Skip to content

Commit

Permalink
Merge pull request fdo-rs#634 from mmartinv/fix-vendored-tarfile-crea…
Browse files Browse the repository at this point in the history
…tion

fix: vendored tarfile creation
  • Loading branch information
mergify[bot] authored Mar 13, 2024
2 parents 86b202e + e7f7d1f commit 657fefb
Show file tree
Hide file tree
Showing 6 changed files with 106 additions and 50 deletions.
55 changes: 29 additions & 26 deletions .packit.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
# https://packit.dev/docs/configuration/

specfile_path: fido-device-onboard.spec
Expand All @@ -13,33 +14,35 @@ upstream_tag_template: v{version}
copy_upstream_release_description: true

srpm_build_deps:
- cargo
- cargo

actions:
create-archive:
- bash -c "sed -i -r \"s/Source0:.+/Source0:\ fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}.tar/\" fido-device-onboard.spec"
- bash -c "sed -i \"/Source1/d\" fido-device-onboard.spec"
- bash -c "git archive --prefix=fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}/ --format=tar HEAD > fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}.tar"
- bash -c "tar -xvf fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}.tar"
- bash -c "ls -1 ./fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}.tar"
fix-spec-file:
- "cat fido-device-onboard.spec"
create-archive:
- bash -c "sed -i -r \"s/^Version:.*/Version:\ ${PACKIT_PROJECT_VERSION}/\" fido-device-onboard.spec"
- bash -c "sed -i '/Source1/d ; /^# See make-vendored-tarfile.sh in upstream repo/d ;' fido-device-onboard.spec"
- bash -c "cp ./patches/0001-Revert-chore-use-git-fork-for-aws-nitro-enclaves-cos.patch ."
- bash -c "git archive --prefix=fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}/ --format=tar HEAD > fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}.tar"
- bash -c "tar -xvf fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}.tar"
- bash -c "ls -1 ./fido-device-onboard-rs-${PACKIT_PROJECT_VERSION}.tar"
fix-spec-file:
- "cat fido-device-onboard.spec"

jobs:
- job: copr_build
trigger: pull_request
targets:
- fedora-development-aarch64
- fedora-development
- fedora-latest
- fedora-latest-aarch64
- job: copr_build
trigger: commit
branch: main
owner: "@fedora-iot" # copr repo namespace
project: fedora-iot # copr repo name so you can consume the builds
targets:
- fedora-development-aarch64
- fedora-development
- fedora-latest
- fedora-latest-aarch64
- job: copr_build
trigger: pull_request
targets:
- fedora-development-aarch64
- fedora-development
- fedora-latest
- fedora-latest-aarch64
- job: copr_build
trigger: commit
branch: main
owner: "@fedora-iot" # copr repo namespace
project: fedora-iot # copr repo name so you can consume the builds
targets:
- fedora-development-aarch64
- fedora-development
- fedora-latest
- fedora-latest-aarch64
...
16 changes: 12 additions & 4 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
include /etc/os-release

SRCDIR ?= .
COMMIT = $(shell (cd "$(SRCDIR)" && git rev-parse HEAD))

Expand Down Expand Up @@ -42,16 +44,21 @@ VENDOR_TARBALL=rpmbuild/SOURCES/fido-device-onboard-rs-$(COMMIT)-vendor-patched.

$(RPM_SPECFILE):
mkdir -p $(CURDIR)/rpmbuild/SPECS
sed "s/%{url}\/archive\/v%{version}\/%{name}-rs-%{version}.tar.gz/%{name}-rs-$(COMMIT).tar.gz/; s/%{name}-rs-%{version}-vendor-patched.tar.xz/%{name}-rs-$(COMMIT)-vendor-patched.tar.xz/; s/%autosetup -p1 -n %{name}-rs-%{version}/%autosetup -p1 -n %{name}-rs-$(COMMIT)/" fido-device-onboard.spec > $(RPM_SPECFILE)
sed -e "s/^Version:.*/Version: $(COMMIT)/;" fido-device-onboard.spec > $(RPM_SPECFILE)
if [ "$(ID)" = "fedora" ] && [ $(VARIANT_ID) != "eln" ]; then \
sed -i "/Source1/d ; /^# See make-vendored-tarfile.sh in upstream repo/d ;" $(RPM_SPECFILE); \
fi

$(RPM_TARBALL):
mkdir -p $(CURDIR)/rpmbuild/SOURCES
cp ./patches/0001-Revert-chore-use-git-fork-for-aws-nitro-enclaves-cos.patch rpmbuild/SOURCES/;
git archive --prefix=fido-device-onboard-rs-$(COMMIT)/ --format=tar.gz HEAD > $(RPM_TARBALL)
cp ./make-vendored-tarfile.sh rpmbuild/SOURCES/make-vendored-tarfile.sh

