.gitignore

@@ -1 +1 @@
-SOURCES/tang-7.tar.bz2
+SOURCES/tang-14.tar.xz

.tang.metadata

@@ -1 +1 @@
-e08a9fec3760328fd263a347b497898fb3c0e891 SOURCES/tang-7.tar.bz2
+81a09f024fcb0e8b53bb867b2679ebab14555791 SOURCES/tang-14.tar.xz

SOURCES/0002-Exit-with-success-unless-the-issue-was-with-with-tan.patch

@@ -1,38 +0,0 @@
-From ea43ca02cf52d0455c6949683692a95e38ccdf70 Mon Sep 17 00:00:00 2001
-From: Sergio Correia <scorreia@redhat.com>
-Date: Fri, 4 Dec 2020 09:05:19 -0300
-Subject: [PATCH 2/2] Exit with success unless the issue was with with tangd
- itself
-
-When an HTTP parser error happens, tangd is currently exiting with an
-error status, which may cause trouble in some scenarios [1].
-
-However, we don't exit with an error in situations where we try requests
-that do not exist, for instance. It makes sense to only exit with an
-error when the error was with tangd itself, e.g.: when we are unable to
-read the directory with the keys, not when the actual HTTP operation
-does not succeed for some reason.
-
-Upstream: https://github.com/latchset/tang/pull/55
-
-[1] https://bugzilla.redhat.com/show_bug.cgi?id=1828558
----
- src/tangd.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/tangd.c b/src/tangd.c
-index b569f38..d40201f 100644
---- a/src/tangd.c
-+++ b/src/tangd.c
-@@ -225,7 +225,7 @@ main(int argc, char *argv[])
-         if (parser.http_errno != 0) {
-             fprintf(stderr, "HTTP Parsing Error: %s\n",
-                     http_errno_description(parser.http_errno));
--            return EXIT_FAILURE;
-+            return EXIT_SUCCESS;
-         }
- 
-         memmove(req, &req[r], rcvd - r);
--- 
-2.27.0
-

SOURCES/tang.sysusers

@@ -0,0 +1 @@
+u tang - "Tang Network Presence Daemon user" /var/cache/tang -

SPECS/tang.spec

@@ -1,17 +1,16 @@
 Name:           tang
-Version:        7
-Release:        6%{?dist}
+Version:        14
+Release:        2%{?dist}
 Summary:        Network Presence Binding Daemon
 
 License:        GPLv3+
 URL:            https://github.com/latchset/%{name}
-Source0:        https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.bz2
-Patch1: 0001-Move-key-generation-to-tang.patch
-Patch2: 0002-Exit-with-success-unless-the-issue-was-with-with-tan.patch
+Source0:        https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz
+Source1:        tang.sysusers
 
 BuildRequires:  gcc
-BuildRequires:  autoconf
-BuildRequires:  automake
+BuildRequires:  meson
+BuildRequires:  git-core
 BuildRequires:  jose >= 8
 BuildRequires:  libjose-devel >= 8
 BuildRequires:  libjose-zlib-devel >= 8
@@ -22,13 +21,15 @@ BuildRequires:  systemd-devel
 BuildRequires:  pkgconfig
 
 BuildRequires:  systemd
+BuildRequires:  systemd-rpm-macros
 BuildRequires:  curl
 
 BuildRequires:  asciidoc
 BuildRequires:  coreutils
 BuildRequires:  grep
+BuildRequires:  socat
 BuildRequires:  sed
-BuildRequires:  git-core
+BuildRequires:  iproute
 
 %{?systemd_requires}
 Requires:       coreutils
@@ -45,32 +46,39 @@ Tang is a small daemon for binding data to the presence of a third party.
 %autosetup -S git
 
 %build
-autoreconf -i
-%configure
-make %{?_smp_mflags} V=1
+%meson
+%meson_build
 
 %install
-rm -rf $RPM_BUILD_ROOT
-%make_install
-echo "User=%{name}" >> $RPM_BUILD_ROOT/%{_unitdir}/%{name}d@.service
+%meson_install
+install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/tang.conf
+grep "User=%{name}" $RPM_BUILD_ROOT/%{_unitdir}/%{name}d@.service || echo "User=%{name}" >> $RPM_BUILD_ROOT/%{_unitdir}/%{name}d@.service
 %{__mkdir_p} $RPM_BUILD_ROOT/%{_localstatedir}/db/%{name}
 
 %check
-if ! make %{?_smp_mflags} check; then
-    cat test-suite.log
-    false
-fi
+%meson_test
 
