[gentoo-commits] repo/proj/guru:dev commit in: app-crypt/clevis/, app-crypt/clevis/files/ - gentoo-commits

From:	Julien Roy <julien@××××.ca>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/proj/guru:dev commit in: app-crypt/clevis/, app-crypt/clevis/files/
Date:	Thu, 07 Apr 2022 01:51:18
Message-Id:	`1649296259.36c488d3c08ebc4941e11ff13e72fa32f4d47abd.julien@gentoo`

1

commit:     36c488d3c08ebc4941e11ff13e72fa32f4d47abd

2

Author:     Julien Roy <julien <AT> jroy <DOT> ca>

3

AuthorDate: Thu Apr  7 01:50:59 2022 +0000

4

Commit:     Julien Roy <julien <AT> jroy <DOT> ca>

5

CommitDate: Thu Apr  7 01:50:59 2022 +0000

6

URL:        https://gitweb.gentoo.org/repo/proj/guru.git/commit/?id=36c488d3

7

8

app-crypt/clevis: initial import

9

10

Signed-off-by: Julien Roy <julien <AT> jroy.ca>

11

12

 app-crypt/clevis/Manifest                  |   1 +

13

 app-crypt/clevis/clevis-18.ebuild          |  32 ++++

14

 app-crypt/clevis/files/clevis-dracut.patch | 250 +++++++++++++++++++++++++++++

15

 app-crypt/clevis/metadata.xml              |  12 ++

16

 4 files changed, 295 insertions(+)

17

18

diff --git a/app-crypt/clevis/Manifest b/app-crypt/clevis/Manifest

19

new file mode 100644

20

index 000000000..cccbcfc24

21

--- /dev/null

22

+++ b/app-crypt/clevis/Manifest

23

@@ -0,0 +1 @@

24

+DIST clevis-18.tar.gz 78191 BLAKE2B 317f30df3c05a9a651363daf17b9320e47a903929af991ecfd9d4d3d630a0ab8e92815db2e5736e9b9ca7f3fb4a41f4cf198ec447f04a9849f4d2a03bb196b22 SHA512 19b6743ff61ff7e29699bbc3fb69dfa31567a37ab824629330b57c92aa89b70759d63c1770be68d4525681ec9ba56d980cae2bb1cdeee6192992ede449a0e4ff

25

26

diff --git a/app-crypt/clevis/clevis-18.ebuild b/app-crypt/clevis/clevis-18.ebuild

27

new file mode 100644

28

index 000000000..7e7b30797

29

--- /dev/null

30

+++ b/app-crypt/clevis/clevis-18.ebuild

31

@@ -0,0 +1,32 @@

32

+# Copyright 2022 Gentoo Authors

33

+# Distributed under the terms of the GNU General Public License v2

34

+

35

+EAPI=8

36

+

37

+inherit meson

38

+

39

+PATCHES=(

40

+	"${FILESDIR}/${PN}-dracut.patch"

41

+)

42

+

43

+DESCRIPTION="Automated Encryption Framework"

44

+HOMEPAGE="https://github.com/latchset/clevis"

45

+SRC_URI="https://github.com/latchset/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"

46

+

47

+LICENSE="GPL-3"

48

+SLOT="0"

49

+KEYWORDS="~amd64"

50

+IUSE="+luks +tpm"

51

+

52

+DEPEND="luks? ( app-misc/jq )

53

+	>=dev-libs/jose-8

54

+	luks? ( dev-libs/libpwquality )

55

+	luks? ( dev-libs/luksmeta )

56

+	tpm? ( app-crypt/tpm2-tools )

57

+	sys-fs/cryptsetup"

58

+RDEPEND="${DEPEND}"

59

+BDEPEND=""

60

+

61

+src_configure() {

62

+	meson_src_configure

63

+}

64

65

diff --git a/app-crypt/clevis/files/clevis-dracut.patch b/app-crypt/clevis/files/clevis-dracut.patch

66

new file mode 100644

67

index 000000000..7aec43e9e

68

--- /dev/null

69

+++ b/app-crypt/clevis/files/clevis-dracut.patch

70

@@ -0,0 +1,250 @@

71

+From a5aa695821e34fb218c7d705065aaf7077737c8c Mon Sep 17 00:00:00 2001

72

+From: Jonathan Davies <jpds@××××××××××.com>

73

+Date: Fri, 5 Nov 2021 15:24:12 +0000

74

+Subject: [PATCH] Moved dracut directory up to top-level to decouple it with

75

+ systemd.

76

+

77

+Adds a clevis-luks-generic-unlocker for alternative use without systemd.

