Sync from SUSE:SLFO:Main fdo-client revision a197f67f03cf6ce5bcd2ba8eeda4ed24
This commit is contained in:
commit
e19b00b699
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
## Default LFS
|
||||||
|
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.png filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zst filter=lfs diff=lfs merge=lfs -text
|
7
README
Normal file
7
README
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
For more information please have a look at the previous release:
|
||||||
|
https://github.com/schubi2/sdo-client
|
||||||
|
This client does only works with a fdo server.
|
||||||
|
The environment and examples are defined here:
|
||||||
|
https://github.com/secure-device-onboard/pri-fidoiot
|
||||||
|
|
||||||
|
NOTE: Each FDO clients has to be adapted to customers individual requirements.
|
32
_service
Normal file
32
_service
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
<services>
|
||||||
|
<service name="tar_scm" mode="disabled">
|
||||||
|
<param name="version">1.0.0</param>
|
||||||
|
<param name="versionformat">1.0.0+git%cd.%h</param>
|
||||||
|
<param name="url">git@github.com:intel/safestringlib.git</param>
|
||||||
|
<param name="revision">v1.0.0</param>
|
||||||
|
<param name="scm">git</param>
|
||||||
|
<param name="changesgenerate">enable</param>
|
||||||
|
</service>
|
||||||
|
<service name="tar_scm" mode="disabled">
|
||||||
|
<param name="version">1.0.0</param>
|
||||||
|
<param name="versionformat">1.0.0+git%cd.%h</param>
|
||||||
|
<param name="url">git@github.com:intel/tinycbor.git</param>
|
||||||
|
<param name="scm">git</param>
|
||||||
|
<param name="revision">v0.5.3</param>
|
||||||
|
<param name="changesgenerate">enable</param>
|
||||||
|
</service>
|
||||||
|
<service name="tar_scm" mode="disabled">
|
||||||
|
<param name="version">1.1.4</param>
|
||||||
|
<param name="versionformat">1.1.4+git%cd.%h</param>
|
||||||
|
<param name="url">git@github.com:secure-device-onboard/client-sdk-fidoiot.git</param>
|
||||||
|
<param name="revision">v1.1.4</param>
|
||||||
|
<param name="scm">git</param>
|
||||||
|
<param name="filename">fdo-client</param>
|
||||||
|
<param name="changesgenerate">enable</param>
|
||||||
|
</service>
|
||||||
|
<service name="recompress" mode="disabled">
|
||||||
|
<param name="compression">xz</param>
|
||||||
|
<param name="file">*.tar</param>
|
||||||
|
</service>
|
||||||
|
<service name="set_version" mode="disabled"/>
|
||||||
|
</services>
|
16
_servicedata
Normal file
16
_servicedata
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
<servicedata>
|
||||||
|
<service name="tar_scm">
|
||||||
|
<param name="url">git://github.com/intel/safestringlib.git</param>
|
||||||
|
<param name="changesrevision">5da1badd337e68c1334fb232c778166f46f6d9f9</param>
|
||||||
|
</service>
|
||||||
|
<service name="tar_scm">
|
||||||
|
<param name="url">git@github.com:intel/tinycbor.git</param>
|
||||||
|
<param name="changesrevision">755f9ef932f9830a63a712fd2ac971d838b131f1</param>
|
||||||
|
</service>
|
||||||
|
<service name="tar_scm">
|
||||||
|
<param name="url">git@github.com:secure-device-onboard/client-sdk-fidoiot.git</param>
|
||||||
|
<param name="changesrevision">c8ef7576afa1b250ff9460b519238f32711ef175</param>
|
||||||
|
</service>
|
||||||
|
<service name="tar_scm">
|
||||||
|
<param name="url">git@github.com:intel/safestringlib.git</param>
|
||||||
|
<param name="changesrevision">5da1badd337e68c1334fb232c778166f46f6d9f9</param></service></servicedata>
