Compare commits
6 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
| d79eccf2a2 | |||
| 783b3cebeb | |||
| c3c8133a56 | |||
| 5e3ecb085e | |||
| bf3fe2db75 | |||
| 3708dd529e |
@@ -0,0 +1,39 @@
|
||||
From 110a8948a90fb28e40607a48b8c85e07c74acfa1 Mon Sep 17 00:00:00 2001
|
||||
From: Jeff Mahoney <jeffm@suse.com>
|
||||
Date: Thu, 25 Sep 2025 19:28:36 -0400
|
||||
Subject: [PATCH] nitro-enclaves-allocator.service drop-in: autoload kernel
|
||||
module
|
||||
Patch-mainline: https://github.com/aws/aws-nitro-enclaves-cli/pull/717
|
||||
|
||||
This change causes the unit to load the nitro_enclaves kernel module before the
|
||||
service starts.
|
||||
|
||||
Since the modprobe@.service unit was introduced in systemd v245 and
|
||||
there are releases supported by this project using older versions that
|
||||
don't have it, we conditionally install a drop-in file to avoid the
|
||||
warning about the missing unit file.
|
||||
|
||||
We use Wants= instead of Requires= so that it's a soft dependency and
|
||||
will attempt to start the service even if the modprobe@ unit is
|
||||
missing or the modprobe fails (or if the drop-in is installed on an
|
||||
older release otherwise).
|
||||
|
||||
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
|
||||
---
|
||||
|
||||
bootstrap/10-autoload-module.conf | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/bootstrap/10-autoload-module.conf b/bootstrap/10-autoload-module.conf
|
||||
new file mode 100644
|
||||
index 0000000..7630fc4
|
||||
--- /dev/null
|
||||
+++ b/bootstrap/10-autoload-module.conf
|
||||
@@ -0,0 +1,4 @@
|
||||
+# Load the module automatically
|
||||
+[Unit]
|
||||
+Wants=modprobe@nitro_enclaves.service
|
||||
+After=modprobe@nitro_enclaves.service
|
||||
--
|
||||
2.50.1
|
||||
|
||||
5
_service
5
_service
@@ -12,10 +12,8 @@
|
||||
<param name="exclude">about.hbs</param>
|
||||
<param name="exclude">about.toml</param>
|
||||
<param name="exclude">appspec.yml</param>
|
||||
<param name="exclude">blobs/aarch64/Image.config</param>
|
||||
<param name="exclude">blobs/aarch64/cmdline</param>
|
||||
<param name="exclude">blobs/aarch64/init</param>
|
||||
<param name="exclude">blobs/x86_64/bzImage.config</param>
|
||||
<param name="exclude">blobs/x86_64/cmdline</param>
|
||||
<param name="exclude">blobs/x86_64/init</param>
|
||||
<param name="exclude">bootstrap/env.sh</param>
|
||||
@@ -40,7 +38,7 @@
|
||||
<param name="exclude">vendor</param>
|
||||
<param name="filename">aws-nitro-enclaves-cli</param>
|
||||
<param name="match-tag">*</param>
|
||||
<param name="revision">6e8512e4d9e1ba82e0e5c4c9d9d0b3987724f217</param>
|
||||
<param name="revision">82501bb9637e4b41c87ce73f8ffc2ce51ca37a6a</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="submodules">disable</param>
|
||||
<param name="url">https://github.com/aws/aws-nitro-enclaves-cli.git</param>
|
||||
@@ -69,5 +67,6 @@
|
||||
<service name="cargo_vendor" mode="manual">
|
||||
<param name="srcdir">aws-nitro-enclaves-cli</param>
|
||||
<param name="compression">xz</param>
|
||||
<param name="update">false</param>
|
||||
</service>
|
||||
</services>
|
||||
|
||||
Binary file not shown.
