Ubuntu
swtpm package

Merge ~paelzer/ubuntu/+source/swtpm:bump-0.6.3-jammy into ubuntu/+source/swtpm:ubuntu/jammy-devel

  1. Git
  2. lp:~paelzer/ubuntu/+source/swtpm
  3. bump-0.6.3-jammy
  4. Merge into ubuntu/jammy-devel
Proposed by Christian Ehrhardt 
Status: Merged
Merge reported by: Christian Ehrhardt 
Merged at revision: b6ff3a510f8f766ae20aedbfe1e0ac72612c5ef6
Proposed branch: ~paelzer/ubuntu/+source/swtpm:bump-0.6.3-jammy
Merge into: ubuntu/+source/swtpm:ubuntu/jammy-devel
Diff against target: 395 lines (+125/-30)
14 files modified
CHANGES (+22/-0)
configure.ac (+9/-6)
debian/changelog (+23/-0)
debian/usr.bin.swtpm (+1/-0)
man/man8/swtpm_setup.pod (+1/-1)
samples/swtpm_localca.c (+16/-1)
samples/swtpm_localca_utils.c (+6/-4)
src/swtpm/swtpm.c (+2/-2)
src/swtpm/swtpm_chardev.c (+2/-2)
src/swtpm/swtpm_nvfile.c (+10/-1)
src/swtpm_setup/swtpm_setup.c (+10/-4)
swtpm.spec (+7/-1)
swtpm.spec.in (+6/-0)
tests/test_swtpm_setup_create_cert (+10/-8)
Reviewer Review Type Date Requested Status
Lena Voytek (community) Approve
Canonical Server packageset reviewers Pending
git-ubuntu import Pending
Review via email: mp+417221@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

This contains
- upstream v6.1.0..v6.3.0 stable changes (kept as individual commits).
- tarball is from https://github.com/stefanberger/swtpm/releases/tag/v0.6.3
- a fix for the apparmor profile

PPA: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4809/+packages

This fixes:
- the request by security (https://bugs.launchpad.net/ubuntu/+source/swtpm/+bug/1948748/comments/11)
- apparmor issue blocking migration (bug 1950631)
- generally stabilizes swtpm for jammy

(now good) Autopkgtest logs:
https://autopkgtest.ubuntu.com/results/autopkgtest-jammy-ci-train-ppa-service-4809/jammy/amd64/s/swtpm/20220322_115315_f84ac@/log.gz
https://autopkgtest.ubuntu.com/results/autopkgtest-jammy-ci-train-ppa-service-4809/jammy/s390x/s/swtpm/20220322_115802_f84ac@/log.gz
https://autopkgtest.ubuntu.com/results/autopkgtest-jammy-ci-train-ppa-service-4809/jammy/armhf/s/swtpm/20220322_120054_8a59f@/log.gz
https://autopkgtest.ubuntu.com/results/autopkgtest-jammy-ci-train-ppa-service-4809/jammy/arm64/s/swtpm/20220322_120216_ab240@/log.gz

Revision history for this message
Lena Voytek (lvoytek) wrote :

The upstream additions look good to me. I don't see the apparmor profile change here though, should that show up in the diff?

changelog, builds, and tests look good to me

review: Needs Information
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Indeed I didn't push that part yet, doing so now ...

Revision history for this message
Lena Voytek (lvoytek) wrote :

Looks good to me! I confirm the apparmor profile addition works properly

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Review here, tests and foundations feedback is ok - uploading.

