## START: Set by rpmautospec ## (rpmautospec version 0.8.1) ## RPMAUTOSPEC: autorelease, autochangelog %define autorelease(e:s:pb:n) %{?-p:0.}%{lua: release_number = 1; base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); print(release_number + base_release_number - 1); }%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} ## END: Set by rpmautospec # trustee.spec # Generated by rust2rpm 20 %bcond_without check %global crate trustee Name: trustee Version: 0.14.0 Release: %{?autorelease}%{!?autorelease:1%{?dist}} Summary: Confidential Containers Trust and Attestation Framework # Upstream license specification: Apache-2.0 License: Apache-2.0 URL: https://github.com/confidential-containers/trustee Source0: %{url}/archive/refs/tags/v%{version}.tar.gz # Vendored guest-components for kbs_protocol dependency Source1: https://github.com/confidential-containers/guest-components/archive/refs/tags/v%{version}/guest-components-%{version}.tar.gz Patch: 0001-Fedora-remove-jwt-simple-dependency.patch Patch: 0002-Fedora-use-OpenSSL-instead-of-rust-crypto.patch Patch: 0003-Fedora-update-dependency-versions-to-match-available.patch Patch: 0004-Fedora-replace-kbs-types-git-dependency-with-version.patch Patch: 0005-Fedora-update-ear-dependency-from-0.3.0-to-0.4.0.patch Patch: 0006-Fedora-remove-kms-dependency.patch Patch: 0007-Use-ccatoken-from-the-system-not-git.patch Patch: 0008-Fedora-vendor-kbs_protocol-from-guest-components.patch Patch: 0009-Convert-workspace-deps-to-explicit-versions-in-guest.patch Patch: 0010-Fedora-disable-csv-verifier-and-hygon-dcu-verifier-f.patch Patch: 0011-Use-intel-tee-quote-verification-rs-and-tdx-attest-r.patch Patch: 0012-Fedora-disable-cca-verifier-and-se-verifier-for-x86_.patch Patch: 0013-Fedora-disable-non-x86_64-attesters-and-verifiers-in.patch Patch: 0014-Use-occlum_dcap-from-Fedora-package-instead-of-git-d.patch Patch: 0015-Fix-sev-crate-type-mismatch-in-az_snp_vtpm-verifier.patch Patch: 0016-Fedora-fix-shadow-rs-and-ear-API-compatibility.patch Patch: 0017-Fedora-re-enable-aes-gcm-aes-kw-concat-kdf-and-fix-t.patch Patch: 0018-Fix-type-conversions-between-kbs_types-and-backend-t.patch Patch: 0019-Fedora-disable-kbs_protocol-integration-test-requiri.patch Patch: 0020-Ignore-test_verify_snp_report-test-that-fails-in-bui.patch Patch: 0021-Split-integration-tests-to-separate-remote-RVPS-test.patch Patch: 0022-Ignore-token-broker-tests-requiring-write-access-to-.patch ExclusiveArch: x86_64 BuildRequires: rust-packaging >= 21-2 BuildRequires: systemd BuildRequires: openssl-devel BuildRequires: pkg-config BuildRequires: sgx-devel %description Trustee is a unified trust and attestation framework for Confidential Computing. It provides key management, attestation services, and reference value management for confidential containers and virtual machines. This is a meta-package that installs all trustee components. #=============================================================================== %package kbs Summary: Key Broker Service for Confidential Computing Requires: openssl %description kbs The Key Broker Service (KBS) is a key management component for Confidential Computing scenarios. It provides secure key distribution for confidential containers and virtual machines. KBS supports multiple backend storage systems and attestation services. #=============================================================================== %package attestation-service Summary: Attestation Service for Confidential Computing Requires: openssl %description attestation-service The Attestation Service validates attestation evidence from confidential computing platforms. It supports both gRPC and RESTful interfaces and can verify attestation evidence from various TEE technologies including Intel TDX, AMD SEV-SNP, Intel SGX, and ARM CCA. #=============================================================================== %package rvps Summary: Reference Value Provider Service for Confidential Computing Requires: openssl %description rvps The Reference Value Provider Service (RVPS) manages and provides reference values for attestation verification. It stores and serves reference measurements, policies, and other attestation-related data required for validating confidential computing workloads. #=============================================================================== %package client Summary: Client tools for Key Broker Service Requires: openssl %description client Command-line client tools for interacting with the Key Broker Service. Provides utilities for testing KBS functionality and retrieving keys and resources from a KBS instance. #=============================================================================== %prep %autosetup -n trustee-%{version} -a1 -p1 %cargo_prep %generate_buildrequires %cargo_generate_buildrequires %build %cargo_build %cargo_license_summary %{cargo_license} > LICENSE.dependencies %install # Install KBS install -D -m 755 target/rpm/kbs %{buildroot}%{_bindir}/kbs # Install Attestation Service install -D -m 755 target/rpm/grpc-as %{buildroot}%{_bindir}/grpc-as # Install RVPS install -D -m 755 target/rpm/rvps %{buildroot}%{_bindir}/rvps install -D -m 755 target/rpm/rvps-tool %{buildroot}%{_bindir}/rvps-tool # Install KBS Client install -D -m 755 target/rpm/kbs-client %{buildroot}%{_bindir}/kbs-client %if %{with check} %check %cargo_test %endif %files %license LICENSE %license LICENSE.dependencies %doc README.md %files kbs %license LICENSE %license LICENSE.dependencies %doc README.md %{_bindir}/kbs %files attestation-service %license LICENSE %license LICENSE.dependencies %doc README.md %{_bindir}/grpc-as %files rvps %license LICENSE %license LICENSE.dependencies %doc README.md %{_bindir}/rvps %{_bindir}/rvps-tool %files client %license LICENSE %license LICENSE.dependencies %doc README.md %{_bindir}/kbs-client %changelog ## START: Generated by rpmautospec * Tue Oct 21 2025 John Doe - 0.14.0-1 - Uncommitted changes ## END: Generated by rpmautospec