Bug 1771346

Summary: Review Request: attestation-hub-4.5-1 - Intel SecL Attestation Hub for Security Attribute Orchestration
Product: [Fedora] Fedora Reporter: Tim Knoll <timothy.e.knoll>
Component: Package ReviewAssignee: Nobody's working on this, feel free to take it <nobody>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rawhideCC: didiksupriadi41, mail, package-review, pbrobinson, timothy.e.knoll
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-02 00:46:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 177841, 201449    

Description Tim Knoll 2019-11-12 08:43:30 UTC 
Spec URL: https://01.org/sites/default/files/downloads//attestation-hub-1.5.1.zip
SRPM URL: https://01.org/sites/default/files/downloads//attestation-hub-1.5.1.zip
Spec and SRPM are bundled into a single zip file.

Description: This package provides the Attestation hub component of Intel Security Libraries for Datacenter.  This service facilitates integration of Intel SecL with cloud orchestrators (currently supporting OpenStack and Kubernetes), allowing cloud platforms to include security attributes based on Intel SecL in workload placement decisions.  The Intel SecL Verification Service and Trust Agent applications can provide remote attestation of a platform's boot-time integrity based on Intel hardware security features like Intel TXT and Intel Boot Guard.  The attestation results can be retrieved by the Hub and "pushed" to designated orchestrator services, requiring workloads that have Intel SecL security attribute requirements to be scheduled only on compute resources that have matching security attributes.

Fedora Account System Username: teknoll
Comment 1 Neil Horman 2019-11-18 17:42:04 UTC 
Adding FE-NEEDSPONSOR, as the submitter is not currently a packager

Submission is in incorrect format, should not be zipped into a single file, SPEC url and SRPM URL should point to those files specifically, so that fedora-review works with the BZ

Package fails to build:
[exec] main:
     [exec]     [mkdir] Created dir: /home/nhorman/rpmbuild/BUILD/contrib/features/hex2bin/target/dist
     [exec]     [mkdir] Created dir: /home/nhorman/rpmbuild/BUILD/contrib/features/hex2bin/target/dist-deps
     [exec]     [touch] Creating /home/nhorman/rpmbuild/BUILD/contrib/features/hex2bin/target/dist/builder/x
     [exec]      [exec] PREFIX=/opt/mtwilson/share/hex2bin
     [exec]      [exec] mkdir: cannot create directory '/opt/mtwilson': Permission denied
     [exec]      [exec] gcc -fstack-protector-strong -fPIE -fPIC -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -o hex2bin hex2bin.c -z noexecstack -z relro -z now -pie
     [exec]      [exec] mkdir: cannot create directory '/opt/mtwilson': Permission denied
     [exec]      [exec] mkdir: cannot create directory '/opt/mtwilson': Permission denied
     [exec]      [exec] make: *** [Makefile:13: install] Error 1
     [exec]      [exec] chmod +x hex2bin
     [exec]      [exec] mkdir -p /opt/mtwilson/share/hex2bin/bin
     [exec]      [exec] Failed to make install hex2bin
     [exec]      [exec] mkdir: cannot create directory '/opt/mtwilson': Permission denied
     [exec]      [exec] make: *** [Makefile:13: install] Error 1
     [exec] [INFO] ------------------------------------------------------------------------
     [exec] [INFO] Reactor Summary:
     [exec] [INFO] 
     [exec] [INFO] hex2bin-dist 1.0 ................................... FAILURE [  1.867 s]
     [exec] [INFO] mtwilson-maven-build-contrib-features 1.1 .......... SKIPPED
     [exec] [INFO] ------------------------------------------------------------------------
     [exec] [INFO] BUILD FAILURE
     [exec] [INFO] ------------------------------------------------------------------------
     [exec] [INFO] Total time: 1.969 s
     [exec] [INFO] Finished at: 2019-11-18T12:37:31-05:00
     [exec] [INFO] ------------------------------------------------------------------------
     [exec] [ERROR] Failed to execute goal org.apache.maven.plugins:maven-antrun-plugin:1.7:run (default-cli) on project hex2bin-dist: An Ant BuildException has occured: exec returned: 2
     [exec] [ERROR] around Ant part ...<exec failonerror="true" dir="/home/nhorman/rpmbuild/BUILD/contrib/features/hex2bin/target" executable="/bin/bash">... @ 27:122 in /home/nhorman/rpmbuild/BUILD/contrib/features/hex2bin/target/antrun/build-main.xml
     [exec] [ERROR] -> [Help 1]
     [exec] [ERROR] 
     [exec] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
     [exec] [ERROR] Re-run Maven using the -X switch to enable full debug logging.
     [exec] [ERROR] 
     [exec] [ERROR] For more information about the errors and possible solutions, please read the following articles:
     [exec] [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
     [exec] Result: 1
Comment 2 Tim Knoll 2020-01-10 21:30:02 UTC 
We have re-uploaded the source RPM and spec files to a new location:

Spec URL: https://github.com/intel-secl/attestation-hub/blob/v1.5.1/packages/attestation-hub/src/build/attestation-hub.spec
SRPM URL: https://github.com/intel-secl/attestation-hub/blob/v1.5.1/packages/attestation-hub/src/build/attestation-hub-4.5-1.el7.src.rpm

We are currently still working through the Koji build failures and will update once we have a resolution.
Comment 3 Fabian Affolter 2020-10-06 17:09:45 UTC 
The URL for the SPEC file needs to point to a raw text for fedora-review to work.
Comment 4 Package Review 2021-10-02 00:46:10 UTC 
This is an automatic action taken by review-stats script.

The ticket submitter failed to clear the NEEDINFO flag in a month.
As per https://fedoraproject.org/wiki/Policy_for_stalled_package_reviews
we consider this ticket as DEADREVIEW and proceed to close it.