Update to FDO 0.4.12

Resolves: rhbz#2224364

Signed-off-by: Peter Robinson <pbrobinson@gmail.com>

0001-chore-update-libcryptsetup-rs-to-0.8.patch

@@ -1,64 +0,0 @@
-From 5e57b7fc4afc170c65e4b9a283da2f59fb3f127e Mon Sep 17 00:00:00 2001
-From: Irene Diez <idiez@redhat.com>
-Date: Tue, 13 Jun 2023 17:40:05 +0200
-Subject: [PATCH] chore: update libcryptsetup to 0.8.0 and fix API changes
-
-Signed-off-by: Irene Diez <idiez@redhat.com>
----
- Cargo.lock                              | 4 ++--
- client-linuxapp/Cargo.toml              | 2 +-
- client-linuxapp/src/reencrypt/rebind.rs | 4 ++--
- 3 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/client-linuxapp/Cargo.toml b/client-linuxapp/Cargo.toml
-index f97a649d..cbd132b8 100644
---- a/client-linuxapp/Cargo.toml
-+++ b/client-linuxapp/Cargo.toml
-@@ -17,7 +17,7 @@ rand = "0.8.4"
- nix = "0.26"
- uuid = "1.3"
- thiserror = "1"
--libcryptsetup-rs = { version = "0.7.0", features = ["mutex"] }
-+libcryptsetup-rs = { version = "0.8.0", features = ["mutex"] }
- secrecy = "0.8"
- devicemapper = "0.33"
- 
-diff --git a/client-linuxapp/src/reencrypt/mod.rs b/client-linuxapp/src/reencrypt/mod.rs
-index da2b7d38..1e38d35a 100644
---- a/client-linuxapp/src/reencrypt/mod.rs
-+++ b/client-linuxapp/src/reencrypt/mod.rs
-@@ -64,7 +64,7 @@ fn perform_reencrypt(dev_name: &str) -> Result<()> {
-         .context("Error opening device")?;
- 
-     dev.context_handle()
--        .load::<libcryptsetup_rs::CryptParamsLuks2>(None, None)
-+        .load::<()>(None, None)
-         .context("Error loading device context")?;
- 
-     let status = dev
-diff --git a/client-linuxapp/src/reencrypt/rebind.rs b/client-linuxapp/src/reencrypt/rebind.rs
-index 0c35a71c..693beb1f 100644
---- a/client-linuxapp/src/reencrypt/rebind.rs
-+++ b/client-linuxapp/src/reencrypt/rebind.rs
-@@ -154,7 +154,7 @@ fn clevis_bind(
-     log::trace!("Clevis bind successful");
- 
-     dev.context_handle()
--        .load::<libcryptsetup_rs::CryptParamsLuks2>(None, None)
-+        .load::<()>(None, None)
-         .context("Error re-loading device context")?;
- 
-     log::trace!("Reloaded device context");
-diff --git a/client-linuxapp/src/serviceinfo.rs b/client-linuxapp/src/serviceinfo.rs
-index 43c60302..89ce7e6b 100644
---- a/client-linuxapp/src/serviceinfo.rs
-+++ b/client-linuxapp/src/serviceinfo.rs
-@@ -253,7 +253,7 @@ impl DiskEncryptionInProgress {
-         log::debug!("Device initiated");
- 
-         dev.context_handle()
--            .load::<libcryptsetup_rs::CryptParamsLuks2>(None, None)
-+            .load::<()>(None, None)
-             .context("Error loading device context")?;
- 
-         log::debug!("Device information loaded");

0001-fix-drop-unused-sha-crypt-dep.patch

@@ -0,0 +1,30 @@
+From 8899817ceff3371649ed87b700fb81490fb258c8 Mon Sep 17 00:00:00 2001
+From: Peter Robinson <pbrobinson@gmail.com>
+Date: Thu, 27 Jul 2023 10:36:58 +0100
+Subject: [PATCH] fix: drop unused sha-crypt dep
+
+The use of sha-crypt was dropped with commit 8d1d1b2 but one of the
+Cargo.toml updates was missed so drop it there and update Cargo.lock
+to match.
+
+Fixes: 8d1d1b2 ("chore: replace sha-crypt with openssl process calls")
+Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
+---
+ integration-tests/Cargo.toml |  3 +--
+ 2 files changed, 1 insertion(+), 21 deletions(-)
+
+diff --git a/integration-tests/Cargo.toml b/integration-tests/Cargo.toml
+index 451bc3f..e3b87a9 100644
+--- a/integration-tests/Cargo.toml
++++ b/integration-tests/Cargo.toml
+@@ -35,7 +35,6 @@
+ passwd = "0.0.1"
+ pem = "2.0"
+ users = "0.11.0"
+-sha-crypt = "0.5.0"
+ 
+ fdo-data-formats = { path = "../data-formats" }
+ fdo-util = { path = "../util" }
+-- 
+2.41.0
+