78

+

79

+Based on patch by Sergio Correia <scorreia@××××××.com>

80

+

81

+Closes: #346

82

+

83

+Signed-off-by: Jonathan Davies <jpds@××××××××××.com>

84

+---

85

+ .../dracut/clevis-pin-sss/meson.build         |  0

86

+ .../dracut/clevis-pin-sss/module-setup.sh.in  |  0

87

+ .../dracut/clevis-pin-tang/meson.build        |  0

88

+ .../dracut/clevis-pin-tang/module-setup.sh.in |  0

89

+ .../dracut/clevis-pin-tpm2/meson.build        |  0

90

+ .../dracut/clevis-pin-tpm2/module-setup.sh.in |  0

91

+ src/dracut/clevis/clevis-hook.sh.in           |  3 +

92

+ .../clevis/clevis-luks-generic-unlocker       | 70 +++++++++++++++++++

93

+ .../systemd => }/dracut/clevis/meson.build    |  1 +

94

+ .../dracut/clevis/module-setup.sh.in          | 19 +++--

95

+ src/{luks/systemd => }/dracut/meson.build     |  0

96

+ .../systemd/dracut/clevis/clevis-hook.sh.in   |  2 -

97

+ src/luks/systemd/meson.build                  |  1 -

98

+ src/meson.build                               |  1 +

99

+ 14 files changed, 90 insertions(+), 7 deletions(-)

100

+ rename src/{luks/systemd => }/dracut/clevis-pin-sss/meson.build (100%)

101

+ rename src/{luks/systemd => }/dracut/clevis-pin-sss/module-setup.sh.in (100%)

102

+ rename src/{luks/systemd => }/dracut/clevis-pin-tang/meson.build (100%)

103

+ rename src/{luks/systemd => }/dracut/clevis-pin-tang/module-setup.sh.in (100%)

104

+ rename src/{luks/systemd => }/dracut/clevis-pin-tpm2/meson.build (100%)

105

+ rename src/{luks/systemd => }/dracut/clevis-pin-tpm2/module-setup.sh.in (100%)

106

+ create mode 100755 src/dracut/clevis/clevis-hook.sh.in

107

+ create mode 100755 src/dracut/clevis/clevis-luks-generic-unlocker

108

+ rename src/{luks/systemd => }/dracut/clevis/meson.build (87%)

109

+ rename src/{luks/systemd => }/dracut/clevis/module-setup.sh.in (76%)

110

+ rename src/{luks/systemd => }/dracut/meson.build (100%)

111

+ delete mode 100755 src/luks/systemd/dracut/clevis/clevis-hook.sh.in

112

+

113

+diff --git a/src/luks/systemd/dracut/clevis-pin-sss/meson.build b/src/dracut/clevis-pin-sss/meson.build

114

+similarity index 100%

115

+rename from src/luks/systemd/dracut/clevis-pin-sss/meson.build

116

+rename to src/dracut/clevis-pin-sss/meson.build

117

+diff --git a/src/luks/systemd/dracut/clevis-pin-sss/module-setup.sh.in b/src/dracut/clevis-pin-sss/module-setup.sh.in

118

+similarity index 100%

119

+rename from src/luks/systemd/dracut/clevis-pin-sss/module-setup.sh.in

120

+rename to src/dracut/clevis-pin-sss/module-setup.sh.in

121

+diff --git a/src/luks/systemd/dracut/clevis-pin-tang/meson.build b/src/dracut/clevis-pin-tang/meson.build

122

+similarity index 100%

123

+rename from src/luks/systemd/dracut/clevis-pin-tang/meson.build

124

+rename to src/dracut/clevis-pin-tang/meson.build

125

+diff --git a/src/luks/systemd/dracut/clevis-pin-tang/module-setup.sh.in b/src/dracut/clevis-pin-tang/module-setup.sh.in

126

+similarity index 100%

127

+rename from src/luks/systemd/dracut/clevis-pin-tang/module-setup.sh.in

128

+rename to src/dracut/clevis-pin-tang/module-setup.sh.in

129

+diff --git a/src/luks/systemd/dracut/clevis-pin-tpm2/meson.build b/src/dracut/clevis-pin-tpm2/meson.build

130

+similarity index 100%

131

+rename from src/luks/systemd/dracut/clevis-pin-tpm2/meson.build

132

+rename to src/dracut/clevis-pin-tpm2/meson.build

133

+diff --git a/src/luks/systemd/dracut/clevis-pin-tpm2/module-setup.sh.in b/src/dracut/clevis-pin-tpm2/module-setup.sh.in