|
164
build.patch
Normal file
164
build.patch
Normal file
@ -0,0 +1,164 @@
|
|||||||
|
--- org/cmake/blob_path.cmake 2022-12-09 09:44:34.000000000 +0100
|
||||||
|
+++ patch/cmake/blob_path.cmake 2023-03-02 14:51:38.637622177 +0100
|
||||||
|
@@ -7,17 +7,18 @@
|
||||||
|
# Note all blobs and data will be made relative.
|
||||||
|
# if absoulte is needed declare BLOB_PATH on CLI
|
||||||
|
# or export BLOB_PATH=<path>
|
||||||
|
+# RO_BLOB_PATH=<path> is for data which does not need write access
|
||||||
|
|
||||||
|
if(TARGET_OS MATCHES linux)
|
||||||
|
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
- -DSERIAL_FILE=\"${BLOB_PATH}/data/manufacturer_sn.bin\"
|
||||||
|
- -DMODEL_FILE=\"${BLOB_PATH}/data/manufacturer_mod.bin\"
|
||||||
|
+ -DSERIAL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_sn.bin\"
|
||||||
|
+ -DMODEL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_mod.bin\"
|
||||||
|
-DPLATFORM_IV=\"${BLOB_PATH}/data/platform_iv.bin\"
|
||||||
|
-DPLATFORM_HMAC_KEY=\"${BLOB_PATH}/data/platform_hmac_key.bin\"
|
||||||
|
-DPLATFORM_AES_KEY=\"${BLOB_PATH}/data/platform_aes_key.bin\"
|
||||||
|
- -DMANUFACTURER_ADDR=\"${BLOB_PATH}/data/manufacturer_addr.bin\"
|
||||||
|
- -DMAX_SERVICEINFO_SZ_FILE=\"${BLOB_PATH}/data/max_serviceinfo_sz.bin\"
|
||||||
|
+ -DMANUFACTURER_ADDR=\"${RO_BLOB_PATH}/data/manufacturer_addr.bin\"
|
||||||
|
+ -DMAX_SERVICEINFO_SZ_FILE=\"${RO_BLOB_PATH}/data/max_serviceinfo_sz.bin\"
|
||||||
|
)
|
||||||
|
if (${DA} MATCHES tpm)
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
@@ -53,24 +54,24 @@
|
||||||
|
-DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\"
|
||||||
|
-DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\"
|
||||||
|
-DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\"
|
||||||
|
- -DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\"
|
||||||
|
+ -DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\"
|
||||||
|
)
|
||||||
|
else() #Not unit tests
|
||||||
|
if (${DA} MATCHES ecdsa256) #ecdsa 256 selected
|
||||||
|
if (${DA_FILE} MATCHES pem)
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
- -DECDSA_PEM -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa256privkey.pem\")
|
||||||
|
+ -DECDSA_PEM -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa256privkey.pem\")
|
||||||
|
else()
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
- -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa256privkey.dat\")
|
||||||
|
+ -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa256privkey.dat\")
|
||||||
|
endif()
|
||||||
|
else() # ecdsa 384 selected
|
||||||
|
if (${DA_FILE} MATCHES pem)
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
- -DECDSA_PEM -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa384privkey.pem\")
|
||||||
|
+ -DECDSA_PEM -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa384privkey.pem\")
|
||||||
|
else()
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
- -DECDSA_PRIVKEY=\"${BLOB_PATH}/data/ecdsa384privkey.dat\")
|
||||||
|
+ -DECDSA_PRIVKEY=\"${RO_BLOB_PATH}/data/ecdsa384privkey.dat\")
|
||||||
|
endif()
|
||||||
|
endif()
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
@@ -80,27 +81,27 @@
|
||||||
|
-DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\"
|
||||||
|
-DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\"
|
||||||
|
-DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\"
|
||||||
|
- -DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\"
|
||||||
|
+ -DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\"
|
||||||
|
)
|
||||||
|
endif()
|
||||||
|
if (NOT(${HTTPPROXY} STREQUAL ""))
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
- -DMFG_PROXY=\"${BLOB_PATH}/data/mfg_proxy.dat\"
|
||||||
|
- -DRV_PROXY=\"${BLOB_PATH}/data/rv_proxy.dat\"
|
||||||
|
- -DOWNER_PROXY=\"${BLOB_PATH}/data/owner_proxy.dat\"
|
||||||
|
+ -DMFG_PROXY=\"${RO_BLOB_PATH}/data/mfg_proxy.dat\"
|
||||||
|
+ -DRV_PROXY=\"${RO_BLOB_PATH}/data/rv_proxy.dat\"
|
||||||
|
+ -DOWNER_PROXY=\"${RO_BLOB_PATH}/data/owner_proxy.dat\"
|
||||||
|
)
|
||||||
|
endif()
|
||||||
|
endif()
|
||||||
|
|
||||||
|
if (${TARGET_OS} MATCHES mbedos)
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
- -DSERIAL_FILE=\"${BLOB_PATH}/data/manufacturer_sn.bin\"
|
||||||
|
- -DMODEL_FILE=\"${BLOB_PATH}/data/manufacturer_mod.bin\"
|
||||||
|
+ -DSERIAL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_sn.bin\"
|
||||||
|
+ -DMODEL_FILE=\"${RO_BLOB_PATH}/data/manufacturer_mod.bin\"
|
||||||
|
-DPLATFORM_IV=\"${BLOB_PATH}/data/platform_iv.bin\"
|
||||||
|
-DPLATFORM_HMAC_KEY=\"${BLOB_PATH}/data/platform_hmac_key.bin\"
|
||||||
|
-DPLATFORM_AES_KEY=\"${BLOB_PATH}/data/platform_aes_key.bin\"
|
||||||
|
- -DMANUFACTURER_ADDR=\"${BLOB_PATH}/data/manufacturer_addr.bin\"
|
||||||
|
- -DMAX_SERVICEINFO_SZ_FILE=\"${BLOB_PATH}/data/max_serviceinfo_sz.bin\"
|
||||||
|
+ -DMANUFACTURER_ADDR=\"${RO_BLOB_PATH}/data/manufacturer_addr.bin\"
|
||||||
|
+ -DMAX_SERVICEINFO_SZ_FILE=\"${RO_BLOB_PATH}/data/max_serviceinfo_sz.bin\"
|
||||||
|
)
|
||||||
|
if (${unit-test} MATCHES true)
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
@@ -110,7 +111,7 @@
|
||||||
|
-DFDO_CRED_SECURE=\"${BLOB_PATH}/data/Secure.blob\"
|
||||||
|
-DFDO_CRED_MFG=\"${BLOB_PATH}/data/Mfg.blob\"
|
||||||
|
-DFDO_CRED_NORMAL=\"${BLOB_PATH}/data/Normal.blob\"
|
||||||
|
- -DRAW_BLOB=\"${BLOB_PATH}/data/raw.blob\"
|
||||||
|
+ -DRAW_BLOB=\"${RO_BLOB_PATH}/data/raw.blob\"
|
||||||
|
)
|
||||||
|
if (${DA_FILE} MATCHES pem)
|
||||||
|
client_sdk_compile_definitions(
|
||||||
|
@@ -164,9 +165,9 @@
|
||||||
|
# Configure if needed at a later point
|
||||||
|
# configure_file(${BLOB_PATH}/data/Normal.blob NEWLINE_STYLE DOS)
|
||||||
|
|
||||||
|
-file(WRITE ${BLOB_PATH}/data/platform_iv.bin "")
|
||||||
|
-file(WRITE ${BLOB_PATH}/data/platform_hmac_key.bin "")
|
||||||
|
-file(WRITE ${BLOB_PATH}/data/platform_aes_key.bin "")
|
||||||
|
-file(WRITE ${BLOB_PATH}/data/Normal.blob "")
|
||||||
|
-file(WRITE ${BLOB_PATH}/data/Secure.blob "")
|
||||||
|
-file(WRITE ${BLOB_PATH}/data/raw.blob "")
|
||||||
|
+file(WRITE ./data/platform_iv.bin "")
|
||||||
|
+file(WRITE ./data/platform_hmac_key.bin "")
|
||||||
|
+file(WRITE ./data/platform_aes_key.bin "")
|
||||||
|
+file(WRITE ./data/Normal.blob "")
|
||||||
|
+file(WRITE ./data/Secure.blob "")
|
||||||
|
+file(WRITE ./data/raw.blob "")
|
||||||
|
--- org/cmake/cli_input.cmake 2022-12-09 09:44:34.000000000 +0100
|
||||||
|
+++ patch/cmake/cli_input.cmake 2023-03-02 14:56:02.036016802 +0100
|
||||||
|
@@ -25,6 +25,7 @@
|
||||||
|
set (STORAGE true)
|
||||||
|
set (BOARD NUCLEO_F767ZI)
|
||||||
|
set (BLOB_PATH .)
