From fd78e646795daaeed072a30ed6314190cf820663 Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Tue, 30 Apr 2024 11:36:33 +0000
Subject: [PATCH] import CS fido-device-onboard-0.5.0-2.el9_3

---
 .fido-device-onboard.metadata                 |  4 +-
 .gitignore                                    |  4 +-
 ...-git-fork-for-aws-nitro-enclaves-cos.patch | 40 +++++++++++
 .../0001-fix-drop-unused-sha-crypt-dep.patch  | 30 --------
 ...x-relabel-devcreds-before-onboarding.patch | 25 -------
 SOURCES/0001-hack-drop-shadow.patch           | 68 -------------------
 SOURCES/fix-devmapper-version.patch           | 13 ----
 SPECS/fido-device-onboard.spec                | 43 ++++++++----
 8 files changed, 75 insertions(+), 152 deletions(-)
 create mode 100644 SOURCES/0001-Revert-chore-use-git-fork-for-aws-nitro-enclaves-cos.patch
 delete mode 100644 SOURCES/0001-fix-drop-unused-sha-crypt-dep.patch
 delete mode 100644 SOURCES/0001-fix-relabel-devcreds-before-onboarding.patch
 delete mode 100644 SOURCES/0001-hack-drop-shadow.patch
 delete mode 100644 SOURCES/fix-devmapper-version.patch

