| Message ID | 20200816193627.73935-1-zohar@linux.ibm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [ima-evm-utils] Install the swtpm package, if available | expand |
On Sun, 2020-08-16 at 15:36 -0400, Mimi Zohar wrote: > # Only stop this test's software TPM. Preferred method: "tsstpmcmd -stop" > @@ -48,22 +52,36 @@ cleanup() { > > # Try to start a software TPM if needed. > swtpm_start() { > - local swtpm > + local swtpm swtpm1 > > swtpm="$(which tpm_server)" > - if [ -z "${swtpm}" ]; then > - echo "${CYAN}SKIP: Softare TPM (tpm_server) not found${NORM}" > + swtpm1="$(which swtpm)" > + if [ -z "${swtpm}" ] && [ -z "${swptm1}" ]; then Need to fix "swptm1" typo. Mimi > + echo "${CYAN}SKIP: Softare TPM (tpm_server and swtpm) not found${NORM}" > return "$SKIP" > fi
Hi Mimi, > Note: Some travis/<distro>.sh scripts are links to other scripts. > Don't fail the build of the linked script if the swtpm package doesn't > exist. ... > --- a/travis/fedora.sh > +++ b/travis/fedora.sh > @@ -41,6 +41,7 @@ yum -y install \ > which > > yum -y install docbook5-style-xsl || true > +yum -y install swtpm || true Yes, that's probably the best way how to solve. Sometimes I also passed $INSTALL to the script and had if clause. > On Sun, 2020-08-16 at 15:36 -0400, Mimi Zohar wrote: > > # Only stop this test's software TPM. Preferred method: "tsstpmcmd -stop" > > @@ -48,22 +52,36 @@ cleanup() { > > # Try to start a software TPM if needed. > > swtpm_start() { > > - local swtpm > > + local swtpm swtpm1 > > swtpm="$(which tpm_server)" > > - if [ -z "${swtpm}" ]; then > > - echo "${CYAN}SKIP: Softare TPM (tpm_server) not found${NORM}" > > + swtpm1="$(which swtpm)" > > + if [ -z "${swtpm}" ] && [ -z "${swptm1}" ]; then > Need to fix "swptm1" typo. +1 Reviewed-by: Petr Vorel <pvorel@suse.cz> Also, not related to this commit: * add pgrep and pkill to _require (fix of a different commit) * add magic constant 114 to exit codes (in tests/functions.sh) * I'd like reuse exit codes in build.sh. I could source tests/functions.sh (they look to be general enough, just I didn't like script in root directory depending on it, as it's general enough for build without testing) have these constants in separate file. Kind regards, Petr
On Sun, Aug 16, 2020 at 03:36:27PM -0400, Mimi Zohar wrote: > The "boot_aggregate.test" requires either a hardware or software TPM. > Support using the swtpm, if packaged for the distro, in addition to > tpm_server. > > Note: Some travis/<distro>.sh scripts are links to other scripts. > Don't fail the build of the linked script if the swtpm package doesn't > exist. > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > --- > .travis.yml | 2 +- > tests/boot_aggregate.test | 40 ++++++++++++++++++++++++++++----------- > travis/fedora.sh | 1 + > 3 files changed, 31 insertions(+), 12 deletions(-) > > diff --git a/.travis.yml b/.travis.yml > index 849fcb6ba822..9bea5d19bd0e 100644 > --- a/.travis.yml > +++ b/.travis.yml > @@ -75,4 +75,4 @@ before_install: > script: > - INSTALL="${DISTRO%%:*}" > - INSTALL="${INSTALL%%/*}" > - - docker run -t ima-evm-utils /bin/sh -c "cd travis && if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./$INSTALL.sh && if [ ! \"$VARIANT\" ]; then which tpm_server || ../tests/install-swtpm.sh; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ../build.sh" > + - docker run -t ima-evm-utils /bin/sh -c "cd travis && if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./$INSTALL.sh && if [ ! \"$VARIANT\" ]; then which tpm_server || which swtpm || ../tests/install-swtpm.sh; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ../build.sh" > diff --git a/tests/boot_aggregate.test b/tests/boot_aggregate.test > index 43de67de1468..ce310b6ae5b4 100755 > --- a/tests/boot_aggregate.test > +++ b/tests/boot_aggregate.test > @@ -33,6 +33,10 @@ else > ASCII_RUNTIME_MEASUREMENTS="./sample-ascii_runtime_measurements-pcrs-8-9" > export TPM_INTERFACE_TYPE="socsim" > export TPM_COMMAND_PORT=2321 > + export TPM_PLATFORM_PORT=2322 > + export TPM_SERVER_NAME="localhost" > + export TPM_SERVER_TYPE="raw" > + > fi > > # Only stop this test's software TPM. Preferred method: "tsstpmcmd -stop" > @@ -48,22 +52,36 @@ cleanup() { > > # Try to start a software TPM if needed. > swtpm_start() { > - local swtpm > + local swtpm swtpm1 > > swtpm="$(which tpm_server)" > - if [ -z "${swtpm}" ]; then > - echo "${CYAN}SKIP: Softare TPM (tpm_server) not found${NORM}" > + swtpm1="$(which swtpm)" > + if [ -z "${swtpm}" ] && [ -z "${swptm1}" ]; then > + echo "${CYAN}SKIP: Softare TPM (tpm_server and swtpm) not found${NORM}" > return "$SKIP" > fi > > - pgrep tpm_server > - if [ $? -eq 0 ]; then > - echo "INFO: Software TPM (tpm_server) already running" > - return 114 > - else > - echo "INFO: Starting software TPM: ${swtpm}" > - ${swtpm} > /dev/null 2>&1 & > - SWTPM_PPID=$! > + if [ ! -z "${swtpm1}" ]; then > + pgrep swtpm1 > + if [ $? -eq 0 ]; then > + echo "INFO: Software TPM (swtpm) already running" > + return 114 > + else > + echo "INFO: Starting software TPM: ${swtpm1}" > + mkdir ./myvtpm > + ${swtpm1} socket --tpmstate dir=./myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init > /dev/null 2>&1 & > + SWTPM_PPID=$! > + fi > + elif [ ! -z "${swtpm}" ]; then > + pgrep swtpm > + if [ $? -eq 0 ]; then > + echo "INFO: Software TPM (tpm_server) already running" > + return 114 > + else > + echo "INFO: Starting software TPM: ${swtpm}" > + ${swtpm} > /dev/null 2>&1 & > + SWTPM_PPID=$! > + fi > fi > return 0 > } > diff --git a/travis/fedora.sh b/travis/fedora.sh > index d3459e408d81..f9ee9bed7bc1 100755 > --- a/travis/fedora.sh > +++ b/travis/fedora.sh > @@ -41,6 +41,7 @@ yum -y install \ > which > > yum -y install docbook5-style-xsl || true > +yum -y install swtpm || true > just fyi.. centos:7 doesn't has swtpm while centos:{latest,8} does. Should we consider getting it built manually? I can take a look on it if desirable. > # FIXME: debug > echo "find /tss2_esys.h" > -- > 2.18.4 > With "swptm1" fixed: Acked-by: Bruno Meneguele <bmeneg@redhat.com> Thanks Mimi.
