Sync from SUSE:ALP:Source:Standard:1.0 fdo-client revision a197f67f03cf6ce5bcd2ba8eeda4ed24
This commit is contained in:
commit
4bfce3b2c4
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
7
README
Normal file
7
README
Normal file
@ -0,0 +1,7 @@
|
||||
For more information please have a look at the previous release:
|
||||
https://github.com/schubi2/sdo-client
|
||||
This client does only works with a fdo server.
|
||||
The environment and examples are defined here:
|
||||
https://github.com/secure-device-onboard/pri-fidoiot
|
||||
|
||||
NOTE: Each FDO clients has to be adapted to customers individual requirements.
|
32
_service
Normal file
32
_service
Normal file
@ -0,0 +1,32 @@
|
||||
<services>
|
||||
<service name="tar_scm" mode="disabled">
|
||||
<param name="version">1.0.0</param>
|
||||
<param name="versionformat">1.0.0+git%cd.%h</param>
|
||||
<param name="url">git@github.com:intel/safestringlib.git</param>
|
||||
<param name="revision">v1.0.0</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="changesgenerate">enable</param>
|
||||
</service>
|
||||
<service name="tar_scm" mode="disabled">
|
||||
<param name="version">1.0.0</param>
|
||||
<param name="versionformat">1.0.0+git%cd.%h</param>
|
||||
<param name="url">git@github.com:intel/tinycbor.git</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="revision">v0.5.3</param>
|
||||
<param name="changesgenerate">enable</param>
|
||||
</service>
|
||||
<service name="tar_scm" mode="disabled">
|
||||
<param name="version">1.1.4</param>
|
||||
<param name="versionformat">1.1.4+git%cd.%h</param>
|
||||
<param name="url">git@github.com:secure-device-onboard/client-sdk-fidoiot.git</param>
|
||||
<param name="revision">v1.1.4</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="filename">fdo-client</param>
|
||||
<param name="changesgenerate">enable</param>
|
||||
</service>
|
||||
<service name="recompress" mode="disabled">
|
||||
<param name="compression">xz</param>
|
||||
<param name="file">*.tar</param>
|
||||
</service>
|
||||
<service name="set_version" mode="disabled"/>
|
||||
</services>
|
16
_servicedata
Normal file
16
_servicedata
Normal file
@ -0,0 +1,16 @@
|
||||
<servicedata>
|
||||
<service name="tar_scm">
|
||||
<param name="url">git://github.com/intel/safestringlib.git</param>
|
||||
<param name="changesrevision">5da1badd337e68c1334fb232c778166f46f6d9f9</param>
|
||||
</service>
|
||||
<service name="tar_scm">
|
||||
<param name="url">git@github.com:intel/tinycbor.git</param>
|
||||
<param name="changesrevision">755f9ef932f9830a63a712fd2ac971d838b131f1</param>
|
||||
</service>
|
||||
<service name="tar_scm">
|
||||
<param name="url">git@github.com:secure-device-onboard/client-sdk-fidoiot.git</param>
|
||||
<param name="changesrevision">c8ef7576afa1b250ff9460b519238f32711ef175</param>
|
||||
</service>
|
||||
<service name="tar_scm">
|
||||
<param name="url">git@github.com:intel/safestringlib.git</param>
|
||||
<param name="changesrevision">5da1badd337e68c1334fb232c778166f46f6d9f9</param></service></servicedata>
