Update keylime-agent and tpm-emulator elements

Story: #2002713
Task: #41304

Change-Id: I735db46a62edecc85457d4163963f558c9fe461d
This commit is contained in:
Danni Shi 2021-09-21 10:21:46 -04:00
parent 6e83df4d40
commit 18df5a59b5
6 changed files with 32 additions and 9 deletions

View File

@ -0,0 +1,16 @@
#!/bin/bash
# dib-lint: disable=safe_sudo
if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
[ -n "$TARGET_ROOT" ]
IMAGE_PATH=$(readlink -f $IMAGE_NAME)
# copy allowlist and checksum to image path
sudo cp $TARGET_ROOT/root/allowlist.txt ${IMAGE_PATH}-allowlist.txt
sudo cp $TARGET_ROOT/root/checksum.txt ${IMAGE_PATH}-checksum.txt

View File

@ -1,2 +1,3 @@
export DIB_KEYLIME_AGENT_REGISTRAR_IP=${DIB_KEYLIME_AGENT_REGISTRAR_IP:-0}
export DIB_KEYLIME_AGENT_REGISTRAR_PORT=${DIB_KEYLIME_AGENT_REGISTRAR_PORT:-8890}
export DIB_KEYLIME_AGENT_REGISTRAR_PORT=${DIB_KEYLIME_AGENT_REGISTRAR_PORT:-8890}
export DIB_KEYLIME_AGENT_PORT=${DIB_KEYLIME_AGENT_PORT:-9002}

View File

@ -12,7 +12,6 @@ VENVDIR=/opt/keylime
KLDIR=/tmp/keylime
# create the virtual environment
if [ $DIB_PYTHON_VERSION == 3 ]; then
$DIB_PYTHON -m venv $VENVDIR
else
@ -26,6 +25,8 @@ install -c -m 0644 ${SCRIPTDIR}/ima-policy /etc/ima/ima-policy
# install Keylime-agent inside the virtual environment
$VENVDIR/bin/pip install 'pip>=19.1.1'
$VENVDIR/bin/pip install -r $KLDIR/requirements.txt $KLDIR
# dataclasses are missing in python3.6, so we have to install it manually
$VENVDIR/bin/pip install dataclasses
ln -s $VENVDIR/bin/keylime_agent /usr/local/bin/keylime_agent
if [ "$DIB_KEYLIME_AGENT_REGISTRAR_IP" != "0" ]; then
@ -34,14 +35,18 @@ fi
if [ "$DIB_KEYLIME_AGENT_REGISTRAR_PORT" != "8890" ]; then
sed -i "s/registrar_port = 8890/registrar_port = "$DIB_KEYLIME_AGENT_REGISTRAR_PORT"/" /etc/keylime.conf
fi
# set the agent uuid to randomly generated
sed -i 's/^\(agent\_uuid\s*=\s*\).*$/\1dmidecode/' /etc/keylime.conf
if [ "$DIB_KEYLIME_AGENT_PORT" != "9002" ]; then
sed -i "s/cloudagent_port = 9002/cloudagent_port = "$DIB_KEYLIME_AGENT_PORT"/" /etc/keylime.conf
fi
# set the agent uuid to hash_ek
sed -i 's/^\(agent\_uuid\s*=\s*\).*$/\1hash_ek/' /etc/keylime.conf
sed -i 's/^\(level\s*=\s*\).*$/\1DEBUG/' /etc/keylime.conf
sed -i 's/^\(cloudagent\_ip\s*=\s*\).*$/\10.0.0.0/' /etc/keylime.conf
# create allowlist
# create allowlist and checksum
./$KLDIR/scripts/create_allowlist.sh /root/allowlist.txt sha256sum
touch /root/checksum.txt
sha256sum /root/allowlist.txt > /root/checksum.txt
case "$DIB_INIT_SYSTEM" in
systemd)

View File

@ -1 +1 @@
keylime git /tmp/keylime https://github.com/keylime/keylime.git 16a9cfd31b02f5c60b1ccc667627fac6144f82d1
keylime git /tmp/keylime https://github.com/keylime/keylime.git v6.2.0

View File

@ -34,9 +34,10 @@ install -c -g root -o root -m 0644 ${SCRIPTDIR}/10-tcti-emulator.conf /etc/syste
install -c -g root -o root -m 0644 ${SCRIPTDIR}/20-remove-conditionpathexistsglob.conf /etc/systemd/system/tpm2-abrmd.service.d/
# install Keylime-agent inside the virtual environment
# install Keylime-ima-emulator inside the virtual environment
$VENVDIR/bin/pip install 'pip>=19.1.1'
$VENVDIR/bin/pip install -r $KLDIR/requirements.txt $KLDIR
$VENVDIR/bin/pip install dataclasses
ln -s $VENVDIR/bin/keylime_ima_emulator /usr/local/bin/keylime_ima_emulator

View File

@ -1 +1 @@
keylime git /tmp/keylime https://github.com/keylime/keylime.git 16a9cfd31b02f5c60b1ccc667627fac6144f82d1
keylime git /tmp/keylime https://github.com/keylime/keylime.git v6.2.0