0001-hack-drop-shadow.patch

@@ -0,0 +1,68 @@
+From 309c07aa5d43b3d126ccac640901f22afcc25b77 Mon Sep 17 00:00:00 2001
+From: Peter Robinson <pbrobinson@gmail.com>
+Date: Thu, 27 Jul 2023 10:21:26 +0100
+Subject: [PATCH] hack; drop shadow
+
+Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
+---
+ integration-tests/Cargo.toml            | 3 +--
+ integration-tests/tests/e2e.rs          | 7 -------
+ integration-tests/tests/service_info.rs | 7 -------
+ 3 files changed, 1 insertion(+), 16 deletions(-)
+
+diff --git a/integration-tests/Cargo.toml b/integration-tests/Cargo.toml
+index 451bc3f..3e19ebb 100644
+--- a/integration-tests/Cargo.toml
++++ b/integration-tests/Cargo.toml
+@@ -33,10 +33,9 @@ serde_json = "1.0"
+ pretty_assertions = "1.0.0"
+ paste = "1.0"
+ passwd = "0.0.1"
+-shadow = "0.0.1"
+ pem = "2.0"
+ users = "0.11.0"
+ sha-crypt = "0.5.0"
+ 
+ fdo-data-formats = { path = "../data-formats" }
+-fdo-util = { path = "../util" }
+\ No newline at end of file
++fdo-util = { path = "../util" }
+diff --git a/integration-tests/tests/e2e.rs b/integration-tests/tests/e2e.rs
+index 9857ce0..611fc84 100644
+--- a/integration-tests/tests/e2e.rs
++++ b/integration-tests/tests/e2e.rs
+@@ -406,13 +406,6 @@ ssh-ed25519 sshkey_default user@example2.com
+             "User: {} is not created during onboarding",
+             &new_user
+         );
+-        if let Some(test_user) = shadow::Shadow::from_name(new_user) {
+-            pretty_assertions::assert_eq!(
+-                test_user.password.is_empty(),
+-                false,
+-                "Password not created during onboarding"
+-            );
+-        }
+     } else {
+         L.l("Skipped create initial user validation
+         To validate set env variable FDO_PRIVILEGED and run test as superuser");
+diff --git a/integration-tests/tests/service_info.rs b/integration-tests/tests/service_info.rs
+index 8a346cc..4d05107 100644
+--- a/integration-tests/tests/service_info.rs
++++ b/integration-tests/tests/service_info.rs
+@@ -285,13 +285,6 @@ ssh-ed25519 sshkey_default user@example2.com
+             "User: {} is not created during onboarding",
+             &new_user
+         );
+-        if let Some(test_user) = shadow::Shadow::from_name(new_user) {
+-            pretty_assertions::assert_eq!(
+-                test_user.password.is_empty(),
+-                false,
+-                "Password not created during onboarding"
+-            );
+-        }
+     } else {
+         L.l("Skipped create initial user validation
+         To validate set env variable FDO_PRIVILEGED and run test as superuser");
+-- 
+2.41.0
+

fdo-fix-tss-esapi-features.patch

@@ -1,22 +0,0 @@
---- fido-device-onboard-rs-0.4.10/manufacturing-client/Cargo.toml.orig	2023-07-03 15:24:05.020575397 +0100
-+++ fido-device-onboard-rs-0.4.10/manufacturing-client/Cargo.toml	2023-07-03 15:24:26.381717418 +0100
-@@ -16,7 +16,7 @@
- sys-info = "0.9"
- passwd = "0.0.1"
- rand = "0.8.4"
--tss-esapi = "7.2"
-+tss-esapi = { version = "7.2", features = ["generate-bindings"] }
- regex = "1.3.7"
- 
- fdo-data-formats = { path = "../data-formats", version = "0.4.10" }
---- fido-device-onboard-rs-0.4.10/owner-tool/Cargo.toml.orig	2023-07-03 15:22:27.024923885 +0100
-+++ fido-device-onboard-rs-0.4.10/owner-tool/Cargo.toml	2023-07-03 15:23:31.955355563 +0100
-@@ -14,7 +14,7 @@
- serde = { version = "1", features = ["derive"] }
- serde_yaml = "0.9"
- tokio = { version = "1", features = ["full"] }
--tss-esapi = "7.2"
-+tss-esapi = { version = "7.2", features = ["generate-bindings"] }
- 
- fdo-util = { path = "../util", version = "0.4.10" }
- fdo-data-formats = { path = "../data-formats", version = "0.4.10" }

