diff --git a/fde-tools-bsc1220160-conditional-requires.patch b/fde-tools-bsc1220160-conditional-requires.patch new file mode 100644 index 0000000..5e42b39 --- /dev/null +++ b/fde-tools-bsc1220160-conditional-requires.patch @@ -0,0 +1,26 @@ +From 7f5a36bb82728a6cce66b15e6bb656ce05cf5978 Mon Sep 17 00:00:00 2001 +From: Gary Lin +Date: Tue, 5 Mar 2024 14:51:57 +0800 +Subject: [PATCH] macros.fde-tpm-helper: conditionally requires the helper + +fde-tpm-helper is only used when fde-tools is installed. Update the rpm +macro to make fde-tpm-helper an conditional "Requires". + +Signed-off-by: Gary Lin +--- + rpm-build/macros.fde-tpm-helper | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rpm-build/macros.fde-tpm-helper b/rpm-build/macros.fde-tpm-helper +index 1ec3a4e..3c89e2b 100644 +--- a/rpm-build/macros.fde-tpm-helper ++++ b/rpm-build/macros.fde-tpm-helper +@@ -1,4 +1,4 @@ +-%fde_tpm_update_requires Requires(posttrans): fde-tpm-helper ++%fde_tpm_update_requires Requires(posttrans): (fde-tpm-helper if fde-tools) + + %fde_tpm_update_post() \ + mkdir -p %{_rundir}/fde-tpm-helper/ \ +-- +2.35.3 + diff --git a/fde-tools-bsc1222970-firstboot-replace-ALP.patch b/fde-tools-bsc1222970-firstboot-replace-ALP.patch new file mode 100644 index 0000000..8ed0bca --- /dev/null +++ b/fde-tools-bsc1222970-firstboot-replace-ALP.patch @@ -0,0 +1,29 @@ +From e3dbd0eed64938a79d82a6916dee3925297ac082 Mon Sep 17 00:00:00 2001 +From: Gary Lin +Date: Thu, 18 Apr 2024 10:10:15 +0800 +Subject: [PATCH] firstboot: replace ALP with a neutral name + +The script may be used in the system other than ALP. Replace "ALP" with +"This system". + +Signed-off-by: Gary Lin +--- + firstboot/fde | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/firstboot/fde b/firstboot/fde +index 0f94829..a4e5c15 100755 +--- a/firstboot/fde ++++ b/firstboot/fde +@@ -228,7 +228,7 @@ function fde_choose_protection { + + FDE_PROTECTION="" + +- message="ALP can be installed with an encrypted root and boot partition. Please choose the desired protection method(s) or press Cancel to install without encryption" ++ message="This system can be installed with an encrypted root and boot partition. Please choose the desired protection method(s) or press Cancel to install without encryption" + options+=(pass 'Pass phrase' on) + + if ! tpm_present_and_working; then +-- +2.35.3 + diff --git a/fde-tools-bsc1223002-firstboot-disable-ccid.patch b/fde-tools-bsc1223002-firstboot-disable-ccid.patch new file mode 100644 index 0000000..4c18d05 --- /dev/null +++ b/fde-tools-bsc1223002-firstboot-disable-ccid.patch @@ -0,0 +1,30 @@ +From 10672433c10ce391f126f426f86eb85fc4dffa73 Mon Sep 17 00:00:00 2001 +From: Gary Lin +Date: Thu, 18 Apr 2024 10:13:30 +0800 +Subject: [PATCH] firstboot: disable the ccid option + +Since ccid token is still not supported, disable the option until we +really implement it. + +Signed-off-by: Gary Lin +--- + firstboot/fde | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/firstboot/fde b/firstboot/fde +index a4e5c15..4911b32 100755 +--- a/firstboot/fde ++++ b/firstboot/fde +@@ -237,7 +237,8 @@ function fde_choose_protection { + options+=(tpm 'Stored inside the TPM chip' on) + fi + +- options+=(ccid 'Stored inside a CCID capable token' off) ++ # Disable the ccid option until we really implement it ++ # options+=(ccid 'Stored inside a CCID capable token' off) + + while true; do + d --title "Full Disk Encryption" --checklist \ +-- +2.35.3 + diff --git a/fde-tools-change-rpm-macro-dir.patch b/fde-tools-change-rpm-macro-dir.patch new file mode 100644 index 0000000..faee70a --- /dev/null +++ b/fde-tools-change-rpm-macro-dir.patch @@ -0,0 +1,28 @@ +From 7dd8ab8920806384c01e3765ff2027222ac21d29 Mon Sep 17 00:00:00 2001 +From: Gary Lin +Date: Thu, 29 Feb 2024 15:05:35 +0800 +Subject: [PATCH] Allow RPM_MACRO_DIR to be defined during build time + +The system directory of rpm macro files could be either /etc/rpm +or /usr/lib/rpm/macros.d/. This commit allows RPM_MACRO_DIR to be +defined during build time, so that the packager can change the variable +if necessary. + +Signed-off-by: Gary Lin +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: fde-tools-0.7.2/Makefile +=================================================================== +--- fde-tools-0.7.2.orig/Makefile ++++ fde-tools-0.7.2/Makefile +@@ -12,7 +12,7 @@ FDE_CONFIG_DIR = ${SYSCONFDIR}/fde + FDE_SHARE_DIR = $(DATADIR)/fde + FIRSTBOOTDIR = $(DATADIR)/jeos-firstboot + FDE_HELPER_DIR = $(LIBEXECDIR)/fde +-RPM_MACRO_DIR = /etc/rpm +++RPM_MACRO_DIR ?