|
||||||
|
+set (RO_BLOB_PATH .)
|
||||||
|
set (TPM2_TCTI_TYPE tabrmd)
|
||||||
|
set (RESALE true)
|
||||||
|
set (REUSE true)
|
||||||
|
@@ -530,6 +531,37 @@
|
||||||
|
message("Selected BLOB_PATH ${BLOB_PATH}")
|
||||||
|
|
||||||
|
###########################################
|
||||||
|
+# FOR RO_BLOB_PATH
|
||||||
|
+get_property(cached_ro_blob_path_value CACHE RO_BLOB_PATH PROPERTY VALUE)
|
||||||
|
+
|
||||||
|
+set(ro_blob_path_cli_arg ${cached_ro_blob_path_value})
|
||||||
|
+if(ro_blob_path_cli_arg STREQUAL CACHED_RO_BLOB_PATH)
|
||||||
|
+ unset(ro_blob_path_cli_arg)
|
||||||
|
+endif()
|
||||||
|
+
|
||||||
|
+set(ro_blob_path_app_cmake_lists ${RO_BLOB_PATH})
|
||||||
|
+if(cached_ro_blob_path_value STREQUAL RO_BLOB_PATH)
|
||||||
|
+ unset(ro_blob_path_app_cmake_lists)
|
||||||
|
+endif()
|
||||||
|
+
|
||||||
|
+if(CACHED_RO_BLOB_PATH)
|
||||||
|
+ if ((ro_blob_path_cli_arg) AND (NOT(CACHED_RO_BLOB_PATH STREQUAL ro_blob_path_cli_arg)))
|
||||||
|
+ message(WARNING "Need to do make pristine before cmake args can change.")
|
||||||
|
+ endif()
|
||||||
|
+ set(RO_BLOB_PATH ${CACHED_RO_BLOB_PATH})
|
||||||
|
+elseif(ro_blob_path_cli_arg)
|
||||||
|
+ set(RO_BLOB_PATH ${ro_blob_path_cli_arg})
|
||||||
|
+elseif(DEFINED ENV{RO_BLOB_PATH})
|
||||||
|
+ set(RO_BLOB_PATH $ENV{RO_BLOB_PATH})
|
||||||
|
+elseif(ro_blob_path_app_cmake_lists)
|
||||||
|
+ set(RO_BLOB_PATH ${ro_blob_path_app_cmake_lists})
|
||||||
|
+endif()
|
||||||
|
+
|
||||||
|
+set(CACHED_RO_BLOB_PATH ${RO_BLOB_PATH} CACHE STRING "Selected RO_BLOB_PATH")
|
||||||
|
+message("Selected RO_BLOB_PATH ${RO_BLOB_PATH}")
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+###########################################
|
||||||
|
# FOR WIFI_SSID
|
||||||
|
get_property(cached_wifi_ssid_value CACHE WIFI_SSID PROPERTY VALUE)
|
||||||
|
|
BIN
fdo-client-1.1.4+git20221209.c8ef757.tar.xz
(Stored with Git LFS)
Normal file
BIN
fdo-client-1.1.4+git20221209.c8ef757.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