On 8/16/20 3:36 PM, Mimi Zohar wrote: > The "boot_aggregate.test" requires either a hardware or software TPM. > Support using the swtpm, if packaged for the distro, in addition to > tpm_server. > > Note: Some travis/<distro>.sh scripts are links to other scripts. > Don't fail the build of the linked script if the swtpm package doesn't > exist. > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > --- > .travis.yml | 2 +- > tests/boot_aggregate.test | 40 ++++++++++++++++++++++++++++----------- > travis/fedora.sh | 1 + > 3 files changed, 31 insertions(+), 12 deletions(-) > > diff --git a/.travis.yml b/.travis.yml > index 849fcb6ba822..9bea5d19bd0e 100644 > --- a/.travis.yml > +++ b/.travis.yml > @@ -75,4 +75,4 @@ before_install: > script: > - INSTALL="${DISTRO%%:*}" > - INSTALL="${INSTALL%%/*}" > - - docker run -t ima-evm-utils /bin/sh -c "cd travis && if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./$INSTALL.sh && if [ ! \"$VARIANT\" ]; then which tpm_server || ../tests/install-swtpm.sh; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ../build.sh" > + - docker run -t ima-evm-utils /bin/sh -c "cd travis && if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./$INSTALL.sh && if [ ! \"$VARIANT\" ]; then which tpm_server || which swtpm || ../tests/install-swtpm.sh; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ../build.sh" > diff --git a/tests/boot_aggregate.test b/tests/boot_aggregate.test > index 43de67de1468..ce310b6ae5b4 100755 > --- a/tests/boot_aggregate.test > +++ b/tests/boot_aggregate.test > @@ -33,6 +33,10 @@ else > ASCII_RUNTIME_MEASUREMENTS="./sample-ascii_runtime_measurements-pcrs-8-9" > export TPM_INTERFACE_TYPE="socsim" > export TPM_COMMAND_PORT=2321 > + export TPM_PLATFORM_PORT=2322 > + export TPM_SERVER_NAME="localhost" > + export TPM_SERVER_TYPE="raw" > + > fi > > # Only stop this test's software TPM. Preferred method: "tsstpmcmd -stop" > @@ -48,22 +52,36 @@ cleanup() { > > # Try to start a software TPM if needed. > swtpm_start() { > - local swtpm > + local swtpm swtpm1 > > swtpm="$(which tpm_server)" > - if [ -z "${swtpm}" ]; then > - echo "${CYAN}SKIP: Softare TPM (tpm_server) not found${NORM}" > + swtpm1="$(which swtpm)" > + if [ -z "${swtpm}" ] && [ -z "${swptm1}" ]; then > + echo "${CYAN}SKIP: Softare TPM (tpm_server and swtpm) not found${NORM}" > return "$SKIP" > fi > > - pgrep tpm_server > - if [ $? -eq 0 ]; then > - echo "INFO: Software TPM (tpm_server) already running" > - return 114 > - else > - echo "INFO: Starting software TPM: ${swtpm}" > - ${swtpm} > /dev/null 2>&1 & > - SWTPM_PPID=$! > + if [ ! -z "${swtpm1}" ]; then Change to 'if [ -n "${swtpm1}" ]; then' ? > + pgrep swtpm1 > + if [ $? -eq 0 ]; then > + echo "INFO: Software TPM (swtpm) already running" > + return 114 > + else > + echo "INFO: Starting software TPM: ${swtpm1}" > + mkdir ./myvtpm > + ${swtpm1} socket --tpmstate dir=./myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init > /dev/null 2>&1 & > + SWTPM_PPID=$! > + fi > + elif [ ! -z "${swtpm}" ]; then Same here. > + pgrep swtpm > + if [ $? -eq 0 ]; then > + echo "INFO: Software TPM (tpm_server) already running" > + return 114 > + else > + echo "INFO: Starting software TPM: ${swtpm}" > + ${swtpm} > /dev/null 2>&1 & > + SWTPM_PPID=$! > + fi > fi > return 0 > } > diff --git a/travis/fedora.sh b/travis/fedora.sh > index d3459e408d81..f9ee9bed7bc1 100755 > --- a/travis/fedora.sh > +++ b/travis/fedora.sh > @@ -41,6 +41,7 @@ yum -y install \ > which > > yum -y install docbook5-style-xsl || true > +yum -y install swtpm || true > > # FIXME: debug > echo "find /tss2_esys.h"
