Updating for Keylime release v7.3.0
This commit is contained in:
Sergio Correia
parent
405de1f2ac
commit
c4fb4ff4a2
1
.gitignore
vendored
1
.gitignore
vendored
@ -25,3 +25,4 @@
|
|||||||
/v6.8.0.tar.gz
|
/v6.8.0.tar.gz
|
||||||
/v7.0.0.tar.gz
|
/v7.0.0.tar.gz
|
||||||
/v7.2.5.tar.gz
|
/v7.2.5.tar.gz
|
||||||
|
/v7.3.0.tar.gz
|
||||||
|
|||||||
@ -1,119 +0,0 @@
|
|||||||
From de764c330e3a3f0306d47f7a1b5b3138e9106a06 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
||||||
Date: Thu, 1 Jun 2023 09:58:56 -0300
|
|
||||||
Subject: [PATCH 2/2] templates: Fix mapping and adjust for Rust agent
|
|
||||||
|
|
||||||
The Rust Keylime agent does not set take ownership or set the TPM owner
|
|
||||||
password. For this reason, the default value for tpm_ownerpassword
|
|
||||||
should be the empty string "".
|
|
||||||
|
|
||||||
Also, the agent does not support lists in the format specified for the
|
|
||||||
Python agent (i.e. a Python list such as ["string_a", "string_b"]. For
|
|
||||||
this reason, the adjust script should instead remove the square brackets
|
|
||||||
and make the strings to be separated with a comma.
|
|
||||||
|
|
||||||
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
||||||
---
|
|
||||||
templates/2.0/adjust.py | 49 ++++++++++++++++++++++++++++++++++----
|
|
||||||
templates/2.0/mapping.json | 4 ++--
|
|
||||||
2 files changed, 47 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/templates/2.0/adjust.py b/templates/2.0/adjust.py
|
|
||||||
index c1e582a..1aa5702 100644
|
|
||||||
--- a/templates/2.0/adjust.py
|
|
||||||
+++ b/templates/2.0/adjust.py
|
|
||||||
@@ -62,10 +62,6 @@ def adjust(config: RawConfigParser, mapping: Dict) -> None: # pylint: disable=u
|
|
||||||
|
|
||||||
# Dictionary defining values to convert to lists
|
|
||||||
tolist = {
|
|
||||||
- "agent": [
|
|
||||||
- "trusted_client_ca",
|
|
||||||
- "revocation_actions",
|
|
||||||
- ],
|
|
||||||
"verifier": [
|
|
||||||
"trusted_server_ca",
|
|
||||||
"severity_labels",
|
|
||||||
@@ -84,6 +80,12 @@ def adjust(config: RawConfigParser, mapping: Dict) -> None: # pylint: disable=u
|
|
||||||
"registrar": ["trusted_client_ca"],
|
|
||||||
}
|
|
||||||
|
|
||||||
+ mergelist = {
|
|
||||||
+ "agent": [
|
|
||||||
+ "revocation_actions",
|
|
||||||
+ ]
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
for section in config:
|
|
||||||
try:
|
|
||||||
config_version = str_to_version(config[section].get("version", "1.0"))
|
|
||||||
@@ -151,6 +153,45 @@ def adjust(config: RawConfigParser, mapping: Dict) -> None: # pylint: disable=u
|
|
||||||
|
|
||||||
print(f"[{section}] For option '{option}', converted '{value}' to " f"'{config[section][option]}'")
|
|
||||||
|
|
||||||
+ # This is a special treatment to make lists compatible with the Rust agent
|
|
||||||
+ if section in mergelist:
|
|
||||||
+ for option in mergelist[section]:
|
|
||||||
+ if section in config and option in config[section]:
|
|
||||||
+ # Get raw string value
|
|
||||||
+ value = config[section][option].strip(' "')
|
|
||||||
+
|
|
||||||
+ if value == "default":
|
|
||||||
+ continue
|
|
||||||
+
|
|
||||||
+ l = []
|
|
||||||
+ try:
|
|
||||||
+ v = ast.literal_eval(value)
|
|
||||||
+ # If the value in the config was already a list, continue
|
|
||||||
+ if isinstance(v, list):
|
|
||||||
+ l = v
|
|
||||||
+ # If the value in the config was tuple
|
|
||||||
+ elif isinstance(v, tuple):
|
|
||||||
+ l = list(v)
|
|
||||||
+
|
|
||||||
+ except Exception as e:
|
|
||||||
+ print(
|
|
||||||
+ f"[{section}] In option '{option}', failed to parse "
|
|
||||||
+ f"'{value}' as python type, trying manual splitting"
|
|
||||||
+ )
|
|
||||||
+
|
|
||||||
+ # Eliminate surrounding spaces and brackets, if present
|
|
||||||
+ v = value.strip("[ ]").split(",")
|
|
||||||
+
|
|
||||||
