# spec file for package aziot-identity-service # # Copyright (c) Microsoft. All rights reserved. Name: aziot-identity-service Version: @version@ Release: @release@%{?dist} Summary: Azure IoT Identity Service and related services License: MIT URL: https://github.com/azure/iot-identity-service Source: aziot-identity-service-%{version}-%{release}.tar.gz Conflicts: iotedge, libiothsm-std BuildRequires: @devtoolset@gcc BuildRequires: @devtoolset@gcc-c++ BuildRequires: @llvm_toolset@clang BuildRequires: @llvm_toolset@llvm-devel BuildRequires: make BuildRequires: openssl-devel BuildRequires: pkgconfig # Required for _unitdir to be defined, as described in https://fedoraproject.org/wiki/Packaging:Systemd BuildRequires: systemd # Since we vendor tpm2-tss (VENDOR_LIBTSS=1 for all EL packages), we need to tell rpm that # we do not want it showing up in the package's Requires or Provides lists. # If it shows up in the Provides list it will force the distro tpm2-tss package to be uninstalled, # and if it's removed from the Provides list but not the Requires list it will force # the distro tpm2-tss package to be installed. # # Ideally we would want this to apply to $libdir/$name/*.so.* , but the regex is run on # the sonames rather than the full path, so we need list the library names explicitly. # # Ref: https://docs.fedoraproject.org/en-US/packaging-guidelines/AutoProvidesAndRequiresFiltering/#_private_libraries %global _privatelibs libtss2.*[.]so.* %global __provides_exclude ^(%{_privatelibs})$ %global __requires_exclude ^(%{_privatelibs})$ %description This package contains the Azure IoT device runtime, comprised of the following services: - aziot-identityd - The Azure IoT Identity Service - aziot-certd - The Azure IoT Certificates Service - aziot-keyd - The Azure IoT Keys Service - aziot-tpmd - The Azure IoT TPM Service This package also contains the following libraries: - libaziot_keys.so - The library used by the Keys Service to communicate with HSMs for key operations. - @openssl_engine_filename@ - An openssl engine that can be used to work with asymmetric keys managed by the Azure IoT Keys Service. Lastly, this package contains the aziotctl binary that is used to configure and manage the services. %package devel Summary: Development files for Azure IoT Identity Service and related services %description devel This package contains development files for the Azure IoT device runtime. %prep %setup -q %build # Nothing to do here. %install # https://docs.fedoraproject.org/en-US/packaging-guidelines/RPMMacros/#_macros_for_paths_set_and_used_by_build_systems # # Yes, docdir is different in that it includes the name of the package, whereas others like includedir and libexecdir do not # and the invocation of `install` is expected to append the package name manually. make -j \ DESTDIR=%{buildroot} \ bindir=%{_bindir} \ docdir=%{_docdir}/%{name} \ includedir=%{_includedir} \ libdir=%{_libdir} \ libexecdir=%{_libexecdir} \ localstatedir=%{_localstatedir} \ sysconfdir=%{_sysconfdir} \ unitdir=%{_unitdir} \ presetdir=%{_presetdir} \ OPENSSL_ENGINE_FILENAME=@openssl_engine_filename@ \ RELEASE=1 \ V=1 \ install-rpm %pre # For each of CS, IS, KS: create group, create user, create home directory (in case user already exists from a previous install # but the user deleted the directory manually) if ! %{_bindir}/getent group @user_aziotks@ >/dev/null; then %{_sbindir}/groupadd -r @user_aziotks@ fi if ! %{_bindir}/getent passwd @user_aziotks@ >/dev/null; then %{_sbindir}/useradd -r -g @user_aziotks@ -c 'aziot-keyd