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading swtpm_0.6.3-0ubuntu1.dsc: done.
  Uploading swtpm_0.6.3.orig.tar.gz: done.
  Uploading swtpm_0.6.3-0ubuntu1.debian.tar.xz: done.
  Uploading swtpm_0.6.3-0ubuntu1_source.buildinfo: done.
  Uploading swtpm_0.6.3-0ubuntu1_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/CHANGES b/CHANGES
index 5040187..75a6170 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,27 @@
1CHANGES - changes for swtpm1CHANGES - changes for swtpm
22
3version 0.6.3:
4 - swtpm:
5 - Do not chdir(/) when using --daemon
6 - swtpm-localca:
7 - Re-implement variable resolution for swtpm-localca.conf
8 - tests:
9 - Use ${WORKDIR} in config files to test env. var replacement
10 - man:
11 - Add missing .config directory to path description when using ${HOME}
12 - build-sys:
13 - Add probing for -fstack-protector
14 - configure: Fix typo TPM2 -> TMP2
15
16version 0.6.2:
17 - swtpm:
18 - Check header size indicator against expected size (CVE-2022-23645)
19 - swtpm-localca:
20 - Test for available issuercert before creating CA
21 - swtpm_setup:
22 - Report stderr as returned by external tool (swtpm-localcal)
23 - Fix exit code on error to be '1'.
24
3version 0.6.1:25version 0.6.1:
4 - swtpm:26 - swtpm:
5 - Clear keys from stack and heap27 - Clear keys from stack and heap
diff --git a/configure.ac b/configure.ac
index 6614d5d..aa5bbfc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -23,7 +23,7 @@
23# This file is derived from tpm-tool's configure.in.23# This file is derived from tpm-tool's configure.in.
24#24#
2525
26AC_INIT([swtpm], [0.6.1])26AC_INIT([swtpm], [0.6.3])
27AC_PREREQ([2.69])27AC_PREREQ([2.69])
28AC_CONFIG_SRCDIR(Makefile.am)28AC_CONFIG_SRCDIR(Makefile.am)
29AC_CONFIG_HEADERS([config.h])29AC_CONFIG_HEADERS([config.h])
@@ -384,17 +384,20 @@ AC_ARG_ENABLE([hardening],
384 AS_HELP_STRING([--disable-hardening], [Disable hardening flags]))384 AS_HELP_STRING([--disable-hardening], [Disable hardening flags]))
385385
386if test "x$enable_hardening" != "xno"; then386if test "x$enable_hardening" != "xno"; then
387 TMP="$($CC -fstack-protector-strong $srcdir/include/swtpm/tpm_ioctl.h 2>&1)"387 # Some versions of gcc fail with -Wstack-protector,
388 if echo $TMP | $GREP 'unrecognized command line option' >/dev/null; then388 # some with -Wstack-protector-strong enabled
389 HARDENING_CFLAGS="-fstack-protector -Wstack-protector "389 if ! $CC -fstack-protector-strong -Wstack-protector $srcdir/include/swtpm/tpm_ioctl.h 2>/dev/null; then
390 if $CC -fstack-protector -Wstack-protector $srcdir/include/swtpm/tpm_ioctl.h 2>/dev/null; then
391 HARDENING_CFLAGS="-fstack-protector -Wstack-protector"
392 fi
390 else393 else
391 HARDENING_CFLAGS="-fstack-protector-strong -Wstack-protector "394 HARDENING_CFLAGS="-fstack-protector-strong -Wstack-protector"
392 fi395 fi
393396
394 dnl Must not have -O0 but must have a -O for -D_FORTIFY_SOURCE=2397 dnl Must not have -O0 but must have a -O for -D_FORTIFY_SOURCE=2
395 TMP1="$(echo $CFLAGS | sed -n 's/.*\(-O0\).*/\1/p')"398 TMP1="$(echo $CFLAGS | sed -n 's/.*\(-O0\).*/\1/p')"
