From 75e6bff750d0888660fd6786f02d4ed6cec37b71 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 9 Apr 2024 06:17:48 -0700 Subject: [PATCH 01/22] Add spec file for rpms Signed-off-by: Kevin Fox --- examples/rpms/spire.spec | 74 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 examples/rpms/spire.spec diff --git a/examples/rpms/spire.spec b/examples/rpms/spire.spec new file mode 100644 index 0000000..a090543 --- /dev/null +++ b/examples/rpms/spire.spec @@ -0,0 +1,74 @@ +############################################################################## +# +# To you, dear reader: +# +# If you are a normal user, we recommend not reading further. Its probably not +# the file your looking for. +# +# If you are looking at using this file as a base for your own work, please +# don't. It is a horrible example. Please look elsewhere, +# +# If you are a package maintainer, please read on. We recognize this spec file +# is blasphemous, an terrible abomination, a crime against nature, and more. We +# regret needing to produce it in order to attract enough users to find you. We +# beseech thee, kind and generous package maintainer, please help us mend our +# wicked ways by joining is us and help us produce proper packaging. Your our +# only hope. +# +############################################################################## + +Summary: SPIRE components +Name: spire-common +Version: 1.9.4 +Release: 1 +Group: Applications/Internet +License: Apache-2.0 +URL: https://spiffe.io +Source0: https://github.com/spiffe/spire/releases/download/v%{version}/spire-%{version}-linux-amd64-musl.tar.gz + +%description +SPIRE Common + +%package -n spire-server +Summary: SPIRE Server +Requires: spire-common +%description -n spire-server +SPIRE Server + +%package -n spire-agent +Summary: SPIRE Agent +Requires: spire-common +%description -n spire-agent +SPIRE Agent + +%global debug_package %{nil} + +%prep + +%setup -c + +%build + +%install + +mkdir -p "%{buildroot}/bin" +cp "spire-%{version}"/bin/* "%{buildroot}/bin" +git clone https://github.com/kfox1111/spire-examples +cd spire-examples +git checkout systemd +cd examples/systemd +make install DESTDIR="%{buildroot}" + +%clean +rm -rf %{buildroot} + +%files +/usr/lib/systemd/system/*.target + +%files -n spire-server +/usr/lib/systemd/system/spire-server@.service +/bin/spire-server + +%files -n spire-agent +/usr/lib/systemd/system/spire-agent@.service +/bin/spire-agent From 4b3032267de91d6565f73d26a81adcbf327cca83 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 9 Apr 2024 06:34:51 -0700 Subject: [PATCH 02/22] More config Signed-off-by: Kevin Fox --- examples/rpms/spire.spec | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/examples/rpms/spire.spec b/examples/rpms/spire.spec index a090543..d395865 100644 --- a/examples/rpms/spire.spec +++ b/examples/rpms/spire.spec @@ -35,12 +35,35 @@ Requires: spire-common %description -n spire-server SPIRE Server +%preun -n spire-server +%if 0%{?suse_version} +%service_del_preun spire-server@\*.service spire-server.target +%endif +%if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler} +%systemd_preun spire-server@\*.service spire-server.target +%endif + +%postun -n spire-server +%systemd_postun spire-server@\*.service spire-server.target + %package -n spire-agent Summary: SPIRE Agent Requires: spire-common %description -n spire-agent SPIRE Agent +%preun -n spire-agent +%if 0%{?suse_version} +%service_del_preun spire-agent@\*.service spire-agent.target +%endif +%if 0%{?fedora} || 0%{?rhel} || 0%{?openEuler} +%systemd_preun spire-agent@\*.service spire-agent.target +%endif + +%postun -n spire-agent +%systemd_postun spire-agent@\*.service spire-agent.target + +%global _missing_build_ids_terminate_build 0 %global debug_package %{nil} %prep From 99009988545443e4d45d8ce3e1cfb0aa14be6079 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 9 Apr 2024 06:39:27 -0700 Subject: [PATCH 03/22] Add config files Signed-off-by: Kevin Fox --- examples/rpms/spire.