diff --git a/.fido-device-onboard.metadata b/.fido-device-onboard.metadata
index 5812c83..670da59 100644
--- a/.fido-device-onboard.metadata
+++ b/.fido-device-onboard.metadata
@@ -1,2 +1,2 @@
-5bc51314a78eec68ea059ddae488aa020b1f295e SOURCES/fido-device-onboard-rs-0.4.12-vendor-patched.tar.xz
-377c879cb56ed3324c3e5f170d5c315d07ed2989 SOURCES/fido-device-onboard-rs-0.4.12.tar.gz
+ea99d33a93fe21bf988b40ca38282d20d63c3484 SOURCES/fido-device-onboard-rs-0.5.0-vendor-patched.tar.xz
+33e6d8ea9eab83617089957c926db773eb62efab SOURCES/fido-device-onboard-rs-0.5.0.tar.gz
diff --git a/.gitignore b/.gitignore
index a353867..f61e2bc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-SOURCES/fido-device-onboard-rs-0.4.12-vendor-patched.tar.xz
-SOURCES/fido-device-onboard-rs-0.4.12.tar.gz
+SOURCES/fido-device-onboard-rs-0.5.0-vendor-patched.tar.xz
+SOURCES/fido-device-onboard-rs-0.5.0.tar.gz
diff --git a/SOURCES/0001-Revert-chore-use-git-fork-for-aws-nitro-enclaves-cos.patch b/SOURCES/0001-Revert-chore-use-git-fork-for-aws-nitro-enclaves-cos.patch
new file mode 100644
index 0000000..722d680
--- /dev/null
+++ b/SOURCES/0001-Revert-chore-use-git-fork-for-aws-nitro-enclaves-cos.patch
@@ -0,0 +1,40 @@
+From d9554495b54d1f150a85f4e329412ff62728d9c7 Mon Sep 17 00:00:00 2001
+From: Peter Robinson <pbrobinson@gmail.com>
+Date: Thu, 15 Feb 2024 12:06:44 +0000
+Subject: [PATCH] Revert "chore: use git fork for aws-nitro-enclaves-cose"
+
+This reverts commit 1ea09e88baee3c47cdc76902f0034d553207d515.
+---
+ data-formats/Cargo.toml | 2 +-
+ http-wrapper/Cargo.toml | 2 +-
+ 3 files changed, 4 insertions(+), 3 deletions(-)
+
+Sdiff --git a/data-formats/Cargo.toml b/data-formats/Cargo.toml
+index 714fc55..6d00eb4 100644
+--- a/data-formats/Cargo.toml
++++ b/data-formats/Cargo.toml
+@@ -17,7 +17,7 @@ serde_cbor = "0.11"
+ serde_repr = "0.1.6"
+ serde_tuple = "0.5"
+ thiserror = "1"
+-aws-nitro-enclaves-cose = { git = "https://github.com/nullr0ute/aws-nitro-enclaves-cose/", rev = "e3938e60d9051690569d1e4fcbe1c0c99d2fafa8" }
++aws-nitro-enclaves-cose = "0.4.0"
+ uuid = "1.3"
+ num-traits = "0.2"
+ num-derive = "0.3"
+diff --git a/http-wrapper/Cargo.toml b/http-wrapper/Cargo.toml
+index 5d4999c..7b98097 100644
+--- a/http-wrapper/Cargo.toml
++++ b/http-wrapper/Cargo.toml
+@@ -20,7 +20,7 @@ openssl = "0.10.60"
+ 
+ fdo-data-formats = { path = "../data-formats", version = "0.5.0" }
+ fdo-store = { path = "../store", version = "0.5.0" }
+-aws-nitro-enclaves-cose = { git = "https://github.com/nullr0ute/aws-nitro-enclaves-cose/", rev = "e3938e60d9051690569d1e4fcbe1c0c99d2fafa8" }
++aws-nitro-enclaves-cose = "0.4.0"
+ 
+ # Server-side
+ uuid = { version = "1.3", features = ["v4"], optional = true }
+-- 
+2.43.1
+
diff --git a/SOURCES/0001-fix-drop-unused-sha-crypt-dep.patch b/SOURCES/0001-fix-drop-unused-sha-crypt-dep.patch
deleted file mode 100644
index cc8c67e..0000000
--- a/SOURCES/0001-fix-drop-unused-sha-crypt-dep.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 8899817ceff3371649ed87b700fb81490fb258c8 Mon Sep 17 00:00:00 2001
-From: Peter Robinson <pbrobinson@gmail.com>
-Date: Thu, 27 Jul 2023 10:36:58 +0100
-Subject: [PATCH] fix: drop unused sha-crypt dep
-
-The use of sha-crypt was dropped with commit 8d1d1b2 but one of the
-Cargo.toml updates was missed so drop it there and update Cargo.lock
-to match.
-
-Fixes: 8d1d1b2 ("chore: replace sha-crypt with openssl process calls")
-Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
----
- integration-tests/Cargo.toml |  3 +--
- 2 files changed, 1 insertion(+), 21 deletions(-)
-
-diff --git a/integration-tests/Cargo.toml b/integration-tests/Cargo.toml
-index 451bc3f..e3b87a9 100644
---- a/integration-tests/Cargo.toml
-+++ b/integration-tests/Cargo.toml
-@@ -35,7 +35,6 @@
- passwd = "0.0.1"
- pem = "2.0"
- users = "0.11.0"
--sha-crypt = "0.5.0"
- 
- fdo-data-formats = { path = "../data-formats" }
- fdo-util = { path = "../util" }
--- 
-2.41.0
-
diff --git a/SOURCES/0001-fix-relabel-devcreds-before-onboarding.patch b/SOURCES/0001-fix-relabel-devcreds-before-onboarding.patch
deleted file mode 100644
index 4462866..0000000
--- a/SOURCES/0001-fix-relabel-devcreds-before-onboarding.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From adb1d1055f85ae48b58252ca36ce00d861a27358 Mon Sep 17 00:00:00 2001
-From: Antonio Murdaca <antoniomurdaca@gmail.com>
-Date: Tue, 15 Aug 2023 16:29:53 +0200
-Subject: [PATCH] fix: relabel devcreds before onboarding
-
-Signed-off-by: Antonio Murdaca <antoniomurdaca@gmail.com>
----
- examples/systemd/fdo-client-linuxapp.service | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/examples/systemd/fdo-client-linuxapp.service b/examples/systemd/fdo-client-linuxapp.service
-index acfdc79..c0b3090 100644
---- a/examples/systemd/fdo-client-linuxapp.service
-+++ b/examples/systemd/fdo-client-linuxapp.service
