From 27a27befed2257c2156ed8b94d679951b9b1a4d5 Mon Sep 17 00:00:00 2001 From: Sergio Correia Date: Wed, 13 May 2020 23:51:04 -0300 Subject: [PATCH 1/8] Adjust pin-tang test to account for newer tang without tangd-update --- src/luks/tests/unbind-unbound-slot-luks2 | 1 + src/pins/tang/meson.build | 8 +------- src/pins/tang/pin-tang | 11 ++++++++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/luks/tests/unbind-unbound-slot-luks2 b/src/luks/tests/unbind-unbound-slot-luks2 index 6a2aca5..6d814ad 100755 --- a/src/luks/tests/unbind-unbound-slot-luks2 +++ b/src/luks/tests/unbind-unbound-slot-luks2 @@ -36,6 +36,7 @@ TMP="$(mktemp -d)" DEV="${TMP}/luks2-device" new_device "luks2" "${DEV}" +SLT=2 if clevis luks unbind -d "${DEV}" -s "${SLT}"; then error "${TEST}: Unbind is expected to fail for device ${DEV} and slot ${SLT}" >&2 fi diff --git a/src/pins/tang/meson.build b/src/pins/tang/meson.build index 74a3442..9b9a3db 100644 --- a/src/pins/tang/meson.build +++ b/src/pins/tang/meson.build @@ -9,12 +9,6 @@ kgen = find_program( '/usr/lib/x86_64-linux-gnu/tangd-keygen', required: false ) -updt = find_program( - join_paths(libexecdir, 'tangd-update'), - '/usr/libexec/tangd-update', - '/usr/lib/x86_64-linux-gnu/tangd-update', - required: false -) tang = find_program( join_paths(libexecdir, 'tangd'), '/usr/libexec/tangd', @@ -28,7 +22,7 @@ if curl.found() bins += join_paths(meson.current_source_dir(), 'clevis-encrypt-tang') mans += join_paths(meson.current_source_dir(), 'clevis-encrypt-tang.1') - if actv.found() and kgen.found() and updt.found() and tang.found() + if actv.found() and kgen.found() and tang.found() env = environment() env.set('SD_ACTIVATE', actv.path()) env.append('PATH', diff --git a/src/pins/tang/pin-tang b/src/pins/tang/pin-tang index 1720d3d..8190f3d 100755 --- a/src/pins/tang/pin-tang +++ b/src/pins/tang/pin-tang @@ -31,18 +31,23 @@ mkdir -p "$TMP"/db mkdir -p "$TMP"/cache # Generate the server keys +KEYS="$TMP"/db tangd-keygen "$TMP"/db sig exc -tangd-update "$TMP"/db "$TMP"/cache +if which tangd-update; then + tangd-update "$TMP"/db "$TMP"/cache + KEYS=$TMP/cache +fi # Start the server port="$(shuf -i 1024-65536 -n 1)" -$SD_ACTIVATE --inetd -l 127.0.0.1:$port -a tangd "$TMP"/cache & +$SD_ACTIVATE --inetd -l 127.0.0.1:$port -a tangd "$KEYS" & PID=$! sleep 0.25 thp="$(jose jwk thp -i "$TMP/db/sig.jwk")" -adv="$TMP/cache/default.jws" url="http://localhost:${port}" +adv="$TMP/adv" +curl "$url/adv" -o $adv cfg="$(printf '{"url":"%s","adv":"%s"}' "$url" "$adv")" enc="$(echo -n "hi" | clevis encrypt tang "$cfg")" -- 2.18.4