From 7a1087b8d1e067f7bac60adc76107a24188abdb0a6c140c9ae075845453039f3 Mon Sep 17 00:00:00 2001 From: Olaf Hering Date: Wed, 24 Nov 2021 13:23:53 +0000 Subject: [PATCH] nitro-enclaves-vsock-proxy.service OBS-URL: https://build.opensuse.org/package/show/Cloud:Tools/aws-nitro-enclaves-cli?expand=0&rev=8 --- aws-nitro-enclaves-cli.patch | 2 +- aws-nitro-enclaves-cli.spec | 23 +++++++++++++++++------ 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/aws-nitro-enclaves-cli.patch b/aws-nitro-enclaves-cli.patch index 923e336..6d1b863 100644 --- a/aws-nitro-enclaves-cli.patch +++ b/aws-nitro-enclaves-cli.patch @@ -4,7 +4,7 @@ StandardOutput=journal StandardError=journal SyslogIdentifier=vsock-proxy -+Environment=VSOCK_PROXY_CONFIG=/etc/nitro_enclaves/vsock-proxy.yaml ++Environment=VSOCK_PROXY_CONFIG=/usr/share/nitro_enclaves/vsock-proxy.yaml ExecStart=/bin/bash -ce "TOKEN=$(curl --silent -X PUT \"http://169.254.169.254/latest/api/token\" -H \"X-aws-ec2-metadata-token-ttl-seconds: 21600\") ; \ REGION=$(curl --silent -H \"X-aws-ec2-metadata-token: $TOKEN\" http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region) ; \ [ -z \"$REGION\" ] && REGION=$(curl --silent http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region) ; \ diff --git a/aws-nitro-enclaves-cli.spec b/aws-nitro-enclaves-cli.spec index 784a908..3a9d659 100644 --- a/aws-nitro-enclaves-cli.spec +++ b/aws-nitro-enclaves-cli.spec @@ -31,6 +31,7 @@ Source1: vendor.tar.xz Source2: cargo_config Requires(pre): system-group-%ne_system_group = %version-%release Requires: aws-nitro-enclaves-binaryblobs +Requires: jq BuildRequires: cargo > 1.44 BuildRequires: clang BuildRequires: glibc-devel-static @@ -81,6 +82,7 @@ RUSTFLAGS="${rustflags}" cargo build ${release} --manifest-path=./vsock_proxy/Ca mkdir -vp '%buildroot%_unitdir' cp -aviLt "$_" \ bootstrap/nitro-enclaves-allocator.service \ + vsock_proxy/service/nitro-enclaves-vsock-proxy.service \ %nil mkdir -vp '%buildroot%_bindir' cp -aviLt "$_" \ @@ -94,7 +96,12 @@ cp -aviLt "$_" \ bootstrap/allocator.yaml \ %nil -blobs='%buildroot%_datadir/nitro_enclaves/blobs' +d='%buildroot%_datadir/nitro_enclaves' +mkdir -vp "${d}" +cp -aviLt "$_" \ + vsock_proxy/configs/vsock-proxy.yaml \ + %nil +blobs="${d}/blobs" mkdir -vp "${blobs}" %ifarch aarch64 cp -aviLt "${blobs}" blobs/aarch64/* @@ -132,7 +139,7 @@ cp -aviLt "$_" "${suc}" %_sysusersdir/*.conf %pre -n system-group-%ne_system_group -f system-group-%ne_system_group.pre -%service_add_pre nitro-enclaves-allocator.service +%service_add_pre nitro-enclaves-allocator.service nitro-enclaves-vsock-proxy.service %post %tmpfiles_create %_tmpfilesdir/%name.conf ld='/var/log/nitro_enclaves' @@ -140,11 +147,11 @@ mkdir -vp "${ld}" chmod -v 0770 "${ld}" chown -v '0:%ne_system_group' "${ld}" %udev_rules_update -%service_add_post nitro-enclaves-allocator.service +%service_add_post nitro-enclaves-allocator.service nitro-enclaves-vsock-proxy.service %preun -%service_del_preun nitro-enclaves-allocator.service +%service_del_preun nitro-enclaves-allocator.service nitro-enclaves-vsock-proxy.service %postun -%service_del_postun_without_restart nitro-enclaves-allocator.service +%service_del_postun_without_restart nitro-enclaves-allocator.service nitro-enclaves-vsock-proxy.service %files %doc README.md @@ -152,14 +159,18 @@ chown -v '0:%ne_system_group' "${ld}" %license LICENSE %license THIRD_PARTY_LICENSES %license THIRD_PARTY_LICENSES*.html +%dir %_datadir/nitro_enclaves %config(noreplace) %_sysconfdir/nitro_enclaves %_bindir/* +%_datadir/nitro_enclaves/vsock-proxy.yaml %_tmpfilesdir/%name.conf %_udevrulesdir/%name.conf %_unitdir/nitro-enclaves-allocator.service +%_unitdir/nitro-enclaves-vsock-proxy.service %files -n aws-nitro-enclaves-binaryblobs-upstream -%_datadir/nitro_enclaves +%dir %_datadir/nitro_enclaves +%_datadir/nitro_enclaves/blobs %changelog