 %pre
-getent group %{name} >/dev/null || groupadd -r %{name}
-getent passwd %{name} >/dev/null || \
-    useradd -r -g %{name} -d %{_localstatedir}/cache/%{name} -s /sbin/nologin \
-    -c "Tang Network Presence Daemon user" %{name}
+%sysusers_create_compat %{SOURCE1}
 exit 0
 
 %post
 %systemd_post %{name}d.socket
 
+# Let's make sure any existing keys are readable only
+# by the owner/group.
+if [ -d /var/db/tang ]; then
+    for k in /var/db/tang/*.jwk; do
+        test -e "${k}" || continue
+        chmod 0440 -- "${k}"
+    done
+    for k in /var/db/tang/.*.jwk; do
+        test -e "${k}" || continue
+        chmod 0440 -- "${k}"
+    done
+    chown tang:tang -R /var/db/tang
+fi
+
 %preun
 %systemd_preun %{name}d.socket
 
@@ -83,29 +91,82 @@ exit 0
 %{_unitdir}/%{name}d@.service
 %{_unitdir}/%{name}d.socket
 %{_libexecdir}/%{name}d-keygen
+%{_libexecdir}/%{name}d-rotate-keys
 %{_libexecdir}/%{name}d
 %{_mandir}/man8/tang.8*
 %{_bindir}/%{name}-show-keys
 %{_mandir}/man1/tang-show-keys.1*
+%{_mandir}/man1/tangd-rotate-keys.1.*
+%{_sysusersdir}/tang.conf
 
 %changelog
-* Wed Jan 13 2021 Sergio Correia <scorreia@redhat.com> - 7-6
-- Exit with success unless the issue was with with tangd itself
-  Resolves: rhbz#1828558
+* Thu Jun 29 2023 Sergio Arroutbi <sarroutb@redhat.com> - 14-2
+- Fix service start up
 
-* Sun Dec 01 2019 Sergio Correia <scorreia@redhat.com> - 7-5
-- Permissions of /var/db/tang set to 0700
-- Home dir of user tang is /var/cache/tang
+* Tue Jun 27 2023 Sergio Arroutbi <sarroutb@redhat.com> - 14-1
+- New upstream release - v14.
+  Resolves: rhbz#2182411
+  Resolves: CVE-2023-1672
 
-* Fri Nov 29 2019 Sergio Correia <scorreia@redhat.com> - 7-4
-- Fix permissions of /var/db/tang
+* Wed Aug 17 2022 Sergio Arroutbi <sarroutb@redhat.com> - 11-2
+- Adopt systemd-sysusers format
+  Resolves: rhbz#2095474
 
-* Tue Oct 15 2019 Sergio Correia <scorreia@redhat.com> - 7-3
-- Rebuild to ensure correct dist tag
+* Tue Dec 14 2021 Sergio Correia <scorreia@redhat.com> - 11-1
+- New upstream release - v11.
+  Resolves: CVE-2021-4076
 
-* Sun Sep 29 2019 Sergio Correia <scorreia@redhat.com> - 7-2
-- Move key generation to tang
-- Resolves rhbz#1745177, rhbz#1679186
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 10-4
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 10-3
+- Rebuilt for RHEL 9 BETA for openssl 3.0
+  Related: rhbz#1971065
+
+* Thu May 20 2021 Sergio Correia <scorreia@redhat.com> - 10-2
+- Fix issues reported by static analyzer checks
+  Resolves: rhbz#1956765
+
+* Wed May 05 2021 Sergio Correia <scorreia@redhat.com> - 10-1
+- New upstream release - v10.
+  Resolves: rhbz#1956765
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 8-3
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Feb 09 2021 Sergio Correia <scorreia@redhat.com> - 8-2
+- Remove extra patches as they are already included in v8 release
+
+* Mon Feb 08 2021 Sergio Correia <scorreia@redhat.com> - 8-1
+- New upstream release - v8.
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Dec 1 2020 Sergio Correia <scorreia@redhat.com> - 7.8
+- Move build system to meson
+  Upstream commits (fed9020, 590de27)
+- Move key handling to tang itself
+  Upstream commits (6090505, c71df1d, 7119454)
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Apr 15 2020 Igor Raits <ignatenkobrain@fedoraproject.org> - 7-6
+- Rebuild for http-parser 2.9.4
+
+* Tue Feb 25 2020 Sergio Correia <scorreia@redhat.com> - 7-5
+- Rebuilt after http-parser update
+
+* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 
 * Fri Aug 10 2018 Nathaniel McCallum <npmccallum@redhat.com> - 7-1
 - New upstream release