!223 [sync] PR-221: add secGear-aa secGear-as package

From: @openeuler-sync-bot Reviewed-by: @houmingyong Signed-off-by: @houmingyong
2024-11-12 13:17:47 +00:00 · 2024-11-12 13:17:47 +00:00 · 86606c1407
commit 86606c1407
parent 853d17b4ed 6c0820bfa4
1 changed files with 68 additions and 1 deletions
--- a/secGear.spec
+++ b/secGear.spec
@ -1,6 +1,6 @@
 Name:		secGear
 Version:	0.1.0
-Release:	45
+Release:	46
 Summary:	secGear is an SDK to develop confidential computing apps based on hardware enclave features


@ -8,6 +8,7 @@ Group:		OS Security
 License:	MulanPSL-2.0
 URL:		https://gitee.com/openeuler/secGear
 Source0:	https://gitee.com/openeuler/secGear/repository/archive/v%{version}.tar.gz
+Source1:	vendor.tar.gz

 Patch0:		0001-add-README.cn.md.patch
 Patch1:		0002-it-is-better-to-define-enum-from-0-rather-than-1.patch
@ -99,6 +100,7 @@ BUildRequires:	glibc glibc-devel cmake ocaml-dune rpm gcc-c++ compat-openssl11-l
 BUildRequires:	sgxsdk libsgx-launch libsgx-urts intel-sgx-ssl-devel
 %else
 BUildRequires:	itrustee_sdk itrustee_sdk-devel
+BuildRequires:  rust cargo rust-packaging virtCCA_sdk-devel virtCCA_sdk kunpengsecl-attester
 %endif

 Requires:		rsyslog compat-openssl11-libs
@ -129,10 +131,29 @@ Summary:		simulation package files for %{name}
 Requires:		%{name}%{?isa} = %{version}-%{release}
 %description	sim
 The %{name}-sim is package contains simulation libraries for developing applications
+%else
+%package		aa
+Summary:		Attestation agent for %{name}
+%description	aa
+The %{name}-aa is package contains attestation agent
+
+%define _cargo /usr/bin/env CARGO_HOME=.cargo RUSTC_BOOTSTRAP=1 /usr/bin/cargo
+
+%package        as                                                                                                                                               
+Summary:        Attestation Service for %{name}
+Requires:       kunpengsecl-attester
+%description    as
+The %{name}-as is package contains attestation service
 %endif

 %prep
 %autosetup -n %{name} -p1
+%ifnarch x86_64
+cd %{_builddir}/%{name}/service/attestation/attestation-agent/
+tar xf %{SOURCE1}
+cd %{_builddir}/%{name}/service/attestation/attestation-service/
+tar xf %{SOURCE1}
+%endif

 %build
 source ./environment
@ -143,6 +164,24 @@ make
 %else
 cmake -DCMAKE_BUILD_TYPE=Debug -DENCLAVE=GP
 make
+
+cd %{_builddir}/%{name}/service/attestation/attestation-agent/
+mkdir -p .cargo
+touch .cargo/config.toml
+cat << EOF >> ./.cargo/config.toml
+[source.crates-io]
+replace-with = "vendored-sources"
+
+[source.vendored-sources]
+directory = "vendor"
+EOF
+
+%{_cargo} build --features virtcca-attester --bins --release
+mkdir -p %{_builddir}/%{name}/service/attestation/attestation-service/.cargo/
+cp %{_builddir}/%{name}/service/attestation/attestation-agent/.cargo/config.toml %{_builddir}/%{name}/service/attestation/attestation-service/.cargo/
+cd %{_builddir}/%{name}/service/attestation/attestation-service/
+%{_cargo} build --bins --release
+
 %endif

 %install
@ -172,6 +211,17 @@ install -pm 644 inc/host_inc/gp/*.edl %{buildroot}/%{_includedir}/secGear
 install -pm 644 inc/enclave_inc/*.h %{buildroot}/%{_includedir}/secGear
 install -pm 644 inc/enclave_inc/gp/*.h %{buildroot}/%{_includedir}/secGear
 install -pm 644 inc/enclave_inc/gp/itrustee/*.h %{buildroot}/%{_includedir}/secGear
+install -pm 751 service/attestation/attestation-agent/target/release/attestation-agent %{buildroot}/%{_bindir}
+install -d %{buildroot}%{_sysconfdir}/attestation/attestation-agent/
+install -pm 644 service/attestation/attestation-agent/agent/attestation-agent.conf %{buildroot}%{_sysconfdir}/attestation/attestation-agent/
+
+install -d %{buildroot}%{_sysconfdir}/attestation/attestation-service/token
+install -d %{buildroot}%{_sysconfdir}/attestation/attestation-service/policy
+install -d %{buildroot}%{_sysconfdir}/attestation/attestation-service/verifier/itrustee
+install -d %{buildroot}%{_sysconfdir}/attestation/attestation-service/verifier/virtcca
+install -pm 644 service/attestation/attestation-service/service/attestation-service.conf %{buildroot}%{_sysconfdir}/attestation/attestation-service/
+install -pm 644 service/attestation/attestation-service/policy/src/opa/*.rego %{buildroot}%{_sysconfdir}/attestation/attestation-service/policy/
+install -pm 751 service/attestation/attestation-service/target/release/attestation-service %{buildroot}/%{_bindir}
 %endif
 install -pm 644 component/remote_attest/ra_report/sg_ra_report.h %{buildroot}/%{_includedir}/secGear
 install -pm 644 component/remote_attest/ra_verify/sg_ra_report_verify.h %{buildroot}/%{_includedir}/secGear
@ -217,12 +267,29 @@ popd
 %license License/LICENSE
 %{_libdir}/libsecgearsim.so
 %{_libdir}/libsgxsim_0.so
+%else
+
+%files aa
+%{_bindir}/attestation-agent
+%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/attestation/attestation-agent/attestation-agent.conf
+
+%files as
+%{_bindir}/attestation-service
+%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/attestation/attestation-service/attestation-service.conf
+%{_sysconfdir}/attestation/attestation-service/token
+%{_sysconfdir}/attestation/attestation-service/policy/*
+%{_sysconfdir}/attestation/attestation-service/verifier/itrustee
+%{_sysconfdir}/attestation/attestation-service/verifier/virtcca
+
 %endif

 %post
 systemctl restart rsyslog

 %changelog
+* Fri Nov 8 2024 houmingyong<houmingyong@huawei.com> - 0.1.0-46
+- add secGear-aa secGear-as package
+
 * Fri Nov 8 2024 steven<steven_ygui@163.com> - 0.1.0-45
 - backport patches from 2409