Blame SOURCES/0001-Fixes-for-dealing-with-newer-tang-without-tangd-upda.patch

f08250
From 16f667d9f3d649e33ca762afa1a8a7f909b953a8 Mon Sep 17 00:00:00 2001
f08250
From: Sergio Correia <scorreia@redhat.com>
f08250
Date: Sun, 25 Oct 2020 11:15:46 -0300
f08250
Subject: [PATCH] Fixes for dealing with newer tang without tangd-update
f08250
f08250
---
f08250
 src/luks/tests/meson.build               | 11 +----------
f08250
 src/luks/tests/tests-common-functions.in | 19 +++++++++++--------
f08250
 src/pins/tang/meson.build                | 11 +----------
f08250
 src/pins/tang/pin-tang                   | 11 ++++++++---
f08250
 4 files changed, 21 insertions(+), 31 deletions(-)
f08250
f08250
diff --git a/src/luks/tests/meson.build b/src/luks/tests/meson.build
f08250
index ba5f6a2..c0f9dc3 100644
f08250
--- a/src/luks/tests/meson.build
f08250
+++ b/src/luks/tests/meson.build
f08250
@@ -17,14 +17,6 @@ kgen = find_program(
f08250
   join_paths('/', 'usr', get_option('libexecdir'), 'tangd-keygen'),
f08250
   required: false
f08250
 )
f08250
-updt = find_program(
f08250
-  join_paths(libexecdir, 'tangd-update'),
f08250
-  join_paths(get_option('prefix'), get_option('libdir'), 'tangd-update'),
f08250
-  join_paths(get_option('prefix'), get_option('libexecdir'), 'tangd-update'),
f08250
-  join_paths('/', 'usr', get_option('libdir'), 'tangd-update'),
f08250
-  join_paths('/', 'usr', get_option('libexecdir'), 'tangd-update'),
f08250
-  required: false
f08250
-)
f08250
 tang = find_program(
f08250
   join_paths(libexecdir, 'tangd'),
f08250
   join_paths(get_option('prefix'), get_option('libdir'), 'tangd'),
f08250
@@ -58,11 +50,10 @@ env.prepend('PATH',
f08250
 )
f08250
 
f08250
 has_tang = false
f08250
-if actv.found() and kgen.found() and updt.found() and tang.found()
f08250
+if actv.found() and kgen.found() and tang.found()
f08250
   has_tang = true
f08250
   env.set('SD_ACTIVATE', actv.path())
f08250
   env.set('TANGD_KEYGEN', kgen.path())
f08250
-  env.set('TANGD_UPDATE', updt.path())
f08250
   env.set('TANGD', tang.path())
f08250
 endif
f08250
 
f08250
diff --git a/src/luks/tests/tests-common-functions.in b/src/luks/tests/tests-common-functions.in
f08250
index 8520715..318d007 100755
f08250
--- a/src/luks/tests/tests-common-functions.in
f08250
+++ b/src/luks/tests/tests-common-functions.in
f08250
@@ -251,18 +251,19 @@ tang_remove_rotated_keys() {
f08250
         return 1
f08250
     fi
f08250
 
f08250
-    [ -z "${TANGD_UPDATE}" ] && skip_test "WARNING: TANGD_UPDATE is not defined."
f08250
-
f08250
     local db="${basedir}/db"
f08250
-    local cache="${basedir}/cache"
f08250
     mkdir -p "${db}"
f08250
-    mkdir -p "${cache}"
f08250
+
f08250
+    if [ -n "${TANGD_UPDATE}" ]; then
f08250
+        local cache="${basedir}/cache"
f08250
+        mkdir -p "${cache}"
f08250
+    fi
f08250
 
f08250
     pushd "${db}"
f08250
         find . -name ".*.jwk" -exec rm -f {} \;
f08250
     popd
f08250
 
f08250
-    "${TANGD_UPDATE}" "${db}" "${cache}"
f08250
+    [ -n "${TANGD_UPDATE}" ] && "${TANGD_UPDATE}" "${db}" "${cache}"
f08250
     return 0
f08250
 }
f08250
 
f08250
@@ -277,12 +278,12 @@ tang_new_keys() {
f08250
     fi
f08250
 
f08250
     [ -z "${TANGD_KEYGEN}" ] && skip_test "WARNING: TANGD_KEYGEN is not defined."
f08250
-    [ -z "${TANGD_UPDATE}" ] && skip_test "WARNING: TANGD_UPDATE is not defined."
f08250
 
f08250
     local db="${basedir}/db"
f08250
-    local cache="${basedir}/cache"
f08250
     mkdir -p "${db}"
f08250
 
f08250
+    [ -n "${TANGD_UPDATE}" ] && local cache="${basedir}/cache"
f08250
+
f08250
     if [ -n "${rotate}" ]; then
f08250
         pushd "${db}"
f08250
             local k
f08250
@@ -296,7 +297,7 @@ tang_new_keys() {
f08250
     fi
f08250
 
