rpms/trustee-guest-components
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c10s
Branches Tags
rpms:c10s
rpms:c9-beta
rpms:c9s
rpms:imports/c9-beta/trustee-guest-components-0.13.0-1.el9
rpms:imports/c10s/trustee-guest-components-0.13.0-1.el10
rpms:imports/c9-beta/trustee-guest-components-0.10.0_124.git0061d03-3.el9
rpms:imports/c10s/trustee-guest-components-0.10.0_124.git0061d03-3.el10
...
pull from: rpms:c9-beta
Branches Tags
rpms:c9-beta
rpms:c9s
rpms:c10s
rpms:imports/c9-beta/trustee-guest-components-0.13.0-1.el9
rpms:imports/c10s/trustee-guest-components-0.13.0-1.el10
rpms:imports/c9-beta/trustee-guest-components-0.10.0_124.git0061d03-3.el9
rpms:imports/c10s/trustee-guest-components-0.10.0_124.git0061d03-3.el10

2 Commits
c10s ... c9-beta

Author SHA1 Message Date
eabdullin
69b91f9b8e import CS trustee-guest-components-0.13.0-1.el9 2025-09-29 09:45:24 +00:00
eabdullin
15830e1ff4 import CS trustee-guest-components-0.10.0^124.git0061d03-3.el9 2025-03-19 07:30:28 +00:00
28 changed files with 497 additions and 412 deletions
Show Stats Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
/guest-components-0061d03.tar.gz
/trustee-guest-components-0.10.0_124.git0061d03-vendor.tar.xz
SOURCES/guest-components-0.13.0.tar.gz
SOURCES/trustee-guest-components-0.13.0-vendor.tar.xz

2
.trustee-guest-components.metadata Normal file
View File

@ -0,0 +1,2 @@
94d60111d04a5e0d0457ac5768feedc7cbe00461 SOURCES/guest-components-0.13.0.tar.gz
6c76aab3e3e2164d6b62d6c86132a77c9daae724 SOURCES/trustee-guest-components-0.13.0-vendor.tar.xz

27
0003-Fedora-kbs_protocol-Cargo.toml-reqwest-use-native-TL.patch
View File

@ -1,27 +0,0 @@
From 14e07d79ce3218f9cb52118194e1b579df55a3c2 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Mon, 28 Oct 2024 20:03:22 +0200
Subject: [PATCH] Fedora: kbs_protocol/Cargo.toml: reqwest: use native TLS not
vendored
Content-type: text/plain
Signed-off-by: Uri Lublin <uril@redhat.com>
---
attestation-agent/kbs_protocol/Cargo.toml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/attestation-agent/kbs_protocol/Cargo.toml b/attestation-agent/kbs_protocol/Cargo.toml
index 667969a..92fccce 100644
--- a/attestation-agent/kbs_protocol/Cargo.toml
+++ b/attestation-agent/kbs_protocol/Cargo.toml
@@ -61,6 +61,6 @@ cca-attester = ["attester/cca-attester"]
se-attester = ["attester/se-attester"]
rust-crypto = ["reqwest/rustls-tls", "crypto/rust-crypto"]
-openssl = ["reqwest/native-tls-vendored", "crypto/openssl"]
+openssl = ["reqwest/native-tls", "crypto/openssl"]
bin = ["tokio/rt", "tokio/macros", "clap", "env_logger"]
--
2.47.1

59
0005-Fedora-remove-ttrpc-dependency.patch
View File

@ -1,59 +0,0 @@
From 45401917ccabca38112fb4be23193f5230e90867 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Tue, 10 Dec 2024 01:38:24 +0200
Subject: [PATCH] Fedora: remove ttrpc dependency
Content-type: text/plain
Not required and not in Fedora
Signed-off-by: Uri Lublin <uril@redhat.com>
---
Cargo.toml | 2 --
attestation-agent/kbs_protocol/Cargo.toml | 4 +---
2 files changed, 1 insertion(+), 5 deletions(-)
diff --git a/Cargo.toml b/Cargo.toml
index db72ef9..e7dc965 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -48,8 +48,6 @@ tokio = "1.42"
toml = "0.8.19"
tonic = "0.12"
tonic-build = "0.12"
-ttrpc = "0.8.2"
-ttrpc-codegen = "0.4.2"
url = "2.5.4"
uuid = "1"
zeroize = "1.5.7"
diff --git a/attestation-agent/kbs_protocol/Cargo.toml b/attestation-agent/kbs_protocol/Cargo.toml
index d012487..ab86141 100644
--- a/attestation-agent/kbs_protocol/Cargo.toml
+++ b/attestation-agent/kbs_protocol/Cargo.toml
@@ -23,7 +23,6 @@ serde_json.workspace = true
sha2.workspace = true
thiserror.workspace = true
tokio.workspace = true
-ttrpc = { workspace = true, optional = true}
url.workspace = true
zeroize.workspace = true
@@ -35,7 +34,6 @@ testcontainers.workspace = true
tokio = { workspace = true, features = [ "rt", "macros", "fs", "process" ]}
[build-dependencies]
-ttrpc-codegen = { workspace = true, optional = true }
[[bin]]
name = "trustee-attester"
@@ -46,7 +44,7 @@ default = ["background_check", "passport", "rust-crypto", "all-attesters"]
passport = []
# use a client of attestation-agent to get token for kbs
-aa_token = ["ttrpc-codegen", "passport", "ttrpc/async", "protobuf"]
+aa_token = []
background_check = ["tokio/time"]
all-attesters = ["attester/all-attesters"]
--
2.47.1

29
0008-Fedora-kbs_protocol-default-to-openssl.patch
View File

@ -1,29 +0,0 @@
From 4fdedc07203138492fe5561af2fbf9868caf9407 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Mon, 28 Oct 2024 20:59:59 +0200
Subject: [PATCH] Fedora: kbs_protocol: default to openssl
Content-type: text/plain
Also add "bin" such that trustee-attester can be built
Signed-off-by: Uri Lublin <uril@redhat.com>
---
attestation-agent/kbs_protocol/Cargo.toml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/attestation-agent/kbs_protocol/Cargo.toml b/attestation-agent/kbs_protocol/Cargo.toml
index e29be9c..82b0de8 100644
--- a/attestation-agent/kbs_protocol/Cargo.toml
+++ b/attestation-agent/kbs_protocol/Cargo.toml
@@ -39,7 +39,7 @@ name = "trustee-attester"
required-features = ["bin"]
[features]
-default = ["background_check", "passport", "rust-crypto", "all-attesters"]
+default = ["background_check", "passport", "openssl", "all-attesters", "bin"]
passport = []
# use a client of attestation-agent to get token for kbs
--
2.47.1

