Initial commit on c9s

Added gating.yaml

Resolves: RHEL-68141

.gitignore

@@ -0,0 +1,2 @@
+/guest-components-0061d03.tar.gz
+/trustee-guest-components-0.10.0_124.git0061d03-vendor.tar.xz

0001-Fedora-Remove-workspace-members-which-are-not-built.patch

@@ -0,0 +1,40 @@
+From 8f7ad9ce8eac9f9bb4f7fbae37f56bef3dd4f597 Mon Sep 17 00:00:00 2001
+From: Uri Lublin <uril@redhat.com>
+Date: Mon, 28 Oct 2024 20:00:25 +0200
+Subject: [PATCH] Fedora: Remove workspace members which are not built
+Content-type: text/plain
+
+The trustee-attester is currently under kbs_protocol.
+The 2 attestation-agent's deps and attester are BuildRequired.
+
+Signed-off-by: Uri Lublin <uril@redhat.com>
+---
+ Cargo.toml | 8 --------
+ 1 file changed, 8 deletions(-)
+
+diff --git a/Cargo.toml b/Cargo.toml
+index 4c239ae..e10cdbe 100644
+--- a/Cargo.toml
++++ b/Cargo.toml
+@@ -1,18 +1,10 @@
+ [workspace]
+ resolver = "2"
+ members = [
+-    "api-server-rest",
+-    "attestation-agent/attestation-agent",
+-    "attestation-agent/kbc",
+     "attestation-agent/kbs_protocol",
+     "attestation-agent/attester",
+     "attestation-agent/deps/resource_uri",
+     "attestation-agent/deps/crypto",
+-    "attestation-agent/deps/sev",
+-    "attestation-agent/coco_keyprovider",
+-    "confidential-data-hub/hub",
+-    "image-rs",
+-    "ocicrypt-rs",
+ ]
+ 
+ [workspace.dependencies]
+-- 
+2.47.1
+

0002-Fedora-AA-deps-crypto-default-to-openssl.patch

@@ -0,0 +1,79 @@
+From 0ff9eeb8ffc5a88732f75a84145bb07cd2b88bfc Mon Sep 17 00:00:00 2001
+From: Uri Lublin <uril@redhat.com>
+Date: Tue, 10 Dec 2024 01:25:48 +0200
+Subject: [PATCH] Fedora: AA/deps/crypto: default to openssl
+Content-type: text/plain
+
+Do not use "vendored" openssl
+
+Remove some rust-crypto dependencies
+
+Signed-off-by: Uri Lublin <uril@redhat.com>
+---
+ Cargo.toml                               |  4 ----
+ attestation-agent/deps/crypto/Cargo.toml | 11 ++++-------
+ 2 files changed, 4 insertions(+), 11 deletions(-)
+
+diff --git a/Cargo.toml b/Cargo.toml
+index e10cdbe..bb4a534 100644
+--- a/Cargo.toml
++++ b/Cargo.toml
+@@ -8,8 +8,6 @@ members = [
+ ]
+ 
+ [workspace.dependencies]
+-aes = "0.8.3"
+-aes-gcm = "0.10.2"
+ anyhow = "1.0"
+ assert-json-diff = "2.0"
+ assert_cmd = "2"
+@@ -22,7 +20,6 @@ chrono = "0.4.26"
+ clap = "~4.2.7"
+ config = "0.14.1"
+ const_format = "0.2.33"
+-ctr = "0.9.2"
+ env_logger = "0.11.5"
+ hex = "0.4.3"
+ hmac = "0.12.1"
+@@ -38,7 +35,6 @@ rand = "0.8.5"
+ reqwest = { version = "0.12", default-features = false }
+ resource_uri = { path = "attestation-agent/deps/resource_uri" }
+ ring = "0.17"
+-rsa = "0.9.7"
+ rstest = "0.17"
+ serde = { version = "1.0", features = ["derive"] }
+ serde_with = { version = "1.11.0", features = ["base64"] }
+diff --git a/attestation-agent/deps/crypto/Cargo.toml b/attestation-agent/deps/crypto/Cargo.toml
+index 18c4143..2119bc1 100644
+--- a/attestation-agent/deps/crypto/Cargo.toml
++++ b/attestation-agent/deps/crypto/Cargo.toml
+@@ -6,14 +6,11 @@ publish = false
+ edition = "2021"
+ 
+ [dependencies]
+-aes-gcm = { workspace = true, optional = true }
+ anyhow.workspace = true
+ base64.workspace = true
+-ctr = { workspace = true, optional = true }
+ kbs-types.workspace = true
+-openssl = { workspace = true, features = ["vendored"], optional = true}
++openssl = { workspace = true, optional = true}
+ rand.workspace = true
+-rsa = { workspace = true, optional = true }
+ serde.workspace = true
+ serde_json.workspace = true
+ sha2.workspace = true
+@@ -24,6 +21,6 @@ zeroize.workspace = true
+ rstest.workspace = true
+ 
+ [features]
+-default = ["rust-crypto"]
+-rust-crypto = ["dep:aes-gcm", "ctr", "rsa"]
+-openssl = ["dep:openssl"]
+\ No newline at end of file
++default = ["openssl"]
++rust-crypto = []
++openssl = ["dep:openssl"]
+-- 
+2.47.1
+

