rpms/keylime
6
0
Fork 0
Code Issues Pull Requests Releases Activity
8bd46bc758
keylime/0002-templates-Fix-mapping-and-adjust-for-Rust-agent.patch

120 lines
4.5 KiB
Diff
Raw Normal View History

Updating for Keylime release v7.2.5
2023-04-07 12:22:36 +00:00
From de764c330e3a3f0306d47f7a1b5b3138e9106a06 Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Thu, 1 Jun 2023 09:58:56 -0300
Subject: [PATCH 2/2] templates: Fix mapping and adjust for Rust agent
The Rust Keylime agent does not set take ownership or set the TPM owner
password. For this reason, the default value for tpm_ownerpassword
should be the empty string "".
Also, the agent does not support lists in the format specified for the
Python agent (i.e. a Python list such as ["string_a", "string_b"]. For
this reason, the adjust script should instead remove the square brackets
and make the strings to be separated with a comma.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
---
templates/2.0/adjust.py | 49 ++++++++++++++++++++++++++++++++++----
templates/2.0/mapping.json | 4 ++--
2 files changed, 47 insertions(+), 6 deletions(-)
diff --git a/templates/2.0/adjust.py b/templates/2.0/adjust.py
index c1e582a..1aa5702 100644
--- a/templates/2.0/adjust.py
+++ b/templates/2.0/adjust.py
@@ -62,10 +62,6 @@ def adjust(config: RawConfigParser, mapping: Dict) -> None: # pylint: disable=u
# Dictionary defining values to convert to lists
tolist = {
- "agent": [
- "trusted_client_ca",
- "revocation_actions",
- ],
"verifier": [
"trusted_server_ca",
"severity_labels",
@@ -84,6 +80,12 @@ def adjust(config: RawConfigParser, mapping: Dict) -> None: # pylint: disable=u
"registrar": ["trusted_client_ca"],
}
+ mergelist = {
+ "agent": [
+ "revocation_actions",
+ ]
+ }
+
for section in config:
try:
config_version = str_to_version(config[section].get("version", "1.0"))
@@ -151,6 +153,45 @@ def adjust(config: RawConfigParser, mapping: Dict) -> None: # pylint: disable=u
print(f"[{section}] For option '{option}', converted '{value}' to " f"'{config[section][option]}'")
+ # This is a special treatment to make lists compatible with the Rust agent
+ if section in mergelist:
+ for option in mergelist[section]:
+ if section in config and option in config[section]:
+ # Get raw string value
+ value = config[section][option].strip(' "')
+
+ if value == "default":
+ continue
+
+ l = []
+ try:
+ v = ast.literal_eval(value)
+ # If the value in the config was already a list, continue
+ if isinstance(v, list):
+ l = v
+ # If the value in the config was tuple
+ elif isinstance(v, tuple):
+ l = list(v)
+
+ except Exception as e:
+ print(
+ f"[{section}] In option '{option}', failed to parse "
+ f"'{value}' as python type, trying manual splitting"
+ )
+
+ # Eliminate surrounding spaces and brackets, if present
+ v = value.strip("[ ]").split(",")
+
+ # Eliminate surrounding quotes and blank spaces from each element
+ v = map(lambda x: x.strip(' "'), v)
+
+ # Remove empty strings
+ l = list(filter(lambda x: (x != ""), v))
+
+ config[section][option] = ",".join(l)
+
+ print(f"[{section}] For option '{option}', converted '{value}' to '{config[section][option]}'")
+
# Other special adjustments
# Convert agent boolean values to lower case (for TOML output)
diff --git a/templates/2.0/mapping.json b/templates/2.0/mapping.json
index 62e8538..fd8519e 100644
--- a/templates/2.0/mapping.json
+++ b/templates/2.0/mapping.json
@@ -100,7 +100,7 @@
"tpm_ownerpassword": {
"section": "cloud_agent",
"option": "tpm_ownerpassword",
- "default": "keylime"
+ "default": ""
},
"extract_payload_zip": {
"section": "cloud_agent",
@@ -120,7 +120,7 @@
"revocation_actions": {
"section": "cloud_agent",
"option": "revocation_actions",
- "default": "[]"
+ "default": ""
},
"payload_script": {
"section": "cloud_agent",
--
2.39.2
Reference in New Issue Copy Permalink