1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
|
%global name kunpengsecl
%global version 2.0.2
%undefine _missing_build_ids_terminate_build
Name: %{name}
Version: %{version}
Release: 1%{?dist}
Summary: A remote attestation security software components running on Kunpeng processors.
Summary(zh_CN): 一款运行于鲲鹏处理器上的远程证明安全软件组件
License: MulanPSL-2.0
URL: https://gitee.com/openeuler/kunpengsecl
Source0: %{name}-v%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: gettext make golang
BuildRequires: protobuf-compiler openssl-devel
BuildRequires: cjson-devel
%ifarch aarch64
BuildRequires: itrustee_sdk-devel
%endif
Packager: leezhenxiang, WangLi, Wucaijun, gwei3
%description
This is %{name} project, including rac, ras, rahub, qcaserver, attester and tas packages.
%package rac
Summary: the rac package.
Requires: openssl
%ifarch aarch64
Requires: itrustee_sdk
%endif
%description rac
This is the rac rpm package, which is used to install the client of the program.
%package ras
Summary: the ras package.
Requires: %{name}-attester
%description ras
This is the ras rpm package, which is used to install the server of the program.
%package rahub
Summary: the rahub package.
%description rahub
This is the rahub rpm package, which is used to cascade clients.
%package qcaserver
Summary: the qcaserver package.
%description qcaserver
This is the qcaserver rpm package, which is used to invoke libqca.
%package attester
Summary: the attester package.
Requires: cjson
Requires: openssl
%description attester
This is the attester rpm package, which is used to verify ta reports.
%package tas
Summary: the tas package.
Requires: %{name}-attester
%description tas
This is the tas rpm package, which is used to sign ak cert.
%package devel
Summary: the develop package.
Requires: %{name}-attester
%description devel
This is the devel rpm package, which provide supporting header file.
%prep
%setup -q -c -a 1
%build
make build
%install
make install DESTDIR=%{buildroot}
# %check
# make check
%post
%preun
%files rac
%{_bindir}/raagent
#%{_bindir}/tbprovisioner
%{_sysconfdir}/attestation/rac/config.yaml
%{_sysconfdir}/attestation/default_test/ascii_runtime_measurements*
%{_sysconfdir}/attestation/default_test/binary_bios_measurements*
%{_datadir}/attestation/rac/containerintegritytool.sh
%{_datadir}/attestation/rac/pcieintegritytool.sh
%{_datadir}/attestation/rac/hostintegritytool.sh
%{_datadir}/attestation/rac/prepare-racconf-env.sh
%{_docdir}/attestation/rac/README.md
%{_docdir}/attestation/rac/README.en.md
%{_docdir}/attestation/rac/LICENSE
%ifarch aarch64
%{_libdir}/libkta.so
%endif
%files ras
%{_bindir}/ras
%{_sysconfdir}/attestation/ras/config.yaml
%{_datadir}/attestation/ras/prepare-database-env.sh
%{_datadir}/attestation/ras/clear-database.sh
%{_datadir}/attestation/ras/createTable.sql
%{_datadir}/attestation/ras/clearTable.sql
%{_datadir}/attestation/ras/dropTable.sql
%{_datadir}/attestation/ras/prepare-rasconf-env.sh
%{_docdir}/attestation/ras/README.md
%{_docdir}/attestation/ras/README.en.md
%{_docdir}/attestation/ras/LICENSE
%files rahub
%{_bindir}/rahub
%{_sysconfdir}/attestation/rahub/config.yaml
%{_datadir}/attestation/rahub/prepare-hubconf-env.sh
%{_docdir}/attestation/rahub/README.md
%{_docdir}/attestation/rahub/README.en.md
%{_docdir}/attestation/rahub/LICENSE
%files qcaserver
%{_bindir}/qcaserver
%{_sysconfdir}/attestation/qcaserver/config.yaml
%{_datadir}/attestation/qcaserver/prepare-qcaconf-env.sh
%{_docdir}/attestation/qcaserver/README.md
%{_docdir}/attestation/qcaserver/README.en.md
%{_docdir}/attestation/qcaserver/LICENSE
%{_datadir}/attestation/qcaserver/libqca.so
%{_datadir}/attestation/qcaserver/libteec.so
%files attester
%{_bindir}/attester
%{_sysconfdir}/attestation/attester/config.yaml
%{_datadir}/attestation/attester/prepare-attesterconf-env.sh
%{_docdir}/attestation/attester/README.md
%{_docdir}/attestation/attester/README.en.md
%{_docdir}/attestation/attester/LICENSE
%{_libdir}/libteeverifier.so
%files tas
%{_bindir}/tas
%{_bindir}/*.pem
%{_sysconfdir}/attestation/tas/config.yaml
%{_datadir}/attestation/tas/prepare-tasconf-env.sh
%{_docdir}/attestation/tas/README.md
%{_docdir}/attestation/tas/README.en.md
%{_docdir}/attestation/tas/LICENSE
%files devel
%{_includedir}/teeverifier.h
%changelog
* Thu Jul 18 2023 leezhenxiang <1172294056@qq.com> - 2.0.2-1
- update to 2.0.2
* Thu Mar 23 2023 leezhenxiang <1172294056@qq.com> - 2.0.1-1
- update to 2.0.1
- add devel package
* Thu Mar 23 2023 leezhenxiang <1172294056@qq.com> - 2.0.0-1
- update to 2.0.0
- add qcaserver, attester, and tas packages
- add BuildRequires itrustee_sdk-devel, cjson-devel and Requires itrustee_sdk, cjson
- modify makefile to adapt to different architectures
- specify the build requires in rac and attester package
* Thu Sep 15 2022 gwei3 <11015100@qq.com> - 1.1.2-1
- update to 1.1.2
- add slice length checks to avoid buffer overflow while extracting and verifying
- update integration test data to meet restapi parameter check requirement
- modify raagent/main.go file, change log to logger, os.Exit returns different values based on diff errors
- close RAS restapi server in signal handler
- Add parameter format checking for pcr/bios/ima in POST {id}/newbasevalue API
- Fix bugs in v1.1.1
bug 1: hostintegritytool.sh can only add the 2nd part of ima policy into /etc/ima/ima-policy.
bug 2: running hostintegritytool.sh multiple times will add duplicated linux cmdlines in /etc/default/grub.
bug 3: rahub config path was assigned wrong values, which is caused by copy/paste
- fix the issue that Makefile not sync vendor
- modify readme file
* Fri Sep 02 2022 gwei3 <11015100@qq.com> - 1.1.1-1
- update to 1.1.1
- reuse makefile to do install
- remove the empty kunpengsecl binary rpm
* Tue Aug 09 2022 wangli <3214053332@qq.com> - 1.1.0-3
- process vendor directory
* Wed Aug 03 2022 fushanqing <fushanqing@kylinos.cn> - 1.1.0-2
- Unified license name specification
* Sun Jul 24 2022 wangli <3214053332@qq.com> - 1.1.0-1
- add some test files
- prepare corresponding script for ras\rac\rahub to deploy config file respectively
- update part of file paths
- update to 1.1.0
* Fri Jan 21 2022 wangli <3214053332@qq.com> - 1.0.0-5
- install some test files to support the running of program.
* Mon Dec 27 2021 gwei3 <11015100@qq.com> - 1.0.0-4
- update the source tar to remove intermediate files.
* Wed Dec 08 2021 wangli <3214053332@qq.com> - 1.0.0-3
- add the rahub package.
- reorganize the directory structure of all packages.
- add BuildRequires protobuf-compiler and Requires openssl.
* Fri Nov 12 2021 wucaijun <wucaijun2001@163.com> - 1.0.0-2
- create the rpmbuild directory.
- modify the kunpengsecl.spec and buildrpm.sh files.
- add root Makefile to build/clean rpm package.
* Thu Nov 11 2021 wangli <3214053332@qq.com> - 1.0.0-1
- update to 1.0.0
|