0003-Fedora-kbs_protocol-Cargo.toml-reqwest-use-native-TL.patch

@@ -0,0 +1,27 @@
+From 14e07d79ce3218f9cb52118194e1b579df55a3c2 Mon Sep 17 00:00:00 2001
+From: Uri Lublin <uril@redhat.com>
+Date: Mon, 28 Oct 2024 20:03:22 +0200
+Subject: [PATCH] Fedora: kbs_protocol/Cargo.toml: reqwest: use native TLS not
+ vendored
+Content-type: text/plain
+
+Signed-off-by: Uri Lublin <uril@redhat.com>
+---
+ attestation-agent/kbs_protocol/Cargo.toml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/attestation-agent/kbs_protocol/Cargo.toml b/attestation-agent/kbs_protocol/Cargo.toml
+index 667969a..92fccce 100644
+--- a/attestation-agent/kbs_protocol/Cargo.toml
++++ b/attestation-agent/kbs_protocol/Cargo.toml
+@@ -61,6 +61,6 @@ cca-attester = ["attester/cca-attester"]
+ se-attester  = ["attester/se-attester"]
+ 
+ rust-crypto = ["reqwest/rustls-tls", "crypto/rust-crypto"]
+-openssl = ["reqwest/native-tls-vendored", "crypto/openssl"]
++openssl = ["reqwest/native-tls", "crypto/openssl"]
+ 
+ bin = ["tokio/rt", "tokio/macros", "clap", "env_logger"]
+-- 
+2.47.1
+

