Compare commits

...

No commits in common. "c8-beta" and "c10s" have entirely different histories.

14 changed files with 618 additions and 346 deletions

View File

@ -1,2 +0,0 @@
f89779ff4421530aa4f51ebe1eaa81858ec4b1f5 SOURCES/fido-device-onboard-rs-0.4.5-vendor-patched.tar.gz
2bccb11a53358c1464e00d9a2b41251d793651d0 SOURCES/fido-device-onboard-rs-0.4.5.tar.gz

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/fido-device-onboard-rs-0.4.5-vendor-patched.tar.gz /fido-device-onboard-rs-*.tar.gz
SOURCES/fido-device-onboard-rs-0.4.5.tar.gz /fido-device-onboard-rs-*-vendor-patched.tar.xz

View File

@ -0,0 +1,30 @@
From 8899817ceff3371649ed87b700fb81490fb258c8 Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Thu, 27 Jul 2023 10:36:58 +0100
Subject: [PATCH] fix: drop unused sha-crypt dep
The use of sha-crypt was dropped with commit 8d1d1b2 but one of the
Cargo.toml updates was missed so drop it there and update Cargo.lock
to match.
Fixes: 8d1d1b2 ("chore: replace sha-crypt with openssl process calls")
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
---
integration-tests/Cargo.toml | 3 +--
2 files changed, 1 insertion(+), 21 deletions(-)
diff --git a/integration-tests/Cargo.toml b/integration-tests/Cargo.toml
index 451bc3f..e3b87a9 100644
--- a/integration-tests/Cargo.toml
+++ b/integration-tests/Cargo.toml
@@ -35,7 +35,6 @@
passwd = "0.0.1"
pem = "2.0"
users = "0.11.0"
-sha-crypt = "0.5.0"
fdo-data-formats = { path = "../data-formats" }
fdo-util = { path = "../util" }
--
2.41.0

View File

@ -0,0 +1,25 @@
From adb1d1055f85ae48b58252ca36ce00d861a27358 Mon Sep 17 00:00:00 2001
From: Antonio Murdaca <antoniomurdaca@gmail.com>
Date: Tue, 15 Aug 2023 16:29:53 +0200
Subject: [PATCH] fix: relabel devcreds before onboarding
Signed-off-by: Antonio Murdaca <antoniomurdaca@gmail.com>
---
examples/systemd/fdo-client-linuxapp.service | 1 +
1 file changed, 1 insertion(+)
diff --git a/examples/systemd/fdo-client-linuxapp.service b/examples/systemd/fdo-client-linuxapp.service
index acfdc79..c0b3090 100644
--- a/examples/systemd/fdo-client-linuxapp.service
+++ b/examples/systemd/fdo-client-linuxapp.service
@@ -6,6 +6,7 @@ After=network-online.target
Type=oneshot
EnvironmentFile=-/boot/fdo-client-env
Environment=LOG_LEVEL=info
+ExecStartPre=-/usr/sbin/restorecon /boot/device-credentials
ExecStart=/usr/libexec/fdo/fdo-client-linuxapp
ExecStartPost=-/usr/bin/mv /boot/device-credentials /etc/device-credentials
--
2.41.0

View File

@ -0,0 +1,68 @@
From 309c07aa5d43b3d126ccac640901f22afcc25b77 Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Thu, 27 Jul 2023 10:21:26 +0100
Subject: [PATCH] hack; drop shadow
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
---
integration-tests/Cargo.toml | 3 +--
integration-tests/tests/e2e.rs | 7 -------
integration-tests/tests/service_info.rs | 7 -------
3 files changed, 1 insertion(+), 16 deletions(-)
diff --git a/integration-tests/Cargo.toml b/integration-tests/Cargo.toml
index 451bc3f..3e19ebb 100644
--- a/integration-tests/Cargo.toml
+++ b/integration-tests/Cargo.toml
@@ -33,10 +33,9 @@ serde_json = "1.0"
pretty_assertions = "1.0.0"
paste = "1.0"
passwd = "0.0.1"
-shadow = "0.0.1"
pem = "2.0"
users = "0.11.0"
sha-crypt = "0.5.0"
fdo-data-formats = { path = "../data-formats" }
-fdo-util = { path = "../util" }
\ No newline at end of file
+fdo-util = { path = "../util" }
diff --git a/integration-tests/tests/e2e.rs b/integration-tests/tests/e2e.rs
index 9857ce0..611fc84 100644
--- a/integration-tests/tests/e2e.rs
+++ b/integration-tests/tests/e2e.rs
@@ -406,13 +406,6 @@ ssh-ed25519 sshkey_default user@example2.com
"User: {} is not created during onboarding",
&new_user
);
- if let Some(test_user) = shadow::Shadow::from_name(new_user) {
- pretty_assertions::assert_eq!(
- test_user.password.is_empty(),
- false,
- "Password not created during onboarding"
- );
- }
} else {
L.l("Skipped create initial user validation
To validate set env variable FDO_PRIVILEGED and run test as superuser");
diff --git a/integration-tests/tests/service_info.rs b/integration-tests/tests/service_info.rs
index 8a346cc..4d05107 100644
--- a/integration-tests/tests/service_info.rs
+++ b/integration-tests/tests/service_info.rs
@@ -285,13 +285,6 @@ ssh-ed25519 sshkey_default user@example2.com
"User: {} is not created during onboarding",
&new_user
);
- if let Some(test_user) = shadow::Shadow::from_name(new_user) {
- pretty_assertions::assert_eq!(
- test_user.password.is_empty(),
- false,
- "Password not created during onboarding"
- );
- }
} else {
L.l("Skipped create initial user validation
To validate set env variable FDO_PRIVILEGED and run test as superuser");
--
2.41.0