27
0011-Fedora-kbs-types-0.8.0.patch
View File

@ -1,27 +0,0 @@
From fbceba028878b2e6a5f5c1ebff5a4958ddda0221 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Sun, 24 Nov 2024 23:53:51 +0200
Subject: [PATCH] Fedora: kbs-types 0.8.0
Content-type: text/plain
Signed-off-by: Uri Lublin <uril@redhat.com>
---
Cargo.toml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Cargo.toml b/Cargo.toml
index 9f5e48c..3bc3844 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -23,7 +23,7 @@ const_format = "0.2.33"
env_logger = "0.11.5"
hex = "0.4.3"
hmac = "0.12.1"
-kbs-types = "0.7.0"
+kbs-types = "0.8.0"
lazy_static = "1.5.0"
log = "0.4.22"
nix = "0.29"
--
2.47.1

28
0012-Fedora-kbs_protocol-Cargo.toml-add-package.license.patch
View File

@ -1,28 +0,0 @@
From 21ea654c75d9f8adca1db33d3b2590ef94ba5af1 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Tue, 10 Dec 2024 03:26:16 +0200
Subject: [PATCH] Fedora: kbs_protocol/Cargo.toml: add package.license
Content-type: text/plain
Required by rust2rpm
Signed-off-by: Uri Lublin <uril@redhat.com>
---
attestation-agent/kbs_protocol/Cargo.toml | 1 +
1 file changed, 1 insertion(+)
diff --git a/attestation-agent/kbs_protocol/Cargo.toml b/attestation-agent/kbs_protocol/Cargo.toml
index 82b0de8..982a904 100644
--- a/attestation-agent/kbs_protocol/Cargo.toml
+++ b/attestation-agent/kbs_protocol/Cargo.toml
@@ -4,6 +4,7 @@ version = "0.1.0"
authors = ["The Attestation Agent Authors"]
publish = false
edition = "2021"
+license = "Apache-2.0"
[dependencies]
anyhow.workspace = true
--
2.47.1

26
0013-Fedora-url-version-is-2.5.2.patch
View File

@ -1,26 +0,0 @@
From 7e9550c2ec9de0974c567d5d7e0068492ec4e11e Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Tue, 10 Dec 2024 04:25:49 +0200
Subject: [PATCH] Fedora: url version is 2.5.2
Content-type: text/plain
Signed-off-by: Uri Lublin <uril@redhat.com>
---
Cargo.toml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Cargo.toml b/Cargo.toml
index 3bc3844..100adc7 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -47,6 +47,6 @@ tokio = "1.42"
toml = "0.8.19"
tonic = "0.12"
tonic-build = "0.12"
-url = "2.5.4"
+url = "2.5.2"
uuid = "1"
zeroize = "1.5.7"
--
2.47.1

27
0014-Fedora-protobuf-is-2.28.patch
View File

@ -1,27 +0,0 @@
From 1939eea90812bce32f9e8e61bd5be7330f57fda4 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Fri, 7 Feb 2025 01:14:00 +0200
Subject: [PATCH] Fedora: protobuf is 2.28
Content-type: text/plain
Signed-off-by: Uri Lublin <uril@redhat.com>
---
Cargo.toml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Cargo.toml b/Cargo.toml
index 100adc7..31d4ab9 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -29,7 +29,7 @@ log = "0.4.22"
nix = "0.29"
openssl = "0.10"
prost = "0.13"
-protobuf = "3.5.1"
+protobuf = "2.28"
rand = "0.8.5"
reqwest = { version = "0.12", default-features = false }
resource_uri = { path = "attestation-agent/deps/resource_uri" }
--
2.48.1

21
0001-Fedora-Remove-workspace-members-which-are-not-built.patch → SOURCES/0001-Fedora-Remove-workspace-members-which-are-not-built.patch
View File

@ -1,22 +1,22 @@
From 8f7ad9ce8eac9f9bb4f7fbae37f56bef3dd4f597 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Mon, 28 Oct 2024 20:00:25 +0200
Subject: [PATCH] Fedora: Remove workspace members which are not built
Content-type: text/plain
From fd43874376f6866fb5c8339df4b3a4be064cb696 Mon Sep 17 00:00:00 2001
From: Yan Fu <yafu@redhat.com>
Date: Wed, 4 Jun 2025 03:51:41 -0400
Subject: [PATCH 01/14] Fedora: Remove workspace members which are not built
The trustee-attester is currently under kbs_protocol.
The 2 attestation-agent's deps and attester are BuildRequired.
Signed-off-by: Uri Lublin <uril@redhat.com>
Signed-off-by: Yan Fu <yafu@redhat.com>
---
Cargo.toml | 8 --------
1 file changed, 8 deletions(-)
Cargo.toml | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/Cargo.toml b/Cargo.toml
index 4c239ae..e10cdbe 100644
index c001449..1f6f3e6 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,18 +1,10 @@
@@ -1,19 +1,10 @@
[workspace]
resolver = "2"
members = [
@ -30,11 +30,12 @@ index 4c239ae..e10cdbe 100644
- "attestation-agent/deps/sev",
- "attestation-agent/coco_keyprovider",
- "confidential-data-hub/hub",
- "confidential-data-hub/kms",
- "image-rs",
- "ocicrypt-rs",
]
[workspace.dependencies]
--
2.47.1
2.49.0

62
0002-Fedora-AA-deps-crypto-default-to-openssl.patch → SOURCES/0002-Fedora-AA-deps-crypto-default-to-openssl.patch
View File

