automatic import of fido-device-onboardopeneuler24.03_LTS

4 files changed, 399 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index e69de29..a61a2b0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,2 @@
+/fido-device-onboard-rs-0.5.0-vendor-patched.tar.xz
+/fido-device-onboard-rs-0.5.0.tar.gz
diff --git a/0001-Revert-chore-use-git-fork-for-aws-nitro-enclaves-cos.patch b/0001-Revert-chore-use-git-fork-for-aws-nitro-enclaves-cos.patch
new file mode 100644
index 0000000..722d680
--- /dev/null
+++ b/0001-Revert-chore-use-git-fork-for-aws-nitro-enclaves-cos.patch
@@ -0,0 +1,40 @@
+From d9554495b54d1f150a85f4e329412ff62728d9c7 Mon Sep 17 00:00:00 2001
+From: Peter Robinson <pbrobinson@gmail.com>
+Date: Thu, 15 Feb 2024 12:06:44 +0000
+Subject: [PATCH] Revert "chore: use git fork for aws-nitro-enclaves-cose"
+
+This reverts commit 1ea09e88baee3c47cdc76902f0034d553207d515.
+---
+ data-formats/Cargo.toml | 2 +-
+ http-wrapper/Cargo.toml | 2 +-
+ 3 files changed, 4 insertions(+), 3 deletions(-)
+
+Sdiff --git a/data-formats/Cargo.toml b/data-formats/Cargo.toml
+index 714fc55..6d00eb4 100644
+--- a/data-formats/Cargo.toml
++++ b/data-formats/Cargo.toml
+@@ -17,7 +17,7 @@ serde_cbor = "0.11"
+ serde_repr = "0.1.6"
+ serde_tuple = "0.5"
+ thiserror = "1"
+-aws-nitro-enclaves-cose = { git = "https://github.com/nullr0ute/aws-nitro-enclaves-cose/", rev = "e3938e60d9051690569d1e4fcbe1c0c99d2fafa8" }
++aws-nitro-enclaves-cose = "0.4.0"
+ uuid = "1.3"
+ num-traits = "0.2"
+ num-derive = "0.3"
+diff --git a/http-wrapper/Cargo.toml b/http-wrapper/Cargo.toml
+index 5d4999c..7b98097 100644
+--- a/http-wrapper/Cargo.toml
++++ b/http-wrapper/Cargo.toml
+@@ -20,7 +20,7 @@ openssl = "0.10.60"
+ 
+ fdo-data-formats = { path = "../data-formats", version = "0.5.0" }
+ fdo-store = { path = "../store", version = "0.5.0" }
+-aws-nitro-enclaves-cose = { git = "https://github.com/nullr0ute/aws-nitro-enclaves-cose/", rev = "e3938e60d9051690569d1e4fcbe1c0c99d2fafa8" }
++aws-nitro-enclaves-cose = "0.4.0"
+ 
+ # Server-side
+ uuid = { version = "1.3", features = ["v4"], optional = true }
+-- 
+2.43.1
+
diff --git a/fido-device-onboard.spec b/fido-device-onboard.spec
new file mode 100644
index 0000000..095e311
--- /dev/null
+++ b/fido-device-onboard.spec
@@ -0,0 +1,355 @@
+%global dracutlibdir %{_prefix}/lib/dracut
+%bcond_without check
+%global combined_license Apache-2.0 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND ((Apache-2.0 OR MIT) AND BSD-3-Clause) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND (CC0-1.0 OR Apache-2.0) AND (CC0-1.0 OR MIT-0 OR Apache-2.0) AND ISC AND MIT AND ((MIT OR Apache-2.0) AND Unicode-DFS-2016) AND (Apache-2.0 OR MIT OR Zlib) AND MPL-2.0 AND (Unlicense OR MIT)
+
+Name:           fido-device-onboard
+Version:        0.5.0
+Release:        2%{?dist}
+Summary:        A rust implementation of the FIDO Device Onboard Specification
+License:        BSD-3-Clause
+
+URL:            https://github.com/fdo-rs/fido-device-onboard-rs
+Source0:        %{url}/archive/v%{version}/%{name}-rs-%{version}.tar.gz
+# See make-vendored-tarfile.sh in upstream repo
+Source1:        %{name}-rs-%{version}-vendor-patched.tar.xz
+Patch1:         0001-Revert-chore-use-git-fork-for-aws-nitro-enclaves-cos.patch
+
+# Because nobody cares
+ExcludeArch: %{ix86}
+
+%if 0%{?rhel}
+BuildRequires:  rust-toolset
+%else
+BuildRequires:  rust-packaging
+%endif
+BuildRequires:  clang-devel
+BuildRequires:  cryptsetup-devel
+BuildRequires:  device-mapper-devel
+BuildRequires:  golang
+BuildRequires:  openssl-devel >= 3.0.1-12
+BuildRequires:  systemd-rpm-macros
+BuildRequires:  tpm2-tss-devel
+BuildRequires:  sqlite-devel
+BuildRequires:  libpq-devel
+
+%description
+%{summary}.
