# Generated by rust2rpm and modified for RVPS # Follows Fedora Rust Packaging Guidelines # Uses system-packaged Rust crates (no vendoring, no network downloads) Name: trustee-rvps Version: 0.1.0 Release: 1%{?dist} Summary: Reference Value Provider Service for Trustee License: Apache-2.0 URL: https://github.com/confidential-containers/trustee Source0: https://github.com/confidential-containers/trustee/archive/refs/heads/main.tar.gz#/trustee-%{version}.tar.gz # Build dependencies - system tools BuildRequires: rust-packaging >= 25 BuildRequires: gcc BuildRequires: protobuf-compiler >= 3.15 BuildRequires: git BuildRequires: systemd-rpm-macros # Runtime dependencies Requires: glibc Requires(pre): shadow-utils Requires(post): systemd Requires(preun): systemd Requires(postun): systemd %description RVPS (Reference Value Provider Service) receives software supply chain provenances, verifies them, and provides reference values to the Attestation Service for confidential computing attestation workflows. RVPS runs as a standalone gRPC service (port 50003) that processes different provenance types and stores reference values in persistent storage (LocalFs or LocalJson). %prep %autosetup -n trustee-main # Prepare cargo environment for rvps subdirectory only # This ensures we use system-packaged Rust crates cd rvps %cargo_prep %generate_buildrequires # CRITICAL FIX: Convert workspace dependencies to direct dependencies in rvps/Cargo.toml # %generate_buildrequires runs BEFORE %prep, so we must modify rvps/Cargo.toml here! # The rvps/Cargo.toml uses workspace inheritance (e.g., anyhow.workspace = true) which # causes Cargo to scan the entire parent workspace (KBS + AS + RVPS). # We resolve workspace inheritance by replacing ".workspace = true" with actual versions. cd rvps sed -i 's/^anyhow\.workspace = true$/anyhow = "1.0"/' Cargo.toml sed -i 's/^async-trait\.workspace = true$/async-trait = "0.1.88"/' Cargo.toml sed -i 's/^base64\.workspace = true$/base64 = "0.22.1"/' Cargo.toml sed -i 's/^cfg-if\.workspace = true$/cfg-if = "1.0.0"/' Cargo.toml sed -i 's/^log\.workspace = true$/log = "0.4.28"/' Cargo.toml sed -i 's/^serde\.workspace = true$/serde = { version = "1.0", features = ["derive"] }/' Cargo.toml sed -i 's/^serde_json\.workspace = true$/serde_json = "1.0.143"/' Cargo.toml sed -i 's/^strum\.workspace = true$/strum = { version = "0.27", features = ["derive"] }/' Cargo.toml sed -i 's/^tempfile\.workspace = true$/tempfile = "3.20.0"/' Cargo.toml sed -i 's/chrono = { workspace = true, features/chrono = { version = "0.4.41", features/' Cargo.toml sed -i 's/clap = { workspace = true, optional/clap = { version = "4", features = ["derive"], optional/' Cargo.toml sed -i 's/config = { workspace = true, optional/config = { version = "0.14.1", optional/' Cargo.toml sed -i 's/env_logger = { workspace = true, optional/env_logger = { version = "0.10.0", optional/' Cargo.toml sed -i 's/prost = { workspace = true, optional/prost = { version = "0.13", optional/' Cargo.toml sed -i 's/sha2 = { workspace = true, optional/sha2 = { version = "0.10", optional/' Cargo.toml sed -i 's/shadow-rs = { workspace = true, optional/shadow-rs = { version = "1.3.0", optional/' Cargo.toml sed -i 's/tokio = { workspace = true, optional/tokio = { version = "1", features = ["full"], default-features = false, optional/' Cargo.toml sed -i 's/tonic = { workspace = true, optional/tonic = { version = "0.12", optional/' Cargo.toml sed -i 's/^shadow-rs\.workspace = true$/shadow-rs = "1.3.0"/' Cargo.toml sed -i 's/^tonic-build\.workspace = true$/tonic-build = "0.12"/' Cargo.toml sed -i 's/^assert-json-diff\.workspace = true$/assert-json-diff = "2.0.2"/' Cargo.toml sed -i 's/^rstest\.workspace = true$/rstest = "0.18.1"/' Cargo.toml sed -i 's/^serial_test\.workspace = true$/serial_test = { version = "3.2.0", features = ["async"] }/' Cargo.toml sed -i 's/^tokio\.workspace = true$/tokio = { version = "1", features = ["full"], default-features = false }/' Cargo.toml %cargo_generate_buildrequires %build cd rvps # Build using system crates (no --offline needed, no network access) %cargo_build %install # Install binaries install -D -m 0755 rvps/target/rpm/rvps %{buildroot}%{_bindir}/rvps install -D -m 0755 rvps/target/rpm/rvps-tool %{buildroot}%{_bindir}/rvps-tool # Install systemd unit install -d -m 0755 %{buildroot}%{_unitdir} cat >%{buildroot}%{_unitdir}/trustee-rvps.service <%{buildroot}%{_sysconfdir}/trustee/rvps.json </dev/null || groupadd -r trustee getent passwd trustee >/dev/null || \ useradd -r -g trustee -d %{_sharedstatedir}/trustee -s /sbin/nologin \ -c "Trustee service account" trustee exit 0 %post %systemd_post trustee-rvps.service %preun %systemd_preun trustee-rvps.service %postun %systemd_postun_with_restart trustee-rvps.service %files %license LICENSE %doc rvps/README.md %{_bindir}/rvps %{_bindir}/rvps-tool %{_unitdir}/trustee-rvps.service %config(noreplace) %{_sysconfdir}/trustee/rvps.json %dir %attr(0755,root,root) %{_sysconfdir}/trustee %dir %attr(0750,root,root) %{_sharedstatedir}/trustee %dir %attr(0750,trustee,trustee) %{_sharedstatedir}/trustee/rvps %changelog * Wed Oct 15 2025 Your Name - 0.1.0-1 - Initial package for Fedora 42 - Uses system-packaged Rust crates (follows Fedora Rust guidelines) - Based on main branch from upstream - Standalone RVPS service with gRPC API (port 50003)