%global srcname keylime

Name:    keylime
Version: 6.2.0
Release: 1%{?dist}
Summary: Open source TPM software for Bootstrapping and Maintaining Trust

BuildArch:      noarch

URL:            https://github.com/keylime/keylime
Source0:        https://github.com/keylime/keylime/archive/v%{version}.tar.gz
Source1:        %{name}.sysusers

Patch1: 0001-Run-keylime-components-as-non-root.patch
Patch2: 0002-Replace-M2Crypto-with-python-cryptography.patch

# Main program: BSD
# Icons: MIT
License: ASL 2.0 and MIT

Requires: python3-keylime >= %{version}
Requires: keylime-base >= %{version}
Requires: keylime-verifier >= %{version}
Requires: keylime-registrar >= %{version}
Requires: keylime-agent-python >= %{version}
Requires: keylime-tenant >= %{version}
Requires: keylime-webapp >= %{version}



BuildRequires: git-core
BuildRequires: swig
BuildRequires: openssl-devel
BuildRequires: python3-setuptools
BuildRequires: python3-devel
BuildRequires: python3-dbus
BuildRequires: systemd
BuildRequires: systemd-rpm-macros

#Requires: efivar-devel
#Requires: procps-ng
#Requires: python3-alembic
#Requires: python3-gnupg
#Requires: python3-pyasn1
#Requires: python3-pyyaml
#Requires: python3-cryptography
#Requires: python3-tornado
#Requires: python3-simplejson
#Requires: python3-sqlalchemy
#Requires: python3-requests
#Requires: python3-zmq
#Requires: tpm2-tss
#Requires: tpm2-tools
#Requires: tpm2-abrmd

%description
Keylime is a TPM based highly scalable remote boot attestation
and runtime integrity measurement solution.

%package -n python3-keylime
Summary: The Python Keylime module
License: MIT

%description -n python3-keylime
The python3-keylime module implements the functionality used
by Keylime components.

%package base
Summary: The Keylime base package
License: MIT
Requires: python3-%{name} = %{version}-%{release}
Requires: tpm2-tss
Requires: tpm2-tools
Requires: tpm2-abrmd

%description base
The Keylime base package contains configuration files and some 
utilities.

%package tools
Summary: Keylime tools
License: MIT
Requires: %{name}-base = %{version}-%{release}
Requires: python3-%{name} = %{version}-%{release}
Requires: python3-simplejson
Requires: python3-cryptography
Requires: python3-tornado
Requires: python3-zmq
Requires: python3-gnupg

%description tools
Extra keylime tools, like the IMA emulator.


%package verifier
Summary: The Python Keylime Verifier component
License: MIT
Requires: python3-%{name} = %{version}-%{release}
Requires: python3-tornado
Requires: python3-simplejson
Requires: python3-sqlalchemy
Requires: python3-cryptography
Requires: python3-zmq
Requires: python3-gnupg
Requires: python3-alembic

%description verifier
The Keylime Verifier continuously verifies the integrity state
of the machine that the agent is running on.


%package registrar
Summary: The Keylime Registrar component
License: MIT
Requires: python3-%{name} = %{version}-%{release}
Requires: python3-sqlalchemy
Requires: python3-cryptography
Requires: python3-simplejson
Requires: python3-tornado
Requires: python3-zmq
Requires: python3-gnupg
Requires: python3-alembic


%description registrar
The Keylime Registrar is a database of all agents registered
with Keylime and hosts the public keys of the TPM vendors.

%package agent-python
Summary: The Python Keylime Agent
License: MIT
Requires: python3-%{name} = %{version}-%{release}
Requires: python3-tornado
Requires: python3-simplejson
Requires: python3-psutil
Requires: python3-cryptography
Requires: python3-gnupg
Requires: python3-zmq


#Requires: efivar-devel
#Requires: procps-ng
#Requires: python3-alembic
#Requires: python3-gnupg
#Requires: python3-pyasn1
#Requires: python3-pyyaml
#Requires: python3-tornado
#Requires: python3-simplejson
#Requires: python3-sqlalchemy
#Requires: python3-requests
#Requires: python3-zmq
#Requires: tpm2-tss
#Requires: tpm2-tools
#Requires: tpm2-abrmd



%description agent-python
The Keylime Agent is deployed to the remote machine that is to be
measured or provisioned with secrets stored within an encrypted
payload released once trust is established.

%package tenant
Summary: The Python Keylime Tenant
License: MIT
Requires: python3-%{name} = %{version}-%{release}

%description tenant
The Keylime Tenant can be used to provision a Keylime Agent.

%package webapp
Summary: The Python Keylime WebApp GUI
License: MIT
Requires: python3-%{name} = %{version}-%{release}

%description webapp
The Keylime WebApp GUI interface can be used to provision a Keylime Agent.



%prep
%autosetup -S git -n %{srcname}-%{version}

%build
export PBR_VERSION=%{version}
%py3_build

%install
export PBR_VERSION=%{version}
%py3_install
mkdir -p %{buildroot}%{_unitdir}
mkdir -p %{buildroot}/%{_sharedstatedir}/keylime
mkdir -p --mode=0700 %{buildroot}/%{_localstatedir}/log/keylime

install -pm 644 ./services/var-lib-%{srcname}-secure.mount \
    %{buildroot}%{_unitdir}/var-lib-%{srcname}-secure.mount

install -pm 644 %{srcname}.conf \
    %{buildroot}%{_sysconfdir}/%{srcname}.conf

install -pm 644 ./services/%{srcname}_agent.service \
    %{buildroot}%{_unitdir}/%{srcname}_agent.service

install -pm 644 ./services/%{srcname}_verifier.service \
    %{buildroot}%{_unitdir}/%{srcname}_verifier.service

install -pm 644 ./services/%{srcname}_registrar.service \
    %{buildroot}%{_unitdir}/%{srcname}_registrar.service

cp -r ./tpm_cert_store %{buildroot}%{_sharedstatedir}/keylime/

%pre base
%sysusers_create_compat %{SOURCE1}
# Add keylime user to tss group.
if getent group tss >/dev/null && ! groups %{name} | grep -q "\btss\b"; then
    usermod -a -G tss %{name} &>/dev/null
fi
exit 0

%post verifier
%systemd_post %{srcname}_verifier.service

%post registrar
%systemd_post %{srcname}_registrar.service

%post agent-python
%systemd_post %{srcname}_agent.service

%post -n python3-keylime
%systemd_post var-lib-keylime-secure.mount

%preun verifier
%systemd_preun %{srcname}_verifier.service

%preun registrar
%systemd_preun %{srcname}_registrar.service

%preun agent-python
%systemd_preun %{srcname}_agent.service

%preun -n python3-keylime
%systemd_preun var-lib-keylime-secure.mount

%postun verifier
%systemd_postun_with_restart %{srcname}_verifier.service

%postun registrar
%systemd_postun_with_restart %{srcname}_registrar.service

%postun agent-python
%systemd_postun_with_restart %{srcname}_agent.service

%files verifier
%license LICENSE
%{_bindir}/%{srcname}_verifier
%{_bindir}/%{srcname}_migrations_apply
%{_unitdir}/keylime_verifier.service
%attr(-,%{name},%{name}) %{_sharedstatedir}/%{name}

%files registrar
%license LICENSE
%{_bindir}/%{srcname}_registrar
%{_bindir}/%{srcname}_provider_registrar
%{_unitdir}/keylime_registrar.service

%files agent-python
%license LICENSE
%{_bindir}/%{srcname}_agent
%{_unitdir}/keylime_agent.service

%files tenant
%license LICENSE
%{_bindir}/%{srcname}_tenant

%files webapp
%license LICENSE
%{_bindir}/%{srcname}_webapp

%files -n python3-keylime
%license LICENSE
%{python3_sitelib}/%{srcname}-*.egg-info/
%{python3_sitelib}/%{srcname}
%{_unitdir}/var-lib-keylime-secure.mount

%files tools
%license LICENSE
%{_bindir}/%{srcname}_ca
%{_bindir}/%{srcname}_provider_platform_init
%{_bindir}/%{srcname}_provider_vtpm_add
%{_bindir}/%{srcname}_userdata_encrypt
%{_bindir}/%{srcname}_ima_emulator

%files base
%license LICENSE keylime/static/icons/ICON-LICENSE
%doc README.md
%config(noreplace) %{_sysconfdir}/%{srcname}.conf
%attr(-,%{name},%{name}) %dir %{_localstatedir}/log/%{name}

%files
%license LICENSE

%changelog
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 6.1.0-3
- Rebuilt for Python 3.10

* Thu Mar 25 2021 Luke Hinds <lhinds@redhat.com> 6.0.1-1
- Updating for Keylime release v6.1.0

* Wed Mar 03 2021 Luke Hinds <lhinds@redhat.com> 6.0.1-1
- Updating for Keylime release v6.0.1

* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 6.0.0-2
- Rebuilt for updated systemd-rpm-macros
  See https://pagure.io/fesco/issue/2583.

* Wed Feb 24 2021 Luke Hinds <lhinds@redhat.com> 6.0.0-1
- Updating for Keylime release v6.0.0

* Tue Feb 02 2021 Luke Hinds <lhinds@redhat.com> 5.8.1-1
- Updating for Keylime release v5.8.1

* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.8.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

* Sat Jan 23 2021 Luke Hinds <lhinds@redhat.com> 5.8.0-1
- Updating for Keylime release v5.8.0

* Fri Jul 17 2020 Luke Hinds <lhinds@redhat.com> 5.7.2-1
- Updating for Keylime release v5.7.2

* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 5.6.2-2
- Rebuilt for Python 3.9

* Fri May 01 2020 Luke Hinds <lhinds@redhat.com> 5.6.2-1
- Updating for Keylime release v5.6.2

* Thu Feb 06 2020 Luke Hinds <lhinds@redhat.com> 5.5.0-1
- Updating for Keylime release v5.5.0

* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.4.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

* Thu Dec 12 2019 Luke Hinds <lhinds@redhat.com> 5.4.1-1
– Initial Packaging