0004-Fedora-remove-jwt-simple-dependency.patch

@@ -0,0 +1,95 @@
+From 5325bd8707afb0ac8504c5e845c96c62f8cd4b93 Mon Sep 17 00:00:00 2001
+From: Uri Lublin <uril@redhat.com>
+Date: Tue, 10 Sep 2024 17:17:03 +0300
+Subject: [PATCH] Fedora: remove jwt-simple dependency
+Content-type: text/plain
+
+jwt-simple requires some crypto crates.
+
+The code checks time validity. Use std::time instead for this.
+
+Signed-off-by: Uri Lublin <uril@redhat.com>
+---
+ Cargo.toml                                    |  1 -
+ attestation-agent/kbs_protocol/Cargo.toml     |  1 -
+ .../kbs_protocol/src/token_provider/mod.rs    | 19 +++++++++----------
+ 3 files changed, 9 insertions(+), 12 deletions(-)
+
+diff --git a/Cargo.toml b/Cargo.toml
+index bb4a534..db72ef9 100644
+--- a/Cargo.toml
++++ b/Cargo.toml
+@@ -23,7 +23,6 @@ const_format = "0.2.33"
+ env_logger = "0.11.5"
+ hex = "0.4.3"
+ hmac = "0.12.1"
+-jwt-simple = { version = "0.12", default-features = false, features = ["pure-rust"] }
+ kbs-types = "0.7.0"
+ lazy_static = "1.5.0"
+ log = "0.4.22"
+diff --git a/attestation-agent/kbs_protocol/Cargo.toml b/attestation-agent/kbs_protocol/Cargo.toml
+index 92fccce..d012487 100644
+--- a/attestation-agent/kbs_protocol/Cargo.toml
++++ b/attestation-agent/kbs_protocol/Cargo.toml
+@@ -13,7 +13,6 @@ base64.workspace = true
+ clap = { workspace = true, features = ["derive"], optional = true }
+ crypto = { path = "../deps/crypto", default-features = false }
+ env_logger = { workspace = true, optional = true }
+-jwt-simple.workspace = true
+ kbs-types.workspace = true
+ log.workspace = true
+ protobuf = { workspace = true, optional = true}
+diff --git a/attestation-agent/kbs_protocol/src/token_provider/mod.rs b/attestation-agent/kbs_protocol/src/token_provider/mod.rs
+index 8f4d7ae..844680c 100644
+--- a/attestation-agent/kbs_protocol/src/token_provider/mod.rs
++++ b/attestation-agent/kbs_protocol/src/token_provider/mod.rs
+@@ -14,11 +14,9 @@ pub use aa::*;
+ use anyhow::*;
+ use async_trait::async_trait;
+ use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine};
+-use jwt_simple::{
+-    claims::JWTClaims,
+-    prelude::{Clock, UnixTimeStamp},
+-};
+ use serde_json::Value;
++use std::time::SystemTime;
++
+ 
+ use crate::keypair::TeeKeyPair;
+ 
+@@ -33,8 +31,8 @@ pub trait TokenProvider: Send + Sync {
+ #[derive(Clone, Debug)]
+ pub struct Token {
+     pub content: String,
+-    exp: Option<UnixTimeStamp>,
+-    nbf: Option<UnixTimeStamp>,
++    exp: Option<u64>,
++    nbf: Option<u64>,
+ }
+ 
+ impl Token {
+@@ -44,16 +42,17 @@ impl Token {
+             .nth(1)
+             .ok_or_else(|| anyhow!("illegal token format"))?;
+         let claims = URL_SAFE_NO_PAD.decode(claims_b64)?;
+-        let claims = serde_json::from_slice::<JWTClaims<Value>>(&claims)?;
++        let claims = serde_json::from_slice::<Value>(&claims)?;
+         Ok(Self {
+             content: token,
+-            exp: claims.expires_at,
+-            nbf: claims.invalid_before,
++            exp: claims["exp"].as_u64(),
++            nbf: claims["nbf"].as_u64(),
+         })
+     }
+ 
+     pub fn check_valid(&self) -> Result<()> {
+-        let now = Clock::now_since_epoch();
++        let now = SystemTime::now().duration_since(SystemTime::UNIX_EPOCH)
++            .unwrap().as_secs();
+         if let Some(exp) = self.exp {
+             if exp < now {
+                 bail!("token expired");
+-- 
+2.47.1
+

0005-Fedora-remove-ttrpc-dependency.patch

@@ -0,0 +1,59 @@
+From 45401917ccabca38112fb4be23193f5230e90867 Mon Sep 17 00:00:00 2001
+From: Uri Lublin <uril@redhat.com>
+Date: Tue, 10 Dec 2024 01:38:24 +0200
+Subject: [PATCH] Fedora: remove ttrpc dependency
+Content-type: text/plain
+
+Not required and not in Fedora
+
+Signed-off-by: Uri Lublin <uril@redhat.com>
+---
+ Cargo.toml                                | 2 --
+ attestation-agent/kbs_protocol/Cargo.toml | 4 +---
+ 2 files changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/Cargo.toml b/Cargo.toml
+index db72ef9..e7dc965 100644
+--- a/Cargo.toml
++++ b/Cargo.toml
+@@ -48,8 +48,6 @@ tokio = "1.42"
+ toml = "0.8.19"
+ tonic = "0.12"
+ tonic-build = "0.12"
+-ttrpc = "0.8.2"
+-ttrpc-codegen = "0.4.2"
+ url = "2.5.4"
+ uuid = "1"
+ zeroize = "1.5.7"
+diff --git a/attestation-agent/kbs_protocol/Cargo.toml b/attestation-agent/kbs_protocol/Cargo.toml
+index d012487..ab86141 100644
+--- a/attestation-agent/kbs_protocol/Cargo.toml
++++ b/attestation-agent/kbs_protocol/Cargo.toml
+@@ -23,7 +23,6 @@ serde_json.workspace = true
+ sha2.workspace = true
+ thiserror.workspace = true
+ tokio.workspace = true
+-ttrpc = { workspace = true, optional = true}
+ url.workspace = true
+ zeroize.workspace = true
+ 
+@@ -35,7 +34,6 @@ testcontainers.workspace = true
+ tokio = { workspace = true, features = [ "rt", "macros", "fs", "process" ]}
+ 
+ [build-dependencies]
+-ttrpc-codegen = { workspace = true, optional = true }
+ 
+ [[bin]]
+ name = "trustee-attester"
+@@ -46,7 +44,7 @@ default = ["background_check", "passport", "rust-crypto", "all-attesters"]
+ 
+ passport = []
+ # use a client of attestation-agent to get token for kbs
+-aa_token = ["ttrpc-codegen", "passport", "ttrpc/async", "protobuf"]
++aa_token = []
+ 
+ background_check = ["tokio/time"]
+ all-attesters = ["attester/all-attesters"]
+-- 
+2.47.1
+

