Updating for Keylime release v6.4.2

- Remove keylime-webapp and mark package as obsolete - Configure tmpfiles.d - Move common python dependencies to python3-keylime - Change dependency from python3-gnupg to python3-gpg - Use sysusers.d for handling user creation
2022-07-07 12:34:15 -03:00 · 2022-07-07 12:34:15 -03:00 · a7cf835927
commit a7cf835927
parent 15dee78736
4 changed files with 32 additions and 86 deletions
--- a/.gitignore
+++ b/.gitignore
@ -16,3 +16,4 @@
 /v6.3.2.tar.gz
 /v6.4.0.tar.gz
 /v6.4.1.tar.gz
+/v6.4.2.tar.gz
--- a/keylime.spec
+++ b/keylime.spec
@ -1,7 +1,7 @@
 %global srcname keylime

 Name:    keylime
-Version: 6.4.1
+Version: 6.4.2
 Release: %autorelease
 Summary: Open source TPM software for Bootstrapping and Maintaining Trust

@ -9,6 +9,7 @@ BuildArch:      noarch

 URL:            https://github.com/keylime/keylime
 Source0:        https://github.com/keylime/keylime/archive/refs/tags/v%{version}.tar.gz
+Source1:        %{srcname}.sysusers

 # Main program: BSD
 # Icons: MIT
@ -27,9 +28,11 @@ Requires: %{srcname}-base = %{version}-%{release}
 Requires: %{srcname}-verifier = %{version}-%{release}
 Requires: %{srcname}-registrar = %{version}-%{release}
 Requires: %{srcname}-tenant = %{version}-%{release}
-Requires: %{srcname}-webapp = %{version}-%{release}
 Requires: %{srcname}-tools = %{version}-%{release}

+# webapp was removed upstream in release 6.4.2.
+Obsoletes: %{srcname}-webapp < 6.4.2
+
 # Agent.
 Requires: keylime-agent
 Suggests: python3-%{srcname}-agent
@ -69,6 +72,15 @@ Conflicts: keylime < 6.3.0-3
 Requires: %{srcname}-base = %{version}-%{release}
 %{?python_provide:%python_provide python3-%{srcname}}

+Requires: python3-tornado
+Requires: python3-sqlalchemy
+Requires: python3-alembic
+Requires: python3-cryptography
+Requires: python3-pyyaml
+Requires: python3-packaging
+Requires: python3-requests
+Requires: python3-gpg
+Requires: python3-lark-parser

 %description -n python3-%{srcname}
 The python3-keylime module implements the functionality used
@ -84,18 +96,6 @@ Conflicts: keylime < 6.3.0-3
 Requires: %{srcname}-base = %{version}-%{release}
 Requires: python3-%{srcname} = %{version}-%{release}

-Requires: python3-tornado
-Requires: python3-sqlalchemy
-Requires: python3-alembic
-Requires: python3-cryptography
-Requires: python3-pyyaml
-Requires: python3-packaging
-Requires: python3-requests
-Requires: python3-zmq
-Requires: python3-gnupg
-Requires: python3-lark-parser
-
-
 %description verifier
 The Keylime Verifier continuously verifies the integrity state
 of the machine that the agent is running on.
@ -110,18 +110,6 @@ Conflicts: keylime < 6.3.0-3
 Requires: %{srcname}-base = %{version}-%{release}
 Requires: python3-%{srcname} = %{version}-%{release}

-Requires: python3-tornado
-Requires: python3-sqlalchemy
-Requires: python3-alembic
-Requires: python3-cryptography
-Requires: python3-pyyaml
-Requires: python3-packaging
-Requires: python3-requests
-Requires: python3-zmq
-Requires: python3-gnupg
-Requires: python3-lark-parser
-
-
 %description registrar
 The Keylime Registrar is a database of all agents registered
 with Keylime and hosts the public keys of the TPM vendors.
@ -135,22 +123,13 @@ Conflicts: keylime < 6.3.0-3

 Requires: %{srcname}-base = %{version}-%{release}
 Requires: python3-%{srcname} = %{version}-%{release}
+Requires: python3-psutil
+Requires: python3-zmq

 # Virtual Provides to support swapping between Python and Rust implementation.
 Provides:  keylime-agent
 Conflicts: keylime-agent

-Requires: python3-psutil
-Requires: python3-tornado
-Requires: python3-cryptography
-Requires: python3-pyyaml
-Requires: python3-packaging
-Requires: python3-requests
-Requires: python3-zmq
-Requires: python3-gnupg
-Requires: python3-lark-parser
-
-
 %description -n python3-%{srcname}-agent
 The Keylime Agent is deployed to the remote machine that is to be
 measured or provisioned with secrets stored within an encrypted
@ -170,31 +149,6 @@ Requires: python3-%{srcname} = %{version}-%{release}
 %description tenant
 The Keylime Tenant can be used to provision a Keylime Agent.

