Update keylime-agent and tpm-emulator elements
Story: #2002713 Task: #41304 Change-Id: I735db46a62edecc85457d4163963f558c9fe461d
This commit is contained in:
parent
6e83df4d40
commit
18df5a59b5
16
diskimage_builder/elements/keylime-agent/cleanup.d/98-copy-allowlist
Executable file
16
diskimage_builder/elements/keylime-agent/cleanup.d/98-copy-allowlist
Executable file
@ -0,0 +1,16 @@
|
||||
#!/bin/bash
|
||||
|
||||
# dib-lint: disable=safe_sudo
|
||||
|
||||
if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
|
||||
set -x
|
||||
fi
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
[ -n "$TARGET_ROOT" ]
|
||||
|
||||
IMAGE_PATH=$(readlink -f $IMAGE_NAME)
|
||||
# copy allowlist and checksum to image path
|
||||
sudo cp $TARGET_ROOT/root/allowlist.txt ${IMAGE_PATH}-allowlist.txt
|
||||
sudo cp $TARGET_ROOT/root/checksum.txt ${IMAGE_PATH}-checksum.txt
|
@ -1,2 +1,3 @@
|
||||
export DIB_KEYLIME_AGENT_REGISTRAR_IP=${DIB_KEYLIME_AGENT_REGISTRAR_IP:-0}
|
||||
export DIB_KEYLIME_AGENT_REGISTRAR_PORT=${DIB_KEYLIME_AGENT_REGISTRAR_PORT:-8890}
|
||||
export DIB_KEYLIME_AGENT_REGISTRAR_PORT=${DIB_KEYLIME_AGENT_REGISTRAR_PORT:-8890}
|
||||
export DIB_KEYLIME_AGENT_PORT=${DIB_KEYLIME_AGENT_PORT:-9002}
|
@ -12,7 +12,6 @@ VENVDIR=/opt/keylime
|
||||
KLDIR=/tmp/keylime
|
||||
|
||||
# create the virtual environment
|
||||
|
||||
if [ $DIB_PYTHON_VERSION == 3 ]; then
|
||||
$DIB_PYTHON -m venv $VENVDIR
|
||||
else
|
||||
@ -26,6 +25,8 @@ install -c -m 0644 ${SCRIPTDIR}/ima-policy /etc/ima/ima-policy
|
||||
# install Keylime-agent inside the virtual environment
|
||||
$VENVDIR/bin/pip install 'pip>=19.1.1'
|
||||
$VENVDIR/bin/pip install -r $KLDIR/requirements.txt $KLDIR
|
||||
# dataclasses are missing in python3.6, so we have to install it manually
|
||||
$VENVDIR/bin/pip install dataclasses
|
||||
ln -s $VENVDIR/bin/keylime_agent /usr/local/bin/keylime_agent
|
||||
|
||||
if [ "$DIB_KEYLIME_AGENT_REGISTRAR_IP" != "0" ]; then
|
||||
@ -34,14 +35,18 @@ fi
|
||||
if [ "$DIB_KEYLIME_AGENT_REGISTRAR_PORT" != "8890" ]; then
|
||||
sed -i "s/registrar_port = 8890/registrar_port = "$DIB_KEYLIME_AGENT_REGISTRAR_PORT"/" /etc/keylime.conf
|
||||
fi
|
||||
# set the agent uuid to randomly generated
|
||||
sed -i 's/^\(agent\_uuid\s*=\s*\).*$/\1dmidecode/' /etc/keylime.conf
|
||||
if [ "$DIB_KEYLIME_AGENT_PORT" != "9002" ]; then
|
||||
sed -i "s/cloudagent_port = 9002/cloudagent_port = "$DIB_KEYLIME_AGENT_PORT"/" /etc/keylime.conf
|
||||
fi
|
||||
# set the agent uuid to hash_ek
|
||||
sed -i 's/^\(agent\_uuid\s*=\s*\).*$/\1hash_ek/' /etc/keylime.conf
|
||||
sed -i 's/^\(level\s*=\s*\).*$/\1DEBUG/' /etc/keylime.conf
|
||||
sed -i 's/^\(cloudagent\_ip\s*=\s*\).*$/\10.0.0.0/' /etc/keylime.conf
|
||||
|
||||
|
||||
# create allowlist
|
||||
# create allowlist and checksum
|
||||
./$KLDIR/scripts/create_allowlist.sh /root/allowlist.txt sha256sum
|
||||
touch /root/checksum.txt
|
||||
sha256sum /root/allowlist.txt > /root/checksum.txt
|
||||
|
||||
case "$DIB_INIT_SYSTEM" in
|
||||
systemd)
|
||||
|
@ -1 +1 @@
|
||||
keylime git /tmp/keylime https://github.com/keylime/keylime.git 16a9cfd31b02f5c60b1ccc667627fac6144f82d1
|
||||
keylime git /tmp/keylime https://github.com/keylime/keylime.git v6.2.0
|
||||
|
@ -34,9 +34,10 @@ install -c -g root -o root -m 0644 ${SCRIPTDIR}/10-tcti-emulator.conf /etc/syste
|
||||
install -c -g root -o root -m 0644 ${SCRIPTDIR}/20-remove-conditionpathexistsglob.conf /etc/systemd/system/tpm2-abrmd.service.d/
|
||||
|
||||
|
||||
# install Keylime-agent inside the virtual environment
|
||||
# install Keylime-ima-emulator inside the virtual environment
|
||||
$VENVDIR/bin/pip install 'pip>=19.1.1'
|
||||
$VENVDIR/bin/pip install -r $KLDIR/requirements.txt $KLDIR
|
||||
$VENVDIR/bin/pip install dataclasses
|
||||
ln -s $VENVDIR/bin/keylime_ima_emulator /usr/local/bin/keylime_ima_emulator
|
||||
|
||||
|
||||
|
@ -1 +1 @@
|
||||
keylime git /tmp/keylime https://github.com/keylime/keylime.git 16a9cfd31b02f5c60b1ccc667627fac6144f82d1
|
||||
keylime git /tmp/keylime https://github.com/keylime/keylime.git v6.2.0
|
||||
|
Loading…
Reference in New Issue
Block a user