fido-device-onboard.spec

@@ -3,8 +3,8 @@
 %global combined_license Apache-2.0 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND ((Apache-2.0 OR MIT) AND BSD-3-Clause) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND (CC0-1.0 OR Apache-2.0) AND (CC0-1.0 OR MIT-0 OR Apache 2.0) AND ISC AND MIT AND ((MIT OR Apache-2.0) AND Unicode-DFS-2016) AND (Apache-2.0 OR MIT OR Zlib) AND MPL-2.0 AND (Unlicense OR MIT)
 
 Name:           fido-device-onboard
-Version:        0.4.10
+Version:        0.4.12
-Release:        2%{?dist}
+Release:        1%{?dist}
 Summary:        A rust implementation of the FIDO Device Onboard Specification
 License:        BSD-3-Clause
 
@@ -12,9 +12,9 @@ URL:            https://github.com/fedora-iot/fido-device-onboard-rs
 Source0:        %{url}/archive/v%{version}/%{name}-rs-%{version}.tar.gz
 # See make-vendored-tarfile.sh in upstream repo
 Source1:        %{name}-rs-%{version}-vendor-patched.tar.xz
-# From upstream
+Patch0:         0001-hack-drop-shadow.patch
-Patch0:         0001-chore-update-libcryptsetup-rs-to-0.8.patch
+Patch1:         0001-fix-drop-unused-sha-crypt-dep.patch
-Patch1:         fdo-fix-tss-esapi-features.patch
+Patch2:         fix-devmapper-version.patch
 
 # Because nobody cares
 ExcludeArch: %{ix86}
@@ -36,9 +36,12 @@ BuildRequires:  tpm2-tss-devel
 %{summary}.
 
 %prep
-%autosetup -p1 -n %{name}-rs-%{version}
+%setup -q -n %{name}-rs-%{version}
+%patch0 -p1
+%patch1 -p1
 
 %if 0%{?rhel}
+%patch2 -p1
 %cargo_prep -V 1
 %else
 %cargo_prep
@@ -67,7 +70,20 @@ install -D -m 0644 -t %{buildroot}%{_docdir}/fdo examples/config/*
 # duplicates as needed by AIO command so link them
 ln -s %{_bindir}/fdo-owner-tool  %{buildroot}%{_libexecdir}/fdo/fdo-owner-tool
 ln -s %{_bindir}/fdo-admin-tool %{buildroot}%{_libexecdir}/fdo/fdo-admin-tool
+# Create directories needed by the various services so we own them
 mkdir -p %{buildroot}%{_sysconfdir}/fdo
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/keys
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/manufacturer_keys
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/manufacturing_sessions
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/owner_onboarding_sessions
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/owner_vouchers
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/rendezvous_registered
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/rendezvous_sessions
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/manufacturing-server.conf.d
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/owner-onboarding-server.conf.d
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/rendezvous-server.conf.d
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/serviceinfo-api-server.conf.d
 # Dracut manufacturing service
 install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/module-setup.sh
 install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-generator
@@ -96,6 +112,13 @@ Requires: openssl-libs >= 3.0.1-12
 
 %files -n fdo-owner-onboarding-server
 %license LICENSE LICENSE.dependencies
+%dir %{_sysconfdir}/fdo
+%dir %{_sysconfdir}/fdo/keys
+%dir %{_sysconfdir}/fdo/owner-onboarding-server.conf.d
+%dir %{_sysconfdir}/fdo/serviceinfo-api-server.conf.d
+%dir %{_sysconfdir}/fdo/stores
+%dir %{_sysconfdir}/fdo/stores/owner_onboarding_sessions
+%dir %{_sysconfdir}/fdo/stores/owner_vouchers
 %{_libexecdir}/fdo/fdo-owner-onboarding-server
 %{_libexecdir}/fdo/fdo-serviceinfo-api-server
 %dir %{_docdir}/fdo
@@ -125,6 +148,12 @@ License: %combined_license
 
 %files -n fdo-rendezvous-server
 %license LICENSE LICENSE.dependencies
+%dir %{_sysconfdir}/fdo
+%dir %{_sysconfdir}/fdo/keys
+%dir %{_sysconfdir}/fdo/rendezvous-server.conf.d
+%dir %{_sysconfdir}/fdo/stores
+%dir %{_sysconfdir}/fdo/stores/rendezvous_registered
+%dir %{_sysconfdir}/fdo/stores/rendezvous_sessions
 %{_libexecdir}/fdo/fdo-rendezvous-server
 %dir %{_docdir}/fdo
 %{_docdir}/fdo/rendezvous-*.yml
@@ -148,6 +177,13 @@ Requires: openssl-libs >= 3.0.1-12
 
 %files -n fdo-manufacturing-server
 %license LICENSE LICENSE.dependencies
+%dir %{_sysconfdir}/fdo
+%dir %{_sysconfdir}/fdo/keys
+%dir %{_sysconfdir}/fdo/manufacturing-server.conf.d
+%dir %{_sysconfdir}/fdo/keys
+%dir %{_sysconfdir}/fdo/stores
+%dir %{_sysconfdir}/fdo/stores/manufacturer_keys
+%dir %{_sysconfdir}/fdo/stores/manufacturing_sessions
 %{_libexecdir}/fdo/fdo-manufacturing-server
 %dir %{_docdir}/fdo
 %{_docdir}/fdo/manufacturing-server.yml
@@ -202,8 +238,6 @@ License: %combined_license
 Summary: FDO admin tools implementation
 License: %combined_license
 Requires: fdo-manufacturing-server = %{version}-%{release}
-Requires: fdo-init = %{version}-%{release}
-Requires: fdo-client = %{version}-%{release}
 Requires: fdo-rendezvous-server = %{version}-%{release}
 Requires: fdo-owner-onboarding-server = %{version}-%{release}
 Requires: fdo-owner-cli = %{version}-%{release}
@@ -212,10 +246,11 @@ Requires: fdo-owner-cli = %{version}-%{release}
 
 %files -n fdo-admin-cli
 %license LICENSE LICENSE.dependencies
+%dir %{_sysconfdir}/fdo
+%dir %{_sysconfdir}/fdo/keys
 %{_bindir}/fdo-admin-tool
 %{_libexecdir}/fdo/fdo-admin-tool
 %{_unitdir}/fdo-aio.service
-%dir %{_sysconfdir}/fdo
 
 %post -n fdo-admin-cli
 %systemd_post fdo-aio.service
@@ -227,6 +262,12 @@ Requires: fdo-owner-cli = %{version}-%{release}
 %systemd_postun_with_restart fdo-aio.service
 
 %changelog
+* Thu Jul 27 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.12-1
+- Update to 0.4.12
+
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.10-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
 * Mon Jul 03 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.10-2
 - Updates for eln/c9s building
 

fix-devmapper-version.patch

@@ -0,0 +1,13 @@
+diff --git a/client-linuxapp/Cargo.toml b/client-linuxapp/Cargo.toml
+index 423fec5..f4e3ad4 100644
+--- a/client-linuxapp/Cargo.toml
++++ b/client-linuxapp/Cargo.toml
+@@ -19,7 +19,7 @@ uuid = "1.3"
+ thiserror = "1"
+ libcryptsetup-rs = { version = "0.8.0", features = ["mutex"] }
+ secrecy = "0.8"
+-devicemapper = "0.33"
++devicemapper = "0.32.3"
+ openssl = "0.10.55"
+ 
+ fdo-data-formats = { path = "../data-formats", version = "0.4.12" }

sources

@@ -1,2 +1,2 @@
-SHA512 (fido-device-onboard-rs-0.4.10.tar.gz) = 7b8b082b845f6af269adaff9608075da43d884edd2ed39ec7b613c368d95b0083a8edbf160479d5effb7c19ce5049a2da3e5806dfbe7addcbc34bd3658367731
+SHA512 (fido-device-onboard-rs-0.4.12.tar.gz) = e1b5cfc2ed06977264526b67c8ae3bb8b38c557a0bbb5c9585fac5f334ee134ed921dd712678e842bc93340b8533c773902c27d354956ef169801c2260eddb4f
-SHA512 (fido-device-onboard-rs-0.4.10-vendor-patched.tar.xz) = e8a272e186be04d5937ed32d33bd9d968150cbe84c7cfa9fe5dc53055d7fc61c2198d42e38ee31fb56aaec75c27098e14af15964c6524fa7e396cd05081e337a
+SHA512 (fido-device-onboard-rs-0.4.12-vendor-patched.tar.xz) = ed406baab1af32226e9a793b8ee251f3f7735f821632a6065d49c6536bca1402bf879060d75d8df3f77cf88f4d9717779a3cbfd90dc72bb5b0b3cd827a3833cd