29
fdo-client-service
Normal file
29
fdo-client-service
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
check_file=/var/lib/fdo-client/initialized
|
||||||
|
data=/var/lib/fdo-client/data
|
||||||
|
log=/var/log/fdo-client.log
|
||||||
|
|
||||||
|
cd ${data}
|
||||||
|
|
||||||
|
if [ ! -f ${check_file} ]; then
|
||||||
|
# The first time the client will connect the manufacturer
|
||||||
|
# server in order to get information about rendevous service.
|
||||||
|
# After that the service will be stopped. The machine is now
|
||||||
|
# ready for delivery. Next time the machine will connect to
|
||||||
|
# the rendezvous service when it will be switched on.
|
||||||
|
/usr/bin/fdo-client >${log}
|
||||||
|
systemctl status fdoclient| grep 'Main PID' | awk '{print $3}' >${check_file}
|
||||||
|
/bin/systemctl stop fdoclient
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
while :
|
||||||
|
do
|
||||||
|
# The rendevous service returns the information about the
|
||||||
|
# prider platform service (only the first time). This service
|
||||||
|
# will be contacted periodically.
|
||||||
|
/usr/bin/fdo-client >>${log}
|
||||||
|
sleep 30;
|
||||||
|
done
|
||||||
|
|
||||||
|
|
80
fdo-client.changes
Normal file
80
fdo-client.changes
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Feb 13 13:38:19 UTC 2024 - Otto Hollmann <otto.hollmann@suse.com>
|
||||||
|
|
||||||
|
- Remove the hardcoded libopenssl-1_1-devel and replace it with
|
||||||
|
libopenssl-devel (bsc#1219879).
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Feb 2 08:23:13 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||||
|
|
||||||
|
- Fix build using RPM 4.19: builddir does contain the extracted
|
||||||
|
tartball, but can also contain special directories used by RPM,
|
||||||
|
resolving in globbing to behave differently.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Nov 13 15:18:20 UTC 2023 - Stefan Schubert <schubi@suse.com>
|
||||||
|
|
||||||
|
- Remove build key via utils/keys_gen.sh. (bsc#1216293)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Mar 02 11:38:56 UTC 2023 - schubi@suse.com
|
||||||
|
|
||||||
|
- Update to version 1.1.4+git20221209.c8ef757:
|
||||||
|
* Readme update (#210)
|
||||||
|
* Updating the readme with openssl 1.1.1s (#209)
|
||||||
|
* Fix TO when IP/RV is empty string (#208)
|
||||||
|
* * Replaced unsafe string function (#207)
|
||||||
|
* Increase max message buffer size to 64000 (#205)
|
||||||
|
* Update Curl version as 7.86 in Readme (#206)
|
||||||
|
* Readme updates (#204)
|
||||||
|
* Minimal logs by default (compile time) (#203)
|
||||||
|
* Revert openssl3 (#201)
|
||||||
|
* Update HTTPS connection to use TLS 1.2 (#196)
|
||||||
|
* Openssl 3 porting (#194)
|
||||||
|
* Add curl support for HTTP connection (#195)
|
||||||
|
* Update NOTICE file (#192)
|
||||||
|
* Add CURL support for HTTPS connection (#188)
|
||||||
|
* Readme update for installing safestringlib (#191)
|
||||||
|
* Updating the readme with openssl 1.1.1q (#187)
|
||||||
|
* switch to host.docker.internal (#185)
|
||||||
|
* Fix to enable compilation of CSDK in ubuntu 22 (#183)
|
||||||
|
* Fix TO when IP is NULL (#184)
|
||||||
|
* Update EAT-UEID value as per FIDO working draft specification (#180)
|
||||||
|
* Revert "Update EAT-UEID value as per FIDO working draft specification (#178)" (#179)
|
||||||
|
* Update EAT-UEID value as per FIDO working draft specification (#178)
|
||||||
|
* Updating comments in fdonet.c (#177)
|
||||||
|
* Upgrade OpenSSL toolkit version to 1.1.1n (#176)
|
||||||
|
* Documentation updates (#175)
|
||||||
|
* Add a note regarding fdosys issue (#174)
|
||||||
|
* Update Jenkinsfile to copy PRI artifacts from master (#173)
|
||||||
|
* Merging 1.1 dev branch to master. (#172)
|
||||||
|
* Fix multiple owner support for CSDK devices. (#167)
|
||||||
|
* Fix: fdo_sys:exec_cb/exec not working after initial fdo_sys:exec (#166)
|
||||||
|
* Add implementation for fdo_sys keep-alive (#165)
|
||||||
|
* Fix an issue with keeping in-memory Mfg PublicKey hash (#164)
|
||||||
|
* Update/Tweak Device Status and Cred management (#163)
|
||||||
|
* Updating EAT IANA numbers as per spec ERRATA (#160)
|
||||||
|
* Updating Device ServiceInfo framework to handle writes (#162)
|
||||||
|
* Add TPM support on RHEL (#161)
|
||||||
|
* Update README for RHEL support (#159)
|
||||||
|
* Remove disclaimer from README (#158)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Mar 02 11:37:36 UTC 2023 - schubi@suse.com
|
||||||
|
|
||||||
|
- Update to version 1.0.0+git20171208.5da1bad:
|
||||||
|
* Use secure functions where appropriate
|
||||||
|
* Added extern definition
|
||||||
|
* Fix Klocwork Errors
|
||||||
|
* Fix output
|
||||||
|
* Fix Core Dump in Unit Test
|
||||||
|
* Add Makefile
|
||||||
|
* publish unit tests
|
||||||
|
* strpcpu_s: remove unsed redundant variable overlap_bumper
|
||||||
|
* Update LICENSE©ING.txt
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Oct 15 17:39:31 UTC 2021 - Stefan Schubert <schubi@suse.de>
|
||||||
|
|
||||||
|
- This is the successor of sdo-client
|
||||||
|
EPIC: SLE/SLE-22946
|
146
fdo-client.spec
Normal file
146
fdo-client.spec
Normal file
@ -0,0 +1,146 @@
|
|||||||
|
#
|
||||||
|
# spec file for package fdo-client
|
||||||
|
#
|
||||||
|
# Copyright (c) 2024 SUSE LLC
|
||||||
|
#
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon. The license for this file, and modifications and additions to the
|
||||||
|
# file, is the same license as for the pristine package itself (unless the
|
||||||
|
# license for the pristine package is not an Open Source License, in which
|
||||||
|
# case the license is the MIT License). An "Open Source License" is a
|
||||||
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
Name: fdo-client
|
||||||
|
Version: 1.1.4+git20221209.c8ef757
|
||||||
|
Release: 0
|
||||||
|
Summary: FIDO Device Onboard Client
|
||||||
|
License: Apache-2.0
|
||||||
|
Group: System/Base
|
||||||
|
URL: https://github.com/intel/safestringlib/tree/v1.0.0
|
||||||
|
Source0: fdo-client-%{version}.tar.xz
|
||||||
|
Source1: safestringlib-1.0.0+git20171208.5da1bad.tar.xz
|
||||||
|
Source2: tinycbor-1.0.0+git20191022.755f9ef.tar.xz
|
||||||
|
Source3: fdo-client-service
|
||||||
|
Source4: fdoclient.service
|
||||||
|
Source5: README
|
||||||
|
Patch0: build.patch
|
||||||
|
Patch1: gcc.patch
|
||||||
|
Requires: openssl
|
||||||
|
BuildRequires: cmake
|
||||||
|
BuildRequires: gcc-c++
|
||||||
|
BuildRequires: libcurl-devel
|
||||||
|
BuildRequires: libopenssl-devel
|
||||||
|
BuildRequires: vim
|
||||||
|
%{?systemd_ordering}
|
||||||
|
|
||||||
|
%description
|
||||||
|
FDO-Client is a portable implementation of the FIDO Device Onboard Spec.
|
||||||
|
This component is portable across multiple environments,
|
||||||
|
including to various microprocessors (MPUs) and microcontrollers (MCUs).
|
||||||
|
|
||||||
|
%package devel
|
||||||
|
Summary: FIDO Device Onboard Client SDK
|
||||||
|
Group: Development/Libraries/C and C++
|
||||||
|
Requires: libopenssl-devel
|
||||||
|
|
||||||
|
%description devel
|
||||||
|
This is a production-ready implementation of the Device component defined
|
||||||
|
in FIDO Device Onboard Spec published by the FIDO Alliance.
|
||||||
|
Appropriate security measures should be taken for storing the device
|
||||||
|
credentials while porting this to different platforms.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -q
|
||||||
|
%setup -q -D -a 1
|
||||||
|
%setup -q -D -a 2
|
||||||
|
%patch -P 0 -p1
|
||||||
|
%patch -P 1 -p1
|
||||||
|
|
||||||
|
%build
|
||||||
|
echo "%_builddir"
|
||||||
|
pushd .
|
||||||
|
cd safestringlib*
|
||||||
|
mkdir obj
|
||||||
|
make
|
||||||
|
popd
|
||||||
|
pushd tinycbor*
|
||||||
|
make
|
||||||
|
popd
|
||||||
|
export SAFESTRING_ROOT=%{_builddir}/%{name}-%{version}/safestringlib-1.0.0+git20171208.5da1bad
|
||||||
|
export TINYCBOR_ROOT=%{_builddir}/%{name}-%{version}/tinycbor-1.0.0+git20191022.755f9ef
|
||||||
|
export BLOB_PATH=%{_sharedstatedir}/%{name}
|
||||||
|
export RO_BLOB_PATH=%{_datadir}/%{name}
|
||||||
|
cmake .
|
||||||
|
make
|
||||||
|
#bash utils/keys_gen.sh .
|
||||||
|
|
||||||
|
%install
|
||||||
|
mkdir -p %{buildroot}/%{_bindir}
|
||||||
|
mkdir -p %{buildroot}/%{_libdir}
|
||||||
|
mkdir -p %{buildroot}/%{_sbindir}
|
||||||
|
mkdir -p %{buildroot}/%{_docdir}/%{name}
|
||||||
|
mkdir -p %{buildroot}/%{_includedir}
|
||||||
|
mkdir -p %{buildroot}/%{_datadir}/%{name}/data
|
||||||
|
mkdir -p %{buildroot}/%{_sharedstatedir}/%{name}/data
|
||||||
|
|
||||||
|
%{__install} -m 0755 build/linux-client %{buildroot}/%{_bindir}/%{name}
|
||||||
|
%{__install} -m 0755 %{SOURCE3} %{buildroot}/%{_bindir}/fdo-client-service
|
||||||
|
%{__install} -D -m 644 %{SOURCE4} %{buildroot}/%{_unitdir}/fdoclient.service
|
||||||
|
%{__install} -m 0644 %{SOURCE5} %{buildroot}/%{_docdir}/%{name}/README
|
||||||
|
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcfdoclient
|
||||||
|
|
||||||
|
%{__install} -m 644 build/*.a %{buildroot}/%{_libdir}
|
||||||
|
%{__install} -m 644 include/*.h %{buildroot}/%{_includedir}
|
||||||
|
|
||||||
|
#%{__install} data/ecdsa* %{buildroot}/%{_datadir}/%{name}/data
|
||||||
|
%{__install} data/manufacturer_addr.bin %{buildroot}/%{_datadir}/%{name}/data
|
||||||
|
%{__install} data/max_serviceinfo_sz.bin %{buildroot}/%{_datadir}/%{name}/data
|
||||||
|
%{__install} data/mfg_proxy.dat %{buildroot}/%{_datadir}/%{name}/data
|
||||||
|
%{__install} data/owner_proxy.dat %{buildroot}/%{_datadir}/%{name}/data
|
||||||
|
%{__install} data/raw.blob %{buildroot}/%{_datadir}/%{name}/data
|
||||||
|
%{__install} data/rv_proxy.dat %{buildroot}/%{_datadir}/%{name}/data
|
||||||
|
|
||||||
|
%{__install} data/Normal.blob %{buildroot}/%{_sharedstatedir}/%{name}/data
|
||||||
|
%{__install} data/platform_aes_key.bin %{buildroot}/%{_sharedstatedir}/%{name}/data
|
||||||
|
%{__install} data/platform_hmac_key.bin %{buildroot}/%{_sharedstatedir}/%{name}/data
|
||||||
|
%{__install} data/platform_iv.bin %{buildroot}/%{_sharedstatedir}/%{name}/data
|
||||||
|
%{__install} data/Secure.blob %{buildroot}/%{_sharedstatedir}/%{name}/data
|
||||||
|
|
||||||
|
%pre
|
||||||
|
%service_add_pre fdoclient.service
|
||||||
|
|
||||||
