From 4bfce3b2c4e4aafbf94b11e3801737192fe040d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Mon, 19 Feb 2024 15:36:58 +0100 Subject: [PATCH] Sync from SUSE:ALP:Source:Standard:1.0 fdo-client revision a197f67f03cf6ce5bcd2ba8eeda4ed24 --- .gitattributes | 23 +++ README | 7 + _service | 32 ++++ _servicedata | 16 ++ build.patch | 164 ++++++++++++++++++ fdo-client-1.1.4+git20221209.c8ef757.tar.xz | 3 + fdo-client-service | 29 ++++ fdo-client.changes | 80 +++++++++ fdo-client.spec | 146 ++++++++++++++++ fdoclient.service | 15 ++ gcc.patch | 37 ++++ ...stringlib-1.0.0+git20171208.5da1bad.tar.xz | 3 + tinycbor-1.0.0+git20191022.755f9ef.tar.xz | 3 + 13 files changed, 558 insertions(+) create mode 100644 .gitattributes create mode 100644 README create mode 100644 _service create mode 100644 _servicedata create mode 100644 build.patch create mode 100644 fdo-client-1.1.4+git20221209.c8ef757.tar.xz create mode 100644 fdo-client-service create mode 100644 fdo-client.changes create mode 100644 fdo-client.spec create mode 100644 fdoclient.service create mode 100644 gcc.patch create mode 100644 safestringlib-1.0.0+git20171208.5da1bad.tar.xz create mode 100644 tinycbor-1.0.0+git20191022.755f9ef.tar.xz diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..fecc750 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/README b/README new file mode 100644 index 0000000..420cdb2 --- /dev/null +++ b/README @@ -0,0 +1,7 @@ +For more information please have a look at the previous release: +https://github.com/schubi2/sdo-client +This client does only works with a fdo server. +The environment and examples are defined here: +https://github.com/secure-device-onboard/pri-fidoiot + +NOTE: Each FDO clients has to be adapted to customers individual requirements. diff --git a/_service b/_service new file mode 100644 index 0000000..1fe59ba --- /dev/null +++ b/_service @@ -0,0 +1,32 @@ + + + 1.0.0 + 1.0.0+git%cd.%h + git@github.com:intel/safestringlib.git + v1.0.0 + git + enable + + + 1.0.0 + 1.0.0+git%cd.%h + git@github.com:intel/tinycbor.git + git + v0.5.3 + enable + + + 1.1.4 + 1.1.4+git%cd.%h + git@github.com:secure-device-onboard/client-sdk-fidoiot.git + v1.1.4 + git + fdo-client + enable + + + xz + *.tar + + + diff --git a/_servicedata b/_servicedata new file mode 100644 index 0000000..392b4b6 --- /dev/null +++ b/_servicedata @@ -0,0 +1,16 @@ + + + git://github.com/intel/safestringlib.git + 5da1badd337e68c1334fb232c778166f46f6d9f9 + + + git@github.com:intel/tinycbor.git + 755f9ef932f9830a63a712fd2ac971d838b131f1 + + + git@github.com:secure-device-onboard/client-sdk-fidoiot.git + c8ef7576afa1b250ff9460b519238f32711ef175 + + + git@github.com:intel/safestringlib.git + 5da1badd337e68c1334fb232c778166f46f6d9f9 \ No newline at end of file diff --git a/build.patch b/build.patch new file mode 100644 index 0000000..75089b2 --- /dev/null +++ b/build.patch @@ -0,0 +1,164 @@ +--- org/cmake/blob_path.cmake 2022-12-09 09:44:34.000000000 +0100 ++++ patch/cmake/blob_path.cmake 2023-03-02 14:51:38.637622177 +0100 +@@ -7,17 +7,18 @@ + # Note all blobs and data will be made relative. + # if absoulte is needed declare BLOB_PATH on CLI + # or export BLOB_PATH= ++# RO_BLOB_PATH= is for data which does not need write access + + if(TARGET_OS MATCHES linux) + + client_sdk_compile_definitions( +- -DSERIAL_FILE=\"${BLOB_PATH}/data/manufacturer_sn.bin\" +- -DMODEL_FILE=\"${BLOB_PATH}/data/manufacturer_mod.bin\" ++ -DSERIAL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_sn.bin\" ++ -DMODEL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_mod.bin\" + -DPLATFORM_IV=\"${BLOB_PATH}/data/platform_iv.bin\" + -DPLATFORM_HMAC_KEY=\"${BLOB_PATH}/data/platform_hmac_key.bin\" + -DPLATFORM_AES_KEY=\"${BLOB_PATH}/data/platform_aes_key.bin\" +- -DMANUFACTURER_ADDR=\"${BLOB_PATH}/data/manufacturer_addr.bin\" +- -DMAX_SERVICEINFO_SZ_FILE=\"${BLOB_PATH}/data/max_serviceinfo_sz.bin\" ++ -DMANUFACTURER_ADDR=\"${RO_BLOB_PATH}/data/manufacturer_addr.bin\" ++ -DMAX_SERVICEINFO_SZ_FILE=\"${RO_BLOB_PATH}/data/max_serviceinfo_sz.bin\" + ) + if (${DA} MATCHES tpm) + client_sdk_compile_definitions( +@@ -53,24 +54,24 @@ + -DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\" + -DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\" + -DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\" +- -DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\" ++ -DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\" + ) + else() #Not unit tests + if (${DA} MATCHES ecdsa256) #ecdsa 256 selected + if (${DA_FILE} MATCHES pem) + client_sdk_compile_definitions( +- -DECDSA_PEM -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa256privkey.pem\") ++ -DECDSA_PEM -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa256privkey.pem\") + else() + client_sdk_compile_definitions( +- -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa256privkey.dat\") ++ -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa256privkey.dat\") + endif() + else() # ecdsa 384 selected + if (${DA_FILE} MATCHES pem) + client_sdk_compile_definitions( +- -DECDSA_PEM -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa384privkey.pem\") ++ -DECDSA_PEM -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa384privkey.pem\") + else() + client_sdk_compile_definitions( +- -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa384privkey.dat\") ++ -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa384privkey.dat\") + endif() + endif() + client_sdk_compile_definitions( +@@ -80,27 +81,27 @@ + -DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\" + -DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\" + -DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\" +- -DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\" ++ -DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\" + ) + endif() + if (NOT(${HTTPPROXY} STREQUAL "")) + client_sdk_compile_definitions( +- -DMFG_PROXY=\"${BLOB_PATH}/data/mfg_proxy.dat\" +- -DRV_PROXY=\"${BLOB_PATH}/data/rv_proxy.dat\" +- -DOWNER_PROXY=\"${BLOB_PATH}/data/owner_proxy.dat\" ++ -DMFG_PROXY=\"${RO_BLOB_PATH}/data/mfg_proxy.dat\" ++ -DRV_PROXY=\"${RO_BLOB_PATH}/data/rv_proxy.dat\" ++ -DOWNER_PROXY=\"${RO_BLOB_PATH}/data/owner_proxy.dat\" + ) + endif() + endif() + + if (${TARGET_OS} MATCHES mbedos) + client_sdk_compile_definitions( +- -DSERIAL_FILE=\"${BLOB_PATH}/data/manufacturer_sn.bin\" +- -DMODEL_FILE=\"${BLOB_PATH}/data/manufacturer_mod.bin\" ++ -DSERIAL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_sn.bin\" ++ -DMODEL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_mod.bin\" + -DPLATFORM_IV=\"${BLOB_PATH}/data/platform_iv.bin\" + -DPLATFORM_HMAC_KEY=\"${BLOB_PATH}/data/platform_hmac_key.bin\" + -DPLATFORM_AES_KEY=\"${BLOB_PATH}/data/platform_aes_key.bin\" +- -DMANUFACTURER_ADDR=\"${BLOB_PATH}/data/manufacturer_addr.bin\" +- -DMAX_SERVICEINFO_SZ_FILE=\"${BLOB_PATH}/data/max_serviceinfo_sz.bin\" ++ -DMANUFACTURER_ADDR=\"${RO_BLOB_PATH}/data/manufacturer_addr.bin\" ++ -DMAX_SERVICEINFO_SZ_FILE=\"${RO_BLOB_PATH}/data/max_serviceinfo_sz.bin\" + ) + if (${unit-test} MATCHES true) + client_sdk_compile_definitions( +@@ -110,7 +111,7 @@ + -DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\" + -DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\" + -DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\" +- -DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\" ++ -DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\" + ) + if (${DA_FILE} MATCHES pem) + client_sdk_compile_definitions( +@@ -164,9 +165,9 @@ + # Configure if needed at a later point + # configure_file(${BLOB_PATH}/data/Normal.blob NEWLINE_STYLE DOS) + +-file(WRITE ${BLOB_PATH}/data/platform_iv.bin "") +-file(WRITE ${BLOB_PATH}/data/platform_hmac_key.bin "") +-file(WRITE ${BLOB_PATH}/data/platform_aes_key.bin "") +-file(WRITE ${BLOB_PATH}/data/Normal.blob "") +-file(WRITE ${BLOB_PATH}/data/Secure.blob "") +-file(WRITE ${BLOB_PATH}/data/raw.blob "") ++file(WRITE ./data/platform_iv.bin "") ++file(WRITE ./data/platform_hmac_key.bin "") ++file(WRITE ./data/platform_aes_key.bin "") ++file(WRITE ./data/Normal.blob "") ++file(WRITE ./data/Secure.blob "") ++file(WRITE ./data/raw.blob "") +--- org/cmake/cli_input.cmake 2022-12-09 09:44:34.000000000 +0100 ++++ patch/cmake/cli_input.cmake 2023-03-02 14:56:02.036016802 +0100 +@@ -25,6 +25,7 @@ + set (STORAGE true) + set (BOARD NUCLEO_F767ZI) + set (BLOB_PATH .) ++set (RO_BLOB_PATH .) + set (TPM2_TCTI_TYPE tabrmd) + set (RESALE true) + set (REUSE true) +@@ -530,6 +531,37 @@ + message("Selected BLOB_PATH ${BLOB_PATH}") + + ########################################### ++# FOR RO_BLOB_PATH ++get_property(cached_ro_blob_path_value CACHE RO_BLOB_PATH PROPERTY VALUE) ++ ++set(ro_blob_path_cli_arg ${cached_ro_blob_path_value}) ++if(ro_blob_path_cli_arg STREQUAL CACHED_RO_BLOB_PATH) ++ unset(ro_blob_path_cli_arg) ++endif() ++ ++set(ro_blob_path_app_cmake_lists ${RO_BLOB_PATH}) ++if(cached_ro_blob_path_value STREQUAL RO_BLOB_PATH) ++ unset(ro_blob_path_app_cmake_lists) ++endif() ++ ++if(CACHED_RO_BLOB_PATH) ++ if ((ro_blob_path_cli_arg) AND (NOT(CACHED_RO_BLOB_PATH STREQUAL ro_blob_path_cli_arg))) ++ message(WARNING "Need to do make pristine before cmake args can change.") ++ endif() ++ set(RO_BLOB_PATH ${CACHED_RO_BLOB_PATH}) ++elseif(ro_blob_path_cli_arg) ++ set(RO_BLOB_PATH ${ro_blob_path_cli_arg}) ++elseif(DEFINED ENV{RO_BLOB_PATH}) ++ set(RO_BLOB_PATH $ENV{RO_BLOB_PATH}) ++elseif(ro_blob_path_app_cmake_lists) ++ set(RO_BLOB_PATH ${ro_blob_path_app_cmake_lists}) ++endif() ++ ++set(CACHED_RO_BLOB_PATH ${RO_BLOB_PATH} CACHE STRING "Selected RO_BLOB_PATH") ++message("Selected RO_BLOB_PATH ${RO_BLOB_PATH}") ++ ++ ++########################################### + # FOR WIFI_SSID + get_property(cached_wifi_ssid_value CACHE WIFI_SSID PROPERTY VALUE) + diff --git a/fdo-client-1.1.4+git20221209.c8ef757.tar.xz b/fdo-client-1.1.4+git20221209.c8ef757.tar.xz new file mode 100644 index 0000000..3bbaa09 --- /dev/null +++ b/fdo-client-1.1.4+git20221209.c8ef757.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eafa0b4426e5897b488617b1e25b2012479d64f9ffd90b94fcb177da8cfdf7f4 +size 266604 diff --git a/fdo-client-service b/fdo-client-service new file mode 100644 index 0000000..1c9f04a --- /dev/null +++ b/fdo-client-service @@ -0,0 +1,29 @@ +#!/bin/sh +check_file=/var/lib/fdo-client/initialized +data=/var/lib/fdo-client/data +log=/var/log/fdo-client.log + +cd ${data} + +if [ ! -f ${check_file} ]; then + # The first time the client will connect the manufacturer + # server in order to get information about rendevous service. + # After that the service will be stopped. The machine is now + # ready for delivery. Next time the machine will connect to + # the rendezvous service when it will be switched on. + /usr/bin/fdo-client >${log} + systemctl status fdoclient| grep 'Main PID' | awk '{print $3}' >${check_file} + /bin/systemctl stop fdoclient + exit 0 +fi + +while : +do + # The rendevous service returns the information about the + # prider platform service (only the first time). This service + # will be contacted periodically. + /usr/bin/fdo-client >>${log} + sleep 30; +done + + diff --git a/fdo-client.changes b/fdo-client.changes new file mode 100644 index 0000000..bd3281c --- /dev/null +++ b/fdo-client.changes @@ -0,0 +1,80 @@ +------------------------------------------------------------------- +Tue Feb 13 13:38:19 UTC 2024 - Otto Hollmann + +- Remove the hardcoded libopenssl-1_1-devel and replace it with + libopenssl-devel (bsc#1219879). + +------------------------------------------------------------------- +Fri Feb 2 08:23:13 UTC 2024 - Dominique Leuenberger + +- Fix build using RPM 4.19: builddir does contain the extracted + tartball, but can also contain special directories used by RPM, + resolving in globbing to behave differently. + +------------------------------------------------------------------- +Mon Nov 13 15:18:20 UTC 2023 - Stefan Schubert + +- Remove build key via utils/keys_gen.sh. (bsc#1216293) + +------------------------------------------------------------------- +Thu Mar 02 11:38:56 UTC 2023 - schubi@suse.com + +- Update to version 1.1.4+git20221209.c8ef757: + * Readme update (#210) + * Updating the readme with openssl 1.1.1s (#209) + * Fix TO when IP/RV is empty string (#208) + * * Replaced unsafe string function (#207) + * Increase max message buffer size to 64000 (#205) + * Update Curl version as 7.86 in Readme (#206) + * Readme updates (#204) + * Minimal logs by default (compile time) (#203) + * Revert openssl3 (#201) + * Update HTTPS connection to use TLS 1.2 (#196) + * Openssl 3 porting (#194) + * Add curl support for HTTP connection (#195) + * Update NOTICE file (#192) + * Add CURL support for HTTPS connection (#188) + * Readme update for installing safestringlib (#191) + * Updating the readme with openssl 1.1.1q (#187) + * switch to host.docker.internal (#185) + * Fix to enable compilation of CSDK in ubuntu 22 (#183) + * Fix TO when IP is NULL (#184) + * Update EAT-UEID value as per FIDO working draft specification (#180) + * Revert "Update EAT-UEID value as per FIDO working draft specification (#178)" (#179) + * Update EAT-UEID value as per FIDO working draft specification (#178) + * Updating comments in fdonet.c (#177) + * Upgrade OpenSSL toolkit version to 1.1.1n (#176) + * Documentation updates (#175) + * Add a note regarding fdosys issue (#174) + * Update Jenkinsfile to copy PRI artifacts from master (#173) + * Merging 1.1 dev branch to master. (#172) + * Fix multiple owner support for CSDK devices. (#167) + * Fix: fdo_sys:exec_cb/exec not working after initial fdo_sys:exec (#166) + * Add implementation for fdo_sys keep-alive (#165) + * Fix an issue with keeping in-memory Mfg PublicKey hash (#164) + * Update/Tweak Device Status and Cred management (#163) + * Updating EAT IANA numbers as per spec ERRATA (#160) + * Updating Device ServiceInfo framework to handle writes (#162) + * Add TPM support on RHEL (#161) + * Update README for RHEL support (#159) + * Remove disclaimer from README (#158) + +------------------------------------------------------------------- +Thu