@ -1,21 +1,21 @@
From 0ff9eeb8ffc5a88732f75a84145bb07cd2b88bfc Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Tue, 10 Dec 2024 01:25:48 +0200
Subject: [PATCH] Fedora: AA/deps/crypto: default to openssl
Content-type: text/plain
From 7827bb127a324197584abb593938df01bc579203 Mon Sep 17 00:00:00 2001
From: Yan Fu <yafu@redhat.com>
Date: Fri, 6 Jun 2025 03:24:21 -0400
Subject: [PATCH 02/14] Fedora: AA/deps/crypto: default to openssl
Do not use "vendored" openssl
Remove some rust-crypto dependencies
Signed-off-by: Uri Lublin <uril@redhat.com>
Signed-off-by: Yan Fu <yafu@redhat.com>
---
Cargo.toml | 4 ----
attestation-agent/deps/crypto/Cargo.toml | 11 ++++-------
2 files changed, 4 insertions(+), 11 deletions(-)
attestation-agent/deps/crypto/Cargo.toml | 21 +++------------------
2 files changed, 3 insertions(+), 22 deletions(-)
diff --git a/Cargo.toml b/Cargo.toml
index e10cdbe..bb4a534 100644
index 1f6f3e6..dafa03d 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -8,8 +8,6 @@ members = [
@ -27,53 +27,65 @@ index e10cdbe..bb4a534 100644
anyhow = "1.0"
assert-json-diff = "2.0"
assert_cmd = "2"
@@ -22,7 +20,6 @@ chrono = "0.4.26"
@@ -22,7 +20,6 @@ chrono = "0.4.41"
clap = "~4.2.7"
config = "0.14.1"
const_format = "0.2.33"
const_format = "0.2.34"
-ctr = "0.9.2"
env_logger = "0.11.5"
env_logger = "0.11.8"
hex = "0.4.3"
hmac = "0.12.1"
@@ -38,7 +35,6 @@ rand = "0.8.5"
@@ -39,7 +36,6 @@ rand = "0.9.1"
reqwest = { version = "0.12", default-features = false }
resource_uri = { path = "attestation-agent/deps/resource_uri" }
ring = "0.17"
-rsa = "0.9.7"
-rsa = "0.9.8"
rstest = "0.17"
serde = { version = "1.0", features = ["derive"] }
serde_with = { version = "1.11.0", features = ["base64"] }
serde_with = { version = "3.12.0", features = ["base64"] }
diff --git a/attestation-agent/deps/crypto/Cargo.toml b/attestation-agent/deps/crypto/Cargo.toml
index 18c4143..2119bc1 100644
index a4bdab3..f12f283 100644
--- a/attestation-agent/deps/crypto/Cargo.toml
+++ b/attestation-agent/deps/crypto/Cargo.toml
@@ -6,14 +6,11 @@ publish = false
edition = "2021"
@@ -7,20 +7,13 @@ edition = "2021"
license = "Apache-2.0"
[dependencies]
-aes-gcm = { workspace = true, optional = true }
-aes-kw = { version = "0.2.1", optional = true }
anyhow.workspace = true
base64.workspace = true
-concat-kdf = { version = "0.1.0", optional = true }
-ctr = { workspace = true, optional = true }
kbs-types.workspace = true
-openssl = { workspace = true, features = ["vendored"], optional = true}
+openssl = { workspace = true, optional = true}
-openssl = { workspace = true, features = ["vendored"], optional = true }
-p256 = { version = "0.13.1", features = ["ecdh", "pem"], optional = true }
+openssl = { workspace = true, optional = true }
rand.workspace = true
# This is for API compability of p256 who is using the old version of `rand`
-rand_08 = { package = "rand", version = "0.8", optional = true }
-rsa = { workspace = true, optional = true }
serde.workspace = true
serde_json.workspace = true
sha2.workspace = true
@@ -24,6 +21,6 @@ zeroize.workspace = true
@@ -31,14 +24,6 @@ zeroize.workspace = true
rstest.workspace = true
[features]
-default = ["rust-crypto"]
-rust-crypto = ["dep:aes-gcm", "ctr", "rsa"]
-openssl = ["dep:openssl"]
\ No newline at end of file
-rust-crypto = [
- "dep:aes-gcm",
- "ctr",
- "rsa/sha2",
- "aes-kw",
- "concat-kdf",
- "p256",
- "rand_08",
-]
+default = ["openssl"]
+rust-crypto = []
+openssl = ["dep:openssl"]
openssl = ["dep:openssl"]
--
2.47.1
2.49.0

44
SOURCES/0003-Fedora-kbs_protocol-use-openssl-instead-of-rust-cryp.patch Normal file
View File

@ -0,0 +1,44 @@
From 9c5007f14c2ed227f27dd6147d328f568229f418 Mon Sep 17 00:00:00 2001
From: Yan Fu <yafu@redhat.com>
Date: Fri, 6 Jun 2025 05:12:40 -0400
Subject: [PATCH 03/14] Fedora: kbs_protocol: use openssl instead of
rust-crypto in default
Replace 'rust-crypto' with 'openssl' in default
Use native TLS for openssl
Add "bin" to default to build trustee-attester
Signed-off-by: Uri Lublin <uril@redhat.com>
Signed-off-by: Yan Fu <yafu@redhat.com>
---
attestation-agent/kbs_protocol/Cargo.toml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/attestation-agent/kbs_protocol/Cargo.toml b/attestation-agent/kbs_protocol/Cargo.toml
index b75b73d..0e00122 100644
--- a/attestation-agent/kbs_protocol/Cargo.toml
+++ b/attestation-agent/kbs_protocol/Cargo.toml
@@ -44,7 +44,7 @@ name = "trustee-attester"
required-features = ["bin"]
[features]
-default = ["background_check", "passport", "rust-crypto", "all-attesters"]
+default = ["background_check", "passport", "openssl", "all-attesters", "bin"]
passport = []
# Allow to connect Attestation-Agent with TTRPC to get evidence, token, etc.
@@ -62,7 +62,7 @@ csv-attester = ["attester/csv-attester"]
cca-attester = ["attester/cca-attester"]
se-attester = ["attester/se-attester"]
-rust-crypto = ["reqwest/rustls-tls", "crypto/rust-crypto"]
-openssl = ["reqwest/native-tls-vendored", "crypto/openssl"]
+rust-crypto = []
+openssl = ["reqwest/native-tls", "crypto/openssl"]
bin = ["tokio/rt", "tokio/macros", "clap", "env_logger"]
--
2.49.0

40
0006-Fedora-attester-pick-attesters-in-all-attesters.patch → SOURCES/0004-Fedora-attester-pick-attesters-in-all-attesters.patch
View File

