diff --git a/.fido-device-onboard.metadata b/.fido-device-onboard.metadata new file mode 100644 index 0000000..bb16437 --- /dev/null +++ b/.fido-device-onboard.metadata @@ -0,0 +1,2 @@ +f89779ff4421530aa4f51ebe1eaa81858ec4b1f5 SOURCES/fido-device-onboard-rs-0.4.5-vendor-patched.tar.gz +2bccb11a53358c1464e00d9a2b41251d793651d0 SOURCES/fido-device-onboard-rs-0.4.5.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..bb21c79 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/fido-device-onboard-rs-0.4.5-vendor-patched.tar.gz +SOURCES/fido-device-onboard-rs-0.4.5.tar.gz diff --git a/SOURCES/kdf-debug-profile.patch b/SOURCES/kdf-debug-profile.patch new file mode 100644 index 0000000..2b89fa9 --- /dev/null +++ b/SOURCES/kdf-debug-profile.patch @@ -0,0 +1,70 @@ +diff --color -ru fido-device-onboard-rs-0.4.5-orig/Cargo.toml fido-device-onboard-rs-0.4.5/Cargo.toml +--- fido-device-onboard-rs-0.4.5-orig/Cargo.toml 2022-03-29 17:38:59.000000000 +0200 ++++ fido-device-onboard-rs-0.4.5/Cargo.toml 2022-03-30 10:45:59.381526470 +0200 +@@ -17,3 +17,6 @@ + + "integration-tests", + ] ++ ++[profile.release] ++debug = true +diff --color -ru fido-device-onboard-rs-0.4.5-orig/examples/systemd/fdo-aio.service fido-device-onboard-rs-0.4.5/examples/systemd/fdo-aio.service +--- fido-device-onboard-rs-0.4.5-orig/examples/systemd/fdo-aio.service 2022-03-29 17:38:59.000000000 +0200 ++++ fido-device-onboard-rs-0.4.5/examples/systemd/fdo-aio.service 2022-03-30 10:47:12.654629934 +0200 +@@ -4,8 +4,9 @@ + + [Service] + Environment=LOG_LEVEL=info ++Environment=ALLOW_NONINTEROPERABLE_KDF=1 + ExecStart=/usr/bin/fdo-admin-tool aio --directory /etc/fdo/aio --binary-path /usr/libexec/fdo + # restart and failure condition + + [Install] +-WantedBy=multi-user.target +\ No newline at end of file ++WantedBy=multi-user.target +diff --color -ru fido-device-onboard-rs-0.4.5-orig/examples/systemd/fdo-client-linuxapp.service fido-device-onboard-rs-0.4.5/examples/systemd/fdo-client-linuxapp.service +--- fido-device-onboard-rs-0.4.5-orig/examples/systemd/fdo-client-linuxapp.service 2022-03-29 17:38:59.000000000 +0200 ++++ fido-device-onboard-rs-0.4.5/examples/systemd/fdo-client-linuxapp.service 2022-03-30 10:46:15.357549030 +0200 +@@ -5,6 +5,7 @@ + [Service] + Type=oneshot + EnvironmentFile=-/boot/fdo-client-env ++Environment=ALLOW_NONINTEROPERABLE_KDF=1 + Environment=LOG_LEVEL=info + ExecStart=/usr/libexec/fdo/fdo-client-linuxapp + ExecStartPost=-/usr/bin/mv /boot/device-credentials /etc/device-credentials +diff --color -ru fido-device-onboard-rs-0.4.5-orig/examples/systemd/fdo-owner-onboarding-server.service fido-device-onboard-rs-0.4.5/examples/systemd/fdo-owner-onboarding-server.service +--- fido-device-onboard-rs-0.4.5-orig/examples/systemd/fdo-owner-onboarding-server.service 2022-03-29 17:38:59.000000000 +0200 ++++ fido-device-onboard-rs-0.4.5/examples/systemd/fdo-owner-onboarding-server.service 2022-03-30 10:46:21.433557612 +0200 +@@ -4,8 +4,9 @@ + + [Service] + Environment=LOG_LEVEL=info ++Environment=ALLOW_NONINTEROPERABLE_KDF=1 + ExecStart=/usr/libexec/fdo/fdo-owner-onboarding-server + # restart and failure condition + + [Install] +-WantedBy=multi-user.target +\ No newline at end of file ++WantedBy=multi-user.target +diff --color -ru fido-device-onboard-rs-0.4.5-orig/vendor/tss-esapi-sys/build.rs fido-device-onboard-rs-0.4.5/vendor/tss-esapi-sys/build.rs +--- fido-device-onboard-rs-0.4.5-orig/vendor/tss-esapi-sys/build.rs 2022-03-29 19:26:41.000000000 +0200 ++++ fido-device-onboard-rs-0.4.5/vendor/tss-esapi-sys/build.rs 2022-03-30 10:46:34.037575407 +0200 +@@ -4,7 +4,7 @@ + #[cfg(feature = "generate-bindings")] + use std::path::PathBuf; + +-const MINIMUM_VERSION: &str = "2.3.3"; ++const MINIMUM_VERSION: &str = "2.3.2"; + + fn main() { + if std::env::var("DOCS_RS").is_ok() { +diff --color -ru fido-device-onboard-rs-0.4.5-orig/vendor/tss-esapi-sys/.cargo-checksum.json fido-device-onboard-rs-0.4.5/vendor/tss-esapi-sys/.cargo-checksum.json +--- fido-device-onboard-rs-0.4.5-orig/vendor/tss-esapi-sys/.cargo-checksum.json 2022-03-29 19:26:41.000000000 +0200 ++++ fido-device-onboard-rs-0.4.5/vendor/tss-esapi-sys/.cargo-checksum.json 2022-03-30 10:46:55.432605617 +0200 +@@ -1 +1 @@ +-{"files":{"Cargo.toml":"cb816c6cd69d7eb4e712c63575fed05fb120ffaf14a6d462dae7e22d86341721","LICENSE":"cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30","README.md":"2cb476d1db06c323503dc6d15e0f5ed5d6f31b940ee19fb6a1267d26ca2ea109","build.rs":"6cc37b07c069d8e4a532922f4f816c51269a3947bc1d64b1ac5c13330da9422c","regenerate-bindings.sh":"adfc0001d4837ea2e82dadb0455b5dd1da24c728e2526ceef9e1774f2dac3174","src/bindings/aarch64-unknown-linux-gnu.rs":"fbeeefd5706344fb9b37e670f0a3ccb410d3686012f64f9b9b25038f3683f9a2","src/bindings/arm-unknown-linux-gnueabi.rs":"17dc8ad101cbec08ba9a9ef55c3c7d101164c35d19cfd694dca7e25a324101bf","src/bindings/x86_64-unknown-darwin.rs":"1a1f2cd427ebb4d4bf102204507f1fa9e2973ecb7ee7f3e27be61f7ae21a9e43","src/bindings/x86_64-unknown-linux-gnu.rs":"31473ca2a2f853acd091dad98605ee02dcdb521b70023fa8e34822b9bac4bdde","src/lib.rs":"d03e402ccd471f25acca136550af86caa33af7714290424b24b236f1ac9e450f"},"package":"0e2f37914ec4d494d145cfa18bb8429498b238d63c47a08b89d09c1ec2545ff0"} +\ No newline at end of file ++{"files":{"Cargo.toml":"cb816c6cd69d7eb4e712c63575fed05fb120ffaf14a6d462dae7e22d86341721","LICENSE":"cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30","README.md":"2cb476d1db06c323503dc6d15e0f5ed5d6f31b940ee19fb6a1267d26ca2ea109","build.rs":"4c8649e92bafa9834c7db410c08bd5da8017708dec46a7ddbc526a8f86e91f11","regenerate-bindings.sh":"adfc0001d4837ea2e82dadb0455b5dd1da24c728e2526ceef9e1774f2dac3174","src/bindings/aarch64-unknown-linux-gnu.rs":"fbeeefd5706344fb9b37e670f0a3ccb410d3686012f64f9b9b25038f3683f9a2","src/bindings/arm-unknown-linux-gnueabi.rs":"17dc8ad101cbec08ba9a9ef55c3c7d101164c35d19cfd694dca7e25a324101bf","src/bindings/x86_64-unknown-darwin.rs":"1a1f2cd427ebb4d4bf102204507f1fa9e2973ecb7ee7f3e27be61f7ae21a9e43","src/bindings/x86_64-unknown-linux-gnu.rs":"31473ca2a2f853acd091dad98605ee02dcdb521b70023fa8e34822b9bac4bdde","src/lib.rs":"d03e402ccd471f25acca136550af86caa33af7714290424b24b236f1ac9e450f"},"package":"0e2f37914ec4d494d145cfa18bb8429498b238d63c47a08b89d09c1ec2545ff0"} diff --git a/SPECS/fido-device-onboard.spec b/SPECS/fido-device-onboard.spec new file mode 100644 index 0000000..7e81011 --- /dev/null +++ b/SPECS/fido-device-onboard.spec @@ -0,0 +1,272 @@ +%define dracutlibdir %{_prefix}/lib/dracut +%bcond_without check +%global __cargo_skip_build 0 +%global __cargo_is_lib() false +%global forgeurl https://github.com/fedora-iot/fido-device-onboard-rs + +Version: 0.4.5 + +%forgemeta + +Name: fido-device-onboard +Release: 1%{?dist} +Summary: An implementation of the FIDO Device Onboard Specification written in rust + +License: BSD +URL: %{forgeurl} +Source: %{forgesource} +%if "%{?commit}" != "" +Source1: %{name}-rs-%{commit}-vendor-patched.tar.gz +%else +Source1: %{name}-rs-%{version}-vendor-patched.tar.gz +%endif + +Patch0: kdf-debug-profile.patch + +ExclusiveArch: %{rust_arches} +# RHBZ 1869980 +ExcludeArch: s390x i686 %{power64} + +%if 0%{?rhel} && !0%{?eln} +BuildRequires: rust-toolset +%else +BuildRequires: rust-packaging +%endif +BuildRequires: systemd-rpm-macros +BuildRequires: openssl-devel +BuildRequires: golang +BuildRequires: tpm2-tss-devel +BuildRequires: cryptsetup-devel +BuildRequires: clang-devel + +%description +%{summary}. + +%prep +%forgesetup +%if 0%{?rhel} && !0%{?eln} +%cargo_prep -V 1 +%else +%cargo_prep +%endif +%patch0 -p1 + +%build +%{__cargo} build --release --features "openssl-kdf/deny_custom,fdo-data-formats/use_noninteroperable_kdf" + +%install +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-client-linuxapp +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-client +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-server +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-owner-onboarding-server +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-rendezvous-server +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-serviceinfo-api-server +# duplicates as needed by AIO command +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-owner-tool +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-admin-tool +install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-owner-tool +install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-admin-tool +install -D -m 0644 -t %{buildroot}%{_unitdir} examples/systemd/* +install -D -m 0644 -t %{buildroot}%{_docdir}/fdo examples/config/* +mkdir -p %{buildroot}%{_sysconfdir}/fdo +# 52fdo +install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/module-setup.sh +install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-generator +install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-service +install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client.service + +%package -n fdo-init +Summary: dracut module for device initialization +%description -n fdo-init +%{summary} + +%files -n fdo-init +%license LICENSE +%{dracutlibdir}/modules.d/52fdo/* +%{_libexecdir}/fdo/fdo-manufacturing-client + +%package -n fdo-owner-onboarding-server +Summary: FDO Owner Onboarding Server implementation +%description -n fdo-owner-onboarding-server +%{summary} + +%files -n fdo-owner-onboarding-server +%license LICENSE +%{_libexecdir}/fdo/fdo-owner-onboarding-server +%{_libexecdir}/fdo/fdo-serviceinfo-api-server +%{_docdir}/fdo/serviceinfo-api-server.yml +%{_unitdir}/fdo-serviceinfo-api-server.service +%{_docdir}/fdo/owner-onboarding-server.yml +%{_unitdir}/fdo-owner-onboarding-server.service + +%post -n fdo-owner-onboarding-server +%systemd_post fdo-owner-onboarding-server.service +%systemd_post fdo-serviceinfo-api-server.service + +%preun -n fdo-owner-onboarding-server +%systemd_preun fdo-owner-onboarding-server.service +%systemd_post fdo-serviceinfo-api-server.service + +%postun -n fdo-owner-onboarding-server +%systemd_postun_with_restart fdo-owner-onboarding-server.service +%systemd_postun_with_restart fdo-serviceinfo-api-server.service + +%package -n fdo-rendezvous-server +Summary: FDO Rendezvous Server implementation +%description -n fdo-rendezvous-server +%{summary} + +%files -n fdo-rendezvous-server +%license LICENSE +%{_libexecdir}/fdo/fdo-rendezvous-server +%{_docdir}/fdo/rendezvous-server.yml +%{_unitdir}/fdo-rendezvous-server.service + +%post -n fdo-rendezvous-server +%systemd_post fdo-rendezvous-server.service + +%preun -n fdo-rendezvous-server +%systemd_preun fdo-rendezvous-server.service + +%postun -n fdo-rendezvous-server +%systemd_postun_with_restart fdo-rendezvous-server.service + +%package -n fdo-manufacturing-server +Summary: FDO Manufacturing Server implementation +%description -n fdo-manufacturing-server +%{summary} + +%files -n fdo-manufacturing-server +%license LICENSE +%{_libexecdir}/fdo/fdo-manufacturing-server +%{_docdir}/fdo/manufacturing-server.yml +%{_unitdir}/fdo-manufacturing-server.service + +%post -n fdo-manufacturing-server +%systemd_post fdo-manufacturing-server.service + +%preun -n fdo-manufacturing-server +%systemd_preun fdo-manufacturing-server.service + +%postun -n fdo-manufacturing-server +%systemd_postun_with_restart fdo-manufacturing-server.service + +%package -n fdo-client +Summary: FDO Client implementation +Requires: clevis +Requires: clevis-luks +Requires: cryptsetup +%description -n fdo-client +%{summary} + +%files -n fdo-client +%license LICENSE +%{_libexecdir}/fdo/fdo-client-linuxapp +%{_unitdir}/fdo-client-linuxapp.service + +%post -n fdo-client +%systemd_post fdo-client-linuxapp.service + +%preun -n fdo-client +%systemd_preun fdo-client-linuxapp.service + +%postun -n fdo-client +%systemd_postun_with_restart fdo-client-linuxapp.service + +%package -n fdo-owner-cli +Summary: FDO Owner tools implementation +%description -n fdo-owner-cli +%{summary} + +%files -n fdo-owner-cli +%license LICENSE +%{_bindir}/fdo-owner-tool +%{_libexecdir}/fdo/fdo-owner-tool + +%package -n fdo-admin-cli +Summary: FDO admin tools implementation +Requires: fdo-manufacturing-server +Requires: fdo-init +Requires: fdo-client +Requires: fdo-rendezvous-server +Requires: fdo-owner-onboarding-server +Requires: fdo-owner-cli +%description -n fdo-admin-cli +%{summary} + +%files -n fdo-admin-cli +%license LICENSE +%{_bindir}/fdo-admin-tool +%{_libexecdir}/fdo/fdo-admin-tool +%{_unitdir}/fdo-aio.service +%dir %{_sysconfdir}/fdo + +%post -n fdo-admin-cli +%systemd_post fdo-aio.service + +%preun -n fdo-admin-cli +%systemd_preun fdo-aio.service + +%postun -n fdo-admin-cli +%systemd_postun_with_restart fdo-aio.service + +%changelog +* Tue Mar 29 2022 Antonio Murdaca - 0.4.5-1 +- bump to 0.4.5 + +* Fri Feb 25 2022 Antonio Murdaca - 0.4.0-8 +- attempt #1 to fix checksums + +* Fri Feb 25 2022 Antonio Murdaca - 0.4.0-7 +- patch the right vendor/tss-esapi-sys + +* Fri Feb 25 2022 Antonio Murdaca - 0.4.0-6 +- patch Cargo.toml to ignore Cargo.lock for hash checks of tss-esapi-sys + +* Fri Feb 25 2022 Antonio Murdaca - 0.4.0-5 +- patch tss-esapi-sys/build.rs to require 2.3.2 + +* Thu Feb 24 2022 Antonio Murdaca - 0.4.0-4 +- rebuilt with tpm2-tss-devel build require + +* Thu Feb 24 2022 Antonio Murdaca - 0.4.0-3 +- rebuilt to use the correct patch for the 0.4.0 source + +* Thu Feb 24 2022 Antonio Murdaca - 0.4.0-2 +- rebuilt to use the correct 0.4.0 source archive + +* Thu Feb 24 2022 Antonio Murdaca - 0.4.0-1 +- upgrade to 0.4.0 + +* Thu Feb 03 2022 Antonio Murdaca - 0.3.0-4 +- revert and add missing %patch call + +* Thu Feb 03 2022 Antonio Murdaca - 0.3.0-3 +- rebuilt to drop commit conditional or patch doesn't work + +* Thu Feb 03 2022 Antonio Murdaca - 0.3.0-2 +- rebuilt to drop faulty conditional + +* Tue Feb 01 2022 Antonio Murdaca - 0.3.0-1 +- bump to v0.3.0 + +* Mon Jan 10 2022 Antonio Murdaca - 0.2.0-5 +- rebuilt dropping vendored exe(s) files (dll and .a) + +* Sat Dec 11 2021 Antonio Murdaca - 0.2.0-4 +- Restore soname, add golang to BuildRequires + +* Sat Dec 11 2021 Antonio Murdaca - 0.2.0-3 +- disable libfdo-data soname + +* Sat Dec 11 2021 Antonio Murdaca - 0.2.0-2 +- rebuilt + +* Fri Dec 10 2021 Antonio Murdaca - 0.2.0-1 +- bump to 0.2.0 + +* Wed Nov 17 2021 Antonio Murdaca - 0.1.0-2 +- rebuilt + +* Tue Oct 5 2021 Antonio Murdaca - 0.1.0-1 +- initial release