3
aws-nitro-enclaves-cli-1.4.3~git0.82501bb.tar.xz
Normal file
3
aws-nitro-enclaves-cli-1.4.3~git0.82501bb.tar.xz
Normal file
@@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:8d55fdebcaacbf0c94bd4329d4a8bbc8dd0cfeab4ddac34f19a83fa9e50971e9
|
||||
size 25938600
|
||||
@@ -1,3 +1,22 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 26 16:17:25 UTC 2025 - Jeff Mahoney <jeffm@suse.com>
|
||||
|
||||
- Add header from kernel configs to blobs to fix image builds
|
||||
(boo#1250573).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 26 14:08:16 UTC 2025 - Jeff Mahoney <jeffm@suse.com>
|
||||
|
||||
- Fix group in udev rule (boo#1250566)
|
||||
- Automatically load kernel module when allocator service is started
|
||||
(boo#1250567)
|
||||
* Added 0001-nitro-enclaves-allocator.service-drop-in-autoload-ke.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 5 05:05:05 UTC 2025 - olaf@aepfle.de
|
||||
|
||||
- Update to version 1.4.3
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 17 12:47:06 UTC 2025 - Robert Schweikert <rjschwei@suse.com>
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package aws-nitro-enclaves-cli
|
||||
#
|
||||
# Copyright (c) 2025 SUSE LLC
|
||||
# Copyright (c) 2025 SUSE LLC and contributors
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@@ -20,17 +20,18 @@
|
||||
%define ne_rundir %_rundir/nitro_enclaves
|
||||
|
||||
Name: aws-nitro-enclaves-cli
|
||||
Version: 1.4.2~git0.6e8512e
|
||||
Version: 1.4.3~git0.82501bb
|
||||
Release: 0
|
||||
Summary: Tools for managing enclaves
|
||||
License: Apache-2.0
|
||||
URL: https://github.com/aws/aws-nitro-enclaves-cli
|
||||
ExclusiveArch: aarch64 x86_64
|
||||
Patch0: %name.patch
|
||||
Source0: %name-%version.tar.xz
|
||||
Source1: vendor.tar.xz
|
||||
Source3: aws-nitro-enclaves-cli-rpmlintrc
|
||||
Source9: aws-nitro-enclaves-sdk-bootstrap-f718dea60a9d9bb8b8682fd852ad793912f3c5db.tar.xz
|
||||
Patch0: %name.patch
|
||||
Patch1: 0001-nitro-enclaves-allocator.service-drop-in-autoload-ke.patch
|
||||
Requires(pre): system-group-%ne_system_group = %version-%release
|
||||
Requires(post): coreutils
|
||||
Requires: aws-nitro-enclaves-binaryblobs
|
||||
@@ -132,6 +133,10 @@ cp -aviLt "$_" \
|
||||
bootstrap/nitro-enclaves-allocator.service \
|
||||
vsock_proxy/service/nitro-enclaves-vsock-proxy.service \
|
||||
%nil
|
||||
mkdir -vp '%buildroot%_unitdir/nitro-enclaves-allocator.service.d'
|
||||
cp -aviLt "$_" \
|
||||
bootstrap/10-autoload-module.conf \
|
||||
%nil
|
||||
mkdir -vp '%buildroot%_bindir'
|
||||
cp -aviLt "$_" \
|
||||
target/${dir}/nitro-cli \
|
||||
@@ -162,6 +167,10 @@ _EOC_
|
||||
%endif
|
||||
gcc -Wall %optflags -static -o "${blobs}/init" init.c
|
||||
|
||||
# The tool needs just the header comment to add version info to the image
|
||||
# Yes, really.
|
||||
sed -i '4,$d' "${blobs}"/*Image.config
|
||||
|
||||
mkdir -vp '%buildroot%_tmpfilesdir'
|
||||
tee '%buildroot%_tmpfilesdir/%name.conf' <<_EOF_
|
||||
d %{ne_rundir} 0775 root %ne_system_group
|
||||
@@ -169,7 +178,7 @@ _EOF_
|
||||
|
||||
mkdir -vp '%buildroot%_udevrulesdir'
|
||||
tee '%buildroot%_udevrulesdir/%name.conf' <<'_EOF_'
|
||||
KERNEL=="nitro_enclaves", SUBSYSTEM=="misc", OWNER="root", GROUP="%{ne_group}", MODE="0660", TAG+="systemd"
|
||||
KERNEL=="nitro_enclaves", SUBSYSTEM=="misc", OWNER="root", GROUP="%{ne_system_group}", MODE="0660", TAG+="systemd"
|
||||
_EOF_
|
||||
|
||||
suc='system-group-%ne_system_group.conf'
|
||||
@@ -223,6 +232,8 @@ chown -v '0:%ne_system_group' "${ld}"
|
||||
%_tmpfilesdir/%name.conf
|
||||
%_udevrulesdir/%name.conf
|
||||
%_unitdir/nitro-enclaves-allocator.service
|
||||
%dir %_unitdir/nitro-enclaves-allocator.service.d
|
||||
%_unitdir/nitro-enclaves-allocator.service.d/10-autoload-module.conf
|
||||
%_unitdir/nitro-enclaves-vsock-proxy.service
|
||||
|
||||
%files -n aws-nitro-enclaves-binaryblobs-upstream
|
||||
|
||||
BIN
vendor.tar.xz
LFS
BIN
vendor.tar.xz
LFS
Binary file not shown.
Reference in New Issue
Block a user