|
 |
64015d |
From 27a27befed2257c2156ed8b94d679951b9b1a4d5 Mon Sep 17 00:00:00 2001
|
|
|
524513 |
From: Sergio Correia <scorreia@redhat.com>
|
|
|
64015d |
Date: Wed, 13 May 2020 23:51:04 -0300
|
|
|
64015d |
Subject: [PATCH 1/8] Adjust pin-tang test to account for newer tang without
|
|
|
524513 |
tangd-update
|
|
|
524513 |
|
|
|
524513 |
---
|
|
|
64015d |
src/luks/tests/unbind-unbound-slot-luks2 | 1 +
|
|
|
64015d |
src/pins/tang/meson.build | 8 +-------
|
|
|
64015d |
src/pins/tang/pin-tang | 11 ++++++++---
|
|
|
64015d |
3 files changed, 10 insertions(+), 10 deletions(-)
|
|
|
524513 |
|
|
|
64015d |
diff --git a/src/luks/tests/unbind-unbound-slot-luks2 b/src/luks/tests/unbind-unbound-slot-luks2
|
|
|
64015d |
index 6a2aca5..6d814ad 100755
|
|
|
64015d |
--- a/src/luks/tests/unbind-unbound-slot-luks2
|
|
|
64015d |
+++ b/src/luks/tests/unbind-unbound-slot-luks2
|
|
|
64015d |
@@ -36,6 +36,7 @@ TMP="$(mktemp -d)"
|
|
|
64015d |
|
|
|
64015d |
DEV="${TMP}/luks2-device"
|
|
|
64015d |
new_device "luks2" "${DEV}"
|
|
|
64015d |
+SLT=2
|
|
|
64015d |
if clevis luks unbind -d "${DEV}" -s "${SLT}"; then
|
|
|
64015d |
error "${TEST}: Unbind is expected to fail for device ${DEV} and slot ${SLT}" >&2
|
|
|
64015d |
fi
|
|
|
524513 |
diff --git a/src/pins/tang/meson.build b/src/pins/tang/meson.build
|
|
|
64015d |
index 74a3442..9b9a3db 100644
|
|
|
524513 |
--- a/src/pins/tang/meson.build
|
|
|
524513 |
+++ b/src/pins/tang/meson.build
|
|
|
64015d |
@@ -9,12 +9,6 @@ kgen = find_program(
|
|
|
64015d |
'/usr/lib/x86_64-linux-gnu/tangd-keygen',
|
|
|
524513 |
required: false
|
|
|
524513 |
)
|
|
|
524513 |
-updt = find_program(
|
|
|
524513 |
- join_paths(libexecdir, 'tangd-update'),
|
|
|
524513 |
- '/usr/libexec/tangd-update',
|
|
|
64015d |
- '/usr/lib/x86_64-linux-gnu/tangd-update',
|
|
|
524513 |
- required: false
|
|
|
524513 |
-)
|
|
|
524513 |
tang = find_program(
|
|
|
524513 |
join_paths(libexecdir, 'tangd'),
|
|
|
524513 |
'/usr/libexec/tangd',
|
|
|
64015d |
@@ -28,7 +22,7 @@ if curl.found()
|
|
|
524513 |
bins += join_paths(meson.current_source_dir(), 'clevis-encrypt-tang')
|
|
|
524513 |
mans += join_paths(meson.current_source_dir(), 'clevis-encrypt-tang.1')
|
|
|
524513 |
|
|
|
524513 |
- if actv.found() and kgen.found() and updt.found() and tang.found()
|
|
|
524513 |
+ if actv.found() and kgen.found() and tang.found()
|
|
|
524513 |
env = environment()
|
|
|
524513 |
env.set('SD_ACTIVATE', actv.path())
|
|
|
524513 |
env.append('PATH',
|
|
|
524513 |
diff --git a/src/pins/tang/pin-tang b/src/pins/tang/pin-tang
|
|
|
64015d |
index 1720d3d..8190f3d 100755
|
|
|
524513 |
--- a/src/pins/tang/pin-tang
|
|
|
524513 |
+++ b/src/pins/tang/pin-tang
|
|
|
64015d |
@@ -31,18 +31,23 @@ mkdir -p "$TMP"/db
|
|
|
64015d |
mkdir -p "$TMP"/cache
|
|
|
524513 |
|
|
|
524513 |
# Generate the server keys
|
|
|
64015d |
+KEYS="$TMP"/db
|
|
|
64015d |
tangd-keygen "$TMP"/db sig exc
|
|
|
64015d |
-tangd-update "$TMP"/db "$TMP"/cache
|
|
|
524513 |
+if which tangd-update; then
|
|
|
64015d |
+ tangd-update "$TMP"/db "$TMP"/cache
|
|
|
524513 |
+ KEYS=$TMP/cache
|
|
|
524513 |
+fi
|
|
|
524513 |
|
|
|
524513 |
# Start the server
|
|
|
64015d |
port="$(shuf -i 1024-65536 -n 1)"
|
|
|
64015d |
-$SD_ACTIVATE --inetd -l 127.0.0.1:$port -a tangd "$TMP"/cache &
|
|
|
64015d |
+$SD_ACTIVATE --inetd -l 127.0.0.1:$port -a tangd "$KEYS" &
|
|
|
64015d |
PID=$!
|
|
|
524513 |
sleep 0.25
|
|
|
524513 |
|
|
|
64015d |
thp="$(jose jwk thp -i "$TMP/db/sig.jwk")"
|
|
|
524513 |
-adv="$TMP/cache/default.jws"
|
|
|
524513 |
url="http://localhost:${port}"
|
|
|
524513 |
+adv="$TMP/adv"
|
|
|
524513 |
+curl "$url/adv" -o $adv
|
|
|
524513 |
|
|
|
64015d |
cfg="$(printf '{"url":"%s","adv":"%s"}' "$url" "$adv")"
|
|
|
64015d |
enc="$(echo -n "hi" | clevis encrypt tang "$cfg")"
|
|
|
524513 |
--
|
|
|
64015d |
2.18.4
|
|
|
524513 |
|