396 TMP2="$(echo $CFLAGS | sed -n 's/.*\(-O\).*/\1/p')"399 TMP2="$(echo $CFLAGS | sed -n 's/.*\(-O\).*/\1/p')"
397 if test -z "$TMP1" && test -n "$TPM2"; then400 if test -z "$TMP1" && test -n "$TMP2"; then
398 HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2 "401 HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2 "
399 fi402 fi
400 dnl Check linker for 'relro' and 'now'403 dnl Check linker for 'relro' and 'now'
diff --git a/debian/changelog b/debian/changelog
index bafaa79..2358ac3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,26 @@
1swtpm (0.6.3-0ubuntu1) jammy; urgency=medium
2
3 * Update to the stable release v0.6.3 (LP: 1948748)
4 - swtpm:
5 + Do not chdir(/) when using --daemon
6 + Check header size indicator against expected size (CVE-2022-23645)
7 - swtpm-localca:
8 + Re-implement variable resolution for swtpm-localca.conf
9 + Test for available issuercert before creating CA
10 - tests:
11 + Use ${WORKDIR} in config files to test env. var replacement
12 - man:
13 + Add missing .config directory to path description when using ${HOME}
14 - build-sys:
15 + Add probing for -fstack-protector
16 + configure: Fix typo TPM2 -> TMP2
17 - swtpm_setup:
18 + Report stderr as returned by external tool (swtpm-localcal)
19 + Fix exit code on error to be '1'.
20 * d/usr.bin.swtpm: fix hang on unix sockets due to apparmor rules
21
22 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 22 Mar 2022 09:31:40 +0100
23
1swtpm (0.6.1-0ubuntu6) jammy; urgency=medium24swtpm (0.6.1-0ubuntu6) jammy; urgency=medium
225
3 * Add apparmor profile to swtpm (LP: #1950631)26 * Add apparmor profile to swtpm (LP: #1950631)
diff --git a/debian/usr.bin.swtpm b/debian/usr.bin.swtpm
index 9223918..3d79c9f 100644
--- a/debian/usr.bin.swtpm
+++ b/debian/usr.bin.swtpm
@@ -16,6 +16,7 @@ profile swtpm /usr/bin/swtpm {
1616
17 network inet stream,17 network inet stream,
18 network inet6 stream,18 network inet6 stream,
19 unix (send) type=dgram addr=none peer=(addr=none),
1920
20 owner /tmp/** rwk,21 owner /tmp/** rwk,
21 owner /usr/bin/swtpm r,22 owner /usr/bin/swtpm r,
diff --git a/man/man8/swtpm_setup.pod b/man/man8/swtpm_setup.pod
index 178337b..13e8464 100644
--- a/man/man8/swtpm_setup.pod
+++ b/man/man8/swtpm_setup.pod
@@ -28,7 +28,7 @@ If this parameter is not provided, the default configuration file
28will be used. The search order for the default configuration file is28will be used. The search order for the default configuration file is
29as follows. If the environment variable XDG_CONFIG_HOME is set,29as follows. If the environment variable XDG_CONFIG_HOME is set,
30${XDG_CONFIG_HOME}/swtpm_setup.conf will be used if available, otherwise if30${XDG_CONFIG_HOME}/swtpm_setup.conf will be used if available, otherwise if
31the environment variable HOME is set, ${HOME}/swtpm_setup.conf31the environment variable HOME is set, ${HOME}/.config/swtpm_setup.conf
32will be used if available. If none of the previous ones are available, /etc/swtpm_setup.conf32will be used if available. If none of the previous ones are available, /etc/swtpm_setup.conf
33will be used.33will be used.
3434
diff --git a/samples/swtpm_localca.c b/samples/swtpm_localca.c
index 1617977..2a5aaa0 100644
--- a/samples/swtpm_localca.c
+++ b/samples/swtpm_localca.c
@@ -135,7 +135,7 @@ static int create_localca_cert(const gchar *lockfile, const gchar *statedir,
135 goto error;135 goto error;
136 }136 }
137137
138 if (access(signkey, R_OK) != 0) {138 if (access(signkey, R_OK) != 0 || access(issuercert, R_OK) != 0) {
139 g_autofree gchar *directory = g_path_get_dirname(signkey);139 g_autofree gchar *directory = g_path_get_dirname(signkey);
140 g_autofree gchar *cakey = g_strjoin(G_DIR_SEPARATOR_S, directory, "swtpm-localca-rootca-privkey.pem", NULL);140 g_autofree gchar *cakey = g_strjoin(G_DIR_SEPARATOR_S, directory, "swtpm-localca-rootca-privkey.pem", NULL);
141 g_autofree gchar *cacert = g_strjoin(G_DIR_SEPARATOR_S, directory, "swtpm-localca-rootca-cert.pem", NULL);141 g_autofree gchar *cacert = g_strjoin(G_DIR_SEPARATOR_S, directory, "swtpm-localca-rootca-cert.pem", NULL);
@@ -821,13 +821,28 @@ int main(int argc, char *argv[])
821 if (ret != 0)821 if (ret != 0)
822 goto error;822 goto error;
823 } else {823 } else {
824 int create_certs = 0;
825
826 /* create certificate if either the signing key or issuer cert are missing */
824 if (access(signkey, R_OK) != 0) {827 if (access(signkey, R_OK) != 0) {
825 if (stat(signkey, &statbuf) == 0) {828 if (stat(signkey, &statbuf) == 0) {
826 logerr(gl_LOGFILE, "Need read rights on signing key %s for user %s.\n",829 logerr(gl_LOGFILE, "Need read rights on signing key %s for user %s.\n",
827 signkey, curr_user ? curr_user->pw_name : "<unknown>");830 signkey, curr_user ? curr_user->pw_name : "<unknown>");
828 goto error;831 goto error;
829 }832 }
833 create_certs = 1;
834 }
835
836 if (access(issuercert, R_OK) != 0) {
837 if (stat(issuercert, &statbuf) == 0) {
838 logerr(gl_LOGFILE, "Need read rights on issuer certificate %s for user %s.\n",
839 issuercert, curr_user ? curr_user->pw_name : "<unknown>");
840 goto error;
841 }
842 create_certs = 1;
843 }
830844
845 if (create_certs) {
831 logit(gl_LOGFILE, "Creating root CA and a local CA's signing key and issuer cert.\n");846 logit(gl_LOGFILE, "Creating root CA and a local CA's signing key and issuer cert.\n");
832 if (create_localca_cert(lockfile, statedir, signkey, signkey_password,847 if (create_localca_cert(lockfile, statedir, signkey, signkey_password,
833 issuercert) != 0) {848 issuercert) != 0) {
diff --git a/samples/swtpm_localca_utils.c b/samples/swtpm_localca_utils.c
index 7aeb9cf..76cb57f 100644
--- a/samples/swtpm_localca_utils.c
+++ b/samples/swtpm_localca_utils.c
@@ -58,10 +58,12 @@ gchar *get_config_value(gchar **config_file_lines, const gchar *configname, cons
58 for (idx = 0; config_file_lines[idx] != NULL; idx++) {58 for (idx = 0; config_file_lines[idx] != NULL; idx++) {
59 const gchar *line = config_file_lines[idx];59 const gchar *line = config_file_lines[idx];
60 if (regexec(&preg, line, 2, pmatch, 0) == 0) {60 if (regexec(&preg, line, 2, pmatch, 0) == 0) {
