Add oat-client element

This element installs oat-client on the image, that's necessary for trusted boot feature in Ironic to work. This element only works on Fedora. Intel TXT will measure BIOS, Option Rom and Kernel/Ramdisk during trusted boot, the oat-client will securely fetch the hash values from TPM. Change-Id: I0f1221b5708e9a5792df62ee6e73034f8bf1577c
2015-06-16 16:20:15 +08:00 · 2015-06-16 16:20:15 +08:00 · 59f83ef37b
commit 59f83ef37b
parent ba6959bb92
4 changed files with 30 additions and 0 deletions
--- a/elements/oat-client/README.rst
+++ b/elements/oat-client/README.rst
@ -0,0 +1,19 @@
+==========
+oat-client
+==========
+This element installs oat-client on the image, that's necessary for
+trusted boot feature in Ironic to work.
+
+Intel TXT will measure BIOS, Option Rom and Kernel/Ramdisk during trusted
+boot, the oat-client will securely fetch the hash values from TPM.
+
+.. note::
+    This element only works on Fedora.
+
+Put `fedora-oat.repo` into `/etc/yum.repos.d/`::
+
+  export DIB_YUM_REPO_CONF=/etc/yum.repos.d/fedora-oat.repo
+
+.. note::
+    OAT Repo is lack of a GPG signature check on packages, which can be
+    tracked on: https://github.com/OpenAttestation/OpenAttestation/issues/26
--- a/elements/oat-client/element-deps
+++ b/elements/oat-client/element-deps
@ -0,0 +1 @@
+package-installs
--- a/elements/oat-client/package-installs.yaml
+++ b/elements/oat-client/package-installs.yaml
@ -0,0 +1,2 @@
+oat-client:
+oat-commandtool:
--- a/elements/oat-client/yum.repos.d/fedora-oat.repo
+++ b/elements/oat-client/yum.repos.d/fedora-oat.repo
@ -0,0 +1,8 @@
+# Place this file in your /etc/yum.repos.d/ directory
+
+[oat]
+name=oat 2.2 packages and dependencies
+baseurl=http://repos.fedorapeople.org/repos/gwei3/oat/fedora-$releasever/$basearch/
+enabled=1
+skip_if_unavailable=1
+gpgcheck=0