forked from fdo-rs/fido-device-onboard-rs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
fido-device-onboard.spec
376 lines (316 loc) · 13.4 KB
/
fido-device-onboard.spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
%global dracutlibdir %{_prefix}/lib/dracut
%bcond_without check
%global combined_license Apache-2.0 AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR ISC OR MIT) AND (Apache-2.0 OR MIT) AND ((Apache-2.0 OR MIT) AND BSD-3-Clause) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND (CC0-1.0 OR Apache-2.0) AND (CC0-1.0 OR MIT-0 OR Apache-2.0) AND ISC AND MIT AND ((MIT OR Apache-2.0) AND Unicode-DFS-2016) AND (Apache-2.0 OR MIT OR Zlib) AND MPL-2.0 AND (Unlicense OR MIT)
Name: fido-device-onboard
Version: 0.5.0
Release: 1%{?dist}
Summary: A rust implementation of the FIDO Device Onboard Specification
License: BSD-3-Clause
URL: https://github.com/fdo-rs/fido-device-onboard-rs
Source0: %{url}/archive/v%{version}/%{name}-rs-%{version}.tar.gz
# See make-vendored-tarfile.sh in upstream repo
Source1: %{name}-rs-%{version}-vendor-patched.tar.xz
Patch1: 0001-Revert-chore-use-git-fork-for-aws-nitro-enclaves-cos.patch
# Because nobody cares
ExcludeArch: %{ix86}
%if 0%{?rhel}
BuildRequires: rust-toolset
%else
BuildRequires: rust-packaging
%endif
BuildRequires: clang-devel
BuildRequires: cryptsetup-devel
BuildRequires: device-mapper-devel
BuildRequires: libpq-devel
BuildRequires: golang
BuildRequires: openssl-devel >= 3.0.1-12
BuildRequires: sqlite-devel
BuildRequires: systemd-rpm-macros
BuildRequires: tpm2-tss-devel
%description
%{summary}.
%prep
%if 0%{?rhel}
%autosetup -p1 -a1 -n %{name}-rs-%{version}
rm -f Cargo.lock
%if 0%{?rhel} >= 10
%cargo_prep -v vendor
%else
%cargo_prep -V 1
%endif
%endif
%if 0%{?fedora}
%autosetup -p1 -n %{name}-rs-%{version}
%cargo_prep
%generate_buildrequires
%cargo_generate_buildrequires -a
%endif
%build
%cargo_build \
-F openssl-kdf/deny_custom
%{?cargo_license_summary}
%{?cargo_license} > LICENSE.dependencies
%if 0%{?rhel} >= 10
%cargo_vendor_manifest
%endif
%install
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-client-linuxapp
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-client
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-manufacturing-server
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-owner-onboarding-server
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-rendezvous-server
install -D -m 0755 -t %{buildroot}%{_libexecdir}/fdo target/release/fdo-serviceinfo-api-server
install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-owner-tool
install -D -m 0755 -t %{buildroot}%{_bindir} target/release/fdo-admin-tool
install -D -m 0644 -t %{buildroot}%{_unitdir} examples/systemd/*
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo examples/config/*
# db sql files
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_manufacturing_server_postgres migrations/migrations_manufacturing_server_postgres/2023-10-03-152801_create_db/*
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_manufacturing_server_sqlite migrations/migrations_manufacturing_server_sqlite/2023-10-03-152801_create_db/*
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_owner_onboarding_server_postgres migrations/migrations_owner_onboarding_server_postgres/2023-10-03-152801_create_db/*