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/examples/rpms/spire.spec b/examples/rpms/spire.spec index d395865..ffa62e6 100644 --- a/examples/rpms/spire.spec +++ b/examples/rpms/spire.spec @@ -91,7 +91,9 @@ rm -rf %{buildroot} %files -n spire-server /usr/lib/systemd/system/spire-server@.service /bin/spire-server +%config(noreplace) /etc/spire/server/main.conf %files -n spire-agent /usr/lib/systemd/system/spire-agent@.service /bin/spire-agent +%config(noreplace) /etc/spire/agent/main.conf From ccbfcfc13c898d7289a5522af44bfb234986130d Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 9 Apr 2024 06:51:25 -0700 Subject: [PATCH 04/22] Fix typo Signed-off-by: Kevin Fox --- examples/rpms/spire.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/rpms/spire.spec b/examples/rpms/spire.spec index ffa62e6..697b108 100644 --- a/examples/rpms/spire.spec +++ b/examples/rpms/spire.spec @@ -12,7 +12,7 @@ # is blasphemous, an terrible abomination, a crime against nature, and more. We # regret needing to produce it in order to attract enough users to find you. We # beseech thee, kind and generous package maintainer, please help us mend our -# wicked ways by joining is us and help us produce proper packaging. Your our +# wicked ways by joining us and help us produce proper packaging. Your our # only hope. # ############################################################################## From 401705a82443a91d71ef3830fd53265b55dc2c28 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 9 Apr 2024 06:51:58 -0700 Subject: [PATCH 05/22] Fix typo Signed-off-by: Kevin Fox --- examples/rpms/spire.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/rpms/spire.spec b/examples/rpms/spire.spec index 697b108..9b56d7b 100644 --- a/examples/rpms/spire.spec +++ b/examples/rpms/spire.spec @@ -12,7 +12,7 @@ # is blasphemous, an terrible abomination, a crime against nature, and more. We # regret needing to produce it in order to attract enough users to find you. We # beseech thee, kind and generous package maintainer, please help us mend our -# wicked ways by joining us and help us produce proper packaging. Your our +# wicked ways by joining us and help us produce proper packaging. You are our # only hope. # ############################################################################## From 879d8384d375ae8c01e1c9e2d9a5946d2cbbcad9 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 9 Apr 2024 07:03:46 -0700 Subject: [PATCH 06/22] Fix typo Signed-off-by: Kevin Fox --- examples/rpms/spire.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/rpms/spire.spec b/examples/rpms/spire.spec index 9b56d7b..7851f27 100644 --- a/examples/rpms/spire.spec +++ b/examples/rpms/spire.spec @@ -9,7 +9,7 @@ # don't. It is a horrible example. Please look elsewhere, # # If you are a package maintainer, please read on. We recognize this spec file -# is blasphemous, an terrible abomination, a crime against nature, and more. We +# is blasphemous, a terrible abomination, a crime against nature, and more. We # regret needing to produce it in order to attract enough users to find you. We # beseech thee, kind and generous package maintainer, please help us mend our # wicked ways by joining us and help us produce proper packaging. You