rpms/fido-device-onboard
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS fido-device-onboard-0.5.0-2.el9_3

Browse Source
This commit is contained in:
eabdullin 2024-04-30 11:36:33 +00:00
parent 67c56b29b2
commit fd78e64679
8 changed files with 75 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.fido-device-onboard.metadata
View File

@ -1,2 +1,2 @@
5bc51314a78eec68ea059ddae488aa020b1f295e SOURCES/fido-device-onboard-rs-0.4.12-vendor-patched.tar.xz
377c879cb56ed3324c3e5f170d5c315d07ed2989 SOURCES/fido-device-onboard-rs-0.4.12.tar.gz
ea99d33a93fe21bf988b40ca38282d20d63c3484 SOURCES/fido-device-onboard-rs-0.5.0-vendor-patched.tar.xz
33e6d8ea9eab83617089957c926db773eb62efab SOURCES/fido-device-onboard-rs-0.5.0.tar.gz

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/fido-device-onboard-rs-0.4.12-vendor-patched.tar.xz
SOURCES/fido-device-onboard-rs-0.4.12.tar.gz
SOURCES/fido-device-onboard-rs-0.5.0-vendor-patched.tar.xz
SOURCES/fido-device-onboard-rs-0.5.0.tar.gz

40
SOURCES/0001-Revert-chore-use-git-fork-for-aws-nitro-enclaves-cos.patch Normal file
View File

@ -0,0 +1,40 @@
From d9554495b54d1f150a85f4e329412ff62728d9c7 Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Thu, 15 Feb 2024 12:06:44 +0000
Subject: [PATCH] Revert "chore: use git fork for aws-nitro-enclaves-cose"
This reverts commit 1ea09e88baee3c47cdc76902f0034d553207d515.
---
data-formats/Cargo.toml | 2 +-
http-wrapper/Cargo.toml | 2 +-
3 files changed, 4 insertions(+), 3 deletions(-)
Sdiff --git a/data-formats/Cargo.toml b/data-formats/Cargo.toml
index 714fc55..6d00eb4 100644
--- a/data-formats/Cargo.toml
+++ b/data-formats/Cargo.toml
@@ -17,7 +17,7 @@ serde_cbor = "0.11"
serde_repr = "0.1.6"
serde_tuple = "0.5"
thiserror = "1"
-aws-nitro-enclaves-cose = { git = "https://github.com/nullr0ute/aws-nitro-enclaves-cose/", rev = "e3938e60d9051690569d1e4fcbe1c0c99d2fafa8" }
+aws-nitro-enclaves-cose = "0.4.0"
uuid = "1.3"
num-traits = "0.2"
num-derive = "0.3"
diff --git a/http-wrapper/Cargo.toml b/http-wrapper/Cargo.toml
index 5d4999c..7b98097 100644
--- a/http-wrapper/Cargo.toml
+++ b/http-wrapper/Cargo.toml
@@ -20,7 +20,7 @@ openssl = "0.10.60"
fdo-data-formats = { path = "../data-formats", version = "0.5.0" }
fdo-store = { path = "../store", version = "0.5.0" }
-aws-nitro-enclaves-cose = { git = "https://github.com/nullr0ute/aws-nitro-enclaves-cose/", rev = "e3938e60d9051690569d1e4fcbe1c0c99d2fafa8" }
+aws-nitro-enclaves-cose = "0.4.0"
# Server-side
uuid = { version = "1.3", features = ["v4"], optional = true }
--
2.43.1

30
SOURCES/0001-fix-drop-unused-sha-crypt-dep.patch
View File

@ -1,30 +0,0 @@
From 8899817ceff3371649ed87b700fb81490fb258c8 Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Thu, 27 Jul 2023 10:36:58 +0100
Subject: [PATCH] fix: drop unused sha-crypt dep
The use of sha-crypt was dropped with commit 8d1d1b2 but one of the
Cargo.toml updates was missed so drop it there and update Cargo.lock
to match.
Fixes: 8d1d1b2 ("chore: replace sha-crypt with openssl process calls")
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
---
integration-tests/Cargo.toml | 3 +--
2 files changed, 1 insertion(+), 21 deletions(-)
diff --git a/integration-tests/Cargo.toml b/integration-tests/Cargo.toml
index 451bc3f..e3b87a9 100644
--- a/integration-tests/Cargo.toml
+++ b/integration-tests/Cargo.toml
@@ -35,7 +35,6 @@
passwd = "0.0.1"
pem = "2.0"
users = "0.11.0"
-sha-crypt = "0.5.0"
fdo-data-formats = { path = "../data-formats" }
fdo-util = { path = "../util" }
--
2.41.0