-@@ -6,6 +6,7 @@ After=network-online.target
- Type=oneshot
- EnvironmentFile=-/boot/fdo-client-env
- Environment=LOG_LEVEL=info
-+ExecStartPre=-/usr/sbin/restorecon /boot/device-credentials
- ExecStart=/usr/libexec/fdo/fdo-client-linuxapp
- ExecStartPost=-/usr/bin/mv /boot/device-credentials /etc/device-credentials
- 
--- 
-2.41.0
-
diff --git a/SOURCES/0001-hack-drop-shadow.patch b/SOURCES/0001-hack-drop-shadow.patch
deleted file mode 100644
index 23448c9..0000000
--- a/SOURCES/0001-hack-drop-shadow.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 309c07aa5d43b3d126ccac640901f22afcc25b77 Mon Sep 17 00:00:00 2001
-From: Peter Robinson <pbrobinson@gmail.com>
-Date: Thu, 27 Jul 2023 10:21:26 +0100
-Subject: [PATCH] hack; drop shadow
-
-Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
----
- integration-tests/Cargo.toml            | 3 +--
- integration-tests/tests/e2e.rs          | 7 -------
- integration-tests/tests/service_info.rs | 7 -------
- 3 files changed, 1 insertion(+), 16 deletions(-)
-
-diff --git a/integration-tests/Cargo.toml b/integration-tests/Cargo.toml
-index 451bc3f..3e19ebb 100644
---- a/integration-tests/Cargo.toml
-+++ b/integration-tests/Cargo.toml
-@@ -33,10 +33,9 @@ serde_json = "1.0"
- pretty_assertions = "1.0.0"
- paste = "1.0"
- passwd = "0.0.1"
--shadow = "0.0.1"
- pem = "2.0"
- users = "0.11.0"
- sha-crypt = "0.5.0"
- 
- fdo-data-formats = { path = "../data-formats" }
--fdo-util = { path = "../util" }
-\ No newline at end of file
-+fdo-util = { path = "../util" }
-diff --git a/integration-tests/tests/e2e.rs b/integration-tests/tests/e2e.rs
-index 9857ce0..611fc84 100644
---- a/integration-tests/tests/e2e.rs
-+++ b/integration-tests/tests/e2e.rs
-@@ -406,13 +406,6 @@ ssh-ed25519 sshkey_default user@example2.com
-             "User: {} is not created during onboarding",
-             &new_user
-         );
--        if let Some(test_user) = shadow::Shadow::from_name(new_user) {
--            pretty_assertions::assert_eq!(
--                test_user.password.is_empty(),
--                false,
--                "Password not created during onboarding"
--            );
--        }
-     } else {
-         L.l("Skipped create initial user validation
-         To validate set env variable FDO_PRIVILEGED and run test as superuser");
-diff --git a/integration-tests/tests/service_info.rs b/integration-tests/tests/service_info.rs
-index 8a346cc..4d05107 100644
---- a/integration-tests/tests/service_info.rs
-+++ b/integration-tests/tests/service_info.rs
-@@ -285,13 +285,6 @@ ssh-ed25519 sshkey_default user@example2.com
-             "User: {} is not created during onboarding",
-             &new_user
-         );
--        if let Some(test_user) = shadow::Shadow::from_name(new_user) {
--            pretty_assertions::assert_eq!(
--                test_user.password.is_empty(),
--                false,
--                "Password not created during onboarding"
--            );
--        }
-     } else {
-         L.l("Skipped create initial user validation
-         To validate set env variable FDO_PRIVILEGED and run test as superuser");
--- 
-2.41.0
-
diff --git a/SOURCES/fix-devmapper-version.patch b/SOURCES/fix-devmapper-version.patch
deleted file mode 100644
index 38062c0..0000000
--- a/SOURCES/fix-devmapper-version.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/client-linuxapp/Cargo.toml b/client-linuxapp/Cargo.toml
-index 423fec5..f4e3ad4 100644
---- a/client-linuxapp/Cargo.toml
-+++ b/client-linuxapp/Cargo.toml
-@@ -19,7 +19,7 @@ uuid = "1.3"
- thiserror = "1"
- libcryptsetup-rs = { version = "0.8.0", features = ["mutex"] }
- secrecy = "0.8"
--devicemapper = "0.33"
-+devicemapper = "0.32.3"
- openssl = "0.10.55"
- 
- fdo-data-formats = { path = "../data-formats", version = "0.4.12" }
diff --git a/SPECS/fido-device-onboard.spec b/SPECS/fido-device-onboard.spec
index 5790600..095e311 100644
--- a/SPECS/fido-device-onboard.spec
+++ b/SPECS/fido-device-onboard.spec
@@ -1,21 +1,18 @@
 %global dracutlibdir %{_prefix}/lib/dracut
 %bcond_without check
-%global combined_license Apache-2.0 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND ((Apache-2.0 OR MIT) AND BSD-3-Clause) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND (CC0-1.0 OR Apache-2.0) AND (CC0-1.0 OR MIT-0 OR Apache 2.0) AND ISC AND MIT AND ((MIT OR Apache-2.0) AND Unicode-DFS-2016) AND (Apache-2.0 OR MIT OR Zlib) AND MPL-2.0 AND (Unlicense OR MIT)
+%global combined_license Apache-2.0 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND ((Apache-2.0 OR MIT) AND BSD-3-Clause) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND (CC0-1.0 OR Apache-2.0) AND (CC0-1.0 OR MIT-0 OR Apache-2.0) AND ISC AND MIT AND ((MIT OR Apache-2.0) AND Unicode-DFS-2016) AND (Apache-2.0 OR MIT OR Zlib) AND MPL-2.0 AND (Unlicense OR MIT)
 