|
164
build.patch
Normal file
164
build.patch
Normal file
@ -0,0 +1,164 @@
|
||||
--- org/cmake/blob_path.cmake 2022-12-09 09:44:34.000000000 +0100
|
||||
+++ patch/cmake/blob_path.cmake 2023-03-02 14:51:38.637622177 +0100
|
||||
@@ -7,17 +7,18 @@
|
||||
# Note all blobs and data will be made relative.
|
||||
# if absoulte is needed declare BLOB_PATH on CLI
|
||||
# or export BLOB_PATH=<path>
|
||||
+# RO_BLOB_PATH=<path> is for data which does not need write access
|
||||
|
||||
if(TARGET_OS MATCHES linux)
|
||||
|
||||
client_sdk_compile_definitions(
|
||||
- -DSERIAL_FILE=\"${BLOB_PATH}/data/manufacturer_sn.bin\"
|
||||
- -DMODEL_FILE=\"${BLOB_PATH}/data/manufacturer_mod.bin\"
|
||||
+ -DSERIAL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_sn.bin\"
|
||||
+ -DMODEL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_mod.bin\"
|
||||
-DPLATFORM_IV=\"${BLOB_PATH}/data/platform_iv.bin\"
|
||||
-DPLATFORM_HMAC_KEY=\"${BLOB_PATH}/data/platform_hmac_key.bin\"
|
||||
-DPLATFORM_AES_KEY=\"${BLOB_PATH}/data/platform_aes_key.bin\"
|
||||
- -DMANUFACTURER_ADDR=\"${BLOB_PATH}/data/manufacturer_addr.bin\"
|
||||
- -DMAX_SERVICEINFO_SZ_FILE=\"${BLOB_PATH}/data/max_serviceinfo_sz.bin\"
|
||||
+ -DMANUFACTURER_ADDR=\"${RO_BLOB_PATH}/data/manufacturer_addr.bin\"
|
||||
+ -DMAX_SERVICEINFO_SZ_FILE=\"${RO_BLOB_PATH}/data/max_serviceinfo_sz.bin\"
|
||||
)
|
||||
if (${DA} MATCHES tpm)
|
||||
client_sdk_compile_definitions(
|
||||
@@ -53,24 +54,24 @@
|
||||
-DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\"
|
||||
-DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\"
|
||||
-DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\"
|
||||
- -DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\"
|
||||
+ -DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\"
|
||||
)
|
||||
else() #Not unit tests
|
||||
if (${DA} MATCHES ecdsa256) #ecdsa 256 selected
|
||||
if (${DA_FILE} MATCHES pem)
|
||||
client_sdk_compile_definitions(
|
||||
- -DECDSA_PEM -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa256privkey.pem\")
|
||||
+ -DECDSA_PEM -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa256privkey.pem\")
|
||||
else()
|
||||
client_sdk_compile_definitions(
|
||||
- -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa256privkey.dat\")
|
||||
+ -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa256privkey.dat\")
|
||||
endif()
|
||||
else() # ecdsa 384 selected
|
||||
if (${DA_FILE} MATCHES pem)
|
||||
client_sdk_compile_definitions(
|
||||
- -DECDSA_PEM -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa384privkey.pem\")
|
||||
+ -DECDSA_PEM -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa384privkey.pem\")
|
||||
else()
|
||||
client_sdk_compile_definitions(
|
||||
- -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa384privkey.dat\")
|
||||
+ -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa384privkey.dat\")
|
||||
endif()
|
||||
endif()
|
||||
client_sdk_compile_definitions(
|
||||
@@ -80,27 +81,27 @@
|
||||
-DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\"
|
||||
-DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\"
|
||||
-DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\"
|
||||
- -DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\"
|
||||
+ -DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\"
|
||||
)
|
||||
endif()
|
||||
if (NOT(${HTTPPROXY} STREQUAL ""))
|
||||
client_sdk_compile_definitions(
|
||||
- -DMFG_PROXY=\"${BLOB_PATH}/data/mfg_proxy.dat\"
|
||||
- -DRV_PROXY=\"${BLOB_PATH}/data/rv_proxy.dat\"
|
||||
- -DOWNER_PROXY=\"${BLOB_PATH}/data/owner_proxy.dat\"
|
||||
