diff --git a/virtrust/cmake/deps/gtest.cmake b/virtrust/cmake/deps/gtest.cmake index 5790bc2e48ee136863f8b1b1b2887268384f17eb..90b605dd09356a6802d06040eeb5a877dd536a9c 100644 --- a/virtrust/cmake/deps/gtest.cmake +++ b/virtrust/cmake/deps/gtest.cmake @@ -1,34 +1,60 @@ # Copyright (c) Huawei Technologies Co., Ltd. 2025-2025. All rights reserved. -ExternalProject_Add( - googletest - # use gitee first - GIT_REPOSITORY https://gitee.com/mirrors/googletest.git - GIT_TAG v1.15.2 - GIT_SHALLOW On - # alternatively, download through gitub - URL https://github.com/google/googletest/archive/refs/tags/v1.15.2.tar.gz - URL_HASH - SHA256=7b42b4d6ed48810c5362c265a17faebe90dc2373c885e5216439d37927f02926 - CMAKE_ARGS -DCMAKE_POSITION_INDEPENDENT_CODE=On # - -DCMAKE_CXX_STANDARD=17 # - -DCMAKE_C_STANDARD_REQUIRED=Yes # - -DCMAKE_INSTALL_PREFIX=${CMAKE_DEPS_PREFIX} # - -DBUILD_GMOCK=On # - PREFIX ${CMAKE_DEPS_PREFIX} - UPDATE_COMMAND "" - BUILD_BYPRODUCTS ${CMAKE_DEPS_LIBDIR}/libgtest${CMAKE_STATIC_LIBRARY_SUFFIX} - BUILD_BYPRODUCTS - ${CMAKE_DEPS_LIBDIR}/libgtest_main${CMAKE_STATIC_LIBRARY_SUFFIX} - BUILD_BYPRODUCTS ${CMAKE_DEPS_LIBDIR}/libgmock${CMAKE_STATIC_LIBRARY_SUFFIX} - BUILD_BYPRODUCTS - ${CMAKE_DEPS_LIBDIR}/libgmock_main${CMAKE_STATIC_LIBRARY_SUFFIX} - EXCLUDE_FROM_ALL true - DOWNLOAD_EXTRACT_TIMESTAMP On - LOG_DOWNLOAD On - LOG_CONFIGURE On - LOG_BUILD On - LOG_INSTALL On) +set(_gtest_src "${CMAKE_DEPS_SRCDIR}/googletest") +if(EXISTS "${_gtest_src}") + message(STATUS "Using local source for googletest: ${_gtest_src}") + ExternalProject_Add( + googletest + SOURCE_DIR ${_gtest_src} + CMAKE_ARGS -DCMAKE_POSITION_INDEPENDENT_CODE=On # + -DCMAKE_CXX_STANDARD=17 # + -DCMAKE_C_STANDARD_REQUIRED=Yes # + -DCMAKE_INSTALL_PREFIX=${CMAKE_DEPS_PREFIX} # + -DBUILD_GMOCK=On # + PREFIX ${CMAKE_DEPS_PREFIX} + DOWNLOAD_COMMAND "" + UPDATE_COMMAND "" + BUILD_BYPRODUCTS ${CMAKE_DEPS_LIBDIR}/libgtest${CMAKE_STATIC_LIBRARY_SUFFIX} + BUILD_BYPRODUCTS + ${CMAKE_DEPS_LIBDIR}/libgtest_main${CMAKE_STATIC_LIBRARY_SUFFIX} + BUILD_BYPRODUCTS ${CMAKE_DEPS_LIBDIR}/libgmock${CMAKE_STATIC_LIBRARY_SUFFIX} + BUILD_BYPRODUCTS + ${CMAKE_DEPS_LIBDIR}/libgmock_main${CMAKE_STATIC_LIBRARY_SUFFIX} + EXCLUDE_FROM_ALL true + LOG_CONFIGURE On + LOG_BUILD On + LOG_INSTALL On) +else() + ExternalProject_Add( + googletest + # use gitee first + GIT_REPOSITORY https://gitee.com/mirrors/googletest.git + GIT_TAG v1.15.2 + GIT_SHALLOW On + # alternatively, download through gitub + URL https://github.com/google/googletest/archive/refs/tags/v1.15.2.tar.gz + URL_HASH + SHA256=7b42b4d6ed48810c5362c265a17faebe90dc2373c885e5216439d37927f02926 + CMAKE_ARGS -DCMAKE_POSITION_INDEPENDENT_CODE=On # + -DCMAKE_CXX_STANDARD=17 # + -DCMAKE_C_STANDARD_REQUIRED=Yes # + -DCMAKE_INSTALL_PREFIX=${CMAKE_DEPS_PREFIX} # + -DBUILD_GMOCK=On # + PREFIX ${CMAKE_DEPS_PREFIX} + UPDATE_COMMAND "" + BUILD_BYPRODUCTS ${CMAKE_DEPS_LIBDIR}/libgtest${CMAKE_STATIC_LIBRARY_SUFFIX} + BUILD_BYPRODUCTS + ${CMAKE_DEPS_LIBDIR}/libgtest_main${CMAKE_STATIC_LIBRARY_SUFFIX} + BUILD_BYPRODUCTS ${CMAKE_DEPS_LIBDIR}/libgmock${CMAKE_STATIC_LIBRARY_SUFFIX} + BUILD_BYPRODUCTS + ${CMAKE_DEPS_LIBDIR}/libgmock_main${CMAKE_STATIC_LIBRARY_SUFFIX} + EXCLUDE_FROM_ALL true + DOWNLOAD_EXTRACT_TIMESTAMP On + LOG_DOWNLOAD On + LOG_CONFIGURE On + LOG_BUILD On + LOG_INSTALL On) +endif() import_static_lib_from(libgtest googletest) import_static_lib_from(libgtest_main googletest) diff --git a/virtrust/cmake/deps/libboundscheck.cmake b/virtrust/cmake/deps/libboundscheck.cmake index db52a004988051a26394df8d016b6000380fa8c1..f98685309ed7069ff52eba407b3c8a9422cafbd8 100644 --- a/virtrust/cmake/deps/libboundscheck.cmake +++ b/virtrust/cmake/deps/libboundscheck.cmake @@ -1,24 +1,46 @@ # Copyright (c) Huawei Technologies Co., Ltd. 2025-2025. All rights reserved. -ExternalProject_Add( - libboundscheck-src - GIT_REPOSITORY