|
%preun
|
||||||
|
%service_del_preun fdoclient.service
|
||||||
|
|
||||||
|
%post
|
||||||
|
%service_add_post fdoclient.service
|
||||||
|
|
||||||
|
%postun
|
||||||
|
%service_del_postun fdoclient.service
|
||||||
|
|
||||||
|
%files
|
||||||
|
%license LICENSE
|
||||||
|
%doc README
|
||||||
|
%dir %{_datadir}/%{name}
|
||||||
|
%dir %{_datadir}/%{name}/data
|
||||||
|
%dir %{_sharedstatedir}/%{name}
|
||||||
|
%dir %{_sharedstatedir}/%{name}/data/
|
||||||
|
%{_bindir}/%{name}
|
||||||
|
%{_bindir}/fdo-client-service
|
||||||
|
%{_datadir}/%{name}/data/*
|
||||||
|
%{_sharedstatedir}/%{name}/data/*
|
||||||
|
%{_unitdir}/fdoclient.service
|
||||||
|
%{_sbindir}/rcfdoclient
|
||||||
|
|
||||||
|
%files devel
|
||||||
|
%license LICENSE
|
||||||
|
%{_includedir}/*.h
|
||||||
|
%{_libdir}/*.a
|
||||||
|
|
||||||
|
%changelog
|
15
fdoclient.service
Normal file
15
fdoclient.service
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=FDO client
|
||||||
|
After=remote-fs.target network-online.target
|
||||||
|
Wants=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
Environment=TERM=linux
|
||||||
|
ExecStart=/usr/bin/fdo-client-service
|
||||||
|
RemainAfterExit=no
|
||||||
|
TimeoutSec=0
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=default.target
|
||||||
|
|
37
gcc.patch
Normal file
37
gcc.patch
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
--- org/network/network_if_linux.c 2022-12-09 09:44:34.000000000 +0100
|
||||||
|
+++ patch/network/network_if_linux.c 2023-03-02 16:05:07.625074915 +0100
|
||||||
|
@@ -246,7 +246,7 @@
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (ip_addr->addr) {
|
||||||
|
+ if (ip_addr->length > 0) {
|
||||||
|
ip_ascii = fdo_alloc(IP_TAG_LEN);
|
||||||
|
if (!ip_ascii) {
|
||||||
|
goto err;
|
||||||
|
@@ -331,7 +331,7 @@
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (ip_addr->addr) {
|
||||||
|
+ if (ip_addr->length > 0) {
|
||||||
|
ip_ascii = fdo_alloc(IP_TAG_LEN);
|
||||||
|
if (!ip_ascii) {
|
||||||
|
goto err;
|
||||||
|
--- org/lib/credentials_from_file.c 2022-12-09 09:44:34.000000000 +0100
|
||||||
|
+++ patch/lib/credentials_from_file.c 2023-03-02 16:34:46.597314561 +0100
|
||||||
|
@@ -231,7 +231,6 @@
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
- LOG(LOG_DEBUG, "Reading DeviceCredential blob of length %"PRIu64"\n", dev_cred_len);
|
||||||
|
|
||||||
|
fdor = fdo_alloc(sizeof(fdor_t));
|
||||||
|
if (!fdor || !fdor_init(fdor) || !fdo_block_alloc_with_size(&fdor->b, dev_cred_len)) {
|
||||||
|
@@ -531,4 +530,4 @@
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
-}
|
||||||
|
\ Kein Zeilenumbruch am Dateiende.
|
||||||
|
+}
|
BIN
safestringlib-1.0.0+git20171208.5da1bad.tar.xz
(Stored with Git LFS)
Normal file
BIN
safestringlib-1.0.0+git20171208.5da1bad.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
tinycbor-1.0.0+git20191022.755f9ef.tar.xz
(Stored with Git LFS)
Normal file
BIN
tinycbor-1.0.0+git20191022.755f9ef.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user