rpms/keylime
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Updating for Keylime release v6.4.2

Browse Source 
- Remove keylime-webapp and mark package as obsolete
- Configure tmpfiles.d
- Move common python dependencies to python3-keylime
- Change dependency from python3-gnupg to python3-gpg
- Use sysusers.d for handling user creation
This commit is contained in:
Sergio Correia 2022-07-07 12:34:15 -03:00
parent 15dee78736
commit a7cf835927
4 changed files with 32 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -16,3 +16,4 @@
/v6.3.2.tar.gz /v6.3.2.tar.gz
/v6.4.0.tar.gz /v6.4.0.tar.gz
/v6.4.1.tar.gz /v6.4.1.tar.gz
/v6.4.2.tar.gz

113
keylime.spec
View File

@ -1,7 +1,7 @@
%global srcname keylime %global srcname keylime
Name: keylime Name: keylime
Version: 6.4.1 Version: 6.4.2
Release: %autorelease Release: %autorelease
Summary: Open source TPM software for Bootstrapping and Maintaining Trust Summary: Open source TPM software for Bootstrapping and Maintaining Trust
@ -9,6 +9,7 @@ BuildArch: noarch
URL: https://github.com/keylime/keylime URL: https://github.com/keylime/keylime
Source0: https://github.com/keylime/keylime/archive/refs/tags/v%{version}.tar.gz Source0: https://github.com/keylime/keylime/archive/refs/tags/v%{version}.tar.gz
Source1: %{srcname}.sysusers
# Main program: BSD # Main program: BSD
# Icons: MIT # Icons: MIT
@ -27,9 +28,11 @@ Requires: %{srcname}-base = %{version}-%{release}
Requires: %{srcname}-verifier = %{version}-%{release} Requires: %{srcname}-verifier = %{version}-%{release}
Requires: %{srcname}-registrar = %{version}-%{release} Requires: %{srcname}-registrar = %{version}-%{release}
Requires: %{srcname}-tenant = %{version}-%{release} Requires: %{srcname}-tenant = %{version}-%{release}
Requires: %{srcname}-webapp = %{version}-%{release}
Requires: %{srcname}-tools = %{version}-%{release} Requires: %{srcname}-tools = %{version}-%{release}
# webapp was removed upstream in release 6.4.2.
Obsoletes: %{srcname}-webapp < 6.4.2
# Agent. # Agent.
Requires: keylime-agent Requires: keylime-agent
Suggests: python3-%{srcname}-agent Suggests: python3-%{srcname}-agent
@ -69,6 +72,15 @@ Conflicts: keylime < 6.3.0-3
Requires: %{srcname}-base = %{version}-%{release} Requires: %{srcname}-base = %{version}-%{release}
%{?python_provide:%python_provide python3-%{srcname}} %{?python_provide:%python_provide python3-%{srcname}}
Requires: python3-tornado
Requires: python3-sqlalchemy
Requires: python3-alembic
Requires: python3-cryptography
Requires: python3-pyyaml
Requires: python3-packaging
Requires: python3-requests
Requires: python3-gpg
Requires: python3-lark-parser
%description -n python3-%{srcname} %description -n python3-%{srcname}
The python3-keylime module implements the functionality used The python3-keylime module implements the functionality used
@ -84,18 +96,6 @@ Conflicts: keylime < 6.3.0-3
Requires: %{srcname}-base = %{version}-%{release} Requires: %{srcname}-base = %{version}-%{release}
Requires: python3-%{srcname} = %{version}-%{release} Requires: python3-%{srcname} = %{version}-%{release}
Requires: python3-tornado
Requires: python3-sqlalchemy
Requires: python3-alembic
Requires: python3-cryptography
Requires: python3-pyyaml
Requires: python3-packaging
Requires: python3-requests
Requires: python3-zmq
Requires: python3-gnupg