user' -s /sbin/nologin -d /var/lib/aziot/keyd @user_aziotks@ fi if ! %{_bindir}/getent group @user_aziottpm@ >/dev/null; then %{_sbindir}/groupadd -r @user_aziottpm@ fi if ! %{_bindir}/getent passwd @user_aziottpm@ >/dev/null; then %{_sbindir}/useradd -r -g @user_aziottpm@ -c 'aziot-tpmd user' -s /sbin/nologin -d /var/lib/aziot/tpmd @user_aziottpm@ fi if ! %{_bindir}/getent group @user_aziotcs@ >/dev/null; then %{_sbindir}/groupadd -r @user_aziotcs@ fi if ! %{_bindir}/getent passwd @user_aziotcs@ >/dev/null; then %{_sbindir}/useradd -r -g @user_aziotcs@ -c 'aziot-certd user' -s /sbin/nologin -d /var/lib/aziot/certd @user_aziotcs@ %{_sbindir}/usermod -aG @user_aziotks@ @user_aziotcs@ fi if ! %{_bindir}/getent group @user_aziotid@ >/dev/null; then %{_sbindir}/groupadd -r @user_aziotid@ fi if ! %{_bindir}/getent passwd @user_aziotid@ >/dev/null; then %{_sbindir}/useradd -r -g @user_aziotid@ -c 'aziot-identityd user' -s /sbin/nologin -d /var/lib/aziot/identityd @user_aziotid@ %{_sbindir}/usermod -aG @user_aziotcs@ @user_aziotid@ %{_sbindir}/usermod -aG @user_aziotks@ @user_aziotid@ %{_sbindir}/usermod -aG @user_aziottpm@ @user_aziotid@ fi %post %systemd_post aziot-certd.socket %systemd_post aziot-identityd.socket %systemd_post aziot-keyd.socket %systemd_post aziot-tpmd.socket %preun %systemd_preun aziot-certd.socket %systemd_preun aziot-identityd.socket %systemd_preun aziot-keyd.socket %systemd_preun aziot-tpmd.socket %postun %systemd_postun_with_restart aziot-certd.service %systemd_postun_with_restart aziot-identityd.service %systemd_postun_with_restart aziot-keyd.service %systemd_postun_with_restart aziot-tpmd.service %files # Binaries %{_libexecdir}/%{name}/aziotd %{_libexecdir}/%{name}/aziot-certd %{_libexecdir}/%{name}/aziot-identityd %{_libexecdir}/%{name}/aziot-keyd %{_libexecdir}/%{name}/aziot-tpmd %{_bindir}/aziotctl # libaziot-keys %{_libdir}/libaziot_keys.so # libaziot-key-openssl-engine-shared @openssl_engine_filename@ # private libraries %{_libdir}/%{name}/*.so* # Default configs and config directories %attr(400, @user_aziotcs@, @user_aziotcs@) %{_sysconfdir}/aziot/certd/config.toml.default %attr(700, @user_aziotcs@, @user_aziotcs@) %dir %{_sysconfdir}/aziot/certd/config.d %attr(400, @user_aziotid@, @user_aziotid@) %{_sysconfdir}/aziot/identityd/config.toml.default %attr(700, @user_aziotid@, @user_aziotid@) %dir %{_sysconfdir}/aziot/identityd/config.d %attr(400, @user_aziotks@, @user_aziotks@) %{_sysconfdir}/aziot/keyd/config.toml.default %attr(700, @user_aziotks@, @user_aziotks@) %dir %{_sysconfdir}/aziot/keyd/config.d %attr(400, @user_aziottpm@, @user_aziottpm@) %{_sysconfdir}/aziot/tpmd/config.toml.default %attr(700, @user_aziottpm@, @user_aziottpm@) %dir %{_sysconfdir}/aziot/tpmd/config.d %attr(600, root, root) %{_sysconfdir}/aziot/config.toml.template # Home directories %attr(-, @user_aziotcs@, @user_aziotcs@) %dir /var/lib/aziot/certd %attr(-, @user_aziotid@, @user_aziotid@) %dir /var/lib/aziot/identityd %attr(-, @user_aziotks@, @user_aziotks@) %dir /var/lib/aziot/keyd %attr(-, @user_aziottpm@, @user_aziottpm@) %dir /var/lib/aziot/tpmd # Systemd services and sockets %{_unitdir}/aziot-certd.service %{_unitdir}/aziot-certd.socket %{_unitdir}/aziot-identityd.service %{_unitdir}/aziot-identityd.socket %{_unitdir}/aziot-keyd.service %{_unitdir}/aziot-keyd.socket %{_unitdir}/aziot-tpmd.service %{_unitdir}/aziot-tpmd.socket %{_presetdir}/00-aziot.preset %doc README.md %doc THIRD-PARTY-NOTICES %license LICENSE %files devel %{_includedir}/%{name}/aziot-keys.h %license LICENSE %changelog