|
|
f08250 |
From 16f667d9f3d649e33ca762afa1a8a7f909b953a8 Mon Sep 17 00:00:00 2001
|
|
|
f08250 |
From: Sergio Correia <scorreia@redhat.com>
|
|
|
f08250 |
Date: Sun, 25 Oct 2020 11:15:46 -0300
|
|
|
f08250 |
Subject: [PATCH] Fixes for dealing with newer tang without tangd-update
|
|
|
f08250 |
|
|
|
f08250 |
---
|
|
|
f08250 |
src/luks/tests/meson.build | 11 +----------
|
|
|
f08250 |
src/luks/tests/tests-common-functions.in | 19 +++++++++++--------
|
|
|
f08250 |
src/pins/tang/meson.build | 11 +----------
|
|
|
f08250 |
src/pins/tang/pin-tang | 11 ++++++++---
|
|
|
f08250 |
4 files changed, 21 insertions(+), 31 deletions(-)
|
|
|
f08250 |
|
|
|
f08250 |
diff --git a/src/luks/tests/meson.build b/src/luks/tests/meson.build
|
|
|
f08250 |
index ba5f6a2..c0f9dc3 100644
|
|
|
f08250 |
--- a/src/luks/tests/meson.build
|
|
|
f08250 |
+++ b/src/luks/tests/meson.build
|
|
|
f08250 |
@@ -17,14 +17,6 @@ kgen = find_program(
|
|
|
f08250 |
join_paths('/', 'usr', get_option('libexecdir'), 'tangd-keygen'),
|
|
|
f08250 |
required: false
|
|
|
f08250 |
)
|
|
|
f08250 |
-updt = find_program(
|
|
|
f08250 |
- join_paths(libexecdir, 'tangd-update'),
|
|
|
f08250 |
- join_paths(get_option('prefix'), get_option('libdir'), 'tangd-update'),
|
|
|
f08250 |
- join_paths(get_option('prefix'), get_option('libexecdir'), 'tangd-update'),
|
|
|
f08250 |
- join_paths('/', 'usr', get_option('libdir'), 'tangd-update'),
|
|
|
f08250 |
- join_paths('/', 'usr', get_option('libexecdir'), 'tangd-update'),
|
|
|
f08250 |
- required: false
|
|
|
f08250 |
-)
|
|
|
f08250 |
tang = find_program(
|
|
|
f08250 |
join_paths(libexecdir, 'tangd'),
|
|
|
f08250 |
join_paths(get_option('prefix'), get_option('libdir'), 'tangd'),
|
|
|
f08250 |
@@ -58,11 +50,10 @@ env.prepend('PATH',
|
|
|
f08250 |
)
|
|
|
f08250 |
|
|
|
f08250 |
has_tang = false
|
|
|
f08250 |
-if actv.found() and kgen.found() and updt.found() and tang.found()
|
|
|
f08250 |
+if actv.found() and kgen.found() and tang.found()
|
|
|
f08250 |
has_tang = true
|
|
|
f08250 |
env.set('SD_ACTIVATE', actv.path())
|
|
|
f08250 |
env.set('TANGD_KEYGEN', kgen.path())
|
|
|
f08250 |
- env.set('TANGD_UPDATE', updt.path())
|
|
|
f08250 |
env.set('TANGD', tang.path())
|
|
|
f08250 |
endif
|
|
|
f08250 |
|
|
|
f08250 |
diff --git a/src/luks/tests/tests-common-functions.in b/src/luks/tests/tests-common-functions.in
|
|
|
f08250 |
index 8520715..318d007 100755
|
|
|
f08250 |
--- a/src/luks/tests/tests-common-functions.in
|
|
|
f08250 |
+++ b/src/luks/tests/tests-common-functions.in
|
|
|
f08250 |
@@ -251,18 +251,19 @@ tang_remove_rotated_keys() {
|
|
|
f08250 |
return 1
|
|
|
f08250 |
fi
|
|
|
f08250 |
|
|
|
f08250 |
- [ -z "${TANGD_UPDATE}" ] && skip_test "WARNING: TANGD_UPDATE is not defined."
