Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: vendored tarfile creation #634

Merged
merged 7 commits into from
Mar 13, 2024
Merged

fix: vendored tarfile creation #634

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
32b6c1e
fix: filter uneeded crates when vendoring
mmartinv Feb 28, 2024
7111aa7
fix: add missing patch to SOURCES dir
mmartinv Feb 28, 2024
475fb1b
fix: use %autosetup instead of %setup
mmartinv Feb 28, 2024
b8e15be
fix: generate the vendor tar file only when needed
mmartinv Feb 28, 2024
40b5dcb
feat: install builddep before building
mmartinv Feb 28, 2024
0928e75
fix: add missing RPM build dependency
mmartinv Mar 12, 2024
e7f7d1f
fix: `file listed twice` and `absolute symlink` rpm build warnings
mmartinv Mar 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 29 additions & 26 deletions .packit.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
# https://packit.dev/docs/configuration/

specfile_path: fido-device-onboard.spec
Expand All @@ -13,33 +14,35 @@ upstream_tag_template: v{version}
copy_upstream_release_description: true

srpm_build_deps:
- cargo
- cargo

actions:
create-archive:
- bash -c "sed -i -r \"s/Source0:.+/Source0:\ fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}.tar/\" fido-device-onboard.spec"
- bash -c "sed -i \"/Source1/d\" fido-device-onboard.spec"
mmartinv marked this conversation as resolved.
Show resolved Hide resolved
- bash -c "git archive --prefix=fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}/ --format=tar HEAD > fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}.tar"
- bash -c "tar -xvf fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}.tar"
- bash -c "ls -1 ./fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}.tar"
fix-spec-file:
- "cat fido-device-onboard.spec"
create-archive:
- bash -c "sed -i -r \"s/^Version:.*/Version:\ ${PACKIT_PROJECT_VERSION}/\" fido-device-onboard.spec"
- bash -c "sed -i '/Source1/d ; /^# See make-vendored-tarfile.sh in upstream repo/d ;' fido-device-onboard.spec"
- bash -c "cp ./patches/0001-Revert-chore-use-git-fork-for-aws-nitro-enclaves-cos.patch ."
- bash -c "git archive --prefix=fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}/ --format=tar HEAD > fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}.tar"
- bash -c "tar -xvf fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}.tar"
- bash -c "ls -1 ./fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}.tar"
fix-spec-file:
- "cat fido-device-onboard.spec"

jobs:
- job: copr_build
trigger: pull_request
targets:
- fedora-development-aarch64
- fedora-development
- fedora-latest
- fedora-latest-aarch64
- job: copr_build
trigger: commit
branch: main
owner: "@fedora-iot" # copr repo namespace
project: fedora-iot # copr repo name so you can consume the builds
targets:
- fedora-development-aarch64
- fedora-development
- fedora-latest
- fedora-latest-aarch64
- job: copr_build
trigger: pull_request
targets:
- fedora-development-aarch64
- fedora-development
- fedora-latest
- fedora-latest-aarch64
- job: copr_build
trigger: commit
branch: main
owner: "@fedora-iot" # copr repo namespace
project: fedora-iot # copr repo name so you can consume the builds
targets:
- fedora-development-aarch64
- fedora-development
- fedora-latest
- fedora-latest-aarch64
...
16 changes: 12 additions & 4 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
include /etc/os-release

SRCDIR ?= .
COMMIT = $(shell (cd "$(SRCDIR)" && git rev-parse HEAD))

Expand Down Expand Up @@ -42,16 +44,21 @@ VENDOR_TARBALL=rpmbuild/SOURCES/fido-device-onboard-rs-$(COMMIT)-vendor-patched.

$(RPM_SPECFILE):
mkdir -p $(CURDIR)/rpmbuild/SPECS
sed "s/%{url}\/archive\/v%{version}\/%{name}-rs-%{version}.tar.gz/%{name}-rs-$(COMMIT).tar.gz/; s/%{name}-rs-%{version}-vendor-patched.tar.xz/%{name}-rs-$(COMMIT)-vendor-patched.tar.xz/; s/%autosetup -p1 -n %{name}-rs-%{version}/%autosetup -p1 -n %{name}-rs-$(COMMIT)/" fido-device-onboard.spec > $(RPM_SPECFILE)
sed -e "s/^Version:.*/Version: $(COMMIT)/;" fido-device-onboard.spec > $(RPM_SPECFILE)
if [ "$(ID)" = "fedora" ] && [ $(VARIANT_ID) != "eln" ]; then \
sed -i "/Source1/d ; /^# See make-vendored-tarfile.sh in upstream repo/d ;" $(RPM_SPECFILE); \
fi

$(RPM_TARBALL):
mkdir -p $(CURDIR)/rpmbuild/SOURCES
cp ./patches/0001-Revert-chore-use-git-fork-for-aws-nitro-enclaves-cos.patch rpmbuild/SOURCES/;
git archive --prefix=fido-device-onboard-rs-$(COMMIT)/ --format=tar.gz HEAD > $(RPM_TARBALL)
cp ./make-vendored-tarfile.sh rpmbuild/SOURCES/make-vendored-tarfile.sh