are our From b3098e6869c234fdbc24cc3d2c83fbba54e5026b Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 9 Apr 2024 07:52:24 -0700 Subject: [PATCH 07/22] Fix typo Signed-off-by: Kevin Fox --- examples/rpms/spire.spec | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/examples/rpms/spire.spec b/examples/rpms/spire.spec index 7851f27..ae68b63 100644 --- a/examples/rpms/spire.spec +++ b/examples/rpms/spire.spec @@ -6,14 +6,14 @@ # the file your looking for. # # If you are looking at using this file as a base for your own work, please -# don't. It is a horrible example. Please look elsewhere, +# don't. It is a horrible example. Please look elsewhere. # # If you are a package maintainer, please read on. We recognize this spec file # is blasphemous, a terrible abomination, a crime against nature, and more. We -# regret needing to produce it in order to attract enough users to find you. We -# beseech thee, kind and generous package maintainer, please help us mend our -# wicked ways by joining us and help us produce proper packaging. You are our -# only hope. +# regret needing to produce it, but had to in order to attract enough users to +# find you. We beseech thee, kind and generous package maintainer, please help +# us mend our wicked ways by joining us and help us produce proper packaging. +# You are our only hope. # ############################################################################## From 4ed5c4b58f08651a2502887a989e2137f0623cbc Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Wed, 4 Dec 2024 11:37:51 -0800 Subject: [PATCH 08/22] Update examples/rpms/spire.spec Signed-off-by: Kevin Fox --- examples/rpms/spire.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/rpms/spire.spec b/examples/rpms/spire.spec index ae68b63..b71c586 100644 --- a/examples/rpms/spire.spec +++ b/examples/rpms/spire.spec @@ -76,7 +76,7 @@ SPIRE Agent mkdir -p "%{buildroot}/bin" cp "spire-%{version}"/bin/* "%{buildroot}/bin" -git clone https://github.com/kfox1111/spire-examples +git clone https://github.com/spiffe/spire-examples cd spire-examples git checkout systemd cd examples/systemd From f085049e26466932256cd5d0e62b297316959dd3 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Thu, 5 Dec 2024 11:08:24 -0800 Subject: [PATCH 09/22] Apply suggestions from code review Signed-off-by: kfox1111 --- examples/rpms/spire.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/rpms/spire.spec b/examples/rpms/spire.spec index b71c586..5328fc2 100644 --- a/examples/rpms/spire.spec +++ b/examples/rpms/spire.spec @@ -19,7 +19,7 @@ Summary: SPIRE components Name: spire-common -Version: 1.9.4 +Version: 1.11.0 Release: 1 Group: Applications/Internet License: Apache-2.0 From c157342f4b85cf51cda1135834fdff4e5434bebd Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 5 Dec 2024 11:14:36 -0800 Subject: [PATCH 10/22] Systemd examples merged already Signed-off-by: Kevin Fox --- examples/rpms/spire.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/examples/rpms/spire.spec b/examples/rpms/spire.spec index 5328fc2..00f1c49 100644 --- a/examples/rpms/spire.spec +++ b/examples/rpms/spire.spec @@ -78,7 +78,6 @@ mkdir -p "%{buildroot}/bin" cp "spire-%{version}"/bin/* "%{buildroot}/bin" git clone https://github.com/spiffe/spire-examples cd spire-examples -git checkout systemd cd examples/systemd make install DESTDIR="%{buildroot}" From da9e5b4a924a0ff8d9b13ed303c85a34979a1808 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 21 Jan 2025 08:29:09 -0800 Subject: [PATCH 11/22] Update for newer systemd units Signed-off-by: Kevin Fox --- examples/rpms/spire.spec | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/examples/rpms/spire.spec b/examples/rpms/spire.spec index 00f1c49..ca69371 100644 --- a/examples/rpms/spire.spec +++ b/examples/rpms/spire.spec @@ -19,7 +19,7 @@ Summary: SPIRE components Name: spire-common -Version: 1.11.0 +Version: 1.11.1 Release: 1 Group: Applications/Internet License: Apache-2.0 @@ -86,13 +86,14 @@ rm -rf %{buildroot} %files /usr/lib/systemd/system/*.target +%config(noreplace) /etc/spiffe/default-trust-domain.env %files -n spire-server /usr/lib/systemd/system/spire-server@.service /bin/spire-server -%config(noreplace) /etc/spire/server/main.conf +%config(noreplace) /etc/spire/server/default.conf %files -n spire-agent /usr/lib/systemd/system/spire-agent@.service /bin/spire-agent -%config(noreplace) /etc/spire/agent/main.conf +%config(noreplace) /etc/spire/agent/default.conf From 911b7198702a537d59488ee2ea828b9f8b7c4360 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 22 Jan 2025 04:54:05 -0800 Subject: [PATCH 12/22] Update things Signed-off-by: Kevin Fox --- .github/workflows/pr_build.yaml | 23 +++++++++++++++++++++++ examples/rpms/Dockerfile | 32 ++++++++++++++++++++++++++++++++ examples/rpms/spire.spec | 12 ++++++++++++ 3 files changed, 67 insertions(+) create mode 100644 examples/rpms/Dockerfile diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index 72f9461..6717130 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -26,3 +26,26 @@ jobs: # run: examples/envoy/test.sh - name: K8s examples run: examples/k8s/test-all.sh + packages: + strategy: + matrix: + os: [ubuntu-24.04] + arch: ["", "-arm"] + runs-on: ${{ matrix.os }}${{ matrix.arch }} + timeout-minutes: 30 + steps: + - name: Checkout + uses: actions/checkout@v4 + - run: | + set -xe + echo "building: {{github.ref_name}}-$(uname -i)" + docker build -t t examples/rpmsA + mkdir -p /tmp/packages + docker run -it --rm -v /tmp:/tmp t cp -a /usr/share/nginx/html/* /tmp/packages + - name: Archive artifacts + uses: actions/upload-artifact@v4 + with: + name: packages + retention-days: 7 + path: | + /tmp/packages diff --git a/examples/rpms/Dockerfile b/examples/rpms/Dockerfile new file mode 100644 index 0000000..3dbb439 --- /dev/null +++ b/examples/rpms/Dockerfile @@ -0,0 +1,32 @@ +FROM docker.io/library/almalinux:9 AS rpm-builder + +WORKDIR /tmp + +COPY spire.spec /tmp +RUN \ + dnf install -y rpmdevtools rpm-build git make && \ + spectool -g -R spire.spec && \ + rpmbuild -ba spire.spec + +RUN \ + dnf localinstall -y /root/rpmbuild/RPMS/*/*.rpm + +FROM docker.io/library/ubuntu:latest AS deb-builder + +COPY --from=rpm-builder /root/rpmbuild/RPMS /root/rpmbuild/RPMS + +RUN \ + apt-get update && \ + apt-get install -y software-properties-common && \ + add-apt-repository universe && \ + apt-get install -y alien && \ + mkdir -p /root/debbuild && \ + cd /root/debbuild && \ + alien -k -c --to-deb /root/rpmbuild/RPMS/*/*.rpm + +RUN \ + apt-get install -y /root/debbuild/*.deb + +FROM docker.io/library/nginx:latest +COPY --from=rpm-builder /root/rpmbuild/RPMS /usr/share/nginx/html/RPMS +COPY --from=deb-builder /root/debbuild /usr/share/nginx/html/DEBS diff --git a/examples/rpms/spire.spec b/examples/rpms/spire.spec index ca69371..c13582d 100644 --- a/examples/rpms/spire.spec +++ b/examples/rpms/spire.spec @@ -25,6 +25,7 @@ Group: Applications/Internet License: Apache-2.0 URL: https://spiffe.io Source0: https://github.com/spiffe/spire/releases/download/v%{version}/spire-%{version}-linux-amd64-musl.tar.gz +Source1: https://github.com/spiffe/spire/releases/download/v%{version}/spire-extras-%{version}-linux-amd64-musl.tar.gz %description SPIRE Common @@ -63,12 +64,19 @@ SPIRE Agent %postun -n spire-agent %systemd_postun spire-agent@\*.service spire-agent.target +%package -n spiffe-oidc-discovery-provider +Summary: SPIFFE OIDC Discovery Provider +Requires: spire-common +%description -n spiffe-oidc-discovery-provider +SPIFFE OIDC Discovery Provider + %global _missing_build_ids_terminate_build 0 %global debug_package %{nil} %prep %setup -c +%setup -T -D -a 1 %build @@ -76,6 +84,7 @@ SPIRE Agent mkdir -p "%{buildroot}/bin" cp "spire-%{version}"/bin/* "%{buildroot}/bin" +cp "spire-extras-%{version}"/bin/oidc-discovery-provider "%{buildroot}/bin/spiffe-oidc-discovery-provider" git clone https://github.com/spiffe/spire-examples cd spire-examples cd examples/systemd @@ -97,3 +106,6 @@ rm -rf %{buildroot} /usr/lib/systemd/system/spire-agent@.service /bin/spire-agent %config(noreplace) /etc/spire/agent/default.conf + +%files -n spiffe-oidc-discovery-provider +/bin/spiffe-oidc-discovery-provider From a348250f7bfa52aadde5a473a53a7f7b442447bb Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 22 Jan 2025 04:55:41 -0800 Subject: [PATCH 13/22] Fix typo Signed-off-by: Kevin Fox --- .github/workflows/pr_build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index 6717130..6fd14b1 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -39,7 +39,7 @@ jobs: - run: | set -xe echo "building: {{github.ref_name}}-$(uname -i)" - docker build -t t examples/rpmsA + docker build -t t examples/rpms mkdir -p /tmp/packages docker run -it --rm -v /tmp:/tmp t cp -a /usr/share/nginx/html/* /tmp/packages - name: Archive artifacts From ddcaa55720ae10de7ccb069d39761275f9ee51f0 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 22 Jan 2025 04:59:55 -0800 Subject: [PATCH 14/22] Fix typo Signed-off-by: Kevin Fox --- .github/workflows/pr_build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index 6fd14b1..17d03eb 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -41,7 +41,7 @@ jobs: echo "building: {{github.ref_name}}-$(uname -i)" docker build -t t examples/rpms mkdir -p /tmp/packages - docker run -it --rm -v /tmp:/tmp t cp -a /usr/share/nginx/html/* /tmp/packages + docker run -i --rm -v /tmp:/tmp t cp -a /usr/share/nginx/html/* /tmp/packages - name: Archive artifacts uses: actions/upload-artifact@v4 with: From 7e567c6cf3f8853138f6b0a4e2db834d7c988cbd Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 22 Jan 2025 05:25:14 -0800 Subject: [PATCH 15/22] Fix package name Signed-off-by: Kevin Fox --- .github/workflows/pr_build.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index 17d03eb..9b7dfc0 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -41,11 +41,11 @@ jobs: echo "building: {{github.ref_name}}-$(uname -i)" docker build -t t examples/rpms mkdir -p /tmp/packages - docker run -i --rm -v /tmp:/tmp t cp -a /usr/share/nginx/html/* /tmp/packages + docker run -i --rm -v /tmp:/tmp t cp -a '/usr/share/nginx/html/*' /tmp/packages - name: Archive artifacts uses: actions/upload-artifact@v4 with: - name: packages + name: packages${{ matrix.arch }} retention-days: 7 path: | /tmp/packages From a1394f8eb52ec4b1abf033e6d3fa8affb3c1ea2d Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 22 Jan 2025 05:51:32 -0800 Subject: [PATCH 16/22] Fix gathering Signed-off-by: Kevin Fox --- .github/workflows/pr_build.yaml | 3 +-- examples/rpms/Dockerfile | 8 +++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index 9b7dfc0..f8b0b82 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -40,8 +40,7 @@ jobs: set -xe echo "building: {{github.ref_name}}-$(uname -i)" docker build -t t examples/rpms - mkdir -p /tmp/packages - docker run -i --rm -v /tmp:/tmp t cp -a '/usr/share/nginx/html/*' /tmp/packages + docker run -i --rm -v /tmp:/tmp t /bin/bash -c 'cp -a /usr/share/nginx/html/packages /tmp' - name: Archive artifacts uses: actions/upload-artifact@v4 with: diff --git a/examples/rpms/Dockerfile b/examples/rpms/Dockerfile index 3dbb439..75faea8 100644 --- a/examples/rpms/Dockerfile +++ b/examples/rpms/Dockerfile @@ -22,11 +22,13 @@ RUN \ apt-get install -y alien && \ mkdir -p /root/debbuild && \ cd /root/debbuild && \ + mkdir $(dpkg --print-architecture) && \ + cd * && \ alien -k -c --to-deb /root/rpmbuild/RPMS/*/*.rpm RUN \ - apt-get install -y /root/debbuild/*.deb + apt-get install -y /root/debbuild/*/*.deb FROM docker.io/library/nginx:latest -COPY --from=rpm-builder /root/rpmbuild/RPMS /usr/share/nginx/html/RPMS -COPY --from=deb-builder /root/debbuild /usr/share/nginx/html/DEBS +COPY --from=rpm-builder /root/rpmbuild/RPMS /usr/share/nginx/html/packages/RPMS +COPY --from=deb-builder /root/debbuild /usr/share/nginx/html/packages/DEBS From a771dbc5826c522cec420994b7d00eb5ac2313d8 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 22 Jan 2025 07:43:08 -0800 Subject: [PATCH 17/22] Use right binaries for arm Signed-off-by: Kevin Fox --- examples/rpms/spire.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/examples/rpms/spire.spec b/examples/rpms/spire.spec index c13582d..910a24f 100644 --- a/examples/rpms/spire.spec +++ b/examples/rpms/spire.spec @@ -17,6 +17,8 @@ # ############################################################################## +%define ARCH %(echo %{_arch} | sed s/aarch64/arm64/ | sed s/x86_64/amd64/) + Summary: SPIRE components Name: spire-common Version: 1.11.1 @@ -24,8 +26,8 @@ Release: 1 Group: Applications/Internet License: Apache-2.0 URL: https://spiffe.io -Source0: https://github.com/spiffe/spire/releases/download/v%{version}/spire-%{version}-linux-amd64-musl.tar.gz -Source1: https://github.com/spiffe/spire/releases/download/v%{version}/spire-extras-%{version}-linux-amd64-musl.tar.gz +Source0: https://github.com/spiffe/spire/releases/download/v%{version}/spire-%{version}-linux-%{ARCH}-musl.tar.gz +Source1: https://github.com/spiffe/spire/releases/download/v%{version}/spire-extras-%{version}-linux-%{ARCH}-musl.tar.gz %description SPIRE Common From c416009365b979eada6cfdcef9f3f189b7585b1e Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 23 Jan 2025 06:41:07 -0800 Subject: [PATCH 18/22] Add spiffe-step-ssh Signed-off-by: Kevin Fox --- examples/rpms/Dockerfile | 16 +++++++-- examples/rpms/spiffe-step-ssh.spec | 56 ++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+), 3 deletions(-) create mode 100644 examples/rpms/spiffe-step-ssh.spec diff --git a/examples/rpms/Dockerfile b/examples/rpms/Dockerfile index 75faea8..2a3be52 100644 --- a/examples/rpms/Dockerfile +++ b/examples/rpms/Dockerfile @@ -1,17 +1,25 @@ +ARG STEPVER="0.28.2" + FROM docker.io/library/almalinux:9 AS rpm-builder +ARG STEPVER WORKDIR /tmp -COPY spire.spec /tmp +COPY *.spec /tmp + RUN \ dnf install -y rpmdevtools rpm-build git make && \ - spectool -g -R spire.spec && \ - rpmbuild -ba spire.spec + spectool -g -R spire.spec && \ + rpmbuild -ba spire.spec && \ + spectool -g -R spiffe-step-ssh.spec && \ + rpmbuild -ba spiffe-step-ssh.spec RUN \ + dnf localinstall -y https://github.com/smallstep/cli/releases/download/v${STEPVER}/step-cli-${STEPVER}-1.$(uname -i).rpm && \ dnf localinstall -y /root/rpmbuild/RPMS/*/*.rpm FROM docker.io/library/ubuntu:latest AS deb-builder +ARG STEPVER COPY --from=rpm-builder /root/rpmbuild/RPMS /root/rpmbuild/RPMS @@ -27,6 +35,8 @@ RUN \ alien -k -c --to-deb /root/rpmbuild/RPMS/*/*.rpm RUN \ + curl -L -o step-cli.deb https://github.com/smallstep/cli/releases/download/v${STEPVER}/step-cli_${STEPVER}-1_$(dpkg --print-architecture).deb && \ + apt-get install -y ./step-cli.deb && \ apt-get install -y /root/debbuild/*/*.deb FROM docker.io/library/nginx:latest diff --git a/examples/rpms/spiffe-step-ssh.spec b/examples/rpms/spiffe-step-ssh.spec new file mode 100644 index 0000000..0ec2b76 --- /dev/null +++ b/examples/rpms/spiffe-step-ssh.spec @@ -0,0 +1,56 @@ +############################################################################## +# +# To you, dear reader: +# +# If you are a normal user, we recommend not reading further. Its probably not +# the file your looking for. +# +# If you are looking at using this file as a base for your own work, please +# don't. It is a horrible example. Please look elsewhere. +# +# If you are a package maintainer, please read on. We recognize this spec file +# is blasphemous, a terrible abomination, a crime against nature, and more. We +# regret needing to produce it, but had to in order to attract enough users to +# find you. We beseech thee, kind and generous package maintainer, please help +# us mend our wicked ways by joining us and help us produce proper packaging. +# You are our only hope. +# +############################################################################## + +%define ARCH %(echo %{_arch} | sed s/aarch64/arm64/ | sed s/x86_64/amd64/) + +Summary: SPIFFE Step SSH +Name: spiffe-step-ssh +Version: 0.0.5 +Release: 1 +Group: Applications/Internet +License: Apache-2.0 +URL: https://spiffe.io +Source0: https://github.com/spiffe/spiffe-step-ssh/archive/refs/tags/v%{version}.tar.gz +Requires: step-cli + +%description +SPIFFE Step SSH + +%global _missing_build_ids_terminate_build 0 +%global debug_package %{nil} + +%prep + +%setup -c + +%build + +%install +cd spiffe-step-ssh-%{version} +make install DESTDIR="%{buildroot}" + +%clean +rm -rf %{buildroot} + +%files +/usr/libexec/spiffe-step-ssh/* +/usr/lib/systemd/system/sshd.service.d/10-spiffe-step-ssh.conf +/usr/lib/systemd/system/spiffe-step-ssh@.service +/usr/lib/systemd/system/spiffe-step-ssh-cleanup.service +%config(noreplace) /etc/spiffe/step-ssh From 0666bfb97599fd12dc9c4ed48ea20aade4894a15 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 23 Jan 2025 07:10:37 -0800 Subject: [PATCH 19/22] Add spire-ha-agent package Signed-off-by: Kevin Fox --- examples/rpms/Dockerfile | 4 ++- examples/rpms/spire-ha-agent.spec | 54 +++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 examples/rpms/spire-ha-agent.spec diff --git a/examples/rpms/Dockerfile b/examples/rpms/Dockerfile index 2a3be52..b95a2cd 100644 --- a/examples/rpms/Dockerfile +++ b/examples/rpms/Dockerfile @@ -12,7 +12,9 @@ RUN \ spectool -g -R spire.spec && \ rpmbuild -ba spire.spec && \ spectool -g -R spiffe-step-ssh.spec && \ - rpmbuild -ba spiffe-step-ssh.spec + rpmbuild -ba spiffe-step-ssh.spec && \ + spectool -g -R spire-ha-agent.spec && \ + rpmbuild -ba spire-ha-agent.spec RUN \ dnf localinstall -y https://github.com/smallstep/cli/releases/download/v${STEPVER}/step-cli-${STEPVER}-1.