https://gitee.com/openeuler/libboundscheck - GIT_TAG master - GIT_SHALLOW On - PREFIX ${CMAKE_DEPS_PREFIX} - CONFIGURE_COMMAND "" - BUILD_COMMAND ${CMAKE_MAKE_PROGRAM} - UPDATE_COMMAND "" - INSTALL_COMMAND cp include/securec.h ${CMAKE_DEPS_INCLUDEDIR} - COMMAND cp include/securectype.h ${CMAKE_DEPS_INCLUDEDIR} - COMMAND cp lib/libboundscheck${CMAKE_SHARED_LIBRARY_SUFFIX} - ${CMAKE_DEPS_LIBDIR} - BUILD_IN_SOURCE On - EXCLUDE_FROM_ALL true - LOG_DOWNLOAD On - LOG_CONFIGURE On - LOG_BUILD On - LOG_INSTALL On) +set(_libboundscheck_src "${CMAKE_DEPS_SRCDIR}/libboundscheck-src") +if(EXISTS "${_libboundscheck_src}") + message(STATUS "Using local source for libboundscheck: ${_libboundscheck_src}") + ExternalProject_Add( + libboundscheck-src + PREFIX ${CMAKE_DEPS_PREFIX} + SOURCE_DIR ${_libboundscheck_src} + CONFIGURE_COMMAND "" + BUILD_COMMAND ${CMAKE_MAKE_PROGRAM} + DOWNLOAD_COMMAND "" + UPDATE_COMMAND "" + INSTALL_COMMAND cp include/securec.h ${CMAKE_DEPS_INCLUDEDIR} + COMMAND cp include/securectype.h ${CMAKE_DEPS_INCLUDEDIR} + COMMAND cp lib/libboundscheck${CMAKE_SHARED_LIBRARY_SUFFIX} + ${CMAKE_DEPS_LIBDIR} + BUILD_IN_SOURCE On + EXCLUDE_FROM_ALL true + LOG_CONFIGURE On + LOG_BUILD On + LOG_INSTALL On) +else() + ExternalProject_Add( + libboundscheck-src + GIT_REPOSITORY https://gitee.com/openeuler/libboundscheck + GIT_TAG master + GIT_SHALLOW On + PREFIX ${CMAKE_DEPS_PREFIX} + CONFIGURE_COMMAND "" + BUILD_COMMAND ${CMAKE_MAKE_PROGRAM} + UPDATE_COMMAND "" + INSTALL_COMMAND cp include/securec.h ${CMAKE_DEPS_INCLUDEDIR} + COMMAND cp include/securectype.h ${CMAKE_DEPS_INCLUDEDIR} + COMMAND cp lib/libboundscheck${CMAKE_SHARED_LIBRARY_SUFFIX} + ${CMAKE_DEPS_LIBDIR} + BUILD_IN_SOURCE On + EXCLUDE_FROM_ALL true + LOG_DOWNLOAD On + LOG_CONFIGURE On + LOG_BUILD On + LOG_INSTALL On) +endif() add_library(libboundscheck-itf INTERFACE) target_link_directories(libboundscheck-itf INTERFACE ${CMAKE_DEPS_LIBDIR}) diff --git a/virtrust/cmake/deps/openssl.cmake b/virtrust/cmake/deps/openssl.cmake index 03b385a801d7814fb93c7a75445ab3a63d6ca931..a1dd28512d73f182ab38cdbc566c0b0558af0c02 100644 --- a/virtrust/cmake/deps/openssl.cmake +++ b/virtrust/cmake/deps/openssl.cmake @@ -1,32 +1,56 @@ # Copyright (c) Huawei Technologies Co., Ltd. 2025-2025. All rights reserved. -ExternalProject_Add( - openssl - PREFIX ${CMAKE_DEPS_PREFIX} - # use gitee first - GIT_REPOSITORY https://gitee.com/mirrors/openssl.git - GIT_TAG openssl-3.3.2 - GIT_SHALLOW On - # alternatively, download through gitub - URL https://github.com/openssl/openssl/archive/refs/tags/openssl-3.3.2.tar.gz - URL_HASH - SHA256=bedbb16955555f99b1a7b1ba90fc97879eb41025081be359ecd6a9fcbdf1c8d2 - CONFIGURE_COMMAND - ./Configure no-legacy no-weak-ssl-ciphers no-tests no-shared no-ui-console - no-docs no-apps --banner=Finished --release --libdir=${CMAKE_INSTALL_LIBDIR} - --prefix=${CMAKE_DEPS_PREFIX} -w - BUILD_COMMAND make build_sw - UPDATE_COMMAND "" - INSTALL_COMMAND make install_sw - BUILD_IN_SOURCE On - DOWNLOAD_EXTRACT_TIMESTAMP On - BUILD_BYPRODUCTS ${CMAKE_DEPS_LIBDIR}/libcrypto${CMAKE_STATIC_LIBRARY_SUFFIX} - BUILD_BYPRODUCTS ${CMAKE_DEPS_LIBDIR}/libssl${CMAKE_STATIC_LIBRARY_SUFFIX} - EXCLUDE_FROM_ALL true - LOG_DOWNLOAD On - LOG_CONFIGURE On - LOG_BUILD On - LOG_INSTALL On) +set(_openssl_src "${CMAKE_DEPS_SRCDIR}/openssl") +if(EXISTS "${_openssl_src}") + message(STATUS "Using local source for openssl: ${_openssl_src}") + ExternalProject_Add( + openssl + PREFIX ${CMAKE_DEPS_PREFIX} + SOURCE_DIR ${_openssl_src} + CONFIGURE_COMMAND + ./Configure no-legacy no-weak-ssl-ciphers no-tests no-shared no-ui-console + no-docs no-apps --banner=Finished --release --libdir=${CMAKE_INSTALL_LIBDIR} + --prefix=${CMAKE_DEPS_PREFIX} -w + BUILD_COMMAND make build_sw + DOWNLOAD_COMMAND "" + UPDATE_COMMAND "" + INSTALL_COMMAND make install_sw + BUILD_IN_SOURCE On + BUILD_BYPRODUCTS ${CMAKE_DEPS_LIBDIR}/libcrypto${CMAKE_STATIC_LIBRARY_SUFFIX} + BUILD_BYPRODUCTS ${CMAKE_DEPS_LIBDIR}/libssl${CMAKE_STATIC_LIBRARY_SUFFIX} + EXCLUDE_FROM_ALL true + LOG_CONFIGURE On + LOG_BUILD On + LOG_INSTALL On) +else() + ExternalProject_Add( + openssl + PREFIX ${CMAKE_DEPS_PREFIX} + # use gitee first + GIT_REPOSITORY https://gitee.com/mirrors/openssl.git + GIT_TAG openssl-3.3.2 + GIT_SHALLOW On + # alternatively, download through gitub + URL https://github.com/openssl/openssl/archive/refs/tags/openssl-3.3.2.tar.gz + URL_HASH + SHA256=bedbb16955555f99b1a7b1ba90fc97879eb41025081be359ecd6a9fcbdf1c8d2 + CONFIGURE_COMMAND + ./Configure no-legacy no-weak-ssl-ciphers no-tests no-shared no-ui-console + no-docs no-apps --banner=Finished --release --libdir=${CMAKE_INSTALL_LIBDIR} + --prefix=${CMAKE_DEPS_PREFIX} -w + BUILD_COMMAND make build_sw + UPDATE_COMMAND "" + INSTALL_COMMAND make install_sw + BUILD_IN_SOURCE On + DOWNLOAD_EXTRACT_TIMESTAMP On + BUILD_BYPRODUCTS ${CMAKE_DEPS_LIBDIR}/libcrypto${CMAKE_STATIC_LIBRARY_SUFFIX} + BUILD_BYPRODUCTS ${CMAKE_DEPS_LIBDIR}/libssl${CMAKE_STATIC_LIBRARY_SUFFIX} + EXCLUDE_FROM_ALL true + LOG_DOWNLOAD On + LOG_CONFIGURE On + LOG_BUILD On + LOG_INSTALL On) +endif() import_static_lib_from(libcrypto openssl) import_static_lib_from(libssl openssl) diff --git a/virtrust/cmake/deps/rapidjson.cmake b/virtrust/cmake/deps/rapidjson.cmake index 4784bc74e6d111edf95b23703ae4bace987bdfa2..2f911cbee859024c9e3f56ee4eb0c7901e782d22 100644 --- a/virtrust/cmake/deps/rapidjson.cmake +++ b/virtrust/cmake/deps/rapidjson.cmake @@ -6,33 +6,56 @@ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-class-memaccess") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-implicit-fallthrough") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-template-body") -ExternalProject_Add( - rapidjson - # use gitee first - GIT_REPOSITORY https://gitee.com/Tencent/RapidJSON.git - GIT_TAG v1.1.0 - GIT_SHALLOW On - GIT_SUBMODULES "" # HACK no update of submodules, see CMP0097 policy - # alternatively, download through gitub - URL https://github.com/Tencent/rapidjson/archive/refs/tags/v1.1.0.tar.gz - URL_HASH - SHA256=bf7ced29704a1e696fbccf2a2b4ea068e7774fa37f6d7dd4039d0787f8bed98e - CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${CMAKE_DEPS_PREFIX} - -DCMAKE_CXX_FLAGS=${CMAKE_CXX_FLAGS} - -DCMAKE_SKIP_RPATH=TRUE - -DCMAKE_BUILD_TYPE=Release - -DRAPIDJSON_BUILD_TESTS=OFF - -DRAPIDJSON_BUILD_DOC=OFF - -DRAPIDJSON_BUILD_EXAMPLES=OFF - -DRAPIDJSON_BUILD_THIRDPARTY_GTEST=OFF - PREFIX ${CMAKE_DEPS_PREFIX} - UPDATE_COMMAND "" - EXCLUDE_FROM_ALL true - DOWNLOAD_EXTRACT_TIMESTAMP On - LOG_DOWNLOAD On - LOG_CONFIGURE On - LOG_BUILD On - LOG_INSTALL On) +set(_rapidjson_src "${CMAKE_DEPS_SRCDIR}/rapidjson") +if(EXISTS "${_rapidjson_src}") + message(STATUS "Using local source for rapidjson: ${_rapidjson_src}") + ExternalProject_Add( + rapidjson + SOURCE_DIR ${_rapidjson_src} + CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${CMAKE_DEPS_PREFIX} + -DCMAKE_CXX_FLAGS=${CMAKE_CXX_FLAGS} + -DCMAKE_SKIP_RPATH=TRUE + -DCMAKE_BUILD_TYPE=Release + -DRAPIDJSON_BUILD_TESTS=OFF + -DRAPIDJSON_BUILD_DOC=OFF + -DRAPIDJSON_BUILD_EXAMPLES=OFF + -DRAPIDJSON_BUILD_THIRDPARTY_GTEST=OFF + PREFIX ${CMAKE_DEPS_PREFIX} + DOWNLOAD_COMMAND "" + UPDATE_COMMAND "" + EXCLUDE_FROM_ALL true + LOG_CONFIGURE On + LOG_BUILD On + LOG_INSTALL On) +else() + ExternalProject_Add( + rapidjson + # use gitee first + GIT_REPOSITORY https://gitee.com/Tencent/RapidJSON.git + GIT_TAG v1.1.0 + GIT_SHALLOW On + GIT_SUBMODULES "" # HACK no update of submodules, see CMP0097 policy + # alternatively, download through gitub + URL https://github.com/Tencent/rapidjson/archive/refs/tags/v1.1.0.tar.gz + URL_HASH + SHA256=bf7ced29704a1e696fbccf2a2b4ea068e7774fa37f6d7dd4039d0787f8bed98e + CMAKE_ARGS -DCMAKE_INSTALL_PREFIX=${CMAKE_DEPS_PREFIX} + -DCMAKE_CXX_FLAGS=${CMAKE_CXX_FLAGS} + -DCMAKE_SKIP_RPATH=TRUE + -DCMAKE_BUILD_TYPE=Release + -DRAPIDJSON_BUILD_TESTS=OFF + -DRAPIDJSON_BUILD_DOC=OFF + -DRAPIDJSON_BUILD_EXAMPLES=OFF + -DRAPIDJSON_BUILD_THIRDPARTY_GTEST=OFF + PREFIX ${CMAKE_DEPS_PREFIX} + UPDATE_COMMAND "" + EXCLUDE_FROM_ALL true + DOWNLOAD_EXTRACT_TIMESTAMP On + LOG_DOWNLOAD On + LOG_CONFIGURE On + LOG_BUILD On + LOG_INSTALL On) +endif() # NOTE rapidjson is a header-only lib add_library(librapidjson INTERFACE) diff --git a/virtrust/cmake/deps/spdlog.cmake b/virtrust/cmake/deps/spdlog.cmake index 04b652238f3b7a212bf28f24b82ad8bba9e6ecd7..0f0c3eae1a83be61d0c1e83a33d67c0a66a4348d 100644 --- a/virtrust/cmake/deps/spdlog.cmake +++ b/virtrust/cmake/deps/spdlog.cmake @@ -3,28 +3,47 @@ # HACK spdlog installs in lib64 file(MAKE_DIRECTORY ${CMAKE_DEPS_PREFIX}/lib64) -ExternalProject_Add( - spdlog - # use gitee first - GIT_REPOSITORY https://gitee.com/mirrors_trending/spdlog.git - GIT_TAG v1.14.1 - GIT_SHALLOW On - # alternatively, download through gitub - URL https://github.com/gabime/spdlog/archive/refs/tags/v1.14.1.tar.gz - URL_HASH - SHA256=1586508029a7d0670dfcb2d97575dcdc242d3868a259742b69f100801ab4e16b - CMAKE_ARGS -DCMAKE_POSITION_INDEPENDENT_CODE=On - -DCMAKE_INSTALL_PREFIX=${CMAKE_DEPS_PREFIX} - -DSPDLOG_BUILD_EXAMPLE=OFF - PREFIX ${CMAKE_DEPS_PREFIX} - UPDATE_COMMAND "" - EXCLUDE_FROM_ALL true - DOWNLOAD_EXTRACT_TIMESTAMP On - BUILD_BYPRODUCTS ${CMAKE_DEPS_LIBDIR}/libspdlog${CMAKE_STATIC_LIBRARY_SUFFIX} - LOG_DOWNLOAD On - LOG_CONFIGURE On - LOG_BUILD On - LOG_INSTALL On) +set(_spdlog_src "${CMAKE_DEPS_SRCDIR}/spdlog") +if(EXISTS "${_spdlog_src}") + message(STATUS "Using local source for spdlog: ${_spdlog_src}") + ExternalProject_Add( + spdlog + SOURCE_DIR ${_spdlog_src} + CMAKE_ARGS -DCMAKE_POSITION_INDEPENDENT_CODE=On + -DCMAKE_INSTALL_PREFIX=${CMAKE_DEPS_PREFIX} + -DSPDLOG_BUILD_EXAMPLE=OFF + PREFIX ${CMAKE_DEPS_PREFIX} + DOWNLOAD_COMMAND "" + UPDATE_COMMAND "" + EXCLUDE_FROM_ALL true + BUILD_BYPRODUCTS ${CMAKE_DEPS_LIBDIR}/libspdlog${CMAKE_STATIC_LIBRARY_SUFFIX} + LOG_CONFIGURE On + LOG_BUILD On + LOG_INSTALL On) +else() + ExternalProject_Add( + spdlog + # use gitee first + GIT_REPOSITORY https://gitee.com/mirrors_trending/spdlog.git + GIT_TAG v1.14.1 + GIT_SHALLOW On + # alternatively, download through gitub + URL https://github.com/gabime/spdlog/archive/refs/tags/v1.14.1.tar.gz + URL_HASH + SHA256=1586508029a7d0670dfcb2d97575dcdc242d3868a259742b69f100801ab4e16b + CMAKE_ARGS -DCMAKE_POSITION_INDEPENDENT_CODE=On + -DCMAKE_INSTALL_PREFIX=${CMAKE_DEPS_PREFIX} + -DSPDLOG_BUILD_EXAMPLE=OFF + PREFIX ${CMAKE_DEPS_PREFIX} + UPDATE_COMMAND "" + EXCLUDE_FROM_ALL true + DOWNLOAD_EXTRACT_TIMESTAMP On + BUILD_BYPRODUCTS ${CMAKE_DEPS_LIBDIR}/libspdlog${CMAKE_STATIC_LIBRARY_SUFFIX} + LOG_DOWNLOAD On + LOG_CONFIGURE On + LOG_BUILD On + LOG_INSTALL On) +endif() import_static_lib_from(libspdlog spdlog) diff --git a/virtrust/docs/004-virtrustd.md b/virtrust/docs/004-virtrustd.md index e369cc9434b3a5b03be9a2e66837af0fa8517c1e..12f98ee2fdddf0c0bdc82abb84f1d5ad941a3bb8 100644 --- a/virtrust/docs/004-virtrustd.md +++ b/virtrust/docs/004-virtrustd.md @@ -40,7 +40,8 @@ libvirt 虚拟化层 - **权限**:需要足够的权限来管理虚拟机 - **依赖**:libvirt、gRPC 相关库 -### 安装步骤 + +### 源码安装步骤 1. **编译安装**: ```bash @@ -55,7 +56,7 @@ sudo cmake --install build 2. **创建配置文件**: ```bash sudo mkdir -p /etc/virtrust -sudo cp config-example.json /etc/virtrust/virtrustd.json +sudo cp test/data/config.json /etc/virtrust/config.json ``` 3. **创建日志目录**: @@ -65,22 +66,17 @@ sudo touch /var/log/virtrustd.log sudo chmod 644 /var/log/virtrustd.log ``` -## 配置管理 - -### 基本语法 - -```bash -virtrustd --config [options] +### RPM 部署 +1. **构建 RPM 包** +```shell +sh rpm/build_rpm.sh +``` +2. **安装** +```shell +sudo rpm -ivh ~/rpmbuild/RPMS/aarch64/TSB-agent-1.0.0-1.aarch64.rpm ``` -### 命令行选项 - -| 选项 | 长选项 | 参数 | 描述 | -|------|--------|------|------| -| 无 | `--config` | 文件路径 | 配置文件路径(必需) | -| `-d` | `--debug` | 无 | 启用调试模式 | -| 无 | `--help` | 无 | 显示帮助信息 | -| 无 | `--version` | 无 | 显示版本信息 | +## 配置管理 ### 配置文件格式 @@ -116,6 +112,15 @@ sudo virtrustd --config /etc/virtrust/virtrustd.json sudo virtrustd --config /etc/virtrust/virtrustd.json --debug ``` +### 命令行选项 + +| 选项 | 长选项 | 参数 | 描述 | +|------|--------|------|------| +| 无 | `--config` | 文件路径 | 配置文件路径(必需) | +| `-d` | `--debug` | 无 | 启用调试模式 | +| 无 | `--help` | 无 | 显示帮助信息 | +| 无 | `--version` | 无 | 显示版本信息 | + ### 系统服务配置 创建 systemd 服务文件 `/etc/systemd/system/virtrustd.service`: diff --git a/virtrust/rpm/TSB-agent.spec b/virtrust/rpm/TSB-agent.spec new file mode 100644 index 0000000000000000000000000000000000000000..8b0d9298631dd32f3ee8ccc208b76e76d72e7841 --- /dev/null +++ b/virtrust/rpm/TSB-agent.spec @@ -0,0 +1,121 @@ +Name: TSB-agent +Version: 1.0.0 +Release: 1 +Summary: Trusted Software Base Agent for openEuler +Summary(zh_CN): 可信基础软件代理(TSB-agent) +License: MulanPSL-2.0 +URL: https://gitee.com/openeuler/TSB-agent +Source0: %{name}-%{version}.tar.gz +Source1: googletest-v1.15.2.tar.gz +Source2: openssl-3.3.2.tar.gz +Source3: rapidjson-v1.1.0.tar.gz +Source4: spdlog-v1.14.1.tar.gz +Source5: libboundscheck.tar.gz + +BuildRequires: gcc, make +BuildRequires: gcc-c++ >= 7, cmake >= 3.14 +# Optional devel-time dependencies if using system libraries +#BuildRequires: rapidjson-devel, spdlog-devel, gtest-devel, libboundscheck-devel + +# Runtime Requires +Requires: libvirt-devel, libxml2-devel, openssl-devel, libguestfs-devel + +%global __requires_exclude libinterfac\.so + +%description +TSB-agent (Trusted Software Base Agent) provides trusted computing +capabilities including integrity verification and a daemon/CLI for +virtualization scenarios on openEuler. + +# define sub-package +%package devel +Summary: Development files for %{name} +Requires: %{name} = %{version}-%{release} +%description devel +TSB-agent (Trusted Software Base Agent) provides trusted computing +capabilities including integrity verification and a daemon/CLI for +virtualization scenarios on openEuler. + +%prep +%autosetup -n %{name}-%{version} + +# 将依赖包解压到 CMake 期望的目录:build/deps/src +# 注意目录命名需与 cmake/deps/*.cmake 中 ExternalProject 名称一致 +# - googletest +# - openssl (BUILD_IN_SOURCE On) +# - rapidjson +# - spdlog +# - libboundscheck-src +DEPS_SRC="%{build_dir}/deps/src" +mkdir -p "$DEPS_SRC" + +mkdir -p "$DEPS_SRC/googletest" +tar -xzf %{SOURCE1} -C "$DEPS_SRC/googletest" --strip-components=1 + +mkdir -p "$DEPS_SRC/openssl" +tar -xzf %{SOURCE2} -C "$DEPS_SRC/openssl" --strip-components=1 + +mkdir -p "$DEPS_SRC/rapidjson" +tar -xzf %{SOURCE3} -C "$DEPS_SRC/rapidjson" --strip-components=1 + +mkdir -p "$DEPS_SRC/spdlog" +tar -xzf %{SOURCE4} -C "$DEPS_SRC/spdlog" --strip-components=1 + +mkdir -p "$DEPS_SRC/libboundscheck-src" +tar -xzf %{SOURCE5} -C "$DEPS_SRC/libboundscheck-src" --strip-components=1 + +%global root_dir %{name}-%{version} +%global build_dir %{_builddir}/%{name}-%{version}/build +%global lib_out_dir %{build_dir}/lib64 +%global bin_out_dir %{build_dir}/bin + +%build +export CFLAGS="%{optflags}" +export CXXFLAGS="%{optflags}" + +cmake -S . -B build \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo \ + -DCMAKE_CXX_STANDARD=17 \ + -DCMAKE_CXX_STANDARD_REQUIRED=ON \ + -DENABLE_DOWNLOAD_DEPS=Off \ + -DCMAKE_LIBRARY_OUTPUT_DIRECTORY=%{lib_out_dir} \ + -DCMAKE_RUNTIME_OUTPUT_DIRECTORY=%{bin_out_dir} + +cmake --build build -- -j%{?