From 54edbfeef9dbe344c1fdaafdbf0994f32717c466 Mon Sep 17 00:00:00 2001
From: importbot <releng@rockylinux.org>
Date: Fri, 18 Oct 2024 17:24:49 +0000
Subject: [PATCH] import clevis-21-4.el10
---
SPECS/clevis.spec | 41 +++++++++++++++++++++++++++++------------
1 file changed, 29 insertions(+), 12 deletions(-)
diff --git a/SPECS/clevis.spec b/SPECS/clevis.spec
index 9ffa53f..6016dd3 100644
--- a/SPECS/clevis.spec
+++ b/SPECS/clevis.spec
@@ -2,7 +2,7 @@
## (rpmautospec version 0.7.2)
## RPMAUTOSPEC: autorelease, autochangelog
%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
- release_number = 2;
+ release_number = 4;
base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
print(release_number + base_release_number - 1);
}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
@@ -58,8 +58,6 @@ Requires: jq
Requires(pre): shadow-utils
Requires(post): systemd
Requires: clevis-pin-tpm2
-Requires: pcsc-lite
-Requires: opensc
%description
Clevis is a framework for automated decryption. It allows you to encrypt
@@ -119,6 +117,17 @@ Requires: %{name}-luks%{?_isa} = %{version}-%{release}
Automatically unlocks LUKS block devices in desktop environments that
use UDisks2 or storaged (like GNOME).
+%package pin-pkcs11
+Summary: PKCS#11 for clevis
+Requires: %{name}-systemd%{?_isa} = %{version}-%{release}
+Requires: %{name}-luks%{?_isa} = %{version}-%{release}
+Requires: %{name}-dracut%{?_isa} = %{version}-%{release}
+Requires: pcsc-lite
+Requires: opensc
+
+%description pin-pkcs11
+Automatically unlocks LUKS block devices through a PKCS#11 device.
+
%prep
%autosetup -S git
@@ -150,20 +159,15 @@ exit 0
%{_bindir}/%{name}-decrypt-tpm2
%{_bindir}/%{name}-decrypt-sss
%{_bindir}/%{name}-decrypt-null
-%{_bindir}/%{name}-decrypt-pkcs11
%{_bindir}/%{name}-decrypt
%{_bindir}/%{name}-encrypt-tang
%{_bindir}/%{name}-encrypt-tpm2
%{_bindir}/%{name}-encrypt-sss
%{_bindir}/%{name}-encrypt-null
-%{_bindir}/%{name}-encrypt-pkcs11
-%{_bindir}/%{name}-pkcs11-afunix-socket-unlock
-%{_bindir}/%{name}-pkcs11-common
%{_bindir}/%{name}
%{_mandir}/man1/%{name}-encrypt-tang.1*
%{_mandir}/man1/%{name}-encrypt-tpm2.1*
%{_mandir}/man1/%{name}-encrypt-sss.1*
-%{_mandir}/man1/%{name}-encrypt-pkcs11.1*
%{_mandir}/man1/%{name}-decrypt.1*
%{_mandir}/man1/%{name}.1*
%{_sysusersdir}/clevis.conf
@@ -191,12 +195,8 @@ exit 0
%files systemd
%{_libexecdir}/%{name}-luks-askpass
%{_libexecdir}/%{name}-luks-unlocker
-%{_libexecdir}/%{name}-luks-pkcs11-askpass
-%{_libexecdir}/%{name}-luks-pkcs11-askpin
%{_unitdir}/%{name}-luks-askpass.path
%{_unitdir}/%{name}-luks-askpass.service
-%{_unitdir}/%{name}-luks-pkcs11-askpass.service
-%{_unitdir}/%{name}-luks-pkcs11-askpass.socket
%files dracut
%{_prefix}/lib/dracut/modules.d/60%{name}
@@ -204,6 +204,17 @@ exit 0
%{_prefix}/lib/dracut/modules.d/60%{name}-pin-sss/module-setup.sh
%{_prefix}/lib/dracut/modules.d/60%{name}-pin-tang/module-setup.sh
%{_prefix}/lib/dracut/modules.d/60%{name}-pin-tpm2/module-setup.sh
+
+%files pin-pkcs11
+%{_libexecdir}/%{name}-luks-pkcs11-askpass
+%{_libexecdir}/%{name}-luks-pkcs11-askpin
+%{_bindir}/%{name}-decrypt-pkcs11
+%{_bindir}/%{name}-encrypt-pkcs11
+%{_bindir}/%{name}-pkcs11-afunix-socket-unlock
+%{_bindir}/%{name}-pkcs11-common
+%{_unitdir}/%{name}-luks-pkcs11-askpass.service
+%{_unitdir}/%{name}-luks-pkcs11-askpass.socket
+%{_mandir}/man1/%{name}-encrypt-pkcs11.1*
%{_prefix}/lib/dracut/modules.d/60%{name}-pin-pkcs11/module-setup.sh
%{_prefix}/lib/dracut/modules.d/60%{name}-pin-pkcs11/%{name}-pkcs11-prehook.sh
%{_prefix}/lib/dracut/modules.d/60%{name}-pin-pkcs11/%{name}-pkcs11-hook.sh
@@ -217,6 +228,12 @@ systemctl preset %{name}-luks-askpass.path >/dev/null 2>&1 || :
%changelog
## START: Generated by rpmautospec
+* Fri Oct 18 2024 Sergio Arroutbi <sarroutb@redhat.com> - 21-4
+- Split PKCS#11 files into clevis-pin-pkcs11 package
+
+* Wed Oct 09 2024 Sergio Arroutbi <sarroutb@redhat.com> - 21-3
+- Fix clevis v21 tang functionality at boot time
+
* Tue Oct 01 2024 Sergio Arroutbi <sarroutb@redhat.com> - 21-2
- Fix clevis v21 tang functionality at boot time
--
GitLab