|
|
|
f08250 |
-
|
|
|
f08250 |
local db="${basedir}/db"
|
|
|
f08250 |
- local cache="${basedir}/cache"
|
|
|
f08250 |
mkdir -p "${db}"
|
|
|
f08250 |
- mkdir -p "${cache}"
|
|
|
f08250 |
+
|
|
|
f08250 |
+ if [ -n "${TANGD_UPDATE}" ]; then
|
|
|
f08250 |
+ local cache="${basedir}/cache"
|
|
|
f08250 |
+ mkdir -p "${cache}"
|
|
|
f08250 |
+ fi
|
|
|
f08250 |
|
|
|
f08250 |
pushd "${db}"
|
|
|
f08250 |
find . -name ".*.jwk" -exec rm -f {} \;
|
|
|
f08250 |
popd
|
|
|
f08250 |
|
|
|
f08250 |
- "${TANGD_UPDATE}" "${db}" "${cache}"
|
|
|
f08250 |
+ [ -n "${TANGD_UPDATE}" ] && "${TANGD_UPDATE}" "${db}" "${cache}"
|
|
|
f08250 |
return 0
|
|
|
f08250 |
}
|
|
|
f08250 |
|
|
|
f08250 |
@@ -277,12 +278,12 @@ tang_new_keys() {
|
|
|
f08250 |
fi
|
|
|
f08250 |
|
|
|
f08250 |
[ -z "${TANGD_KEYGEN}" ] && skip_test "WARNING: TANGD_KEYGEN is not defined."
|
|
|
f08250 |
- [ -z "${TANGD_UPDATE}" ] && skip_test "WARNING: TANGD_UPDATE is not defined."
|
|
|
f08250 |
|
|
|
f08250 |
local db="${basedir}/db"
|
|
|
f08250 |
- local cache="${basedir}/cache"
|
|
|
f08250 |
mkdir -p "${db}"
|
|
|
f08250 |
|
|
|
f08250 |
+ [ -n "${TANGD_UPDATE}" ] && local cache="${basedir}/cache"
|
|
|
f08250 |
+
|
|
|
f08250 |
if [ -n "${rotate}" ]; then
|
|
|
f08250 |
pushd "${db}"
|
|
|
f08250 |
local k
|
|
|
f08250 |
@@ -296,7 +297,7 @@ tang_new_keys() {
|
|
|
f08250 |
fi
|
|
|
f08250 |
|
|
|
f08250 |
"${TANGD_KEYGEN}" "${db}"
|
|
|
f08250 |
- "${TANGD_UPDATE}" "${db}" "${cache}"
|
|
|
f08250 |
+ [ -n "${TANGD_UPDATE}" ] && "${TANGD_UPDATE}" "${db}" "${cache}"
|
|
|
f08250 |
|
|
|
f08250 |
return 0
|
|
|
f08250 |
}
|
|
|
f08250 |
@@ -322,6 +323,8 @@ tang_run() {
|
|
|
f08250 |
fi
|
|
|
f08250 |
|
|
|
f08250 |
local KEYS="${basedir}/cache"
|
|
|
f08250 |
+ [ -z "${TANGD_UPDATE}" ] && KEYS="${basedir}/db"
|
|
|
f08250 |
+
|
|
|
f08250 |
local inetd='--inetd'
|
|
|
f08250 |
[ "${SD_ACTIVATE##*/}" = "systemd-activate" ] && inetd=
|
|
|
f08250 |
|
|
|
f08250 |
diff --git a/src/pins/tang/meson.build b/src/pins/tang/meson.build
|
|
|
f08250 |
index f7d8226..ebcdd4a 100644
|
|
|
f08250 |
--- a/src/pins/tang/meson.build
|
|
|
f08250 |
+++ b/src/pins/tang/meson.build
|
|
|
f08250 |
@@ -12,14 +12,6 @@ kgen = find_program(
|
|
|
f08250 |
join_paths('/', 'usr', get_option('libexecdir'), 'tangd-keygen'),
|
|
|
f08250 |
required: false
|
|
|
f08250 |
)
|
|
|
f08250 |
-updt = find_program(
|
|
|
f08250 |
- join_paths(libexecdir, 'tangd-update'),
|
|
|
f08250 |
- join_paths(get_option('prefix'), get_option('libdir'), 'tangd-update'),
|
|
|
f08250 |
- join_paths(get_option('prefix'), get_option('libexecdir'), 'tangd-update'),
|
|
|
f08250 |