Requires: python3-lark-parser
%description verifier %description verifier
The Keylime Verifier continuously verifies the integrity state The Keylime Verifier continuously verifies the integrity state
of the machine that the agent is running on. of the machine that the agent is running on.
@ -110,18 +110,6 @@ Conflicts: keylime < 6.3.0-3
Requires: %{srcname}-base = %{version}-%{release} Requires: %{srcname}-base = %{version}-%{release}
Requires: python3-%{srcname} = %{version}-%{release} Requires: python3-%{srcname} = %{version}-%{release}
Requires: python3-tornado
Requires: python3-sqlalchemy
Requires: python3-alembic
Requires: python3-cryptography
Requires: python3-pyyaml
Requires: python3-packaging
Requires: python3-requests
Requires: python3-zmq
Requires: python3-gnupg
Requires: python3-lark-parser
%description registrar %description registrar
The Keylime Registrar is a database of all agents registered The Keylime Registrar is a database of all agents registered
with Keylime and hosts the public keys of the TPM vendors. with Keylime and hosts the public keys of the TPM vendors.
@ -135,22 +123,13 @@ Conflicts: keylime < 6.3.0-3
Requires: %{srcname}-base = %{version}-%{release} Requires: %{srcname}-base = %{version}-%{release}
Requires: python3-%{srcname} = %{version}-%{release} Requires: python3-%{srcname} = %{version}-%{release}
Requires: python3-psutil
Requires: python3-zmq
# Virtual Provides to support swapping between Python and Rust implementation. # Virtual Provides to support swapping between Python and Rust implementation.
Provides: keylime-agent Provides: keylime-agent
Conflicts: keylime-agent Conflicts: keylime-agent
Requires: python3-psutil
Requires: python3-tornado
Requires: python3-cryptography
Requires: python3-pyyaml
Requires: python3-packaging
Requires: python3-requests
Requires: python3-zmq
Requires: python3-gnupg
Requires: python3-lark-parser
%description -n python3-%{srcname}-agent %description -n python3-%{srcname}-agent
The Keylime Agent is deployed to the remote machine that is to be The Keylime Agent is deployed to the remote machine that is to be
measured or provisioned with secrets stored within an encrypted measured or provisioned with secrets stored within an encrypted
@ -170,31 +149,6 @@ Requires: python3-%{srcname} = %{version}-%{release}
%description tenant %description tenant
The Keylime Tenant can be used to provision a Keylime Agent. The Keylime Tenant can be used to provision a Keylime Agent.
%package webapp
Summary: The Python Keylime WebApp GUI
License: MIT
# Conflicts with the monolithic versions of the package, before the split.
Conflicts: keylime < 6.3.0-3
Requires: %{srcname}-base = %{version}-%{release}
Requires: python3-%{srcname} = %{version}-%{release}
Requires: python3-tornado
Requires: python3-cryptography
Requires: python3-pyyaml
Requires: python3-packaging
Requires: python3-requests
Requires: python3-zmq
Requires: python3-gnupg
# Conflicts with the monolithic versions of the package, before the split.
Conflicts: keylime < 6.3.0-3
%description webapp
The Keylime WebApp GUI interface can be used to provision a Keylime Agent.
%package tools %package tools
Summary: Keylime tools Summary: Keylime tools
License: MIT License: MIT
@ -205,17 +159,8 @@ Conflicts: keylime < 6.3.0-3