@ -1,37 +1,37 @@
From 5cc40f98248d57bc203425ff994253ab4ef09b95 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Tue, 10 Dec 2024 02:41:17 +0200
Subject: [PATCH] Fedora: attester: pick attesters in all-attesters
Content-type: text/plain
From 85659c3247ba9288323e8b40ebddf3480c4e26f0 Mon Sep 17 00:00:00 2001
From: Yan Fu <yafu@redhat.com>
Date: Fri, 6 Jun 2025 07:48:21 -0400
Subject: [PATCH 04/14] Fedora: attester: pick attesters in all-attesters
Currently: snp, az-snp-vtpm and az-tdx-vtpm
Currently: snp, tdx, az-snp-vtpm and az-tdx-vtpm
Remove all dependencies of non-built attesters
Some require additional dependencies that are not in Fedora
Signed-off-by: Uri Lublin <uril@redhat.com>
Signed-off-by: Yan Fu <yafu@redhat.com>
---
attestation-agent/attester/Cargo.toml | 26 +++++---------------------
1 file changed, 5 insertions(+), 21 deletions(-)
attestation-agent/attester/Cargo.toml | 23 +++++------------------
1 file changed, 5 insertions(+), 18 deletions(-)
diff --git a/attestation-agent/attester/Cargo.toml b/attestation-agent/attester/Cargo.toml
index f371e3a..4e16347 100644
index 5cb2c31..db57aa7 100644
--- a/attestation-agent/attester/Cargo.toml
+++ b/attestation-agent/attester/Cargo.toml
@@ -15,22 +15,11 @@ clap = { workspace = true, features = ["derive"], optional = true }
hex.workspace = true
@@ -18,22 +18,13 @@ hex.workspace = true
iocuddle = { version = "0.1.1", optional = true }
kbs-types.workspace = true
log.workspace = true
-occlum_dcap = { git = "https://github.com/occlum/occlum", tag = "v0.29.7", optional = true }
-pv = { version = "0.10.0", package = "s390_pv", optional = true }
-scroll = { version = "0.12.0", default-features = false, features = ["derive", "std"], optional = true }
scroll = { version = "0.12.0", default-features = false, features = ["derive", "std"], optional = true }
serde.workspace = true
serde_json.workspace = true
serde_with.workspace = true
sev = { version = "4.0.0", default-features = false, features = ["snp"], optional = true }
-sha2.workspace = true
-strum.workspace = true
strum.workspace = true
-tdx-attest-rs = { git = "https://github.com/intel/SGXDataCenterAttestationPrimitives", tag = "DCAP_1.22", optional = true }
thiserror.workspace = true
-# TODO: change it to "0.1", once released.
@ -42,11 +42,10 @@ index f371e3a..4e16347 100644
tokio = { version = "1", features = ["full"], optional = true }
tempfile = { workspace = true, optional = true }
@@ -45,27 +34,22 @@ required-features = ["bin"]
[features]
@@ -49,13 +40,9 @@ required-features = ["bin"]
default = ["all-attesters"]
all-attesters = [
- "tdx-attester",
"tdx-attester",
- "sgx-attester",
"az-snp-vtpm-attester",
"az-tdx-vtpm-attester",
@ -57,12 +56,13 @@ index f371e3a..4e16347 100644
]
# tsm-report enables a module that helps attesters to use Linux TSM_REPORTS for generating
# quotes. It's an unconditional dependency for tdx-attester since that is the only way to
@@ -63,13 +50,13 @@ all-attesters = [
# generate TDX quotes with upstream kernels.
tsm-report = ["tempfile"]
-tdx-attester = ["scroll", "tsm-report", "tdx-attest-rs"]
tdx-attester = ["scroll", "tsm-report", "iocuddle"]
-tdx-attest-dcap-ioctls = ["tdx-attest-rs"]
-sgx-attester = ["occlum_dcap"]
+tdx-attester = []
+tdx-attest-dcap-ioctls = []
+sgx-attester = []
az-snp-vtpm-attester = ["az-snp-vtpm"]
az-tdx-vtpm-attester = ["az-snp-vtpm-attester", "az-tdx-vtpm"]
@ -76,5 +76,5 @@ index f371e3a..4e16347 100644
bin = ["tokio/rt", "tokio/macros", "clap"]
--
2.47.1
2.49.0

77
SOURCES/0005-Fedora-remove-ttrpc-dependency.patch Normal file
View File

@ -0,0 +1,77 @@
From bef1b4d73ad82d39965745c81ea4a35c59ee2527 Mon Sep 17 00:00:00 2001
From: Yan Fu <yafu@redhat.com>
Date: Fri, 6 Jun 2025 08:04:55 -0400
Subject: [PATCH 05/14] Fedora: remove ttrpc dependency
Not in Fedora and not required if not building aa_token
Also remove protobuf, as it's only used via ttrpc.
Signed-off-by: Uri Lublin <uril@redhat.com>
Signed-off-by: Yan Fu <yafu@redhat.com>
---
Cargo.toml | 3 ---
attestation-agent/kbs_protocol/Cargo.toml | 5 +----
2 files changed, 1 insertion(+), 7 deletions(-)
diff --git a/Cargo.toml b/Cargo.toml
index dafa03d..9eea047 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -31,7 +31,6 @@ log = "0.4.25"
nix = "0.29"
openssl = "0.10"
prost = "0.13"
-protobuf = "=3.7.1"
rand = "0.9.1"
reqwest = { version = "0.12", default-features = false }
resource_uri = { path = "attestation-agent/deps/resource_uri" }
@@ -50,8 +49,6 @@ tokio = "1.44"
toml = "0.8.22"
tonic = "0.12"
tonic-build = "0.12"
-ttrpc = "0.8.4"
-ttrpc-codegen = "0.5.0"
url = "2.5.4"
uuid = "1"
zeroize = "1.5.7"
diff --git a/attestation-agent/kbs_protocol/Cargo.toml b/attestation-agent/kbs_protocol/Cargo.toml
index 0e00122..c498572 100644
--- a/attestation-agent/kbs_protocol/Cargo.toml
+++ b/attestation-agent/kbs_protocol/Cargo.toml
@@ -17,7 +17,6 @@ env_logger = { workspace = true, optional = true }
jwt-simple.workspace = true
kbs-types.workspace = true
log.workspace = true
-protobuf = { workspace = true, optional = true }
reqwest = { workspace = true, features = ["cookies", "json"], optional = true }
resource_uri.path = "../deps/resource_uri"
serde.workspace = true
@@ -25,7 +24,6 @@ serde_json.workspace = true
sha2.workspace = true
thiserror.workspace = true
tokio.workspace = true
-ttrpc = { workspace = true, optional = true }
url.workspace = true
zeroize.workspace = true
@@ -37,7 +35,6 @@ testcontainers.workspace = true
tokio = { workspace = true, features = ["rt", "macros", "fs", "process"] }
[build-dependencies]
-ttrpc-codegen = { workspace = true, optional = true }
[[bin]]
name = "trustee-attester"
@@ -48,7 +45,7 @@ default = ["background_check", "passport", "openssl", "all-attesters", "bin"]
passport = []
# Allow to connect Attestation-Agent with TTRPC to get evidence, token, etc.
-aa_ttrpc = ["ttrpc-codegen", "passport", "ttrpc/async", "protobuf"]
+aa_ttrpc = []
background_check = ["tokio/time"]
all-attesters = ["attester/all-attesters"]
--
2.49.0

42
0004-Fedora-remove-jwt-simple-dependency.patch → SOURCES/0006-Fedora-remove-jwt-simple-dependency.patch
View File

@ -1,46 +1,48 @@
From 5325bd8707afb0ac8504c5e845c96c62f8cd4b93 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Tue, 10 Sep 2024 17:17:03 +0300
Subject: [PATCH] Fedora: remove jwt-simple dependency
Content-type: text/plain
From 0966851f28e3a5ac103f5738761ed9d7c015900a Mon Sep 17 00:00:00 2001
From: Yan Fu <yafu@redhat.com>
Date: Fri, 6 Jun 2025 08:16:06 -0400
Subject: [PATCH 06/14] Fedora: remove jwt-simple dependency
jwt-simple requires some crypto crates.
jwt-simple is not in Fedora.
The code checks time validity. Use std::time instead for this.
Signed-off-by: Uri Lublin <uril@redhat.com>
Signed-off-by: Yan Fu <yafu@redhat.com>
---
Cargo.toml | 1 -
Cargo.toml | 3 ---
attestation-agent/kbs_protocol/Cargo.toml | 1 -
.../kbs_protocol/src/token_provider/mod.rs | 19 +++++++++----------
3 files changed, 9 insertions(+), 12 deletions(-)
3 files changed, 9 insertions(+), 14 deletions(-)
diff --git a/Cargo.toml b/Cargo.toml
index bb4a534..db72ef9 100644
index 9eea047..d2481f8 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -23,7 +23,6 @@ const_format = "0.2.33"
env_logger = "0.11.5"
@@ -23,9 +23,6 @@ const_format = "0.2.34"
env_logger = "0.11.8"
hex = "0.4.3"
hmac = "0.12.1"
-jwt-simple = { version = "0.12", default-features = false, features = ["pure-rust"] }
kbs-types = "0.7.0"
lazy_static = "1.5.0"
log = "0.4.22"
-jwt-simple = { version = "0.12", default-features = false, features = [
- "pure-rust",
-] }
kbs-types = "0.10.0"
log = "0.4.27"
nix = "0.29"
diff --git a/attestation-agent/kbs_protocol/Cargo.toml b/attestation-agent/kbs_protocol/Cargo.toml
index 92fccce..d012487 100644
index c498572..318061a 100644
--- a/attestation-agent/kbs_protocol/Cargo.toml
+++ b/attestation-agent/kbs_protocol/Cargo.toml
@@ -13,7 +13,6 @@ base64.workspace = true
@@ -14,7 +14,6 @@ base64.workspace = true
clap = { workspace = true, features = ["derive"], optional = true }
crypto = { path = "../deps/crypto", default-features = false }
env_logger = { workspace = true, optional = true }
-jwt-simple.workspace = true
kbs-types.workspace = true
log.workspace = true
protobuf = { workspace = true, optional = true}
reqwest = { workspace = true, features = ["cookies", "json"], optional = true }
diff --git a/attestation-agent/kbs_protocol/src/token_provider/mod.rs b/attestation-agent/kbs_protocol/src/token_provider/mod.rs
index 8f4d7ae..844680c 100644
index 6648e89..08d06fb 100644
--- a/attestation-agent/kbs_protocol/src/token_provider/mod.rs
+++ b/attestation-agent/kbs_protocol/src/token_provider/mod.rs
@@ -14,11 +14,9 @@ pub use aa::*;
@ -91,5 +93,5 @@ index 8f4d7ae..844680c 100644
if exp < now {
bail!("token expired");
--
2.47.1
2.49.0

35
0007-Fedora-remove-testcontainers-dependency.patch → SOURCES/0007-Fedora-remove-testcontainers-dependency.patch
View File

@ -1,13 +1,12 @@
From c7c063bd76b9b1c8befb514b77b4524a40015066 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Tue, 10 Dec 2024 02:50:53 +0200
Subject: [PATCH] Fedora: remove testcontainers dependency
Content-type: text/plain
From 75bfc218c29f21e7beff438a707dde98e2c97d67 Mon Sep 17 00:00:00 2001
From: Yan Fu <yafu@redhat.com>
Date: Mon, 9 Jun 2025 03:55:55 -0400
Subject: [PATCH 07/14] Fedora: remove testcontainers dependency
Not in Fedora.
Skip tests that use it.
Not in Fedora, so skip tests that use it
Signed-off-by: Uri Lublin <uril@redhat.com>
Signed-off-by: Yan Fu <yafu@redhat.com>
---
Cargo.toml | 1 -
attestation-agent/kbs_protocol/Cargo.toml | 1 -
@ -15,19 +14,19 @@ Signed-off-by: Uri Lublin <uril@redhat.com>
3 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/Cargo.toml b/Cargo.toml
index e7dc965..7fb9b15 100644
index d2481f8..a971cc8 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -42,7 +42,6 @@ serial_test = "3"
sha2 = "0.10.7"
strum = { version = "0.26", features = ["derive"] }
tempfile = "3.14"
-testcontainers = "0.14"
@@ -40,7 +40,6 @@ serial_test = "3"
sha2 = "0.10.9"
strum = { version = "0.27", features = ["derive"] }
tempfile = "3.19"
-testcontainers = "0.22"
thiserror = "2.0"
tokio = "1.42"
toml = "0.8.19"
tokio = "1.44"
toml = "0.8.22"
diff --git a/attestation-agent/kbs_protocol/Cargo.toml b/attestation-agent/kbs_protocol/Cargo.toml
index ab86141..e29be9c 100644
index 318061a..31d8006 100644
--- a/attestation-agent/kbs_protocol/Cargo.toml
+++ b/attestation-agent/kbs_protocol/Cargo.toml
@@ -30,7 +30,6 @@ zeroize.workspace = true
@ -35,7 +34,7 @@ index ab86141..e29be9c 100644
serial_test.workspace = true
tempfile.workspace = true
-testcontainers.workspace = true
tokio = { workspace = true, features = [ "rt", "macros", "fs", "process" ]}
tokio = { workspace = true, features = ["rt", "macros", "fs", "process"] }
[build-dependencies]
diff --git a/attestation-agent/kbs_protocol/src/client/rcar_client.rs b/attestation-agent/kbs_protocol/src/client/rcar_client.rs
@ -53,5 +52,5 @@ index 45b194e..1059927 100644
use crypto::HashAlgorithm;
use rstest::rstest;
--
2.47.1
2.49.0

19
0009-Fedora-rstest-0.23.patch → SOURCES/0008-Fedora-rstest-0.23.patch
View File

@ -1,26 +1,27 @@
From 51beb7c59fb4409c1f99b1b01e0e7ef8ae6a04a6 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Tue, 10 Sep 2024 17:01:02 +0300
Subject: [PATCH] Fedora: rstest 0.23
Content-type: text/plain
From 6ef829fbce28fd612ca353927d47eb0388d1df30 Mon Sep 17 00:00:00 2001
From: Yan Fu <yafu@redhat.com>
Date: Thu, 12 Jun 2025 03:24:48 -0400
Subject: [PATCH 08/14] Fedora: rstest 0.23
Signed-off-by: Uri Lublin <uril@redhat.com>
Signed-off-by: Yan Fu <yafu@redhat.com>
---
Cargo.toml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Cargo.toml b/Cargo.toml
index 7fb9b15..08dca30 100644
index a971cc8..fcbd500 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -34,7 +34,7 @@ rand = "0.8.5"
@@ -32,7 +32,7 @@ rand = "0.9.0"
reqwest = { version = "0.12", default-features = false }
resource_uri = { path = "attestation-agent/deps/resource_uri" }
ring = "0.17"
-rstest = "0.17"
+rstest = "0.23"
serde = { version = "1.0", features = ["derive"] }
serde_with = { version = "1.11.0", features = ["base64"] }
serde_with = { version = "3.12.0", features = ["base64"] }
serde_json = "1.0"
--
2.47.1
2.49.0

27
SOURCES/0009-Fedora-kbs-type-0.11.0.patch Normal file
View File

@ -0,0 +1,27 @@
From b90e92915f8f8eae4f94bd0dce1db274adc12177 Mon Sep 17 00:00:00 2001
From: Yan Fu <yafu@redhat.com>
Date: Thu, 12 Jun 2025 03:25:49 -0400
Subject: [PATCH 09/14] Fedora: kbs-type 0.11.0
Signed-off-by: Uri Lublin <uril@redhat.com>
Signed-off-by: Yan Fu <yafu@redhat.com>
---
Cargo.toml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Cargo.toml b/Cargo.toml
index fcbd500..1b7f5b2 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -23,7 +23,7 @@ const_format = "0.2.34"
env_logger = "0.11.8"
hex = "0.4.3"
hmac = "0.12.1"
-kbs-types = "0.10.0"
+kbs-types = "0.11.0"
log = "0.4.27"
nix = "0.29"
openssl = "0.10"
--
2.49.0

27
SOURCES/0010-Fedora-tempfile-3.20.patch Normal file
View File

@ -0,0 +1,27 @@
From 49bad3bb6eecd589c619f1a03f0ea1ba46d8615d Mon Sep 17 00:00:00 2001
From: Yan Fu <yafu@redhat.com>
Date: Thu, 12 Jun 2025 03:27:00 -0400
Subject: [PATCH 10/14] Fedora: tempfile 3.20
Signed-off-by: Uri Lublin <uril@redhat.com>
Signed-off-by: Yan Fu <yafu@redhat.com>
---
Cargo.toml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Cargo.toml b/Cargo.toml
index 1b7f5b2..ac9208c 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -39,7 +39,7 @@ serde_json = "1.0"
serial_test = "3"
sha2 = "0.10.9"
strum = { version = "0.27", features = ["derive"] }
-tempfile = "3.19"
+tempfile = "3.20"
thiserror = "2.0"
tokio = "1.44"
toml = "0.8.22"
--
2.49.0

27
SOURCES/0011-Fedora-tokio-1.45.patch Normal file
View File

@ -0,0 +1,27 @@
From 446e4f308ba84d9810e10dc4a07458a4179460fb Mon Sep 17 00:00:00 2001
From: Yan Fu <yafu@redhat.com>
Date: Thu, 12 Jun 2025 03:28:55 -0400
Subject: [PATCH 11/14] Fedora: tokio 1.45
Signed-off-by: Uri Lublin <uril@redhat.com>
Signed-off-by: Yan Fu <yafu@redhat.com>
---
Cargo.toml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Cargo.toml b/Cargo.toml
index ac9208c..5accb4c 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -41,7 +41,7 @@ sha2 = "0.10.9"
strum = { version = "0.27", features = ["derive"] }
tempfile = "3.20"
thiserror = "2.0"
-tokio = "1.44"
+tokio = "1.45"
toml = "0.8.22"
tonic = "0.12"
tonic-build = "0.12"
--
2.49.0

25
SOURCES/0012-Fedora-zeroize-1.8.1.patch Normal file
View File

@ -0,0 +1,25 @@
From 886e38d9fa174c261dcbfb72767529da0cd97d76 Mon Sep 17 00:00:00 2001
From: Yan Fu <yafu@redhat.com>
Date: Thu, 12 Jun 2025 03:32:14 -0400
Subject: [PATCH 12/14] Fedora: zeroize 1.8.1
Signed-off-by: Uri Lublin <uril@redhat.com>
Signed-off-by: Yan Fu <yafu@redhat.com>
---
Cargo.toml | 4 +-
1 file changed, 2 insertion(+), 2 deletion(-)
diff --git a/Cargo.toml b/Cargo.toml
index 5accb4c..e648459 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -47,4 +47,4 @@ tonic = "0.12"
tonic-build = "0.12"
-url = "2.5.4"
+url = "2.5.2"
uuid = "1"
-zeroize = "1.5.7"
+zeroize = "1.8.1"
--
2.49.0

19
0010-Fedora-use-clap-4.2.7.patch → SOURCES/0013-Fedora-use-clap-4.2.7.patch
View File

@ -1,8 +1,7 @@
From 266776b3c7bdc4179faa7739bb5cd92dad150380 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Mon, 28 Oct 2024 21:15:37 +0200
Subject: [PATCH] Fedora: use clap "^4.2.7"
Content-type: text/plain
From 977f2a0c582fb2c63e930b07d8f0ce75c27a1732 Mon Sep 17 00:00:00 2001
From: Yan Fu <yafu@redhat.com>
Date: Thu, 12 Jun 2025 03:38:31 -0400
Subject: [PATCH 13/14] Fedora: use clap 4.2.7
Upstream commits 2d8dcd3 and 53ddd63 changed version from "4" to
"~4.2.7" such that it can be built with rust 1.69.
@ -20,18 +19,18 @@ Signed-off-by: Uri Lublin <uril@redhat.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Cargo.toml b/Cargo.toml
index 08dca30..9f5e48c 100644
index e648459..7891215 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -17,7 +17,7 @@ base64-serde = "0.7"
bincode = "1.3.3"
cfg-if = "1.0.0"
chrono = "0.4.26"
chrono = "0.4.41"
-clap = "~4.2.7"
+clap = "^4.2.7"
config = "0.14.1"
const_format = "0.2.33"
env_logger = "0.11.5"
const_format = "0.2.34"
env_logger = "0.11.8"
--
2.47.1
2.49.0

