From ef49d2ce6f49a7884d45277f515cccf695e3cade Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sat, 25 Jan 2025 17:33:57 -0800 Subject: [PATCH] Add more rpms for k8s related tools Signed-off-by: Kevin Fox --- examples/rpms/Dockerfile | 6 +- .../rpms/k8s-spiffe-workload-auth-config.spec | 62 +++++++++++++++++++ .../k8s-spiffe-workload-jwt-exec-auth.spec | 51 +++++++++++++++ examples/rpms/spiffe-step-ssh.spec | 2 + 4 files changed, 120 insertions(+), 1 deletion(-) create mode 100644 examples/rpms/k8s-spiffe-workload-auth-config.spec create mode 100644 examples/rpms/k8s-spiffe-workload-jwt-exec-auth.spec diff --git a/examples/rpms/Dockerfile b/examples/rpms/Dockerfile index b95a2cd..616c088 100644 --- a/examples/rpms/Dockerfile +++ b/examples/rpms/Dockerfile @@ -14,7 +14,11 @@ RUN \ spectool -g -R spiffe-step-ssh.spec && \ rpmbuild -ba spiffe-step-ssh.spec && \ spectool -g -R spire-ha-agent.spec && \ - rpmbuild -ba spire-ha-agent.spec + rpmbuild -ba spire-ha-agent.spec && \ + spectool -g -R k8s-spiffe-workload-jwt-exec-auth.spec && \ + rpmbuild -ba k8s-spiffe-workload-jwt-exec-auth.spec && \ + spectool -g -R k8s-spiffe-workload-auth-config.spec && \ + rpmbuild -ba k8s-spiffe-workload-auth-config.spec RUN \ dnf localinstall -y https://github.com/smallstep/cli/releases/download/v${STEPVER}/step-cli-${STEPVER}-1.$(uname -i).rpm && \ diff --git a/examples/rpms/k8s-spiffe-workload-auth-config.spec b/examples/rpms/k8s-spiffe-workload-auth-config.spec new file mode 100644 index 0000000..68e7871 --- /dev/null +++ b/examples/rpms/k8s-spiffe-workload-auth-config.spec @@ -0,0 +1,62 @@ +############################################################################## +# +# To you, dear reader: +# +# If you are a normal user, we recommend not reading further. Its probably not +# the file your looking for. +# +# If you are looking at using this file as a base for your own work, please +# don't. It is a horrible example. Please look elsewhere. +# +# If you are a package maintainer, please read on. We recognize this spec file +# is blasphemous, a terrible abomination, a crime against nature, and more. We +# regret needing to produce it, but had to in order to attract enough users to +# find you. We beseech thee, kind and generous package maintainer, please help +# us mend our wicked ways by joining us and help us produce proper packaging. +# You are our only hope. +# +############################################################################## + +%define ARCH %(echo %{_arch} | sed s/aarch64/arm64/) + +Summary: K8s SPIFFE Workload Auth Config +Name: k8s-spiffe-workload-auth-config +Version: 0.0.8 +Release: 1 +Group: Applications/Internet +License: Apache-2.0 +URL: https://spiffe.io +Source0: https://github.com/spiffe/k8s-spiffe-workload-auth-config/releases/download/v%{version}/k8s-spiffe-workload-auth-config_Linux_%{ARCH}.tar.gz +#FIXME This still needs upstream changes to package +#Requires: spiffe-helper + +%description +K8s SPIFFE Workload Auth Config + +%global _missing_build_ids_terminate_build 0 +%global debug_package %{nil} + +%prep + +%setup -c + +%build + +%install +mkdir -p "%{buildroot}/usr/bin" +mkdir -p "%{buildroot}/etc/spiffe" +mkdir -p "%{buildroot}/etc/kubernetes" +mkdir -p "%{buildroot}/usr/lib/systemd/system" +cp -a k8s-spiffe-workload-auth-config %{buildroot}/usr/bin +cp -a config/k8s-spiffe-workload-auth-config.env %{buildroot}/etc/spiffe +cp -a config/auth-config.yaml %{buildroot}/etc/kubernetes/ +cp -a systemd/k8s-spiffe-workload-auth-config.service %{buildroot}/usr/lib/systemd/system + +%clean +rm -rf %{buildroot} + +%files +/usr/bin/k8s-spiffe-workload-auth-config +/usr/lib/systemd/system/k8s-spiffe-workload-auth-config.service +%config(noreplace) /etc/spiffe/k8s-spiffe-workload-auth-config.env +%config(noreplace) /etc/kubernetes/auth-config.yaml diff --git a/examples/rpms/k8s-spiffe-workload-jwt-exec-auth.spec b/examples/rpms/k8s-spiffe-workload-jwt-exec-auth.spec new file mode 100644 index 0000000..fb959e8 --- /dev/null +++ b/examples/rpms/k8s-spiffe-workload-jwt-exec-auth.spec @@ -0,0 +1,51 @@ +############################################################################## +# +# To you, dear reader: +# +# If you are a normal user, we recommend not reading further. Its probably not +# the file your looking for. +# +# If you are looking at using this file as a base for your own work, please +# don't. It is a horrible example. Please look elsewhere. +# +# If you are a package maintainer, please read on. We recognize this spec file +# is blasphemous, a terrible abomination, a crime against nature, and more. We +# regret needing to produce it, but had to in order to attract enough users to +# find you. We beseech thee, kind and generous package maintainer, please help +# us mend our wicked ways by joining us and help us produce proper packaging. +# You are our only hope. +# +############################################################################## + +%define ARCH %(echo %{_arch} | sed s/aarch64/arm64/) + +Summary: K8s SPIFFE Workload JWT Exec Auth Plugin +Name: k8s-spiffe-workload-jwt-exec-auth +Version: 0.0.4 +Release: 1 +Group: Applications/Internet +License: Apache-2.0 +URL: https://spiffe.io +Source0: https://github.com/spiffe/k8s-spiffe-workload-jwt-exec-auth/releases/download/v%{version}/k8s-spiffe-workload-jwt-exec-auth_Linux_%{ARCH}.tar.gz + +%description +K8s SPIFFE Workload JWT Exec Auth Plugin + +%global _missing_build_ids_terminate_build 0 +%global debug_package %{nil} + +%prep + +%setup -c + +%build + +%install +mkdir -p "%{buildroot}/usr/bin" +cp -a k8s-spiffe-workload-jwt-exec-auth %{buildroot}/usr/bin + +%clean +rm -rf %{buildroot} + +%files +/usr/bin/k8s-spiffe-workload-jwt-exec-auth diff --git a/examples/rpms/spiffe-step-ssh.spec b/examples/rpms/spiffe-step-ssh.spec index 0ec2b76..c04a1c4 100644 --- a/examples/rpms/spiffe-step-ssh.spec +++ b/examples/rpms/spiffe-step-ssh.spec @@ -28,6 +28,8 @@ License: Apache-2.0 URL: https://spiffe.io Source0: https://github.com/spiffe/spiffe-step-ssh/archive/refs/tags/v%{version}.tar.gz Requires: step-cli +#FIXME This still needs upstream changes to package +#Requires: spiffe-helper %description SPIFFE Step SSH