Sync from SUSE:SLFO:Main fdo-client revision a197f67f03cf6ce5bcd2ba8eeda4ed24

2024-05-03 12:25:50 +02:00 · 2024-05-03 12:25:50 +02:00 · e19b00b699
commit e19b00b699
13 changed files with 558 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/7
+++ b/7
@ -0,0 +1,7 @@
+For more information please have a look at the previous release:
+https://github.com/schubi2/sdo-client
+This client does only works with a fdo server.
+The environment and examples are defined here:
+https://github.com/secure-device-onboard/pri-fidoiot
+
+NOTE: Each FDO clients has to be adapted to customers individual requirements.
--- a/32
+++ b/32
@ -0,0 +1,32 @@
+<services>
+  <service name="tar_scm" mode="disabled">
+    <param name="version">1.0.0</param>
+    <param name="versionformat">1.0.0+git%cd.%h</param>
+    <param name="url">git@github.com:intel/safestringlib.git</param>
+    <param name="revision">v1.0.0</param>
+    <param name="scm">git</param>
+    <param name="changesgenerate">enable</param>
+  </service>
+  <service name="tar_scm" mode="disabled">
+    <param name="version">1.0.0</param>
+    <param name="versionformat">1.0.0+git%cd.%h</param>
+    <param name="url">git@github.com:intel/tinycbor.git</param>
+    <param name="scm">git</param>
+    <param name="revision">v0.5.3</param>
+    <param name="changesgenerate">enable</param>
+  </service>  
+  <service name="tar_scm" mode="disabled">
+    <param name="version">1.1.4</param>
+    <param name="versionformat">1.1.4+git%cd.%h</param>
+    <param name="url">git@github.com:secure-device-onboard/client-sdk-fidoiot.git</param>
+    <param name="revision">v1.1.4</param>
+    <param name="scm">git</param>
+    <param name="filename">fdo-client</param>
+    <param name="changesgenerate">enable</param>
+  </service>  
+  <service name="recompress" mode="disabled">
+    <param name="compression">xz</param>
+    <param name="file">*.tar</param>
+  </service>
+  <service name="set_version" mode="disabled"/>
+</services>
--- a/16
+++ b/16
@ -0,0 +1,16 @@
+<servicedata>
+  <service name="tar_scm">
+    <param name="url">git://github.com/intel/safestringlib.git</param>
+    <param name="changesrevision">5da1badd337e68c1334fb232c778166f46f6d9f9</param>
+ </service>
+  <service name="tar_scm">
+    <param name="url">git@github.com:intel/tinycbor.git</param>
+    <param name="changesrevision">755f9ef932f9830a63a712fd2ac971d838b131f1</param>
+ </service> 
+  <service name="tar_scm">
+    <param name="url">git@github.com:secure-device-onboard/client-sdk-fidoiot.git</param>
+    <param name="changesrevision">c8ef7576afa1b250ff9460b519238f32711ef175</param>
+ </service> 
+<service name="tar_scm">
+                <param name="url">git@github.com:intel/safestringlib.git</param>
+              <param name="changesrevision">5da1badd337e68c1334fb232c778166f46f6d9f9</param></service></servicedata>
--- a/build.patch
+++ b/build.patch
@ -0,0 +1,164 @@
+--- org/cmake/blob_path.cmake	2022-12-09 09:44:34.000000000 +0100
+++ patch/cmake/blob_path.cmake	2023-03-02 14:51:38.637622177 +0100
+@@ -7,17 +7,18 @@
+ # Note all blobs and data will be made relative.