0006-Fedora-attester-pick-attesters-in-all-attesters.patch

@@ -0,0 +1,80 @@
+From 5cc40f98248d57bc203425ff994253ab4ef09b95 Mon Sep 17 00:00:00 2001
+From: Uri Lublin <uril@redhat.com>
+Date: Tue, 10 Dec 2024 02:41:17 +0200
+Subject: [PATCH] Fedora: attester: pick attesters in all-attesters
+Content-type: text/plain
+
+Currently: snp, az-snp-vtpm and az-tdx-vtpm
+
+Remove all dependencies of non-built attesters
+
+Some require additional dependencies that are not in Fedora
+
+Signed-off-by: Uri Lublin <uril@redhat.com>
+---
+ attestation-agent/attester/Cargo.toml | 26 +++++---------------------
+ 1 file changed, 5 insertions(+), 21 deletions(-)
+
+diff --git a/attestation-agent/attester/Cargo.toml b/attestation-agent/attester/Cargo.toml
+index f371e3a..4e16347 100644
+--- a/attestation-agent/attester/Cargo.toml
++++ b/attestation-agent/attester/Cargo.toml
+@@ -15,22 +15,11 @@ clap = { workspace = true, features = ["derive"], optional = true }
+ hex.workspace = true
+ kbs-types.workspace = true
+ log.workspace = true
+-occlum_dcap = { git = "https://github.com/occlum/occlum", tag = "v0.29.7", optional = true }
+-pv = { version = "0.10.0", package = "s390_pv", optional = true }
+-scroll = { version = "0.12.0", default-features = false, features = ["derive", "std"], optional = true }
+ serde.workspace = true
+ serde_json.workspace = true
+ serde_with.workspace = true
+ sev = { version = "4.0.0", default-features = false, features = ["snp"], optional = true }
+-sha2.workspace = true
+-strum.workspace = true
+-tdx-attest-rs = { git = "https://github.com/intel/SGXDataCenterAttestationPrimitives", tag = "DCAP_1.22", optional = true }
+ thiserror.workspace = true
+-# TODO: change it to "0.1", once released.
+-csv-rs = { git = "https://github.com/openanolis/csv-rs", rev = "3045440", optional = true }
+-codicon = { version = "3.0", optional = true }
+-hyper = { version = "0.14", features = ["full"], optional = true }
+-hyper-tls = { version = "0.5", optional = true }
+ tokio = { version = "1", features = ["full"], optional = true }
+ tempfile = { workspace = true, optional = true }
+ 
+@@ -45,27 +34,22 @@ required-features = ["bin"]
+ [features]
+ default = ["all-attesters"]
+ all-attesters = [
+-    "tdx-attester",
+-    "sgx-attester",
+     "az-snp-vtpm-attester",
+     "az-tdx-vtpm-attester",
+     "snp-attester",
+-    "csv-attester",
+-    "cca-attester",
+-    "se-attester",
+ ]
+ 
+ # tsm-report enables a module that helps attesters to use Linux TSM_REPORTS for generating
+ # quotes. It's an unconditional dependency for tdx-attester since that is the only way to
+ # generate TDX quotes with upstream kernels.
+ tsm-report = ["tempfile"]
+-tdx-attester = ["scroll", "tsm-report", "tdx-attest-rs"]
+-sgx-attester = ["occlum_dcap"]
++tdx-attester = []
++sgx-attester = []
+ az-snp-vtpm-attester = ["az-snp-vtpm"]
+ az-tdx-vtpm-attester = ["az-snp-vtpm-attester", "az-tdx-vtpm"]
+ snp-attester = ["sev"]
+-csv-attester = ["csv-rs", "codicon", "hyper", "hyper-tls", "tokio"]
+-cca-attester = ["tsm-report"]
+-se-attester  = ["pv"]
++csv-attester = []
++cca-attester = []
++se-attester  = []
+ 
+ bin = ["tokio/rt", "tokio/macros", "clap"]
+-- 
+2.47.1
+