 Name:           fido-device-onboard
-Version:        0.4.12
-Release:        4%{?dist}
+Version:        0.5.0
+Release:        2%{?dist}
 Summary:        A rust implementation of the FIDO Device Onboard Specification
 License:        BSD-3-Clause
 
-URL:            https://github.com/fedora-iot/fido-device-onboard-rs
+URL:            https://github.com/fdo-rs/fido-device-onboard-rs
 Source0:        %{url}/archive/v%{version}/%{name}-rs-%{version}.tar.gz
 # See make-vendored-tarfile.sh in upstream repo
 Source1:        %{name}-rs-%{version}-vendor-patched.tar.xz
-Patch0:         0001-hack-drop-shadow.patch
-Patch1:         0001-fix-drop-unused-sha-crypt-dep.patch
-Patch2:         fix-devmapper-version.patch
-Patch3:         0001-fix-relabel-devcreds-before-onboarding.patch
+Patch1:         0001-Revert-chore-use-git-fork-for-aws-nitro-enclaves-cos.patch
 
 # Because nobody cares
 ExcludeArch: %{ix86}
@@ -32,18 +29,18 @@ BuildRequires:  golang
 BuildRequires:  openssl-devel >= 3.0.1-12
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  tpm2-tss-devel
+BuildRequires:  sqlite-devel
+BuildRequires:  libpq-devel
 
 %description
 %{summary}.
 
 %prep
 %setup -q -n %{name}-rs-%{version}
-%patch0 -p1
-%patch1 -p1
-%patch3 -p1
+# general patches should go here
+%patch -P1 -p1
 