+
+%prep
+%setup -q -n %{name}-rs-%{version}
+# general patches should go here
+%patch -P1 -p1
+
+%if 0%{?rhel}
+%cargo_prep -V 1
+%else
+%cargo_prep
+%generate_buildrequires
+%cargo_generate_buildrequires -a
+%endif
+
+%build
+%cargo_build \
+-F openssl-kdf/deny_custom
+
+%{?cargo_license_summary}
+%{?cargo_license} > LICENSE.dependencies
+
+%install
+install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-client-linuxapp
+install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-client
+install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-server
+install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-owner-onboarding-server
+install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-rendezvous-server
+install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-serviceinfo-api-server
+install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-owner-tool
+install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-admin-tool
+install -D -m 0644 -t %{buildroot}%{_unitdir} examples/systemd/*
+install -D -m 0644 -t %{buildroot}%{_docdir}/fdo examples/config/*
+# db sql files
+install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_manufacturing_server_postgres  migrations/migrations_manufacturing_server_postgres/2023-10-03-152801_create_db/*
+install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_manufacturing_server_sqlite  migrations/migrations_manufacturing_server_sqlite/2023-10-03-152801_create_db/*
+install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_owner_onboarding_server_postgres  migrations/migrations_owner_onboarding_server_postgres/2023-10-03-152801_create_db/*
+install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_owner_onboarding_server_sqlite  migrations/migrations_owner_onboarding_server_sqlite/2023-10-03-152801_create_db/*
+install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_rendezvous_server_postgres  migrations/migrations_rendezvous_server_postgres/2023-10-03-152801_create_db/*
+install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_rendezvous_server_sqlite  migrations/migrations_rendezvous_server_sqlite/2023-10-03-152801_create_db/*
+# duplicates as needed by AIO command so link them
+ln -s %{_bindir}/fdo-owner-tool  %{buildroot}%{_libexecdir}/fdo/fdo-owner-tool
+ln -s %{_bindir}/fdo-admin-tool %{buildroot}%{_libexecdir}/fdo/fdo-admin-tool
+# Create directories needed by the various services so we own them
+mkdir -p %{buildroot}%{_sysconfdir}/fdo
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/keys
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/manufacturer_keys
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/manufacturing_sessions
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/owner_onboarding_sessions
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/owner_vouchers
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/rendezvous_registered
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/rendezvous_sessions
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/serviceinfo_api_devices
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/manufacturing-server.conf.d
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/owner-onboarding-server.conf.d
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/rendezvous-server.conf.d
+mkdir -p %{buildroot}%{_sysconfdir}/fdo/serviceinfo-api-server.conf.d
+mkdir -p %{buildroot}%{_localstatedir}/lib/fdo
+# Dracut manufacturing service
+install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/module-setup.sh
+install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-generator
+install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-service
+install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client.service
+
+%package -n fdo-init
+Summary: dracut module for device initialization
+License: %combined_license
+Requires: openssl-libs >= 3.0.1-12
+Requires: dracut
+%description -n fdo-init
+%{summary}
+
+%files -n fdo-init
+%license LICENSE LICENSE.dependencies
+%{dracutlibdir}/modules.d/52fdo/
+%{_libexecdir}/fdo/fdo-manufacturing-client
+
+%package -n fdo-owner-onboarding-server