$(uname -i).rpm && \ diff --git a/examples/rpms/spire-ha-agent.spec b/examples/rpms/spire-ha-agent.spec new file mode 100644 index 0000000..cdff364 --- /dev/null +++ b/examples/rpms/spire-ha-agent.spec @@ -0,0 +1,54 @@ +############################################################################## +# +# To you, dear reader: +# +# If you are a normal user, we recommend not reading further. Its probably not +# the file your looking for. +# +# If you are looking at using this file as a base for your own work, please +# don't. It is a horrible example. Please look elsewhere. +# +# If you are a package maintainer, please read on. We recognize this spec file +# is blasphemous, a terrible abomination, a crime against nature, and more. We +# regret needing to produce it, but had to in order to attract enough users to +# find you. We beseech thee, kind and generous package maintainer, please help +# us mend our wicked ways by joining us and help us produce proper packaging. +# You are our only hope. +# +############################################################################## + +%define ARCH %(echo %{_arch} | sed s/aarch64/arm64/) + +Summary: SPIRE HA Agent +Name: spire-ha-agent +Version: 0.0.9 +Release: 1 +Group: Applications/Internet +License: Apache-2.0 +URL: https://spiffe.io +Source0: https://github.com/spiffe/spire-ha-agent/releases/download/v%{version}/spire-ha-agent_Linux_%{ARCH}.tar.gz + +%description +SPIRE HA Agent + +%global _missing_build_ids_terminate_build 0 +%global debug_package %{nil} + +%prep + +%setup -c + +%build + +%install +mkdir -p %{buildroot}/usr/bin +mkdir -p %{buildroot}/usr/lib/systemd/system +mv spire-ha-agent %{buildroot}/usr/bin +cp -a systemd/spire-ha-agent@.service %{buildroot}/usr/lib/systemd/system + +%clean +rm -rf %{buildroot} + +%files +/usr/bin/spire-ha-agent +/usr/lib/systemd/system/spire-ha-agent@.service From 8ff2df66fac51bb77cc88eb68208155c0b0c020f Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 23 Jan 2025 07:42:09 -0800 Subject: [PATCH 20/22] Test combining artifacts Signed-off-by: Kevin Fox --- .github/workflows/pr_build.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index f8b0b82..c855041 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -45,6 +45,32 @@ jobs: uses: actions/upload-artifact@v4 with: name: packages${{ matrix.arch }} + retention-days: 1 + path: | + /tmp/packages + combined-packages: + runs-on: ubuntu-24.04 + timeout-minutes: 30 + steps: + - name: Download archived artifact + uses: actions/download-artifact@v4 + with: + name: packages + path: /tmp + - name: Download archived artifact + uses: actions/download-artifact@v4 + with: + name: packages-arm + path: /tmp + - run: | + set -xe + ls /tmp + echo + ls /tmp/packages* + - name: Archive artifacts + uses: actions/upload-artifact@v4 + with: + name: all-packages retention-days: 7 path: | /tmp/packages From 262142fa834eb7c3ff1f526fd0980327a9a0175a Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 23 Jan 2025 07:44:20 -0800 Subject: [PATCH 21/22] Add dep Signed-off-by: Kevin Fox --- .github/workflows/pr_build.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index c855041..4aad3f6 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -51,6 +51,7 @@ jobs: combined-packages: runs-on: ubuntu-24.04 timeout-minutes: 30 + needs: packages steps: - name: Download archived artifact uses: actions/download-artifact@v4 From 59dd88db28530975ebdbfb1c20902c1745d19a45 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 23 Jan 2025 08:03:21 -0800 Subject: [PATCH 22/22] Fix path Signed-off-by: Kevin Fox --- .github/workflows/pr_build.yaml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index 4aad3f6..2e34b2c 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -57,17 +57,12 @@ jobs: uses: actions/download-artifact@v4 with: name: packages - path: /tmp + path: /tmp/packages - name: Download archived artifact uses: actions/download-artifact@v4 with: name: packages-arm - path: /tmp - - run: | - set -xe - ls /tmp - echo - ls /tmp/packages* + path: /tmp/packages - name: Archive artifacts uses: actions/upload-artifact@v4 with: