diff options
Diffstat (limited to 'app-crypt/clevis')
| -rw-r--r-- | app-crypt/clevis/Manifest | 5 | ||||
| -rw-r--r-- | app-crypt/clevis/clevis-18.ebuild | 29 | ||||
| -rw-r--r-- | app-crypt/clevis/files/clevis-dracut.patch | 250 | ||||
| -rw-r--r-- | app-crypt/clevis/files/clevis-meson.patch | 11 | ||||
| -rw-r--r-- | app-crypt/clevis/metadata.xml | 12 |
5 files changed, 0 insertions, 307 deletions
diff --git a/app-crypt/clevis/Manifest b/app-crypt/clevis/Manifest deleted file mode 100644 index a3825ff..0000000 --- a/app-crypt/clevis/Manifest +++ /dev/null @@ -1,5 +0,0 @@ -AUX clevis-dracut.patch 9686 BLAKE2B f27fc96a16076a9bda7a9def31cb19f3b50ad8a5bc0be8a8d8846f1ceb325250c6d15d063bbb481731fee65f4f7576fd5f898d9070d0552a37507ae6df801d87 SHA512 4cc1ca39468f96af351d6902640ad455d61d4a11c22d04b7d10cca9fc6a4eda0b324f6b9fa880dd260b08c5e1e3f36fc2723873b2494220ab5351c1ab9993f54 -AUX clevis-meson.patch 609 BLAKE2B b3c595cd775bc22f78cc90465b9526bfdb5ab7e074ae990af0d821eb421ea8991091c63c47d4408e67a9ebd4acbaacee7ffae5366c66766272e3c7cb00e5d827 SHA512 b8b78d4f9a6f64a99d1e22faa2aa2fab23102b7244031654e003e345a2c4550c4f50a9896f7a4614fcfb92a9f2fb1664f5eb1780ce05082101d95463547bcb02 -DIST clevis-18.tar.gz 78191 BLAKE2B 317f30df3c05a9a651363daf17b9320e47a903929af991ecfd9d4d3d630a0ab8e92815db2e5736e9b9ca7f3fb4a41f4cf198ec447f04a9849f4d2a03bb196b22 SHA512 19b6743ff61ff7e29699bbc3fb69dfa31567a37ab824629330b57c92aa89b70759d63c1770be68d4525681ec9ba56d980cae2bb1cdeee6192992ede449a0e4ff -EBUILD clevis-18.ebuild 631 BLAKE2B 8dfe636f775079d1b7c97d0dffe0ebb29389c9bbe68f936125a91b83775362cc4e70092ba7e3807ad5a2443bfa04be2847e66884dfc9689941bcb8d61ea38263 SHA512 de3c1f5755586978c83daebce818d6eac5d9c769603cd02c861db04b788fcbf4691816630ef5871de4fc458ab84f5f270dc2a6b92908aecfe1c01c15d3121d51 -MISC metadata.xml 348 BLAKE2B 1b14da99bbbe7758c627af4b68c5afa6a149f10cc6f5b0430bbecb4402b7036e40ee556462dd6def2f8e21654ddf55aee2effa4f6e857f8ee3709339500ddc57 SHA512 269fcfd719d6c04632ae8c464e599869f02853807c81e2fc721203842d1927170d4439a3520afeb8f5017d97d5e53a2501f96d3cbd5614dcd54ff379eb2acc19 diff --git a/app-crypt/clevis/clevis-18.ebuild b/app-crypt/clevis/clevis-18.ebuild deleted file mode 100644 index da0dc96..0000000 --- a/app-crypt/clevis/clevis-18.ebuild +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright 2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit meson - -DESCRIPTION="Automated Encryption Framework" -HOMEPAGE="https://github.com/latchset/clevis" -SRC_URI="https://github.com/latchset/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="~amd64" -IUSE="+luks +tpm" - -DEPEND="luks? ( app-misc/jq ) - >=dev-libs/jose-8 - luks? ( dev-libs/libpwquality ) - luks? ( dev-libs/luksmeta ) - tpm? ( app-crypt/tpm2-tools ) - sys-fs/cryptsetup" -RDEPEND="${DEPEND}" -BDEPEND="" - -PATCHES=( - "${FILESDIR}/${PN}-dracut.patch" - "${FILESDIR}/${PN}-meson.patch" -) diff --git a/app-crypt/clevis/files/clevis-dracut.patch b/app-crypt/clevis/files/clevis-dracut.patch deleted file mode 100644 index 7aec43e..0000000 --- a/app-crypt/clevis/files/clevis-dracut.patch +++ /dev/null @@ -1,250 +0,0 @@ -From a5aa695821e34fb218c7d705065aaf7077737c8c Mon Sep 17 00:00:00 2001 -From: Jonathan Davies <jpds@protonmail.com> -Date: Fri, 5 Nov 2021 15:24:12 +0000 -Subject: [PATCH] Moved dracut directory up to top-level to decouple it with - systemd. - -Adds a clevis-luks-generic-unlocker for alternative use without systemd. - -Based on patch by Sergio Correia <scorreia@redhat.com> - -Closes: #346 - -Signed-off-by: Jonathan Davies <jpds@protonmail.com> ---- - .../dracut/clevis-pin-sss/meson.build | 0 - .../dracut/clevis-pin-sss/module-setup.sh.in | 0 - .../dracut/clevis-pin-tang/meson.build | 0 - .../dracut/clevis-pin-tang/module-setup.sh.in | 0 - .../dracut/clevis-pin-tpm2/meson.build | 0 - .../dracut/clevis-pin-tpm2/module-setup.sh.in | 0 - src/dracut/clevis/clevis-hook.sh.in | 3 + - .../clevis/clevis-luks-generic-unlocker | 70 +++++++++++++++++++ - .../systemd => }/dracut/clevis/meson.build | 1 + - .../dracut/clevis/module-setup.sh.in | 19 +++-- - src/{luks/systemd => }/dracut/meson.build | 0 - .../systemd/dracut/clevis/clevis-hook.sh.in | 2 - - src/luks/systemd/meson.build | 1 - - src/meson.build | 1 + - 14 files changed, 90 insertions(+), 7 deletions(-) - rename src/{luks/systemd => }/dracut/clevis-pin-sss/meson.build (100%) - rename src/{luks/systemd => }/dracut/clevis-pin-sss/module-setup.sh.in (100%) - rename src/{luks/systemd => }/dracut/clevis-pin-tang/meson.build (100%) - rename src/{luks/systemd => }/dracut/clevis-pin-tang/module-setup.sh.in (100%) - rename src/{luks/systemd => }/dracut/clevis-pin-tpm2/meson.build (100%) - rename src/{luks/systemd => }/dracut/clevis-pin-tpm2/module-setup.sh.in (100%) - create mode 100755 src/dracut/clevis/clevis-hook.sh.in - create mode 100755 src/dracut/clevis/clevis-luks-generic-unlocker - rename src/{luks/systemd => }/dracut/clevis/meson.build (87%) - rename src/{luks/systemd => }/dracut/clevis/module-setup.sh.in (76%) - rename src/{luks/systemd => }/dracut/meson.build (100%) - delete mode 100755 src/luks/systemd/dracut/clevis/clevis-hook.sh.in - -diff --git a/src/luks/systemd/dracut/clevis-pin-sss/meson.build b/src/dracut/clevis-pin-sss/meson.build -similarity index 100% -rename from src/luks/systemd/dracut/clevis-pin-sss/meson.build -rename to src/dracut/clevis-pin-sss/meson.build -diff --git a/src/luks/systemd/dracut/clevis-pin-sss/module-setup.sh.in b/src/dracut/clevis-pin-sss/module-setup.sh.in -similarity index 100% -rename from src/luks/systemd/dracut/clevis-pin-sss/module-setup.sh.in -rename to src/dracut/clevis-pin-sss/module-setup.sh.in -diff --git a/src/luks/systemd/dracut/clevis-pin-tang/meson.build b/src/dracut/clevis-pin-tang/meson.build -similarity index 100% -rename from src/luks/systemd/dracut/clevis-pin-tang/meson.build -rename to src/dracut/clevis-pin-tang/meson.build -diff --git a/src/luks/systemd/dracut/clevis-pin-tang/module-setup.sh.in b/src/dracut/clevis-pin-tang/module-setup.sh.in -similarity index 100% -rename from src/luks/systemd/dracut/clevis-pin-tang/module-setup.sh.in -rename to src/dracut/clevis-pin-tang/module-setup.sh.in -diff --git a/src/luks/systemd/dracut/clevis-pin-tpm2/meson.build b/src/dracut/clevis-pin-tpm2/meson.build -similarity index 100% -rename from src/luks/systemd/dracut/clevis-pin-tpm2/meson.build -rename to src/dracut/clevis-pin-tpm2/meson.build -diff --git a/src/luks/systemd/dracut/clevis-pin-tpm2/module-setup.sh.in b/src/dracut/clevis-pin-tpm2/module-setup.sh.in -similarity index 100% -rename from src/luks/systemd/dracut/clevis-pin-tpm2/module-setup.sh.in -rename to src/dracut/clevis-pin-tpm2/module-setup.sh.in -diff --git a/src/dracut/clevis/clevis-hook.sh.in b/src/dracut/clevis/clevis-hook.sh.in -new file mode 100755 -index 0000000..91ff2bd ---- /dev/null -+++ b/src/dracut/clevis/clevis-hook.sh.in -@@ -0,0 +1,3 @@ -+#!