= /etc/rpm + FIDO_LINK = -lfido2 -lcrypto + CRPYT_LINK = -lcryptsetup -ljson-c + TOOLS = fde-token fdectl-grub-tpm2 diff --git a/fde-tools.changes b/fde-tools.changes index 1f9b0f3..e4d9aaa 100644 --- a/fde-tools.changes +++ b/fde-tools.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Thu Apr 18 05:39:44 UTC 2024 - Gary Ching-Pang Lin + +- Add fde-tools-bsc1222970-firstboot-replace-ALP.patch to replace + "ALP" with "This system" (bsc#1222970) +- Add fde-tools-bsc1223002-firstboot-disable-ccid.patch to disable + the non-functional ccid option (bsc#1223002) + +------------------------------------------------------------------- +Wed Mar 13 08:54:37 UTC 2024 - Gary Ching-Pang Lin + +- Add json-c to BuildRequires to build on openSUSE Leap 15.5 + +------------------------------------------------------------------- +Tue Mar 5 05:54:49 UTC 2024 - Gary Ching-Pang Lin + +- Add fde-tools-change-rpm-macro-dir.patch and set the rpm macro + directory correctly +- Make fde-firstboot, fde-tpm-helper, and fde-tpm-helper-rpm-macros + noarch +- Add fde-tools-bsc1220160-conditional-requires.patch to make + fde-tpm-helper a conditional "Requires" (bsc#1220160) + ------------------------------------------------------------------- Mon Feb 19 06:34:27 UTC 2024 - Gary Ching-Pang Lin diff --git a/fde-tools.spec b/fde-tools.spec index 2155ab8..6727450 100644 --- a/fde-tools.spec +++ b/fde-tools.spec @@ -16,6 +16,10 @@ # +%if %{undefined _rpmmacrodir} + %define _rpmmacrodir %{_sysconfdir}/rpm +%endif + Name: fde-tools Version: 0.7.2 Release: 0 @@ -27,7 +31,12 @@ Source: https://github.com/openSUSE/%{name}/releases/download/%{version} Source1: fde-tools.service Patch0: fde-tools-firstboot-alp-snapshot.patch Patch1: fde-tools-bsc1213945-set-rsa-key-size.patch +Patch2: fde-tools-change-rpm-macro-dir.patch +Patch3: fde-tools-bsc1220160-conditional-requires.patch +Patch4: fde-tools-bsc1222970-firstboot-replace-ALP.patch +Patch5: fde-tools-bsc1223002-firstboot-disable-ccid.patch BuildRequires: help2man +BuildRequires: pkgconfig(json-c) BuildRequires: pkgconfig(libcryptsetup) BuildRequires: pkgconfig(libfido2) Requires: cryptsetup @@ -45,6 +54,7 @@ Summary: Full Disk Encryption for images Group: System/Boot Requires: fde-tools Requires: jeos-firstboot +BuildArch: noarch %description -n fde-firstboot This package contains the scripts necessary to plug Full Disk Encryption @@ -64,6 +74,7 @@ Bash shell completions for fde-tools %package -n fde-tpm-helper Summary: TPM helper for fde-tools Group: System/Boot +BuildArch: noarch %description -n fde-tpm-helper This package contains the TPM helper script for the bootloader packages @@ -72,6 +83,7 @@ to update the signature in the sealed key. %package -n fde-tpm-helper-rpm-macros Summary: RPM macros for fde-tools Group: Development/Tools/Building +BuildArch: noarch %description -n fde-tpm-helper-rpm-macros This package contains the RPM macros for the bootloader packages to @@ -87,7 +99,8 @@ update the signature in the sealed key. LIBEXECDIR="%{_libexecdir}" \ SBINDIR="%{_sbindir}" \ DATADIR="%{_datadir}" \ - SYSCONFDIR="%{_sysconfdir}" + SYSCONFDIR="%{_sysconfdir}" \ + RPM_MACRO_DIR="%{_rpmmacrodir}" %install %make_install \ @@ -95,7 +108,8 @@ update the signature in the sealed key. LIBEXECDIR="%{_libexecdir}" \ SBINDIR="%{_sbindir}" \ DATADIR="%{_datadir}" \ - SYSCONFDIR="%{_sysconfdir}" + SYSCONFDIR="%{_sysconfdir}" \ + RPM_MACRO_DIR="%{_rpmmacrodir}" mkdir -p %{buildroot}%{_fillupdir} mv %{buildroot}/etc/sysconfig/fde-tools %{buildroot}%{_fillupdir}/sysconfig.fde-tools @@ -141,6 +155,6 @@ cp %{S:1} %{buildroot}%{_unitdir}/fde-tpm-enroll.service %{_libexecdir}/fde/fde-tpm-helper %files -n fde-tpm-helper-rpm-macros -%config %{_sysconfdir}/rpm/macros.fde-tpm-helper +%{_rpmmacrodir}/macros.fde-tpm-helper %changelog