%global dracutlibdir %{_prefix}/lib/dracut %bcond_without check %global combined_license Apache-2.0 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND ((Apache-2.0 OR MIT) AND BSD-3-Clause) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND (CC0-1.0 OR Apache-2.0) AND (CC0-1.0 OR MIT-0 OR Apache 2.0) AND ISC AND MIT AND ((MIT OR Apache-2.0) AND Unicode-DFS-2016) AND (Apache-2.0 OR MIT OR Zlib) AND MPL-2.0 AND (Unlicense OR MIT) Name: fido-device-onboard Version: 0.4.12 Release: 9%{?dist} Summary: A rust implementation of the FIDO Device Onboard Specification License: BSD-3-Clause URL: https://github.com/fedora-iot/fido-device-onboard-rs Source0: %{url}/archive/v%{version}/%{name}-rs-%{version}.tar.gz # See make-vendored-tarfile.sh in upstream repo Source1: %{name}-rs-%{version}-vendor-patched.tar.xz Patch0: 0001-hack-drop-shadow.patch Patch1: 0001-fix-drop-unused-sha-crypt-dep.patch Patch3: 0001-fix-relabel-devcreds-before-onboarding.patch Patch4: fdo-bump-devicemapper-libcryptosetup.patch # fixes for vendored dependencies Patch100: fix-aws-nitro-enclaves-cose.patch # Because nobody cares ExcludeArch: %{ix86} %if 0%{?rhel} BuildRequires: rust-toolset %else BuildRequires: rust-packaging %endif BuildRequires: clang-devel BuildRequires: cryptsetup-devel BuildRequires: device-mapper-devel BuildRequires: golang BuildRequires: openssl-devel >= 3.0.1-12 BuildRequires: systemd-rpm-macros BuildRequires: tpm2-tss-devel %description %{summary}. %prep %setup -q -n %{name}-rs-%{version} %patch -P0 -p1 %patch -P1 -p1 %patch -P3 -p1 %patch -P4 -p1 %if 0%{?rhel} %if 0%{?rhel} >= 10 tar xf %{SOURCE1} %cargo_prep -v vendor %else %cargo_prep -V 1 %endif # patch vendored dependencies %patch -P100 -p1 %else %cargo_prep %generate_buildrequires %cargo_generate_buildrequires -a %endif %build %cargo_build \ -F openssl-kdf/deny_custom %{?cargo_license_summary} %{?cargo_license} > LICENSE.dependencies %if 0%{?rhel} >= 10 %cargo_vendor_manifest %endif %install install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-client-linuxapp install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-client install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-server install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-owner-onboarding-server install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-rendezvous-server install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-serviceinfo-api-server install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-owner-tool install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-admin-tool install -D -m 0644 -t %{buildroot}%{_unitdir} examples/systemd/* install -D -m 0644 -t %{buildroot}%{_docdir}/fdo examples/config/* # duplicates as needed by AIO command so link them ln -s %{_bindir}/fdo-owner-tool %{buildroot}%{_libexecdir}/fdo/fdo-owner-tool ln -s %{_bindir}/fdo-admin-tool %{buildroot}%{_libexecdir}/fdo/fdo-admin-tool # Create directories needed by the various services so we own them mkdir -p %{buildroot}%{_sysconfdir}/fdo mkdir -p %{buildroot}%{_sysconfdir}/fdo/keys mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/manufacturer_keys mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/manufacturing_sessions mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/owner_onboarding_sessions mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/owner_vouchers mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/rendezvous_registered mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/rendezvous_sessions mkdir -p %{buildroot}%{_sysconfdir}/fdo/manufacturing-server.conf.d mkdir -p %{buildroot}%{_sysconfdir}/fdo/owner-onboarding-server.conf.d mkdir -p %{buildroot}%{_sysconfdir}/fdo/rendezvous-server.conf.d mkdir -p %{buildroot}%{_sysconfdir}/fdo/serviceinfo-api-server.conf.d mkdir -p %{buildroot}%{_localstatedir}/lib/fdo # Dracut manufacturing service install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/module-setup.sh