Bug 1868602 - Review Request: clevis-pin-tpm2 - Clevis PIN for unlocking with TPM2 supporting Authorized Policies
Summary: Review Request: clevis-pin-tpm2 - Clevis PIN for unlocking with TPM2 supporti...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: ---
Assignee: Zbigniew Jędrzejewski-Szmek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: rust-tss-esapi rust-biscuit rust-tpm2-policy 2030272
Blocks: IoT
TreeView+ depends on / blocked
 
Reported: 2020-08-13 09:00 UTC by Peter Robinson
Modified: 2021-12-08 11:05 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-08-25 10:36:53 UTC
Type: Bug
Embargoed:
zbyszek: fedora-review+

Attachments (Terms of Use)

Description Peter Robinson 2020-08-13 09:00:28 UTC 
SPEC: https://pbrobinson.fedorapeople.org/clevis-pin-tpm2.spec
SRPM: https://pbrobinson.fedorapeople.org/clevis-pin-tpm2-0.1.1-1.fc32.src.rpm

Description:
Clevis PIN for unlocking with TPM2 supporting Authorized Policies

FAS: pbrobinson
Comment 1 Zbigniew Jędrzejewski-Szmek 2020-08-19 08:49:12 UTC 
The license needs to be approved. There's a thread of fedora-legal from June about it. I sent a reminder.

Then, the license will need to be added to rust2rpm so it is translated properly from the SPDX tag. That
isn't blocking, it can be adjusted manually until rust2rpm is updated.
Comment 2 Zbigniew Jędrzejewski-Szmek 2020-08-19 14:59:31 UTC 
The license has been approved.

+ package name is OK
+ license is acceptable for Fedora (EUPL-1.2)
- license is specified correctly: needs to be "EUPL 1.2"
+ builds and installs OK
+ spec file is generated by rust2rpm, so it should be OK

rpmlint:
clevis-pin-tpm2-debuginfo.x86_64: W: invalid-license EUPL-1.2
See above.

clevis-pin-tpm2-debuginfo.x86_64: W: invalid-url URL: https://github.com/fedora-iot/clevis-pin-tpm2/ <urlopen error [Errno -3] Temporary failure in name resolution>
False positive.

clevis-pin-tpm2.x86_64: W: incoherent-version-in-changelog 0.0.1-1 ['0.1.1-1.fc34', '0.1.1-1']
Please fix.

clevis-pin-tpm2.x86_64: W: ldd-failed /usr/bin/clevis-pin-tpm2
I guess it's related to rust and static linking. Probably not an issue.

clevis-pin-tpm2.x86_64: W: no-documentation
clevis-pin-tpm2.x86_64: E: non-standard-executable-perm /usr/bin/clevis-pin-tpm2 555
Yeah, 0755 is expected.

clevis-pin-tpm2.x86_64: W: no-manual-page-for-binary clevis-pin-tpm2
3 packages and 0 specfiles checked; 1 errors, 10 warnings.
Comment 3 Zbigniew Jędrzejewski-Szmek 2020-08-19 15:18:14 UTC 
> clevis-pin-tpm2.x86_64: W: ldd-failed /usr/bin/clevis-pin-tpm2
> I guess it's related to rust and static linking. Probably not an issue.
Actually it's the mock/systemd-nspawn/glibc-2.32 issue. The binary is OK.
Comment 4 Peter Robinson 2020-08-20 09:33:55 UTC 
Seeing a build fail on 32 bit arches, filed bug for upstream:
https://koji.fedoraproject.org/koji/taskinfo?taskID=49639122
https://github.com/fedora-iot/clevis-pin-tpm2/issues/2
Comment 5 Peter Robinson 2020-08-21 10:21:32 UTC 
SPEC: https://pbrobinson.fedorapeople.org/clevis-pin-tpm2.spec
SRPM: https://pbrobinson.fedorapeople.org/clevis-pin-tpm2-0.1.2-1.fc32.src.rpm

koji: https://koji.fedoraproject.org/koji/taskinfo?taskID=49786522
Comment 6 Zbigniew Jędrzejewski-Szmek 2020-08-21 12:15:11 UTC 
License is still wrong, should be "EUPL 1.2", please fix before uploading.

$ rpmlint clevis-pin-tpm2-0.1.2-1.fc34.x86_64.rpm
clevis-pin-tpm2.x86_64: W: invalid-license EUPL-1.2
clevis-pin-tpm2.x86_64: W: no-documentation
clevis-pin-tpm2.x86_64: W: no-manual-page-for-binary clevis-pin-tpm2
1 packages and 0 specfiles checked; 0 errors, 3 warnings.

Package is APPROVED.
Comment 7 Gwyn Ciesla 2020-08-21 13:37:14 UTC 
(fedscm-admin):  The Pagure repository was created at https://src.fedoraproject.org/rpms/clevis-pin-tpm2
Note You need to log in before you can comment on or make changes to this bug.