From faf3134176bd3688bf9d5bec7dc3f08eeb1792d88e12235bff3d90605ed404c3 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Fri, 21 Sep 2018 09:22:57 +0000 Subject: [PATCH] Accepting request 636836 from home:michael-chang:sedutil-pkg I want to maintain sedutil in Factory and would like to use Base:System as the devel/feeder project. OBS-URL: https://build.opensuse.org/request/show/636836 OBS-URL: https://build.opensuse.org/package/show/Base:System/sedutil?expand=0&rev=1 --- .gitattributes | 23 ++++++++++ .gitignore | 1 + kernel_nvme_header.patch | 27 ++++++++++++ linuxpba.sh | 4 ++ module-setup.sh | 19 ++++++++ sedutil-1.15.1.tar.gz | 3 ++ sedutil-pba.pl | 94 ++++++++++++++++++++++++++++++++++++++++ sedutil.changes | 4 ++ sedutil.spec | 87 +++++++++++++++++++++++++++++++++++++ 9 files changed, 262 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 kernel_nvme_header.patch create mode 100644 linuxpba.sh create mode 100644 module-setup.sh create mode 100644 sedutil-1.15.1.tar.gz create mode 100644 sedutil-pba.pl create mode 100644 sedutil.changes create mode 100644 sedutil.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/kernel_nvme_header.patch b/kernel_nvme_header.patch new file mode 100644 index 0000000..f075ae7 --- /dev/null +++ b/kernel_nvme_header.patch @@ -0,0 +1,27 @@ +Index: sedutil-1.15.1/configure.ac +=================================================================== +--- sedutil-1.15.1.orig/configure.ac ++++ sedutil-1.15.1/configure.ac +@@ -14,6 +14,7 @@ AC_PROG_CC + + # Checks for header files. + AC_CHECK_HEADERS([arpa/inet.h fcntl.h malloc.h stdint.h stdlib.h string.h sys/ioctl.h unistd.h]) ++AC_CHECK_HEADERS([linux/nvme.h linux/nvme_ioctl.h]) + + # Checks for typedefs, structures, and compiler characteristics. + AC_CHECK_HEADER_STDBOOL +Index: sedutil-1.15.1/linux/DtaDevLinuxNvme.h +=================================================================== +--- sedutil-1.15.1.orig/linux/DtaDevLinuxNvme.h ++++ sedutil-1.15.1/linux/DtaDevLinuxNvme.h +@@ -18,8 +18,9 @@ along with sedutil. If not, see + #include +-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0) ++#ifdef HAVE_LINUX_NVME_IOCTL_H + #include + #else + #include diff --git a/linuxpba.sh b/linuxpba.sh new file mode 100644 index 0000000..95d0ca6 --- /dev/null +++ b/linuxpba.sh @@ -0,0 +1,4 @@ +#!/bin/sh +if getargbool 0 linuxpba ; then + linuxpba 2>/dev/null +fi diff --git a/module-setup.sh b/module-setup.sh new file mode 100644 index 0000000..098397e --- /dev/null +++ b/module-setup.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# called by dracut +check() { + require_binaries linuxpba sedutil-cli || return 1 + return 255 +} + +# called by dracut +depends() { + return 0 +} + +# called by dracut +install() { + inst_hook cmdline 00 "$moddir/linuxpba.sh" + inst_multiple linuxpba sedutil-cli +} + diff --git a/sedutil-1.15.1.tar.gz b/sedutil-1.15.1.tar.gz new file mode 100644 index 0000000..4dae723 --- /dev/null +++ b/sedutil-1.15.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9259466b4f73af276153c5245834a56f48f8721ea7263611b5d5e8326bc43d9e +size 297551 diff --git a/sedutil-pba.pl b/sedutil-pba.pl new file mode 100644 index 0000000..a7df0d0 --- /dev/null +++ b/sedutil-pba.pl @@ -0,0 +1,94 @@ +#!/usr/bin/perl +# +# PreBoot Authentication Image Creator for +# Unlocking Self Encrypting Drive +# + +use strict; +use warnings; + +use File::Path qw(make_path remove_tree); +use File::Temp qw(tempdir); +use File::Copy qw(copy); + +die "no sedutil module for dracut, stopped" unless (`dracut --list-modules 2>/dev/null` =~ /\bsedutil\b/); + +my $kver = `uname -r`; +chomp $kver; +my $scratch = tempdir('mkpba-XXXXX') or die "$!, stopped"; +my $bdir = "boot"; +my $gdir = "$bdir/grub"; +my $initrd = "initrd-$kver"; +my $kern = "vmlinuz-$kver"; +my $cfg = "grub.cfg"; +my $iso = "linuxpba-$kver.iso"; +my $rescue = "sedutil-rescue-$kver.iso"; +my $keep = 0; + +make_path("$scratch/$bdir", "$scratch/$gdir", {verbose => 1}) == 2 + or die "$!, stopped"; + +system ("dracut", "--force", "-m", "sedutil