380 lines
14 KiB
RPMSpec
380 lines
14 KiB
RPMSpec
Name: secGear
|
|
Version: 0.1.0
|
|
Release: 41
|
|
Summary: secGear is an SDK to develop confidential computing apps based on hardware enclave features
|
|
|
|
|
|
Group: OS Security
|
|
License: Mulan PSL v2
|
|
URL: https://gitee.com/openeuler/secGear
|
|
Source0: https://gitee.com/openeuler/secGear/repository/archive/v%{version}.tar.gz
|
|
Source1: vendor.tar.gz
|
|
|
|
Patch0: 0001-add-README.cn.md.patch
|
|
Patch1: 0002-it-is-better-to-define-enum-from-0-rather-than-1.patch
|
|
Patch2: 0003-update-README.cn.md.patch
|
|
Patch3: 0004-update-README.cn.md.patch
|
|
Patch4: 0005-delete-unnecessary-README.cn.md.patch
|
|
Patch5: 0006-fix-issues-about-double-create-destory.patch
|
|
Patch6: 0007-to-make-secGear-log-more-clear.patch
|
|
Patch7: 0008-modify-path-error.patch
|
|
Patch8: 0009-fix-cmake-error-of-missing-CMAKE_CXX_COMPILER.patch
|
|
Patch9: 0010-fix-sgxssl-edl.patch
|
|
Patch10: 0011-update-docs-build_install.md.patch
|
|
Patch11: 0012-modify-the-prompt-information.patch
|
|
Patch12: 0013-parse-new-error-code-and-del-redundant-print.patch
|
|
Patch13: 0014-fix-error-print.patch
|
|
Patch14: 0015-set-umask-in-sign_tool.sh.patch
|
|
Patch15: 0016-1.fix-the-race-of-ecall-and-enclave-destroy.patch
|
|
Patch16: 0017-fix-wrong-spelling-and-null-pointer-dereference-issu.patch
|
|
Patch17: 0018-update-sign_tool.doc.patch
|
|
Patch18: 0019-normalized-codegen-from-arm-and-x86.patch
|
|
Patch19: 0020-rm-e-parameter-normalize-c-parameter.patch
|
|
Patch20: 0021-example-use-absolute-path-to-find-enclave.sign.so.patch
|
|
Patch21: 0022-add-example-of-using-sgxssl-lib.patch
|
|
Patch22: 0023-tls_enclave-is-not-compiled-by-default.patch
|
|
Patch23: 0024-Cmake-replace-minial-cmake-from-3.12-to-3.10.patch
|
|
Patch24: 0025-example-add-example-for-LRT-long-running-task.patch
|
|
Patch25: 0026-example-add-Dockerfile-to-build-lrt-example-image.patch
|
|
Patch26: 0027-Change-to-use-the-milestone-picture-with-English.patch
|
|
Patch27: 0028-example-use-the-sgx-device-plugin-from-intel.patch
|
|
Patch28: 0029-some-adaptations-for-trustzone.patch
|
|
Patch29: 0030-fix-sgx-two-step-mode-bug-add-dump-command.patch
|
|
Patch30: 0031-set-signtool_v3.py-path.patch
|
|
Patch31: 0032-del-size_to_aligned_size.patch
|
|
Patch32: 0033-modify-the-error-information-when-missing-c-and-m.patch
|
|
Patch33: 0034-normalize-the-log-printed-by-PrintInfo.patch
|
|
Patch34: 0035-itrustee-add-lrt-support-itrustee.patch
|
|
Patch35: 0036-enclave-use-the-can-pull-image-from-hub.oepkgs.net.patch
|
|
Patch36: 0037-add-description-about-file-parameter-path-for-sign_t.patch
|
|
Patch37: 0038-fix-use-after-free-in-cc_enclave_create.patch
|
|
Patch38: 0039-clean-memory-when-it-come-to-error_handle.patch
|
|
Patch39: 0040-fix-double-free.patch
|
|
Patch40: 0041-fix-logs-redirection-error-and-delete-rsa_public_key.patch
|
|
Patch41: 0042-destroy-rwlock-when-create-enclave-failed.patch
|
|
Patch42: 0043-fix-partial-resource-leak.patch
|
|
Patch43: 0044-fix-pointer-without-init-or-check-NULL.patch
|
|
Patch44: 0045-optimize-the-private-key-usage-of-the-single-step-si.patch
|
|
Patch45: 0046-fix-return-value.patch
|
|
Patch46: 0047-del-print-uncontrol-form-string.patch
|
|
Patch47: 0048-Delete-the-null-determination-of-out_buf-in-codegene.patch
|
|
Patch48: 0049-support-switchless-feature.patch
|
|
Patch49: 0050-switchless-schedule-policy.patch
|
|
Patch50: 0051-asynchronous-switchless.patch
|
|
Patch51: 0052-rollback-to-common-invoking-when-async-invoking-fail.patch
|
|
Patch52: 0053-asynchronous-switchless-example.patch
|
|
Patch53: 0054-fix-gen-ecall-header-error.patch
|
|
Patch54: 0055-switchless-readme-add-async-interface.patch
|
|
Patch55: 0056-destroy-enclave-release-remain-shared-memory.patch
|
|
Patch56: 0057-new-feature-secure-channel-support.patch
|
|
Patch57: 0058-refactor-cmake-SDK_PATH.patch
|
|
Patch58: 0059-adapt-itrustee_sdk-openssl-path-modification.patch
|
|
Patch59: 0060-supprot-kunpeng-remote-attestation.patch
|
|
Patch60: 0061-refactor-remote-attestation.patch
|
|
Patch61: 0062-secure-channel-support-authentication-by-remote-atte.patch
|
|
Patch62: 0063-some-code-optimize.patch
|
|
Patch63: 0064-support-local-attest.patch
|
|
Patch64: 0065-optimize-name-ree-agent-to-ra-agent.patch
|
|
Patch65: 0066-fix-error-file-name.patch
|
|
Patch66: 0067-local-attest-verify-input-hash-pointer.patch
|
|
Patch67: 0068-bugfix-when-input-empty-hash.patch
|
|
Patch68: 0069-adapt-sign-tool-to-pass-API_LEVEL.patch
|
|
Patch69: 0070-sign-tool-add-invalid-param-verify.patch
|
|
Patch70: 0071-adapt-report-with-request-key.patch
|
|
Patch71: backport-init-attestation.patch
|
|
|
|
BuildRequires: gcc python automake autoconf libtool
|
|
BUildRequires: glibc glibc-devel cmake ocaml-dune rpm gcc-c++ openssl-libs openssl-devel
|
|
%ifarch x86_64
|
|
BUildRequires: sgxsdk libsgx-launch libsgx-urts intel-sgx-ssl-devel
|
|
%else
|
|
BUildRequires: itrustee_sdk itrustee_sdk-devel
|
|
BuildRequires: rust cargo rust-packaging virtCCA_sdk-devel virtCCA_sdk kunpengsecl-attester
|
|
%endif
|
|
|
|
Requires: rsyslog openssl-libs
|
|
%ifarch x86_64
|
|
Requires: linux-sgx-driver sgxsdk libsgx-launch libsgx-urts libsgx-aesm-launch-plugin intel-sgx-ssl
|
|
%else
|
|
Requires: itrustee_sdk
|
|
%endif
|
|
|
|
%description
|
|
secGear is an SDK to develop confidential computing apps based on hardware enclave features
|
|
|
|
%package devel
|
|
Summary: Development files for %{name}
|
|
Requires: %{name}%{?isa} = %{version}-%{release} cmake
|
|
%ifarch x86_64
|
|
Requires: sgxsdk
|
|
%else
|
|
Requires: itrustee_sdk-devel
|
|
%endif
|
|
%description devel
|
|
The %{name}-devel is package contains Header file for developing applications that
|
|
us %{name}
|
|
|
|
%ifarch x86_64
|
|
%package sim
|
|
Summary: simulation package files for %{name}
|
|
Requires: %{name}%{?isa} = %{version}-%{release}
|
|
%description sim
|
|
The %{name}-sim is package contains simulation libraries for developing applications
|
|
%else
|
|
%package aa
|
|
Summary: Attestation agent for %{name}
|
|
Requires: kunpengsecl-attester
|
|
%description aa
|
|
The %{name}-aa is package contains attestation agent
|
|
|
|
%package aa-devel
|
|
Summary: Development files for %{name} attestation agent
|
|
Requires: %{name}%{?isa}-aa = %{version}-%{release}
|
|
%description aa-devel
|
|
The %{name}-aa-devel is package contains Header file for attestation agent
|
|
|
|
%define _cargo /usr/bin/env CARGO_HOME=.cargo RUSTC_BOOTSTRAP=1 /usr/bin/cargo
|
|
%endif
|
|
|
|
%prep
|
|
%autosetup -n %{name}-v%{version} -p1
|
|
%ifnarch x86_64
|
|
cd service/attestation/attestation-agent/
|
|
tar xf %{SOURCE1}
|
|
%endif
|
|
|
|
%build
|
|
source ./environment
|
|
%ifarch x86_64
|
|
source /opt/intel/sgxsdk/environment
|
|
cmake -DCMAKE_BUILD_TYPE=Debug
|
|
make
|
|
%else
|
|
cmake -DCMAKE_BUILD_TYPE=Debug -DENCLAVE=GP
|
|
make
|
|
|
|
cd service/attestation/attestation-agent/
|
|
mkdir -p .cargo
|
|
touch .cargo/config
|
|
cat << EOF >> ./.cargo/config
|
|
[source.crates-io]
|
|
replace-with = "vendored-sources"
|
|
|
|
[source.vendored-sources]
|
|
directory = "vendor"
|
|
EOF
|
|
%{_cargo} build --features no_as,all-attester,itrustee-verifier --lib --release
|
|
%endif
|
|
|
|
%install
|
|
make install DESTDIR=%{buildroot}
|
|
install -d %{buildroot}/%{_datarootdir}/licenses/secGear
|
|
install -pm 644 License/Third_Party_Open_Source_Software_Notice.md %{buildroot}/%{_datarootdir}/licenses/secGear
|
|
install -d %{buildroot}/%{_includedir}/secGear
|
|
install -d %{buildroot}/%{_bindir}
|
|
install -pm 751 bin/codegen %{buildroot}/%{_bindir}
|
|
install -pm 751 tools/sign_tool/sign_tool.sh %{buildroot}/%{_bindir}
|
|
install -pm 644 component/secure_channel/*.h %{buildroot}/%{_includedir}/secGear
|
|
install -pm 644 component/secure_channel/*.edl %{buildroot}/%{_includedir}/secGear
|
|
install -pm 644 component/secure_channel/client/*.h %{buildroot}/%{_includedir}/secGear
|
|
install -pm 644 component/secure_channel/host/*.h %{buildroot}/%{_includedir}/secGear
|
|
install -pm 644 component/secure_channel/enclave/*.h %{buildroot}/%{_includedir}/secGear
|
|
%ifarch x86_64
|
|
install -pm 644 inc/host_inc/*.h %{buildroot}/%{_includedir}/secGear
|
|
install -pm 644 inc/host_inc/sgx/*.h %{buildroot}/%{_includedir}/secGear
|
|
install -pm 644 inc/host_inc/sgx/*.edl %{buildroot}/%{_includedir}/secGear
|
|
install -pm 644 inc/enclave_inc/*.h %{buildroot}/%{_includedir}/secGear
|
|
install -pm 644 inc/enclave_inc/sgx/*.h %{buildroot}/%{_includedir}/secGear
|
|
%else
|
|
install -d %{buildroot}/%{_includedir}/secGear
|
|
install -pm 644 inc/host_inc/*.h %{buildroot}/%{_includedir}/secGear
|
|
install -pm 644 inc/host_inc/gp/*.h %{buildroot}/%{_includedir}/secGear
|
|
install -pm 644 inc/host_inc/gp/*.edl %{buildroot}/%{_includedir}/secGear
|
|
install -pm 644 inc/enclave_inc/*.h %{buildroot}/%{_includedir}/secGear
|
|
install -pm 644 inc/enclave_inc/gp/*.h %{buildroot}/%{_includedir}/secGear
|
|
install -pm 644 inc/enclave_inc/gp/itrustee/*.h %{buildroot}/%{_includedir}/secGear
|
|
install -pm 644 service/attestation/attestation-agent/rust_attestation_agent.h %{buildroot}/%{_includedir}
|
|
install -pm 644 service/attestation/attestation-agent/target/release/deps/libattestation_agent.so %{buildroot}/%{_libdir}/libattestation_agent.so
|
|
%endif
|
|
install -pm 644 component/remote_attest/ra_report/sg_ra_report.h %{buildroot}/%{_includedir}/secGear
|
|
install -pm 644 component/remote_attest/ra_verify/sg_ra_report_verify.h %{buildroot}/%{_includedir}/secGear
|
|
install -pm 644 component/remote_attest/sg_report_st.h %{buildroot}/%{_includedir}/secGear
|
|
install -pm 644 component/local_attest/sg_local_attest.h %{buildroot}/%{_includedir}/secGear
|
|
|
|
pushd %{buildroot}
|
|
rm `find . -name secgear_helloworld` -rf
|
|
rm `find . -name secgear_seal_data` -rf
|
|
rm `find . -name secgear_switchless` -rf
|
|
%ifarch aarch64
|
|
rm `find . -name libsecgearsim.so` -rf
|
|
%endif
|
|
popd
|
|
|
|
%files
|
|
%license License/LICENSE
|
|
%license License/Third_Party_Open_Source_Software_Notice.md
|
|
%defattr(-,root,root)
|
|
%{_libdir}/libsecgear_tee.a
|
|
%{_libdir}/libsecgear.so
|
|
%{_libdir}/libusecure_channel.so
|
|
%{_libdir}/libcsecure_channel.so
|
|
%{_libdir}/libtsecure_channel.a
|
|
%{_libdir}/libsecgear_verify.so
|
|
%{_libdir}/libsecgear_ra.so
|
|
%{_libdir}/libsecgear_la.a
|
|
%ifarch x86_64
|
|
%{_libdir}/libsgx_0.so
|
|
%else
|
|
%{_libdir}/libgp_0.so
|
|
%endif
|
|
%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/rsyslog.d/secgear.conf
|
|
%config(noreplace) %attr(0600,root,root) %{_sysconfdir}/logrotate.d/secgear
|
|
|
|
%files devel
|
|
%{_bindir}/*
|
|
%{_includedir}/secGear/*
|
|
|
|
%ifarch x86_64
|
|
%files sim
|
|
%defattr(-,root,root)
|
|
%license License/LICENSE
|
|
%{_libdir}/libsecgearsim.so
|
|
%{_libdir}/libsgxsim_0.so
|
|
%else
|
|
%files aa
|
|
%{_libdir}/libattestation_agent.so
|
|
|
|
%files aa-devel
|
|
%{_includedir}/rust_attestation_agent.h
|
|
%endif
|
|
|
|
%post
|
|
systemctl restart rsyslog
|
|
|
|
%changelog
|
|
* Thu Jun 13 2024 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 0.1.0-41
|
|
- Judgment of added challenge length
|
|
|
|
* Thu Jun 6 2024 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 0.1.0-40
|
|
- modify Requires
|
|
|
|
* Wed Jun 5 2024 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 0.1.0-39
|
|
- modify verifier features and cargo build command
|
|
|
|
* Tue Jun 4 2024 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 0.1.0-38
|
|
- add with_as and fix typo
|
|
|
|
* Mon Jun 3 2024 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 0.1.0-37
|
|
- fix spec error and the null pointer judgment
|
|
|
|
* Tue May 28 2024 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 0.1.0-36
|
|
- add init-attestation.patch
|
|
|
|
* Mon Sep 18 2023 wangqingsan<wangqingsan@huawei.com> - 0.1.0-35
|
|
- synchronous features
|
|
|
|
* Thu Apr 27 2023 houmingyong<houmingyong@huawei.com> - 0.1.0-34
|
|
- DESC:backport some patchs
|
|
|
|
* Tue Apr 11 2023 houmingyong<houmingyong@huawei.com> - 0.1.0-33
|
|
- DESC:new feature secure channel support
|
|
|
|
* Mon Dec 19 2022 houmingyong<houmingyong@huawei.com> - 0.1.0-32
|
|
- DESC:destroy enclave release remain shared memory
|
|
|
|
* Mon Dec 19 2022 houmingyong<houmingyong@huawei.com> - 0.1.0-31
|
|
- DESC:switchless readme add async interface
|
|
|
|
* Sat Dec 17 2022 zhangguangzhi <zhangguangzhi3@huawei.com> - 0.1.0-30
|
|
- DESC:fix gen ecall header error
|
|
|
|
* Thu Nov 17 2022 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 0.1.0-29
|
|
- DESC:replace tar.gz
|
|
|
|
* Thu Nov 10 2022 wangyu <wangyu283@huawei.com> - 0.1.0-28
|
|
- DESC: support switchless scheduling plicies and asynchronous calls
|
|
|
|
* Tue Oct 18 2022 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 0.1.0-27
|
|
- DESC: support switchless feature
|
|
|
|
* Tue Oct 18 2022 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 0.1.0-26
|
|
- DESC: backport some patches
|
|
|
|
* Thu May 19 2022 wangyu <wangyu283@huawei.com> - 0.1.0-25
|
|
- DESC: change requires for secGear
|
|
|
|
* Thu Apr 28 2022 gaoyusong<gaoyusong2@huawei.com> - 0.1.0-24
|
|
- DESC: backport some patches from openEuler
|
|
|
|
* Fri Apr 22 2022 zhengxiaoxiao<zhengxiaoxiao2@huawei.com> - 0.1.0-23
|
|
- DESC: delete %{?dist}
|
|
|
|
* Mon Mar 14 2022 gaoyusong<gaoyusong1@huawei.com> - 0.1.0-22
|
|
- DESC: fix logs redirection error and del rsa_pub.key
|
|
|
|
* Tue Jan 11 2022 houmingyong<houmingyong@huawei.com> - 0.1.0-21
|
|
- DESC: fix no secgear.log after install secGear-devel
|
|
|
|
* Mon Jul 19 2021 chenmaodong<chenmaodong@huawei.com> - 0.1.0-20
|
|
- DESC: add requires for secGear: libsgx-aesm-launch-plugin ocaml-dune
|
|
|
|
* Fri Jul 2 2021 zhangguangzhi<zhangguangzhi3@huawei.com> - 0.1.0-19
|
|
- DESC: add buildrequires openssl for x86
|
|
|
|
* Tue Jun 29 2021 zhangguangzhi<zhangguangzhi3@huawei.com> - 0.1.0-18
|
|
- DESC: add some buildrequires gcc-c++ rpm
|
|
|
|
* Fri Jun 4 2021 chenmaodong<chenmaodong@huawei.com> - 0.1.0-17
|
|
- DESC: clean enclave memory when it comes to error_handle
|
|
|
|
* Thu Jun 3 2021 chenmaodong<chenmaodong@huawei.com> - 0.1.0-16
|
|
- DESC: backport some patches from openeuler secGear
|
|
|
|
* Wed Jun 2 2021 chenmaodong<chenmaodong@huawei.com> - 0.1.0-15
|
|
- DESC: fix uaf in cc_enclave_create
|
|
|
|
* Thu May 20 2021 chenmaodong<chenmaodong@huawei.com> - 0.1.0-14
|
|
- DESC: update some bugfix form openeuler secGear
|
|
|
|
* Wed May 12 2021 yanlu<yanlu14@huawei.com> - 0.1.0-13
|
|
- DESC: update signtool and codegen
|
|
|
|
* Tue Apr 27 2021 chenmaodong<chenmaodong@huawei.com> - 0.1.0-12
|
|
- DESC: add cmake to Requires
|
|
|
|
* Tue Apr 13 2021 wanghongzhe<wanghongzhe@huawei.com> - 0.1.0-11
|
|
- DESC: add licenses and thirdparty opensource notice
|
|
|
|
* Sat Mar 20 2021 zhangguangzhi<zhangguangzhi3@huawei.com> - 0.1.0-10
|
|
- DESC: backport patch
|
|
|
|
* Fri Mar 19 2021 wanghongzhe<wanghongzhe@huawei.com> - 0.1.0-9
|
|
- DESC: fix local compile error
|
|
|
|
* Thu Mar 18 2021 gaoyusong<gaoyusong1@huawei.com> - 0.1.0-8
|
|
- DESC: backport patch
|
|
|
|
* Mon Mar 15 2021 zhangguangzhi<zhangguangzhi3@huawei.com> - 0.1.0-7
|
|
- DESC: backport patch
|
|
|
|
* Wed Mar 10 2021 chenmaodong<chenmaodong@huawei.com> - 0.1.0-6
|
|
- DESC: change requires from linux-sgx-sdk to sgxsdk
|
|
|
|
* Wed Mar 3 2021 zhangguangzhi<zhangguangzhi@huawei.com> - 0.1.0-5
|
|
- DESC: add codegen and sign_tool, modify file path and backport patch
|
|
|
|
* Mon Feb 22 2021 chenmaodong<chenmaodong@huawei.com> - 0.1.0-4
|
|
- DESC:delete unnecessary BuildRequires
|
|
|
|
* Sat Feb 20 2021 chenmaodong<chenmaodong@huawei.com> - 0.1.0-3
|
|
- DESC:fix url and source0 description error
|
|
|
|
* Sun Feb 7 2021 chenmaodong<chenmaodong@huawei.com> - 0.1.0-2
|
|
- DESC:fix secGear build error and add secGear-sim rpm package
|
|
|
|
* Wed Feb 3 2021 wanghongzhe<wanghongzhe@huawei.com> - 0.1.0-1
|
|
- DESC:init secGear.tar.gz
|
|
|
|
* Mon Jan 11 2021 wanghongzhe<wanghongzhe@huawei.com> - 1.0-1
|
|
- DESC:init secgear
|