-%package webapp
-Summary: The Python Keylime WebApp GUI
-License: MIT
-
-# Conflicts with the monolithic versions of the package, before the split.
-Conflicts: keylime < 6.3.0-3
-
-Requires: %{srcname}-base = %{version}-%{release}
-Requires: python3-%{srcname} = %{version}-%{release}
-
-Requires: python3-tornado
-Requires: python3-cryptography
-Requires: python3-pyyaml
-Requires: python3-packaging
-Requires: python3-requests
-Requires: python3-zmq
-Requires: python3-gnupg
-
-# Conflicts with the monolithic versions of the package, before the split.
-Conflicts: keylime < 6.3.0-3
-
-
-%description webapp
-The Keylime WebApp GUI interface can be used to provision a Keylime Agent.
-
 %package tools
 Summary: Keylime tools
 License: MIT
@ -205,17 +159,8 @@ Conflicts: keylime < 6.3.0-3
 Requires: %{srcname}-base = %{version}-%{release}
 Requires: python3-%{srcname} = %{version}-%{release}

-Requires: python3-tornado
-Requires: python3-cryptography
-Requires: python3-pyyaml
-Requires: python3-packaging
-Requires: python3-requests
-Requires: python3-zmq
-Requires: python3-gnupg
-
-
 %description tools
-The keylime tools package includes tools like the IMA emulator.
+The keylime tools package includes miscelaneous tools.

 %prep
 %autosetup -S git -n %{srcname}-%{version}
@ -248,15 +193,15 @@ install -Dpm 644 ./services/%{srcname}_registrar.service \

 cp -r ./tpm_cert_store %{buildroot}%{_sharedstatedir}/keylime/

+install -p -d %{buildroot}/%{_tmpfilesdir}
+cat > %{buildroot}/%{_tmpfilesdir}/%{srcname}.conf << EOF
+d %{_rundir}/%{srcname} 0700 %{srcname} %{srcname} -
+EOF
+
+install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/%{srcname}.conf
+
 %pre base
-getent group %{srcname} >/dev/null || groupadd -r %{srcname} &>/dev/null
-getent passwd %{srcname} >/dev/null || \
-     useradd -r -g %{srcname} -d %{_localstatedir}/lib/%{srcname} -s /usr/sbin/nologin \
-     -c "Keylime agent unprivileged user" %{srcname} &>/dev/null
-# Add keylime user to tss group.
-if getent group tss >/dev/null && ! groups %{srcname} | grep -q "\btss\b"; then
-    usermod -a -G tss %{srcname} &>/dev/null
-fi
+%sysusers_create_compat %{SOURCE1}
 exit 0

 %posttrans base
@ -319,10 +264,6 @@ exit 0
 %license LICENSE
 %{_bindir}/%{srcname}_tenant

-%files webapp
-%license LICENSE
-%{_bindir}/%{srcname}_webapp
-
 %files -n python3-%{srcname}
 %license LICENSE
 %{python3_sitelib}/%{srcname}-*.egg-info/
@ -333,12 +274,14 @@ exit 0
 %{_bindir}/%{srcname}_userdata_encrypt

 %files base
-%license LICENSE keylime/static/icons/ICON-LICENSE
+%license LICENSE
 %doc README.md
 %config(noreplace) %attr(600,%{srcname},%{srcname}) %{_sysconfdir}/%{srcname}.conf
 %attr(700,%{srcname},%{srcname}) %dir %{_rundir}/%{srcname}
 %attr(700,%{srcname},%{srcname}) %dir %{_localstatedir}/log/%{srcname}
 %attr(700,%{srcname},%{srcname}) %{_sharedstatedir}/%{srcname}
+%{_tmpfilesdir}/%{srcname}.conf
+%{_sysusersdir}/%{srcname}.conf

 %files
 %license LICENSE
--- a/keylime.sysusers
+++ b/keylime.sysusers
@ -0,0 +1,2 @@
+u keylime -   "Keylime unprivileged user" /var/lib/keylime /usr/sbin/nologin
+m keylime tss
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (v6.4.1.tar.gz) = 1075eacb45f27df36e16e68b6486cfb32060c86ddbf0f40b28ab59ce4a76db183c65a8d76896fe49451b5b2ba84be1b39e758d42b943fd9ec66e659be2f1d89f
+SHA512 (v6.4.2.tar.gz) = 7bc365b17b719c03aad76796f63c103de06c7c8a0ac1e9741cd0be460110d4da9d44c2caebb5eb1390f577d3a082d4a3d6a565bdccb46bd5c9ec060dae2bc161