From ab8c4c48792223c22911f2955828f1fc3778493f Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Fri, 25 Oct 2024 14:37:18 +0300 Subject: [PATCH] import fido-device-onboard-0.4.12-11.el10 --- .fido-device-onboard.metadata | 2 + .gitignore | 2 + .../0001-fix-drop-unused-sha-crypt-dep.patch | 30 ++ ...x-relabel-devcreds-before-onboarding.patch | 25 ++ SOURCES/0001-hack-drop-shadow.patch | 68 +++ ...fdo-bump-devicemapper-libcryptosetup.patch | 46 ++ SOURCES/fix-aws-nitro-enclaves-cose.patch | 25 ++ SPECS/fido-device-onboard.spec | 394 ++++++++++++++++++ 8 files changed, 592 insertions(+) create mode 100644 .fido-device-onboard.metadata create mode 100644 .gitignore create mode 100644 SOURCES/0001-fix-drop-unused-sha-crypt-dep.patch create mode 100644 SOURCES/0001-fix-relabel-devcreds-before-onboarding.patch create mode 100644 SOURCES/0001-hack-drop-shadow.patch create mode 100644 SOURCES/fdo-bump-devicemapper-libcryptosetup.patch create mode 100644 SOURCES/fix-aws-nitro-enclaves-cose.patch create mode 100644 SPECS/fido-device-onboard.spec diff --git a/.fido-device-onboard.metadata b/.fido-device-onboard.metadata new file mode 100644 index 0000000..0014513 --- /dev/null +++ b/.fido-device-onboard.metadata @@ -0,0 +1,2 @@ +576d84e01a348f4ea160f15415dc005afe53a1b3 SOURCES/fido-device-onboard-rs-0.4.12-vendor-patched.tar.xz +377c879cb56ed3324c3e5f170d5c315d07ed2989 SOURCES/fido-device-onboard-rs-0.4.12.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a353867 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/fido-device-onboard-rs-0.4.12-vendor-patched.tar.xz +SOURCES/fido-device-onboard-rs-0.4.12.tar.gz diff --git a/SOURCES/0001-fix-drop-unused-sha-crypt-dep.patch b/SOURCES/0001-fix-drop-unused-sha-crypt-dep.patch new file mode 100644 index 0000000..cc8c67e --- /dev/null +++ b/SOURCES/0001-fix-drop-unused-sha-crypt-dep.patch @@ -0,0 +1,30 @@ +From 8899817ceff3371649ed87b700fb81490fb258c8 Mon Sep 17 00:00:00 2001 +From: Peter Robinson +Date: Thu, 27 Jul 2023 10:36:58 +0100 +Subject: [PATCH] fix: drop unused sha-crypt dep + +The use of sha-crypt was dropped with commit 8d1d1b2 but one of the +Cargo.toml updates was missed so drop it there and update Cargo.lock +to match. + +Fixes: 8d1d1b2 ("chore: replace sha-crypt with openssl process calls") +Signed-off-by: Peter Robinson +--- + integration-tests/Cargo.toml | 3 +-- + 2 files changed, 1 insertion(+), 21 deletions(-) + +diff --git a/integration-tests/Cargo.toml b/integration-tests/Cargo.toml +index 451bc3f..e3b87a9 100644 +--- a/integration-tests/Cargo.toml ++++ b/integration-tests/Cargo.toml +@@ -35,7 +35,6 @@ + passwd = "0.0.1" + pem = "2.0" + users = "0.11.0" +-sha-crypt = "0.5.0" + + fdo-data-formats = { path = "../data-formats" } + fdo-util = { path = "../util" } +-- +2.41.0 + diff --git a/SOURCES/0001-fix-relabel-devcreds-before-onboarding.patch b/SOURCES/0001-fix-relabel-devcreds-before-onboarding.patch new file mode 100644 index 0000000..4462866 --- /dev/null +++ b/SOURCES/0001-fix-relabel-devcreds-before-onboarding.patch @@ -0,0 +1,25 @@ +From adb1d1055f85ae48b58252ca36ce00d861a27358 Mon Sep 17 00:00:00 2001 +From: Antonio Murdaca +Date: Tue, 15 Aug 2023 16:29:53 +0200 +Subject: [PATCH] fix: relabel devcreds before onboarding + +Signed-off-by: Antonio Murdaca +--- + examples/systemd/fdo-client-linuxapp.service | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/examples/systemd/fdo-client-linuxapp.service