134

+similarity index 100%

135

+rename from src/luks/systemd/dracut/clevis-pin-tpm2/module-setup.sh.in

136

+rename to src/dracut/clevis-pin-tpm2/module-setup.sh.in

137

+diff --git a/src/dracut/clevis/clevis-hook.sh.in b/src/dracut/clevis/clevis-hook.sh.in

138

+new file mode 100755

139

+index 0000000..91ff2bd

140

+--- /dev/null

141

++++ b/src/dracut/clevis/clevis-hook.sh.in

142

+@@ -0,0 +1,3 @@

143

++#!/bin/bash

144

++

145

++@libexecdir@/clevis-luks-generic-unlocker -l

146

+diff --git a/src/dracut/clevis/clevis-luks-generic-unlocker b/src/dracut/clevis/clevis-luks-generic-unlocker

147

+new file mode 100755

148

+index 0000000..a3b9d62

149

+--- /dev/null

150

++++ b/src/dracut/clevis/clevis-luks-generic-unlocker

151

+@@ -0,0 +1,70 @@

152

++#!/bin/bash

153

++set -eu

154

++# vim: set ts=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:

155

++#

156

++# Copyright (c) 2020-2021 Red Hat, Inc.

157

++# Author: Sergio Correia <scorreia@××××××.com>

158

++#

159

++# This program is free software: you can redistribute it and/or modify

160

++# it under the terms of the GNU General Public License as published by

161

++# the Free Software Foundation, either version 3 of the License, or

162

++# (at your option) any later version.

163

++#

164

++# This program is distributed in the hope that it will be useful,

165

++# but WITHOUT ANY WARRANTY; without even the implied warranty of

166

++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

167

++# GNU General Public License for more details.

168

++#

169

++# You should have received a copy of the GNU General Public License

170

++# along with this program.  If not, see <http://www.gnu.org/licenses/>.

171

++#

172

++

173

++. clevis-luks-common-functions

174

++

175

++# Make sure to exit cleanly if SIGTERM is received.

176

++trap 'echo "Exiting due to SIGTERM" && exit 0' TERM

177

++

178

++loop=

179

++while getopts ":l" o; do

180

++    case "${o}" in

181

++    l) loop=true;;

182

++    *) ;;

183

++    esac

184

++done

185

++

186

++to_unlock() {

187

++    local _devices='' _d _uuid

188

++    for _d in $(lsblk -o PATH,FSTYPE,RM \

189

++               | awk '$2 == "crypto_LUKS" && $3 == "0" { print $1 }' | sort -u);

190

++    do

191

++        if ! bindings="$(clevis luks list -d "${_d}" 2>/dev/null)" \

192

++                         || [ -z "${bindings}" ]; then

193

++            continue

194

++        fi

195

++        _uuid="$(cryptsetup luksUUID "${_d}")"

196

++        if clevis_is_luks_device_by_uuid_open "${_uuid}"; then

197

++            continue

198

++        fi

199

++        _devices="$(printf '%s\n%s' "${_devices}" "${_d}")"

200

++    done

201

++    echo "${_devices}" | sed -e 's/^\n$//'

202

++}

203

++

204

++while true; do

205

++    for d in $(to_unlock); do

206

++        uuid="$(cryptsetup luksUUID "${d}")"

207

++        if ! clevis luks unlock -d "${d}"; then

208

++            echo "Unable to unlock ${d} (UUID=${uuid})" >&2

209

++            continue

210

++        fi

211

++        echo "Unlocked ${d} (UUID=${uuid}) successfully" >&2

212

++    done

213

++

214

++    [ "${loop}" != true ] && break

215

++    # Checking for pending devices to be unlocked.

216

++    if remaining=$(to_unlock) && [ -z "${remaining}" ]; then

217

++        break;

218

++    fi

219

++

220

++    sleep 0.5

221

++done

222

+diff --git a/src/luks/systemd/dracut/clevis/meson.build b/src/dracut/clevis/meson.build

223

+similarity index 87%

224

+rename from src/luks/systemd/dracut/clevis/meson.build

225

+rename to src/dracut/clevis/meson.build

226

+index 167e708..224e27f 100644

227

+--- a/src/luks/systemd/dracut/clevis/meson.build

228

++++ b/src/dracut/clevis/meson.build

229

+@@ -16,6 +16,7 @@ if dracut.found()

230

+     install_dir: dracutdir,

231

+     configuration: data,

232

+   )

233

++  install_data('clevis-luks-generic-unlocker', install_dir: libexecdir)

234

+ else

235

+   warning('Will not install dracut module due to missing dependencies!')