base", "$scratch/$bdir/$initrd") == 0 + or die "stopped"; + +copy("/$bdir/$kern", "$scratch/$bdir") + or die "$!, stopped"; + +open(CFG, ">", "$scratch/$gdir/$cfg") + or die "$!, stopped"; + +print CFG <<"END"; +set gfxpayload=keep + +ext="" +if [ x\$grub_platform = xefi ]; then + ext=efi +fi + +echo 'Loading Linux $kver ...' +linux\$ext /$bdir/$kern libata.allow_tpm=1 quiet rd.hostonly=0 linuxpba +echo 'Loading sedutilpba-$kver.img ...' +initrd\$ext /$bdir/$initrd +echo 'Boot ...' +boot +END + +close(CFG); + +system ("grub2-script-check", "--verbose", "$scratch/$gdir/$cfg") == 0 + or die "stopped"; + +system ("grub2-mkrescue", "-o", $iso, $scratch) == 0 + or die "stopped"; + +system ("dracut", "--force", "-m", "sedutil base", "--include", "./$iso", "/$iso", "$scratch/$bdir/$initrd") == 0 + or die "stopped"; + +open(CFG, ">", "$scratch/$gdir/$cfg") + or die "$!, stopped"; + +print CFG <<"END"; +set gfxpayload=keep + +ext="" +if [ x\$grub_platform = xefi ]; then + ext=efi +fi + +echo 'Loading Linux $kver ...' +linux\$ext /$bdir/$kern libata.allow_tpm=1 quiet rd.hostonly=0 rd.break=cmdline +echo 'Loading sedutilpba-$kver.img ...' +initrd\$ext /$bdir/$initrd +echo 'Boot ...' +boot +END + +close(CFG); + +system ("grub2-script-check", "--verbose", "$scratch/$gdir/$cfg") == 0 + or die "stopped"; + +system ("grub2-mkrescue", "-o", $rescue, $scratch) == 0 + or die "stopped"; + +remove_tree($scratch, {verbose => 1}) unless ($keep); diff --git a/sedutil.changes b/sedutil.changes new file mode 100644 index 0000000..f08a82d --- /dev/null +++ b/sedutil.changes @@ -0,0 +1,4 @@ +------------------------------------------------------------------- +Mon Nov 20 07:54:37 UTC 2017 - mchang@suse.com + +- Initial version diff --git a/sedutil.spec b/sedutil.spec new file mode 100644 index 0000000..bcf7945 --- /dev/null +++ b/sedutil.spec @@ -0,0 +1,87 @@ +# +# spec file for package sedutil +# +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +%define _dracutmodulesdir %{_libexecdir}/dracut/modules.d +Name: sedutil +Version: 1.15.1 +Release: 0 +Summary: Tools to manage the activation and use of self encrypting drives +License: GPL-3.0+ +Group: System/Management +Url: https://github.com/Drive-Trust-Alliance/sedutil/wiki +Source0: https://github.com/Drive-Trust-Alliance/%{name}/archive/%{release}/%{name}-%{version}.tar.gz +Source1: module-setup.sh +Source2: linuxpba.sh +Source3: sedutil-pba.pl +BuildRequires: gcc-c++ +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: ncurses-devel +BuildRoot: %{_tmppath}/%{name}-%{version}-build +Patch: kernel_nvme_header.patch +ExclusiveArch: x86_64 + +%description +The Drive Trust Alliance software (sedutil) is an Open Source (GPLv3) +effort to make Self Encrypting Drive technology freely available to +everyone. It is a combination of the two known available Open Source +code bases today: msed and OpalTool. + +sedutil is a Self-Encrypting Drive (SED) management program and +Pre-Boot Authorization (PBA) image that will allow the activation and +use of self encrypting drives that comply with the Trusted Computing +Group Opal 2.0 SSC. + +This package provides the sedutil-cli and linuxpba binaries, but not +the PBA image itself. + +%prep +%setup -q +%patch -p1 + +%build +autoreconf -fi +%configure +make %{?_smp_mflags} + +%install +%make_install + +install -m 0755 -d %{buildroot}/%{_dracutmodulesdir}/00sedutil/ +install -m 0755 %{SOURCE1} %{buildroot}/%{_dracutmodulesdir}/00sedutil/ +install -m 0755 %{SOURCE2} %{buildroot}/%{_dracutmodulesdir}/00sedutil/ +install -m 0755 %{SOURCE3} %{buildroot}/%{_sbindir}/ + +%post +%postun + +%files +%defattr(-,root,root) +%doc README.md Common/Copyright.txt Common/ReadMe.txt linux/PSIDRevert_LINUX.txt +%license Common/LICENSE.txt +%{_mandir}/man8/sedutil-cli.8* +%{_sbindir}/sedutil-cli +%{_sbindir}/linuxpba +%dir %{_libexecdir}/dracut +%dir %{_libexecdir}/dracut/modules.d +%dir %{_dracutmodulesdir}/00sedutil/ +%{_dracutmodulesdir}/00sedutil/module-setup.sh +%{_dracutmodulesdir}/00sedutil/linuxpba.sh +%{_sbindir}/sedutil-pba.pl + +%changelog +