b/examples/systemd/fdo-client-linuxapp.service +index acfdc79..c0b3090 100644 +--- a/examples/systemd/fdo-client-linuxapp.service ++++ b/examples/systemd/fdo-client-linuxapp.service +@@ -6,6 +6,7 @@ After=network-online.target + Type=oneshot + EnvironmentFile=-/boot/fdo-client-env + Environment=LOG_LEVEL=info ++ExecStartPre=-/usr/sbin/restorecon /boot/device-credentials + ExecStart=/usr/libexec/fdo/fdo-client-linuxapp + ExecStartPost=-/usr/bin/mv /boot/device-credentials /etc/device-credentials + +-- +2.41.0 + diff --git a/SOURCES/0001-hack-drop-shadow.patch b/SOURCES/0001-hack-drop-shadow.patch new file mode 100644 index 0000000..23448c9 --- /dev/null +++ b/SOURCES/0001-hack-drop-shadow.patch @@ -0,0 +1,68 @@ +From 309c07aa5d43b3d126ccac640901f22afcc25b77 Mon Sep 17 00:00:00 2001 +From: Peter Robinson +Date: Thu, 27 Jul 2023 10:21:26 +0100 +Subject: [PATCH] hack; drop shadow + +Signed-off-by: Peter Robinson +--- + integration-tests/Cargo.toml | 3 +-- + integration-tests/tests/e2e.rs | 7 ------- + integration-tests/tests/service_info.rs | 7 ------- + 3 files changed, 1 insertion(+), 16 deletions(-) + +diff --git a/integration-tests/Cargo.toml b/integration-tests/Cargo.toml +index 451bc3f..3e19ebb 100644 +--- a/integration-tests/Cargo.toml ++++ b/integration-tests/Cargo.toml +@@ -33,10 +33,9 @@ serde_json = "1.0" + pretty_assertions = "1.0.0" + paste = "1.0" + passwd = "0.0.1" +-shadow = "0.0.1" + pem = "2.0" + users = "0.11.0" + sha-crypt = "0.5.0" + + fdo-data-formats = { path = "../data-formats" } +-fdo-util = { path = "../util" } +\ No newline at end of file ++fdo-util = { path = "../util" } +diff --git a/integration-tests/tests/e2e.rs b/integration-tests/tests/e2e.rs +index 9857ce0..611fc84 100644 +--- a/integration-tests/tests/e2e.rs ++++ b/integration-tests/tests/e2e.rs +@@ -406,13 +406,6 @@ ssh-ed25519 sshkey_default user@example2.com + "User: {} is not created during onboarding", + &new_user + ); +- if let Some(test_user) = shadow::Shadow::from_name(new_user) { +- pretty_assertions::assert_eq!( +- test_user.password.is_empty(), +- false, +- "Password not created during onboarding" +- ); +- } + } else { + L.l("Skipped create initial user validation + To validate set env variable FDO_PRIVILEGED and run test as superuser"); +diff --git a/integration-tests/tests/service_info.rs b/integration-tests/tests/service_info.rs +index 8a346cc..4d05107 100644 +--- a/integration-tests/tests/service_info.rs ++++ b/integration-tests/tests/service_info.rs +@@ -285,13 +285,6 @@ ssh-ed25519 sshkey_default user@example2.com + "User: {} is not created during onboarding", + &new_user + ); +- if let Some(test_user) = shadow::Shadow::from_name(new_user) { +- pretty_assertions::assert_eq!( +- test_user.password.is_empty(), +- false, +- "Password not created during onboarding" +- ); +- } + } else { + L.l("Skipped create initial user validation + To validate set env variable FDO_PRIVILEGED and run test as superuser"); +-- +2.41.0 + diff --git a/SOURCES/fdo-bump-devicemapper-libcryptosetup.patch b/SOURCES/fdo-bump-devicemapper-libcryptosetup.patch new file mode 100644 index 0000000..d60c168 --- /dev/null +++ b/SOURCES/fdo-bump-devicemapper-libcryptosetup.patch @@ -0,0 +1,46 @@ +From 90bb88a24ddf9292150f7de6eeb2f93b0a793acf Mon Sep 17 00:00:00 2001 +From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> +Date: Fri, 27 Oct 2023 10:52:23 +0000 +Subject: [PATCH] chore: bump devicemapper from 0.33.5 to 0.34.0 + +Bumps [devicemapper](https://github.com/stratis-storage/devicemapper-rs) from 0.33.5 to 0.34.0. +- [Release notes](https://github.com/stratis-storage/devicemapper-rs/releases) +- [Changelog](https://github.com/stratis-storage/devicemapper-rs/blob/master/CHANGES.txt) +- [Commits](https://github.com/stratis-storage/devicemapper-rs/compare/v0.33.5...devicemapper-v0.34.0) + +--- +updated-dependencies: +- dependency-name: devicemapper + dependency-type: direct:production + update-type: version-update:semver-minor +... + +Signed-off-by: dependabot[bot] +--- + client-linuxapp/Cargo.toml | 2 +- + 2 files changed, 48 insertions(+), 26 deletions(-) + +diff --git a/client-linuxapp/Cargo.toml b/client-linuxapp/Cargo.toml +index ee362913..9df5fe96 100644 +--- a/client-linuxapp/Cargo.toml ++++ b/client-linuxapp/Cargo.toml +@@ -18,7 +18,7 @@ uuid = "1.3" + thiserror = "1" + libcryptsetup-rs = { version = "0.8.0", features = ["mutex"] } + secrecy = "0.8" +-devicemapper = "0.33" ++devicemapper = "0.34" + openssl = "0.10.55" + + fdo-data-formats = { path = "../data-formats", version = "0.4.12" } +--- fido-device-onboard-rs-0.4.12/client-linuxapp/Cargo.toml.orig 2023-12-03 22:30:29.457047282 +0000 ++++ fido-device-onboard-rs-0.4.12/client-linuxapp/Cargo.toml 2023-12-03 22:30:36.901090510 +0000 +@@ -17,7 +17,7 @@ + nix = "0.26" + uuid = "1.3" + thiserror = "1" +-libcryptsetup-rs = { version = "0.8.0", features = ["mutex"] } ++libcryptsetup-rs = { version = "0.9.0", features = ["mutex"] } + secrecy = "0.8" + devicemapper = "0.34" + openssl = "0.10.55" diff --git a/SOURCES/fix-aws-nitro-enclaves-cose.patch b/SOURCES/fix-aws-nitro-enclaves-cose.patch new file mode 100644 index 0000000..6fa09e4 --- /dev/null +++ b/SOURCES/fix-aws-nitro-enclaves-cose.patch @@ -0,0 +1,25 @@ +Backport of https://github.com/awslabs/aws-nitro-enclaves-cose/pull/66 + +diff --git a/vendor/aws-nitro-enclaves-cose/.cargo-checksum.json b/vendor/aws-nitro-enclaves-cose/.cargo-checksum.json +index dd788a8..1035b7b 100644 +--- a/vendor/aws-nitro-enclaves-cose/.cargo-checksum.json ++++ b/vendor/aws-nitro-enclaves-cose/.cargo-checksum.json +@@ -1 +1 @@ +-{"files":{"CHANGELOG.md":"182c816f6cdcf13b370be9e712a0e7cf5b7c6b6612dc81c3b3d477abfca58e86","CODE_OF_CONDUCT.md":"34b6c98d5c23127ae6769e95e483e5bf6d3704ae1f0d3ae4e69d15f4ede118b6","CONTRIBUTING.md":"b050a75d5f6d2236ed40ad91dc53c4a4b30da184f9298f6f18507beae5fd7cb7","Cargo.toml":"d3ba98a34c9dcbff42da7e04d123b1687840738851e0630035e1f6e620a6fd98","LICENSE":"09e8a9bcec8067104652c168685ab0931e7868f9c8284b66f5ae6edae5f1130b","NOTICE":"d4290ed64c2edd0fce1d84e3f9dfb2881240fe534def76b8cd29ed6af683e287","README.md":"b16c142f4056384bb274fa7c9d0c2d73faf573cc2123a0bf4825970f88a67fc4","src/crypto/mod.rs":"a509e065cd0c3ed4c05484af9a7c45397ebf2a8b3f0d22578410f22484ffc33c","src/crypto/openssl_pkey.rs":"e9344a26ba101925a8e1c82960ff3d20a3df603be43132671bb15846ee96e829","src/crypto/tpm.rs":"2f8ec59523020319a4f63ca1e4bf3a4ae20c3acf8ca8ffd38e53ccd99611af3f","src/encrypt.rs":"ba89d5f221f0e4379d6f67dd946a00b183639b00bcf6918a4d3c441c4328894d","src/error.rs":"48fd4b84f9b4a7f5fc7ac52c2ce792d258c257908609270bf7751938082e19b7","src/header_map.rs":"88b3d7575ea4fd8eaaf4497a9d3c27ff43ec4da0213994aecf1ec9b5b89553c0","src/lib.rs":"8dbe7fe8206cfc76f46324c25418b37d0daf1ce23fc8b3219e1d89043c8e00de","src/sign.rs":"5a45658fa820ac9b5285c0987b66a58eb4f5b4373ab1aa07a73240848de098b2"},"package":"4e2fe3e862758ef5bb5d89868141ab28781d96347522b60eb6abeaf7f9acd4bc"} +\ No newline at end of file ++{"files":{},"package":"4e2fe3e862758ef5bb5d89868141ab28781d96347522b60eb6abeaf7f9acd4bc"} +diff --git a/vendor/aws-nitro-enclaves-cose/src/sign.rs b/vendor/aws-nitro-enclaves-cose/src/sign.rs +index 6426ac0..93f59ec 100644 +--- a/vendor/aws-nitro-enclaves-cose/src/sign.rs ++++ b/vendor/aws-nitro-enclaves-cose/src/sign.rs +@@ -135,8 +135,10 @@ pub struct SigStructure( + #[serde(skip_serializing_if = "Option::is_none")] + Option, + /// external_aad : bstr, ++ #[serde(default)] + ByteBuf, + /// payload : bstr ++ #[serde(default)] + ByteBuf, + ); + diff --git a/SPECS/fido-device-onboard.spec b/SPECS/fido-device-onboard.spec new file mode 100644 index 0000000..62b11fe --- /dev/null +++ b/SPECS/fido-device-onboard.spec @@ -0,0 +1,394 @@ +%global dracutlibdir %{_prefix}/lib/dracut +%bcond_without check +%global combined_license Apache-2.0 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND ((Apache-2.0 OR MIT) AND BSD-3-Clause) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND (CC0-1.0 OR Apache-2.0) AND (CC0-1.0 OR MIT-0 OR Apache 2.0) AND ISC AND MIT AND ((MIT OR Apache-2.0) AND Unicode-DFS-2016) AND (Apache-2.0 OR MIT OR Zlib) AND MPL-2.0 AND (Unlicense OR MIT) + +Name: fido-device-onboard +Version: 0.4.12 +Release: 11%{?dist} +Summary: A rust implementation of the FIDO Device Onboard Specification +License: BSD-3-Clause + +URL: https://github.com/fedora-iot/fido-device-onboard-rs +Source0: %{url}/archive/v%{version}/%{name}-rs-%{version}.tar.gz +# See make-vendored-tarfile.sh in upstream repo +Source1: %{name}-rs-%{version}-vendor-patched.tar.xz +Patch0: 0001-hack-drop-shadow.patch +Patch1: 0001-fix-drop-unused-sha-crypt-dep.patch +Patch3: 0001-fix-relabel-devcreds-before-onboarding.patch +Patch4: fdo-bump-devicemapper-libcryptosetup.patch + +# fixes for vendored dependencies +Patch100: fix-aws-nitro-enclaves-cose.patch + +# Because nobody cares +ExcludeArch: %{ix86} + +%if 0%{?rhel} +BuildRequires: rust-toolset +%else +BuildRequires: rust-packaging +%endif +BuildRequires: clang-devel +BuildRequires: cryptsetup-devel +BuildRequires: device-mapper-devel +BuildRequires: golang +BuildRequires: openssl-devel >= 3.0.1-12 +BuildRequires: systemd-rpm-macros +BuildRequires: tpm2-tss-devel + +%description +%{summary}. + +%prep +%setup -q -n %{name}-rs-%{version} +%patch -P0 -p1 +%patch -P1 -p1 +%patch -P3 -p1 +%patch -P4 -p1 + +%if 0%{?rhel} +%if 0%{?rhel} >= 10 +tar xf %{SOURCE1} +%cargo_prep -v vendor +%else +%cargo_prep -V 1 +%endif +# patch vendored dependencies +%patch -P100 -p1 +%else +%cargo_prep +%generate_buildrequires +%cargo_generate_buildrequires -a +%endif + +%build +%cargo_build \ +-F openssl-kdf/deny_custom + +%{?cargo_license_summary} +%{?cargo_license} > LICENSE.dependencies +%if 0%{?rhel} >= 10 +%cargo_vendor_manifest +%endif + +%install +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-client-linuxapp +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-client +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-server +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-owner-onboarding-server +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-rendezvous-server +install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-serviceinfo-api-server +install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-owner-tool +install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-admin-tool +install -D -m 0644 -t %{buildroot}%{_unitdir} examples/systemd/* +install -D -m 0644 -t %{buildroot}%{_docdir}/fdo examples/config/* +# duplicates as needed by AIO command so link them +ln -s %{_bindir}/fdo-owner-tool %{buildroot}%{_libexecdir}/fdo/fdo-owner-tool +ln -s %{_bindir}/fdo-admin-tool %{buildroot}%{_libexecdir}/fdo/fdo-admin-tool +# Create directories needed by the various services so we own them +mkdir -p %{buildroot}%{_sysconfdir}/fdo +mkdir -p %{buildroot}%{_sysconfdir}/fdo/keys +mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores +mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/manufacturer_keys +mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/manufacturing_sessions +mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/owner_onboarding_sessions +mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/owner_vouchers +mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/rendezvous_registered +mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/rendezvous_sessions +mkdir -p %{buildroot}%{_sysconfdir}/fdo/manufacturing-server.conf.d +mkdir -p %{buildroot}%{_sysconfdir}/fdo/owner-onboarding-server.conf.d +mkdir -p %{buildroot}%{_sysconfdir}/fdo/rendezvous-server.conf.d +mkdir -p %{buildroot}%{_sysconfdir}/fdo/serviceinfo-api-server.conf.d +mkdir -p %{buildroot}%{_localstatedir}/lib/fdo +# Dracut manufacturing service +install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/module-setup.sh +install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-generator +install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-service +install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client.service + +%package -n fdo-init +Summary: dracut module for device initialization +License: %combined_license +Requires: openssl-libs >= 3.0.1-12 +Requires: dracut +%description -n fdo-init +%{summary} + +%files -n fdo-init +%license LICENSE LICENSE.dependencies +%if 0%{?rhel} >= 10 +%license cargo-vendor.txt +%endif +%{dracutlibdir}/modules.d/52fdo/ +%{_libexecdir}/fdo/fdo-manufacturing-client + +%package -n fdo-owner-onboarding-server +Summary: FDO Owner Onboarding Server implementation +License: %combined_license +Requires: openssl-libs >= 3.0.1-12 +%description -n fdo-owner-onboarding-server +%{summary} + +%files -n fdo-owner-onboarding-server +%license LICENSE LICENSE.dependencies +%if 0%{?rhel} >= 10 +%license cargo-vendor.txt +%endif +%dir %{_sysconfdir}/fdo +%dir %{_sysconfdir}/fdo/keys +%dir %{_sysconfdir}/fdo/owner-onboarding-server.conf.d +%dir %{_sysconfdir}/fdo/serviceinfo-api-server.conf.d +%dir %{_sysconfdir}/fdo/stores +%dir %{_sysconfdir}/fdo/stores/owner_onboarding_sessions +%dir %{_sysconfdir}/fdo/stores/owner_vouchers +%{_libexecdir}/fdo/fdo-owner-onboarding-server +%{_libexecdir}/fdo/fdo-serviceinfo-api-server +%dir %{_localstatedir}/lib/fdo +%dir %{_docdir}/fdo +%{_docdir}/fdo/device_specific_serviceinfo.yml +%{_docdir}/fdo/serviceinfo-api-server.yml +%{_docdir}/fdo/owner-onboarding-server.yml +%{_unitdir}/fdo-serviceinfo-api-server.service +%{_unitdir}/fdo-owner-onboarding-server.service + +%post -n fdo-owner-onboarding-server +%systemd_post fdo-owner-onboarding-server.service +%systemd_post fdo-serviceinfo-api-server.service + +%preun -n fdo-owner-onboarding-server +%systemd_preun fdo-owner-onboarding-server.service +%systemd_post fdo-serviceinfo-api-server.service + +%postun -n fdo-owner-onboarding-server +%systemd_postun_with_restart fdo-owner-onboarding-server.service +%systemd_postun_with_restart fdo-serviceinfo-api-server.service + +%package -n fdo-rendezvous-server +Summary: FDO Rendezvous Server implementation +License: %combined_license +%description -n fdo-rendezvous-server +%{summary} + +%files -n fdo-rendezvous-server +%license LICENSE LICENSE.dependencies +%if 0%{?rhel} >= 10 +%license cargo-vendor.txt +%endif +%dir %{_sysconfdir}/fdo +%dir %{_sysconfdir}/fdo/keys +%dir %{_sysconfdir}/fdo/rendezvous-server.conf.d +%dir %{_sysconfdir}/fdo/stores +%dir %{_sysconfdir}/fdo/stores/rendezvous_registered +%dir %{_sysconfdir}/fdo/stores/rendezvous_sessions +%{_libexecdir}/fdo/fdo-rendezvous-server +%dir %{_localstatedir}/lib/fdo +%dir %{_docdir}/fdo +%{_docdir}/fdo/rendezvous-*.yml +%{_unitdir}/fdo-rendezvous-server.service + +%post -n fdo-rendezvous-server +%systemd_post fdo-rendezvous-server.service + +%preun -n fdo-rendezvous-server +%systemd_preun fdo-rendezvous-server.service + +%postun -n fdo-rendezvous-server +%systemd_postun_with_restart fdo-rendezvous-server.service + +%package -n fdo-manufacturing-server +Summary: FDO Manufacturing Server implementation +License: %combined_license +Requires: openssl-libs >= 3.0.1-12 +%description -n fdo-manufacturing-server +%{summary} + +%files -n fdo-manufacturing-server +%license LICENSE LICENSE.dependencies +%if 0%{?rhel} >= 10 +%license cargo-vendor.txt +%endif +%dir %{_sysconfdir}/fdo +%dir %{_sysconfdir}/fdo/keys +%dir %{_sysconfdir}/fdo/manufacturing-server.conf.d +%dir %{_sysconfdir}/fdo/keys +%dir %{_sysconfdir}/fdo/stores +%dir %{_sysconfdir}/fdo/stores/manufacturer_keys +%dir %{_sysconfdir}/fdo/stores/manufacturing_sessions +%{_libexecdir}/fdo/fdo-manufacturing-server +%dir %{_localstatedir}/lib/fdo +%dir %{_docdir}/fdo +%{_docdir}/fdo/manufacturing-server.yml +%{_unitdir}/fdo-manufacturing-server.service + +%post -n fdo-manufacturing-server +%systemd_post fdo-manufacturing-server.service + +%preun -n fdo-manufacturing-server +%systemd_preun fdo-manufacturing-server.service + +%postun -n fdo-manufacturing-server +%systemd_postun_with_restart fdo-manufacturing-server.service + +%package -n fdo-client +Summary: FDO Client implementation +License: %combined_license +Requires: openssl-libs >= 3.0.1-12 +Requires: clevis +Requires: clevis-luks +Requires: clevis-pin-tpm2 +Requires: cryptsetup +%description -n fdo-client +%{summary} + +%files -n fdo-client +%if 0%{?rhel} >= 10 +%license cargo-vendor.txt +%endif +%license LICENSE LICENSE.dependencies +%{_libexecdir}/fdo/fdo-client-linuxapp +%{_unitdir}/fdo-client-linuxapp.service + +%post -n fdo-client +%systemd_post fdo-client-linuxapp.service + +%preun -n fdo-client +%systemd_preun fdo-client-linuxapp.service + +%postun -n fdo-client +%systemd_postun_with_restart fdo-client-linuxapp.service + +%package -n fdo-owner-cli +Summary: FDO Owner tools implementation +License: %combined_license +%description -n fdo-owner-cli +%{summary} + +%files -n fdo-owner-cli +%if 0%{?rhel} >= 10 +%license cargo-vendor.txt +%endif +%license LICENSE LICENSE.dependencies +%{_bindir}/fdo-owner-tool +%{_libexecdir}/fdo/fdo-owner-tool + +%package -n fdo-admin-cli +Summary: FDO admin tools implementation +License: %combined_license +Requires: fdo-manufacturing-server = %{version}-%{release} +Requires: fdo-rendezvous-server = %{version}-%{release} +Requires: fdo-owner-onboarding-server = %{version}-%{release} +Requires: fdo-owner-cli = %{version}-%{release} +Requires: fdo-client = %{version}-%{release} +Requires: fdo-init = %{version}-%{release} +%description -n fdo-admin-cli +%{summary} + +%files -n fdo-admin-cli +%if 0%{?rhel} >= 10 +%license cargo-vendor.txt +%endif +%license LICENSE LICENSE.dependencies +%dir %{_sysconfdir}/fdo +%dir %{_sysconfdir}/fdo/keys +%{_bindir}/fdo-admin-tool +%{_libexecdir}/fdo/fdo-admin-tool +%{_unitdir}/fdo-aio.service + +%post -n fdo-admin-cli +%systemd_post fdo-aio.service + +%preun -n fdo-admin-cli +%systemd_preun fdo-aio.service + +%postun -n fdo-admin-cli +%systemd_postun_with_restart fdo-aio.service + +%changelog +* Fri Oct 25 2024 MSVSphere Packaging Team - 0.4.12-11 +- Rebuilt for MSVSphere 10 + +* Mon Jun 24 2024 Troy Dawson - 0.4.12-11 +- Bump release for June 2024 mass rebuild + +* Sun Feb 11 2024 Maxwell G - 0.4.12-10 +- Rebuild for golang 1.22.0 + +* Sun Feb 04 2024 Yaakov Selkowitz - 0.4.12-9 +- Update Rust macro usage + +* Wed Jan 24 2024 Fedora Release Engineering - 0.4.12-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 0.4.12-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Jan 08 2024 Peter Robinson - 0.4.12-6 +- Rebuild for fixed dependencies + +* Fri Dec 01 2023 Fabio Valentini - 0.4.12-5 +- Rebuild for openssl crate >= v0.10.60 (RUSTSEC-2023-0044, RUSTSEC-2023-0072) + +* Wed Aug 23 2023 Peter Robinson - 0.4.12-4 +- Ensure client service fix is applied + +* Tue Aug 22 2023 Peter Robinson - 0.4.12-3 +- Own var/lib/fdo, SELinux fixes + +* Thu Aug 17 2023 Peter Robinson - 0.4.12-2 +- Add client/init deps to fdo-admin-cli + +* Thu Jul 27 2023 Peter Robinson - 0.4.12-1 +- Update to 0.4.12 + +* Wed Jul 19 2023 Fedora Release Engineering - 0.4.10-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Mon Jul 03 2023 Peter Robinson - 0.4.10-2 +- Updates for eln/c9s building + +* Fri Jun 23 2023 Peter Robinson - 0.4.10-1 +- Update to 0.4.10 + +* Wed Jun 14 2023 Peter Robinson - 0.4.9-5 +- More spec updates + +* Wed Jun 14 2023 Peter Robinson - 0.4.9-4 +- Add patch for libcryptsetup-rs 0.8 API changes + +* Tue Jun 13 2023 Peter Robinson - 0.4.9-3 +- Updates for licenses + +* Tue May 30 2023 Peter Robinson - 0.4.9-2 +- Review feedback +- Patch for libcryptsetup-rs 0.7 + +* Thu May 11 2023 Peter Robinson - 0.4.9-1 +- Update to 0.4.9 + +* Mon Feb 20 2023 Peter Robinson - 0.4.7-3 +- Fix services start + +* Wed Feb 15 2023 Peter Robinson - 0.4.7-2 +- Upstream fix for rhbz#2168089 + +* Wed Nov 30 2022 Peter Robinson - 0.4.7-1 +- Update to 0.4.7 +- Package updates and cleanup + +* Tue Mar 29 2022 Antonio Murdaca - 0.4.5-1 +- bump to 0.4.5 + +* Mon Feb 28 2022 Antonio Murdaca - 0.4.0-2 +- fix runtime requirements to use openssl-libs and not -devel + +* Thu Feb 24 2022 Antonio Murdaca - 0.4.0-1 +- upgrade to 0.4.0 + +* Tue Feb 01 2022 Antonio Murdaca - 0.3.0-1 +- bump to 0.3.0 + +* Tue Jan 11 2022 Antonio Murdaca - 0.2.0-2 +- use patched vendor w/o win files and rename license + +* Mon Dec 13 2021 Antonio Murdaca - 0.2.0-1 +- import fido-device-onboard