64 lines
2.0 KiB
Bash
Executable File
64 lines
2.0 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
|
|
set -x
|
|
fi
|
|
set -eu
|
|
set -o pipefail
|
|
|
|
SCRIPTDIR=$(dirname $0)
|
|
VENVDIR=/opt/keylime
|
|
|
|
KLDIR=/tmp/keylime
|
|
|
|
# create the virtual environment
|
|
if [ $DIB_PYTHON_VERSION == 3 ]; then
|
|
$DIB_PYTHON -m venv $VENVDIR
|
|
else
|
|
$DIB_PYTHON -m virtualenv $VENVDIR
|
|
fi
|
|
|
|
install -d /etc/ima/
|
|
|
|
install -c -m 0644 ${SCRIPTDIR}/ima-policy /etc/ima/ima-policy
|
|
|
|
# install Keylime-agent inside the virtual environment
|
|
$VENVDIR/bin/pip install 'pip>=19.1.1'
|
|
$VENVDIR/bin/pip install -r $KLDIR/requirements.txt $KLDIR
|
|
# dataclasses are missing in python3.6, so we have to install it manually
|
|
$VENVDIR/bin/pip install dataclasses
|
|
ln -s $VENVDIR/bin/keylime_agent /usr/local/bin/keylime_agent
|
|
|
|
if [ "$DIB_KEYLIME_AGENT_REGISTRAR_IP" != "0" ]; then
|
|
sed -i "s/registrar_ip = 127.0.0.1/registrar_ip = "$DIB_KEYLIME_AGENT_REGISTRAR_IP"/" /etc/keylime.conf
|
|
fi
|
|
if [ "$DIB_KEYLIME_AGENT_REGISTRAR_PORT" != "8890" ]; then
|
|
sed -i "s/registrar_port = 8890/registrar_port = "$DIB_KEYLIME_AGENT_REGISTRAR_PORT"/" /etc/keylime.conf
|
|
fi
|
|
if [ "$DIB_KEYLIME_AGENT_PORT" != "9002" ]; then
|
|
sed -i "s/cloudagent_port = 9002/cloudagent_port = "$DIB_KEYLIME_AGENT_PORT"/" /etc/keylime.conf
|
|
fi
|
|
# set the agent uuid to hash_ek
|
|
sed -i 's/^\(agent\_uuid\s*=\s*\).*$/\1hash_ek/' /etc/keylime.conf
|
|
sed -i 's/^\(level\s*=\s*\).*$/\1DEBUG/' /etc/keylime.conf
|
|
sed -i 's/^\(cloudagent\_ip\s*=\s*\).*$/\10.0.0.0/' /etc/keylime.conf
|
|
|
|
# create allowlist and checksum
|
|
./$KLDIR/scripts/create_allowlist.sh /root/allowlist.txt sha256sum
|
|
touch /root/checksum.txt
|
|
sha256sum /root/allowlist.txt > /root/checksum.txt
|
|
|
|
case "$DIB_INIT_SYSTEM" in
|
|
systemd)
|
|
install -D -g root -o root -m 0644 ${SCRIPTDIR}/keylime-agent.service /usr/lib/systemd/system/keylime-agent.service
|
|
;;
|
|
sysv)
|
|
install -D -g root -o root -m 0755 ${SCRIPTDIR}/keylime-agent.init /etc/init.d/keylime-agent.init
|
|
update-rc.d keylime-agent.init defaults
|
|
;;
|
|
*)
|
|
echo "Unsupported init system"
|
|
exit 1
|
|
;;
|
|
esac
|