# keylime-agent-rust.spec # Generated by rust2rpm 20 # missing dev-dependencies: wiremock %bcond_with check %global crate keylime_agent %global crate_version 0.1.0 %global commit ceda2ecb1e903e502f5d93ef0361c5e724abee85 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %global commitdate 20220523 # Modified specially for the demo %global bundled_rust_deps 1 %ifarch armv7hl # drop debuginfo generation for armv7hl OOM problems %global rustflags_debuginfo 0 %endif Name: keylime-agent-rust Version: %{crate_version}~%{commitdate}git%{shortcommit} Release: 1%{?dist} Summary: Rust agent for Keylime # Upstream license specification: Apache-2.0 # # The build dependencies have the following licenses: # # 0BSD or MIT or ASL 2.0 # ASL 2.0 # ASL 2.0 or Boost # ASL 2.0 or MIT # ASL 2.0 with exceptions # BSD # MIT # MIT or ASL 2.0 # MIT or ASL 2.0 or zlib # MIT or zlib or ASL 2.0 # Unlicense or MIT # zlib or ASL 2.0 or MIT # License: ASL 2.0 and BSD and MIT URL: https://github.com/keylime/rust-keylime/ # The source tarball is downloaded using the following commands: # spectool -g keylime-agent-rust.spec Source0: %{url}/archive/%{commit}/rust-keylime-%{version}.tar.gz # The vendor tarball is created using cargo vendor: # tar xf rust-keylime-%%{version}.tar.gz # cd rust-keylime-%%{version} # cargo vendor # tar jcf rust-keylime-%%{version}-vendor.tar.xz vendor Source1: rust-keylime-%{version}-vendor.tar.xz Patch0: rust-keylime-fix-metadata.diff ExclusiveArch: %{rust_arches} Requires: tpm2-tss # The keylime-base package provides the configuration file from the python # implementation which ca be used for the rust implementation. It is available # from Fedora 36 Requires: keylime-base BuildRequires: systemd BuildRequires: cargo BuildRequires: rust BuildRequires: rustfmt BuildRequires: openssl-devel BuildRequires: libarchive-devel BuildRequires: tpm2-tss-devel BuildRequires: zeromq-devel BuildRequires: rust-packaging >= 21-2 # Virtual Provides to support swapping between Python and Rust implementation Provides: keylime-agent Conflicts: keylime-agent Provides: bundled(crate(actix-codec)) = 0.5.0 Provides: bundled(crate(actix-http)) = 3.0.4 Provides: bundled(crate(actix-macros)) = 0.2.3 Provides: bundled(crate(actix-router)) = 0.5.0 Provides: bundled(crate(actix-rt)) = 2.6.0 Provides: bundled(crate(actix-server)) = 2.0.0 Provides: bundled(crate(actix-service)) = 2.0.2 Provides: bundled(crate(actix-tls)) = 3.0.3 Provides: bundled(crate(actix-utils)) = 3.0.0 Provides: bundled(crate(actix-web)) = 4.0.1 Provides: bundled(crate(actix-web-codegen)) = 4.0.0 Provides: bundled(crate(adler)) = 1.0.2 Provides: bundled(crate(ahash)) = 0.4.7 Provides: bundled(crate(ahash)) = 0.7.6 Provides: bundled(crate(aho-corasick)) = 0.7.18 Provides: bundled(crate(alloc-no-stdlib)) = 2.0.3 Provides: bundled(crate(alloc-stdlib)) = 0.2.1 Provides: bundled(crate(anyhow)) = 1.0.53 Provides: bundled(crate(arrayvec)) = 0.5.2 Provides: bundled(crate(assert-json-diff)) = 2.0.1 Provides: bundled(crate(async-channel)) = 1.6.1 Provides: bundled(crate(async-trait)) = 0.1.52 Provides: bundled(crate(atty)) = 0.2.14 Provides: bundled(crate(autocfg)) = 1.1.0 Provides: bundled(crate(base64)) = 0.13.0 Provides: bundled(crate(bitfield)) = 0.13.2 Provides: bundled(crate(bitflags)) = 1.3.2 Provides: bundled(crate(block-buffer)) = 0.10.2 Provides: bundled(crate(brotli)) = 3.3.3 Provides: bundled(crate(brotli-decompressor)) = 2.3.2 Provides: bundled(crate(bumpalo)) = 3.9.1 Provides: bundled(crate(bytes)) = 1.1.0 Provides: bundled(crate(bytestring)) = 1.0.0 Provides: bundled(crate(cache-padded)) = 1.2.0 Provides: bundled(crate(cc)) = 1.0.72 Provides: bundled(crate(cfg-if)) = 1.0.0 Provides: bundled(crate(clap)) = 3.0.14 Provides: bundled(crate(clap_derive)) = 3.0.14 Provides: bundled(crate(compress-tools)) = 0.12.2 Provides: bundled(crate(concurrent-queue)) = 1.2.2 Provides: bundled(crate(config)) = 0.10.1 Provides: bundled(crate(convert_case)) = 0.4.0 Provides: bundled(crate(cookie)) = 0.16.0 Provides: bundled(crate(core-foundation)) = 0.9.3 Provides: bundled(crate(core-foundation-sys)) = 0.8.3 Provides: bundled(crate(cpufeatures)) = 0.2.1 Provides: bundled(crate(crc32fast)) = 1.3.2 Provides: bundled(crate(crossbeam-queue)) = 0.3.4 Provides: bundled(crate(crossbeam-utils)) = 0.8.7 Provides: bundled(crate(crypto-common)) = 0.1.3 Provides: bundled(crate(deadpool)) = 0.7.0 Provides: bundled(crate(derive_more)) = 0.99.17 Provides: bundled(crate(digest)) = 0.10.3 Provides: bundled(crate(dlv-list)) = 0.2.3 Provides: bundled(crate(encoding_rs)) = 0.8.30 Provides: bundled(crate(enumflags2)) = 0.7.3 Provides: bundled(crate(enumflags2_derive)) = 0.7.3 Provides: bundled(crate(env_logger)) = 0.7.1 Provides: bundled(crate(error-chain)) = 0.10.0 Provides: bundled(crate(event-listener)) = 2.5.2 Provides: bundled(crate(fastrand)) = 1.7.0 Provides: bundled(crate(firestorm)) = 0.5.0 Provides: bundled(crate(flate2)) = 1.0.22 Provides: bundled(crate(fnv)) = 1.0.7 Provides: bundled(crate(foreign-types)) = 0.3.2 Provides: bundled(crate(foreign-types-shared)) = 0.1.1 Provides: bundled(crate(form_urlencoded)) = 1.0.1 Provides: bundled(crate(futures)) = 0.3.21 Provides: bundled(crate(futures-channel)) = 0.3.21 Provides: bundled(crate(futures-core)) = 0.3.21 Provides: bundled(crate(futures-executor)) = 0.3.21 Provides: bundled(crate(futures-io)) = 0.3.21 Provides: bundled(crate(futures-lite)) = 1.12.0 Provides: bundled(crate(futures-macro)) = 0.3.21 Provides: bundled(crate(futures-sink)) = 0.3.21 Provides: bundled(crate(futures-task)) = 0.3.21 Provides: bundled(crate(futures-timer)) = 3.0.2 Provides: bundled(crate(futures-util)) = 0.3.21 Provides: bundled(crate(generic-array)) = 0.14.5 Provides: bundled(crate(getrandom)) = 0.1.16 Provides: bundled(crate(getrandom)) = 0.2.4 Provides: bundled(crate(h2)) = 0.3.11 Provides: bundled(crate(hamming)) = 0.1.3 Provides: bundled(crate(hashbrown)) = 0.9.1 Provides: bundled(crate(hashbrown)) = 0.11.2 Provides: bundled(crate(heck)) = 0.4.0 Provides: bundled(crate(hermit-abi)) = 0.1.19 Provides: bundled(crate(hex)) = 0.4.3 Provides: bundled(crate(hostname-validator)) = 1.1.0 Provides: bundled(crate(http)) = 0.2.6 Provides: bundled(crate(http-body)) = 0.4.4 Provides: bundled(crate(http-types)) = 2.12.0 Provides: bundled(crate(httparse)) = 1.6.0 Provides: bundled(crate(httpdate)) = 1.0.2 Provides: bundled(crate(humantime)) = 1.3.0 Provides: bundled(crate(hyper)) = 0.14.17 Provides: bundled(crate(hyper-tls)) = 0.5.0 Provides: bundled(crate(idna)) = 0.2.3 