236

+ endif

237

+diff --git a/src/luks/systemd/dracut/clevis/module-setup.sh.in b/src/dracut/clevis/module-setup.sh.in

238

+similarity index 76%

239

+rename from src/luks/systemd/dracut/clevis/module-setup.sh.in

240

+rename to src/dracut/clevis/module-setup.sh.in

241

+index bfe657c..dbce790 100755

242

+--- a/src/luks/systemd/dracut/clevis/module-setup.sh.in

243

++++ b/src/dracut/clevis/module-setup.sh.in

244

+@@ -19,7 +19,11 @@

245

+ #

246

+

247

+ depends() {

248

+-    echo crypt systemd

249

++    local __depends=crypt

250

++    if dracut_module_included "systemd"; then

251

++        __depends=$(printf '%s systemd' "${_depends}")

252

++    fi

253

++    echo "${__depends}"

254

+     return 255

255

+ }

256

+

257

+@@ -27,17 +31,24 @@ install() {

258

+     if dracut_module_included "systemd"; then

259

+         inst_multiple \

260

+             $systemdsystemunitdir/clevis-luks-askpass.service \

261

+-            $systemdsystemunitdir/clevis-luks-askpass.path

262

++            $systemdsystemunitdir/clevis-luks-askpass.path \

263

++            @SYSTEMD_REPLY_PASS@ \

264

++            @libexecdir@/clevis-luks-askpass

265

+         systemctl -q --root "$initdir" add-wants cryptsetup.target clevis-luks-askpass.path

266

+     else

267

+         inst_hook initqueue/online 60 "$moddir/clevis-hook.sh"

268

+         inst_hook initqueue/settled 60 "$moddir/clevis-hook.sh"

269

++

270

++	inst_multiple \

271

++            @libexecdir@/clevis-luks-generic-unlocker \

272

++            clevis-luks-unlock \

273

++            lsblk \

274

++            sort \

275

++            awk

276

+     fi

277

+

278

+     inst_multiple \

279

+         /etc/services \

280

+-        @SYSTEMD_REPLY_PASS@ \

281

+-        @libexecdir@/clevis-luks-askpass \

282

+         clevis-luks-common-functions \

283

+         grep sed cut \

284

+         clevis-decrypt \

285

+diff --git a/src/luks/systemd/dracut/meson.build b/src/dracut/meson.build

286

+similarity index 100%

287

+rename from src/luks/systemd/dracut/meson.build

288

+rename to src/dracut/meson.build

289

+diff --git a/src/luks/systemd/dracut/clevis/clevis-hook.sh.in b/src/luks/systemd/dracut/clevis/clevis-hook.sh.in

290

+deleted file mode 100755

291

+index cb257c9..0000000

292

+--- a/src/luks/systemd/dracut/clevis/clevis-hook.sh.in

293

++++ /dev/null

294

+@@ -1,2 +0,0 @@

295

+-#!/bin/bash

296

+-@libexecdir@/clevis-luks-askpass

297

+diff --git a/src/luks/systemd/meson.build b/src/luks/systemd/meson.build

298

+index e3b3d91..b10494e 100644

299

+--- a/src/luks/systemd/meson.build

300

++++ b/src/luks/systemd/meson.build

301

+@@ -10,7 +10,6 @@ sd_reply_pass = find_program(

302

+

303

+ if systemd.found() and sd_reply_pass.found()

304

+   data.set('SYSTEMD_REPLY_PASS', sd_reply_pass.path())

305

+-  subdir('dracut')

306

+

307

+   unitdir = systemd.get_pkgconfig_variable('systemdsystemunitdir')

308

+

309

+diff --git a/src/meson.build b/src/meson.build

310

+index c4e696f..a0dff5b 100644

311

+--- a/src/meson.build

312

++++ b/src/meson.build

313

+@@ -1,6 +1,7 @@

314

+ subdir('bash')

315

+ subdir('luks')

316

+ subdir('pins')

317

++subdir('dracut')

318

+ subdir('initramfs-tools')

319

+

320

+ bins += join_paths(meson.current_source_dir(), 'clevis-decrypt')

321

322

diff --git a/app-crypt/clevis/metadata.xml b/app-crypt/clevis/metadata.xml

323

new file mode 100644

324

index 000000000..4130b4271

325

--- /dev/null

326

+++ b/app-crypt/clevis/metadata.xml

327

@@ -0,0 +1,12 @@

328

+<?xml version="1.0" encoding="UTF-8"?>

329

+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">

330

+<pkgmetadata>

331

+	<maintainer type="person">

332

+		<email>julien@××××.ca</email>

333

+		<name>Julien Roy</name>

334

+	</maintainer>

335

+	<use>

336

+		<flag name="luks">Enable LUKS support</flag>

337

+		<flag name="tpm">Enable TPM support</flag>

338

+	</use>

339

+</pkgmetadata>

1	commit: 36c488d3c08ebc4941e11ff13e72fa32f4d47abd
2	Author: Julien Roy <julien <AT> jroy <DOT> ca>
3	AuthorDate: Thu Apr 7 01:50:59 2022 +0000
4	Commit: Julien Roy <julien <AT> jroy <DOT> ca>
5	CommitDate: Thu Apr 7 01:50:59 2022 +0000
6	URL: https://gitweb.gentoo.org/repo/proj/guru.git/commit/?id=36c488d3
7
8	app-crypt/clevis: initial import
9
10	Signed-off-by: Julien Roy <julien <AT> jroy.ca>
11
12	app-crypt/clevis/Manifest \| 1 +
13	app-crypt/clevis/clevis-18.ebuild \| 32 ++++
14	app-crypt/clevis/files/clevis-dracut.patch \| 250 +++++++++++++++++++++++++++++
15	app-crypt/clevis/metadata.xml \| 12 ++
16	4 files changed, 295 insertions(+)
17
18	diff --git a/app-crypt/clevis/Manifest b/app-crypt/clevis/Manifest
19	new file mode 100644
20	index 000000000..cccbcfc24
21	--- /dev/null
22	+++ b/app-crypt/clevis/Manifest
23	@@ -0,0 +1 @@
24	+DIST clevis-18.tar.gz 78191 BLAKE2B 317f30df3c05a9a651363daf17b9320e47a903929af991ecfd9d4d3d630a0ab8e92815db2e5736e9b9ca7f3fb4a41f4cf198ec447f04a9849f4d2a03bb196b22 SHA512 19b6743ff61ff7e29699bbc3fb69dfa31567a37ab824629330b57c92aa89b70759d63c1770be68d4525681ec9ba56d980cae2bb1cdeee6192992ede449a0e4ff
25
26	diff --git a/app-crypt/clevis/clevis-18.ebuild b/app-crypt/clevis/clevis-18.ebuild
27	new file mode 100644
28	index 000000000..7e7b30797
29	--- /dev/null
30	+++ b/app-crypt/clevis/clevis-18.ebuild
31	@@ -0,0 +1,32 @@
32	+# Copyright 2022 Gentoo Authors
33	+# Distributed under the terms of the GNU General Public License v2
34	+
35	+EAPI=8
36	+
37	+inherit meson
38	+
39	+PATCHES=(
40	+ "${FILESDIR}/${PN}-dracut.patch"
41	+)
42	+
43	+DESCRIPTION="Automated Encryption Framework"
44	+HOMEPAGE="https://github.com/latchset/clevis"
45	+SRC_URI="https://github.com/latchset/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
46	+
47	+LICENSE="GPL-3"
48	+SLOT="0"
49	+KEYWORDS="~amd64"
50	+IUSE="+luks +tpm"
51	+
52	+DEPEND="luks? ( app-misc/jq )
53	+ >=dev-libs/jose-8
54	+ luks? ( dev-libs/libpwquality )
55	+ luks? ( dev-libs/luksmeta )
56	+ tpm? ( app-crypt/tpm2-tools )
57	+ sys-fs/cryptsetup"
58	+RDEPEND="${DEPEND}"
59	+BDEPEND=""
60	+
61	+src_configure() {
62	+ meson_src_configure
63	+}
64
65	diff --git a/app-crypt/clevis/files/clevis-dracut.patch b/app-crypt/clevis/files/clevis-dracut.patch
66	new file mode 100644
67	index 000000000..7aec43e9e
68	--- /dev/null
69	+++ b/app-crypt/clevis/files/clevis-dracut.patch
70	@@ -0,0 +1,250 @@
71	+From a5aa695821e34fb218c7d705065aaf7077737c8c Mon Sep 17 00:00:00 2001
72	+From: Jonathan Davies <jpds@××××××××××.com>
73	+Date: Fri, 5 Nov 2021 15:24:12 +0000
74	+Subject: [PATCH] Moved dracut directory up to top-level to decouple it with
75	+ systemd.
76	+
77	+Adds a clevis-luks-generic-unlocker for alternative use without systemd.
78	+
79	+Based on patch by Sergio Correia <scorreia@××××××.com>
80	+
81	+Closes: #346
82	+
