# SPDX-FileCopyrightText: Sergio Arroutbi # # SPDX-License-Identifier: MIT # Fedora: Use system Rust libraries as josekit 0.7.4+ is available %global bundled_rust_deps 0 Name: clevis-pin-trustee Version: 0.1.0 Release: %autorelease Summary: Clevis PIN for Trustee attestation # License covers both source and all statically-linked dependencies # Run %%cargo_license_summary in %%build to determine the complete license expression License: MIT URL: https://github.com/sarroutbi/clevis-pin-trustee Source0: https://github.com/sarroutbi/%{name}/archive/refs/tags/v%{version}.tar.gz BuildRequires: cargo-rpm-macros BuildRequires: openssl-devel # rust-tempfile required for test execution BuildRequires: rust-tempfile+default-devel # Runtime dependencies Requires: clevis Requires: jose %description clevis-pin-trustee is a Clevis PIN that implements encryption and decryption operations using remote attestation via a Trustee server. It enables automated unlocking of LUKS-encrypted volumes in confidential computing environments by fetching encryption keys from Trustee servers after successful attestation. %prep %autosetup -n %{name}-%{version} %cargo_prep %generate_buildrequires %cargo_generate_buildrequires %build # Generate license information for statically-linked dependencies %cargo_license_summary %cargo_license # Build using cargo macros %cargo_build %install # Install main binary install -D -m 0755 target/release/%{name} %{buildroot}%{_bindir}/%{name} # Install Clevis wrapper scripts install -D -m 0755 clevis-encrypt-trustee %{buildroot}%{_bindir}/clevis-encrypt-trustee install -D -m 0755 clevis-decrypt-trustee %{buildroot}%{_bindir}/clevis-decrypt-trustee %check # Run tests using cargo macro %cargo_test %files %license LICENSES/MIT.txt %doc README.md %{_bindir}/%{name} %{_bindir}/clevis-encrypt-trustee %{_bindir}/clevis-decrypt-trustee %changelog %autochangelog