0007-Fedora-remove-testcontainers-dependency.patch

@@ -0,0 +1,57 @@
+From c7c063bd76b9b1c8befb514b77b4524a40015066 Mon Sep 17 00:00:00 2001
+From: Uri Lublin <uril@redhat.com>
+Date: Tue, 10 Dec 2024 02:50:53 +0200
+Subject: [PATCH] Fedora: remove testcontainers dependency
+Content-type: text/plain
+
+Not in Fedora.
+Skip tests that use it.
+
+Signed-off-by: Uri Lublin <uril@redhat.com>
+---
+ Cargo.toml                                               | 1 -
+ attestation-agent/kbs_protocol/Cargo.toml                | 1 -
+ attestation-agent/kbs_protocol/src/client/rcar_client.rs | 3 ++-
+ 3 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/Cargo.toml b/Cargo.toml
+index e7dc965..7fb9b15 100644
+--- a/Cargo.toml
++++ b/Cargo.toml
+@@ -42,7 +42,6 @@ serial_test = "3"
+ sha2 = "0.10.7"
+ strum = { version = "0.26", features = ["derive"] }
+ tempfile = "3.14"
+-testcontainers = "0.14"
+ thiserror = "2.0"
+ tokio = "1.42"
+ toml = "0.8.19"
+diff --git a/attestation-agent/kbs_protocol/Cargo.toml b/attestation-agent/kbs_protocol/Cargo.toml
+index ab86141..e29be9c 100644
+--- a/attestation-agent/kbs_protocol/Cargo.toml
++++ b/attestation-agent/kbs_protocol/Cargo.toml
+@@ -30,7 +30,6 @@ zeroize.workspace = true
+ rstest.workspace = true
+ serial_test.workspace = true
+ tempfile.workspace = true
+-testcontainers.workspace = true
+ tokio = { workspace = true, features = [ "rt", "macros", "fs", "process" ]}
+ 
+ [build-dependencies]
+diff --git a/attestation-agent/kbs_protocol/src/client/rcar_client.rs b/attestation-agent/kbs_protocol/src/client/rcar_client.rs
+index 45b194e..1059927 100644
+--- a/attestation-agent/kbs_protocol/src/client/rcar_client.rs
++++ b/attestation-agent/kbs_protocol/src/client/rcar_client.rs
+@@ -355,7 +355,8 @@ impl KbsClientCapabilities for KbsClient<Box<dyn EvidenceProvider>> {
+     }
+ }
+ 
+-#[cfg(test)]
++// Fedora: no testcontainers so ignore the following test
++#[cfg(any())]
+ mod test {
+     use crypto::HashAlgorithm;
+     use rstest::rstest;
+-- 
+2.47.1
+

0008-Fedora-kbs_protocol-default-to-openssl.patch

@@ -0,0 +1,29 @@
+From 4fdedc07203138492fe5561af2fbf9868caf9407 Mon Sep 17 00:00:00 2001
+From: Uri Lublin <uril@redhat.com>
+Date: Mon, 28 Oct 2024 20:59:59 +0200
+Subject: [PATCH] Fedora: kbs_protocol: default to openssl
+Content-type: text/plain
+
+Also add "bin" such that trustee-attester can be built
+
+Signed-off-by: Uri Lublin <uril@redhat.com>
+---
+ attestation-agent/kbs_protocol/Cargo.toml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/attestation-agent/kbs_protocol/Cargo.toml b/attestation-agent/kbs_protocol/Cargo.toml
+index e29be9c..82b0de8 100644
+--- a/attestation-agent/kbs_protocol/Cargo.toml
++++ b/attestation-agent/kbs_protocol/Cargo.toml
+@@ -39,7 +39,7 @@ name = "trustee-attester"
+ required-features = ["bin"]
+ 
+ [features]
+-default = ["background_check", "passport", "rust-crypto", "all-attesters"]
++default = ["background_check", "passport", "openssl", "all-attesters", "bin"]
+ 
+ passport = []
+ # use a client of attestation-agent to get token for kbs
+-- 
+2.47.1
+