3
README.md Normal file
View File

@ -0,0 +1,3 @@
# fido-device-onboard
The fido-device-onboard package

View File

@ -1,70 +0,0 @@
diff --color -ru fido-device-onboard-rs-0.4.5-orig/Cargo.toml fido-device-onboard-rs-0.4.5/Cargo.toml
--- fido-device-onboard-rs-0.4.5-orig/Cargo.toml 2022-03-29 17:38:59.000000000 +0200
+++ fido-device-onboard-rs-0.4.5/Cargo.toml 2022-03-30 10:45:59.381526470 +0200
@@ -17,3 +17,6 @@
"integration-tests",
]
+
+[profile.release]
+debug = true
diff --color -ru fido-device-onboard-rs-0.4.5-orig/examples/systemd/fdo-aio.service fido-device-onboard-rs-0.4.5/examples/systemd/fdo-aio.service
--- fido-device-onboard-rs-0.4.5-orig/examples/systemd/fdo-aio.service 2022-03-29 17:38:59.000000000 +0200
+++ fido-device-onboard-rs-0.4.5/examples/systemd/fdo-aio.service 2022-03-30 10:47:12.654629934 +0200
@@ -4,8 +4,9 @@
[Service]
Environment=LOG_LEVEL=info
+Environment=ALLOW_NONINTEROPERABLE_KDF=1
ExecStart=/usr/bin/fdo-admin-tool aio --directory /etc/fdo/aio --binary-path /usr/libexec/fdo
# restart and failure condition
[Install]
-WantedBy=multi-user.target
\ No newline at end of file
+WantedBy=multi-user.target
diff --color -ru fido-device-onboard-rs-0.4.5-orig/examples/systemd/fdo-client-linuxapp.service fido-device-onboard-rs-0.4.5/examples/systemd/fdo-client-linuxapp.service
--- fido-device-onboard-rs-0.4.5-orig/examples/systemd/fdo-client-linuxapp.service 2022-03-29 17:38:59.000000000 +0200
+++ fido-device-onboard-rs-0.4.5/examples/systemd/fdo-client-linuxapp.service 2022-03-30 10:46:15.357549030 +0200
@@ -5,6 +5,7 @@
[Service]
Type=oneshot
EnvironmentFile=-/boot/fdo-client-env
+Environment=ALLOW_NONINTEROPERABLE_KDF=1
Environment=LOG_LEVEL=info
ExecStart=/usr/libexec/fdo/fdo-client-linuxapp
ExecStartPost=-/usr/bin/mv /boot/device-credentials /etc/device-credentials
diff --color -ru fido-device-onboard-rs-0.4.5-orig/examples/systemd/fdo-owner-onboarding-server.service fido-device-onboard-rs-0.4.5/examples/systemd/fdo-owner-onboarding-server.service
--- fido-device-onboard-rs-0.4.5-orig/examples/systemd/fdo-owner-onboarding-server.service 2022-03-29 17:38:59.000000000 +0200
+++ fido-device-onboard-rs-0.4.5/examples/systemd/fdo-owner-onboarding-server.service 2022-03-30 10:46:21.433557612 +0200
@@ -4,8 +4,9 @@
[Service]
Environment=LOG_LEVEL=info
+Environment=ALLOW_NONINTEROPERABLE_KDF=1
ExecStart=/usr/libexec/fdo/fdo-owner-onboarding-server
# restart and failure condition
[Install]
-WantedBy=multi-user.target
\ No newline at end of file
+WantedBy=multi-user.target
diff --color -ru fido-device-onboard-rs-0.4.5-orig/vendor/tss-esapi-sys/build.rs fido-device-onboard-rs-0.4.5/vendor/tss-esapi-sys/build.rs
--- fido-device-onboard-rs-0.4.5-orig/vendor/tss-esapi-sys/build.rs 2022-03-29 19:26:41.000000000 +0200
+++ fido-device-onboard-rs-0.4.5/vendor/tss-esapi-sys/build.rs 2022-03-30 10:46:34.037575407 +0200
@@ -4,7 +4,7 @@
#[cfg(feature = "generate-bindings")]
use std::path::PathBuf;
-const MINIMUM_VERSION: &str = "2.3.3";
+const MINIMUM_VERSION: &str = "2.3.2";
fn main() {
if std::env::var("DOCS_RS").is_ok() {
diff --color -ru fido-device-onboard-rs-0.4.5-orig/vendor/tss-esapi-sys/.cargo-checksum.json fido-device-onboard-rs-0.4.5/vendor/tss-esapi-sys/.cargo-checksum.json
--- fido-device-onboard-rs-0.4.5-orig/vendor/tss-esapi-sys/.cargo-checksum.json 2022-03-29 19:26:41.000000000 +0200
+++ fido-device-onboard-rs-0.4.5/vendor/tss-esapi-sys/.cargo-checksum.json 2022-03-30 10:46:55.432605617 +0200
@@ -1 +1 @@
-{"files":{"Cargo.toml":"cb816c6cd69d7eb4e712c63575fed05fb120ffaf14a6d462dae7e22d86341721","LICENSE":"cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30","README.md":"2cb476d1db06c323503dc6d15e0f5ed5d6f31b940ee19fb6a1267d26ca2ea109","build.rs":"6cc37b07c069d8e4a532922f4f816c51269a3947bc1d64b1ac5c13330da9422c","regenerate-bindings.sh":"adfc0001d4837ea2e82dadb0455b5dd1da24c728e2526ceef9e1774f2dac3174","src/bindings/aarch64-unknown-linux-gnu.rs":"fbeeefd5706344fb9b37e670f0a3ccb410d3686012f64f9b9b25038f3683f9a2","src/bindings/arm-unknown-linux-gnueabi.rs":"17dc8ad101cbec08ba9a9ef55c3c7d101164c35d19cfd694dca7e25a324101bf","src/bindings/x86_64-unknown-darwin.rs":"1a1f2cd427ebb4d4bf102204507f1fa9e2973ecb7ee7f3e27be61f7ae21a9e43","src/bindings/x86_64-unknown-linux-gnu.rs":"31473ca2a2f853acd091dad98605ee02dcdb521b70023fa8e34822b9bac4bdde","src/lib.rs":"d03e402ccd471f25acca136550af86caa33af7714290424b24b236f1ac9e450f"},"package":"0e2f37914ec4d494d145cfa18bb8429498b238d63c47a08b89d09c1ec2545ff0"}
\ No newline at end of file
+{"files":{"Cargo.toml":"cb816c6cd69d7eb4e712c63575fed05fb120ffaf14a6d462dae7e22d86341721","LICENSE":"cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30","README.md":"2cb476d1db06c323503dc6d15e0f5ed5d6f31b940ee19fb6a1267d26ca2ea109","build.rs":"4c8649e92bafa9834c7db410c08bd5da8017708dec46a7ddbc526a8f86e91f11","regenerate-bindings.sh":"adfc0001d4837ea2e82dadb0455b5dd1da24c728e2526ceef9e1774f2dac3174","src/bindings/aarch64-unknown-linux-gnu.rs":"fbeeefd5706344fb9b37e670f0a3ccb410d3686012f64f9b9b25038f3683f9a2","src/bindings/arm-unknown-linux-gnueabi.rs":"17dc8ad101cbec08ba9a9ef55c3c7d101164c35d19cfd694dca7e25a324101bf","src/bindings/x86_64-unknown-darwin.rs":"1a1f2cd427ebb4d4bf102204507f1fa9e2973ecb7ee7f3e27be61f7ae21a9e43","src/bindings/x86_64-unknown-linux-gnu.rs":"31473ca2a2f853acd091dad98605ee02dcdb521b70023fa8e34822b9bac4bdde","src/lib.rs":"d03e402ccd471f25acca136550af86caa33af7714290424b24b236f1ac9e450f"},"package":"0e2f37914ec4d494d145cfa18bb8429498b238d63c47a08b89d09c1ec2545ff0"}

