Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:Update
keylime
keylime.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File keylime.spec of Package keylime
# # spec file for package keylime # # Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %global srcname keylime %{?!python_module:%define python_module() python-%{**} python3-%{**}} %define skip_python2 1 # Consolidate _distconfdir and _sysconfdir %if 0%{?_distconfdir:1} %define _config_norepl %{nil} %else %define _distconfdir %{_sysconfdir} %define _config_norepl %config(noreplace) %endif Name: keylime Version: 6.3.2 Release: 0 Summary: Open source TPM software for Bootstrapping and Maintaining Trust License: Apache-2.0 AND MIT URL: https://github.com/keylime/keylime Source0: %{name}-v%{version}.tar.xz Source1: keylime.xml Source2: %{name}-user.conf Source3: logrotate.%{name} Source4: tmpfiles.%{name} # PATCH-FIX-OPENSUSE keylime.conf.diff Patch1: keylime.conf.diff # PATCH-FIX-OPENSUSE config-libefivars.diff Patch2: config-libefivars.diff # PATCH-FIX-UPSTREAM CVE-2022-1053-0{1234}.patch boo#1199253 Patch3: CVE-2022-1053-01.patch Patch4: CVE-2022-1053-02.patch Patch5: CVE-2022-1053-03.patch Patch6: CVE-2022-1053-04.patch # PATCH-FIX-UPSTREAM CVE-2022-3500.patch boo#1204782 Patch7: CVE-2022-3500.patch # PATCH-FIX-UPSTREAM CVE-2023-38200-0{123}.patch boo#1213310 Patch8: CVE-2023-38200-01.patch Patch9: CVE-2023-38200-02.patch Patch10: CVE-2023-38200-03.patch # PATCH-FIX-SLE Patch11: fix_exit.diff # PATCH-FIX-UPSTREAM CVE-2023-38201.patch boo#1213314 Patch12: CVE-2023-38201.patch BuildRequires: %{python_module setuptools} BuildRequires: fdupes BuildRequires: firewall-macros BuildRequires: python-rpm-macros BuildRequires: sysuser-tools Requires: libtss2-tcti-device0 Requires: libtss2-tcti-tabrmd0 Requires: procps Requires: python-M2Crypto Requires: python-PyYAML Requires: python-SQLAlchemy Requires: python-alembic Requires: python-cryptography Requires: python-psutil Requires: python-python-gnupg Requires: python-pyzmq Requires: python-requests Requires: python-simplejson Requires: python-tornado Requires: tpm2-0-tss Requires: tpm2.0-abrmd Requires: tpm2.0-tools Requires(post): update-alternatives Requires(postun):update-alternatives Conflicts: rust-keylime BuildArch: noarch %python_subpackages %description Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. %package -n %{name}-config Summary: Configuration file for keylime Requires: python3-%{name} = %{version} Conflicts: rust-keylime %description -n %{name}-config Subpackage of %{name} for the shared configuration file of the agent and the server components. %package -n %{name}-firewalld Summary: Firewalld service file for keylime Requires: python3-%{name} = %{version} Conflicts: rust-keylime %description -n %{name}-firewalld Subpackage of %{name} for the firewalld XML service file. %package -n %{name}-tpm_cert_store Summary: Certify store for the TPM Requires: python3-%{name} = %{version} Conflicts: rust-keylime %description -n %{name}-tpm_cert_store Subpackage of %{name} for storing the TPM certificates. %package -n %{name}-agent Summary: Keylime agent service Requires: %{name}-config = %{version} Requires: %{name}-logrotate = %{version} Requires: %{name}-tpm_cert_store = %{version} Requires: python3-%{name} = %{version} Recommends: %{name}-firewalld = %{version} Recommends: dmidecode Conflicts: rust-keylime %description -n %{name}-agent Subpackage of %{name} for agent service. %package -n %{name}-registrar Summary: Keylime registrar service Requires: %{name}-config = %{version} Requires: %{name}-logrotate = %{version} Requires: %{name}-tpm_cert_store = %{version} Requires: python3-%{name} = %{version} Recommends: %{name}-firewalld = %{version} Conflicts: rust-keylime %description -n %{name}-registrar