- join_paths('/', 'usr', get_option('libdir'), 'tangd-update'),
|
|
|
f08250 |
- join_paths('/', 'usr', get_option('libexecdir'), 'tangd-update'),
|
|
|
f08250 |
- required: false
|
|
|
f08250 |
-)
|
|
|
f08250 |
tang = find_program(
|
|
|
f08250 |
join_paths(libexecdir, 'tangd'),
|
|
|
f08250 |
join_paths(get_option('prefix'), get_option('libdir'), 'tangd'),
|
|
|
f08250 |
@@ -35,11 +27,10 @@ if curl.found()
|
|
|
f08250 |
bins += join_paths(meson.current_source_dir(), 'clevis-encrypt-tang')
|
|
|
f08250 |
mans += join_paths(meson.current_source_dir(), 'clevis-encrypt-tang.1')
|
|
|
f08250 |
|
|
|
f08250 |
- if actv.found() and kgen.found() and updt.found() and tang.found()
|
|
|
f08250 |
+ if actv.found() and kgen.found() and tang.found()
|
|
|
f08250 |
env = environment()
|
|
|
f08250 |
env.set('SD_ACTIVATE', actv.path())
|
|
|
f08250 |
env.set('TANGD_KEYGEN', kgen.path())
|
|
|
f08250 |
- env.set('TANGD_UPDATE', updt.path())
|
|
|
f08250 |
env.set('TANGD', tang.path())
|
|
|
f08250 |
env.prepend('PATH',
|
|
|
f08250 |
join_paths(meson.source_root(), 'src'),
|
|
|
f08250 |
diff --git a/src/pins/tang/pin-tang b/src/pins/tang/pin-tang
|
|
|
f08250 |
index 98e5e4d..a63d0a2 100755
|
|
|
f08250 |
--- a/src/pins/tang/pin-tang
|
|
|
f08250 |
+++ b/src/pins/tang/pin-tang
|
|
|
f08250 |
@@ -31,8 +31,12 @@ mkdir -p "$TMP"/db
|
|
|
f08250 |
mkdir -p "$TMP"/cache
|
|
|
f08250 |
|
|
|
f08250 |
# Generate the server keys
|
|
|
f08250 |
+KEYS="$TMP"/db
|
|
|
f08250 |
"${TANGD_KEYGEN}" "$TMP"/db sig exc
|
|
|
f08250 |
-"${TANGD_UPDATE}" "$TMP"/db "$TMP"/cache
|
|
|
f08250 |
+if which tangd-update; then
|
|
|
f08250 |
+ tangd-update "$TMP"/db "$TMP"/cache
|
|
|
f08250 |
+ KEYS="$TMP"/cache
|
|
|
f08250 |
+fi
|
|
|
f08250 |
|
|
|
f08250 |
# Start the server
|
|
|
f08250 |
port="$(shuf -i 1024-65536 -n 1)"
|
|
|
f08250 |
@@ -40,13 +44,14 @@ port="$(shuf -i 1024-65536 -n 1)"
|
|
|
f08250 |
inetd='--inetd'
|
|
|
f08250 |
[ "${SD_ACTIVATE##*/}" = "systemd-activate" ] && inetd=
|
|
|
f08250 |
|
|
|
f08250 |
-"$SD_ACTIVATE" $inetd -l 127.0.0.1:"$port" -a "$TANGD" "$TMP"/cache &
|
|
|
f08250 |
+"$SD_ACTIVATE" $inetd -l 127.0.0.1:"$port" -a "$TANGD" "$KEYS" &
|
|
|
f08250 |
PID=$!
|
|
|
f08250 |
sleep 0.25
|
|
|
f08250 |
|
|
|
f08250 |
thp="$(jose jwk thp -i "$TMP/db/sig.jwk")"
|
|
|
f08250 |
-adv="$TMP/cache/default.jws"
|
|
|
f08250 |
url="http://localhost:${port}"
|
|
|
f08250 |
+adv="$TMP/adv"
|
|
|
f08250 |
+curl "$url/adv" -o "$adv"
|
|
|
f08250 |
|
|
|
f08250 |
cfg="$(printf '{"url":"%s","adv":"%s"}' "$url" "$adv")"
|
|
|
f08250 |
enc="$(echo -n "hi" | clevis encrypt tang "$cfg")"
|
|
|
f08250 |
--
|
|
|
f08250 |
2.18.4
|
|
|
f08250 |
|