69
SOURCES/0014-Fedora-sev-6.2.1.patch Normal file
View File

@ -0,0 +1,69 @@
From 7a3cb4eaed2a67a4b8a86cfbf521332849907ad0 Mon Sep 17 00:00:00 2001
From: Yan Fu <yafu@redhat.com>
Date: Wed, 30 Jul 2025 23:21:46 -0400
Subject: [PATCH 15/16] Fedora: sev: 6.2.1
Use sev version 6.2.1.
Also update the code to adapt to the AttestationReport struct changes introduced in sev 6.2.1.
Signed-off-by: Uri Lublin <uril@redhat.com>
Signed-off-by: Yan Fu <yafu@redhat.com>
---
attestation-agent/attester/Cargo.toml | 2 +-
attestation-agent/attester/src/snp/hostdata.rs | 6 ++++--
attestation-agent/attester/src/snp/mod.rs | 6 +++++-
3 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/attestation-agent/attester/Cargo.toml b/attestation-agent/attester/Cargo.toml
index db57aa7..59f7b7a 100644
--- a/attestation-agent/attester/Cargo.toml
+++ b/attestation-agent/attester/Cargo.toml
@@ -22,7 +22,7 @@ scroll = { version = "0.12.0", default-features = false, features = ["derive", "
serde.workspace = true
serde_json.workspace = true
serde_with.workspace = true
-sev = { version = "4.0.0", default-features = false, features = ["snp"], optional = true }
+sev = { version = "6.2.1", default-features = false, features = ["snp"], optional = true }
strum.workspace = true
thiserror.workspace = true
tokio = { version = "1", features = ["full"], optional = true }
diff --git a/attestation-agent/attester/src/snp/hostdata.rs b/attestation-agent/attester/src/snp/hostdata.rs
index 4dce51c..e173d8b 100644
--- a/attestation-agent/attester/src/snp/hostdata.rs
+++ b/attestation-agent/attester/src/snp/hostdata.rs
@@ -18,7 +18,9 @@ pub enum GetHostDataError {
pub fn get_snp_host_data() -> Result<[u8; 32], GetHostDataError> {
let mut firmware = sev::firmware::guest::Firmware::open()?;
let report_data: [u8; 64] = [0; 64];
- let report = firmware.get_report(None, Some(report_data), Some(0))?;
+ let report_bytes = firmware.get_report(None, Some(report_data), Some(0))?;
+ // Use sev 6.x's from_bytes() for version-agnostic parsing
+ let report = sev::firmware::guest::AttestationReport::from_bytes(&report_bytes)?;
- Ok(report.host_data)
+ Ok(*report.host_data)
}
diff --git a/attestation-agent/attester/src/snp/mod.rs b/attestation-agent/attester/src/snp/mod.rs
index d931d9d..5cdb8ea 100644
--- a/attestation-agent/attester/src/snp/mod.rs
+++ b/attestation-agent/attester/src/snp/mod.rs
@@ -41,10 +41,14 @@ impl Attester for SnpAttester {
let mut firmware = Firmware::open()?;
let data = report_data.as_slice().try_into()?;
- let (report, certs) = firmware
+ let (report_bytes, certs) = firmware
.get_ext_report(None, Some(data), Some(0))
.context("Failed to get attestation report")?;
+ // Use sev 6.x's from_bytes() for version-agnostic parsing
+ let report = AttestationReport::from_bytes(&report_bytes)
+ .context("Failed to parse attestation report")?;
+
let evidence = SnpEvidence {
attestation_report: report,
cert_chain: certs,
--
2.49.0

29
SOURCES/0015-Fedora-az-snp-vtpm-az-tdx-vtpm-0.7.4.patch Normal file
View File

@ -0,0 +1,29 @@
From f91be2b1f0a742dffaa88bd28f60a44e878eab59 Mon Sep 17 00:00:00 2001
From: Yan Fu <yafu@redhat.com>
Date: Wed, 30 Jul 2025 23:33:37 -0400
Subject: [PATCH 16/16] Fedora: az-snp-vtpm/az-tdx-vtpm: 0.7.4
Signed-off-by: Uri Lublin <uril@redhat.com>
Signed-off-by: Yan Fu <yafu@redhat.com>
---
attestation-agent/attester/Cargo.toml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/attestation-agent/attester/Cargo.toml b/attestation-agent/attester/Cargo.toml
index 59f7b7a..bc39564 100644
--- a/attestation-agent/attester/Cargo.toml
+++ b/attestation-agent/attester/Cargo.toml
@@ -9,8 +9,8 @@ license = "Apache-2.0"
[dependencies]
anyhow.workspace = true
async-trait.workspace = true
-az-snp-vtpm = { version = "0.7.1", default-features = false, features = ["attester"], optional = true }
-az-tdx-vtpm = { version = "0.7.0", default-features = false, features = ["attester"], optional = true }
+az-snp-vtpm = { version = "0.7.4", default-features = false, features = ["attester"], optional = true }
+az-tdx-vtpm = { version = "0.7.4", default-features = false, features = ["attester"], optional = true }
base64.workspace = true
clap = { workspace = true, features = ["derive"], optional = true }
cfg-if.workspace = true
--
2.49.0

