%bcond check 1 %global crate trustee Name: trustee Version: 0.15.0 Release: %autorelease Summary: Tools and components for attesting confidential guests and providing secrets License: Apache-2.0 URL: https://github.com/confidential-containers/trustee Source0: %{url}/archive/refs/tags/v%{version}.tar.gz # Vendored guest-components for kbs_protocol dependency Source1: https://github.com/confidential-containers/guest-components/archive/refs/tags/v%{version}/guest-components-%{version}.tar.gz # The vendor tarball is created using cargo-vendor-filterer to remove Windows # related files (https://github.com/cgwalters/cargo-vendor-filterer) # tar xf v%%{version}.tar.gz # cd trustee-%%{version} # tar xf guest-components-%%{version}.tar.gz # cargo vendor-filterer --platform x86_64-unknown-linux-gnu \ # --platform powerpc64le-unknown-linux-gnu \ # --platform aarch64-unknown-linux-gnu \ # --platform i686-unknown-linux-gnu \ # --platform s390x-unknown-linux-gnu \ # --exclude-crate-path "windows*#*" \ # --versioned-dirs \ # --prefix=vendor --format=tar.zstd # Rename the vendor.tar.zstd tarball to trustee-%%{version}-vendor.tar.zstd Patch: 0001-restrict-workspace-members-to-kbs-only.patch Patch: 0002-kbs-remove-built-in-attestation-service-for-lightwei.patch Patch: 0003-kbs-replace-concat-kdf-dependency-with-internal-impl.patch Patch: 0004-Refactor-kbs-replace-jwt-simple-with-jsonwebtoken-in.patch Patch: 0005-Refactor-deps-align-crate-versions-with-Fedora-upstr.patch Patch: 0006-replace-derivative-with-educe-for-debug-derivation.patch Patch: 0007-replace-git-dependencies-with-path-registry-deps-for.patch Patch: 0009-guard-RVPS-import-in-config-tests.patch # Patch: 0005-Replace-derivative-dependency-with-educe.patch # Patch: 0001-Remove-non-KBS-components-from-workspace.patch # Patch: 0002-Configure-KBS-for-passport-resource-mode-with-minima.patch # Patch: 0003-Update-dependency-versions-to-match-Fedora-packages.patch # Patch: 0004-Replace-jwt-simple-with-jsonwebtoken.patch # Patch: 0005-Replace-git-dependencies-with-local-paths-and-Fedora.patch # Patch: 0006-Remove-kms-dependency-and-aliyun-feature.patch # Patch: 0007-Gate-rvps-test-imports-behind-coco-as-builtin-featur.patch # Patch: 0008-Replace-concat-kdf-crate-with-OpenSSL-implementation.patch # Patch: 0009-Downgrade-base64ct-to-1.6.0-to-avoid-edition2024-req.patch BuildRequires: systemd BuildRequires: openssl-devel BuildRequires: cargo-rpm-macros BuildRequires: pkg-config BuildRequires: git-core # BuildRequires: crate(az-cvm-vtpm) %description Tools and components for attesting confidential guests and providing secrets to them. Collectively, these components are known as Trustee. Trustee typically operates on behalf of the guest owner and interacts remotely with guest components, providing the necessary services for Attestation and Secret Delivery. #=============================================================================== %package kbs Summary: Key Broker Service for Confidential Computing Requires: openssl %description kbs The Key Broker Service (KBS) is a key management component for Confidential Computing scenarios. It provides secure key distribution for confidential containers and virtual machines. KBS supports multiple backend storage systems and attestation services. #=============================================================================== %prep %autosetup -n trustee-%{version} -a1 -S git %cargo_prep %generate_buildrequires %cargo_generate_buildrequires %build # Use system OpenSSL instead of building from source export OPENSSL_NO_VENDOR=1 %cargo_build %cargo_license_summary %{cargo_license} > LICENSE.dependencies %install # Install KBS install -D -m 755 target/rpm/kbs %{buildroot}%{_bindir}/kbs %if %{with check} %check %cargo_test %endif %files kbs %license LICENSE %license LICENSE.dependencies %doc README.md %{_bindir}/kbs %changelog %autochangelog