+ # if absoulte is needed declare BLOB_PATH on CLI
+ # or export BLOB_PATH=<path>
+# RO_BLOB_PATH=<path> is for data which does not need write access
+ 
+ if(TARGET_OS MATCHES linux)
+ 
+   client_sdk_compile_definitions(
+-    -DSERIAL_FILE=\"${BLOB_PATH}/data/manufacturer_sn.bin\"
+-    -DMODEL_FILE=\"${BLOB_PATH}/data/manufacturer_mod.bin\"
+    -DSERIAL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_sn.bin\"
+    -DMODEL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_mod.bin\"    
+     -DPLATFORM_IV=\"${BLOB_PATH}/data/platform_iv.bin\"
+     -DPLATFORM_HMAC_KEY=\"${BLOB_PATH}/data/platform_hmac_key.bin\"
+     -DPLATFORM_AES_KEY=\"${BLOB_PATH}/data/platform_aes_key.bin\"
+-    -DMANUFACTURER_ADDR=\"${BLOB_PATH}/data/manufacturer_addr.bin\"
+-    -DMAX_SERVICEINFO_SZ_FILE=\"${BLOB_PATH}/data/max_serviceinfo_sz.bin\"
+    -DMANUFACTURER_ADDR=\"${RO_BLOB_PATH}/data/manufacturer_addr.bin\"
+    -DMAX_SERVICEINFO_SZ_FILE=\"${RO_BLOB_PATH}/data/max_serviceinfo_sz.bin\"
+     )
+   if (${DA} MATCHES tpm)
+     client_sdk_compile_definitions(
+@@ -53,24 +54,24 @@
+         -DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\"
+         -DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\"
+         -DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\"
+-        -DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\"
+        -DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\"
+         )
+     else() 				#Not unit tests
+       if (${DA} MATCHES ecdsa256)	#ecdsa 256 selected
+ 	if (${DA_FILE} MATCHES pem)
+ 	  client_sdk_compile_definitions(
+-	    -DECDSA_PEM -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa256privkey.pem\")
+	    -DECDSA_PEM -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa256privkey.pem\")
+ 	else()
+ 	  client_sdk_compile_definitions(
+-	    -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa256privkey.dat\")
+	    -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa256privkey.dat\")
+ 	endif()
+       else() 				# ecdsa 384 selected
+ 	if (${DA_FILE} MATCHES pem)
+ 	  client_sdk_compile_definitions(
+-	    -DECDSA_PEM -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa384privkey.pem\")
+	    -DECDSA_PEM -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa384privkey.pem\")
+ 	else()
+ 	  client_sdk_compile_definitions(
+-	    -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa384privkey.dat\")
+	    -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa384privkey.dat\")
+ 	endif()
+       endif()
+       client_sdk_compile_definitions(
+@@ -80,27 +81,27 @@
+ 	-DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\"
+ 	-DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\"
+ 	-DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\"
+-	-DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\"
+	-DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\"
+ 	)
+     endif()
+     if (NOT(${HTTPPROXY} STREQUAL ""))
+       client_sdk_compile_definitions(
+-	-DMFG_PROXY=\"${BLOB_PATH}/data/mfg_proxy.dat\"
+-	-DRV_PROXY=\"${BLOB_PATH}/data/rv_proxy.dat\"
+-	-DOWNER_PROXY=\"${BLOB_PATH}/data/owner_proxy.dat\"
+	-DMFG_PROXY=\"${RO_BLOB_PATH}/data/mfg_proxy.dat\"
+	-DRV_PROXY=\"${RO_BLOB_PATH}/data/rv_proxy.dat\"
+	-DOWNER_PROXY=\"${RO_BLOB_PATH}/data/owner_proxy.dat\"
+ 	)
+     endif()
+   endif()
+ 
+   if (${TARGET_OS} MATCHES mbedos)
+     client_sdk_compile_definitions(
+-      -DSERIAL_FILE=\"${BLOB_PATH}/data/manufacturer_sn.bin\"
+-      -DMODEL_FILE=\"${BLOB_PATH}/data/manufacturer_mod.bin\"
+      -DSERIAL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_sn.bin\"
+      -DMODEL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_mod.bin\"