Subpackage of %{name} for registrar service. %package -n %{name}-verifier Summary: Keylime verifier service Requires: %{name}-config = %{version} Requires: %{name}-logrotate = %{version} Requires: %{name}-tpm_cert_store = %{version} Requires: python3-%{name} = %{version} Recommends: %{name}-firewalld = %{version} Conflicts: rust-keylime %description -n %{name}-verifier Subpackage of %{name} for verifier service. %package -n %{name}-logrotate Summary: Logrotate for Keylime servies Requires: logrotate Conflicts: rust-keylime %description -n %{name}-logrotate Subpacakge of %{name} for logrotate for Keylime services %prep %autosetup -p1 -n %{name}-v%{version} %build %python_build %sysusers_generate_pre %{SOURCE2} %{name} %{name}-user.conf %install export VERSION=%{version} %python_install cp -r %{srcname}/static %{buildroot}%{python_sitelib}/%{srcname} %python_clone -a %{buildroot}%{_bindir}/%{srcname}_verifier %python_clone -a %{buildroot}%{_bindir}/%{srcname}_registrar %python_clone -a %{buildroot}%{_bindir}/%{srcname}_agent %python_clone -a %{buildroot}%{_bindir}/%{srcname}_tenant %python_clone -a %{buildroot}%{_bindir}/%{srcname}_ca %python_clone -a %{buildroot}%{_bindir}/%{srcname}_migrations_apply %python_clone -a %{buildroot}%{_bindir}/%{srcname}_userdata_encrypt %python_clone -a %{buildroot}%{_bindir}/%{srcname}_ima_emulator %python_clone -a %{buildroot}%{_bindir}/%{srcname}_webapp %python_expand %fdupes %{buildroot}%{$python_sitelib} install -Dpm 0600 %{srcname}.conf %{buildroot}%{_distconfdir}/%{srcname}.conf install -Dpm 0644 ./services/%{srcname}_agent.service %{buildroot}%{_unitdir}/%{srcname}_agent.service install -Dpm 0644 ./services/%{srcname}_agent_secure.mount %{buildroot}%{_unitdir}/var-lib-%{srcname}-secure.mount install -Dpm 0644 ./services/%{srcname}_verifier.service %{buildroot}%{_unitdir}/%{srcname}_verifier.service install -Dpm 0644 ./services/%{srcname}_registrar.service %{buildroot}%{_unitdir}/%{srcname}_registrar.service install -Dpm 0644 %{SOURCE1} %{buildroot}%{_prefix}/lib/firewalld/services/%{srcname}.xml install -Dpm 0644 %{SOURCE2} %{buildroot}%{_sysusersdir}/%{name}-user.conf install -Dpm 0644 %{SOURCE3} %{buildroot}%{_distconfdir}/logrotate.d/%{name} install -Dpm 0644 %{SOURCE4} %{buildroot}%{_tmpfilesdir}/%{name}.conf install -d %{buildroot}%{_localstatedir}/log/%{name} mkdir -p %{buildroot}/%{_sharedstatedir}/%{srcname} cp -r ./tpm_cert_store %{buildroot}%{_sharedstatedir}/%{srcname}/ %fdupes %{buildroot}%{_sharedstatedir}/%{srcname}/ # %%check # %%pyunittest -v %post %python_install_alternative %{srcname}_verifier %python_install_alternative %{srcname}_registrar %python_install_alternative %{srcname}_agent %python_install_alternative %{srcname}_tenant %python_install_alternative %{srcname}_ca %python_install_alternative %{srcname}_migrations_apply %python_install_alternative %{srcname}_userdata_encrypt %python_install_alternative %{srcname}_ima_emulator %python_install_alternative %{srcname}_webapp %postun %python_uninstall_alternative %{srcname}_verifier %python_uninstall_alternative %{srcname}_registrar %python_uninstall_alternative %{srcname}_agent %python_uninstall_alternative %{srcname}_tenant %python_uninstall_alternative %{srcname}_ca %python_uninstall_alternative %{srcname}_migrations_apply %python_uninstall_alternative %{srcname}_userdata_encrypt %python_uninstall_alternative %{srcname}_ima_emulator %python_uninstall_alternative %{srcname}_webapp %post -n %{srcname}-firewalld %firewalld_reload %pre -n %{srcname}-tpm_cert_store -f %{srcname}.pre %post -n %{srcname}-tpm_cert_store %tmpfiles_create %{srcname}.conf # Help the upgrade process when moving to a non-root services # # The '-h' parameter alone will not change the ownership of the linked # file, only of the link itself. This