Browse Source

Merge "Update keylime-agent and tpm-emulator elements"

changes/70/820970/1
Zuul 6 months ago committed by Gerrit Code Review
parent
commit
a2b8d4d846
  1. 16
      diskimage_builder/elements/keylime-agent/cleanup.d/98-copy-allowlist
  2. 3
      diskimage_builder/elements/keylime-agent/environment.d/16-keylime-agent
  3. 15
      diskimage_builder/elements/keylime-agent/install.d/keylime-agent-source-install/80-keylime-agent-install
  4. 2
      diskimage_builder/elements/keylime-agent/source-repository-keylime
  5. 3
      diskimage_builder/elements/tpm-emulator/install.d/tpm-emulator-source-install/78-tpm-emulator-install
  6. 2
      diskimage_builder/elements/tpm-emulator/source-repository-keylime

16
diskimage_builder/elements/keylime-agent/cleanup.d/98-copy-allowlist

@ -0,0 +1,16 @@
#!/bin/bash
# dib-lint: disable=safe_sudo
if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
[ -n "$TARGET_ROOT" ]
IMAGE_PATH=$(readlink -f $IMAGE_NAME)
# copy allowlist and checksum to image path
sudo cp $TARGET_ROOT/root/allowlist.txt ${IMAGE_PATH}-allowlist.txt
sudo cp $TARGET_ROOT/root/checksum.txt ${IMAGE_PATH}-checksum.txt

3
diskimage_builder/elements/keylime-agent/environment.d/16-keylime-agent

@ -1,2 +1,3 @@
export DIB_KEYLIME_AGENT_REGISTRAR_IP=${DIB_KEYLIME_AGENT_REGISTRAR_IP:-0}
export DIB_KEYLIME_AGENT_REGISTRAR_PORT=${DIB_KEYLIME_AGENT_REGISTRAR_PORT:-8890}
export DIB_KEYLIME_AGENT_REGISTRAR_PORT=${DIB_KEYLIME_AGENT_REGISTRAR_PORT:-8890}
export DIB_KEYLIME_AGENT_PORT=${DIB_KEYLIME_AGENT_PORT:-9002}

15
diskimage_builder/elements/keylime-agent/install.d/keylime-agent-source-install/80-keylime-agent-install

@ -12,7 +12,6 @@ VENVDIR=/opt/keylime
KLDIR=/tmp/keylime
# create the virtual environment
if [ $DIB_PYTHON_VERSION == 3 ]; then
$DIB_PYTHON -m venv $VENVDIR
else
@ -26,6 +25,8 @@ install -c -m 0644 ${SCRIPTDIR}/ima-policy /etc/ima/ima-policy
# install Keylime-agent inside the virtual environment
$VENVDIR/bin/pip install 'pip>=19.1.1'
$VENVDIR/bin/pip install -r $KLDIR/requirements.txt $KLDIR
# dataclasses are missing in python3.6, so we have to install it manually
$VENVDIR/bin/pip install dataclasses
ln -s $VENVDIR/bin/keylime_agent /usr/local/bin/keylime_agent
if [ "$DIB_KEYLIME_AGENT_REGISTRAR_IP" != "0" ]; then
@ -34,14 +35,18 @@ fi
if [ "$DIB_KEYLIME_AGENT_REGISTRAR_PORT" != "8890" ]; then
sed -i "s/registrar_port = 8890/registrar_port = "$DIB_KEYLIME_AGENT_REGISTRAR_PORT"/" /etc/keylime.conf
fi
# set the agent uuid to randomly generated
sed -i 's/^\(agent\_uuid\s*=\s*\).*$/\1dmidecode/' /etc/keylime.conf
if [ "$DIB_KEYLIME_AGENT_PORT" != "9002" ]; then
sed -i "s/cloudagent_port = 9002/cloudagent_port = "$DIB_KEYLIME_AGENT_PORT"/" /etc/keylime.conf
fi
# set the agent uuid to hash_ek
sed -i 's/^\(agent\_uuid\s*=\s*\).*$/\1hash_ek/' /etc/keylime.conf
sed -i 's/^\(level\s*=\s*\).*$/\1DEBUG/' /etc/keylime.conf
sed -i 's/^\(cloudagent\_ip\s*=\s*\).*$/\10.0.0.0/' /etc/keylime.conf
# create allowlist
# create allowlist and checksum
./$KLDIR/scripts/create_allowlist.sh /root/allowlist.txt sha256sum
touch /root/checksum.txt
sha256sum /root/allowlist.txt > /root/checksum.txt
case "$DIB_INIT_SYSTEM" in
systemd)

2
diskimage_builder/elements/keylime-agent/source-repository-keylime

@ -1 +1 @@
keylime git /tmp/keylime https://github.com/keylime/keylime.git 16a9cfd31b02f5c60b1ccc667627fac6144f82d1
keylime git /tmp/keylime https://github.com/keylime/keylime.git v6.2.0

3
diskimage_builder/elements/tpm-emulator/install.d/tpm-emulator-source-install/78-tpm-emulator-install

@ -34,9 +34,10 @@ install -c -g root -o root -m 0644 ${SCRIPTDIR}/10-tcti-emulator.conf /etc/syste
install -c -g root -o root -m 0644 ${SCRIPTDIR}/20-remove-conditionpathexistsglob.conf /etc/systemd/system/tpm2-abrmd.service.d/
# install Keylime-agent inside the virtual environment
# install Keylime-ima-emulator inside the virtual environment
$VENVDIR/bin/pip install 'pip>=19.1.1'
$VENVDIR/bin/pip install -r $KLDIR/requirements.txt $KLDIR
$VENVDIR/bin/pip install dataclasses
ln -s $VENVDIR/bin/keylime_ima_emulator /usr/local/bin/keylime_ima_emulator

2
diskimage_builder/elements/tpm-emulator/source-repository-keylime

@ -1 +1 @@
keylime git /tmp/keylime https://github.com/keylime/keylime.git 16a9cfd31b02f5c60b1ccc667627fac6144f82d1
keylime git /tmp/keylime https://github.com/keylime/keylime.git v6.2.0

Loading…
Cancel
Save