Merge pull request #131 from kfox1111/step-ssh-bump2

Bump spiffe-step-ssh version

examples/rpms/Dockerfile

@@ -1,7 +1,9 @@
 ARG STEPVER="0.28.2"
+ARG STEPCAVER="0.28.4"
 
 FROM docker.io/library/almalinux:9 AS rpm-builder
 ARG STEPVER
+ARG STEPCAVER
 
 WORKDIR /tmp
 
@@ -35,6 +37,10 @@ RUN --mount=type=secret,id=gpg \
   rpmbuild -ba spire-agent-nodeattestor-tpmdirect.spec && \
   spectool -g -R spire-server-attestor-tpm.spec && \
   rpmbuild -ba spire-server-attestor-tpm.spec && \
+  spectool -g -R spire-credentialcomposer-cel.spec && \
+  rpmbuild -ba spire-credentialcomposer-cel.spec && \
+  spectool -g -R aws-spiffe-workload-helper.spec && \
+  rpmbuild -ba aws-spiffe-workload-helper.spec && \
   if [ -f /run/secrets/gpg ]; then \
     gpg --import /run/secrets/gpg && \
     gpg --import rpm.pub && \
@@ -45,10 +51,12 @@ RUN --mount=type=secret,id=gpg \
 
 RUN \
   dnf localinstall -y https://github.com/smallstep/cli/releases/download/v${STEPVER}/step-cli-${STEPVER}-1.$(uname -i).rpm && \
+  dnf localinstall -y https://github.com/smallstep/certificates/releases/download/v${STEPCAVER}/step-ca-${STEPCAVER}-1.$(uname -i).rpm && \
   dnf localinstall -y /root/rpmbuild/RPMS/*/*.rpm
 
 FROM docker.io/library/ubuntu:latest AS deb-builder
 ARG STEPVER
+ARG STEPCAVER
 
 COPY --from=rpm-builder /root/rpmbuild/RPMS /root/rpmbuild/RPMS
 
@@ -65,7 +73,9 @@ RUN \
 
 RUN \
   curl -L -o step-cli.deb https://github.com/smallstep/cli/releases/download/v${STEPVER}/step-cli_${STEPVER}-1_$(dpkg --print-architecture).deb && \
+  curl -L -o step-ca.deb https://github.com/smallstep/certificates/releases/download/v${STEPCAVER}/step-ca_${STEPCAVER}-1_$(dpkg --print-architecture).deb && \
   apt-get install -y ./step-cli.deb && \
+  apt-get install -y ./step-ca.deb && \
   apt-get install -y /root/debbuild/*/*.deb
 
 FROM docker.io/library/nginx:latest

examples/rpms/Dockerfile.repos

@@ -1,10 +1,8 @@
-FROM docker.io/library/almalinux:9 AS rpm-builder
+FROM docker.io/library/almalinux:9 AS rpm-builder9
 
 WORKDIR /tmp
-
 COPY RPMS /tmp/packages/RPMS
 COPY DEBS /tmp/packages/DEBS
-
 RUN \
   dnf install -y createrepo_c && \
   mkdir -p /tmp/packages/RPMS/x86_64/el9 && \
@@ -14,7 +12,35 @@ RUN \
   cd /tmp/packages/RPMS/aarch64 && \
   createrepo -u https://spiffe.github.io/spire-examples/RPMS/aarch64 -o el9/ .
 
+FROM docker.io/library/almalinux:10 AS rpm-builder10
+WORKDIR /tmp
+COPY RPMS /tmp/packages/RPMS
+RUN \
+  dnf install -y createrepo_c && \
+  mkdir -p /tmp/packages/RPMS/x86_64/el10 && \
+  mkdir -p /tmp/packages/RPMS/aarch64/el10 && \
+  cd /tmp/packages/RPMS/x86_64 && \
+  createrepo -u https://spiffe.github.io/spire-examples/RPMS/x86_64 -o el10/ . && \
+  cd /tmp/packages/RPMS/aarch64 && \
+  createrepo -u https://spiffe.github.io/spire-examples/RPMS/aarch64 -o el10/ .
+
+FROM docker.io/library/almalinux:8 AS rpm-builder8
+WORKDIR /tmp
+COPY RPMS /tmp/packages/RPMS
+RUN \
+  dnf install -y createrepo_c && \
+  mkdir -p /tmp/packages/RPMS/x86_64/el8 && \
+  mkdir -p /tmp/packages/RPMS/aarch64/el8 && \
+  cd /tmp/packages/RPMS/x86_64 && \
+  createrepo -u https://spiffe.github.io/spire-examples/RPMS/x86_64 -o el8/ . && \
+  cd /tmp/packages/RPMS/aarch64 && \
+  createrepo -u https://spiffe.github.io/spire-examples/RPMS/aarch64 -o el8/ .
+
 FROM docker.io/library/nginx:latest
 RUN rm -rf /usr/share/nginx/html/*
-COPY --from=rpm-builder /tmp/packages/RPMS /usr/share/nginx/html/RPMS
-COPY --from=rpm-builder /tmp/packages/DEBS /usr/share/nginx/html/DEBS
+COPY --from=rpm-builder9 /tmp/packages/RPMS /usr/share/nginx/html/RPMS
+COPY --from=rpm-builder9 /tmp/packages/DEBS /usr/share/nginx/html/DEBS
+COPY --from=rpm-builder10 /tmp/packages/RPMS/x86_64/el10 /usr/share/nginx/html/RPMS/x86_64/el10
+COPY --from=rpm-builder10 /tmp/packages/RPMS/aarch64/el10 /usr/share/nginx/html/RPMS/aarch64/el10
+COPY --from=rpm-builder8 /tmp/packages/RPMS/x86_64/el8 /usr/share/nginx/html/RPMS/x86_64/el8
+COPY --from=rpm-builder8 /tmp/packages/RPMS/aarch64/el8 /usr/share/nginx/html/RPMS/aarch64/el8

examples/rpms/aws-spiffe-workload-helper.spec

@@ -0,0 +1,54 @@
+##############################################################################
+#
+# To you, dear reader:
+#
+# If you are a normal user, we recommend not reading further. Its probably not
+# the file your looking for.
+#
+# If you are looking at using this file as a base for your own work, please
+# don't. It is a horrible example. Please look elsewhere.
+#
+# If you are a package maintainer, please read on. We recognize this spec file
+# is blasphemous, a terrible abomination, a crime against nature, and more. We
+# regret needing to produce it, but had to in order to attract enough users to
+# find you. We beseech thee, kind and generous package maintainer, please help
+# us mend our wicked ways by joining us and help us produce proper packaging.
+# You are our only hope.
+#
+##############################################################################
+
+%define ARCH %(echo %{_arch} | sed s/aarch64/arm64/)
+
+Summary:    AWS SPIFFE Workload Helper
+Name:       aws-spiffe-workload-helper
+Version:    0.0.4
+Release:    1
+Group:      Applications/Internet
+License:    Apache-2.0
+URL:        https://spiffe.io
+Source0:    https://github.com/spiffe/aws-spiffe-workload-helper/releases/download/v%{version}/aws-spiffe-workload-helper_Linux_%{ARCH}.tar.gz
+
+%global __strip /bin/true
+
+%description
+AWS SPIFFE Workload Helper
+
+%global _missing_build_ids_terminate_build 0
+%global debug_package %{nil}
+
+%prep
+
+%setup -c
+
+%build
+
+%install
+mkdir -p "%{buildroot}/usr/bin"
+cp -a aws-spiffe-workload-helper %{buildroot}/usr/bin
+
+%clean
+rm -rf %{buildroot}
+
+%files
+/usr/bin/aws-spiffe-workload-helper
+

examples/rpms/spiffe-step-ssh.spec

@@ -21,8 +21,8 @@
 
 Summary:    SPIFFE Step SSH
 Name:       spiffe-step-ssh
-Version:    0.0.6
-Release:    2
+Version:    0.0.9
+Release:    1
 Group:      Applications/Internet
 License:    Apache-2.0
 URL:        https://spiffe.io
@@ -35,6 +35,13 @@ Requires:   spiffe-helper
 %description
 SPIFFE Step SSH
 