install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-generator install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-service install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client.service %package -n fdo-init Summary: dracut module for device initialization License: %combined_license Requires: openssl-libs >= 3.0.1-12 Requires: dracut %description -n fdo-init %{summary} %files -n fdo-init %license LICENSE LICENSE.dependencies %if 0%{?rhel} >= 10 %license cargo-vendor.txt %endif %{dracutlibdir}/modules.d/52fdo/ %{_libexecdir}/fdo/fdo-manufacturing-client %package -n fdo-owner-onboarding-server Summary: FDO Owner Onboarding Server implementation License: %combined_license Requires: openssl-libs >= 3.0.1-12 %description -n fdo-owner-onboarding-server %{summary} %files -n fdo-owner-onboarding-server %license LICENSE LICENSE.dependencies %if 0%{?rhel} >= 10 %license cargo-vendor.txt %endif %dir %{_sysconfdir}/fdo %dir %{_sysconfdir}/fdo/keys %dir %{_sysconfdir}/fdo/owner-onboarding-server.conf.d %dir %{_sysconfdir}/fdo/serviceinfo-api-server.conf.d %dir %{_sysconfdir}/fdo/stores %dir %{_sysconfdir}/fdo/stores/owner_onboarding_sessions %dir %{_sysconfdir}/fdo/stores/owner_vouchers %{_libexecdir}/fdo/fdo-owner-onboarding-server %{_libexecdir}/fdo/fdo-serviceinfo-api-server %dir %{_localstatedir}/lib/fdo %dir %{_docdir}/fdo %{_docdir}/fdo/device_specific_serviceinfo.yml %{_docdir}/fdo/serviceinfo-api-server.yml %{_docdir}/fdo/owner-onboarding-server.yml %{_unitdir}/fdo-serviceinfo-api-server.service %{_unitdir}/fdo-owner-onboarding-server.service %post -n fdo-owner-onboarding-server %systemd_post fdo-owner-onboarding-server.service %systemd_post fdo-serviceinfo-api-server.service %preun -n fdo-owner-onboarding-server %systemd_preun fdo-owner-onboarding-server.service %systemd_post fdo-serviceinfo-api-server.service %postun -n fdo-owner-onboarding-server %systemd_postun_with_restart fdo-owner-onboarding-server.service %systemd_postun_with_restart fdo-serviceinfo-api-server.service %package -n fdo-rendezvous-server Summary: FDO Rendezvous Server implementation License: %combined_license %description -n fdo-rendezvous-server %{summary} %files -n fdo-rendezvous-server %license LICENSE LICENSE.dependencies %if 0%{?rhel} >= 10 %license cargo-vendor.txt %endif %dir %{_sysconfdir}/fdo %dir %{_sysconfdir}/fdo/keys %dir %{_sysconfdir}/fdo/rendezvous-server.conf.d %dir %{_sysconfdir}/fdo/stores %dir %{_sysconfdir}/fdo/stores/rendezvous_registered %dir %{_sysconfdir}/fdo/stores/rendezvous_sessions %{_libexecdir}/fdo/fdo-rendezvous-server %dir %{_localstatedir}/lib/fdo %dir %{_docdir}/fdo %{_docdir}/fdo/rendezvous-*.yml %{_unitdir}/fdo-rendezvous-server.service %post -n fdo-rendezvous-server %systemd_post fdo-rendezvous-server.service %preun -n fdo-rendezvous-server %systemd_preun fdo-rendezvous-server.service %postun -n fdo-rendezvous-server %systemd_postun_with_restart fdo-rendezvous-server.service %package -n fdo-manufacturing-server Summary: FDO Manufacturing Server implementation License: %combined_license Requires: openssl-libs >= 3.0.1-12 %description -n fdo-manufacturing-server %{summary} %files -n fdo-manufacturing-server %license LICENSE LICENSE.dependencies %if 0%{?rhel} >= 10 %license cargo-vendor.txt %endif %dir %{_sysconfdir}/fdo %dir %{_sysconfdir}/fdo/keys %dir %{_sysconfdir}/fdo/manufacturing-server.conf.d %dir %{_sysconfdir}/fdo/keys %dir %{_sysconfdir}/fdo/stores %dir %{_sysconfdir}/fdo/stores/manufacturer_keys %dir %{_sysconfdir}/fdo/stores/manufacturing_sessions %{_libexecdir}/fdo/fdo-manufacturing-server %dir %{_localstatedir}/lib/fdo %dir %{_docdir}/fdo %{_docdir}/fdo/manufacturing-server.yml %{_unitdir}/fdo-manufacturing-server.service %post -n fdo-manufacturing-server %systemd_post fdo-manufacturing-server.service %preun -n fdo-manufacturing-server %systemd_preun fdo-manufacturing-server.service %postun -n fdo-manufacturing-server %systemd_postun_with_restart