 %if 0%{?rhel}
-%patch2 -p1
 %cargo_prep -V 1
 %else
 %cargo_prep
@@ -69,6 +66,13 @@ install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-owner-tool
 install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-admin-tool
 install -D -m 0644 -t %{buildroot}%{_unitdir} examples/systemd/*
 install -D -m 0644 -t %{buildroot}%{_docdir}/fdo examples/config/*
+# db sql files
+install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_manufacturing_server_postgres  migrations/migrations_manufacturing_server_postgres/2023-10-03-152801_create_db/*
+install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_manufacturing_server_sqlite  migrations/migrations_manufacturing_server_sqlite/2023-10-03-152801_create_db/*
+install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_owner_onboarding_server_postgres  migrations/migrations_owner_onboarding_server_postgres/2023-10-03-152801_create_db/*
+install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_owner_onboarding_server_sqlite  migrations/migrations_owner_onboarding_server_sqlite/2023-10-03-152801_create_db/*
+install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_rendezvous_server_postgres  migrations/migrations_rendezvous_server_postgres/2023-10-03-152801_create_db/*
+install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_rendezvous_server_sqlite  migrations/migrations_rendezvous_server_sqlite/2023-10-03-152801_create_db/*
 # duplicates as needed by AIO command so link them
 ln -s %{_bindir}/fdo-owner-tool  %{buildroot}%{_libexecdir}/fdo/fdo-owner-tool
 ln -s %{_bindir}/fdo-admin-tool %{buildroot}%{_libexecdir}/fdo/fdo-admin-tool
@@ -82,6 +86,7 @@ mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/owner_onboarding_sessions
 mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/owner_vouchers
 mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/rendezvous_registered
 mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/rendezvous_sessions
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/serviceinfo_api_devices
 mkdir -p %{buildroot}%{_sysconfdir}/fdo/manufacturing-server.conf.d
 mkdir -p %{buildroot}%{_sysconfdir}/fdo/owner-onboarding-server.conf.d
 mkdir -p %{buildroot}%{_sysconfdir}/fdo/rendezvous-server.conf.d
@@ -122,6 +127,7 @@ Requires: openssl-libs >= 3.0.1-12
 %dir %{_sysconfdir}/fdo/stores
 %dir %{_sysconfdir}/fdo/stores/owner_onboarding_sessions
 %dir %{_sysconfdir}/fdo/stores/owner_vouchers
+%dir %{_sysconfdir}/fdo/stores/serviceinfo_api_devices
 %{_libexecdir}/fdo/fdo-owner-onboarding-server
 %{_libexecdir}/fdo/fdo-serviceinfo-api-server
 %dir %{_localstatedir}/lib/fdo
@@ -129,6 +135,8 @@ Requires: openssl-libs >= 3.0.1-12
 %{_docdir}/fdo/device_specific_serviceinfo.yml
 %{_docdir}/fdo/serviceinfo-api-server.yml
 %{_docdir}/fdo/owner-onboarding-server.yml
+%{_docdir}/fdo/migrations/migrations_owner_onboarding_server_postgres/*
+%{_docdir}/fdo/migrations/migrations_owner_onboarding_server_sqlite/*
 %{_unitdir}/fdo-serviceinfo-api-server.service
 %{_unitdir}/fdo-owner-onboarding-server.service
 
@@ -162,6 +170,8 @@ License: %combined_license
 %dir %{_localstatedir}/lib/fdo
 %dir %{_docdir}/fdo
 %{_docdir}/fdo/rendezvous-*.yml
+%{_docdir}/fdo/migrations/migrations_rendezvous_server_postgres/*
+%{_docdir}/fdo/migrations/migrations_rendezvous_server_sqlite/*
 %{_unitdir}/fdo-rendezvous-server.service
 
 %post -n fdo-rendezvous-server
@@ -193,6 +203,8 @@ Requires: openssl-libs >= 3.0.1-12
 %dir %{_localstatedir}/lib/fdo
 %dir %{_docdir}/fdo
 %{_docdir}/fdo/manufacturing-server.yml
+%{_docdir}/fdo/migrations/migrations_manufacturing_server_postgres/*
+%{_docdir}/fdo/migrations/migrations_manufacturing_server_sqlite/*
 %{_unitdir}/fdo-manufacturing-server.service
 
 %post -n fdo-manufacturing-server
@@ -270,6 +282,13 @@ Requires: fdo-init = %{version}-%{release}
 %systemd_postun_with_restart fdo-aio.service
 
 %changelog
+* Wed Feb 28 2024 Irene Diez <idiez@redhat.com> - 0.5.0-2
+- Update license
+
+* Thu Feb 22 2024 Irene Diez <idiez@redhat.com> - 0.5.0-1
+- New version 0.5.0, adds database support
+- Remove unused patches
+
 * Wed Aug 23 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.12-4
 - Ensure client service fix is applied