Skip to content

Commit

Permalink
Updated info
Browse files Browse the repository at this point in the history
  • Loading branch information
op-ct committed Apr 20, 2018
1 parent 97ca063 commit 8ba2c2c
Show file tree
Hide file tree
Showing 2 changed files with 95 additions and 33 deletions.
47 changes: 29 additions & 18 deletions Rakefile
Original file line number Diff line number Diff line change
Expand Up @@ -7,20 +7,26 @@ module SIMP; end
module SIMP::RPM; end


# Download sources, scaffold rpmbuild trees, and build RPMs from .spec files
# Download, munge, stage, and build RPMs from .spec files
#
# Features:
# - downloads sources usin `git clone` OR `curl`
# - run post-clone commands for munging or additional prep
# - scaffold rpmbuild trees
# - build tar, srpm, and rpm files
#
class SIMP::RPM::SpecBuilder < Rake::TaskLib
CLEAN << 'dist'

if Rake.verbose
if Rake.verbose == true
include FileUtils::Verbose
else
include FileUtils
end


def initialize( yaml_config_path = nil )
@things_to_download = YAML.load_file( yaml_config_path || get_yaml_config_path )
def initialize( config_hash )
@things_to_download = config_hash
@dirs = {}
@dirs[:dist] = File.expand_path('dist')
@dirs[:rpmbuild] = File.expand_path('rpmbuild',@dirs[:dist])
Expand All @@ -33,10 +39,9 @@ class SIMP::RPM::SpecBuilder < Rake::TaskLib
end

# This method exists because `vagrant up` dereferences symlinks
def get_yaml_config_path
file_name = 'things_to_build.yaml'
def self.find_yaml_config_path( file_name )
_dir = File.expand_path Rake.application.find_rakefile_location.last
puts "===== Looking in '#{_dir}'..."
puts "===== Looking for yaml config file in '#{_dir}'..." if Rake.verbose == true
_yaml_file = nil
while _yaml_file.nil? && _dir !~ /^\/$/
_file = File.join(_dir,file_name)
Expand All @@ -47,10 +52,15 @@ class SIMP::RPM::SpecBuilder < Rake::TaskLib
_dir = File.dirname _dir
end
end
fail "ERROR: couldn't find #{file_name}" unless _yaml_file
fail "ERROR: couldn't find yaml config file '#{file_name}'" unless _yaml_file
_yaml_file
end

def self.load_config(file_name='things_to_build.yaml')
_file = File.file?(file_name) ? file_name : find_yaml_config_path( file_name )
YAML.load_file( _file )
end

# Download and untar a tarball into a new directory
def dl_untar(url,dst)
mkdir_p dst
Expand All @@ -65,8 +75,8 @@ class SIMP::RPM::SpecBuilder < Rake::TaskLib


# Downloads via git clone or URL for targz
def download( url, dir, type, tag=nil )
url = url.gsub('%{TAG}',tag) if tag
def download( url, dir, type, version=nil, extras=nil )
url = url.gsub('%{VERSION}',version) if version
Dir.chdir File.dirname(dir)
if File.directory? dir
warn "WARNING: path '#{dir}' already exists; aborting download"
Expand All @@ -76,7 +86,7 @@ class SIMP::RPM::SpecBuilder < Rake::TaskLib
when :targz
dl_untar url, dir
when :gitrepo
git_clone url, tag, dir
git_clone url, version, dir
else
fail "ERROR: :type is not :targz or :gitrepo (#{dl_info.inspect})"
end
Expand Down Expand Up @@ -116,7 +126,7 @@ class SIMP::RPM::SpecBuilder < Rake::TaskLib
dl_info = @things_to_download[info[:basename]]

# download the source0
download(dl_info[:url], dl_dir, dl_info[:type], dl_info[:tag])
download(dl_info[:url], dl_dir, dl_info[:type], dl_info[:version])

# download extras (source1, etc)
Dir.chdir dl_dir
Expand All @@ -128,7 +138,8 @@ class SIMP::RPM::SpecBuilder < Rake::TaskLib
end
end

# All in one go because there's no time to be fancy this sprint
# All steps done in one go, because there's no time to be fancy this sprint
# TODO: break up steps
def _rpm(spec,cwd)
Dir.chdir cwd
spec_path = File.expand_path(spec)
Expand All @@ -138,11 +149,11 @@ class SIMP::RPM::SpecBuilder < Rake::TaskLib
Dir.chdir File.dirname(dl_dir)
tar_file = File.join(@dirs[:rpmbuild_sources], "#{info[:ver_name]}.tar.gz")
puts "===================================== TAR ============================\n" * 7
# NOTE: no --exclude-vcs; tpm2-* ./bootstrap runs get cranky without .git/
tar_cmd='tar --owner 0 --group 0 ' \
"-cpzf #{tar_file} #{File.basename dl_dir}"
# NOTE: We don't use ` --exclude-vcs` by default. Some build scripts
# (notably: the tpm2-* projects' ./bootstrap) get cranky without a
# .git/ directory
tar_cmd="tar --owner 0 --group 0 -cpzf #{tar_file} #{File.basename dl_dir}"
sh tar_cmd
puts "------------------- cp -r #{File.join(@dirs[:extra_sources_dir],'.')} #{@dirs[:rpmbuild_sources]}"
FileUtils.cp_r(File.join(@dirs[:extra_sources_dir],'.'), @dirs[:rpmbuild_sources])

Dir.chdir cwd
Expand Down Expand Up @@ -196,7 +207,7 @@ class SIMP::RPM::SpecBuilder < Rake::TaskLib

end

builder = SIMP::RPM::SpecBuilder.new
builder = SIMP::RPM::SpecBuilder.new SIMP::RPM::SpecBuilder.load_config('things_to_build.yaml')

builder.define_tasks

81 changes: 66 additions & 15 deletions things_to_build.yaml
Original file line number Diff line number Diff line change
@@ -1,41 +1,68 @@
---
# Handy substitutions:
# --------------
# %{PROJECT_DIR} = the project directory (containing the spec file)
# %{DOWNLOAD_DIR} = the directory that Source0 is downloaded into before tarring (dist/<name>-<version>/)
# %{SOURCES_DIR} = directory to stage "extra" source files/archive beyond Source0
# %{VERSION} = the value of :version
#
# Notes:
# :version
# Used to name the tarball and as the git tag
#
# TODO: Use :sources array for downloads instead of assuming DOWLOAD_DIR for Source0 and SOURCES_DIR for others
# :sources
# :type: :gitrepo
# :url: xxxxx
simp-tpm2-tss:
:type: :gitrepo
:build: 'yes'
:tag: 1.3.0
:version: 1.3.0
:url: https://github.com/tpm2-software/tpm2-tss
:extras:
# Fedora fixed the udev rules in a later version of tpm2-tss
# - Nothing is tagged in that repo, so we check out the commit hash
:post_dl:
- 'rm -rf pagure-tpm-tss;:'
- git clone -- https://src.fedoraproject.org/rpms/tpm2-tss.git pagure-tpm2-tss
- cd pagure-tpm2-tss && git checkout 075fc2f0d3cc476d7ecc99483c1e28c2e0855535
- cp -rv pagure-tpm2-tss/*.rules "%{SOURCES_DIR}/"

simp-tpm2-abrmd-selinux:
:type: :gitrepo
:build: 'yes'
:tag: 1.2.0
:version: 1.2.0
:url: https://github.com/tpm2-software/tpm2-abrmd
:extras:
# Should probably be a PATCH if we get stuck with tpm2-abrmd 1.2.0 for long
# maintaing a separate tpm2-abrmd 1.2.0 package for long
#
# Update the SELinux policy to permit TCTI socket connections
# (required for testing with the IBM TPM 2.0 simulator)
:post_dl:
- rm -f '%{SOURCES_DIR}/selinux/tabrmd.te'
- cp -rv '%{PROJECT_DIR}/tabrmd.te' '%{DOWNLOAD_DIR}/selinux/'
- cp -v '%{PROJECT_DIR}/tabrmd.te' '%{DOWNLOAD_DIR}/selinux/'

simp-tpm2-abrmd:
:type: :gitrepo
:build: 'yes'
:tag: 1.2.0
:version: 1.2.0
:url: https://github.com/tpm2-software/tpm2-abrmd

simp-tpm2-tools:
:type: :gitrepo
:build: 'yes'
:tag: 3.0.2
:version: 3.0.2
:url: https://github.com/tpm2-software/tpm2-tools
#

# TPM2.0 simulator
# ----------------
#
# * The tpm2-tools group specifically recommend AGAINST risking a hardware TPM
# for development, testing, or learning―instead, they recommend using the
# TCG's reference TPM 2.0 simulator.
# * IBM maintains a project that modifies the TCG's simulator source code
# (embedded in the TPM 2.0 specification docs) to build under Linux.
# * The tpm2-tools project uses the IBM simulator to test their code.
#
# Build 974:
# * Is what tpm2-tools 3.0.* is tested against
# * TPM specification draft revision 142, with errata to revision 138.
#
# Build 1119 supports:
# * Nuvoton TPM vendor-specific commands
# * Support for OpenSSL 1.1.x
Expand All @@ -44,10 +71,34 @@ simp-tpm2-tools:
# public review, including changes to TPM2_CreateLoaded and
# TPM2_EncryptDecrypt.
#
# See: https://sourceforge.net/p/ibmswtpm2/wiki/Home/
# See:
# * https://sourceforge.net/p/ibmswtpm2/wiki/Home/ (changelog)
# * https://github.com/tpm2-software/tpm2-tools/wiki/Getting-Started#tpm-dependency
#
simp-tpm2-simulator:
:type: :targz
:build: 'yes'
:tag: '1119'
:url: https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm%{TAG}.tar.gz/download
:version: '1119'
:url: https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm%{VERSION}.tar.gz/download
:extras:
:post_dl:
- cp -v '%{PROJECT_DIR}/simp-tpm2-simulator.service' '%{SOURCES_DIR}/'

# TPM 2.0 simulator with character device support
# -----------------------------------------------
#
# * Stephan Berger maintains a "Libtpms-based TPM emulator with socket,
# character device, and Linux CUSE interface."
# * According to a discussion with the IBM sim devs, this includes a customized
# version of the IBM TPM 2.0 simulator **with additional character device support**
# * That could allow us to automate testing against a simluated /dev/tpm0
#
# TODO: Evaluate the TPM 2.0 character device support for automated testing
#
# See:
# * https://github.com/stefanberger/swtpm
# * https://github.com/stefanberger/swtpm/issues/4 (we've been interested in this before)
#
### simp-tpm2-swtpm
### :type: :gitrepo
### :url: https://github.com/stefanberger/swtpm.git

0 comments on commit 8ba2c2c

Please sign in to comment.