Olaf Hering
a9abe1d2d5
OBS-URL: https://build.opensuse.org/package/show/Cloud:Tools/aws-nitro-enclaves-cli?expand=0&rev=2
166 lines
5.0 KiB
RPMSpec
166 lines
5.0 KiB
RPMSpec
#
|
|
# spec file for package aws-nitro-enclaves-cli
|
|
#
|
|
# Copyright (c) 2021 SUSE LLC
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
%define ne_system_group ne
|
|
%define ne_rundir %_rundir/nitro_enclaves
|
|
|
|
|
|
Name: aws-nitro-enclaves-cli
|
|
Version: 1.1.0~git8.a46465e
|
|
Release: 0
|
|
Summary: Tools for managing enclaves
|
|
License: Apache-2.0
|
|
Url: https://github.com/aws/aws-nitro-enclaves-cli
|
|
ExclusiveArch: aarch64 x86_64
|
|
Patch0: %name.patch
|
|
Source0: %name-%version.tar.xz
|
|
Source1: vendor.tar.xz
|
|
Source2: cargo_config
|
|
Requires(pre): system-group-%ne_system_group = %version-%release
|
|
Requires: aws-nitro-enclaves-binaryblobs
|
|
BuildRequires: cargo > 1.44
|
|
BuildRequires: clang
|
|
BuildRequires: glibc-devel-static
|
|
BuildRequires: openssl-devel
|
|
BuildRequires: rust > 1.44
|
|
BuildRequires: systemd-rpm-macros
|
|
BuildRequires: sysuser-tools
|
|
|
|
%description
|
|
A collection of tools and commands used for managing the lifecycle of
|
|
enclaves. The Nitro CLI needs to be installed on the parent instance,
|
|
and it can be used to start, manage, and terminate enclaves.
|
|
|
|
%package -n aws-nitro-enclaves-binaryblobs-upstream
|
|
Summary: Upstream kernel binary for AWS Nitro Enclaves
|
|
Provides: aws-nitro-enclaves-binaryblobs = %version-%release
|
|
%description -n aws-nitro-enclaves-binaryblobs-upstream
|
|
This package contains a kernel binary and a helper binary, which is
|
|
used by the nitro-cli build-enclave command to generate a Enclave
|
|
Image File.
|
|
|
|
%package -n system-group-%ne_system_group
|
|
Summary: System group %ne_system_group for AWS Nitro Enclaves
|
|
%?sysusers_requires
|
|
|
|
%description -n system-group-%ne_system_group
|
|
System group %ne_system_group for Nitro Enclaves.
|
|
|
|
%prep
|
|
%autosetup -p1 -a1
|
|
|
|
%build
|
|
%install
|
|
mkdir .cargo
|
|
cp %{SOURCE2} .cargo/config
|
|
%if 0%{?__debug_package}
|
|
rustflags='-Clink-arg=-Wl,-z,relro,-z,now -C debuginfo=2'
|
|
release=
|
|
dir='debug'
|
|
%else
|
|
rustflags='-Clink-arg=-Wl,-z,relro,-z,now -C debuginfo=0'
|
|
release='--release'
|
|
dir='release'
|
|
%endif
|
|
RUSTFLAGS="${rustflags}" cargo build ${release} --manifest-path=./Cargo.toml
|
|
RUSTFLAGS="${rustflags}" cargo build ${release} --manifest-path=./vsock_proxy/Cargo.toml
|
|
|
|
mkdir -vp '%buildroot%_unitdir'
|
|
cp -aviLt "$_" \
|
|
bootstrap/nitro-enclaves-allocator.service \
|
|
%nil
|
|
mkdir -vp '%buildroot%_bindir'
|
|
cp -aviLt "$_" \
|
|
target/${dir}/nitro-cli \
|
|
target/${dir}/vsock-proxy \
|
|
bootstrap/nitro-enclaves-allocator \
|
|
bootstrap/nitro-cli-config \
|
|
%nil
|
|
mkdir -vp '%buildroot%_sysconfdir/nitro_enclaves'
|
|
cp -aviLt "$_" \
|
|
bootstrap/allocator.yaml \
|
|
%nil
|
|
|
|
blobs='%buildroot%_datadir/nitro_enclaves/blobs'
|
|
mkdir -vp "${blobs}"
|
|
%ifarch aarch64
|
|
cp -aviLt "${blobs}" blobs/aarch64/*
|
|
tee "${blobs}/cmdline" <<'_EOC_'
|
|
reboot=k panic=3 pci=off nomodules console=ttyS0 random.trust_cpu=on root=/dev/ram0
|
|
_EOC_
|
|
%endif
|
|
%ifarch x86_64
|
|
cp -aviLt "${blobs}" blobs/x86_64/*
|
|
tee "${blobs}/cmdline" <<'_EOC_'
|
|
reboot=k panic=3 pci=off nomodules console=ttyS0 i8042.noaux i8042.nomux i8042.nopnp i8042.dumbkbd random.trust_cpu=on
|
|
_EOC_
|
|
%endif
|
|
gcc -Wall %optflags -static -o "${blobs}/init" init.c
|
|
|
|
mkdir -vp '%buildroot%_tmpfilesdir'
|
|
tee '%buildroot%_tmpfilesdir/%name.conf' <<_EOF_
|
|
d %{ne_rundir} 0775 root %ne_system_group
|
|
_EOF_
|
|
|
|
mkdir -vp '%buildroot%_udevrulesdir'
|
|
tee '%buildroot%_udevrulesdir/%name.conf' <<'_EOF_'
|
|
KERNEL=="nitro_enclaves", SUBSYSTEM=="misc", OWNER="root", GROUP="%{ne_group}", MODE="0660", TAG+="systemd"
|
|
_EOF_
|
|
|
|
suc='system-group-%ne_system_group.conf'
|
|
tee "${suc}" <<'_EOC_'
|
|
g %ne_system_group -
|
|
_EOC_
|
|
mkdir -p '%buildroot%_sysusersdir'
|
|
cp -aviLt "$_" "${suc}"
|
|
%sysusers_generate_pre "${suc}" system-group-%ne_system_group
|
|
|
|
%files -n system-group-%ne_system_group
|
|
%_sysusersdir/*.conf
|
|
|
|
%pre -n system-group-%ne_system_group -f system-group-%ne_system_group.pre
|
|
%service_add_pre nitro-enclaves-allocator.service
|
|
%post
|
|
%tmpfiles_create %_tmpfilesdir/%name.conf
|
|
ld='/var/log/nitro_enclaves'
|
|
mkdir -vp "${ld}"
|
|
chmod -v 0770 "${ld}"
|
|
chown -v '0:%ne_system_group' "${ld}"
|
|
%udev_rules_update
|
|
%service_add_post nitro-enclaves-allocator.service
|
|
%preun
|
|
%service_del_preun nitro-enclaves-allocator.service
|
|
%postun
|
|
%service_del_postun_without_restart nitro-enclaves-allocator.service
|
|
|
|
%files
|
|
%doc README.md
|
|
%doc docs/image_signing.md
|
|
%license LICENSE
|
|
%license THIRD_PARTY_LICENSES
|
|
%license THIRD_PARTY_LICENSES*.html
|
|
%config(noreplace) %_sysconfdir/nitro_enclaves
|
|
%_bindir/*
|
|
%_tmpfilesdir/%name.conf
|
|
%_udevrulesdir/%name.conf
|
|
%_unitdir/nitro-enclaves-allocator.service
|
|
|
|
%files -n aws-nitro-enclaves-binaryblobs-upstream
|
|
%_datadir/nitro_enclaves
|
|
|
|
%changelog
|
|
|