61 result = g_strndup(&line[pmatch[1].rm_so],61 g_autofree gchar *tmp = NULL;
62 pmatch[1].rm_eo - pmatch[1].rm_so);62
63 /* coverity: g_strchmop modifies in-place */63 tmp = g_strndup(&line[pmatch[1].rm_so],
64 result = g_strchomp(result);64 pmatch[1].rm_eo - pmatch[1].rm_so);
65 g_strchomp(tmp);
66 result = resolve_string(tmp);
65 break;67 break;
66 }68 }
67 }69 }
diff --git a/src/swtpm/swtpm.c b/src/swtpm/swtpm.c
index 476b398..8e6f52a 100644
--- a/src/swtpm/swtpm.c
+++ b/src/swtpm/swtpm.c
@@ -461,9 +461,9 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface)
461461
462 if (daemonize) {462 if (daemonize) {
463#ifdef __APPLE__463#ifdef __APPLE__
464 if (0 != osx_daemon(0, 0)) {464 if (0 != osx_daemon(1, 0)) {
465#else465#else
466 if (0 != daemon(0, 0)) {466 if (0 != daemon(1, 0)) {
467#endif467#endif
468 logprintf(STDERR_FILENO, "Error: Could not daemonize.\n");468 logprintf(STDERR_FILENO, "Error: Could not daemonize.\n");
469 goto exit_failure;469 goto exit_failure;
diff --git a/src/swtpm/swtpm_chardev.c b/src/swtpm/swtpm_chardev.c
index 7ccd754..2fa2668 100644
--- a/src/swtpm/swtpm_chardev.c
+++ b/src/swtpm/swtpm_chardev.c
@@ -510,9 +510,9 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i
510510
511 if (daemonize) {511 if (daemonize) {
512#if defined __APPLE__512#if defined __APPLE__
513 if (0 != osx_daemon(0, 0)) {513 if (0 != osx_daemon(1, 0)) {
514#else514#else
515 if (0 != daemon(0, 0)) {515 if (0 != daemon(1, 0)) {
516#endif516#endif
517 logprintf(STDERR_FILENO, "Error: Could not daemonize.\n");517 logprintf(STDERR_FILENO, "Error: Could not daemonize.\n");
518 goto exit_failure;518 goto exit_failure;
diff --git a/src/swtpm/swtpm_nvfile.c b/src/swtpm/swtpm_nvfile.c
index 9f5c9bb..7f69cbd 100644
--- a/src/swtpm/swtpm_nvfile.c
+++ b/src/swtpm/swtpm_nvfile.c
@@ -1266,6 +1266,7 @@ SWTPM_NVRAM_CheckHeader(unsigned char *data, uint32_t length,
1266 uint8_t *hdrversion, bool quiet)1266 uint8_t *hdrversion, bool quiet)
1267{1267{
1268 blobheader *bh = (blobheader *)data;1268 blobheader *bh = (blobheader *)data;
1269 uint16_t hdrsize;
12691270
1270 if (length < sizeof(bh)) {1271 if (length < sizeof(bh)) {
1271 if (!quiet)1272 if (!quiet)
@@ -1291,8 +1292,16 @@ SWTPM_NVRAM_CheckHeader(unsigned char *data, uint32_t length,
1291 return TPM_BAD_VERSION;1292 return TPM_BAD_VERSION;
1292 }1293 }
12931294
1295 hdrsize = ntohs(bh->hdrsize);
1296 if (hdrsize != sizeof(blobheader)) {
1297 logprintf(STDERR_FILENO,
1298 "bad header size: %u != %zu\n",
1299 hdrsize, sizeof(blobheader));
1300 return TPM_BAD_DATASIZE;
1301 }
1302
1294 *hdrversion = bh->version;1303 *hdrversion = bh->version;
1295 *dataoffset = ntohs(bh->hdrsize);1304 *dataoffset = hdrsize;
1296 *hdrflags = ntohs(bh->flags);1305 *hdrflags = ntohs(bh->flags);
12971306
1298 return TPM_SUCCESS;1307 return TPM_SUCCESS;
diff --git a/src/swtpm_setup/swtpm_setup.c b/src/swtpm_setup/swtpm_setup.c
index ddbcc64..c254096 100644
--- a/src/swtpm_setup/swtpm_setup.c
+++ b/src/swtpm_setup/swtpm_setup.c
@@ -254,6 +254,7 @@ static int call_create_certs(unsigned long flags, const gchar *configfile, const