+       -DPLATFORM_IV=\"${BLOB_PATH}/data/platform_iv.bin\"
+       -DPLATFORM_HMAC_KEY=\"${BLOB_PATH}/data/platform_hmac_key.bin\"
+       -DPLATFORM_AES_KEY=\"${BLOB_PATH}/data/platform_aes_key.bin\"
+-      -DMANUFACTURER_ADDR=\"${BLOB_PATH}/data/manufacturer_addr.bin\"
+-      -DMAX_SERVICEINFO_SZ_FILE=\"${BLOB_PATH}/data/max_serviceinfo_sz.bin\"
+      -DMANUFACTURER_ADDR=\"${RO_BLOB_PATH}/data/manufacturer_addr.bin\"
+      -DMAX_SERVICEINFO_SZ_FILE=\"${RO_BLOB_PATH}/data/max_serviceinfo_sz.bin\"
+       )
+     if (${unit-test} MATCHES true)
+       client_sdk_compile_definitions(
+@@ -110,7 +111,7 @@
+ 	-DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\"
+ 	-DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\"
+ 	-DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\"
+-	-DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\"
+	-DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\"
+ 	)
+       if (${DA_FILE} MATCHES pem)
+ 	client_sdk_compile_definitions(
+@@ -164,9 +165,9 @@
+ # Configure if needed at a later point
+ # configure_file(${BLOB_PATH}/data/Normal.blob NEWLINE_STYLE DOS)
+ 
+-file(WRITE ${BLOB_PATH}/data/platform_iv.bin "")
+-file(WRITE ${BLOB_PATH}/data/platform_hmac_key.bin "")
+-file(WRITE ${BLOB_PATH}/data/platform_aes_key.bin "")
+-file(WRITE ${BLOB_PATH}/data/Normal.blob "")
+-file(WRITE ${BLOB_PATH}/data/Secure.blob "")
+-file(WRITE ${BLOB_PATH}/data/raw.blob "")
+file(WRITE ./data/platform_iv.bin "")
+file(WRITE ./data/platform_hmac_key.bin "")
+file(WRITE ./data/platform_aes_key.bin "")
+file(WRITE ./data/Normal.blob "")
+file(WRITE ./data/Secure.blob "")
+file(WRITE ./data/raw.blob "")
+--- org/cmake/cli_input.cmake	2022-12-09 09:44:34.000000000 +0100
+++ patch/cmake/cli_input.cmake	2023-03-02 14:56:02.036016802 +0100
+@@ -25,6 +25,7 @@
+ set (STORAGE true)
+ set (BOARD NUCLEO_F767ZI)
+ set (BLOB_PATH .)
+set (RO_BLOB_PATH .)
+ set (TPM2_TCTI_TYPE tabrmd)
+ set (RESALE true)
+ set (REUSE true)
+@@ -530,6 +531,37 @@
+ message("Selected BLOB_PATH ${BLOB_PATH}")
+ 
+ ###########################################
+# FOR RO_BLOB_PATH
+get_property(cached_ro_blob_path_value CACHE RO_BLOB_PATH PROPERTY VALUE)
+
+set(ro_blob_path_cli_arg ${cached_ro_blob_path_value})
+if(ro_blob_path_cli_arg STREQUAL CACHED_RO_BLOB_PATH)
+  unset(ro_blob_path_cli_arg)
+endif()
+
+set(ro_blob_path_app_cmake_lists ${RO_BLOB_PATH})
+if(cached_ro_blob_path_value STREQUAL RO_BLOB_PATH)
+  unset(ro_blob_path_app_cmake_lists)
+endif()
+
+if(CACHED_RO_BLOB_PATH)
+  if ((ro_blob_path_cli_arg) AND (NOT(CACHED_RO_BLOB_PATH STREQUAL ro_blob_path_cli_arg)))
+    message(WARNING "Need to do make pristine before cmake args can change.")
+  endif()
+  set(RO_BLOB_PATH ${CACHED_RO_BLOB_PATH})
+elseif(ro_blob_path_cli_arg)
+  set(RO_BLOB_PATH ${ro_blob_path_cli_arg})
+elseif(DEFINED ENV{RO_BLOB_PATH})
+  set(RO_BLOB_PATH $ENV{RO_BLOB_PATH})
+elseif(ro_blob_path_app_cmake_lists)
+  set(RO_BLOB_PATH ${ro_blob_path_app_cmake_lists})
+endif()
+
+set(CACHED_RO_BLOB_PATH ${RO_BLOB_PATH} CACHE STRING "Selected RO_BLOB_PATH")
+message("Selected RO_BLOB_PATH ${RO_BLOB_PATH}")
+
+
+###########################################
+ # FOR WIFI_SSID
+ get_property(cached_wifi_ssid_value CACHE WIFI_SSID PROPERTY VALUE)
+ 
--- a/fdo-client-1.1.4+git20221209.c8ef757.tar.xz
+++ b/fdo-client-1.1.4+git20221209.c8ef757.tar.xz
--- a/29
+++ b/29
@ -0,0 +1,29 @@
+#!/bin/sh
+check_file=/var/lib/fdo-client/initialized
+data=/var/lib/fdo-client/data
+log=/var/log/fdo-client.log
+
+cd ${data}
+
+if [ ! -f ${check_file} ]; then
+    # The first time the client will connect the manufacturer
+    # server in order to get information about rendevous service.