+ -DMFG_PROXY=\"${RO_BLOB_PATH}/data/mfg_proxy.dat\"
|
||||
+ -DRV_PROXY=\"${RO_BLOB_PATH}/data/rv_proxy.dat\"
|
||||
+ -DOWNER_PROXY=\"${RO_BLOB_PATH}/data/owner_proxy.dat\"
|
||||
)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
if (${TARGET_OS} MATCHES mbedos)
|
||||
client_sdk_compile_definitions(
|
||||
- -DSERIAL_FILE=\"${BLOB_PATH}/data/manufacturer_sn.bin\"
|
||||
- -DMODEL_FILE=\"${BLOB_PATH}/data/manufacturer_mod.bin\"
|
||||
+ -DSERIAL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_sn.bin\"
|
||||
+ -DMODEL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_mod.bin\"
|
||||
-DPLATFORM_IV=\"${BLOB_PATH}/data/platform_iv.bin\"
|
||||
-DPLATFORM_HMAC_KEY=\"${BLOB_PATH}/data/platform_hmac_key.bin\"
|
||||
-DPLATFORM_AES_KEY=\"${BLOB_PATH}/data/platform_aes_key.bin\"
|
||||
- -DMANUFACTURER_ADDR=\"${BLOB_PATH}/data/manufacturer_addr.bin\"
|
||||
- -DMAX_SERVICEINFO_SZ_FILE=\"${BLOB_PATH}/data/max_serviceinfo_sz.bin\"
|
||||
+ -DMANUFACTURER_ADDR=\"${RO_BLOB_PATH}/data/manufacturer_addr.bin\"
|
||||
+ -DMAX_SERVICEINFO_SZ_FILE=\"${RO_BLOB_PATH}/data/max_serviceinfo_sz.bin\"
|
||||
)
|
||||
if (${unit-test} MATCHES true)
|
||||
client_sdk_compile_definitions(
|
||||
@@ -110,7 +111,7 @@
|
||||
-DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\"
|
||||
-DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\"
|
||||
-DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\"
|
||||
- -DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\"
|
||||
+ -DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\"
|
||||
)
|
||||
if (${DA_FILE} MATCHES pem)
|
||||
client_sdk_compile_definitions(
|
||||
@@ -164,9 +165,9 @@
|
||||
# Configure if needed at a later point
|
||||
# configure_file(${BLOB_PATH}/data/Normal.blob NEWLINE_STYLE DOS)
|
||||
|
||||
-file(WRITE ${BLOB_PATH}/data/platform_iv.bin "")
|
||||
-file(WRITE ${BLOB_PATH}/data/platform_hmac_key.bin "")
|
||||
-file(WRITE ${BLOB_PATH}/data/platform_aes_key.bin "")
|
||||
-file(WRITE ${BLOB_PATH}/data/Normal.blob "")
|
||||
-file(WRITE ${BLOB_PATH}/data/Secure.blob "")
|
||||
-file(WRITE ${BLOB_PATH}/data/raw.blob "")
|
||||
+file(WRITE ./data/platform_iv.bin "")
|
||||
+file(WRITE ./data/platform_hmac_key.bin "")
|
||||
+file(WRITE ./data/platform_aes_key.bin "")
|
||||
+file(WRITE ./data/Normal.blob "")
|
||||
+file(WRITE ./data/Secure.blob "")
|
||||
+file(WRITE ./data/raw.blob "")
|
||||
--- org/cmake/cli_input.cmake 2022-12-09 09:44:34.000000000 +0100
|
||||
+++ patch/cmake/cli_input.cmake 2023-03-02 14:56:02.036016802 +0100
|
||||
@@ -25,6 +25,7 @@
|
||||
set (STORAGE true)
|
||||
set (BOARD NUCLEO_F767ZI)
|
||||
set (BLOB_PATH .)
|
||||
+set (RO_BLOB_PATH .)
|
||||
set (TPM2_TCTI_TYPE tabrmd)
|
||||
set (RESALE true)
|
||||
set (REUSE true)
|
||||
@@ -530,6 +531,37 @@
|
||||
message("Selected BLOB_PATH ${BLOB_PATH}")
|
||||
|
||||
###########################################
|
||||
+# FOR RO_BLOB_PATH
|
||||
+get_property(cached_ro_blob_path_value CACHE RO_BLOB_PATH PROPERTY VALUE)
|
||||
+
|
||||
+set(ro_blob_path_cli_arg ${cached_ro_blob_path_value})
|
||||
+if(ro_blob_path_cli_arg STREQUAL CACHED_RO_BLOB_PATH)
|
||||
+ unset(ro_blob_path_cli_arg)
|
||||
+endif()
|
||||
+
|
||||
+set(ro_blob_path_app_cmake_lists ${RO_BLOB_PATH})
|
||||
+if(cached_ro_blob_path_value STREQUAL RO_BLOB_PATH)
|
||||
+ unset(ro_blob_path_app_cmake_lists)
|
||||
+endif()
|
||||
+
|
||||
+if(CACHED_RO_BLOB_PATH)
|
||||
+ if ((ro_blob_path_cli_arg) AND (NOT(CACHED_RO_BLOB_PATH STREQUAL ro_blob_path_cli_arg)))
|
||||
+ message(WARNING "Need to do make pristine before cmake args can change.")
