Browse Source

Adjust for changes upstream

* Refresh patch queue
  No longer needed: test-exec-path, fix-manpage-add-name
  Renamed: use-socat
* Build system switched to mesa
* Use asciidoctor to build the manpages
* clevis-decrypt-http is gone
Christoph Biedl 3 years ago
parent
commit
07f4228af2

+ 0 - 1
debian/clevis-luks.install

@@ -1,5 +1,4 @@
 
-usr/bin/clevis-bind-luks
 usr/bin/clevis-luks-bind
 usr/bin/clevis-luks-unbind
 usr/bin/clevis-luks-unlock

+ 2 - 2
debian/clevis-tpm2.install

@@ -1,3 +1,3 @@
 
-src/clevis-decrypt-tpm2 usr/bin/
-src/clevis-encrypt-tpm2 usr/bin/
+usr/bin/clevis-decrypt-tpm2
+usr/bin/clevis-encrypt-tpm2

+ 1 - 1
debian/clevis-tpm2.manpages

@@ -1,2 +1,2 @@
 
-doc/clevis-encrypt-tpm2.1
+usr/share/man/man1/clevis-encrypt-tpm2.1

+ 0 - 2
debian/clevis.install

@@ -1,9 +1,7 @@
 
 usr/bin/clevis
 usr/bin/clevis-decrypt
-usr/bin/clevis-decrypt-http
 usr/bin/clevis-decrypt-sss
 usr/bin/clevis-decrypt-tang
-usr/bin/clevis-encrypt-http
 usr/bin/clevis-encrypt-sss
 usr/bin/clevis-encrypt-tang

+ 0 - 1
debian/clevis.manpages

@@ -1,6 +1,5 @@
 
 debian/tmp/usr/share/man/man1/clevis-decrypt.1
-debian/tmp/usr/share/man/man1/clevis-encrypt-http.1
 debian/tmp/usr/share/man/man1/clevis-encrypt-sss.1
 debian/tmp/usr/share/man/man1/clevis-encrypt-tang.1
 debian/tmp/usr/share/man/man1/clevis.1

+ 3 - 2
debian/control

@@ -5,6 +5,7 @@ Standards-Version: 4.1.5
 Vcs-Browser: https://git.in-ulm.de/cbiedl/clevis
 Vcs-Git: https://git.in-ulm.de/cbiedl/clevis.git
 Build-Depends: debhelper (>= 11~),
+    asciidoctor,
     curl,
     dracut (>= 047+31-1~),
     jose,
@@ -16,7 +17,7 @@ Build-Depends: debhelper (>= 11~),
     libpwquality-tools,
     libssl-dev,
     libudisks2-dev,
-    pkg-config,
+    meson,
     systemd,
     tang,
     tpm2-tools,
@@ -38,7 +39,7 @@ Description: automated encryption framework
  to provide automated decryption of data or even automated unlocking of
  LUKS volumes.
  .
- It supports tang, shamir secret sharing (SSS), and escrow using HTTP.
+ It supports tang and shamir secret sharing (SSS).
 
 Package: clevis-tpm2
 Architecture: linux-any

+ 35 - 0
debian/patches/debian.use-asciidoctor-to-build-manpages.patch

@@ -0,0 +1,35 @@
+Subject: Use asciidoctor to build the manpages
+Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
+Date: 2018-10-30
+Bug: https://github.com/latchset/tang/issues/32
+
+--- a/meson.build
++++ b/meson.build
+@@ -38,7 +38,7 @@
+ 
+ jansson = dependency('jansson', version: '>=2.10', required: false)
+ jose = dependency('jose', version: '>=8')
+-a2x = find_program('a2x', required: false)
++asciidoctor = find_program('asciidoctor', required: false)
+ 
+ bins = []
+ mans = []
+@@ -47,14 +47,14 @@
+ 
+ install_data(bins, install_dir: bindir)
+ 
+-if a2x.found()
++if asciidoctor.found()
+   foreach m : mans
+     custom_target(m.split('/')[-1], input: m + '.adoc', output: m.split('/')[-1],
+-      command: [a2x, '-f', 'manpage', '-D', meson.current_build_dir(), '@INPUT@'],
++      command: [asciidoctor, '--attribute', 'reproducible', '--backend=manpage', '-D', meson.current_build_dir(), '@INPUT@'],
+       install_dir: join_paths(get_option('mandir'), 'man' + m.split('.')[-1]),
+       install: true
+     )
+   endforeach
+ else
+   warning('Will not build man pages due to missing dependencies!')
+-endif
+\ No newline at end of file
++endif

