FDO_PRIVILEGED and run test as superuser"); +diff --git a/integration-tests/tests/service_info.rs b/integration-tests/tests/service_info.rs +index 8a346cc..4d05107 100644 +--- a/integration-tests/tests/service_info.rs ++++ b/integration-tests/tests/service_info.rs +@@ -285,13 +285,6 @@ ssh-ed25519 sshkey_default user@example2.com + "User: {} is not created during onboarding", + &new_user + ); +- if let Some(test_user) = shadow::Shadow::from_name(new_user) { +- pretty_assertions::assert_eq!( +- test_user.password.is_empty(), +- false, +- "Password not created during onboarding" +- ); +- } + } else { + L.l("Skipped create initial user validation + To validate set env variable FDO_PRIVILEGED and run test as superuser"); +-- +2.41.0 + diff --git a/fdo-fix-tss-esapi-features.patch b/fdo-fix-tss-esapi-features.patch deleted file mode 100644 index 38ad741..0000000 --- a/fdo-fix-tss-esapi-features.patch +++ /dev/null @@ -1,22 +0,0 @@ ---- fido-device-onboard-rs-0.4.10/manufacturing-client/Cargo.toml.orig 2023-07-03 15:24:05.020575397 +0100 -+++ fido-device-onboard-rs-0.4.10/manufacturing-client/Cargo.toml 2023-07-03 15:24:26.381717418 +0100 -@@ -16,7 +16,7 @@ - sys-info = "0.9" - passwd = "0.0.1" - rand = "0.8.4" --tss-esapi = "7.2" -+tss-esapi = { version = "7.2", features = ["generate-bindings"] } - regex = "1.3.7" - - fdo-data-formats = { path = "../data-formats", version = "0.4.10" } ---- fido-device-onboard-rs-0.4.10/owner-tool/Cargo.toml.orig 2023-07-03 15:22:27.024923885 +0100 -+++ fido-device-onboard-rs-0.4.10/owner-tool/Cargo.toml 2023-07-03 15:23:31.955355563 +0100 -@@ -14,7 +14,7 @@ - serde = { version = "1", features = ["derive"] } - serde_yaml = "0.9" - tokio = { version = "1", features = ["full"] } --tss-esapi = "7.2" -+tss-esapi = { version = "7.2", features = ["generate-bindings"] } - - fdo-util = { path = "../util", version = "0.4.10" } - fdo-data-formats = { path = "../data-formats", version = "0.4.10" } diff --git a/fido-device-onboard.spec b/fido-device-onboard.spec index d51d058..1a09637 100644 --- a/fido-device-onboard.spec +++ b/fido-device-onboard.spec @@ -3,8 +3,8 @@ %global combined_license Apache-2.0 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND ((Apache-2.0 OR MIT) AND BSD-3-Clause) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND (CC0-1.0 OR Apache-2.0) AND (CC0-1.0 OR MIT-0 OR Apache 2.0) AND ISC AND MIT AND ((MIT OR Apache-2.0) AND Unicode-DFS-2016) AND (Apache-2.0 OR MIT OR Zlib) AND MPL-2.0 AND (Unlicense OR MIT) Name: fido-device-onboard -Version: 0.4.10 -Release: 3%{?dist} +Version: 0.4.12 +Release: 1%{?dist} Summary: A rust implementation of the FIDO Device Onboard Specification License: BSD-3-Clause @@ -12,9 +12,9 @@ URL: https://github.com/fedora-iot/fido-device-onboard-rs Source0: %{url}/archive/v%{version}/%{name}-rs-%{version}.tar.gz # See make-vendored-tarfile.sh in upstream repo Source1: %{name}-rs-%{version}-vendor-patched.tar.xz -# From upstream -Patch0: 0001-chore-update-libcryptsetup-rs-to-0.8.patch -Patch1: fdo-fix-tss-esapi-features.patch +Patch0: 0001-hack-drop-shadow.patch +Patch1: 0001-fix-drop-unused-sha-crypt-dep.patch +Patch2: fix-devmapper-version.patch # Because nobody cares ExcludeArch: %{ix86} @@ -36,9 +36,12 @@ BuildRequires: tpm2-tss-devel %{summary}. %prep -%autosetup -p1 -n %{name}-rs-%{version} +%setup -q -n %{name}-rs-%{version} +%patch0 -p1 +%patch1 -p1 %if 0%{?rhel} +%patch2 -p1 %cargo_prep -V 1 %else %cargo_prep @@ -67,7 +70,20 @@ install -D -m 0644 -t %{buildroot}%{_docdir}/fdo examples/config/* # duplicates as needed by AIO command so link them ln -s %{_bindir}/fdo-owner-tool %{buildroot}%{_libexecdir}/fdo/fdo-owner-tool ln -s %{_bindir}/fdo-admin-tool %{buildroot}%{_libexecdir}/fdo/fdo-admin-tool +# Create directories needed by the various services so we own them mkdir -p %{buildroot}%{_sysconfdir}/fdo +mkdir -p %{buildroot}%{_sysconfdir}/fdo/keys +mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores +mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/manufacturer_keys +mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/manufacturing_sessions +mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/owner_onboarding_sessions +mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/owner_vouchers +mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/rendezvous_registered +mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/rendezvous_sessions +mkdir -p %{buildroot}%{_sysconfdir}/fdo/manufacturing-server.conf.d +mkdir -p %{buildroot}%{_sysconfdir}/fdo/owner-onboarding-server.conf.d +mkdir -p %{buildroot}%{_sysconfdir}/fdo/rendezvous-server.conf.d +mkdir -p %{buildroot}%{_sysconfdir}/fdo/serviceinfo-api-server.conf.d # Dracut manufacturing service install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/module-setup.sh install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-generator @@ -96,6 +112,13 @@ Requires: openssl-libs >= 3.0.1-12 %files -n fdo-owner-onboarding-server %license LICENSE LICENSE.dependencies +%dir %{_sysconfdir}/fdo +%dir %{_sysconfdir}/fdo/keys +%dir %{_sysconfdir}/fdo/owner-onboarding-server.conf.d +%dir %{_sysconfdir}/fdo/serviceinfo-api-server.conf.d +%dir %{_sysconfdir}/fdo/stores +%dir %{_sysconfdir}/fdo/stores/owner_onboarding_sessions +%dir %{_sysconfdir}/fdo/stores/owner_vouchers %{_libexecdir}/fdo/fdo-owner-onboarding-server %{_libexecdir}/fdo/fdo-serviceinfo-api-server %dir %{_docdir}/fdo @@ -125,6 +148,12 @@ License: %combined_license %files -n fdo-rendezvous-server %license LICENSE LICENSE.dependencies +%dir %{_sysconfdir}/fdo +%dir %{_sysconfdir}/fdo/keys +%dir %{_sysconfdir}/fdo/rendezvous-server.conf.d +%dir %{_sysconfdir}/fdo/stores +%dir %{_sysconfdir}/fdo/stores/rendezvous_registered +%dir %{_sysconfdir}/fdo/stores/rendezvous_sessions %{_libexecdir}/fdo/fdo-rendezvous-server %dir %{_docdir}/fdo %{_docdir}/fdo/rendezvous-*.yml @@ -148,6 +177,13 @@ Requires: openssl-libs >= 3.0.1-12 %files -n fdo-manufacturing-server %license LICENSE LICENSE.dependencies +%dir %{_sysconfdir}/fdo +%dir %{_sysconfdir}/fdo/keys +%dir %{_sysconfdir}/fdo/manufacturing-server.conf.d +%dir %{_sysconfdir}/fdo/keys +%dir %{_sysconfdir}/fdo/stores +%dir %{_sysconfdir}/fdo/stores/manufacturer_keys +%dir %{_sysconfdir}/fdo/stores/manufacturing_sessions %{_libexecdir}/fdo/fdo-manufacturing-server %dir %{_docdir}/fdo %{_docdir}/fdo/manufacturing-server.yml @@ -202,8 +238,6 @@ License: %combined_license Summary: FDO admin tools implementation License: %combined_license Requires: fdo-manufacturing-server = %{version}-%{release} -Requires: fdo-init = %{version}-%{release} -Requires: fdo-client = %{version}-%{release} Requires: fdo-rendezvous-server = %{version}-%{release} Requires: fdo-owner-onboarding-server = %{version}-%{release} Requires: fdo-owner-cli = %{version}-%{release} @@ -212,10 +246,11 @@ Requires: fdo-owner-cli = %{version}-%{release} %files -n fdo-admin-cli %license LICENSE LICENSE.dependencies +%dir %{_sysconfdir}/fdo +%dir %{_sysconfdir}/fdo/keys %{_bindir}/fdo-admin-tool %{_libexecdir}/fdo/fdo-admin-tool %{_unitdir}/fdo-aio.service -%dir %{_sysconfdir}/fdo %post -n fdo-admin-cli %systemd_post fdo-aio.service @@ -227,6 +262,9 @@ Requires: fdo-owner-cli = %{version}-%{release} %systemd_postun_with_restart fdo-aio.service %changelog +* Thu Jul 27 2023 Peter Robinson - 0.4.12-1 +- Update to 0.4.12 + * Wed Jul 19 2023 Fedora Release Engineering - 0.4.10-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild diff --git a/fix-devmapper-version.patch b/fix-devmapper-version.patch new file mode 100644 index 0000000..38062c0 --- /dev/null +++ b/fix-devmapper-version.patch @@ -0,0 +1,13 @@ +diff --git a/client-linuxapp/Cargo.toml b/client-linuxapp/Cargo.toml +index 423fec5..f4e3ad4 100644 +--- a/client-linuxapp/Cargo.toml ++++ b/client-linuxapp/Cargo.toml +@@ -19,7 +19,7 @@ uuid = "1.3" + thiserror = "1" + libcryptsetup-rs = { version = "0.8.0", features = ["mutex"] } + secrecy = "0.8" +-devicemapper = "0.33" ++devicemapper = "0.32.3" + openssl = "0.10.55" + + fdo-data-formats = { path = "../data-formats", version = "0.4.12" } diff --git a/sources b/sources index e82893b..59c0aa7 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (fido-device-onboard-rs-0.4.10-vendor-patched.tar.xz) = e8a272e186be04d5937ed32d33bd9d968150cbe84c7cfa9fe5dc53055d7fc61c2198d42e38ee31fb56aaec75c27098e14af15964c6524fa7e396cd05081e337a -SHA512 (fido-device-onboard-rs-0.4.10.tar.gz) = 7b8b082b845f6af269adaff9608075da43d884edd2ed39ec7b613c368d95b0083a8edbf160479d5effb7c19ce5049a2da3e5806dfbe7addcbc34bd3658367731 +SHA512 (fido-device-onboard-rs-0.4.12.tar.gz) = e1b5cfc2ed06977264526b67c8ae3bb8b38c557a0bbb5c9585fac5f334ee134ed921dd712678e842bc93340b8533c773902c27d354956ef169801c2260eddb4f +SHA512 (fido-device-onboard-rs-0.4.12-vendor-patched.tar.xz) = ed406baab1af32226e9a793b8ee251f3f7735f821632a6065d49c6536bca1402bf879060d75d8df3f77cf88f4d9717779a3cbfd90dc72bb5b0b3cd827a3833cd