diff --git a/.gitignore b/.gitignore index 05219af..1de2d61 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ /clevis-13.tar.xz /clevis-14.tar.xz /clevis-15.tar.xz +/clevis-16.tar.xz diff --git a/clevis-tpm2-tools-5.patch b/clevis-tpm2-tools-5.patch deleted file mode 100644 index 604ea53..0000000 --- a/clevis-tpm2-tools-5.patch +++ /dev/null @@ -1,118 +0,0 @@ -From ef76951e4486dadf41ca8085e09849466a0c7fd3 Mon Sep 17 00:00:00 2001 -From: Jonas Witschel -Date: Wed, 11 Nov 2020 12:43:18 +0100 -Subject: [PATCH] pins/tpm2: add support for tpm2-tools 5.X - -tpm2-tools 5.0 consolidates all tools into a single busybox-style binary, so -the preferred way to invoke the commands would be e.g. "tpm2 createprimary" -instead of "tpm2_createprimary". However, compatibility symlinks tpm2_* -> tpm2 -are installed by default, so we keep the old syntax for tpm2-tools 5.0 to avoid -creating another special case, since the option syntax has not changed (it -should be stable since version 4). - -tpm2-tools 3.X is deprecated, but unfortunately still packaged by a few Linux -distributions, so keep supporting it for now at least. ---- - src/pins/tpm2/clevis-decrypt-tpm2 | 12 ++++++------ - src/pins/tpm2/clevis-encrypt-tpm2 | 16 ++++++++-------- - 2 files changed, 14 insertions(+), 14 deletions(-) - -diff --git a/src/pins/tpm2/clevis-decrypt-tpm2 b/src/pins/tpm2/clevis-decrypt-tpm2 -index 83bf8f0..6226cb7 100755 ---- a/src/pins/tpm2/clevis-decrypt-tpm2 -+++ b/src/pins/tpm2/clevis-decrypt-tpm2 -@@ -49,8 +49,8 @@ TPM2TOOLS_INFO="$(tpm2_createprimary -v)" - - match='version="(.)\.' - [[ $TPM2TOOLS_INFO =~ $match ]] && TPM2TOOLS_VERSION="${BASH_REMATCH[1]}" --if [[ $TPM2TOOLS_VERSION != 3 ]] && [[ $TPM2TOOLS_VERSION != 4 ]]; then -- echo "The tpm2 pin requires tpm2-tools version 3 or 4" >&2 -+if [[ $TPM2TOOLS_VERSION -lt 3 ]] || [[ $TPM2TOOLS_VERSION -gt 5 ]]; then -+ echo "The tpm2 pin requires a tpm2-tools version between 3 and 5" >&2 - exit 1 - fi - -@@ -135,7 +135,7 @@ fi - - case "$TPM2TOOLS_VERSION" in - 3) tpm2_createprimary -Q -H "$auth" -g "$hash" -G "$key" -C "$TMP"/primary.context || fail=$?;; -- 4) tpm2_createprimary -Q -C "$auth" -g "$hash" -G "$key" -c "$TMP"/primary.context || fail=$?;; -+ 4|5) tpm2_createprimary -Q -C "$auth" -g "$hash" -G "$key" -c "$TMP"/primary.context || fail=$?;; - *) fail=1;; - esac - if [ -n "$fail" ]; then -@@ -146,8 +146,8 @@ fi - case "$TPM2TOOLS_VERSION" in - 3) tpm2_load -Q -c "$TMP"/primary.context -u "$TMP"/jwk.pub -r "$TMP"/jwk.priv \ - -C "$TMP"/load.context || fail=$?;; -- 4) tpm2_load -Q -C "$TMP"/primary.context -u "$TMP"/jwk.pub -r "$TMP"/jwk.priv \ -- -c "$TMP"/load.context || fail=$?;; -+ 4|5) tpm2_load -Q -C "$TMP"/primary.context -u "$TMP"/jwk.pub -r "$TMP"/jwk.priv \ -+ -c "$TMP"/load.context || fail=$?;; - *) fail=1;; - esac - if [ -n "$fail" ]; then -@@ -157,7 +157,7 @@ fi - - case "$TPM2TOOLS_VERSION" in - 3) jwk="$(tpm2_unseal -c "$TMP"/load.context ${pcr_spec:+-L $pcr_spec})" || fail=$?;; -- 4) jwk="$(tpm2_unseal -c "$TMP"/load.context ${pcr_spec:+-p pcr:$pcr_spec})" || fail=$?;; -+ 4|5) jwk="$(tpm2_unseal -c "$TMP"/load.context ${pcr_spec:+-p pcr:$pcr_spec})" || fail=$?;; - *) fail=1;; - esac - if [ -n "$fail" ]; then -diff --git a/src/pins/tpm2/clevis-encrypt-tpm2 b/src/pins/tpm2/clevis-encrypt-tpm2 -index 16d35c4..69a1126 100755 ---- a/src/pins/tpm2/clevis-encrypt-tpm2 -+++ b/src/pins/tpm2/clevis-encrypt-tpm2 -@@ -71,8 +71,8 @@ TPM2TOOLS_INFO="$(tpm2_createprimary -v)" - - match='version="(.)