+ 43 - 0
debian/patches/debian.use-socat.patch

@@ -0,0 +1,43 @@
+Description: Use socat in clevis-luks-askpass
+Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
+Date: 2018-10-30
+Forwarded: not-needed
+
+    Upstream assumes the nc program is ncat as provided by nmap. Since
+    nmap is a fairly huge package and does not ship a separate ncat
+    package (#881639), use socat instead for the time being.
+
+    Thanks Anthony R Fletcher <arif@mail.nih.gov> for figuring out
+    and testing.
+
+--- a/src/luks/systemd/dracut/module-setup.sh.in
++++ b/src/luks/systemd/dracut/module-setup.sh.in
+@@ -46,7 +46,7 @@
+         mktemp \
+         curl \
+         jose \
+-        nc
++        socat
+ 
+     for cmd in clevis-decrypt-tpm2 \
+ 	tpm2_createprimary \
+--- a/src/luks/systemd/clevis-luks-askpass
++++ b/src/luks/systemd/clevis-luks-askpass
+@@ -59,7 +59,7 @@
+                 metadata=true
+ 
+                 if pt="`luksmeta load -d $d -s $slot -u $UUID | clevis decrypt`"; then
+-                    echo -n "+$pt" | nc -U -u --send-only "$s"
++                    echo -n "+$pt" | socat -U "UNIX:$s" -
+                     unlocked=true
+                     break
+                 fi
+@@ -72,7 +72,7 @@
+                 metadata=true
+ 
+                 if pt=`echo -n "$jwe" | clevis decrypt`; then
+-                    echo -n "+$pt" | nc -U -u --send-only "$s"
++                    echo -n "+$pt" | socat -U "UNIX:$s" -
+                     unlocked=true
+                     break
+                 fi

+ 0 - 19
debian/patches/fix-manpage-add-name.patch

@@ -1,19 +0,0 @@
-Description: Add missing name in clevis-luks-unlockers manpage
-Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
-Date: 2017-11-06
-Forwarded: https://github.com/latchset/clevis/issues/21
-
---- a/doc/clevis-luks-unlockers.7
-+++ b/doc/clevis-luks-unlockers.7
-@@ -1,7 +1,10 @@
- .\" Automatically generated by Pandoc 1.19.1
- .\"
- .TH "CLEVIS\-LUKS\-UNLOCKERS" "7" "October 2017" "" ""
--.hy
-+.
-+.SH "NAME"
-+\fBclevis-luks-unlockers\fR \- Clevis unlockers overview
-+.
- .SH OVERVIEW
- .PP
- Clevis provides unlockers for LUKS volumes which can use LUKS policy:

+ 2 - 3
debian/patches/series

@@ -1,3 +1,2 @@
-test-exec-path.patch
-fix-manpage-add-name.patch
-use-socat.patch
+debian.use-socat.patch
+debian.use-asciidoctor-to-build-manpages.patch

+ 0 - 23
debian/patches/test-exec-path.patch

@@ -1,23 +0,0 @@
-Description: Fix path to tangd-* executables in test suite
-Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
-Date: 2017-11-06
-Forwarded: not-needed
-
---- a/tests/pin-tang
-+++ b/tests/pin-tang
-@@ -31,12 +31,12 @@
- mkdir -p $TMP/cache
- 
- # Generate the server keys
--/usr/libexec/tangd-keygen $TMP/db sig exc
--/usr/libexec/tangd-update $TMP/db $TMP/cache
-+/usr/lib/${DEB_HOST_MULTIARCH}/tangd-keygen $TMP/db sig exc
-+/usr/lib/${DEB_HOST_MULTIARCH}/tangd-update $TMP/db $TMP/cache
- 
- # Start the server
- port=`shuf -i 1024-65536 -n 1`
--$SD_ACTIVATE -l 127.0.0.1:$port -a /usr/libexec/tangd $TMP/cache &
-+$SD_ACTIVATE -l 127.0.0.1:$port -a /usr/lib/${DEB_HOST_MULTIARCH}/tangd $TMP/cache &
- export PID=$!
- sleep 0.25
- 

+ 0 - 34
debian/patches/use-socat.patch

@@ -1,34 +0,0 @@
-Description: Use socat in clevis-luks-askpass
-Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
-Date: 2017-11-28
-Forwarded: not-needed
-   
-    Upstream assumes the nc program is ncat as provided by nmap. Since
-    nmap is a fairly huge package and does not ship a separate ncat
-    package (#881639), use socat instead for the time being.
-
-    Thanks Anthony R Fletcher <arif@mail.nih.gov> for figuring out
-    and testing.
-
---- a/src/dracut/module-setup.sh.in
-+++ b/src/dracut/module-setup.sh.in
-@@ -46,7 +46,7 @@
-         mktemp \
-         curl \
-         jose \
--        nc
-+        socat
- 
-     for cmd in clevis-decrypt-tpm2 \
- 	tpm2_createprimary \
---- a/src/systemd/clevis-luks-askpass
-+++ b/src/systemd/clevis-luks-askpass
-@@ -56,7 +56,7 @@
-             metadata=true
- 
-             if pt="`luksmeta load -d $d -s $slot -u $UUID | clevis decrypt`"; then
--                echo -n "+$pt" | nc -U -u --send-only "$s"
-+                echo -n "+$pt" | socat -U "UNIX:$s" -
-                 unlocked=true
-                 break
-             fi