# # spec file for package aws-nitro-enclaves-cli # # Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define ne_system_group ne %define ne_rundir %_rundir/nitro_enclaves Name: aws-nitro-enclaves-cli Version: 1.1.0~git8.a46465e Release: 0 Summary: Tools for managing enclaves License: Apache-2.0 Url: https://github.com/aws/aws-nitro-enclaves-cli ExclusiveArch: aarch64 x86_64 Patch0: %name.patch Source0: %name-%version.tar.xz Source1: vendor.tar.xz Source2: cargo_config Requires(pre): system-group-%ne_system_group = %version-%release Requires: aws-nitro-enclaves-binaryblobs Requires: jq BuildRequires: cargo > 1.44 BuildRequires: clang BuildRequires: glibc-devel-static BuildRequires: openssl-devel BuildRequires: rust > 1.44 BuildRequires: systemd-rpm-macros BuildRequires: sysuser-tools %description A collection of tools and commands used for managing the lifecycle of enclaves. The Nitro CLI needs to be installed on the parent instance, and it can be used to start, manage, and terminate enclaves. %package -n aws-nitro-enclaves-binaryblobs-upstream Summary: Upstream kernel binary for AWS Nitro Enclaves Provides: aws-nitro-enclaves-binaryblobs = %version-%release %description -n aws-nitro-enclaves-binaryblobs-upstream This package contains a kernel binary and a helper binary, which is used by the nitro-cli build-enclave command to generate a Enclave Image File. %package -n system-group-%ne_system_group Summary: System group %ne_system_group for AWS Nitro Enclaves %?sysusers_requires %description -n system-group-%ne_system_group System group %ne_system_group for Nitro Enclaves. %prep %autosetup -p1 -a1 %build %install mkdir .cargo cp %{SOURCE2} .cargo/config %if 0%{?__debug_package} rustflags='-Clink-arg=-Wl,-z,relro,-z,now -C debuginfo=2' release= dir='debug' %else rustflags='-Clink-arg=-Wl,-z,relro,-z,now -C debuginfo=0' release='--release' dir='release' %endif RUSTFLAGS="${rustflags}" cargo build ${release} --manifest-path=./Cargo.toml RUSTFLAGS="${rustflags}" cargo build ${release} --manifest-path=./vsock_proxy/Cargo.toml mkdir -vp '%buildroot%_unitdir' cp -aviLt "$_" \ bootstrap/nitro-enclaves-allocator.service \ vsock_proxy/service/nitro-enclaves-vsock-proxy.service \ %nil mkdir -vp '%buildroot%_bindir' cp -aviLt "$_" \ target/${dir}/nitro-cli \ target/${dir}/vsock-proxy \ bootstrap/nitro-enclaves-allocator \ bootstrap/nitro-cli-config \ %nil mkdir -vp '%buildroot%_sysconfdir/nitro_enclaves' cp -aviLt "$_" \ bootstrap/allocator.yaml \ %nil d='%buildroot%_datadir/nitro_enclaves' mkdir -vp "${d}" cp -aviLt "$_" \ vsock_proxy/configs/vsock-proxy.yaml \ %nil blobs="${d}/blobs" mkdir -vp "${blobs}" %ifarch aarch64 cp -aviLt "${blobs}" blobs/aarch64/* tee "${blobs}/cmdline" <<'_EOC_' reboot=k panic=3 pci=off nomodules console=ttyS0 random.trust_cpu=on root=/dev/ram0 _EOC_ %endif %ifarch x86_64 cp -aviLt "${blobs}" blobs/x86_64/* tee "${blobs}/cmdline" <<'_EOC_' reboot=k panic=3 pci=off nomodules console=ttyS0 i8042.noaux i8042.nomux i8042.nopnp i8042.dumbkbd random.trust_cpu=on _EOC_ %endif gcc -Wall %optflags -static -o "${blobs}/init" init.c mkdir -vp '%buildroot%_tmpfilesdir' tee '%buildroot%_tmpfilesdir/%name.conf' <<_EOF_ d %{ne_rundir} 0775 root %ne_system_group _EOF_ mkdir -vp '%buildroot%_udevrulesdir' tee '%buildroot%_udevrulesdir/%name.conf' <<'_EOF_' KERNEL=="nitro_enclaves", SUBSYSTEM=="misc", OWNER="root", GROUP="%{ne_group}", MODE="0660", TAG+="systemd" _EOF_ suc='system-group-%ne_system_group.conf' tee "${suc}" <<'_EOC_' g %ne_system_group - _EOC_ mkdir -p '%buildroot%_sysusersdir' cp -aviLt "$_" "${suc}" %sysusers_generate_pre "${suc}" system-group-%ne_system_group %files -n system-group-%ne_system_group %_sysusersdir/*.conf %pre -n system-group-%ne_system_group -f system-group-%ne_system_group.pre %service_add_pre nitro-enclaves-allocator.service nitro-enclaves-vsock-proxy.service %post %tmpfiles_create %_tmpfilesdir/%name.conf ld='/var/log/nitro_enclaves' mkdir -vp "${ld}" chmod -v 0770 "${ld}" chown -v '0:%ne_system_group' "${ld}" %udev_rules_update %service_add_post nitro-enclaves-allocator.service nitro-enclaves-vsock-proxy.service %preun %service_del_preun nitro-enclaves-allocator.service nitro-enclaves-vsock-proxy.service %postun %service_del_postun_without_restart nitro-enclaves-allocator.service nitro-enclaves-vsock-proxy.service %files %doc README.md %doc docs/image_signing.md %license LICENSE %license THIRD_PARTY_LICENSES %license THIRD_PARTY_LICENSES*.html %dir %_datadir/nitro_enclaves %config(noreplace) %_sysconfdir/nitro_enclaves %_bindir/* %_datadir/nitro_enclaves/vsock-proxy.yaml %_tmpfilesdir/%name.conf %_udevrulesdir/%name.conf %_unitdir/nitro-enclaves-allocator.service %_unitdir/nitro-enclaves-vsock-proxy.service %files -n aws-nitro-enclaves-binaryblobs-upstream %dir %_datadir/nitro_enclaves %_datadir/nitro_enclaves/blobs %changelog