Requires: %{srcname}-base = %{version}-%{release} Requires: %{srcname}-base = %{version}-%{release}
Requires: python3-%{srcname} = %{version}-%{release} Requires: python3-%{srcname} = %{version}-%{release}
Requires: python3-tornado
Requires: python3-cryptography
Requires: python3-pyyaml
Requires: python3-packaging
Requires: python3-requests
Requires: python3-zmq
Requires: python3-gnupg
%description tools %description tools
The keylime tools package includes tools like the IMA emulator. The keylime tools package includes miscelaneous tools.
%prep %prep
%autosetup -S git -n %{srcname}-%{version} %autosetup -S git -n %{srcname}-%{version}
@ -248,15 +193,15 @@ install -Dpm 644 ./services/%{srcname}_registrar.service \
cp -r ./tpm_cert_store %{buildroot}%{_sharedstatedir}/keylime/ cp -r ./tpm_cert_store %{buildroot}%{_sharedstatedir}/keylime/
install -p -d %{buildroot}/%{_tmpfilesdir}
cat > %{buildroot}/%{_tmpfilesdir}/%{srcname}.conf << EOF
d %{_rundir}/%{srcname} 0700 %{srcname} %{srcname} -
EOF
install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/%{srcname}.conf
%pre base %pre base
getent group %{srcname} >/dev/null || groupadd -r %{srcname} &>/dev/null %sysusers_create_compat %{SOURCE1}
getent passwd %{srcname} >/dev/null || \
useradd -r -g %{srcname} -d %{_localstatedir}/lib/%{srcname} -s /usr/sbin/nologin \
-c "Keylime agent unprivileged user" %{srcname} &>/dev/null
# Add keylime user to tss group.
if getent group tss >/dev/null && ! groups %{srcname} | grep -q "\btss\b"; then
usermod -a -G tss %{srcname} &>/dev/null
fi
exit 0 exit 0
%posttrans base %posttrans base
@ -319,10 +264,6 @@ exit 0
%license LICENSE %license LICENSE
%{_bindir}/%{srcname}_tenant %{_bindir}/%{srcname}_tenant
%files webapp
%license LICENSE
%{_bindir}/%{srcname}_webapp
%files -n python3-%{srcname} %files -n python3-%{srcname}
%license LICENSE %license LICENSE
%{python3_sitelib}/%{srcname}-*.egg-info/ %{python3_sitelib}/%{srcname}-*.egg-info/
@ -333,12 +274,14 @@ exit 0
%{_bindir}/%{srcname}_userdata_encrypt %{_bindir}/%{srcname}_userdata_encrypt
%files base %files base
%license LICENSE keylime/static/icons/ICON-LICENSE %license LICENSE
%doc README.md %doc README.md
%config(noreplace) %attr(600,%{srcname},%{srcname}) %{_sysconfdir}/%{srcname}.conf %config(noreplace) %attr(600,%{srcname},%{srcname}) %{_sysconfdir}/%{srcname}.conf
%attr(700,%{srcname},%{srcname}) %dir %{_rundir}/%{srcname} %attr(700,%{srcname},%{srcname}) %dir %{_rundir}/%{srcname}
%attr(700,%{srcname},%{srcname}) %dir %{_localstatedir}/log/%{srcname} %attr(700,%{srcname},%{srcname}) %dir %{_localstatedir}/log/%{srcname}
%attr(700,%{srcname},%{srcname}) %{_sharedstatedir}/%{srcname} %attr(700,%{srcname},%{srcname}) %{_sharedstatedir}/%{srcname}
%{_tmpfilesdir}/%{srcname}.conf
%{_sysusersdir}/%{srcname}.conf
%files %files
%license LICENSE %license LICENSE

2
keylime.sysusers Normal file
View File

@ -0,0 +1,2 @@
u keylime - "Keylime unprivileged user" /var/lib/keylime /usr/sbin/nologin
m keylime tss

2
sources
View File

@ -1 +1 @@
SHA512 (v6.4.1.tar.gz) = 1075eacb45f27df36e16e68b6486cfb32060c86ddbf0f40b28ab59ce4a76db183c65a8d76896fe49451b5b2ba84be1b39e758d42b943fd9ec66e659be2f1d89f SHA512 (v6.4.2.tar.gz) = 7bc365b17b719c03aad76796f63c103de06c7c8a0ac1e9741cd0be460110d4da9d44c2caebb5eb1390f577d3a082d4a3d6a565bdccb46bd5c9ec060dae2bc161