163 lines
4.7 KiB
RPMSpec
163 lines
4.7 KiB
RPMSpec
# keylime-agent-rust.spec
|
|
# Generated by rust2rpm 20
|
|
|
|
%bcond_without check
|
|
|
|
%global crate keylime_agent
|
|
|
|
%if 0%{?rhel}
|
|
# RHEL: Use bundled deps as it doesn't ship Rust libraries
|
|
%global bundled_rust_deps 1
|
|
%else
|
|
# Fedora: Use only system Rust libraries
|
|
%global bundled_rust_deps 0
|
|
%endif
|
|
|
|
Name: keylime-agent-rust
|
|
Version: 0.1.0
|
|
Release: %{?autorelease}%{!?autorelease:1%{?dist}}
|
|
Summary: Rust agent for Keylime
|
|
|
|
# Upstream license specification: Apache-2.0
|
|
#
|
|
# The build dependencies have the following licenses:
|
|
#
|
|
# 0BSD or MIT or ASL 2.0
|
|
# ASL 2.0
|
|
# ASL 2.0 or Boost
|
|
# ASL 2.0 or MIT
|
|
# ASL 2.0 with exceptions
|
|
# BSD
|
|
# MIT
|
|
# MIT or ASL 2.0
|
|
# MIT or ASL 2.0 or zlib
|
|
# MIT or zlib or ASL 2.0
|
|
# Unlicense or MIT
|
|
# zlib or ASL 2.0 or MIT
|
|
#
|
|
License: ASL 2.0 and BSD and MIT
|
|
URL: https://github.com/keylime/rust-keylime/
|
|
# The source tarball is downloaded using the following commands:
|
|
# spectool -g keylime-agent-rust.spec
|
|
Source0: %{url}/archive/refs/tags/v%{version}.tar.gz
|
|
# The vendor tarball is created using cargo-vendor-filterer to remove Windows
|
|
# related files (https://github.com/cgwalters/cargo-vendor-filterer)
|
|
# tar xf rust-keylime-%%{version}.tar.gz
|
|
# cd rust-keylime-%%{version}
|
|
# cargo vendor-filterer --platform x86_64-unknown-linux-gnu \
|
|
# --platform powerpc64le-unknown-linux-gnu \
|
|
# --platform aarch64-unknown-linux-gnu \
|
|
# --platform i686-unknown-linux-gnu \
|
|
# --platform s390x-unknown-linux-gnu \
|
|
# --exclude-crate-path "libloading#tests"
|
|
# tar jcf rust-keylime-%%{version}-vendor.tar.xz vendor
|
|
Source1: rust-keylime-%{version}-vendor.tar.xz
|
|
# Fix version requirement for clap to avoid FTBFS in Fedora
|
|
Patch1: rust-keylime-metadata.patch
|
|
# Use API available on rust-config-0.12.0
|
|
Patch2: rust-keylime-config-separator.patch
|
|
|
|
ExclusiveArch: %{rust_arches}
|
|
|
|
Requires: tpm2-tss
|
|
|
|
# The keylime-base package provides the keylime user creation. It is available
|
|
# from Fedora 36
|
|
%if 0%{?fedora} >= 36
|
|
Requires: keylime-base
|
|
%endif
|
|
|
|
BuildRequires: systemd
|
|
BuildRequires: openssl-devel
|
|
BuildRequires: libarchive-devel
|
|
BuildRequires: tpm2-tss-devel
|
|
%if 0%{?bundled_rust_deps}
|
|
BuildRequires: rust-toolset
|
|
%else
|
|
BuildRequires: rust-packaging >= 21-2
|
|
%endif
|
|
|
|
# Virtual Provides to support swapping between Python and Rust implementation
|
|
Provides: keylime-agent
|
|
Conflicts: keylime-agent
|
|
|
|
%description
|
|
Rust agent for Keylime
|
|
|
|
%prep
|
|
%autosetup -n rust-keylime-%{version} -p1
|
|
%if 0%{?bundled_rust_deps}
|
|
# Source1 is vendored dependencies
|
|
%cargo_prep -V 1
|
|
%else
|
|
%cargo_prep
|
|
%generate_buildrequires
|
|
%cargo_generate_buildrequires
|
|
%endif
|
|
|
|
%build
|
|
%cargo_build
|
|
|
|
%install
|
|
%cargo_install
|
|
|
|
mkdir -p %{buildroot}/%{_sharedstatedir}/keylime
|
|
mkdir -p --mode=0700 %{buildroot}/%{_rundir}/keylime
|
|
mkdir -p --mode=0700 %{buildroot}/%{_localstatedir}/log/keylime
|
|
mkdir -p --mode=0700 %{buildroot}/%{_libexecdir}/keylime
|
|
mkdir -p --mode=0700 %{buildroot}/%{_sysconfdir}/keylime
|
|
mkdir -p --mode=0700 %{buildroot}/%{_sysconfdir}/keylime/agent.conf.d
|
|
|
|
install -Dpm 400 keylime-agent.conf \
|
|
%{buildroot}%{_sysconfdir}/keylime/agent.conf
|
|
|
|
install -Dpm 644 ./dist/systemd/system/keylime_agent.service \
|
|
%{buildroot}%{_unitdir}/keylime_agent.service
|
|
|
|
install -Dpm 644 ./dist/systemd/system/var-lib-keylime-secure.mount \
|
|
%{buildroot}%{_unitdir}/var-lib-keylime-secure.mount
|
|
|
|
# Setting up the agent to use keylime:keylime user/group after dropping privileges.
|
|
cat > %{buildroot}/%{_sysconfdir}/keylime/agent.conf.d/001-run_as.conf << EOF
|
|
[agent]
|
|
run_as = "keylime:keylime"
|
|
EOF
|
|
|
|
%posttrans
|
|
chmod 500 %{_sysconfdir}/keylime/agent.conf.d
|
|
chmod 400 %{_sysconfdir}/keylime/agent.conf.d/*.conf
|
|
chmod 500 %{_sysconfdir}/keylime
|
|
chown -R keylime:keylime %{_sysconfdir}/keylime
|
|
|
|
%preun
|
|
%systemd_preun keylime_agent.service
|
|
%systemd_preun var-lib-keylime-secure.mount
|
|
|
|
%postun
|
|
%systemd_postun_with_restart keylime_agent.service
|
|
%systemd_postun_with_restart var-lib-keylime-secure.mount
|
|
|
|
%files
|
|
%license LICENSE
|
|
%doc README.md
|
|
%attr(500,keylime,keylime) %dir %{_sysconfdir}/keylime
|
|
%attr(500,keylime,keylime) %dir %{_sysconfdir}/keylime/agent.conf.d
|
|
%config(noreplace) %attr(400,keylime,keylime) %{_sysconfdir}/keylime/agent.conf.d/001-run_as.conf
|
|
%config(noreplace) %attr(400,keylime,keylime) %{_sysconfdir}/keylime/agent.conf
|
|
%{_unitdir}/keylime_agent.service
|
|
%{_unitdir}/var-lib-keylime-secure.mount
|
|
%attr(700,keylime,keylime) %dir %{_rundir}/keylime
|
|
%attr(700,keylime,keylime) %dir %{_localstatedir}/log/keylime
|
|
%attr(700,keylime,keylime) %{_sharedstatedir}/keylime
|
|
%attr(700,keylime,keylime) %{_libexecdir}/keylime
|
|
%{_bindir}/keylime_agent
|
|
%{_bindir}/keylime_ima_emulator
|
|
|
|
%if %{with check}
|
|
%check
|
|
%cargo_test
|
|
%endif
|
|
|
|
%changelog
|
|
%autochangelog
|