The included patches implement graceful shutdown for both pull and push
models, cancelling pending operations, and waiting for critical
in-flight operations to finish before shutting down.
Backport the following upstream PRs:
- https://github.com/keylime/keylime/pull/1809
- Document supported configuration options
- Sync missing and removed options from configuration templates
- https://github.com/keylime/keylime/pull/1868
- Remove 'enable_authentication' from agent config templates
- https://github.com/keylime/keylime/pull/1855
- Add push-model documentation
- https://github.com/keylime/keylime/pull/1869
- Add verifier graceful shutdown
- https://github.com/keylime/keylime/pull/1883
- Ignore SIGTERM and SIGINT signals on Manager and parent processes
- https://github.com/keylime/keylime/pull/1886
- Move socket from /tmp to /var/run/keylime
Also, update the keylime-selinux to the latest release (43.2.1) to
include the following changes:
- https://github.com/RedHat-SP-Security/keylime-selinux/pull/33
- Allow Keylime to perform socket operation on /var/run/keylime
- https://github.com/RedHat-SP-Security/keylime-selinux/pull/34
- Allow Keylime to read /proc/net to populate certificates Subject
Alternative Names (SAN)
Documentation updates and configuration template updates were included
to allow the graceful shutdown patch to apply cleanly.
This also modifies the test runner to use pytest, adding python3-pytest
to the BuildRequires. This was necessary to make the fixtures created in
conftest.py to be used, which is not available when running with
unittest.
Resolves: RHEL-151493
Resolves: RHEL-151408
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