/bin/bash -+ -+@libexecdir@/clevis-luks-generic-unlocker -l -diff --git a/src/dracut/clevis/clevis-luks-generic-unlocker b/src/dracut/clevis/clevis-luks-generic-unlocker -new file mode 100755 -index 0000000..a3b9d62 ---- /dev/null -+++ b/src/dracut/clevis/clevis-luks-generic-unlocker -@@ -0,0 +1,70 @@ -+#!/bin/bash -+set -eu -+# vim: set ts=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80: -+# -+# Copyright (c) 2020-2021 Red Hat, Inc. -+# Author: Sergio Correia <scorreia@redhat.com> -+# -+# This program is free software: you can redistribute it and/or modify -+# it under the terms of the GNU General Public License as published by -+# the Free Software Foundation, either version 3 of the License, or -+# (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program. If not, see <http://www.gnu.org/licenses/>. -+# -+ -+. clevis-luks-common-functions -+ -+# Make sure to exit cleanly if SIGTERM is received. -+trap 'echo "Exiting due to SIGTERM" && exit 0' TERM -+ -+loop= -+while getopts ":l" o; do -+ case "${o}" in -+ l) loop=true;; -+ *) ;; -+ esac -+done -+ -+to_unlock() { -+ local _devices='' _d _uuid -+ for _d in $(lsblk -o PATH,FSTYPE,RM \ -+ | awk '$2 == "crypto_LUKS" && $3 == "0" { print $1 }' | sort -u); -+ do -+ if ! bindings="$(clevis luks list -d "${_d}" 2>/dev/null)" \ -+ || [ -z "${bindings}" ]; then -+ continue -+ fi -+ _uuid="$(cryptsetup luksUUID "${_d}")" -+ if clevis_is_luks_device_by_uuid_open "${_uuid}"; then -+ continue -+ fi -+ _devices="$(printf '%s\n%s' "${_devices}" "${_d}")" -+ done -+ echo "${_devices}" | sed -e 's/^\n$//' -+} -+ -+while true; do -+ for d in $(to_unlock); do -+ uuid="$(cryptsetup luksUUID "${d}")" -+ if ! clevis luks unlock -d "${d}"; then -+ echo "Unable to unlock ${d} (UUID=${uuid})" >&2 -+ continue -+ fi -+ echo "Unlocked ${d} (UUID=${uuid}) successfully" >&2 -+ done -+ -+ [ "${loop}" != true ] && break -+ # Checking for pending devices to be unlocked. -+ if remaining=$(to_unlock) && [ -z "${remaining}" ]; then -+ break; -+ fi -+ -+ sleep 0.5 -+done -diff --git a/src/luks/systemd/dracut/clevis/meson.build b/src/dracut/clevis/meson.build -similarity index 87% -rename from src/luks/systemd/dracut/clevis/meson.build -rename to src/dracut/clevis/meson.build -index 167e708..224e27f 100644 ---- a/src/luks/systemd/dracut/clevis/meson.build -+++ b/src/dracut/clevis/meson.build -@@ -16,6 +16,7 @@ if dracut.found() - install_dir: dracutdir, - configuration: data, - ) -+ install_data('clevis-luks-generic-unlocker', install_dir: libexecdir) - else - warning('Will not install dracut module due to missing dependencies!') - endif -diff --git a/src/luks/systemd/dracut/clevis/module-setup.sh.in b/src/dracut/clevis/module-setup.sh.in -similarity index 76% -rename from src/luks/systemd/dracut/clevis/module-setup.sh.in -rename to src/dracut/clevis/module-setup.sh.in -index bfe657c..dbce790 100755 ---- a/src/luks/systemd/dracut/clevis/module-setup.sh.in -+++ b/src/dracut/clevis/module-setup.sh.in -@@ -19,7 +19,11 @@ - # - - depends() { -- echo crypt systemd -+ local __depends=crypt -+ if dracut_module_included "systemd"; then -+ __depends=$(printf '%s systemd' "${_depends}") -+ fi -+ echo "${__depends}" - return 