+ # Eliminate surrounding quotes and blank spaces from each element
|
|
||||||
+ v = map(lambda x: x.strip(' "'), v)
|
|
||||||
+
|
|
||||||
+ # Remove empty strings
|
|
||||||
+ l = list(filter(lambda x: (x != ""), v))
|
|
||||||
+
|
|
||||||
+ config[section][option] = ",".join(l)
|
|
||||||
+
|
|
||||||
+ print(f"[{section}] For option '{option}', converted '{value}' to '{config[section][option]}'")
|
|
||||||
+
|
|
||||||
# Other special adjustments
|
|
||||||
|
|
||||||
# Convert agent boolean values to lower case (for TOML output)
|
|
||||||
diff --git a/templates/2.0/mapping.json b/templates/2.0/mapping.json
|
|
||||||
index 62e8538..fd8519e 100644
|
|
||||||
--- a/templates/2.0/mapping.json
|
|
||||||
+++ b/templates/2.0/mapping.json
|
|
||||||
@@ -100,7 +100,7 @@
|
|
||||||
"tpm_ownerpassword": {
|
|
||||||
"section": "cloud_agent",
|
|
||||||
"option": "tpm_ownerpassword",
|
|
||||||
- "default": "keylime"
|
|
||||||
+ "default": ""
|
|
||||||
},
|
|
||||||
"extract_payload_zip": {
|
|
||||||
"section": "cloud_agent",
|
|
||||||
@@ -120,7 +120,7 @@
|
|
||||||
"revocation_actions": {
|
|
||||||
"section": "cloud_agent",
|
|
||||||
"option": "revocation_actions",
|
|
||||||
- "default": "[]"
|
|
||||||
+ "default": ""
|
|
||||||
},
|
|
||||||
"payload_script": {
|
|
||||||
"section": "cloud_agent",
|
|
||||||
--
|
|
||||||
2.39.2
|
|
||||||
|
|
||||||
@ -8,7 +8,7 @@
|
|||||||
%global selinuxtype targeted
|
%global selinuxtype targeted
|
||||||
|
|
||||||
Name: keylime
|
Name: keylime
|
||||||
Version: 7.2.5
|
Version: 7.3.0
|
||||||
Release: %autorelease
|
Release: %autorelease
|
||||||
Summary: Open source TPM software for Bootstrapping and Maintaining Trust
|
Summary: Open source TPM software for Bootstrapping and Maintaining Trust
|
||||||
|
|
||||||
@ -19,11 +19,10 @@ Source1: %{srcname}.sysusers
|
|||||||
Source2: https://github.com/RedHat-SP-Security/%{name}-selinux/archive/v%{policy_version}/keylime-selinux-%{policy_version}.tar.gz
|
Source2: https://github.com/RedHat-SP-Security/%{name}-selinux/archive/v%{policy_version}/keylime-selinux-%{policy_version}.tar.gz
|
||||||
|
|
||||||
Patch: 01-duplicate-str-to-version.patch
|
Patch: 01-duplicate-str-to-version.patch
|
||||||
Patch: 0002-templates-Fix-mapping-and-adjust-for-Rust-agent.patch
|
|
||||||
|
|
||||||
# Main program: BSD
|
# Main program: BSD
|
||||||
# Icons: MIT
|
# Icons: MIT
|
||||||
License: ASL 2.0 and MIT
|
License: Apache-2.0 AND MIT
|
||||||
|
|
||||||
BuildRequires: git-core
|
BuildRequires: git-core
|
||||||
BuildRequires: swig
|
BuildRequires: swig
|
||||||
@ -106,6 +105,7 @@ Requires: python3-gpg
|
|||||||
Requires: python3-lark-parser
|
Requires: python3-lark-parser
|
||||||
Requires: python3-pyasn1
|
Requires: python3-pyasn1
|
||||||
Requires: python3-pyasn1-modules
|
Requires: python3-pyasn1-modules
|
||||||
|
Requires: python3-typing-extensions
|
||||||
Requires: tpm2-tools
|
Requires: tpm2-tools
|
||||||
|
|
||||||
%description -n python3-%{srcname}
|
%description -n python3-%{srcname}
|
||||||
|
|||||||
2
sources
2
sources
@ -1,2 +1,2 @@
|
|||||||
SHA512 (v7.2.5.tar.gz) = 375342f82786b604b534edf31dd0d9203d653562bc1ab0542a90b699e208e8fe4076dce7900c0f66f262c301418ae173390af15c01024e5d02b2b997eeabe702
|
SHA512 (v7.3.0.tar.gz) = 6a5ee3e642015b4c09058ab84db9c1c132d94b387284cb363285fb43a875921fdf0e88ef4b67ab886ceed4e6a5a49aeef0334d42d9662d27f865287d3e9e000b
|
||||||
SHA512 (keylime-selinux-1.0.0.tar.gz) = d0b4fea7407ad493b08e6f087e8f32b1a65acbee59bf6e20a0e26aaa139f56c1206c7e707898fd8a2e11468cd918f76cb6985f68b8a2faa8a2a4b7a9ba4c3674
|
SHA512 (keylime-selinux-1.0.0.tar.gz) = d0b4fea7407ad493b08e6f087e8f32b1a65acbee59bf6e20a0e26aaa139f56c1206c7e707898fd8a2e11468cd918f76cb6985f68b8a2faa8a2a4b7a9ba4c3674
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user