254 for (idx = 0; flags_to_certfiles[idx].filename != NULL; idx++) {254 for (idx = 0; flags_to_certfiles[idx].filename != NULL; idx++) {
255 if (flags & flags_to_certfiles[idx].flag) {255 if (flags & flags_to_certfiles[idx].flag) {
256 g_autofree gchar *standard_output = NULL;256 g_autofree gchar *standard_output = NULL;
257 g_autofree gchar *standard_error = NULL;
257 GError *error = NULL;258 GError *error = NULL;
258 gchar **lines;259 gchar **lines;
259260
@@ -263,8 +264,8 @@ static int call_create_certs(unsigned long flags, const gchar *configfile, const
263 logit(gl_LOGFILE, " Invoking %s\n", s);264 logit(gl_LOGFILE, " Invoking %s\n", s);
264 g_free(s);265 g_free(s);
265266
266 success = g_spawn_sync(NULL, cmd, NULL, G_SPAWN_STDERR_TO_DEV_NULL, NULL, NULL,267 success = g_spawn_sync(NULL, cmd, NULL, 0, NULL, NULL,
267 &standard_output, NULL, &exit_status, &error);268 &standard_output, &standard_error, &exit_status, &error);
268 if (!success) {269 if (!success) {
269 logerr(gl_LOGFILE, "An error occurred running %s: %s\n",270 logerr(gl_LOGFILE, "An error occurred running %s: %s\n",
270 create_certs_tool, error->message);271 create_certs_tool, error->message);
@@ -273,7 +274,7 @@ static int call_create_certs(unsigned long flags, const gchar *configfile, const
273 break;274 break;
274 } else if (exit_status != 0) {275 } else if (exit_status != 0) {
275 logerr(gl_LOGFILE, "%s exit with status %d: %s\n",276 logerr(gl_LOGFILE, "%s exit with status %d: %s\n",
276 prgname, exit_status, standard_output);277 prgname, WEXITSTATUS(exit_status), standard_error);
277 ret = 1;278 ret = 1;
278 break;279 break;
279 }280 }
@@ -287,6 +288,8 @@ static int call_create_certs(unsigned long flags, const gchar *configfile, const
287288
288 g_free(standard_output);289 g_free(standard_output);
289 standard_output = NULL;290 standard_output = NULL;
291 g_free(standard_error);
292 standard_error = NULL;
290 }293 }
291 }294 }
292 }295 }
@@ -1468,9 +1471,12 @@ int main(int argc, char *argv[])
1468 tmpbuffer);1471 tmpbuffer);
14691472
1470out:1473out:
1471error:
1472 g_strfreev(swtpm_prg_l);1474 g_strfreev(swtpm_prg_l);
1473 g_free(gl_LOGFILE);1475 g_free(gl_LOGFILE);
14741476
1475 exit(ret);1477 exit(ret);
1478
1479error:
1480 ret = 1;
1481 goto out;
1476}1482}
diff --git a/swtpm.spec b/swtpm.spec
index 35a2a4a..f8757a3 100644
--- a/swtpm.spec
+++ b/swtpm.spec
@@ -7,7 +7,7 @@
77
8Summary: TPM Emulator8Summary: TPM Emulator
9Name: swtpm9Name: swtpm
10Version: 0.6.110Version: 0.6.3
11Release: 1%{?dist}11Release: 1%{?dist}
12License: BSD12License: BSD
13Url: https://github.com/stefanberger/swtpm13Url: https://github.com/stefanberger/swtpm
@@ -172,6 +172,12 @@ fi
172%{_datadir}/swtpm/swtpm-create-tpmca172%{_datadir}/swtpm/swtpm-create-tpmca
173173
174%changelog174%changelog
175* Mon Mar 07 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.6.3-1.20220225git-------
176- v0.6.3 release
177
178* Fri Feb 18 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.6.2-1.20220218git-------
179- v0.6.2 release
180