_smp_build_ncpus} + +%install +rm -rf %{buildroot} +install -d -m 750 %{buildroot}%{_libdir} +install -d -m 750 %{buildroot}%{_bindir} +install -d -m 750 %{buildroot}%{_includedir}/%{name} +install -d -m 750 %{buildroot}%{_sysconfdir}/%{name} +install -d -m 750 %{buildroot}%{_localstatedir}/log/%{name} + +# 库文件 +install -m 550 %{lib_out_dir}/libvirtrust-shared.so %{buildroot}%{_libdir} + +# 可执行文件 +install -m 550 %{bin_out_dir}/virtrust-sh %{buildroot}%{_bindir} +install -m 550 %{bin_out_dir}/libvirtrustd %{buildroot}%{_bindir} + +# 配置文件 +install -pm 644 %{root_dir}/test/data/config.json %{_sysconfdir}/virtrust/config.json + +# 头文件(如果项目有 include/) +if [ -d include ]; then + cp -a include/* %{buildroot}%{_includedir}/%{name}/ +fi + +%files +%dir %attr(0750, root, root) %{_sysconfdir}/virtrust/ +%config %attr(0640, root, root) %{_sysconfdir}/virtrust/config.json + +%{_libdir}/libvirtrust-shared.so +%{_bindir}/virtrust-sh +%{_bindir}/libvirtrustd + + +%post +/sbin/ldconfig + +%changelog diff --git a/virtrust/rpm/build_rpm.sh b/virtrust/rpm/build_rpm.sh new file mode 100644 index 0000000000000000000000000000000000000000..fab7d63cd7635e763165cf6cfedbd412501b8578 --- /dev/null +++ b/virtrust/rpm/build_rpm.sh @@ -0,0 +1,140 @@ +#!/usr/bin/env bash +set -euo pipefail + +# Package source, fetch dependency archives, and run rpmbuild. +# Usage: rpm/build_rpm.sh [SOURCES_DIR] +# - SOURCES_DIR defaults to ~/rpmbuild/SOURCES + +ROOT_DIR=$(cd "$(dirname "$0")/.." && pwd) +SPEC_FILE="$ROOT_DIR/rpm/TSB-agent.spec" + +if [[ ! -f "$SPEC_FILE" ]]; then + echo "ERROR: Spec file not found: $SPEC_FILE" >&2 + exit 1 +fi + +# Extract Name and Version from spec +PKG_NAME=$(awk -F: '/^Name:/ {gsub(/^[ \t]+/,"",$2); print $2; exit}' "$SPEC_FILE") +PKG_VERSION=$(awk -F: '/^Version:/ {gsub(/^[ \t]+/,"",$2); print $2; exit}' "$SPEC_FILE") + +if [[ -z "${PKG_NAME:-}" || -z "${PKG_VERSION:-}" ]]; then + echo "ERROR: Failed to parse Name/Version from $SPEC_FILE" >&2 + exit 1 +fi + +# Where to put Source0..N +DEST_DIR=${1:-"$HOME/rpmbuild/SOURCES"} +mkdir -p "$DEST_DIR" + +SRC_TARBALL="$DEST_DIR/${PKG_NAME}-${PKG_VERSION}.tar.gz" + +echo "==> Packaging source into: $SRC_TARBALL" +TMPDIR=$(mktemp -d) +trap 'rm -rf "$TMPDIR"' EXIT +STAGE="$TMPDIR/${PKG_NAME}-${PKG_VERSION}" +mkdir -p "$STAGE" +rsync -a \ + --exclude '.git' \ + --exclude '.idea' \ + --exclude 'build' \ + --exclude '*.o' \ + --exclude '*.a' \ + --exclude '*.so' \ + --exclude '*.so.*' \ + --exclude '*.swp' \ + --exclude '*~' \ + "$ROOT_DIR"/ "$STAGE"/ +tar -C "$TMPDIR" -czf "$SRC_TARBALL" "${PKG_NAME}-${PKG_VERSION}" +rm -rf "$TMPDIR" +trap - EXIT + +echo "==> Downloading dependency archives into: $DEST_DIR" +# Helper: curl or wget +_fetch() { + local url="$1" out="$2" + if [[ -f "$out" ]]; then + echo "[skip] $out already exists" + return + fi + if command -v curl >/dev/null 2>&1; then + curl -L --fail --retry 3 -o "$out" "$url" + elif command -v wget >/dev/null 2>&1; then + wget -O "$out" "$url" + else + echo "ERROR: Neither curl nor wget found for downloading $url" >&2 + return 1 + fi +} + +# 依赖下载地址:与 cmake/deps/*.cmake 中的 gitee 源保持一致。 +# 注意:仅更改下载源,不更改本地保存的文件名,以便与 .spec 中的 Source1..N 对齐。 +# - gtest: gitee.com/mirrors/googletest.git (tag: v1.15.2) +# - openssl: gitee.com/mirrors/openssl.git (tag: openssl-3.3.2) +# - rapidjson: gitee.com/Tencent/RapidJSON.git (tag: v1.1.0) +# - spdlog: gitee.com/mirrors_trending/spdlog.git (tag: v1.14.1) +# - libboundscheck: gitee.com/openeuler/libboundscheck (branch: master) + +# Gitee 通用归档下载路径格式: +# https://gitee.com///repository/archive/.tar.gz + +GTEST_URL="https://gitee.com/mirrors/googletest/repository/archive/v1.15.2.tar.gz" +OPENSSL_URL="https://gitee.com/mirrors/openssl/repository/archive/openssl-3.3.2.tar.gz" +RAPIDJSON_URL="https://gitee.com/Tencent/RapidJSON/repository/archive/v1.1.0.tar.gz" +SPDLOG_URL="https://gitee.com/mirrors_trending/spdlog/repository/archive/v1.14.1.tar.gz" +LIBBOUNDSCHECK_URL="https://gitee.com/openeuler/libboundscheck/repository/archive/master.tar.gz" + +# Output file names for SourceN (keep in sync with spec!) +GTEST_OUT="$DEST_DIR/googletest-v1.15.2.tar.gz" +OPENSSL_OUT="$DEST_DIR/openssl-3.3.2.tar.gz" +RAPIDJSON_OUT="$DEST_DIR/rapidjson-v1.1.0.tar.gz" +SPDLOG_OUT="$DEST_DIR/spdlog-v1.14.1.tar.gz" +LIBBOUNDSCHECK_OUT="$DEST_DIR/libboundscheck.tar.gz" + +_fetch "$GTEST_URL" "$GTEST_OUT" +_fetch "$OPENSSL_URL" "$OPENSSL_OUT" +_fetch "$RAPIDJSON_URL" "$RAPIDJSON_OUT" +_fetch "$SPDLOG_URL" "$SPDLOG_OUT" +_fetch "$LIBBOUNDSCHECK_URL" "$LIBBOUNDSCHECK_OUT" + +echo "==> Generating checksums" +MANIFEST="$DEST_DIR/${PKG_NAME}-${PKG_VERSION}-sources.SHA256" +{ + sha256sum "$SRC_TARBALL" || true + sha256sum "$GTEST_OUT" || true + sha256sum "$OPENSSL_OUT" || true + sha256sum "$RAPIDJSON_OUT" || true + sha256sum "$SPDLOG_OUT" || true + sha256sum "$LIBBOUNDSCHECK_OUT" || true +} > "$MANIFEST" + +echo "==> Preparing rpmbuild tree" +RPMBUILD_ROOT="$HOME/rpmbuild" +mkdir -p "$RPMBUILD_ROOT"/{SPECS,SRPMS,RPMS,BUILD,BUILDROOT} + +# 可以直接用仓库里的 spec,不必复制,但有些人喜欢 copy 一份到 SPECS 里: +cp -f "$SPEC_FILE" "$RPMBUILD_ROOT/SPECS/" + +echo "==> Running rpmbuild" +rpmbuild -ba "$SPEC_FILE" \ + --define "_sourcedir $DEST_DIR" \ + --define "_specdir $ROOT_DIR/rpm" \ + --define "_srcrpmdir $RPMBUILD_ROOT/SRPMS" \ + --define "_rpmdir $RPMBUILD_ROOT/RPMS" \ + --define "_builddir $RPMBUILD_ROOT/BUILD" \ + --define "_buildrootdir $RPMBUILD_ROOT/BUILDROOT" + +cat <) endif() # NOTE Make sure targets are linekd to tsb-agent diff --git a/virtrust/src/tsb_agent/tsb_agent_adaptor.cpp b/virtrust/src/tsb_agent/tsb_agent_adaptor.cpp new file mode 100644 index 0000000000000000000000000000000000000000..2979a0826b74f80b58b7b4fda5ddfa49898b5e7f --- /dev/null +++ b/virtrust/src/tsb_agent/tsb_agent_adaptor.cpp @@ -0,0 +1,158 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2025-2025. All rights reserved. + */ + +// 适配器:对外保持 C 接口不变,内部通过 TsbAgent 封装进行 dlopen 调用 + +#include "tsb_agent/tsb_agent.h" +#include "virtrust/dllib/tsb_agent.h" + +namespace { +bool CheckTsbAgentDlopen() +{ + auto &ta = virtrust::TsbAgent::GetInstance(); + return ta.CheckOk() == virtrust::DllibRc::OK; +} +} + +// NOTE ALL memories are allocated inside APIs by using "malloc", remember to free after use. + +int GetVRoots(int *vtpcmNums, struct Description **vtpcmInfo) +{ + if (!CheckTsbAgentDlopen()) { + return -1; + } + return virtrust::TsbAgent::GetInstance().GetVRoots(vtpcmNums, vtpcmInfo); +} + +int CreateVRoot(struct Description *vtpcmInfo) +{ + if (!CheckTsbAgentDlopen()) { + return -1; + } + return virtrust::TsbAgent::GetInstance().CreateVRoot(vtpcmInfo); +} + +int StartVRoot(char *uuid) +{ + if (!CheckTsbAgentDlopen()) { + return -1; + } + return virtrust::TsbAgent::GetInstance().StartVRoot(uuid); +} + +int StopVRoot(char *uuid) +{ + if (!CheckTsbAgentDlopen()) { + return -1; + } + return virtrust::TsbAgent::GetInstance().StopVRoot(uuid); +} + +int RemoveVRoot(char *uuid) +{ + if (!CheckTsbAgentDlopen()) { + return -1; + } + return virtrust::TsbAgent::GetInstance().RemoveVRoot(uuid); +} + +int UpdateMeasure(char *uuid, struct MeasureInfo *bios, struct MeasureInfo *shim, struct MeasureInfo *grub, + struct MeasureInfo *grubCfg, struct MeasureInfo *kernel, struct MeasureInfo *initrd) +{ + if (!CheckTsbAgentDlopen()) { + return -1; + } + return virtrust::TsbAgent::GetInstance().UpdateMeasure(uuid, bios, shim, grub, grubCfg, kernel, initrd); +} + +int CheckMeasure(char *uuid, struct MeasureInfo *bios, struct MeasureInfo *shim, struct MeasureInfo *grub, + struct MeasureInfo *grubCfg, struct MeasureInfo *kernel, struct MeasureInfo *initrd) +{ + if (!CheckTsbAgentDlopen()) { + return -1; + } + return virtrust::TsbAgent::GetInstance().CheckMeasure(uuid, bios, shim, grub, grubCfg, kernel, initrd); +} + +/** + * 迁移接口 + */ + +int GetReport(char *pUuid, // 物理机的uuid + char *vUuid, // 虚拟机的uuid + struct trust_report_new *hostreport, // 输出:host report + struct trust_report_new *vmreport // 输出:virtual machine report +) +{ + if (!CheckTsbAgentDlopen()) { + return -1; + } + return virtrust::TsbAgent::GetInstance().GetReport(pUuid, vUuid, hostreport, vmreport); +} + +int