Accepting request 933000 from home:olh

PM-2379 OBS-URL: https://build.opensuse.org/request/show/933000 OBS-URL: https://build.opensuse.org/package/show/Cloud:Tools/aws-nitro-enclaves-cli?expand=0&rev=1
2021-11-22 11:01:43 +00:00 · 2021-11-22 11:01:43 +00:00 · 72c644286a
commit 72c644286a
9 changed files with 301 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/52
+++ b/52
@ -0,0 +1,52 @@
+<services>
+  <service name="tar_scm" mode="disabled">
+    <param name="exclude">.github</param>
+    <param name="exclude">CODE_OF_CONDUCT.md</param>
+    <param name="exclude">CONTRIBUTING.md</param>
+    <param name="exclude">Makefile</param>
+    <param name="exclude">NOTICE</param>
+    <param name="exclude">SOURCES</param>
+    <param name="exclude">SPECS</param>
+    <param name="exclude">about.hbs</param>
+    <param name="exclude">about.toml</param>
+    <param name="exclude">appspec.yml</param>
+    <param name="exclude">blobs/aarch64</param>
+    <param name="exclude">blobs/x86_64/bzImage.config</param>
+    <param name="exclude">blobs/x86_64/cmdline</param>
+    <param name="exclude">blobs/x86_64/init</param>
+    <param name="exclude">buildspec.yml</param>
+    <param name="exclude">ci_entrypoint.sh</param>
+    <param name="exclude">docs</param>
+    <param name="exclude">drivers</param>
+    <param name="exclude">examples</param>
+    <param name="exclude">install.sh</param>
+    <param name="exclude">run-nitro-cli-integration-tests</param>
+    <param name="exclude">run_tests.sh</param>
+    <param name="exclude">samples</param>
+    <param name="exclude">sources</param>
+    <param name="exclude">tests</param>
+    <param name="exclude">third_party</param>
+    <param name="exclude">tools</param>
+    <param name="exclude">vendor</param>
+    <param name="filename">aws-nitro-enclaves-cli</param>
+    <param name="match-tag">*</param>
+    <param name="revision">a46465e19358d4a68f266c9556a6ed6367d82de6</param>
+    <param name="scm">git</param>
+    <param name="submodules">disable</param>
+    <param name="url">https://github.com/aws/aws-nitro-enclaves-cli.git</param>
+    <param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param>
+    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
+    <param name="versionrewrite-replacement">\1</param>
+  </service>
+  <service name="recompress" mode="disabled">
+    <param name="file">*.tar</param>
+    <param name="compression">xz</param>
+  </service>
+  <service name="set_version" mode="disabled"/>
+<!--
+  <service name="cargo_vendor" mode="disabled">
+     <param name="srcdir">aws-nitro-enclaves-cli</param>
+     <param name="compression">xz</param>
+  </service>
+-->
+</services>
--- a/aws-nitro-enclaves-cli-1.1.0~git8.a46465e.tar.xz
+++ b/aws-nitro-enclaves-cli-1.1.0~git8.a46465e.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e13ea6bc2b5b06628ec827a264add1e01d248f8cbc84c09875a45c3ea26a53a3
+size 14119176
--- a/1
+++ b/1
@ -0,0 +1 @@
+setBadness('arch-dependent-file-in-usr-share', 0)
--- a/aws-nitro-enclaves-cli.changes
+++ b/aws-nitro-enclaves-cli.changes
@ -0,0 +1,5 @@
+-------------------------------------------------------------------
+Mon Nov 22 11:22:33 UTC 2021 - olaf@aepfle.de
+
+- Initial version 1.1.0~git8.a46465e (bsc#1179544)
+
--- a/aws-nitro-enclaves-cli.patch
+++ b/aws-nitro-enclaves-cli.patch
@ -0,0 +1,45 @@
+--- a/enclave_build/src/docker.rs
+++ b/enclave_build/src/docker.rs
+@@ -344,7 +344,13 @@ impl DockerUtil {
+ 
+         let act = async {
+             match self.docker.images().get(&self.docker_image).inspect().await {
+-                Ok(image) => Ok((image.config.cmd.unwrap(), image.config.env.unwrap())),
+                Ok(image) => {
+                    let env: Vec<String> = vec![ "a=b".to_string() ];
+                    info!("{:?}", image);
+                    Ok((
+                    image.config.cmd.unwrap(),
+		    env,
+                ))},
+                 Err(e) => {
+                     error!("{:?}", e);
+                     Err(DockerError::InspectError)
+--- a/init.c
+++ b/init.c
+@@ -381,11 +381,11 @@ void init_nsm_driver() {
+     if (fd < 0 && errno == ENOENT) {
+         return;
+     }
+-    die_on(fd < 0, "failed to open nsm fd");
+    die_on(0&& fd < 0, "failed to open nsm fd");
+     rc = finit_module(fd, "", 0);
+-    die_on(rc < 0, "failed to insert nsm driver");
+    die_on(0&& rc < 0, "failed to insert nsm driver");
+ 
+-    die_on(close(fd), "close nsm fd");
+    die_on(0&& close(fd), "close nsm fd");
+ }
+ 
+ int main() {
+@@ -399,6 +399,10 @@ int main() {
+     init_dev();
+     init_console();
+ 
+    char *pre_init[] = { "/rootfs/pre_init.sh", NULL , };
+    pid_t pre_pid = launch(pre_init, NULL);
+    reap_until(pre_pid);
+
+     // Insert the Nitro Secure Module driver
+     init_nsm_driver();
+ 
--- a/aws-nitro-enclaves-cli.spec
+++ b/aws-nitro-enclaves-cli.spec
@ -0,0 +1,164 @@
+#
+# spec file for package aws-nitro-enclaves-cli
+#
+# Copyright (c) 2021 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+%define ne_system_group ne
+%define ne_rundir %_rundir/nitro_enclaves
+
+
+Name:           aws-nitro-enclaves-cli
+Version:        1.1.0~git8.a46465e
+Release:        0
+Summary:        Tools for managing enclaves
+License:        Apache-2.0
+Url:            https://github.com/aws/aws-nitro-enclaves-cli
+ExclusiveArch:  aarch64 x86_64
+Patch0:         %name.patch
+Source0:        %name-%version.tar.xz
+Source1:        vendor.tar.xz
+Source2:        cargo_config
+Requires(pre):  system-group-%ne_system_group = %version-%release
+Requires:       aws-nitro-enclaves-binaryblobs
+BuildRequires:  cargo > 1.44
+BuildRequires:  clang
+BuildRequires:  glibc-devel-static
+BuildRequires:  openssl-devel
+BuildRequires:  rust > 1.44
+BuildRequires:  systemd-rpm-macros
+BuildRequires:  sysuser-tools
+
+%description
+A collection of tools and commands used for managing the lifecycle of
+enclaves. The Nitro CLI needs to be installed on the parent instance,
+and it can be used to start, manage, and terminate enclaves.
+
+%package -n aws-nitro-enclaves-binaryblobs-upstream
+Summary:        Upstream kernel binary for AWS Nitro Enclaves
+Provides:       aws-nitro-enclaves-binaryblobs = %version-%release
+%description  -n aws-nitro-enclaves-binaryblobs-upstream
+This package contains a kernel binary and a helper binary, which is
+used by the nitro-cli build-enclave command to generate a Enclave
+Image File.
+
+%package -n system-group-%ne_system_group
+Summary:        System group %ne_system_group for AWS Nitro Enclaves
+%?sysusers_requires
+
+%description -n system-group-%ne_system_group
+System group %ne_system_group for Nitro Enclaves.
+
+%prep
+%autosetup -p1 -a1
+
+%build
+%install
+mkdir .cargo
+cp %{SOURCE2} .cargo/config
+%if 0%{?__debug_package}
+rustflags='-Clink-arg=-Wl,-z,relro,-z,now -C debuginfo=2'
+release=
+dir='debug'
+%else
+rustflags='-Clink-arg=-Wl,-z,relro,-z,now -C debuginfo=0'
+release='--release'
+dir='release'
+%endif
+RUSTFLAGS="${rustflags}" cargo build ${release} --manifest-path=./Cargo.toml
+RUSTFLAGS="${rustflags}" cargo build ${release} --manifest-path=./vsock_proxy/Cargo.toml
+
+mkdir -vp '%buildroot%_unitdir'
+cp -aviLt "$_" \
+	bootstrap/nitro-enclaves-allocator.service \
+	%nil
+mkdir -vp '%buildroot%_bindir'
+cp -aviLt "$_" \
+	target/${dir}/nitro-cli \
+	target/${dir}/vsock-proxy \
+	bootstrap/nitro-enclaves-allocator \
+	bootstrap/nitro-cli-config \
+	%nil
+mkdir -vp '%buildroot%_sysconfdir/nitro_enclaves'
+cp -aviLt "$_" \
+	bootstrap/allocator.yaml \
+	%nil
+
+blobs='%buildroot%_datadir/nitro_enclaves/blobs'
+mkdir -vp "${blobs}"
+%ifarch aarch64
+cp -aviLt "${blobs}" blobs/aarch64/*
+tee "${blobs}/cmdline" <<'_EOC_'
+reboot=k panic=3 pci=off nomodules console=ttyS0 random.trust_cpu=on root=/dev/ram0
+_EOC_
+%endif
+%ifarch x86_64
+cp -aviLt "${blobs}" blobs/x86_64/*
+tee "${blobs}/cmdline" <<'_EOC_'
+reboot=k panic=3 pci=off nomodules console=ttyS0 i8042.noaux i8042.nomux i8042.nopnp i8042.dumbkbd random.trust_cpu=on
+_EOC_
+%endif
+gcc -Wall %optflags -static -o "${blobs}/init" init.c
+
+mkdir -vp '%buildroot%_tmpfilesdir'
+tee '%buildroot%_tmpfilesdir/%name.conf' <<_EOF_
+d %{ne_rundir} 0775 root %ne_system_group
+_EOF_
+
+mkdir -vp '%buildroot%_udevrulesdir'
+tee '%buildroot%_udevrulesdir/%name.conf' <<'_EOF_'
+KERNEL=="nitro_enclaves", SUBSYSTEM=="misc", OWNER="root", GROUP="%{ne_group}", MODE="0660", TAG+="systemd"
+_EOF_
+
+suc='system-group-%ne_system_group.conf'
+tee "${suc}" <<'_EOC_'
+g %ne_system_group -
+_EOC_
+mkdir -p '%buildroot%_sysusersdir'
+cp -aviLt "$_" "${suc}"
+%sysusers_generate_pre "${suc}" system-group-%ne_system_group
+
+%files -n system-group-%ne_system_group
+%_sysusersdir/*.conf
+
+%pre -n system-group-%ne_system_group -f system-group-%ne_system_group.pre
+%service_add_pre nitro-enclaves-allocator.service
+%post
+%tmpfiles_create %_tmpfilesdir/%name.conf
+ld='/var/log/nitro_enclaves'
+mkdir -vp "${ld}"
+chmod -v 0770 "${ld}"
+chown -v '0:%ne_system_group' "${ld}"
+%udev_rules_update
+%service_add_post nitro-enclaves-allocator.service
+%preun
+%service_del_preun nitro-enclaves-allocator.service
+%postun
+%service_del_postun_without_restart nitro-enclaves-allocator.service
+
+%files
+%doc README.md
+%license LICENSE
+%license THIRD_PARTY_LICENSES
+%license THIRD_PARTY_LICENSES*.html
+%config(noreplace) %_sysconfdir/nitro_enclaves
+%_bindir/*
+%_tmpfilesdir/%name.conf
+%_udevrulesdir/%name.conf
+%_unitdir/nitro-enclaves-allocator.service
+
+%files -n aws-nitro-enclaves-binaryblobs-upstream
+%_datadir/nitro_enclaves
+
+%changelog
+
--- a/5
+++ b/5
@ -0,0 +1,5 @@
+[source.crates-io]
+replace-with = "vendored-sources"
+
+[source.vendored-sources]
+directory = "vendor"
--- a/vendor.tar.xz
+++ b/vendor.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b0ca4e1f9bb38cdb8a8d19d31c0b1ad63b0385f6d8adf4df04a21dbe46e3c7e9
+size 9118444
				`@ -0,0 +1 @@`
				`setBadness('arch-dependent-file-in-usr-share', 0)`