Mar 02 11:37:36 UTC 2023 - schubi@suse.com + +- Update to version 1.0.0+git20171208.5da1bad: + * Use secure functions where appropriate + * Added extern definition + * Fix Klocwork Errors + * Fix output + * Fix Core Dump in Unit Test + * Add Makefile + * publish unit tests + * strpcpu_s: remove unsed redundant variable overlap_bumper + * Update LICENSE©ING.txt + +------------------------------------------------------------------- +Fri Oct 15 17:39:31 UTC 2021 - Stefan Schubert + +- This is the successor of sdo-client + EPIC: SLE/SLE-22946 diff --git a/fdo-client.spec b/fdo-client.spec new file mode 100644 index 0000000..d684867 --- /dev/null +++ b/fdo-client.spec @@ -0,0 +1,146 @@ +# +# spec file for package fdo-client +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: fdo-client +Version: 1.1.4+git20221209.c8ef757 +Release: 0 +Summary: FIDO Device Onboard Client +License: Apache-2.0 +Group: System/Base +URL: https://github.com/intel/safestringlib/tree/v1.0.0 +Source0: fdo-client-%{version}.tar.xz +Source1: safestringlib-1.0.0+git20171208.5da1bad.tar.xz +Source2: tinycbor-1.0.0+git20191022.755f9ef.tar.xz +Source3: fdo-client-service +Source4: fdoclient.service +Source5: README +Patch0: build.patch +Patch1: gcc.patch +Requires: openssl +BuildRequires: cmake +BuildRequires: gcc-c++ +BuildRequires: libcurl-devel +BuildRequires: libopenssl-devel +BuildRequires: vim +%{?systemd_ordering} + +%description +FDO-Client is a portable implementation of the FIDO Device Onboard Spec. +This component is portable across multiple environments, +including to various microprocessors (MPUs) and microcontrollers (MCUs). + +%package devel +Summary: FIDO Device Onboard Client SDK +Group: Development/Libraries/C and C++ +Requires: libopenssl-devel + +%description devel +This is a production-ready implementation of the Device component defined +in FIDO Device Onboard Spec published by the FIDO Alliance. +Appropriate security measures should be taken for storing the device +credentials while porting this to different platforms. + +%prep +%setup -q +%setup -q -D -a 1 +%setup -q -D -a 2 +%patch -P 0 -p1 +%patch -P 1 -p1 + +%build +echo "%_builddir" +pushd . +cd safestringlib* +mkdir obj +make +popd +pushd tinycbor* +make +popd +export SAFESTRING_ROOT=%{_builddir}/%{name}-%{version}/safestringlib-1.0.0+git20171208.5da1bad +export TINYCBOR_ROOT=%{_builddir}/%{name}-%{version}/tinycbor-1.0.0+git20191022.755f9ef +export BLOB_PATH=%{_sharedstatedir}/%{name} +export RO_BLOB_PATH=%{_datadir}/%{name} +cmake . +make +#bash utils/keys_gen.sh . + +%install +mkdir -p %{buildroot}/%{_bindir} +mkdir -p %{buildroot}/%{_libdir} +mkdir -p %{buildroot}/%{_sbindir} +mkdir -p %{buildroot}/%{_docdir}/%{name} +mkdir -p %{buildroot}/%{_includedir} +mkdir -p %{buildroot}/%{_datadir}/%{name}/data +mkdir -p %{buildroot}/%{_sharedstatedir}/%{name}/data + +%{__install} -m 0755 build/linux-client %{buildroot}/%{_bindir}/%{name} +%{__install} -m 0755 %{SOURCE3} %{buildroot}/%{_bindir}/fdo-client-service +%{__install} -D -m 644 %{SOURCE4} %{buildroot}/%{_unitdir}/fdoclient.service +%{__install} -m 0644 %{SOURCE5} %{buildroot}/%{_docdir}/%{name}/README +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcfdoclient + +%{__install} -m 644 build/*.a %{buildroot}/%{_libdir} +%{__install} -m 644 include/*.h %{buildroot}/%{_includedir} + +#%{__install} data/ecdsa* %{buildroot}/%{_datadir}/%{name}/data +%{__install} data/manufacturer_addr.bin %{buildroot}/%{_datadir}/%{name}/data +%{__install} data/max_serviceinfo_sz.bin %{buildroot}/%{_datadir}/%{name}/data +%{__install} data/mfg_proxy.dat %{buildroot}/%{_datadir}/%{name}/data +%{__install} data/owner_proxy.dat %{buildroot}/%{_datadir}/%{name}/data +%{__install} data/raw.blob %{buildroot}/%{_datadir}/%{name}/data +%{__install} data/rv_proxy.dat %{buildroot}/%{_datadir}/%{name}/data + +%{__install} data/Normal.blob %{buildroot}/%{_sharedstatedir}/%{name}/data +%{__install} data/platform_aes_key.bin %{buildroot}/%{_sharedstatedir}/%{name}/data +%{__install} data/platform_hmac_key.bin %{buildroot}/%{_sharedstatedir}/%{name}/data +%{__install} data/platform_iv.bin %{buildroot}/%{_sharedstatedir}/%{name}/data +%{__install} data/Secure.blob %{buildroot}/%{_sharedstatedir}/%{name}/data + +%pre +%service_add_pre fdoclient.service + +%preun +%service_del_preun fdoclient.service + +%post +%service_add_post fdoclient.service + +%postun +%service_del_postun fdoclient.service + +%files +%license LICENSE +%doc README +%dir %{_datadir}/%{name} +%dir %{_datadir}/%{name}/data +%dir %{_sharedstatedir}/%{name} +%dir %{_sharedstatedir}/%{name}/data/ +%{_bindir}/%{name} +%{_bindir}/fdo-client-service +%{_datadir}/%{name}/data/* +%{_sharedstatedir}/%{name}/data/* +%{_unitdir}/fdoclient.service +%{_sbindir}/rcfdoclient + +%files devel +%license LICENSE +%{_includedir}/*.h +%{_libdir}/*.a + +%changelog diff --git a/fdoclient.service b/fdoclient.service new file mode 100644 index 0000000..429d67f --- /dev/null +++ b/fdoclient.service @@ -0,0 +1,15 @@ +[Unit] +Description=FDO client +After=remote-fs.target network-online.target +Wants=network-online.target + +[Service] +Type=simple +Environment=TERM=linux +ExecStart=/usr/bin/fdo-client-service +RemainAfterExit=no +TimeoutSec=0 + +[Install] +WantedBy=default.target + diff --git a/gcc.patch b/gcc.patch new file mode 100644 index 0000000..e525cfc --- /dev/null +++ b/gcc.patch @@ -0,0 +1,37 @@ +--- org/network/network_if_linux.c 2022-12-09 09:44:34.000000000 +0100 ++++ patch/network/network_if_linux.c 2023-03-02 16:05:07.625074915 +0100 +@@ -246,7 +246,7 @@ + goto err; + } + +- if (ip_addr->addr) { ++ if (ip_addr->length > 0) { + ip_ascii = fdo_alloc(IP_TAG_LEN); + if (!ip_ascii) { + goto err; +@@ -331,7 +331,7 @@ + } + } + +- if (ip_addr->addr) { ++ if (ip_addr->length > 0) { + ip_ascii = fdo_alloc(IP_TAG_LEN); + if (!ip_ascii) { + goto err; +--- org/lib/credentials_from_file.c 2022-12-09 09:44:34.000000000 +0100 ++++ patch/lib/credentials_from_file.c 2023-03-02 16:34:46.597314561 +0100 +@@ -231,7 +231,6 @@ + return true; + } + +- LOG(LOG_DEBUG, "Reading DeviceCredential blob of length %"PRIu64"\n", dev_cred_len); + + fdor = fdo_alloc(sizeof(fdor_t)); + if (!fdor || !fdor_init(fdor) || !fdo_block_alloc_with_size(&fdor->b, dev_cred_len)) { +@@ -531,4 +530,4 @@ + return true; + } + return false; +-} +\ Kein Zeilenumbruch am Dateiende. ++} diff --git a/safestringlib-1.0.0+git20171208.5da1bad.tar.xz b/safestringlib-1.0.0+git20171208.5da1bad.tar.xz new file mode 100644 index 0000000..c0be087 --- /dev/null +++ b/safestringlib-1.0.0+git20171208.5da1bad.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8ab93a68c870122b0353990b03a94aebfd285cb5810572973352f034d04d10a0 +size 51912 diff --git a/tinycbor-1.0.0+git20191022.755f9ef.tar.xz b/tinycbor-1.0.0+git20191022.755f9ef.tar.xz new file mode 100644 index 0000000..697cf5b --- /dev/null +++ b/tinycbor-1.0.0+git20191022.755f9ef.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:96a87fa1ccb5c4683fc847311c68e8b9fd4dc8366f8d4f4795a641e800ca34b1 +size 70016