86
trustee-guest-components.spec → SPECS/trustee-guest-components.spec
View File

@ -1,90 +1,83 @@
# Generated by rust2rpm 27
%bcond check 1
%global commit 0061d036509e451597f5f61492b41849b36a32a1
%global shortcommit %(c=%{commit}; echo ${c:0:7})
# numcommits is taken from git describe --tags <commit> (num commits s
%global numcommits 124
%global projectname guest-components
%global projectname guest-components
Name: trustee-guest-components
Version: 0.10.0^%{numcommits}.git%{shortcommit}
Release: 3%{?dist}
Version: 0.13.0
Release: 1%{?dist}
Summary: Tools that run in confidential VMs, attest and get secrets from Trustee
# License lines copied from the build
# (MIT OR Apache-2.0) AND Unicode-DFS-2016
# Apache-2.0
# Apache-2.0 OR BSL-1.0
# Apache-2.0 OR ISC OR MIT
# Apache-2.0 OR MIT
# Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT
# BSD-2-Clause OR Apache-2.0 OR MIT
# ISC
# MIT
# MIT OR Apache-2.0
# MIT OR Apache-2.0 OR Zlib
# MPL-2.0
# Unicode-3.0
# Unlicense OR MIT
# Zlib OR Apache-2.0 OR MIT
# License lines above, but sorted within and between lines
# (MIT OR Apache-2.0) AND Unicode-DFS-2016
# Apache-2.0
# Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT
# Apache-2.0 OR BSD-2-Clause OR MIT
# Apache-2.0 OR BSL-1.0
# Apache-2.0 OR ISC OR MIT
# Apache-2.0 OR MIT
# Apache-2.0 OR MIT
# Apache-2.0 OR MIT OR Zlib
# Apache-2.0 OR MIT OR Zlib
# ISC
# MIT
# MIT OR Unlicense
# MPL-2.0
# (Apache-2.0 OR MIT) AND Unicode-DFS-2016
License: Apache-2.0 AND (Apache-2.0 OR BSD-2-Clause OR MIT) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND (Apache-2.0 OR MIT OR Zlib) AND ISC AND MIT AND (MIT OR Unlicense) AND MPL-2.0 AND Unicode-DFS-2016
# Unicode-3.0
License: (MIT OR Apache-2.0) AND Unicode-DFS-2016 AND Apache-2.0 AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR BSD-2-Clause OR MIT) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR MIT) AND ISC AND MIT AND (MIT OR Unlicense) AND MPL-2.0 AND Unicode-3.0
# LICENSE.dependencies contains a full license breakdown
URL: https://github.com/confidential-containers/guest-components
Source: https://github.com/confidential-containers/%{projectname}/archive/%{commit}/%{projectname}-%{shortcommit}.tar.gz
Source: https://github.com/confidential-containers/%{projectname}/archive/refs/tags/v%{version}/%{projectname}-%{version}.tar.gz
# Creating vendor tar (on latest Fedora under a guest-components dir):
# dnf install <all dependencies>
# bash create_vendor_source.sh
# mv vendor.tar.xz <dir>/<vendor-tarball-long-name>
Source1: %{name}-0.10.0_%{numcommits}.git%{shortcommit}-vendor.tar.xz
Source1: %{name}-%{version}-vendor.tar.xz
# * adapt to RHEL
# * Remove workspace members which are not built
Patch1: 0001-Fedora-Remove-workspace-members-which-are-not-built.patch
# * deps/crypto defaults to openssl
Patch2: 0002-Fedora-AA-deps-crypto-default-to-openssl.patch
# * use native-tls for reqwest
Patch3: 0003-Fedora-kbs_protocol-Cargo.toml-reqwest-use-native-TL.patch
# * remove dependency jwt-simple - not in Fedora
Patch4: 0004-Fedora-remove-jwt-simple-dependency.patch
# * kbs_protocol defaults to openssl
Patch3: 0003-Fedora-kbs_protocol-use-openssl-instead-of-rust-cryp.patch
# * pick attesters to build
Patch4: 0004-Fedora-attester-pick-attesters-in-all-attesters.patch
# * remove dependency ttrpc - not in Fedora
Patch5: 0005-Fedora-remove-ttrpc-dependency.patch
# * pick attesters to build
Patch6: 0006-Fedora-attester-pick-attesters-in-all-attesters.patch
# * remove dependency jwt-simple - not in Fedora
Patch6: 0006-Fedora-remove-jwt-simple-dependency.patch
# * remove dependency testcontainers - not in Fedora
Patch7: 0007-Fedora-remove-testcontainers-dependency.patch
# * kbs_protocol defaults to openssl
Patch8: 0008-Fedora-kbs_protocol-default-to-openssl.patch
# * rstest version is 0.23
Patch9: 0009-Fedora-rstest-0.23.patch
# * clap version is ^4.2.7 -- see patch for more info
Patch10: 0010-Fedora-use-clap-4.2.7.patch
# * kbs-types version is 0.8.0
Patch11: 0011-Fedora-kbs-types-0.8.0.patch
# * add package.license to kbs_protocol/Cargo.toml
Patch12: 0012-Fedora-kbs_protocol-Cargo.toml-add-package.license.patch
# * url version is 2.5.2
Patch13: 0013-Fedora-url-version-is-2.5.2.patch
# * protobuf is 2.28
Patch14: 0014-Fedora-protobuf-is-2.28.patch
Patch8: 0008-Fedora-rstest-0.23.patch
# * kbs-type version is 0.11.0
Patch9: 0009-Fedora-kbs-type-0.11.0.patch
# * tempfile version is 3.20
Patch10: 0010-Fedora-tempfile-3.20.patch
# * tokio version is 1.45
Patch11: 0011-Fedora-tokio-1.45.patch
# * zeroize version is 1.8.1
Patch12: 0012-Fedora-zeroize-1.8.1.patch
# * Use clap ^4.2.7
Patch13: 0013-Fedora-use-clap-4.2.7.patch
# * sev version is 6.2.1
Patch14: 0014-Fedora-sev-6.2.1.patch
# * az-snp-vtpm/az-tdx-vtpm is 0.7.4
Patch15: 0015-Fedora-az-snp-vtpm-az-tdx-vtpm-0.7.4.patch
ExclusiveArch: x86_64
BuildRequires: rust-toolset
@ -101,7 +94,7 @@ A part of the confidential-containers project}
%description %{_description}
%prep
%autosetup -n guest-components-0061d036509e451597f5f61492b41849b36a32a1 -p1 -a1
%autosetup -n %{projectname}-%{version} -p1 -a1
rm -f Cargo.lock
%cargo_prep -v vendor
@ -142,14 +135,19 @@ cd attestation-agent/kbs_protocol
%{_bindir}/trustee-attester
%changelog
* Wed Aug 13 2025 Yan Fu <yafu@redhat.com> 0.13.0-1
- Update to version 0.13.0
Enable tdx-attester (tsm-report)
Resolves: RHEL-109114
* Sun Feb 09 2025 Uri Lublin <uril@redhat.com> - 0.10.0^124.git0061d03-3
- Use cargo vendor-filterer to create vendor Source1, make rpminspect happy
Resolves: RHEL-73770
Resolves: RHEL-68141
* Thu Feb 06 2025 Uri Lublin <uril@redhat.com> - 0.10.0^124.git0061d03-2
- A smaller vendor Source1
Resolves: RHEL-73770
Resolves: RHEL-68141
* Tue Jan 21 2025 Uri Lublin <uril@redhat.com> 0.10.0^124.git0061d03-1
- Initial commit on c10s
Resolves: RHEL-73770
- Initial commit on c9s
Resolves: RHEL-68141

24
create_vendor_source.sh
View File

@ -1,24 +0,0 @@
#!/bin/bash
# fail upon error
set -e
# Run on Fedora
# make sure all dependencies are yum installed
# cd <guest-components-dir-ready-to-be-built>
# create a .cargo/config.toml
if [ ! -f .cargo/config.toml ]; then
rpm -E '%{cargo_prep}' > cargo_prep.sh
bash cargo_prep.sh
fi
# run cargo vendor-filtered --offline
cargo vendor-filterer --respect-source-config --offline --platform x86_64-unknown-linux-gnu --keep-dep-kinds all --all-features --exclude-crate-path "idna#tests" --exclude-crate-path "idna-0.4.0#tests"
# run tar and xz
tar cf vendor.tar vendor/
xz --best --verbose vendor.tar
echo vendor.tar.xz created

5
gating.yaml
View File

@ -1,5 +0,0 @@
--- !Policy
product_versions:
- rhel-10
decision_context: osci_compose_gate
rules: []

2
sources
View File

@ -1,2 +0,0 @@
SHA512 (trustee-guest-components-0.10.0_124.git0061d03-vendor.tar.xz) = a7da3ab8a6da819a34df81695e7cbf108aec82ff6dab43b1dc4bdd7bdcdd12498278b0c255151475ccfcf02d4f1b60d483b3b2318ad860fb1ecdf0d7b243dfa2
SHA512 (guest-components-0061d03.tar.gz) = 1003767c3ca23de625f02f883373ccc3d23a950c2fa9c02a38bc22293be04d298cd6b18ad64d8506eb5060de10e6fa00f6d7197d314d2b75cadea8223202a954