is secure because the user # still cannot read or write the file if the linked file does is from # a different user with restricted permissions. # # The '-h' parameter with '-R' will also do the right thing. In this # case, if the directory is a symlink it will change only the # ownership of the link and will stop changes, i.e. it will not change # ownership of the linked directory files. chown -h -R keylime:tss %{_sharedstatedir}/%{srcname}/ca 2> /dev/null || : chown -h -R keylime:tss %{_sharedstatedir}/%{srcname}/secure 2> /dev/null || : chown -h -R keylime:tss %{_sharedstatedir}/%{srcname}/cv_ca 2> /dev/null || : chown -h -R keylime:tss %{_localstatedir}/log/%{srcname} 2> /dev/null || : chown -h -R keylime:tss %{_rundir}/%{srcname} 2> /dev/null || : chown -h keylime:tss %{_sharedstatedir}/%{srcname}/*.sqlite 2> /dev/null || : chown -h keylime:tss %{_sharedstatedir}/%{srcname}/*.yml 2> /dev/null || : chown -h keylime:tss %{_sysconfdir}/%{srcname}.conf 2> /dev/null || : %pre -n %{srcname}-verifier %service_add_pre %{srcname}_verifier.service %post -n %{srcname}-verifier %service_add_post %{srcname}_verifier.service %preun -n %{srcname}-verifier %service_del_preun %{srcname}_agent.service %postun -n %{srcname}-verifier %service_del_postun %{srcname}_verifier.service %pre -n %{srcname}-registrar %service_add_pre %{srcname}_registrar.service %post -n %{srcname}-registrar %service_add_post %{srcname}_registrar.service %preun -n %{srcname}-registrar %service_del_preun %{srcname}_registrar.service %postun -n %{srcname}-registrar %service_del_postun %{srcname}_registrar.service %pre -n %{srcname}-agent %service_add_pre %{srcname}_agent.service %service_add_pre var-lib-%{srcname}-secure.mount %post -n %{srcname}-agent %service_add_post %{srcname}_agent.service %service_add_post var-lib-%{srcname}-secure.mount %preun -n %{srcname}-agent %service_del_preun %{srcname}_agent.service %service_del_preun var-lib-%{srcname}-secure.mount %postun -n %{srcname}-agent %service_del_postun %{srcname}_agent.service %service_del_postun var-lib-%{srcname}-secure.mount %files %{python_files} %doc README.md %license LICENSE keylime/static/icons/ICON-LICENSE %python_alternative %{_bindir}/%{srcname}_verifier %python_alternative %{_bindir}/%{srcname}_registrar %python_alternative %{_bindir}/%{srcname}_agent %python_alternative %{_bindir}/%{srcname}_tenant %python_alternative %{_bindir}/%{srcname}_ca %python_alternative %{_bindir}/%{srcname}_migrations_apply %python_alternative %{_bindir}/%{srcname}_userdata_encrypt %python_alternative %{_bindir}/%{srcname}_ima_emulator %python_alternative %{_bindir}/%{srcname}_webapp %{python_sitelib}/* %files -n %{srcname}-config %_config_norepl %attr (0600,keylime,tss) %{_distconfdir}/%{srcname}.conf %files -n %{srcname}-firewalld %dir %{_prefix}/lib/firewalld %dir %{_prefix}/lib/firewalld/services %{_prefix}/lib/firewalld/services/%{srcname}.xml %files -n %{srcname}-tpm_cert_store %dir %attr(0700,keylime,tss) %{_sharedstatedir}/%{srcname} %dir %{_sharedstatedir}/%{srcname}/tpm_cert_store %{_sharedstatedir}/%{srcname}/tpm_cert_store/* # We use this subpackage to store other unrelated things, as far as is # required by all the services %{_sysusersdir}/%{srcname}-user.conf %ghost %dir %attr(0700,keylime,tss) %{_rundir}/%{srcname} %{_tmpfilesdir}/%{srcname}.conf %files -n %{srcname}-agent %{_unitdir}/%{srcname}_agent.service %{_unitdir}/var-lib-%{srcname}-secure.mount %files -n %{srcname}-registrar %{_unitdir}/%{srcname}_registrar.service %files -n %{srcname}-verifier %{_unitdir}/%{srcname}_verifier.service %files -n %{srcname}-logrotate %_config_norepl %{_distconfdir}/logrotate.d/%{srcname} %dir %attr(0750,keylime,tss) %{_localstatedir}/log/%{srcname} %changelog
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor