5a0b848dcf
- Update to aed51c7 commit - Require keylime-base on Fedora >= 36 - Update clap dependency - Drop rustc-serialize and flate2 dependencies - Make wiremock an optional dependency and re-enable tests - Fix serialization of structures in quotes to fix issue on big-endian - Add systemd services for the agent and secure mount - BuildRequire systemd for the services - Use more descriptive error messages on missing files errors - Set supplementary groups when dropping privileges - Create /usr/libexec/keylime directory Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
148 lines
4.1 KiB
RPMSpec
148 lines
4.1 KiB
RPMSpec
# keylime-agent-rust.spec
|
|
# Generated by rust2rpm 20
|
|
|
|
%bcond_without check
|
|
|
|
%global crate keylime_agent
|
|
%global crate_version 0.1.0
|
|
|
|
%global commit aed51c7c8c526953e945357594352c3df2ca4ace
|
|
%global shortcommit %(c=%{commit}; echo ${c:0:7})
|
|
%global commitdate 20220603
|
|
|
|
%if 0%{?rhel}
|
|
# RHEL: Use bundled deps as it doesn't ship Rust libraries
|
|
%global bundled_rust_deps 1
|
|
%else
|
|
# Fedora: Use only system Rust libraries
|
|
%global bundled_rust_deps 0
|
|
%endif
|
|
|
|
Name: keylime-agent-rust
|
|
Version: %{crate_version}~%{commitdate}git%{shortcommit}
|
|
Release: %{?autorelease}%{!?autorelease:1%{?dist}}
|
|
Summary: Rust agent for Keylime
|
|
|
|
# Upstream license specification: Apache-2.0
|
|
#
|
|
# The build dependencies have the following licenses:
|
|
#
|
|
# 0BSD or MIT or ASL 2.0
|
|
# ASL 2.0
|
|
# ASL 2.0 or Boost
|
|
# ASL 2.0 or MIT
|
|
# ASL 2.0 with exceptions
|
|
# BSD
|
|
# MIT
|
|
# MIT or ASL 2.0
|
|
# MIT or ASL 2.0 or zlib
|
|
# MIT or zlib or ASL 2.0
|
|
# Unlicense or MIT
|
|
# zlib or ASL 2.0 or MIT
|
|
#
|
|
License: ASL 2.0 and BSD and MIT
|
|
URL: https://github.com/keylime/rust-keylime/
|
|
# The source tarball is downloaded using the following commands:
|
|
# spectool -g keylime-agent-rust.spec
|
|
Source0: %{url}/archive/%{commit}/rust-keylime-%{version}.tar.gz
|
|
# The vendor tarball is created using cargo vendor:
|
|
# tar xf rust-keylime-%%{version}.tar.gz
|
|
# cd rust-keylime-%%{version}
|
|
# cargo vendor
|
|
# tar jcf rust-keylime-%%{version}-vendor.tar.xz vendor
|
|
Source1: rust-keylime-%{version}-vendor.tar.xz
|
|
# Drop rustc-serialize and flate2, update clap, and make wiremock optional
|
|
Patch0: rust-keylime-drop-dependencies.patch
|
|
# Add serialization functions to fix issue on big-endian arches
|
|
Patch1: rust-keylime-add-quote-serialization.patch
|
|
# Show path on missing mTLS certificate
|
|
Patch2: rust-keylime-show-path-missing-cert.patch
|
|
# Use more descriptive error messages for missing files errors
|
|
Patch3: rust-keylime-descriptive-error-messages.patch
|
|
# Set supplementary groups when dropping privileges
|
|
Patch4: rust-keylime-set-supplementary-groups.patch
|
|
|
|
ExclusiveArch: %{rust_arches}
|
|
|
|
Requires: tpm2-tss
|
|
|
|
# The keylime-base package provides the configuration file from the python
|
|
# implementation which can be used for the rust implementation. It is available
|
|
# from Fedora 36
|
|
%if 0%{?fedora} >= 36
|
|
Requires: keylime-base
|
|
%endif
|
|
|
|
BuildRequires: systemd
|
|
BuildRequires: openssl-devel
|
|
BuildRequires: libarchive-devel
|
|
BuildRequires: tpm2-tss-devel
|
|
%if 0%{?bundled_rust_deps}
|
|
BuildRequires: rust-toolset
|
|
%else
|
|
BuildRequires: rust-packaging >= 21-2
|
|
%endif
|
|
|
|
# Virtual Provides to support swapping between Python and Rust implementation
|
|
Provides: keylime-agent
|
|
Conflicts: keylime-agent
|
|
|
|
%description
|
|
Rust agent for Keylime
|
|
|
|
%prep
|
|
%autosetup -n rust-keylime-%{commit} -p1
|
|
%if 0%{?bundled_rust_deps}
|
|
# Source1 is vendored dependencies
|
|
%cargo_prep -V 1
|
|
%else
|
|
%cargo_prep
|
|
%generate_buildrequires
|
|
%cargo_generate_buildrequires
|
|
%endif
|
|
|
|
%build
|
|
%cargo_build
|
|
|
|
%install
|
|
%cargo_install
|
|
|
|
mkdir -p %{buildroot}/%{_sharedstatedir}/keylime
|
|
mkdir -p --mode=0700 %{buildroot}/%{_rundir}/keylime
|
|
mkdir -p --mode=0700 %{buildroot}/%{_localstatedir}/log/keylime
|
|
mkdir -p --mode=0700 %{buildroot}/%{_libexecdir}/keylime
|
|
|
|
install -Dpm 644 ./dist/systemd/system/keylime_agent.service \
|
|
%{buildroot}%{_unitdir}/keylime_agent.service
|
|
|
|
install -Dpm 644 ./dist/systemd/system/var-lib-keylime-secure.mount \
|
|
%{buildroot}%{_unitdir}/var-lib-keylime-secure.mount
|
|
|
|
%preun
|
|
%systemd_preun keylime_agent.service
|
|
%systemd_preun var-lib-keylime-secure.mount
|
|
|
|
%postun
|
|
%systemd_postun_with_restart keylime_agent.service
|
|
%systemd_postun_with_restart var-lib-keylime-secure.mount
|
|
|
|
%files
|
|
%license LICENSE
|
|
%doc README.md
|
|
%{_unitdir}/keylime_agent.service
|
|
%{_unitdir}/var-lib-keylime-secure.mount
|
|
%attr(700,keylime,keylime) %dir %{_rundir}/keylime
|
|
%attr(700,keylime,keylime) %dir %{_localstatedir}/log/keylime
|
|
%attr(700,keylime,keylime) %{_sharedstatedir}/keylime
|
|
%attr(700,keylime,keylime) %{_libexecdir}/keylime
|
|
%{_bindir}/keylime_agent
|
|
%{_bindir}/keylime_ima_emulator
|
|
|
|
%if %{with check}
|
|
%check
|
|
%cargo_test
|
|
%endif
|
|
|
|
%changelog
|
|
%autochangelog
|