0009-Fedora-rstest-0.23.patch

@@ -0,0 +1,26 @@
+From 51beb7c59fb4409c1f99b1b01e0e7ef8ae6a04a6 Mon Sep 17 00:00:00 2001
+From: Uri Lublin <uril@redhat.com>
+Date: Tue, 10 Sep 2024 17:01:02 +0300
+Subject: [PATCH] Fedora: rstest 0.23
+Content-type: text/plain
+
+---
+ Cargo.toml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Cargo.toml b/Cargo.toml
+index 7fb9b15..08dca30 100644
+--- a/Cargo.toml
++++ b/Cargo.toml
+@@ -34,7 +34,7 @@ rand = "0.8.5"
+ reqwest = { version = "0.12", default-features = false }
+ resource_uri = { path = "attestation-agent/deps/resource_uri" }
+ ring = "0.17"
+-rstest = "0.17"
++rstest = "0.23"
+ serde = { version = "1.0", features = ["derive"] }
+ serde_with = { version = "1.11.0", features = ["base64"] }
+ serde_json = "1.0"
+-- 
+2.47.1
+

0010-Fedora-use-clap-4.2.7.patch

@@ -0,0 +1,37 @@
+From 266776b3c7bdc4179faa7739bb5cd92dad150380 Mon Sep 17 00:00:00 2001
+From: Uri Lublin <uril@redhat.com>
+Date: Mon, 28 Oct 2024 21:15:37 +0200
+Subject: [PATCH] Fedora: use clap "^4.2.7"
+Content-type: text/plain
+
+Upstream commits 2d8dcd3 and 53ddd63 changed version from "4" to
+"~4.2.7" such that it can be built with rust 1.69.
+
+Fedora currently has rust-1.83 and clap 4.5.23.
+With the "~4.2.7" build fails with error:
+ (crate(clap/default) >= 4.2.7 with crate(clap/default) < 4.3.0~) is needed
+
+This commit relaxes the clap version requirement to be ">=4.2.7,<5"
+
+Suggested-by: Fabio Valentini <decathorpe@gmail.com>
+Signed-off-by: Uri Lublin <uril@redhat.com>
+---
+ Cargo.toml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Cargo.toml b/Cargo.toml
+index 08dca30..9f5e48c 100644
+--- a/Cargo.toml
++++ b/Cargo.toml
+@@ -17,7 +17,7 @@ base64-serde = "0.7"
+ bincode = "1.3.3"
+ cfg-if = "1.0.0"
+ chrono = "0.4.26"
+-clap = "~4.2.7"
++clap = "^4.2.7"
+ config = "0.14.1"
+ const_format = "0.2.33"
+ env_logger = "0.11.5"
+-- 
+2.47.1
+

0011-Fedora-kbs-types-0.8.0.patch

@@ -0,0 +1,27 @@
+From fbceba028878b2e6a5f5c1ebff5a4958ddda0221 Mon Sep 17 00:00:00 2001
+From: Uri Lublin <uril@redhat.com>
+Date: Sun, 24 Nov 2024 23:53:51 +0200
+Subject: [PATCH] Fedora: kbs-types 0.8.0
+Content-type: text/plain
+
+Signed-off-by: Uri Lublin <uril@redhat.com>
+---
+ Cargo.toml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Cargo.toml b/Cargo.toml
+index 9f5e48c..3bc3844 100644
+--- a/Cargo.toml
++++ b/Cargo.toml
+@@ -23,7 +23,7 @@ const_format = "0.2.33"
+ env_logger = "0.11.5"
+ hex = "0.4.3"
+ hmac = "0.12.1"
+-kbs-types = "0.7.0"
++kbs-types = "0.8.0"
+ lazy_static = "1.5.0"
+ log = "0.4.22"
+ nix = "0.29"
+-- 
+2.47.1
+