Provides: bundled(crate(indexmap)) = 1.8.0 Provides: bundled(crate(infer)) = 0.2.3 Provides: bundled(crate(instant)) = 0.1.12 Provides: bundled(crate(ipnet)) = 2.3.1 Provides: bundled(crate(itoa)) = 1.0.1 Provides: bundled(crate(jobserver)) = 0.1.24 Provides: bundled(crate(js-sys)) = 0.3.56 Provides: bundled(crate(keylime_agent)) = 0.1.0 Provides: bundled(crate(language-tags)) = 0.3.2 Provides: bundled(crate(lazy_static)) = 1.4.0 Provides: bundled(crate(lexical-core)) = 0.7.6 Provides: bundled(crate(libc)) = 0.2.118 Provides: bundled(crate(local-channel)) = 0.1.2 Provides: bundled(crate(local-waker)) = 0.1.2 Provides: bundled(crate(lock_api)) = 0.4.6 Provides: bundled(crate(log)) = 0.4.14 Provides: bundled(crate(matches)) = 0.1.9 Provides: bundled(crate(mbox)) = 0.6.0 Provides: bundled(crate(memchr)) = 2.4.1 Provides: bundled(crate(metadeps)) = 1.1.2 Provides: bundled(crate(mime)) = 0.3.16 Provides: bundled(crate(miniz_oxide)) = 0.4.4 Provides: bundled(crate(mio)) = 0.7.14 Provides: bundled(crate(mio)) = 0.8.2 Provides: bundled(crate(miow)) = 0.3.7 Provides: bundled(crate(native-tls)) = 0.2.8 Provides: bundled(crate(nom)) = 5.1.2 Provides: bundled(crate(ntapi)) = 0.3.7 Provides: bundled(crate(num-derive)) = 0.3.3 Provides: bundled(crate(num-integer)) = 0.1.44 Provides: bundled(crate(num-traits)) = 0.2.14 Provides: bundled(crate(num_cpus)) = 1.13.1 Provides: bundled(crate(num_threads)) = 0.1.5 Provides: bundled(crate(once_cell)) = 1.9.0 Provides: bundled(crate(openssl)) = 0.10.38 Provides: bundled(crate(openssl-probe)) = 0.1.5 Provides: bundled(crate(openssl-sys)) = 0.9.72 Provides: bundled(crate(ordered-multimap)) = 0.3.1 Provides: bundled(crate(os_str_bytes)) = 6.0.0 Provides: bundled(crate(parking)) = 2.0.0 Provides: bundled(crate(parking_lot)) = 0.11.2 Provides: bundled(crate(parking_lot_core)) = 0.8.5 Provides: bundled(crate(paste)) = 1.0.7 Provides: bundled(crate(percent-encoding)) = 2.1.0 Provides: bundled(crate(pest)) = 2.1.3 Provides: bundled(crate(pin-project-lite)) = 0.2.8 Provides: bundled(crate(pin-utils)) = 0.1.0 Provides: bundled(crate(pkg-config)) = 0.3.24 Provides: bundled(crate(ppv-lite86)) = 0.2.16 Provides: bundled(crate(pretty_env_logger)) = 0.4.0 Provides: bundled(crate(primal)) = 0.3.0 Provides: bundled(crate(primal-bit)) = 0.3.0 Provides: bundled(crate(primal-check)) = 0.3.1 Provides: bundled(crate(primal-estimate)) = 0.3.1 Provides: bundled(crate(primal-sieve)) = 0.3.1 Provides: bundled(crate(proc-macro-error)) = 1.0.4 Provides: bundled(crate(proc-macro-error-attr)) = 1.0.4 Provides: bundled(crate(proc-macro2)) = 1.0.36 Provides: bundled(crate(quick-error)) = 1.2.3 Provides: bundled(crate(quote)) = 1.0.15 Provides: bundled(crate(rand)) = 0.7.3 Provides: bundled(crate(rand)) = 0.8.5 Provides: bundled(crate(rand_chacha)) = 0.2.2 Provides: bundled(crate(rand_chacha)) = 0.3.1 Provides: bundled(crate(rand_core)) = 0.5.1 Provides: bundled(crate(rand_core)) = 0.6.3 Provides: bundled(crate(rand_hc)) = 0.2.0 Provides: bundled(crate(redox_syscall)) = 0.2.10 Provides: bundled(crate(regex)) = 1.5.4 Provides: bundled(crate(regex-syntax)) = 0.6.25 Provides: bundled(crate(remove_dir_all)) = 0.5.3 Provides: bundled(crate(reqwest)) = 0.11.10 Provides: bundled(crate(rust-ini)) = 0.17.0 Provides: bundled(crate(rustc-serialize)) = 0.3.24 Provides: bundled(crate(rustc_version)) = 0.3.3 Provides: bundled(crate(rustc_version)) = 0.4.0 Provides: bundled(crate(ryu)) = 1.0.9 Provides: bundled(crate(schannel)) = 0.1.19 Provides: bundled(crate(scopeguard)) = 1.1.0 Provides: bundled(crate(security-framework)) = 2.6.1 Provides: bundled(crate(security-framework-sys)) = 2.6.1 Provides: bundled(crate(semver)) = 0.11.0 Provides: bundled(crate(semver)) = 1.0.5 Provides: bundled(crate(semver-parser)) = 0.10.2 Provides: bundled(crate(serde)) = 1.0.136 Provides: bundled(crate(serde_derive)) = 1.0.136 Provides: bundled(crate(serde_json)) = 1.0.79 Provides: bundled(crate(serde_qs)) = 0.8.5 Provides: bundled(crate(serde_urlencoded)) = 0.7.1 Provides: bundled(crate(sha-1)) = 0.10.0 Provides: bundled(crate(signal-hook-registry)) = 1.4.0 Provides: bundled(crate(slab)) = 0.4.5 Provides: bundled(crate(smallvec)) = 1.8.0 Provides: bundled(crate(socket2)) = 0.4.4 Provides: bundled(crate(stable_deref_trait)) = 1.2.0 Provides: bundled(crate(static_assertions)) = 1.1.0 Provides: bundled(crate(strsim)) = 0.10.0 Provides: bundled(crate(syn)) = 1.0.86 Provides: bundled(crate(synstructure)) = 0.12.6 Provides: bundled(crate(target-lexicon)) = 0.12.3 Provides: bundled(crate(tempfile)) = 3.3.0 Provides: bundled(crate(termcolor)) = 1.1.2 Provides: bundled(crate(textwrap)) = 0.14.2 Provides: bundled(crate(thiserror)) = 1.0.30 Provides: bundled(crate(thiserror-impl)) = 1.0.30 Provides: bundled(crate(time)) = 0.3.9 Provides: bundled(crate(time-macros)) = 0.2.4 Provides: bundled(crate(tinyvec)) = 1.5.1 Provides: bundled(crate(tinyvec_macros)) = 0.1.0 Provides: bundled(crate(tokio)) = 1.16.1 Provides: bundled(crate(tokio-macros)) = 1.7.0 Provides: bundled(crate(tokio-native-tls)) = 0.3.0 Provides: bundled(crate(tokio-openssl)) = 0.6.3 Provides: bundled(crate(tokio-util)) = 0.6.9 Provides: bundled(crate(tokio-util)) = 0.7.1 Provides: bundled(crate(toml)) = 0.2.1 Provides: bundled(crate(tower-service)) = 0.3.1 Provides: bundled(crate(tracing)) = 0.1.30 Provides: bundled(crate(tracing-attributes)) = 0.1.20 Provides: bundled(crate(tracing-core)) = 0.1.22 Provides: bundled(crate(try-lock)) = 0.2.3 Provides: bundled(crate(tss-esapi)) = 7.0.0 Provides: bundled(crate(tss-esapi-sys)) = 0.3.0 Provides: bundled(crate(typenum)) = 1.15.0 Provides: bundled(crate(ucd-trie)) = 0.1.3 Provides: bundled(crate(unicode-bidi)) = 0.3.7 Provides: bundled(crate(unicode-normalization)) = 0.1.19 Provides: bundled(crate(unicode-xid)) = 0.2.2 Provides: bundled(crate(url)) = 2.2.2 Provides: bundled(crate(uuid)) = 0.8.2 Provides: bundled(crate(vcpkg)) = 0.2.15 Provides: bundled(crate(version_check)) = 0.9.4 Provides: bundled(crate(waker-fn)) = 1.1.0 Provides: bundled(crate(want)) = 0.3.0 Provides: bundled(crate(wasi)) = 0.9.0 Provides: bundled(crate(wasi)) = 0.10.2 Provides: bundled(crate(wasi)) = 0.11.0 Provides: bundled(crate(wasm-bindgen)) = 0.2.79 Provides: bundled(crate(wasm-bindgen-backend)) = 0.2.79 Provides: bundled(crate(wasm-bindgen-futures)) = 0.4.29 Provides: bundled(crate(wasm-bindgen-macro)) = 0.2.79 Provides: bundled(crate(wasm-bindgen-macro-support)) = 0.2.79 Provides: bundled(crate(wasm-bindgen-shared)) = 0.2.79 Provides: bundled(crate(web-sys)) = 0.3.56 