$(VENDOR_TARBALL):
./make-vendored-tarfile.sh $(COMMIT)
cp fido-device-onboard-rs-$(COMMIT)-vendor-patched.tar.xz rpmbuild/SOURCES
[ "$(ID)" = "fedora" ] && [ $(VARIANT_ID) != "eln" ] || ( \
mkdir -p $(CURDIR)/rpmbuild/SOURCES ; \
./make-vendored-tarfile.sh $(COMMIT) ; \
mv fido-device-onboard-rs-$(COMMIT)-vendor-patched.tar.xz rpmbuild/SOURCES ;)

.PHONY: srpm
srpm: $(RPM_SPECFILE) $(RPM_TARBALL) $(VENDOR_TARBALL)
Expand All @@ -61,6 +68,7 @@ srpm: $(RPM_SPECFILE) $(RPM_TARBALL) $(VENDOR_TARBALL)

.PHONY: rpm
rpm: $(RPM_SPECFILE) $(RPM_TARBALL) $(VENDOR_TARBALL)
sudo dnf builddep -y fido-device-onboard
rpmbuild -bb \
--define "_topdir $(CURDIR)/rpmbuild" \
$(RPM_SPECFILE)
Expand Down
17 changes: 10 additions & 7 deletions fido-device-onboard.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,24 +28,27 @@ BuildRequires: device-mapper-devel
BuildRequires: libpq-devel
BuildRequires: golang
BuildRequires: openssl-devel >= 3.0.1-12
BuildRequires: sqlite-devel
BuildRequires: systemd-rpm-macros
BuildRequires: tpm2-tss-devel

%description
%{summary}.

%prep
%setup -q -n %{name}-rs-%{version}

%if 0%{?rhel}
tar xf %{SOURCE1}
%autosetup -p1 -a1 -n %{name}-rs-%{version}
rm -f Cargo.lock
%if 0%{?rhel} >= 10
%cargo_prep -v vendor
%else
%cargo_prep -V 1
%endif
%else
%patch -P1 -p1
%endif

%if 0%{?fedora}
%autosetup -p1 -n %{name}-rs-%{version}
%cargo_prep
%generate_buildrequires
%cargo_generate_buildrequires -a
Expand Down Expand Up @@ -80,8 +83,9 @@ install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_owner_onb
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_rendezvous_server_postgres migrations/migrations_rendezvous_server_postgres/2023-10-03-152801_create_db/*
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_rendezvous_server_sqlite migrations/migrations_rendezvous_server_sqlite/2023-10-03-152801_create_db/*
# duplicates as needed by AIO command so link them
ln -s %{_bindir}/fdo-owner-tool %{buildroot}%{_libexecdir}/fdo/fdo-owner-tool
ln -s %{_bindir}/fdo-admin-tool %{buildroot}%{_libexecdir}/fdo/fdo-admin-tool
mkdir -p %{buildroot}%{_bindir}
ln -sr %{buildroot}%{_bindir}/fdo-owner-tool %{buildroot}%{_libexecdir}/fdo/fdo-owner-tool
ln -sr %{buildroot}%{_bindir}/fdo-admin-tool %{buildroot}%{_libexecdir}/fdo/fdo-admin-tool
# Create directories needed by the various services so we own them
mkdir -p %{buildroot}%{_sysconfdir}/fdo
mkdir -p %{buildroot}%{_sysconfdir}/fdo/keys
Expand Down Expand Up @@ -213,7 +217,6 @@ Requires: openssl-libs >= 3.0.1-12
%dir %{_sysconfdir}/fdo
%dir %{_sysconfdir}/fdo/keys
%dir %{_sysconfdir}/fdo/manufacturing-server.conf.d
%dir %{_sysconfdir}/fdo/keys
%dir %{_sysconfdir}/fdo/stores
%dir %{_sysconfdir}/fdo/stores/manufacturer_keys
%dir %{_sysconfdir}/fdo/stores/manufacturing_sessions
Expand Down
43 changes: 30 additions & 13 deletions make-vendored-tarfile.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,31 @@
#/bin/bash
#! /bin/bash

set -x
ver=$1
cargo vendor
# Various vendor cleanups
pushd vendor
# cleanup windows files
rm -rf winapi/src/*
touch winapi/src/lib.rs
rm -rf winapi-x86_64-pc-windows-gnu/lib/*
rm -rf winapi-i686-pc-windows-gnu/lib/*
rm -rf vcpkg/test-data
popd #vendor
tar cJf fido-device-onboard-rs-$ver-vendor-patched.tar.xz vendor/
VER=${1:-$(git rev-parse HEAD)}
shift
nullr0ute marked this conversation as resolved.
Show resolved Hide resolved
PLATFORMS=$*

