Compare commits
No commits in common. "c8-beta" and "c10s" have entirely different histories.
@ -1,2 +0,0 @@
|
|||||||
f89779ff4421530aa4f51ebe1eaa81858ec4b1f5 SOURCES/fido-device-onboard-rs-0.4.5-vendor-patched.tar.gz
|
|
||||||
2bccb11a53358c1464e00d9a2b41251d793651d0 SOURCES/fido-device-onboard-rs-0.4.5.tar.gz
|
|
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,2 +1,2 @@
|
|||||||
SOURCES/fido-device-onboard-rs-0.4.5-vendor-patched.tar.gz
|
/fido-device-onboard-rs-*.tar.gz
|
||||||
SOURCES/fido-device-onboard-rs-0.4.5.tar.gz
|
/fido-device-onboard-rs-*-vendor-patched.tar.xz
|
||||||
|
30
0001-fix-drop-unused-sha-crypt-dep.patch
Normal file
30
0001-fix-drop-unused-sha-crypt-dep.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
From 8899817ceff3371649ed87b700fb81490fb258c8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Peter Robinson <pbrobinson@gmail.com>
|
||||||
|
Date: Thu, 27 Jul 2023 10:36:58 +0100
|
||||||
|
Subject: [PATCH] fix: drop unused sha-crypt dep
|
||||||
|
|
||||||
|
The use of sha-crypt was dropped with commit 8d1d1b2 but one of the
|
||||||
|
Cargo.toml updates was missed so drop it there and update Cargo.lock
|
||||||
|
to match.
|
||||||
|
|
||||||
|
Fixes: 8d1d1b2 ("chore: replace sha-crypt with openssl process calls")
|
||||||
|
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
|
||||||
|
---
|
||||||
|
integration-tests/Cargo.toml | 3 +--
|
||||||
|
2 files changed, 1 insertion(+), 21 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/integration-tests/Cargo.toml b/integration-tests/Cargo.toml
|
||||||
|
index 451bc3f..e3b87a9 100644
|
||||||
|
--- a/integration-tests/Cargo.toml
|
||||||
|
+++ b/integration-tests/Cargo.toml
|
||||||
|
@@ -35,7 +35,6 @@
|
||||||
|
passwd = "0.0.1"
|
||||||
|
pem = "2.0"
|
||||||
|
users = "0.11.0"
|
||||||
|
-sha-crypt = "0.5.0"
|
||||||
|
|
||||||
|
fdo-data-formats = { path = "../data-formats" }
|
||||||
|
fdo-util = { path = "../util" }
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
25
0001-fix-relabel-devcreds-before-onboarding.patch
Normal file
25
0001-fix-relabel-devcreds-before-onboarding.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
From adb1d1055f85ae48b58252ca36ce00d861a27358 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Antonio Murdaca <antoniomurdaca@gmail.com>
|
||||||
|
Date: Tue, 15 Aug 2023 16:29:53 +0200
|
||||||
|
Subject: [PATCH] fix: relabel devcreds before onboarding
|
||||||
|
|
||||||
|
Signed-off-by: Antonio Murdaca <antoniomurdaca@gmail.com>
|
||||||
|
---
|
||||||
|
examples/systemd/fdo-client-linuxapp.service | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/examples/systemd/fdo-client-linuxapp.service b/examples/systemd/fdo-client-linuxapp.service
|
||||||
|
index acfdc79..c0b3090 100644
|
||||||
|
--- a/examples/systemd/fdo-client-linuxapp.service
|
||||||
|
+++ b/examples/systemd/fdo-client-linuxapp.service
|
||||||
|
@@ -6,6 +6,7 @@ After=network-online.target
|
||||||
|
Type=oneshot
|
||||||
|
EnvironmentFile=-/boot/fdo-client-env
|
||||||
|
Environment=LOG_LEVEL=info
|
||||||
|
+ExecStartPre=-/usr/sbin/restorecon /boot/device-credentials
|
||||||
|
ExecStart=/usr/libexec/fdo/fdo-client-linuxapp
|
||||||
|
ExecStartPost=-/usr/bin/mv /boot/device-credentials /etc/device-credentials
|
||||||
|
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
68
0001-hack-drop-shadow.patch
Normal file
68
0001-hack-drop-shadow.patch
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
From 309c07aa5d43b3d126ccac640901f22afcc25b77 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Peter Robinson <pbrobinson@gmail.com>
|
||||||
|
Date: Thu, 27 Jul 2023 10:21:26 +0100
|
||||||
|
Subject: [PATCH] hack; drop shadow
|
||||||
|
|
||||||
|
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
|
||||||
|
---
|
||||||
|
integration-tests/Cargo.toml | 3 +--
|
||||||
|
integration-tests/tests/e2e.rs | 7 -------
|
||||||
|
integration-tests/tests/service_info.rs | 7 -------
|
||||||
|
3 files changed, 1 insertion(+), 16 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/integration-tests/Cargo.toml b/integration-tests/Cargo.toml
|
||||||
|
index 451bc3f..3e19ebb 100644
|
||||||
|
--- a/integration-tests/Cargo.toml
|
||||||
|
+++ b/integration-tests/Cargo.toml
|
||||||
|
@@ -33,10 +33,9 @@ serde_json = "1.0"
|
||||||
|
pretty_assertions = "1.0.0"
|
||||||
|
paste = "1.0"
|
||||||
|
passwd = "0.0.1"
|
||||||
|
-shadow = "0.0.1"
|
||||||
|
pem = "2.0"
|
||||||
|
users = "0.11.0"
|
||||||
|
sha-crypt = "0.5.0"
|
||||||
|
|
||||||
|
fdo-data-formats = { path = "../data-formats" }
|
||||||
|
-fdo-util = { path = "../util" }
|
||||||
|
\ No newline at end of file
|
||||||
|
+fdo-util = { path = "../util" }
|
||||||
|
diff --git a/integration-tests/tests/e2e.rs b/integration-tests/tests/e2e.rs
|
||||||
|
index 9857ce0..611fc84 100644
|
||||||
|
--- a/integration-tests/tests/e2e.rs
|
||||||
|
+++ b/integration-tests/tests/e2e.rs
|
||||||
|
@@ -406,13 +406,6 @@ ssh-ed25519 sshkey_default user@example2.com
|
||||||
|
"User: {} is not created during onboarding",
|
||||||
|
&new_user
|
||||||
|
);
|
||||||
|
- if let Some(test_user) = shadow::Shadow::from_name(new_user) {
|
||||||
|
- pretty_assertions::assert_eq!(
|
||||||
|
- test_user.password.is_empty(),
|
||||||
|
- false,
|
||||||
|
- "Password not created during onboarding"
|
||||||
|
- );
|
||||||
|
- }
|
||||||
|
} else {
|
||||||
|
L.l("Skipped create initial user validation
|
||||||
|
To validate set env variable FDO_PRIVILEGED and run test as superuser");
|
||||||
|
diff --git a/integration-tests/tests/service_info.rs b/integration-tests/tests/service_info.rs
|
||||||
|
index 8a346cc..4d05107 100644
|
||||||
|
--- a/integration-tests/tests/service_info.rs
|
||||||
|
+++ b/integration-tests/tests/service_info.rs
|
||||||
|
@@ -285,13 +285,6 @@ ssh-ed25519 sshkey_default user@example2.com
|
||||||
|
"User: {} is not created during onboarding",
|
||||||
|
&new_user
|
||||||
|
);
|
||||||
|
- if let Some(test_user) = shadow::Shadow::from_name(new_user) {
|
||||||
|
- pretty_assertions::assert_eq!(
|
||||||
|