View File

@ -1,272 +0,0 @@
%define dracutlibdir %{_prefix}/lib/dracut
%bcond_without check
%global __cargo_skip_build 0
%global __cargo_is_lib() false
%global forgeurl https://github.com/fedora-iot/fido-device-onboard-rs
Version: 0.4.5
%forgemeta
Name: fido-device-onboard
Release: 1%{?dist}
Summary: An implementation of the FIDO Device Onboard Specification written in rust
License: BSD
URL: %{forgeurl}
Source: %{forgesource}
%if "%{?commit}" != ""
Source1: %{name}-rs-%{commit}-vendor-patched.tar.gz
%else
Source1: %{name}-rs-%{version}-vendor-patched.tar.gz
%endif
Patch0: kdf-debug-profile.patch
ExclusiveArch: %{rust_arches}
# RHBZ 1869980
ExcludeArch: s390x i686 %{power64}
%if 0%{?rhel} && !0%{?eln}
BuildRequires: rust-toolset
%else
BuildRequires: rust-packaging
%endif
BuildRequires: systemd-rpm-macros
BuildRequires: openssl-devel
BuildRequires: golang
BuildRequires: tpm2-tss-devel
BuildRequires: cryptsetup-devel
BuildRequires: clang-devel
%description
%{summary}.
%prep
%forgesetup
%if 0%{?rhel} && !0%{?eln}
%cargo_prep -V 1
%else
%cargo_prep
%endif
%patch0 -p1
%build
%{__cargo} build --release --features "openssl-kdf/deny_custom,fdo-data-formats/use_noninteroperable_kdf"
%install
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-client-linuxapp
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-client
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-server
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-owner-onboarding-server
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-rendezvous-server
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-serviceinfo-api-server
# duplicates as needed by AIO command
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-owner-tool
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-admin-tool
install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-owner-tool
install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-admin-tool
install -D -m 0644 -t %{buildroot}%{_unitdir} examples/systemd/*
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo examples/config/*
mkdir -p %{buildroot}%{_sysconfdir}/fdo
# 52fdo
install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/module-setup.sh
install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-generator
install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-service
install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client.service
%package -n fdo-init
Summary: dracut module for device initialization
%description -n fdo-init
%{summary}
%files -n fdo-init
%license LICENSE
%{dracutlibdir}/modules.d/52fdo/*
%{_libexecdir}/fdo/fdo-manufacturing-client
%package -n fdo-owner-onboarding-server
Summary: FDO Owner Onboarding Server implementation
%description -n fdo-owner-onboarding-server
%{summary}
%files -n fdo-owner-onboarding-server
%license LICENSE
%{_libexecdir}/fdo/fdo-owner-onboarding-server
%{_libexecdir}/fdo/fdo-serviceinfo-api-server
%{_docdir}/fdo/serviceinfo-api-server.yml
%{_unitdir}/fdo-serviceinfo-api-server.service
%{_docdir}/fdo/owner-onboarding-server.yml
%{_unitdir}/fdo-owner-onboarding-server.service
%post -n fdo-owner-onboarding-server
%systemd_post fdo-owner-onboarding-server.service
%systemd_post fdo-serviceinfo-api-server.service
%preun -n fdo-owner-onboarding-server
%systemd_preun fdo-owner-onboarding-server.service
%systemd_post fdo-serviceinfo-api-server.service
%postun -n fdo-owner-onboarding-server
%systemd_postun_with_restart fdo-owner-onboarding-server.service
%systemd_postun_with_restart fdo-serviceinfo-api-server.service
%package -n fdo-rendezvous-server
Summary: FDO Rendezvous Server implementation
%description -n fdo-rendezvous-server
%{summary}
%files -n fdo-rendezvous-server
%license LICENSE
%{_libexecdir}/fdo/fdo-rendezvous-server
%{_docdir}/fdo/rendezvous-server.yml
%{_unitdir}/fdo-rendezvous-server.service
%post -n fdo-rendezvous-server
%systemd_post fdo-rendezvous-server.service
%preun -n fdo-rendezvous-server
%systemd_preun fdo-rendezvous-server.service
%postun -n fdo-rendezvous-server
%systemd_postun_with_restart fdo-rendezvous-server.service
%package -n fdo-manufacturing-server
Summary: FDO Manufacturing Server implementation
%description -n fdo-manufacturing-server
%{summary}
%files -n fdo-manufacturing-server
%license LICENSE
%{_libexecdir}/fdo/fdo-manufacturing-server
%{_docdir}/fdo/manufacturing-server.yml
%{_unitdir}/fdo-manufacturing-server.service
%post -n fdo-manufacturing-server
%systemd_post fdo-manufacturing-server.service
%preun -n fdo-manufacturing-server
%systemd_preun fdo-manufacturing-server.service
%postun -n fdo-manufacturing-server
%systemd_postun_with_restart fdo-manufacturing-server.service
%package -n fdo-client
Summary: FDO Client implementation
Requires: clevis
Requires: clevis-luks
Requires: cryptsetup
%description -n fdo-client
%{summary}
%files -n fdo-client
%license LICENSE
%{_libexecdir}/fdo/fdo-client-linuxapp
%{_unitdir}/fdo-client-linuxapp.service
%post -n fdo-client
%systemd_post fdo-client-linuxapp.service
%preun -n fdo-client
%systemd_preun fdo-client-linuxapp.service
%postun -n fdo-client
%systemd_postun_with_restart fdo-client-linuxapp.service
%package -n fdo-owner-cli
Summary: FDO Owner tools implementation
%description -n fdo-owner-cli
%{summary}
%files -n fdo-owner-cli
%license LICENSE
%{_bindir}/fdo-owner-tool
%{_libexecdir}/fdo/fdo-owner-tool
%package -n fdo-admin-cli
Summary: FDO admin tools implementation
Requires: fdo-manufacturing-server
Requires: fdo-init
Requires: fdo-client
Requires: fdo-rendezvous-server
Requires: fdo-owner-onboarding-server
Requires: fdo-owner-cli
%description -n fdo-admin-cli
%{summary}
%files -n fdo-admin-cli
%license LICENSE
%{_bindir}/fdo-admin-tool
%{_libexecdir}/fdo/fdo-admin-tool
%{_unitdir}/fdo-aio.service
%dir %{_sysconfdir}/fdo
%post -n fdo-admin-cli
%systemd_post fdo-aio.service
%preun -n fdo-admin-cli
%systemd_preun fdo-aio.service
%postun -n fdo-admin-cli
%systemd_postun_with_restart fdo-aio.service
%changelog
* Tue Mar 29 2022 Antonio Murdaca <runcom@linux.com> - 0.4.5-1
- bump to 0.4.5
* Fri Feb 25 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-8
- attempt #1 to fix checksums
* Fri Feb 25 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-7
- patch the right vendor/tss-esapi-sys
* Fri Feb 25 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-6
- patch Cargo.toml to ignore Cargo.lock for hash checks of tss-esapi-sys
* Fri Feb 25 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-5
- patch tss-esapi-sys/build.rs to require 2.3.2
* Thu Feb 24 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-4
- rebuilt with tpm2-tss-devel build require
* Thu Feb 24 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-3
- rebuilt to use the correct patch for the 0.4.0 source
* Thu Feb 24 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-2
- rebuilt to use the correct 0.4.0 source archive
* Thu Feb 24 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-1
- upgrade to 0.4.0
* Thu Feb 03 2022 Antonio Murdaca <runcom@linux.com> - 0.3.0-4
- revert and add missing %patch call
* Thu Feb 03 2022 Antonio Murdaca <runcom@linux.com> - 0.3.0-3
- rebuilt to drop commit conditional or patch doesn't work
* Thu Feb 03 2022 Antonio Murdaca <runcom@linux.com> - 0.3.0-2
- rebuilt to drop faulty conditional
* Tue Feb 01 2022 Antonio Murdaca <runcom@linux.com> - 0.3.0-1
- bump to v0.3.0
* Mon Jan 10 2022 Antonio Murdaca <runcom@linux.com> - 0.2.0-5
- rebuilt dropping vendored exe(s) files (dll and .a)
* Sat Dec 11 2021 Antonio Murdaca <runcom@linux.com> - 0.2.0-4
- Restore soname, add golang to BuildRequires
* Sat Dec 11 2021 Antonio Murdaca <runcom@linux.com> - 0.2.0-3
- disable libfdo-data soname
* Sat Dec 11 2021 Antonio Murdaca <runcom@linux.com> - 0.2.0-2
- rebuilt
* Fri Dec 10 2021 Antonio Murdaca <runcom@linux.com> - 0.2.0-1
- bump to 0.2.0
* Wed Nov 17 2021 Antonio Murdaca <runcom@linux.com> - 0.1.0-2
- rebuilt
* Tue Oct 5 2021 Antonio Murdaca <amurdaca@redhat.com> - 0.1.0-1
- initial release

View File

@ -0,0 +1,46 @@
From 90bb88a24ddf9292150f7de6eeb2f93b0a793acf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 27 Oct 2023 10:52:23 +0000
Subject: [PATCH] chore: bump devicemapper from 0.33.5 to 0.34.0
Bumps [devicemapper](https://github.com/stratis-storage/devicemapper-rs) from 0.33.5 to 0.34.0.
- [Release notes](https://github.com/stratis-storage/devicemapper-rs/releases)
- [Changelog](https://github.com/stratis-storage/devicemapper-rs/blob/master/CHANGES.txt)
- [Commits](https://github.com/stratis-storage/devicemapper-rs/compare/v0.33.5...devicemapper-v0.34.0)
---
updated-dependencies:
- dependency-name: devicemapper
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
---
client-linuxapp/Cargo.toml | 2 +-
2 files changed, 48 insertions(+), 26 deletions(-)
diff --git a/client-linuxapp/Cargo.toml b/client-linuxapp/Cargo.toml
index ee362913..9df5fe96 100644
--- a/client-linuxapp/Cargo.toml
+++ b/client-linuxapp/Cargo.toml
@@ -18,7 +18,7 @@ uuid = "1.3"
thiserror = "1"
libcryptsetup-rs = { version = "0.8.0", features = ["mutex"] }
secrecy = "0.8"
-devicemapper = "0.33"
+devicemapper = "0.34"
openssl = "0.10.55"
fdo-data-formats = { path = "../data-formats", version = "0.4.12" }
--- fido-device-onboard-rs-0.4.12/client-linuxapp/Cargo.toml.orig 2023-12-03 22:30:29.457047282 +0000
+++ fido-device-onboard-rs-0.4.12/client-linuxapp/Cargo.toml 2023-12-03 22:30:36.901090510 +0000
@@ -17,7 +17,7 @@
nix = "0.26"
uuid = "1.3"
thiserror = "1"
-libcryptsetup-rs = { version = "0.8.0", features = ["mutex"] }
+libcryptsetup-rs = { version = "0.9.0", features = ["mutex"] }
secrecy = "0.8"
devicemapper = "0.34"
openssl = "0.10.55"

401
fido-device-onboard.spec Normal file
View File

@ -0,0 +1,401 @@
%global dracutlibdir %{_prefix}/lib/dracut
%bcond_without check
%global combined_license Apache-2.0 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND ((Apache-2.0 OR MIT) AND BSD-3-Clause) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND (CC0-1.0 OR Apache-2.0) AND (CC0-1.0 OR MIT-0 OR Apache-2.0) AND ISC AND MIT AND ((MIT OR Apache-2.0) AND Unicode-DFS-2016) AND (Apache-2.0 OR MIT OR Zlib) AND MPL-2.0 AND (Unlicense OR MIT)
Name: fido-device-onboard
Version: 0.4.12
Release: 14%{?dist}
Summary: A rust implementation of the FIDO Device Onboard Specification
License: BSD-3-Clause
URL: https://github.com/fedora-iot/fido-device-onboard-rs
Source0: %{url}/archive/v%{version}/%{name}-rs-%{version}.tar.gz
# See make-vendored-tarfile.sh in upstream repo
Source1: %{name}-rs-%{version}-vendor-patched.tar.xz
Patch0: 0001-hack-drop-shadow.patch
Patch1: 0001-fix-drop-unused-sha-crypt-dep.patch
Patch3: 0001-fix-relabel-devcreds-before-onboarding.patch
Patch4: fdo-bump-devicemapper-libcryptosetup.patch
# fixes for vendored dependencies
Patch100: fix-aws-nitro-enclaves-cose.patch
# Because nobody cares
ExcludeArch: %{ix86}
%if 0%{?rhel}
BuildRequires: rust-toolset
%else
BuildRequires: rust-packaging
%endif
BuildRequires: clang-devel
BuildRequires: cryptsetup-devel
BuildRequires: device-mapper-devel
BuildRequires: golang
BuildRequires: openssl-devel >= 3.0.1-12
BuildRequires: systemd-rpm-macros
BuildRequires: tpm2-tss-devel
%description
%{summary}.
%prep
%setup -q -n %{name}-rs-%{version}
%patch -P0 -p1
%patch -P1 -p1
%patch -P3 -p1
%patch -P4 -p1
%if 0%{?rhel}
%if 0%{?rhel} >= 10
tar xf %{SOURCE1}
%cargo_prep -v vendor
%else
%cargo_prep -V 1
%endif
# patch vendored dependencies
%patch -P100 -p1
%else
%cargo_prep
%generate_buildrequires
%cargo_generate_buildrequires -a
%endif
%build
%cargo_build \
-F openssl-kdf/deny_custom
%{?cargo_license_summary}
%{?cargo_license} > LICENSE.dependencies
%if 0%{?rhel} >= 10
%cargo_vendor_manifest
%endif
%install
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-client-linuxapp
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-client
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-server
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-owner-onboarding-server
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-rendezvous-server
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-serviceinfo-api-server
install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-owner-tool
install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-admin-tool
install -D -m 0644 -t %{buildroot}%{_unitdir} examples/systemd/*
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo examples/config/*
# duplicates as needed by AIO command so link them
ln -s %{_bindir}/fdo-owner-tool %{buildroot}%{_libexecdir}/fdo/fdo-owner-tool
ln -s %{_bindir}/fdo-admin-tool %{buildroot}%{_libexecdir}/fdo/fdo-admin-tool
# Create directories needed by the various services so we own them
mkdir -p %{buildroot}%{_sysconfdir}/fdo
mkdir -p %{buildroot}%{_sysconfdir}/fdo/keys
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/manufacturer_keys
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/manufacturing_sessions
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/owner_onboarding_sessions
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/owner_vouchers
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/rendezvous_registered
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/rendezvous_sessions
mkdir -p %{buildroot}%{_sysconfdir}/fdo/manufacturing-server.conf.d
mkdir -p %{buildroot}%{_sysconfdir}/fdo/owner-onboarding-server.conf.d
mkdir -p %{buildroot}%{_sysconfdir}/fdo/rendezvous-server.conf.d
mkdir -p %{buildroot}%{_sysconfdir}/fdo/serviceinfo-api-server.conf.d
mkdir -p %{buildroot}%{_localstatedir}/lib/fdo
# Dracut manufacturing service
install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/module-setup.sh
install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-generator
install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-service
install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client.service
%package -n fdo-init
Summary: dracut module for device initialization
License: %combined_license
Requires: openssl-libs >= 3.0.1-12
Requires: dracut
%description -n fdo-init
%{summary}
%files -n fdo-init
%license LICENSE LICENSE.dependencies
%if 0%{?rhel} >= 10
%license cargo-vendor.txt
%endif
%{dracutlibdir}/modules.d/52fdo/
%{_libexecdir}/fdo/fdo-manufacturing-client
%package -n fdo-owner-onboarding-server
Summary: FDO Owner Onboarding Server implementation
License: %combined_license
Requires: openssl-libs >= 3.0.1-12
%description -n fdo-owner-onboarding-server
%{summary}
%files -n fdo-owner-onboarding-server
%license LICENSE LICENSE.dependencies
%if 0%{?rhel} >= 10
%license cargo-vendor.txt
%endif
%dir %{_sysconfdir}/fdo
%dir %{_sysconfdir}/fdo/keys
%dir %{_sysconfdir}/fdo/owner-onboarding-server.conf.d
%dir %{_sysconfdir}/fdo/serviceinfo-api-server.conf.d
%dir %{_sysconfdir}/fdo/stores
%dir %{_sysconfdir}/fdo/stores/owner_onboarding_sessions
%dir %{_sysconfdir}/fdo/stores/owner_vouchers
%{_libexecdir}/fdo/fdo-owner-onboarding-server
%{_libexecdir}/fdo/fdo-serviceinfo-api-server
%dir %{_localstatedir}/lib/fdo
%dir %{_docdir}/fdo
%{_docdir}/fdo/device_specific_serviceinfo.yml
%{_docdir}/fdo/serviceinfo-api-server.yml
%{_docdir}/fdo/owner-onboarding-server.yml
%{_unitdir}/fdo-serviceinfo-api-server.service
%{_unitdir}/fdo-owner-onboarding-server.service
%post -n fdo-owner-onboarding-server
%systemd_post fdo-owner-onboarding-server.service
%systemd_post fdo-serviceinfo-api-server.service
%preun -n fdo-owner-onboarding-server
%systemd_preun fdo-owner-onboarding-server.service
%systemd_post fdo-serviceinfo-api-server.service
%postun -n fdo-owner-onboarding-server
%systemd_postun_with_restart fdo-owner-onboarding-server.service
%systemd_postun_with_restart fdo-serviceinfo-api-server.service
%package -n fdo-rendezvous-server
Summary: FDO Rendezvous Server implementation
License: %combined_license
%description -n fdo-rendezvous-server
%{summary}
%files -n fdo-rendezvous-server
%license LICENSE LICENSE.dependencies
%if 0%{?rhel} >= 10
%license cargo-vendor.txt
%endif
%dir %{_sysconfdir}/fdo
%dir %{_sysconfdir}/fdo/keys
%dir %{_sysconfdir}/fdo/rendezvous-server.conf.d
%dir %{_sysconfdir}/fdo/stores
%dir %{_sysconfdir}/fdo/stores/rendezvous_registered