[ -n "$PLATFORMS" ] || PLATFORMS=$(echo {x86_64,aarch64,powerpc64le,s390x}-unknown-linux-gnu)

for PLATFORM in $PLATFORMS; do
ARGS+="--platform ${PLATFORM} "
done

# Clean vendor dir or the filterer will refuse to do the job
rm -rf vendor

# We need v0.5.7 because of RHEL rust version
cargo install --quiet cargo-vendor-filterer@0.5.7

# Use the official crate version
git apply patches/0001-Revert-chore-use-git-fork-for-aws-nitro-enclaves-cos.patch
# Filter the vendor files for the given platforms
cargo vendor-filterer ${ARGS}
# Reapply the crate patch so cargo build keeps working
git apply -R patches/0001-Revert-chore-use-git-fork-for-aws-nitro-enclaves-cos.patch

# Patch the official crate so the build works.
git apply patches/0002-fix-aws-nitro-enclaves-cose.patch
tar cJf "fido-device-onboard-rs-${VER}-vendor-patched.tar.xz" vendor/
# Remove previous patch and leave the official crate as it was.
git apply -R patches/0002-fix-aws-nitro-enclaves-cose.patch
0 ...git-fork-for-aws-nitro-enclaves-cos.patch → ...git-fork-for-aws-nitro-enclaves-cos.patch
View file
Open in desktop
File renamed without changes.
25 changes: 25 additions & 0 deletions patches/0002-fix-aws-nitro-enclaves-cose.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
Backport of https://github.com/awslabs/aws-nitro-enclaves-cose/pull/66

diff --git a/vendor/aws-nitro-enclaves-cose/.cargo-checksum.json b/vendor/aws-nitro-enclaves-cose/.cargo-checksum.json
index dd788a8..1035b7b 100644
--- a/vendor/aws-nitro-enclaves-cose/.cargo-checksum.json
+++ b/vendor/aws-nitro-enclaves-cose/.cargo-checksum.json
@@ -1 +1 @@
-{"files":{"CHANGELOG.md":"182c816f6cdcf13b370be9e712a0e7cf5b7c6b6612dc81c3b3d477abfca58e86","CODE_OF_CONDUCT.md":"34b6c98d5c23127ae6769e95e483e5bf6d3704ae1f0d3ae4e69d15f4ede118b6","CONTRIBUTING.md":"b050a75d5f6d2236ed40ad91dc53c4a4b30da184f9298f6f18507beae5fd7cb7","Cargo.toml":"d3ba98a34c9dcbff42da7e04d123b1687840738851e0630035e1f6e620a6fd98","LICENSE":"09e8a9bcec8067104652c168685ab0931e7868f9c8284b66f5ae6edae5f1130b","NOTICE":"d4290ed64c2edd0fce1d84e3f9dfb2881240fe534def76b8cd29ed6af683e287","README.md":"b16c142f4056384bb274fa7c9d0c2d73faf573cc2123a0bf4825970f88a67fc4","src/crypto/mod.rs":"a509e065cd0c3ed4c05484af9a7c45397ebf2a8b3f0d22578410f22484ffc33c","src/crypto/openssl_pkey.rs":"e9344a26ba101925a8e1c82960ff3d20a3df603be43132671bb15846ee96e829","src/crypto/tpm.rs":"2f8ec59523020319a4f63ca1e4bf3a4ae20c3acf8ca8ffd38e53ccd99611af3f","src/encrypt.rs":"ba89d5f221f0e4379d6f67dd946a00b183639b00bcf6918a4d3c441c4328894d","src/error.rs":"48fd4b84f9b4a7f5fc7ac52c2ce792d258c257908609270bf7751938082e19b7","src/header_map.rs":"88b3d7575ea4fd8eaaf4497a9d3c27ff43ec4da0213994aecf1ec9b5b89553c0","src/lib.rs":"8dbe7fe8206cfc76f46324c25418b37d0daf1ce23fc8b3219e1d89043c8e00de","src/sign.rs":"5a45658fa820ac9b5285c0987b66a58eb4f5b4373ab1aa07a73240848de098b2"},"package":"4e2fe3e862758ef5bb5d89868141ab28781d96347522b60eb6abeaf7f9acd4bc"}
\ No newline at end of file
+{"files":{},"package":"4e2fe3e862758ef5bb5d89868141ab28781d96347522b60eb6abeaf7f9acd4bc"}
diff --git a/vendor/aws-nitro-enclaves-cose/src/sign.rs b/vendor/aws-nitro-enclaves-cose/src/sign.rs
index 6426ac0..93f59ec 100644
--- a/vendor/aws-nitro-enclaves-cose/src/sign.rs
+++ b/vendor/aws-nitro-enclaves-cose/src/sign.rs
@@ -135,8 +135,10 @@ pub struct SigStructure(
#[serde(skip_serializing_if = "Option::is_none")]
Option<ByteBuf>,
/// external_aad : bstr,
+ #[serde(default)]
ByteBuf,
/// payload : bstr
+ #[serde(default)]
ByteBuf,
);

Loading