fdo-manufacturing-server.service %package -n fdo-client Summary: FDO Client implementation License: %combined_license Requires: openssl-libs >= 3.0.1-12 Requires: clevis Requires: clevis-luks Requires: clevis-pin-tpm2 Requires: cryptsetup %description -n fdo-client %{summary} %files -n fdo-client %if 0%{?rhel} >= 10 %license cargo-vendor.txt %endif %license LICENSE LICENSE.dependencies %{_libexecdir}/fdo/fdo-client-linuxapp %{_unitdir}/fdo-client-linuxapp.service %post -n fdo-client %systemd_post fdo-client-linuxapp.service %preun -n fdo-client %systemd_preun fdo-client-linuxapp.service %postun -n fdo-client %systemd_postun_with_restart fdo-client-linuxapp.service %package -n fdo-owner-cli Summary: FDO Owner tools implementation License: %combined_license %description -n fdo-owner-cli %{summary} %files -n fdo-owner-cli %if 0%{?rhel} >= 10 %license cargo-vendor.txt %endif %license LICENSE LICENSE.dependencies %{_bindir}/fdo-owner-tool %{_libexecdir}/fdo/fdo-owner-tool %package -n fdo-admin-cli Summary: FDO admin tools implementation License: %combined_license Requires: fdo-manufacturing-server = %{version}-%{release} Requires: fdo-rendezvous-server = %{version}-%{release} Requires: fdo-owner-onboarding-server = %{version}-%{release} Requires: fdo-owner-cli = %{version}-%{release} Requires: fdo-client = %{version}-%{release} Requires: fdo-init = %{version}-%{release} %description -n fdo-admin-cli %{summary} %files -n fdo-admin-cli %if 0%{?rhel} >= 10 %license cargo-vendor.txt %endif %license LICENSE LICENSE.dependencies %dir %{_sysconfdir}/fdo %dir %{_sysconfdir}/fdo/keys %{_bindir}/fdo-admin-tool %{_libexecdir}/fdo/fdo-admin-tool %{_unitdir}/fdo-aio.service %post -n fdo-admin-cli %systemd_post fdo-aio.service %preun -n fdo-admin-cli %systemd_preun fdo-aio.service %postun -n fdo-admin-cli %systemd_postun_with_restart fdo-aio.service %changelog * Sun Feb 04 2024 Yaakov Selkowitz - 0.4.12-9 - Update Rust macro usage * Wed Jan 24 2024 Fedora Release Engineering - 0.4.12-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jan 19 2024 Fedora Release Engineering - 0.4.12-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Mon Jan 08 2024 Peter Robinson - 0.4.12-6 - Rebuild for fixed dependencies * Fri Dec 01 2023 Fabio Valentini - 0.4.12-5 - Rebuild for openssl crate >= v0.10.60 (RUSTSEC-2023-0044, RUSTSEC-2023-0072) * Wed Aug 23 2023 Peter Robinson - 0.4.12-4 - Ensure client service fix is applied * Tue Aug 22 2023 Peter Robinson - 0.4.12-3 - Own var/lib/fdo, SELinux fixes * Thu Aug 17 2023 Peter Robinson - 0.4.12-2 - Add client/init deps to fdo-admin-cli * Thu Jul 27 2023 Peter Robinson - 0.4.12-1 - Update to 0.4.12 * Wed Jul 19 2023 Fedora Release Engineering - 0.4.10-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Mon Jul 03 2023 Peter Robinson - 0.4.10-2 - Updates for eln/c9s building * Fri Jun 23 2023 Peter Robinson - 0.4.10-1 - Update to 0.4.10 * Wed Jun 14 2023 Peter Robinson - 0.4.9-5 - More spec updates * Wed Jun 14 2023 Peter Robinson - 0.4.9-4 - Add patch for libcryptsetup-rs 0.8 API changes * Tue Jun 13 2023 Peter Robinson - 0.4.9-3 - Updates for licenses * Tue May 30 2023 Peter Robinson - 0.4.9-2 - Review feedback - Patch for libcryptsetup-rs 0.7 * Thu May 11 2023 Peter Robinson - 0.4.9-1 - Update to 0.4.9 * Mon Feb 20 2023 Peter Robinson - 0.4.7-3 - Fix services start * Wed Feb 15 2023 Peter Robinson - 0.4.7-2 - Upstream fix for rhbz#2168089 * Wed Nov 30 2022 Peter Robinson - 0.4.7-1 - Update to 0.4.7 - Package updates and cleanup * Tue Mar 29 2022 Antonio Murdaca - 0.4.5-1 - bump to 0.4.5 * Mon Feb 28 2022 Antonio Murdaca - 0.4.0-2 - fix runtime requirements to use openssl-libs and not -devel * Thu Feb 24 2022 Antonio Murdaca - 0.4.0-1 - upgrade to 0.4.0 * Tue Feb 01 2022 Antonio Murdaca - 0.3.0-1 - bump to 0.3.0 * Tue Jan 11 2022 Antonio Murdaca - 0.2.0-2 - use patched vendor w/o win files and rename license * Mon Dec 13 2021 Antonio Murdaca - 0.2.0-1 - import fido-device-onboard