255 - } - -@@ -27,17 +31,24 @@ install() { - if dracut_module_included "systemd"; then - inst_multiple \ - $systemdsystemunitdir/clevis-luks-askpass.service \ -- $systemdsystemunitdir/clevis-luks-askpass.path -+ $systemdsystemunitdir/clevis-luks-askpass.path \ -+ @SYSTEMD_REPLY_PASS@ \ -+ @libexecdir@/clevis-luks-askpass - systemctl -q --root "$initdir" add-wants cryptsetup.target clevis-luks-askpass.path - else - inst_hook initqueue/online 60 "$moddir/clevis-hook.sh" - inst_hook initqueue/settled 60 "$moddir/clevis-hook.sh" -+ -+ inst_multiple \ -+ @libexecdir@/clevis-luks-generic-unlocker \ -+ clevis-luks-unlock \ -+ lsblk \ -+ sort \ -+ awk - fi - - inst_multiple \ - /etc/services \ -- @SYSTEMD_REPLY_PASS@ \ -- @libexecdir@/clevis-luks-askpass \ - clevis-luks-common-functions \ - grep sed cut \ - clevis-decrypt \ -diff --git a/src/luks/systemd/dracut/meson.build b/src/dracut/meson.build -similarity index 100% -rename from src/luks/systemd/dracut/meson.build -rename to src/dracut/meson.build -diff --git a/src/luks/systemd/dracut/clevis/clevis-hook.sh.in b/src/luks/systemd/dracut/clevis/clevis-hook.sh.in -deleted file mode 100755 -index cb257c9..0000000 ---- a/src/luks/systemd/dracut/clevis/clevis-hook.sh.in -+++ /dev/null -@@ -1,2 +0,0 @@ --#!/bin/bash --@libexecdir@/clevis-luks-askpass -diff --git a/src/luks/systemd/meson.build b/src/luks/systemd/meson.build -index e3b3d91..b10494e 100644 ---- a/src/luks/systemd/meson.build -+++ b/src/luks/systemd/meson.build -@@ -10,7 +10,6 @@ sd_reply_pass = find_program( - - if systemd.found() and sd_reply_pass.found() - data.set('SYSTEMD_REPLY_PASS', sd_reply_pass.path()) -- subdir('dracut') - - unitdir = systemd.get_pkgconfig_variable('systemdsystemunitdir') - -diff --git a/src/meson.build b/src/meson.build -index c4e696f..a0dff5b 100644 ---- a/src/meson.build -+++ b/src/meson.build -@@ -1,6 +1,7 @@ - subdir('bash') - subdir('luks') - subdir('pins') -+subdir('dracut') - subdir('initramfs-tools') - - bins += join_paths(meson.current_source_dir(), 'clevis-decrypt') diff --git a/app-crypt/clevis/files/clevis-meson.patch b/app-crypt/clevis/files/clevis-meson.patch deleted file mode 100644 index bfd517d..0000000 --- a/app-crypt/clevis/files/clevis-meson.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff --git a/src/luks/systemd/meson.build b/src/luks/systemd/meson.build -index b10494e3ca4d620437aee0d5e440eecf323b03d9..09f7fb51e7320aa71e275c34baa0561233821d69 100644 ---- a/src/luks/systemd/meson.build -+++ b/src/luks/systemd/meson.build -@@ -5,6 +5,7 @@ sd_reply_pass = find_program( - join_paths(get_option('prefix'), 'lib', 'systemd', 'systemd-reply-password'), - join_paths('/', 'usr', get_option('libdir'), 'systemd', 'systemd-reply-password'), - join_paths('/', 'usr', 'lib', 'systemd', 'systemd-reply-password'), -+ join_paths('/', 'lib', 'systemd', 'systemd-reply-password'), - required: false - ) diff --git a/app-crypt/clevis/metadata.xml b/app-crypt/clevis/metadata.xml deleted file mode 100644 index 4130b42..0000000 --- a/app-crypt/clevis/metadata.xml +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> -<pkgmetadata> - <maintainer type="person"> - <email>julien@jroy.ca</email> - <name>Julien Roy</name> - </maintainer> - <use> - <flag name="luks">Enable LUKS support</flag> - <flag name="tpm">Enable TPM support</flag> - </use> -</pkgmetadata> |