\.' - [[ $TPM2TOOLS_INFO =~ $match ]] && TPM2TOOLS_VERSION="${BASH_REMATCH[1]}" --if [[ $TPM2TOOLS_VERSION != 3 ]] && [[ $TPM2TOOLS_VERSION != 4 ]]; then -- echo "The tpm2 pin requires tpm2-tools version 3 or 4" >&2 -+if [[ $TPM2TOOLS_VERSION -lt 3 ]] || [[ $TPM2TOOLS_VERSION -gt 5 ]]; then -+ echo "The tpm2 pin requires a tpm2-tools version between 3 and 5" >&2 - exit 1 - fi - -@@ -153,7 +153,7 @@ trap 'on_exit' EXIT - - case "$TPM2TOOLS_VERSION" in - 3) tpm2_createprimary -Q -H "$auth" -g "$hash" -G "$key" -C "$TMP"/primary.context || fail=$?;; -- 4) tpm2_createprimary -Q -C "$auth" -g "$hash" -G "$key" -c "$TMP"/primary.context || fail=$?;; -+ 4|5) tpm2_createprimary -Q -C "$auth" -g "$hash" -G "$key" -c "$TMP"/primary.context || fail=$?;; - *) fail=1;; - esac - if [ -n "$fail" ]; then -@@ -166,7 +166,7 @@ if [ -n "$pcr_ids" ]; then - if [ -z "$pcr_digest" ]; then - case "$TPM2TOOLS_VERSION" in - 3) tpm2_pcrlist -Q -L "$pcr_bank":"$pcr_ids" -o "$TMP"/pcr.digest || fail=$?;; -- 4) tpm2_pcrread -Q "$pcr_bank":"$pcr_ids" -o "$TMP"/pcr.digest || fail=$?;; -+ 4|5) tpm2_pcrread -Q "$pcr_bank":"$pcr_ids" -o "$TMP"/pcr.digest || fail=$?;; - *) fail=1;; - esac - if [ -n "$fail" ]; then -@@ -183,8 +183,8 @@ if [ -n "$pcr_ids" ]; then - case "$TPM2TOOLS_VERSION" in - 3) tpm2_createpolicy -Q -g "$hash" -P -L "$pcr_bank":"$pcr_ids" \ - -F "$TMP"/pcr.digest -f "$TMP"/pcr.policy || fail=$?;; -- 4) tpm2_createpolicy -Q -g "$hash" --policy-pcr -l "$pcr_bank":"$pcr_ids" \ -- -f "$TMP"/pcr.digest -L "$TMP"/pcr.policy || fail=$?;; -+ 4|5) tpm2_createpolicy -Q -g "$hash" --policy-pcr -l "$pcr_bank":"$pcr_ids" \ -+ -f "$TMP"/pcr.digest -L "$TMP"/pcr.policy || fail=$?;; - *) fail=1;; - esac - if [ -n "$fail" ]; then -@@ -200,8 +200,8 @@ fi - case "$TPM2TOOLS_VERSION" in - 3) tpm2_create -Q -g "$hash" -G "$alg_create_key" -c "$TMP"/primary.context -u "$TMP"/jwk.pub \ - -r "$TMP"/jwk.priv -A "$obj_attr" "${policy_options[@]}" -I- <<< "$jwk" || fail=$?;; -- 4) tpm2_create -Q -g "$hash" -C "$TMP"/primary.context -u "$TMP"/jwk.pub \ -- -r "$TMP"/jwk.priv -a "$obj_attr" "${policy_options[@]}" -i- <<< "$jwk" || fail=$?;; -+ 4|5) tpm2_create -Q -g "$hash" -C "$TMP"/primary.context -u "$TMP"/jwk.pub \ -+ -r "$TMP"/jwk.priv -a "$obj_attr" "${policy_options[@]}" -i- <<< "$jwk" || fail=$?;; - *) fail=1;; - esac - if [ -n "$fail" ]; then diff --git a/clevis.spec b/clevis.spec index c475615..31e8780 100644 --- a/clevis.spec +++ b/clevis.spec @@ -1,13 +1,12 @@ Name: clevis -Version: 15 -Release: 4%{?dist} +Version: 16 +Release: 1%{?dist} Summary: Automated decryption framework License: GPLv3+ URL: https://github.com/latchset/%{name} Source0: https://github.com/latchset/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.xz Source1: clevis.sysusers -Patch0: clevis-tpm2-tools-5.patch BuildRequires: git-core BuildRequires: gcc @@ -83,7 +82,6 @@ Requires: systemd%{?_isa} >= 236 %endif %endif %endif -Requires: nc %description systemd Automatically unlocks LUKS _netdev block devices from /etc/crypttab. @@ -166,6 +164,7 @@ exit 0 %{_mandir}/man1/%{name}-luks-edit.1.* %{_mandir}/man1/%{name}-luks-regen.1.* %{_mandir}/man1/%{name}-luks-report.1.* +%{_mandir}/man1/%{name}-luks-pass.1.* %{_bindir}/%{name}-luks-unlock %{_bindir}/%{name}-luks-unbind %{_bindir}/%{name}-luks-bind @@ -174,6 +173,7 @@ exit 0 %{_bindir}/%{name}-luks-edit %{_bindir}/%{name}-luks-regen %{_bindir}/%{name}-luks-report +%{_bindir}/%{name}-luks-pass %files systemd %{_libexecdir}/%{name}-luks-askpass @@ -191,6 +191,9 @@ exit 0 %attr(4755, root, root) %{_libexecdir}/%{name}-luks-udisks2 %changelog +* Tue Feb 09 2021 Sergio Correia - 16-1 +- Update to new clevis upstream release, v16. + * Tue Jan 26 2021 Fedora Release Engineering - 15-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild diff --git a/sources b/sources index ba551e3..ab2a495 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (clevis-15.tar.xz) = 8a84b9e081d02742c2c718bdc8b2c834764da6ec9ad1ae5640e8af80a38c2a1ec83eeea5de7696f60f7dd8f165b3dc527290831621440b1a46459d2c8bd56918 +SHA512 (clevis-16.tar.xz) = a474a0a4d17b65091a6447698a4f3e0e3bc45b61e686be76bc5d7b5d248e503803174ae40b958cfee8a72087089c1ac132b8684f2f913c5e8a9873ceae2aa5c3