Sync from SUSE:ALP:Source:Standard:1.0 fde-tools revision 64f77398c7b869e347ff2a504f98192a

fde-tools-bsc1220160-conditional-requires.patch

@@ -0,0 +1,26 @@
+From 7f5a36bb82728a6cce66b15e6bb656ce05cf5978 Mon Sep 17 00:00:00 2001
+From: Gary Lin <glin@suse.com>
+Date: Tue, 5 Mar 2024 14:51:57 +0800
+Subject: [PATCH] macros.fde-tpm-helper: conditionally requires the helper
+
+fde-tpm-helper is only used when fde-tools is installed. Update the rpm
+macro to make fde-tpm-helper an conditional "Requires".
+
+Signed-off-by: Gary Lin <glin@suse.com>
+---
+ rpm-build/macros.fde-tpm-helper | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rpm-build/macros.fde-tpm-helper b/rpm-build/macros.fde-tpm-helper
+index 1ec3a4e..3c89e2b 100644
+--- a/rpm-build/macros.fde-tpm-helper
++++ b/rpm-build/macros.fde-tpm-helper
+@@ -1,4 +1,4 @@
+-%fde_tpm_update_requires Requires(posttrans): fde-tpm-helper
++%fde_tpm_update_requires Requires(posttrans): (fde-tpm-helper if fde-tools)
+ 
+ %fde_tpm_update_post() \
+ mkdir -p %{_rundir}/fde-tpm-helper/ \
+-- 
+2.35.3
+

fde-tools-bsc1222970-firstboot-replace-ALP.patch

@@ -0,0 +1,29 @@
+From e3dbd0eed64938a79d82a6916dee3925297ac082 Mon Sep 17 00:00:00 2001
+From: Gary Lin <glin@suse.com>
+Date: Thu, 18 Apr 2024 10:10:15 +0800
+Subject: [PATCH] firstboot: replace ALP with a neutral name
+
+The script may be used in the system other than ALP. Replace "ALP" with
+"This system".
+
+Signed-off-by: Gary Lin <glin@suse.com>
+---
+ firstboot/fde | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/firstboot/fde b/firstboot/fde
+index 0f94829..a4e5c15 100755
+--- a/firstboot/fde
++++ b/firstboot/fde
+@@ -228,7 +228,7 @@ function fde_choose_protection {
+ 
+     FDE_PROTECTION=""
+ 
+-    message="ALP can be installed with an encrypted root and boot partition. Please choose the desired protection method(s) or press Cancel to install without encryption"
++    message="This system can be installed with an encrypted root and boot partition. Please choose the desired protection method(s) or press Cancel to install without encryption"
+     options+=(pass 'Pass phrase' on)
+ 
+     if ! tpm_present_and_working; then
+-- 
+2.35.3
+

fde-tools-bsc1223002-firstboot-disable-ccid.patch

@@ -0,0 +1,30 @@
+From 10672433c10ce391f126f426f86eb85fc4dffa73 Mon Sep 17 00:00:00 2001
+From: Gary Lin <glin@suse.com>
+Date: Thu, 18 Apr 2024 10:13:30 +0800
+Subject: [PATCH] firstboot: disable the ccid option
+
+Since ccid token is still not supported, disable the option until we
+really implement it.
+
+Signed-off-by: Gary Lin <glin@suse.com>
+---
+ firstboot/fde | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/firstboot/fde b/firstboot/fde
+index a4e5c15..4911b32 100755
+--- a/firstboot/fde
++++ b/firstboot/fde
+@@ -237,7 +237,8 @@ function fde_choose_protection {
+     	options+=(tpm 'Stored inside the TPM chip' on)
+     fi
+ 
+-    options+=(ccid 'Stored inside a CCID capable token' off)
++    # Disable the ccid option until we really implement it
++    # options+=(ccid 'Stored inside a CCID capable token' off)
+ 
+     while true; do
+         d --title "Full Disk Encryption" --checklist \
+-- 
+2.35.3
+

fde-tools-change-rpm-macro-dir.patch

@@ -0,0 +1,28 @@
+From 7dd8ab8920806384c01e3765ff2027222ac21d29 Mon Sep 17 00:00:00 2001
+From: Gary Lin <glin@suse.com>
+Date: Thu, 29 Feb 2024 15:05:35 +0800
+Subject: [PATCH] Allow RPM_MACRO_DIR to be defined during build time
+
+The system directory of rpm macro files could be either /etc/rpm
+or /usr/lib/rpm/macros.d/. This commit allows RPM_MACRO_DIR to be
+defined during build time, so that the packager can change the variable
+if necessary.
+
+Signed-off-by: Gary Lin <glin@suse.com>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: fde-tools-0.7.2/Makefile
+===================================================================
+--- fde-tools-0.7.2.orig/Makefile
++++ fde-tools-0.7.2/Makefile
+@@ -12,7 +12,7 @@ FDE_CONFIG_DIR	= ${SYSCONFDIR}/fde
+ FDE_SHARE_DIR	= $(DATADIR)/fde
+ FIRSTBOOTDIR	= $(DATADIR)/jeos-firstboot
+ FDE_HELPER_DIR	= $(LIBEXECDIR)/fde
+-RPM_MACRO_DIR	= /etc/rpm
+++RPM_MACRO_DIR	?= /etc/rpm
+ FIDO_LINK	= -lfido2 -lcrypto
+ CRPYT_LINK	= -lcryptsetup -ljson-c
+ TOOLS		= fde-token fdectl-grub-tpm2

