diff --git a/0008-verifier-should-read-parameters-from-verifier.conf-o.patch b/0008-verifier-should-read-parameters-from-verifier.conf-o.patch new file mode 100644 index 0000000..efb3a2c --- /dev/null +++ b/0008-verifier-should-read-parameters-from-verifier.conf-o.patch @@ -0,0 +1,31 @@ +From aa891f456d5cf0fc23e16d87fb28efc79a0d8073 Mon Sep 17 00:00:00 2001 +From: Marcio Silva +Date: Wed, 23 Aug 2023 11:24:59 -0300 +Subject: [PATCH 8/8] verifier: should read parameters from verifier.conf only + +Single-line fix for #1446 + +The verifier should read "durable attestation" backend imports from +verifier.conf (and NOT from registrar.conf) + +Signed-off-by: Marcio Silva +--- + keylime/cloud_verifier_tornado.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/keylime/cloud_verifier_tornado.py b/keylime/cloud_verifier_tornado.py +index d65cb63..261022a 100644 +--- a/keylime/cloud_verifier_tornado.py ++++ b/keylime/cloud_verifier_tornado.py +@@ -51,7 +51,7 @@ except SQLAlchemyError as err: + sys.exit(1) + + try: +- rmc = record.get_record_mgt_class(config.get("registrar", "durable_attestation_import", fallback="")) ++ rmc = record.get_record_mgt_class(config.get("verifier", "durable_attestation_import", fallback="")) + if rmc: + rmc = rmc("verifier") + except record.RecordManagementException as rme: +-- +2.41.0 + diff --git a/keylime.spec b/keylime.spec index 57a2f93..3c5755d 100644 --- a/keylime.spec +++ b/keylime.spec @@ -9,7 +9,7 @@ Name: keylime Version: 7.3.0 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Open source TPM software for Bootstrapping and Maintaining Trust URL: https://github.com/keylime/keylime @@ -24,6 +24,7 @@ Patch: 0004-Duplicate-str_to_version-for-the-upgrade-tool.patch Patch: 0005-elchecking-example-add-ignores-for-EV_PLATFORM_CONFI.patch Patch: 0006-Revert-mapping-changes.patch Patch: 0007-Handle-session-close-using-a-session-manager.patch +Patch: 0008-verifier-should-read-parameters-from-verifier.conf-o.patch License: ASL 2.0 and MIT @@ -298,7 +299,7 @@ fi %files verifier %license LICENSE %attr(500,%{srcname},%{srcname}) %dir %{_sysconfdir}/%{srcname}/verifier.conf.d -%config(noreplace) %attr(400,%{srcname},%{srcname}) %{_sysconfdir}/%{srcname}/verifier.conf +%config(noreplace) %verify(not md5 size mode mtime) %attr(400,%{srcname},%{srcname}) %{_sysconfdir}/%{srcname}/verifier.conf %{_bindir}/%{srcname}_verifier %{_bindir}/%{srcname}_ca %{_unitdir}/keylime_verifier.service @@ -306,7 +307,7 @@ fi %files registrar %license LICENSE %attr(500,%{srcname},%{srcname}) %dir %{_sysconfdir}/%{srcname}/registrar.conf.d -%config(noreplace) %attr(400,%{srcname},%{srcname}) %{_sysconfdir}/%{srcname}/registrar.conf +%config(noreplace) %verify(not md5 size mode mtime) %attr(400,%{srcname},%{srcname}) %{_sysconfdir}/%{srcname}/registrar.conf %{_bindir}/%{srcname}_registrar %{_unitdir}/keylime_registrar.service @@ -320,7 +321,7 @@ fi %files tenant %license LICENSE %attr(500,%{srcname},%{srcname}) %dir %{_sysconfdir}/%{srcname}/tenant.conf.d -%config(noreplace) %attr(400,%{srcname},%{srcname}) %{_sysconfdir}/%{srcname}/tenant.conf +%config(noreplace) %verify(not md5 size mode mtime) %attr(400,%{srcname},%{srcname}) %{_sysconfdir}/%{srcname}/tenant.conf %{_bindir}/%{srcname}_tenant %files -n python3-%{srcname} @@ -338,8 +339,8 @@ fi %license LICENSE %doc README.md %attr(500,%{srcname},%{srcname}) %dir %{_sysconfdir}/%{srcname}/{ca,logging}.conf.d -%config(noreplace) %attr(400,%{srcname},%{srcname}) %{_sysconfdir}/%{srcname}/ca.conf -%config(noreplace) %attr(400,%{srcname},%{srcname}) %{_sysconfdir}/%{srcname}/logging.conf +%config(noreplace) %verify(not md5 size mode mtime) %attr(400,%{srcname},%{srcname}) %{_sysconfdir}/%{srcname}/ca.conf +%config(noreplace) %verify(not md5 size mode mtime) %attr(400,%{srcname},%{srcname}) %{_sysconfdir}/%{srcname}/logging.conf %attr(700,%{srcname},%{srcname}) %dir %{_rundir}/%{srcname} %attr(700,%{srcname},%{srcname}) %dir %{_localstatedir}/log/%{srcname} %attr(700,%{srcname},%{srcname}) %dir %{_sharedstatedir}/%{srcname} @@ -356,6 +357,10 @@ fi %license LICENSE %changelog +* Tue Aug 22 2023 Sergio Correia - 7.3.0-4 +- Update spec file to use %verify(not md5 size mode mtime) for files updated in %post scriptlets + Resolves: RHEL-475 + * Tue Aug 15 2023 Sergio Correia - 7.3.0-3 - Fix Keylime configuration upgrades issues introduced in last rebase Resolves: RHEL-475