Reimplementation of clevis, supporting only decryption and tang, as a binary. See clevis
This project was created for the following reasons:
- Remove the dependency on bash and support distro-less containers
- Add the ability to retry the tang /rec api call untill success
- Output the PT to a named pipe.
The library requires a number of external module and are directly included herein via git's submodule OR via vcpkg (which itself is included as a submodule). You may need to run the following command to pull submodule (particularly submodules of submodules).
git submodule update --init --recursivemake bootstrap <-- Only on first time
make clean <-- Not necessary when the first time
make configure <-- First time, or if you change any of the cmake related files.
make buildThis will produce a fully static binary, based on the MUSL tool-chain.
make buildImageYou can also create a local docker image using (which implicitely calls buildImage)
make packageDocker