$(VENDOR_TARBALL):
./make-vendored-tarfile.sh $(COMMIT)
cp fido-device-onboard-rs-$(COMMIT)-vendor-patched.tar.xz rpmbuild/SOURCES
[ "$(ID)" = "fedora" ] && [ $(VARIANT_ID) != "eln" ] || ( \
mkdir -p $(CURDIR)/rpmbuild/SOURCES ; \
./make-vendored-tarfile.sh $(COMMIT) ; \
mv fido-device-onboard-rs-$(COMMIT)-vendor-patched.tar.xz rpmbuild/SOURCES ;)

.PHONY: srpm
srpm: $(RPM_SPECFILE) $(RPM_TARBALL) $(VENDOR_TARBALL)
Expand All @@ -61,6 +68,7 @@ srpm: $(RPM_SPECFILE) $(RPM_TARBALL) $(VENDOR_TARBALL)

.PHONY: rpm
rpm: $(RPM_SPECFILE) $(RPM_TARBALL) $(VENDOR_TARBALL)
sudo dnf builddep -y fido-device-onboard
rpmbuild -bb \
--define "_topdir $(CURDIR)/rpmbuild" \
$(RPM_SPECFILE)
Expand Down
17 changes: 10 additions & 7 deletions fido-device-onboard.spec
Original file line number Diff line number Diff line change
Expand Up @@ -28,24 +28,27 @@ BuildRequires: device-mapper-devel
BuildRequires: libpq-devel
BuildRequires: golang
BuildRequires: openssl-devel >= 3.0.1-12
BuildRequires: sqlite-devel
BuildRequires: systemd-rpm-macros
BuildRequires: tpm2-tss-devel

%description
%{summary}.

%prep
%setup -q -n %{name}-rs-%{version}

%if 0%{?rhel}
tar xf %{SOURCE1}
%autosetup -p1 -a1 -n %{name}-rs-%{version}
rm -f Cargo.lock
%if 0%{?rhel} >= 10
%cargo_prep -v vendor
%else
%cargo_prep -V 1
%endif
%else
%patch -P1 -p1
%endif

%if 0%{?fedora}
%autosetup -p1 -n %{name}-rs-%{version}
%cargo_prep
%generate_buildrequires
%cargo_generate_buildrequires -a
Expand Down Expand Up @@ -80,8 +83,9 @@ install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_owner_onb
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_rendezvous_server_postgres migrations/migrations_rendezvous_server_postgres/2023-10-03-152801_create_db/*
install -D -m 0644 -t %{buildroot}%{_docdir}/fdo/migrations/migrations_rendezvous_server_sqlite migrations/migrations_rendezvous_server_sqlite/2023-10-03-152801_create_db/*
# duplicates as needed by AIO command so link them
ln -s %{_bindir}/fdo-owner-tool %{buildroot}%{_libexecdir}/fdo/fdo-owner-tool
ln -s %{_bindir}/fdo-admin-tool %{buildroot}%{_libexecdir}/fdo/fdo-admin-tool
mkdir -p %{buildroot}%{_bindir}
ln -sr %{buildroot}%{_bindir}/fdo-owner-tool %{buildroot}%{_libexecdir}/fdo/fdo-owner-tool
ln -sr %{buildroot}%{_bindir}/fdo-admin-tool %{buildroot}%{_libexecdir}/fdo/fdo-admin-tool
# Create directories needed by the various services so we own them
mkdir -p %{buildroot}%{_sysconfdir}/fdo
mkdir -p %{buildroot}%{_sysconfdir}/fdo/keys
Expand Down Expand Up @@ -213,7 +217,6 @@ Requires: openssl-libs >= 3.0.1-12
%dir %{_sysconfdir}/fdo
%dir %{_sysconfdir}/fdo/keys
%dir %{_sysconfdir}/fdo/manufacturing-server.conf.d
%dir %{_sysconfdir}/fdo/keys
%dir %{_sysconfdir}/fdo/stores
%dir %{_sysconfdir}/fdo/stores/manufacturer_keys
%dir %{_sysconfdir}/fdo/stores/manufacturing_sessions
Expand Down
43 changes: 30 additions & 13 deletions make-vendored-tarfile.sh
Original file line number Diff line number Diff line change
@@ -1,14 +1,31 @@
#/bin/bash
#! /bin/bash

set -x
ver=$1
cargo vendor
# Various vendor cleanups
pushd vendor
# cleanup windows files
rm -rf winapi/src/*
touch winapi/src/lib.rs
rm -rf winapi-x86_64-pc-windows-gnu/lib/*
rm -rf winapi-i686-pc-windows-gnu/lib/*
rm -rf vcpkg/test-data
popd #vendor
tar cJf fido-device-onboard-rs-$ver-vendor-patched.tar.xz vendor/
VER=${1:-$(git rev-parse HEAD)}
shift
PLATFORMS=$*

[ -n "$PLATFORMS" ] || PLATFORMS=$(echo {x86_64,aarch64,powerpc64le,s390x}-unknown-linux-gnu)

for PLATFORM in $PLATFORMS; do
ARGS+="--platform ${PLATFORM} "
done

# Clean vendor dir or the filterer will refuse to do the job
rm -rf vendor

# We need v0.5.7 because of RHEL rust version
cargo install --quiet [email protected]

# Use the official crate version
git apply patches/0001-Revert-chore-use-git-fork-for-aws-nitro-enclaves-cos.patch
# Filter the vendor files for the given platforms
cargo vendor-filterer ${ARGS}
# Reapply the crate patch so cargo build keeps working
git apply -R patches/0001-Revert-chore-use-git-fork-for-aws-nitro-enclaves-cos.patch

# Patch the official crate so the build works.
git apply patches/0002-fix-aws-nitro-enclaves-cose.patch
tar cJf "fido-device-onboard-rs-${VER}-vendor-patched.tar.xz" vendor/
# Remove previous patch and leave the official crate as it was.
git apply -R patches/0002-fix-aws-nitro-enclaves-cose.patch
25 changes: 25 additions & 0 deletions patches/0002-fix-aws-nitro-enclaves-cose.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
Backport of https://github.com/awslabs/aws-nitro-enclaves-cose/pull/66

diff --git a/vendor/aws-nitro-enclaves-cose/.cargo-checksum.json b/vendor/aws-nitro-enclaves-cose/.cargo-checksum.json
index dd788a8..1035b7b 100644
--- a/vendor/aws-nitro-enclaves-cose/.cargo-checksum.json
+++ b/vendor/aws-nitro-enclaves-cose/.cargo-checksum.json
@@ -1 +1 @@
-{"files":{"CHANGELOG.md":"182c816f6cdcf13b370be9e712a0e7cf5b7c6b6612dc81c3b3d477abfca58e86","CODE_OF_CONDUCT.md":"34b6c98d5c23127ae6769e95e483e5bf6d3704ae1f0d3ae4e69d15f4ede118b6","CONTRIBUTING.md":"b050a75d5f6d2236ed40ad91dc53c4a4b30da184f9298f6f18507beae5fd7cb7","Cargo.toml":"d3ba98a34c9dcbff42da7e04d123b1687840738851e0630035e1f6e620a6fd98","LICENSE":"09e8a9bcec8067104652c168685ab0931e7868f9c8284b66f5ae6edae5f1130b","NOTICE":"d4290ed64c2edd0fce1d84e3f9dfb2881240fe534def76b8cd29ed6af683e287","README.md":"b16c142f4056384bb274fa7c9d0c2d73faf573cc2123a0bf4825970f88a67fc4","src/crypto/mod.rs":"a509e065cd0c3ed4c05484af9a7c45397ebf2a8b3f0d22578410f22484ffc33c","src/crypto/openssl_pkey.rs":"e9344a26ba101925a8e1c82960ff3d20a3df603be43132671bb15846ee96e829","src/crypto/tpm.rs":"2f8ec59523020319a4f63ca1e4bf3a4ae20c3acf8ca8ffd38e53ccd99611af3f","src/encrypt.rs":"ba89d5f221f0e4379d6f67dd946a00b183639b00bcf6918a4d3c441c4328894d","src/error.rs":"48fd4b84f9b4a7f5fc7ac52c2ce792d258c257908609270bf7751938082e19b7","src/header_map.rs":"88b3d7575ea4fd8eaaf4497a9d3c27ff43ec4da0213994aecf1ec9b5b89553c0","src/lib.rs":"8dbe7fe8206cfc76f46324c25418b37d0daf1ce23fc8b3219e1d89043c8e00de","src/sign.rs":"5a45658fa820ac9b5285c0987b66a58eb4f5b4373ab1aa07a73240848de098b2"},"package":"4e2fe3e862758ef5bb5d89868141ab28781d96347522b60eb6abeaf7f9acd4bc"}
\ No newline at end of file
+{"files":{},"package":"4e2fe3e862758ef5bb5d89868141ab28781d96347522b60eb6abeaf7f9acd4bc"}
diff --git a/vendor/aws-nitro-enclaves-cose/src/sign.rs b/vendor/aws-nitro-enclaves-cose/src/sign.rs
index 6426ac0..93f59ec 100644
--- a/vendor/aws-nitro-enclaves-cose/src/sign.rs
+++ b/vendor/aws-nitro-enclaves-cose/src/sign.rs
@@ -135,8 +135,10 @@ pub struct SigStructure(
#[serde(skip_serializing_if = "Option::is_none")]
Option<ByteBuf>,
/// external_aad : bstr,
+ #[serde(default)]
ByteBuf,
/// payload : bstr
+ #[serde(default)]
ByteBuf,
);

0 comments on commit 657fefb

Please sign in to comment.