|
||||
+ endif()
|
||||
+ set(RO_BLOB_PATH ${CACHED_RO_BLOB_PATH})
|
||||
+elseif(ro_blob_path_cli_arg)
|
||||
+ set(RO_BLOB_PATH ${ro_blob_path_cli_arg})
|
||||
+elseif(DEFINED ENV{RO_BLOB_PATH})
|
||||
+ set(RO_BLOB_PATH $ENV{RO_BLOB_PATH})
|
||||
+elseif(ro_blob_path_app_cmake_lists)
|
||||
+ set(RO_BLOB_PATH ${ro_blob_path_app_cmake_lists})
|
||||
+endif()
|
||||
+
|
||||
+set(CACHED_RO_BLOB_PATH ${RO_BLOB_PATH} CACHE STRING "Selected RO_BLOB_PATH")
|
||||
+message("Selected RO_BLOB_PATH ${RO_BLOB_PATH}")
|
||||
+
|
||||
+
|
||||
+###########################################
|
||||
# FOR WIFI_SSID
|
||||
get_property(cached_wifi_ssid_value CACHE WIFI_SSID PROPERTY VALUE)
|
||||
|
BIN
fdo-client-1.1.4+git20221209.c8ef757.tar.xz
(Stored with Git LFS)
Normal file
BIN
fdo-client-1.1.4+git20221209.c8ef757.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
29
fdo-client-service
Normal file
29
fdo-client-service
Normal file
@ -0,0 +1,29 @@
|
||||
#!/bin/sh
|
||||
check_file=/var/lib/fdo-client/initialized
|
||||
data=/var/lib/fdo-client/data
|
||||
log=/var/log/fdo-client.log
|
||||
|
||||
cd ${data}
|
||||
|
||||
if [ ! -f ${check_file} ]; then
|
||||
# The first time the client will connect the manufacturer
|
||||
# server in order to get information about rendevous service.
|
||||
# After that the service will be stopped. The machine is now
|
||||
# ready for delivery. Next time the machine will connect to
|
||||
# the rendezvous service when it will be switched on.
|
||||
/usr/bin/fdo-client >${log}
|
||||
systemctl status fdoclient| grep 'Main PID' | awk '{print $3}' >${check_file}
|
||||
/bin/systemctl stop fdoclient
|
||||
exit 0
|
||||
fi
|
||||
|
||||
while :
|
||||
do
|
||||
# The rendevous service returns the information about the
|
||||
# prider platform service (only the first time). This service
|
||||
# will be contacted periodically.
|
||||
/usr/bin/fdo-client >>${log}
|
||||
sleep 30;
|
||||
done
|
||||
|
||||
|
80
fdo-client.changes
Normal file
80
fdo-client.changes
Normal file
@ -0,0 +1,80 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 13 13:38:19 UTC 2024 - Otto Hollmann <otto.hollmann@suse.com>
|
||||
|
||||
- Remove the hardcoded libopenssl-1_1-devel and replace it with
|
||||
libopenssl-devel (bsc#1219879).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 2 08:23:13 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||
|
||||
- Fix build using RPM 4.19: builddir does contain the extracted
|
||||
tartball, but can also contain special directories used by RPM,
|
||||
resolving in globbing to behave differently.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Nov 13 15:18:20 UTC 2023 - Stefan Schubert <schubi@suse.com>
|
||||
|
||||
- Remove build key via utils/keys_gen.sh. (bsc#1216293)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 02 11:38:56 UTC 2023 - schubi@suse.com
|
||||
|
||||
- Update to version 1.1.4+git20221209.c8ef757:
|
||||
* Readme update (#210)
|
||||
* Updating the readme with openssl 1.1.1s (#209)
|
||||
* Fix TO when IP/RV is empty string (#208)
|
||||
* * Replaced unsafe string function (#207)
|
||||
* Increase max message buffer size to 64000 (#205)
|
||||
* Update Curl version as 7.86 in Readme (#206)
|
||||
* Readme updates (#204)
|
||||
* Minimal logs by default (compile time) (#203)
|
||||
* Revert openssl3 (#201)
|
||||
* Update HTTPS connection to use TLS 1.2 (#196)
|
||||
* Openssl 3 porting (#194)
|
||||
* Add curl support for HTTP connection (#195)
|
||||
* Update NOTICE file (#192)
|
||||
* Add CURL support for HTTPS connection (#188)
|
||||
* Readme update for installing safestringlib (#191)
|
||||
* Updating the readme with openssl 1.1.1q (#187)
|
||||
* switch to host.docker.internal (#185)
|
||||
* Fix to enable compilation of CSDK in ubuntu 22 (#183)
|
||||
* Fix TO when IP is NULL (#184)
|
||||
* Update EAT-UEID value as per FIDO working draft specification (#180)
|
||||
* Revert "Update EAT-UEID value as per FIDO working draft specification (#178)" (#179)
|
||||
* Update EAT-UEID value as per FIDO working draft specification (#178)
|
||||
* Updating comments in fdonet.c (#177)
|
||||
* Upgrade OpenSSL toolkit version to 1.1.1n (#176)
|
||||
* Documentation updates (#175)
|
||||
* Add a note regarding fdosys issue (#174)
|
||||
* Update Jenkinsfile to copy PRI artifacts from master (#173)
|
||||
* Merging 1.1 dev branch to master. (#172)
|
||||
* Fix multiple owner support for CSDK devices. (#167)
|
||||
* Fix: fdo_sys:exec_cb/exec not working after initial fdo_sys:exec (#166)
|
||||
* Add implementation for fdo_sys keep-alive (#165)
|
||||
* Fix an issue with keeping in-memory Mfg PublicKey hash (#164)
|
||||
* Update/Tweak Device Status and Cred management (#163)
|
||||
* Updating EAT IANA numbers as per spec ERRATA (#160)
|
||||
* Updating Device ServiceInfo framework to handle writes (#162)
|
||||
* Add TPM support on RHEL (#161)
|
||||
* Update README for RHEL support (#159)
|
||||
* Remove disclaimer from README (#158)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 02 11:37:36 UTC 2023 - schubi@suse.com
|
||||
|
||||
- Update to version 1.0.0+git20171208.5da1bad:
|
||||
* Use secure functions where appropriate
|
||||
* Added extern definition
|
||||
* Fix Klocwork Errors
|
||||
* Fix output
|
||||
* Fix Core Dump in Unit Test
|
||||
* Add Makefile
|
||||
* publish unit tests
|
||||
* strpcpu_s: remove unsed redundant variable overlap_bumper
|
||||
* Update LICENSE©ING.txt
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 15 17:39:31 UTC 2021 - Stefan Schubert <schubi@suse.de>
|
||||
|
||||
- This is the successor of sdo-client
|
||||
EPIC: SLE/SLE-22946
|
146
fdo-client.spec
Normal file
146
fdo-client.spec
Normal file
@ -0,0 +1,146 @@
|
||||
#
|
||||
# spec file for package fdo-client
|
||||
#
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
Name: fdo-client
|
||||
Version: 1.1.4+git20221209.c8ef757
|
||||
Release: 0
|
||||
Summary: FIDO Device Onboard Client
|
||||
License: Apache-2.0
|
||||
Group: System/Base
|
||||
URL: https://github.com/intel/safestringlib/tree/v1.0.0
|
||||
Source0: fdo-client-%{version}.tar.xz
|
||||
Source1: safestringlib-1.0.0+git20171208.5da1bad.tar.xz
|
||||
Source2: tinycbor-1.0.0+git20191022.755f9ef.tar.xz
|
||||
Source3: fdo-client-service
|
||||
Source4: fdoclient.service
|
||||
Source5: README
|
||||
Patch0: build.patch
|
||||
Patch1: gcc.patch
|
||||
Requires: openssl
|
||||
BuildRequires: cmake
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: libcurl-devel
|
||||
BuildRequires: libopenssl-devel
|
||||
BuildRequires: vim
|
||||
%{?systemd_ordering}
|
||||
|
||||
%description
|
||||
FDO-Client is a portable implementation of the FIDO Device Onboard Spec.
|
||||
This component is portable across multiple environments,
|
||||
including to various microprocessors (MPUs) and microcontrollers (MCUs).
|
||||
|
||||
%package devel
|
||||
Summary: FIDO Device Onboard Client SDK
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: libopenssl-devel
|
||||
|
||||
%description devel
|
||||
This is a production-ready implementation of the Device component defined
|
||||
in FIDO Device Onboard Spec published by the FIDO Alliance.
|
||||
Appropriate security measures should be taken for storing the device
|
||||
credentials while porting this to different platforms.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%setup -q -D -a 1
|
||||
%setup -q -D -a 2
|
||||
%patch -P 0 -p1
|
||||
%patch -P 1 -p1
|
||||
|
||||
%build
|
||||
echo "%_builddir"
|
||||
pushd .
|
||||
cd safestringlib*
|
||||
mkdir obj
|
||||
make
|
||||
popd
|
||||
pushd tinycbor*
|
||||
make
|
||||
popd
|
||||
export SAFESTRING_ROOT=%{_builddir}/%{name}-%{version}/safestringlib-1.0.0+git20171208.5da1bad
|
||||
export TINYCBOR_ROOT=%{_builddir}/%{name}-%{version}/tinycbor-1.0.0+git20191022.755f9ef
|
||||
export BLOB_PATH=%{_sharedstatedir}/%{name}
|
||||
export RO_BLOB_PATH=%{_datadir}/%{name}
|
||||
cmake .
|
||||
make
|
||||
#bash utils/keys_gen.sh .
|
||||
|
||||
%install
|
||||
mkdir -p %{buildroot}/%{_bindir}
|
||||
mkdir -p %{buildroot}/%{_libdir}
|
||||
mkdir -p %{buildroot}/%{_sbindir}
|
||||
mkdir -p %{buildroot}/%{_docdir}/%{name}
|
||||
mkdir -p %{buildroot}/%{_includedir}
|
||||
mkdir -p %{buildroot}/%{_datadir}/%{name}/data
|
||||
mkdir -p %{buildroot}/%{_sharedstatedir}/%{name}/data
|
||||
|
||||
%{__install} -m 0755 build/linux-client %{buildroot}/%{_bindir}/%{name}
|
||||
%{__install} -m 0755 %{SOURCE3} %{buildroot}/%{_bindir}/fdo-client-service
|
||||
%{__install} -D -m 644 %{SOURCE4} %{buildroot}/%{_unitdir}/fdoclient.service
|
||||
%{__install} -m 0644 %{SOURCE5} %{buildroot}/%{_docdir}/%{name}/README
|
||||
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcfdoclient
|
||||
|
||||
%{__install} -m 644 build/*.a %{buildroot}/%{_libdir}
|
||||
%{__install} -m 644 include/*.h %{buildroot}/%{_includedir}
|
||||
|
||||
#%{__install} data/ecdsa* %{buildroot}/%{_datadir}/%{name}/data
|
||||
%{__install} data/manufacturer_addr.bin %{buildroot}/%{_datadir}/%{name}/data
|
||||
%{__install} data/max_serviceinfo_sz.bin %{buildroot}/%{_datadir}/%{name}/data
|
||||
%{__install} data/mfg_proxy.dat %{buildroot}/%{_datadir}/%{name}/data
|
||||
%{__install} data/owner_proxy.dat %{buildroot}/%{_datadir}/%{name}/data
|
||||
%{__install} data/raw.blob %{buildroot}/%{_datadir}/%{name}/data
|
||||
%{__install} data/rv_proxy.dat %{buildroot}/%{_datadir}/%{name}/data
|
||||
|
||||
%{__install} data/Normal.blob %{buildroot}/%{_sharedstatedir}/%{name}/data
|
||||
%{__install} data/platform_aes_key.bin %{buildroot}/%{_sharedstatedir}/%{name}/data
|
||||
%{__install} data/platform_hmac_key.bin %{buildroot}/%{_sharedstatedir}/%{name}/data