+    # After that the service will be stopped. The machine is now
+    # ready for delivery. Next time the machine will connect to
+    # the rendezvous service when it will be switched on.
+    /usr/bin/fdo-client >${log}
+    systemctl status fdoclient| grep 'Main PID' | awk '{print $3}' >${check_file}
+    /bin/systemctl stop fdoclient
+    exit 0
+fi
+
+while :
+do
+    # The rendevous service returns the information about the
+    # prider platform service (only the first time). This service
+    # will be contacted periodically.
+    /usr/bin/fdo-client >>${log}
+    sleep 30;
+done
+
+
--- a/fdo-client.changes
+++ b/fdo-client.changes
@ -0,0 +1,80 @@
+-------------------------------------------------------------------
+Tue Feb 13 13:38:19 UTC 2024 - Otto Hollmann <otto.hollmann@suse.com>
+
+- Remove the hardcoded libopenssl-1_1-devel and replace it with
+  libopenssl-devel (bsc#1219879).
+
+-------------------------------------------------------------------
+Fri Feb  2 08:23:13 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Fix build using RPM 4.19: builddir does contain the extracted
+  tartball, but can also contain special directories used by RPM,
+  resolving in globbing to behave differently.
+
+-------------------------------------------------------------------
+Mon Nov 13 15:18:20 UTC 2023 - Stefan Schubert <schubi@suse.com>
+
+- Remove build key via utils/keys_gen.sh. (bsc#1216293)
+
+-------------------------------------------------------------------
+Thu Mar 02 11:38:56 UTC 2023 - schubi@suse.com
+
+- Update to version 1.1.4+git20221209.c8ef757:
+  * Readme update (#210)
+  * Updating the readme with openssl 1.1.1s (#209)
+  * Fix TO when IP/RV is empty string (#208)
+  * * Replaced unsafe string function (#207)
+  * Increase max message buffer size to 64000 (#205)
+  * Update Curl version as 7.86 in Readme (#206)
+  * Readme updates (#204)
+  * Minimal logs by default (compile time) (#203)
+  * Revert openssl3 (#201)
+  * Update HTTPS connection to use TLS 1.2 (#196)
+  * Openssl 3 porting (#194)
+  * Add curl support for HTTP connection (#195)
+  * Update NOTICE file (#192)
+  * Add CURL support for HTTPS connection (#188)
+  * Readme update for installing safestringlib (#191)
+  * Updating the readme with openssl 1.1.1q (#187)
+  * switch to host.docker.internal (#185)
+  * Fix to enable compilation of CSDK in ubuntu 22 (#183)
+  * Fix TO when IP is NULL (#184)
+  * Update EAT-UEID value as per FIDO working draft specification (#180)
+  * Revert "Update EAT-UEID value as per FIDO working draft specification (#178)" (#179)
+  * Update EAT-UEID value as per FIDO working draft specification (#178)
+  * Updating comments in fdonet.c (#177)
+  * Upgrade OpenSSL toolkit version to 1.1.1n (#176)
+  * Documentation updates (#175)
+  * Add a note regarding fdosys issue (#174)
+  * Update Jenkinsfile to copy PRI artifacts from master (#173)
+  * Merging 1.1 dev branch to master. (#172)
+  * Fix multiple owner support for CSDK devices. (#167)
+  * Fix: fdo_sys:exec_cb/exec not working after initial fdo_sys:exec (#166)
+  * Add implementation for fdo_sys keep-alive (#165)
+  * Fix an issue with keeping in-memory Mfg PublicKey hash (#164)
+  * Update/Tweak Device Status and Cred management (#163)
+  * Updating EAT IANA numbers as per spec ERRATA (#160)
+  * Updating Device ServiceInfo framework to handle writes (#162)
