Update keylime-agent and tpm-emulator elements

Story: #2002713
Task: #41304

Change-Id: I735db46a62edecc85457d4163963f558c9fe461d

diskimage_builder/elements/keylime-agent/cleanup.d/98-copy-allowlist

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# dib-lint: disable=safe_sudo
+
+if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+[ -n "$TARGET_ROOT" ]
+
+IMAGE_PATH=$(readlink -f $IMAGE_NAME)
+# copy allowlist and checksum to image path
+sudo cp $TARGET_ROOT/root/allowlist.txt ${IMAGE_PATH}-allowlist.txt
+sudo cp $TARGET_ROOT/root/checksum.txt ${IMAGE_PATH}-checksum.txt

diskimage_builder/elements/keylime-agent/environment.d/16-keylime-agent

@@ -1,2 +1,3 @@
 export DIB_KEYLIME_AGENT_REGISTRAR_IP=${DIB_KEYLIME_AGENT_REGISTRAR_IP:-0}
-export DIB_KEYLIME_AGENT_REGISTRAR_PORT=${DIB_KEYLIME_AGENT_REGISTRAR_PORT:-8890}
+export DIB_KEYLIME_AGENT_REGISTRAR_PORT=${DIB_KEYLIME_AGENT_REGISTRAR_PORT:-8890}
+export DIB_KEYLIME_AGENT_PORT=${DIB_KEYLIME_AGENT_PORT:-9002}

diskimage_builder/elements/keylime-agent/install.d/keylime-agent-source-install/80-keylime-agent-install

@@ -12,7 +12,6 @@ VENVDIR=/opt/keylime
 KLDIR=/tmp/keylime
 
 # create the virtual environment
-
 if [ $DIB_PYTHON_VERSION == 3 ]; then
     $DIB_PYTHON -m venv $VENVDIR
 else
@@ -26,6 +25,8 @@ install -c -m 0644 ${SCRIPTDIR}/ima-policy /etc/ima/ima-policy
 # install Keylime-agent inside the virtual environment
 $VENVDIR/bin/pip install 'pip>=19.1.1'
 $VENVDIR/bin/pip install -r $KLDIR/requirements.txt $KLDIR
+# dataclasses are missing in python3.6, so we have to install it manually
+$VENVDIR/bin/pip install dataclasses
 ln -s $VENVDIR/bin/keylime_agent /usr/local/bin/keylime_agent
 
 if [ "$DIB_KEYLIME_AGENT_REGISTRAR_IP" != "0" ]; then
@@ -34,14 +35,18 @@ fi
 if [ "$DIB_KEYLIME_AGENT_REGISTRAR_PORT" != "8890" ]; then
     sed -i "s/registrar_port = 8890/registrar_port = "$DIB_KEYLIME_AGENT_REGISTRAR_PORT"/" /etc/keylime.conf
 fi
-# set the agent uuid to randomly generated
-sed -i 's/^\(agent\_uuid\s*=\s*\).*$/\1dmidecode/' /etc/keylime.conf
+if [ "$DIB_KEYLIME_AGENT_PORT" != "9002" ]; then
+    sed -i "s/cloudagent_port = 9002/cloudagent_port = "$DIB_KEYLIME_AGENT_PORT"/" /etc/keylime.conf
+fi
+# set the agent uuid to hash_ek
+sed -i 's/^\(agent\_uuid\s*=\s*\).*$/\1hash_ek/' /etc/keylime.conf
 sed -i 's/^\(level\s*=\s*\).*$/\1DEBUG/' /etc/keylime.conf
 sed -i 's/^\(cloudagent\_ip\s*=\s*\).*$/\10.0.0.0/' /etc/keylime.conf
 
-
-# create allowlist
+# create allowlist and checksum
 ./$KLDIR/scripts/create_allowlist.sh /root/allowlist.txt sha256sum
+touch /root/checksum.txt
+sha256sum /root/allowlist.txt > /root/checksum.txt
 
 case "$DIB_INIT_SYSTEM" in
     systemd)

diskimage_builder/elements/keylime-agent/source-repository-keylime

@@ -1 +1 @@
-keylime git /tmp/keylime https://github.com/keylime/keylime.git 16a9cfd31b02f5c60b1ccc667627fac6144f82d1
+keylime git /tmp/keylime https://github.com/keylime/keylime.git v6.2.0

diskimage_builder/elements/tpm-emulator/install.d/tpm-emulator-source-install/78-tpm-emulator-install

@@ -34,9 +34,10 @@ install -c -g root -o root -m 0644 ${SCRIPTDIR}/10-tcti-emulator.conf /etc/syste
 install -c -g root -o root -m 0644 ${SCRIPTDIR}/20-remove-conditionpathexistsglob.conf /etc/systemd/system/tpm2-abrmd.service.d/
 
 
-# install Keylime-agent inside the virtual environment
+# install Keylime-ima-emulator inside the virtual environment
 $VENVDIR/bin/pip install 'pip>=19.1.1'
 $VENVDIR/bin/pip install -r $KLDIR/requirements.txt $KLDIR
+$VENVDIR/bin/pip install dataclasses
 ln -s $VENVDIR/bin/keylime_ima_emulator /usr/local/bin/keylime_ima_emulator
 
 

diskimage_builder/elements/tpm-emulator/source-repository-keylime

@@ -1 +1 @@
-keylime git /tmp/keylime https://github.com/keylime/keylime.git 16a9cfd31b02f5c60b1ccc667627fac6144f82d1
+keylime git /tmp/keylime https://github.com/keylime/keylime.git v6.2.0