+Summary: FDO Owner Onboarding Server implementation
+License: %combined_license
+Requires: openssl-libs >= 3.0.1-12
+%description -n fdo-owner-onboarding-server
+%{summary}
+
+%files -n fdo-owner-onboarding-server
+%license LICENSE LICENSE.dependencies
+%dir %{_sysconfdir}/fdo
+%dir %{_sysconfdir}/fdo/keys
+%dir %{_sysconfdir}/fdo/owner-onboarding-server.conf.d
+%dir %{_sysconfdir}/fdo/serviceinfo-api-server.conf.d
+%dir %{_sysconfdir}/fdo/stores
+%dir %{_sysconfdir}/fdo/stores/owner_onboarding_sessions
+%dir %{_sysconfdir}/fdo/stores/owner_vouchers
+%dir %{_sysconfdir}/fdo/stores/serviceinfo_api_devices
+%{_libexecdir}/fdo/fdo-owner-onboarding-server
+%{_libexecdir}/fdo/fdo-serviceinfo-api-server
+%dir %{_localstatedir}/lib/fdo
+%dir %{_docdir}/fdo
+%{_docdir}/fdo/device_specific_serviceinfo.yml
+%{_docdir}/fdo/serviceinfo-api-server.yml
+%{_docdir}/fdo/owner-onboarding-server.yml
+%{_docdir}/fdo/migrations/migrations_owner_onboarding_server_postgres/*
+%{_docdir}/fdo/migrations/migrations_owner_onboarding_server_sqlite/*
+%{_unitdir}/fdo-serviceinfo-api-server.service
+%{_unitdir}/fdo-owner-onboarding-server.service
+
+%post -n fdo-owner-onboarding-server
+%systemd_post fdo-owner-onboarding-server.service
+%systemd_post fdo-serviceinfo-api-server.service
+
+%preun -n fdo-owner-onboarding-server
+%systemd_preun fdo-owner-onboarding-server.service
+%systemd_post fdo-serviceinfo-api-server.service
+
+%postun -n fdo-owner-onboarding-server
+%systemd_postun_with_restart fdo-owner-onboarding-server.service
+%systemd_postun_with_restart fdo-serviceinfo-api-server.service
+
+%package -n fdo-rendezvous-server
+Summary: FDO Rendezvous Server implementation
+License: %combined_license
+%description -n fdo-rendezvous-server
+%{summary}
+
+%files -n fdo-rendezvous-server
+%license LICENSE LICENSE.dependencies
+%dir %{_sysconfdir}/fdo
+%dir %{_sysconfdir}/fdo/keys
+%dir %{_sysconfdir}/fdo/rendezvous-server.conf.d
+%dir %{_sysconfdir}/fdo/stores
+%dir %{_sysconfdir}/fdo/stores/rendezvous_registered
+%dir %{_sysconfdir}/fdo/stores/rendezvous_sessions
+%{_libexecdir}/fdo/fdo-rendezvous-server
+%dir %{_localstatedir}/lib/fdo
+%dir %{_docdir}/fdo
+%{_docdir}/fdo/rendezvous-*.yml
+%{_docdir}/fdo/migrations/migrations_rendezvous_server_postgres/*
+%{_docdir}/fdo/migrations/migrations_rendezvous_server_sqlite/*
+%{_unitdir}/fdo-rendezvous-server.service
+
+%post -n fdo-rendezvous-server
+%systemd_post fdo-rendezvous-server.service
+
+%preun -n fdo-rendezvous-server
+%systemd_preun fdo-rendezvous-server.service
+
+%postun -n fdo-rendezvous-server
+%systemd_postun_with_restart fdo-rendezvous-server.service
+
+%package -n fdo-manufacturing-server
+Summary: FDO Manufacturing Server implementation
+License: %combined_license
+Requires: openssl-libs >= 3.0.1-12
+%description -n fdo-manufacturing-server
+%{summary}
+
+%files -n fdo-manufacturing-server
+%license LICENSE LICENSE.dependencies
+%dir %{_sysconfdir}/fdo
+%dir %{_sysconfdir}/fdo/keys
+%dir %{_sysconfdir}/fdo/manufacturing-server.conf.d
+%dir %{_sysconfdir}/fdo/keys
+%dir %{_sysconfdir}/fdo/stores
+%dir %{_sysconfdir}/fdo/stores/manufacturer_keys
+%dir %{_sysconfdir}/fdo/stores/manufacturing_sessions
+%{_libexecdir}/fdo/fdo-manufacturing-server
+%dir %{_localstatedir}/lib/fdo
+%dir %{_docdir}/fdo
+%{_docdir}/fdo/manufacturing-server.yml
+%{_docdir}/fdo/migrations/migrations_manufacturing_server_postgres/*
+%{_docdir}/fdo/migrations/migrations_manufacturing_server_sqlite/*
+%{_unitdir}/fdo-manufacturing-server.service
+
+%post -n fdo-manufacturing-server
+%systemd_post fdo-manufacturing-server.service
+
+%preun -n fdo-manufacturing-server
+%systemd_preun fdo-manufacturing-server.service
+
+%postun -n fdo-manufacturing-server
+%systemd_postun_with_restart fdo-manufacturing-server.service
+
+%package -n fdo-client
+Summary: FDO Client implementation
+License: %combined_license
+Requires: openssl-libs >= 3.0.1-12
+Requires: clevis
+Requires: clevis-luks
+Requires: clevis-pin-tpm2
+Requires: cryptsetup
+%description -n fdo-client
+%{summary}
+
+%files -n fdo-client
+%license LICENSE LICENSE.dependencies