%dir %{_sysconfdir}/fdo/stores/rendezvous_sessions
%{_libexecdir}/fdo/fdo-rendezvous-server
%dir %{_localstatedir}/lib/fdo
%dir %{_docdir}/fdo
%{_docdir}/fdo/rendezvous-*.yml
%{_unitdir}/fdo-rendezvous-server.service
%post -n fdo-rendezvous-server
%systemd_post fdo-rendezvous-server.service
%preun -n fdo-rendezvous-server
%systemd_preun fdo-rendezvous-server.service
%postun -n fdo-rendezvous-server
%systemd_postun_with_restart fdo-rendezvous-server.service
%package -n fdo-manufacturing-server
Summary: FDO Manufacturing Server implementation
License: %combined_license
Requires: openssl-libs >= 3.0.1-12
%description -n fdo-manufacturing-server
%{summary}
%files -n fdo-manufacturing-server
%license LICENSE LICENSE.dependencies
%if 0%{?rhel} >= 10
%license cargo-vendor.txt
%endif
%dir %{_sysconfdir}/fdo
%dir %{_sysconfdir}/fdo/keys
%dir %{_sysconfdir}/fdo/manufacturing-server.conf.d
%dir %{_sysconfdir}/fdo/keys
%dir %{_sysconfdir}/fdo/stores
%dir %{_sysconfdir}/fdo/stores/manufacturer_keys
%dir %{_sysconfdir}/fdo/stores/manufacturing_sessions
%{_libexecdir}/fdo/fdo-manufacturing-server
%dir %{_localstatedir}/lib/fdo
%dir %{_docdir}/fdo
%{_docdir}/fdo/manufacturing-server.yml
%{_unitdir}/fdo-manufacturing-server.service
%post -n fdo-manufacturing-server
%systemd_post fdo-manufacturing-server.service
%preun -n fdo-manufacturing-server
%systemd_preun fdo-manufacturing-server.service
%postun -n fdo-manufacturing-server
%systemd_postun_with_restart fdo-manufacturing-server.service
%package -n fdo-client
Summary: FDO Client implementation
License: %combined_license
Requires: openssl-libs >= 3.0.1-12
Requires: clevis
Requires: clevis-luks
Requires: clevis-pin-tpm2
Requires: cryptsetup
%description -n fdo-client
%{summary}
%files -n fdo-client
%if 0%{?rhel} >= 10
%license cargo-vendor.txt
%endif
%license LICENSE LICENSE.dependencies
%{_libexecdir}/fdo/fdo-client-linuxapp
%{_unitdir}/fdo-client-linuxapp.service
%post -n fdo-client
%systemd_post fdo-client-linuxapp.service
%preun -n fdo-client
%systemd_preun fdo-client-linuxapp.service
%postun -n fdo-client
%systemd_postun_with_restart fdo-client-linuxapp.service
%package -n fdo-owner-cli
Summary: FDO Owner tools implementation
License: %combined_license
%description -n fdo-owner-cli
%{summary}
%files -n fdo-owner-cli
%if 0%{?rhel} >= 10
%license cargo-vendor.txt
%endif
%license LICENSE LICENSE.dependencies
%{_bindir}/fdo-owner-tool
%{_libexecdir}/fdo/fdo-owner-tool
%package -n fdo-admin-cli
Summary: FDO admin tools implementation
License: %combined_license
Requires: fdo-manufacturing-server = %{version}-%{release}
Requires: fdo-rendezvous-server = %{version}-%{release}
Requires: fdo-owner-onboarding-server = %{version}-%{release}
Requires: fdo-owner-cli = %{version}-%{release}
Requires: fdo-client = %{version}-%{release}
Requires: fdo-init = %{version}-%{release}
%description -n fdo-admin-cli
%{summary}
%files -n fdo-admin-cli
%if 0%{?rhel} >= 10
%license cargo-vendor.txt
%endif
%license LICENSE LICENSE.dependencies
%dir %{_sysconfdir}/fdo
%dir %{_sysconfdir}/fdo/keys
%{_bindir}/fdo-admin-tool
%{_libexecdir}/fdo/fdo-admin-tool
%{_unitdir}/fdo-aio.service
%post -n fdo-admin-cli
%systemd_post fdo-aio.service
%preun -n fdo-admin-cli
%systemd_preun fdo-aio.service
%postun -n fdo-admin-cli
%systemd_postun_with_restart fdo-aio.service
%changelog
* Wed Nov 20 2024 Antonio Murdaca <amurdaca@redhat.com> - 0.4.12-14
- rebuilt to fix rpminspect unicode points checks
* Wed Nov 20 2024 Antonio Murdaca <amurdaca@redhat.com> - 0.4.12-13
- rebuilt to fix rpminspect license checks
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 0.4.12-12
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.4.12-11
- Bump release for June 2024 mass rebuild
* Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> - 0.4.12-10
- Rebuild for golang 1.22.0
* Sun Feb 04 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 0.4.12-9
- Update Rust macro usage
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.12-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.12-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 08 2024 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.12-6
- Rebuild for fixed dependencies
* Fri Dec 01 2023 Fabio Valentini <decathorpe@gmail.com> - 0.4.12-5
- Rebuild for openssl crate >= v0.10.60 (RUSTSEC-2023-0044, RUSTSEC-2023-0072)
* Wed Aug 23 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.12-4
- Ensure client service fix is applied
* Tue Aug 22 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.12-3
- Own var/lib/fdo, SELinux fixes
* Thu Aug 17 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.12-2
- Add client/init deps to fdo-admin-cli
* Thu Jul 27 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.12-1
- Update to 0.4.12
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Mon Jul 03 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.10-2
- Updates for eln/c9s building
* Fri Jun 23 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.10-1
- Update to 0.4.10
* Wed Jun 14 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.9-5
- More spec updates
* Wed Jun 14 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.9-4
- Add patch for libcryptsetup-rs 0.8 API changes
* Tue Jun 13 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.9-3
- Updates for licenses
* Tue May 30 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.9-2
- Review feedback
- Patch for libcryptsetup-rs 0.7
* Thu May 11 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.9-1
- Update to 0.4.9
* Mon Feb 20 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.7-3
- Fix services start
* Wed Feb 15 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.7-2
- Upstream fix for rhbz#2168089
* Wed Nov 30 2022 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.7-1
- Update to 0.4.7
- Package updates and cleanup
* Tue Mar 29 2022 Antonio Murdaca <runcom@linux.com> - 0.4.5-1
- bump to 0.4.5
* Mon Feb 28 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-2
- fix runtime requirements to use openssl-libs and not -devel
* Thu Feb 24 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-1
- upgrade to 0.4.0
* Tue Feb 01 2022 Antonio Murdaca <runcom@linux.com> - 0.3.0-1
- bump to 0.3.0
* Tue Jan 11 2022 Antonio Murdaca <runcom@linux.com> - 0.2.0-2
- use patched vendor w/o win files and rename license
* Mon Dec 13 2021 Antonio Murdaca <runcom@linux.com> - 0.2.0-1
- import fido-device-onboard