0012-Fedora-kbs_protocol-Cargo.toml-add-package.license.patch

@@ -0,0 +1,28 @@
+From 21ea654c75d9f8adca1db33d3b2590ef94ba5af1 Mon Sep 17 00:00:00 2001
+From: Uri Lublin <uril@redhat.com>
+Date: Tue, 10 Dec 2024 03:26:16 +0200
+Subject: [PATCH] Fedora: kbs_protocol/Cargo.toml: add package.license
+Content-type: text/plain
+
+Required by rust2rpm
+
+Signed-off-by: Uri Lublin <uril@redhat.com>
+---
+ attestation-agent/kbs_protocol/Cargo.toml | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/attestation-agent/kbs_protocol/Cargo.toml b/attestation-agent/kbs_protocol/Cargo.toml
+index 82b0de8..982a904 100644
+--- a/attestation-agent/kbs_protocol/Cargo.toml
++++ b/attestation-agent/kbs_protocol/Cargo.toml
+@@ -4,6 +4,7 @@ version = "0.1.0"
+ authors = ["The Attestation Agent Authors"]
+ publish = false
+ edition = "2021"
++license = "Apache-2.0"
+ 
+ [dependencies]
+ anyhow.workspace = true
+-- 
+2.47.1
+

0013-Fedora-url-version-is-2.5.2.patch

@@ -0,0 +1,26 @@
+From 7e9550c2ec9de0974c567d5d7e0068492ec4e11e Mon Sep 17 00:00:00 2001
+From: Uri Lublin <uril@redhat.com>
+Date: Tue, 10 Dec 2024 04:25:49 +0200
+Subject: [PATCH] Fedora: url version is 2.5.2
+Content-type: text/plain
+
+Signed-off-by: Uri Lublin <uril@redhat.com>
+---
+ Cargo.toml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Cargo.toml b/Cargo.toml
+index 3bc3844..100adc7 100644
+--- a/Cargo.toml
++++ b/Cargo.toml
+@@ -47,6 +47,6 @@ tokio = "1.42"
+ toml = "0.8.19"
+ tonic = "0.12"
+ tonic-build = "0.12"
+-url = "2.5.4"
++url = "2.5.2"
+ uuid = "1"
+ zeroize = "1.5.7"
+-- 
+2.47.1
+

gating.yaml

@@ -0,0 +1,5 @@
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules: []

sources

@@ -0,0 +1,2 @@
+SHA512 (guest-components-0061d03.tar.gz) = 1003767c3ca23de625f02f883373ccc3d23a950c2fa9c02a38bc22293be04d298cd6b18ad64d8506eb5060de10e6fa00f6d7197d314d2b75cadea8223202a954
+SHA512 (trustee-guest-components-0.10.0_124.git0061d03-vendor.tar.xz) = e7c8470673b755daf4e78536fe1bb0f0b7749792bf47414940e1e0c44fc70922b0536562a12093d40c099c930412b846ba06c50a772a627f657e0a479b600a83

