From 59f83ef37bb505bb51181a271703e7bdf2ab5851 Mon Sep 17 00:00:00 2001
From: Lin Tan <lin.tan@intel.com>
Date: Tue, 16 Jun 2015 16:20:15 +0800
Subject: [PATCH] Add oat-client element

This element installs oat-client on the image, that's necessary for
trusted boot feature in Ironic to work. This element only works on Fedora.

Intel TXT will measure BIOS, Option Rom and Kernel/Ramdisk during trusted
boot, the oat-client will securely fetch the hash values from TPM.

Change-Id: I0f1221b5708e9a5792df62ee6e73034f8bf1577c
---
 elements/oat-client/README.rst                | 19 +++++++++++++++++++
 elements/oat-client/element-deps              |  1 +
 elements/oat-client/package-installs.yaml     |  2 ++
 .../oat-client/yum.repos.d/fedora-oat.repo    |  8 ++++++++
 4 files changed, 30 insertions(+)
 create mode 100644 elements/oat-client/README.rst
 create mode 100644 elements/oat-client/element-deps
 create mode 100644 elements/oat-client/package-installs.yaml
 create mode 100644 elements/oat-client/yum.repos.d/fedora-oat.repo

diff --git a/elements/oat-client/README.rst b/elements/oat-client/README.rst
new file mode 100644
index 00000000..501c87bb
--- /dev/null
+++ b/elements/oat-client/README.rst
@@ -0,0 +1,19 @@
+==========
+oat-client
+==========
+This element installs oat-client on the image, that's necessary for
+trusted boot feature in Ironic to work.
+
+Intel TXT will measure BIOS, Option Rom and Kernel/Ramdisk during trusted
+boot, the oat-client will securely fetch the hash values from TPM.
+
+.. note::
+    This element only works on Fedora.
+
+Put `fedora-oat.repo` into `/etc/yum.repos.d/`::
+
+  export DIB_YUM_REPO_CONF=/etc/yum.repos.d/fedora-oat.repo
+
+.. note::
+    OAT Repo is lack of a GPG signature check on packages, which can be
+    tracked on: https://github.com/OpenAttestation/OpenAttestation/issues/26
diff --git a/elements/oat-client/element-deps b/elements/oat-client/element-deps
new file mode 100644
index 00000000..7076aba9
--- /dev/null
+++ b/elements/oat-client/element-deps
@@ -0,0 +1 @@
+package-installs
diff --git a/elements/oat-client/package-installs.yaml b/elements/oat-client/package-installs.yaml
new file mode 100644
index 00000000..a82109a4
--- /dev/null
+++ b/elements/oat-client/package-installs.yaml
@@ -0,0 +1,2 @@
+oat-client:
+oat-commandtool:
diff --git a/elements/oat-client/yum.repos.d/fedora-oat.repo b/elements/oat-client/yum.repos.d/fedora-oat.repo
new file mode 100644
index 00000000..32e3957b
--- /dev/null
+++ b/elements/oat-client/yum.repos.d/fedora-oat.repo
@@ -0,0 +1,8 @@
+# Place this file in your /etc/yum.repos.d/ directory
+
+[oat]
+name=oat 2.2 packages and dependencies
+baseurl=http://repos.fedorapeople.org/repos/gwei3/oat/fedora-$releasever/$basearch/
+enabled=1
+skip_if_unavailable=1
+gpgcheck=0