View File

@ -0,0 +1,25 @@
Backport of https://github.com/awslabs/aws-nitro-enclaves-cose/pull/66
diff --git a/vendor/aws-nitro-enclaves-cose/.cargo-checksum.json b/vendor/aws-nitro-enclaves-cose/.cargo-checksum.json
index dd788a8..1035b7b 100644
--- a/vendor/aws-nitro-enclaves-cose/.cargo-checksum.json
+++ b/vendor/aws-nitro-enclaves-cose/.cargo-checksum.json
@@ -1 +1 @@
-{"files":{"CHANGELOG.md":"182c816f6cdcf13b370be9e712a0e7cf5b7c6b6612dc81c3b3d477abfca58e86","CODE_OF_CONDUCT.md":"34b6c98d5c23127ae6769e95e483e5bf6d3704ae1f0d3ae4e69d15f4ede118b6","CONTRIBUTING.md":"b050a75d5f6d2236ed40ad91dc53c4a4b30da184f9298f6f18507beae5fd7cb7","Cargo.toml":"d3ba98a34c9dcbff42da7e04d123b1687840738851e0630035e1f6e620a6fd98","LICENSE":"09e8a9bcec8067104652c168685ab0931e7868f9c8284b66f5ae6edae5f1130b","NOTICE":"d4290ed64c2edd0fce1d84e3f9dfb2881240fe534def76b8cd29ed6af683e287","README.md":"b16c142f4056384bb274fa7c9d0c2d73faf573cc2123a0bf4825970f88a67fc4","src/crypto/mod.rs":"a509e065cd0c3ed4c05484af9a7c45397ebf2a8b3f0d22578410f22484ffc33c","src/crypto/openssl_pkey.rs":"e9344a26ba101925a8e1c82960ff3d20a3df603be43132671bb15846ee96e829","src/crypto/tpm.rs":"2f8ec59523020319a4f63ca1e4bf3a4ae20c3acf8ca8ffd38e53ccd99611af3f","src/encrypt.rs":"ba89d5f221f0e4379d6f67dd946a00b183639b00bcf6918a4d3c441c4328894d","src/error.rs":"48fd4b84f9b4a7f5fc7ac52c2ce792d258c257908609270bf7751938082e19b7","src/header_map.rs":"88b3d7575ea4fd8eaaf4497a9d3c27ff43ec4da0213994aecf1ec9b5b89553c0","src/lib.rs":"8dbe7fe8206cfc76f46324c25418b37d0daf1ce23fc8b3219e1d89043c8e00de","src/sign.rs":"5a45658fa820ac9b5285c0987b66a58eb4f5b4373ab1aa07a73240848de098b2"},"package":"4e2fe3e862758ef5bb5d89868141ab28781d96347522b60eb6abeaf7f9acd4bc"}
\ No newline at end of file
+{"files":{},"package":"4e2fe3e862758ef5bb5d89868141ab28781d96347522b60eb6abeaf7f9acd4bc"}
diff --git a/vendor/aws-nitro-enclaves-cose/src/sign.rs b/vendor/aws-nitro-enclaves-cose/src/sign.rs
index 6426ac0..93f59ec 100644
--- a/vendor/aws-nitro-enclaves-cose/src/sign.rs
+++ b/vendor/aws-nitro-enclaves-cose/src/sign.rs
@@ -135,8 +135,10 @@ pub struct SigStructure(
#[serde(skip_serializing_if = "Option::is_none")]
Option<ByteBuf>,
/// external_aad : bstr,
+ #[serde(default)]
ByteBuf,
/// payload : bstr
+ #[serde(default)]
ByteBuf,
);

6
gating.yaml Normal file
View File

@ -0,0 +1,6 @@
--- !Policy
product_versions:
- rhel-10
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

2
sources Normal file
View File

@ -0,0 +1,2 @@
SHA512 (fido-device-onboard-rs-0.4.12.tar.gz) = e1b5cfc2ed06977264526b67c8ae3bb8b38c557a0bbb5c9585fac5f334ee134ed921dd712678e842bc93340b8533c773902c27d354956ef169801c2260eddb4f
SHA512 (fido-device-onboard-rs-0.4.12-vendor-patched.tar.xz) = 4cfb1ff883ee7f1a23316ca89e9272bedd4da20a8a05c90ef288d477f1c427b1bc8bfe660e5549da7b7dfd5571e76620d3cbda9b7da87e7303ac8a289d348222

10
tests/tests.yml Normal file
View File

@ -0,0 +1,10 @@
- hosts: localhost
roles:
- role: standard-test-basic
tags:
- classic
tests:
- simple:
dir: .
run: "fdo-owner-tool --help"