83	+Signed-off-by: Jonathan Davies <jpds@××××××××××.com>
84	+---
85	+ .../dracut/clevis-pin-sss/meson.build \| 0
86	+ .../dracut/clevis-pin-sss/module-setup.sh.in \| 0
87	+ .../dracut/clevis-pin-tang/meson.build \| 0
88	+ .../dracut/clevis-pin-tang/module-setup.sh.in \| 0
89	+ .../dracut/clevis-pin-tpm2/meson.build \| 0
90	+ .../dracut/clevis-pin-tpm2/module-setup.sh.in \| 0
91	+ src/dracut/clevis/clevis-hook.sh.in \| 3 +
92	+ .../clevis/clevis-luks-generic-unlocker \| 70 +++++++++++++++++++
93	+ .../systemd => }/dracut/clevis/meson.build \| 1 +
94	+ .../dracut/clevis/module-setup.sh.in \| 19 +++--
95	+ src/{luks/systemd => }/dracut/meson.build \| 0
96	+ .../systemd/dracut/clevis/clevis-hook.sh.in \| 2 -
97	+ src/luks/systemd/meson.build \| 1 -
98	+ src/meson.build \| 1 +
99	+ 14 files changed, 90 insertions(+), 7 deletions(-)
100	+ rename src/{luks/systemd => }/dracut/clevis-pin-sss/meson.build (100%)
101	+ rename src/{luks/systemd => }/dracut/clevis-pin-sss/module-setup.sh.in (100%)
102	+ rename src/{luks/systemd => }/dracut/clevis-pin-tang/meson.build (100%)
103	+ rename src/{luks/systemd => }/dracut/clevis-pin-tang/module-setup.sh.in (100%)
104	+ rename src/{luks/systemd => }/dracut/clevis-pin-tpm2/meson.build (100%)
105	+ rename src/{luks/systemd => }/dracut/clevis-pin-tpm2/module-setup.sh.in (100%)
106	+ create mode 100755 src/dracut/clevis/clevis-hook.sh.in
107	+ create mode 100755 src/dracut/clevis/clevis-luks-generic-unlocker
108	+ rename src/{luks/systemd => }/dracut/clevis/meson.build (87%)
109	+ rename src/{luks/systemd => }/dracut/clevis/module-setup.sh.in (76%)
110	+ rename src/{luks/systemd => }/dracut/meson.build (100%)
111	+ delete mode 100755 src/luks/systemd/dracut/clevis/clevis-hook.sh.in
112	+
113	+diff --git a/src/luks/systemd/dracut/clevis-pin-sss/meson.build b/src/dracut/clevis-pin-sss/meson.build
114	+similarity index 100%
115	+rename from src/luks/systemd/dracut/clevis-pin-sss/meson.build
116	+rename to src/dracut/clevis-pin-sss/meson.build
117	+diff --git a/src/luks/systemd/dracut/clevis-pin-sss/module-setup.sh.in b/src/dracut/clevis-pin-sss/module-setup.sh.in
118	+similarity index 100%
119	+rename from src/luks/systemd/dracut/clevis-pin-sss/module-setup.sh.in
120	+rename to src/dracut/clevis-pin-sss/module-setup.sh.in
121	+diff --git a/src/luks/systemd/dracut/clevis-pin-tang/meson.build b/src/dracut/clevis-pin-tang/meson.build
122	+similarity index 100%
123	+rename from src/luks/systemd/dracut/clevis-pin-tang/meson.build
124	+rename to src/dracut/clevis-pin-tang/meson.build
125	+diff --git a/src/luks/systemd/dracut/clevis-pin-tang/module-setup.sh.in b/src/dracut/clevis-pin-tang/module-setup.sh.in
126	+similarity index 100%
127	+rename from src/luks/systemd/dracut/clevis-pin-tang/module-setup.sh.in
128	+rename to src/dracut/clevis-pin-tang/module-setup.sh.in
129	+diff --git a/src/luks/systemd/dracut/clevis-pin-tpm2/meson.build b/src/dracut/clevis-pin-tpm2/meson.build
130	+similarity index 100%
131	+rename from src/luks/systemd/dracut/clevis-pin-tpm2/meson.build
132	+rename to src/dracut/clevis-pin-tpm2/meson.build
133	+diff --git a/src/luks/systemd/dracut/clevis-pin-tpm2/module-setup.sh.in b/src/dracut/clevis-pin-tpm2/module-setup.sh.in
134	+similarity index 100%
135	+rename from src/luks/systemd/dracut/clevis-pin-tpm2/module-setup.sh.in
136	+rename to src/dracut/clevis-pin-tpm2/module-setup.sh.in
137	+diff --git a/src/dracut/clevis/clevis-hook.sh.in b/src/dracut/clevis/clevis-hook.sh.in
138	+new file mode 100755
139	+index 0000000..91ff2bd
140	+--- /dev/null
141	++++ b/src/dracut/clevis/clevis-hook.sh.in
142	+@@ -0,0 +1,3 @@
143	++#!/bin/bash
144	++
145	++@libexecdir@/clevis-luks-generic-unlocker -l
146	+diff --git a/src/dracut/clevis/clevis-luks-generic-unlocker b/src/dracut/clevis/clevis-luks-generic-unlocker
147	+new file mode 100755
148	+index 0000000..a3b9d62
149	+--- /dev/null
150	++++ b/src/dracut/clevis/clevis-luks-generic-unlocker
151	+@@ -0,0 +1,70 @@
152	++#!/bin/bash
153	++set -eu
154	++# vim: set ts=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
155	++#
156	++# Copyright (c) 2020-2021 Red Hat, Inc.
157	++# Author: Sergio Correia <scorreia@××××××.com>
158	++#
159	++# This program is free software: you can redistribute it and/or modify
160	++# it under the terms of the GNU General Public License as published by
161	++# the Free Software Foundation, either version 3 of the License, or
162	++# (at your option) any later version.
163	++#
164	++# This program is distributed in the hope that it will be useful,
165	++# but WITHOUT ANY WARRANTY; without even the implied warranty of
166	++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
167	++# GNU General Public License for more details.
168	++#
169	++# You should have received a copy of the GNU General Public License
170	++# along with this program. If not, see <http://www.gnu.org/licenses/>.
171	++#
172	++
173	++. clevis-luks-common-functions
174	++
175	++# Make sure to exit cleanly if SIGTERM is received.
176	++trap 'echo "Exiting due to SIGTERM" && exit 0' TERM
177	++
178	++loop=
179	++while getopts ":l" o; do
180	++ case "${o}" in
181	++ l) loop=true;;
182	++ *) ;;
183	++ esac
184	++done
185	++
186	++to_unlock() {
187	++ local _devices='' _d _uuid
188	++ for _d in $(lsblk -o PATH,FSTYPE,RM \
189	++ \| awk '$2 == "crypto_LUKS" && $3 == "0" { print $1 }' \| sort -u);
190	++ do
191	++ if ! bindings="$(clevis luks list -d "${_d}" 2>/dev/null)" \
192	++ \|\| [ -z "${bindings}" ]; then
193	++ continue
194	++ fi
195	++ _uuid="$(cryptsetup luksUUID "${_d}")"
196	++ if clevis_is_luks_device_by_uuid_open "${_uuid}"; then
197	++ continue
198	++ fi
199	++ _devices="$(printf '%s\n%s' "${_devices}" "${_d}")"
200	++ done
201	++ echo "${_devices}" \| sed -e 's/^\n$//'
202	++}
203	++
204	++while true; do
205	++ for d in $(to_unlock); do
206	++ uuid="$(cryptsetup luksUUID "${d}")"
207	++ if ! clevis luks unlock -d "${d}"; then
208	++ echo "Unable to unlock ${d} (UUID=${uuid})" >&2
209	++ continue
210	++ fi
211	++ echo "Unlocked ${d} (UUID=${uuid}) successfully" >&2
212	++ done
213	++
214	++ [ "${loop}" != true ] && break
215	++ # Checking for pending devices to be unlocked.
216	++ if remaining=$(to_unlock) && [ -z "${remaining}" ]; then
217	++ break;
218	++ fi
219	++
220	++ sleep 0.5
221	++done
222	+diff --git a/src/luks/systemd/dracut/clevis/meson.build b/src/dracut/clevis/meson.build
223	+similarity index 87%
224	+rename from src/luks/systemd/dracut/clevis/meson.build
225	+rename to src/dracut/clevis/meson.build
226	+index 167e708..224e27f 100644
227	+--- a/src/luks/systemd/dracut/clevis/meson.build
228	++++ b/src/dracut/clevis/meson.build
229	+@@ -16,6 +16,7 @@ if dracut.found()
230	+ install_dir: dracutdir,
231	+ configuration: data,
232	+ )
233	++ install_data('clevis-luks-generic-unlocker', install_dir: libexecdir)
234	+ else
235	+ warning('Will not install dracut module due to missing dependencies!')
236	+ endif
237	+diff --git a/src/luks/systemd/dracut/clevis/module-setup.sh.in b/src/dracut/clevis/module-setup.sh.in
238	+similarity index 76%
239	+rename from src/luks/systemd/dracut/clevis/module-setup.sh.in
240	+rename to src/dracut/clevis/module-setup.sh.in
241	+index bfe657c..dbce790 100755
242	+--- a/src/luks/systemd/dracut/clevis/module-setup.sh.in
243	++++ b/src/dracut/clevis/module-setup.sh.in
244	+@@ -19,7 +19,11 @@
245	+ #
246	+
247	+ depends() {
248	+- echo crypt systemd
249	++ local __depends=crypt
250	++ if dracut_module_included "systemd"; then
251	++ __depends=$(printf '%s systemd' "${_depends}")
252	++ fi
253	++ echo "${__depends}"
254	+ return 255
255	+ }
256	+
257	+@@ -27,17 +31,24 @@ install() {
258	+ if dracut_module_included "systemd"; then
259	+ inst_multiple \
260	+ $systemdsystemunitdir/clevis-luks-askpass.service \
261	+- $systemdsystemunitdir/clevis-luks-askpass.path
262	++ $systemdsystemunitdir/clevis-luks-askpass.path \
263	++ @SYSTEMD_REPLY_PASS@ \
264	++ @libexecdir@/clevis-luks-askpass
265	+ systemctl -q --root "$initdir" add-wants cryptsetup.target clevis-luks-askpass.path
266	+ else
267	+ inst_hook initqueue/online 60 "$moddir/clevis-hook.sh"
268	+ inst_hook initqueue/settled 60 "$moddir/clevis-hook.sh"
269	++
270	++ inst_multiple \
271	++ @libexecdir@/clevis-luks-generic-unlocker \
272	++ clevis-luks-unlock \
273	++ lsblk \
274	++ sort \
275	++ awk
276	+ fi
277	+
278	+ inst_multiple \
279	+ /etc/services \
280	+- @SYSTEMD_REPLY_PASS@ \
281	+- @libexecdir@/clevis-luks-askpass \
282	+ clevis-luks-common-functions \
283	+ grep sed cut \
284	+ clevis-decrypt \
285	+diff --git a/src/luks/systemd/dracut/meson.build b/src/dracut/meson.build
286	+similarity index 100%
287	+rename from src/luks/systemd/dracut/meson.build
288	+rename to src/dracut/meson.build
289	+diff --git a/src/luks/systemd/dracut/clevis/clevis-hook.sh.in b/src/luks/systemd/dracut/clevis/clevis-hook.sh.in
290	+deleted file mode 100755
291	+index cb257c9..0000000
292	+--- a/src/luks/systemd/dracut/clevis/clevis-hook.sh.in
293	++++ /dev/null
294	+@@ -1,2 +0,0 @@
295	+-#!/bin/bash
296	+-@libexecdir@/clevis-luks-askpass
297	+diff --git a/src/luks/systemd/meson.build b/src/luks/systemd/meson.build
298	+index e3b3d91..b10494e 100644
299	+--- a/src/luks/systemd/meson.build
300	++++ b/src/luks/systemd/meson.build
301	+@@ -10,7 +10,6 @@ sd_reply_pass = find_program(
302	+
303	+ if systemd.found() and sd_reply_pass.found()
304	+ data.set('SYSTEMD_REPLY_PASS', sd_reply_pass.path())
305	+- subdir('dracut')
306	+
307	+ unitdir = systemd.get_pkgconfig_variable('systemdsystemunitdir')
308	+
309	+diff --git a/src/meson.build b/src/meson.build
310	+index c4e696f..a0dff5b 100644
311	+--- a/src/meson.build
312	++++ b/src/meson.build
313	+@@ -1,6 +1,7 @@
314	+ subdir('bash')
315	+ subdir('luks')
316	+ subdir('pins')
317	++subdir('dracut')
318	+ subdir('initramfs-tools')
319	+
320	+ bins += join_paths(meson.current_source_dir(), 'clevis-decrypt')
321
322	diff --git a/app-crypt/clevis/metadata.xml b/app-crypt/clevis/metadata.xml
323	new file mode 100644
324	index 000000000..4130b4271
325	--- /dev/null
326	+++ b/app-crypt/clevis/metadata.xml
327	@@ -0,0 +1,12 @@
328	+<?xml version="1.0" encoding="UTF-8"?>
329	+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
330	+<pkgmetadata>
331	+ <maintainer type="person">
332	+ <email>julien@××××.ca</email>
333	+ <name>Julien Roy</name>
334	+ </maintainer>
335	+ <use>
336	+ <flag name="luks">Enable LUKS support</flag>
337	+ <flag name="tpm">Enable TPM support</flag>
338	+ </use>
339	+</pkgmetadata>

Gentoo Archives: gentoo-commits