VerifyTrustReport(char *pUuid, // 物理机的uuid + char *vUuid, // 虚拟机的uuid + struct trust_report_new *hostreport, // 输出:host report + struct trust_report_new *vmreport // 输出:virtual machine report +) +{ + if (!CheckTsbAgentDlopen()) { + return -1; + } + return virtrust::TsbAgent::GetInstance().VerifyTrustReport(pUuid, vUuid, hostreport, vmreport); +} + +int MigrationGetCert(char *vUuid, // 虚拟机的uuid + char **cert, // 输出:对 pubkey 签名的证书(BMC可验证) + int *certLen, // 输出:证书长度 + char **pubkey, // 输出:临时生成的随机密钥对的公钥 + int *pubkeyLen // 输出:公钥长度 +) +{ + if (!CheckTsbAgentDlopen()) { + return -1; + } + return virtrust::TsbAgent::GetInstance().MigrationGetCert(vUuid, cert, certLen, pubkey, pubkeyLen); +} + +int MigrationCheckPeerPk(char *vUuid, // 虚拟机的uuid + char *pk1, // peer cert 公钥 (REVIEW: 改成 cert?) + char *pk2 // peer 临时生成的随机密钥对的公钥, a.k.a. pubkey +) +{ + if (!CheckTsbAgentDlopen()) { + return -1; + } + return virtrust::TsbAgent::GetInstance().MigrationCheckPeerPk(vUuid, pk1, pk2); +} + +int MigrationGetVrootCipher(char *vUuid, // 虚拟机的uuid + char **cipher, // 输出:加密后的密码资源 + int *cipherLen // 输出:密文长度 +) +{ + if (!CheckTsbAgentDlopen()) { + return -1; + } + return virtrust::TsbAgent::GetInstance().MigrationGetVrootCipher(vUuid, cipher, cipherLen); +} + +int MigrationImportVrootCipher(char *vUuid, // 虚拟机的uuid + char *cipher // 加密后的密码资源 +) +{ + if (!CheckTsbAgentDlopen()) { + return -1; + } + return virtrust::TsbAgent::GetInstance().MigrationImportVrootCipher(vUuid, cipher); +} + +int MigrationNotify(char *vUuid, // 虚拟机的uuid + int status) +{ + if (!CheckTsbAgentDlopen()) { + return -1; + } + return virtrust::TsbAgent::GetInstance().MigrationNotify(vUuid, status); +} diff --git a/virtrust/src/virtrust/dllib/tsb_agent.h b/virtrust/src/virtrust/dllib/tsb_agent.h new file mode 100644 index 0000000000000000000000000000000000000000..63ac2093cf2e85bee8796066736239db47b2e344 --- /dev/null +++ b/virtrust/src/virtrust/dllib/tsb_agent.h @@ -0,0 +1,111 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2025-2025. All rights reserved. + */ + +#pragma once + +#include + +#include +#include + +#include "virtrust/dllib/common.h" +#include "tsb_agent/tsb_agent.h" // for structs and function prototypes + +namespace virtrust { + +// TSB Agent 接口的 dlopen 封装 +class TsbAgent : public DlLibBase { +public: + ~TsbAgent() = default; + TsbAgent(const TsbAgent &) = delete; + void operator=(const TsbAgent &) = delete; + + // Singleton instance + static TsbAgent &GetInstance() + { + static TsbAgent instance; + return instance; + } + + // Reload all functions + DllibRc Reload() + { + SelfDlClose(); + LoadAll(); + return CheckOk(); + } + + // API 函数指针(签名与 tsb_agent.h 中一致) + DlFun GetVRoots; + DlFun CreateVRoot; + DlFun StartVRoot; + DlFun StopVRoot; + DlFun RemoveVRoot; + + DlFun UpdateMeasure; + + DlFun CheckMeasure; + + DlFun GetReport; + DlFun VerifyTrustReport; + + DlFun MigrationGetCert; + DlFun MigrationCheckPeerPk; + DlFun MigrationGetVrootCipher; + DlFun MigrationImportVrootCipher; + DlFun MigrationNotify; + +private: + void LoadAll() + { + // 显式 dlopen 共享库 + auto ret = SelfDlOpen(); + if (ret != DllibRc::OK) { + return; + } + + // dlsym 全部函数 + DLLIB_SELF_DLSYM(GetVRoots); + DLLIB_SELF_DLSYM(CreateVRoot); + DLLIB_SELF_DLSYM(StartVRoot); + DLLIB_SELF_DLSYM(StopVRoot); + DLLIB_SELF_DLSYM(RemoveVRoot); + + DLLIB_SELF_DLSYM(UpdateMeasure); + DLLIB_SELF_DLSYM(CheckMeasure); + + DLLIB_SELF_DLSYM(GetReport); + DLLIB_SELF_DLSYM(VerifyTrustReport); + + DLLIB_SELF_DLSYM(MigrationGetCert); + DLLIB_SELF_DLSYM(MigrationCheckPeerPk); + DLLIB_SELF_DLSYM(MigrationGetVrootCipher); + DLLIB_SELF_DLSYM(MigrationImportVrootCipher); + DLLIB_SELF_DLSYM(MigrationNotify); + } + + TsbAgent() : DlLibBase(LIB_NAME) + { + LoadAll(); + } + + static constexpr std::string_view LIB_NAME = "libinterfac.so"; +}; + +} // namespace virtrust +