+%package -n spiffe-step-ssh-server
+Summary: SPIFFE Step SSH Server
+Requires: step-ca
+Requires: spiffe-helper
+%description -n spiffe-step-ssh-server
+SPIFFE Step SSH Server
+
 %global _missing_build_ids_terminate_build 0
 %global debug_package %{nil}
 
@@ -47,6 +54,7 @@ SPIFFE Step SSH
 %install
 cd spiffe-step-ssh-%{version}
 make install DESTDIR="%{buildroot}"
+make install-server DESTDIR="%{buildroot}"
 
 %clean
 rm -rf %{buildroot}
@@ -57,3 +65,14 @@ rm -rf %{buildroot}
 /usr/lib/systemd/system/spiffe-step-ssh@.service
 /usr/lib/systemd/system/spiffe-step-ssh-cleanup.service
 %config(noreplace) /etc/spiffe/step-ssh
+
+%files -n spiffe-step-ssh-server
+/usr/lib/systemd/system/spiffe-step-ssh-server@.service
+/usr/lib/systemd/system/spiffe-step-ssh-fetchca@.service
+/usr/libexec/spiffe/step-ssh-server/main
+/usr/libexec/spiffe/step-ssh-server/ssh_x5c.tpl
+/usr/libexec/spiffe/step-ssh-server/nginx-fetchca.conf
+/usr/libexec/spiffe/step-ssh-server/helper-fetchca.conf
+/usr/sbin/setup-spiffe-step-ssh-server
+/usr/sbin/spiffe-step-ssh-get-cert-authority
+%config(noreplace) /etc/spiffe/step-ssh-server

examples/rpms/spire-credentialcomposer-cel.spec

@@ -0,0 +1,53 @@
+##############################################################################
+#
+# To you, dear reader:
+#
+# If you are a normal user, we recommend not reading further. Its probably not
+# the file your looking for.
+#
+# If you are looking at using this file as a base for your own work, please
+# don't. It is a horrible example. Please look elsewhere.
+#
+# If you are a package maintainer, please read on. We recognize this spec file
+# is blasphemous, a terrible abomination, a crime against nature, and more. We
+# regret needing to produce it, but had to in order to attract enough users to
+# find you. We beseech thee, kind and generous package maintainer, please help
+# us mend our wicked ways by joining us and help us produce proper packaging.
+# You are our only hope.
+#
+##############################################################################
+
+%define ARCH %(echo %{_arch} | sed s/aarch64/arm64/)
+
+Summary:    SPIRE Credential Composer CEL
+Name:       spire-credentialcomposer-cel
+Version:    0.0.2
+Release:    1
+Group:      Applications/Internet
+License:    Apache-2.0
+URL:        https://spiffe.io
+Source0:    https://github.com/spiffe/spire-credentialcomposer-cel/releases/download/v%{version}/spire-credentialcomposer-cel_Linux_%{ARCH}.tar.gz
+
+%global __strip /bin/true
+
+%description
+SPIRE Credential Composer CEL
+
+%global _missing_build_ids_terminate_build 0
+%global debug_package %{nil}
+
+%prep
+
+%setup -c
+
+%build
+
+%install
+mkdir -p "%{buildroot}/usr/libexec/spire/plugins"
+cp -a spire-credentialcomposer-cel %{buildroot}/usr/libexec/spire/plugins/credentialcomposer-cel
+
+%clean
+rm -rf %{buildroot}
+
+%files
+/usr/libexec/spire/plugins/credentialcomposer-cel

examples/rpms/spire.spec

@@ -21,8 +21,8 @@
 
 Summary:    SPIRE components
 Name:       spire-common
-Version:    1.12.0
-Release:    2
+Version:    1.12.4
+Release:    1
 Group:      Applications/Internet
 License:    Apache-2.0
 URL:        https://spiffe.io