- test_user.password.is_empty(),
|
||||||
|
- false,
|
||||||
|
- "Password not created during onboarding"
|
||||||
|
- );
|
||||||
|
- }
|
||||||
|
} else {
|
||||||
|
L.l("Skipped create initial user validation
|
||||||
|
To validate set env variable FDO_PRIVILEGED and run test as superuser");
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
3
README.md
Normal file
3
README.md
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
# fido-device-onboard
|
||||||
|
|
||||||
|
The fido-device-onboard package
|
@ -1,70 +0,0 @@
|
|||||||
diff --color -ru fido-device-onboard-rs-0.4.5-orig/Cargo.toml fido-device-onboard-rs-0.4.5/Cargo.toml
|
|
||||||
--- fido-device-onboard-rs-0.4.5-orig/Cargo.toml 2022-03-29 17:38:59.000000000 +0200
|
|
||||||
+++ fido-device-onboard-rs-0.4.5/Cargo.toml 2022-03-30 10:45:59.381526470 +0200
|
|
||||||
@@ -17,3 +17,6 @@
|
|
||||||
|
|
||||||
"integration-tests",
|
|
||||||
]
|
|
||||||
+
|
|
||||||
+[profile.release]
|
|
||||||
+debug = true
|
|
||||||
diff --color -ru fido-device-onboard-rs-0.4.5-orig/examples/systemd/fdo-aio.service fido-device-onboard-rs-0.4.5/examples/systemd/fdo-aio.service
|
|
||||||
--- fido-device-onboard-rs-0.4.5-orig/examples/systemd/fdo-aio.service 2022-03-29 17:38:59.000000000 +0200
|
|
||||||
+++ fido-device-onboard-rs-0.4.5/examples/systemd/fdo-aio.service 2022-03-30 10:47:12.654629934 +0200
|
|
||||||
@@ -4,8 +4,9 @@
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Environment=LOG_LEVEL=info
|
|
||||||
+Environment=ALLOW_NONINTEROPERABLE_KDF=1
|
|
||||||
ExecStart=/usr/bin/fdo-admin-tool aio --directory /etc/fdo/aio --binary-path /usr/libexec/fdo
|
|
||||||
# restart and failure condition
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
-WantedBy=multi-user.target
|
|
||||||
\ No newline at end of file
|
|
||||||
+WantedBy=multi-user.target
|
|
||||||
diff --color -ru fido-device-onboard-rs-0.4.5-orig/examples/systemd/fdo-client-linuxapp.service fido-device-onboard-rs-0.4.5/examples/systemd/fdo-client-linuxapp.service
|
|
||||||
--- fido-device-onboard-rs-0.4.5-orig/examples/systemd/fdo-client-linuxapp.service 2022-03-29 17:38:59.000000000 +0200
|
|
||||||
+++ fido-device-onboard-rs-0.4.5/examples/systemd/fdo-client-linuxapp.service 2022-03-30 10:46:15.357549030 +0200
|
|
||||||
@@ -5,6 +5,7 @@
|
|
||||||
[Service]
|
|
||||||
Type=oneshot
|
|
||||||
EnvironmentFile=-/boot/fdo-client-env
|
|
||||||
+Environment=ALLOW_NONINTEROPERABLE_KDF=1
|
|
||||||
Environment=LOG_LEVEL=info
|
|
||||||
ExecStart=/usr/libexec/fdo/fdo-client-linuxapp
|
|
||||||
ExecStartPost=-/usr/bin/mv /boot/device-credentials /etc/device-credentials
|
|
||||||
diff --color -ru fido-device-onboard-rs-0.4.5-orig/examples/systemd/fdo-owner-onboarding-server.service fido-device-onboard-rs-0.4.5/examples/systemd/fdo-owner-onboarding-server.service
|
|
||||||
--- fido-device-onboard-rs-0.4.5-orig/examples/systemd/fdo-owner-onboarding-server.service 2022-03-29 17:38:59.000000000 +0200
|
|
||||||
+++ fido-device-onboard-rs-0.4.5/examples/systemd/fdo-owner-onboarding-server.service 2022-03-30 10:46:21.433557612 +0200
|
|
||||||
@@ -4,8 +4,9 @@
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Environment=LOG_LEVEL=info
|
|
||||||
+Environment=ALLOW_NONINTEROPERABLE_KDF=1
|
|
||||||
ExecStart=/usr/libexec/fdo/fdo-owner-onboarding-server
|
|
||||||
# restart and failure condition
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
-WantedBy=multi-user.target
|
|
||||||
\ No newline at end of file
|
|
||||||
+WantedBy=multi-user.target
|
|
||||||
diff --color -ru fido-device-onboard-rs-0.4.5-orig/vendor/tss-esapi-sys/build.rs fido-device-onboard-rs-0.4.5/vendor/tss-esapi-sys/build.rs
|
|
||||||
--- fido-device-onboard-rs-0.4.5-orig/vendor/tss-esapi-sys/build.rs 2022-03-29 19:26:41.000000000 +0200
|
|
||||||
+++ fido-device-onboard-rs-0.4.5/vendor/tss-esapi-sys/build.rs 2022-03-30 10:46:34.037575407 +0200
|
|
||||||
@@ -4,7 +4,7 @@
|
|
||||||
#[cfg(feature = "generate-bindings")]
|
|
||||||
use std::path::PathBuf;
|
|
||||||
|
|
||||||
-const MINIMUM_VERSION: &str = "2.3.3";
|
|
||||||
+const MINIMUM_VERSION: &str = "2.3.2";
|
|
||||||
|
|
||||||
fn main() {
|
|
||||||
if std::env::var("DOCS_RS").is_ok() {
|
|
||||||
diff --color -ru fido-device-onboard-rs-0.4.5-orig/vendor/tss-esapi-sys/.cargo-checksum.json fido-device-onboard-rs-0.4.5/vendor/tss-esapi-sys/.cargo-checksum.json
|
|
||||||
--- fido-device-onboard-rs-0.4.5-orig/vendor/tss-esapi-sys/.cargo-checksum.json 2022-03-29 19:26:41.000000000 +0200
|
|
||||||
+++ fido-device-onboard-rs-0.4.5/vendor/tss-esapi-sys/.cargo-checksum.json 2022-03-30 10:46:55.432605617 +0200
|
|
||||||
@@ -1 +1 @@
|
|
||||||
-{"files":{"Cargo.toml":"cb816c6cd69d7eb4e712c63575fed05fb120ffaf14a6d462dae7e22d86341721","LICENSE":"cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30","README.md":"2cb476d1db06c323503dc6d15e0f5ed5d6f31b940ee19fb6a1267d26ca2ea109","build.rs":"6cc37b07c069d8e4a532922f4f816c51269a3947bc1d64b1ac5c13330da9422c","regenerate-bindings.sh":"adfc0001d4837ea2e82dadb0455b5dd1da24c728e2526ceef9e1774f2dac3174","src/bindings/aarch64-unknown-linux-gnu.rs":"fbeeefd5706344fb9b37e670f0a3ccb410d3686012f64f9b9b25038f3683f9a2","src/bindings/arm-unknown-linux-gnueabi.rs":"17dc8ad101cbec08ba9a9ef55c3c7d101164c35d19cfd694dca7e25a324101bf","src/bindings/x86_64-unknown-darwin.rs":"1a1f2cd427ebb4d4bf102204507f1fa9e2973ecb7ee7f3e27be61f7ae21a9e43","src/bindings/x86_64-unknown-linux-gnu.rs":"31473ca2a2f853acd091dad98605ee02dcdb521b70023fa8e34822b9bac4bdde","src/lib.rs":"d03e402ccd471f25acca136550af86caa33af7714290424b24b236f1ac9e450f"},"package":"0e2f37914ec4d494d145cfa18bb8429498b238d63c47a08b89d09c1ec2545ff0"}
|
|
||||||
\ No newline at end of file
|
|
||||||
+{"files":{"Cargo.toml":"cb816c6cd69d7eb4e712c63575fed05fb120ffaf14a6d462dae7e22d86341721","LICENSE":"cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30","README.md":"2cb476d1db06c323503dc6d15e0f5ed5d6f31b940ee19fb6a1267d26ca2ea109","build.rs":"4c8649e92bafa9834c7db410c08bd5da8017708dec46a7ddbc526a8f86e91f11","regenerate-bindings.sh":"adfc0001d4837ea2e82dadb0455b5dd1da24c728e2526ceef9e1774f2dac3174","src/bindings/aarch64-unknown-linux-gnu.rs":"fbeeefd5706344fb9b37e670f0a3ccb410d3686012f64f9b9b25038f3683f9a2","src/bindings/arm-unknown-linux-gnueabi.rs":"17dc8ad101cbec08ba9a9ef55c3c7d101164c35d19cfd694dca7e25a324101bf","src/bindings/x86_64-unknown-darwin.rs":"1a1f2cd427ebb4d4bf102204507f1fa9e2973ecb7ee7f3e27be61f7ae21a9e43","src/bindings/x86_64-unknown-linux-gnu.rs":"31473ca2a2f853acd091dad98605ee02dcdb521b70023fa8e34822b9bac4bdde","src/lib.rs":"d03e402ccd471f25acca136550af86caa33af7714290424b24b236f1ac9e450f"},"package":"0e2f37914ec4d494d145cfa18bb8429498b238d63c47a08b89d09c1ec2545ff0"}
|
|
@ -1,272 +0,0 @@
|
|||||||
%define dracutlibdir %{_prefix}/lib/dracut
|
|
||||||
%bcond_without check
|
|
||||||
%global __cargo_skip_build 0
|
|
||||||
%global __cargo_is_lib() false
|
|
||||||
%global forgeurl https://github.com/fedora-iot/fido-device-onboard-rs
|
|
||||||
|
|
||||||
Version: 0.4.5
|
|
||||||
|
|
||||||
%forgemeta
|
|
||||||
|
|
||||||
Name: fido-device-onboard
|
|
||||||
Release: 1%{?dist}
|
|
||||||
Summary: An implementation of the FIDO Device Onboard Specification written in rust
|
|
||||||
|
|
||||||
License: BSD
|
|
||||||
URL: %{forgeurl}
|
|
||||||
Source: %{forgesource}
|
|
||||||
%if "%{?commit}" != ""
|
|
||||||
Source1: %{name}-rs-%{commit}-vendor-patched.tar.gz
|
|
||||||
%else
|
|
||||||
Source1: %{name}-rs-%{version}-vendor-patched.tar.gz
|
|
||||||
%endif
|
|
||||||
|
|
||||||
Patch0: kdf-debug-profile.patch
|
|
||||||
|
|
||||||
ExclusiveArch: %{rust_arches}
|
|
||||||
# RHBZ 1869980
|
|
||||||
ExcludeArch: s390x i686 %{power64}
|
|
||||||
|
|
||||||
%if 0%{?rhel} && !0%{?eln}
|
|
||||||
BuildRequires: rust-toolset
|
|
||||||
%else
|
|
||||||
BuildRequires: rust-packaging
|
|
||||||
%endif
|
|
||||||
BuildRequires: systemd-rpm-macros
|
|
||||||
BuildRequires: openssl-devel
|
|
||||||
BuildRequires: golang
|
|
||||||
BuildRequires: tpm2-tss-devel
|
|
||||||
BuildRequires: cryptsetup-devel
|
|
||||||
BuildRequires: clang-devel
|
|
||||||
|
|
||||||
%description
|
|
||||||
%{summary}.
|
|
||||||
|
|
||||||
%prep
|
|
||||||
%forgesetup
|
|
||||||
%if 0%{?rhel} && !0%{?eln}
|
|
||||||
%cargo_prep -V 1
|
|
||||||
%else
|
|
||||||
%cargo_prep
|
|
||||||
%endif
|
|
||||||
%patch0 -p1
|
|
||||||
|
|
||||||
%build
|
|
||||||
%{__cargo} build --release --features "openssl-kdf/deny_custom,fdo-data-formats/use_noninteroperable_kdf"
|
|
||||||
|
|
||||||
%install
|
|
||||||
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-client-linuxapp
|
|
||||||
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-client
|
|
||||||
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-server
|
|
||||||
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-owner-onboarding-server
|
|
||||||
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-rendezvous-server
|
|
||||||
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-serviceinfo-api-server
|
|
||||||
# duplicates as needed by AIO command
|
|
||||||
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-owner-tool
|
|
||||||
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-admin-tool
|
|
||||||
install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-owner-tool
|
|
||||||
install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-admin-tool
|
|
||||||
install -D -m 0644 -t %{buildroot}%{_unitdir} examples/systemd/*
|
|
||||||
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo examples/config/*
|
|
||||||
mkdir -p %{buildroot}%{_sysconfdir}/fdo
|
|
||||||
# 52fdo
|
|
||||||
install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/module-setup.sh
|
|
||||||
install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-generator
|
|
||||||
install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-service
|
|
||||||
install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client.service
|
|
||||||
|
|
||||||
%package -n fdo-init
|
|
||||||
Summary: dracut module for device initialization
|
|
||||||
%description -n fdo-init
|
|
||||||
%{summary}
|
|
||||||
|
|
||||||
%files -n fdo-init
|
|
||||||
%license LICENSE
|
|
||||||
%{dracutlibdir}/modules.d/52fdo/*
|
|
||||||
%{_libexecdir}/fdo/fdo-manufacturing-client
|
|
||||||
|
|
||||||
%package -n fdo-owner-onboarding-server
|
|
||||||
Summary: FDO Owner Onboarding Server implementation
|
|
||||||
%description -n fdo-owner-onboarding-server
|
|
||||||
%{summary}
|
|
||||||
|
|
||||||
%files -n fdo-owner-onboarding-server
|
|
||||||
%license LICENSE
|
|
||||||
%{_libexecdir}/fdo/fdo-owner-onboarding-server
|
|
||||||
%{_libexecdir}/fdo/fdo-serviceinfo-api-server
|
|
||||||
%{_docdir}/fdo/serviceinfo-api-server.yml
|
|
||||||
%{_unitdir}/fdo-serviceinfo-api-server.service
|
|
||||||
%{_docdir}/fdo/owner-onboarding-server.yml
|
|
||||||
%{_unitdir}/fdo-owner-onboarding-server.service
|
|
||||||
|
|
||||||
%post -n fdo-owner-onboarding-server
|
|
||||||
%systemd_post fdo-owner-onboarding-server.service
|
|
||||||
%systemd_post fdo-serviceinfo-api-server.service
|
|
||||||
|
|
||||||
%preun -n fdo-owner-onboarding-server
|
|
||||||
%systemd_preun fdo-owner-onboarding-server.service
|
|
||||||
%systemd_post fdo-serviceinfo-api-server.service
|
|
||||||
|
|
||||||
%postun -n fdo-owner-onboarding-server
|
|
||||||
%systemd_postun_with_restart fdo-owner-onboarding-server.service
|
|
||||||
%systemd_postun_with_restart fdo-serviceinfo-api-server.service
|
|
||||||
|
|
||||||
%package -n fdo-rendezvous-server
|
|
||||||
Summary: FDO Rendezvous Server implementation
|
|
||||||
%description -n fdo-rendezvous-server
|
|
||||||
%{summary}
|
|
||||||
|
|
||||||
%files -n fdo-rendezvous-server
|
|
||||||
%license LICENSE
|
|
||||||
%{_libexecdir}/fdo/fdo-rendezvous-server
|
|
||||||
%{_docdir}/fdo/rendezvous-server.yml
|
|
||||||
%{_unitdir}/fdo-rendezvous-server.service
|
|
||||||
|
|
||||||
%post -n fdo-rendezvous-server
|
|
||||||
%systemd_post fdo-rendezvous-server.service
|
|
||||||
|
|
||||||
%preun -n fdo-rendezvous-server
|
|
||||||
%systemd_preun fdo-rendezvous-server.service
|
|
||||||
|
|
||||||
%postun -n fdo-rendezvous-server
|
|
||||||
%systemd_postun_with_restart fdo-rendezvous-server.service
|
|
||||||
|
|
||||||
%package -n fdo-manufacturing-server
|
|
||||||
Summary: FDO Manufacturing Server implementation
|
|
||||||
%description -n fdo-manufacturing-server
|
|
||||||
%{summary}
|
|
||||||
|
|
||||||
%files -n fdo-manufacturing-server
|
|
||||||
%license LICENSE
|
|
||||||
%{_libexecdir}/fdo/fdo-manufacturing-server
|
|
||||||
%{_docdir}/fdo/manufacturing-server.yml
|
|
||||||
%{_unitdir}/fdo-manufacturing-server.service
|
|
||||||
|
|
||||||
%post -n fdo-manufacturing-server
|
|
||||||
%systemd_post fdo-manufacturing-server.service
|
|
||||||
|
|
||||||
%preun -n fdo-manufacturing-server
|
|
||||||
%systemd_preun fdo-manufacturing-server.service
|
|
||||||
|
|
||||||
%postun -n fdo-manufacturing-server
|
|
||||||
%systemd_postun_with_restart fdo-manufacturing-server.service
|
|
||||||
|
|
||||||
%package -n fdo-client
|
|
||||||
Summary: FDO Client implementation
|
|
||||||
Requires: clevis
|
|
||||||
Requires: clevis-luks
|
|
||||||
Requires: cryptsetup
|
|
||||||
%description -n fdo-client
|
|
||||||
%{summary}
|
|
||||||
|
|
||||||
%files -n fdo-client
|
|
||||||
%license LICENSE
|
|
||||||
%{_libexecdir}/fdo/fdo-client-linuxapp
|
|
||||||
%{_unitdir}/fdo-client-linuxapp.service
|
|
||||||
|
|
||||||
%post -n fdo-client
|
|
||||||
%systemd_post fdo-client-linuxapp.service
|
|
||||||
|
|
||||||
%preun -n fdo-client
|
|
||||||
%systemd_preun fdo-client-linuxapp.service
|
|
||||||
|
|
||||||
%postun -n fdo-client
|
|
||||||
%systemd_postun_with_restart fdo-client-linuxapp.service
|
|
||||||
|
|
||||||
%package -n fdo-owner-cli
|
|
||||||
Summary: FDO Owner tools implementation
|
|
||||||
%description -n fdo-owner-cli
|
|
||||||
%{summary}
|
|
||||||
|
|
||||||
%files -n fdo-owner-cli
|
|
||||||
%license LICENSE
|
|
||||||
%{_bindir}/fdo-owner-tool
|
|
||||||
%{_libexecdir}/fdo/fdo-owner-tool
|
|
||||||
|
|
||||||
%package -n fdo-admin-cli
|
|
||||||
Summary: FDO admin tools implementation
|
|
||||||
Requires: fdo-manufacturing-server
|
|
||||||
Requires: fdo-init
|
|
||||||
Requires: fdo-client
|
|
||||||
Requires: fdo-rendezvous-server
|
|
||||||
Requires: fdo-owner-onboarding-server
|
|
||||||
Requires: fdo-owner-cli
|
|
||||||
%description -n fdo-admin-cli
|
|
||||||
%{summary}
|
|
||||||
|
|
||||||
%files -n fdo-admin-cli
|
|
||||||
%license LICENSE
|
|
||||||
%{_bindir}/fdo-admin-tool
|
|
||||||
%{_libexecdir}/fdo/fdo-admin-tool
|
|
||||||
%{_unitdir}/fdo-aio.service
|
|
||||||
%dir %{_sysconfdir}/fdo
|
|
||||||
|
|
||||||
%post -n fdo-admin-cli
|
|
||||||
%systemd_post fdo-aio.service
|
|
||||||
|
|
||||||
%preun -n fdo-admin-cli
|
|
||||||
%systemd_preun fdo-aio.service
|
|
||||||
|
|
||||||
%postun -n fdo-admin-cli
|
|
||||||
%systemd_postun_with_restart fdo-aio.service
|
|
||||||
|
|
||||||
%changelog
|
|
||||||
* Tue Mar 29 2022 Antonio Murdaca <runcom@linux.com> - 0.4.5-1
|
|
||||||
- bump to 0.4.5
|
|
||||||
|
|
||||||
* Fri Feb 25 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-8
|
|
||||||
- attempt #1 to fix checksums
|
|
||||||
|
|
||||||
* Fri Feb 25 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-7
|
|
||||||
- patch the right vendor/tss-esapi-sys
|
|
||||||
|
|
||||||
* Fri Feb 25 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-6
|
|
||||||
- patch Cargo.toml to ignore Cargo.lock for hash checks of tss-esapi-sys
|
|
||||||
|
|
||||||
* Fri Feb 25 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-5
|
|
||||||
- patch tss-esapi-sys/build.rs to require 2.3.2
|
|
||||||
|
|
||||||
* Thu Feb 24 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-4
|
|
||||||
- rebuilt with tpm2-tss-devel build require
|
|
||||||
|
|
||||||
* Thu Feb 24 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-3
|
|
||||||
- rebuilt to use the correct patch for the 0.4.0 source
|
|
||||||
|
|
||||||
* Thu Feb 24 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-2
|
|
||||||
- rebuilt to use the correct 0.4.0 source archive
|
|
||||||
|
|
||||||
* Thu Feb 24 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-1
|
|
||||||
- upgrade to 0.4.0
|
|
||||||
|
|
||||||
* Thu Feb 03 2022 Antonio Murdaca <runcom@linux.com> - 0.3.0-4
|
|
||||||
- revert and add missing %patch call
|
|
||||||
|
|
||||||
* Thu Feb 03 2022 Antonio Murdaca <runcom@linux.com> - 0.3.0-3
|
|
||||||
- rebuilt to drop commit conditional or patch doesn't work
|
|
||||||
|
|
||||||
* Thu Feb 03 2022 Antonio Murdaca <runcom@linux.com> - 0.3.0-2
|
|
||||||
- rebuilt to drop faulty conditional
|
|
||||||
|
|
||||||
* Tue Feb 01 2022 Antonio Murdaca <runcom@linux.com> - 0.3.0-1
|
|
||||||
- bump to v0.3.0
|
|
||||||
|
|
||||||
* Mon Jan 10 2022 Antonio Murdaca <runcom@linux.com> - 0.2.0-5
|
|
||||||
- rebuilt dropping vendored exe(s) files (dll and .a)
|
|
||||||
|
|
||||||
* Sat Dec 11 2021 Antonio Murdaca <runcom@linux.com> - 0.2.0-4
|
|
||||||
- Restore soname, add golang to BuildRequires
|
|
||||||
|
|
||||||
* Sat Dec 11 2021 Antonio Murdaca <runcom@linux.com> - 0.2.0-3
|
|
||||||
- disable libfdo-data soname
|
|
||||||
|
|
||||||
* Sat Dec 11 2021 Antonio Murdaca <runcom@linux.com> - 0.2.0-2
|
|
||||||
- rebuilt
|
|
||||||
|
|
||||||
* Fri Dec 10 2021 Antonio Murdaca <runcom@linux.com> - 0.2.0-1
|
|
||||||
- bump to 0.2.0
|
|
||||||
|
|
||||||
* Wed Nov 17 2021 Antonio Murdaca <runcom@linux.com> - 0.1.0-2
|
|
||||||
- rebuilt
|
|
||||||
|
|
||||||
* Tue Oct 5 2021 Antonio Murdaca <amurdaca@redhat.com> - 0.1.0-1
|
|
||||||
- initial release
|
|
46
fdo-bump-devicemapper-libcryptosetup.patch
Normal file
46
fdo-bump-devicemapper-libcryptosetup.patch
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
From 90bb88a24ddf9292150f7de6eeb2f93b0a793acf Mon Sep 17 00:00:00 2001
|
||||||
|
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
|
||||||
|
Date: Fri, 27 Oct 2023 10:52:23 +0000
|
||||||
|
Subject: [PATCH] chore: bump devicemapper from 0.33.5 to 0.34.0
|
||||||
|
|
||||||
|
Bumps [devicemapper](https://github.com/stratis-storage/devicemapper-rs) from 0.33.5 to 0.34.0.
|
||||||
|
- [Release notes](https://github.com/stratis-storage/devicemapper-rs/releases)
|
||||||
|
- [Changelog](https://github.com/stratis-storage/devicemapper-rs/blob/master/CHANGES.txt)
|
||||||
|
- [Commits](https://github.com/stratis-storage/devicemapper-rs/compare/v0.33.5...devicemapper-v0.34.0)
|
||||||
|
|
||||||
|
---
|
||||||
|
updated-dependencies:
|
||||||
|
- dependency-name: devicemapper
|
||||||
|
dependency-type: direct:production
|
||||||
|
update-type: version-update:semver-minor
|
||||||
|
...
|
||||||
|
|
||||||
|
Signed-off-by: dependabot[bot] <support@github.com>
|
||||||
|
---
|
||||||
|
client-linuxapp/Cargo.toml | 2 +-
|
||||||
|
2 files changed, 48 insertions(+), 26 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/client-linuxapp/Cargo.toml b/client-linuxapp/Cargo.toml
|
||||||
|
index ee362913..9df5fe96 100644
|
||||||
|
--- a/client-linuxapp/Cargo.toml
|
||||||
|
+++ b/client-linuxapp/Cargo.toml
|
||||||
|
@@ -18,7 +18,7 @@ uuid = "1.3"
|
||||||
|
thiserror = "1"
|
||||||
|
libcryptsetup-rs = { version = "0.8.0", features = ["mutex"] }
|
||||||
|
secrecy = "0.8"
|
||||||
|
-devicemapper = "0.33"
|
||||||
|
+devicemapper = "0.34"
|
||||||
|
openssl = "0.10.55"
|
||||||
|
|
||||||
|
fdo-data-formats = { path = "../data-formats", version = "0.4.12" }
|
||||||
|
--- fido-device-onboard-rs-0.4.12/client-linuxapp/Cargo.toml.orig 2023-12-03 22:30:29.457047282 +0000
|
||||||
|
+++ fido-device-onboard-rs-0.4.12/client-linuxapp/Cargo.toml 2023-12-03 22:30:36.901090510 +0000
|
||||||
|
@@ -17,7 +17,7 @@
|
||||||
|
nix = "0.26"
|
||||||
|
uuid = "1.3"
|
||||||
|
thiserror = "1"
|
||||||
|
-libcryptsetup-rs = { version = "0.8.0", features = ["mutex"] }
|
||||||
|
+libcryptsetup-rs = { version = "0.9.0", features = ["mutex"] }
|
||||||
|
secrecy = "0.8"
|
||||||
|
devicemapper = "0.34"
|
||||||
|
openssl = "0.10.55"
|
401
fido-device-onboard.spec
Normal file
401
fido-device-onboard.spec
Normal file
@ -0,0 +1,401 @@
|
|||||||
|
%global dracutlibdir %{_prefix}/lib/dracut
|
||||||
|
%bcond_without check
|
||||||
|
%global combined_license Apache-2.0 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND ((Apache-2.0 OR MIT) AND BSD-3-Clause) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND (CC0-1.0 OR Apache-2.0) AND (CC0-1.0 OR MIT-0 OR Apache-2.0) AND ISC AND MIT AND ((MIT OR Apache-2.0) AND Unicode-DFS-2016) AND (Apache-2.0 OR MIT OR Zlib) AND MPL-2.0 AND (Unlicense OR MIT)
|
||||||
|
|
||||||
|
Name: fido-device-onboard
|
||||||
|
Version: 0.4.12
|
||||||
|
Release: 14%{?dist}
|
||||||
|
Summary: A rust implementation of the FIDO Device Onboard Specification
|
||||||
|
License: BSD-3-Clause
|
||||||
|
|
||||||
|
URL: https://github.com/fedora-iot/fido-device-onboard-rs
|
||||||
|
Source0: %{url}/archive/v%{version}/%{name}-rs-%{version}.tar.gz
|
||||||
|
# See make-vendored-tarfile.sh in upstream repo
|
||||||
|
Source1: %{name}-rs-%{version}-vendor-patched.tar.xz
|
||||||
|
Patch0: 0001-hack-drop-shadow.patch
|
||||||
|
Patch1: 0001-fix-drop-unused-sha-crypt-dep.patch
|
||||||
|
Patch3: 0001-fix-relabel-devcreds-before-onboarding.patch
|
||||||
|
Patch4: fdo-bump-devicemapper-libcryptosetup.patch
|
||||||
|
|
||||||
|
# fixes for vendored dependencies
|
||||||
|
Patch100: fix-aws-nitro-enclaves-cose.patch
|
||||||
|
|
||||||
|
# Because nobody cares
|
||||||
|
ExcludeArch: %{ix86}
|
||||||
|
|
||||||
|
%if 0%{?rhel}
|
||||||
|
BuildRequires: rust-toolset
|
||||||
|
%else
|
||||||
|
BuildRequires: rust-packaging
|
||||||
|
%endif
|
||||||
|
BuildRequires: clang-devel
|
||||||
|
BuildRequires: cryptsetup-devel
|
||||||
|
BuildRequires: device-mapper-devel
|
||||||
|
BuildRequires: golang
|
||||||
|
BuildRequires: openssl-devel >= 3.0.1-12
|
||||||
|
BuildRequires: systemd-rpm-macros
|
||||||
|
BuildRequires: tpm2-tss-devel
|
||||||
|
|
||||||
|
%description
|
||||||
|
%{summary}.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -q -n %{name}-rs-%{version}
|
||||||
|
%patch -P0 -p1
|
||||||
|
%patch -P1 -p1
|
||||||
|
%patch -P3 -p1
|
||||||
|
%patch -P4 -p1
|
||||||
|
|
||||||
|
%if 0%{?rhel}
|
||||||
|
%if 0%{?rhel} >= 10
|
||||||
|
tar xf %{SOURCE1}
|
||||||
|
%cargo_prep -v vendor
|
||||||
|
%else
|
||||||
|
%cargo_prep -V 1
|
||||||
|
%endif
|
||||||
|
# patch vendored dependencies
|
||||||
|
%patch -P100 -p1
|
||||||
|
%else
|
||||||
|
%cargo_prep
|
||||||
|
%generate_buildrequires
|
||||||
|
%cargo_generate_buildrequires -a
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%build
|
||||||
|
%cargo_build \
|
||||||
|
-F openssl-kdf/deny_custom
|
||||||
|
|
||||||
|
%{?cargo_license_summary}
|
||||||
|
%{?cargo_license} > LICENSE.dependencies
|
||||||
|
%if 0%{?rhel} >= 10
|
||||||
|
%cargo_vendor_manifest
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%install
|
||||||
|
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-client-linuxapp
|
||||||
|
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-client
|
||||||
|
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-server
|
||||||
|
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-owner-onboarding-server
|
||||||
|
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-rendezvous-server
|
||||||
|
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-serviceinfo-api-server
|
||||||
|
install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-owner-tool
|
||||||
|
install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-admin-tool
|
||||||
|
install -D -m 0644 -t %{buildroot}%{_unitdir} examples/systemd/*
|
||||||
|
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo examples/config/*
|
||||||
|
# duplicates as needed by AIO command so link them
|
||||||
|
ln -s %{_bindir}/fdo-owner-tool %{buildroot}%{_libexecdir}/fdo/fdo-owner-tool
|
||||||
|
ln -s %{_bindir}/fdo-admin-tool %{buildroot}%{_libexecdir}/fdo/fdo-admin-tool
|
||||||
|
# Create directories needed by the various services so we own them
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}/fdo
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}/fdo/keys
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/manufacturer_keys
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/manufacturing_sessions
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/owner_onboarding_sessions
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/owner_vouchers
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/rendezvous_registered
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/rendezvous_sessions
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}/fdo/manufacturing-server.conf.d
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}/fdo/owner-onboarding-server.conf.d
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}/fdo/rendezvous-server.conf.d
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}/fdo/serviceinfo-api-server.conf.d
|
||||||
|
mkdir -p %{buildroot}%{_localstatedir}/lib/fdo
|
||||||
|
# Dracut manufacturing service
|
||||||
|
install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/module-setup.sh
|
||||||
|
install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-generator
|
||||||
|
install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-service
|
||||||
|
install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client.service
|
||||||
|
|
||||||
|
%package -n fdo-init
|
||||||
|
Summary: dracut module for device initialization
|
||||||
|
License: %combined_license
|
||||||
|
Requires: openssl-libs >= 3.0.1-12
|
||||||
|
Requires: dracut
|
||||||
|
%description -n fdo-init
|
||||||
|
%{summary}
|
||||||
|
|
||||||
|
%files -n fdo-init
|
||||||
|
%license LICENSE LICENSE.dependencies
|
||||||
|
%if 0%{?rhel} >= 10
|
||||||
|
%license cargo-vendor.txt
|
||||||
|
%endif
|
||||||
|
%{dracutlibdir}/modules.d/52fdo/
|
||||||
|
%{_libexecdir}/fdo/fdo-manufacturing-client
|
||||||
|
|
||||||
|
%package -n fdo-owner-onboarding-server
|
||||||
|
Summary: FDO Owner Onboarding Server implementation
|
||||||
|
License: %combined_license
|
||||||
|
Requires: openssl-libs >= 3.0.1-12
|
||||||
|
%description -n fdo-owner-onboarding-server
|
||||||
|
%{summary}
|
||||||
|
|
||||||
|
%files -n fdo-owner-onboarding-server
|
||||||
|
%license LICENSE LICENSE.dependencies
|
||||||
|
%if 0%{?rhel} >= 10
|
||||||
|
%license cargo-vendor.txt
|
||||||
|
%endif
|
||||||
|
%dir %{_sysconfdir}/fdo
|
||||||
|
%dir %{_sysconfdir}/fdo/keys
|
||||||
|
%dir %{_sysconfdir}/fdo/owner-onboarding-server.conf.d
|
||||||
|
%dir %{_sysconfdir}/fdo/serviceinfo-api-server.conf.d
|
||||||
|
%dir %{_sysconfdir}/fdo/stores
|
||||||
|
%dir %{_sysconfdir}/fdo/stores/owner_onboarding_sessions
|
||||||
|
%dir %{_sysconfdir}/fdo/stores/owner_vouchers
|
||||||
|
%{_libexecdir}/fdo/fdo-owner-onboarding-server
|
||||||
|
%{_libexecdir}/fdo/fdo-serviceinfo-api-server
|
||||||
|
%dir %{_localstatedir}/lib/fdo
|
||||||
|
%dir %{_docdir}/fdo
|
||||||
|
%{_docdir}/fdo/device_specific_serviceinfo.yml
|
||||||
|
%{_docdir}/fdo/serviceinfo-api-server.yml
|
||||||
|
%{_docdir}/fdo/owner-onboarding-server.yml
|
||||||
|
%{_unitdir}/fdo-serviceinfo-api-server.service
|
||||||
|
%{_unitdir}/fdo-owner-onboarding-server.service
|
||||||
|
|
||||||
|
%post -n fdo-owner-onboarding-server
|
||||||
|
%systemd_post fdo-owner-onboarding-server.service
|
||||||
|
%systemd_post fdo-serviceinfo-api-server.service
|
||||||
|
|
||||||
|
%preun -n fdo-owner-onboarding-server
|
||||||
|
%systemd_preun fdo-owner-onboarding-server.service
|
||||||
|
%systemd_post fdo-serviceinfo-api-server.service
|
||||||
|
|
||||||
|
%postun -n fdo-owner-onboarding-server
|
||||||
|
%systemd_postun_with_restart fdo-owner-onboarding-server.service
|
||||||
|
%systemd_postun_with_restart fdo-serviceinfo-api-server.service
|
||||||
|
|
||||||
|
%package -n fdo-rendezvous-server
|
||||||
|
Summary: FDO Rendezvous Server implementation
|
||||||
|
License: %combined_license
|
||||||
|
%description -n fdo-rendezvous-server
|
||||||
|
%{summary}
|
||||||
|
|
||||||
|
%files -n fdo-rendezvous-server
|
||||||
|
%license LICENSE LICENSE.dependencies
|
||||||
|
%if 0%{?rhel} >= 10
|
||||||
|
%license cargo-vendor.txt
|
||||||
|
%endif
|
||||||
|
%dir %{_sysconfdir}/fdo
|
||||||
|
%dir %{_sysconfdir}/fdo/keys
|
||||||
|
%dir %{_sysconfdir}/fdo/rendezvous-server.conf.d
|
||||||
|
%dir %{_sysconfdir}/fdo/stores
|
||||||
|
%dir %{_sysconfdir}/fdo/stores/rendezvous_registered
|
||||||
|
%dir %{_sysconfdir}/fdo/stores/rendezvous_sessions
|
||||||
|
%{_libexecdir}/fdo/fdo-rendezvous-server
|
||||||
|
%dir %{_localstatedir}/lib/fdo
|
||||||
|
%dir %{_docdir}/fdo
|
||||||
|
%{_docdir}/fdo/rendezvous-*.yml
|
||||||
|
%{_unitdir}/fdo-rendezvous-server.service
|
||||||
|
|
||||||
|
%post -n fdo-rendezvous-server
|
||||||
|
%systemd_post fdo-rendezvous-server.service
|
||||||
|
|
||||||
|
%preun -n fdo-rendezvous-server
|
||||||
|
%systemd_preun fdo-rendezvous-server.service
|
||||||
|
|
||||||
|
%postun -n fdo-rendezvous-server
|
||||||
|
%systemd_postun_with_restart fdo-rendezvous-server.service
|
||||||
|
|
||||||
|
%package -n fdo-manufacturing-server
|
||||||
|
Summary: FDO Manufacturing Server implementation
|
||||||
|
License: %combined_license
|
||||||
|
Requires: openssl-libs >= 3.0.1-12
|
||||||
|
%description -n fdo-manufacturing-server
|
||||||
|
%{summary}
|
||||||
|
|
||||||
|
%files -n fdo-manufacturing-server
|
||||||
|
%license LICENSE LICENSE.dependencies
|
||||||
|
%if 0%{?rhel} >= 10
|
||||||
|
%license cargo-vendor.txt
|
||||||
|
%endif
|
||||||
|
%dir %{_sysconfdir}/fdo
|
||||||
|
%dir %{_sysconfdir}/fdo/keys
|
||||||
|
%dir %{_sysconfdir}/fdo/manufacturing-server.conf.d
|
||||||
|
%dir %{_sysconfdir}/fdo/keys
|
||||||
|
%dir %{_sysconfdir}/fdo/stores
|
||||||
|
%dir %{_sysconfdir}/fdo/stores/manufacturer_keys
|
||||||
|
%dir %{_sysconfdir}/fdo/stores/manufacturing_sessions
|
||||||
|
%{_libexecdir}/fdo/fdo-manufacturing-server
|
||||||
|
%dir %{_localstatedir}/lib/fdo
|
||||||
|
%dir %{_docdir}/fdo
|
||||||
|
%{_docdir}/fdo/manufacturing-server.yml
|
||||||
|
%{_unitdir}/fdo-manufacturing-server.service
|
||||||
|
|
||||||
|
%post -n fdo-manufacturing-server
|
||||||
|
%systemd_post fdo-manufacturing-server.service
|
||||||
|
|
||||||
|
%preun -n fdo-manufacturing-server
|
||||||
|
%systemd_preun fdo-manufacturing-server.service
|
||||||
|
|
||||||
|
%postun -n fdo-manufacturing-server
|
||||||
|
%systemd_postun_with_restart fdo-manufacturing-server.service
|
||||||
|
|
||||||
|
%package -n fdo-client
|
||||||
|
Summary: FDO Client implementation
|
||||||
|
License: %combined_license
|
||||||
|
Requires: openssl-libs >= 3.0.1-12
|
||||||
|
Requires: clevis
|
||||||
|
Requires: clevis-luks
|
||||||
|
Requires: clevis-pin-tpm2
|
||||||
|
Requires: cryptsetup
|
||||||
|
%description -n fdo-client
|
||||||
|
%{summary}
|
||||||
|
|
||||||
|
%files -n fdo-client
|
||||||
|
%if 0%{?rhel} >= 10
|
||||||
|
%license cargo-vendor.txt
|
||||||
|
%endif
|
||||||
|
%license LICENSE LICENSE.dependencies
|
||||||
|
%{_libexecdir}/fdo/fdo-client-linuxapp
|
||||||
|
%{_unitdir}/fdo-client-linuxapp.service
|
||||||
|
|
||||||
|
%post -n fdo-client
|
||||||
|
%systemd_post fdo-client-linuxapp.service
|
||||||
|
|
||||||
|
%preun -n fdo-client
|
||||||
|
%systemd_preun fdo-client-linuxapp.service
|
||||||
|
|
||||||
|
%postun -n fdo-client
|
||||||
|
%systemd_postun_with_restart fdo-client-linuxapp.service
|
||||||
|
|
||||||
|
%package -n fdo-owner-cli
|
||||||
|
Summary: FDO Owner tools implementation
|
||||||
|
License: %combined_license
|
||||||
|
%description -n fdo-owner-cli
|
||||||
|
%{summary}
|
||||||
|
|
||||||
|
%files -n fdo-owner-cli
|
||||||
|
%if 0%{?rhel} >= 10
|
||||||
|
%license cargo-vendor.txt
|
||||||
|
%endif
|
||||||
|
%license LICENSE LICENSE.dependencies
|
||||||
|
%{_bindir}/fdo-owner-tool
|
||||||
|
%{_libexecdir}/fdo/fdo-owner-tool
|
||||||
|
|
||||||
|
%package -n fdo-admin-cli
|
||||||
|
Summary: FDO admin tools implementation
|
||||||
|
License: %combined_license
|
||||||
|
Requires: fdo-manufacturing-server = %{version}-%{release}
|
||||||
|
Requires: fdo-rendezvous-server = %{version}-%{release}
|
||||||
|
Requires: fdo-owner-onboarding-server = %{version}-%{release}
|
||||||
|
Requires: fdo-owner-cli = %{version}-%{release}
|
||||||
|
Requires: fdo-client = %{version}-%{release}
|
||||||
|
Requires: fdo-init = %{version}-%{release}
|
||||||
|
%description -n fdo-admin-cli
|
||||||
|
%{summary}
|
||||||
|
|
||||||
|
%files -n fdo-admin-cli
|
||||||
|
%if 0%{?rhel} >= 10
|
||||||
|
%license cargo-vendor.txt
|
||||||
|
%endif
|
||||||
|
%license LICENSE LICENSE.dependencies
|
||||||
|
%dir %{_sysconfdir}/fdo
|
||||||
|
%dir %{_sysconfdir}/fdo/keys
|
||||||
|
%{_bindir}/fdo-admin-tool
|
||||||
|
%{_libexecdir}/fdo/fdo-admin-tool
|
||||||
|
%{_unitdir}/fdo-aio.service
|
||||||
|
|
||||||
|
%post -n fdo-admin-cli
|
||||||
|
%systemd_post fdo-aio.service
|
||||||
|
|
||||||
|
%preun -n fdo-admin-cli
|
||||||
|
%systemd_preun fdo-aio.service
|
||||||
|
|
||||||
|
%postun -n fdo-admin-cli
|
||||||
|
%systemd_postun_with_restart fdo-aio.service
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Wed Nov 20 2024 Antonio Murdaca <amurdaca@redhat.com> - 0.4.12-14
|
||||||
|
- rebuilt to fix rpminspect unicode points checks
|
||||||
|
|
||||||
|
* Wed Nov 20 2024 Antonio Murdaca <amurdaca@redhat.com> - 0.4.12-13
|
||||||
|
- rebuilt to fix rpminspect license checks
|
||||||
|
|
||||||
|
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0.4.12-12
|
||||||
|
- Bump release for October 2024 mass rebuild:
|
||||||
|
Resolves: RHEL-64018
|
||||||
|
|
||||||
|
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.4.12-11
|
||||||
|
- Bump release for June 2024 mass rebuild
|
||||||
|
|
||||||
|
* Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> - 0.4.12-10
|
||||||
|
- Rebuild for golang 1.22.0
|
||||||
|
|
||||||
|
* Sun Feb 04 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 0.4.12-9
|
||||||
|
- Update Rust macro usage
|
||||||
|
|
||||||
|
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.12-8
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.12-7
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jan 08 2024 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.12-6
|
||||||
|
- Rebuild for fixed dependencies
|
||||||
|
|
||||||
|
* Fri Dec 01 2023 Fabio Valentini <decathorpe@gmail.com> - 0.4.12-5
|
||||||
|
- Rebuild for openssl crate >= v0.10.60 (RUSTSEC-2023-0044, RUSTSEC-2023-0072)
|
||||||
|
|
||||||
|
* Wed Aug 23 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.12-4
|
||||||
|
- Ensure client service fix is applied
|
||||||
|
|
||||||
|
* Tue Aug 22 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.12-3
|
||||||
|
- Own var/lib/fdo, SELinux fixes
|
||||||
|
|
||||||
|
* Thu Aug 17 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.12-2
|
||||||
|
- Add client/init deps to fdo-admin-cli
|
||||||
|
|
||||||
|
* Thu Jul 27 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.12-1
|
||||||
|
- Update to 0.4.12
|
||||||
|
|
||||||
|
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.10-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jul 03 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.10-2
|
||||||
|
- Updates for eln/c9s building
|
||||||
|
|
||||||
|
* Fri Jun 23 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.10-1
|
||||||
|
- Update to 0.4.10
|
||||||
|
|
||||||
|
* Wed Jun 14 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.9-5
|
||||||
|
- More spec updates
|
||||||
|
|
||||||
|
* Wed Jun 14 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.9-4
|
||||||
|
- Add patch for libcryptsetup-rs 0.8 API changes
|
||||||
|
|
||||||
|
* Tue Jun 13 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.9-3
|
||||||
|
- Updates for licenses
|
||||||
|
|
||||||
|
* Tue May 30 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.9-2
|
||||||
|
- Review feedback
|
||||||
|
- Patch for libcryptsetup-rs 0.7
|
||||||
|
|
||||||
|
* Thu May 11 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.9-1
|
||||||
|
- Update to 0.4.9
|
||||||
|
|
||||||
|
* Mon Feb 20 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.7-3
|
||||||
|
- Fix services start
|
||||||
|
|
||||||
|
* Wed Feb 15 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.7-2
|
||||||
|
- Upstream fix for rhbz#2168089
|
||||||
|
|
||||||
|
* Wed Nov 30 2022 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.7-1
|
||||||
|
- Update to 0.4.7
|
||||||
|
- Package updates and cleanup
|
||||||
|
|
||||||
|
* Tue Mar 29 2022 Antonio Murdaca <runcom@linux.com> - 0.4.5-1
|
||||||
|
- bump to 0.4.5
|
||||||
|
|
||||||
|
* Mon Feb 28 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-2
|
||||||
|
- fix runtime requirements to use openssl-libs and not -devel
|
||||||
|
|
||||||
|
* Thu Feb 24 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-1
|
||||||
|
- upgrade to 0.4.0
|
||||||
|
|
||||||
|
* Tue Feb 01 2022 Antonio Murdaca <runcom@linux.com> - 0.3.0-1
|
||||||
|
- bump to 0.3.0
|
||||||
|
|
||||||
|
* Tue Jan 11 2022 Antonio Murdaca <runcom@linux.com> - 0.2.0-2
|
||||||
|
- use patched vendor w/o win files and rename license
|
||||||
|
|
||||||
|
* Mon Dec 13 2021 Antonio Murdaca <runcom@linux.com> - 0.2.0-1
|
||||||
|
- import fido-device-onboard
|
25
fix-aws-nitro-enclaves-cose.patch
Normal file
25
fix-aws-nitro-enclaves-cose.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
Backport of https://github.com/awslabs/aws-nitro-enclaves-cose/pull/66
|
||||||
|
|
||||||
|
diff --git a/vendor/aws-nitro-enclaves-cose/.cargo-checksum.json b/vendor/aws-nitro-enclaves-cose/.cargo-checksum.json
|
||||||
|
index dd788a8..1035b7b 100644
|
||||||
|
--- a/vendor/aws-nitro-enclaves-cose/.cargo-checksum.json
|
||||||
|
+++ b/vendor/aws-nitro-enclaves-cose/.cargo-checksum.json
|
||||||
|
@@ -1 +1 @@
|
||||||
|
-{"files":{"CHANGELOG.md":"182c816f6cdcf13b370be9e712a0e7cf5b7c6b6612dc81c3b3d477abfca58e86","CODE_OF_CONDUCT.md":"34b6c98d5c23127ae6769e95e483e5bf6d3704ae1f0d3ae4e69d15f4ede118b6","CONTRIBUTING.md":"b050a75d5f6d2236ed40ad91dc53c4a4b30da184f9298f6f18507beae5fd7cb7","Cargo.toml":"d3ba98a34c9dcbff42da7e04d123b1687840738851e0630035e1f6e620a6fd98","LICENSE":"09e8a9bcec8067104652c168685ab0931e7868f9c8284b66f5ae6edae5f1130b","NOTICE":"d4290ed64c2edd0fce1d84e3f9dfb2881240fe534def76b8cd29ed6af683e287","README.md":"b16c142f4056384bb274fa7c9d0c2d73faf573cc2123a0bf4825970f88a67fc4","src/crypto/mod.rs":"a509e065cd0c3ed4c05484af9a7c45397ebf2a8b3f0d22578410f22484ffc33c","src/crypto/openssl_pkey.rs":"e9344a26ba101925a8e1c82960ff3d20a3df603be43132671bb15846ee96e829","src/crypto/tpm.rs":"2f8ec59523020319a4f63ca1e4bf3a4ae20c3acf8ca8ffd38e53ccd99611af3f","src/encrypt.rs":"ba89d5f221f0e4379d6f67dd946a00b183639b00bcf6918a4d3c441c4328894d","src/error.rs":"48fd4b84f9b4a7f5fc7ac52c2ce792d258c257908609270bf7751938082e19b7","src/header_map.rs":"88b3d7575ea4fd8eaaf4497a9d3c27ff43ec4da0213994aecf1ec9b5b89553c0","src/lib.rs":"8dbe7fe8206cfc76f46324c25418b37d0daf1ce23fc8b3219e1d89043c8e00de","src/sign.rs":"5a45658fa820ac9b5285c0987b66a58eb4f5b4373ab1aa07a73240848de098b2"},"package":"4e2fe3e862758ef5bb5d89868141ab28781d96347522b60eb6abeaf7f9acd4bc"}
|
||||||
|
\ No newline at end of file
|
||||||
|
+{"files":{},"package":"4e2fe3e862758ef5bb5d89868141ab28781d96347522b60eb6abeaf7f9acd4bc"}
|
||||||
|
diff --git a/vendor/aws-nitro-enclaves-cose/src/sign.rs b/vendor/aws-nitro-enclaves-cose/src/sign.rs
|
||||||
|
index 6426ac0..93f59ec 100644
|
||||||
|
--- a/vendor/aws-nitro-enclaves-cose/src/sign.rs
|
||||||
|
+++ b/vendor/aws-nitro-enclaves-cose/src/sign.rs
|
||||||
|
@@ -135,8 +135,10 @@ pub struct SigStructure(
|
||||||
|
#[serde(skip_serializing_if = "Option::is_none")]
|
||||||
|
Option<ByteBuf>,
|
||||||
|
/// external_aad : bstr,
|
||||||
|
+ #[serde(default)]
|
||||||
|
ByteBuf,
|
||||||
|
/// payload : bstr
|
||||||
|
+ #[serde(default)]
|
||||||
|
ByteBuf,
|
||||||
|
);
|
||||||
|
|
6
gating.yaml
Normal file
6
gating.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- rhel-10
|
||||||
|
decision_context: osci_compose_gate
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
|
2
sources
Normal file
2
sources
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
SHA512 (fido-device-onboard-rs-0.4.12.tar.gz) = e1b5cfc2ed06977264526b67c8ae3bb8b38c557a0bbb5c9585fac5f334ee134ed921dd712678e842bc93340b8533c773902c27d354956ef169801c2260eddb4f
|
||||||
|
SHA512 (fido-device-onboard-rs-0.4.12-vendor-patched.tar.xz) = 4cfb1ff883ee7f1a23316ca89e9272bedd4da20a8a05c90ef288d477f1c427b1bc8bfe660e5549da7b7dfd5571e76620d3cbda9b7da87e7303ac8a289d348222
|
10
tests/tests.yml
Normal file
10
tests/tests.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
- hosts: localhost
|
||||||
|
roles:
|
||||||
|
- role: standard-test-basic
|
||||||
|
tags:
|
||||||
|
- classic
|
||||||
|
tests:
|
||||||
|
- simple:
|
||||||
|
dir: .
|
||||||
|
run: "fdo-owner-tool --help"
|
||||||
|
|
Loading…
Reference in New Issue
Block a user