25
SOURCES/0001-fix-relabel-devcreds-before-onboarding.patch
View File

@ -1,25 +0,0 @@
From adb1d1055f85ae48b58252ca36ce00d861a27358 Mon Sep 17 00:00:00 2001
From: Antonio Murdaca <antoniomurdaca@gmail.com>
Date: Tue, 15 Aug 2023 16:29:53 +0200
Subject: [PATCH] fix: relabel devcreds before onboarding
Signed-off-by: Antonio Murdaca <antoniomurdaca@gmail.com>
---
examples/systemd/fdo-client-linuxapp.service | 1 +
1 file changed, 1 insertion(+)
diff --git a/examples/systemd/fdo-client-linuxapp.service b/examples/systemd/fdo-client-linuxapp.service
index acfdc79..c0b3090 100644
--- a/examples/systemd/fdo-client-linuxapp.service
+++ b/examples/systemd/fdo-client-linuxapp.service
@@ -6,6 +6,7 @@ After=network-online.target
Type=oneshot
EnvironmentFile=-/boot/fdo-client-env
Environment=LOG_LEVEL=info
+ExecStartPre=-/usr/sbin/restorecon /boot/device-credentials
ExecStart=/usr/libexec/fdo/fdo-client-linuxapp
ExecStartPost=-/usr/bin/mv /boot/device-credentials /etc/device-credentials
--
2.41.0

68
SOURCES/0001-hack-drop-shadow.patch
View File

@ -1,68 +0,0 @@
From 309c07aa5d43b3d126ccac640901f22afcc25b77 Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Thu, 27 Jul 2023 10:21:26 +0100
Subject: [PATCH] hack; drop shadow
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
---
integration-tests/Cargo.toml | 3 +--
integration-tests/tests/e2e.rs | 7 -------
integration-tests/tests/service_info.rs | 7 -------
3 files changed, 1 insertion(+), 16 deletions(-)
diff --git a/integration-tests/Cargo.toml b/integration-tests/Cargo.toml
index 451bc3f..3e19ebb 100644
--- a/integration-tests/Cargo.toml
+++ b/integration-tests/Cargo.toml
@@ -33,10 +33,9 @@ serde_json = "1.0"
pretty_assertions = "1.0.0"
paste = "1.0"
passwd = "0.0.1"
-shadow = "0.0.1"
pem = "2.0"
users = "0.11.0"
sha-crypt = "0.5.0"
fdo-data-formats = { path = "../data-formats" }
-fdo-util = { path = "../util" }
\ No newline at end of file
+fdo-util = { path = "../util" }
diff --git a/integration-tests/tests/e2e.rs b/integration-tests/tests/e2e.rs
index 9857ce0..611fc84 100644
--- a/integration-tests/tests/e2e.rs
+++ b/integration-tests/tests/e2e.rs
@@ -406,13 +406,6 @@ ssh-ed25519 sshkey_default user@example2.com
"User: {} is not created during onboarding",
&new_user
);
- if let Some(test_user) = shadow::Shadow::from_name(new_user) {
- pretty_assertions::assert_eq!(
- test_user.password.is_empty(),
- false,
- "Password not created during onboarding"
- );
- }
} else {
L.l("Skipped create initial user validation
To validate set env variable FDO_PRIVILEGED and run test as superuser");
diff --git a/integration-tests/tests/service_info.rs b/integration-tests/tests/service_info.rs
index 8a346cc..4d05107 100644
--- a/integration-tests/tests/service_info.rs
+++ b/integration-tests/tests/service_info.rs
@@ -285,13 +285,6 @@ ssh-ed25519 sshkey_default user@example2.com
"User: {} is not created during onboarding",
&new_user
);
- if let Some(test_user) = shadow::Shadow::from_name(new_user) {
- pretty_assertions::assert_eq!(
- test_user.password.is_empty(),
- false,
- "Password not created during onboarding"
- );
- }
} else {
L.l("Skipped create initial user validation
To validate set env variable FDO_PRIVILEGED and run test as superuser");
--
2.41.0

13
SOURCES/fix-devmapper-version.patch
View File

@ -1,13 +0,0 @@
diff --git a/client-linuxapp/Cargo.toml b/client-linuxapp/Cargo.toml
index 423fec5..f4e3ad4 100644
--- a/client-linuxapp/Cargo.toml
+++ b/client-linuxapp/Cargo.toml
@@ -19,7 +19,7 @@ uuid = "1.3"
thiserror = "1"
libcryptsetup-rs = { version = "0.8.0", features = ["mutex"] }
secrecy = "0.8"
-devicemapper = "0.33"
+devicemapper = "0.32.3"
openssl = "0.10.55"
fdo-data-formats = { path = "../data-formats", version = "0.4.12" }

43
SPECS/fido-device-onboard.spec
View File

@ -1,21 +1,18 @@
%global dracutlibdir %{_prefix}/lib/dracut
%bcond_without check
%global combined_license Apache-2.0 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND ((Apache-2.0 OR MIT) AND BSD-3-Clause) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND (CC0-1.0 OR Apache-2.0) AND (CC0-1.0 OR MIT-0 OR Apache 2.0) AND ISC AND MIT AND ((MIT OR Apache-2.0) AND Unicode-DFS-2016) AND (Apache-2.0 OR MIT OR Zlib) AND MPL-2.0 AND (Unlicense OR MIT)
%global combined_license Apache-2.0 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND ((Apache-2.0 OR MIT) AND BSD-3-Clause) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND (CC0-1.0 OR Apache-2.0) AND (CC0-1.0 OR MIT-0 OR Apache-2.0) AND ISC AND MIT AND ((MIT OR Apache-2.0) AND Unicode-DFS-2016) AND (Apache-2.0 OR MIT OR Zlib) AND MPL-2.0 AND (Unlicense OR MIT)
Name: fido-device-onboard
Version: 0.4.12
Release: 4%{?dist}
Version: 0.5.0
Release: 2%{?dist}
Summary: A rust implementation of the FIDO Device Onboard Specification
License: BSD-3-Clause
URL: https://github.com/fedora-iot/fido-device-onboard-rs
URL: https://github.com/fdo-rs/fido-device-onboard-rs
Source0: %{url}/archive/v%{version}/%{name}-rs-%{version}.tar.gz
# See make-vendored-tarfile.sh in upstream repo
Source1: %{name}-rs-%{version}-vendor-patched.tar.xz
Patch0: 0001-hack-drop-shadow.patch
Patch1: 0001-fix-drop-unused-sha-crypt-dep.patch
Patch2: fix-devmapper-version.patch
Patch3: 0001-fix-relabel-devcreds-before-onboarding.patch
Patch1: 0001-Revert-chore-use-git-fork-for-aws-nitro-enclaves-cos.patch
# Because nobody cares
ExcludeArch: %{ix86}
@ -32,18 +29,18 @@ BuildRequires: golang
BuildRequires: openssl-devel >= 3.0.1-12
BuildRequires: systemd-rpm-macros
BuildRequires: tpm2-tss-devel
BuildRequires: sqlite-devel
BuildRequires: libpq-devel
%description
%{summary}.
%prep
%setup -q -n %{name}-rs-%{version}
%patch0 -p1
%patch1 -p1
%patch3 -p1
# general patches should go here
%patch -P1 -p1
%if 0%{?rhel}
%patch2 -p1
%cargo_prep -V 1
%else
%cargo_prep
@ -69,6 +66,13 @@ install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-owner-tool
install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-admin-tool
install -D -m 0644 -t %{buildroot}%{_unitdir} examples/systemd/*
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo examples/config/*
# db sql files
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_manufacturing_server_postgres migrations/migrations_manufacturing_server_postgres/2023-10-03-152801_create_db/*
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_manufacturing_server_sqlite migrations/migrations_manufacturing_server_sqlite/2023-10-03-152801_create_db/*
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_owner_onboarding_server_postgres migrations/migrations_owner_onboarding_server_postgres/2023-10-03-152801_create_db/*
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_owner_onboarding_server_sqlite migrations/migrations_owner_onboarding_server_sqlite/2023-10-03-152801_create_db/*
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_rendezvous_server_postgres migrations/migrations_rendezvous_server_postgres/2023-10-03-152801_create_db/*
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_rendezvous_server_sqlite migrations/migrations_rendezvous_server_sqlite/2023-10-03-152801_create_db/*
# duplicates as needed by AIO command so link them
ln -s %{_bindir}/fdo-owner-tool %{buildroot}%{_libexecdir}/fdo/fdo-owner-tool
ln -s %{_bindir}/fdo-admin-tool %{buildroot}%{_libexecdir}/fdo/fdo-admin-tool
@ -82,6 +86,7 @@ mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/owner_onboarding_sessions
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/owner_vouchers
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/rendezvous_registered
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/rendezvous_sessions
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/serviceinfo_api_devices
mkdir -p %{buildroot}%{_sysconfdir}/fdo/manufacturing-server.conf.d
mkdir -p %{buildroot}%{_sysconfdir}/fdo/owner-onboarding-server.conf.d
mkdir -p %{buildroot}%{_sysconfdir}/fdo/rendezvous-server.conf.d
@ -122,6 +127,7 @@ Requires: openssl-libs >= 3.0.1-12
%dir %{_sysconfdir}/fdo/stores
%dir %{_sysconfdir}/fdo/stores/owner_onboarding_sessions
%dir %{_sysconfdir}/fdo/stores/owner_vouchers
%dir %{_sysconfdir}/fdo/stores/serviceinfo_api_devices
%{_libexecdir}/fdo/fdo-owner-onboarding-server
%{_libexecdir}/fdo/fdo-serviceinfo-api-server
%dir %{_localstatedir}/lib/fdo
@ -129,6 +135,8 @@ Requires: openssl-libs >= 3.0.1-12
%{_docdir}/fdo/device_specific_serviceinfo.yml
%{_docdir}/fdo/serviceinfo-api-server.yml
%{_docdir}/fdo/owner-onboarding-server.yml
%{_docdir}/fdo/migrations/migrations_owner_onboarding_server_postgres/*
%{_docdir}/fdo/migrations/migrations_owner_onboarding_server_sqlite/*
%{_unitdir}/fdo-serviceinfo-api-server.service
%{_unitdir}/fdo-owner-onboarding-server.service
@ -162,6 +170,8 @@ License: %combined_license
%dir %{_localstatedir}/lib/fdo
%dir %{_docdir}/fdo
%{_docdir}/fdo/rendezvous-*.yml
%{_docdir}/fdo/migrations/migrations_rendezvous_server_postgres/*
%{_docdir}/fdo/migrations/migrations_rendezvous_server_sqlite/*
%{_unitdir}/fdo-rendezvous-server.service
%post -n fdo-rendezvous-server
@ -193,6 +203,8 @@ Requires: openssl-libs >= 3.0.1-12
%dir %{_localstatedir}/lib/fdo
%dir %{_docdir}/fdo
%{_docdir}/fdo/manufacturing-server.yml
%{_docdir}/fdo/migrations/migrations_manufacturing_server_postgres/*
%{_docdir}/fdo/migrations/migrations_manufacturing_server_sqlite/*
%{_unitdir}/fdo-manufacturing-server.service
%post -n fdo-manufacturing-server
@ -270,6 +282,13 @@ Requires: fdo-init = %{version}-%{release}
%systemd_postun_with_restart fdo-aio.service
%changelog
* Wed Feb 28 2024 Irene Diez <idiez@redhat.com> - 0.5.0-2
- Update license
* Thu Feb 22 2024 Irene Diez <idiez@redhat.com> - 0.5.0-1
- New version 0.5.0, adds database support
- Remove unused patches
* Wed Aug 23 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.12-4
- Ensure client service fix is applied