diff --git a/.travis.yml b/.travis.yml index 849fcb6ba822..9bea5d19bd0e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -75,4 +75,4 @@ before_install: script: - INSTALL="${DISTRO%%:*}" - INSTALL="${INSTALL%%/*}" - - docker run -t ima-evm-utils /bin/sh -c "cd travis && if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./$INSTALL.sh && if [ ! \"$VARIANT\" ]; then which tpm_server || ../tests/install-swtpm.sh; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ../build.sh" + - docker run -t ima-evm-utils /bin/sh -c "cd travis && if [ \"$VARIANT\" ]; then ARCH=\"$ARCH\" ./$INSTALL.$VARIANT.sh; fi && ARCH=\"$ARCH\" CC=\"$CC\" TSS=\"$TSS\" ./$INSTALL.sh && if [ ! \"$VARIANT\" ]; then which tpm_server || which swtpm || ../tests/install-swtpm.sh; fi && CC=\"$CC\" VARIANT=\"$VARIANT\" ../build.sh" diff --git a/tests/boot_aggregate.test b/tests/boot_aggregate.test index 43de67de1468..ce310b6ae5b4 100755 --- a/tests/boot_aggregate.test +++ b/tests/boot_aggregate.test @@ -33,6 +33,10 @@ else ASCII_RUNTIME_MEASUREMENTS="./sample-ascii_runtime_measurements-pcrs-8-9" export TPM_INTERFACE_TYPE="socsim" export TPM_COMMAND_PORT=2321 + export TPM_PLATFORM_PORT=2322 + export TPM_SERVER_NAME="localhost" + export TPM_SERVER_TYPE="raw" + fi # Only stop this test's software TPM. Preferred method: "tsstpmcmd -stop" @@ -48,22 +52,36 @@ cleanup() { # Try to start a software TPM if needed. swtpm_start() { - local swtpm + local swtpm swtpm1 swtpm="$(which tpm_server)" - if [ -z "${swtpm}" ]; then - echo "${CYAN}SKIP: Softare TPM (tpm_server) not found${NORM}" + swtpm1="$(which swtpm)" + if [ -z "${swtpm}" ] && [ -z "${swptm1}" ]; then + echo "${CYAN}SKIP: Softare TPM (tpm_server and swtpm) not found${NORM}" return "$SKIP" fi - pgrep tpm_server - if [ $? -eq 0 ]; then - echo "INFO: Software TPM (tpm_server) already running" - return 114 - else - echo "INFO: Starting software TPM: ${swtpm}" - ${swtpm} > /dev/null 2>&1 & - SWTPM_PPID=$! + if [ ! -z "${swtpm1}" ]; then + pgrep swtpm1 + if [ $? -eq 0 ]; then + echo "INFO: Software TPM (swtpm) already running" + return 114 + else + echo "INFO: Starting software TPM: ${swtpm1}" + mkdir ./myvtpm + ${swtpm1} socket --tpmstate dir=./myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init > /dev/null 2>&1 & + SWTPM_PPID=$! + fi + elif [ ! -z "${swtpm}" ]; then + pgrep swtpm + if [ $? -eq 0 ]; then + echo "INFO: Software TPM (tpm_server) already running" + return 114 + else + echo "INFO: Starting software TPM: ${swtpm}" + ${swtpm} > /dev/null 2>&1 & + SWTPM_PPID=$! + fi fi return 0 } diff --git a/travis/fedora.sh b/travis/fedora.sh index d3459e408d81..f9ee9bed7bc1 100755 --- a/travis/fedora.sh +++ b/travis/fedora.sh @@ -41,6 +41,7 @@ yum -y install \ which yum -y install docbook5-style-xsl || true +yum -y install swtpm || true # FIXME: debug echo "find /tss2_esys.h"
The "boot_aggregate.test" requires either a hardware or software TPM. Support using the swtpm, if packaged for the distro, in addition to tpm_server. Note: Some travis/<distro>.sh scripts are links to other scripts. Don't fail the build of the linked script if the swtpm package doesn't exist. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> --- .travis.yml | 2 +- tests/boot_aggregate.test | 40 ++++++++++++++++++++++++++++----------- travis/fedora.sh | 1 + 3 files changed, 31 insertions(+), 12 deletions(-)