trustee-guest-components.spec

@@ -0,0 +1,139 @@
+# Generated by rust2rpm 27
+%bcond check 1
+
+%global commit      0061d036509e451597f5f61492b41849b36a32a1          
+%global shortcommit %(c=%{commit}; echo ${c:0:7})                     
+# numcommits is taken from git describe --tags <commit> (num commits s
+%global numcommits   124                                              
+%global projectname guest-components                                  
+
+Name:           trustee-guest-components
+Version:        0.10.0^%{numcommits}.git%{shortcommit}                
+Release:        1%{?dist}
+Summary:        Tools that run in confidential VMs, attest and get secrets from Trustee
+
+# License lines copied from the build
+# Apache-2.0
+# Apache-2.0 OR BSL-1.0
+# Apache-2.0 OR ISC OR MIT
+# Apache-2.0 OR MIT
+# BSD-2-Clause OR Apache-2.0 OR MIT
+# ISC
+# MIT
+# MIT OR Apache-2.0
+# MIT OR Apache-2.0 OR Zlib
+# MPL-2.0
+# Unicode-3.0
+# Unlicense OR MIT
+# Zlib OR Apache-2.0 OR MIT
+
+# License lines above, but sorted within and between lines
+# Apache-2.0
+# Apache-2.0 OR BSD-2-Clause OR MIT
+# Apache-2.0 OR BSL-1.0
+# Apache-2.0 OR ISC OR MIT
+# Apache-2.0 OR MIT
+# Apache-2.0 OR MIT
+# Apache-2.0 OR MIT OR Zlib
+# Apache-2.0 OR MIT OR Zlib
+# ISC
+# MIT
+# MIT OR Unlicense
+# MPL-2.0
+# Unicode-3.0
+
+
+License:        Apache-2.0 AND (Apache-2.0 OR BSD-2-Clause OR MIT) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND (Apache-2.0 OR MIT OR Zlib) AND ISC AND MIT AND (MIT OR Unlicense) AND MPL-2.0 AND Unicode-3.0
+
+# LICENSE.dependencies contains a full license breakdown
+
+URL:            https://github.com/confidential-containers/guest-components
+Source:         https://github.com/confidential-containers/%{projectname}/archive/%{commit}/%{projectname}-%{shortcommit}.tar.gz
+Source1:        %{name}-0.10.0_%{numcommits}.git%{shortcommit}-vendor.tar.xz
+# * adapt to RHEL
+# * Remove workspace members which are not built
+Patch1:         0001-Fedora-Remove-workspace-members-which-are-not-built.patch
+# * deps/crypto defaults to openssl
+Patch2:         0002-Fedora-AA-deps-crypto-default-to-openssl.patch
+# * use native-tls for reqwest
+Patch3:         0003-Fedora-kbs_protocol-Cargo.toml-reqwest-use-native-TL.patch
+# * remove dependency jwt-simple - not in Fedora
+Patch4:         0004-Fedora-remove-jwt-simple-dependency.patch
+# * remove dependency ttrpc - not in Fedora
+Patch5:         0005-Fedora-remove-ttrpc-dependency.patch
+# * pick attesters to build
+Patch6:         0006-Fedora-attester-pick-attesters-in-all-attesters.patch
+# * remove dependency testcontainers - not in Fedora
+Patch7:         0007-Fedora-remove-testcontainers-dependency.patch
+# * kbs_protocol defaults to openssl
+Patch8:         0008-Fedora-kbs_protocol-default-to-openssl.patch
+# * rstest version is 0.23
+Patch9:         0009-Fedora-rstest-0.23.patch
+# * clap version is ^4.2.7 -- see patch for more info
+Patch10:        0010-Fedora-use-clap-4.2.7.patch
+# * kbs-types version is 0.8.0
+Patch11:        0011-Fedora-kbs-types-0.8.0.patch
+# * add package.license to kbs_protocol/Cargo.toml
+Patch12:        0012-Fedora-kbs_protocol-Cargo.toml-add-package.license.patch
+# * url version is 2.5.2
+Patch13:        0013-Fedora-url-version-is-2.5.2.patch
+
+ExclusiveArch:  x86_64
+BuildRequires:  rust-toolset
+BuildRequires:  /usr/bin/pkg-config
+BuildRequires:  openssl-devel
+BuildRequires:  tpm2-tss-devel
+
+
+%global _description %{expand:
+Running in a confidential VM, gather confidential-computing evidence,
+send it to Trustee and get secrets.
+A part of the confidential-containers project}
+
+%description %{_description}
+
+%prep
+%autosetup -n guest-components-0061d036509e451597f5f61492b41849b36a32a1 -p1 -a1
+rm -f Cargo.lock
+%cargo_prep -v vendor
+
+%build
+cd attestation-agent/kbs_protocol
+%cargo_build
+%{cargo_license_summary}
+%{cargo_license} > LICENSE.dependencies
+%{cargo_vendor_manifest}
+mv LICENSE.dependencies ../../
+mv cargo-vendor.txt     ../../
+# remove from cargo-vendor.txt dependencies that are in the source
+# the path to them makes rpmbuild fail
+cd ../../
+sed -i '/^attester /d'      cargo-vendor.txt
+sed -i '/^crypto /d'        cargo-vendor.txt
+sed -i '/^resource_uri /d'   cargo-vendor.txt
+sed -i '/^sev /d'           cargo-vendor.txt
+
+%install
+cd attestation-agent/kbs_protocol
+mkdir -p %{buildroot}%{_docdir}/%{name}
+install -m 0644 src/bin/trustee-attester/README.md %{buildroot}%{_docdir}/%{name}/trustee-attester-README.md
+%cargo_install
+
+%if %{with check}
+%check
+cd attestation-agent/kbs_protocol
+%cargo_test
+%endif
+
+%files
+%license LICENSE
+%license LICENSE.dependencies
+%license cargo-vendor.txt
+%doc README.md
+%doc trustee-attester-README.md
+%{_bindir}/trustee-attester
+
+%changelog
+* Tue Jan 21 2025 Uri Lublin <uril@redhat.com> 0.10.0^124.git0061d03-1
+- Initial commit on c9s
+  Resolves: RHEL-68141