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_owner_onboarding_server_sqlite migrations/migrations_owner_onboarding_server_sqlite/2023-10-03-152801_create_db/*
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_rendezvous_server_postgres migrations/migrations_rendezvous_server_postgres/2023-10-03-152801_create_db/*
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_rendezvous_server_sqlite migrations/migrations_rendezvous_server_sqlite/2023-10-03-152801_create_db/*
# duplicates as needed by AIO command so link them
mkdir -p %{buildroot}%{_bindir}
ln -sr %{buildroot}%{_bindir}/fdo-owner-tool %{buildroot}%{_libexecdir}/fdo/fdo-owner-tool
ln -sr %{buildroot}%{_bindir}/fdo-admin-tool %{buildroot}%{_libexecdir}/fdo/fdo-admin-tool
# Create directories needed by the various services so we own them
mkdir -p %{buildroot}%{_sysconfdir}/fdo
mkdir -p %{buildroot}%{_sysconfdir}/fdo/keys
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/manufacturer_keys
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/manufacturing_sessions
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/owner_onboarding_sessions
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/owner_vouchers
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/rendezvous_registered
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/rendezvous_sessions
mkdir -p %{buildroot}%{_sysconfdir}/fdo/stores/serviceinfo_api_devices
mkdir -p %{buildroot}%{_sysconfdir}/fdo/manufacturing-server.conf.d
mkdir -p %{buildroot}%{_sysconfdir}/fdo/owner-onboarding-server.conf.d
mkdir -p %{buildroot}%{_sysconfdir}/fdo/rendezvous-server.conf.d
mkdir -p %{buildroot}%{_sysconfdir}/fdo/serviceinfo-api-server.conf.d
mkdir -p %{buildroot}%{_localstatedir}/lib/fdo
# Dracut manufacturing service
install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/module-setup.sh
install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-generator
install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client-service
install -D -m 0755 -t %{buildroot}%{dracutlibdir}/modules.d/52fdo dracut/52fdo/manufacturing-client.service
%package -n fdo-init
Summary: dracut module for device initialization
License: %combined_license
Requires: openssl-libs >= 3.0.1-12
Requires: dracut
%description -n fdo-init
%{summary}
%files -n fdo-init
%license LICENSE LICENSE.dependencies
%if 0%{?rhel} >= 10
%license cargo-vendor.txt
%endif
%{dracutlibdir}/modules.d/52fdo/
%{_libexecdir}/fdo/fdo-manufacturing-client
%package -n fdo-owner-onboarding-server
Summary: FDO Owner Onboarding Server implementation
License: %combined_license
Requires: openssl-libs >= 3.0.1-12
%description -n fdo-owner-onboarding-server
%{summary}
%files -n fdo-owner-onboarding-server
%license LICENSE LICENSE.dependencies
%if 0%{?rhel} >= 10
%license cargo-vendor.txt
%endif
%dir %{_sysconfdir}/fdo
%dir %{_sysconfdir}/fdo/keys
%dir %{_sysconfdir}/fdo/owner-onboarding-server.conf.d
%dir %{_sysconfdir}/fdo/serviceinfo-api-server.conf.d
%dir %{_sysconfdir}/fdo/stores
%dir %{_sysconfdir}/fdo/stores/owner_onboarding_sessions
%dir %{_sysconfdir}/fdo/stores/owner_vouchers
%dir %{_sysconfdir}/fdo/stores/serviceinfo_api_devices
%{_libexecdir}/fdo/fdo-owner-onboarding-server
%{_libexecdir}/fdo/fdo-serviceinfo-api-server
%dir %{_localstatedir}/lib/fdo
%dir %{_docdir}/fdo
%{_docdir}/fdo/device_specific_serviceinfo.yml
%{_docdir}/fdo/serviceinfo-api-server.yml
%{_docdir}/fdo/owner-onboarding-server.yml
%{_docdir}/fdo/migrations/migrations_owner_onboarding_server_postgres/*
%{_docdir}/fdo/migrations/migrations_owner_onboarding_server_sqlite/*
%{_unitdir}/fdo-serviceinfo-api-server.service
%{_unitdir}/fdo-owner-onboarding-server.service
%post -n fdo-owner-onboarding-server
%systemd_post fdo-owner-onboarding-server.service
%systemd_post fdo-serviceinfo-api-server.service
%preun -n fdo-owner-onboarding-server
%systemd_preun fdo-owner-onboarding-server.service
%systemd_post fdo-serviceinfo-api-server.service
%postun -n fdo-owner-onboarding-server
%systemd_postun_with_restart fdo-owner-onboarding-server.service
%systemd_postun_with_restart fdo-serviceinfo-api-server.service
%package -n fdo-rendezvous-server
Summary: FDO Rendezvous Server implementation
License: %combined_license
%description -n fdo-rendezvous-server
%{summary}
%files -n fdo-rendezvous-server
%license LICENSE LICENSE.dependencies
%if 0%{?rhel} >= 10
%license cargo-vendor.txt
%endif
%dir %{_sysconfdir}/fdo
%dir %{_sysconfdir}/fdo/keys
%dir %{_sysconfdir}/fdo/rendezvous-server.conf.d
%dir %{_sysconfdir}/fdo/stores
%dir %{_sysconfdir}/fdo/stores/rendezvous_registered
%dir %{_sysconfdir}/fdo/stores/rendezvous_sessions
%{_libexecdir}/fdo/fdo-rendezvous-server
%dir %{_localstatedir}/lib/fdo
%dir %{_docdir}/fdo
%{_docdir}/fdo/rendezvous-*.yml
%{_docdir}/fdo/migrations/migrations_rendezvous_server_postgres/*
%{_docdir}/fdo/migrations/migrations_rendezvous_server_sqlite/*
%{_unitdir}/fdo-rendezvous-server.service
%post -n fdo-rendezvous-server
%systemd_post fdo-rendezvous-server.service
%preun -n fdo-rendezvous-server
%systemd_preun fdo-rendezvous-server.service
%postun -n fdo-rendezvous-server
%systemd_postun_with_restart fdo-rendezvous-server.service
%package -n fdo-manufacturing-server
Summary: FDO Manufacturing Server implementation
License: %combined_license
Requires: openssl-libs >= 3.0.1-12
%description -n fdo-manufacturing-server
%{summary}
%files -n fdo-manufacturing-server
%license LICENSE LICENSE.dependencies
%if 0%{?rhel} >= 10
%license cargo-vendor.txt
%endif
%dir %{_sysconfdir}/fdo
%dir %{_sysconfdir}/fdo/keys
%dir %{_sysconfdir}/fdo/manufacturing-server.conf.d
%dir %{_sysconfdir}/fdo/stores
%dir %{_sysconfdir}/fdo/stores/manufacturer_keys
%dir %{_sysconfdir}/fdo/stores/manufacturing_sessions
%dir %{_sysconfdir}/fdo/stores/owner_vouchers
%{_libexecdir}/fdo/fdo-manufacturing-server
%dir %{_localstatedir}/lib/fdo
%dir %{_docdir}/fdo
%{_docdir}/fdo/manufacturing-server.yml
%{_docdir}/fdo/migrations/migrations_manufacturing_server_postgres/*
%{_docdir}/fdo/migrations/migrations_manufacturing_server_sqlite/*
%{_unitdir}/fdo-manufacturing-server.service
%post -n fdo-manufacturing-server
%systemd_post fdo-manufacturing-server.service
%preun -n fdo-manufacturing-server
%systemd_preun fdo-manufacturing-server.service
%postun -n fdo-manufacturing-server
%systemd_postun_with_restart fdo-manufacturing-server.service
%package -n fdo-client
Summary: FDO Client implementation
License: %combined_license
Requires: openssl-libs >= 3.0.1-12
Requires: clevis
Requires: clevis-luks
Requires: clevis-pin-tpm2
Requires: cryptsetup
%description -n fdo-client
%{summary}
%files -n fdo-client
%if 0%{?rhel} >= 10
%license cargo-vendor.txt
%endif
%license LICENSE LICENSE.dependencies
%{_libexecdir}/fdo/fdo-client-linuxapp
%{_unitdir}/fdo-client-linuxapp.service
%post -n fdo-client
%systemd_post fdo-client-linuxapp.service
%preun -n fdo-client
%systemd_preun fdo-client-linuxapp.service
%postun -n fdo-client
%systemd_postun_with_restart fdo-client-linuxapp.service
%package -n fdo-owner-cli
Summary: FDO Owner tools implementation
License: %combined_license
%description -n fdo-owner-cli
%{summary}
%files -n fdo-owner-cli
%if 0%{?rhel} >= 10
%license cargo-vendor.txt
%endif
%license LICENSE LICENSE.dependencies
%{_bindir}/fdo-owner-tool
%{_libexecdir}/fdo/fdo-owner-tool
%package -n fdo-admin-cli
Summary: FDO admin tools implementation
License: %combined_license
Requires: fdo-manufacturing-server = %{version}-%{release}
Requires: fdo-rendezvous-server = %{version}-%{release}
Requires: fdo-owner-onboarding-server = %{version}-%{release}
Requires: fdo-owner-cli = %{version}-%{release}
Requires: fdo-client = %{version}-%{release}
Requires: fdo-init = %{version}-%{release}
%description -n fdo-admin-cli
%{summary}
%files -n fdo-admin-cli
%if 0%{?rhel} >= 10
%license cargo-vendor.txt
%endif
%license LICENSE LICENSE.dependencies
%dir %{_sysconfdir}/fdo
%dir %{_sysconfdir}/fdo/keys
%{_bindir}/fdo-admin-tool
%{_libexecdir}/fdo/fdo-admin-tool
%{_unitdir}/fdo-aio.service
%post -n fdo-admin-cli
%systemd_post fdo-aio.service
%preun -n fdo-admin-cli
%systemd_preun fdo-aio.service
%postun -n fdo-admin-cli
%systemd_postun_with_restart fdo-aio.service
%changelog
* Tue Feb 20 2024 Peter Robinson <[email protected]> - 0.5.0-1
- Update to 0.5.0
* Thu Jan 25 2024 Peter Robinson <[email protected]> - 0.4.13-1
- Update to 0.4.13
* Wed Jul 26 2023 Peter Robinson <[email protected]> - 0.4.12-1
- Update to 0.4.12
* Mon Jul 03 2023 Peter Robinson <[email protected]> - 0.4.11-1
- Update to 0.4.11
* Mon Jul 03 2023 Peter Robinson <[email protected]> - 0.4.10-2
- Updates for eln/c9s building
* Fri Jun 23 2023 Peter Robinson <[email protected]> - 0.4.10-1
- Update to 0.4.10
* Wed Jun 14 2023 Peter Robinson <[email protected]> - 0.4.9-5
- More spec updates
* Wed Jun 14 2023 Peter Robinson <[email protected]> - 0.4.9-4
- Add patch for libcryptsetup-rs 0.8 API changes
* Tue Jun 13 2023 Peter Robinson <[email protected]> - 0.4.9-3
- Updates for licenses
* Tue May 30 2023 Peter Robinson <[email protected]> - 0.4.9-2
- Review feedback
- Patch for libcryptsetup-rs 0.7
* Thu May 11 2023 Peter Robinson <[email protected]> - 0.4.9-1
- Update to 0.4.9
* Mon Feb 20 2023 Peter Robinson <[email protected]> - 0.4.7-3
- Fix services start
* Wed Feb 15 2023 Peter Robinson <[email protected]> - 0.4.7-2
- Upstream fix for rhbz#2168089
* Wed Nov 30 2022 Peter Robinson <[email protected]> - 0.4.7-1
- Update to 0.4.7
- Package updates and cleanup
* Tue Mar 29 2022 Antonio Murdaca <[email protected]> - 0.4.5-1
- bump to 0.4.5
* Mon Feb 28 2022 Antonio Murdaca <[email protected]> - 0.4.0-2
- fix runtime requirements to use openssl-libs and not -devel
* Thu Feb 24 2022 Antonio Murdaca <[email protected]> - 0.4.0-1
- upgrade to 0.4.0
* Tue Feb 01 2022 Antonio Murdaca <[email protected]> - 0.3.0-1
- bump to 0.3.0
* Tue Jan 11 2022 Antonio Murdaca <[email protected]> - 0.2.0-2
- use patched vendor w/o win files and rename license
* Mon Dec 13 2021 Antonio Murdaca <[email protected]> - 0.2.0-1
- import fido-device-onboard