diff --git a/.fido-device-onboard.metadata b/.fido-device-onboard.metadata new file mode 100644 index 0000000..30b3b95 --- /dev/null +++ b/.fido-device-onboard.metadata @@ -0,0 +1,2 @@ +5a803367e5af8fb0d47c24a47c27234f447fc553 SOURCES/fido-device-onboard-rs-0.2.0-vendor.tar.gz +fd0c6fbe8f2ae8b411093ac8d6e1a7f96a1e082a SOURCES/fido-device-onboard-rs-0.2.0.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d7a7b58 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/fido-device-onboard-rs-0.2.0-vendor.tar.gz +SOURCES/fido-device-onboard-rs-0.2.0.tar.gz diff --git a/SOURCES/0001-chore-add-ALLOW_NONINTEROPABLE_KDF-for-client-and-on.patch b/SOURCES/0001-chore-add-ALLOW_NONINTEROPABLE_KDF-for-client-and-on.patch new file mode 100644 index 0000000..c2d0d2f --- /dev/null +++ b/SOURCES/0001-chore-add-ALLOW_NONINTEROPABLE_KDF-for-client-and-on.patch @@ -0,0 +1,39 @@ +From 1926138487c4e903f42b8bb1a015d81f0da74193 Mon Sep 17 00:00:00 2001 +From: Antonio Murdaca +Date: Fri, 10 Dec 2021 14:55:01 +0100 +Subject: [PATCH] chore: add ALLOW_NONINTEROPABLE_KDF for client and onboarding + unit + +Signed-off-by: Antonio Murdaca +--- + examples/systemd/fdo-client-linuxapp.service | 1 + + examples/systemd/fdo-owner-onboarding-server.service | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/examples/systemd/fdo-client-linuxapp.service b/examples/systemd/fdo-client-linuxapp.service +index 4a4d8a2..9b78dde 100644 +--- a/examples/systemd/fdo-client-linuxapp.service ++++ b/examples/systemd/fdo-client-linuxapp.service +@@ -7,6 +7,7 @@ After=network-online.target + Type=oneshot + Environment=DEVICE_CREDENTIAL=/boot/device-credentials + Environment=LOG_LEVEL=info ++Environment=ALLOW_NONINTEROPABLE_KDF=1 + ExecStart=/usr/libexec/fdo/fdo-client-linuxapp + ExecStartPost=/usr/bin/mv /boot/device-credentials /etc/device-credentials + +diff --git a/examples/systemd/fdo-owner-onboarding-server.service b/examples/systemd/fdo-owner-onboarding-server.service +index 97d3ee4..48ce0c2 100644 +--- a/examples/systemd/fdo-owner-onboarding-server.service ++++ b/examples/systemd/fdo-owner-onboarding-server.service +@@ -4,6 +4,7 @@ After=network-online.target + + [Service] + Environment=LOG_LEVEL=info ++Environment=ALLOW_NONINTEROPABLE_KDF=1 + ExecStart=/usr/libexec/fdo/fdo-owner-onboarding-server + # restart and failure condition + +-- +2.33.1 + diff --git a/SPECS/fido-device-onboard.spec b/SPECS/fido-device-onboard.spec new file mode 100644 index 0000000..ae35bb8 --- /dev/null +++ b/SPECS/fido-device-onboard.spec @@ -0,0 +1,186 @@ +%define dracutlibdir %{_prefix}/lib/dracut +%bcond_without check +%global __cargo_skip_build 0 +%global __cargo_is_lib() false +%global forgeurl https://github.com/fedora-iot/fido-device-onboard-rs + +Version: 0.2.0 + +%forgemeta + +Name: fido-device-onboard +Release: 4%{?dist} +Summary: An implementation of the FIDO Device Onboard Specification written in rust + +License: BSD 3 +URL: %{forgeurl} +Source: %{forgesource} +%if 0%{?rhel} && !0%{?eln} +%if "%{?commit}" != "" +Source1: %{name}-rs-%{commit}-vendor.tar.gz +%else +Source1: %{name}-rs-%{version}-vendor.tar.gz +%endif +%endif +Patch0: 0001-chore-add-ALLOW_NONINTEROPABLE_KDF-for-client-and-on.patch + +ExclusiveArch: %{rust_arches} +# RHBZ 1869980 +ExcludeArch: s390x i686 %{power64} + +%if 0%{?rhel} && !0%{?eln} +BuildRequires: rust-toolset +%else +BuildRequires: rust-packaging +%endif +BuildRequires: systemd-rpm-macros +BuildRequires: openssl-devel +BuildRequires: golang + +%description +%{summary}. + +%prep +%forgesetup +%if 0%{?rhel} && !0%{?eln} +%cargo_prep -V 1 +%else +%cargo_prep +%endif + +%build +%{__cargo} build --release --features "openssl-kdf/deny_custom,fdo-data-formats/use_noninteroperable_kdf" + +%install +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-client-linuxapp +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-client +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-server +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-owner-onboarding-server +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-rendezvous-server +install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-owner-tool +install -D -m 0644 -t %{buildroot}%{_unitdir} examples/systemd/* +install -D -m 0644 -t %{buildroot}%{_docdir}/fdo examples/config/* +# 52fdo +install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/module-setup.sh +install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-generator +install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-service +install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client.service + +%package -n fdo-init +Summary: dracut module for device initialization +%description -n fdo-init +%{summary} + +%files -n fdo-init +%license LICENSE +%{dracutlibdir}/modules.d/52fdo/* +%{_libexecdir}/fdo/fdo-manufacturing-client + +%package -n fdo-owner-onboarding-server +Summary: FDO Owner Onboarding Server implementation +%description -n fdo-owner-onboarding-server +%{summary} + +%files -n fdo-owner-onboarding-server +%license LICENSE +%{_libexecdir}/fdo/fdo-owner-onboarding-server +%{_docdir}/fdo/owner-onboarding-server.yml +%{_unitdir}/fdo-owner-onboarding-server.service + +%post -n fdo-owner-onboarding-server +%systemd_post fdo-owner-onboarding-server.service + +%preun -n fdo-owner-onboarding-server +%systemd_preun fdo-owner-onboarding-server.service + +%postun -n fdo-owner-onboarding-server +%systemd_postun_with_restart fdo-owner-onboarding-server.service + +%package -n fdo-rendezvous-server +Summary: FDO Rendezvous Server implementation +%description -n fdo-rendezvous-server +%{summary} + +%files -n fdo-rendezvous-server +%license LICENSE +%{_libexecdir}/fdo/fdo-rendezvous-server +%{_docdir}/fdo/rendezvous-server.yml +%{_unitdir}/fdo-rendezvous-server.service + +%post -n fdo-rendezvous-server +%systemd_post fdo-rendezvous-server.service + +%preun -n fdo-rendezvous-server +%systemd_preun fdo-rendezvous-server.service + +%postun -n fdo-rendezvous-server +%systemd_postun_with_restart fdo-rendezvous-server.service + +%package -n fdo-manufacturing-server +Summary: FDO Manufacturing Server implementation +%description -n fdo-manufacturing-server +%{summary} + +%files -n fdo-manufacturing-server +%license LICENSE +%{_libexecdir}/fdo/fdo-manufacturing-server +%{_docdir}/fdo/manufacturing-server.yml +%{_docdir}/fdo/rendezvous-info.yml +%{_unitdir}/fdo-manufacturing-server.service + +%post -n fdo-manufacturing-server +%systemd_post fdo-manufacturing-server.service + +%preun -n fdo-manufacturing-server +%systemd_preun fdo-manufacturing-server.service + +%postun -n fdo-manufacturing-server +%systemd_postun_with_restart fdo-manufacturing-server.service + +%package -n fdo-client +Summary: FDO Client implementation +%description -n fdo-client +%{summary} + +%files -n fdo-client +%license LICENSE +%{_libexecdir}/fdo/fdo-client-linuxapp +%{_unitdir}/fdo-client-linuxapp.service + +%post -n fdo-client +%systemd_post fdo-client-linuxapp.service + +%preun -n fdo-client +%systemd_preun fdo-client-linuxapp.service + +%postun -n fdo-client +%systemd_postun_with_restart fdo-client.linuxapp.service + +%package -n fdo-owner-cli +Summary: FDO Owner tools implementation +%description -n fdo-owner-cli +%{summary} + +%files -n fdo-owner-cli +%license LICENSE +%{_bindir}/fdo-owner-tool +%{_docdir}/fdo/owner-addresses.yml + +%changelog +* Sat Dec 11 2021 Antonio Murdaca - 0.2.0-4 +- Restore soname, add golang to BuildRequires + +* Sat Dec 11 2021 Antonio Murdaca - 0.2.0-3 +- disable libfdo-data soname + +* Sat Dec 11 2021 Antonio Murdaca - 0.2.0-2 +- rebuilt + +* Fri Dec 10 2021 Antonio Murdaca - 0.2.0-1 +- bump to 0.2.0 + +* Wed Nov 17 2021 Antonio Murdaca - 0.1.0-2 +- rebuilt + +* Tue Oct 5 2021 Antonio Murdaca - 0.1.0-1 +- initial release