+  * Add TPM support on RHEL (#161)
+  * Update README for RHEL support (#159)
+  * Remove disclaimer from README (#158)
+
+-------------------------------------------------------------------
+Thu Mar 02 11:37:36 UTC 2023 - schubi@suse.com
+
+- Update to version 1.0.0+git20171208.5da1bad:
+  * Use secure functions where appropriate
+  * Added extern definition
+  * Fix Klocwork Errors
+  * Fix output
+  * Fix Core Dump in Unit Test
+  * Add Makefile
+  * publish unit tests
+  * strpcpu_s: remove unsed redundant variable overlap_bumper
+  * Update LICENSE&COPYING.txt
+
+-------------------------------------------------------------------
+Fri Oct 15 17:39:31 UTC 2021 - Stefan Schubert <schubi@suse.de>
+
+- This is the successor of sdo-client
+  EPIC: SLE/SLE-22946
--- a/fdo-client.spec
+++ b/fdo-client.spec
@ -0,0 +1,146 @@
+#
+# spec file for package fdo-client
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           fdo-client
+Version:        1.1.4+git20221209.c8ef757
+Release:        0
+Summary:        FIDO Device Onboard Client
+License:        Apache-2.0
+Group:          System/Base
+URL:            https://github.com/intel/safestringlib/tree/v1.0.0
+Source0:        fdo-client-%{version}.tar.xz
+Source1:        safestringlib-1.0.0+git20171208.5da1bad.tar.xz
+Source2:        tinycbor-1.0.0+git20191022.755f9ef.tar.xz
+Source3:        fdo-client-service
+Source4:        fdoclient.service
+Source5:        README
+Patch0:         build.patch
+Patch1:         gcc.patch
+Requires:       openssl
+BuildRequires:  cmake
+BuildRequires:  gcc-c++
+BuildRequires:  libcurl-devel
+BuildRequires:  libopenssl-devel
+BuildRequires:  vim
+%{?systemd_ordering}
+
+%description
+FDO-Client is a portable implementation of the FIDO Device Onboard Spec.
+This component is portable across multiple environments,
+including to various microprocessors (MPUs) and microcontrollers (MCUs).
+
+%package devel
+Summary:        FIDO Device Onboard Client SDK
+Group:          Development/Libraries/C and C++
+Requires:       libopenssl-devel
+
+%description devel
+This is a production-ready implementation of the Device component defined
+in FIDO Device Onboard Spec published by the FIDO Alliance.
+Appropriate security measures should be taken for storing the device
+credentials while porting this to different platforms.
+
+%prep
+%setup -q
+%setup -q -D -a 1
+%setup -q -D -a 2
+%patch -P 0 -p1
+%patch -P 1 -p1
+
+%build
+echo "%_builddir"
+pushd .
+cd safestringlib*
+mkdir obj
+make
+popd
+pushd tinycbor*
+make
+popd
+export SAFESTRING_ROOT=%{_builddir}/%{name}-%{version}/safestringlib-1.0.0+git20171208.5da1bad
+export TINYCBOR_ROOT=%{_builddir}/%{name}-%{version}/tinycbor-1.0.0+git20191022.755f9ef
+export BLOB_PATH=%{_sharedstatedir}/%{name}
+export RO_BLOB_PATH=%{_datadir}/%{name}
+cmake .
+make
+#bash utils/keys_gen.sh .
+
+%install
+mkdir -p %{buildroot}/%{_bindir}
+mkdir -p %{buildroot}/%{_libdir}
+mkdir -p %{buildroot}/%{_sbindir}
+mkdir -p %{buildroot}/%{_docdir}/%{name}
+mkdir -p %{buildroot}/%{_includedir}
+mkdir -p %{buildroot}/%{_datadir}/%{name}/data
+mkdir -p %{buildroot}/%{_sharedstatedir}/%{name}/data
+
+%{__install} -m 0755 build/linux-client %{buildroot}/%{_bindir}/%{name}
+%{__install} -m 0755 %{SOURCE3} %{buildroot}/%{_bindir}/fdo-client-service
+%{__install} -D -m 644 %{SOURCE4} %{buildroot}/%{_unitdir}/fdoclient.service
