diff --git a/Rakefile b/Rakefile index 0796396..9c650df 100644 --- a/Rakefile +++ b/Rakefile @@ -7,20 +7,26 @@ module SIMP; end module SIMP::RPM; end -# Download sources, scaffold rpmbuild trees, and build RPMs from .spec files +# Download, munge, stage, and build RPMs from .spec files +# +# Features: +# - downloads sources usin `git clone` OR `curl` +# - run post-clone commands for munging or additional prep +# - scaffold rpmbuild trees +# - build tar, srpm, and rpm files # class SIMP::RPM::SpecBuilder < Rake::TaskLib CLEAN << 'dist' - if Rake.verbose + if Rake.verbose == true include FileUtils::Verbose else include FileUtils end - def initialize( yaml_config_path = nil ) - @things_to_download = YAML.load_file( yaml_config_path || get_yaml_config_path ) + def initialize( config_hash ) + @things_to_download = config_hash @dirs = {} @dirs[:dist] = File.expand_path('dist') @dirs[:rpmbuild] = File.expand_path('rpmbuild',@dirs[:dist]) @@ -33,10 +39,9 @@ class SIMP::RPM::SpecBuilder < Rake::TaskLib end # This method exists because `vagrant up` dereferences symlinks - def get_yaml_config_path - file_name = 'things_to_build.yaml' + def self.find_yaml_config_path( file_name ) _dir = File.expand_path Rake.application.find_rakefile_location.last - puts "===== Looking in '#{_dir}'..." + puts "===== Looking for yaml config file in '#{_dir}'..." if Rake.verbose == true _yaml_file = nil while _yaml_file.nil? && _dir !~ /^\/$/ _file = File.join(_dir,file_name) @@ -47,10 +52,15 @@ class SIMP::RPM::SpecBuilder < Rake::TaskLib _dir = File.dirname _dir end end - fail "ERROR: couldn't find #{file_name}" unless _yaml_file + fail "ERROR: couldn't find yaml config file '#{file_name}'" unless _yaml_file _yaml_file end + def self.load_config(file_name='things_to_build.yaml') + _file = File.file?(file_name) ? file_name : find_yaml_config_path( file_name ) + YAML.load_file( _file ) + end + # Download and untar a tarball into a new directory def dl_untar(url,dst) mkdir_p dst @@ -65,8 +75,8 @@ class SIMP::RPM::SpecBuilder < Rake::TaskLib # Downloads via git clone or URL for targz - def download( url, dir, type, tag=nil ) - url = url.gsub('%{TAG}',tag) if tag + def download( url, dir, type, version=nil, extras=nil ) + url = url.gsub('%{VERSION}',version) if version Dir.chdir File.dirname(dir) if File.directory? dir warn "WARNING: path '#{dir}' already exists; aborting download" @@ -76,7 +86,7 @@ class SIMP::RPM::SpecBuilder < Rake::TaskLib when :targz dl_untar url, dir when :gitrepo - git_clone url, tag, dir + git_clone url, version, dir else fail "ERROR: :type is not :targz or :gitrepo (#{dl_info.inspect})" end @@ -116,7 +126,7 @@ class SIMP::RPM::SpecBuilder < Rake::TaskLib dl_info = @things_to_download[info[:basename]] # download the source0 - download(dl_info[:url], dl_dir, dl_info[:type], dl_info[:tag]) + download(dl_info[:url], dl_dir, dl_info[:type], dl_info[:version]) # download extras (source1, etc) Dir.chdir dl_dir @@ -128,7 +138,8 @@ class SIMP::RPM::SpecBuilder < Rake::TaskLib end end - # All in one go because there's no time to be fancy this sprint + # All steps done in one go, because there's no time to be fancy this sprint + # TODO: break up steps def _rpm(spec,cwd) Dir.chdir cwd spec_path = File.expand_path(spec) @@ -138,11 +149,11 @@ class SIMP::RPM::SpecBuilder < Rake::TaskLib Dir.chdir File.dirname(dl_dir) tar_file = File.join(@dirs[:rpmbuild_sources], "#{info[:ver_name]}.tar.gz") puts "===================================== TAR ============================\n" * 7 - # NOTE: no --exclude-vcs; tpm2-* ./bootstrap runs get cranky without .git/ - tar_cmd='tar --owner 0 --group 0 ' \ - "-cpzf #{tar_file} #{File.basename dl_dir}" + # NOTE: We don't use ` --exclude-vcs` by default. Some build scripts + # (notably: the tpm2-* projects' ./bootstrap) get cranky without a + # .git/ directory + tar_cmd="tar --owner 0 --group 0 -cpzf #{tar_file} #{File.basename dl_dir}" sh tar_cmd - puts "------------------- cp -r #{File.join(@dirs[:extra_sources_dir],'.')} #{@dirs[:rpmbuild_sources]}" FileUtils.cp_r(File.join(@dirs[:extra_sources_dir],'.'), @dirs[:rpmbuild_sources]) Dir.chdir cwd @@ -196,7 +207,7 @@ class SIMP::RPM::SpecBuilder < Rake::TaskLib end -builder = SIMP::RPM::SpecBuilder.new +builder = SIMP::RPM::SpecBuilder.new SIMP::RPM::SpecBuilder.load_config('things_to_build.yaml') builder.define_tasks diff --git a/things_to_build.yaml b/things_to_build.yaml index a2bf6c5..3429d0c 100644 --- a/things_to_build.yaml +++ b/things_to_build.yaml @@ -1,41 +1,68 @@ ---- +# Handy substitutions: +# -------------- +# %{PROJECT_DIR} = the project directory (containing the spec file) +# %{DOWNLOAD_DIR} = the directory that Source0 is downloaded into before tarring (dist/-/) +# %{SOURCES_DIR} = directory to stage "extra" source files/archive beyond Source0 +# %{VERSION} = the value of :version +# +# Notes: +# :version +# Used to name the tarball and as the git tag +# +# TODO: Use :sources array for downloads instead of assuming DOWLOAD_DIR for Source0 and SOURCES_DIR for others +# :sources +# :type: :gitrepo +# :url: xxxxx simp-tpm2-tss: :type: :gitrepo - :build: 'yes' - :tag: 1.3.0 + :version: 1.3.0 :url: https://github.com/tpm2-software/tpm2-tss :extras: + # Fedora fixed the udev rules in a later version of tpm2-tss + # - Nothing is tagged in that repo, so we check out the commit hash :post_dl: - 'rm -rf pagure-tpm-tss;:' - git clone -- https://src.fedoraproject.org/rpms/tpm2-tss.git pagure-tpm2-tss - cd pagure-tpm2-tss && git checkout 075fc2f0d3cc476d7ecc99483c1e28c2e0855535 - cp -rv pagure-tpm2-tss/*.rules "%{SOURCES_DIR}/" + simp-tpm2-abrmd-selinux: :type: :gitrepo - :build: 'yes' - :tag: 1.2.0 + :version: 1.2.0 :url: https://github.com/tpm2-software/tpm2-abrmd :extras: - # Should probably be a PATCH if we get stuck with tpm2-abrmd 1.2.0 for long + # maintaing a separate tpm2-abrmd 1.2.0 package for long + # + # Update the SELinux policy to permit TCTI socket connections + # (required for testing with the IBM TPM 2.0 simulator) :post_dl: - rm -f '%{SOURCES_DIR}/selinux/tabrmd.te' - - cp -rv '%{PROJECT_DIR}/tabrmd.te' '%{DOWNLOAD_DIR}/selinux/' + - cp -v '%{PROJECT_DIR}/tabrmd.te' '%{DOWNLOAD_DIR}/selinux/' + simp-tpm2-abrmd: :type: :gitrepo - :build: 'yes' - :tag: 1.2.0 + :version: 1.2.0 :url: https://github.com/tpm2-software/tpm2-abrmd + simp-tpm2-tools: :type: :gitrepo - :build: 'yes' - :tag: 3.0.2 + :version: 3.0.2 :url: https://github.com/tpm2-software/tpm2-tools -# + # TPM2.0 simulator +# ---------------- +# +# * The tpm2-tools group specifically recommend AGAINST risking a hardware TPM +# for development, testing, or learning―instead, they recommend using the +# TCG's reference TPM 2.0 simulator. +# * IBM maintains a project that modifies the TCG's simulator source code +# (embedded in the TPM 2.0 specification docs) to build under Linux. +# * The tpm2-tools project uses the IBM simulator to test their code. # # Build 974: # * Is what tpm2-tools 3.0.* is tested against # * TPM specification draft revision 142, with errata to revision 138. +# # Build 1119 supports: # * Nuvoton TPM vendor-specific commands # * Support for OpenSSL 1.1.x @@ -44,10 +71,34 @@ simp-tpm2-tools: # public review, including changes to TPM2_CreateLoaded and # TPM2_EncryptDecrypt. # -# See: https://sourceforge.net/p/ibmswtpm2/wiki/Home/ +# See: +# * https://sourceforge.net/p/ibmswtpm2/wiki/Home/ (changelog) +# * https://github.com/tpm2-software/tpm2-tools/wiki/Getting-Started#tpm-dependency # simp-tpm2-simulator: :type: :targz :build: 'yes' - :tag: '1119' - :url: https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm%{TAG}.tar.gz/download + :version: '1119' + :url: https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm%{VERSION}.tar.gz/download + :extras: + :post_dl: + - cp -v '%{PROJECT_DIR}/simp-tpm2-simulator.service' '%{SOURCES_DIR}/' + +# TPM 2.0 simulator with character device support +# ----------------------------------------------- +# +# * Stephan Berger maintains a "Libtpms-based TPM emulator with socket, +# character device, and Linux CUSE interface." +# * According to a discussion with the IBM sim devs, this includes a customized +# version of the IBM TPM 2.0 simulator **with additional character device support** +# * That could allow us to automate testing against a simluated /dev/tpm0 +# +# TODO: Evaluate the TPM 2.0 character device support for automated testing +# +# See: +# * https://github.com/stefanberger/swtpm +# * https://github.com/stefanberger/swtpm/issues/4 (we've been interested in this before) +# +### simp-tpm2-swtpm +### :type: :gitrepo +### :url: https://github.com/stefanberger/swtpm.git