Provides: bundled(crate(winapi)) = 0.3.9 Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0 Provides: bundled(crate(winapi-util)) = 0.1.5 Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0 Provides: bundled(crate(winreg)) = 0.10.1 Provides: bundled(crate(wiremock)) = 0.5.10 Provides: bundled(crate(zeroize)) = 1.5.2 Provides: bundled(crate(zeroize_derive)) = 1.3.1 Provides: bundled(crate(zmq)) = 0.9.2 Provides: bundled(crate(zmq-sys)) = 0.11.0 Provides: bundled(crate(zstd)) = 0.10.0 Provides: bundled(crate(zstd-safe)) = 4.1.4 Provides: bundled(crate(zstd-sys)) = 1.6.3 %description Rust agent for Keylime %prep %autosetup -N -n rust-keylime-%{commit} %cargo_prep # This is added after cargo_prep to override sources with the vendored ones %if 0%{?bundled_rust_deps} # Extract vendored dependencies cd %{_builddir}/rust-keylime-%{commit} tar -xf %{SOURCE1} %endif %autopatch -p1 %if !0%{?bundled_rust_deps} %generate_buildrequires %cargo_generate_buildrequires %endif # Sometimes Rust sources start with #![...] attributes, and "smart" editors think # it's a shebang and make them executable. Then brp-mangle-shebangs gets upset... find -name '*.rs' -type f -perm /111 -exec chmod -v -x '{}' '+' %build %cargo_build %install %cargo_install mkdir -p %{buildroot}/%{_sharedstatedir}/keylime mkdir -p --mode=0700 %{buildroot}/%{_rundir}/keylime mkdir -p --mode=0700 %{buildroot}/%{_localstatedir}/log/keylime mkdir -p --mode=0700 %{buildroot}/%{_libexecdir}/keylime # Setting up the agent to use keylime user/group. sed -e 's/^run_as.*/run_as = keylime:keylime/g' -i keylime.conf install -Dpm 644 ./dist/systemd/system/keylime_agent.service \ %{buildroot}%{_unitdir}/keylime_agent.service install -Dpm 644 ./dist/systemd/system/var-lib-keylime-secure.mount \ %{buildroot}%{_unitdir}/var-lib-keylime-secure.mount install -Dpm 755 ./tests/actions/shim.py \ %{buildroot}%{_libexecdir}/keylime/shim.py %pre getent group keylime >/dev/null || groupadd -r keylime &>/dev/null getent passwd keylime >/dev/null || \ useradd -r -g keylime -d %{_localstatedir}/lib/keylime -s /usr/sbin/nologin \ -c "Keylime agent unprivileged user" keylime &>/dev/null # Add keylime user to tss group. if getent group tss >/dev/null && ! groups keylime | grep -q "\btss\b"; then usermod -a -G tss keylime &>/dev/null fi %preun %systemd_preun keylime_agent.service %postun %systemd_postun_with_restart keylime_agent.service %files %license LICENSE %doc README.md %{_unitdir}/keylime_agent.service %{_unitdir}/var-lib-keylime-secure.mount %attr(700,keylime,keylime) %dir %{_rundir}/keylime %attr(700,keylime,keylime) %dir %{_localstatedir}/log/keylime %attr(700,keylime,keylime) %{_sharedstatedir}/keylime %{_bindir}/keylime_agent %{_bindir}/keylime_ima_emulator %{_libexecdir}/keylime/shim.py %if %{with check} %check %cargo_test %endif %changelog * Tue May 24 2022 Anderson Toshiyuki Sasaki - 0.1.0~20220523gitceda2ec-1 - Update to current master * Tue May 10 2022 Anderson Toshiyuki Sasaki - 0.1.0~20220505gitb869a6a-2 - Use configuration file from keylime-base - Add provides for bundled crates * Thu May 05 2022 Anderson Toshiyuki Sasaki - 0.1.0~20220505gitb869a6a-1 - Special packaging for Copr * Mon Jan 24 2022 Daiki Ueno - 0.1.0~20211110gitd5a3191-1 - Initial package