+%{__install} -m 0644 %{SOURCE5} %{buildroot}/%{_docdir}/%{name}/README
+ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcfdoclient
+
+%{__install} -m 644 build/*.a %{buildroot}/%{_libdir}
+%{__install} -m 644 include/*.h %{buildroot}/%{_includedir}
+
+#%{__install} data/ecdsa* %{buildroot}/%{_datadir}/%{name}/data
+%{__install} data/manufacturer_addr.bin %{buildroot}/%{_datadir}/%{name}/data
+%{__install} data/max_serviceinfo_sz.bin %{buildroot}/%{_datadir}/%{name}/data
+%{__install} data/mfg_proxy.dat %{buildroot}/%{_datadir}/%{name}/data
+%{__install} data/owner_proxy.dat %{buildroot}/%{_datadir}/%{name}/data
+%{__install} data/raw.blob %{buildroot}/%{_datadir}/%{name}/data
+%{__install} data/rv_proxy.dat %{buildroot}/%{_datadir}/%{name}/data
+
+%{__install} data/Normal.blob %{buildroot}/%{_sharedstatedir}/%{name}/data
+%{__install} data/platform_aes_key.bin %{buildroot}/%{_sharedstatedir}/%{name}/data
+%{__install} data/platform_hmac_key.bin %{buildroot}/%{_sharedstatedir}/%{name}/data
+%{__install} data/platform_iv.bin %{buildroot}/%{_sharedstatedir}/%{name}/data
+%{__install} data/Secure.blob %{buildroot}/%{_sharedstatedir}/%{name}/data
+
+%pre
+%service_add_pre fdoclient.service
+
+%preun
+%service_del_preun fdoclient.service
+
+%post
+%service_add_post fdoclient.service
+
+%postun
+%service_del_postun fdoclient.service
+
+%files
+%license LICENSE
+%doc README
+%dir %{_datadir}/%{name}
+%dir %{_datadir}/%{name}/data
+%dir %{_sharedstatedir}/%{name}
+%dir %{_sharedstatedir}/%{name}/data/
+%{_bindir}/%{name}
+%{_bindir}/fdo-client-service
+%{_datadir}/%{name}/data/*
+%{_sharedstatedir}/%{name}/data/*
+%{_unitdir}/fdoclient.service
+%{_sbindir}/rcfdoclient
+
+%files devel
+%license LICENSE
+%{_includedir}/*.h
+%{_libdir}/*.a
+
+%changelog
--- a/fdoclient.service
+++ b/fdoclient.service
@ -0,0 +1,15 @@
+[Unit]
+Description=FDO client
+After=remote-fs.target network-online.target 
+Wants=network-online.target
+
+[Service]
+Type=simple
+Environment=TERM=linux
+ExecStart=/usr/bin/fdo-client-service
+RemainAfterExit=no
+TimeoutSec=0
+
+[Install]
+WantedBy=default.target
+
--- a/gcc.patch
+++ b/gcc.patch
@ -0,0 +1,37 @@
+--- org/network/network_if_linux.c	2022-12-09 09:44:34.000000000 +0100
+++ patch/network/network_if_linux.c	2023-03-02 16:05:07.625074915 +0100
+@@ -246,7 +246,7 @@
+ 		goto err;
+ 	}
+ 
+-	if (ip_addr->addr) {
+	if (ip_addr->length > 0) {
+ 		ip_ascii = fdo_alloc(IP_TAG_LEN);
+ 		if (!ip_ascii) {
+ 			goto err;
+@@ -331,7 +331,7 @@
+ 		}
+ 	}
+ 
+-	if (ip_addr->addr) {
+	if (ip_addr->length > 0) {
+ 		ip_ascii = fdo_alloc(IP_TAG_LEN);
+ 		if (!ip_ascii) {
+ 			goto err;
+--- org/lib/credentials_from_file.c	2022-12-09 09:44:34.000000000 +0100
+++ patch/lib/credentials_from_file.c	2023-03-02 16:34:46.597314561 +0100
+@@ -231,7 +231,6 @@
+ 		return true;
+ 	}
+ 
+-	LOG(LOG_DEBUG, "Reading DeviceCredential blob of length %"PRIu64"\n", dev_cred_len);
+ 
+ 	fdor = fdo_alloc(sizeof(fdor_t));
+ 	if (!fdor || !fdor_init(fdor) || !fdo_block_alloc_with_size(&fdor->b, dev_cred_len)) {
+@@ -531,4 +530,4 @@
+ 		return true;
+ 	}
+ 	return false;
+-}
+\ Kein Zeilenumbruch am Dateiende.
+}
--- a/safestringlib-1.0.0+git20171208.5da1bad.tar.xz
+++ b/safestringlib-1.0.0+git20171208.5da1bad.tar.xz
--- a/tinycbor-1.0.0+git20191022.755f9ef.tar.xz
+++ b/tinycbor-1.0.0+git20191022.755f9ef.tar.xz