+%{_libexecdir}/fdo/fdo-client-linuxapp
+%{_unitdir}/fdo-client-linuxapp.service
+
+%post -n fdo-client
+%systemd_post fdo-client-linuxapp.service
+
+%preun -n fdo-client
+%systemd_preun fdo-client-linuxapp.service
+
+%postun -n fdo-client
+%systemd_postun_with_restart fdo-client-linuxapp.service
+
+%package -n fdo-owner-cli
+Summary: FDO Owner tools implementation
+License: %combined_license
+%description -n fdo-owner-cli
+%{summary}
+
+%files -n fdo-owner-cli
+%license LICENSE LICENSE.dependencies
+%{_bindir}/fdo-owner-tool
+%{_libexecdir}/fdo/fdo-owner-tool
+
+%package -n fdo-admin-cli
+Summary: FDO admin tools implementation
+License: %combined_license
+Requires: fdo-manufacturing-server = %{version}-%{release}
+Requires: fdo-rendezvous-server = %{version}-%{release}
+Requires: fdo-owner-onboarding-server = %{version}-%{release}
+Requires: fdo-owner-cli = %{version}-%{release}
+Requires: fdo-client = %{version}-%{release}
+Requires: fdo-init = %{version}-%{release}
+%description -n fdo-admin-cli
+%{summary}
+
+%files -n fdo-admin-cli
+%license LICENSE LICENSE.dependencies
+%dir %{_sysconfdir}/fdo
+%dir %{_sysconfdir}/fdo/keys
+%{_bindir}/fdo-admin-tool
+%{_libexecdir}/fdo/fdo-admin-tool
+%{_unitdir}/fdo-aio.service
+
+%post -n fdo-admin-cli
+%systemd_post fdo-aio.service
+
+%preun -n fdo-admin-cli
+%systemd_preun fdo-aio.service
+
+%postun -n fdo-admin-cli
+%systemd_postun_with_restart fdo-aio.service
+
+%changelog
+* Wed Feb 28 2024 Irene Diez <idiez@redhat.com> - 0.5.0-2
+- Update license
+
+* Thu Feb 22 2024 Irene Diez <idiez@redhat.com> - 0.5.0-1
+- New version 0.5.0, adds database support
+- Remove unused patches
+
+* Wed Aug 23 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.12-4
+- Ensure client service fix is applied
+
+* Tue Aug 22 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.12-3
+- Own var/lib/fdo, SELinux fixes
+
+* Thu Aug 17 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.12-2
+- Add client/init deps to fdo-admin-cli
+
+* Thu Jul 27 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.12-1
+- Update to 0.4.12
+
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.10-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Mon Jul 03 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.10-2
+- Updates for eln/c9s building
+
+* Fri Jun 23 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.10-1
+- Update to 0.4.10
+
+* Wed Jun 14 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.9-5
+- More spec updates
+
+* Wed Jun 14 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.9-4
+- Add patch for libcryptsetup-rs 0.8 API changes
+
+* Tue Jun 13 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.9-3
+- Updates for licenses
+
+* Tue May 30 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.9-2
+- Review feedback
+- Patch for libcryptsetup-rs 0.7
+
+* Thu May 11 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.9-1
+- Update to 0.4.9
+
+* Mon Feb 20 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.7-3
+- Fix services start
+
+* Wed Feb 15 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.7-2
+- Upstream fix for rhbz#2168089
+
+* Wed Nov 30 2022 Peter Robinson <pbrobinson@fedoraproject.org> - 0.4.7-1
+- Update to 0.4.7
+- Package updates and cleanup
+
+* Tue Mar 29 2022 Antonio Murdaca <runcom@linux.com> - 0.4.5-1
+- bump to 0.4.5
+
+* Mon Feb 28 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-2
+- fix runtime requirements to use openssl-libs and not -devel
+
+* Thu Feb 24 2022 Antonio Murdaca <runcom@linux.com> - 0.4.0-1
+- upgrade to 0.4.0
+
+* Tue Feb 01 2022 Antonio Murdaca <runcom@linux.com> - 0.3.0-1
+- bump to 0.3.0
+
+* Tue Jan 11 2022 Antonio Murdaca <runcom@linux.com> - 0.2.0-2
+- use patched vendor w/o win files and rename license
+
+* Mon Dec 13 2021 Antonio Murdaca <runcom@linux.com> - 0.2.0-1
+- import fido-device-onboard
diff --git a/sources b/sources
new file mode 100644
index 0000000..3b1ab7a
--- /dev/null
+++ b/sources
@@ -0,0 +1,2 @@
+ae1cfea52dcfd19136b1dded62d78d84  fido-device-onboard-rs-0.5.0-vendor-patched.tar.xz
+725d6ba360aaef010ac8829e10e4801e  fido-device-onboard-rs-0.5.0.tar.gz