175* Mon Sep 20 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.6.1-0.20210917git-------181* Mon Sep 20 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.6.1-0.20210917git-------
176- v0.6.1 release182- v0.6.1 release
177183
diff --git a/swtpm.spec.in b/swtpm.spec.in
index d69ede0..81196ec 100644
--- a/swtpm.spec.in
+++ b/swtpm.spec.in
@@ -172,6 +172,12 @@ fi
172%{_datadir}/swtpm/swtpm-create-tpmca172%{_datadir}/swtpm/swtpm-create-tpmca
173173
174%changelog174%changelog
175* Mon Mar 07 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.6.3-1.20220225git-------
176- v0.6.3 release
177
178* Fri Feb 18 2022 Stefan Berger <stefanb@linux.ibm.com> - 0.6.2-1.20220218git-------
179- v0.6.2 release
180
175* Mon Sep 20 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.6.1-0.20210917git-------181* Mon Sep 20 2021 Stefan Berger <stefanb@linux.ibm.com> - 0.6.1-0.20210917git-------
176- v0.6.1 release182- v0.6.1 release
177183
diff --git a/tests/test_swtpm_setup_create_cert b/tests/test_swtpm_setup_create_cert
index 3bb753c..f80505c 100755
--- a/tests/test_swtpm_setup_create_cert
+++ b/tests/test_swtpm_setup_create_cert
@@ -30,13 +30,14 @@ function cleanup()
3030
31# We want swtpm_cert to use the local CA and see that the31# We want swtpm_cert to use the local CA and see that the
32# local CA script automatically creates a signingkey and32# local CA script automatically creates a signingkey and
33# self-signed certificate33# self-signed certificate; use ${WORKDIR} in the config files
34# to test env variable resolution
3435
35cat <<_EOF_ > ${workdir}/swtpm-localca.conf36cat <<_EOF_ > ${workdir}/swtpm-localca.conf
36statedir=${workdir}37statedir=\${WORKDIR}
37signingkey = ${SIGNINGKEY}38signingkey = \${WORKDIR}/signingkey.pem
38issuercert = ${ISSUERCERT}39issuercert = \${WORKDIR}/issuercert.pem
39certserial = ${CERTSERIAL}40certserial = \${WORKDIR}/certserial
40_EOF_41_EOF_
4142
42cat <<_EOF_ > ${workdir}/swtpm-localca.options43cat <<_EOF_ > ${workdir}/swtpm-localca.options
@@ -50,8 +51,8 @@ _EOF_
5051
51cat <<_EOF_ > ${workdir}/swtpm_setup.conf52cat <<_EOF_ > ${workdir}/swtpm_setup.conf
52create_certs_tool=${SWTPM_LOCALCA}53create_certs_tool=${SWTPM_LOCALCA}
53create_certs_tool_config=${workdir}/swtpm-localca.conf54create_certs_tool_config=\${WORKDIR}/swtpm-localca.conf
54create_certs_tool_options=${workdir}/swtpm-localca.options55create_certs_tool_options=\${WORKDIR}/swtpm-localca.options
55_EOF_56_EOF_
5657
57# We need to adapt the PATH so the correct swtpm_cert is picked58# We need to adapt the PATH so the correct swtpm_cert is picked
@@ -61,7 +62,8 @@ export PATH=${ROOT}/src/swtpm_cert:${PATH}
61export SWTPM_ROOTCA_PASSWORD=password62export SWTPM_ROOTCA_PASSWORD=password
6263
63# we need to create at least one cert: --create-ek-cert64# we need to create at least one cert: --create-ek-cert
64$SWTPM_SETUP \65WORKDIR=${workdir} \
66 $SWTPM_SETUP \
65 --tpm-state ${workdir} \67 --tpm-state ${workdir} \
66 --create-ek-cert \68 --create-ek-cert \
67 --config ${workdir}/swtpm_setup.conf \69 --config ${workdir}/swtpm_setup.conf \

Subscribers

People subscribed via source and target branches