fde-tools.changes

@@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Thu Apr 18 05:39:44 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com>
+
+- Add fde-tools-bsc1222970-firstboot-replace-ALP.patch to replace
+  "ALP" with "This system" (bsc#1222970)
+- Add fde-tools-bsc1223002-firstboot-disable-ccid.patch to disable
+  the non-functional ccid option (bsc#1223002)
+
+-------------------------------------------------------------------
+Wed Mar 13 08:54:37 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com>
+
+- Add json-c to BuildRequires to build on openSUSE Leap 15.5
+
+-------------------------------------------------------------------
+Tue Mar  5 05:54:49 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com>
+
+- Add fde-tools-change-rpm-macro-dir.patch and set the rpm macro
+  directory correctly
+- Make fde-firstboot, fde-tpm-helper, and fde-tpm-helper-rpm-macros
+  noarch
+- Add fde-tools-bsc1220160-conditional-requires.patch to make
+  fde-tpm-helper a conditional "Requires" (bsc#1220160)
+
 -------------------------------------------------------------------
 Mon Feb 19 06:34:27 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com>
 

fde-tools.spec

@@ -16,6 +16,10 @@
 #
 
 
+%if %{undefined _rpmmacrodir}
+  %define _rpmmacrodir %{_sysconfdir}/rpm
+%endif
+
 Name:           fde-tools
 Version:        0.7.2
 Release:        0
@@ -27,7 +31,12 @@ Source:         https://github.com/openSUSE/%{name}/releases/download/%{version}
 Source1:        fde-tools.service
 Patch0:         fde-tools-firstboot-alp-snapshot.patch
 Patch1:         fde-tools-bsc1213945-set-rsa-key-size.patch
+Patch2:         fde-tools-change-rpm-macro-dir.patch
+Patch3:         fde-tools-bsc1220160-conditional-requires.patch
+Patch4:         fde-tools-bsc1222970-firstboot-replace-ALP.patch
+Patch5:         fde-tools-bsc1223002-firstboot-disable-ccid.patch
 BuildRequires:  help2man
+BuildRequires:  pkgconfig(json-c)
 BuildRequires:  pkgconfig(libcryptsetup)
 BuildRequires:  pkgconfig(libfido2)
 Requires:       cryptsetup
@@ -45,6 +54,7 @@ Summary:        Full Disk Encryption for images
 Group:          System/Boot
 Requires:       fde-tools
 Requires:       jeos-firstboot
+BuildArch:      noarch
 
 %description -n fde-firstboot
 This package contains the scripts necessary to plug Full Disk Encryption
@@ -64,6 +74,7 @@ Bash shell completions for fde-tools
 %package -n fde-tpm-helper
 Summary:        TPM helper for fde-tools
 Group:          System/Boot
+BuildArch:      noarch
 
 %description -n fde-tpm-helper
 This package contains the TPM helper script for the bootloader packages
@@ -72,6 +83,7 @@ to update the signature in the sealed key.
 %package -n fde-tpm-helper-rpm-macros
 Summary:        RPM macros for fde-tools
 Group:          Development/Tools/Building
+BuildArch:      noarch
 
 %description -n fde-tpm-helper-rpm-macros
 This package contains the RPM macros for the bootloader packages to
@@ -87,7 +99,8 @@ update the signature in the sealed key.
 	LIBEXECDIR="%{_libexecdir}" \
 	SBINDIR="%{_sbindir}" \
 	DATADIR="%{_datadir}" \
-	SYSCONFDIR="%{_sysconfdir}"
+	SYSCONFDIR="%{_sysconfdir}" \
+	RPM_MACRO_DIR="%{_rpmmacrodir}"
 
 %install
 %make_install \
@@ -95,7 +108,8 @@ update the signature in the sealed key.
 	LIBEXECDIR="%{_libexecdir}" \
 	SBINDIR="%{_sbindir}" \
 	DATADIR="%{_datadir}" \
-	SYSCONFDIR="%{_sysconfdir}"
+	SYSCONFDIR="%{_sysconfdir}" \
+	RPM_MACRO_DIR="%{_rpmmacrodir}"
 
 mkdir -p %{buildroot}%{_fillupdir}
 mv %{buildroot}/etc/sysconfig/fde-tools %{buildroot}%{_fillupdir}/sysconfig.fde-tools
@@ -141,6 +155,6 @@ cp %{S:1} %{buildroot}%{_unitdir}/fde-tpm-enroll.service
 %{_libexecdir}/fde/fde-tpm-helper
 
 %files -n fde-tpm-helper-rpm-macros
-%config %{_sysconfdir}/rpm/macros.fde-tpm-helper
+%{_rpmmacrodir}/macros.fde-tpm-helper
 
 %changelog