f08250
     "${TANGD_KEYGEN}" "${db}"
f08250
-    "${TANGD_UPDATE}" "${db}" "${cache}"
f08250
+    [ -n "${TANGD_UPDATE}" ] && "${TANGD_UPDATE}" "${db}" "${cache}"
f08250
 
f08250
     return 0
f08250
 }
f08250
@@ -322,6 +323,8 @@ tang_run() {
f08250
     fi
f08250
 
f08250
     local KEYS="${basedir}/cache"
f08250
+    [ -z "${TANGD_UPDATE}" ] && KEYS="${basedir}/db"
f08250
+
f08250
     local inetd='--inetd'
f08250
     [ "${SD_ACTIVATE##*/}" = "systemd-activate" ] && inetd=
f08250
 
f08250
diff --git a/src/pins/tang/meson.build b/src/pins/tang/meson.build
f08250
index f7d8226..ebcdd4a 100644
f08250
--- a/src/pins/tang/meson.build
f08250
+++ b/src/pins/tang/meson.build
f08250
@@ -12,14 +12,6 @@ kgen = find_program(
f08250
   join_paths('/', 'usr', get_option('libexecdir'), 'tangd-keygen'),
f08250
   required: false
f08250
 )
f08250
-updt = find_program(
f08250
-  join_paths(libexecdir, 'tangd-update'),
f08250
-  join_paths(get_option('prefix'), get_option('libdir'), 'tangd-update'),
f08250
-  join_paths(get_option('prefix'), get_option('libexecdir'), 'tangd-update'),
f08250
-  join_paths('/', 'usr', get_option('libdir'), 'tangd-update'),
f08250
-  join_paths('/', 'usr', get_option('libexecdir'), 'tangd-update'),
f08250
-  required: false
f08250
-)
f08250
 tang = find_program(
f08250
   join_paths(libexecdir, 'tangd'),
f08250
   join_paths(get_option('prefix'), get_option('libdir'), 'tangd'),
f08250
@@ -35,11 +27,10 @@ if curl.found()
f08250
   bins += join_paths(meson.current_source_dir(), 'clevis-encrypt-tang')
f08250
   mans += join_paths(meson.current_source_dir(), 'clevis-encrypt-tang.1')
f08250
 
f08250
-  if actv.found() and kgen.found() and updt.found() and tang.found()
f08250
+  if actv.found() and kgen.found() and tang.found()
f08250
     env = environment()
f08250
     env.set('SD_ACTIVATE', actv.path())
f08250
     env.set('TANGD_KEYGEN', kgen.path())
f08250
-    env.set('TANGD_UPDATE', updt.path())
f08250
     env.set('TANGD', tang.path())
f08250
     env.prepend('PATH',
f08250
       join_paths(meson.source_root(), 'src'),
f08250
diff --git a/src/pins/tang/pin-tang b/src/pins/tang/pin-tang
f08250
index 98e5e4d..a63d0a2 100755
f08250
--- a/src/pins/tang/pin-tang
f08250
+++ b/src/pins/tang/pin-tang
f08250
@@ -31,8 +31,12 @@ mkdir -p "$TMP"/db
f08250
 mkdir -p "$TMP"/cache
f08250
 
f08250
 # Generate the server keys
f08250
+KEYS="$TMP"/db
f08250
 "${TANGD_KEYGEN}" "$TMP"/db sig exc
f08250
-"${TANGD_UPDATE}" "$TMP"/db "$TMP"/cache
f08250
+if which tangd-update; then
f08250
+    tangd-update "$TMP"/db "$TMP"/cache
f08250
+    KEYS="$TMP"/cache
f08250
+fi
f08250
 
f08250
 # Start the server
f08250
 port="$(shuf -i 1024-65536 -n 1)"
f08250
@@ -40,13 +44,14 @@ port="$(shuf -i 1024-65536 -n 1)"
f08250
 inetd='--inetd'
f08250
 [ "${SD_ACTIVATE##*/}" = "systemd-activate" ] && inetd=
f08250
 
f08250
-"$SD_ACTIVATE" $inetd -l 127.0.0.1:"$port" -a "$TANGD" "$TMP"/cache &
f08250
+"$SD_ACTIVATE" $inetd -l 127.0.0.1:"$port" -a "$TANGD" "$KEYS" &
f08250
 PID=$!
f08250
 sleep 0.25
f08250
 
f08250
 thp="$(jose jwk thp -i "$TMP/db/sig.jwk")"
f08250
-adv="$TMP/cache/default.jws"
f08250
 url="http://localhost:${port}"
f08250
+adv="$TMP/adv"
f08250
+curl "$url/adv" -o "$adv"
f08250
 
f08250
 cfg="$(printf '{"url":"%s","adv":"%s"}' "$url" "$adv")"
f08250
 enc="$(echo -n "hi" | clevis encrypt tang "$cfg")"
f08250
-- 
f08250
2.18.4
f08250