|
||||
%{__install} data/platform_iv.bin %{buildroot}/%{_sharedstatedir}/%{name}/data
|
||||
%{__install} data/Secure.blob %{buildroot}/%{_sharedstatedir}/%{name}/data
|
||||
|
||||
%pre
|
||||
%service_add_pre fdoclient.service
|
||||
|
||||
%preun
|
||||
%service_del_preun fdoclient.service
|
||||
|
||||
%post
|
||||
%service_add_post fdoclient.service
|
||||
|
||||
%postun
|
||||
%service_del_postun fdoclient.service
|
||||
|
||||
%files
|
||||
%license LICENSE
|
||||
%doc README
|
||||
%dir %{_datadir}/%{name}
|
||||
%dir %{_datadir}/%{name}/data
|
||||
%dir %{_sharedstatedir}/%{name}
|
||||
%dir %{_sharedstatedir}/%{name}/data/
|
||||
%{_bindir}/%{name}
|
||||
%{_bindir}/fdo-client-service
|
||||
%{_datadir}/%{name}/data/*
|
||||
%{_sharedstatedir}/%{name}/data/*
|
||||
%{_unitdir}/fdoclient.service
|
||||
%{_sbindir}/rcfdoclient
|
||||
|
||||
%files devel
|
||||
%license LICENSE
|
||||
%{_includedir}/*.h
|
||||
%{_libdir}/*.a
|
||||
|
||||
%changelog
|
15
fdoclient.service
Normal file
15
fdoclient.service
Normal file
@ -0,0 +1,15 @@
|
||||
[Unit]
|
||||
Description=FDO client
|
||||
After=remote-fs.target network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment=TERM=linux
|
||||
ExecStart=/usr/bin/fdo-client-service
|
||||
RemainAfterExit=no
|
||||
TimeoutSec=0
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
|
37
gcc.patch
Normal file
37
gcc.patch
Normal file
@ -0,0 +1,37 @@
|
||||
--- org/network/network_if_linux.c 2022-12-09 09:44:34.000000000 +0100
|
||||
+++ patch/network/network_if_linux.c 2023-03-02 16:05:07.625074915 +0100
|
||||
@@ -246,7 +246,7 @@
|
||||
goto err;
|
||||
}
|
||||
|
||||
- if (ip_addr->addr) {
|
||||
+ if (ip_addr->length > 0) {
|
||||
ip_ascii = fdo_alloc(IP_TAG_LEN);
|
||||
if (!ip_ascii) {
|
||||
goto err;
|
||||
@@ -331,7 +331,7 @@
|
||||
}
|
||||
}
|
||||
|
||||
- if (ip_addr->addr) {
|
||||
+ if (ip_addr->length > 0) {
|
||||
ip_ascii = fdo_alloc(IP_TAG_LEN);
|
||||
if (!ip_ascii) {
|
||||
goto err;
|
||||
--- org/lib/credentials_from_file.c 2022-12-09 09:44:34.000000000 +0100
|
||||
+++ patch/lib/credentials_from_file.c 2023-03-02 16:34:46.597314561 +0100
|
||||
@@ -231,7 +231,6 @@
|
||||
return true;
|
||||
}
|
||||
|
||||
- LOG(LOG_DEBUG, "Reading DeviceCredential blob of length %"PRIu64"\n", dev_cred_len);
|
||||
|
||||
fdor = fdo_alloc(sizeof(fdor_t));
|
||||
if (!fdor || !fdor_init(fdor) || !fdo_block_alloc_with_size(&fdor->b, dev_cred_len)) {
|
||||
@@ -531,4 +530,4 @@
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
-}
|
||||
\ Kein Zeilenumbruch am Dateiende.
|
||||
+}
|
BIN
safestringlib-1.0.0+git20171208.5da1bad.tar.xz
(Stored with Git LFS)
Normal file
BIN
safestringlib-1.0.0+git20171208.5da1bad.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
tinycbor-1.0.0+git20191022.755f9ef.tar.xz
(Stored with Git LFS)
Normal file
BIN
tinycbor-1.0.0+git20191022.755f9ef.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user